FreeBSD 6.4+ PF Binat =>Degraded traffic after few hours hours.

[Aminuddin Abdullah]

I have 2 servers running FreeBSD 6.4P#1 with standard SMP and each server
has multiple IP alias bind to the bge1, Dell R200.

# ifconfig -a
bge0: flags=8802 mtu 1500
options=1b
ether 00:19:b9:fa:0a:9f
media: Ethernet autoselect (none)
status: no carrier
bge1: flags=8843 mtu 1500
options=1b
inet x.x.72.23 netmask 0xff00 broadcast x.x.72.255
inet x.x.72.73 netmask 0xff00 broadcast x.x.72.255
inet x.x.72.74 netmask 0xff00 broadcast x.x.72.255
inet x.x.72.75 netmask 0xff00 broadcast x.x.72.255
inet x.x.72.76 netmask 0xff00 broadcast x.x.72.255
inet x.x.72.77 netmask 0xff00 broadcast x.x.72.255
ether 00:19:b9:fa:0a:a0
media: Ethernet autoselect (100baseTX )
status: active
lo0: flags=8049 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff00
pflog0: flags=141 mtu 33208
tun0: flags=8051 mtu 1500
inet 10.10.10.1 --> 255.255.0.0 netmask 0x
Opened by PID 1224

x.x.72.23 is the main IP and the rest are alias.
Tun0 is the address created by openvpn.

Following is the pf rules.

EXT_IF= "bge1"
INT_IF= "tun0"
# Configured Networks
EXT= "x.x.72.0/24"
INT= "10.10.0.0/16"
DMZ= "10.10.12.0/24"
FW= "x.x.72.23"
# DMZ Servers IP Addresses
user1="10.10.12.2"
user2="10.10.12.6"
user3="10.10.12.10"
user4="10.10.12.14"
user5="10.10.12.18"

#External IP Pool Mapping
WEB_EXT1= "x.x.72.73"
WEB_EXT2= "x.x.72.74"
WEB_EXT3= "x.x.72.75"
WEB_EXT4= "x.x.72.76"
WEB_EXT5= "x.x.72.77"


#
# NAT: Bi-directional NAT (one-to-one mapping)

binat on $EXT_IF inet from $user1 to any -> $WEB_EXT1
binat on $INT_IF inet from $user1 to any -> $WEB_EXT1
binat on $EXT_IF inet from $user2 to any -> $WEB_EXT2
binat on $INT_IF inet from $user2 to any -> $WEB_EXT2
binat on $EXT_IF inet from $user3 to any -> $WEB_EXT3
binat on $INT_IF inet from $user3 to any -> $WEB_EXT3
binat on $EXT_IF inet from $user4 to any -> $WEB_EXT4
binat on $INT_IF inet from $user4 to any -> $WEB_EXT4
binat on $EXT_IF inet from $user5 to any -> $WEB_EXT5
binat on $INT_IF inet from $user5 to any -> $WEB_EXT5

rdr pass on $EXT_IF proto {tcp, udp} from any to $WEB_EXT1 port 1024:65000
-> $user1
rdr pass on $EXT_IF proto {tcp, udp} from any to $WEB_EXT2 port 1024:65000
-> $user2
rdr pass on $EXT_IF proto {tcp, udp} from any to $WEB_EXT3 port 1024:65000
-> $user3
rdr pass on $EXT_IF proto {tcp, udp} from any to $WEB_EXT4 port 1024:65000
-> $user4
rdr pass on $EXT_IF proto {tcp, udp} from any to $WEB_EXT5 port 1024:65000
-> $user5

pass all
pass out on $EXT_IF proto {tcp,udp,icmp} from any to any keep state

---

It's a very simple pf.rules with no block rules. Main purpose to map vpn
user to dedicated public IP.

It was working great the last few months but lately it has been giving a
terrible performance after a few hours of running the servers. SSH is not
accessible, traffic and routing is very slow.

Is the anything wrong with above configuration or 6.4 kernel with regards to
PF and OpenVPN?
The servers are not having any custom setting sysctl.conf or loader.conf or
rc.conf except the enabling openvpn, firewall and sshd.

Restarting sshd will provide remote access again or rebooting the server. Is
there any known memory leaked for pf in this configuration? Is there a
better and efficient way of doing this in PF or is it better to use ipfw?

When this happen (no ssh), all ping to the alias IPs resulted in timeout.
Only the main IP will respond.

Server RAM is 1GB and during this issue, top shows
---top
last pid:  4163;  load averages:  0.36,  0.29,  0.21
up 0+21:10:26  11:11:58
21 processes:  1 running, 20 sleeping
CPU:  2.3% user,  0.0% nice,  6.0% system,  3.9% interrupt, 87.8% idle
Mem: 15M Active, 233M Inact, 241M Wired, 76K Cache, 111M Buf, 503M Free
Swap: 1951M Total, 1951M Free
--

Anyone?

TIA.



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Panic String: kmem_malloc(4096): kmem_map too small: 335544320 total allocated

[Aminuddin Abdullah]

I have 5 servers running almost at 70mbit/sec and each one of them will
crash/reboot after more than 24 hours. The most it can stay up is 48 hours.

How do I increase this memory from the default 320MB?

This is the log after the crash.

Dump header from device /dev/ad4s1b
  Architecture: i386
  Architecture Version: 2
  Dump Length: 2145722368B (2046 MB)
  Blocksize: 512
  Dumptime: Mon May 8 11:28:55 2008
  Hostname: XXX
  Magic: FreeBSD Kernel Dump
  Version String: FreeBSD 6.3-RELEASE #0: Wed Jan 16 04:45:45 UTC 2008
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/SMP
  Panic String: kmem_malloc(4096): kmem_map too small: 335544320 total
allocated
  Dump Parity: 1828182091
  Bounds: 0
  Dump Status: good

Is there any option in version 6.3 to increase this?

My filesystem, df -h:

Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/ad4s1a496M 39M418M 8%/
devfs  1.0K1.0K  0B   100%/dev
/dev/ad4s1e496M228K456M 0%/tmp
/dev/ad4s1f218G1.3G199G 1%/usr
/dev/ad4s1d2.9G258M2.4G 9%/var

And fstab:
# DeviceMountpoint  FStype  Options Dump
Pass#
/dev/ad4s1b noneswapsw  0   0
/dev/ad4s1a /   ufs rw  1   1
/dev/ad4s1e /tmpufs rw  2   2
/dev/ad4s1f /usrufs rw  2   2
/dev/ad4s1d /varufs rw  2   2
/dev/cd0/cdrom  cd9660  ro,noauto   0   0


TIA



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Listening ports - vpn, proxy + p2p.

[Aminuddin]

Hi,
I'm running a large scale OpenVPN + proxy services on 6.2, mostly users are
those using P2P clients such as emule and bittorrent protocols.

Connections are made as follows:

Users > Openvpn(rl0) > Socks5 (tun0) > Internet (rl0)

Most of them have no problem in downloading or uploading but none of them
are able to get high ID for emule and connectable status in the bittorrent
trackers.

All servers are configured with Firewall_enable="NO" and when I run netstat
it will shows so many ports are connected BUT nmap says none of the ports
are open.

How do I get FreeBSD open and listen to those connections so that P2P
clients can broadcast and listen using the proxy? With firewall off, all
ports should be open but still p2p clients keep saying ports firewalled.

TIA.



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Sharing application jail and host?

[Aminuddin]

Hi freebsd gurus,
I'm playing with jail setup and wanted to provide a virtual server to my
external remote users to login by ssh and run a couple of applications.

Do I need to install the application using the ports in the jail itself or
can I just install the application in the host environment? Is there any
methods to enable sharing of the application across the jail and host?

Example, if I want to let jail to run pure-ftpd, do I need to install
pure-ftpd in each of the jail that I will be creating?

Thanks

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Clustering harddisk- Is this possiblem?

[Aminuddin]

Hi,
I have 5 remote servers and each has about 400GB of HDD and another 2
servers running fedora. Is it possible for me to bind all the BSD boxes HDD
to the fedora boxes?

That means all data that's being downloaded to the fedora boxes is actually
being stored in the FreeBSD boxes, transparent to the users.

What software do I need to install to enable this, if this is possible?

thanks

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: How to block 200K ip addresses?

[Aminuddin]

Will give this a try. Since my server is a remote server that I can accessed
only by ssh, what are other rules do I need to add in? I don't want to have
a situation where I will lock myself out.

Is it correct to say that the rules that I put in will only block those in
the rules and allow all that are not in the rules?


Thanks

-Original Message-
From: Dan Nelson [mailto:[EMAIL PROTECTED] 
Sent: Sunday, August 26, 2007 2:15 PM


To: Aminuddin
Cc: freebsd-questions@freebsd.org
Subject: Re: How to block 200K ip addresses?

In the last episode (Aug 26), Aminuddin said:
> From: Dan Nelson [mailto:[EMAIL PROTECTED] 
> > In the last episode (Aug 26), Aminuddin said:
> > > From: Dan Nelson 
> > > > In the last episode (Aug 26), Aminuddin said:
> > > > > How do you block this large range of ip addresses from
> > > > > different subnet? IPFW only allows 65536 rules while this
> > > > > will probably use up a few hundred thousands of lines.
> > > > > 
> > > > > I'm also trying to add this into my proxy configuration file,
> > > > > ss5.conf but it doesn't allow me to add this large number.
> > > > > 
> > > > > IS this the limitation of IPF or FreeBSD? How do I work
> > > > > around this?
> > > > 
> > > > Even though there are 65536 rule numbers, each number can
> > > > actually have any amount of rules assigned to it.  What you're
> > > > probably looking for, though, is ipfw's table keyword, which
> > > > uses the same radix tree lookup format as the kernel's routing
> > > > tables, so it scales well to large amounts of sparse addresses. 
> > > > man ipfw, search for "lookup tables".
> > >
> > > I intend to create a ruleset file consisting of this statement:
> > > 
> > > Ruleset
> > >
> > > add 2300 skipto 2301 ip from 0.0.0.0/6 to any
> > > add 2400 skipto 2401 ip from any to 0.0.0.0/6
> > > add 2300 skipto 2302 ip from 4.0.0.0/6 to any
> > > add 2400 skipto 2402 ip from any to 4.0.0.0/6
> > [...]
> > > add 2300 skipto 2363 ip from 248.0.0.0/6 to any
> > > add 2400 skipto 2463 ip from any to 248.0.0.0/6
> > > add 2300 skipto 2364 ip from 252.0.0.0/6 to any
> > > add 2400 skipto 2464 ip from any to 252.0.0.0/6
> > >
> > > add 2301 deny ip from 3.0.0.0/8 to any
> > > add 2401 reject ip from any to 3.0.0.0/8
> > > add 2302 deny ip from 4.0.25.146/31 to any
> > > add 2402 reject ip from any to 4.0.25.146/31
> > [...]
> > > add 2302 deny ip from 4.18.37.16/28 to any
> > > add 2402 reject ip from any to 4.18.37.16/28
> > > add 2302 deny ip from 4.18.37.128/25 to any
> > > add 2402 reject ip from any to 4.18.37.128/25
> > > end ruleset
> > > 
> > > Will the above rules block me from ssh into my remote server if
> > > the ip addresses of my local pc (dynamic ip) not within any of
> > > the above rules ip range as well as block my snmpd services?
> > 
> > Yes; it's a little convoluted but should work.  You want to drop
> > incoming packets from the listed IP ranges, and return a "host
> > unreachable" to internal machines sending outgoing packets to the
> > listed IP ranges?  Wouldn't it be easier to use ipfw's table
> > feature and have something like this:
> > 
> > add table 1 3.0.0.0/8
> > add table 1 4.0.25.146/31
> > add table 1 4.0.25.148/32
> > [...]
> > add table 1 4.18.37.16/28
> > add table 1 4.18.37.128/25
> > add 2300 deny ip from table 1 to any
> > add 2400 reject ip from any to table 1
> > 
> > That way you only have two ipfw rules, both of which use a single
> > table lookup.
>
> My complete list has about 300K of lines. It takes about a few hours
> just to load the rules. Will it be faster to load using the table?
 
I did a quick test myself by fetching the safepeer ip list and adding
it via rules and tables.  This was a quick hack, so I'm just adding the
first IP in each line, not the whole netblock (I didn't want to write a
range->netmask converter).  On my heavily-loaded box (currently doing a
buildworld and some mrtg sweeps), I'm only able to insert about 60 ipfw
"deny ip from 4.0.25.146 to any"-format rules per second.  By contrast:

([EMAIL PROTECTED]) /tmp># head -3 splist1.table
table 1 add 0.0.0.0
table 1 add 4.0.25.146
table 1 add 4.0.26.14
([EMAIL PROTECTED]) /tmp># wc -l splist1.table
  191637 splist1.table
([EMAIL PROTECTED]) /tmp># time ipfw /tmp/splist1.table
ipfw /tmp/splist1.table: U:3.30s S:1.75s E:6.74s CPU:75% Faults:0/95 I/O:0/0
Swaps:0
([EMAIL PROTECTED]) /tmp># ipfw table 1 list | wc -l
  191637

Under 7 seconds to load all 191k entries :)

-- 
Dan Nelson
[EMAIL PROTECTED]

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

FIFO overflow error

[Aminuddin Abdullah]

I've been getting a lot of this error on one of my FreeBSD 6.2 boxes. I have
5 other servers running the same configurations as this one and none of them
is giving me the error.

The only different between this and the other servers is AMD on this one and
Intel on the rest.

 

The repeated errors given were:

 

vr0: receive error (0406) overflow

vr0: rx error (09): FIFO overflow

vr0: rx error (09): FIFO overflow

vr0: receive error (0407) overflow

vr0: rx error (09): FIFO overflow

vr0: receive error (0407) overflow

vr0: receive error (0404) overflow

vr0: rx error (09): FIFO overflow

vr0: receive error (0404) overflow

vr0: rx error (09): FIFO overflow

vr0: receive error (0404) overflow

vr0: rx error (09): FIFO overflow

vr0: rx error (09): FIFO overflow

vr0: receive error (0407) overflow

vr0: rx error (09): FIFO overflow

vr0: receive error (0407) overflow

vr0: receive error (0404) overflow

vr0: rx error (09): FIFO overflow

vr0: watchdog timeout

vr0: rx error (09): FIFO overflow

vr0: receive error (1405) overflow

vr0: rx shutdown error!

vr0: restarting

 

..

Netstat -m does not shows any memory issues.

$ netstat -m

8512/8918/17430 mbufs in use (current/cache/total)

6992/6630/13622/65536 mbuf clusters in use (current/cache/total/max)

6928/6512 mbuf+clusters out of packet secondary zone in use (current/cache)

0/0/0/0 4k (page size) jumbo clusters in use (current/cache/total/max)

0/0/0/0 9k jumbo clusters in use (current/cache/total/max)

0/0/0/0 16k jumbo clusters in use (current/cache/total/max)

16112K/15489K/31601K bytes allocated to network (current/cache/total)

0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters)

0/0/0 requests for jumbo clusters denied (4k/9k/16k)

0/7/4608 sfbufs in use (current/peak/max)

0 requests for sfbufs denied

0 requests for sfbufs delayed

0 requests for I/O initiated by sendfile

1 calls to protocol drain routines

 

Ifconfig shows

vr0: flags=8843 mtu 1500

inet 66.90.101.146 netmask 0xff00 broadcast 66.90.101.255

ether 00:17:31:78:e0:f8

media: Ethernet autoselect (100baseTX )

status: active

 

My loader.conf:

kern.maxusers=256

kern.maxproc=32768

kern.ipc.nmbclusters=65536

kern.ipc.maxsockets=32768

 

sysctl.conf

kern.maxprocperuid=32768

kern.ipc.somaxconn=32768

kern.ipc.maxsockbuf=16777216

net.inet.ip.portrange.first=3

net.inet.ip.portrange.hifirst=3

net.inet.ip.rtexpire= 1200

net.inet.ip.intr_queue_maxlen=1024

 

net.inet.tcp.rfc1323=1

net.inet.tcp.mssdflt=1460

 

net.inet.udp.recvspace=65535

net.inet.udp.maxdgram=57344

 

net.inet.tcp.sendspace=65535

net.inet.tcp.recvspace=65535

net.local.stream.recvspace=65535

net.local.stream.sendspace=65535

net.inet.tcp.keepidle=72000

net.inet.tcp.keepintvl=1800

 

net.inet.icmp.icmplim=300

net.inet.tcp.delayed_ack=0

net.inet.tcp.blackhole=2

net.inet.udp.blackhole=1

 



 

This server is acting as socks5 proxy server connecting to 40-80 users,
which will connect to more than 8000-11000 peers. 

All other servers can push close to 85mbit/sec but this one can only go to a
max of 25mbit.

 

Anyone? Is this configuration or hardware problem?

 

Thanks

 

 

 

 

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: How to block 200K ip addresses?

[Aminuddin]

My complete list has about 300K of lines.
It takes about a few hours just to load the rules.
Will it be faster to load using the table?


-Original Message-
From: Dan Nelson [mailto:[EMAIL PROTECTED] 
Sent: Sunday, August 26, 2007 9:37 AM
To: Aminuddin
Cc: freebsd-questions@freebsd.org
Subject: Re: How to block 200K ip addresses?

In the last episode (Aug 26), Aminuddin said:
> From: Dan Nelson 
> > In the last episode (Aug 26), Aminuddin said:
> > > How do you block this large range of ip addresses from different
> > > subnet? IPFW only allows 65536 rules while this will probably use
> > > up a few hundred thousands of lines.
> > > 
> > > I'm also trying to add this into my proxy configuration file, ss5.conf
but
> > > it doesn't allow me to add this large number.
> > > 
> > > IS this the limitation of IPF or FreeBSD? How do I work around this?
> > 
> > Even though there are 65536 rule numbers, each number can actually have
> > any amount of rules assigned to it.  What you're probably looking for,
> > though, is ipfw's table keyword, which uses the same radix tree lookup
> > format as the kernel's routing tables, so it scales well to large
> > amounts of sparse addresses.  man ipfw, search for "lookup tables".
>
> I intend to create a ruleset file consisting of this statement:
> 
> Ruleset
>
> add 2300 skipto 2301 ip from 0.0.0.0/6 to any
> add 2400 skipto 2401 ip from any to 0.0.0.0/6
> add 2300 skipto 2302 ip from 4.0.0.0/6 to any
> add 2400 skipto 2402 ip from any to 4.0.0.0/6
[...]
> add 2300 skipto 2363 ip from 248.0.0.0/6 to any
> add 2400 skipto 2463 ip from any to 248.0.0.0/6
> add 2300 skipto 2364 ip from 252.0.0.0/6 to any
> add 2400 skipto 2464 ip from any to 252.0.0.0/6
>
> add 2301 deny ip from 3.0.0.0/8 to any
> add 2401 reject ip from any to 3.0.0.0/8
> add 2302 deny ip from 4.0.25.146/31 to any
> add 2402 reject ip from any to 4.0.25.146/31
[...]
> add 2302 deny ip from 4.18.37.16/28 to any
> add 2402 reject ip from any to 4.18.37.16/28
> add 2302 deny ip from 4.18.37.128/25 to any
> add 2402 reject ip from any to 4.18.37.128/25
> end ruleset
> 
> Will the above rules block me from ssh into my remote server if the
> ip addresses of my local pc (dynamic ip) not within any of the above
> rules ip range as well as block my snmpd services?

Yes; it's a little convoluted but should work.  You want to drop
incoming packets from the listed IP ranges, and return a "host
unreachable" to internal machines sending outgoing packets to the
listed IP ranges?  Wouldn't it be easier to use ipfw's table feature
and have something like this:

add table 1 3.0.0.0/8
add table 1 4.0.25.146/31
add table 1 4.0.25.148/32
[...]
add table 1 4.18.37.16/28
add table 1 4.18.37.128/25
add 2300 deny ip from table 1 to any
add 2400 reject ip from any to table 1

That way you only have two ipfw rules, both of which use a single table
lookup.

-- 
Dan Nelson
[EMAIL PROTECTED]

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: How to block 200K ip addresses?

[Aminuddin]

 4.18.32.208/29
add 2302 deny ip from 4.18.32.224/28 to any
add 2402 reject ip from any to 4.18.32.224/28
add 2302 deny ip from 4.18.34.0/27 to any
add 2402 reject ip from any to 4.18.34.0/27
add 2302 deny ip from 4.18.34.136/29 to any
add 2402 reject ip from any to 4.18.34.136/29
add 2302 deny ip from 4.18.34.224/29 to any
add 2402 reject ip from any to 4.18.34.224/29
add 2302 deny ip from 4.18.35.16/29 to any
add 2402 reject ip from any to 4.18.35.16/29
add 2302 deny ip from 4.18.35.48/28 to any
add 2402 reject ip from any to 4.18.35.48/28
add 2302 deny ip from 4.18.35.200/29 to any
add 2402 reject ip from any to 4.18.35.200/29
add 2302 deny ip from 4.18.35.224/27 to any
add 2402 reject ip from any to 4.18.35.224/27
add 2302 deny ip from 4.18.36.0/26 to any
add 2402 reject ip from any to 4.18.36.0/26
add 2302 deny ip from 4.18.37.16/28 to any
add 2402 reject ip from any to 4.18.37.16/28
add 2302 deny ip from 4.18.37.128/25 to any
add 2402 reject ip from any to 4.18.37.128/25
add 2302 deny ip from 4.18.38.0/24 to any
end ruleset

Will the above rules block me from ssh into my remote server if the ip
addresses of my local pc (dynamic ip) not within any of the above rules ip
range as well as block my snmpd services?


-Original Message-
From: Dan Nelson [mailto:[EMAIL PROTECTED] 
Sent: Sunday, August 26, 2007 5:14 AM
To: Aminuddin
Cc: freebsd-questions@freebsd.org
Subject: Re: How to block 200K ip addresses?

In the last episode (Aug 26), Aminuddin said:
> How do you block this large range of ip addresses from different
> subnet? IPFW only allows 65536 rules while this will probably use up
> a few hundred thousands of lines.
> 
> I'm also trying to add this into my proxy configuration file, ss5.conf but
> it doesn't allow me to add this large number.
> 
> IS this the limitation of IPF or FreeBSD? How do I work around this?

Even though there are 65536 rule numbers, each number can actually have
any amount of rules assigned to it.  What you're probably looking for,
though, is ipfw's table keyword, which uses the same radix tree lookup
format as the kernel's routing tables, so it scales well to large
amounts of sparse addresses.  man ipfw, search for "lookup tables".

-- 
Dan Nelson
[EMAIL PROTECTED]

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: How to block 200K ip addresses?

[Aminuddin]

Hi,
How do you block this large range of ip addresses from different subnet?
IPFW only allows 65536 rules while this will probably use up a few hundred
thousands of lines.

I'm also trying to add this into my proxy configuration file, ss5.conf but
it doesn't allow me to add this large number.

IS this the limitation of IPF or FreeBSD? How do I work around this?



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Saturday, August 25, 2007 8:00 PM
To: freebsd-questions@freebsd.org
Subject: freebsd-questions Digest, Vol 191, Issue 37

Send freebsd-questions mailing list submissions to
freebsd-questions@freebsd.org

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]

You can reach the person managing the list at
[EMAIL PROTECTED]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of freebsd-questions digest..."


Today's Topics:

   1. Re: FreeBSD and ImageMagick crashes OS? (Kris Kennaway)
   2. RE: spammers harvesting emaill address from this list
  (Ted Mittelstaedt)
   3. Re: READ_DMA Error (Bahman M.)
   4. Re: best way to keep track of new developments (Michel Talon)
   5. Re: spammers harvesting emaill address from this list
  (Andrew Gould)
   6. Re: /var or /usr for data? ([EMAIL PROTECTED])
   7. Mouse suddenly gets detached and reattached (Bahman M.)


--

Message: 1
Date: Sat, 25 Aug 2007 05:56:59 +
From: Kris Kennaway <[EMAIL PROTECTED]>
Subject: Re: FreeBSD and ImageMagick crashes OS?
To: Norberto Meijome <[EMAIL PROTECTED]>
Cc: User Questions , Roger Olofsson
<[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii

On Fri, Aug 24, 2007 at 08:26:50PM +1000, Norberto Meijome wrote:
> On Fri, 24 Aug 2007 11:29:59 +0200
> Roger Olofsson <[EMAIL PROTECTED]> wrote:
> 
> > Turns out ImageMagick was called through php to resize the .JPG and most

> > likely, the server runs out of memory/disk space. /var/tmp fills up and 
> > console spews as follows:
> > 
> > Aug 22 19:29:49 rutilus kernel: vnode_pager_putpages: I/O error 28
> > Aug 22 19:29:49 rutilus kernel: vnode_pager_putpages: residual I/O 32768

> > at 62620
> > Aug 22 19:29:49 rutilus kernel: pid 29 (syncer), uid 0 inumber 49382 on 
> > /var: filesystem full
> 
> :) having been bitten by that in several unix-like OS (pick any Linux
distro, and freebsd too), i just remove /var/tmp and make a smylink to /tmp
, which is big enough for my foreseeable needs. I like to keep my /var clean
of tmp rubbish.
> 
> and yes,  configuring PHP and it's libraries helps too :)

That's not an answer obviously.  Error 28 is

#define ENOSPC  28  /* No space left on device */

This seems like a bug to me: when a filesystem fills you shouldn't be
getting this behaviour.  Can you please follow the directions in the
developers handbook chapter on kernel debugging, and when you trigger
a hang, break to DDB from the console and force a dump, then file a PR
and make the core file available to the developers.  Unfortunately
unless a developer can replicate the behaviour, providing access to a
core is the only real debugging option.

Thanks,
Kris




--

Message: 2
Date: Sat, 25 Aug 2007 00:34:30 -0700
From: "Ted Mittelstaedt" <[EMAIL PROTECTED]>
Subject: RE: spammers harvesting emaill address from this list
To: "Erik Trulsson" <[EMAIL PROTECTED]>, "fbsd2"
<[EMAIL PROTECTED]>
Cc: "[EMAIL PROTECTED] ORG" 
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain;   charset="US-ASCII"



> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Erik Trulsson
> Sent: Thursday, August 23, 2007 6:52 AM
> To: fbsd2
> Cc: [EMAIL PROTECTED] ORG
> Subject: Re: spammers harvesting emaill address from this list
> 
> 
> For this list (freebsd-questions@) in particular it is intentionally and
> explicitly the case that one does not need to be subscribed to post here.
> This is because it is the main support forum for FreeBSD, and much
> documentation exists directing people to ask their questions here.
> 
> The list admins do have their priorities straight - they just 
> have different
> priorities than you do.
> 

Probably the list admins figure that anyone who posts here is an
advanced user type who understands how to setup spam filters that
work.

Ted


--

Message: 3
Date: Sat, 25 Aug 2007 11:52:30 +0330
From: "Bahman M." <[EMAIL PROTECTED]>
Subject: Re: READ_DMA Error
To: "Tamouh H." <[EMAIL PROTECTED]>
Cc: freebsd-questions@freebsd.org
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1

> > During FreeBSD 6.2 installation, th

RE: Servers Crash every few days

[Aminuddin]

Thanks.
But the servers are dedicated servers rented from a datacenter. I'm not sure
if it hangs or panic. The provider just keep rebooting when we said servers
not responding.
 Will try to use mbmon. Is there any ports I can use to log what actually
happened before it hangs or crashes?


-Original Message-
From: Roland Smith [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, August 22, 2007 10:59 PM
To: amin
Cc: freebsd-questions@freebsd.org
Subject: Re: Servers Crash every few days

On Wed, Aug 22, 2007 at 09:06:50PM +0800, amin wrote:
> Hi,
> I have six servers running FreeBSD 6.2 and all of them have the same
config.
> My servers are configured to run as a socks5 proxy server.
> 
> Lately the servers are going down without any good reasons. How do I check
> what are the errors or processes or the state of the server before it goes
> down. All of them are running quite well without any reboots for the last
> few weeks.

Do what Kris mentioned, but check for hardware issues as well; overheating,
voltage drops etc. The mbmon port running from cron and logging to another
machine can be helpfull here.

Roland
-- 
R.F.Smith   http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914  B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Cannot su or have root access after changing loader.conf

[Aminuddin Abdullah]

Loader.conf with the following statement disable all su or root access:
 kern.dfldsiz="1G"
 kern.maxdsiz="1G"
 kern.maxssiz=131072

When I add the above 3 lines, all access to su or even single user boot is
restricted without any error messages.

Is this a bug or "1G" is not supported for maximum data size? My server is a
2GB ram E6600 with 400GB HDD. What are the valid values for these lines?

thanks


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, June 11, 2007 8:00 PM
To: freebsd-questions@freebsd.org
Subject: freebsd-questions Digest, Vol 182, Issue 2

Send freebsd-questions mailing list submissions to
freebsd-questions@freebsd.org

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]

You can reach the person managing the list at
[EMAIL PROTECTED]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of freebsd-questions digest..."


Today's Topics:

   1. Re: [FreeBSD][Newb] How I use sendmail to send mail? (Doug Hardie)
   2. Re: [FreeBSD][Newb] How I use sendmail to send mail?
  (Bjorn Boulder)
   3. Re: [FreeBSD][Newb] How I use sendmail to send mail?
  (Bjorn Boulder)
   4. Re: [FreeBSD][Newb] How I use sendmail to send mail? (Toomas Aas)
   5. tcp port error (tethys ocean)
   6. Installing FreeBSD on large disk >2TB (Enrique Ayesta Perojo)
   7. Re: Installing FreeBSD on large disk >2TB (Andreas Rudisch)
   8. Re: [FreeBSD][Newb] How I use sendmail to send mail?
  (Bjorn Boulder)
   9. procmailrc configuration fails  (dhaneshk k)
  10. Re: Installing FreeBSD on large disk >2TB (Enrique Ayesta Perojo)


--

Message: 1
Date: Sun, 10 Jun 2007 21:45:48 -0700
From: Doug Hardie <[EMAIL PROTECTED]>
Subject: Re: [FreeBSD][Newb] How I use sendmail to send mail?
To: Bjorn Boulder <[EMAIL PROTECTED]>
Cc: freebsd-questions@freebsd.org
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed


On Jun 10, 2007, at 21:25, Bjorn Boulder wrote:

> Doug, Mats
>
> Your advice is on the money; thanks.
>
> I see this:
>
> Jun 10 05:43:40 jake sendmail[15068]: l5AAhekD015068:
> [EMAIL PROTECTED], ctladdr=oracle
> (1004/1005),
> delay=00:00:00, xdelay=00:00:00, mailer=relay,
> pri=30062,
> relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0,
> stat=Deferred: Connection
> refused by [127.0.0.1]
>
> Your tip along with that given by Mats suggests that
> I need to learn about /etc/mail/sendmail.cf
>
> It appears that the box cannot send mail to itself:
>
> Jun 10 03:05:44 jake sendmail[14546]: l5A84ObZ014546:
> to=postmaster,
> delay=00:00:00, xdelay=00:00:00, mailer=relay,
> pri=154501,
> relay=[127.0.0.1], dsn=4.0.0, stat=Deferred:
> Connection refused by
> [127.0.0.1]
>
> Jun 10 03:05:44 jake sendmail[14546]: l5485I55093939:
> to=root,
> ctladdr=root (0/0), delay=6+00:00:26, xdelay=00:00:00,
> mailer=relay,
> pri=691450, relay=[127.0.0.1], dsn=4.0.0,
> stat=Deferred: Connection
> refused by [127.0.0.1]
>
> Jun 10 03:05:44 jake sendmail[14546]: l5485I55093939:
> l5A84Oba014546:
> sender notify: Cannot send message for 5 days
>
> Jun 10 03:05:44 jake sendmail[14546]: l5A84Oba014546:
> to=root,
> delay=00:00:00, xdelay=00:00:00, mailer=relay,
> pri=152806,
> relay=[127.0.0.1], dsn=4.0.0, stat=Deferred:
> Connection refused by
> [127.0.0.1]
>
> Currently, my main assumption is that
> /etc/mail/sendmail.cf
> is the primary administrative interface for e-mail.

That is correct, but you don't want to directly mess with  
sendmail.cf.  You really want to use the mc file and then make to  
build the cf file.  Its much easier and more readable.  See /usr/ 
share/sendmail/cf/readme for more details.  The cf files are in  
another directory from there named cf.

You will also want to use
sendmail -bv email-address
to have sendmail show you how and where it will deliver for the  
address:  email-address.  That is a useful tool.



--

Message: 2
Date: Sun, 10 Jun 2007 22:02:13 -0700 (PDT)
From: Bjorn Boulder <[EMAIL PROTECTED]>
Subject: Re: [FreeBSD][Newb] How I use sendmail to send mail?
To: Doug Hardie <[EMAIL PROTECTED]>
Cc: freebsd-questions@freebsd.org
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=iso-8859-1

ok,

I'll look at that readme.

And

I nosed around on the box for clues about sendmail.cf

It looks like the previous sysadmin ignored
sendmail.cf

I see this:

bash jake oracle /etc/mail 14 $ pwd
/etc/mail
bash jake oracle /etc/mail 15 $ 
bash jake oracle /etc/mail 15 $ 
bash jake oracle /etc/mail 15 $ ls -latr
total 582
-rw-r--r--   1 root  wheel569 Nov  4  2004
virtusertable.sample
-r--r--r--   1 root  wheel  40449 Nov  4  2004
submit.cf
-rw-r--r--