Re: OpenVPN routing
On Tuesday 26 of April 2011 04:38:29, Ryan Coleman wrote: Also: [root@nbserver1 /usr/home/ryanc]# ifconfig em0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=98VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM ether 00:14:22:15:dc:65 inet 192.168.46.2 netmask 0xff00 broadcast 192.168.46.255 media: Ethernet autoselect (1000baseT full-duplex) status: active tap0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8LINKSTATE ether 00:bd:7e:86:1d:00 inet 192.168.47.1 netmask 0xff00 broadcast 192.168.47.255 Opened by PID 10341 bridge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 ether 46:e1:75:c6:a3:a7 inet 192.168.47.254 netmask 0xff00 broadcast 192.168.47.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: tap0 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 5 priority 128 path cost 200 member: em0 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 1 priority 128 path cost 2 On Apr 25, 2011, at 9:36 PM, Ryan Coleman wrote: I've got an OpenVPN connection working to my remote server, but I want to route the traffic to the local LAN. I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) from the remote machine. Server.conf: ... server 192.168.47.0 255.255.255.0 From the man openvpn(8): Don't use --server if you are ethernet bridging. Use --server- bridge instead. And additionally bridging means that you have to divide your local subnet(192.168.46.0/24) into two parts. Please have a look for the example at [1]. You may even not need bridging if you want to use two subnets of /24. Have you tried with standard setup(server) and configuring your default gateway(I suspect 192.168.46.1) with the routing information about openvpn subnet 192.168.47.0/24? [1] http://openvpn.net/index.php/open-source/documentation/miscellaneous/76- ethernet-bridging.html Maciej Milewski ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ZFS and zfsloader
On 04/25/2011 07:10 PM, Peter Toth wrote: Hi there, I've recently migrated my old laptop to a new one (both running R8.2 + ZFS). Used zfs send/recv and corrected mountpoints. On the old laptop I had my / sitting in zpool, on the new one I've created a separate zpool/root for /. Everything is working OK except one strangeness - the boot loader still reads the kernel out of zpool/boot instead of zpool/root/boot. I've reinstalled the boot code and the loader but this did not help. Anyone has an idea how to fix this? zpool set bootfs=zpool/root zpool The bootfs property on the zpool tells zfsboot which dataset contains the next boot stage (/boot.config or /boot/loader). -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net cyber...@cyberleo.net Furry Peace! - http://.fur.com/peace/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: disk problem: suggestion on how to handle...
On Tue, 26 Apr 2011 07:08:21 +0200 Denis Fortin for...@acm.org wrote: So, is there a way to mark the inode bad and then launch an fsck ? How can I turn offset=-574217714356717568 into a usable piece of information? It looks like something is causing geom to try and read way past the end of the disk? -- Bruce Cran ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: easy Firewall setup
On Mon, 25 Apr 2011 21:34:41 -0500, Antonio Olivares olivares14...@gmail.com wrote: Thanks for sharing this. I have a base FreeBSD 8.2 system on one machine and I would like to setup a firewall that allows me to visit websites and not allow incoming traffic. Something easy to set up and start like /etc/local/rc.d/rc.pf start or similar. A nice example which I can change somethings like name of network device, i.e, nv0, or similar device. I will try further reading and try to set something up as I am afraid to screw things up. You can easily do this with IPFW (from the base system) Step 1: Create a file /etc/ipfw.conf which will contain your firewall rules. Depending on what you need, try out something like this: -f flush add allow ip from any to any add allow tcp from any to any ftp in recv xl0 add allow tcp from any to any ssh in recv xl0 add deny ip from any to any Of course you'll have to replace xl0 with the correct device name; ifconfig -a will surely tell you. Please see that this is just an excerpt of an example. In this case, FTP and SSH should be allowed for incoming, everything else will be denied. If you do not want to use FTP - nobody seriously wants that :-) - do not enable it. The reference for SSH also goes to the default port, maybe you want to choose a different one. Step 2: Edit /etc/rc.conf to contain the following lines: firewall_enable=YES firewall_type=/etc/ipfw.conf Step 3: Start (or restart) the firewall: # /etc/rc.d/ipfw start See the information contained in man ipfw; it's strong tobacco, but it provides very good knowledge about how to properly configure the firewall, containing examples that you can use for form your own rules, like allow anything from inside to outside, but deny any requests coming from outside. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: disk problem: suggestion on how to handle...
On Tue, 26 Apr 2011 07:08:21 +0200, Denis Fortin for...@acm.org wrote: Good morning, I have a small server with an SSD drive in it that is having some problems. Notably, dmesg has been repeatedly reporting the following error message: g_vfs_done():ad0s1a[READ(offset=-574217714356717568, length=16384)]error = 5 I realize that the best course of action is to replace the disk and restore from a backup, but this isn't really an option immediately. You should replace it on the long run. :-) So, is there a way to mark the inode bad and then launch an fsck ? How can I turn offset=-574217714356717568 into a usable piece of information? You can use the tool badsect (from the base system) to mark a sector as bad, as inodes are dynamically allocated and do not hard-wiredly correspond to actual disk locations per se. A tool for clearing inode information is clri which should be used on unmounted partitions whenever possible. Files like /usr/src/sys/bio.h and /usr/src/sys/geom/geom_vfs.c give some hints about what the numbers are refering to. Sadly I'm not a system programmer, so I can't be more specific. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gpart questions
On 04/24/2011 12:24 PM, Helmut Schneider wrote: Hi, i'm playing around with (virtual) disks within a VMware ESXi 4.1 server: ... So, what did sysinstall that gpart didn't? You forgot to gpart create the inner BSD label on da1s1. 8 # mdconfig -a -t swap -s 512M md0 # gpart show md0 gpart: No such geom: md0. # gpart create -s mbr md0 md0 created # gpart show md0 = 9 1048563 md0 MBR (512M) 9 1048563 - free - (512M) # gpart add -b 63 -s 1048500 -t freebsd md0 md0s1 added # gpart show md0 = 9 1048563 md0 MBR (512M) 9 54 - free - (27K) 63 10485001 freebsd (512M) 10485639 - free - (4.5K) # gpart show md0s1 gpart: No such geom: md0s1. # gpart create -s bsd md0s1 md0s1 created # gpart show md0s1 = 0 1048500 md0s1 BSD (512M) 0 1048500 - free - (512M) # gpart add -b 16 -s 1048484 -t freebsd-ufs md0s1 md0s1a added # gpart show md0s1 = 0 1048500 md0s1 BSD (512M) 0 16 - free - (8.0K) 16 1048484 1 freebsd-ufs (512M) # ls -la /dev/md0* crw-r- 1 root operator0, 153 Apr 26 02:57 /dev/md0 crw-r- 1 root operator0, 157 Apr 26 02:58 /dev/md0s1 crw-r- 1 root operator0, 159 Apr 26 03:03 /dev/md0s1a 8 -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net cyber...@cyberleo.net Furry Peace! - http://.fur.com/peace/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gpart questions
On Tue, 26 Apr 2011 03:10:48 -0500 CyberLeo Kitsana cyber...@cyberleo.net wrote: # gpart add -b 63 -s 1048500 -t freebsd md0 You could simplify it by using: gpart add -b 63 -t freebsd md0 # gpart add -b 16 -s 1048484 -t freebsd-ufs md0s1 Likewise: gpart add -b 16 -t freebsd-ufs md0s1 Or, if you want to specify a size, you can use -s 512m -- Bruce Cran ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: easy Firewall setup
On 26 April 2011 08:52, Polytropon free...@edvax.de wrote: On Mon, 25 Apr 2011 21:34:41 -0500, Antonio Olivares olivares14...@gmail.com wrote: Thanks for sharing this. I have a base FreeBSD 8.2 system on one machine and I would like to setup a firewall that allows me to visit websites and not allow incoming traffic. Something easy to set up and start like /etc/local/rc.d/rc.pf start or similar. A nice example which I can change somethings like name of network device, i.e, nv0, or similar device. I will try further reading and try to set something up as I am afraid to screw things up. You can easily do this with IPFW (from the base system) Step 1: Create a file /etc/ipfw.conf which will contain your firewall rules. Depending on what you need, try out something like this: -f flush add allow ip from any to any add allow tcp from any to any ftp in recv xl0 add allow tcp from any to any ssh in recv xl0 add deny ip from any to any Of course you'll have to replace xl0 with the correct device name; ifconfig -a will surely tell you. Please see that this is just an excerpt of an example. In this case, FTP and SSH should be allowed for incoming, everything else will be denied. If you do not want to use FTP - nobody seriously wants that :-) - do not enable it. The reference for SSH also goes to the default port, maybe you want to choose a different one. Step 2: Edit /etc/rc.conf to contain the following lines: firewall_enable=YES firewall_type=/etc/ipfw.conf Step 3: Start (or restart) the firewall: # /etc/rc.d/ipfw start See the information contained in man ipfw; it's strong tobacco, but it provides very good knowledge about how to properly configure the firewall, containing examples that you can use for form your own rules, like allow anything from inside to outside, but deny any requests coming from outside. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org If you are new to firewalls and dont want to use something like pfsense, i would stay away from ipfw (wait for flames 8) ) . This is not for any technical reason as it is a perfectly good and well featured firewall. It is however in my experience from a few years ago a little trickier to get the rule orderings correct when you are natting things. Therefore I would advise you use pf. Here is a simple starter ruleset to get you going. Is provides no external access but you can easily uncomment the bits to allow things through. Just drop it into /etc/pf.conf and run echo -en pf_enable=yes\npflog_enable=yes /etc/rc.conf.local /etc/rc.d/pf start /etc/rc.d/pflog start ruleset -- ext_if=xl0 int_if=xl1 #table sshhosts const { 1.1.1.1, 2.2.2.2 } table internal_nets const { 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12 } # Options: tune the behavior of pf, default values are given. set timeout { interval 10, frag 30 } set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 } set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 } set timeout { udp.first 60, udp.single 30, udp.multiple 60 } set timeout { icmp.first 20, icmp.error 10 } set timeout { other.first 60, other.single 30, other.multiple 60 } set timeout { adaptive.start 80, adaptive.end 120 } set limit { states 100, frags 5, src-nodes 30 } #set loginterface none set optimization normal set block-policy drop set state-policy if-bound set skip on lo0 #set skip on $vpn_ints set require-order yes set fingerprints /etc/pf.os set skip on lo0 set skip on $int_if # Normalization: reassemble fragments and resolve or reduce traffic ambiguities. scrub all random-id fragment reassemble nat on $ext_if from internal_nets to any - ($ext_if) # dump everything by default block log on $ext_if all # uncomment this to allow ssh through # let ssh work and let those ppl ping me #block in on $ext_if proto tcp from any to any port ssh #pass in quick on $ext_if proto tcp from sshhosts to any port ssh keep state #pass in quick on $ext_if inet proto icmp from sshhosts to any icmp-type echoreq keep state #pass out quick on $ext_if proto tcp from any to any port ssh keep state pass out on $ext_if from any to any keep state --- ps i have ripped this out of my existing rule set so its possible typos have crept in ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Password theft from memory?
On Mon, 25 Apr 2011 22:56:14 -0400 Bob Hall rjh...@gmail.com wrote: On Mon, Apr 25, 2011 at 11:29:08PM +0100, RW wrote: On Mon, 25 Apr 2011 13:54:20 -0400 Bob Hall rjh...@gmail.com wrote: On Mon, Apr 25, 2011 at 05:46:33PM +0200, C. P. Ghost wrote: On Mon, Apr 25, 2011 at 5:15 PM, Bob Hall rjh...@gmail.com wrote: On Mon, Apr 25, 2011 at 03:18:46PM +0100, RW wrote: I don't believe the heap is allocated zeroed pages. The kernel does allocate such pages to the BSS segment, but that's because it holds zeroed data such as C static variables. According to McKusick and Neville-Neil's book on FreeBSD, sbrk extends the uninitialized data segment with zero-filled pages. Since malloc() is an interface to sbrk, it does the same thing. True, except that malloc(3) now uses both sbrk(2) and mmap(2) allocators, depending on the user-settable flags in /etc/malloc.conf, MALLOC_OPTIONS and the global variable _malloc_options. So you have to look into mmap(2) too. Good point. From the man page: Any such extension beyond the end of the mapped object will be zero-filled. and A successful mmap deletes any previous mapping in the allocated address range. The above quote refers to zeroing the fraction of a page that's left over when len isn't a multiple of the page size. The above quote states that the memory not occupied by the remapped object is zero filled. Which is to say that memory allocated by mmap() is either filled with new data or filled with zeros. In context it says: If len is not a multiple of the page-size, the mapped region may extend past the specified range. Any such extension beyond the end of the mapped object will be zero-filled. To me the most straightforward reading of that is that it's referring to non-aligned address ranges. Your interpretation may well be the intended one, but where would that leave the anonymous mappings used by malloc? Are we to think of them as extensions beyond a non-existent mapped object, and thus infer that they are zero-filled? It's a bit of a stretch from what's written. The reason I thought that heap memory isn't zeroed is from the discussion of pre-zeroed pages in this article: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/vm-design/prefault-optimizations.html It reads as if the BSS region is the only significant user of zeroed pages. It appears to me to say that any virtual pages allocated to a process are pre-zeroed, which would include the BSS segment. It says: A large percentage of page faults that occur are zero-fill faults. You can usually see this by observing the vmstat -s output. These occur when a process accesses pages in its BSS area. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Password theft from memory?
On Mon, 25 Apr 2011 23:29:08 +0100 RW rwmailli...@googlemail.com wrote: The reason I thought that heap memory isn't zeroed is from the discussion of pre-zeroed pages in this article: There's an idlezero task that runs by default (via the vm.idlezero_enable sysctl), zeroing unused pages, but malloc itself doesn't zero memory on demand by default. If you enable the 'Z' malloc.conf(3) option it does, though: ZEach byte of new memory allocated by malloc(), realloc() or reallocf() will be initialized to 0. Note that this initializa- tion only happens once for each byte, so realloc() and reallocf() calls do not zero memory that was previously allocated. This is intended for debugging and will impact performance negatively. -- Bruce Cran ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Password theft from memory?
On Tue, 26 Apr 2011 10:48:53 +0100 Bruce Cran br...@cran.org.uk wrote: On Mon, 25 Apr 2011 23:29:08 +0100 RW rwmailli...@googlemail.com wrote: The reason I thought that heap memory isn't zeroed is from the discussion of pre-zeroed pages in this article: There's an idlezero task that runs by default (via the vm.idlezero_enable sysctl), zeroing unused pages, That's pretty much what the article is describing. It's actually *off* by default in 8.2 because it causes lock-ups. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ZFS and zfsloader
On 04/26/11 19:24, CyberLeo Kitsana wrote: On 04/25/2011 07:10 PM, Peter Toth wrote: Hi there, I've recently migrated my old laptop to a new one (both running R8.2 + ZFS). Used zfs send/recv and corrected mountpoints. On the old laptop I had my / sitting in zpool, on the new one I've created a separate zpool/root for /. Everything is working OK except one strangeness - the boot loader still reads the kernel out of zpool/boot instead of zpool/root/boot. I've reinstalled the boot code and the loader but this did not help. Anyone has an idea how to fix this? zpool set bootfs=zpool/root zpool The bootfs property on the zpool tells zfsboot which dataset contains the next boot stage (/boot.config or /boot/loader). Worked like a charm! Many thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
error building kernel: nfs_clvfsops.o: In function `nfs_mount':, nfs_clvfsops.c:(.text+0x1638): undefined reference to `nfs_diskless_valid'
Since today's source (FreeBSD 9.0-CURRENT/amd64 (source is: Revision: 221060) update I get the follwoing error while building the kernel (options NFSD/options NFSCL instead of options NFSSERVER/options NFSCLIENT): cc -c -O2 -frename-registers -pipe -fno-strict-aliasing -march=native -std=c99 -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -W issing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -nostdinc -I. -I/usr/src/sys -I/usr/src/s s/contrib/altq -D_KERNEL -DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h -fno-common -finline-limit=8000 --param inline-unit-growth=100 --par m large-function-growth=1000 -fno-omit-frame-pointer -mcmodel=kernel -mno-red-zone -mfpmath=387 -mno-mmx -mno-3dnow -mno-sse -mno-sse2 -mno-ss 3 -msoft-float -fno-asynchronous-unwind-tables -ffreestanding -fstack-protector -Werror vers.c linking kernel nfs_clvfsops.o: In function `nfs_mount': nfs_clvfsops.c:(.text+0x1638): undefined reference to `nfs_diskless_valid' nfs_clvfsops.c:(.text+0x1652): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1658): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1689): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x16d1): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1712): undefined reference to `nfsv3_diskless' nfs_clvfsops.o:nfs_clvfsops.c:(.text+0x171b): more undefined references to `nfsv3_diskless' follow nfs_clvfsops.o: In function `nfs_mount': nfs_clvfsops.c:(.text+0x1e19): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e2a): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1e31): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e3d): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e44): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e4a): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e50): undefined reference to `nfs_diskless' nfs_clvfsops.o:nfs_clvfsops.c:(.text+0x1e57): more undefined references to `nfs_diskless' follow nfs_clvfsops.o: In function `nfs_mount': nfs_clvfsops.c:(.text+0x1e65): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1e6b): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1e73): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1e79): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1e80): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e87): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e8e): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e94): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e9a): undefined reference to `nfs_diskless' nfs_clvfsops.o:nfs_clvfsops.c:(.text+0x1ea0): more undefined references to `nfs_diskless' follow nfs_clvfsops.o: In function `nfs_mount': nfs_clvfsops.c:(.text+0x1eb3): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1ebd): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1ec4): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1ecb): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1ed2): undefined reference to `nfsv3_diskless' nfs_clvfsops.o:nfs_clvfsops.c:(.text+0x1ed9): more undefined references to `nfsv3_diskless' follow nfs_clvfsops.o: In function `nfs_mount': nfs_clvfsops.c:(.text+0x1f18): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1f1e): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1f33): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1f3a): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1f4b): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1f52): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1f5e): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1f6a): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1f71): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1f78): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1f83): undefined reference to `nfs_diskless_valid' nfs_clvfsops.c:(.text+0x1fcc): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1fd3): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1fd9): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x20ae): undefined reference to `nfsv3_diskless' nfs_clvfsops.o:(.data+0x1f8): undefined reference to `nfsv3_diskless' nfs_clvfsops.o:(.data+0x258): undefined reference to `nfsv3_diskless' nfs_clvfsops.o:(.data+0x2b8): undefined reference to `nfs_diskless_valid' *** Error code 1 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: error building kernel: nfs_clvfsops.o: In function `nfs_mount':, nfs_clvfsops.c:(.text+0x1638): undefined reference to `nfs_diskless_valid'
Since today's source (FreeBSD 9.0-CURRENT/amd64 (source is: Revision: 221060) update I get the follwoing error while building the kernel (options NFSD/options NFSCL instead of options NFSSERVER/options NFSCLIENT): cc -c -O2 -frename-registers -pipe -fno-strict-aliasing -march=native -std=c99 -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -W issing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -nostdinc -I. -I/usr/src/sys -I/usr/src/s s/contrib/altq -D_KERNEL -DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h -fno-common -finline-limit=8000 --param inline-unit-growth=100 --par m large-function-growth=1000 -fno-omit-frame-pointer -mcmodel=kernel -mno-red-zone -mfpmath=387 -mno-mmx -mno-3dnow -mno-sse -mno-sse2 -mno-ss 3 -msoft-float -fno-asynchronous-unwind-tables -ffreestanding -fstack-protector -Werror vers.c linking kernel nfs_clvfsops.o: In function `nfs_mount': nfs_clvfsops.c:(.text+0x1638): undefined reference to `nfs_diskless_valid' nfs_clvfsops.c:(.text+0x1652): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1658): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1689): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x16d1): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1712): undefined reference to `nfsv3_diskless' nfs_clvfsops.o:nfs_clvfsops.c:(.text+0x171b): more undefined references to `nfsv3_diskless' follow nfs_clvfsops.o: In function `nfs_mount': nfs_clvfsops.c:(.text+0x1e19): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e2a): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1e31): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e3d): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e44): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e4a): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e50): undefined reference to `nfs_diskless' nfs_clvfsops.o:nfs_clvfsops.c:(.text+0x1e57): more undefined references to `nfs_diskless' follow nfs_clvfsops.o: In function `nfs_mount': nfs_clvfsops.c:(.text+0x1e65): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1e6b): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1e73): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1e79): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1e80): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e87): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e8e): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e94): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e9a): undefined reference to `nfs_diskless' nfs_clvfsops.o:nfs_clvfsops.c:(.text+0x1ea0): more undefined references to `nfs_diskless' follow nfs_clvfsops.o: In function `nfs_mount': nfs_clvfsops.c:(.text+0x1eb3): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1ebd): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1ec4): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1ecb): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1ed2): undefined reference to `nfsv3_diskless' nfs_clvfsops.o:nfs_clvfsops.c:(.text+0x1ed9): more undefined references to `nfsv3_diskless' follow nfs_clvfsops.o: In function `nfs_mount': nfs_clvfsops.c:(.text+0x1f18): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1f1e): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1f33): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1f3a): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1f4b): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1f52): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1f5e): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1f6a): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1f71): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1f78): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1f83): undefined reference to `nfs_diskless_valid' nfs_clvfsops.c:(.text+0x1fcc): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1fd3): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1fd9): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x20ae): undefined reference to `nfsv3_diskless' nfs_clvfsops.o:(.data+0x1f8): undefined reference to `nfsv3_diskless' nfs_clvfsops.o:(.data+0x258): undefined reference to `nfsv3_diskless' nfs_clvfsops.o:(.data+0x2b8): undefined reference to `nfs_diskless_valid' *** Error code 1 Oops, you'll have to add options NFS_ROOT to your kernel config until I commit a fix. Thanks for spotting it, rick ps: And a fresh config KERNEL followed by a build. I suspect you already did that.
Re: OpenVPN routing
On Mon, Apr 25, 2011 at 10:36 PM, Ryan Coleman ryan.cole...@cwis.biz wrote: I've got an OpenVPN connection working to my remote server, but I want to route the traffic to the local LAN. I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) from the remote machine. Server.conf: local 192.168.46.2 port 1194 proto udp dev tap ca keys/cacert.pem cert keys/server.crt key keys/server.key # This file should be kept secret dh keys/dh1024.pem # Don't put this in the keys directory unless user nobody can read it crl-verify keys/crl.pem #Make sure this is your tunnel address pool server 192.168.47.0 255.255.255.0 ifconfig-pool-persist ipp.txt #This is the route to push to the client, add more if necessary #push route 192.168.46.254 255.255.255.0 push route 192.168.47.0 255.255.255.0 push dhcp-option DNS 192.168.45.10 keepalive 10 120 cipher BF-CBC #Blowfish encryption comp-lzo #fragment user nobody group nobody persist-key persist-tun status openvpn-status.log verb 6 mute 5 client.conf: #Begin client.conf client dev tap proto udp remote sub.domain.ltd 1194 nobind user nobody group nobody persist-key persist-tun #crl-verify #remote-cert-tls server ca keys/cacert.pem cert keys/ryanc.crt key keys/ryanc.key cipher BF-CBC comp-lzo verb 3 mute 20 Any ideas? As I said, I can talk to the remote server, but not the local LAN. To throw a new curveball in the mix, I'd like to talk to 192.168.45.0/24 - which we have another VPN connecting the two networks (not running on a VPN I can do much with). Thanks, Ryan___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Do you have packet forwarding (routing /gateway) enabled? An all-important, yet sometimes forgotten step... check if: sysctl net.inet.ip.forwarding returns 1 for enabled or not. You can enable it right away by setting to 1, and/or view the instructions in the handbook for greater detail including how to set as a startup option as well: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html -- Nathan Vidican nat...@vidican.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN routing
On Apr 26, 2011, at 8:32 AM, Nathan Vidican wrote: On Mon, Apr 25, 2011 at 10:36 PM, Ryan Coleman ryan.cole...@cwis.biz wrote: I've got an OpenVPN connection working to my remote server, but I want to route the traffic to the local LAN. I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) from the remote machine. Server.conf: local 192.168.46.2 port 1194 proto udp dev tap ca keys/cacert.pem cert keys/server.crt key keys/server.key # This file should be kept secret dh keys/dh1024.pem # Don't put this in the keys directory unless user nobody can read it crl-verify keys/crl.pem #Make sure this is your tunnel address pool server 192.168.47.0 255.255.255.0 ifconfig-pool-persist ipp.txt #This is the route to push to the client, add more if necessary #push route 192.168.46.254 255.255.255.0 push route 192.168.47.0 255.255.255.0 push dhcp-option DNS 192.168.45.10 keepalive 10 120 cipher BF-CBC #Blowfish encryption comp-lzo #fragment user nobody group nobody persist-key persist-tun status openvpn-status.log verb 6 mute 5 client.conf: #Begin client.conf client dev tap proto udp remote sub.domain.ltd 1194 nobind user nobody group nobody persist-key persist-tun #crl-verify #remote-cert-tls server ca keys/cacert.pem cert keys/ryanc.crt key keys/ryanc.key cipher BF-CBC comp-lzo verb 3 mute 20 Any ideas? As I said, I can talk to the remote server, but not the local LAN. To throw a new curveball in the mix, I'd like to talk to 192.168.45.0/24 - which we have another VPN connecting the two networks (not running on a VPN I can do much with). Do you have packet forwarding (routing /gateway) enabled? An all-important, yet sometimes forgotten step... check if: sysctl net.inet.ip.forwarding returns 1 for enabled or not. You can enable it right away by setting to 1, and/or view the instructions in the handbook for greater detail including how to set as a startup option as well: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html Yes, it is enabled. And Maciej, I had server-bridge running before and it wasn't routing ICMP, nor anything else. I have ipnat enabled - as was recommended by one guide - and am routing everything from 192.168.47.0/24 to 0.0.0.0/32 (I'm not well versed on this specific area but that seems like it should be 0/0, right?) Relevant rc.conf: defaultrouter=192.168.46.254 hostname=nbserver1.allstatecom.local ifconfig_em0=inet 192.168.46.2 netmask 255.255.255.0 openvpn_enable=YES openvpn_configfile=/usr/local/etc/openvpn/server.conf gateway_enable=YES ipnat_enable=YES Thanks again, Ryan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: easy Firewall setup
Antonio Olivares wrote: Dear kind folks, Is there an easy firewall setup available somewhere(like the one referenced below but for FreeBSD)? i.e, like I saw reading in Distrowatch an easy way(using a page on the net: http://connie.slackware.com/~alien/efg/) I have read that there is pf and there is an implementation by OpenBSD and both are available on FreeBSD via ports system/packages. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html I don't know which one to use, is there a page, howto (build a firewall or convert an existing one) to use here? All I want is to be allowed to visit websites but don't allow anyone out there to come in somehow a template that I can use and try out to see if I can get it working. Of course the network name might be different, but I can try to figure things out. ne0, fe0, ra0, ..., etc After figuring this out, my next big job/task is to use FreeBSD to make up a new router/dhcp server to give/assign ip numbers to machines from one and give to many. This has been something hard that I have failed at several times. Maybe with FreeBSD I can be successfull? Thanks, Antonio The Freebsd handbook has a very detailed section on the firewalls that are part of the base system. Start there. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Heads up: was Re: error building kernel: nfs_clvfsops.o: In function `nfs_mount':, nfs_clvfsops.c:(.text+0x1638): undefined reference to `nfs_diskless_valid'
Since today's source (FreeBSD 9.0-CURRENT/amd64 (source is: Revision: 221060) update I get the follwoing error while building the kernel (options NFSD/options NFSCL instead of options NFSSERVER/options NFSCLIENT): cc -c -O2 -frename-registers -pipe -fno-strict-aliasing -march=native -std=c99 -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -W issing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -nostdinc -I. -I/usr/src/sys -I/usr/src/s s/contrib/altq -D_KERNEL -DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h -fno-common -finline-limit=8000 --param inline-unit-growth=100 --par m large-function-growth=1000 -fno-omit-frame-pointer -mcmodel=kernel -mno-red-zone -mfpmath=387 -mno-mmx -mno-3dnow -mno-sse -mno-sse2 -mno-ss 3 -msoft-float -fno-asynchronous-unwind-tables -ffreestanding -fstack-protector -Werror vers.c linking kernel nfs_clvfsops.o: In function `nfs_mount': nfs_clvfsops.c:(.text+0x1638): undefined reference to `nfs_diskless_valid' nfs_clvfsops.c:(.text+0x1652): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1658): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1689): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x16d1): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1712): undefined reference to `nfsv3_diskless' nfs_clvfsops.o:nfs_clvfsops.c:(.text+0x171b): more undefined references to `nfsv3_diskless' follow nfs_clvfsops.o: In function `nfs_mount': nfs_clvfsops.c:(.text+0x1e19): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e2a): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1e31): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e3d): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e44): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e4a): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e50): undefined reference to `nfs_diskless' nfs_clvfsops.o:nfs_clvfsops.c:(.text+0x1e57): more undefined references to `nfs_diskless' follow nfs_clvfsops.o: In function `nfs_mount': nfs_clvfsops.c:(.text+0x1e65): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1e6b): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1e73): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1e79): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1e80): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e87): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e8e): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e94): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e9a): undefined reference to `nfs_diskless' nfs_clvfsops.o:nfs_clvfsops.c:(.text+0x1ea0): more undefined references to `nfs_diskless' follow nfs_clvfsops.o: In function `nfs_mount': nfs_clvfsops.c:(.text+0x1eb3): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1ebd): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1ec4): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1ecb): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1ed2): undefined reference to `nfsv3_diskless' nfs_clvfsops.o:nfs_clvfsops.c:(.text+0x1ed9): more undefined references to `nfsv3_diskless' follow nfs_clvfsops.o: In function `nfs_mount': nfs_clvfsops.c:(.text+0x1f18): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1f1e): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1f33): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1f3a): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1f4b): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1f52): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1f5e): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1f6a): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1f71): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1f78): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1f83): undefined reference to `nfs_diskless_valid' nfs_clvfsops.c:(.text+0x1fcc): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1fd3): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1fd9): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x20ae): undefined reference to `nfsv3_diskless' nfs_clvfsops.o:(.data+0x1f8): undefined reference to `nfsv3_diskless' nfs_clvfsops.o:(.data+0x258): undefined reference to `nfsv3_diskless' nfs_clvfsops.o:(.data+0x2b8): undefined reference to `nfs_diskless_valid' *** Error code 1 Oops, you'll have to add options NFS_ROOT to your kernel config until I commit a fix.
Re: easy Firewall setup
On Tue, 26 Apr 2011, Polytropon wrote: You can easily do this with IPFW (from the base system) Step 1: Create a file /etc/ipfw.conf which will contain your firewall rules. /etc/rc.firewall has a bunch of predefined firewall types, usable as-is or as examples. Instructions are in that file. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Suddenly lots processes exits signal 11 (core dumped)
Hi list, I have a system running FreeBSD 7.3. Its main function is running Postfix SMTP server and a few perl based content filters. Nothing exotic really. It has been nicely up and running approx 150 days when it suddenly starts behaving very strange. First I noticed a converter script failing. It is basically a small shell script that converts a quite big file replacing a few words using sed. The output is mostly damaged. Another problem is that lots of processes exits signal 11 (core dumped). And I need to restart them by hand. See dmesg output below. I know I don't give you guys much to go on. I just want to know it it's possible to find out somehow if some hardware is failing and must be changed. My first thought was overheating. But my collegue went to the site and he said the hardware is not hot at all. TIA, Mikael # dmesg Copyright (c) 1992-2010 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 7.3-RELEASE-p2 #0: Mon Jul 12 19:23:19 UTC 2010 r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 Timecounter i8254 frequency 1193182 Hz quality 0 CPU: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (1600.01-MHz K8-class CPU) Origin = GenuineIntel Id = 0x106c2 Stepping = 2 Features=0xbfe9fbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE Features2=0x40e31dSSE3,DTES64,MON,DS_CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE AMD Features=0x20100800SYSCALL,NX,LM AMD Features2=0x1LAHF TSC: P-state invariant Cores per package: 2 Logical CPUs per core: 2 usable memory = 3475918848 (3314 MB) avail memory = 3353677824 (3198 MB) ACPI APIC Table: 081309 APIC0925 FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 2 ioapic0: Changing APIC ID to 3 ioapic0 Version 1.1 irqs 0-23 on motherboard kbd1 at kbdmux0 acpi0: 081309 RSDT0925 on motherboard acpi0: [ITHREAD] acpi0: Power Button (fixed) acpi0: reservation of fefe1000, 1000 (3) failed acpi0: reservation of fee01000, ff000 (3) failed acpi0: reservation of fec0, 1000 (3) failed acpi0: reservation of fee0, 1000 (3) failed acpi0: reservation of 0, a (3) failed acpi0: reservation of 10, dff0 (3) failed Timecounter ACPI-safe frequency 3579545 Hz quality 850 acpi_timer0: 32-bit timer at 3.579545MHz port 0x4008-0x400b on acpi0 acpi_hpet0: High Precision Event Timer iomem 0xfed0-0xfed003ff on acpi0 Timecounter HPET frequency 2500 Hz quality 900 pcib0: ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0 pci0: ACPI PCI bus on pcib0 pci0: memory, RAM at device 0.1 (no driver attached) isab0: PCI-ISA bridge port 0x4f00-0x4fff at device 3.0 on pci0 isa0: ISA bus on isab0 pci0: memory, RAM at device 3.1 (no driver attached) pci0: serial bus, SMBus at device 3.2 (no driver attached) pci0: memory, RAM at device 3.3 (no driver attached) pci0: processor at device 3.5 (no driver attached) ohci0: OHCI (generic) USB controller mem 0xfae7f000-0xfae7 irq 22 at device 4.0 on pci0 ohci0: [GIANT-LOCKED] ohci0: [ITHREAD] usb0: OHCI version 1.0, legacy support usb0: SMM does not respond, resetting usb0: OHCI (generic) USB controller on ohci0 usb0: USB revision 1.0 uhub0: nVidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 on usb0 uhub0: 6 ports with 6 removable, self powered ehci0: EHCI (generic) USB 2.0 controller mem 0xfae7ec00-0xfae7ecff irq 23 at device 4.1 on pci0 ehci0: [GIANT-LOCKED] ehci0: [ITHREAD] usb1: EHCI version 1.0 usb1: companion controller, 12 ports each: usb0 usb1: EHCI (generic) USB 2.0 controller on ehci0 usb1: USB revision 2.0 uhub1: nVidia EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 on usb1 uhub1: 6 ports with 6 removable, self powered ohci1: OHCI (generic) USB controller mem 0xfae7d000-0xfae7dfff irq 20 at device 6.0 on pci0 ohci1: [GIANT-LOCKED] ohci1: [ITHREAD] usb2: OHCI version 1.0, legacy support usb2: SMM does not respond, resetting usb2: OHCI (generic) USB controller on ohci1 usb2: USB revision 1.0 uhub2: nVidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 on usb2 uhub2: 6 ports with 6 removable, self powered ehci1: EHCI (generic) USB 2.0 controller mem 0xfae7e800-0xfae7e8ff irq 21 at device 6.1 on pci0 ehci1: [GIANT-LOCKED] ehci1: [ITHREAD] usb3: EHCI version 1.0 usb3: companion controller, 12 ports each: usb2 usb3: EHCI (generic) USB 2.0 controller on ehci1 usb3: USB revision 2.0 uhub3: nVidia EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 on usb3 uhub3: 6 ports with 6 removable, self powered pci0: multimedia, HDA at device 8.0 (no driver attached) pcib1: ACPI PCI-PCI bridge at device 9.0 on pci0 pci1: ACPI PCI bus on pcib1 nfe0: NVIDIA nForce MCP79 Networking Adapter port 0xd080-0xd087 mem 0xfae7c000-0xfae7cfff,0xfae7e400-0xfae7e4ff,0xfae7e000-0xfae7e00f irq 23 at device 10.0 on pci0 miibus0: MII bus on
Re: Password theft from memory?
On Tue, Apr 26, 2011 at 11:41 AM, RW rwmailli...@googlemail.com wrote: The above quote states that the memory not occupied by the remapped object is zero filled. Which is to say that memory allocated by mmap() is either filled with new data or filled with zeros. In context it says: If len is not a multiple of the page-size, the mapped region may extend past the specified range. Any such extension beyond the end of the mapped object will be zero-filled. To me the most straightforward reading of that is that it's referring to non-aligned address ranges. Your interpretation may well be the intended one, but where would that leave the anonymous mappings used by malloc? Are we to think of them as extensions beyond a non-existent mapped object, and thus infer that they are zero-filled? It's a bit of a stretch from what's written. While it's not a *proof*, you could always do a little bit of black box testing. 1, So how about a little C program scanner.c that allocates a huge heap via mmap(2)'s malloc(3) backend, and crawls that buffer, looking for the first non-zero byte? If we always get zero-filled pages, you shouldn't find any non-zero bytes there. 2. For good measure, another program filler.c could fill a huge heap with a particular easily recognizable pattern (say something like 0xdeadbeef), and exit; and then, scanner.c could not only check for non-zero byes, but also for that particular pattern. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Suddenly lots processes exits signal 11 (core dumped)
On 26 Apr 2011 15:18, Mikael Bak m...@inbox.lv wrote: Hi list, I have a system running FreeBSD 7.3. Its main function is running Postfix SMTP server and a few perl based content filters. Nothing exotic really. It has been nicely up and running approx 150 days when it suddenly starts behaving very strange. First I noticed a converter script failing. It is basically a small shell script that converts a quite big file replacing a few words using sed. The output is mostly damaged. Another problem is that lots of processes exits signal 11 (core dumped). And I need to restart them by hand. See dmesg output below. Have you run memtest86? Looks like a textbook bad RAM issue. Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Suddenly lots processes exits signal 11 (core dumped)
On Tue, Apr 26, 2011 at 4:02 PM, Mikael Bak m...@inbox.lv wrote: Hi list, I have a system running FreeBSD 7.3. Its main function is running Postfix SMTP server and a few perl based content filters. Nothing exotic really. It has been nicely up and running approx 150 days when it suddenly starts behaving very strange. First I noticed a converter script failing. It is basically a small shell script that converts a quite big file replacing a few words using sed. The output is mostly damaged. Another problem is that lots of processes exits signal 11 (core dumped). And I need to restart them by hand. See dmesg output below. I know I don't give you guys much to go on. I just want to know it it's possible to find out somehow if some hardware is failing and must be changed. My first thought was overheating. But my collegue went to the site and he said the hardware is not hot at all. If you didn't update the OS or the apps, it is almost certainly hardware- related. Probably a bad PSU, or bad RAM. The box doesn't have to overheat when one of those are degraded. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN routing
On Tue, Apr 26, 2011 at 8:45 AM, Ryan Coleman ryan.cole...@cwis.biz wrote: On Apr 26, 2011, at 8:32 AM, Nathan Vidican wrote: On Mon, Apr 25, 2011 at 10:36 PM, Ryan Coleman ryan.cole...@cwis.biz wrote: I've got an OpenVPN connection working to my remote server, but I want to route the traffic to the local LAN. I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) from the remote machine. Server.conf: local 192.168.46.2 port 1194 proto udp dev tap ca keys/cacert.pem cert keys/server.crt key keys/server.key # This file should be kept secret dh keys/dh1024.pem # Don't put this in the keys directory unless user nobody can read it crl-verify keys/crl.pem #Make sure this is your tunnel address pool server 192.168.47.0 255.255.255.0 ifconfig-pool-persist ipp.txt #This is the route to push to the client, add more if necessary #push route 192.168.46.254 255.255.255.0 push route 192.168.47.0 255.255.255.0 push dhcp-option DNS 192.168.45.10 keepalive 10 120 cipher BF-CBC #Blowfish encryption comp-lzo #fragment user nobody group nobody persist-key persist-tun status openvpn-status.log verb 6 mute 5 client.conf: #Begin client.conf client dev tap proto udp remote sub.domain.ltd 1194 nobind user nobody group nobody persist-key persist-tun #crl-verify #remote-cert-tls server ca keys/cacert.pem cert keys/ryanc.crt key keys/ryanc.key cipher BF-CBC comp-lzo verb 3 mute 20 Any ideas? As I said, I can talk to the remote server, but not the local LAN. To throw a new curveball in the mix, I'd like to talk to 192.168.45.0/24 - which we have another VPN connecting the two networks (not running on a VPN I can do much with). Do you have packet forwarding (routing /gateway) enabled? An all-important, yet sometimes forgotten step... check if: sysctl net.inet.ip.forwarding returns 1 for enabled or not. You can enable it right away by setting to 1, and/or view the instructions in the handbook for greater detail including how to set as a startup option as well: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html Yes, it is enabled. And Maciej, I had server-bridge running before and it wasn't routing ICMP, nor anything else. I have ipnat enabled - as was recommended by one guide - and am routing everything from 192.168.47.0/24 to 0.0.0.0/32 (I'm not well versed on this specific area but that seems like it should be 0/0, right?) Relevant rc.conf: defaultrouter=192.168.46.254 hostname=nbserver1.allstatecom.local ifconfig_em0=inet 192.168.46.2 netmask 255.255.255.0 openvpn_enable=YES openvpn_configfile=/usr/local/etc/openvpn/server.conf gateway_enable=YES ipnat_enable=YES Thanks again, Ryan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org If you need to route LAN - TO - LAN just enable the client-to-client. Its a Security Feature of OpenVPN http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing -- Still Going Strong!!! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN routing
On Tuesday 26 of April 2011 15:45:22, Ryan Coleman wrote: I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) from the remote machine. ... push route 192.168.47.0 255.255.255.0 Have you tried adding the route to 192.168.46.0/24 subnet into the vpn client? You want to ping the host/interface on different subnet. If you don't set the routing to this subnet how your client should know that he needs to put that packet through tap interface not defaultroute which I suspect is different? Can you show the output of netstat -rn of the vpn client? You may try to look into tcpdump on the vpn router to find what is going with your packets.And for such scenario like vpnclient-vpnserver-network you may even not need nat just simple routing will be enough as long as you set it up on right. My setup is based on tun interfaces and works like a charm. I don't use nat and I only added routing info to the specific routers in the internal networks. Maciej Milewski ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Suddenly lots processes exits signal 11 (core dumped)
Chris Rees wrote: On 26 Apr 2011 15:18, Mikael Bak m...@inbox.lv mailto:m...@inbox.lv wrote: Hi list, I have a system running FreeBSD 7.3. Its main function is running Postfix SMTP server and a few perl based content filters. Nothing exotic really. It has been nicely up and running approx 150 days when it suddenly starts behaving very strange. First I noticed a converter script failing. It is basically a small shell script that converts a quite big file replacing a few words using sed. The output is mostly damaged. Another problem is that lots of processes exits signal 11 (core dumped). And I need to restart them by hand. See dmesg output below. Have you run memtest86? Looks like a textbook bad RAM issue. Chris Hi, Thanks fot the fast answer! No I haven't yet. Thanks for the tip! Mikael ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Suddenly lots processes exits signal 11 (core dumped)
C. P. Ghost wrote: On Tue, Apr 26, 2011 at 4:02 PM, Mikael Bak m...@inbox.lv wrote: Hi list, I have a system running FreeBSD 7.3. Its main function is running Postfix SMTP server and a few perl based content filters. Nothing exotic really. It has been nicely up and running approx 150 days when it suddenly starts behaving very strange. First I noticed a converter script failing. It is basically a small shell script that converts a quite big file replacing a few words using sed. The output is mostly damaged. Another problem is that lots of processes exits signal 11 (core dumped). And I need to restart them by hand. See dmesg output below. I know I don't give you guys much to go on. I just want to know it it's possible to find out somehow if some hardware is failing and must be changed. My first thought was overheating. But my collegue went to the site and he said the hardware is not hot at all. If you didn't update the OS or the apps, it is almost certainly hardware- related. Probably a bad PSU, or bad RAM. The box doesn't have to overheat when one of those are degraded. Hi, Thanks fot the fast answer! The OS is regularly updated with freebsd-update, but only within 7.3 version. The apps are regularly updated with portmaster. So I can't say nothig's ever changed. But I can only say that this is the only machine I've ever seen behave like this. TIA, Mikael ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Heads up: was Re: error building kernel: nfs_clvfsops.o: In function `nfs_mount':, nfs_clvfsops.c:(.text+0x1638): undefined reference to `nfs_diskless_valid'
On 04/26/11 15:54, Rick Macklem wrote: Since today's source (FreeBSD 9.0-CURRENT/amd64 (source is: Revision: 221060) update I get the follwoing error while building the kernel (options NFSD/options NFSCL instead of options NFSSERVER/options NFSCLIENT): cc -c -O2 -frename-registers -pipe -fno-strict-aliasing -march=native -std=c99 -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -W issing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -nostdinc -I. -I/usr/src/sys -I/usr/src/s s/contrib/altq -D_KERNEL -DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h -fno-common -finline-limit=8000 --param inline-unit-growth=100 --par m large-function-growth=1000 -fno-omit-frame-pointer -mcmodel=kernel -mno-red-zone -mfpmath=387 -mno-mmx -mno-3dnow -mno-sse -mno-sse2 -mno-ss 3 -msoft-float -fno-asynchronous-unwind-tables -ffreestanding -fstack-protector -Werror vers.c linking kernel nfs_clvfsops.o: In function `nfs_mount': nfs_clvfsops.c:(.text+0x1638): undefined reference to `nfs_diskless_valid' nfs_clvfsops.c:(.text+0x1652): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1658): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1689): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x16d1): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1712): undefined reference to `nfsv3_diskless' nfs_clvfsops.o:nfs_clvfsops.c:(.text+0x171b): more undefined references to `nfsv3_diskless' follow nfs_clvfsops.o: In function `nfs_mount': nfs_clvfsops.c:(.text+0x1e19): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e2a): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1e31): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e3d): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e44): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e4a): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e50): undefined reference to `nfs_diskless' nfs_clvfsops.o:nfs_clvfsops.c:(.text+0x1e57): more undefined references to `nfs_diskless' follow nfs_clvfsops.o: In function `nfs_mount': nfs_clvfsops.c:(.text+0x1e65): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1e6b): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1e73): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1e79): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1e80): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e87): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e8e): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e94): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1e9a): undefined reference to `nfs_diskless' nfs_clvfsops.o:nfs_clvfsops.c:(.text+0x1ea0): more undefined references to `nfs_diskless' follow nfs_clvfsops.o: In function `nfs_mount': nfs_clvfsops.c:(.text+0x1eb3): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1ebd): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1ec4): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1ecb): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1ed2): undefined reference to `nfsv3_diskless' nfs_clvfsops.o:nfs_clvfsops.c:(.text+0x1ed9): more undefined references to `nfsv3_diskless' follow nfs_clvfsops.o: In function `nfs_mount': nfs_clvfsops.c:(.text+0x1f18): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1f1e): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1f33): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1f3a): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1f4b): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1f52): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1f5e): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1f6a): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1f71): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1f78): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1f83): undefined reference to `nfs_diskless_valid' nfs_clvfsops.c:(.text+0x1fcc): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x1fd3): undefined reference to `nfs_diskless' nfs_clvfsops.c:(.text+0x1fd9): undefined reference to `nfsv3_diskless' nfs_clvfsops.c:(.text+0x20ae): undefined reference to `nfsv3_diskless' nfs_clvfsops.o:(.data+0x1f8): undefined reference to `nfsv3_diskless' nfs_clvfsops.o:(.data+0x258): undefined reference to `nfsv3_diskless' nfs_clvfsops.o:(.data+0x2b8): undefined reference to `nfs_diskless_valid' *** Error code 1 Oops, you'll have to add options NFS_ROOT to your kernel config until I commit a fix. This should be fixed by r221066. You will need to do a fresh config KERNEL etc after upgrading past r221032. (I should have sent an email w.r.t. this yesterday, sorry.) rick I did
Hardware suggestions
I'm looking for new hardware for my web filter (FreeBSD + dansguardian + squid). Can anyone suggest good (or warn about bad) models of hardware for this? I'm looking for a small tower or compact chassis (not rack mount) with two ethernet interfaces. I'd like RAID-1 as well, if possible. I can spend anywhere from $1,000 to $3,500. My current system works well (2.0GHz, dual core, 8GB RAM, RAID-1, two 160GB disks, 3 100Mbps NICs), but I want to replace it with two identical boxes. Right now, its a single point of failure. So I'm hoping to rsync configs between two systems that are on line at all times. Then, if I need up upgrade software or the hardware breaks, I can just swap the box. Any pointers on this project are appreciated, especially what models of computers would work well with FreeBSD. Thanks in advance, Jaime -- Network Administrator Cairo-Durham Central School District http://cns.cairodurham.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Hardware suggestions
On Tue, Apr 26, 2011 at 12:04 PM, Jaime Kikpole jkikp...@cairodurham.org wrote: I'm looking for new hardware for my web filter (FreeBSD + dansguardian + squid). Can anyone suggest good (or warn about bad) models of hardware for this? I'm looking for a small tower or compact chassis (not rack mount) with two ethernet interfaces. I'd like RAID-1 as well, if possible. I can spend anywhere from $1,000 to $3,500. My current system works well (2.0GHz, dual core, 8GB RAM, RAID-1, two 160GB disks, 3 100Mbps NICs), but I want to replace it with two identical boxes. Right now, its a single point of failure. So I'm hoping to rsync configs between two systems that are on line at all times. Then, if I need up upgrade software or the hardware breaks, I can just swap the box. Any pointers on this project are appreciated, especially what models of computers would work well with FreeBSD. Thanks in advance, Jaime Just out of curiosity, why not rack-mounted boxed? You don't have to necessarily mount them I ran 2 1U boxes under a desk for years, they stood up on their short edge and leaned against the wall and no one was the wiser to them being their (and they kept my feet warm in the winter :P) -- A: Yes. Q: Are you sure? A: Because it reverses the logical flow of conversation. Q: Why is top posting frowned upon? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Hardware suggestions
On Tue, Apr 26, 2011 at 12:34 PM, Chris Brennan xa...@xaerolimit.net wrote: Just out of curiosity, why not rack-mounted boxed? Space issues. They'll have to either fit on a shelf in one of two rooms, depending on the outcome of some other things. Any thoughts on brand or model? Thanks, Jaime -- Network Administrator Cairo-Durham Central School District http://cns.cairodurham.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Suddenly lots processes exits signal 11 (core dumped)
I second the idea that this is a RAM issue. Power down, ground yourself, remove and re-seat the RAM and see if the problem goes away. On 04/26/2011 07:35, Mikael Bak wrote: C. P. Ghost wrote: On Tue, Apr 26, 2011 at 4:02 PM, Mikael Bakm...@inbox.lv wrote: Hi list, I have a system running FreeBSD 7.3. Its main function is running Postfix SMTP server and a few perl based content filters. Nothing exotic really. It has been nicely up and running approx 150 days when it suddenly starts behaving very strange. First I noticed a converter script failing. It is basically a small shell script that converts a quite big file replacing a few words using sed. The output is mostly damaged. Another problem is that lots of processes exits signal 11 (core dumped). And I need to restart them by hand. See dmesg output below. I know I don't give you guys much to go on. I just want to know it it's possible to find out somehow if some hardware is failing and must be changed. My first thought was overheating. But my collegue went to the site and he said the hardware is not hot at all. If you didn't update the OS or the apps, it is almost certainly hardware- related. Probably a bad PSU, or bad RAM. The box doesn't have to overheat when one of those are degraded. Hi, Thanks fot the fast answer! The OS is regularly updated with freebsd-update, but only within 7.3 version. The apps are regularly updated with portmaster. So I can't say nothig's ever changed. But I can only say that this is the only machine I've ever seen behave like this. TIA, Mikael ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Dave Robison Sales Solution Architect II FIS Banking Solutions 510/621-2089 (w) 530/518-5194 (c) 510/621-2020 (f) da...@vicor.com david.robi...@fisglobal.com _ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. _ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Hardware suggestions
On 26/04/2011 18:45, Jaime Kikpole wrote: On Tue, Apr 26, 2011 at 12:34 PM, Chris Brennanxa...@xaerolimit.net wrote: Just out of curiosity, why not rack-mounted boxed? Space issues. They'll have to either fit on a shelf in one of two rooms, depending on the outcome of some other things. Any thoughts on brand or model? Thanks, Jaime hi If you google for low power pc you'll find some interesting machines mostly mini-itx with atom processors. EG you could have a look at http://www.fit-pc.com/web/fit-pc2/fit-pc2i-specifications/ and http://www.lowpowerpcs.co.uk/ I think some of these have been discussed on this list, certainly mini-itx boards have. chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Hardware suggestions
On Tue, 26 Apr 2011 20:09:41 +0100 Chris Whitehouse cwhi...@onetel.com articulated: On 26/04/2011 18:45, Jaime Kikpole wrote: On Tue, Apr 26, 2011 at 12:34 PM, Chris Brennanxa...@xaerolimit.net wrote: Just out of curiosity, why not rack-mounted boxed? Space issues. They'll have to either fit on a shelf in one of two rooms, depending on the outcome of some other things. Any thoughts on brand or model? If you google for low power pc you'll find some interesting machines mostly mini-itx with atom processors. The Intel Atom is Intel's line of low-power, low-cost and low-performance x86 and x86-64 microprocessors. It sounds like the OP is interested in something more substantial. -- Jerry ✌ jerry+f...@seibercom.net Disclaimer: off-list followups get on-list replies, ignored or reported as Spam. Do not CC this poster. Please do not ignore the Reply-To header. __ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Suddenly lots processes exits signal 11 (core dumped)
-Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- questi...@freebsd.org] On Behalf Of Robison, Dave Sent: Tuesday, April 26, 2011 10:46 AM To: freebsd-questions@freebsd.org Subject: Re: Suddenly lots processes exits signal 11 (core dumped) I second the idea that this is a RAM issue. Power down, ground yourself, remove and re-seat the RAM and see if the problem goes away. Here's a small ISO containing memtest86 (and more). This ISO is a hybrid ISO meaning that you can either burn it to CD/DVD and boot off it, or you can dd(1) it to a thumb drive and boot off that. http://sourceforge.net/projects/druidbsd/files/Druid-0.0.iso/download Here's the instructions for writing it to USB (you likely already know how to write an ISO to CD/DVD): 1. Download Druid-0.0.iso 2. Insert thumb drive 3. Execute: camcontrol devlist NOTE: find the `daN' device associated with your thumb drive 4. Execute: dd if=Druid-0.0.iso of=/dev/da5 NOTE: assuming `da5' is your thumb drive --- At this point, your thumb drive is ready to rock and roll --- Continue on to create a 2nd [visible] partition beyond the primary bootable [invisible] partition (allowing you to use the remainder of your thumb drive for usable storage)... 5. Execute: echo p 2 0x0c * * | fdisk -f - /dev/da5 NOTE: again, assuming `da5' is your thumb drive 6. Execute: newfs_msdos /dev/da5s2 NOTE: again, assuming `da5' is your thumb drive That's it. You now have a thumb drive with: a. An invisible boot partition for booting into Druid (a disc full of tools). b. A visible partition for storage, usable under Mac, Windows, Linux, and UNIX. NOTE: This won't work with just ANY iso file, just ISOs that have been post-processed with ISOLINUX's isohybrid utility. -- Devin On 04/26/2011 07:35, Mikael Bak wrote: C. P. Ghost wrote: On Tue, Apr 26, 2011 at 4:02 PM, Mikael Bakm...@inbox.lv wrote: Hi list, I have a system running FreeBSD 7.3. Its main function is running Postfix SMTP server and a few perl based content filters. Nothing exotic really. It has been nicely up and running approx 150 days when it suddenly starts behaving very strange. First I noticed a converter script failing. It is basically a small shell script that converts a quite big file replacing a few words using sed. The output is mostly damaged. Another problem is that lots of processes exits signal 11 (core dumped). And I need to restart them by hand. See dmesg output below. I know I don't give you guys much to go on. I just want to know it it's possible to find out somehow if some hardware is failing and must be changed. My first thought was overheating. But my collegue went to the site and he said the hardware is not hot at all. If you didn't update the OS or the apps, it is almost certainly hardware- related. Probably a bad PSU, or bad RAM. The box doesn't have to overheat when one of those are degraded. Hi, Thanks fot the fast answer! The OS is regularly updated with freebsd-update, but only within 7.3 version. The apps are regularly updated with portmaster. So I can't say nothig's ever changed. But I can only say that this is the only machine I've ever seen behave like this. TIA, Mikael ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- unsubscr...@freebsd.org -- Dave Robison Sales Solution Architect II FIS Banking Solutions 510/621-2089 (w) 530/518-5194 (c) 510/621-2020 (f) da...@vicor.com david.robi...@fisglobal.com _ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. _ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org _ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. _ ___ freebsd-questions@freebsd.org mailing list
Re: OpenVPN routing
On Apr 26, 2011, at 9:53 AM, Maciej Milewski wrote: On Tuesday 26 of April 2011 15:45:22, Ryan Coleman wrote: I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) from the remote machine. ... push route 192.168.47.0 255.255.255.0 Have you tried adding the route to 192.168.46.0/24 subnet into the vpn client? You want to ping the host/interface on different subnet. If you don't set the routing to this subnet how your client should know that he needs to put that packet through tap interface not defaultroute which I suspect is different? Can you show the output of netstat -rn of the vpn client? You may try to look into tcpdump on the vpn router to find what is going with your packets.And for such scenario like vpnclient-vpnserver-network you may even not need nat just simple routing will be enough as long as you set it up on right. My setup is based on tun interfaces and works like a charm. I don't use nat and I only added routing info to the specific routers in the internal networks. Maciej Milewski I'm going to have to get this information when I get home and am not on the office LAN. I can do ping tests specifically through the tap0 interface but not check the netstat report properly from inside the network. -- Ryan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN routing
On Apr 26, 2011, at 3:50 PM, Ryan Coleman wrote: On Apr 26, 2011, at 9:53 AM, Maciej Milewski wrote: On Tuesday 26 of April 2011 15:45:22, Ryan Coleman wrote: I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) from the remote machine. ... push route 192.168.47.0 255.255.255.0 Have you tried adding the route to 192.168.46.0/24 subnet into the vpn client? You want to ping the host/interface on different subnet. If you don't set the routing to this subnet how your client should know that he needs to put that packet through tap interface not defaultroute which I suspect is different? Can you show the output of netstat -rn of the vpn client? You may try to look into tcpdump on the vpn router to find what is going with your packets.And for such scenario like vpnclient-vpnserver-network you may even not need nat just simple routing will be enough as long as you set it up on right. My setup is based on tun interfaces and works like a charm. I don't use nat and I only added routing info to the specific routers in the internal networks. Maciej Milewski I'm going to have to get this information when I get home and am not on the office LAN. I can do ping tests specifically through the tap0 interface but not check the netstat report properly from inside the network. Maciej, Here you go: Ryan-Colemans-MacBook-Pro:~ ryanjcole$ netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default10.0.1.1 UGSc 610 en1 10.0.1/24 link#5 UCS 30 en1 10.0.1.1 0:23:12:f7:37:cc UHLWI 89 1268 en1 1142 10.0.1.2 0:14:d1:1f:79:1b UHLWI 0 837 en1183 10.0.1.198 127.0.0.1 UHS 00 lo0 10.0.1.255 ff:ff:ff:ff:ff:ff UHLWbI 06 en1 127127.0.0.1 UCS 00 lo0 127.0.0.1 127.0.0.1 UH 2 75 lo0 169.254link#5 UCS 00 en1 172.16.87/24 link#7 UC 10 vmnet1 172.16.87.255 ff:ff:ff:ff:ff:ff UHLWbI 03 vmnet1 192.168.46 192.168.47.2 UGSc00tap0 192.168.47 link#10UC 10tap0 192.168.47.2 link#10UHLWI 10tap0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%lo0/64 fe80::1%lo0 Uc lo0 fe80::1%lo0 link#1 UHL lo0 fe80::%en1/64 link#5 UC en1 fe80::224:36ff:fea1:1d68%en10:24:36:a1:1d:68UHLW en1 fe80::9227:e4ff:fef8:b2fb%en1 90:27:e4:f8:b2:fb UHL lo0 ff01::/32 ::1 Um lo0 ff02::/32 ::1 UmC lo0 ff02::/32 link#5 UmC en1 Ryan-Colemans-MacBook-Pro:~ ryanjcole$ ping 192.168.46.2 PING 192.168.46.2 (192.168.46.2): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 Request timeout for icmp_seq 2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN routing
On Apr 26, 2011, at 9:07 AM, Diego Arias wrote: If you need to route LAN - TO - LAN just enable the client-to-client. Its a Security Feature of OpenVPN http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing I've done that and it had no effect :-\___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Suddenly lots processes exits signal 11 (core dumped)
On Tue, 26 Apr 2011, Devin Teske wrote: Continue on to create a 2nd [visible] partition beyond the primary bootable [invisible] partition (allowing you to use the remainder of your thumb drive for usable storage)... 5. Execute: echo p 2 0x0c * * | fdisk -f - /dev/da5 NOTE: again, assuming `da5' is your thumb drive tripel# echo p 2 0x0c * * | fdisk -f - /dev/da0 *** Working on device /dev/da0 *** fdisk: Class not found tripel# Any notion why? `man fdisk` isn't much help. Thanks. -- Chris Hill ch...@monochrome.org ** [ Busy Expunging / ] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Suddenly lots processes exits signal 11 (core dumped)
-Original Message- From: Chris Hill [mailto:ch...@monochrome.org] Sent: Tuesday, April 26, 2011 4:51 PM To: Devin Teske Cc: david.robi...@fisglobal.com; freebsd-questions@freebsd.org; Teske, Devin Subject: RE: Suddenly lots processes exits signal 11 (core dumped) On Tue, 26 Apr 2011, Devin Teske wrote: Continue on to create a 2nd [visible] partition beyond the primary bootable [invisible] partition (allowing you to use the remainder of your thumb drive for usable storage)... 5. Execute: echo p 2 0x0c * * | fdisk -f - /dev/da5 NOTE: again, assuming `da5' is your thumb drive tripel# echo p 2 0x0c * * | fdisk -f - /dev/da0 *** Working on device /dev/da0 *** fdisk: Class not found tripel# Hmmm. Odd. That's worked for me on FreeBSD-4.11, 6.1, 7.2, and 8.1 (both i386 and amd64). What's the output of: uname -spr Also, after completing the dd(1) command, what's the output of: fdisk -p /dev/da5 It should look something like this: # /dev/da5 g c31 h64 s32 p 1 0x17 1 64259 a 1 Something you might also want to try is zapping the disk (wiping all contents) prior to trying again: dd if=/dev/zero of=/dev/da5 I once had a thumb drive that had slackware on it that needed to be zapped in the above manner before it worked properly. -- Devin Any notion why? `man fdisk` isn't much help. Thanks. -- Chris Hill ch...@monochrome.org ** [ Busy Expunging / ] _ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. _ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Password theft from memory?
On Tue, 26 Apr 2011 16:23:11 +0200 C. P. Ghost cpgh...@cordula.ws wrote: On Tue, Apr 26, 2011 at 11:41 AM, RW rwmailli...@googlemail.com wrote: The above quote states that the memory not occupied by the remapped object is zero filled. Which is to say that memory allocated by mmap() is either filled with new data or filled with zeros. In context it says: If len is not a multiple of the page-size, the mapped region may extend past the specified range. Any such extension beyond the end of the mapped object will be zero-filled. To me the most straightforward reading of that is that it's referring to non-aligned address ranges. Your interpretation may well be the intended one, but where would that leave the anonymous mappings used by malloc? Are we to think of them as extensions beyond a non-existent mapped object, and thus infer that they are zero-filled? It's a bit of a stretch from what's written. While it's not a *proof*, you could always do a little bit of black box testing. I didn't really doubt it, if sbrk zero-filled then it would be a major security regression if mmap didn't provide the same behaviour. From vm_fault.c it looks clear a zeroed page is allocated when the location is neither file-backed nor written-out to swap. That's probably why mmap(2) doesn't bother to mention zero-filling except in a special case. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Suddenly lots processes exits signal 11 (core dumped)
On 4/26/2011 7:50 PM, Chris Hill wrote: [snip] tripel# echo p 2 0x0c * * | fdisk -f - /dev/da0 *** Working on device /dev/da0 *** fdisk: Class not found tripel# Try (note the single quotes): tripel# echo 'p 2 0x0c * *' | fdisk -f - /dev/da0 Just a hunch but perhaps the shell is globbing a filename. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Hardware suggestions
On Tue, 26 Apr 2011 12:04:34 -0400, Jaime Kikpole jkikp...@cairodurham.org said: J I'm looking for new hardware for my web filter (FreeBSD + dansguardian + J squid). Have a look at the Ars Technica system guides for suggestions on rolling your own PC. They discuss three general-purpose systems with an eye towards good gaming performance: the Budget Box ($600-$800), the Hot Rod (slightly higher-end at $1400-1600), and the God Box for when you hit the lottery. They don't emphasize any one OS, so check against the FreeBSD hardware compatibility list. http://arstechnica.com/gadgets/guides/2011/03/ars-system-guide-march-2011-edition.ars/ -- Karl Vogel I don't speak for the USAF or my company We are reluctant to admit that we owe our liberties to men of a type that today we hate and fear - unruly men, disturbers of the peace, men who resent and denounce what Whitman called the insolence of elected persons - in a word, free men. --Gerald W. Johnson, American Freedom and the Press, 1958 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
hello
Hello can you help me, i will freebsd 8.1 32bit downgraden to freebsd 7.1 or 7.2 as ? Please Help Marco Boelen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
was the problem/problemS surrounding upgrading bind9 fixed?
Guys, I never got my old, bind9[3.X] that is past its EOL to upgrade. Pretty sure I read about the same problem I found that some others had to. Am I misinformed? thanks in advance. gary -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix Journey Toward the Dawn, E-Book: http://www.thought.org The 7.98a release of Jottings: http://jottings.thought.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org