Network, routers, DHCP and PXE
Hi, list! I have a private home network, on an ADSL2+ connection to the internet. The home network is behind NAT, all automatically set up by the router/dhcp server/wlan access point/adsl modem that I got from my ISP. It's a Thomson SpeedTouch 585 router. Now, on this network, most of the computers get their IP by means of DHCP. Except our home audio server, which have a hard coded ip address in rc.conf, set to something within the range of the dhcp server (10.0.0.2-10.0.0.253). The server seems to pick this up, and don't give that address away to someone else. I've tried using other addresses outside this range, like 10.0.1.1, but that doesn't work. All network access is lost when I do that. Now, on my local network I'd like to put a diskless machine. As I understand it, my DHCP server needs to tell the client about the filename and a next-server to use. I don't think I can setup the Thomson router to do this. All the instruction I can find online advises me to install a DHCP server on the same machine that serves the pxe boot image. But if I do that, I'll get two DHCP servers on my local network. Is that ok? Will there be a race condition, when a client asks for an IP address? sv. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Network, routers, DHCP and PXE
Svein Halvor Halvorsen wrote: Hi, list! I have a private home network, on an ADSL2+ connection to the internet. The home network is behind NAT, all automatically set up by the router/dhcp server/wlan access point/adsl modem that I got from my ISP. It's a Thomson SpeedTouch 585 router. Now, on this network, most of the computers get their IP by means of DHCP. Except our home audio server, which have a hard coded ip address in rc.conf, set to something within the range of the dhcp server (10.0.0.2-10.0.0.253). The server seems to pick this up, and don't give that address away to someone else. You may also want to ensure that the router will never allocate your static IP address to someone else. Look at the DHCP router settings either for DHCP scope (set it to narrower values, and use a static IP outside the range) or for something like exceptions / exclusion where you can mark a specific IP that DHCP will never assign. I've tried using other addresses outside this range, like 10.0.1.1, but that doesn't work. All network access is lost when I do that. 10.0.1.1 is a different network (I assume your netmask is 255.255.255.0, but check your router or your clients) Now, on my local network I'd like to put a diskless machine. As I understand it, my DHCP server needs to tell the client about the filename and a next-server to use. I don't think I can setup the Thomson router to do this. All the instruction I can find online advises me to install a DHCP server on the same machine that serves the pxe boot image. But if I do that, I'll get two DHCP servers on my local network. Is that ok? Will there be a race condition, when a client asks for an IP address? You will have to shutdown the router's DHCP. Probably disable it permanently and assign this function to a machine. The DHCP of the router also sends you the following information (besides IP address): - DNS Server(s): Either the ones used by your ISP (consult its website) or its own address (i.e. 10.0.0.1). Most routers send their own address as a DNS server and perform the resolution by sending your request to ISP servers. - Gateway address: This is always the router's local IP address (i.e. 10.0.0.1) If you setup your own DHCP server, make sure it is set to send this info as well. (These are commonly known as DHCP options) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Binary upgrade from legacy version + ports
Svein wrote: Is there a problem using the prebuilt packages from STABLE on a RELEASE box? If I want to run RELEASE, and still use the latest packages? The ABI is consistent between STABLE and RELEASE, right? Yes, there is a problem. See my posting here: http://lists.freebsd.org/pipermail/freebsd-questions/2008-June/177553.html Unfortunatelly, I have not got an answer, but it is obvious packages using this new symbol must fail: http://lists.freebsd.org/pipermail/cvs-src/2008-May/091586.html The question is, if other package may fail as well. I have had one more error that went away after recompiling a STABLE package: http://lists.freebsd.org/pipermail/freebsd-gnome/2008-July/020520.html I do not know if this is related, though. If you find out more, please, let me know. Cheers, Jan Henrik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Network, routers, DHCP and PXE
Just to add to that suggestion, if you have a separate DHCP server, make sure your router works as a DHCP client for the internal network as well. You should be able to do that by telnetting into the management port. You may use a serial cable as well. This is required in order to get the NAT working properly. Thanks Subhro On Mon, Jul 28, 2008 at 1:18 PM, Manolis Kiagias [EMAIL PROTECTED] wrote: Svein Halvor Halvorsen wrote: Hi, list! I have a private home network, on an ADSL2+ connection to the internet. The home network is behind NAT, all automatically set up by the router/dhcp server/wlan access point/adsl modem that I got from my ISP. It's a Thomson SpeedTouch 585 router. Now, on this network, most of the computers get their IP by means of DHCP. Except our home audio server, which have a hard coded ip address in rc.conf, set to something within the range of the dhcp server (10.0.0.2-10.0.0.253). The server seems to pick this up, and don't give that address away to someone else. You may also want to ensure that the router will never allocate your static IP address to someone else. Look at the DHCP router settings either for DHCP scope (set it to narrower values, and use a static IP outside the range) or for something like exceptions / exclusion where you can mark a specific IP that DHCP will never assign. I've tried using other addresses outside this range, like 10.0.1.1, but that doesn't work. All network access is lost when I do that. 10.0.1.1 is a different network (I assume your netmask is 255.255.255.0, but check your router or your clients) Now, on my local network I'd like to put a diskless machine. As I understand it, my DHCP server needs to tell the client about the filename and a next-server to use. I don't think I can setup the Thomson router to do this. All the instruction I can find online advises me to install a DHCP server on the same machine that serves the pxe boot image. But if I do that, I'll get two DHCP servers on my local network. Is that ok? Will there be a race condition, when a client asks for an IP address? You will have to shutdown the router's DHCP. Probably disable it permanently and assign this function to a machine. The DHCP of the router also sends you the following information (besides IP address): - DNS Server(s): Either the ones used by your ISP (consult its website) or its own address (i.e. 10.0.0.1). Most routers send their own address as a DNS server and perform the resolution by sending your request to ISP servers. - Gateway address: This is always the router's local IP address (i.e. 10.0.0.1) If you setup your own DHCP server, make sure it is set to send this info as well. (These are commonly known as DHCP options) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Subhro Kar Software Engineer Dynamic Digital Technologies Pvt. Ltd. EPY-3, Sector: V Salt Lake City 700091 India ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Network, routers, DHCP and PXE
Manolis Kiagias wrote: Now, on this network, most of the computers get their IP by means of DHCP. Except our home audio server, which have a hard coded ip address in rc.conf, set to something within the range of the dhcp server (10.0.0.2-10.0.0.253). The server seems to pick this up, and don't give that address away to someone else. You may also want to ensure that the router will never allocate your static IP address to someone else. Look at the DHCP router settings either for DHCP scope (set it to narrower values, and use a static IP outside the range) or for something like exceptions / exclusion where you can mark a specific IP that DHCP will never assign. Yeah, but even though the router has customizable values for this range, and issues a warning when i try to change them, it still doesn't change them when I click yes on the warning. It is pre-configured to 10.0.0.2-10.0.0.253 I could of course use 10.0.0.254 for my static ip, but my room mate also wants a static address. I've tried using other addresses outside this range, like 10.0.1.1, but that doesn't work. All network access is lost when I do that. 10.0.1.1 is a different network (I assume your netmask is 255.255.255.0, but check your router or your clients) You're right! But how do I make the entire 10/24 adress space available? It would be clean (I guess) to have a different adresse scheme for the static adresses. Anyway, it this point this isn't really critical, as the router figures out that the addresses I use, are in fact in use, and keeps them out of its dhcp address pool. You will have to shutdown the router's DHCP. Probably disable it permanently and assign this function to a machine. The DHCP of the router also sends you the following information (besides IP address): - DNS Server(s): Either the ones used by your ISP (consult its website) or its own address (i.e. 10.0.0.1). Most routers send their own address as a DNS server and perform the resolution by sending your request to ISP servers. - Gateway address: This is always the router's local IP address (i.e. 10.0.0.1) If you setup your own DHCP server, make sure it is set to send this info as well. (These are commonly known as DHCP options) So as long as I make my own DHCP server act the same way as the router one, I should be fine? NAT and all will work? Is there a way to debug the DHCP response from the current router dhcp server? So I can see what options it actually sends? dhclient doesn't seem to have a more verbose option, only less. sv. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Network, routers, DHCP and PXE
Svein Halvor Halvorsen wrote: Manolis Kiagias wrote: Now, on this network, most of the computers get their IP by means of DHCP. Except our home audio server, which have a hard coded ip address in rc.conf, set to something within the range of the dhcp server (10.0.0.2-10.0.0.253). The server seems to pick this up, and don't give that address away to someone else. You may also want to ensure that the router will never allocate your static IP address to someone else. Look at the DHCP router settings either for DHCP scope (set it to narrower values, and use a static IP outside the range) or for something like exceptions / exclusion where you can mark a specific IP that DHCP will never assign. Yeah, but even though the router has customizable values for this range, and issues a warning when i try to change them, it still doesn't change them when I click yes on the warning. It is pre-configured to 10.0.0.2-10.0.0.253 I could of course use 10.0.0.254 for my static ip, but my room mate also wants a static address. What are you trying to set it at? I would just lower the 253 value, so I could use the upper end for my static addresses. If you try to set it to a subnet outside it's own address, it will definitely not accept it. I would also try a factory reset or firmware upgrade of the router. I have been using a Speedtouch 500 series for years, and never had any problems with settings not getting registered. AFAIR the 585 has one of the new web interfaces and it is kind of confusing. I found the 500 easier to use. I've tried using other addresses outside this range, like 10.0.1.1, but that doesn't work. All network access is lost when I do that. 10.0.1.1 is a different network (I assume your netmask is 255.255.255.0, but check your router or your clients) You're right! But how do I make the entire 10/24 adress space available? It would be clean (I guess) to have a different adresse scheme for the static adresses. Well problem is, a netmask of 255.255.255.0 means only the last octet can be used for hosts. Your DHCP server is already assigning addresses from this space. Anyway, it this point this isn't really critical, as the router figures out that the addresses I use, are in fact in use, and keeps them out of its dhcp address pool. You will have to shutdown the router's DHCP. Probably disable it permanently and assign this function to a machine. The DHCP of the router also sends you the following information (besides IP address): - DNS Server(s): Either the ones used by your ISP (consult its website) or its own address (i.e. 10.0.0.1). Most routers send their own address as a DNS server and perform the resolution by sending your request to ISP servers. - Gateway address: This is always the router's local IP address (i.e. 10.0.0.1) If you setup your own DHCP server, make sure it is set to send this info as well. (These are commonly known as DHCP options) So as long as I make my own DHCP server act the same way as the router one, I should be fine? NAT and all will work? Yes. As long as the clients have a valid DNS to ask, and a valid gateway to send their packets, everything will work properly. If you come to think about it, you are already doing this on the system with the static configuration. Is there a way to debug the DHCP response from the current router dhcp server? So I can see what options it actually sends? dhclient doesn't seem to have a more verbose option, only less. sv. Not sure about this, sorry. However, don't expect much more than IP/Netmask, DNS Server, Gateway from a simple router. These should not be difficult to configure in isc-dhcp3 (net/isc-dhcp3-server). Have a look at this article: http://www.howtoforge.com/dhcp_server_linux_debian_sarge It is linux oriented, but very easy to adjust for FreeBSD. You will also need to add: option domain-name-servers 10.0.0.1; to set the DNS server address to your clients. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Network, routers, DHCP and PXE
Manolis Kiagias wrote: Yeah, but even though the router has customizable values for this range, and issues a warning when i try to change them, it still doesn't change them when I click yes on the warning. It is pre-configured to 10.0.0.2-10.0.0.253 I could of course use 10.0.0.254 for my static ip, but my room mate also wants a static address. What are you trying to set it at? I would just lower the 253 value, so I could use the upper end for my static addresses. If you try to set it to a subnet outside it's own address, it will definitely not accept it. I managed to change the router ip address to 10.0.0.1/23 and just keep the default dhcp address space as 10.0.0.2-10.0.0.253. Now I seem to be able to use 10.0.1.1/24 for my own private use. (I don't think I really know what I'm doing here, but it works!) Well problem is, a netmask of 255.255.255.0 means only the last octet can be used for hosts. Your DHCP server is already assigning addresses from this space. Well, I changed it to 255.255.254.0 (0xfe00) but kept the dhcp range as it was. So as long as I make my own DHCP server act the same way as the router one, I should be fine? NAT and all will work? Yes. As long as the clients have a valid DNS to ask, and a valid gateway to send their packets, everything will work properly. If you come to think about it, you are already doing this on the system with the static configuration. Ok, I will look into this. Also, looking through the telnet interface options (which are far more than the web interface gives), I see that I can add dhch server option templates, dhcp server option instances and that I can assign such an instance to the dhcp server pool options. This uses a different config scheme than the isc dhcp server config files, though. And it seems I need to create a template before I can create an instance. The template takes a name and an option id as paramters. The instance, then takes a name, a template, and a value as mandatory paramters. Also enterprice number, suboption number, and more. How does the filename, next-server, etc map to option ids? Are these isomorphic, or do I get this completely wrong? Does this make any sense to you, or anyone else here? Should I try to make the router DHCP server serve the right options, or would you go the isc dhcp route? Thank you very much for your help so far! sv. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Network, routers, DHCP and PXE
Svein Halvor Halvorsen wrote: Manolis Kiagias wrote: Yeah, but even though the router has customizable values for this range, and issues a warning when i try to change them, it still doesn't change them when I click yes on the warning. It is pre-configured to 10.0.0.2-10.0.0.253 I could of course use 10.0.0.254 for my static ip, but my room mate also wants a static address. What are you trying to set it at? I would just lower the 253 value, so I could use the upper end for my static addresses. If you try to set it to a subnet outside it's own address, it will definitely not accept it. I managed to change the router ip address to 10.0.0.1/23 and just keep the default dhcp address space as 10.0.0.2-10.0.0.253. Now I seem to be able to use 10.0.1.1/24 for my own private use. (I don't think I really know what I'm doing here, but it works!) Well, a netmask of 255.255.254.0 should give you 10.0.0.1 to 10.0.1.254 host addresses. 10.0.1.1 is within range, it should work. Well problem is, a netmask of 255.255.255.0 means only the last octet can be used for hosts. Your DHCP server is already assigning addresses from this space. Well, I changed it to 255.255.254.0 (0xfe00) but kept the dhcp range as it was. The DHCP range you are assigning is a subset of what you allowed with the netmask, thus it is valid. So as long as I make my own DHCP server act the same way as the router one, I should be fine? NAT and all will work? Yes. As long as the clients have a valid DNS to ask, and a valid gateway to send their packets, everything will work properly. If you come to think about it, you are already doing this on the system with the static configuration. Ok, I will look into this. Also, looking through the telnet interface options (which are far more than the web interface gives), I see that I can add dhch server option templates, dhcp server option instances and that I can assign such an instance to the dhcp server pool options. Ah, yes completely forgot the speedtouch has a telnet interface as well. I messed with it a few times myself, mostly for fun ;) This uses a different config scheme than the isc dhcp server config files, though. And it seems I need to create a template before I can create an instance. The template takes a name and an option id as paramters. The instance, then takes a name, a template, and a value as mandatory paramters. Also enterprice number, suboption number, and more. How does the filename, next-server, etc map to option ids? Are these isomorphic, or do I get this completely wrong? Does this make any sense to you, or anyone else here? Should I try to make the router DHCP server serve the right options, or would you go the isc dhcp route? Thank you very much for your help so far! sv. I have only done PXE with Windows servers, and it has been quite some time - cannot remember the details. I certainly would not advise you to use the router for this - even if it is possible it has several drawbacks. - You will, sooner or later, change the router and your new one may not have the capability - You will spend a probably unreasonable amount of time trying to make it work - and it may not even succeed - Learning how to perform this on FreeBSD will help you apply it in many other situations. I would definitely go the isc-dhcp route. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
wget vs fetch
I have a problem with a box I upgraded from FreeBSD 6.2 To FreeBSD7 It seems the following is happening when I try use portupgrade -a or even building ports. ALL transfers that are FTP fail. Now to make this simple, I have following environmental variables set.. http_proxy=http://192.168.12.4:3128/ ftp_proxy=http://192.168.12.1:3128/ FTP_PASSIVE_MODE=YES And here is the strange thing.. Fetch fails, but if I use wget there is no problem. The firewall does allow ftp to go directly aswell, so I have also tried leaving out any and all proxy settings, this fails aswell. (Except for wget once again) And here is the crux. I have 5 mahcines on SAME network that has no issues like this, so this makes me think fetch is broke somehow. How can I force FreeBSD to use wget instead of fetch to bypass this? Ive tried setting env FETCH_CMD=wget but that results in wget failing with msg: Try `wget --help' for more options. = Attempting to fetch from http://mirror.sg.depaul.edu/pub/security/nmap/. wget: invalid option -- Usage: wget [OPTION]... [URL]... Thankx ahead! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
wget vs fetch
I have a problem with a box I upgraded from FreeBSD 6.2 To FreeBSD7 It seems the following is happening when I try use portupgrade -a or even building ports. ALL transfers that are FTP fail. Now to make this simple, I have following environmental variables set.. http_proxy=http://192.168.12.4:3128/ ftp_proxy=http://192.168.12.1:3128/ FTP_PASSIVE_MODE=YES And here is the strange thing.. Fetch fails, but if I use wget there is no problem. The firewall does allow ftp to go directly aswell, so I have also tried leaving out any and all proxy settings, this fails aswell. (Except for wget once again) And here is the crux. I have 5 mahcines on SAME network that has no issues like this, so this makes me think fetch is broke somehow. How can I force FreeBSD to use wget instead of fetch to bypass this? Ive tried setting env FETCH_CMD=wget but that results in wget failing with msg: Try `wget --help' for more options. = Attempting to fetch from http://mirror.sg.depaul.edu/pub/security/nmap/. wget: invalid option -- Usage: wget [OPTION]... [URL]... Thankx ahead! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: wget vs fetch
Thank You, Worked Perfectly! Saved My Life ; -Original Message- From: Sergey Zaharchenko [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2008 12:35 PM To: Marcel Grandemange Subject: Re: wget vs fetch Hello Marcel! Mon, Jul 28, 2008 at 12:09:16PM +0200 you wrote: Ive tried setting env FETCH_CMD=wget but that results in wget failing with msg: Try `wget --help' for more options. = Attempting to fetch from http://mirror.sg.depaul.edu/pub/security/nmap/. wget: invalid option -- Usage: wget [OPTION]... [URL]... You might want to add `DISABLE_SIZE=YES' to your /etc/make.conf, as the fetch's -S option confuses wget. FWIW I use that in connection with `FETCH_CMD=wget -c --passive-ftp' in make.conf and it has been working for a long time for me. -- DoubleF No virus detected in this message. Ehrm, wait a minute... /kernel: pid 56921 (antivirus), uid 32000: exited on signal 9 Oh yes, no virus:) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
'help'
there is no problem. The firewall does allow ftp to go directly aswell, so I have also tried leaving out any and all proxy settings, this fails aswell. (Except for wget once again) And here is the crux. I have 5 mahcines on SAME network that has no issues like this, so this makes me think fetch is broke somehow. How can I force FreeBSD to use wget instead of fetch to bypass this? Ive tried setting env FETCH_CMD=wget but that results in wget failing with msg: Try `wget --help' for more options. = Attempting to fetch from http://mirror.sg.depaul.edu/pub/security/nmap/. wget: invalid option -- Usage: wget [OPTION]... [URL]... Thankx ahead! -- Message: 13 Date: Mon, 28 Jul 2008 13:43:47 +0200 From: Marcel Grandemange [EMAIL PROTECTED] Subject: RE: wget vs fetch To: 'Sergey Zaharchenko' [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Thank You, Worked Perfectly! Saved My Life ; -Original Message- From: Sergey Zaharchenko [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2008 12:35 PM To: Marcel Grandemange Subject: Re: wget vs fetch Hello Marcel! Mon, Jul 28, 2008 at 12:09:16PM +0200 you wrote: Ive tried setting env FETCH_CMD=wget but that results in wget failing with msg: Try `wget --help' for more options. = Attempting to fetch from http://mirror.sg.depaul.edu/pub/security/nmap/. wget: invalid option -- Usage: wget [OPTION]... [URL]... You might want to add `DISABLE_SIZE=YES' to your /etc/make.conf, as the fetch's -S option confuses wget. FWIW I use that in connection with `FETCH_CMD=wget -c --passive-ftp' in make.conf and it has been working for a long time for me. -- DoubleF No virus detected in this message. Ehrm, wait a minute... /kernel: pid 56921 (antivirus), uid 32000: exited on signal 9 Oh yes, no virus:) -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] End of freebsd-questions Digest, Vol 226, Issue 2 * __ Information from ESET NOD32 Antivirus, version of virus signature database 3302 (20080728) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
No controller detected when boot FreeBSD 7.0
Hi all. I'm a newbie to FreeBSD. I added 'console=comconsole' to /boot/loader.conf and I got 'hptrr: no controller detected.' on the next boot. I didn't change anything else except for the 'console=xxx'. And I had had no problem before that. Could anyone tell me why? I will very appreciate for your help : ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Racoon not identifying host specified in config file
Hello, everyone ..
Some quick information about the software in use:
Jul 28 15:51:42 fw0 racoon: INFO: @(#)ipsec-tools 0.7
(http://ipsec-tools.sourceforge.net)
Jul 28 15:51:42 fw0 racoon: INFO: @(#)This product linked OpenSSL
0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
I'm having a problem with my IPSec configuration.
On one side, everything works out pretty nice.
On the other side, racoon is making bad noises about not finding a
correct configuration.
ERROR: couldn't find configuration.
However, if I kill racoon, and run it in the foreground with debug
output on, I get some more information.
2008-07-16 16:06:27: DEBUG: ===
2008-07-16 16:06:27: DEBUG: 100 bytes message received from
81.167.211.58[57413] to 85.200.211.69[500]
2008-07-16 16:06:27: DEBUG:
ba9d946f 3cf4cf90 01100200 0064 0d34
0001 0001 0028 01010001 0020 0101 800b0001 800c04b0
80010005 80030001 80020002 80040002 0014 afcad713 68a1f1c9 6b8696fc
77570100
2008-07-16 16:06:27: DEBUG: no remote configuration found.
2008-07-16 16:06:27: ERROR: couldn't find configuration.
The configuration is pretty straight forward.
# cat racoon.conf
path pre_shared_key /var/etc/psk.txt;
path certificate /var/etc;
remote 81.167.211.58 {
exchange_mode main;
my_identifier address 85.200.211.69;
peers_identifier address 81.167.211.58;
initial_contact on;
support_proxy on;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
lifetime time 2400 secs;
}
lifetime time 2400 secs;
}
sainfo address 85.200.211.64/29 any address 192.168.100.0/24 any {
encryption_algorithm 3des,blowfish,cast128,rijndael,rijndael 256;
authentication_algorithm hmac_sha1,hmac_md5;
compression_algorithm deflate;
lifetime time 1200 secs;
}
Here is the weird thing; if I change that remote stanza to read
remote anonymous {
blah;
}
then everything works out nice, racoon even tells me it uses the
anonymous stanza for that correct IP.
2008-07-16 16:11:06: DEBUG: anonymous configuration selected for
81.167.211.58.
So, to me this seems really odd, how come racoon isn't picking up that
stanza when configured for that specified IP ?
Using the remote stanza is not what I really want ..
So, does anyone have any ideas on what is going on here ?
Using tcpdump I can see that it is in fact 81.167.211.58 that is coming
through to racoon, on port 500/UDP.
Thanks for a great product, by the way.
-- Torbjørn / Nextline
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Binary upgrade from legacy version + ports
On Jul 28, 2008, at 2:52 AM, Jan Henrik Sylvester wrote: Svein wrote: Is there a problem using the prebuilt packages from STABLE on a RELEASE box? If I want to run RELEASE, and still use the latest packages? The ABI is consistent between STABLE and RELEASE, right? Yes, there is a problem. See my posting here: http://lists.freebsd.org/pipermail/freebsd-questions/2008-June/177553.html Unfortunatelly, I have not got an answer, but it is obvious packages using this new symbol must fail: I recently discovered this through a blunder of my own. I accidently updated a 7-STABLE machine to 7-RELEASE, and discovered, among some other problems, that sudo failed with the same error you report. (I've now put a link to USE-THIS-SUPFiLE to stable-supfile in /usr/ local/etc/cvsup to avoid the blunder in the future.) -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: new vanilla system fails to install many packages/ports
On Fri, Jul 25, 2008 at 1:24 PM, Kevin Kinsey [EMAIL PROTECTED] wrote: Steve Franks wrote: On Thu, Jul 24, 2008 at 4:56 PM, Kevin Kinsey [EMAIL PROTECTED] wrote: Steve Franks wrote: I must be missing something obvious. About 25% of my dependencies fail to install with errors like: install-info: /usr/local/info/dir: empty file pkg-add: command 'install-info --quiet /blah.info' failed system is 7.0/i386 Steve info is GNU-related. Any reason that GNU-stuff, esp. info, wouldn't have been installed/built thus far? (I dunno, but, maybe a csup with the GNU stuff rejected or commented out ...) All I did was a developer (not x developer) sysinstall off 7.0 disk 1. No tweaking, hacking, or extra packages until I got a clean boot onto the new disk. I'm somewhere between user and power user. I have 5 running freebsd systems under my belt, and was going to do my laptop (I've given up on it several times already - bloody compaq). And anything these ports have in common (assuming they're all GNU for starters). They aren't Linuxolator stuff? Seems to me, they all use gnuinfo instead of manpages? I don't even know what gnuinfo is, nor linuxulator. Right, GNU programs may have manpages, but they also have info pages which were developed by GNU as a replacement for the UNIX manual (I'm assuming based on past reading ... memory ain't all it used to be). Linuxulator or however it's spelled is just a colloquialism for the FreeBSD linux emulation. I've got few guesses for ya. Developer package has documentation, correct? Or not? What's ls -ld /usr/local/info give? (!) Bison won't even install (makes fine, but install fails), and that's pretty darn basic, no? Steve Yup, 'tis. Tho' I figure someday BSD'ers would like to have their own implementation. Again, just a guess. KDK -- When all else fails, EAT!!! Well, No idea what the problem was, but portupgrade -aO ... long babysit seems to have made it go away. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
'stray irq7's cause hang?
I've got a new system that hangs after about 2 hours - no ctrl-alt-esc, not ctrl-alt-Fn, no ctrl-alt-delete. I tried hints.0.apic.disabled=YES (that's apic, not acpi) (or whatever the correct syntax from the handbook is), but I still get the hang, and the stray irq 7's. As far as I can see, there's no other dmesg output related. Ideas? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Cleaning data off a remote machine
I'm about to give up a FreeBSD dedicated server and would like to make sure I don't inadvertantly leave any bits of sensitive data on it. What is the best way to remove all data from the hard drive? I have no problem if this removes the OS along the way, but ideally I would like to be able to do what ever I do from an SSH session. If there's no alternative I can arange KVMoIP console access. Thanks -- Chris Hastie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
amavisd-new needs lib32 on amd64 ?
Hello folks, I am trying to install amavisd-new for filtering purposes on an amd64 install. It complains at compile startup not to be able to install it === amavisd-new-2.6.1,1 requires 32-bit libraries installed under / usr/lib32. *** Error code 1 Stop in /usr/ports/security/amavisd-new. *** Error code 1 Stop in /usr/ports/security/amavisd-new. I don't know how to install such library… What should I do ? Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz P Please consider your environmental responsibility before printing this e-mail ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Cleaning data off a remote machine
On Jul 28, 2008, at 11:23, Chris Hastie [EMAIL PROTECTED] wrote: I'm about to give up a FreeBSD dedicated server and would like to make sure I don't inadvertantly leave any bits of sensitive data on it. What is the best way to remove all data from the hard drive? I have no problem if this removes the OS along the way, but ideally I would like to be able to do what ever I do from an SSH session. If there's no alternative I can arange KVMoIP console access. Thanks -- Chris Hastie Is there anyone onsite that you could trust to run DBAN (Derik's Boot And Nuke)? Andrew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: No controller detected when boot FreeBSD 7.0
vardyh wrote: Hi all. I'm a newbie to FreeBSD. I added 'console=comconsole' to /boot/loader.conf and I got 'hptrr: no controller detected.' on the next boot. I didn't change anything else except for the 'console=xxx'. And I had had no problem before that. Could anyone tell me why? I will very appreciate for your help : This is just the driver for the HighPoint Rocket Raid controller being a bit too verbose. It's detected that you don't have anything compatible with hptrr(4) and (unlike the usual behaviour of most Raid Controller drivers (or drivers for any sort of hardware really)) it considers this fact to be of such vital importance that it really had to print out something on the console. Needless to say such behaviour has already been quashed in 7-STABLE and will not appear in 7.1-RELEASE. In other words, it's harmless and you can just ignore it. I suspect that this output wasn't actually triggered by your changing the console setting -- there's no conceivable way changing one should affect the other -- but that changing the way the boot messages are displayed has managed to draw your attention to it. You probably had it before but never noticed. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Deinstalling X and all dependencies[SOLVED]
I have opted for the: pkg_delete -a Which has done a great job cleaning everything. Only had to make clean in one of the port directory to properly recompile all needed apps. As I had configured root to use /usr/local/bin/bash had to take care to change that with vipw before doing the uninstall / reinstall. Took me half a day for three servers… But at least I have a very clean install with 30 ports instead of 250 !! Thanks everybody for your wise answers. Le 27 juil. 08 à 15:17, andrew clarke a écrit : On Sun 2008-07-27 12:52:56 UTC+0200, bsd ([EMAIL PROTECTED]) wrote: I have just received a new system that's planned to be a large scale DNS server. I have asked the guy who has setup the hardware not to install X? This has been useless!! I am now ending up with 250 apps in the port tree!! He probably just went with the defaults. Is there a good way to get rid of all these useless apps without breaking the system? What would you suggest? Like removing X and It's dependencies? I can also remove all apps in the port tree and recompile only the one needed? What's best what do you suggest. FreeBSD provides a base system with software such as a SSH daemon, Sendmail, BIND, etc. You can uninstall all the packages on your system, but the FreeBSD base system will still remain. This allows FreeBSD to boot normally without any packages installed. I recommend you uninstall all packages (with 'pkg_delete -a', or 'pkg_delete -av' if you want to watch all the files being deleted), then install only what you need from the Ports tree. Your DNS server should probably not require any packages to be installed, as DNS server software (BIND) is provided with the FreeBSD base system. But that really depends what your requirements are. Regards Andrew Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz P Please consider your environmental responsibility before printing this e-mail ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Cleaning data off a remote machine
don't inadvertantly leave any bits of sensitive data on it. What is the best way to remove all data from the hard drive? I have no problem if this removes the OS along the way, but ideally I would like to be able to do what ever I do from an SSH session. If there's no alternative I can arange KVMoIP console access. remove all your files, then cat /dev/zero file on every partition ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Cleaning data off a remote machine
On Mon, Jul 28, 2008 at 05:23:04PM +0100, Chris Hastie wrote: I'm about to give up a FreeBSD dedicated server and would like to make sure I don't inadvertantly leave any bits of sensitive data on it. What is the best way to remove all data from the hard drive? Remove the harddive and move a seriously strong magnet over it. This will render the drive unreadable and useless, since it will also destroy the servo control data used for locating the tracks. I have no problem if this removes the OS along the way, but ideally I would like to be able to do what ever I do from an SSH session. The security/wipe port comes to mind. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpEICff2vqL5.pgp Description: PGP signature
OT: Custmoize VNC
I know there are two apps (open source) that will allow you to customize vnc but I just cant remember, in essence I want the remote users (outside the lan) to be able to download the file click run and it will automatically, upon launch connect to the viewer here at HQ (ip add encryption port # etc..) I was looking at this a few weeks ago and like a fool I didn't bookmark the page, any help would be appreciated TIA JP ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
LispWorks Personal on FreeBSD 7
Recently I had some difficulty in installing the Common Lisp implementation LispWorks Personal 5.1 on FreeBSD 7, and am posting my experience here. It may be useful to others, if any, interested in running this CL implementation on FreeBSD 7. The problem was due to the fact that LW depends on several libraries from FreeBSD 5 and 6. Following suggestions on the LW mailing list, the right installation sequence seems to be: 1. Ensure that the kernel options `COMPAT_FREEBSD5' and `COMPAT_FREEBSD6' are on. 2. Install the ports `misc/compat5x' and `misc/compat6x'. 3. Install the package `compatXm-6.3_1.tgz'. 4. Install the package `lispworks-personal-5.1.tgz'. The packages in 3 and 4 are available from the LispWorks FTP server. There's more information in the LW Knowledge Base article at http://www.lispworks.com/kb/67634814074628b180257490005cb9d3.html and in the LW mailing list thread http://thread.gmane.org/gmane.lisp.lispworks.general/8422 which also describes some minor tweaking of LD_LIBRARY_PATH that was needed. Raghavendra. -- N. Raghavendra [EMAIL PROTECTED] | http://www.retrotexts.net/ Harish-Chandra Research Institute | http://www.mri.ernet.in/ See message headers for contact and OpenPGP information. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
pci compliance
hi all... i'm about to submit a freebsd system to be scanned for pci compliance... is there any particular gotchas with bsd systems that can be detected at the time of pci compliance scanning? i know they use something like nmap if not nmap itself and i did myself on that machine and didn't find anything interesting. but one of the consultants that was 'advising' the company i work for said we use similar (as in nmap) approach but it's (much) more intrusive. anybody knows what does that mean? thanks... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: amavisd-new needs lib32 on amd64 ?
Ok, After digging a little bit more into the code, It seems that It was due to rar decompile which is a 32bit ports; I uncommented the rar options for this port and It went ok. I would still be interested in a more detailed answer to my own question regarding 32/64 bit compatibility. Sincerly yours. G.B. Le 28 juil. 08 à 19:10, bsd a écrit : Hello folks, I am trying to install amavisd-new for filtering purposes on an amd64 install. It complains at compile startup not to be able to install it === amavisd-new-2.6.1,1 requires 32-bit libraries installed under /usr/lib32. *** Error code 1 Stop in /usr/ports/security/amavisd-new. *** Error code 1 Stop in /usr/ports/security/amavisd-new. I don't know how to install such library… What should I do ? Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz P Please consider your environmental responsibility before printing this e-mail ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz P Please consider your environmental responsibility before printing this e-mail ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pci compliance
On Mon, Jul 28, 2008 at 7:51 PM, kalin m [EMAIL PROTECTED] wrote: hi all... i'm about to submit a freebsd system to be scanned for pci compliance... is there any particular gotchas with bsd systems that can be detected at the time of pci compliance scanning? i know they use something like nmap if not nmap itself and i did myself on that machine and didn't find anything interesting. but one of the consultants that was 'advising' the company i work for said we use similar (as in nmap) approach but it's (much) more intrusive. anybody knows what does that mean? thanks... The PCI auditing process is a full penetration test. It's very thorough and not at all easy to pass. Get hold of a copy of The penetration tester's handbook and make sure u pass all the tests in the book and u should be ok ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pci compliance
cool. thanks. i couldn't find anything on google under that name but i've been looking and reading on a lot of documentation on line and print. so i was just asking if there are any things that pertain in particular to the freebsd os that need to be addressed before the scanning. how full of a penetration can you have if (almost) all incoming ports are blocked? thanks Ross Cameron wrote: On Mon, Jul 28, 2008 at 7:51 PM, kalin m [EMAIL PROTECTED] wrote: hi all... i'm about to submit a freebsd system to be scanned for pci compliance... is there any particular gotchas with bsd systems that can be detected at the time of pci compliance scanning? i know they use something like nmap if not nmap itself and i did myself on that machine and didn't find anything interesting. but one of the consultants that was 'advising' the company i work for said we use similar (as in nmap) approach but it's (much) more intrusive. anybody knows what does that mean? thanks... The PCI auditing process is a full penetration test. It's very thorough and not at all easy to pass. Get hold of a copy of The penetration tester's handbook and make sure u pass all the tests in the book and u should be ok ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: pci compliance
On Behalf Of Ross Cameron On Mon, Jul 28, 2008 at 7:51 PM, kalin m [EMAIL PROTECTED] wrote: i'm about to submit a freebsd system to be scanned for pci compliance... is there any particular gotchas with bsd systems that can be detected at the time of pci compliance scanning? i know they use something like nmap if not nmap itself and i did myself on that machine and didn't find anything interesting. but one of the consultants that was 'advising' the company i work for said we use similar (as in nmap) approach but it's (much) more intrusive. anybody knows what does that mean? The PCI auditing process is a full penetration test. It's very thorough and not at all easy to pass. Get hold of a copy of The penetration tester's handbook and make sure u pass all the tests in the book and u should be ok How intense depends on which PCI level you are aiming for and which services you will have running on that server. We have completed level 3 for our hosted web servers and firewalls, and are shooting for level 1 by the end of the calendar year. However, I am not yet involved in any of those projects. Bob McConnell ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Component-based Operating System.
Hello, I am writing a paper on Component-based Operating Systems. I just wanted to know if FreeBSD is an Operating System engineered based on Components. I appreciate your input on this. Thanks [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Component-based Operating System.
Juan Carlos Villalobos wrote: Hello, I am writing a paper on Component-based Operating Systems. I just wanted to know if FreeBSD is an Operating System engineered based on Components. I appreciate your input on this. Components is a wide, wide term. Since FreeBSD as an operating system consists of separate libraries, headers, executables, and both the kernel and the userland have subsystems that are more-or-less autonomic and independent, you could say it's componentized. You need to be more specific to get a more specific answer. signature.asc Description: OpenPGP digital signature
Re: pci compliance
On Mon, Jul 28, 2008 at 8:24 PM, kalin m [EMAIL PROTECTED] wrote: cool. thanks. i couldn't find anything on google under that name but i've been looking and reading on a lot of documentation on line and print. so i was just asking if there are any things that pertain in particular to the freebsd os that need to be addressed before the scanning. how full of a penetration can you have if (almost) all incoming ports are blocked? thanks Depends on the PCI level you are being audited for. But there are any number of attacks you can throw at a box thats fully closed up, and the aim is not to get it but rather to chew up all the ram and cpu and kill the box off. I suggest you read the PCI compliance document for the relevant level and make sure you test the system to comply with the documented requirements. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 'stray irq7's cause hang?
Steve Franks wrote: I've got a new system that hangs after about 2 hours - no ctrl-alt-esc, not ctrl-alt-Fn, no ctrl-alt-delete. I tried hints.0.apic.disabled=YES (that's apic, not acpi) (or whatever the correct syntax from the handbook is), but I still get the hang, and the stray irq 7's. As far as I can see, there's no other dmesg output related. The stray interrupts may be a red herring. Stray means that no driver is handling them, and so there is no driver to screw up :) I see straq irq 7's on a HP proliant blade system, and also the hard hangs (it doesn't even reply to a NMI; this means it is almost certainly a hardware error). However I am now fairly certain the hangs are associated to disk failure. Several of the blades that were hanging went on to develop DMA errors from ATA, and after I validated the remaining systems with smartctl and took offline yet more blades that failed the self-tests, I have not had the problem recur. Kris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OT: Custmoize VNC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jean-Paul Natola wrote: | I know there are two apps (open source) that will allow you to customize vnc | but I just cant remember, in essence I want the remote users (outside the | lan) to be able to download the file click run and it will automatically, | upon launch connect to the viewer here at HQ (ip add encryption port # etc..) | | I was looking at this a few weeks ago and like a fool I didn't bookmark the | page, any help would be appreciated | | | TIA | JP Hi Jean-Paul, I Googled for VNC connection manager and this site was on the first page: http://www.s-code.com/products/vncmanager/compare.aspx Is that something like what you're looking for? Best regards, Greg - -- Greg Larkin http://www.sourcehosting.net/ http://www.FreeBSD.org/ - The Power To Serve -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIjidT0sRouByUApARAiN/AKCBtdJajfcP+KiMfen69UK+pnMJkQCgxwSL osLEeFxovY0w89v/KVWYB9o= =EQ7G -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: OT: Customize VNC
One of the apps is opensource application that allows you to create/customize an application - It was not specific to vnc I know everyone here has probably heard of it- I just cant remember what it was -Original Message- From: Zyumbilev, Peter [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2008 1:55 PM To: Jean-Paul Natola Cc: FreeBSD Questions Subject: Re: OT: Custmoize VNC I guess this is what you look for: http://www.uvnc.com/pchelpware/download/index.html Kind regards, Peter Zyumbilev IT Manager for Convergent Media Pty Ltd t +61-290-374-211 e [EMAIL PROTECTED] w www.convergentmedia.com.au Jean-Paul Natola wrote: I know there are two apps (open source) that will allow you to customize vnc but I just cant remember, in essence I want the remote users (outside the lan) to be able to download the file click run and it will automatically, upon launch connect to the viewer here at HQ (ip add encryption port # etc..) I was looking at this a few weeks ago and like a fool I didn't bookmark the page, any help would be appreciated TIA JP ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Component-based Operating System.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ivan Voras wrote: Juan Carlos Villalobos wrote: Hello, I am writing a paper on Component-based Operating Systems. I just wanted to know if FreeBSD is an Operating System engineered based on Components. I appreciate your input on this. Components is a wide, wide term. Since FreeBSD as an operating system consists of separate libraries, headers, executables, and both the kernel and the userland have subsystems that are more-or-less autonomic and independent, you could say it's componentized. You need to be more specific to get a more specific answer. Yeah, that's true, but not very informative. Look, I don't follow OSes all that much anymore, but if I had to call up an OS that would be made up of more of a set of indenpendent pieces, I think I would choose the GNU Hurd OS. From everything I read, it was never very successful, if one counts the ability to return some good throughput as being successful ... or, maybe they have some other characteristic which I'm not aware of. Anyhow, the HURD (at least in concept) is far, far more of a component based OS than anything else I'm aware of is. It's an interesting concept, at the very least, and I do understand it works. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiOQCcACgkQz62J6PPcoOkrAgCbBafpW+o8BqrV/t/S8ta8hd1b PykAnRtV8B28azFi9ffdYDrGfWYIfjlR =64AQ -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Advertising.
Hello! About your site will show, all over the world. Place the banner or text advertising. Rating of our site: http://www.alexa.com/data/details/traffic_details/besthyiprating.com Good luck! http://www.besthyiprating.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
source routing across routing problems
This may have nothing to do with FreeBSD, but maybe someone will have a suggestion: We have servers A, B and C connected to three different ISPs on 3 continents. As of few days ago A and C cannot talk to each other (the routing problem is upstream of all end-point ISPs so who knows when will it be solved.) B can talk to both A and C. The 'obvious' idea is to use B as relay and source-route traffic between A and C to go via B. However, no amount of static routing, firewall allow-ing, sysctl-ing would do the trick. The packet would never even leave from A or C for the other side. Is there some other barrier to the source routing that has not been taken care of? I know that this can be taken care of with ssh tunnelling for each specific application/protocol, but the networks are more complex than abstracted here. In short, this was attempted: A: route add C B sysctl net.inet.ip.sourceroute=1 sysctl net.inet.ip.accept_sourceroute=1 B: rc.conf: gateway_enable=YES sysctl net.inet.ip.sourceroute=1 sysctl net.inet.ip.accept_sourceroute=1 ipfw add pass ip from A to B ipfw add pass ip from B to A C: route add A B sysctl net.inet.ip.sourceroute=1 sysctl net.inet.ip.accept_sourceroute=1 . end . (spam starts here) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Component-based Operating System.
Chuck Robey wrote: Ivan Voras wrote: Juan Carlos Villalobos wrote: Hello, I am writing a paper on Component-based Operating Systems. I just wanted to know if FreeBSD is an Operating System engineered based on Components. I appreciate your input on this. Components is a wide, wide term. Since FreeBSD as an operating system consists of separate libraries, headers, executables, and both the kernel and the userland have subsystems that are more-or-less autonomic and independent, you could say it's componentized. You need to be more specific to get a more specific answer. Yeah, that's true, but not very informative. Look, I don't follow OSes all that much anymore, but if I had to call up an OS that would be made up of more of a set of indenpendent pieces, I think I would choose the GNU Hurd OS. From everything I read, it was never very successful, if one counts the ability to return some good throughput as being successful ... or, maybe they have some other characteristic which I'm not aware of. Anyhow, the HURD (at least in concept) is far, far more of a component based OS than anything else I'm aware of is. It's an interesting concept, at the very least, and I do understand it works. Yes, if the OP is talking about microkernels, FreeBSD isn't it. signature.asc Description: OpenPGP digital signature
network problems after upgrade
Hello, I recently updated a FreeBSD system that has been running fine on 6.2 to 7.0. I rebuilt world kernel, installed world kernel, mergemastered, then rebooted. Now both network cards (em0, an Intel Pro/1000 v6.7.3, and rl0, an SMC eznet-10/100) are giving continual watchdog timeouts. Ifconfig shows them as active, with appropriate settings. There are no IRQ conflicts that I can see. Pinging loopback and the ip address of each card succeeds, but we can't ping anything outside of the system. We've tried disabling ipf; we've taken out each card in turn, trying it with only one card; we've tried building the generic kernel, just in case we accidentally took out something necessary; we've taken rc.conf down to just defining the gateway and addresses for the network interfaces; at this point I don't know what to try next. I can restore from backup to cvsup and get any current changes, then rebuild, but I hate going through all of that without any reason to believe anything will change. Any ideas for further troubleshooting would be very welcome! Renee -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
whatkind of 19 LCD display??
hi people, my tube is starting to show its age. it's a Hitachi superscan elite 751. i don't know when it was manufactured but I've had it for 5 years. besides it burning watts like crazy, it snaps from almost-full-width to full-width and back. it's time to check around, and as always, i'm asking here first. i'm using an old, analog KVM box with four jacks, so whatever display i get has to have dual capability. both digital and analog-- eventually I'll need a new KVM box. so what are the top few makes of LCDs out there? thanks much, gary -- Gary Kline [EMAIL PROTECTED] http://www.thought.org Public Service Unix http://jottings.thought.org http://transfinite.thought.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Two minor IPFW-related questions
Just a couple of questions about IPFW-related things: 1) Somewhere the other day I read a recommendation... which looked rather official to me that the time... that all fragments should be firwalled out, e.g. thusly: deny any to any in frag Is that actually a Good Thing To Do? Are there really no legitimate packate fragments out there on the Internet? 2) What is the significance of the last three numbers in the following log line? What exactly does each one of them represent? Jul 28 00:00:13 segfault kernel: ipfw: 250 Deny UDP 192.228.91.19 66.60.171.112 in via rl0 (frag 60396:[EMAIL PROTECTED]) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: whatkind of 19 LCD display??
so what are the top few makes of LCDs out there? I have several (6) Samsung SyncMaster 941BW monitors I am very Happy with them Sam Fourman Jr. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: whatkind of 19 LCD display??
On Mon, 28 Jul 2008, Gary Kline wrote: [snip] whatever display i get has to have dual capability. both digital and analog-- eventually I'll need a new KVM box. so what are the top few makes of LCDs out there? I've been using a ViewSonic VP930b for a few years, and been very happy with it. It has two VGA inputs, no DVI. Probably not made anymore so I guess that's moot. HTH. -- Chris Hill [EMAIL PROTECTED] ** [ Busy Expunging | ] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Two minor IPFW-related questions
On Mon, 28 Jul 2008 18:15:32 -0700, Ronald F. Guilmette [EMAIL PROTECTED] wrote: Just a couple of questions about IPFW-related things: 1) Somewhere the other day I read a recommendation... which looked rather official to me that the time... that all fragments should be firwalled out, e.g. thusly: deny any to any in frag Is that actually a Good Thing To Do? Are there really no legitimate packate fragments out there on the Internet? Yes, they may be legitimate packet fragments. Normally, the path MTU discovery algorithm should kick in most of the time. It is turned on by default # pwd /usr/src/sys/netinet # fgrep path_mtu_discovery tcp_output.c int path_mtu_discovery = 1; SYSCTL_INT(_net_inet_tcp, OID_AUTO, path_mtu_discovery, CTLFLAG_RW, path_mtu_discovery, 1, Enable Path MTU Discovery); if (path_mtu_discovery) # But there may be routes between your FreeBSD box and the two endpoints of a connection that do not have this option, or have it disabled. This means that if you are not absolutely sure that all hosts 'inside' and 'outside' the firewall support path MTU discovery *and* have it turned on, it's still possible to get fragmented datagrams. The reason why fragments may be prudent to drop in a firewall is that non-initial fragments don't contain enough information to be classified on a port-by-port basis. Fragmentation requires that each fragment should contain a data portion that is a multiple of 8 bytes (except for the last fragment of a datagram), so the first fragment will generally contain useful bits (i.e. UDP source port, and UDP destination port), but this means that a 'malicious' user may use *non* initial fragments to generate artificial load on your firewall. A router that accepts fragments and isn't configured to drop them may have to keep non-initial fragments for a certain amount of time, hoping that the first fragment of the datagram will arrive soon, and the datagram will be reconstructed before forwarding it. If your firewall keeps around non-initial fragments and a malicious user sends thousands or even millions of non-initial fragments for seemingly legitimate connections, then your firewall may run out of useful resources. FWIW, you can find a lot of information about this sort of attack by searching the net for fragment DoS attack. 2) What is the significance of the last three numbers in the following log line? What exactly does each one of them represent? Jul 28 00:00:13 segfault kernel: ipfw: 250 Deny UDP 192.228.91.19 66.60.171.112 in via rl0 (frag 60396:[EMAIL PROTECTED]) The three numbers are: * IP Identification Number, of the datagram. This is the copied straight out of the IP header's ip.ip_id field. * The number of data bytes in the data portion of this fragment (the size of the full IP fragment excluding the size of the IP header itself). * The offset of this fragment from the start of the full datagram. This is useful when trying to reconstruct the initial, full IP datagram, after all its fragments have been received. Non-final fragments also have the 'more fragments' flag set in their IP header, and then the three numbers are followed by +, i.e.: (frag 60396:[EMAIL PROTECTED]) # Initial fragment, because the fragment offset is zero. There are # more fragments (the '+' flag is printed). It's sort of expected # that the _initial_ fragment will always have the '+' flag set. # After all that's the whole point of fragmenting the original IP # datagram :) (frag 60417:[EMAIL PROTECTED]) # Probably the fifth fragment of a relatively large IP datagram # (5920 = 1480 * 4). I'm saying `probably' because the mechanism # of fragmentation permits fragmenting a fragment _again_ while it # passes through routers. There are more fragments (presence of the # '+' flag indicates 'more fragments'). (frag 17234:[EMAIL PROTECTED]) # Probably the second and last fragment of an IP datagram with IP.Id # = 17234. There are 19 data bytes in the datagram, it is probably # the second datagram if we assume an MTU of 1480 (usually typical # in Ethernet interfaces). This particular way of presenting fragment size, offset and flags is also used in tcpdump output, so if you learn to read fragment info this way it will be useful if you have to look at tcpdump traces too :-) HTH, Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: whatkind of 19 LCD display??
On Mon, 28 Jul 2008, Chris Hill wrote: On Mon, 28 Jul 2008, Gary Kline wrote: [snip] whatever display i get has to have dual capability. both digital and analog-- eventually I'll need a new KVM box. so what are the top few makes of LCDs out there? I've been using a ViewSonic VP930b for a few years, and been very happy with it. It has two VGA inputs, no DVI. Probably not made anymore so I guess that's moot. - Replying to my own post like a tool - This monitor does in fact have a DVI input in addition to the two VGAs. Don't know if that counts as 'digital' or not. -- Chris Hill [EMAIL PROTECTED] ** [ Busy Expunging | ] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
email disclaimer insert; remove and instert
hi guys, Is there any program that insert or remove disclaimer? For example, if a reply message containing my disclaimer i want it to be removed at the end of the mail body and put somewhere before the QUOTE line. From:[EMAIL PROTECTED] To:[EMAIL PROTECTED] Subject: Re: disclaimer blah blah blah New messages My Disclaimer -- ( new location of disclaimer) ---Old message (Quoting) Old messages MY Disclaimer - (I want this to be remove and put above) Thank you. alydmc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: whatkind of 19 LCD display??
On Mon, Jul 28, 2008 at 10:30:22PM -0400, Chris Hill wrote: On Mon, 28 Jul 2008, Chris Hill wrote: On Mon, 28 Jul 2008, Gary Kline wrote: [snip] whatever display i get has to have dual capability. both digital and analog-- eventually I'll need a new KVM box. so what are the top few makes of LCDs out there? I've been using a ViewSonic VP930b for a few years, and been very happy with it. It has two VGA inputs, no DVI. Probably not made anymore so I guess that's moot. - Replying to my own post like a tool - This monitor does in fact have a DVI input in addition to the two VGAs. Don't know if that counts as 'digital' or not. while i can still TYPE today:: the fact is that i was a hardware major, not software. but got shuffled into pporting an f77 compiler for my intership now, i know almost Zero about hardware, so no clue what this dvi input means. sad, isnt it? -- Chris Hill [EMAIL PROTECTED] ** [ Busy Expunging | ] -- Gary Kline [EMAIL PROTECTED] http://www.thought.org Public Service Unix http://jottings.thought.org http://transfinite.thought.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: email disclaimer insert; remove and instert
are you using X11? do you use thunderbird/mozilla mail client? i believe thunderbird has a fancy signature add-on that does something like that. On Mon, Jul 28, 2008 at 10:07 PM, lyd mc [EMAIL PROTECTED] wrote: hi guys, Is there any program that insert or remove disclaimer? For example, if a reply message containing my disclaimer i want it to be removed at the end of the mail body and put somewhere before the QUOTE line. From:[EMAIL PROTECTED] To:[EMAIL PROTECTED] Subject: Re: disclaimer blah blah blah New messages My Disclaimer -- ( new location of disclaimer) ---Old message (Quoting) Old messages MY Disclaimer - (I want this to be remove and put above) Thank you. alydmc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- regards, dg ..but the more you use clever tricks, the less support you'll get ... -- M.W.Lucas ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: whatkind of 19 LCD display??
On Mon, 28 Jul 2008 17:51:48 -0700 Gary Kline [EMAIL PROTECTED] wrote: hi people, my tube is starting to show its age. it's a Hitachi superscan elite 751. i don't know when it was manufactured but I've had it for 5 years. besides it burning watts like crazy, it snaps from almost-full-width to full-width and back. it's time to check around, and as always, i'm asking here first. i'm using an old, analog KVM box with four jacks, so whatever display i get has to have dual capability. both digital and analog-- eventually I'll need a new KVM box. so what are the top few makes of LCDs out there? thanks much, gary I have been very happy with two identical Hanns-G HX191D 19 LCD monitors I bought off Newegg about a year ago and I use them in a dual head DVI setup (they have analog VGA inputs as well). I don't think this model is sold there anymore, but there are many other Hanns-G models at Newegg and they all seem to garner very good user reviews. I like Hanns-G because they make great screens at good prices. -- Chess Griffin GPG Public Key: 0x0C7558C3 http://www.chessgriffin.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Two minor IPFW-related questions
In message [EMAIL PROTECTED], Giorgos Keramidas [EMAIL PROTECTED] wrote: On Mon, 28 Jul 2008 18:15:32 -0700, Ronald F. Guilmette [EMAIL PROTECTED] om wrote: Just a couple of questions about IPFW-related things: 1) Somewhere the other day I read a recommendation... which looked rather official to me that the time... that all fragments should be firwalled out, e.g. thusly: deny any to any in frag Is that actually a Good Thing To Do? Are there really no legitimate packate fragments out there on the Internet? First let me send a big THANK YOU to Giorgos Keramidas for providing such timely and detailed replies to my IPFW questions. Much appreciated. Now that I've got that out of the way, let me say a couple of things. First, on one particular machine of mine, I'm seeing a fair number... many dozens or so per hour... of /var/log/security logfile entries for ipfw-rejected packet fragments. This is on a machine that has a very busy name server. The nameserver in question was recently upgraded to bind 9.5.0-P1 (so I'm not worred that there is any kind of attack going on here) _and_ also the ipfw ruleset recently had this added: deny any to any in frag The majority of the rejected frag packets are UDP packets, and I've just now determined that many/most/all of those are coming from actual name servers elsewhere. In short, I do believe that these packet fragments are mostly (or entirely) perfectly legitimate packet fragments... probably partial answers to DNS queries that the nameserver on this machine sent out. So now, given that I understand (or believe I do, anyway) everything that you, Giorgos, said about the possibility of a DoS attack based on packet fragmentation, and given that I _do not_ believe that anybody has it in mind to do a DoS against me at the present time (either using packet fragements or any other sort of DoS technique) is it really wise for me to be dropping all of these DNS response packet fragments? Wouldn't I be better off letting them in? I'm most particularly concerned about the possibility that... because I have ipfw dropping all fragments... I may be completely losing some DNS responses that I actually do want, and for which there are no other DNS servers that will give me unfragmented answers. Is this a reasonable concern? Might it be wise, in my case, to remove the rule that's killing all of the packet fragments from my ipfw rule set... and then just put it back if I ever seem to be undergoing a DoS? OK, one last question. I've just read the helpful little brief tutorial about path MTU discovery... which Google helped me to find: http://www.netheaven.com/pmtu.html This is kinda sorta enlightening about why most of the fragments that my ipfw is currently rejecting are either at offset 1472 or at offset 1480... but not quite. What's the significance of these specific offset numbers (1472 and 1480)? Is there some particular kind of hardware or well-known- phenomenon (like the one described in the document above) that commonly produces fragments with those specific offsets, i.e. 1472 and 1480? Just curious. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: email disclaimer insert; remove and instert
Hi darko, What I mean is adding a disclaimer/boilerplate for any outgoing message just like mimedefang feature. However, I don't want it to be redundant. For example if a mail already contains my disclaimer (usually mail from a reply message), it should be relocated next to the new message not at the bottom of the reply message. new message body here new message body here Disclaimer new location of disclaimer ---old messages here-- old message here old message here Disclaimer --- to be relocated Regards, alydmc --- On Tue, 7/29/08, darko gavrilovic [EMAIL PROTECTED] wrote: From: darko gavrilovic [EMAIL PROTECTED] Subject: Re: email disclaimer insert; remove and instert To: [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Date: Tuesday, July 29, 2008, 11:17 AM are you using X11? do you use thunderbird/mozilla mail client? i believe thunderbird has a fancy signature add-on that does something like that. On Mon, Jul 28, 2008 at 10:07 PM, lyd mc [EMAIL PROTECTED] wrote: hi guys, Is there any program that insert or remove disclaimer? For example, if a reply message containing my disclaimer i want it to be removed at the end of the mail body and put somewhere before the QUOTE line. From:[EMAIL PROTECTED] To:[EMAIL PROTECTED] Subject: Re: disclaimer blah blah blah New messages My Disclaimer -- ( new location of disclaimer) ---Old message (Quoting) Old messages MY Disclaimer - (I want this to be remove and put above) Thank you. alydmc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- regards, dg ..but the more you use clever tricks, the less support you'll get ... -- M.W.Lucas ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
