pptp with mppe on freebsd
Hi, I'm trying to connect my lan to a remote lan through pptp/vpn. I followed the instructions on http://www.freebsddiary.org/pptp.php and created a ppp.conf like this: UPVPN: set authname myusername set authkey mypassword set timeout 0 set ifaddr 0 0 add 10.40.23.0/24 HISADDR alias enable yes Now when I lauched pptp: # pptp vpnserver UPVPN I got these errors: anon warn[open_inetsock:pptp_callmgr.c:312]: connect: Operation timed out anon fatal[callmgr_main:pptp_callmgr.c:121]: Could not open control connection t o vpnserver's ip anon fatal[open_callmgr:pptp.c:379]: Call manager exited with error 256 Looking at /var/messages, I can see something like this, but I don't know if it has something to do with the error. Jun 16 13:04:14 tmc pptp[20182]: anon log[main:pptp.c:219]: The synchronous pptp option is NOT activated There is this site: http://www.mreriksson.net/howtos/netbsd-pptp-client/ which discusses how to set up pptpclient on NetBSD and there he mentioned about installing the PPPD-MPPE package which I did't do in my FreeBSD box since I failed to find the said pacakge in /usr/ports. I have a slight idea that I really need to have this installed because when I look at the properties page of my vpn connection using a windows machine, I can see this details: device Name WAN Miniport(PPTP) Device Type vpn Server Type PPP Transports TCP/IP Authentication MS CHAPv2 Encryption MPPE 128 Compression (none) PPP multilinkOff ServerIP Address 10.40.23.120 ClientIP Address 10.40.23.13 Here's my LAN setup: LAN --PCRouter/proxy-Cisco Routercloud Private computer on LAN access Internet through a dual homed pcrouter/proxy server. In this kind of setup, is it possible that those private machine on LAN be connected to the remote private LAN through a pptp tunnel? I've already done this on Windows and there, it has an option for internet sharing, and I'm wondering if I can do the same with freebsd. Any idea? Thanks a lot! __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Need a HELP Lead .. For: xorg 6.8.2 - wont start
FBSD and Nikolas .. I think I have it scoped out more or less .. from a net bsd site .. this 0x7205 requires a UniChrome Device .. absent in Xorg 6.7 and 6.8 .. NO VIAble driver in FreeBSD 5.4 w/ X.org .. NOR .. with FreeSBIE 1.1 X.O 6.7 vs 6.8 ... Doubt if much QA went into X.org for FreeBSD vs the multitude of drivers for less common cards/chips .. Only VIAble fixes are another board or getting rid of X.org .. IT IS UNCLEAR what that requires to lose X.org and revert to XFree86_4 like my working Knoppix 3.4 partition. Many Thanks /Ev/ + product VIATECH VT8378_IG 0x7205 VT8378 KM400 UniChrome Integrated Graphics On 6/15/05, Nikolas Britton [EMAIL PROTECTED] wrote: On 6/16/05, Ev Batey WA6CRE [EMAIL PROTECTED] wrote: Nikolas Equally big failure with FreeSBIE 1.1 just d/l and tried .. Only Knoppix 3.4 with XFree86_4 Device fbdev ... Sounds like a bug in the code. This is most likey a problem with the port or with FreeBSD, might be a good idea to test it with a Linux based Live CD that uses Xorg. I would submit a problem report to the FreeBSD team and/or the maintainer of the port... etc... You 'could' just use the XFree86 port, AFAIK it still works on 5.x. -- Ev Batey -- WA6CRE -- [EMAIL PROTECTED] 805 340-6471 http://www.cotdazr.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Help me
. . Jun 16 10:26:09 router-01 kernel: wi0: device timeout Jun 16 10:26:09 router-01 kernel: wi0: timeout in wi_cmd 0x0002; event status 0x8001 Jun 16 10:26:09 router-01 kernel: wi0: timeout in wi_cmd 0x; event status 0x8001 Jun 16 10:26:09 router-01 kernel: wi0: wi_cmd: busy bit won't clear. Jun 16 10:26:09 router-01 kernel: wi0: init failed Jun 16 10:26:09 router-01 kernel: wi0: failed to allocate 2372 bytes on NIC Jun 16 10:26:09 router-01 kernel: wi0: tx buffer allocation failed (error 12) Jun 16 10:26:09 router-01 kernel: wi0: interface not running //Devices Jun 16 10:25:41 router-01 kernel: cbb0: RF5C475 PCI-CardBus Bridge mem 0xd1803000-0xd1803fff irq 11 at device 8.0 on pci0 Jun 16 10:16:43 router-01 kernel: wi0: Lucent Technologies WaveLAN/IEEE at port 0x100-0x13f irq 11 function 0 config 1 on pccard0 Jun 16 10:16:43 router-01 kernel: wi0: using Lucent Technologies, WaveLAN/IEEE Jun 16 10:16:43 router-01 kernel: wi0: Lucent Firmware: Station (8.72.1) Jun 16 10:16:43 router-01 kernel: wi0: Ethernet address: 00:02:2d:11:9f:8a Jun 16 10:16:43 router-01 kernel: wi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
pdksh cli as vi
i use ksh everywhere and the comman line is set to behave like vi so i can search/edit commands pretty fast. on my freebsd5.4 i have installed pdksh-5.2.14p2 from packages. in the .profile EDITOR and VISUAL both exported as vi and after login i can see that: freebsd54$ set|grep vi EDITOR=vi VISUAL=vi if i switch to command mode strange things happen. like i press 'h' to go to the left and it just adds 'h's to the command line. but if i give it a export VISUAL=vi from the command line everything is ok. you guys know something about it? i have not found anything in google. thx bdz ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: New 5.4 installation locks up at 'uhcio0'
On 6/15/05, Joshua Kampmeier [EMAIL PROTECTED] wrote: I just installed FreeBSD 5.4-RELEASE on a Compaq Proliant 1600 Server at work. This model is dual-Pentium III 500MHz, 1 GB RAM, 3x9.1 GB Ultra2 SCSI in RAID 5 array. It is to be used for our new intranet server and perhaps also some Proxy functions. When booting the installation CD, it locked up at: uhci0: Intel 82371AB/EB (PIIX4) USB controller at device 20.2 on pci0 So I rebooted and choose Safe Mode installation. That worked without a hitch. Finished, rebooted, and it locked up at the same point again. I can boot using Safe Mode, but obviously that isn't a solution. Please help, this is my companies first move away from Microsoft systems and I'd like this to go as smoothly as possible. Thanks! Can you boot with ACPI disabled? -- Dmitry We live less by imagination than despite it - Rockwell Kent, N by E ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OT: Procmail crashing with FreeBSD
On 6/16/05, Matt Juszczak [EMAIL PROTECTED] wrote: Did my previous post with the actual error message post? It never came through to me and I dont see it in my outgoing mailbox can anyone confirm it came through to the list? Thanks, Can you see your message at http://lists.freebsd.org/pipermail/freebsd-questions/2005-June/date.html ? -- Dmitry We live less by imagination than despite it - Rockwell Kent, N by E ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Problem with PHP
Hello, Please help with the installation of PHP 4.3.11 under FreeBSD 5.4-STABLE. pkg_info | grep apache apache-2.0.54 Version 2 of Apache web server with prefork MPM. pkg_info | grep libtool libtool-1.5.10_1Generic shared library support script (version 1.5) Apache has been compiled from ports with the following options: make WITH_STATIC_MODULES=include rewrite auth vhost_alias ssl WITH_LDAP=yes WITH_SUEXEC=yes SUEXEC_DOCROOT=/home install clean I'm trying to build PHP 4.3.11 from sources: ./configure \ --prefix=/usr/local/php4 \ --with-apxs2=/usr/local/sbin/apxs \ --with-zlib=/usr \ --with-mysql=/usr/local \ --with-gettext=/usr/local \ --enable-ftp \ --with-gd=/usr/local \ --with-expat=/usr/local \ --with-dom=/usr/local \ --with-iconv=/usr/local \ --enable-mime-magic \ --with-xml=/usr/local \ --enable-mbstring \ --with-jpeg-dir=/usr/local \ --with-png-dir=/usr/local \ --with-freetype-dir=/usr/local `./configure` and `make` do not show any errors, but when I try to `make install` the following error appears: Installing PHP SAPI module: apache2handler /usr/local/share/apache2/build/instdso.sh SH_LIBTOOL='/usr/local/share/apache2/build/libtool' libphp4.la /usr/local/libexec/apache2 /usr/local/share/apache2/build/libtool --mode=install cp libphp4.la /usr/local/libexec/apache2/ libtool: install: `libphp4.la' is not a valid libtool archive Try `libtool --help --mode=install' for more information. apxs:Error: Command failed with rc=65536 . *** Error code 1 Any hints would be greatly appreciated! Thank you. Roman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ThinkPad X30 installation problem
On Wed, June 15, 2005 10:51 pm, fbsd_user said: yea quite using PartitionMagic. instead use Freebsd fdisk to allocate partition for XP at front of disk and then install xp there. After that then install Freebsd in remaining freespace and select option to install boot manager. Don't even think of running PartitionMagic. Thanks a lot! (As this came directly to me, I reply back to the list for reference purposes). ___ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SMP and networking under FreeBSD 5.3
Joe wrote: I'm not sure why I get the hostname ``or'' unknown message though. If you still get it once you take away your ifconfig stuff then you'll know that it was responsible. You haven't posted the actual lines you use, so no-one is going to be able to figure out what might be happening. Where you currently have variable=`ifconfig interface | stuff` or whatever, put echo $variable after it and you will see if you got it right or not. From what you've said I think your stuff works fine when there is an ip address and produces some junk when there isn't and you then feed that junk to an ipfw rule which gives you the error. --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem with PHP
On Thu, Jun 16, 2005 at 03:07:21PM +0600, Roman Serbski wrote: Hello, Please help with the installation of PHP 4.3.11 under FreeBSD 5.4-STABLE. pkg_info | grep apache apache-2.0.54 Version 2 of Apache web server with prefork MPM. pkg_info | grep libtool libtool-1.5.10_1Generic shared library support script (version 1.5) Apache has been compiled from ports with the following options: make WITH_STATIC_MODULES=include rewrite auth vhost_alias ssl WITH_LDAP=yes WITH_SUEXEC=yes SUEXEC_DOCROOT=/home install clean I'm trying to build PHP 4.3.11 from sources: Why aren't you using the ports instead? -- Jonathan Chen [EMAIL PROTECTED] --- One, with God, is always a majority, but many a martyr has been burned at the stake while the votes were being counted. -- Thomas B. Reed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
divx encoding vob files
i've been looking how to encode vob files into divx avi files, and without fail following any of the howto's i google resulted in failure. i have mencoder installed, vobcopy. i have the vob files and they play perfectly. what do i need to execute to convert them into mpeg4 avi files? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: The perennial vfs.usermount query
Am Donnerstag, 16. Juni 2005 04:18 schrieb Joe Altman: 1) If this: $: more /etc/sysctl.conf # $FreeBSD: src/etc/sysctl.conf,v 1.8 2003/03/13 18:43:50 mux Exp $ # # This file is read when going to multi-user and its contents piped # thru ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for # details. # # Uncomment this to prevent users from seeing information about #processes that are being run under another UID. #security.bsd.see_other_uids=0 vfs.usermount=1 2)And, -- after a reboot --, this: $: sysctl -a | grep vfs.usermount vfs.usermount: 0 Ergo, I get this: cd9660: /dev/acd0: Operation not permitted When trying this: mount -t cd9660 /dev/acd0 /usr/home/joe/mountpoint/ Then my question is: wtfoobar am I doing wrong? Nothing. But if you want it persistant you have to put it in loader.conf or sysctl.conf, depending on the kind of sysctl (loader tunable or runtime tunable). Additional info: $: more /etc/devfs.conf snip permacd00660 linkacd0cdrom Speculating, I assume that the BUGS section of sysctl.conf(5) applies, somehow. Hmm, what's your problem? You can't set the sysctl or it is unset after a reboot? The latter of course is true. -Harry NB: the page covering this in the FAQ at freebsd.org says run this: sysctl -w vfs.usermount=1 The man page for sysctl on 5.4 says this: COMPATIBILITY The -w option has been deprecated and is silently ignored. Is the -w flag only for 4.x installations? I'm pretty sure I'm going to see the answer to this as soon as I hit send. pgpzP1vewp03W.pgp Description: PGP signature
qt33 threading issue after 5.3-5.4
Having qt33 installed from recent ports working failless I've got upgraded 5.3 base to 5.4. After that all threaded qt applications (`kmail`, `uic`, `gwenview`, etc.) fail to start saying: Mutex init failed Plz, give any ideas about fixing it - 'cause I'm totally confused about the reason of the issue - if neither pthread API nor its internal logics has changed between 5.3 5.4 what makes it fail? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: XFree86 port broke for Matrox G550
Steve Friedrich wrote: I just cvsupped and used portupgrade for XFree86. I portupgraded imake first, then went thru each XFree86 component. I've been using a XFConfig file, but when I got this error, I tried startx -autoconfig When I startx, I get: (EE) Failed to load module fbdev (module does not exist, 0) Required symbol MGASetDisplayStart from module /usr/X11R6/lib/modules/drivers/mg a_drv.o is unresolved! Required symbol MGASetDisplayStart from module /usr/X11R6/lib/modules/drivers/mg a_drv.o is unresolved! Fatal server error: Some required symbols were unresolved Try this: grab these two files: http://www.ijs.si/~lesi/xfree/mga/patch-HALlib_bindings.c http://www.ijs.si/~lesi/xfree/mga/patch-mga_driver.c Put them both in files directory of XFree86-4-Server port (/usr/ports/x11-servers/XFree86-4-Server/files) and recompile and reinstall XFree86-4-Server port. Your XF86Config file from before should work fine. Are you perhaps using x11-servers/mga_hal? Dejan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: XFree86 port broke for Matrox G550
On Thu, 16 Jun 2005 12:35:42 +0200, Dejan Lesjak wrote: Steve Friedrich wrote: I just cvsupped and used portupgrade for XFree86. I portupgraded imake first, then went thru each XFree86 component. I've been using a XFConfig file, but when I got this error, I tried startx -autoconfig When I startx, I get: (EE) Failed to load module fbdev (module does not exist, 0) Required symbol MGASetDisplayStart from module /usr/X11R6/lib/modules/drivers/mg a_drv.o is unresolved! Required symbol MGASetDisplayStart from module /usr/X11R6/lib/modules/drivers/mg a_drv.o is unresolved! Fatal server error: Some required symbols were unresolved Try this: grab these two files: http://www.ijs.si/~lesi/xfree/mga/patch-HALlib_bindings.c http://www.ijs.si/~lesi/xfree/mga/patch-mga_driver.c Put them both in files directory of XFree86-4-Server port (/usr/ports/x11-servers/XFree86-4-Server/files) and recompile and reinstall XFree86-4-Server port. Your XF86Config file from before should work fine. Are you perhaps using x11-servers/mga_hal? Dejan not exactly. The instructions that I had previously had me using a couple files from Matrox, but to my knowledge, there wasn't a port for a server. Should I be using x11-servers/mga_hal ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: XFree86 port broke for Matrox G550
On Thursday 16 of June 2005 13:30, Steve Friedrich wrote: On Thu, 16 Jun 2005 12:35:42 +0200, Dejan Lesjak wrote: Steve Friedrich wrote: I just cvsupped and used portupgrade for XFree86. I portupgraded imake first, then went thru each XFree86 component. I've been using a XFConfig file, but when I got this error, I tried startx -autoconfig When I startx, I get: (EE) Failed to load module fbdev (module does not exist, 0) Required symbol MGASetDisplayStart from module /usr/X11R6/lib/modules/drivers/mg a_drv.o is unresolved! Required symbol MGASetDisplayStart from module /usr/X11R6/lib/modules/drivers/mg a_drv.o is unresolved! Fatal server error: Some required symbols were unresolved Try this: grab these two files: http://www.ijs.si/~lesi/xfree/mga/patch-HALlib_bindings.c http://www.ijs.si/~lesi/xfree/mga/patch-mga_driver.c Put them both in files directory of XFree86-4-Server port (/usr/ports/x11-servers/XFree86-4-Server/files) and recompile and reinstall XFree86-4-Server port. Your XF86Config file from before should work fine. Are you perhaps using x11-servers/mga_hal? Dejan not exactly. The instructions that I had previously had me using a couple files from Matrox, but to my knowledge, there wasn't a port for a server. Should I be using x11-servers/mga_hal ? x11-servers/mga_hal is most probably just a convenient way to install those files from Matrox, have a look at it. If those files were not binary and needed compilation, you'll have to recompile them after XFree upgrade. You could still need above patches and recompile of XFree-Server though. Dejan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: XFree86 port broke for Matrox G550
On Thursday 16 June 2005 06:35 am, Dejan Lesjak wrote: Steve Friedrich wrote: I just cvsupped and used portupgrade for XFree86. I portupgraded imake first, then went thru each XFree86 component. I've been using a XFConfig file, but when I got this error, I tried startx -autoconfig When I startx, I get: (EE) Failed to load module fbdev (module does not exist, 0) Required symbol MGASetDisplayStart from module /usr/X11R6/lib/modules/drivers/mg a_drv.o is unresolved! Required symbol MGASetDisplayStart from module /usr/X11R6/lib/modules/drivers/mg a_drv.o is unresolved! Fatal server error: Some required symbols were unresolved Try this: grab these two files: http://www.ijs.si/~lesi/xfree/mga/patch-HALlib_bindings.c http://www.ijs.si/~lesi/xfree/mga/patch-mga_driver.c Put them both in files directory of XFree86-4-Server port (/usr/ports/x11-servers/XFree86-4-Server/files) and recompile and reinstall XFree86-4-Server port. Your XF86Config file from before should work fine. Are you perhaps using x11-servers/mga_hal? Dejan Those two files did the trick. Thanks. -- i386 FreeBSD 4.11-STABLE There are 10 types of people in this world. Ones that understand binary and then, the others. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: XFree86 port broke for Matrox G550
On Thursday 16 of June 2005 13:40, Steven Friedrich wrote: On Thursday 16 June 2005 06:35 am, Dejan Lesjak wrote: Steve Friedrich wrote: I just cvsupped and used portupgrade for XFree86. I portupgraded imake first, then went thru each XFree86 component. I've been using a XFConfig file, but when I got this error, I tried startx -autoconfig When I startx, I get: (EE) Failed to load module fbdev (module does not exist, 0) Required symbol MGASetDisplayStart from module /usr/X11R6/lib/modules/drivers/mg a_drv.o is unresolved! Required symbol MGASetDisplayStart from module /usr/X11R6/lib/modules/drivers/mg a_drv.o is unresolved! Fatal server error: Some required symbols were unresolved Try this: grab these two files: http://www.ijs.si/~lesi/xfree/mga/patch-HALlib_bindings.c http://www.ijs.si/~lesi/xfree/mga/patch-mga_driver.c Put them both in files directory of XFree86-4-Server port (/usr/ports/x11-servers/XFree86-4-Server/files) and recompile and reinstall XFree86-4-Server port. Your XF86Config file from before should work fine. Are you perhaps using x11-servers/mga_hal? Dejan Those two files did the trick. Thanks. Great. I'll add them to port after a bit then. Out of curiosity, did you try -autoconfig again and if so, did it work for you? Thanks for report and testing the patches! Dejan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: divx encoding vob files
i've been looking how to encode vob files into divx avi files, and without fail following any of the howto's i google resulted in failure. i have mencoder installed, vobcopy. i have the vob files and they play perfectly. what do i need to execute to convert them into mpeg4 avi files? I've used mencoder for converting vobs to mpeg4 and reencoding their audio tracks to mp3/ogg following these two tutorials/guides: http://axljab.homelinux.org/Mencoder_DVD_to_MPEG-4 http://www.mplayerhq.hu/DOCS/tech/encoding-tips.txt While the first one is focusing on the commands without any technical explanation , the second one provides several details about mpeg4 encoding. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem with PHP
On 6/16/05, Alexandr Kosarev [EMAIL PROTECTED] wrote: On Thu, Jun 16, 2005 at 03:07:21PM +0600, Roman Serbski wrote: Hello, Please help with the installation of PHP 4.3.11 under FreeBSD 5.4-STABLE. pkg_info | grep apache apache-2.0.54 Version 2 of Apache web server with prefork MPM. pkg_info | grep libtool libtool-1.5.10_1Generic shared library support script (version 1.5) Apache has been compiled from ports with the following options: make WITH_STATIC_MODULES=include rewrite auth vhost_alias ssl WITH_LDAP=yes WITH_SUEXEC=yes SUEXEC_DOCROOT=/home install clean I'm trying to build PHP 4.3.11 from sources: ./configure \ --prefix=/usr/local/php4 \ --with-apxs2=/usr/local/sbin/apxs \ --with-zlib=/usr \ --with-mysql=/usr/local \ --with-gettext=/usr/local \ --enable-ftp \ --with-gd=/usr/local \ --with-expat=/usr/local \ --with-dom=/usr/local \ --with-iconv=/usr/local \ --enable-mime-magic \ --with-xml=/usr/local \ --enable-mbstring \ --with-jpeg-dir=/usr/local \ --with-png-dir=/usr/local \ --with-freetype-dir=/usr/local `./configure` and `make` do not show any errors, but when I try to `make install` the following error appears: Installing PHP SAPI module: apache2handler /usr/local/share/apache2/build/instdso.sh SH_LIBTOOL='/usr/local/share/apache2/build/libtool' libphp4.la /usr/local/libexec/apache2 /usr/local/share/apache2/build/libtool --mode=install cp libphp4.la /usr/local/libexec/apache2/ libtool: install: `libphp4.la' is not a valid libtool archive Try `libtool --help --mode=install' for more information. apxs:Error: Command failed with rc=65536 . *** Error code 1 Any hints would be greatly appreciated! Thank you. Roman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Hello, Roman. Can your try to install php4 with ports collection? Modules for PHP4 your cat install with port /usr/ports/lang/php4-extensions/ (make config) and your can install modules by other ports. So why your try install php4 from source??? Hello, I was always thinking that building PHP from sources gives more flexibility rather than from ports. For example, I want to build gd support for PHP. If I compile PHP from sources all I have to do is to install ports/graphics/gd and define --with-gd for PHP configure. As for php4-extensions, I don't know why, but it tries to fetch X11R sources: === php4-gd-4.3.11_1 depends on executable: phpize - found === php4-gd-4.3.11_1 depends on file: /usr/local/bin/automake15 - found === php4-gd-4.3.11_1 depends on file: /usr/local/bin/autoconf253 - found === php4-gd-4.3.11_1 depends on shared library: freetype.9 - found === php4-gd-4.3.11_1 depends on shared library: png.5 - found === php4-gd-4.3.11_1 depends on shared library: jpeg.9 - found === php4-gd-4.3.11_1 depends on shared library: X11.6 - not found ===Verifying install for X11.6 in /usr/ports/x11/xorg-libraries === Vulnerability check disabled, database not found = X11R6.8.2-src1.tar.gz doesn't seem to exist in /usr/ports/distfiles/xorg. = Attempting to fetch from ftp://ftp.gwdg.de/pub/x11/x.org/pub/X11R6.8.2/src/. Why do I need to download 32MB to have gd support enabled? I was not able to find any way to disable this behavior. Thank you. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: The perennial vfs.usermount query
On Thu, Jun 16, 2005 at 12:00:08PM +0200, Emanuel Strobl wrote: Nothing. But if you want it persistant you have to put it in loader.conf or sysctl.conf, depending on the kind of sysctl (loader tunable or runtime tunable). Sorry; I wasn't clear. vfs.usermount=1 is set in /etc/sysctl.conf... I was not aware that this was tunable in loader.conf. Thanks for your help. -- I don't care what you think. This is not a stylishly insouciant stroll out of the jungle, here. It's more like we've fallen out of our trees and rolled, butt-naked before the entire galaxy, downhill. That, and we seem to have a teensy problem lifting ourselves off the ground. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Remote server warnings
I'm going to be moving my server to a remote site, where I'll only be able to ssh to it for any kind of service. It has been local, hooked up via a KVM switch, so it will be a new setup for me. What sorts of problems should I keep an eye out for? What kind of setup should I have? I've turned on ssh. What else should I do? How hard will it be to update my system remotely? Thanks in advance for any help you can provide. -- Jonathan Arnold (mailto:[EMAIL PROTECTED]) Daemon Dancing in the Dark, a FreeBSD weblog: http://freebsd.amazingdev.com/blog/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
web calendar program recommendation
FreeBSD-4.11 R3 I am looking for a really nice calendar program that I can run from a web interface. That has the ability to import my calendar from my palm. horde is nice but I cant import any of my palm calendars. neither can webcalendar unless there is some recent update in the past 3 months that does it now. evolution is nice but I think this is X only and not for the web. please correct me if I am wrong. Please pass along any recommendations. Thanks in advance, Noah ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Remote server warnings
might be good to make sure you can actually ssh into the box before you move it, make sure root logins are not permitted in sshd_config, make sure the daily reports will be emailed to you -- John Brooks [EMAIL PROTECTED] I'm going to be moving my server to a remote site, where I'll only be able to ssh to it for any kind of service. It has been local, hooked up via a KVM switch, so it will be a new setup for me. What sorts of problems should I keep an eye out for? What kind of setup should I have? I've turned on ssh. What else should I do? How hard will it be to update my system remotely? Thanks in advance for any help you can provide. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pdksh cli as vi
Hi. if i switch to command mode strange things happen. like i press 'h' to go to the left and it just adds 'h's to the command line. but if i give it a export VISUAL=vi from the command line everything is ok. Did you try using set -o vi? Regards, Jochen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Remote server warnings
John Brooks wrote: might be good to make sure you can actually ssh into the box before you move it, Thanks for the quick response. I've done this - in fact, I'm updateing to 4.10 as we speak via SSH with my box still local. make sure root logins are not permitted in sshd_config, If I do this, how do I do root stuff? Login as myself and use su? make sure the daily reports will be emailed to you Ahh, good idea. -- Jonathan Arnold (mailto:[EMAIL PROTECTED]) Daemon Dancing in the Dark, a FreeBSD weblog: http://freebsd.amazingdev.com/blog/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: df: root partition at 108% capacity! Can't find why...
On June 15, 2005 05:24 pm, SteveW wrote: Hi All, df: root partition at 108% capacity! Can't find why... After searching google freebsd.org I am no nearing to figuring this out, other than this is a known problem. Either I or the system managed to get the root partition back to under 100% but only just... I have looked for any large files that might be taking up space but have yet to locate anything over 3meg. Any suggestions, ideas, thoughts gratefully received. 1. Create a separate /tmp filesystem. You should never let ordinary users (or daemons) write to the root filesystem. Unless you really need the nearly 4G of space you have in /var for a specific reason, you should be able to take some space out of there for your /tmp. 2. Use du to track down large files/directories, as was suggested by someone else. 3. Double check the size of hidden files in / and /root. 4. When you find out what is/was filling your filesystem, change the configuration so it doesn't happen again. Thanks, Steve INFO: FreeBSD 4.7-RELEASE-p10 / 80gig drive df was: /dev/ad0s1a 252M 250M -18.5M 108% df now: FilesystemSize Used Avail Capacity Mounted on /dev/ad0s1a 252M 230M 1.8M99%/ /dev/ad0s1g29G 2.3G24G 9%/home /dev/ad0s1f 3.0G 1.7G 1.0G62%/usr /dev/ad0s1e 3.9G75M 3.5G 2%/var procfs4.0K 4.0K 0B 100%/proc After the cras dmesg was filled with this: pid 8967 (cp), uid 0 on /: file system full pid 8967 (cp), uid 0 on /: file system full -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Driver D-Link DGE-550SX
Hi, What driver i should use with D-Link DGE-550SX network ethernet adapter in FreeBSD ? [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ADSL PPPoA
Config stuff. rc.conf -- #FireWall Stuff #--- inetd_enable=NO sendmail_enable=NO sendmail_submit_enable=NO sendmail_outbound_enable=NO sendmail_msp_queue_enable=NO check_quotas=NO gateway_enable=YES ipnat_enable=YES ipnat_rules=/etc/ipnat.rules ipfilter_enable=YES ipfilter_flags= ipfilter_rules=/etc/ipf.rules ipmon_enable=YES ipmon_flags=-Dsn #vr0 Connects to DSL MODEM ifconfig_vr0=inet 192.168.0.1 netmask 255.255.255.0 #--- -- mpd.conf default: load adsl adsl: new -i ng0 adsl adsl set bundle authname USER** set bundle password PASS***[changed] set bundle disable multilink set link no pap acfcomp protocomp set link disable chap set link accept chap set link keep-alive 30 10 set ipcp no vjcomp set ipcp ranges 0.0.0.0/0 0.0.0.0/0 set iface route default set iface disable on-demand set iface enable proxy-arp set iface idle 0 open - mpd.links -- adsl: set link type pptp set pptp mode active set pptp enable originate outcall set pptp self 192.168.0.1 set pptp peer 192.168.0.254 192.168.0.1 = vr0 interface [ firewall ] 192.168.0.254 = dsl modem/router. From: fbsd_user [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Stephan Weaver [EMAIL PROTECTED],freebsd-questions@freebsd.org Subject: RE: ADSL PPPoA Date: Wed, 15 Jun 2005 13:36:36 -0400 you could help your cry for help by posting your ppp.conf, ppp.log and firewall rules -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Stephan Weaver Sent: Wednesday, June 15, 2005 12:38 PM To: freebsd-questions@freebsd.org Subject: ADSL PPPoA Hello Friendly FreeBSD people. Let me get straight to the point. I am implimenting a FreeBSD Based Firewall. I have an ADSL Speedtouch 5200 Modem/Router, Currently Plugged into my Switch. I want to connect the modem to my FreeBSD Firewall; So that the FreeBSD Firewall will be creating a PPP connection to my ISP. Eg, my xl0 interface will have a PUBLIC Internet Address (IF Possible?). My Isp Uses PPPoA, i used the instructions from the handbook, to setup 'mpd'. I put the router in 'bridge' mode and connect the Ethernet cable from the Dsl Router/Modem to my FreeBSD Firewall. But i have little success getting the results i want. [The Firewall dosent connect to my ISP] Anyone willing to give me a clue? Regards, Stephan Weaver. [EMAIL PROTECTED] _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Remote server warnings
Jonathan Arnold wrote: I'm going to be moving my server to a remote site, where I'll only be able to ssh to it for any kind of service. It has been local, hooked up via a KVM switch, so it will be a new setup for me. What sorts of problems should I keep an eye out for? What kind of setup should I have? I've turned on ssh. What else should I do? How hard will it be to update my system remotely? Thanks in advance for any help you can provide. Use rsa/dsa keys and disable password auth in sshd_config. You can generally do port upgrades via ssh without issue. Obviously you have to be careful when performing major updates like `make world` where it's usually recommended that you drop to single-user mode before installing world. Some folks claim they do the whole make world dance by remote and just don't reboot or drop to single-user mode. Personally, I'd never do this on a production box but I recall some good discussion on this list a few months ago about this very topic. Check the archives if you're interested. G ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Remote server warnings
for security reasons, remote root logins are a bad thing. log in as yourself, then su to root. make sure you are a member of the 'wheel' group. -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jonathan Arnold Sent: Thursday, June 16, 2005 8:51 AM To: freebsd-questions@freebsd.org Subject: Re: Remote server warnings John Brooks wrote: might be good to make sure you can actually ssh into the box before you move it, Thanks for the quick response. I've done this - in fact, I'm updateing to 4.10 as we speak via SSH with my box still local. make sure root logins are not permitted in sshd_config, If I do this, how do I do root stuff? Login as myself and use su? make sure the daily reports will be emailed to you Ahh, good idea. -- Jonathan Arnold (mailto:[EMAIL PROTECTED]) Daemon Dancing in the Dark, a FreeBSD weblog: http://freebsd.amazingdev.com/blog/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Remote server warnings
On June 16, 2005 10:02 am, Greg Maruszeczka wrote: Jonathan Arnold wrote: I'm going to be moving my server to a remote site, where I'll only be able to ssh to it for any kind of service. It has been local, hooked up via a KVM switch, so it will be a new setup for me. What sorts of problems should I keep an eye out for? What kind of setup should I have? I've turned on ssh. What else should I do? How hard will it be to update my system remotely? Thanks in advance for any help you can provide. If you can, switch the console to a serial port and connect a null modem cable between the serial port of your system and some other system that you have at least user level access to at the remote site. That way you can get to the console in the event of problems. Use rsa/dsa keys and disable password auth in sshd_config. You can generally do port upgrades via ssh without issue. Obviously you have to be careful when performing major updates like `make world` where it's usually recommended that you drop to single-user mode before installing world. Some folks claim they do the whole make world dance by remote and just don't reboot or drop to single-user mode. Personally, I'd never do this on a production box but I recall some good discussion on this list a few months ago about this very topic. Check the archives if you're interested. G ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Logging via Serial Port
Hi, I have a phone system that I need to log information from to a FreeBSD box via a serial cable. What would be the best way to listen to the serial port and write those messages to a log file? I have looked in the archives and googled, but still no luck. Any help would be appreciated. Thanks -- Jeff Tollison jptollison at gmail dot com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
POWERVAULT 705n
Hi Everyone, In need of desperate help here, I have a Powervault on our network , Dell informs me that since its NOT windows powered I have basically no specific control , auditing etcc,, A network folder was deleted from the NAS yesterday, and I have no way of determining who did it. I know it's a *nix kernel. Also there are files there that , when we want to delete (MAC files often) it says access denied. Ideally , set permissions (i.e. can read , write, change, NOT delete), also audit to see who did what when , and delete those access denied files- I'm sure if I can get into it through a shell? Or root? This would be possible??? Maybe??? Any help would be great Jean-Paul Natola Network Administrator Information Technology Family Care International 588 Broadway Suite 503 New York, NY 10012 Phone:212-941-5300 xt 36 Fax: 212-941-5563 Mailto: [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: usb2 external drive gets different designations
dave [EMAIL PROTECTED] writes: I've got a working usb2 external IDE hard drive running on a 5.4-stable box. My problem is sometimes when i connect it it is given a designation of da0 while other times it is given a designation of da1 or da2. I'd like to create a fstab entry for this drive so that when it is connected it is mounted and when disconnected it is unmounted cleanly. I was wondering if this was possible or if not if there was a way of giving it da0 or da1 everytime the drive was connected? That's possible, but I can't find the way to do it right now. You may find it easier to set up usbd.conf(5) to automatically mount the device when it's detected. Or, alternatively, to make a symbolic link from a constant name in /dev (which is pretty close to what you asked for originally). Be well. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Logging via Serial Port
Jeff, Sounds like you need to read about getty and friends :) -- Jonathan -- Jonathan M. Slivko - [EMAIL PROTECTED] Linux: The Choice for the GNU Generation - http://www.linux.org/ - Don't fear the penguin. .^. /V\ /( )\ ^^-^^ He's here to help. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Tollison Sent: Thursday, June 16, 2005 10:10 AM To: freebsd-questions@freebsd.org Subject: Logging via Serial Port Hi, I have a phone system that I need to log information from to a FreeBSD box via a serial cable. What would be the best way to listen to the serial port and write those messages to a log file? I have looked in the archives and googled, but still no luck. Any help would be appreciated. Thanks -- Jeff Tollison jptollison at gmail dot com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
base libobjc on 5.4 p2
Hi the list Actually, the base gcc provide with 5.4#p2 is a 3.4.2. The libobjc is provide (as a static one, not sure of that, I arg this about the .a extension I saw on this lib). It seems this lib is only provide : - as a static library. - without objc-exceptions compile in. - with libffi provide and install from base system. Is it possible to have this lib build : - as a shared lib too. - with objc-exeception include - AND with libffi support for callback, since this lib is required (for GNUstep compilation, AFAIK libffcall is quiet deprecated in favor of libffi) and now part of gcc compiler suite. If it's not possible, for base system : - is it possible to have this features enable (may be by a buildworld options) to allow us to use the base compiler provide with FreeBSD. The main advantage I see for this features enable, is that it don't require to install a gcc port to have this features enables (and so, to not have to deal with two compiler on the machine), or to don't patch the /usr/src tree to rebuild the lib with those options. I think hacking /usr/src is may be a bad idea, since all changes made in this tree will be lost when an upgrade will be perform ? Does I'm right on what I 've seen ? (since I'm not a guru ;-) How those suggestions (this is only suggestions) could take place in FreeBSD ? with what cost ? Any advices. Thx in advance for all comments. Thierry (aka befree) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
AW: Logging via Serial Port
I have a phone system that I need to log information from to a FreeBSD box via a serial cable. What would be the best way to listen to the serial port and write those messages to a log file? Why not simply use cat /dev/cuaax logfile You might use stty to set communication parameters after issueing the cat command. regards titus ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Headless upgrade from Linux to FreeBSD
Hello, I've been using FreeBSD for a while - and I prefer it to all other server OS'es, but incidentally I have Fedora Core 3 installed on one of the servers I manage. I consulted all interested parties and they have nothing against migrating it to FreeBSD. I've got physical access to the box, but I'd would like it very much to make a headless upgrade. It's a single-Opteron box with around 130Gb on a 200Gb SATA hard drive, the internet bandwidth is about 20Mbit/s. In fact, I've already tried to run FreeBSD-5.3 on this very box - without any problem. There is no DHCP/DNS on the network it's connected to, so static preconfigured IP-address is a must, as well as a pre-configured BIND (or at least resolv.conf with one of my external DNS-servers). I'm thinking about creating a large hard-drive image (with FreeBSD) and somehow writing it on the hard-drive with an in-memory dd-like tool. Can anybody suggest a better way? Maybe I could even save some data without backing it all up on another server? Thanks, Andrew P. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pdksh cli as vi
On Thu, Jun 16, 2005 at 03:45:03PM +0200, Jochen Keil wrote: Hi. if i switch to command mode strange things happen. like i press 'h' to go to the left and it just adds 'h's to the command line. but if i give it a export VISUAL=vi from the command line everything is ok. Did you try using set -o vi? Regards, Jochen the same effect. after loggin in it's not working but if i give the set -o vi from the shell it's ok. bdz ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Driver D-Link DGE-550SX
On 6/16/05, Marcin Lara [EMAIL PROTECTED] wrote: Hi, What driver i should use with D-Link DGE-550SX network ethernet adapter in FreeBSD ? If it has the same chipset as D-Link DGE-500SX, then you can use the lge driver. http://www.freebsd.org/cgi/man.cgi?query=lgesektion=4manpath=FreeBSD+5.4-RELEASE -- Kind regards Abu Khaled ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Complete Port Removal Question
How can I remove a port and all of it's dependencies from a system? For example, I installed sqWebmail and tried it out then decided it's not what we were looking for. Now, I would like to not only remove sqWebmail but all of the stuff it installed along with it. sqwebmail also installed things like: - courier-authlib-base-0.56 - ispell-3.2.06_13 and others as well Is there a safe / quick way to remove the dependencies for a port and not break the rest of the system by removing stuff other things depend on? For example, I don't want to remove Perl obviously which is a dependency of sqwebmail. Thank you, FreeBSDUtah __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
xsysinfo ERROR after cvs update for open-motif-2.2.3_2 on FreeBSD-5.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 after I done a cvs and updated the open-motif-2.2.3_2 package a few weeks ago, xsysinfo-1.4a_1 dose not start up any more. Error message: xsysinfo: undefined symbol: _openfiles well I did deinstall the package and compiled it again from /usr/ports/sysutils/xsysinfo with make install after the makefile was updated, even after deleting the source file and out of ~/ports/distfiles to let make install downloading it again. I still get the same error. Is there any workaround for that ? # New ports collection makefile for: xsysinfo # Date created: 4 April 1996 # Whom: jdli # # $FreeBSD: ports/sysutils/xsysinfo/Makefile,v 1.18 2005/06/01 16:20:03 pav Exp $ # PORTNAME= xsysinfo PORTVERSION= 1.4a PORTREVISION= 1 CATEGORIES= sysutils MASTER_SITES= ftp://freebsd.csie.nctu.edu.tw/pub/jdli/source/ MAINTAINER= [EMAIL PROTECTED] COMMENT= A system information display tool USE_IMAKE=yes MANCOMPRESSED=yes MAN1= xsysinfo.1 PLIST_FILES= bin/xsysinfo pre-configure: if [ -e /usr/lib/libdevstat.a -o -e /usr/lib/aout/libdevstat.a ]; then \ cd ${WRKSRC} ; \ ${MV} Imakefile Imakefile.in ; \ ${SED} -e s:DEFINES =:DEFINES = -DHAVE_DEVSTAT: Imakefile.in Imakefile.i1 ; \ ${SED} -e s:-lkvm:-lkvm -ldevstat: Imakefile.i1 Imakefile ; \ fi .include bsd.port.mk -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCsZ6rBG3FBOpOS2oRAlTLAJ4rcG11TggueWXHcWAVAYjUCgEhbACgmNlI qP4JmgI4+bpS628bmsE/DM0= =LhXV -END PGP SIGNATURE- ___ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Postfix on BSD
Probably off-topic, but it's a sysadmin question that maybe someone on the list could send a quick blurb answer about :-/ I'm trying to filter some mail coming into Postfix based on the body content. I have the line body_checks = regexp:/usr/local/etc/postfix/body_checks in main.cf. The file contains: # Will this stop RR collateral damage messages? /^* This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments./ REJECT Possible automated RoadRunner mail scanning collateral damage. Eliminate the notifying text and resend message. # Borrowed check lines /^This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm,/ REJECT Email reporting virus detected /^This e-mail in its original form contained one or more attached files that were infected with the / REJECT Email reporting virus detected ** The files are owned root, wheel with rwrr, so it should be readable by the postfix processes. I do a postfix reload, send an email from the Internet to this mail server containing the key phrase(s), and they seem to go right through! Am I missing something? I (have, am) going through docs and examples to try to figure it out...but any hints from people on the list using postfix would be appreciated. The logs aren't showing any error messages from postfix on reload (or start/stop). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
xview broken under FreeBSD-5.4 / needed for lots of packages
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I was using a lot of packages in FreeBSD-4.10, witch I'm now missing after upgrading to FreeBSD-5.4. Lot's of this packages are depending on xview but it can't install regarding a change in make .if ${OSVERSION} = 502126 BROKEN= Broken by changes to make(1) on FreeBSD = 5.x .endif is there any way to get this package installed on FreeBSD-5.4 ? Thanks for any hints Hanno -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCsaDyBG3FBOpOS2oRAlfsAKCmH7qkFkTKXB1K76E4exvMO/KvNgCg1IJL C6n8uQbNSTj9I2IpSmQPk9o= =BUXS -END PGP SIGNATURE- ___ Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix on BSD
On June 16, 2005 11:54 am, Bart Silverstrim wrote: Probably off-topic, but it's a sysadmin question that maybe someone on the list could send a quick blurb answer about :-/ I'm trying to filter some mail coming into Postfix based on the body content. I have the line body_checks = regexp:/usr/local/etc/postfix/body_checks in main.cf. The file contains: # Will this stop RR collateral damage messages? /^* This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments./ REJECT Possible automated RoadRunner mail scanning collateral damage. Eliminate the notifying text and resend message. # Borrowed check lines /^This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm,/ REJECT Email reporting virus detected /^This e-mail in its original form contained one or more attached files that were infected with the / REJECT Email reporting virus detected ** The files are owned root, wheel with rwrr, so it should be readable by the postfix processes. I do a postfix reload, send an email from the Internet to this mail server containing the key phrase(s), and they seem to go right through! Am I missing something? Yes you are missing something. Postfix does not do multi-line expression matching. I (have, am) going through docs and examples to try to figure it out...but any hints from people on the list using postfix would be appreciated. The logs aren't showing any error messages from postfix on reload (or start/stop). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Complete Port Removal Question
I would suggest using portmanager. There is a method in there for displaying leaves, or installed packages in from the ports tree that have no dependencies, and allow you to safely remove them. I'd say uninstall the software you don't want to remove, then have portmanager show you the leaves that are left, and remove the leaves. On Thu, 16 Jun 2005, M. Goodell wrote: How can I remove a port and all of it's dependencies from a system? For example, I installed sqWebmail and tried it out then decided it's not what we were looking for. Now, I would like to not only remove sqWebmail but all of the stuff it installed along with it. sqwebmail also installed things like: - courier-authlib-base-0.56 - ispell-3.2.06_13 and others as well Is there a safe / quick way to remove the dependencies for a port and not break the rest of the system by removing stuff other things depend on? For example, I don't want to remove Perl obviously which is a dependency of sqwebmail. Thank you, FreeBSDUtah __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix on BSD
On Jun 16, 2005, at 12:00 PM, Ean Kingston wrote: On June 16, 2005 11:54 am, Bart Silverstrim wrote: Probably off-topic, but it's a sysadmin question that maybe someone on the list could send a quick blurb answer about :-/ I'm trying to filter some mail coming into Postfix based on the body content. I have the line body_checks = regexp:/usr/local/etc/postfix/body_checks in main.cf. The file contains: # Will this stop RR collateral damage messages? /^* This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments./ REJECT Possible automated RoadRunner mail scanning collateral damage. Eliminate the notifying text and resend message. # Borrowed check lines /^This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm,/ REJECT Email reporting virus detected /^This e-mail in its original form contained one or more attached files that were infected with the / REJECT Email reporting virus detected ** The files are owned root, wheel with rwrr, so it should be readable by the postfix processes. I do a postfix reload, send an email from the Internet to this mail server containing the key phrase(s), and they seem to go right through! Am I missing something? Yes you are missing something. Postfix does not do multi-line expression matching. Maybe I'm misunderstanding you, but the lines wrapped in the email and are one line each in the actual configuration file. Also the asterisk in /^* This e-mail was sent from a Road Runner IP address. has been removed now...a warning was appearing in the maillog. No longer gives warning, but still lets the m ail through. Postconf shows that the value for body_check is pointing at the correct file... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Headless upgrade from Linux to FreeBSD
There are ways to do this, but none of them are really good ideas. If this machine has any uptime requirements at all, I wouldn't do it. If you *must*, and you have a decent bootloader on the disk you're booting from now (grub?), and you have a second available disk, then you could create a bootable system on another box that is not headless and is local to you, install all of the software that you want, then dd that system to a single file, gzip it to make it as small as possible, transfer it to your redhat system, unzip the file, dd the image file back to the second drive, add the new system drive to grub's config file, reboot and pray. I really don't think it's a good idea thoughbad bad bad bad bad. If you're going to do it, might I suggest that ahead of time you recompile your fedora kernel to support at least UFS2 read, if there isn't safe UFS2 write available now? That way after you finish dd'ing the image to the second drive, you can view the filesystem and check for any mistakes you might have made, or make any adjustments that you think of at the last moment before you do that last reboot? Tony On Thu, 16 Jun 2005, Andrew P. wrote: Hello, I've been using FreeBSD for a while - and I prefer it to all other server OS'es, but incidentally I have Fedora Core 3 installed on one of the servers I manage. I consulted all interested parties and they have nothing against migrating it to FreeBSD. I've got physical access to the box, but I'd would like it very much to make a headless upgrade. It's a single-Opteron box with around 130Gb on a 200Gb SATA hard drive, the internet bandwidth is about 20Mbit/s. In fact, I've already tried to run FreeBSD-5.3 on this very box - without any problem. There is no DHCP/DNS on the network it's connected to, so static preconfigured IP-address is a must, as well as a pre-configured BIND (or at least resolv.conf with one of my external DNS-servers). I'm thinking about creating a large hard-drive image (with FreeBSD) and somehow writing it on the hard-drive with an in-memory dd-like tool. Can anybody suggest a better way? Maybe I could even save some data without backing it all up on another server? Thanks, Andrew P. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: usb2 external drive gets different designations
On Thu, Jun 16, 2005 at 10:19:59AM -0400, Lowell Gilbert wrote: dave [EMAIL PROTECTED] writes: I've got a working usb2 external IDE hard drive running on a 5.4-stable box. My problem is sometimes when i connect it it is given a designation of da0 while other times it is given a designation of da1 or da2. I'd like to create a fstab entry for this drive so that when it is connected it is mounted and when disconnected it is unmounted cleanly. I was wondering if this was possible or if not if there was a way of giving it da0 or da1 everytime the drive was connected? That's possible, but I can't find the way to do it right now. I think the GEOM label class could be of help here, see glabel(8). The strange thing is that the manual page for glabel says at the top that it cannot set the label, but later it gives the label option for creating a label. With a USB thumbdrive I gave the command glabel label hsteno64 /dev/da0s4 Next time I plugged it in, there was a device /dev/label/hsteno64. With this done, you can use devfs.rules to set the permissions for this node, e.g. 'add path label/hsteno64 mode 0660 user rsmith' After that you can mount the device with amd(8). You may find it easier to set up usbd.conf(5) to automatically mount the device when it's detected. The thing is that usbd only sees the umass* device, not the da*s* device. You could make a script that looks through /var/log/messages for lines that link the umass device to the da device, line this: Jun 12 22:55:57 slackbox kernel: da0 at umass-sim0 bus 0 target 0 lun 0 When you see this you know that the event for umass0 has resulted in a da0 device. A simple 'ls /dev/da0s?' should give you the slice (if there is only one. Or, alternatively, to make a symbolic link from a constant name in /dev (which is pretty close to what you asked for originally). Be well. -- R.F.Smith (http://www.xs4all.nl/~rsmith/) Please send e-mail as plain text. public key: http://www.xs4all.nl/~rsmith/pubkey.txt pgpAO5NYhrPcr.pgp Description: PGP signature
Re: web calendar program recommendation
What you're needing is a system, and not a single piece of software. I would focus on the icalendar calendaring format. Once you have that, then pick the piece of software you want to run on your local machine to sync against your palm, and have it publish your calendar to a webdav share or similar, then pick your piece of web calendaring software to manage that calendar from the web. I have used phpicalendar, but last I looked it still did not support creating new items. Perhaps Horde does? On Thu, 16 Jun 2005, Noah wrote: FreeBSD-4.11 R3 I am looking for a really nice calendar program that I can run from a web interface. That has the ability to import my calendar from my palm. horde is nice but I cant import any of my palm calendars. neither can webcalendar unless there is some recent update in the past 3 months that does it now. evolution is nice but I think this is X only and not for the web. please correct me if I am wrong. Please pass along any recommendations. Thanks in advance, Noah ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: usb2 external drive gets different designations
Hi, Thanks, do you have a usbd.conf entry that does this? I'm also seeing my cd-roms moving, they use scsi emulation and whenever the drive goes in they move as well and it makes it so i have to edit 4 scripts for custom burning. Thanks. Dave. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: web calendar program recommendation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Noah wrote: | FreeBSD-4.11 R3 | | | I am looking for a really nice calendar program that I can run from a web | interface. That has the ability to import my calendar from my palm. | | horde is nice but I cant import any of my palm calendars. | | neither can webcalendar unless there is some recent update in the past 3 | months that does it now. | | evolution is nice but I think this is X only and not for the web. please | correct me if I am wrong. | | Please pass along any recommendations. I use deskutils/phpicalendar. iCal on my Mac is able to sync with it. There are several out there. Another that I have used is Web Calendar, http://www.k5n.us/webcalendar.php. Its pretty good.q - -- Bob Bomar [EMAIL PROTECTED] http://www.bomar.us/~bob -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCsaYh9Jm/aTrtdKoRAkHWAJ9hgJvLrVCgCrJwr/TulUYxpqpAfgCfUXg2 yF3L8m3WM5PLfvu7P/K/17k= =lZB5 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: GnuPG in the enterprise
On Wed, 15 Jun 2005, Dan Nelson wrote: In the last episode (Jun 15), Tony Shadwick said: Are there any good documents out there on managing GnuPG in the enterprise? There are basic issues I need to be able to address, such as a situation when an employee leaves a company. The admin needs to have the rights to revoke that user's public key, and be able decrypt any old messages to that user, and be able to decrypt messages sent to that user that are now being redirected to someone else for handling. Are there established mechanisms for handling centralized key management in a company to where the Administrator has access to everything required? One solution is to make a copy of all keys (with known passphrases) when they are created, and put the copy in a secure location. If an employee leaves suddenly, you can retrieve the key to decrypt leftover files and revoke the key. Pgp.com's Windows PGP software uses special Revoker keys and Additional Decryption keys that get added when files are signed, so files are always encrypted to multiple recipients and keys are always revokable even if the original key no longer exists. gpg doesn't recognize ADKs, though. Just so I'm following then, let's say I have gnupg installed on my server, and I'm creating all of my employee's secret keys there, then installing gnupg on their workstations so that they can use local mail clients to encrypt. What's to prevent them from chaning their secret key passphrase or revoking the key themselves and creating a new public key, then publishing that to the keyservers? (Other than knowing enough about gnupg in the first place to do any of this of course...) Not to mention I've always wondering how gnupg plays with multiple recipients or internal company mailing lists. For example if I send a message to VIP1, VIP2, and VIP3, and it is an important internal document that requires encryption, when I encrypt the message, won't it get encrypted with VIP'1 public key, thus VIP2 and VIP3 won't be able to open the message? Sorry to babble, but it really is important to me to get this down and documented. It is very frustrating that I have clients that use no encryption on e-mail, even if they are sending sensitive account information. () ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Complete Port Removal Question
pkg_info -r pkgnameshows dependencies pkg_delete -r pkgname removes pkg and dependencies -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of M. Goodell Sent: Thursday, June 16, 2005 10:24 AM To: FreeBSD Questions Subject: Complete Port Removal Question How can I remove a port and all of it's dependencies from a system? For example, I installed sqWebmail and tried it out then decided it's not what we were looking for. Now, I would like to not only remove sqWebmail but all of the stuff it installed along with it. sqwebmail also installed things like: - courier-authlib-base-0.56 - ispell-3.2.06_13 and others as well Is there a safe / quick way to remove the dependencies for a port and not break the rest of the system by removing stuff other things depend on? For example, I don't want to remove Perl obviously which is a dependency of sqwebmail. Thank you, FreeBSDUtah __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: GnuPG in the enterprise
On Jun 16, 2005, at 10:19 AM, Tony Shadwick wrote: Not to mention I've always wondering how gnupg plays with multiple recipients or internal company mailing lists. For example if I send a message to VIP1, VIP2, and VIP3, and it is an important internal document that requires encryption, when I encrypt the message, won't it get encrypted with VIP'1 public key, thus VIP2 and VIP3 won't be able to open the message? I use pgp.com pgp desktop now but when I was using gnupg it would encrypt to the public keys of all the people in the recipient list so that VIP1 VIP2 and VIP3 could all read it... I have customers using gnupg who do this when sending to me and others. Chad --- Chad Leigh -- Shire.Net LLC Your Web App and Email hosting provider [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Headless upgrade from Linux to FreeBSD
On Thu, 16 Jun 2005 18:48:38 +0400 Andrew P. [EMAIL PROTECTED] wrote: I've been using FreeBSD for a while - and I prefer it to all other server OS'es, but incidentally I have Fedora Core 3 installed on one of the servers I manage. I consulted all interested parties and they have nothing against migrating it to FreeBSD. I've got physical access to the box, but I'd would like it very much to make a headless upgrade. i assume you must have seen this url before, but if not this might be an option : http://www.daemonology.net/depenguinator/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: GnuPG in the enterprise
In the last episode (Jun 16), Tony Shadwick said: On Wed, 15 Jun 2005, Dan Nelson wrote: In the last episode (Jun 15), Tony Shadwick said: Are there any good documents out there on managing GnuPG in the enterprise? There are basic issues I need to be able to address, such as a situation when an employee leaves a company. The admin needs to have the rights to revoke that user's public key, and be able decrypt any old messages to that user, and be able to decrypt messages sent to that user that are now being redirected to someone else for handling. Are there established mechanisms for handling centralized key management in a company to where the Administrator has access to everything required? One solution is to make a copy of all keys (with known passphrases) when they are created, and put the copy in a secure location. If an employee leaves suddenly, you can retrieve the key to decrypt leftover files and revoke the key. Pgp.com's Windows PGP software uses special Revoker keys and Additional Decryption keys that get added when files are signed, so files are always encrypted to multiple recipients and keys are always revokable even if the original key no longer exists. gpg doesn't recognize ADKs, though. Just so I'm following then, let's say I have gnupg installed on my server, and I'm creating all of my employee's secret keys there, then installing gnupg on their workstations so that they can use local mail clients to encrypt. What's to prevent them from chaning their secret key passphrase or revoking the key themselves and creating a new public key, then publishing that to the keyservers? (Other than knowing enough about gnupg in the first place to do any of this of course...) Nothing. The first case should actually be common, since the passphrase is just another password, and all passwords should be changed occasionally. Remember you still have a copy of their key with a known passphrase. As for the second, you could remove the key-generating code from gpg, assuming you have also locked down the accounts/filesystems to prevent them from running unauthorized binaries (i.e. their own gpg). Not to mention I've always wondering how gnupg plays with multiple recipients or internal company mailing lists. For example if I send a message to VIP1, VIP2, and VIP3, and it is an important internal document that requires encryption, when I encrypt the message, won't it get encrypted with VIP'1 public key, thus VIP2 and VIP3 won't be able to open the message? It's up to your MUA to fetch the ids for all the recipients and then call gpg with all the required keyids. Mutt, for example does a pretty good job at this. If you ask for a message to be signed, it won't send it until it has ids for every recipient. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: GnuPG in the enterprise
Tony Shadwick wrote: On Wed, 15 Jun 2005, Dan Nelson wrote: In the last episode (Jun 15), Tony Shadwick said: Are there any good documents out there on managing GnuPG in the enterprise? There are basic issues I need to be able to address, such as a situation when an employee leaves a company. The admin needs to have the rights to revoke that user's public key, and be able decrypt any old messages to that user, and be able to decrypt messages sent to that user that are now being redirected to someone else for handling. Are there established mechanisms for handling centralized key management in a company to where the Administrator has access to everything required? One solution is to make a copy of all keys (with known passphrases) when they are created, and put the copy in a secure location. If an employee leaves suddenly, you can retrieve the key to decrypt leftover files and revoke the key. Pgp.com's Windows PGP software uses special Revoker keys and Additional Decryption keys that get added when files are signed, so files are always encrypted to multiple recipients and keys are always revokable even if the original key no longer exists. gpg doesn't recognize ADKs, though. Just so I'm following then, let's say I have gnupg installed on my server, and I'm creating all of my employee's secret keys there, then installing gnupg on their workstations so that they can use local mail clients to encrypt. What's to prevent them from chaning their secret key passphrase or revoking the key themselves and creating a new public key, then publishing that to the keyservers? (Other than knowing enough about gnupg in the first place to do any of this of course...) Not to mention I've always wondering how gnupg plays with multiple recipients or internal company mailing lists. For example if I send a message to VIP1, VIP2, and VIP3, and it is an important internal document that requires encryption, when I encrypt the message, won't it get encrypted with VIP'1 public key, thus VIP2 and VIP3 won't be able to open the message? The reason for the secret password is to encrypt the actual key while it's stored on your disk. Changing the password doesn't change the key, just how it's stored. The un-encrypted key is what's used to encrypt/decrypt messages, so if you create the key with one password, give the user a copy of the key, and they change the password, your key will still decrypt messages encrypted with their key. It would actually be wise to have the user set their own password on their key anyway. As for creating a new key, there's nothing you can do to prevent it, other than perhaps run your own modified key-server, and control who can check keys into or out of it. Using the public infrastructure, there's nothing you can do about this. The way to handle multiple recipients is that gpg generates a random session key, which it uses to encrypt the message, using symmetric encryption like AES or DES. Then it encrypts a copy of this session key with each of the recipients public keys using a public key algorithm like RSA, and attaches each encrypted session key to the message. So when VIP2 tries to read the email, gpg will look for the encrypted session key it can decrypt, decrypt it with VIP2's private key to get the session key, then use the session key to decrypt the message. -- Christopher Black Chief Security Engineer Secure Crossing 22750 Woodward Suite 304 - Ferndale, MI 48220 Tel (800) 761-4299 | Direct (248) 658-6120 [EMAIL PROTECTED] | www.securecrossing.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Bind service to IP
I read up on how to make a service to run on my FreeBSD 5.2.1 server. I have it setup to run on port 10026, small service to read my logfile, I need to be able to read it from another server. I setup the inetd service in /etc/inetd.conf, is there a way to bind it to a certain IP? I'd like to bind it to my private IP address. However, the firewall in place does not allow access via that port. Any advise? -- Robert ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: new hotswap drive not seen in SCSI scan without reboot?
[EMAIL PROTECTED] Sorry, forgot something quick - I'm reading the MAN pages now on camcontrol and the warnings associated with it. If this server is in production later and has active users is there reason to think that a rescan would cause problems with and read/writes happening at that time on the drives? no. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix on BSD
On Thu, June 16, 2005 12:06 pm, Bart Silverstrim said: On Jun 16, 2005, at 12:00 PM, Ean Kingston wrote: On June 16, 2005 11:54 am, Bart Silverstrim wrote: body_checks = regexp:/usr/local/etc/postfix/body_checks in main.cf. The file contains: # Will this stop RR collateral damage messages? /^* This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments./ REJECT Possible automated RoadRunner mail scanning collateral damage. Eliminate the notifying text and resend message. Also the asterisk in /^* This e-mail was sent from a Road Runner IP address. has been removed now...a warning was appearing in the maillog. No longer gives warning, but still lets the m ail through. I don't know about the rest of the issue (though I suspect that the problem is that in the original message the text is not being sent as a single line), but what you need here is /^\* -- you need to match the asterisk, since it's in the original message. Without the backslash, you have an improperly formed regular expression since there is no character for the wildcard to apply to. Jim -- Jim Trigg, Lord High Everything Else O- /\ Hostmaster, Huie Kin family website\ / ASCII RIBBON CAMPAIGN Verger and System Administrator,XHELP CURE HTML MAIL All Saints Church - Sharon Chapel / \ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Headless upgrade from Linux to FreeBSD
On Thu, Jun 16, 2005 at 06:48:38PM +0400, Andrew P. wrote: Hello, I've been using FreeBSD for a while - and I prefer it to all other server OS'es, but incidentally I have Fedora Core 3 installed on one of the servers I manage. I consulted all interested parties and they have nothing against migrating it to FreeBSD. I've got physical access to the box, but I'd would like it very much to make a headless upgrade. It's a single-Opteron box with around 130Gb on a 200Gb SATA hard drive, the internet bandwidth is about 20Mbit/s. In fact, I've already tried to run FreeBSD-5.3 on this very box - without any problem. There is no DHCP/DNS on the network it's connected to, so static preconfigured IP-address is a must, as well as a pre-configured BIND (or at least resolv.conf with one of my external DNS-servers). I'm thinking about creating a large hard-drive image (with FreeBSD) and somehow writing it on the hard-drive with an in-memory dd-like tool. Can anybody suggest a better way? Maybe I could even save some data without backing it all up on another server? That could work - you should test it first on a headful machine with as close to identical hardware configuration as you can get it. Another way would be to set up a NFS boot image and boot with PXE. Both of these approaches probably require some intimacy with FreeBSD, so if you're not quite at that level then you might cause yourself less pain by just adding a console (VGA or serial) to the machine during the installation process. Kris pgp2tO5dS58LW.pgp Description: PGP signature
inconstistent snapshot contents
Hi, during regularly backups with tar from a filesystem snapshot I noticed that the contents of the snapshot changed during the backup. Is there any bug known with the snapshot code? Can someone point me to the appropriate code in the kernel where to check for inconsistent snapshot contents? Thanks in advance Titus von Boxberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SMP and networking under FreeBSD 5.3
Thanks Alex, Below are my rules. I have removed the IP addresses and replaced with x.x.x.x in most cases. Also some ports have been turned to y's instead of the actual port. Some of these rules are probably not needed, but it works, or at least it seems to be working. In looking at the rules, 8 rules are not processed, I get 8 of the messages below, and 8 rules rely on the E_IPADDR to be set ( The allowTcpConnectionOut shell function sets 3 rules ). Since E_IPADDR is always used when referering to the FULL_LAN which includes the interal interface, I'm just going to switch to using 'me' instead. Is it better to use 'me' or an ip address? Joe #! /bin/sh # ipfw rules # ## # set up the ipf command ipfw_cmd=/sbin/ipfw -q # ## # globals ## GREP=/usr/bin/grep E_IPADDR=`/sbin/ifconfig dc0 | $GREP -v inet6|$GREP inet | awk '{print $2}'` I_IPADDR=x.x.x.0 # x.x.x has been removed for this email DNS_LOOKUPS=`$GREP nameserver /etc/resolv.conf|awk '{print $2}' ` INTERNET_IFACE=dc0 LAN_IFACE=xl0 FULL_LAN={ $E_IPADDR or $I_IPADDR/24 } DNS_SERVER=x.x.x.x # I've removed this for this email ## # ## # function for allowing tcp connections # takes from to and interface ### tcpAddAllow=$ipfw_cmd add allow tcp from setup=setup keep-state ### allowTcpEst() { FROM=$1 TOWHO=$2 INTERFACE=$3 $tcpAddAllow $FROM to $TOWHO via $INTERFACE established $tcpAddAllow $TOWHO to $FROM via $INTERFACE established } ### allowTcpConnectionOut() { FROM=$1 TOWHO=$2 INTERFACE=$3 $tcpAddAllow $FROM to $TOWHO out xmit $INTERFACE $setup allowTcpEst $FROM $TOWHO $INTERFACE } ### allowTcpConnectionIn() { FROM=$1 TOWHO=$2 INTERFACE=$3 $tcpAddAllow $FROM to $TOWHO in recv $INTERFACE $setup allowTcpEst $FROM $TOWHO $INTERFACE } ## # flush all the rules $ipfw_cmd -f flush # ## # allow from loop back #$ipfw_cmd set enable 0 #$ipfw_cmd set enable 1 $ipfw_cmd add allow all from any to any via lo0 $ipfw_cmd add deny all from 127.0.0.1 to 127.0.0.1 $ipfw_cmd add deny all from any to 127.0.0.0/8 $ipfw_cmd add deny ip from 127.0.0.0/8 to any # ## # from the dsl modem / router , once again masked, they are fixed IP's here $ipfw_cmd add allow udp from x.x.x.x y to x.x.255.255 y via $INTERNET_IFACE # ## # deny this shit worm and MS crap and SYN in $ipfw_cmd add deny tcp from any to any in recv $INTERNET_IFACE setup $ipfw_cmd add deny ip from any to any 0-19,135-139,445,1214,1434 in recv $INTERNET_IFACE # ## # need to divert all packets to get them where we want them $ipfw_cmd add divert natd all from any to any via $INTERNET_IFACE # $ipfw_cmd add check-state # ## # this is the dc0 interface ### # tcp ### allowTcpConnectionOut $FULL_LAN any $INTERNET_IFACE # # for passive ftp (port 20) x-fers eek! does MS need this? #$ipfw_cmd add allow log tcp from any 20 to any in recv $INTERNET_IFACE # ### # this is udp DNS and NTP ### $ipfw_cmd add allow udp from $FULL_LAN to any 53 out xmit $INTERNET_IFACE keep-state # # ntp $ipfw_cmd add allow udp from $FULL_LAN to any 123 out xmit $INTERNET_IFACE keep-state # # this is apple talk shit we dont want $ipfw_cmd add deny udp from any to any 192 # # this is our new netgear router port crap we dont want, as well as MS $ipfw_cmd add deny udp from any to any 137 # # the rest of UDP that should not have anything in it $ipfw_cmd add allow log udp from any to any out xmit $INTERNET_IFACE keep-state # ### # this is icmp out ### $ipfw_cmd add allow icmp from $FULL_LAN to any out xmit $INTERNET_IFACE keep-state # ### # icmp from router to any ### # this is masked for internat email $ipfw_cmd add allow icmp from x.x.0.254 to $FULL_LAN icmptypes 3,4 # ### # for big joe to access mindspring ? # and yahoo and some other places that like to ping ?? ### $ipfw_cmd add allow log icmp from any to any in recv $INTERNET_IFACE
RE: Complete Port Removal Question
Will pkg_delete work with items installed via the ports collection? John Brooks [EMAIL PROTECTED] wrote:pkg_info -r shows dependencies pkg_delete -r removes pkg and dependencies -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of M. Goodell Sent: Thursday, June 16, 2005 10:24 AM To: FreeBSD Questions Subject: Complete Port Removal Question How can I remove a port and all of it's dependencies from a system? For example, I installed sqWebmail and tried it out then decided it's not what we were looking for. Now, I would like to not only remove sqWebmail but all of the stuff it installed along with it. sqwebmail also installed things like: - courier-authlib-base-0.56 - ispell-3.2.06_13 and others as well Is there a safe / quick way to remove the dependencies for a port and not break the rest of the system by removing stuff other things depend on? For example, I don't want to remove Perl obviously which is a dependency of sqwebmail. Thank you, FreeBSDUtah __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] - Discover Yahoo! Get on-the-go sports scores, stock quotes, news more. Check it out! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix on BSD
On June 16, 2005 12:06 pm, Bart Silverstrim wrote: On Jun 16, 2005, at 12:00 PM, Ean Kingston wrote: On June 16, 2005 11:54 am, Bart Silverstrim wrote: Probably off-topic, but it's a sysadmin question that maybe someone on the list could send a quick blurb answer about :-/ I'm trying to filter some mail coming into Postfix based on the body content. I have the line body_checks = regexp:/usr/local/etc/postfix/body_checks in main.cf. The file contains: # Will this stop RR collateral damage messages? /^* This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments./ REJECT Possible automated RoadRunner mail scanning collateral damage. Eliminate the notifying text and resend message. # Borrowed check lines /^This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm,/ REJECT Email reporting virus detected /^This e-mail in its original form contained one or more attached files that were infected with the / REJECT Email reporting virus detected ** The files are owned root, wheel with rwrr, so it should be readable by the postfix processes. I do a postfix reload, send an email from the Internet to this mail server containing the key phrase(s), and they seem to go right through! Am I missing something? Yes you are missing something. Postfix does not do multi-line expression matching. Maybe I'm misunderstanding you, but the lines wrapped in the email and are one line each in the actual configuration file. Postfix scans the body of the email message one line at a time. Your expressions have more text that would usually go on a single line in an email. Also the asterisk in /^* This e-mail was sent from a Road Runner IP address. has been removed now...a warning was appearing in the maillog. No longer gives warning, but still lets the m ail through. Postconf shows that the value for body_check is pointing at the correct file... -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: applying the vesa patch to stable for high console resolution
On Mon, Jun 13, 2005 at 10:46:26PM +0200, Didier Wiroth wrote: Hi, USE AT YOUR OWN RISK! this for the freebsd5 branch only How about RELENG_4? Is it possible to port it there? -ip -- Never put all your eggs in your pocket. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Complete Port Removal Question
yes -- John Brooks [EMAIL PROTECTED] -Original Message- From: M. Goodell [mailto:[EMAIL PROTECTED] Sent: Thursday, June 16, 2005 12:10 PM To: [EMAIL PROTECTED]; FreeBSD Questions Subject: RE: Complete Port Removal Question Will pkg_delete work with items installed via the ports collection? John Brooks [EMAIL PROTECTED] wrote: pkg_info -r shows dependencies pkg_delete -r removes pkg and dependencies ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: GnuPG in the enterprise
On Thu, Jun 16, 2005 at 11:19:19AM -0500, Tony Shadwick wrote: Just so I'm following then, let's say I have gnupg installed on my server, and I'm creating all of my employee's secret keys there, then installing gnupg on their workstations so that they can use local mail clients to encrypt. What's to prevent them from chaning their secret key passphrase or revoking the key themselves and creating a new public key, then publishing that to the keyservers? (Other than knowing enough about gnupg in the first place to do any of this of course...) Change the ownership of the files in the .gnupg directory. Make them owned by user root and the user's individual group. Chmod gpg.conf and secring.gpg to 440. The other files can be 460. Not to mention I've always wondering how gnupg plays with multiple recipients or internal company mailing lists. For example if I send a message to VIP1, VIP2, and VIP3, and it is an important internal document that requires encryption, when I encrypt the message, won't it get encrypted with VIP'1 public key, thus VIP2 and VIP3 won't be able to open the message? Set up a named group in the keyring, that contains all the users in the mailing list. Or use pgpewrap, it comes with mutt, I think. Roland -- R.F.Smith (http://www.xs4all.nl/~rsmith/) Please send e-mail as plain text. public key: http://www.xs4all.nl/~rsmith/pubkey.txt pgpSQfDHSz6fA.pgp Description: PGP signature
Accent keys in X11
Hello, How can I use accent keys in X11? Thanks and Best Regards, Ale ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Driver D-Link DGE-550SX
On 6/16/05, Marcin Lara [EMAIL PROTECTED] wrote: Hi, What driver i should use with D-Link DGE-550SX network ethernet adapter in FreeBSD ? I have a machine with DGE-550 adapter and FreeBSD does not detect it. I never tried hard to find a way to force it to work in FreeBSD (as that machine has 2 other ethernet adapters) but it may be possible to use an NDIS Windows driver for it, as mentioned, for example, at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-wireless.html. If you find a way to force this card to work with FreeBSD, please let us know :-) -- Dmitry We live less by imagination than despite it - Rockwell Kent, N by E ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Accent keys in X11
On Thu, 2005-06-16 at 15:04 -0300, Alejandro Pulver wrote: Hello, How can I use accent keys in X11? Thanks and Best Regards, Ale Hola Alejandro. Do you have this line: Option XkbLayout es in the Section InputDevice in the file /usr/X11R6/lib/X11/xorg.conf? Hope this help. Regards. Jose. -- http://www.lordofunix.org Not Registered GNU/Hurd User. Registered BSD User 51101. Registered Linux User #213309. Memories. You are talking about memories. Rick Deckard. Blade Runner. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD/UNIX backups to DVD+RW
I'm trying to setup backups to the DVD-RW drive on our new server before it goes into production. I've got the DVD-RW drive working, and I figured out how to dump to it: # dvd+rw-format /dev/cd0 # dump -0 -uL -C16 -B4589840 -P 'growisofs -speed=4 -Z /dev/cd0=/dev/fd/0' /usr A test restore comes out clean: # restore -Nxvb /dev/cd0 The problem is most of the partitions are tiny ( 1G) and I would like to fit more then one partition on each DVD. I figured just passing -M (append data) instead of -Z (new session) would do it: # dump -0 -uL -C16 -a -P 'growisofs -speed=4 -M /dev/cd0=/dev/fd/0' /home But growisofs fails with :-( /dev/cd0 doesn't look like isofs..., and of course dump fails with Broken pipe. Any clues to how to get this to work? (Webpage link is sufficient if there is something out there. I couldn't find one.) I'm fairly new to the FreeBSD/UNIX world, so please be gentle. Thanks, -james ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix on BSD
On Jun 16, 2005, at 1:25 PM, Ean Kingston wrote: On June 16, 2005 12:06 pm, Bart Silverstrim wrote: On Jun 16, 2005, at 12:00 PM, Ean Kingston wrote: On June 16, 2005 11:54 am, Bart Silverstrim wrote: Probably off-topic, but it's a sysadmin question that maybe someone on the list could send a quick blurb answer about :-/ I'm trying to filter some mail coming into Postfix based on the body content. I have the line body_checks = regexp:/usr/local/etc/postfix/body_checks in main.cf. The file contains: # Will this stop RR collateral damage messages? /^* This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments./ REJECT Possible automated RoadRunner mail scanning collateral damage. Eliminate the notifying text and resend message. # Borrowed check lines /^This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm,/ REJECT Email reporting virus detected /^This e-mail in its original form contained one or more attached files that were infected with the / REJECT Email reporting virus detected ** The files are owned root, wheel with rwrr, so it should be readable by the postfix processes. I do a postfix reload, send an email from the Internet to this mail server containing the key phrase(s), and they seem to go right through! Am I missing something? Yes you are missing something. Postfix does not do multi-line expression matching. Maybe I'm misunderstanding you, but the lines wrapped in the email and are one line each in the actual configuration file. Postfix scans the body of the email message one line at a time. Your expressions have more text that would usually go on a single line in an email. I'm sorry, you're right. I tested using telnet to the SMTP server and it flagged it; something with my MTA or MUA was wrapping the lines. I didn't know if you meant the lines were too long in the body_checks or in the raw source of the message. Thanks, -Bart ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Accent keys in X11
On Thu, 16 Jun 2005 20:15:50 +0200 Jose Luis Alarcon Sanchez [EMAIL PROTECTED] wrote: On Thu, 2005-06-16 at 15:04 -0300, Alejandro Pulver wrote: Hello, How can I use accent keys in X11? Thanks and Best Regards, Ale Hola Alejandro. Do you have this line: OptionXkbLayout es in the Section InputDevice in the file /usr/X11R6/lib/X11/xorg.conf? Hope this help. Regards. Jose. Hello, Thank you for your reply. I did not mention it, but I have an English (pc-104) keyboard. How can I do to use the Spanish accents with the English keyboard? And can I use the characters I do not have (like )? Thanks and Best Regards, Ale ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
getting DNS from DHCP IP address
My problem is that the server I use for DNS keeps going dead. My ISP is most familiar with windows users who get their DNS automatically from their connection. When my ISP gives me a good DNS server number, it seems to go dead six months later, and I have to call them again. Is there a way to get DNS automatically, say from the DHCP connection IP address given to me? or, is there some great free DNS server that will stay in business for some time that I can plug into my resolv.conf? I am in Toronto, Canada so I guess a DNS should be in reasonable proximity. -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
collecting pv entries -- suggest increasing PMAP_SHPGPERPROC
Hi, I just got this on one of our machines It talks about Apache being the issue, but when I run the ipcs -a ; sysctl vm.zone | grep PV I get : odin# ipcs -a ; sysctl vm.zone | grep PV Message Queues: T ID KEYMODE OWNERGROUP CREATOR CGROUP CBYTES QNUM QBYTES LSPID LRPIDSTIMERTIMECTIME Shared Memory: T ID KEYMODE OWNERGROUP CREATOR CGROUP NATTCH SEGSZ CPID LPIDATIMEDTIMECTIME m 65536 1936028777 --rw-rw-rw- setiathome setiathome setiathome setiathome 1 131224607 34106 1:29:54 19:29:53 19:56:57 Semaphores: T ID KEYMODE OWNERGROUP CREATOR CGROUP NSEMS OTIMECTIME s 65536 1936028777 --rw-rw-rw- setiathome setiathome setiathome setiathome 1 1:29:54 19:56:57 PV ENTRY: 24, 2084665, 39395, 1837920, 5225493555 This is a server thats running a stock SMP kernel, has 4G of memory, 104 total processes, of which 4 are setiathome, and gets maybe 50 hits A DAY. I saw where you could sysctl a fix, but it didn't seem to mention a guideline for the setting. Where should I go, or can I just let it go for now? Thanks, Tuc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: applying the vesa patch to stable for high console resolution
Yet another thing to ask. I have a wide screen laptop where the VBIOS does not report correct resolutions, has the system taken steps to correct this? ~Its an Intel i915GM, 15.4, native windows of 1200x800 On 6/16/05, Igor Pokrovsky [EMAIL PROTECTED] wrote: On Mon, Jun 13, 2005 at 10:46:26PM +0200, Didier Wiroth wrote: Hi, USE AT YOUR OWN RISK! this for the freebsd5 branch only How about RELENG_4? Is it possible to port it there? -ip -- Never put all your eggs in your pocket. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Spam sender using domain name as spoofed source
I have a FreeBSD machine that I set up, mostly to learn more about the ins and outs of *nix based servers. As such I run sendmail on it and Apache to host a small web site. I registered a domain name as well. Things have gone fairly smoothly and without incident until recently. The server is suddenly receiving thousands of email a day, from postmasters! It appears that some spam lord has decided that my domain would bea good one for spoofing as the sender address of his garbage. Every one of his spam messages that generates an error message (user does not exist, mailbox full, spam blocking programs, etc) sends the reply to MY SERVER. Now this would normally not be a big deal as I could simply filter for this stuff and toss it to /dev/null as it comes in, but I am on a broadband connection with a 10GB monthly limit and this traffic added onto my regular monthly traffic, is pushing me well over the 10GB mark and it is costing me money. For now, I have shut down sendmail externally just to stem the flow, but is there a solution for this? How can I prevent the delivery of these messages so that I don't get a traffic at all? Or am I pretty much stuck with either tossing my domain name or shutting down mail services? Any help or guidance appreciated! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Custom Kernel Config
All, I recently tried to configure and compile my first custom Kernel. I followed the directions for this process in the FreeBSD handbook, I was able to resolve a few small bugs (enabling device miibus when I had an Ethernet card of that type) but ultimately it keeps failing and I'm not sure where the problem is. It passes /usr/sbin/config and make depend, but make fails. The error doesn't mean a whole lot to me, so I'm unfortunately ignorant on this. Because of the length I decided not to include the files in the body or as attachments, but I've provided them on the web. http://bob.jonx.com/MYKERNEL.txt is my kernel config http://bob.jonx.com/MYKERNEL-ERROR.txt is the error I get (sorry for the lack of line wrap) Any help would be greatly appreciated! Cheers! -Alex Alex McGeorge Network Security Engineer Robbins-Gioia, LLC 703-548-7006 x4101 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: getting DNS from DHCP IP address
David Banning wrote: My problem is that the server I use for DNS keeps going dead. My ISP is most familiar with windows users who get their DNS automatically from their connection. When my ISP gives me a good DNS server number, it seems to go dead six months later, and I have to call them again. Yuck. Ask them to set up DNS boxes which are not going to move. Is there a way to get DNS automatically, say from the DHCP connection IP address given to me? or, is there some great free DNS server that will stay in business for some time that I can plug into my resolv.conf? DHCP will normally obtain DNS servers automaticly. It's likely that you could release and renew your lease (dhclient -r, maybe?) and cause it to get new DNS info if the old values are no longer working. The other way would be to point to valid nameservers somewhere close, and use those. Doing a whois yourisp.net might give you some idea. I am in Toronto, Canada so I guess a DNS should be in reasonable proximity. Trawn-nah? :-) Internet reachability matters more than physical location. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: getting DNS from DHCP IP address
Is there a way to get DNS automatically, say from the DHCP connection IP address given to me? or, is there some great free DNS server that will stay in business for some time that I can plug into my resolv.conf? DHCP will normally obtain DNS servers automaticly. It's likely that you could release and renew your lease (dhclient -r, maybe?) and cause it to get new DNS info if the old values are no longer working. Here may be the answer. I think of DHCP of being a server thing only, to win boxes. I hadn't considered using dhclient on the freebsd host. I will look into this. It sounds like the answer. Thanks - Trawn-nah? spoken like a true native - -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: POWERVAULT 705n
Jean-Paul Natola wrote: I have a Powervault on our network , Dell informs me that since its NOT windows powered I have basically no specific control , auditing etcc,, A network folder was deleted from the NAS yesterday, and I have no way of determining who did it. I know it's a *nix kernel. Run uname -a, and figure out exactly what the system is. While there are lots of ways to set up auditing of a Unix-like system, if they weren't turned on already, it is unlikely that you are going to figure out much about an event which already happened. Anyway, you should recover the deleted folder from your backups. If you weren't making backups, start. Also there are files there that , when we want to delete (MAC files often) it says access denied. Ideally , set permissions (i.e. can read , write, change, NOT delete), also audit to see who did what when , and delete those access denied files- I'm sure if I can get into it through a shell? Or root? This would be possible??? Maybe??? It's likely that if someone starting maintaining this system and sets up user permissions correctly, the situation would improve considerably. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Custom Kernel Config
On Thu, Jun 16, 2005 at 03:18:29PM -0400, Alex McGeorge wrote: All, I recently tried to configure and compile my first custom Kernel. I followed the directions for this process in the FreeBSD handbook, I was able to resolve a few small bugs (enabling device miibus when I had an Ethernet card of that type) but ultimately it keeps failing and I'm not sure where the problem is. It passes /usr/sbin/config and make depend, but make fails. The error doesn't mean a whole lot to me, so I'm unfortunately ignorant on this. Because of the length I decided not to include the files in the body or as attachments, but I've provided them on the web. http://bob.jonx.com/MYKERNEL.txt is my kernel config http://bob.jonx.com/MYKERNEL-ERROR.txt is the error I get (sorry for the lack of line wrap) Any help would be greatly appreciated! googling for this error would have given you approximately 3 billion answers to your question without needing to ask it (again) here. Kris pgpVWb0WGCIvg.pgp Description: PGP signature
Re: FreeBSD/UNIX backups to DVD+RW
On Thu, Jun 16, 2005 at 01:14:50PM -0500, James Riendeau wrote: I'm trying to setup backups to the DVD-RW drive on our new server before it goes into production. I've got the DVD-RW drive working, and I figured out how to dump to it: # dvd+rw-format /dev/cd0 # dump -0 -uL -C16 -B4589840 -P 'growisofs -speed=4 -Z /dev/cd0=/dev/fd/0' /usr Hmm, nice idea. Although I don't think it'll work on a partition 4GB. A test restore comes out clean: # restore -Nxvb /dev/cd0 The problem is most of the partitions are tiny ( 1G) and I would like to fit more then one partition on each DVD. I figured just passing -M (append data) instead of -Z (new session) would do it: # dump -0 -uL -C16 -a -P 'growisofs -speed=4 -M /dev/cd0=/dev/fd/0' /home But growisofs fails with :-( /dev/cd0 doesn't look like isofs..., and of course dump fails with Broken pipe. That's because it isn't an isofs, it's a raw dump. Growisofs doesn't understand the dump format and doesn't have a clue where the end of the previous session is. Any clues to how to get this to work? (Webpage link is sufficient if there is something out there. I couldn't find one.) If you have sufficient disk space, dump to disk. Compress the dumps with gzip or bzip2 if you want to fit more on a disk, and put the dumps in an isofs with mkisofs(8). Burn that on a DVD. Roland -- R.F.Smith (http://www.xs4all.nl/~rsmith/) Please send e-mail as plain text. public key: http://www.xs4all.nl/~rsmith/pubkey.txt pgpGb9ZojQnfh.pgp Description: PGP signature
Re: getting DNS from DHCP IP address
David Banning wrote: My problem is that the server I use for DNS keeps going dead. My ISP is most familiar with windows users who get their DNS automatically from their connection. When my ISP gives me a good DNS server number, it seems to go dead six months later, and I have to call them again. Is there a way to get DNS automatically, say from the DHCP connection IP address given to me? or, is there some great free DNS server that will stay in business for some time that I can plug into my resolv.conf? I am in Toronto, Canada so I guess a DNS should be in reasonable proximity. Getting DNS server info from the ISP when you get your DHCP lease is the typical case, as far as I know (it really has nothing to do with Windows users). The special case as it may apply to FreeBSD home users is that you might want to be running a home network DNS server too (e.g. to host a myhome.lab domain). If you're doing that then you want the resolv.conf on your firewall to point to localhost (or your inside network server) as well as to the ISP DNS servers. This may be where you're coming from if you are editing resolv.conf by hand, whereas DHCP would normally populate resolv.conf for you every time your lease is renewed. What you probably want is to automatically merge your home network settings with the changing info provided by the ISP. Easy to do. I forget the specifics and am not at home to check my running config, but I am sure that everything you need is within: man dhclient.conf You're looking for a prepend command to put your local DNS server first in resolv.conf, and have DHCP append the ISP's servers. If you don't have an internal DNS server, all you need is to send the ISP a request for their DNS server addrs (which you'd also do with dhclient.conf). -- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) gregb at scls.lib.wi.us, (608) 266-6348 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spam sender using domain name as spoofed source
[EMAIL PROTECTED] wrote: [ ... ] The server is suddenly receiving thousands of email a day, from postmasters! It appears that some spam lord has decided that my domain would bea good one for spoofing as the sender address of his garbage. Every one of his spam messages that generates an error message (user does not exist, mailbox full, spam blocking programs, etc) sends the reply to MY SERVER. You might try configuring SPF information into your DNS. This is supposed to help the people being spammed by forged mail containing your domain reject the spam, rather than bouncing it back to you. Here in the US, if you can show damages larger than $2000, that's when it becomes useful to talk to the local police or even the FBI; below that dollar figure, computer abuse/fraud doesn't really register. :-( -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Headless upgrade from Linux to FreeBSD
On 6/16/05, albi [EMAIL PROTECTED] wrote: On Thu, 16 Jun 2005 18:48:38 +0400 Andrew P. [EMAIL PROTECTED] wrote: I've been using FreeBSD for a while - and I prefer it to all other server OS'es, but incidentally I have Fedora Core 3 installed on one of the servers I manage. I consulted all interested parties and they have nothing against migrating it to FreeBSD. I've got physical access to the box, but I'd would like it very much to make a headless upgrade. i assume you must have seen this url before, but if not this might be an option : http://www.daemonology.net/depenguinator/ No, I didn't happen to google there, thanks. I think I'll give it a try. Thanks, Andrew P. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: getting DNS from DHCP IP address
David Banning wrote: DHCP will normally obtain DNS servers automaticly. It's likely that you could release and renew your lease (dhclient -r, maybe?) and cause it to get new DNS info if the old values are no longer working. Here may be the answer. I think of DHCP of being a server thing only, to win boxes. I hadn't considered using dhclient on the freebsd host. I will look into this. It sounds like the answer. Thanks - You're welcome. Trawn-nah? spoken like a true native - :-) [ If we've mystified anyone, people actually from Toronto use only two syllables. Although I'm not from there, actually, I was born in a place called Wooster which is spelled Worchester, so I've needed to pay attention to this issue from early on. ] -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Out of memory on FreeBsd 5.4
Hi all, Should I make some kernel adjust to work with a machine with 2GB RAM? Im using MD/SA/Clamav for a long time with FreeBSD 4.x. Im upgrading, the server to FreeBSD 5.4, and installing MD from ports. But Im getting the following error messages when I try to send a hello message: Jun 16 16:18:19 host1 mimedefang-multiplexor[7689]: Slave 1 stderr: Out of memory during large request for 69632 bytes, total sbrk() is 27547648 bytes at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2262. The man page for sbrk, tells about data segment limit, what is the default? Shuold I change the MAXDSIZ on kernel? - Marcelo Souza ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
./configure question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Question is, why I can't get it to work anymore, when I go to a port dir, do a make extract cd work ./configure --arguments I used it before for setting extra arguments on several ports I added. Since then, I've done a cvsup, rebuilt and installed everything, everything else is working okay. Since I'm still relatively new have already made some mistakes because of what shell I was using as root when I was doing certain things like cvs, which this mailing list helped me with, I tried changing root's shell but it didn't help. So, thanks for any help I can get on this. Oh yeah, when I did cvsup, I just did the security branch. Running FreeBSD 5.4 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCseSuy0Ty5RZE55oRAhFvAKCx/nEOaGtAZLRduJughtBkgCSFFgCfQwuU fbGj1f8jOfvnfjP29JoldhI= =Y+I5 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ./configure question
Denny White wrote: Question is, why I can't get it to work anymore, when I go to a port dir, do a make extract cd work ./configure --arguments I used it before for setting extra arguments on several ports I added. Most ports feed additional options to ./configure, check the port's Makefile to see what it does, or do a make configure or simple make at the top-level of the port instead. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Logging via Serial Port
Hi, I use a script here with expect and tip. - Marcelo Souza On Thu, 16 Jun 2005, Jeff Tollison wrote: |Hi, | |I have a phone system that I need to log information from to a FreeBSD |box via a serial cable. What would be the best way to listen to the |serial port and write those messages to a log file? | |I have looked in the archives and googled, but still no luck. | |Any help would be appreciated. | |Thanks | |-- |Jeff Tollison |jptollison at gmail dot com |___ |freebsd-questions@freebsd.org mailing list |http://lists.freebsd.org/mailman/listinfo/freebsd-questions |To unsubscribe, send any mail to [EMAIL PROTECTED] | - Marcelo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ./configure question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 16 Jun 2005, Chuck Swiger wrote: Denny White wrote: Question is, why I can't get it to work anymore, when I go to a port dir, do a make extract cd work ./configure --arguments I used it before for setting extra arguments on several ports I added. Most ports feed additional options to ./configure, check the port's Makefile to see what it does, or do a make configure or simple make at the top-level of the port instead. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Okay, I messed up again. I described it wrong before. I should've said, if I do /usr/src/contrib/binutils/./configure -args It works okay. I found that with locate. Could I have messed up scripts in /usr/ports or somewhere else when I rebuilt everything? I never had to add any path to ./configure before. After I wrote this message, I thought about paths did some looking with locate. That's what seems to be my problem. Wrong path in env, something missing, etc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCsfHuy0Ty5RZE55oRAuRvAJsH+Gtu2hZexAOzkvCvAc5fnHaQEACgo5Z2 Kx+2QnApIUl8G8skx8kcAYI= =8sgQ -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: divx encoding vob files
Sergey Zaharchenko wrote: Hello Timothy! Thu, Jun 16, 2005 at 07:52:16PM +1000 you wrote: i've been looking how to encode vob files into divx avi files, and without fail following any of the howto's i google resulted in failure. i have mencoder installed, vobcopy. i have the vob files and they play perfectly. what do i need to execute to convert them into mpeg4 avi files? So you need to fit a DVD onto a CD;) Here's what I did. For each .vob file mencoder -oac lavc -ovc lavc -lavcopts \ acodec=mp3:abitrate=192:vcodec=mpeg4:vbitrate=800 -vf scale=512:384 \ -o your.avi your.vob \ then concatenate the avi's cat your1.avi your2.avi ... yourn.avi all.avi and then fix the resulting avi with mencoder -idx all.avi -ovc copy -oac copy -o result.avi HTH, it doesn't have to fit on a cd, just a single layer dvd. so only a small reduction in size is needed. initally when i tried your command it errored whinging about not having a subfont.tff, so i just pointed it to a generic ttf i had, it then bombed out with this mencoder -oac lavc -ovc lavc -lavcopts \ acodec=mp3:abitrate=192:vcodec=mpeg4:vbitrate=800 -font /usr/X11R6/lib/X11/fonts/bitstream-vera/Vera.ttf \ -o 1.avi the_video_you_wanted1-1.vob \ Opening video decoder: [mpegpes] MPEG 1/2 Video passthrough VDec: vo config request - 720 x 576 (preferred csp: Mpeg PES) Could not find matching colorspace - retrying with -vf scale... Opening video filter: [scale] The selected video_out device is incompatible with this codec. VDecoder init failed :( Opening video decoder: [libmpeg2] MPEG 1/2 Video decoder libmpeg2-v0.4.0b Selected video codec: [mpeg12] vfm:libmpeg2 (MPEG-1 or 2 (libmpeg2)) == Building audio filter chain for 48000Hz/2ch/s16le - 48000Hz/2ch/s16le... Writing AVI header... ODML: Aspect information not (yet?) available or unspecified, not writing vprp header. VDec: vo config request - 720 x 576 (preferred csp: Planar YV12) VDec: using Planar YV12 as output csp (no 0) Movie-Aspect is 1.78:1 - prescaling to correct movie aspect. videocodec: libavcodec (720x576 fourcc=34504d46 [FMP4]) Illegal instruction (core dumped)Trem: 0min 0mb A-V:0.004 [0:0] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ./configure question
Denny White wrote: [ ... ] Okay, I messed up again. I described it wrong before. I should've said, if I do /usr/src/contrib/binutils/./configure -args It works okay. I found that with locate. Are you trying to build src/contrib/binutils? What for? Could I have messed up scripts in /usr/ports or somewhere else when I rebuilt everything? Dunno. What is the problem you have with ports? I never had to add any path to ./configure before. After I wrote this message, I thought about paths did some looking with locate. That's what seems to be my problem. Wrong path in env, something missing, etc. Run the script command. Do something which shows what you think is a problem. Exit from the shell, and paste the contents of the typescript file created into email so you can show exactly what the error message is. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ./configure question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 16 Jun 2005, Chuck Swiger wrote: Denny White wrote: [ ... ] Okay, I messed up again. I described it wrong before. I should've said, if I do /usr/src/contrib/binutils/./configure -args It works okay. I found that with locate. Are you trying to build src/contrib/binutils? What for? Could I have messed up scripts in /usr/ports or somewhere else when I rebuilt everything? Dunno. What is the problem you have with ports? I never had to add any path to ./configure before. After I wrote this message, I thought about paths did some looking with locate. That's what seems to be my problem. Wrong path in env, something missing, etc. Run the script command. Do something which shows what you think is a problem. Exit from the shell, and paste the contents of the typescript file created into email so you can show exactly what the error message is. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Okay, I see I'm in such a confused state that I appear to be confusing others. I had read somewhere that you can go into a port dir you want to install, and do make extract then cd into the work dir just created, you could do a ./configure with some option afterward that would show you all the available arguments/options you can include when you configure it before making it, instead of reading the makefile. Then, in that dir, you do ./configure --arguments --options to get it ready to build it the way you want. And, instead of that, you can also do ./configure \ which puts you in a shell on the next line where you enter all the arguments and then exit on an empty line when you're done. Which, btw, works for me. I hope this time I've made it more clear. And no, I'm not trying to build binutils. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCsf5Ly0Ty5RZE55oRAoalAJ9OJ/H+kZ1K1OTUXPhWCyULSdTxEQCdGYF5 rkjbIaZ9jCrOCc7sRIoIJjA= =nviR -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Problems since 5.3-RELEASE-p15
Hi, Ever since I upgraded to 5.3-RELEASE-p15, I've started to run into problems... All of a sudden, anything I do results in a Segfault. Sometimes I'll get : /libexec/ld-elf.so.1: top: Shared object has no run-time symbol table Sometimes if I wait a few minutes, it'll go right back to normal. Syslog shows : 20050614/spool:Jun 14 17:03:30 himinbjorg kernel: pid 19612 (sh), uid 0: exited on signal 11 (core dumped) 20050614/spool:Jun 14 17:03:30 himinbjorg kernel: Jun 14 17:03:30 himinbjorg ker nel: pid 19612 (sh), uid 0: exited on signal 11 (core dumped) 20050614/spool:Jun 14 17:11:51 himinbjorg kernel: pid 19755 (sh), uid 1011: exit ed on signal 11 (core dumped) 20050614/spool:Jun 14 17:11:51 himinbjorg kernel: Jun 14 17:11:51 himinbjorg ker nel: pid 19755 (sh), uid 1011: exited on signal 11 (core dumped) 20050614/spool:Jun 14 17:13:44 himinbjorg kernel: pid 19801 (sh), uid 0: exited on signal 11 (core dumped) 20050614/spool:Jun 14 17:13:44 himinbjorg kernel: Jun 14 17:13:44 himinbjorg ker nel: pid 19801 (sh), uid 0: exited on signal 11 (core dumped) 20050614/spool:Jun 14 17:13:48 himinbjorg kernel: pid 19802 (sh), uid 0: exited on signal 11 (core dumped) 20050614/spool:Jun 14 17:13:48 himinbjorg kernel: Jun 14 17:13:48 himinbjorg ker nel: pid 19802 (sh), uid 0: exited on signal 11 (core dumped) etc 20050615/spool:Jun 15 09:20:23 himinbjorg kernel: Jun 15 09:20:23 himinbjorg ker nel: pid 37660 (stty), uid 0: exited on signal 11 (core dumped) 20050615/spool:Jun 15 09:20:23 himinbjorg kernel: Jun 15 09:20:23 himinbjorg ker nel: pid 37661 (sh), uid 0: exited on signal 11 (core dumped) 20050615/spool:Jun 15 09:20:23 himinbjorg kernel: Jun 15 09:20:23 himinbjorg ker nel: pid 37662 (stty), uid 0: exited on signal 11 (core dumped) 20050615/spool:Jun 15 09:20:23 himinbjorg kernel: Jun 15 09:20:23 himinbjorg ker nel: pid 37663 (sh), uid 0: exited on signal 11 (core dumped) 20050615/spool:Jun 15 09:20:23 himinbjorg kernel: Jun 15 09:20:23 himinbjorg ker nel: pid 37664 (stty), uid 0: exited on signal 11 (core dumped) Where so I start to figure out where things went wrong? Thanks, Tuc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SMP and networking under FreeBSD 5.3
Joe wrote: Thanks Alex, Below are my rules. I have removed the IP addresses and replaced with x.x.x.x in most cases. Also some ports have been turned to y's instead of the actual port. I don't want to go into the details of your firewall; all I can offer is general advice for you to apply if you wish. There are plenty resources out there from the various man pages to the handbook. Firewalls can be trickier than they look and NAT makes them significantly more complicated to fathom correctly. I don't claim to be any kind of expert and everything I know started life being written by someone else :-) Any mistakes are most likely my own! I will say that it is worth making sure you understand your own firewall. At one point you suggested that you wanted to make your firewall script start later so that you had access to your IP address. I think you are on to a loser there because there is not particular time when DHCP finally gets the IP address. If your provider is down, it might take minutes, hours or even days. You could keep polling in some way to see if you had an IP address and not running your rules script until you did, but it would seem better to just write rules which work even without the IP address. Plus, that would also not work if you ever had a second external interface (e.g. an old-fashioned modem) which needed firewalling irrespective of the status of your ethernet interface. Although a firewall often need to know the actual addresses of hosts other than itself there is, as far as I can figure out, no logical reason for it to need to know it's own IP address if you have the me construct. (If, like my machine, your firewall is just another computer on a small network that is allowed to do exactly the same things as any other host on that network, then it needn't even use me. This makes life much easier because it interferes less with NAT). If you have me then you can always distinguish between your firewall and the rest of your network. Take the non-NAT case first: allow all from me to any out xmit ext_if allow all from any to me in recv ext_if These rules could only be triggered by packets addressed directly to your firewall. If you follow it with e.g. deny all from any to any out via ext_if deny all from any to any in via ext_if then you close off your internal network. NAT makes things more complicated, because before or after NATing (depending on the direction) packets from your network can look like they originate on your machine or are destined for it. E.g. allow all from me to any out xmit ext_if must come before the NAT rule because after NAT-ing all your internal packets are going out ext_if. whereas allow all from any to me in recv ext_if must come after the NAT rule to be sure that it is actually your firewall which is the recipient. If all you have is a small network, then there may be no reason to differentiate your firewall from any other machine. In this case, it is perfectly sufficient to write rules based on the ext_if alone. So I have rules like: # Allow connections initiated from internal network ipfw add allow tcp from any to any out xmit ext_if setup # Allow TCP through if setup succeeded ipfw add pass tcp from any to any via ext_if established The only IP addresses in my whole firewall are the limited number of hosts which can initiate some kind of connection into my network e.g. ipfw add allow tcp from x.x.x.x to any ssh setup (x.x.x.x not because I need to hide the IP but because I can't be bothered to find it in the firewall script :-)) NB that rule says any for recipient because it was written before me existed. But since my network is NATed, it would always be a packet header for my firewall and could only get elsewhere if I explicitly forwarded it. There's no mention of the interface because a prior rule has already allowed internal connections which would match. Looking at it now, I might get picky and put an interface spec in there just to be completist. It's often said that there is no security in obscurity, and while I don't always agree, I do think that if you actually have to hide the IPs in your firewall for it be secure, then it isn't secure. Since my firewall never mentions my IP address, I can publish the whole thing and even if it has flaws it won't help since you don't know where I am :-) A bit long-winded, but I hope it helps, --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]