FreeBSD 6.4+ PF Binat =>Degraded traffic after few hours hours.
I have 2 servers running FreeBSD 6.4P#1 with standard SMP and each server has multiple IP alias bind to the bge1, Dell R200. # ifconfig -a bge0: flags=8802 mtu 1500 options=1b ether 00:19:b9:fa:0a:9f media: Ethernet autoselect (none) status: no carrier bge1: flags=8843 mtu 1500 options=1b inet x.x.72.23 netmask 0xff00 broadcast x.x.72.255 inet x.x.72.73 netmask 0xff00 broadcast x.x.72.255 inet x.x.72.74 netmask 0xff00 broadcast x.x.72.255 inet x.x.72.75 netmask 0xff00 broadcast x.x.72.255 inet x.x.72.76 netmask 0xff00 broadcast x.x.72.255 inet x.x.72.77 netmask 0xff00 broadcast x.x.72.255 ether 00:19:b9:fa:0a:a0 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 pflog0: flags=141 mtu 33208 tun0: flags=8051 mtu 1500 inet 10.10.10.1 --> 255.255.0.0 netmask 0x Opened by PID 1224 x.x.72.23 is the main IP and the rest are alias. Tun0 is the address created by openvpn. Following is the pf rules. EXT_IF= "bge1" INT_IF= "tun0" # Configured Networks EXT= "x.x.72.0/24" INT= "10.10.0.0/16" DMZ= "10.10.12.0/24" FW= "x.x.72.23" # DMZ Servers IP Addresses user1="10.10.12.2" user2="10.10.12.6" user3="10.10.12.10" user4="10.10.12.14" user5="10.10.12.18" #External IP Pool Mapping WEB_EXT1= "x.x.72.73" WEB_EXT2= "x.x.72.74" WEB_EXT3= "x.x.72.75" WEB_EXT4= "x.x.72.76" WEB_EXT5= "x.x.72.77" # # NAT: Bi-directional NAT (one-to-one mapping) binat on $EXT_IF inet from $user1 to any -> $WEB_EXT1 binat on $INT_IF inet from $user1 to any -> $WEB_EXT1 binat on $EXT_IF inet from $user2 to any -> $WEB_EXT2 binat on $INT_IF inet from $user2 to any -> $WEB_EXT2 binat on $EXT_IF inet from $user3 to any -> $WEB_EXT3 binat on $INT_IF inet from $user3 to any -> $WEB_EXT3 binat on $EXT_IF inet from $user4 to any -> $WEB_EXT4 binat on $INT_IF inet from $user4 to any -> $WEB_EXT4 binat on $EXT_IF inet from $user5 to any -> $WEB_EXT5 binat on $INT_IF inet from $user5 to any -> $WEB_EXT5 rdr pass on $EXT_IF proto {tcp, udp} from any to $WEB_EXT1 port 1024:65000 -> $user1 rdr pass on $EXT_IF proto {tcp, udp} from any to $WEB_EXT2 port 1024:65000 -> $user2 rdr pass on $EXT_IF proto {tcp, udp} from any to $WEB_EXT3 port 1024:65000 -> $user3 rdr pass on $EXT_IF proto {tcp, udp} from any to $WEB_EXT4 port 1024:65000 -> $user4 rdr pass on $EXT_IF proto {tcp, udp} from any to $WEB_EXT5 port 1024:65000 -> $user5 pass all pass out on $EXT_IF proto {tcp,udp,icmp} from any to any keep state --- It's a very simple pf.rules with no block rules. Main purpose to map vpn user to dedicated public IP. It was working great the last few months but lately it has been giving a terrible performance after a few hours of running the servers. SSH is not accessible, traffic and routing is very slow. Is the anything wrong with above configuration or 6.4 kernel with regards to PF and OpenVPN? The servers are not having any custom setting sysctl.conf or loader.conf or rc.conf except the enabling openvpn, firewall and sshd. Restarting sshd will provide remote access again or rebooting the server. Is there any known memory leaked for pf in this configuration? Is there a better and efficient way of doing this in PF or is it better to use ipfw? When this happen (no ssh), all ping to the alias IPs resulted in timeout. Only the main IP will respond. Server RAM is 1GB and during this issue, top shows ---top last pid: 4163; load averages: 0.36, 0.29, 0.21 up 0+21:10:26 11:11:58 21 processes: 1 running, 20 sleeping CPU: 2.3% user, 0.0% nice, 6.0% system, 3.9% interrupt, 87.8% idle Mem: 15M Active, 233M Inact, 241M Wired, 76K Cache, 111M Buf, 503M Free Swap: 1951M Total, 1951M Free -- Anyone? TIA. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Panic String: kmem_malloc(4096): kmem_map too small: 335544320 total allocated
I have 5 servers running almost at 70mbit/sec and each one of them will crash/reboot after more than 24 hours. The most it can stay up is 48 hours. How do I increase this memory from the default 320MB? This is the log after the crash. Dump header from device /dev/ad4s1b Architecture: i386 Architecture Version: 2 Dump Length: 2145722368B (2046 MB) Blocksize: 512 Dumptime: Mon May 8 11:28:55 2008 Hostname: XXX Magic: FreeBSD Kernel Dump Version String: FreeBSD 6.3-RELEASE #0: Wed Jan 16 04:45:45 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/SMP Panic String: kmem_malloc(4096): kmem_map too small: 335544320 total allocated Dump Parity: 1828182091 Bounds: 0 Dump Status: good Is there any option in version 6.3 to increase this? My filesystem, df -h: Filesystem SizeUsed Avail Capacity Mounted on /dev/ad4s1a496M 39M418M 8%/ devfs 1.0K1.0K 0B 100%/dev /dev/ad4s1e496M228K456M 0%/tmp /dev/ad4s1f218G1.3G199G 1%/usr /dev/ad4s1d2.9G258M2.4G 9%/var And fstab: # DeviceMountpoint FStype Options Dump Pass# /dev/ad4s1b noneswapsw 0 0 /dev/ad4s1a / ufs rw 1 1 /dev/ad4s1e /tmpufs rw 2 2 /dev/ad4s1f /usrufs rw 2 2 /dev/ad4s1d /varufs rw 2 2 /dev/cd0/cdrom cd9660 ro,noauto 0 0 TIA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Listening ports - vpn, proxy + p2p.
Hi, I'm running a large scale OpenVPN + proxy services on 6.2, mostly users are those using P2P clients such as emule and bittorrent protocols. Connections are made as follows: Users > Openvpn(rl0) > Socks5 (tun0) > Internet (rl0) Most of them have no problem in downloading or uploading but none of them are able to get high ID for emule and connectable status in the bittorrent trackers. All servers are configured with Firewall_enable="NO" and when I run netstat it will shows so many ports are connected BUT nmap says none of the ports are open. How do I get FreeBSD open and listen to those connections so that P2P clients can broadcast and listen using the proxy? With firewall off, all ports should be open but still p2p clients keep saying ports firewalled. TIA. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Sharing application jail and host?
Hi freebsd gurus, I'm playing with jail setup and wanted to provide a virtual server to my external remote users to login by ssh and run a couple of applications. Do I need to install the application using the ports in the jail itself or can I just install the application in the host environment? Is there any methods to enable sharing of the application across the jail and host? Example, if I want to let jail to run pure-ftpd, do I need to install pure-ftpd in each of the jail that I will be creating? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Clustering harddisk- Is this possiblem?
Hi, I have 5 remote servers and each has about 400GB of HDD and another 2 servers running fedora. Is it possible for me to bind all the BSD boxes HDD to the fedora boxes? That means all data that's being downloaded to the fedora boxes is actually being stored in the FreeBSD boxes, transparent to the users. What software do I need to install to enable this, if this is possible? thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: How to block 200K ip addresses?
Will give this a try. Since my server is a remote server that I can accessed only by ssh, what are other rules do I need to add in? I don't want to have a situation where I will lock myself out. Is it correct to say that the rules that I put in will only block those in the rules and allow all that are not in the rules? Thanks -Original Message- From: Dan Nelson [mailto:[EMAIL PROTECTED] Sent: Sunday, August 26, 2007 2:15 PM To: Aminuddin Cc: freebsd-questions@freebsd.org Subject: Re: How to block 200K ip addresses? In the last episode (Aug 26), Aminuddin said: > From: Dan Nelson [mailto:[EMAIL PROTECTED] > > In the last episode (Aug 26), Aminuddin said: > > > From: Dan Nelson > > > > In the last episode (Aug 26), Aminuddin said: > > > > > How do you block this large range of ip addresses from > > > > > different subnet? IPFW only allows 65536 rules while this > > > > > will probably use up a few hundred thousands of lines. > > > > > > > > > > I'm also trying to add this into my proxy configuration file, > > > > > ss5.conf but it doesn't allow me to add this large number. > > > > > > > > > > IS this the limitation of IPF or FreeBSD? How do I work > > > > > around this? > > > > > > > > Even though there are 65536 rule numbers, each number can > > > > actually have any amount of rules assigned to it. What you're > > > > probably looking for, though, is ipfw's table keyword, which > > > > uses the same radix tree lookup format as the kernel's routing > > > > tables, so it scales well to large amounts of sparse addresses. > > > > man ipfw, search for "lookup tables". > > > > > > I intend to create a ruleset file consisting of this statement: > > > > > > Ruleset > > > > > > add 2300 skipto 2301 ip from 0.0.0.0/6 to any > > > add 2400 skipto 2401 ip from any to 0.0.0.0/6 > > > add 2300 skipto 2302 ip from 4.0.0.0/6 to any > > > add 2400 skipto 2402 ip from any to 4.0.0.0/6 > > [...] > > > add 2300 skipto 2363 ip from 248.0.0.0/6 to any > > > add 2400 skipto 2463 ip from any to 248.0.0.0/6 > > > add 2300 skipto 2364 ip from 252.0.0.0/6 to any > > > add 2400 skipto 2464 ip from any to 252.0.0.0/6 > > > > > > add 2301 deny ip from 3.0.0.0/8 to any > > > add 2401 reject ip from any to 3.0.0.0/8 > > > add 2302 deny ip from 4.0.25.146/31 to any > > > add 2402 reject ip from any to 4.0.25.146/31 > > [...] > > > add 2302 deny ip from 4.18.37.16/28 to any > > > add 2402 reject ip from any to 4.18.37.16/28 > > > add 2302 deny ip from 4.18.37.128/25 to any > > > add 2402 reject ip from any to 4.18.37.128/25 > > > end ruleset > > > > > > Will the above rules block me from ssh into my remote server if > > > the ip addresses of my local pc (dynamic ip) not within any of > > > the above rules ip range as well as block my snmpd services? > > > > Yes; it's a little convoluted but should work. You want to drop > > incoming packets from the listed IP ranges, and return a "host > > unreachable" to internal machines sending outgoing packets to the > > listed IP ranges? Wouldn't it be easier to use ipfw's table > > feature and have something like this: > > > > add table 1 3.0.0.0/8 > > add table 1 4.0.25.146/31 > > add table 1 4.0.25.148/32 > > [...] > > add table 1 4.18.37.16/28 > > add table 1 4.18.37.128/25 > > add 2300 deny ip from table 1 to any > > add 2400 reject ip from any to table 1 > > > > That way you only have two ipfw rules, both of which use a single > > table lookup. > > My complete list has about 300K of lines. It takes about a few hours > just to load the rules. Will it be faster to load using the table? I did a quick test myself by fetching the safepeer ip list and adding it via rules and tables. This was a quick hack, so I'm just adding the first IP in each line, not the whole netblock (I didn't want to write a range->netmask converter). On my heavily-loaded box (currently doing a buildworld and some mrtg sweeps), I'm only able to insert about 60 ipfw "deny ip from 4.0.25.146 to any"-format rules per second. By contrast: ([EMAIL PROTECTED]) /tmp># head -3 splist1.table table 1 add 0.0.0.0 table 1 add 4.0.25.146 table 1 add 4.0.26.14 ([EMAIL PROTECTED]) /tmp># wc -l splist1.table 191637 splist1.table ([EMAIL PROTECTED]) /tmp># time ipfw /tmp/splist1.table ipfw /tmp/splist1.table: U:3.30s S:1.75s E:6.74s CPU:75% Faults:0/95 I/O:0/0 Swaps:0 ([EMAIL PROTECTED]) /tmp># ipfw table 1 list | wc -l 191637 Under 7 seconds to load all 191k entries :) -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
FIFO overflow error
I've been getting a lot of this error on one of my FreeBSD 6.2 boxes. I have 5 other servers running the same configurations as this one and none of them is giving me the error. The only different between this and the other servers is AMD on this one and Intel on the rest. The repeated errors given were: vr0: receive error (0406) overflow vr0: rx error (09): FIFO overflow vr0: rx error (09): FIFO overflow vr0: receive error (0407) overflow vr0: rx error (09): FIFO overflow vr0: receive error (0407) overflow vr0: receive error (0404) overflow vr0: rx error (09): FIFO overflow vr0: receive error (0404) overflow vr0: rx error (09): FIFO overflow vr0: receive error (0404) overflow vr0: rx error (09): FIFO overflow vr0: rx error (09): FIFO overflow vr0: receive error (0407) overflow vr0: rx error (09): FIFO overflow vr0: receive error (0407) overflow vr0: receive error (0404) overflow vr0: rx error (09): FIFO overflow vr0: watchdog timeout vr0: rx error (09): FIFO overflow vr0: receive error (1405) overflow vr0: rx shutdown error! vr0: restarting .. Netstat -m does not shows any memory issues. $ netstat -m 8512/8918/17430 mbufs in use (current/cache/total) 6992/6630/13622/65536 mbuf clusters in use (current/cache/total/max) 6928/6512 mbuf+clusters out of packet secondary zone in use (current/cache) 0/0/0/0 4k (page size) jumbo clusters in use (current/cache/total/max) 0/0/0/0 9k jumbo clusters in use (current/cache/total/max) 0/0/0/0 16k jumbo clusters in use (current/cache/total/max) 16112K/15489K/31601K bytes allocated to network (current/cache/total) 0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters) 0/0/0 requests for jumbo clusters denied (4k/9k/16k) 0/7/4608 sfbufs in use (current/peak/max) 0 requests for sfbufs denied 0 requests for sfbufs delayed 0 requests for I/O initiated by sendfile 1 calls to protocol drain routines Ifconfig shows vr0: flags=8843 mtu 1500 inet 66.90.101.146 netmask 0xff00 broadcast 66.90.101.255 ether 00:17:31:78:e0:f8 media: Ethernet autoselect (100baseTX ) status: active My loader.conf: kern.maxusers=256 kern.maxproc=32768 kern.ipc.nmbclusters=65536 kern.ipc.maxsockets=32768 sysctl.conf kern.maxprocperuid=32768 kern.ipc.somaxconn=32768 kern.ipc.maxsockbuf=16777216 net.inet.ip.portrange.first=3 net.inet.ip.portrange.hifirst=3 net.inet.ip.rtexpire= 1200 net.inet.ip.intr_queue_maxlen=1024 net.inet.tcp.rfc1323=1 net.inet.tcp.mssdflt=1460 net.inet.udp.recvspace=65535 net.inet.udp.maxdgram=57344 net.inet.tcp.sendspace=65535 net.inet.tcp.recvspace=65535 net.local.stream.recvspace=65535 net.local.stream.sendspace=65535 net.inet.tcp.keepidle=72000 net.inet.tcp.keepintvl=1800 net.inet.icmp.icmplim=300 net.inet.tcp.delayed_ack=0 net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 This server is acting as socks5 proxy server connecting to 40-80 users, which will connect to more than 8000-11000 peers. All other servers can push close to 85mbit/sec but this one can only go to a max of 25mbit. Anyone? Is this configuration or hardware problem? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: How to block 200K ip addresses?
My complete list has about 300K of lines. It takes about a few hours just to load the rules. Will it be faster to load using the table? -Original Message- From: Dan Nelson [mailto:[EMAIL PROTECTED] Sent: Sunday, August 26, 2007 9:37 AM To: Aminuddin Cc: freebsd-questions@freebsd.org Subject: Re: How to block 200K ip addresses? In the last episode (Aug 26), Aminuddin said: > From: Dan Nelson > > In the last episode (Aug 26), Aminuddin said: > > > How do you block this large range of ip addresses from different > > > subnet? IPFW only allows 65536 rules while this will probably use > > > up a few hundred thousands of lines. > > > > > > I'm also trying to add this into my proxy configuration file, ss5.conf but > > > it doesn't allow me to add this large number. > > > > > > IS this the limitation of IPF or FreeBSD? How do I work around this? > > > > Even though there are 65536 rule numbers, each number can actually have > > any amount of rules assigned to it. What you're probably looking for, > > though, is ipfw's table keyword, which uses the same radix tree lookup > > format as the kernel's routing tables, so it scales well to large > > amounts of sparse addresses. man ipfw, search for "lookup tables". > > I intend to create a ruleset file consisting of this statement: > > Ruleset > > add 2300 skipto 2301 ip from 0.0.0.0/6 to any > add 2400 skipto 2401 ip from any to 0.0.0.0/6 > add 2300 skipto 2302 ip from 4.0.0.0/6 to any > add 2400 skipto 2402 ip from any to 4.0.0.0/6 [...] > add 2300 skipto 2363 ip from 248.0.0.0/6 to any > add 2400 skipto 2463 ip from any to 248.0.0.0/6 > add 2300 skipto 2364 ip from 252.0.0.0/6 to any > add 2400 skipto 2464 ip from any to 252.0.0.0/6 > > add 2301 deny ip from 3.0.0.0/8 to any > add 2401 reject ip from any to 3.0.0.0/8 > add 2302 deny ip from 4.0.25.146/31 to any > add 2402 reject ip from any to 4.0.25.146/31 [...] > add 2302 deny ip from 4.18.37.16/28 to any > add 2402 reject ip from any to 4.18.37.16/28 > add 2302 deny ip from 4.18.37.128/25 to any > add 2402 reject ip from any to 4.18.37.128/25 > end ruleset > > Will the above rules block me from ssh into my remote server if the > ip addresses of my local pc (dynamic ip) not within any of the above > rules ip range as well as block my snmpd services? Yes; it's a little convoluted but should work. You want to drop incoming packets from the listed IP ranges, and return a "host unreachable" to internal machines sending outgoing packets to the listed IP ranges? Wouldn't it be easier to use ipfw's table feature and have something like this: add table 1 3.0.0.0/8 add table 1 4.0.25.146/31 add table 1 4.0.25.148/32 [...] add table 1 4.18.37.16/28 add table 1 4.18.37.128/25 add 2300 deny ip from table 1 to any add 2400 reject ip from any to table 1 That way you only have two ipfw rules, both of which use a single table lookup. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: How to block 200K ip addresses?
4.18.32.208/29 add 2302 deny ip from 4.18.32.224/28 to any add 2402 reject ip from any to 4.18.32.224/28 add 2302 deny ip from 4.18.34.0/27 to any add 2402 reject ip from any to 4.18.34.0/27 add 2302 deny ip from 4.18.34.136/29 to any add 2402 reject ip from any to 4.18.34.136/29 add 2302 deny ip from 4.18.34.224/29 to any add 2402 reject ip from any to 4.18.34.224/29 add 2302 deny ip from 4.18.35.16/29 to any add 2402 reject ip from any to 4.18.35.16/29 add 2302 deny ip from 4.18.35.48/28 to any add 2402 reject ip from any to 4.18.35.48/28 add 2302 deny ip from 4.18.35.200/29 to any add 2402 reject ip from any to 4.18.35.200/29 add 2302 deny ip from 4.18.35.224/27 to any add 2402 reject ip from any to 4.18.35.224/27 add 2302 deny ip from 4.18.36.0/26 to any add 2402 reject ip from any to 4.18.36.0/26 add 2302 deny ip from 4.18.37.16/28 to any add 2402 reject ip from any to 4.18.37.16/28 add 2302 deny ip from 4.18.37.128/25 to any add 2402 reject ip from any to 4.18.37.128/25 add 2302 deny ip from 4.18.38.0/24 to any end ruleset Will the above rules block me from ssh into my remote server if the ip addresses of my local pc (dynamic ip) not within any of the above rules ip range as well as block my snmpd services? -Original Message- From: Dan Nelson [mailto:[EMAIL PROTECTED] Sent: Sunday, August 26, 2007 5:14 AM To: Aminuddin Cc: freebsd-questions@freebsd.org Subject: Re: How to block 200K ip addresses? In the last episode (Aug 26), Aminuddin said: > How do you block this large range of ip addresses from different > subnet? IPFW only allows 65536 rules while this will probably use up > a few hundred thousands of lines. > > I'm also trying to add this into my proxy configuration file, ss5.conf but > it doesn't allow me to add this large number. > > IS this the limitation of IPF or FreeBSD? How do I work around this? Even though there are 65536 rule numbers, each number can actually have any amount of rules assigned to it. What you're probably looking for, though, is ipfw's table keyword, which uses the same radix tree lookup format as the kernel's routing tables, so it scales well to large amounts of sparse addresses. man ipfw, search for "lookup tables". -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: How to block 200K ip addresses?
Hi, How do you block this large range of ip addresses from different subnet? IPFW only allows 65536 rules while this will probably use up a few hundred thousands of lines. I'm also trying to add this into my proxy configuration file, ss5.conf but it doesn't allow me to add this large number. IS this the limitation of IPF or FreeBSD? How do I work around this? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Saturday, August 25, 2007 8:00 PM To: freebsd-questions@freebsd.org Subject: freebsd-questions Digest, Vol 191, Issue 37 Send freebsd-questions mailing list submissions to freebsd-questions@freebsd.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freebsd.org/mailman/listinfo/freebsd-questions or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of freebsd-questions digest..." Today's Topics: 1. Re: FreeBSD and ImageMagick crashes OS? (Kris Kennaway) 2. RE: spammers harvesting emaill address from this list (Ted Mittelstaedt) 3. Re: READ_DMA Error (Bahman M.) 4. Re: best way to keep track of new developments (Michel Talon) 5. Re: spammers harvesting emaill address from this list (Andrew Gould) 6. Re: /var or /usr for data? ([EMAIL PROTECTED]) 7. Mouse suddenly gets detached and reattached (Bahman M.) -- Message: 1 Date: Sat, 25 Aug 2007 05:56:59 + From: Kris Kennaway <[EMAIL PROTECTED]> Subject: Re: FreeBSD and ImageMagick crashes OS? To: Norberto Meijome <[EMAIL PROTECTED]> Cc: User Questions , Roger Olofsson <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=us-ascii On Fri, Aug 24, 2007 at 08:26:50PM +1000, Norberto Meijome wrote: > On Fri, 24 Aug 2007 11:29:59 +0200 > Roger Olofsson <[EMAIL PROTECTED]> wrote: > > > Turns out ImageMagick was called through php to resize the .JPG and most > > likely, the server runs out of memory/disk space. /var/tmp fills up and > > console spews as follows: > > > > Aug 22 19:29:49 rutilus kernel: vnode_pager_putpages: I/O error 28 > > Aug 22 19:29:49 rutilus kernel: vnode_pager_putpages: residual I/O 32768 > > at 62620 > > Aug 22 19:29:49 rutilus kernel: pid 29 (syncer), uid 0 inumber 49382 on > > /var: filesystem full > > :) having been bitten by that in several unix-like OS (pick any Linux distro, and freebsd too), i just remove /var/tmp and make a smylink to /tmp , which is big enough for my foreseeable needs. I like to keep my /var clean of tmp rubbish. > > and yes, configuring PHP and it's libraries helps too :) That's not an answer obviously. Error 28 is #define ENOSPC 28 /* No space left on device */ This seems like a bug to me: when a filesystem fills you shouldn't be getting this behaviour. Can you please follow the directions in the developers handbook chapter on kernel debugging, and when you trigger a hang, break to DDB from the console and force a dump, then file a PR and make the core file available to the developers. Unfortunately unless a developer can replicate the behaviour, providing access to a core is the only real debugging option. Thanks, Kris -- Message: 2 Date: Sat, 25 Aug 2007 00:34:30 -0700 From: "Ted Mittelstaedt" <[EMAIL PROTECTED]> Subject: RE: spammers harvesting emaill address from this list To: "Erik Trulsson" <[EMAIL PROTECTED]>, "fbsd2" <[EMAIL PROTECTED]> Cc: "[EMAIL PROTECTED] ORG" Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="US-ASCII" > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Erik Trulsson > Sent: Thursday, August 23, 2007 6:52 AM > To: fbsd2 > Cc: [EMAIL PROTECTED] ORG > Subject: Re: spammers harvesting emaill address from this list > > > For this list (freebsd-questions@) in particular it is intentionally and > explicitly the case that one does not need to be subscribed to post here. > This is because it is the main support forum for FreeBSD, and much > documentation exists directing people to ask their questions here. > > The list admins do have their priorities straight - they just > have different > priorities than you do. > Probably the list admins figure that anyone who posts here is an advanced user type who understands how to setup spam filters that work. Ted -- Message: 3 Date: Sat, 25 Aug 2007 11:52:30 +0330 From: "Bahman M." <[EMAIL PROTECTED]> Subject: Re: READ_DMA Error To: "Tamouh H." <[EMAIL PROTECTED]> Cc: freebsd-questions@freebsd.org Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 > > During FreeBSD 6.2 installation, th
RE: Servers Crash every few days
Thanks. But the servers are dedicated servers rented from a datacenter. I'm not sure if it hangs or panic. The provider just keep rebooting when we said servers not responding. Will try to use mbmon. Is there any ports I can use to log what actually happened before it hangs or crashes? -Original Message- From: Roland Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 22, 2007 10:59 PM To: amin Cc: freebsd-questions@freebsd.org Subject: Re: Servers Crash every few days On Wed, Aug 22, 2007 at 09:06:50PM +0800, amin wrote: > Hi, > I have six servers running FreeBSD 6.2 and all of them have the same config. > My servers are configured to run as a socks5 proxy server. > > Lately the servers are going down without any good reasons. How do I check > what are the errors or processes or the state of the server before it goes > down. All of them are running quite well without any reboots for the last > few weeks. Do what Kris mentioned, but check for hardware issues as well; overheating, voltage drops etc. The mbmon port running from cron and logging to another machine can be helpfull here. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Cannot su or have root access after changing loader.conf
Loader.conf with the following statement disable all su or root access: kern.dfldsiz="1G" kern.maxdsiz="1G" kern.maxssiz=131072 When I add the above 3 lines, all access to su or even single user boot is restricted without any error messages. Is this a bug or "1G" is not supported for maximum data size? My server is a 2GB ram E6600 with 400GB HDD. What are the valid values for these lines? thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, June 11, 2007 8:00 PM To: freebsd-questions@freebsd.org Subject: freebsd-questions Digest, Vol 182, Issue 2 Send freebsd-questions mailing list submissions to freebsd-questions@freebsd.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freebsd.org/mailman/listinfo/freebsd-questions or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of freebsd-questions digest..." Today's Topics: 1. Re: [FreeBSD][Newb] How I use sendmail to send mail? (Doug Hardie) 2. Re: [FreeBSD][Newb] How I use sendmail to send mail? (Bjorn Boulder) 3. Re: [FreeBSD][Newb] How I use sendmail to send mail? (Bjorn Boulder) 4. Re: [FreeBSD][Newb] How I use sendmail to send mail? (Toomas Aas) 5. tcp port error (tethys ocean) 6. Installing FreeBSD on large disk >2TB (Enrique Ayesta Perojo) 7. Re: Installing FreeBSD on large disk >2TB (Andreas Rudisch) 8. Re: [FreeBSD][Newb] How I use sendmail to send mail? (Bjorn Boulder) 9. procmailrc configuration fails (dhaneshk k) 10. Re: Installing FreeBSD on large disk >2TB (Enrique Ayesta Perojo) -- Message: 1 Date: Sun, 10 Jun 2007 21:45:48 -0700 From: Doug Hardie <[EMAIL PROTECTED]> Subject: Re: [FreeBSD][Newb] How I use sendmail to send mail? To: Bjorn Boulder <[EMAIL PROTECTED]> Cc: freebsd-questions@freebsd.org Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed On Jun 10, 2007, at 21:25, Bjorn Boulder wrote: > Doug, Mats > > Your advice is on the money; thanks. > > I see this: > > Jun 10 05:43:40 jake sendmail[15068]: l5AAhekD015068: > [EMAIL PROTECTED], ctladdr=oracle > (1004/1005), > delay=00:00:00, xdelay=00:00:00, mailer=relay, > pri=30062, > relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, > stat=Deferred: Connection > refused by [127.0.0.1] > > Your tip along with that given by Mats suggests that > I need to learn about /etc/mail/sendmail.cf > > It appears that the box cannot send mail to itself: > > Jun 10 03:05:44 jake sendmail[14546]: l5A84ObZ014546: > to=postmaster, > delay=00:00:00, xdelay=00:00:00, mailer=relay, > pri=154501, > relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: > Connection refused by > [127.0.0.1] > > Jun 10 03:05:44 jake sendmail[14546]: l5485I55093939: > to=root, > ctladdr=root (0/0), delay=6+00:00:26, xdelay=00:00:00, > mailer=relay, > pri=691450, relay=[127.0.0.1], dsn=4.0.0, > stat=Deferred: Connection > refused by [127.0.0.1] > > Jun 10 03:05:44 jake sendmail[14546]: l5485I55093939: > l5A84Oba014546: > sender notify: Cannot send message for 5 days > > Jun 10 03:05:44 jake sendmail[14546]: l5A84Oba014546: > to=root, > delay=00:00:00, xdelay=00:00:00, mailer=relay, > pri=152806, > relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: > Connection refused by > [127.0.0.1] > > Currently, my main assumption is that > /etc/mail/sendmail.cf > is the primary administrative interface for e-mail. That is correct, but you don't want to directly mess with sendmail.cf. You really want to use the mc file and then make to build the cf file. Its much easier and more readable. See /usr/ share/sendmail/cf/readme for more details. The cf files are in another directory from there named cf. You will also want to use sendmail -bv email-address to have sendmail show you how and where it will deliver for the address: email-address. That is a useful tool. -- Message: 2 Date: Sun, 10 Jun 2007 22:02:13 -0700 (PDT) From: Bjorn Boulder <[EMAIL PROTECTED]> Subject: Re: [FreeBSD][Newb] How I use sendmail to send mail? To: Doug Hardie <[EMAIL PROTECTED]> Cc: freebsd-questions@freebsd.org Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=iso-8859-1 ok, I'll look at that readme. And I nosed around on the box for clues about sendmail.cf It looks like the previous sysadmin ignored sendmail.cf I see this: bash jake oracle /etc/mail 14 $ pwd /etc/mail bash jake oracle /etc/mail 15 $ bash jake oracle /etc/mail 15 $ bash jake oracle /etc/mail 15 $ ls -latr total 582 -rw-r--r-- 1 root wheel569 Nov 4 2004 virtusertable.sample -r--r--r-- 1 root wheel 40449 Nov 4 2004 submit.cf -rw-r--r--