Re: Two Networks on one System
Here is what the issue is right now. The remote campus in question has been on number space that was part of our Class B network. They got a block of subnets for their DNS's and campus enterprises and work stations. We secured them their own number space and they are migrating from their portion of our network to their new network and both nets are presented routable from the rest of the world. If you do a whois query for their domain, you get the address on our network of their primary DNS. When one updates the whois data, there is a lag of some hours until new queries start going to the new address of their primary DNS. In the mean time, we don't really care but we would like for the new interface for the primary to be reachable so that the minute the information changes, we're answering lookups. After that point, we will permanently take down the old interface address on our network and probably reboot with the normal configuration now being the new IP address. The problem I have, probably due to a misunderstanding of what I need to do, is easy to describe. The defaultrouter statement in rc.conf or route add default x.x.x.x from the command line sets an interface to know that packets whose destinations or sources that are outside the subnet go to that default gateway. When I set up the secondary interface, I have not been able to come up with a statement or statements that tell fxp1 that it's default router is y.y.y.y so you can't ever reach it from outside the new subnet. Once traffic ever gets in to the system, it will probably stay together based on the interface where it came from, but it won't have to do it for hopefully more than a few hours. I have tried both a second physical connection and an alias and have ended up with the same behavior each time. Since we have the second NIC active, I prefer to use it if I can ever get it to use its router just like the primary interface does. Right now, I can get on to our secondary DNS which is in the same subnet as the new address for the primary and log right in to the primary through the new interface. From anywhere else on the Earth, that new address is as dead as a doornail. I certainly appreciate every posting so far as routing is one of the thorniest issues one can encounter in networking so the more one is aware of, the less head-scratching and frustration there is. Martin McCormick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd list admins?
On Mon, 20 Jun 2011 23:52:23 -0400 Robert Simmons articulated: Who is the admin for freebsd-quesitons and freebsd-security? There seems to be a few email addresses that are subscribed to these lists that keep spamming it periodically, or in the case of freebsd-security actually don't exist and have a broken mailserver that sends a reponse back to the list. The addresses don't seem to be changing, so would it not be easy for an admin to remove those addresses from the list? I've tried sending emails to postmas...@freebsd.org about it, but I get no response, so I figure I'm barking up the wrong tree there. You have voiced a concern that has been voiced here several times in the past. Unfortunately, this is an open list; ie, anyone subscribed or not can post. This leads to the inevitable problems that plague this forum. I have tried contacting the postmaster in the past also. Personally, I think it would be easier to contact Jimmy Hoffa(1). Occasionally you will see some reference to moderators, but then again, I have never witnessed any actual intervention on their part. Of course, I have also seen references to Santa Clause and the Easter Bunny although I have never personally witnessed either of them. Now, if this forum were conducted under the same restraints that the Postfix forums(2) adhere to, the quality of advice given and basic overall quality of this forum would increase immeasurably. It is my personal view that FreeBSD-Questions should be consolidated into the chat forum. Chat forums are rarely moderated and tend to be open to the general public. The Questions forum has deteriorated to the level of SlashDot which has deteriorated to the level of a cesspool. At least SlashDot openly admits that they allow (encourage) Anonymous Coward to post. (1) http://en.wikipedia.org/wiki/Jimmy_Hoffa (2) http://www.postfix.org/lists.html -- Jerry ✌ jerry+f...@seibercom.net Disclaimer: off-list followups get on-list replies or ignored. Do not CC this poster. Please do not ignore the Reply-To header. http://www.catb.org/~esr/faqs/smart-questions.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Point me to resource or user info
On 21 June 2011 04:44, Allen chef11...@aol.com wrote: Been on Linux maybe 10-12 distributions for 10 years, am 80 and always been curious about BSD so finally getting around to it. Presently sadly my new Toshiba L675D seems to have some Linux incompatibilities so I have win 7 with Ubuntu 10.04.2 wubi. I do have a huge data partition that could be resized and wondering if some kind soul would offer options based on my present configuration. I do have wireless network. Thank you Best place for you to start is by reading the Freebsd Handbook http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ and the Freebsd installer guide http://www.a1poweruser.com/ Its easy to clobber the PCs primary operating system so before installing on your new Toshiba L675D be sure to create backups or better yet swap the hard drive with a empty one to play on until you have learned what your doing. Good luck and enjoy. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Point me to resource or user info
On Tue, 21 Jun 2011 07:50:42 -0400 Fbsd8 articulated: On 21 June 2011 04:44, Allen chef11...@aol.com wrote: Been on Linux maybe 10-12 distributions for 10 years, am 80 and always been curious about BSD so finally getting around to it. Presently sadly my new Toshiba L675D seems to have some Linux incompatibilities so I have win 7 with Ubuntu 10.04.2 wubi. I do have a huge data partition that could be resized and wondering if some kind soul would offer options based on my present configuration. I do have wireless network. Thank you Best place for you to start is by reading the Freebsd Handbook http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ and the Freebsd installer guide http://www.a1poweruser.com/ Its easy to clobber the PCs primary operating system so before installing on your new Toshiba L675D be sure to create backups or better yet swap the hard drive with a empty one to play on until you have learned what your doing. This PC supports Wi-Fi® Wireless networking (802.11b/g/n); however, FreeBSD has extremely poor support for N class devices. You might find that to be a show stopper. -- Jerry ✌ jerry+f...@seibercom.net Disclaimer: off-list followups get on-list replies or ignored. Do not CC this poster. Please do not ignore the Reply-To header. http://www.catb.org/~esr/faqs/smart-questions.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Two Networks on one System
On 6/21/11 6:41 AM, Damien Fleuriot wrote: On 6/21/11 2:32 AM, Jerome Herman wrote: On 21/06/2011 00:13, Jon Radel wrote: So depending on the client route, packets from a given IP address can land on either interface. Actually two clients nated behind the same public address might end up on both interfaces at the same time. Even though your solution should work 99% of the time , it can lead to pretty strange behavior. I am not completely sure of how reply-to works, notably with keep state (and of course OpenBSD manuals on PF are down right now, at least from here). I remember attempting similar setups and having quite a lot of trouble with ICMP (especially RST for that matter). I most emphatically did NOT write that. Somebody else isn't quoting properly. --Jon Radel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Point me to resource or user info
Hi, Allen wrote: Been on Linux maybe 10-12 distributions for 10 years, am 80 and always been curious about BSD so finally getting around to it. Presently sadly my new Toshiba L675D seems to have some Linux incompatibilities so I have win 7 with Ubuntu 10.04.2 wubi. I do have a huge data partition that could be resized and wondering if some kind soul would offer options based on my present configuration. I do have wireless network. Thank you You mailed the wrong list, This list ctm-us...@freebsd.org is for very specialised usages, for list of lists, see http://lists.freebsd.org/mailman/listinfo So in this reply I set: To: Allen chef11...@aol.com bcc:ctm-us...@freebsd.org cc: questi...@freebsd.org reply-to: questi...@freebsd.org, Allen chef11...@aol.com, Julian H. Stacey j...@berklix.com Welcome to BSD, There's quite a few BSDs http://www.berklix.com/bsd/ prob. something like FreeBSD or PC-BSD will suit you best. Yes, you can shrink your Win 7 partition. I answered a similar question recently http://berklix.com/~jhs/txt/install_bsd.html Summary of methods/ other answers: Using programs runs on MS, some commercial, some free Running a free live Linux CD such as knoppix shrink from there. Boot an existing(*) FreeBSD run ntfsresize(*) http://www.berklix.com/~jhs/txt/install_bsd.html#ntfsresize http://www.berklix.com/~jhs/src/bsd/fixes/FreeBSD/ports/jhs/sysutils/ntfsprogs/files/README.JHS (*) We havent yet (as of 8.2-RELEASE) put ntfsresize on FreeBSD livefs boot media (I mean to submit a send-pr for that some time, unless someone else beets me to it (welcome) :-) For now remove disc, connect it to another machine running BSD, build install /usr/ports/sysutils/ntfsprogs run ntfresize Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below, not above; Indent with ; Cumulative like a play script. Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Two Networks on one System
On 6/21/11 7:28 AM, Martin McCormick wrote: The problem I have, probably due to a misunderstanding of what I need to do, is easy to describe. The defaultrouter statement in rc.conf or route add default x.x.x.x from the command line sets an interface to know that packets whose destinations or sources that are outside the subnet go to that default gateway. There is only one default gateway per FreeBSD machine. When I set up the secondary interface, I have not been able to come up with a statement or statements that tell fxp1 that it's default router is y.y.y.y so you can't ever reach it from outside the new subnet. This, in of itself, doesn't follow. In the absence of stateful firewalls and anti-spoofing filtering (blocking packets that don't have a source IP address on the expected list), or a complete disconnect between your networks, any packet coming in fxp1 can have a reply go out fxp0, to the default gateway, and get where it's going just fine. We can quibble over the finer details of the evils of asymmetrical routing some other day, but fundamentally an IP network doesn't care in the SLIGHTEST which route a packet takes to get where it's going. I have tried both a second physical connection and an alias and have ended up with the same behavior each time. Since we have the second NIC active, I prefer to use it if I can ever get it to use its router just like the primary interface does. As hinted at above, this is possibly not a FreeBSD issue at all. Without knowledge of how your network actually works, there's not too much more to be said, but one of the following should be true: 1) You don't have stateful firewalling and anti-spoofing filtering in the way, and something on your network is broken, as the default FreeBSD behavior should simply work if you've got a network that is simply transitioning from one set of addresses to another. 2) If you really can't reply to the same default gateway for everything, you'll need to do either policy-based routing or add more specific routes, depending on whether outgoing traffic can be segregated by source address, destination address, etc. However, since it appears that you don't actually have 2 networks at all, given your clarification that you've tried an interface alias, I'm left with one key question: Are your two gateways two different interfaces, or one interface with two different IP addresses? If the former, I'd try policy-based routing. If the latter, I'd check my firewall rules really carefully. Next step in any case should probably be to do some packet sniffing to confirm that packets from the outside world to the new address actually get to you in the first place. Or have you confirmed this from DNS logs or something else? --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Two Networks on one System
This, in of itself, doesn't follow. In the absence of stateful firewalls and anti-spoofing filtering (blocking packets that don't have a source IP address on the expected list), While I can't comment on anyone else's environment, it is in my experience very common in most corporate and educational settings for routers to have anti-spoofing rules that will drop anything with an ip address that does not originate on the local subnet. -- Lars ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Two Networks on one System
When I set up the secondary interface, I have not been able to come up with a statement or statements that tell fxp1 that it's default router is y.y.y.y so you can't ever reach it from outside the new subnet. What you want to do is called policy routing or source routing, since you want to select a route based on your local address. While I've done this frequently under Linux, I've never had to set this up on a FreeBSD system. It looks like you would do this through the pf subsystem...unfortunately, openbsd.org appears to be down right now, and that appears to be the repository for the pf documentation. Look at the ROUTING section of the pf.conf(5) man page. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Two Networks on one System
On 6/21/11 1:28 PM, Martin McCormick wrote: Here is what the issue is right now. The remote campus in question has been on number space that was part of our Class B network. They got a block of subnets for their DNS's and campus enterprises and work stations. We secured them their own number space and they are migrating from their portion of our network to their new network and both nets are presented routable from the rest of the world. If you do a whois query for their domain, you get the address on our network of their primary DNS. When one updates the whois data, there is a lag of some hours until new queries start going to the new address of their primary DNS. In the mean time, we don't really care but we would like for the new interface for the primary to be reachable so that the minute the information changes, we're answering lookups. After that point, we will permanently take down the old interface address on our network and probably reboot with the normal configuration now being the new IP address. The problem I have, probably due to a misunderstanding of what I need to do, is easy to describe. The defaultrouter statement in rc.conf or route add default x.x.x.x from the command line sets an interface to know that packets whose destinations or sources that are outside the subnet go to that default gateway. When I set up the secondary interface, I have not been able to come up with a statement or statements that tell fxp1 that it's default router is y.y.y.y so you can't ever reach it from outside the new subnet. Once traffic ever gets in to the system, it will probably stay together based on the interface where it came from, but it won't have to do it for hopefully more than a few hours. I have tried both a second physical connection and an alias and have ended up with the same behavior each time. Since we have the second NIC active, I prefer to use it if I can ever get it to use its router just like the primary interface does. Right now, I can get on to our secondary DNS which is in the same subnet as the new address for the primary and log right in to the primary through the new interface. From anywhere else on the Earth, that new address is as dead as a doornail. I certainly appreciate every posting so far as routing is one of the thorniest issues one can encounter in networking so the more one is aware of, the less head-scratching and frustration there is. Martin McCormick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Let's summarize it like so: Your client has a DNS serveur called dns1. This server has an IP from your subnet, from example 100.100.100.53 in 100.100.100.0/24 Your client has gotten 200.200.200.0/24 from the RIPE NCC and wants to migrate to their new IP range. Your client wants and needs to maintain their 100.100.100.0/24 addresses for some time. First, on dns1, you'll configure an interface with both public IPs, either on a vlan interface or on a physical interface: CURRENT: ifconfig em0 inet 100.100.100.53/24 route add default 100.100.100.1 PLANNED: ifconfig em0 inet 200.200.200.53/24 alias This command adds the 200.200.200.53 IP on your em0 interface but doesn't remove the previous one. Your now have em0 with 2 public IPs, one in each range. PROBLEM: However, if you try to ping 200.200.200.53, say from host 50.50.50.50, the server dns1 tries to reach you back with its default route at 100.100.100.1. Stateful filtering or simple antispoof rules prevent that. SOLUTION: You need a way to reply using a specific route depending on which IP was requested by the internet user at 50.50.50.50 If they queried 100.100.100.53, you need to route through 100.100.100.1. If they queried 200.200.200.53, you need to route through 200.200.200.1. TECHNICAL IMPLEMENTATION: pf provides the tools for what you'd like to do, through the reply-to option in access rules. Find below an example: # VARIABLES DEFS pub_if=em0 # Our network interface with the public IPs bound to it pub_100=100.100.100.53 # Our own IP in the 100.100.100.0/24 range gw_100=100.100.100.1 # Our ISP's router in the 100.100.100.0/24 range pub_200=200.200.200.53 # Our own IP in the 200.200.200.0/24 range gw_200=200.200.200.53 # Our ISP's router in the 200.200.200.0/24 range # ACCESS RULES pass in log on $pub_if reply-to ($pub_if $gw_100) inet proto {tcp,udp} from any to $pub_100 pass in log on $pub_if reply-to ($pub_if $gw_200) inet proto {tcp,udp} from any to $pub_200 That is all you need. Automatically, PF will use the router 100.100.100.1 for packets that were destined to IP 100.100.100.53 on server dns1 , and 200.200.200.1 for packets destined to 200.200.200.53 This solution provides the
sed argument processing b0rked?
I'm running into a weird problem with sed. I believe what I'm trying to do should work fine, but seem to be stymied by weirdness in sed's argument processing. This is on 8.2-RELEASE-p2. which sed /usr/bin/sed According to years of experience and re-reading the man page five times today this should work, however sed is treating the second -e as a file name: sed -i'' -e 's/^\(REVOKE ALL ON SCHEMA public FROM \)postgres/\1pgsql/' \ ? -e 's/^\(GRANT ALL ON SCHEMA public TO \)postgres/\1pgsql/'\ ? /tmp/pgdump sed: -e: No such file or directory If I drop the second -e it seems to work (the permission denied is expected): sed -i'' -e 's/^\(REVOKE ALL ON SCHEMA public FROM \)postgres/\1pgsql/' \ ? /tmp/pgdump sed: /tmp/pgdump: Permission denied This is contrary to the sed man page: A single command may be specified as the first argument to sed. Multiple commands may be specified by using the -e or -f options. All commands are applied to the input in the order they are specified regardless of their origin. I thought maybe it was an argument order problem, since -i is listed after -e in the syntax synopsis (sometimes that matters) but that is actually even weirder: sed -e 's/^\(REVOKE ALL ON SCHEMA public FROM \)postgres/\1pgsql/' \ -e 's/^\(GRANT ALL ON SCHEMA public TO \)postgres/\1pgsql/'\ -i'' /tmp/pgdump sed: -I or -i may not be used with stdin Fiddling around some more, I found that -e can't be supplied for the first command if there are multiple commands to be given.. but it does work if there's only one. That doesn't seem right. sed -i'' 's/^\(REVOKE ALL ON SCHEMA public FROM \)postgres/\1pgsql/' \ -e 's/^\(GRANT ALL ON SCHEMA public TO \)postgres/\1pgsql/'\ /tmp/pgdump sed: /tmp/pgdump: Permission denied However, that breaks again if -i is moved: sed 's/^\(REVOKE ALL ON SCHEMA public FROM \)postgres/\1pgsql/' \ -e 's/^\(GRANT ALL ON SCHEMA public TO \)postgres/\1pgsql/' \ -i'' /tmp/pgdump sed: -e: No such file or directory sed: s/^\(GRANT ALL ON SCHEMA public TO \)postgres/\1pgsql/: No such file or directory sed: -i: No such file or directory sed: /tmp/pgdump: Permission denied I'm fairly certain this has worked the way I'm expecting it to in the past. After all, I wrote it this way out of habit. Either way, it seems to me that argument processing in the current sed distributed with the OS is broken with respect to the way it's documented. Or am I missing something? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sed argument processing b0rked?
sed -i'' -e 's/^\(REVOKE ALL ON SCHEMA public FROM \)postgres/\1pgsql/' \ ? -e 's/^\(GRANT ALL ON SCHEMA public TO \)postgres/\1pgsql/' \ ? /tmp/pgdump sed: -e: No such file or directory If you put a space after -i: sed -i '' ... It will work. The '-i' option takes an argument, and if you put a null argument right next to it, with no spaces, the shell doesn't see anything there. That is, this: -i'' Is exactly equivalent to this: -i Which means that sed is consuming the following argument as the extension...so the first '-e' is the argument to the '-i' option. -- Lars ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sed argument processing b0rked?
On 2011/06/21, at 11:24, Lars Kellogg-Stedman wrote: sed -i'' -e 's/^\(REVOKE ALL ON SCHEMA public FROM \)postgres/\1pgsql/' \ ? -e 's/^\(GRANT ALL ON SCHEMA public TO \)postgres/\1pgsql/'\ ? /tmp/pgdump sed: -e: No such file or directory If you put a space after -i: sed -i '' ... Aha... I knew it had to be something. I couldn't quite wrap my head around the idea that sed is misbehaving.. it seems way too old and set in its ways for that. However, I did get the -i'' syntax from somewhere.. perhaps it's a GNUism and I just forgot where I picked it up. Thanks for the correction!___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sed argument processing b0rked?
Aha... I knew it had to be something. I couldn't quite wrap my head around the idea that sed is misbehaving.. it seems way too old and set in its ways for that. However, I did get the -i'' syntax from somewhere.. perhaps it's a GNUism and I just forgot where I picked it up. In GNU sed, the -i option does not require an argument, so sed -i -e 's/a/b/' -e 's/c/d/' ... is legal syntax. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Pointers to debugging slow iSCSI initiator performance
Folks I have a FreeBSD 8.1-STABLE system that I'm connecting via iSCSI to a Compellent SAN. The iscsi-initiator works fine but is very slow and given to periodic (very short) hangs. The issue is that we have subversion on it and it takes a long time to checkout some of our repos. Any pointers to tweaking the config or figuring out the cause of the slowness is appreciated. I haven't found many posts about the iscsi-initiator on FreeBSD in my searches. The config is below: arachnophile# dd if=/dev/zero of=/san/test.out bs=1M count=2048 2048+0 records in 2048+0 records out 2147483648 bytes transferred in 145.111894 secs (14798812 bytes/sec) arachnophile# uname -a FreeBSD arachnophile.virtc.com 8.1-STABLE FreeBSD 8.1-STABLE #0: Wed Oct 13 13:52:31 EDT 2010 r...@arachnophile.virtc.com:/usr/obj/usr/src/sys/ARACHNOPHILE amd64 arachnophile# more /etc/iscsi.conf compellent { initiatorname = arach TargetName = iqn.2002-03.com.compellent:5d3100067001 TargetAddress = 172.30.0.10:3260,0 } Hardware (in case it matters) is an IBM xSeries 346 CPU: Intel(R) Xeon(TM) CPU 3.40GHz (3400.16-MHz K8-class CPU) real memory = 2147483648 (2048 MB) arachnophile# netstat -I bge1 NameMtu Network Address Ipkts Ierrs IdropOpkts Oerrs Coll bge1 1500 Link#2 00:14:5e:2b:39:7d 353438253 0 0 438355075 0 0 bge1 1500 172.30.0.0172.30.0.66 353316523 - - 438348928 - - Thanks Viren Shah vs...@raytheonvtc.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Point me to resource or user info
and the Freebsd installer guide http://www.a1poweruser.com/ Hmmm... Wish I'd known about that a while back. It's more or less exactly what I've been looking for, a realy good how to guide for F'BSD. The only thing missing (had a quick look!) is details on Jails (they are mentioned, but you are pointed back at the Handbook..) However.. I've learnt something else already (Using mouse copy/paste function) so thanks very much for that site. Very good for us less (in F'BSD at least) experienced types. Cheers.. DaveB ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Two Networks on one System
Damien Fleuriot writes: SOLUTION: You need a way to reply using a specific route depending on which IP was requested by the internet user at 50.50.50.50 If they queried 100.100.100.53, you need to route through 100.100.100.1. If they queried 200.200.200.53, you need to route through 200.200.200.1. TECHNICAL IMPLEMENTATION: pf provides the tools for what you'd like to do, through the reply-to Thanks for that excellent explanation. Everybody has been very helpful so now, I at least know what I need to work on and many thanks for the example. I am not quoting the rest of the message, but will save it as I set up the rules. Again, thanks to all. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Two Networks on one System
On 06/21/11 12:41, Damien Fleuriot wrote: On 6/21/11 2:32 AM, Jerome Herman wrote: So depending on the client route, packets from a given IP address can land on either interface. Actually two clients nated behind the same public address might end up on both interfaces at the same time. Even though your solution should work 99% of the time , it can lead to pretty strange behavior. I am not completely sure of how reply-to works, notably with keep state (and of course OpenBSD manuals on PF are down right now, at least from here). I remember attempting similar setups and having quite a lot of trouble with ICMP (especially RST for that matter). This does not depend on the route the client takes, but rather on the IP the client tries to reach, wouldn't you agree ? Most of the problems I was afraid of were lifted when further explanations where given. But just for the records I would like to explain further what I meant, adding some examples. 1°) It is perfectly possible for a public IP to be routed differently depending on the ISP. Actually it is quite common when you have multiple provider to create shortcuts in the routing table. Let us say your main provider is ISP A who is officially routing your public IP, but you also have a privileged link with ISP B who will redirect any request made to your public IP to a private IP on your network (NAT or DMZ, your pick). All clients from ISP A will come to your public IP directly, all clients from ISP B will go through your private IP, but clients from ISP C ? Well it will depends on whether the route they elect goes to ISP A or ISP B first. 2°) Even if there are two distinct public addresses A B , what happens when two nated computers behind an public address Z try to connect to the server at the same time ? reply-to disturbs the normal flow of answers, in case two connections are attempted from the same distant address at the same moment (second SYN received before first SYN/ACK is sent ) what is supposed to happen. I think each connection will receive a proper SYN/ACK from the right interface, but I cannot find anything to confirm/infirm this. 3°) Another thing that can happen, in case the interface selection is route dependent, is that the route can change between packet N and packet N+1. In this case using reply-to will very probably lead to a connection RST on the second interface while the first will go into timeout. So basically these were the problematics I was trying to point out in my previous mail. Hope I am clearer now Jerome Herman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Two Networks on one System
On 6/21/11 6:30 PM, Jerome Herman wrote: On 06/21/11 12:41, Damien Fleuriot wrote: This does not depend on the route the client takes, but rather on the IP the client tries to reach, wouldn't you agree ? Most of the problems I was afraid of were lifted when further explanations where given. But just for the records I would like to explain further what I meant, adding some examples. 1°) It is perfectly possible for a public IP to be routed differently depending on the ISP. Actually it is quite common when you have multiple provider to create shortcuts in the routing table. Let us say your main provider is ISP A who is officially routing your public IP, but you also have a privileged link with ISP B who will redirect any request made to your public IP to a private IP on your network (NAT or DMZ, your pick). All clients from ISP A will come to your public IP directly, all clients from ISP B will go through your private IP, but clients from ISP C ? Well it will depends on whether the route they elect goes to ISP A or ISP B first. This has to do with BGP, transits and peerings, this is not really relevant to your case of having 2 public IPs served by a box. But then, to answer your question: Let's say you have 2 public and 1 private IP on the box. Traffic to public IP A has a reply-to to the ISP's router in network A. Traffic to public IP B has a reply-to to the ISP's router in network B. Traffic to private IP C has a reply-to to the ISP's router in network C. I really can not see what your concern is, here. In fact, this is pretty much what we use here, we have RDR rules set up on our firewalls to pass packets to our reverse proxies' private IPs. 2°) Even if there are two distinct public addresses A B , what happens when two nated computers behind an public address Z try to connect to the server at the same time ? reply-to disturbs the normal flow of answers, in case two connections are attempted from the same distant address at the same moment (second SYN received before first SYN/ACK is sent ) what is supposed to happen. I think each connection will receive a proper SYN/ACK from the right interface, but I cannot find anything to confirm/infirm this. What you need to take into account is that these are 2 different connections each with an ID, a source IP (shared: Z) and a source port (randomized). This will not be messed up by reply-to. 3°) Another thing that can happen, in case the interface selection is route dependent, is that the route can change between packet N and packet N+1. In this case using reply-to will very probably lead to a connection RST on the second interface while the first will go into timeout. We're talking about your own egress route here, which depends on the IP you are replying from. If you're replying with IP A, you'll use the router in network A. If you're replying with IP B, you'll use the router in network B. Whatever BGP topology changes your ISP undergoes at that time has no effect on this part of networking. Now, if your primary ISP were to have a problem, BGP will converge and your secondary transit will be used to route packets to your public IPs. In this case of course, it is mandatory that when ISP1 fails, ISP2 takes over the router IPs you're using in networks A and B. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Two Networks on one System
On 06/21/11 18:45, Damien Fleuriot wrote: On 6/21/11 6:30 PM, Jerome Herman wrote: On 06/21/11 12:41, Damien Fleuriot wrote: This does not depend on the route the client takes, but rather on the IP the client tries to reach, wouldn't you agree ? Most of the problems I was afraid of were lifted when further explanations where given. But just for the records I would like to explain further what I meant, adding some examples. 1°) It is perfectly possible for a public IP to be routed differently depending on the ISP. Actually it is quite common when you have multiple provider to create shortcuts in the routing table. Let us say your main provider is ISP A who is officially routing your public IP, but you also have a privileged link with ISP B who will redirect any request made to your public IP to a private IP on your network (NAT or DMZ, your pick). All clients from ISP A will come to your public IP directly, all clients from ISP B will go through your private IP, but clients from ISP C ? Well it will depends on whether the route they elect goes to ISP A or ISP B first. This has to do with BGP, transits and peerings, this is not really relevant to your case of having 2 public IPs served by a box. But then, to answer your question: Let's say you have 2 public and 1 private IP on the box. Traffic to public IP A has a reply-to to the ISP's router in network A. Traffic to public IP B has a reply-to to the ISP's router in network B. Traffic to private IP C has a reply-to to the ISP's router in network C. No, the problem is the following : Traffic to public IP A going through ISP X goes to interface 1 configured with public IP A Traffic to public IP A going through ISP Y goes to interface 2 configured with private IP C And no this is not a fantasy config that can only be found once every millennium when following a unicorn. There are actually quite a lot of setups that use this trick to work. I really can not see what your concern is, here. In fact, this is pretty much what we use here, we have RDR rules set up on our firewalls to pass packets to our reverse proxies' private IPs. 2°) Even if there are two distinct public addresses A B , what happens when two nated computers behind an public address Z try to connect to the server at the same time ? reply-to disturbs the normal flow of answers, in case two connections are attempted from the same distant address at the same moment (second SYN received before first SYN/ACK is sent ) what is supposed to happen. I think each connection will receive a proper SYN/ACK from the right interface, but I cannot find anything to confirm/infirm this. What you need to take into account is that these are 2 different connections each with an ID, a source IP (shared: Z) and a source port (randomized). This will not be messed up by reply-to. That is what I thought, but I can't seem to find a proper doc on the nook and crannies of reply-to and route-to. And I am always a bit cautious about the idea of checking BSD code myself to get answers. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
mind maps and tutorials?
i think there are only two mindmap programs in ports, vym and freemind. i must have spend a month trying to figure out freemind. last night i installed vym, and got pratically nowhere. if there is any tutorial on these two i can't find them. can any listmember give me a pointer to anything tutorial-like? gary ps: i have included BSD , linux. nothing. -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix Journey Toward the Dawn, E-Book: http://www.thought.org The 8.51a release of Jottings: http://jottings.thought.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: (no subject)
Your folder tmp is an own partition with just 1GB size. This partition is running full. Mon Jun 20 11:41:58 2011 849M /tmp Mon Jun 20 11:42:01 2011 Filesystem Size Used Avail Capacity Mounted on /dev/amrd0s1a 989M 987M -76M 108% / When a partition is over 100% its use backup place for defect sektors. A partition is/ was created with 110% and 10% are for defect sectors. A partition should not grow over 100%. Am 20.06.2011 12:25, schrieb Traiano Welcome: Hi Damien (apologies for top-posting, handicapped mail client). Actually, / (by /tmp) is filling up, and clearing very rapidly due to temp files being created and removed at high speed. We ca only see this by doing: --- #!/usr/bin/perl while(1){ $timestamp = localtime(); system(echo $timestamp `df -h /tmp` /home/traianow/dfstats.txt); system(echo $timestamp `du -sh /tmp` /home/traianow/dfstats.txt); sleep 1; } --- We're seeing this fast-changing disk space usage patterns like this, repeating every few tens of seconds: Mon Jun 20 11:41:54 2011 844M /tmp Mon Jun 20 11:41:55 2011 Filesystem Size Used Avail Capacity Mounted on /dev/amrd0s1a 989M 987M -76M 108% / Mon Jun 20 11:41:55 2011 849M /tmp Mon Jun 20 11:41:56 2011 Filesystem Size Used Avail Capacity Mounted on /dev/amrd0s1a 989M 987M -76M 108% / Mon Jun 20 11:41:56 2011 849M /tmp Mon Jun 20 11:41:57 2011 Filesystem Size Used Avail Capacity Mounted on /dev/amrd0s1a 989M 987M -76M 108% / Mon Jun 20 11:41:57 2011 849M /tmp Mon Jun 20 11:41:58 2011 Filesystem Size Used Avail Capacity Mounted on /dev/amrd0s1a 989M 987M -76M 108% / Mon Jun 20 11:41:58 2011 849M /tmp Mon Jun 20 11:42:01 2011 Filesystem Size Used Avail Capacity Mounted on /dev/amrd0s1a 989M 987M -76M 108% / Mon Jun 20 11:42:01 2011 849M /tmp Mon Jun 20 11:42:02 2011 Filesystem Size Used Avail Capacity Mounted on /dev/amrd0s1a 989M 141M 769M 15% / Mon Jun 20 11:42:02 2011 3.2M /tmp Mon Jun 20 11:42:03 2011 Filesystem Size Used Avail Capacity Mounted on /dev/amrd0s1a 989M 142M 768M 16% / Mon Jun 20 11:42:03 2011 4.8M /tmp Mon Jun 20 11:42:04 2011 Filesystem Size Used Avail Capacity Mounted on /dev/amrd0s1a 989M 145M 765M 16% / Mon Jun 20 11:42:04 2011 7.7M /tmp Mon Jun 20 11:42:06 2011 Filesystem Size Used Avail Capacity Mounted on /dev/amrd0s1a 989M 148M 762M 16% / Mon Jun 20 11:42:06 2011 10M /tmp Mon Jun 20 11:42:07 2011 Filesystem Size Used Avail Capacity Mounted on /dev/amrd0s1a 989M 150M 760M 16% / What I'm trying to determine is what caused the change in temp file writing behaviour on the server, and if this is the kind behaviour likely on a heavily loaded box with cpu running at 100% (which this system is). i.e, do processes like cvs that write tmp files suddenly start writing more temp files when starved for cpu, leading to this kind of behaviour? Thanks, Traiano From: owner-freebsd-questi...@freebsd.org [owner-freebsd-questi...@freebsd.org] on behalf of Damien Fleuriot [m...@my.gd] Sent: Monday, June 20, 2011 12:01 PM To: freebsd-questions@freebsd.org Subject: Re: (no subject) On 6/20/11 10:13 AM, Traiano Welcome wrote: Hi List We have a FreeBSD 6.2-STABLE #0 server running as a general unix shell server. Recently the system has been running at high load (average 8, and cpu 100%), and even more recently we've started seeing the following types of error when we do cvs commits on the system. The system has between 150 to 200 users on it during the day. --- /: write failed, filesystem is full Error: /tmp/file.commit.72971.tmp: No space left on device; /tmp/file.commit.72971.tmp: WARNING: FILE TRUNCATED --- The disks are definitely not full (this shows up in df -hi), both in terms of storage space and inode utilisation. However the cpu utilisation is permanently at 100%, and we're aware of which processes are causing the utilisation. My question is: Is it possible, under some circumstances that cpu starvation could result in the type of filesystem is full errors we're seeing above? Thanks in Advance, Traiano Welcome ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Are you really sure your file system is not full ? 1/ sync 2/ df -h 3/ df -i ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list
Re: (no subject)
On Jun 21, 2011, at 11:04 AM, Lokadamus wrote: Mon Jun 20 11:41:58 2011 849M /tmp Mon Jun 20 11:42:01 2011 Filesystem Size Used Avail Capacity Mounted on /dev/amrd0s1a 989M 987M -76M 108% / When a partition is over 100% its use backup place for defect sektors. A partition is/ was created with 110% and 10% are for defect sectors. A partition should not grow over 100%. While hard drives do contain spare sectors used to replacing defective ones, that's not what the 110% or 108% filesystem space is for-- this spare capacity is used by FFS to reduce fragmentation, but can also be written to by root at the cost of considerable performance. See man tunefs. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ipfw nat inbound keep-state with net.inet.ip.fw.one_pass=0
Hi, I'm an ipfw user that finally got the opportunity to set up NAT on an interface with a public IP. I was doing some multi-homing experiments using ipfw fwd combined with outbound ipfw nat - and since I needed to run both, and both immediately ended ipfw ruleset execution, I had to turn off net.inet.ip.fw.one_pass. This is where I discovered that with that setting turned off, my inbound NAT rule stopped working. Seems that with one-pass execution, the NAT rule also performs keep-state of some sort, the dynamic state table looks ok and everything works fine. But if I turn it off, and do my own allow all in keep-state after applying a static NAT rule on an inbound connection, I see that the state table has the remote IP on the left side and mine on the right side. I also see that my NAT setup breaks and my packets are sent to the internet with a 192.168.0.x source address. I'd like to ask if I'm doing anything wrong, or whether this is a bug. I checked the issue tracker, but found no relevant issues there. I also tried asking around, but it seems noone even uses ipfw anymore. Triggering the issue requires a modified kernel (ipfw forward and ipfw nat are not available by default), requires using ipfw nat (a relatively new thing) instead of the old natd daemon, and requires changing the value of a system setting. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd list admins?
On Tuesday, June 21, 2011 07:44:16 AM Jerry wrote: You have voiced a concern that has been voiced here several times in the past. Unfortunately, this is an open list; ie, anyone subscribed or not can post. This leads to the inevitable problems that plague this forum. I have tried contacting the postmaster in the past also. Understood. Perhaps a mention that this list is open somewhere in the list's charter in the Handbook will at least let people know that junk on the list is something that can't be fixed. It is my personal view that FreeBSD-Questions should be consolidated into the chat forum. Chat forums are rarely moderated and tend to be open to the general public. The Questions forum has deteriorated to the level of SlashDot which has deteriorated to the level of a cesspool. At least SlashDot openly admits that they allow (encourage) Anonymous Coward to post. Meh. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD ZFS system
OK, it works very well. Installing a ZFS FreeBSD system with an ufs /boot is very very easy using the PC-BSD DVD. However, I have one question: I'd like to install FreeBSD (pcbsd) on a (zfs) mirror In OpenSolaris you can install directly to the zfs mirror, but how's this in this situation After all, an UFS partitin is also created. How can I get the equivalent of an OpenSolaris mirrored install for a FreeBSD system? Hope I phrased the question clearly enough. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ZFS on Root
OK, So I got ZFS installed on this new box, I had to loose two disks due to them being faulty, so I removed the IDE expansion card and booted from an SD card, all went well (according to this guide - http://wiki.freebsd.org/RootOnZFS/GPTZFSBoot/Mirror). I adjusted the instructions there for only one disk though and will worry about adding the others to the zpool after the fact and the system has booted on it's own. The problem is this, the system starts to boot but then fails to find zfs:tank, I get dropped to the mountroot prompt with the following advise: Trying to mount root from zfs:tank ROOT MOUNT ERROR: If you have invalid mount options, reboot, and first try the following from the loader prompt: set vfs.root.mountfrom.options=rw and then remove invalid mount options from /etc/fstab. Loader variables: vfs.root.mountfrom=zfs:tank vfs.root.mountfrom.options=rw Manual root filesystem specifications: fstype:device Mount device using filesystem fstype eg: ufs:/dev/da0s1a eg: cd9660:/dev/acd0 This is equivalent to: mount -t cd9660 /dev/acd0 / ? List valid disk boot devices empty lineAbort manual input mountroot ? List of GEOM managed disk devices: ufsid/47ce961fb53808acd ufsid/47ce961fb53808ac ad6s1d ad6s1 ad7 ad6 ad5 gptit/f6af4300-9c1a-11e0-b38d-000ea68c8b0e gpt/disk0 gpt/f6a70bb3-9c1a-11e0-b38d-000ea68c8b0e gpt/swap0 gpt/f6a4de0c-9c1a-11e0-b8d-000ea68c8b0e ad4p3 ad4p2 ad3p1 ad4 Manual root File Specification 8 lines repeat from above So what did I miss? I was able to follow the instructions without fail, the only instruction I had to do on my own was to create /tank/boot/zfs first to copy the cpool.cache over. All the other instructions worked with issue, the first time. This is the second time I've done this on this box in two days, the first time I made a mistake, so I scripted the instructions (rather crudely) to ensure I did things correctly, each portion of the script was modified to reflected how I wanted my system to be (mostly changing zpool as the pool name to tank. I can make the scripts available if someone would like to look at them. -- Chris Brennan -- A: Yes. Q: Are you sure? A: Because it reverses the logical flow of conversation. Q: Why is top posting frowned upon? http://xkcd.com/84/ | http://xkcd.com/149/ | http://xkcd.com/549/ GPG: D5B20C0C (6741 8EE4 6C7D 11FB 8DA8 9E4A EECD 9A84 D5B2 0C0C) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD ZFS system
On 21/06/2011 20:01, Dick Hoogendijk wrote: I'd like to install FreeBSD (pcbsd) on a (zfs) mirror In OpenSolaris you can install directly to the zfs mirror, but how's this in this situation After all, an UFS partitin is also created. How can I get the equivalent of an OpenSolaris mirrored install for a FreeBSD system? http://wiki.freebsd.org/RootOnZFS/GPTZFSBoot/Mirror Cheers Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
FreeBSD reports incorrect amount of memory
Machine has been running FreeBSD/amd64 with 2 GiB of memory. I just installed a 2nd 2 GiB of memory for 4 GiB total. FreeBSD thinks it now has 32 GiB ??? FreeBSD 8.2-RELEASE #22: Tue Jun 7 12:37:21 PDT 2011 CPU: AMD Athlon(tm) 64 Processor 3000+ (1808.34-MHz K8-class CPU) real memory = 34359738368 (32768 MB) avail memory = 3614437376 (3446 MB) vm.kmem_map_free: 3629518848 vm.kmem_map_size: 9322496 vm.kmem_size_scale: 1 vm.kmem_size_max: 329853485875 vm.kmem_size_min: 0 vm.kmem_size: 3638841344 hw.physmem: 3749433344 hw.usermem: 3095994368 hw.realmem: 3758030848 1 users Load 0.00 0.00 0.00 Jun 21 13:54 Mem:KB REAL VIRTUAL VN PAGER SWAP PAGER Tot Share Tot Share Free in out in out Act 272856 22968 1951804 52608 134640 count All 335752 24556 1075766k 65644 pages Proc: Interrupts r p d s w Csw Trp Sys Int Sof Flt cow 5113 total 1 76 8119 18 1754 3115 120 zfod atkbd0 1 ozfod uart0 irq4 3.0%Sys 0.2%Intr 0.0%User 0.0%Nice 96.8%Idle %ozfod 16 ohci1 siis | | | | | | | | | | | daefr 5 ed0 ohci2+ == prcfr fwohci0++ 13 dtbuf totfr fwohci1 bg Namei Name-cache Dir-cache 135416 desvn react ohci0+ 21 Calls hits % hits % 2926 numvn pdwak ehci0+ 22 1995 frevn pdpgs 3094 nfe0 irq23 intrn 1998 cpu0: time Disks ad4 ad6 ad8 ad10 ada0 ada1 ada2 638292 wire KB/t 0.00 0.00 0.00 0.00 0.00 0.00 0.00 97364 act tps 0 0 0 0 0 0 0 2682588 inact MB/s 0.00 0.00 0.00 0.00 0.00 0.00 0.00 77168 cache %busy 0 0 0 0 0 0 0 57472 free 376080 buf As far as I know, the mainboard (Tyan Tomcat k8e 2865) only supports 4 GiB. Is this going to cause some problem with FreeBSD trying to use memory that isn't there? How do I debug/fix this? Didn't find anything with google. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD reports incorrect amount of memory
trying to use memory that isn't there? How do I debug/fix this? Just curious, what was memtest86+ report? Can you install dmidecode(8) from /usr/ports/sysutils/dmidecode I'd be very suprised if GCC started misbehaving during compile ~BAS Didn't find anything with google. ___ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd list admins?
Hi questions@ Robert Simmons articulated: There seems to be a few email addresses that are subscribed to these lists that keep spamming it periodically, je...@seibercom.net wrote: Now, if this forum were conducted under the same restraints that the Postfix forums(2) adhere to, the quality of advice given and basic overall quality of this forum would increase immeasurably. The history of address questi...@freebsd.org explains why we are here: questions@ list introduced to provide stuck newbies a lifeline. (Advertised from /etc/motd after a new install. ) Created long after more lists such as hackers@ current@ some other list, But still created years ago now. Many old guard didn't subscribe questions@ many years, 'cos just newbie questions, too boring, no time etc. A few experienced conscientious people did sub. questions@ though did lots of good working helping people. Years later, what was once a list for mostly simple newbies has become a lot more skilled (I was suprised when I re-sub'd after absence of years, a notable difference; Maybe people presumably learnt FreeBSD, but failed to move on to hackers@ current@, usb@ etc, is probably down to individual inertia). The traffic on questions@ has now become very heavy. Traffic too heavy in fact, a mess of themes, Some traffic would be better posted to hackers@ or current@ or other more specialist lists http://lists.freebsd.org/mailman/listinfo Posting less to questions@ more to other lists would help: Some traffic deserves a wider, /or more specialist readership on other lists; Some Subjects some don't need. Newbies questions could be clearer visible as still pending an answer, not drowned among a morass of more technical threads. It is my personal view that FreeBSD-Questions should be consolidated into the chat forum. Chat forums are rarely moderated and tend to be open to the general public. The Questions forum has deteriorated to the level of SlashDot which has deteriorated to the level of a cesspool. At least SlashDot openly admits that they allow (encourage) Anonymous Coward to post. I'm against merging chat@ questions@, don't believe it will happen Lists for different purposes, but even if questions@ people might come to a consensus in favour of merging, lots of people on other lists have a use for a seperate chat@, ie to demand of off remit people on their other lists Take it to chat@ I think we should: make questions@ list writable only to subscribers (if not already); Edit /usr/src/etc/motd eg: OLD If you still have a question or problem, please take the output of OLD `uname -a', along with any relevant error messages, and email it OLD as a question to the questi...@freebsd.org mailing list. NEW If you still have a question or problem, please subscribe (free) via NEW http://lists.freebsd.org/mailman/subscribe/freebsd-questions NEW then email questi...@freebsd.org Should we send in a send-pr to edit src/etc/motd ? Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below, not above; Indent with ; Cumulative like a play script. Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD paid support
Daniel Staal wrote: On Mon, June 20, 2011 3:35 am, Dennis Perisa wrote: Hi guys, Are there paid support services available for FreeBSD? If provided by a 3rd party, can you name or even recommend a few? I haven't tried any, so I can't make recommendations, but the FreeBSD website has a listing: http://www.freebsd.org/commercial/commercial.html http://www.berklix.com/consultants/ Globaly indexed by geofraphy, not by name, BTW Any who want to be added or changed: Edit HTML source of table, email me a diff -c Do not send other text or mouse copy of what browser displays. Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below, not above; Indent with ; Cumulative like a play script. Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Two Networks on one System
I can't really say I understand the exact problem the OP has, but if it's anything similar to asymmetrical/source-based routing problems I was having some time ago, pf and reply-to is probably the best way to do it. However, I'd also like to point out setfib(1), as it seems no-one has brought it up yet, though there were statements like there can be only one default gw. I was actually quite disappointed with lack of proper solution for this problem on FreeBSD as it is so simple to set up on Linux. Regards, -- Nino ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to connect a projector to a FreeBSD laptop?
Hi, Reference: From: Warren Block wbl...@wonkity.com Date: Mon, 20 Jun 2011 12:51:14 -0600 (MDT) Message-id: alpine.bsf.2.00.1106201249520.63...@wonkity.com Warren Block wrote: On Mon, 20 Jun 2011, Polytropon wrote: On Mon, 20 Jun 2011 09:32:55 -0700 (PDT), Unga wrote: Could somebody please highlight to me how to successfully connect a projector and what configurations needs to be done? You did correctly connect the projector before starting the machine. On most laptops you'll find a CRT/LCD key (usually among the PF keys on top) you need to press with the Fn key. This will cycle through three modes: LCD only - LCD and CRT - CRT only. Press this once or twice, and you should get output on the projector. If that doesn't work, there's also xrandr. Hi Unga etc. You might not have a FreeBSD problem as such, apart from what Polytropon Warren Bloc suggest, also remember your projector may not handle the resolution your screen is configured to. Here's a true tale: I was giving a talk, called Free Alternatives To Microsoft http://www.berklix.com/free/talk/faraday/ Connected laptop All black ! Good natured audience heckled So how does Micsosoft compare ? Rebooted to Microsoft Still black ! Relief ! Duff hardware ! ... Der Hang on ... Both my MS-Win My FreeBSD-X11 were in in 1600 x 1200 pixel mode. The projector couldn't handle beyond 800 or 1024 So drop out of X Windows, (Ctl + Alt + F1 ) See projector now works wth an 80 x 24 plain text screen Go back to XCtl + Alt + Fsomething ) Retune your X config to a lower resolution the projector will accept. (I'll leave that for someone else to explain how please, tends to vary) Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below, not above; Indent with ; Cumulative like a play script. Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: (no subject)
Those who think they know it all are really annoying to those of us who do. Date: Tue, 21 Jun 2011 20:04:52 +0200 From: Lokadamus lokada...@gmx.de Your folder tmp is an own partition with just 1GB size. FALSE TO FACT. You can run df(1), giving it _any_ fileneme -- whether OR NOT it is a directory -- and it will report the statistics for the underlying filesystem. Proof: %df -H /COPYRIGHT Filesystem SizeUsed Avail Capacity Mounted on /dev/idad0s1a 65M 35M 24M59%/ %ls -l /COPYRIGHT -r--r--r-- 1 root wheel 6197 May 1 2009 COPYRIGHT For this user, /tmp is part of the / filesystem, as is CLEARLY shown by the 'Mounted on' field in the df output, below. The filesystem on 'ard0s1a', =mounted=as='/'=, _is_ roughly 1 gig in size. The filesystem overhead -- primarily the space reserved for (assuming a UFS filesystem) the FIXED SIZE (and pre-allocated) 'inode table', the 'backup superblocks', and the cylinder-group metadata -- accounts for the filesysem 'size' of 989M. Of that 989M, 8% has been set 'reserved' for superuser-only use. Programs running, with the EUID of 0 (the superuser), were creating the problematic /tmp files, thus the negative 'Avail' number, and the 'used' space being shown as over 100% in the 'Capacity' column. Mon Jun 20 11:41:58 2011 849M /tmp Mon Jun 20 11:42:01 2011 Filesystem Size Used Avail Capacity Mounted on /dev/amrd0s1a 989M 987M-76M 108% / When a partition is over 100% its use backup place for defect sektors. A partition is/was created with 110% and 10% are for defect sectors. FALSE TO FACT. When 'spare' sectors are allocated for potential defective sector substitution, they are _not_ included in the available space/capacity of a filesystem. With most _modern_ disks, bad-sector substitution is handled by the _disk_hardware_itself_, *invisibly* to the host computer hardware, *or* operating system. *IF* spare sectors are allocated the O/S for bad-sector management, this is done by the 'low level format' utiltity, before any sort of filesystem, _if_any_, is created. i.e. there =will= be spares, for bad-sector substitution, even on the portion of a disk used as a 'swap' partition, despite there being no filesystem there. The 'reserved' space, traditionally the last 10% -- although in this case of the OP's drive it was _8%_ -- of the filesystem capacity, is set for the _exclusive use_ of the superuser, for regular filesystem activity (to wit, writing files to it). The reasn for this 'reserved space' is so that a 'regular user' with runaway disk usage, will _not_ be able to cause _system_ processes to fail for lack of disk space. In the OP's case, it _was_ a' superuser process' that was writeing to /tmp, so that process failed _only_ when the space on the filesystem was _TOTALLY_ exhausted, instead of when usage reached '100%' of the file system space available to 'regular users'. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Two Networks on one System
From owner-freebsd-questi...@freebsd.org Tue Jun 21 17:34:22 2011 From: n j nin...@gmail.com Date: Wed, 22 Jun 2011 00:02:53 +0200 To: freebsd-questions@freebsd.org Subject: Re: Two Networks on one System I can't really say I understand the exact problem the OP has, As _I_ understand it, one of two things are going on: a) he has servers LIVING BEHIND _NAT_ in one address-space, and directly addressable in a 2nd address-space. Thus if packets come 'in' on one interface, and go 'out' on the other interface, they hit the external Internet with a _different_ 'source address' than the _external_ 'destination address' on the packets that they are a 'reply' to. b) the severs have addresses on two separate publicly-addressable networks, the only routing information those machines have is 1) a route for each directly connected network, and 2) a single 'default' route. Thus all 'reply' packets for connections from a _non-directly-conntected_ network go 'out' the default route, _regardless_ of which network they came in on. This is classical 'asymmetric' routing, and *should* just work, *UNLESS* there are 'anti-spoofing' filters somewhere along the 'default' route. Filters that *DO*NOT*KNOW* that they _should_ pass packets with 'source addresses' of that 2nd network. Issue a) is resolvable *ONLY* with 'policy based routing' within the server, based on outgoing packet _source_addreess_ Issue b) is resolvable _either_ by policy based routing, as above, *OR* by finding -where- along the 'default' path the anti-spoofing rules are, and updating them to allow passage of the 'asymmetric' packets. Applying the appropriate policy based routing _is_ fairly simple, using 'pf', per the rules that others have provided. *IF* 'situation b)', above, applies, the overhead of 'pf' can be eliminated by updating the anti-spoofing rules in the default outbound path. Of course, this solution requires the co-operation of the admins at the point along the default route where those anti-spoofing rules are being applied. It is _not_ clear whether or not the OP is part of that group. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ZFS on Root
On 06/22/11 08:15, Chris Brennan wrote: OK, So I got ZFS installed on this new box, I had to loose two disks due to them being faulty, so I removed the IDE expansion card and booted from an SD card, all went well (according to this guide - http://wiki.freebsd.org/RootOnZFS/GPTZFSBoot/Mirror). I adjusted the instructions there for only one disk though and will worry about adding the others to the zpool after the fact and the system has booted on it's own. The problem is this, the system starts to boot but then fails to find zfs:tank, I get dropped to the mountroot prompt with the following advise: Trying to mount root from zfs:tank ROOT MOUNT ERROR: If you have invalid mount options, reboot, and first try the following from the loader prompt: set vfs.root.mountfrom.options=rw and then remove invalid mount options from /etc/fstab. Loader variables: vfs.root.mountfrom=zfs:tank vfs.root.mountfrom.options=rw Manual root filesystem specifications: fstype:device Mount device using filesystem fstype eg: ufs:/dev/da0s1a eg: cd9660:/dev/acd0 This is equivalent to: mount -t cd9660 /dev/acd0 / ? List valid disk boot devices empty lineAbort manual input mountroot ? List of GEOM managed disk devices: ufsid/47ce961fb53808acd ufsid/47ce961fb53808ac ad6s1d ad6s1 ad7 ad6 ad5 gptit/f6af4300-9c1a-11e0-b38d-000ea68c8b0e gpt/disk0 gpt/f6a70bb3-9c1a-11e0-b38d-000ea68c8b0e gpt/swap0 gpt/f6a4de0c-9c1a-11e0-b8d-000ea68c8b0e ad4p3 ad4p2 ad3p1 ad4 Manual root File Specification 8 lines repeat from above So what did I miss? I was able to follow the instructions without fail, the only instruction I had to do on my own was to create /tank/boot/zfs first to copy the cpool.cache over. All the other instructions worked with issue, the first time. This is the second time I've done this on this box in two days, the first time I made a mistake, so I scripted the instructions (rather crudely) to ensure I did things correctly, each portion of the script was modified to reflected how I wanted my system to be (mostly changing zpool as the pool name to tank. I can make the scripts available if someone would like to look at them. Did you set the bootfs property on your root pool? Example: zpool set bootfs=tank/root tank ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ZFS on Root
* Peter Toth free...@snap.net.nz [2011-06-22 12:16:11 +1200]: Did you set the bootfs property on your root pool? Example: zpool set bootfs=tank/root tank Well, the wiki I linked has the following: Fixit# mkdir /boot/zfs Fixit# zpool create zroot mirror /dev/gpt/disk0 /dev/gpt/disk1 Fixit# zpool set bootfs=zroot zroot I subsequently modified that as follows: Fixit# mkdir /boot/zfs Fixit# zpool create tank /dev/gpt/disk0 Fixit# zpool set bootfs=tank tank So was the wiki mistake and I do indeed need to zpool set bootfs=tank/root tank instead? -- Chris Brennan -- A: Yes. Q: Are you sure? A: Because it reverses the logical flow of conversation. Q: Why is top posting frowned upon? http://xkcd.com/84/ | http://xkcd.com/149/ | http://xkcd.com/549/ GPG: D5B20C0C (6741 8EE4 6C7D 11FB 8DA8 9E4A EECD 9A84 D5B2 0C0C) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ZFS on Root
* Peter Toth free...@snap.net.nz [2011-06-22 12:16:11 +1200]: Did you set the bootfs property on your root pool? Example: zpool set bootfs=tank/root tank OK, I booted back to the livefs memostick, imported my zpool (tank) and zpool promptly tells me the following Fixit# zpool set bootfs=tank/root tank cannot set property for 'tank': no such pool or dataset. Fixit But ... there is! It was a great tip and a worthy try. But it didn't work, got any more idea's? -- Chris Brennan -- A: Yes. Q: Are you sure? A: Because it reverses the logical flow of conversation. Q: Why is top posting frowned upon? http://xkcd.com/84/ | http://xkcd.com/149/ | http://xkcd.com/549/ GPG: D5B20C0C (6741 8EE4 6C7D 11FB 8DA8 9E4A EECD 9A84 D5B2 0C0C) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD reports incorrect amount of memory
# dmidecode 2.11 SMBIOS 2.2 present. Handle 0x0005, DMI type 5, 24 bytes Memory Controller Information Error Detecting Method: 64-bit ECC Error Correcting Capabilities: None Supported Interleave: One-way Interleave Current Interleave: One-way Interleave Maximum Memory Module Size: 4096 MB Maximum Total Memory Size: 16384 MB Supported Speeds: 70 ns 60 ns 50 ns Supported Memory Types: Standard DIMM Memory Module Voltage: 2.9 V Associated Memory Slots: 4 0x0006 0x0007 0x0008 0x0009 Enabled Error Correcting Capabilities: None Handle 0x0006, DMI type 6, 12 bytes Memory Module Information Socket Designation: A0 Bank Connections: 0 1 Current Speed: 5 ns Type: Unknown EDO Installed Size: 8192 MB (Double-bank Connection) Enabled Size: 8192 MB (Double-bank Connection) Error Status: OK Handle 0x0007, DMI type 6, 12 bytes Memory Module Information Socket Designation: A1 Bank Connections: 2 3 Current Speed: 5 ns Type: Unknown EDO Installed Size: 8192 MB (Double-bank Connection) Enabled Size: 8192 MB (Double-bank Connection) Error Status: OK Handle 0x0008, DMI type 6, 12 bytes Memory Module Information Socket Designation: A2 Bank Connections: 4 5 Current Speed: 5 ns Type: Unknown EDO Installed Size: 8192 MB (Double-bank Connection) Enabled Size: 8192 MB (Double-bank Connection) Error Status: OK Handle 0x0009, DMI type 6, 12 bytes Memory Module Information Socket Designation: A3 Bank Connections: 6 7 Current Speed: 5 ns Type: Unknown EDO Installed Size: 8192 MB (Double-bank Connection) Enabled Size: 8192 MB (Double-bank Connection) Error Status: OK Handle 0x001B, DMI type 16, 15 bytes Physical Memory Array Location: System Board Or Motherboard Use: System Memory Error Correction Type: None Maximum Capacity: 16 GB Error Information Handle: Not Provided Number Of Devices: 4 Handle 0x001C, DMI type 17, 21 bytes Memory Device Array Handle: 0x001B Error Information Handle: Not Provided Total Width: 64 bits Data Width: 64 bits Size: 8192 MB Form Factor: DIMM Set: None Locator: A0 Bank Locator: Bank0/1 Type: Unknown Type Detail: None Handle 0x001D, DMI type 17, 21 bytes Memory Device Array Handle: 0x001B Error Information Handle: Not Provided Total Width: 64 bits Data Width: 64 bits Size: 8192 MB Form Factor: DIMM Set: None Locator: A1 Bank Locator: Bank2/3 Type: Unknown Type Detail: None Handle 0x001E, DMI type 17, 21 bytes Memory Device Array Handle: 0x001B Error Information Handle: Not Provided Total Width: 64 bits Data Width: 64 bits Size: 8192 MB Form Factor: DIMM Set: None Locator: A2 Bank Locator: Bank4/5 Type: Unknown Type Detail: None Handle 0x001F, DMI type 17, 21 bytes Memory Device Array Handle: 0x001B Error Information Handle: Not Provided Total Width: 64 bits Data Width: 64 bits Size: 8192 MB Form Factor: DIMM Set: None Locator: A3 Bank Locator: Bank6/7 Type: Unknown Type Detail: None Assuming that dmidecode isn't buggy, the firmware is internally inconsistant, and very wrong. Not a surprise, the firmware is crap. Surely the kernel doesn't just believe whatever random garbage the firmware says? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd list admins?
On Tue, Jun 21, 2011 at 6:03 PM, Julian H. Stacey j...@berklix.com wrote: I'm against merging chat@ questions@, don't believe it will happen Lists for different purposes, but even if questions@ people might come to a consensus in favour of merging, lots of people on other lists have a use for a seperate chat@, ie to demand of off remit people on their other lists Take it to chat@ I think we should: make questions@ list writable only to subscribers (if not already); Edit /usr/src/etc/motd eg: OLD If you still have a question or problem, please take the output of OLD `uname -a', along with any relevant error messages, and email it OLD as a question to the questi...@freebsd.org mailing list. NEW If you still have a question or problem, please subscribe (free) via NEW http://lists.freebsd.org/mailman/subscribe/freebsd-questions NEW then email questi...@freebsd.org Should we send in a send-pr to edit src/etc/motd ? PR it. Sounds good. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD reports incorrect amount of memory
Dieter BSD dieter...@engineer.com wrote: Machine has been running FreeBSD/amd64 with 2 GiB of memory. I just installed a 2nd 2 GiB of memory for 4 GiB total. FreeBSD thinks it now has 32 GiB ??? FreeBSD 8.2-RELEASE #22: Tue Jun ??7 12:37:21 PDT 2011 CPU: AMD Athlon(tm) 64 Processor 3000+ (1808.34-MHz K8-class CPU) real memory ??= 34359738368 (32768 MB) avail memory = 3614437376 (3446 MB) It seems to be only the real memory value, and not the avail memory, that's out of touch with reality. Wild guess dept: Your new 2 GiB has gotten mapped as [30,32) GiB rather than as [2,4) GiB, and real memory is reporting the first unpopulated address above the highest installed range. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Embedding a RCS token in uname -i
I have kernel configuration files (e.g., a custom GENERIC) under RCS. For example: == # $Revision: 1.1$ cpu HAMMER ident GENERIC == I want to add that 1.1 to the end of GENERIC such that it becomes: == # $Revision: 1.1$ cpu HAMMER ident GENERIC-1.1 = Therefore, a uname -i becomes: btw uname -i GENERIC-1.1 My goal is to provide a mechanism where I can identify that kernels built on a group of machines are running the same kernel built from a configuration under RCS. How can I customized the current config and build mechanisms to accomplish this? Is there some other way to accomplish this? Is it a dumb idea? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd list admins?
On Tuesday, June 21, 2011 06:03:23 PM Julian H. Stacey wrote: The traffic on questions@ has now become very heavy. Traffic too heavy in fact, a mess of themes, Some traffic would be better posted to hackers@ or current@ or other more specialist lists Also, one place that is lower traffic, nearly spam free, and has consistently decent answers is USENET comp.unix.bsd.freebsd.misc and it's not even official. However, I would assume this is due to the fact that September has permanently ended and will never return to USENET, so only serious users can be found lurking there. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org