ACPI Warning: 32/64X FACS address mismatch in FADT
I have an INTEL DP43TF motherboad with an Intel Core 2 Quad. (non-HTT) When I boot up Freebsd 8.1 I see a message like this: "ACPI Warning: 32/64X FACS address mismatch in FADT..(blah)..using 32" I cant determine if this is OK and a cosmetic type of message or something more serious to question. Google turned up several hits but nothing explains what this is and/or the importance of it. Thanks, -- J.D. Bronson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Backing up freebsd to 1 file?
On 4/18/10 10:39 AM, Warren Block wrote: If you don't have any other drives, where will the backup file be stored so it survives a system failure or reinstall? Thoughts on this would be appreciated... dump/restore is the standard safe way; you can send it over ssh to back up to a file on another machine. Sometimes people use dd, which can be effective if you use some tricks like filling unused space with zero so compression is effective. There's another option. I've mentioned clonezilla.org here before as a way to back up Windows systems; it's fast and only copies used sectors. I would sftp/scp the file over to another unix (or windows via samba) machine I have. Then burn the resulting file to DVD RW media. -- J.D. Bronson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Backing up freebsd to 1 file?
be created by the time your system boots on. Nice answer by Sergio, but I personally would use the j option with tar to compress to bzip2; 3) tar --one-file-system -cvjf /mnt/backup.tbz ./ var usr home Though I prefer personally to use dump/restore because: - If you're on UFS, you don't have to single-user the system, just use the L option (live filesystem) - Restore has an awesome 'interactive' mode - See Zwicky [1] I'll send you my dump scripts if you're interested. It's dead easy to use! Chris [1] http://www.coredumps.de/doc/dump/zwicky/testdump.doc.html . I think Sergio has a nice script. I had been doing something similar but I know I recall when untarring (restoring if you will) it was complaining about not being able to do things. It was not sockets and similar stuff that gets rebuilt on reboot. I do not have failures handy to post (yet). Truth be told? - I am running FreeBSD hosts within ESXi. I can backup the hosts within ESXi but need to take the host offline and its a cumbersome ordeal. If I had RAID on ESXi, I wouldn't be so worried per se but this is not an option. ESXi is very fussy about what is supported and I dont have the $ for SCSI and SCSI Raid. Basically what I need to do is create a fully restorable backup for 2 reasons: 1. Easy to create another host on ESXi. I can setup/flavor my fbsd install and then once thats done, setup another host. 2. Obvious backup reasons. ...right now, if the SATA drive fails that is hosting the fbsd install I am dead in the water. I have 5 hosts on this machine spread across 4 SATA drives but nothing is mirrored or RAIDed in anyway. I am at the mercy of these drives w/o any backup- -- J.D. Bronson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Backing up freebsd to 1 file?
I have a freebsd 8.0 install and was wondering if it is possible to tar up the entire install...for backup purposes. # cd / # tar -cvf backup.tar {list of directories} then I can ftp the tar file out to another machine. This works in theory, but if I need to do a restore tar complains on 'tar -xpf backup.tar'. Under OpenBSD, this works as expected. It has given me an easy way to backup/move/restore or anything I want to do w/o complaining. I am running Freebsd on a machine that has no other drives/tapes or anything so my options for backup are limited. All I am trying to do is get a complete image (or snapshot) of my entire install on this machine and then if I needed to reload or reinstall, I could do a bare bones freebsd install, copy over the tar'd up file and extract it from within / and then reboot an I would be go to go. Thoughts on this would be appreciated... -- J.D. Bronson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: vi editing
preface each line: :%s/^/new word /g -- J.D. Bronson Information Technology Aurora Health Care - Milwaukee WI ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Virtualbox and bridged interface.
Just a shot in the dark here... MAC Authentication? I was running FREEBSD inside virtualbox on a macbook and was using 'bridged' networking. If I didnt list the 'fake' mac address in the FREEBSD virtual inside my Access point - I was going nowhere. Took me awhile to figure out why I wasnt going anywhere... -- J.D. Bronson Information Technology Aurora Health Care - Milwaukee WI ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Blocking a slow-burning SSH bruteforce
On 1/1/10 9:19 AM, David Rawling wrote: Darn. 1 is out because 22 is the one port that most organisations (including mine) allow out of their networks for administering routers. 2 is unfortunately not an option (as a consultant I do work from many networks) 4 - again I might have to log in any time ... 3 seems the best approach. Thanks for your thoughts, it's good to get second opinions. Dave. I understand using/needing port 22 opened...but what another widely used port..like for Citrix (sp?) or something? - most firewalls have those ports open. As far as controlling login time and access, I meant something like this: # Authentication: LoginGraceTime 1m MaxAuthTries 2 # Allow staff access and users no access AllowGroups staff -- J.D. Bronson Information Technology Aurora Health Care - Milwaukee WI ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Blocking a slow-burning SSH bruteforce
On 1/1/10 8:56 AM, David Rawling wrote: I tend to think there's not much I can do about this, but I'll ask anyway. I've implemented sshguard to block the normal bruteforce attacks - which seems to be working reasonably well. However now I have the following: Jan 1 17:42:52 timeserver sshd[1755]: error: PAM: authentication error for illegal user but from 190.146.246.36 Jan 1 17:55:09 timeserver sshd[1788]: error: PAM: authentication error for illegal user byung from 212.243.41.9 Jan 1 18:07:38 timeserver sshd[1809]: error: PAM: authentication error for illegal user cac from 148.233.140.193 Jan 1 18:20:06 timeserver sshd[1832]: error: PAM: authentication error for illegal user cachou from 121.52.215.180 Jan 1 18:32:21 timeserver sshd[1851]: error: PAM: authentication error for illegal user calla from 212.243.41.9 Jan 1 18:44:35 timeserver sshd[1884]: error: PAM: authentication error for illegal user calube from 83.211.160.211 Jan 1 19:09:12 timeserver sshd[1923]: error: PAM: authentication error for illegal user cancy from 194.51.12.238 Jan 1 19:21:35 timeserver sshd[1946]: error: PAM: authentication error for illegal user candice from 82.106.226.77 Jan 1 19:46:12 timeserver sshd[1997]: error: PAM: authentication error for illegal user candyw from 116.55.226.131 Now this seems to me to be a dictionary attack on timeserver, and I'd guess that it's a botnet behind it. It's rather sophisticated since it's only attempting 1 user and password combination per source - so it's far too little to trigger the sshguard rules. Even if it did trigger, it wouldn't prevent the attacks. Apart from switching away from user authentication to private/public keys ... is there anything I can do to mitigate these attacks? Any advice welcome. Dave. -- Few options I can think of in random order...I use #1: 1. Run SSH on an obscure port. Seriously, thats one of the easiest things to do. Since I have done that, I have had ZERO attempts and it works perfectly as long as users know the odd port. In fact, I dont know anyone in our IT circle of friends that runs SSH on port 22. 2. Consider controlling/limiting access via 'pf' if your running 'pf'. Of course with your examples coming from all different IPs, thats not likely gonna help much. 3. Just ignore it - they aren't getting in...similar to spammers being rejected by RBLsits traffic, but cant be a whole lot. 4. Limit login time window too...I run a very narrow window of time to login and a LOW number of attempted logins per session. -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: fdisk/bsdlabel/disklabel: Class not found?
bsdlabel: Class not found re-edit the label? [y]: You cant edit it. You can only say "N" and it exits w/o saving any changes. This is very annoying, because you cannot do anything with the label unlike the old days.. I had to mount an older drive and then I was able to edit the bsdlabel on the 8.0 drive as it was not 'online' - -- J.D. Bronson Information Technology Aurora Health Care - Milwaukee WI ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: geometry does not match label (255h,63s != 16h,63s)
Well then so much for my idea of removing those options from the kernel. Darn. Well if they have 'been' there since earlier FreeBSD I wonder why we never saw them until 8.x now ? There must be some reason... They do not appear to be anything but cosmetic but still annoying and worrisome for people like us. I suppose the next thing would be to find the offending code and comment it out... :-) -- J.D. Bronson Information Technology Aurora Health Care - Milwaukee WI Office: 414.978.8282 // Fax: 414.978.3988 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: geometry does not match label (255h,63s != 16h,63s)
What if we tried a custom kernel and removed these lines: options GEOM_PART_GPT # GUID Partition Tables. options GEOM_LABEL # Provides labelization I think that might remove these 'errors'. -- J.D. Bronson Information Technology ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: geometry does not match label (255h,63s != 16h,63s)
I see this too. I even went so far as to edit the labels and start again and then I got the opposite: geometry does not match label (16h,63s != 255h,63s) ..so I gave up. Google didnt turn anything up but I dont see this on FreeBSD 7.x at all. Only 8 So far, it has not been any issue from what I can tell and only apparent (for me) when gmirror is setup. -- J.D. Bronson Information Technology ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: dump/restore don't work, handbook lies
At 02:49 AM 9/1/2008 +0100, RW wrote: > dump -C 32 -0Lf - / | ( cd /mnta ; restore xf - ) One minor caveat: dumping a live filesystem require dump to take a snapshot, which in turn require soft-updates to be turned-on. The default in sysinstall is to enable it for everything but the root partition. I always enable soft-updates on all partitions during install or anytime a drive is replaced :-) /dev/ad0s1a on / (ufs, local, soft-updates) devfs on /dev (devfs, local) /dev/ad0s1d on /usr (ufs, local, soft-updates) /dev/ad0s1e on /var (ufs, local, soft-updates) /dev/ad0s1f on /home (ufs, local, soft-updates) /dev/ad0s1g on /staff (ufs, local, soft-updates) /dev/ad0s1h on /users (ufs, local, soft-updates) -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: dump/restore don't work, handbook lies
At 05:03 PM 8/31/2008 -0600, Lloyd M Caldwell wrote: Hello, this all on a 7.0 freebsd system. Dump/Restore do NOT work as indicated in the handbook (or man pages). It would be better to remove information from the handbook rather then have information that doesn't work. Are you trying to resize the same disc or migrate to a NEW disk? Migrating to a new (larger) disc is trivial, at least in my experience. (I have never tried to resize any partitions though on a same disc, since new hard drives are cheap enough) Here is what I do to migrate to a totally new disc: Shutdown and install 2nd DRIVE boot machine... run sysinstall on the 2nd DRIVE (slice/dice/and setup MBR) then I run a small script like this: (Some presumptions are made ahead of time here) #!/bin/sh newfs /dev/ad2s1a newfs /dev/ad2s1d newfs /dev/ad2s1e newfs /dev/ad2s1f newfs /dev/ad2s1g newfs /dev/ad2s1h sleep 4 tunefs -n enable /dev/ad2s1a tunefs -n enable /dev/ad2s1d tunefs -n enable /dev/ad2s1e tunefs -n enable /dev/ad2s1f tunefs -n enable /dev/ad2s1g tunefs -n enable /dev/ad2s1h sleep 4 mount /dev/ad2s1a /mnta mount /dev/ad2s1d /mntd mount /dev/ad2s1e /mnte mount /dev/ad2s1f /mntf mount /dev/ad2s1g /mntg mount /dev/ad2s1h /mnth dump -C 32 -0Lf - / | ( cd /mnta ; restore xf - ) dump -C 32 -0Lf - /usr | ( cd /mntd ; restore xf - ) dump -C 32 -0Lf - /var | ( cd /mnte ; restore xf - ) dump -C 32 -0Lf - /home | ( cd /mntf ; restore xf - ) dump -C 32 -0Lf - /staff | ( cd /mntg ; restore xf - ) dump -C 32 -0Lf - /users | ( cd /mnth ; restore xf - ) umount /mnt* Then shut down. Place the 2nd drive in the 1st slot and turn it back on. Maybe there is a better or simpler way, but I have been doing this for years and never had any issues. YMMV -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
error on console on startup?
Jul 27 06:18:06 router kernel: Starting devd. Jul 27 06:18:07 router kernel: hw.acpi.cpu.cx_lowest: Jul 27 06:18:07 router kernel: C1 Jul 27 06:18:07 router kernel: Jul 27 06:18:07 router kernel: sysctl: Jul 27 06:18:07 router kernel: hw.acpi.cpu.cx_lowest Jul 27 06:18:07 router kernel: : Jul 27 06:18:07 router kernel: Invalid argument Jul 27 06:18:07 router kernel: Additional TCP options: Jul 27 06:18:07 router kernel: . Can someone point me to what might be causing this 'invalid' argument? This is on a Pentium3 machine... sysctl -a | grep cx hw.acpi.cpu.cx_lowest: C1 dev.cpu.0.cx_supported: C1/0 dev.cpu.0.cx_lowest: C1 dev.cpu.0.cx_usage: 100.00% -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: make buildworld fails on 6.2-STABLE
so I deleted /usr/src redownloaded from a different mirror and tried make buildworld again... It still failed -but this time at a different point: mkdep -f .depend -a-DIN_GCC -DHAVE_CONFIG_H -DPREFIX=\"/usr\" -I/usr/obj/usr/src/gnu/usr.bin/cc/cc/../cc_tools -I/usr/src/gnu/usr.bin/cc/cc/../cc_tools -I/usr/src/gnu/usr.bin/cc/cc/../../../../contrib/gcc -I/usr/src/gnu/usr.bin/cc/cc/../../../../contrib/gcc/config -DDEFAULT_TARGET_VERSION=\"3.4.6\" -DDEFAULT_TARGET_MACHINE=\"\" /usr/src/gnu/usr.bin/cc/cc/../../../../contrib/gcc/gcc.c /usr/src/gnu/usr.bin/cc/cc/../../../../contrib/gcc/gccspec.c echo cc: /usr/obj/usr/src/tmp/usr/lib/libc.a /usr/obj/usr/src/gnu/usr.bin/cc/cc/../cc_int/libcc_int.a >> .depend ===> gnu/usr.bin/cc/cc1 (depend) sed -e "/^@@ifobjc.*/,/^@@end_ifobjc.*/d" -e "/^@@ifc.*/d" -e "/^@@end_ifc.*/d" /usr/src/gnu/usr.bin/cc/cc1/../../../../contrib/gcc/c-parse.in > c-parse.y yacc -d c-parse.y yacc: e - line 1811 of "c-parse.y", syntax error { if ($1 == error_}ark_node) ^ *** Error code 1 Stop in /usr/src/gnu/usr.bin/cc/cc1. *** Error code 1 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: make buildworld fails on 6.2-STABLE
At 09:16 AM 07/26/2007, Heiko Wundram (Beenic) wrote: Am Donnerstag 26 Juli 2007 15:54:36 schrieb J.D. Bronson: > internal compiler error: Segmentation fault: 11 > Please submit a full bug report, > with preprocessed source if appropriate. > See http://gcc.gnu.org/bugs.html> for instructions. Most probably a (physical) memory error. As the message says, this has pretty much nothing to do with the upping of world, but is an "internal" compiler error, which I've only seen on development snapshots of gcc (improbable that these are distributed with STABLE), or flaky memory (which is much more likely the cause). -- thanks - ironically I have never had ANY issue building world on this machine until today. I have deleted /usr/src and re cvs'd from a diff mirror as a test. -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
make buildworld fails on 6.2-STABLE
Can someone help me with this? I cvs'd up this am to 6.2-STABLE and now buildworld fails.. In file included from /usr/src/gnu/lib/libstdc++/../../../contrib/libstdc++/include/bits/locale_facets.h:2963, from /usr/obj/usr/src/tmp/usr/include/c++/3.4/locale:46, from /usr/src/gnu/lib/libstdc++/../../../contrib/libstdc++/config/locale/generic/collate_members.cc:36: /usr/obj/usr/src/tmp/usr/include/c++/3.4/bits/time_members.h:62: internal compiler error: Segmentation fault: 11 Please submit a full bug report, with preprocessed source if appropriate. See http://gcc.gnu.org/bugs.html> for instructions. *** Error code 1 Stop in /usr/src/gnu/lib/libstdc++. *** Error code 1 Stop in /usr/src/gnu/lib. *** Error code 1 Stop in /usr/src. *** Error code 1 -- J.D. Bronson Telecommunications Site Support Aurora West Allis Memorial Hospital Office: 414.978.8282 Fax: 414.977.5299 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf and keep/modulate state on 6.2
At 04:40 PM 7/25/2007 -0700, Drew Tomlinson wrote: Excuse me for butting in. This has been discussed on the pf list. A search of the archives will find you the details but basically 4.1 and FBSD 6 won't work together as I understand it. Major changes are required. However work has been done in CURRENT and is undergoing testing now but will not be back ported to STABLE because of the major changes. HTH, Drew Thanks for the heads up. I am not on the 'pf' list - but for firewalling, we only use OpenBSD now...freebsd we still use for servers and stuff but I really prefer something thats current. :-) -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Intel PWLA8391GT NIC...does it work?
At 09:50 AM 07/17/2007, Modulok wrote: For anyone who has this NIC... Is the "Intel PWLA8391GT" network interface card supported on 6.1 Release? I read the hardware notes section and it didn't mention it. I also read the man page for the em(4) driver, it mentions some of the other models, but not this one specifically. The only thing I could find on google was the mention of it in a review on newegg.com, but the guy never mentions what version of FreeBSD he's using, or what driver the card uses. If anyone has this card...does it work and which driver does it use...and any gotchas? this looks like the Intel Pro 1000GT card? if so, its supported by the 'em' driver and I use it w/o any issues in 6.2 -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
6.2-stable power management
Is there any way to verify ALL power management is disabled? I have totally disabled it in my BIOS and I have totally disabled it in the hard drives... Yet I keep hearing a drive spin down and then immediately back up over and over (at times). If I install a different OS on this same machine, this does not happen..so I am thinking something within 6.2-stable is doing this? any thoughts or ideas? -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
device polling
I added these to my kernel: options HZ=1000 options DEVICE_POLLING and then added this to /etc/sysctl.conf: kern.polling.enable=1 I rebooted and sysctl does show polling enabled and the nic's report it as well (bge): bge0: flags=8843 mtu 1500 options=5b media: Ethernet autoselect (100baseTX ) status: active bge1: flags=8802 mtu 1500 options=5b media: Ethernet autoselect (100baseTX ) status: active Does this show its 'working'? Is there any way to test or verify this? Thanks :) -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ppp is broken???
At 07:53 AM 05/07/2007, =?ISO-8859-2?Q?Nagy_L=E1szl=F3_Zsolt?= wrote: disable iface-alias# Stop adding old IP address as alias when ppp # redials because line was lost. These old IPs # showed using ifconfig -a on tun0. iface clear # Remove all previous IP address I'll try this. Post contents of your ppp.conf and rc.conf files for review for why you keep losing your connection. ppp.conf: papchap: # set log Phase Chat LCP IPCP CCP tun command set log phase tun command set device PPPoE:rl0 set speed sync set mru 1492 set mtu 1492 set ctsrts off set dial set login enable lqr add default HISADDR # enable dns # I use my own DNS server (named) enable tcpmssfixup # non-default below (hack for pptpd) set authname [EMAIL PROTECTED] set authkey i_am_not_telling_this nat enable yes nat port tcp 172.16.0.48:3389 51234 Specifying NAT in your ppp.conf is whats causing this. If you add the 2 lines mentioned above, it should take care of this. For people that DONT use NAT within ppp.conf (perhaps they use pf)..this is not an issue normally. -JD -- J.D. Bronson Telecommunications Site Support Aurora West Allis Memorial Hospital Office: 414.978.8282 Fax: 414.977.5299 http://www.myspace.com/wrqz ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
pf message on dmesg
pfr_detach_table: refcount = 0. I am starting to see these at times. What do they mean? - My pf is not overworked and I have added sufficient table entries: set optimization aggressive set state-policy if-bound set timeout tcp.established 600 set timeout tcp.opening 30 set skip on lo0 set block-policy drop set require-order yes set limit { states 2, frags 1, src-nodes 2 } -JD -- J.D. Bronson Telecommunications Site Support Aurora West Allis Memorial Hospital Office: 414.978.8282 Fax: 414.977.5299 http://www.myspace.com/wrqz ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
dhcp/update of A records on Bind
Ok...I have DHCP on fxp0 to my ISP (cable) and I have a public DNS server (static IP) off site. I want to be able to update my own public DNS server "A" records if/when my DHCP IP changes. I am familar with nsupdate and I have used TSIG in the past to do this. Does FBSD 6.2-stable offer any "EASY" way of doing this via DHCP? Can dhclient kick something off perhaps? I have a shell script but looking for a cleaner easier more concise way. I am sure dhclient knows when the IP changes at least :) thanks in advance. -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
ipfilter and DHCP
Ok...what do you guys do to handle a change of IP/network via DHCP with ipfilter? I have been told that if my IP changes while the machine is up and running that ipfilter WON'T see this change and needs to be told...supposedly it only reads the IP when it starts itself. If this is true, is there any easy way to fix this? I run ipcheck.py and that can invoke a script if needed if it notices and IP changed ipnat.conf: map bge1 192.43.82.0/24 -> 0/32 proxy port ftp ftp/tcp map bge1 192.43.82.0/24 -> 0/32 portmap tcp/udp auto map bge1 192.43.82.0/24 -> 0/32 rdr bge1 0.0.0.0/0 port 25 -> 192.43.82.170 port 25 I presume if it reads the IP and fills in the '0/32' + '0.0.0.0/0' values at startup...having my IP change could be disasterous. thanks for any tips- -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
ip fast forward on 6.2
Is it proper to enable 'ip fastforwarding' on 6.2 when running pf ? I am attached to a cable modem (10MB speed) and only use DHCP. I have a 6.2 machine thats being used as a router and of course ip forwarding is enabled...but when I try to enable ip fastfowarding, I see throughput drop or surge up/down whereas without this enabled, throughput is higher and more consistent. I have to use both or forwarding of packets doesnt work. Anyone have any comments on this good/bad? -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh login as root
At 06:43 PM 3/10/2007 +0200, you wrote: Hi. Actually I would prefer to do it via "su". Here a really newbie question: 1) How do I join regular user to 'wheel' group ? 2) How do I join a user to some group 'some_group' ?. Which manpage to read ? Thanks, Dima. Easiest way? vi /etc/group man group -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
dhclient.conf + resolv.conf
I am trying to have dhclient setup my resolv.conf perfect. I am very close. I have this in dhclient.conf: - interface "bge1" { supersede domain-name "wixb.com"; prepend domain-name-servers 192.l68.1.1; request subnet-mask, broadcast-address, routers, domain-name-servers; } - What this is giving me is this: search wixb.com nameserver 192.168.1.1 nameserver 24.94.163.100 nameserver 24.94.163.101 What I would like to do is change the 'search' to 'domain' and cant figure out what I am missing? -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pfctl: DIOCSETSTATUSIF
At 12:51 AM 3/1/2007 +0100, Daniel Gerzo wrote: Hello pf, I'm having the following problem: db2# pfctl -f /etc/pf.conf No ALTQ support in kernel ALTQ related functions disabled pfctl: DIOCSETSTATUSIF Exit 1 db2# uname -srm FreeBSD 7.0-CURRENT #0: Wed Feb 28 23:47:39 CET 2007 amd64 pf related items in kernel: device pf device pflog -- Best regards, any chance you have this in pf.conf: set loginterface tun0 and tun0 isnt up yet? DIOCSETSTATUSIF generally means that pfctl is trying to operate on a non-existant interface -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
pf.conf and cable modem
I am converting from DSL to RoadRunner this week and wondering if there is anything special I need to do to my pf.conf for passing DHCP into my NIC? From what I can tell...the NIC comes up *then* pf comes up. But if I dont permit the periodic DHCP stuff in, I am wondering if that will cause an issue. I think if I just permit everything OUT my NIC hooked up to RR I will be ok...but wanted to ask the group: pass out quick on $ext_if from ($ext_if) to any keep state -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: named not starting during boot
At 09:23 AM 02/27/2007, Noah Garrett Wallach wrote: Wojciech Puchar wrote: named is not starting when I reboot a FreeBSD 6.2 server and I cant figure out why. there are no error mesasges in /var/log/messages during the boot process. even when I manually start there are no error messages. # grep named /etc/rc.conf named_enable="YES" # pkg_info | grep bind bind9-9.3.4 Completely new version of the BIND DNS suite with updated why you are installing bind from ports - there is bind9 in base system. and it's controlled with named_enable. because there are security exploits and keeping upto date version is important to me. http://www.isc.org/index.pl?/sw/bind/bind-security.php I actually rolled my own version of Bind (9.4.0) and have it working perfectly and starting under rc.conf (I had to edit /etc/rc.d/named though) -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
.lesshst
I have noticed since I installed 6.2, that anyone that uses csh has these files created in their ~home dir. Even root. Anyone have a .profile/.cshrc/.login that can shut this off? -- J.D. Bronson Telecommunications Site Support Aurora West Allis Memorial Hospital Office: 414.978.8282 Fax: 414.977.5299 Microsoft Gives you Windows || Unix Gives you a home ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: configuring console on 6.2
At 01:55 PM 2/26/2007 -0800, Noah wrote: running 6.2 I am trying to get the console DB9 port to work. I want to be able to log in via the DB9 port and alos I want console messages to continue to output to the VGA card as well. Adding the following: echo 'console="comconsole"' >> /boot/loader.conf stops the dumping of console messages to the VGA during boot. What changes do I need to make to make that happen? http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/serialconsole-setup.html the manual/handbook is a great thing. -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf and keep/modulate state on 6.2
At 02:52 AM 02/26/2007, you wrote: Wow, this fixed my FTP-over-DSL-to-6.2 problem too. With modulate state, I was getting ~30K/sec. With just keep state, I'm now getting more like what my connection is capable of. This is between two 6.2 hosts on opposite sides of the Atlantic. Ted, I use pf because I like the format of the configuration file, I like the logging and pftop, and like how it's harder to lock yourself out of a remote machine by accident :) /JMS I use pf since its newer (I think?) and I came from openbsd..pf just works and the config file is nice and sweet. I had thought that modulate state would put a load on my proc, but sheesh, its a p4-3.06 - thats more than robust for a router. I wonder if we should file a bug on this? I am glad my post helped here. I still use modulate state for any INCOMING connections though (www/smtp/etc). -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
pf and keep/modulate state on 6.2
I was noticing sporadic FTP transfers DOWN to my fbsd 6.2 machine over my DSL line...it would go/pause/go/pause - just a bit, but overall slowed the transfers down quite a bit. I looked at my pf.conf file and changed MODULATE state to KEEP state in all places and my issues went awayfast clean consistent downloads. If I changed it back...the issues came back. is this expected behavior? - the machine is a p4-3.06 with 1GB ram and hardly doing anything but PPPoE and pf with NAT. Anyone have any comments they could share? -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Making startup order static
At 02:02 PM 9/10/2006, White Hat wrote: --- Martin Werner <[EMAIL PROTECTED]> wrote: > Hi, > > thought about using PROVIDE and REQUIRE keywords > (see > /usr/local/etc/rc.d/clamav-clamd.sh resp. > clamav-freshclam.sh > > Maybe you might want to have a look into "man rc" or > "man rcorder" > > Cheers, > -Martin- > > > FreeBSD 6.1 > > > > I need to keep several programs starting in a > > particular order. > > > clamav-clamd > > clamav-freshclam > > clamsmtpd > > saslauthd > > dovecot > > postfix > > fetchmail > > > By default, they do not start in that order. I have > > modified the rc.d files to force them to start in > > the > > order specified above. > < > > The problem is that every time I update these > > programs > > the rc.d startup file is modified which destroys the > > changes I have made. This then requires me to > > recreate > > the modifications to force the start up order I > > require. > > > > Is there anyway I can achieve this goal in a > > simplified manner? I thought perhaps there might be > > something I could add to the /etc/rc.conf file; > > however, I have not discovered it. Martin, I don't think that you understood what I meant. Either that or I described it incorrectly. I did modify the rc.d files using BEFORE: and REQUIRE:. That works just fine. The problem is if one of those files is updated, the rc.d file is overwritten resulting in the loss of my customization. I therefore have to manually edit those files again. I was trying to find someway to circumvent that procedure. how about putting them in /usr/local/etc/rc.d and then using a numeric to start them 001file.sh 002file.sh or create a script with just one file.sh ? -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfilter on 6.1
At 07:59 PM 8/26/2006, you wrote: I'd go for the simpler syntax of: MYADDR: ! /sbin/ipf -y well that didnt work either. what a pain. :( tun0: Warning: /etc/ppp/ppp.linkup: ! /sbin/ipf -y: Invalid command perhaps its time to write a script and simply reference the script from ppp.linkup -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfilter on 6.1
Ok guys...now that I have ipfilter working...I need to run a few commands in /etc/ppp/ppp;linkup and cant figure out the syntax... % cat /etc/ppp/ppp.linkup # It is no longer necessary to re-add the default route here as our MYADDR: ! sh -c "/sbin/ipnat -CF -f /etc/ipnat.conf" ! sh -c "/sbin/ipf -F -f /etc/ipf.conf" ! sh -c "/sbin/ipf -Fa -f /etc/ipf.conf" ! sh -c "/sbin/ipf -y" ...I also tried with !bg and that failed to. whats the best way to get these commands to run once my ppp link is up? thanks- -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfilter on 6.1
At 06:37 PM 8/26/2006, Giorgos Keramidas wrote: Cool! If this is indeed the fix, let us know :) If you also feel like it and you are not limited by contract or other things, I'd be interested to see how you modified IP Filter to make it use a "block by default" policy. Regards, Giorgos This fixed it. WHEW! Simply adding this to my own kernel: options IPFILTER options IPFILTER_LOG options IPFILTER_DEFAULT_BLOCK then: # ipf -V ipf: IP Filter: v4.1.8 (416) Kernel: IP Filter: v4.1.8 Running: yes Log Flags: 0 = none set Default: block all, Logging: available Active list: 0 Feature mask: 0xa ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfilter on 6.1
At 05:19 PM 8/26/2006, Giorgos Keramidas wrote: You are implicitly blocking all traffic on the lo0 interface (by the modified default policy to "block" all traffic, and missing an explicit rule to allow lo0 traffic). When a system tries to connect to itself, it uses lo0/127.0.0.1 and this is not possible with your setup. I hope this helps a bit, -- Giorgos Oh geezI cant believe I forgot lo0. HOW STUPID. I will edit this and take another look at it. once I have this working..I still want to figure out why pf was not happy. Thanks for pointing this out guys...I feel foolish, but glad someone told me. -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfilter on 6.1
At 05:07 PM 8/26/2006, Giorgos Keramidas wrote: Weird. This doesn't seem ot include *ANY* block rules at all. Is this a standard 6.1 installation, or do you have local IP Filter modifications (like, for instance, a modified 'default' rule which blocks everything, instead of allowing everything)? Yes and no. I did build a kernel with BLOCK as a default... but my IPF rules are pass it all with no specific blocking... My next step was to try a kernel without the block, but I cant see how that should matter...since I 'am' allowing it out...? -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfilter on 6.1
At 04:05 PM 8/26/2006, J.D. Bronson wrote: # ipfstat -hni 2 @1 pass in quick on bge0 all keep state keep frags # ipfstat -hno 1 @1 pass out quick on bge0 all keep state keep frags 1 @2 pass out quick on tun0 proto tcp from any to any flags S/FSRPAU keep state keep frags 1 @3 pass out quick on tun0 proto udp from any to any keep state keep frags 0 @4 pass out quick on sppp0 proto icmp from any to any keep state keep frags ...they seem to match exactly. ahh..so I saw a typo aboveso I changed that from 'sppp0' to 'tun0' but it make no differenceI thought I was onto something. -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfilter on 6.1
At 03:40 PM 8/26/2006, Giorgos Keramidas wrote: Don't show us the ipf.conf file you are using, but the output of: % ipfstat -hni % ipfstat -hno Then we can really know what rules you have loaded in IP Filter. # ipfstat -hni 2 @1 pass in quick on bge0 all keep state keep frags # ipfstat -hno 1 @1 pass out quick on bge0 all keep state keep frags 1 @2 pass out quick on tun0 proto tcp from any to any flags S/FSRPAU keep state keep frags 1 @3 pass out quick on tun0 proto udp from any to any keep state keep frags 0 @4 pass out quick on sppp0 proto icmp from any to any keep state keep frags ...they seem to match exactly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
ipfilter on 6.1
I got a full load of 6.1p4 installed and all built. I have pppoe and ipfilter running almost perfect. Clients can use the machine (as a router) and get out perfectly! No issues with network performance at all. I am very pleased...until... I found out that the router itself cant get out 100%. My ipconfig is basically this: bge0 - 10.43.82.174 alias 10.43.82.171 - for bind9 views alias 10.43.82.51 - for bind9 views bge1 - connected to dsl modem well I cant even telnet from the machine to itself! 'destination unreachable' DNS requests from the server itself (to itself - it runs bind) are unanswered yet it is able to fully answer requests from internal or external clients...just not itself! If I use a public DNS server -or- use the IP of the machine I want to connect up to, the router is able to get out and uses the correct IP. I used the same configs from solaris on here (ipf.conf and ipnat.conf) and only needed to change sppp0 to tun0. this should take care of anything the machine itself needs: ipf.conf== # Pass LAN traffic to/from bge0 pass in quick on bge0 all keep state keep frags pass out quick on bge0 all keep state keep frags # Pass traffic to WAN and keep state pass out quick on tun0 proto tcp all flags S keep state keep frags pass out quick on tun0 proto udp all keep state keep frags pass out quick on tun0 proto icmp all keep state keep frags == I am totally baffled. Its like I am being blocked somehow but even with ipfilter WIDE open - traffic still wont pass. I am wondering if this is some quirk with the interface aliases...although running the basic same setup on solaris - it works perfectly. -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf + ftp throughput
At 02:27 PM 6/16/2006, Darrin Chandler wrote: The only two things that come to mind are 1) pf is using a really complex and slow random source, or 2) something is going haywire with the connection. Have your tried tcpdump on either interface (not pflog) to see if anything strange is going on (ACK storms, etc)? Just fishing at this point... Thanks. Well its on the same segment of the lan on a 3Com managed (and not busy) switch. I am using S/SA and I thought that should help ACK issues for a trial, I am going to fire up a drive loaded with OpenBSD 3.9 and PF and see if there is anything better/worse with the same pf.conf file. Something is amiss and unacceptable! -JD -- J.D. Bronson Information Services Telecommunications Site Support Aurora West Allis Memorial Hospital Office: 414.978.8282 Fax: 414.977.5299 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf + ftp throughput
At 02:10 PM 6/16/2006, Darrin Chandler wrote: On Fri, Jun 16, 2006 at 01:59:01PM -0500, J.D. Bronson wrote: > For example...moving a 50MB file: > > 'keep state' = 11-12MB/sec over 100MB-FDX > 'modulate state = 6-7MB/sec over 100MB-FDX > > ..it took me a while to determine the culprit here - but I am curious > as to why this is the case? Since modulate state substitues its own high quality random sequence for the TCP stream in both directions, a wimpy CPU or similar problem could easily cause this, I think. Still, I'm surprised to see a 50% hit from using modulate state. Yes. I am too! This is a P4-3.06 with 1GB ram...under almost no load...so I cant fault the CPU this time -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
pf + ftp throughput
given the following rules: # Permit internal network to send packets through the firewall pass in quick on $INT_IF from $INT_IF:network to any flags S/SA keep state # Permit traffic from firewall to initiate connection to internal network: pass out quick on $INT_IF from any to $INT_IF:network flags S/SA keep state ..I have noticed that if I use 'keep state' ftp rates are fine (machine to machine...not via ftp-proxy) but if I change this to 'modulate state' my ftp rates fall... For example...moving a 50MB file: 'keep state' = 11-12MB/sec over 100MB-FDX 'modulate state = 6-7MB/sec over 100MB-FDX ..it took me a while to determine the culprit here - but I am curious as to why this is the case? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
ppp starts BEFORE syslogd
Ummm...I would like to see what ppp is doing (in userland) and since it logs to /var/log/ppp.log under syslogd...since syslogd does not start BEFORE ppp...how can I make this possible? rcorder /etc/rc.d/* ... /etc/rc.d/ppp /etc/rc.d/ipfw /etc/rc.d/nsswitch /etc/rc.d/ip6addrctl /etc/rc.d/atm2 /etc/rc.d/pfsync /etc/rc.d/pflog /etc/rc.d/pf /etc/rc.d/routing /etc/rc.d/ip6fw /etc/rc.d/network_ipv6 /etc/rc.d/mroute6d /etc/rc.d/route6d /etc/rc.d/mrouted /etc/rc.d/routed /etc/rc.d/NETWORKING /etc/rc.d/devd /etc/rc.d/ipsec /etc/rc.d/mountcritremote /etc/rc.d/devfs /etc/rc.d/ipmon /etc/rc.d/ramdisk-own /etc/rc.d/newsyslog /etc/rc.d/syslogd ... See? - so nothing is logged to /var/log/ppp.log until AFTER syslogd is started. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
popa3d
I noticed this when compiling the port of popa3d on 6.1: /* * Locking method your system uses for user mailboxes. It is important * that you set this correctly. * * *BSDs use flock(2), others typically use fcntl(2). */ #define LOCK_FCNTL 1 #define LOCK_FLOCK 0 ..why are we using 'fcntl' when the messages saus for *BSDs use 'flock' ? Anyone have any idea? -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pop3 server recommendation (APOP/TLS)
John wrote: On Wed, Feb 15, 2006 at 06:08:10AM -0600, J.D. Bronson wrote: I am looking for a recommendation for a pop3 server that can do APOP and TLS on port 110. Qpopper was a disaster and I am not interested in cyrus (and dealing with maildirs)... Is there any other option? Qpopper worked with some of the clients (like eudora) but then had issues with Thunderbird or Pegasus.. What issues did you have? Has been working fine here with thunderbird for a long time. humm. I can get APOP to workbut when I enable SSL I then see issues. It seems to me that thunderbird tried some different auth than I was allowing. I dont recall as I tried so many different POP3 servers. I will try it again someday and post more concrete answers. I had trouble getting pegasus/eudora/thunderbird mail all to work with qpopper (APOP/TLS) over port 110. -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
pop3 server recommendation (APOP/TLS)
I am looking for a recommendation for a pop3 server that can do APOP and TLS on port 110. Qpopper was a disaster and I am not interested in cyrus (and dealing with maildirs)... Is there any other option? Qpopper worked with some of the clients (like eudora) but then had issues with Thunderbird or Pegasus.. Thanks, -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
qpopper/gdbm
I am trying to compile qpopper (from src) and use APOP with the gdbm database. gdbm was installed from ports and works fine. I setup my env as such: LDFLAGS=-L/usr/lib -L/usr/local/lib -R/usr/lib -R/usr/local/lib and ldconfig shows gdbm: # ldconfig -r | grep gdbm 86:-lgdbm.3 => /usr/local/lib/libgdbm.so.3 I ran ./configure --enable-apop ... ... checking ndbm.h usability... yes checking ndbm.h presence... yes checking for ndbm.h... yes checking gdbm.h usability... yes checking gdbm.h presence... yes checking for gdbm.h... yes checking dbm.h usability... no checking dbm.h presence... no checking for dbm.h... no checking for pam_authenticate in -lpam... yes checking which database manager to use ... checking gdbm ... checking for gdbm_open in -lgdbm... yes found gdbm so configure detected this but then when I ran 'make', the build fails! /usr/bin/gcc -c -I.. -I.. -I. -I../mmangle -I../common -O2 -pipe -mtune=pentium4 -idirafter /usr/local/include -freg-struct-return -DHAVE_CONFIG_H -DFREEBSD -DUNIX popauth.c -o popauth.o /usr/bin/gcc -o popauth base64.o scram.o md5.o hmac.o popauth.o -lgdbm ../common/libcommon.a /usr/bin/ld: cannot find -lgdbm *** Error code 1 Stop in /tmp/qpopper4.1a2/popper. *** Error code 1 Can anyone point something out to me as to how to get ld to find -lgdbm when ldconfig and configure already picked it up? -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf and scrubbing bubbles
At 02:31 PM 1/29/2006, Russell E. Meek wrote: Chuck Swiger wrote: J.D. Bronson wrote: I am using this in my pf.conf (on 6.0) and was wondering if these settings are appropriate. While 'scrub' by itself is always recommended, I added a few more things that seem to ought to be there? I use this for all the NICs...WAN and LAN... with the exception to remove filtering on loopback: === scrub all random-id reassemble tcp fragment reassemble no scrub on lo0 all === anyone see any issues with this - especially since its on the WAN and LAN NICs? You're shifting a fair amount of workload onto the firewall by requiring it to re-write all of the packets to change the IPID field; it would be highly desirable to have NICs which can do hardware checksums. There's a potential for DoS'ing the firewall if it does fragment reassembly, modulo how well PF handles such fragmentation attacks. If you permit Path MTU discovery to function, blocking fragments entirely may be a more reasonable approach than trying to reassemble them on the firewall. (If you need to support older machines which don't do PMTUd, that may not be an option for you, though...) Chuck, Here is really all that you need for your scrub rules. == scrub in on $ext_if no-df scrub out on $ext_if random-id == Remember: fragment-reassemble is default and does not need to be added. You really do not need to scrub packets on your internal LAN interfaces as it will slow you down. Here is a site for you which should offer a few tips and tricks. https://www.solarflux.org/pf/pf-tips.php Thanks, Russell I was actually the one that asked about this...not Chuck. But thanks for the insight...it was good reading. -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
apache error
I have apache2.2 and running http only for now. All is running fine, but I noticed that once a page comes up..as soon as I click a link, I see this in the 'access.log' file for apache: www.wixb.com - - [28/Jan/2006:11:55:12 -0600] "GET /" 400 456 www.wixb.com - - [28/Jan/2006:11:55:13 -0600] "GET /" 400 456 this happens right after clicking ANY link whatsoever...but all the pages come up fine. Any tips on trying to figure this out? there is nothing in the error.log file... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
pf and scrubbing bubbles
I am using this in my pf.conf (on 6.0) and was wondering if these settings are appropriate. While 'scrub' by itself is always recommended, I added a few more things that seem to ought to be there? I use this for all the NICs...WAN and LAN... with the exception to remove filtering on loopback: === scrub all random-id reassemble tcp fragment reassemble no scrub on lo0 all === anyone see any issues with this - especially since its on the WAN and LAN NICs? things run fine, but I thought it wouldnt hurt to ask the group. -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
slowness on 6.0 with apache2.2 (from src)
I installed 6.0 and cvsup'd to the security fixes and rebuilt world. All went well. Then i installed apache2.2 from src (not ports) with a basic: ./configure --enable-so --enable-ssl It installed and runs. However, here is my issue: My main web page has 1 image per se. However, it is comprised of 32 little images... What I am seeing is that each image comes down 1 by 1 SLOWLY and apache2.2 spawns tons of child processes! Under OpenBSD/Solaris, I see a completely different thing...the image comes up instantly and apache only spawned 1 extra child. I used the SAME config files on all 3 OSs and the same hardware/drives/etc. This by the way is all over my internal LAN...so it never hits the internet. With all the variables being equal - but the OS. Since things work excellent on OpenBSD/Solaris, what is it that freebsd is not doing (or doing differently)? Any thoughts on this? -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: right place to load kld modules
At 04:13 PM 11/27/2005, Wojciech Puchar wrote: /etc/lkm.conf in NetBSD? How about /etc/rc.local or create a script file to go in /usr/local/etc/rc.d to do what you want? rc.local starts after usbd, and module driver that is attached after inserting the device does not attach! is it bug? don't we load modules in /boot/loader.conf ? Thats where I had to load that module for Apache 2.1-beta IIRC... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Newbie Q: freeBSD vs openBSD
At 08:14 AM 11/27/2005, Giorgos Keramidas wrote: On 2005-11-27 11:55, Wojciech Puchar <[EMAIL PROTECTED]> wrote: >> Newbie for freeBSD. One question freeBSD vs openBSD...what's the >> difference...security...supportdevelopment stage...other pros & >> cons for each. > > People say that OpenBSD is the most secure. > I say i would be as secure as it's system administrator. > > If we talk about performance, i agree with most people's opinion :) Very, uhm, 'diplomatic' way to put it :P To the original poster: This is a question that pops up very frequently. One of the most rational responses that you will probably receive is something along the lines of: ``They both have strong and weak points. They both have some good and exciting features. They both provide an extensive toolset around a base UNIX core system, and a configurable, extensible, documented way to install third-party software. To see which one of these two fits your needs, you'll probably have to try them both and see how things work out.'' You can also search the archives of this list, as there are dozens of threads around this topic and similar ones, i.e. "NetBSD vs. FreeBSD vs. OpenBSD vs. Linux vs. some other OS". One thing that comes to mind...If you like to play and build custom kernels...then FreeBSD is for you. If you build a custom kernel under OpenBSD...don't dare ask for any help from anyone. it seems the OpenBSD group doesn't actually like questions. You can get flamed for the best worded question. Under FreeBSD, the community is more open to ideas and people trying things. In addition...some parts of the core of OpenBSD cannot easily be upgraded w/o issues. (Like openSSL for example)...and if you try and fail and ask for helpwell read above again ! Both OSs are fine. They are only as 'secure' as the admin makes them. As far as performance and device support - see if your hardware item(s) is supported with one OS vs the other. I chose FreeBSD since my hardware is better 'seen' by this OS and that this group is open to discussions - it seems sometimes, we are encouraged to play with this OS YMMV. -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
sendmail from src on 6.0
I have a question about building sendmail from src on freebsd6.0.. What database options are available (by default) for me to use? Is there any Berkeley on the full install and if so, does anyone have a site.config.m4 they can share? I would prefer to use whatever is inherent to FBSD rather than installing BDB (new) if I dont have to. Postfix seems to link up to something when I build it (hash is available) - but I am unsure of where/what it's picking up. Thanks :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Yesterday's -STABLE kernel corrupts LAN
At 02:45 PM 11/26/2005, matt . wrote: Wow I must be missing something here on a very basic, fundamental level. I run FreeBSD-RELEASE on a production box. I have my reservations but it was the only release that supported my RAID controller, so I had no choice (or buy a $300 raid card that was supported). Anyway it works fine so far (knock heavily and repeatedly on huge pieces of wood). I've read the FreeBSD notes regarding the differences between STABLE, CURRENT and RELEASE. So uh, what is supposed to be run on a production box? In plain sight on the FreeBSD site it says "Latest production release" which is 6.0-RELEASE...are we only supposed to run RELEASE on production systems or are we supposed to run STABLE? Seems to me it's counter-intuitive to call something STABLE and not have it meant for production. My head hurts. matt I couldnt agree more with this comment. My head hurt after trying to figure this out as well.. Yea. The information seems to contradict itself. The only thing I have been able to 100% figure out is: #*default release=cvs tag=RELENG_6_0 -> release branch/security fixes only Results in: 6.0-RELEASE #*default release=cvs tag=RELENG_6 -> 6.0 + changes will eventually be 6.1 Results in: 6.0-STABLE It is perhaps a bit easier in OpenBSD land. -STABLE means only bugfixes and important patches. In FreeBSD - this seems not the case? -JD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
pf + NAT loopback
I had all of this working with PPPoE + PF, but now i have a T-1 with several IPs all aliased off of the main. pf is working finehowever, I now have lost NAT LOOPBACK. What I need is a way to go from one LAN machine to the WAN and loopback to the other LAN machine. Since this 'just works' with pppoe, how do I do it with pf? simple pf.conf: binat on $bge1 from 192.168.82.170 to any -> 67.x.x.1 binat on $bge1 from 192.168.82.171 to any -> 67.x.x.2 binat on $bge1 from 192.168.82.172 to any -> 67.x.x.3 binat on $bge1 from 192.168.82.173 to any -> 67.x.x.4 and so on. I need to use 192.168.82.172 to go and connect to public 67.x.x.2 This results in an immediate connection refused. I see nothing in the pflog and I even tried pass out quick all. So I dont think pf is technically blocking it -but Why do I need this? - I run 2 external DNS servers (with views) and as such NS2 needs to talk to NS1 but using the WAN NAT loopbacks. Help? -- J.D. Bronson Information Services Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 -Taco Bell is *not* the Mexican Telephone Company- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
ppp.linkup but for cable?
I am looking for a way to monitor a cable NIC in the freebsd box so that if the cable line fails, I can get an email *like in ppp.linkdown* Is there such a thing? -- J.D. Bronson Information Services Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 -Taco Bell is *not* the Mexican Telephone Company- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
rcorder again..
Well...I was surprised that no one replied. I was trying to figure out why ppp-user would start BEFORE pf fired up It appears easy enough to change, but its untested: Edit /etc/rc.d/ppp-user: # $FreeBSD: src/etc/rc.d/ppp-user,v 1.7 2004/12/15 12:39:28 brian Exp $ # # PROVIDE: ppp-user # REQUIRE: netif isdnd pf <--- add pf # KEYWORD: nojail = Then rcorder shows things BETTER: /etc/rc.d/netif /etc/rc.d/pfsync /etc/rc.d/pflog /etc/rc.d/pf /etc/rc.d/isdnd /etc/rc.d/ppp-user my only concern might be that tun0 is not created until ppp-user launches (correct me if I am wrong) and pf might have an issue with an interface that doesnt yet exist. Under OpenBSD, tun0 is there before ppp even starts. Wouldnt we WANT pf to be active prior to ppp launching (like in openbsd?) Can someone kindly comment on this please? thanks guys! -- J.D. Bronson Information Services Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 -Taco Bell is *not* the Mexican Telephone Company- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Solaris patches and Solaris Express
At 03:52 AM 11/17/2005, Ted Mittelstaedt wrote: Hmmm, We run a lot of Solaris 8 and FreeBSD. I find Solaris 8 pretty much the same speed as FreeBSD for what we do. However, one thing is that we do not run X-windows on either our Solaris 8 or FreeBSD systems, because they are servers and there is no need for it. I've generally not found trouble obtaining the patches for Solaris I've needed, most of them are in the cluster patch, and the ones that aren't yet are critical (such as the repaired ncsd program) are available on the Internet on non-Sun-approved websites. The performance of Xorg/XFree86 vs Openwindows is greatly different as you point out. It is possible to compile Xorg on Solaris 8, at least Solaris x86 - I've heard of people doing it but I've never done it myself. Ted Indeed. But this is not Solaris 10 - thats when all of this changed. -- J.D. Bronson Information Services Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 -Taco Bell is *not* the Mexican Telephone Company- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Release engineering confusion
At 05:16 PM 11/16/2005, Steve Bertrand wrote: Hi all, I'm a little confused about which tags to use in my supfiles for cvsup. I've installed 6.0-RELEASE, and really want to stay with STABLE. AFAICT, in my supfile, I should have the following to do so: *default tag=RELENG_6_0 ...is that correct? I used this, and after a buildworld I got an error. I'm not concerned about that right now though. Also, is RELENG_6 considered to be the most current, up-to-date release of the 6.0 track, as opposed to STABLE? Steve according to the example in /usr/share/examples/cvsup: # The following line is for 6-stable. If you want 5-stable, 4-stable, # 3-stable, or 2.2-stable, change to "RELENG_5", "RELENG_4", "RELENG_3", # or "RELENG_2_2" respectively. *default release=cvs tag=RELENG_6 *default delete use-rel-suffix So I used this in my cvsup-file *default release=cvs tag=RELENG_6 and buildworld fails on libcurses.. -- J.D. Bronson Information Services West Allis Memorial Hospital Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 -Taco Bell is *not* the Mexican Telephone Company- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
rcorder on 6.0
I find this a bit odd and would like someone to kindly explain it. While looking at rcorder on /etc/rc.d/* I noticed this start order: ... ... /etc/rc.d/ppp-user /etc/rc.d/ipfw /etc/rc.d/nsswitch /etc/rc.d/ip6addrctl /etc/rc.d/atm2 /etc/rc.d/pfsync /etc/rc.d/pflog /etc/rc.d/pf ..how I interepret this is that userland 'pppoe' is starting before pfsync/pflog and pf. - Am I correct? This is exactly the opposite of openbsd. I think I can figure out a way to re-arrange these so that ppp-user starts AFTER the pf stuff...is there any reason this is done this way? Thanks for any clarification on this -- J.D. Bronson Information Services West Allis Memorial Hospital Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 -Taco Bell is *not* the Mexican Telephone Company- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Solaris patches and Solaris Express
At 11:29 AM 11/16/2005, Lee Capps wrote: At 18:46 Tue 15 Nov 2005, J.D. Bronson wrote: > I still run 1 solaris machine and thats a sparc running 9.0 ...as > soon as the machine dies or the OS is no longer supported, the > machine will find a nice resting spot in some city dump (or recycler) > Not to start a holy war or anything, but if you're really feeling motivated, I believe you can run netbsd or one of several flavors of linux on that sparc. Not sure about FreeBSD. Regards, Yes. this is truebut from my past experience...the best things that run on SPARC are Sun basedso I didnt want to re-invent the wheel so to say :) -- J.D. Bronson Information Services Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 -Taco Bell is *not* the Mexican Telephone Company- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Solaris patches and Solaris Express
At 09:32 PM 11/15/2005, Victor Watkins wrote: > Do community member find these additional features worth the cost? No. We just want to get our patches without jumping through any hoops, or worrying about if the check made it through the mail, or if Sun FUBAR'ed our support account info rather than there being a problem with the Update Manager connecting, etc. No longer personally worried about it though..I nuked my Solaris install and have a nice, shiny new FreeBSD 6.0 kit now, and I gotta say, after Solaris 5.10 x86, the speed difference alone is breathtaking. Ironically, I too did the same exact thing. Sun screwed me around with "whats free..whats not free" - patches available...patches restricted. Then when Update manager stopped working - I said enough was enough. I nuked my solaris 10 install - and opted for FreeBSD. Not only is it much faster and easier to work with, but I can feel more assured that if/when a patch is needed, I wont be dick'ed around to get it. Solaris x86 has never offered stellar performance, but when 10 came out we all had high hopes. That faded fast. I have 2 MAJOR bugs filed that still have not been addressed (reported March 2005) - and there are many users out there that dont even know about some of these. They likely will find out someday :-( I still run 1 solaris machine and thats a sparc running 9.0 ...as soon as the machine dies or the OS is no longer supported, the machine will find a nice resting spot in some city dump (or recycler) -- J.D. Bronson Information Services West Allis Memorial Hospital Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 -Taco Bell is *not* the Mexican Telephone Company- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
ACPI on 6.0-RC1
acpi0: reservation of fec01000, 1000 (3) failed acpi0: reservation of fee0, 1000 (3) failed I notice that in 'dmesg' - but this machine has been running fine for days under a good load. Is this anything to be concerned (or fixed) about though? thanks- -- J.D. Bronson Information Services Telecommunications Site Support Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: automatic fsck -y at boot
/etc/rc.conf: fsck_y_enable="YES" I personally use these: fsck_y_enable="YES" background_fsck="NO" At 12:14 PM 10/17/2005, kyr wrote: Hello, This is the first time I'm asking for help because all my other problems were solved by the handbook or other e-mails. The question is how can i make freebsd to AUTOMATICALLY CORRECT (fsck -y not just fsck) the inconsistency of a HD at boot time after a power failure. After a non clean shutdown I always have a problem with the /var partition (because the squid cache is there) it always corrects with the fsck -y in single mode manually but the problem is that the server is located in a basement where the access is not very easy especially when raining :( The server is a P4 3Ghz 1Gb ram OS: Freebsd 5.4 Role: Router, DHCPD, DNS, NAT, Firewall, Proxy, SMBD Thanks Kyriakos Kyriakou Xanthi, Greece ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- J.D. Bronson Information Services Telecommunications Site Support Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: fsck question
At 07:14 AM 10/14/2005, Bernhard Fischer wrote: > UNREF FILE I=1060395 OWNER=root MODE=100644 > SIZE=0 MTIME=Oct 14 06:50 2005 > CLEAR? no > > ..how can I find *this* file its not happy about? The option -i of ls shows you the inode number of the files. So you could make an ls -lRi >tmpfile and then searching for the inode number within tmpfile. Regards, bh When I shut off apache2, this problem goes away. so it must be some file thats open or something and as such nothing to worry about thanks- -- J.D. Bronson Information Services Telecommunications Site Support Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
fsck question
I am running the beta 5 of 6.0 and was wondering if anyone could help me figure out why fsck is not happy... At boot time: (forced fsck - things look fine) Oct 14 06:50:16 shadow kernel: ** /dev/ad0s1d Oct 14 06:50:16 shadow kernel: ** Last Mounted on /usr Oct 14 06:50:16 shadow kernel: ** Phase 1 - Check Blocks and Sizes Oct 14 06:50:16 shadow kernel: ** Phase 2 - Check Pathnames Oct 14 06:50:16 shadow kernel: ** Phase 3 - Check Connectivity Oct 14 06:50:16 shadow kernel: ** Phase 4 - Check Reference Counts Oct 14 06:50:16 shadow kernel: ** Phase 5 - Check Cyl groups Oct 14 06:50:16 shadow kernel: 65946 files, 473793 used, 9677846 free (15150 frags, 1207837 blocks, 0.1% fragmentation) But then once the machine is up I see this: shadow# fsck -f /dev/ad0s1d ** /dev/ad0s1d (NO WRITE) ** Last Mounted on /usr ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts UNREF FILE I=1060395 OWNER=root MODE=100644 SIZE=0 MTIME=Oct 14 06:50 2005 CLEAR? no ..how can I find *this* file its not happy about? -- J.D. Bronson Information Services Telecommunications Site Support Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: correct syntax for openssl 0.9.8 in port
At 12:57 PM 7/30/2005, Kris Kennaway wrote: On Sat, Jul 30, 2005 at 12:46:37PM -0500, J.D. Bronson wrote: > I update my port tree on 5.4 to the latest and I am trying to figure > out what steps I need to build openssl 0.9.8 in /usr/ports/security/openssl > and end up overwriting any base files. > > This question comes up often, perhaps a comment can be put into the > makefile? > > I have tried all the ideas on the archives and either it wont build > or it keeps trying to build 0.9.7g !!! > > *ANY* advice will be greatly appreciated. > > I am able to compile the src code cleanly, but that install will > place files in their own spot and obviously not overwrite base files. Read the makefile for the appropriate variables to set. Kris This is obviously my issue. I cannot figure out what variables to set. What I think it should be, it whines about. Can someone at least POST what we should use so this will at least be in the archives once and for all? thanks! -- J.D. Bronson Information Services Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.314.8787 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
correct syntax for openssl 0.9.8 in port
I update my port tree on 5.4 to the latest and I am trying to figure out what steps I need to build openssl 0.9.8 in /usr/ports/security/openssl and end up overwriting any base files. This question comes up often, perhaps a comment can be put into the makefile? I have tried all the ideas on the archives and either it wont build or it keeps trying to build 0.9.7g !!! *ANY* advice will be greatly appreciated. I am able to compile the src code cleanly, but that install will place files in their own spot and obviously not overwrite base files. thanks! -- J.D. Bronson Information Services Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.314.8787 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
bsdlabel question..
# /dev/da0s1: type: SCSI disk: da0s1 label: flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 2234 sectors/unit: 35889147 rpm: 15000 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # milliseconds track-to-track seek: 0 # milliseconds drivedata: 0 8 partitions: #size offsetfstype [fsize bsize bps/cpg] a: 104857604.2BSD 2048 16384 8 b: 2097152 10485764.2BSD 2048 16384 28552 c: 358891470unused0 0 # "raw" part, don't edit d: 16777216 31457284.2BSD 2048 16384 28552 e: 8388608 199229444.2BSD 2048 16384 28552 f: 2097152 283115524.2BSD 2048 16384 28552 g: 2097152 304087044.2BSD 2048 16384 28552 h: 3383291 325058564.2BSD 2048 16384 28552 ...This is on a FreeBSD 5.4 machine with a Fuji 15K 18GB scsi drive. Does this disklabel look right? (28553 bps/cpg?) thanks! -- J.D. Bronson Information Services Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.314.8787 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
openssl 0.9.8 with 5.4-stable
I know this may not be supported, but I was wondering if anyone was successful in installing the src of openssl 0.9.8 into the base install of 5.4 (overwriting the originals) ? thanks- -- J.D. Bronson Information Services Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.314.8787 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
IDE message - error or cosmetic?
May 11 15:13:05 shadow kernel: ad0: 38166MB [77545/16/63] at ata0-master UDMA100 May 11 15:13:05 shadow kernel: ad2: FAILURE - SET_MULTI status=51 error=4 May 11 15:13:05 shadow kernel: ad2: 9787MB [19885/16/63] at ata1-master UDMA100 May 11 15:13:05 shadow kernel: SMP: AP CPU #1 Launched! I have seen this with (4) Maxtor/Quantum drives and I cant believe all of them are bad... Is this a cosmetic error or a serious issue? thanks- -- J.D. Bronson Off The Hook Phone Repair, Inc. For Fast Repairs: CALL US - IF YOU CAN Office: 414.978.8282 // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: build world failure help needed
At 08:13 PM 5/9/2005, Kris Kennaway wrote: On Tue, May 10, 2005 at 03:51:53AM +0300, Abu Khaled wrote: > > # make > > Warning: Object directory not changed from original /usr/src/bin/ls > > /usr/bin/gcc -O2 -pipe -DCOLORLS -Wsystem-headers -Werror -Wall > > -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes > > -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual > > -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter > > -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -c cmp.c > > /usr/bin/gcc -O2 -pipe -DCOLORLS -Wsystem-headers -Werror -Wall > > -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes > > -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual > > -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter > > -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -c ls.c > > ls.c: In function `main': > > ls.c:330: warning: passing arg 1 of `tgetstr' discards qualifiers > > from pointer target type > > ls.c:331: warning: passing arg 1 of `tgetstr' discards qualifiers > > from pointer target type > > ls.c:332: warning: passing arg 1 of `tgetstr' discards qualifiers > > from pointer target type > > ls.c:333: warning: passing arg 1 of `tgetstr' discards qualifiers > > from pointer target type > > ls.c:338: warning: passing arg 1 of `tgetstr' discards qualifiers > > from pointer target type > > ls.c:340: warning: passing arg 1 of `tgetstr' discards qualifiers > > from pointer target type > > *** Error code 1 It looks like you may have nonstandard -W settings, in particular -Werror. Don't do this unless you're willing to fix the warnings encountered in your build. Kris I didnt do anything. the build failed. so I removed the cflags reference to -DCOLORES and then build world fine. so then I replaced the reference and was able to build world normally. I have no idea why this failed in the first place! -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: build world failure help needed
At 10:56 AM 05/09/2005, Kent Stewart wrote: On Monday 09 May 2005 05:56 am, J.D. Bronson wrote: > I am trying to build world on 5.4-RC4 and need some assistance > troubleshooting the build... > > it builds fine until: > > ===> bin/ls > /usr/bin/gcc -O2 -pipe -DCOLORLS -Wsystem-headers -Werror -Wall > -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes > -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual > -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter > -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -c > /usr/src/bin/ls/cmp.c > /usr/bin/gcc -O2 -pipe -DCOLORLS -Wsystem-headers -Werror -Wall > -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes > -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual > -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter > -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -c > /usr/src/bin/ls/ls.c > /usr/src/bin/ls/ls.c: In function `main': > /usr/src/bin/ls/ls.c:330: warning: passing arg 1 of `tgetstr' > discards qualifiers from pointer target type > /usr/src/bin/ls/ls.c:331: warning: passing arg 1 of `tgetstr' > discards qualifiers from pointer target type > /usr/src/bin/ls/ls.c:332: warning: passing arg 1 of `tgetstr' > discards qualifiers from pointer target type > /usr/src/bin/ls/ls.c:333: warning: passing arg 1 of `tgetstr' > discards qualifiers from pointer target type > /usr/src/bin/ls/ls.c:338: warning: passing arg 1 of `tgetstr' > discards qualifiers from pointer target type > /usr/src/bin/ls/ls.c:340: warning: passing arg 1 of `tgetstr' > discards qualifiers from pointer target type > *** Error code 1 > You aren't seeing the error. This usually means you are running -jx of some size for x. You have run with no -j to see the error. If you time the build, you will probably see a smaller build time on non-smp systems when you don't provide a -j. Kent that was with NO '-j' flag if I go into /usr/src/bin/ls and try to make it manually it bombs as well: # make Warning: Object directory not changed from original /usr/src/bin/ls /usr/bin/gcc -O2 -pipe -DCOLORLS -Wsystem-headers -Werror -Wall -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -c cmp.c /usr/bin/gcc -O2 -pipe -DCOLORLS -Wsystem-headers -Werror -Wall -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -c ls.c ls.c: In function `main': ls.c:330: warning: passing arg 1 of `tgetstr' discards qualifiers from pointer target type ls.c:331: warning: passing arg 1 of `tgetstr' discards qualifiers from pointer target type ls.c:332: warning: passing arg 1 of `tgetstr' discards qualifiers from pointer target type ls.c:333: warning: passing arg 1 of `tgetstr' discards qualifiers from pointer target type ls.c:338: warning: passing arg 1 of `tgetstr' discards qualifiers from pointer target type ls.c:340: warning: passing arg 1 of `tgetstr' discards qualifiers from pointer target type *** Error code 1 Stop in /usr/src/bin/ls. so I looked at this closly. if I remove the " -DCOLORLS " from the make file...it will build. In addition, if we copy these files in /usr/src/bin/ls to /tmp, it will build fine...so then I looked at all the CFLAGS and tested with and without each one... -Wwrite-strings = causes the build to fail. I dont know what any of this means...so hopefully someone can tell me more based on this finding. -- J.D. Bronson Off The Hook Phone Repair, Inc. For Fast Repairs: CALL US - IF YOU CAN Office: 414.978.8282 // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
build world failure help needed
I am trying to build world on 5.4-RC4 and need some assistance troubleshooting the build... it builds fine until: ===> bin/ls /usr/bin/gcc -O2 -pipe -DCOLORLS -Wsystem-headers -Werror -Wall -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -c /usr/src/bin/ls/cmp.c /usr/bin/gcc -O2 -pipe -DCOLORLS -Wsystem-headers -Werror -Wall -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -c /usr/src/bin/ls/ls.c /usr/src/bin/ls/ls.c: In function `main': /usr/src/bin/ls/ls.c:330: warning: passing arg 1 of `tgetstr' discards qualifiers from pointer target type /usr/src/bin/ls/ls.c:331: warning: passing arg 1 of `tgetstr' discards qualifiers from pointer target type /usr/src/bin/ls/ls.c:332: warning: passing arg 1 of `tgetstr' discards qualifiers from pointer target type /usr/src/bin/ls/ls.c:333: warning: passing arg 1 of `tgetstr' discards qualifiers from pointer target type /usr/src/bin/ls/ls.c:338: warning: passing arg 1 of `tgetstr' discards qualifiers from pointer target type /usr/src/bin/ls/ls.c:340: warning: passing arg 1 of `tgetstr' discards qualifiers from pointer target type *** Error code 1 Stop in /usr/src/bin/ls. *** Error code 1 Stop in /usr/src/bin. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. Help? -- J.D. Bronson Off The Hook Phone Repair, Inc. For Fast Repairs: CALL US - IF YOU CAN Office: 414.978.8282 // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
cvs tag for 5.4-BETA1 ?
What cvs tag should I be using to be working at 5.4-BETA1? tag=RELENG_5 ? ..thanks :) When I last cvsup'd and build world/kernel it still showed "5.4-PRERELEASE" so I wanted to make sure. -- J.D. Bronson Off The Hook Phone Repair, Inc. 24 Hour Service // Free Estimates For Fast Repairs: CALL US - IF YOU CAN Office: 414.978.8282 // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
session in wrong state/PPPoE
I have started seeing this on the console and in /var/log/messages... I dont know what it means and things are working fine so far... Since I dont see it on EACH boot, is this an ISP issue? How do I troubleshoot this? The PPPoE session is usually established the very 1st time and I couldnt be happier I am running 5.4-PRE with userland PPPoE. any thoughts? -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: installworld fails (5.4-PRE)
At 07:48 AM 03/10/2005, Pietro Cerutti wrote: > shadow# cd /usr/include/dev > shadow# ls -al > -r--r--r-- 1 root wheel 4210 Mar 2 17:00 acpica > > and how do I fix this? The problem here is that the acpica folder is not executable (you can not cd into it). chmod 755 acpica should solve it. > > Thanks :) drwxr-xr-x 14 root wheel 512 Mar 9 20:37 . drwxr-xr-x 46 root wheel 4608 Mar 9 20:37 .. -r--r--r-- 1 root wheel 4210 Mar 2 17:00 acpica But acpica is -not- a directory ??? -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
installworld fails (5.4-PRE)
I cvsup'd to 5.4-PRE and built world. (I was already in 5.4-PRE).. I have never had any issues until today World and kernel built fine. I follow the same steps as always but this time I have a twist: # make installkernel - that works fine # make installworld ... ... ... cd: can't cd to /usr/include/dev/acpica *** Error code 2 Stop in /usr/src/include. *** Error code 1 Humm... shadow# cd /usr/include/dev shadow# ls -al total 38 drwxr-xr-x 14 root wheel 512 Mar 9 20:37 . drwxr-xr-x 46 root wheel 4608 Mar 9 20:37 .. -r--r--r-- 1 root wheel 4210 Mar 2 17:00 acpica drwxr-xr-x 2 root wheel 512 Feb 28 16:04 an drwxr-xr-x 2 root wheel 512 Feb 28 16:04 bktr drwxr-xr-x 2 root wheel 512 Feb 28 16:04 firewire drwxr-xr-x 2 root wheel 512 Feb 28 16:04 ic drwxr-xr-x 2 root wheel 512 Mar 9 20:37 ieee488 drwxr-xr-x 2 root wheel 512 Feb 27 20:09 iicbus drwxr-xr-x 2 root wheel 512 Feb 28 16:04 ofw drwxr-xr-x 2 root wheel 512 Feb 28 16:04 ppbus drwxr-xr-x 2 root wheel 512 Feb 27 20:09 smbus drwxr-xr-x 2 root wheel 1024 Mar 2 17:00 usb drwxr-xr-x 2 root wheel 512 Feb 28 16:04 utopia drwxr-xr-x 2 root wheel 512 Feb 28 16:04 wi Well...why is it trying to cd into a directory that does not exist? and how do I fix this? Thanks :) -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
in-kernel pppoe ?
Does 5.4PRE offer in-kernel pppoe to use to connect to my DSL ISP (pppoe)? I have userland pppoe configured and running and was wondering if anyone has this working and opinions... Thanks :) -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
pf question
First my ifconfig -A: # ifconfig -A bge0: flags=8843 mtu 1500 address: media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.82.1 netmask 0xff00 broadcast 192.168.82.255 inet 192.168.82.2 netmask 0x broadcast 192.168.82.2 I use a rule in the firewall such as this: # macros int_if = "bge0" pass in on $int_if from $int_if:network to any modulate state pass out on $int_if from any to $int_if:network modulate state This expands to: pass in on bge0 inet from 192.168.82.0/24 to any modulate state pass in on bge0 inet from 192.168.82.2 to any modulate state pass out on bge0 inet from any to 192.168.82.0/24 modulate state pass out on bge0 inet from any to 192.168.82.2 modulate state ..Why does it pick the alias IP on the nic and not the actual IP? Is this intended by design? -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
SCHED_ULE with 5.4-PRE ?
options SCHED_ULE I ran this option on 5.2.1 with P4 HTT and never had any issues. I understand it was removed...but have the issues been resolved and is it worth using with only HTT and not true SMP? Thanks- -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
pf seems to start late?
Mar 4 06:15:11 sole kernel: Setting hostname: sole.domain.com Mar 4 06:15:11 sole kernel: bge0: flags=8843 mtu 1500 Mar 4 06:15:11 sole kernel: options=1a Mar 4 06:15:11 sole kernel: inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 Mar 4 06:15:11 sole kernel: media: Ethernet autoselect (none) Mar 4 06:15:11 sole kernel: status: no carrier Mar 4 06:15:11 sole kernel: lo0: flags=8049 mtu 16384 Mar 4 06:15:11 sole kernel: inet 127.0.0.1 netmask 0xff00 Mar 4 06:15:11 sole kernel: Starting ppp as "root" Mar 4 06:15:11 sole kernel: Working in ddial mode Mar 4 06:15:11 sole kernel: Using interface: tun0 Mar 4 06:15:11 sole kernel: Starting dhclient. Mar 4 06:15:11 sole kernel: bge1: flags=8843 mtu 1500 Mar 4 06:15:11 sole kernel: options=1a Mar 4 06:15:11 sole kernel: inet 65.12.14.18 netmask 0xf000 broadcast 255.255.255.255 Mar 4 06:15:11 sole kernel: media: Ethernet autoselect (100baseTX ) Mar 4 06:15:11 sole kernel: status: active Mar 4 06:15:11 sole kernel: Additional routing options: Mar 4 06:15:11 sole kernel: IP gateway=YES Mar 4 06:15:11 sole kernel: . Mar 4 06:15:11 sole kernel: Starting devd. Mar 4 06:15:11 sole kernel: Mounting NFS file systems: Mar 4 06:15:11 sole kernel: . Mar 4 06:15:11 sole kernel: Starting syslogd. Mar 4 06:15:11 sole kernel: Mar 4 06:15:11 sole syslogd: kernel boot file is /boot/kernel/kernel Mar 4 06:15:11 sole kernel: Starting named. Mar 4 06:15:12 sole kernel: Setting date via ntp. Mar 4 06:15:15 sole kernel: 4 Mar 06:15:15 ntpdate[345]: step time server x.x.x.x offset -0.534182 sec Mar 4 06:15:15 sole kernel: Clearing /tmp. Mar 4 06:15:16 sole kernel: ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib Mar 4 06:15:16 sole kernel: a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout Mar 4 06:15:16 sole kernel: Enabling pflogd Mar 4 06:15:16 sole kernel: . Mar 4 06:15:16 sole kernel: Mar 4 06:15:16 sole kernel: pflog0: promiscuous mode enabled Mar 4 06:15:16 sole kernel: Enabling pf. Mar 4 06:15:16 sole kernel: pf enabled ..shouldnt PF start right after the interfaces come up? The interface comes up and then NTP/NTPD start...and duing this time for 5secs or more there seems to be no pf runningwhy is this and why doesnt NTP/NTPD start AFTER pf is loaded up? I think under OpenBSD...pf loads before anything else network related to at least offer minimum protection. Am i missing something? Ideally, I think pf should launch immediately after the ppp kernel fires. -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
ppp + syslog
how do I get ppp to log to syslog when as the machine boots up...ppp starts and connects before syslogd starts!? I have my ppp and pf config working fine...but I would like to see what happens as it boots to /var/log/ppp.log if I kill ppp and start it manually it does log fine. Thanks! -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: dumb network question
At 02:10 PM 3/3/2005, Thomas Foster wrote: hostname="my.hostname.whatever" ifconfig_NIC1="inet a.b.c.d netmask 255.255.255.0" ifconfig_NIC2="DHCP" gateway_enable="YES" replace NIC1 and NIC2 with the interface names.. and of course.. a.b.c.d with the internal IP address.. be sure theres no gateway defined for the internal interface.. and if you need help setting up a firewall/router, be sure and check out : http://www.section6.net/help.php Hope this helps T Yea...this is great. One last question guys... for the nic that I have using for PPP...do I need anything special? (like in OpenBSD I have to toss 'up' in hostname.fxp0 for example) or does it -just- work. thanks! -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
dumb network question
Ok. I admit it. I cant figure what I am missing. I have 2 NICs in this machine. NIC 1 is a LAN NIC and static IP. - that I can figure out. NIC 2 needs to be DHCP (from cable modem). and I want the default router to be the DHCP cable modem gateway IP (passed from dhclient). What do I need to setup in /etc/rc.conf to make this happen? Thanks and sorry for the dumb question. -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [repost] ip.forwarding with pf
At 12:13 PM 03/03/2005, Chris Hodgins wrote: Hmm I found this: http://mailman.twdx.net/pipermail/occaid/2003-October/000250.html Google for "freebsd net.inet.ip.fastforwarding". Chris Hey guys...all of this seems really coolbut is it appropriate for one to use 'fast forwarding' when using pf/nat ? It -seems- to me that if one wants to use pf and/or nat that 'fast forwarding is not applicable nor desired. OTOH, if it IS desirable, I certainly want to use it. thanks- -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [repost] ip.forwarding with pf
At 09:15 AM 03/03/2005, Tomas Quintero wrote: Are you entirely sure you want to do it using PF? Has PF even been fully implemented into the 5.x series? I recently setup an FBSD router with 3 external NICs and 1 internal, using NAT and open ipfw rules for now, until I learn a bit more about ipfw. -- -Tomas Quintero Yes...pf can be a loadable module or compiled into the kernel. I am seeking more information on the if.forwarding options though... -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
[repost] ip.forwarding with pf
No one replied to this and I thought it was easy for someone on this list to help me? I am going to run pf and setup FBSD as a router (3 NICs). And I see there are some options: net.inet.ip.fastforwarding or net.inet.ip.forwarding Can someone tell me which is appropriate when FreeBSD 5.4-PRE is used as a router running pf with built in NAT ? And what is the difference on these 2 options? -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
ip forward and pf
net.inet.ip.fastforwarding or net.inet.ip.forwarding Can someone tell me which is appropriate when FreeBSD 5.4-PRE is used as a router running pf with built in NAT ? And what is the difference on these 2 options? Lastly, do I still need to set gateway_enable="YES" ? (or does that do the same thing as sysctl commands above) Thanks! -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: make world fails..how to troubleshoot?
At 08:49 AM 03/01/2005, Lowell Gilbert wrote: "J.D. Bronson" <[EMAIL PROTECTED]> writes: > I am running: > FreeBSD 5.3-STABLE-SNAP001 FreeBSD 5.3-STABLE-SNAP001 #0: Sun Jan 30 > 03:57:47 UTC 2005 > [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 > > and I cvs'd up using: > *default release=cvs tag=RELENG_5 > > (I first deleted /usr/src and then ran cvsup) > > Then following the normal way of building world, I went into > /usr/src and issued: > > "make buildworld" > > After about 5-7mins I see this: > > building shared library libkrb5.so.7 > building static krb5 library > ranlib libkrb5.a > sh /usr/src/tools/install.sh -C -o root -g wheel -m 444 libkrb5.a > /usr/obj/usr/src/i386/usr/lib > sh /usr/src/tools/install.sh -s -o root -g wheel -m 444 > > Anyone shed some lite on this? Are you using a "-j" option in the build? If so, try it again without, so that the error will show more clearly. Also, try another cvsup, in case you had hit a transient build problem (there apparently was one over the weekend -- I seem to recall it being in a different area, but I may be remembering incorrectly). Yes...I hit this bug...I was not using any -j in the build and still no clear errors...after someone else noticed this and cvs was updated..all is well thanks- -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
make world fails..how to troubleshoot?
I am running: FreeBSD 5.3-STABLE-SNAP001 FreeBSD 5.3-STABLE-SNAP001 #0: Sun Jan 30 03:57:47 UTC 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 and I cvs'd up using: *default release=cvs tag=RELENG_5 (I first deleted /usr/src and then ran cvsup) Then following the normal way of building world, I went into /usr/src and issued: "make buildworld" After about 5-7mins I see this: building shared library libkrb5.so.7 building static krb5 library ranlib libkrb5.a sh /usr/src/tools/install.sh -C -o root -g wheel -m 444 libkrb5.a /usr/obj/usr/src/i386/usr/lib sh /usr/src/tools/install.sh -s -o root -g wheel -m 444 libkrb5.so.7 /usr/obj/usr/src/i386/usr/lib sh /usr/src/tools/install.sh -C -o root -g wheel -m 444 heim_err.h k524_err.h /usr/src/kerberos5/lib/libkrb5/../../../crypto/heimdal/lib/krb5/krb5-protos.h /usr/src/kerberos5/lib/libkrb5/../../include/krb5-types.h /usr/src/kerberos5/lib/libkrb5/../../../crypto/heimdal/lib/krb5/krb5.h krb5_err.h /usr/obj/usr/src/i386/usr/include ln -fs libkrb5.so.7 /usr/obj/usr/src/i386/usr/lib/libkrb5.so 1 error *** Error code 2 1 error *** Error code 2 1 error *** Error code 2 1 error # And then it stops. I did a full make world using the same gear Saturday and it worked fine...this is another new identical machine...but I cannot get world to build and this error means little to me.. Anyone shed some lite on this? thanks! -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: correct cvsup for 5.3 snapshot
At 03:22 PM 2/25/2005, John Wilson wrote: On Fri, 25 Feb 2005 15:07:36 -0600 "J.D. Bronson" <[EMAIL PROTECTED]> wrote: [...] > and I want to update this...I am presuming to 5.3-STABLE ? [...] > *default release=cvs tag=RELENG_5_3 If you want -stable, change this to read: *default release=cvs tag=RELENG_5 - John. thanx! -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
correct cvsup for 5.3 snapshot
I am currently running a snapshot "FreeBSD 5.3-STABLE-SNAP001" and I want to update this...I am presuming to 5.3-STABLE ? Is this the correct cvsup file? *default host=someserver.freebsd.org *default base=/var/db *default prefix=/usr *default release=cvs tag=RELENG_5_3 *default delete use-rel-suffix *default compress src-all Thanks- -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"