Re: IPF, NAT or NIC
How to change the interfaces to not to be on same physical subnet? -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25504647.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
How to change the interfaces to not to be on same physical subnet? Hummm, subnet is virtual, it is not physical. To have interface on different phisical network, plug your interfaces to different switchwes that are not interconnected one to the other. To have a different subnet used on different interfaces, configure them. Now you can run two or more subnets on the same physical LAN. Bests, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: libxcb won't compile from ports
On Thu, Sep 17, 2009 at 09:35:55AM -0700, David Newman wrote: On 9/17/09 8:10 AM, Daniel Bye wrote: On Thu, Sep 17, 2009 at 07:45:52AM -0700, David Newman wrote: FreeBSD 7.2-RELEASE, i386 Running 'make install clean' from /usr/ports/x11/libxcb returns the patch error pasted below. Thanks in advance for clues on resolving this. I did not see anything helpful in the archives or on Google. Try `make distclean' and then `make make install' This produced the same result. Thanks again for any additional clues in resolving this error. dn o# cd /usr/ports/x11/libxcb/ somehost# make distclean === Cleaning for libxcb-1.4 === Deleting distfiles for libxcb-1.4 somehost# make make install === Vulnerability check disabled, database not found = libxcb-1.4.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/. = Attempting to fetch from http://xcb.freedesktop.org/dist/. libxcb-1.4.tar.bz2100% of 298 kB 29 kBps 00m00s === Extracting for libxcb-1.4 = MD5 Checksum OK for libxcb-1.4.tar.bz2. = SHA256 Checksum OK for libxcb-1.4.tar.bz2. === Patching for libxcb-1.4 === Applying FreeBSD patches for libxcb-1.4 1 out of 1 hunks failed--saving rejects to src/xcb_auth.c.rej = Patch patch-src-xcb_auth.c failed to apply cleanly. = Patch(es) patch-Makefile.in applied cleanly. *** Error code 1 Stop in /usr/ports/x11/libxcb. Hmm... I don't have the file patch-src-xcb_auth.c in x11/libxcb/files. Is your ports tree up to date? Other than that, I'm afraid I'm out of ideas. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpi7mxWJoYZd.pgp Description: PGP signature
Re: port math/gnuplot hangs and ignores kill -9
On Thu, Sep 17, 2009 at 06:15:21PM +0200, Roland Smith wrote: On Thu, Sep 17, 2009 at 04:58:14PM +0100, Anton Shterenlikht wrote: Roland, perhaps you also know the origin of this gnuplot warning: Could not find/open font when opening font arial, using internal non-scalable font From searching the net it appears that gnuplot is not finding truetype fonts, something to do with GD library. I've got xorg-fonts-truetype-7.4 and gd-2.0.35_1,1 installed. So I'm not sure what the problem is. When using gd fonts, you must either specify either the full path of the font file, or the font filename (not the font name, AFAIK). In the latter case you have to set the GDFONTPATH variable containing the path. Several functions are not available without truetype fonts, e.g. label rotation, which is sometimes useful. I used the following with the PNG terminal: set terminal png font /usr/local/lib/X11/fonts/dejavu/DejaVuSansMono.ttf 8 \ size 300,150 x76848f xb1b1b1 xb1b1b1 x00ff00 x00ff00 x00ff00 x00ff00 Roland, thank you, very helpful. -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 331 5944 Fax: +44 (0)117 929 4423 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
dhcpd related issues
I have a FreeBSD 7.0 gateway/server with isc-dhcpd 3.1.2p1_2. Late
yesterday I began having some unique and intermittent issues.
Basically, random computers will all of a sudden lose their dhcp
leases and be unable to contact the dhcp server.
At first I figured the dhcp server had crashed, but it did not. It was
still up and running. Secondly I figured we ran out of leases; this
has happened before -- the school is growing rapidly enough, not to
mention the kids keep getting more connected. Unfortunately, after
doubling the amount of available leases the problem is still persisting.
Now the issue gets more confused by the fact that some computers
haven't been affected at all. There seems to be no real difference
between their configurations and the configurations of the computers
affected. For a while I was considering the possibility of the switch
dropping packets or developing bad ports, but the behavior isn't
consistent with that. One would think that if the port connecting a
secondary switch to the main switch was going bad that it would affect
all clients on the secondary switch -- this is not the case. There
doesn't seem to be much rhyme or reason to which computers are affected.
The server isn't reporting any dropped packets on either of its
interfaces and the links aren't even close to saturated. I'm
completely at a loss as to the cause of the problem. The problem
occurs in a time period that is pretty consistent with the default
lease time -- which would suggest there is something odd happening
with lease renewal, but I certainly can't seem to get a grasp on it.
If I do a cat debug.log|grep dhcpd I get:
Sep 17 08:36:07 grendel dhcpd: ICMP Echo Reply for 192.168.1.243 late
or spurious.
Sep 17 12:58:04 grendel dhcpd: ICMP Echo Reply for 192.168.1.57 late
or spurious.
Sep 17 12:58:04 grendel dhcpd: ICMP Echo Reply for 192.168.1.57 late
or spurious.
Sep 17 13:56:27 grendel dhcpd: ICMP Echo Reply for 192.168.1.155 late
or spurious.
Sep 17 14:03:15 grendel dhcpd: ICMP Echo reply while lease
192.168.1.253 valid.
Sep 17 15:25:19 grendel dhcpd: ICMP Echo Reply for 192.168.1.74 late
or spurious.
which doesn't seem particularly relevant or heinous. Many more
computers than the ones above have been affected.
doing the same for the console.log got me a whole bunch of:
Sep 17 16:45:18 grendel dhcpd: if mdchs203-2.mdchs.org IN A rrset
doesn't exist add mdchs203-2.mdchs.org 300 IN A 192.168.1.162: timed
out.
Sep 17 16:45:26 grendel dhcpd: if mdchs100-1.mdchs.org IN A rrset
doesn't exist add mdchs100-1.mdchs.org 300 IN A 192.168.1.126: timed
out.
which is pretty much the norm and shouldn't be causing the problem.
The main switch is a HP Procurve 1700-24 and it doesn't seem to be
reporting any problems. All ports are up that should be. There is 1
Rx Error Packet on Port 23 being reported. Port 23 is the one that
goes out to the server, but a single packet couldn't be causing this
kind of behavior.
Does anyone have *any* ideas? I'm about tapped out myself here. I'll
attack the problem fresh if it persists tomorrow, but I'd like to come
with some ideas from different perspectives.
Here is the dhcpd.conf file, recently changed to add more leases:
ddns-update-style ad-hoc;
option domain-name mdchs.org;
option domain-name-servers 192.168.1.1;
option netbios-name-servers 192.168.1.1;
option netbios-node-type 8;
shared-network mdchs {
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.0.0;
option broadcast-address 192.168.255.255;
option routers 192.168.1.1;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.46 192.168.1.253;
host mdchs12 {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.6;
}
snipped the rest of the host entries for brevity
}
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.1 192.168.2.254;
}
}
It seems worth noting that this server was functioning perfectly well
for a year and half before this occured. Nothing was changed before
the problem manifested. After the problem manifested I upgraded to the
above mentioned version and added the shared-network with the second
subnet. So far the nature of the problem has not change whatsoever.
--
James Tanis
Technical Coordinator
Computer Science Department
Monsignor Donovan Catholic High School
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Security vulnerability in 7.x
Hi All, I was sent this by a friend, could someone confirm if this exploit is really existant? http://www.vimeo.com/6580991 (requires flash) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Security vulnerability in 7.x
look for this subject on the maillist reporter on deadline seeks comment about reported security bug in FreeBSD You will find an almost 50 chained... topic about this... ;o) btw, yes, it does. 2009/9/18 Alex R a...@mailinglist.ahhyes.net: Hi All, I was sent this by a friend, could someone confirm if this exploit is really existant? http://www.vimeo.com/6580991 (requires flash) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
What does it look like? ISP---Hub---My Gateway---Switch--Pc Or ISPMy Gateway---Switch-Hub-Pc -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25507235.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
In the beginning when gateway starts the web page opens, but after that no one web doesn't open. The same is in first 5min ping reach my ISP gateway, but then it's gone. Same from my gateway with ping. -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25507722.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
Freeco wrote: What does it look like? ISP---Hub---My Gateway---Switch--Pc Or ISPMy Gateway---Switch-Hub-Pc ...are you sure that by accident that you don't have the following *physical* setup? --- | Gateway | --- | | | | |--- Switch/Hub | | | | | ISP PC This doesn't appear to be a logical subnetting issue, but more of a 'having two interfaces on a logically undivided physical medium'. If you do have the above setup, it may work, but I would highly advise against it. The only way you can get around the warnings and still have things in this case work properly is to use VLANs. Freeco, let us know how things are connected physically. Your best bet would be: |-pc | ISP---Gateway-Switch-pc | |_pc Trash binHub Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: reporter on deadline seeks comment about reported security bug in FreeBSD
Mak Kolybabi wrote: On 2009-09-14 12:12, Dan Goodin wrote: We'll be writing a brief article about this. I didn't notice anyone link the finished article yet, so here it is: http://www.theregister.co.uk/2009/09/14/freebsd_security_bug/ -- Matthew Anthony Kolybabi (Mak) m...@kolybabi.com () ASCII Ribbon Campaign | Against HTML e-mail /\ www.asciiribbon.org | Against proprietary extensions ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org http://www.vimeo.com/6580991 The article says that Versions 7.1 and and beyond are not vulnerable. That video contradicts that. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
Steve Bertrand wrote: [ snip ] Freeco, let us know how things are connected physically. Your best bet would be: |-pc | ISP---Gateway-Switch-pc | |_pc I just noticed that your ISP has assigned you a /28 prefix. Is all of this 255.255.255.240 yours, or are you on a shared network segment? If it is yours, and you plan on using it, you'll want to set things up like the following. If it is all yours (88.18 - 88.30) and you didn't request it, I'd sure be interested to know who is giving away /28's nowadays when the client didn't even request it ;) |-pc | ISP-Switch---Gateway--Switchpc | \ | | \ |_pc | \ server1 server2 ...Not depicted, but I'd recommend a firewall for anything between the gateway and the ISP. Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: reporter on deadline seeks comment about reported security bug in FreeBSD
http://www.vimeo.com/6580991 The article says that Versions 7.1 and and beyond are not vulnerable. That video contradicts that. As someone who has manipulated moving picture for fun and profit, having a video of something is a proof of nothing. For all what it's worth the OS in video might be FreeBSD - or even loonix made to look like FreeBSD, made vulnerable on purpose of tarring the project. Until the security team gives their official response and patches, I read the entire story with a grain of salt, especially as the originator was so keen on getting his discovery into news websites... If the discovery is real, the patch will come when it will come, until then the publicity is just negligible buzz. -Reko ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
So it means that i will need 2 more NIC's in my gateway? |-pc | ISP---Gateway-Switch-pc | |_pc Why all pc's can't be in one subnet? I'll be happy with one subnet, i don't need more. I tried this: ISP x.x.88.17---x.x.88.20 Gateway 192.168.1.2--pc cable unplugged 192.168.1.7? I want to use this one: |-pc 192.168.1.5 | ISP x.x.88.17---x.x.88.20 Gateway 192.168.1.2-Switch-pc 192.168.1.6 | |_pc 192.168.1.7 The gateway will work like firewall and nat. Maybe i have wrong settings on my pc? PC Settings IP: 192.168.1.7 Mask: 255.255.255.128 (same in rc.conf) Gateway: 192.168.1.2 Dns: x.x.88.17 Dns: 192.168.1.2 -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25508442.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can't boot Marvel Sheevaplug from USB
James Butler wrote: [regarding USB booting problems] Test the fix when it arrives? Scott seems to have some idea what the problem is, and a lot of people have been bitten by it, so I'm hoping for a fix soon(TM). Ok, I'll just wait for this then. :-) Do mmc(4)/sdhci(4) not support the controller? I don't think so, but I didn't test extensively. (I added them to the kernel config but none of the boot messages suggested the SDIO slot is being detected.) I think Linux uses a specific driver for the Marvell SDIO port (mvsdio) but to be honest, I don't really understand how the mvsdio, sdhci and mmc drivers work together. I've seen it suggested that UFS+softupdates is about as good as a conventional filesystem gets for flash media, because it's good at minimising transient writes. True, but I think the internal NAND storage device is not a block device, which is why Linux needs the UBI/UBIFS combination to make a useful filesystem out of it. I'm not sure if FreeBSD has anything like this. In any case, it's probably not essential. It would already be nice if FreeBSD would be able to run off an USB storage device or MMC in the SDIO slot. Kind regards, Maks Verver. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipfw + NAT doesn't work
On Thu, Sep 17, 2009 at 02:53:12PM -0400, Robert Huff typed: Ruben de Groot writes: However: using these I still can't get through Through to what? You seem to be able to connect on a local subnet, but not to the internet through NAT, which you say is ok, because you shouldn't ? Please explain exactly what you want to do. 1) With the firewall enabled, but no NAT-related rules, I can't get out. This is as expected. 2) With the NAT rules added, I should be able to get out, but can't. Clear? I think so. What's your outgoing ip? The rules you posted: ipfw add 5000 nat 15 all from any to any ipfw nat 15 config log same_ports ip 10.0.0.0/8 ^^ Looks strange to me. Instead of 10.0.0.0/8 I believe you should use a single IP that you want to translate to (ie your outgoing IP address). Ruben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
Freeco wrote: So it means that i will need 2 more NIC's in my gateway? |-pc | ISP---Gateway-Switch-pc | |_pc Why all pc's can't be in one subnet? I'll be happy with one subnet, Ok. One of us is confused, but I don't know who yet :) A 'subnet' is a term used to describe a portion of an IP address space, where each device in that space can communicate with one another without using a router: 192.168.1.0/24 is a subnet, so hosts 192.168.1.1 through 192.168.1.254 can 'speak' to each other without using a router. If you have more than one PC, you need a 'switch' or hub to physically connect all of those devices, so they can all speak to each other. (fwiw, I cringe at the term subnet). In the diagram above, you need two NICs in the gateway. One goes to the ISP, and the other 192.168.1.2 goes to the switch. The rest of the computers also plug into the switch. If all of the devices have 192.168.1.x, they are all in the same subnet. i don't need more. I tried this: ISP x.x.88.17---x.x.88.20 Gateway 192.168.1.2--pc cable unplugged 192.168.1.7? You need what's known as a 'cross-over' cable to connect the PC to the Gateway directly. The first sentence in this link describes it well: http://en.wikipedia.org/wiki/Ethernet_crossover_cable I want to use this one: |-pc 192.168.1.5 | ISP x.x.88.17---x.x.88.20 Gateway 192.168.1.2-Switch-pc 192.168.1.6 | |_pc 192.168.1.7 The diagram got mangled, but from what I can tell, this is the same as the diagram I left at the top of this message. The gateway will work like firewall and nat. Maybe i have wrong settings on my pc? You do. Although technically it will work, you have in your gateway: 192.168.1.2 255.255.255.0 ...but on the pc: 192.168.1.7 255.255.255.128: PC Settings IP: 192.168.1.7 Mask: 255.255.255.128 (same in rc.conf) Gateway: 192.168.1.2 Dns: x.x.88.17 Dns: 192.168.1.2 I'm not convinced that there still isn't a cabling issue,. I don't use NAT, so perhaps someone else can help with any config issues, but I would find out/fix what is causing the traffic to be received on the wrong interface first. Also, I just noticed in your original post that there appears to be another clerical error. Again, I don't know ipnat, but I would suspect that this: map fxp0 192.168.0.0/16 - 0/32 should really be this: map fxp0 192.168.0.0/24 - 0/32 Aside from that, are you sure that this entry shouldn't be: map rl0 192.168.0.0/24 - 0/32 ? Again, I don't know ipnat, but to me, in the fxp0 entry, it looks like you are trying to map the 192 space coming INTO fxp0 (which in your original post is the NIC that faces the ISP, not the internal network). If this is how ipnat looks at this, then this is also a problem. Steve smime.p7s Description: S/MIME Cryptographic Signature
updating pc's to the same date/time
I would like to do a fresh installation of FreeBSD 7.2 and then update it to the same state as another computer so I can transfer it's packages and have them in sync with the ports. Is my understanding of the system correct in that all I have to do is: 1. Copy /usr/src and /usr/ports to the new computer. 2. Rebuild and install the kernel and world. 3. Copy and install the packages I created on the first computer. Thanks, Andrew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
Steve Bertrand wrote: [ snip ] Freeco, let us know how things are connected physically. Your best bet would be: |-pc | ISP---Gateway-Switch-pc | |_pc |-pc | ISP-Switch---Gateway--Switchpc | \ | | \ |_pc | \ server1 server2 Steve wrote: ...Not depicted, but I'd recommend a firewall for anything between the gateway and the ISP. The gateway will work like IPF (Firewall) and NAT. Is it wrong? Steve wrote: I just noticed that your ISP has assigned you a /28 prefix. Is all of this 255.255.255.240 yours, or are you on a shared network segment? If it is yours, and you plan on using it, you'll want to set things up like the following. If it is all yours (88.18 - 88.30) and you didn't request it, I'd sure be interested to know who is giving away /28's nowadays when the client didn't even request it ;) Yes, it's mine. I'm paying just for 3 static addresses 18-20. I plan other static addresses to use for other plans. So i'll need 2 more NIC's for gateway? I think that my ISP uses the 2nd image. In my room is a switch. In our home is switch. 3 homes from mine is a gateway. I don't know what else there is. P.S. Sorry for my poor english -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25509501.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
Steve Bertrand wrote: map fxp0 192.168.0.0/24 - 0/32 Aside from that, are you sure that this entry shouldn't be: map rl0 192.168.0.0/24 - 0/32 ? Again, I don't know ipnat, but to me, in the fxp0 entry, it looks like you are trying to map the 192 space coming INTO fxp0 (which in your original post is the NIC that faces the ISP, not the internal network). If this is how ipnat looks at this, then this is also a problem. Just a note, section 30.5.16 IPNAT Rules of the handbook states that using the external interface in the map rule is the correct way of doing things. Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: IPF, NAT or NIC
Freeco wrote: Steve Bertrand wrote: |-pc | ISP-Switch---Gateway--Switchpc | \ | | \ |_pc | \ server1 server2 So i'll need 2 more NIC's for gateway? No, unless there is something I don't know about. I think that my ISP uses the 2nd image. In my room is a switch. In our home is switch. 3 homes from mine is a gateway. I don't know what else there is. Ok. Lets start with the basics. - What is connected to the switch in your room? - what is connected to the switch in your home? - what is connected to the gateway down the street? - how do you connect your room, to your home, to the house three homes away? This new information makes it more believable that there is some sort of cabling mishap. P.S. Sorry for my poor english You don't have to be. You're doing just fine! Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: updating pc's to the same date/time
On Fri, Sep 18, 2009 at 9:14 AM, Andrew Gould andrewlylego...@gmail.comwrote: I would like to do a fresh installation of FreeBSD 7.2 and then update it to the same state as another computer so I can transfer it's packages and have them in sync with the ports. Is my understanding of the system correct in that all I have to do is: 1. Copy /usr/src and /usr/ports to the new computer. 2. Rebuild and install the kernel and world. 3. Copy and install the packages I created on the first computer. Thanks, Andrew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org There are many ways to accomplish this, but first there's no reason to cp /usr/ports if you're going to do step 3. -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Question about xhttp://www.freebsddiary.org/apsfilter.php
Hello I am contacting you on behalf of a client printer accessories website, http://www.abacus24-7.com/ I'm interested in purchasing a link from your great site. I noticed you were running Ads so I thought you might be interested. I'm not looking for a banner or anything flashy. In fact, I'm not looking to take traffic from your site at all. I'm solely looking for a simple 2-3 word text link anywhere on the page. I'd like to offer a monthly fee via PayPal every month just to keep the link live on the site. If this sounds like a possibility, please contact me at your earliest convenience. Thank you, -- Ernesto Tinajero SEO SEM consultant etinaj...@linkmonopoly.com (509) 321-0609 Monday - Thursday 9am-6pm ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: updating pc's to the same date/time
On Fri, Sep 18, 2009 at 09:14:59AM -0500, Andrew Gould wrote: I would like to do a fresh installation of FreeBSD 7.2 and then update it to the same state as another computer so I can transfer it's packages and have them in sync with the ports. Is my understanding of the system correct in that all I have to do is: 1. Copy /usr/src and /usr/ports to the new computer. If you copy the installed applications, you don't have to copy /usr/ports. 2. Rebuild and install the kernel and world. 3. Copy and install the packages I created on the first computer. Ports and packages install in /usr/local by default. So after you have built/installed all ports on the first machine, use tar(1) and nc(1) to copy the whole /usr/local tree over. Subsequently, after you have updated the ports on the first machine, use rsync(1) to keep both copies syncronized; that is much faster than copying. (In this scenario the second machine doesn't need /usr/ports or /var/db/ports and /var/db/pkg at all!) Remember to enable any daemons in /etc/rc.conf as necessary. Alternatively, you could use nfs to export /usr/local from the first to the second machine. But this will probably be significantly slower in day-to-day usage. And if the first machine is down, the second one looses its ports. :-( Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpt90qYiW066.pgp Description: PGP signature
Re: IPF, NAT or NIC
A 'subnet' is a term used to describe a portion of an IP address space, where each device in that space can communicate with one another without using a router: Steve wrote: 192.168.1.0/24 is a subnet, so hosts 192.168.1.1 through 192.168.1.254 can 'speak' to each other without using a router. If you have more than one PC, you need a 'switch' or hub to physically connect all of those devices, so they can all speak to each other. (fwiw, I cringe at the term subnet). I have a switch to connect all of these 3 pc's. Steve wrote: In the diagram above, you need two NICs in the gateway. One goes to the ISP, and the other 192.168.1.2 goes to the switch. The rest of the computers also plug into the switch. If all of the devices have 192.168.1.x, they are all in the same subnet. If the 2 pc's will be connected to gateway directly and another one with the switch, then all 3 pc's won't be in one subnet. Right? I want to use this one: |---pc 192.168.1.5 | ISP x.x.88.17---x.x.88.20 Gateway192.168.1.2---Switch---pc 192.168.1.6 | |___pc 192.168.1.7 Steve wrote: 192.168.1.2 255.255.255.0 ...but on the pc: 192.168.1.7 255.255.255.128: PC Settings IP: 192.168.1.7 Mask: 255.255.255.128 (SAME IN rc.conf ON FREEBSD) Gateway: 192.168.1.2 Dns: x.x.88.17 Dns: 192.168.1.2 -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25510433.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
Freeco wrote: Steve wrote: In the diagram above, you need two NICs in the gateway. One goes to the ISP, and the other 192.168.1.2 goes to the switch. The rest of the computers also plug into the switch. If all of the devices have 192.168.1.x, they are all in the same subnet. If the 2 pc's will be connected to gateway directly and another one with the switch, then all 3 pc's won't be in one subnet. Right? That is right. Knowing that you aren't bridging on the gateway, if you connect two pc's directly to the gateway, and another to the gateway through a switch, they will all need different prefixes (they'll be in different subnets): 192.168.1.x 192.168.2.x 192.168.3.x etc. In this case, you WILL need at least four NICs in the gateway, and you will need at least three different NAT configurations. I'm at a loss of what you are trying to do, primarily because I now envision a scenario where you have multiple switches with cables going everywhere (possibly back to one another), and have no idea what your physical layout truly is. You need to answer the questions in my other message before I can even begin to comprehend what your setup is. Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: IPF, NAT or NIC
Ok. Lets start with the basics. - What is connected to the switch in your room? There is connected ISP cable from my home switch and 3 pc's - what is connected to the switch in your home? I'm not sure, but i think there is connected a cable to my switch ( i plan: my gateway - switch) And my neighbour (with private IP) - what is connected to the gateway down the street? I already said, i don't know. I haven't been there. - how do you connect your room, to your home, to the house three homes away? Everything is connected with cable. This new information makes it more believable that there is some sort of cabling mishap. P.S. Sorry for my poor english You don't have to be. You're doing just fine! -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25510716.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: PHP5 and ldap
Hi folks, I don't know how to enable ldap for php5 on my Freebsd 7.2 system this is a client only ldap system. ldapsearch works well with tls on it. but I try to enable roundcube ldap, and roundcube says: LDAP Error: No ldap support in this installation of PHP (GET /?_task=addressbook_action=list_source=ldap_page=1_remote=1) here is the output of pkg_info: pkg_info | grep ldap openldap-client-2.4.16 Open source LDAP client implementation php5-ldap-5.2.9 The ldap shared extension for php find / -name ldap.so /usr/local/lib/php/20060613/ldap.so any idea? -- View this message in context: http://www.nabble.com/PHP5-and-ldap-tp22183625p25510735.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Virtualbox does not lunch (FREEBSD 7.2 STABLE)
Don't top-post, please. Jeronimo Calvo jeronimocal...@googlemail.com writes: for some reason, it gives me the same error... the funny thing is pkgdb gives me a nice colection of errors as well :D # pkg_info | grep virtualbox virtualbox-3.0.51.r6 A general-purpose full virtualizer for x86 hardware # pkg_delete -f virtualbox-3.0.51.r6 pkg_delete: unable to completely remove directory '/usr/local/lib/virtualbox' pkg_delete: couldn't entirely delete package (perhaps the packing list is incorrectly specified?) This error isn't serious. You can look in that directory, see what's left, and either submit a fix for the port to remove it, or perhaps find out that there is local configuration that the port *shouldn't* be removing. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
fxp0 is integrated NIC. In this NIC connects a cable from ISP. rl0 is PCI NIC the cable connets to switch with all other 3 pc's. -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25510880.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: PHP5 and ldap
In response to FreeBSD admin alligator...@free.fr: Hi folks, I don't know how to enable ldap for php5 on my Freebsd 7.2 system this is a client only ldap system. ldapsearch works well with tls on it. but I try to enable roundcube ldap, and roundcube says: LDAP Error: No ldap support in this installation of PHP (GET /?_task=addressbook_action=list_source=ldap_page=1_remote=1) here is the output of pkg_info: pkg_info | grep ldap openldap-client-2.4.16 Open source LDAP client implementation php5-ldap-5.2.9 The ldap shared extension for php find / -name ldap.so /usr/local/lib/php/20060613/ldap.so any idea? I have a couple of guesses. 1) If you installed php5-ldap from ports, you generally have to restart Apache for the running PHP to recognize that it's there. 2) Check /usr/local/etc/php/extensions.ini to ensure the .so was properly listed. I've seen cases where it's not listed correctly. You can check the output of php_info() to make sure PHP thinks it's there. Hope this helps. -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
Freeco wrote: - What is connected to the switch in your room? There is connected ISP cable from my home switch and 3 pc's So, like this: down the street | | home switch---neighbor | | cable from home switch, that also goes to ISP | | room switch /|\ / | \ /|\ pcpc pc - what is connected to the switch in your home? I'm not sure, but i think there is connected a cable to my switch ( i plan: my gateway - switch) And my neighbour (with private IP) Since you already said that you could ping from your gateway to the 'ISP' router, I'll pretend I didn't hear that your neighbour has a private IP whilst possibly on the same physical broadcast domain. Now, this is what you want to do if I understand the situation correctly: down the street | | home switch---neighbor | | cable from home switch, that also goes to ISP | | x.x.88.20 gateway 192.168.1.2 | | room switch /|\ / | \ /|\ pcpc pc 192.168.1.5 .6 .7 To test, plug the gateway into the cable that comes from the home switch. Do not plug anything else into the gateway. Now, while logged into the gateway pc: % ping x.x.88.20 % ping x.x.88.17 % ping 208.70.104.211 ...if that works, you now know that the WAN side of your network is working correctly. Now plug the room switch into the other NIC on the gateway, and plug in ONE pc into the switch. Have a look to see if the 'received on wrong int' messages have gone away. If so, on the pc: % ping 192.168.1.2 ...if that works: % ping x.x.88.20 ...if that one does NOT work, post back to the list, and I'll help you with a few commands to do, so we can see where things are dying, and try to find out if this is a NAT problem or not. If it does work: % ping x.x.88.17 ...if that works, we now know that NAT is functional, and you can reach the ISP gateway, and it knows how to get back to you. % ping 208.70.104.211 ...if that works, you are done :) Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: Virtualbox does not lunch (FREEBSD 7.2 STABLE)
make install, seems to do the work... but the only thing is that im not able to launch the app... it doesn't seems to do the correct link... as which or whereis doesnt give me any output pointing to VirtualBox so in consequence im not able to launch the app post-installation... Can u maybe paste the output of #which virtualbox ? Cheers! 2009/9/18 Lowell Gilbert freebsd-questions-lo...@be-well.ilk.org: Don't top-post, please. Jeronimo Calvo jeronimocal...@googlemail.com writes: for some reason, it gives me the same error... the funny thing is pkgdb gives me a nice colection of errors as well :D # pkg_info | grep virtualbox virtualbox-3.0.51.r6 A general-purpose full virtualizer for x86 hardware # pkg_delete -f virtualbox-3.0.51.r6 pkg_delete: unable to completely remove directory '/usr/local/lib/virtualbox' pkg_delete: couldn't entirely delete package (perhaps the packing list is incorrectly specified?) This error isn't serious. You can look in that directory, see what's left, and either submit a fix for the port to remove it, or perhaps find out that there is local configuration that the port *shouldn't* be removing. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Virtualbox does not lunch (FREEBSD 7.2 STABLE)
On Fri, Sep 18, 2009 at 11:01 AM, Jeronimo Calvo jeronimocal...@googlemail.com wrote: make install, seems to do the work... but the only thing is that im not able to launch the app... it doesn't seems to do the correct link... as which or whereis doesnt give me any output pointing to VirtualBox so in consequence im not able to launch the app post-installation... Can u maybe paste the output of #which virtualbox ? Cheers! 2009/9/18 Lowell Gilbert freebsd-questions-lo...@be-well.ilk.org: Don't top-post, please. Jeronimo Calvo jeronimocal...@googlemail.com writes: for some reason, it gives me the same error... the funny thing is pkgdb gives me a nice colection of errors as well :D # pkg_info | grep virtualbox virtualbox-3.0.51.r6 A general-purpose full virtualizer for x86 hardware # pkg_delete -f virtualbox-3.0.51.r6 pkg_delete: unable to completely remove directory '/usr/local/lib/virtualbox' pkg_delete: couldn't entirely delete package (perhaps the packing list is incorrectly specified?) This error isn't serious. You can look in that directory, see what's left, and either submit a fix for the port to remove it, or perhaps find out that there is local configuration that the port *shouldn't* be removing. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/http://be-well.ilk.org/%7Elowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Did you unselect configuration option Build with QT4 Frontend ? -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: PHP5 and ldap
SOLVED! i had an incorrect php.ini in front of my apache installation. You put me on the right tracks! problem solved. no I have a TLS negociation error, but this is another part. Cheers -- View this message in context: http://www.nabble.com/PHP5-and-ldap-tp22183625p25511444.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Virtualbox does not lunch (FREEBSD 7.2 STABLE)
no, I did not, the only change i made was VBOX_WITH_HARDENING = 0, on Config.kmk, before compiling... 2009/9/18 Adam Vande More amvandem...@gmail.com: On Fri, Sep 18, 2009 at 11:01 AM, Jeronimo Calvo jeronimocal...@googlemail.com wrote: make install, seems to do the work... but the only thing is that im not able to launch the app... it doesn't seems to do the correct link... as which or whereis doesnt give me any output pointing to VirtualBox so in consequence im not able to launch the app post-installation... Can u maybe paste the output of #which virtualbox ? Cheers! 2009/9/18 Lowell Gilbert freebsd-questions-lo...@be-well.ilk.org: Don't top-post, please. Jeronimo Calvo jeronimocal...@googlemail.com writes: for some reason, it gives me the same error... the funny thing is pkgdb gives me a nice colection of errors as well :D # pkg_info | grep virtualbox virtualbox-3.0.51.r6 A general-purpose full virtualizer for x86 hardware # pkg_delete -f virtualbox-3.0.51.r6 pkg_delete: unable to completely remove directory '/usr/local/lib/virtualbox' pkg_delete: couldn't entirely delete package (perhaps the packing list is incorrectly specified?) This error isn't serious. You can look in that directory, see what's left, and either submit a fix for the port to remove it, or perhaps find out that there is local configuration that the port *shouldn't* be removing. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Did you unselect configuration option Build with QT4 Frontend ? -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: PHP5 and ldap
and now it working... tls_ssf=256 ssf=256 great thanks for php.ini trick! @+ -- View this message in context: http://www.nabble.com/PHP5-and-ldap-tp22183625p25511620.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
Thanks man! Everything works when i connected a cable directly to the gateway. Till this there was two cables connected because inet cable was too short. But i want my gateway to bring to another room so i'll need to connect 2 cables and inet will doesn't work again? I could ping all IP's when cables was connected. -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25511903.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
Freeco wrote: Thanks man! Everything works when i connected a cable directly to the gateway. Till this there was two cables connected because inet cable was too short. I kind of figured something along those lines. But i want my gateway to bring to another room so i'll need to connect 2 cables and inet will doesn't work again? You can't change the way it is...it must stay this way. Do whatever you have to do (get a longer cable for instance) in order to keep things the way they are. Here is a solution for you. Note that the new switch has ONLY the ISP cable, and the gateway cable plugged into it AND NOTHING ELSE. A new switch may cost only about $40USD, but not only will it work the same, but it will allow you to put the gateway in your other room: down the street | | home switch---neighbor | | cable from home switch, that also goes to ISP | | new switch | | | | | | long cable that goes to room far, far away | | | | x.x.88.20 gateway 192.168.1.2 | | room switch /|\ / | \ /|\ pcpc pc 192.168.1.5 .6 .7 Cheers. I'm glad it worked out for you! :) Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: IPF, NAT or NIC
Freeco wrote: Thanks man! Everything works when i connected a cable directly to the gateway. Till this there was two cables connected because inet cable was too short. But i want my gateway to bring to another room so i'll need to connect 2 cables and inet will doesn't work again? I could ping all IP's when cables was connected. Now that we've resolved it, I suspect this is what you had, with the pc's (quite possibly) plugged into the room switch as well: down the street | | home switch---neighbor | | cable from home switch, that also goes to ISP | | room switch |\ | \ x.x.88.20\ gateway | 192.168.1.2| | | | | |_| Yes? Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: Virtualbox does not lunch (FREEBSD 7.2 STABLE)
On Fri, Sep 18, 2009 at 11:19 AM, Jeronimo Calvo jeronimocal...@googlemail.com wrote: no, I did not, the only change i made was VBOX_WITH_HARDENING = 0, on Config.kmk, before compiling... 2009/9/18 Adam Vande More amvandem...@gmail.com: On Fri, Sep 18, 2009 at 11:01 AM, Jeronimo Calvo jeronimocal...@googlemail.com wrote: make install, seems to do the work... but the only thing is that im not able to launch the app... it doesn't seems to do the correct link... as which or whereis doesnt give me any output pointing to VirtualBox so in consequence im not able to launch the app post-installation... Can u maybe paste the output of #which virtualbox ? Cheers! 2009/9/18 Lowell Gilbert freebsd-questions-lo...@be-well.ilk.org: Don't top-post, please. Jeronimo Calvo jeronimocal...@googlemail.com writes: for some reason, it gives me the same error... the funny thing is pkgdb gives me a nice colection of errors as well :D # pkg_info | grep virtualbox virtualbox-3.0.51.r6 A general-purpose full virtualizer for x86 hardware # pkg_delete -f virtualbox-3.0.51.r6 pkg_delete: unable to completely remove directory '/usr/local/lib/virtualbox' pkg_delete: couldn't entirely delete package (perhaps the packing list is incorrectly specified?) This error isn't serious. You can look in that directory, see what's left, and either submit a fix for the port to remove it, or perhaps find out that there is local configuration that the port *shouldn't* be removing. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/http://be-well.ilk.org/%7Elowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Did you unselect configuration option Build with QT4 Frontend ? -- What is the output of cat /var/db/ports/virtualbox/options -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
/etc/X11
hi, is /etc/X11 in /etc/mtree/BSD.root.dist still necessary? using /usr/local/etc/X11/ seems like a much better place to store one's xorg.conf. cheers. alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
Ok, thanks for advice about switch. You really helped me so much. Now i'll get with my ipf and nat rules. What ports u recomend to keep open and how to block gateway ping? -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25512314.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
Freeco wrote: Ok, thanks for advice about switch. You really helped me so much. Now i'll get with my ipf and nat rules. I'm glad I could help. So many people here and on other lists have helped me significantly over the years, so I try to give back whenever I can/have time. What ports u recomend to keep open and how to block gateway ping? About the portsthat depends on what you are going to do. My theory is, unless you are an Internet Provider, all ports should be closed by default, and opened on an as-is needed basis. Generally, there isn't very much that will break if you block everything coming into the ISP side of your gateway (so long as you are using the firewall as a 'stateful' firewall). On the other hand, having the idea that wide open and block certain things leads to accidentally leaving things like SSH on your gateway accessible. As for the ping. I am generally dead against blocking any type of ICMP. I've spent countless nights trying to troubleshoot wide-scale Internet reachability problems because someone out there decided that blocking ICMP was the same as blocking ping. This goes against my above 'deny everything', but it's my only exception. Those who have ever had to deal with pmtud issues when it's least expected know exactly what I mean. Issues caused by careless filtering of ICMP can have the same effect to a home user as it does to an ISP, but the home user will likely have a much harder time figuring out what is wrong :) For instance, most will do the following: # ipfw add 100 deny icmp from any to any in You just broke Path MTU Discovery, lost the ability to learn when a remote port/host is unreachable, and our tests earlier would have failed as well. If your firewall is clamped down, there is no real good reason to block ping requests IMHO. If you don't want others on the WAN side to be able to ping you, block ICMP Type 8 messages inbound only. In IPFW, it would look like this: # ipfw add 10 deny icmp from any to me in via $ext_if icmptypes 8 # ipfw add 15 allow icmp from any to any ...but my personal recommendation is to not do it. Even for the simple fact that if you ever have to call your ISP for support, pinging is one of the most basic and helpful utilities available. Again, IMHO. Cheers, Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: IPF, NAT or NIC
After some time, when all 3 pc's was connected to switch inet lost. I couldn't open any web page. I didn;t try to ping anything. -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25513318.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
My gateway gave me a message: gateway kernel: arp: x.x.88.17 is on fxp0 but got reply from 00:0c:42:11:15:a8 on rl0 -- View this message in context: http://www.nabble.com/IPF%2C-NAT-or-NIC-tp25491958p25513518.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPF, NAT or NIC
Freeco wrote: My gateway gave me a message: gateway kernel: arp: x.x.88.17 is on fxp0 but got reply from 00:0c:42:11:15:a8 on rl0 That MAC address is that of a Mikrotic router. I suspect that you've created a cabling loop of some sort again. Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: reporter on deadline seeks comment about reported security bug in FreeBSD
Reko Turja pisze: As someone who has manipulated moving picture for fun and profit, having a video of something is a proof of nothing. For all what it's worth the OS in video might be FreeBSD - or even loonix made to look like FreeBSD, made vulnerable on purpose of tarring the project. Until the security team gives their official response and patches, I read the entire story with a grain of salt, especially as the originator was so keen on getting his discovery into news websites... Actually, the 6.4 vulnerability was confirmed by Xin Li on freebsd-secur...@. The patch along with advisory will be out very soon. You might be also interested in reading statement on my webpage, regarding both 6.4 and 7.2 vulnerabilities. -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com ** NICHDL: PMF9-RIPE * * Jabber ID: veng...@czuby.pl ** PGP ID: 2578FCAD ** HAM-RADIO: SQ5JIV * ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help configuring sendmail to send only using authorization to smart host
Phusion wrote: I need some help configuring sendmail to send only using authorization to a smart host being the ISP's mail server. I'm running 7.2-RELEASE. I've looked over http://www.freebsd.org/doc/en/books/handbook/outgoing-only.html but want to use the built-in sendmail. I've run the following command: sendmail -d0.1 -bv, but SASL isn't included. Also, I would rather uses packages. Please advise. Phusion, I originally replied via Google, but it doesn't seem to have hit the list, so here's a repeat. Apologies for the repetition, if it occurs. This link might provide useful information: http://www.hydrus.org.uk/journal/smtp-client-auth.html -mark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: reporter on deadline seeks comment about reported security bug in FreeBSD
Przemyslaw Frasunek wrote: Giorgos Keramidas wrote: Przemyslaw should email security-officer with any details he thinks are relevant. Then the security team will make sure to fix the bug for all affected releases of FreeBSD, release a patch with the fix, issue an advisory through the usual channels, and post the details online at our security information web pages at http://www.FreeBSD.org/security/. I see that I received a lot of criticism after disclosing 6.4 vulnerability. Please read some facts: I send few mails: on 29th Aug to security team, on 2nd Sep and 11th Sep directly to security officer. None of them were responded. I haven't filled any PRs, because it would disclose details of vulnerability to the public and allow blackhats to exploit it. I won't publish anything more than video, before official security advisory. The exploit is private to me and it won't be given to the community. Michael Powell wrote: Quoted from ~freebsd.security.general: The bug was fixed in 6.1-STABLE, just before release of 6.2-RELEASE, but was not recognized as security vulnerability. This is another bug. The former one affected only 6.1, this one affects everything up to 6.4-STABLE. Please allow me to express my appreciation for your efforts in this matter. Your work will only improve FreeBSD and I would like to thank you kindly for that. I apologize if any, or all, of my comments appeared critical of your work. I was trying to express criticism of the writer whose only imperative was to generate a sensationalist headline. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Help with NAT
Hello, I am at my wits end with this one. I have set up a box to use of firewall/nat. However, during the setup I pointed set net to do a port redirect of port 6502 to port 80 of my development web server. Everything worked fine so I deployed my new box onto a live IP and tested it again with the same redirect to my dev server. Still, everything works fine so I changed /etc/natd.conf to point to my production web server and it won't work. I have tried everything that I can think of to narrow down this issue but I just can't figure it out. I pointed everything back to my dev server and it's still working. I changed the dev servers IP and changed nat to point to the new IP and it still works. It would see that nat will work only with my dev server and no other computer. Can anyone offer any suggestions, I'm sure I'm missing something basic. -Scott ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help with NAT
Scott Elgram wrote: Hello, I am at my wits end with this one. I have set up a box to use of firewall/nat. However, during the setup I pointed set net to do a port redirect of port 6502 to port 80 of my development web server. Everything worked fine so I deployed my new box onto a live IP and tested it again with the same redirect to my dev server. Still, everything works fine so I changed /etc/natd.conf to point to my production web server and it won't work. I have tried everything that I can think of to narrow down this issue but I just can't figure it out. I pointed everything back to my dev server and it's still working. I changed the dev servers IP and changed nat to point to the new IP and it still works. It would see that nat will work only with my dev server and no other computer. Can anyone offer any suggestions, I'm sure I'm missing something basic. On the production server, after you've got things pointed to it: # tcpdump -n -i em0 port 80 ...where em0 is the interface. Send a request through from the outside, and verify that you can see the HTTP request come in to the production box, and go back out again. It should look like the following. Note that these are v6 addrs not v4, but the result is the same. In the first packet, 5 - b6 is request in, and b6 - 5 is response back. You 'should' see the same result, but with your v4 addresses instead. pearl# tcpdump -n -i em0 port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on re0, link-type EN10MB (Ethernet), capture size 96 bytes 20:09:52.912361 IP6 2607:f118::5.1752 2607:f118::b6.80: S 3408461679:3408461679(0) win 16384 mss 1440 20:09:52.912425 IP6 2607:f118::b6.80 2607:f118::5.1752: S 1781312333:1781312333(0) ack 3408461680 win 65535 mss 1440 ...whether you see the packets come in or not, post back with your findings. Do you perhaps have to 'restart' natd in order to release any sort of caching? STeve smime.p7s Description: S/MIME Cryptographic Signature
Re: freebsd-update-server, 7.2
No worries, all. I've managed to get this to work, and have a working
internal freebsd-update server.
With some help from Colin, I've realized a couple of things that needed to
be changed for my setup to work. In regards to the amd64 build I was doing,
it was missing some kernel sources that were not in the configuration file I
was following for i386 that is part of the cvs source.
I will be submitting my configuration files for review, as well. In addition
to this, I will submit documentation to FreeBSD on how I've used the software
to create a working freebsd-update server.
-jgh
On Tue, Aug 11, 2009 at 09:17:04AM -0700, Jason thus spake:
Does anyone have any thoughts, or experience in using the
freebsd-update-server code?
Thanks,
Jason
On Mon, Aug 10, 2009 at 09:24:52AM -0700, Jason thus spake:
Hi.
The freebsd-update-server project software hasn't been updated for 7,2,
but after making a couple of simple modifications, it seems to work rather well.
I am close, but not quiet smoking the cigar of triumph, yet.
When it initially builds, I get this error in the output:
Fri Aug 7 18:50:56 PDT 2009 Extracting world+src for FreeBSD/amd64
7.2-RELEASE
Sun Sep 12 01:51:21 UTC 2010 Building world for FreeBSD/amd64 7.2-RELEASE
Sat Sep 11 18:51:30 PDT 2010 Moving components into staging area for
FreeBSD/amd64 7.2-RELEASE
mv: rename /R/stage/trees to /R/trees/world: No such file or directory
Fri Aug 7 18:51:30 PDT 2009 Extracting extra docs for FreeBSD/amd64
7.2-RELEASE
tar: could not chdir to '/R/trees/world'
I would like to clear these errors up, as well... but...
The only code change I have made is adding this to build.subr for the iso
fetch. Basically a path change.
ISO=${FTP}/ISO-IMAGES-${TARGET}/${RELNUM}/${REL}-${TARGET}-disc1.iso
However, it does build. I send the update to my update server, and need to
copy latest.ssl and pub.ssl from one of the official update servers from
FreeBSD. If I don't do that, I will get this error.
freebsd-update fetch
Looking up xxx.xxx.xxx.xxx mirrors... none found.
Fetching metadata signature for 7.2-RELEASE from
xxx.xxx.xxx.xxx ... invalid signature.
No mirrors remaining, giving up.
If I do that, I then get to the next step:
freebsd-update fetch
Looking up xxx.xxx.xxx.xxx mirrors... none found.
Fetching metadata signature for 7.2-RELEASE from
xxx.xxx.xxx.xxx ... done.
Fetching metadata index... fetch:
http://xxx.xxx.xxx.xxx/7.2-RELEASE/amd64/t/14e85c887f8e9ecaef130d50e3d2ddbb3664af22d9e05f652a66219bda5b76ba:
Not Found
failed.
On the update server, I do have this file though under the t directory:
4eeb3a30c564302be5e8129e6afdf3477ff316a891b5a4b6c9535947b7a81e28
I am curious why it is requesting the wrong file.
Here is my configuration file for 7.2:
# SHA256 hash of RELEASE disc1.iso image.
export RELH=1ea1f6f652d7c5f5eab7ef9f8edbed50cb664b08ed761850f95f48e86cc71ef5
# Components of the world, source, and kernels
export WORLDPARTS=base catpages dict doc games info manpages proflibs
export SOURCEPARTS=base bin contrib crypto etc games gnu include krb5 \
lib libexec release rescue sbin secure share sys tools \
ubin usbin
export KERNELPARTS=generic
# EOL date
export EOL=1275289200
Thanks,
Jason
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Undelete or recover from badblocks on disks
Thanks Roland, smartctl showed disk to be fine! fls requires a disk image, is there one created by default in FreeBSD 6.0 . SYNOPSIS fls [-adDFlpruvV] [-m mnt ] [-z zone ] [-f fstype ] [-s seconds ] [-i imgtype ] [-o imgoffset ] image [images] [ inode ] Running fls in directory of deleted files/dir produced #fls -adr 2 Missing image file names (img_open) Is there a solution to this ? Roland Smith wrote: Check the disk with smartctl(8) from the sysutils/smartmontools port to check that this isn't a hardware malfunction. If it is a hardware malfunction, the disk is dying and should be replaced ASAP. If the hardware is OK, try fls from sysutils/sleuthkit. As long as the data isn't overwritten, it should still be there. Roland -- View this message in context: http://www.nabble.com/Undelete-or-recover-from-badblocks-on-disks-tp25498179p25518685.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
