Re: FreeBSD mini-ITX
Benjamin Keating wrote: I've been eyeing up these mini-ITX boards - would like to make a quite little file server. Does anyone here run a mini-ITX board (what model)? Does it work out of the box? Anything not supported? I'd go for one of VIA's as AMD's and others are still a little new and pricey. Recommend a shop to purchase from (in the US)? I've tried several of the VIA mini-itx boards (not with FreeBSD tho). Not bad. But: 1: cases aren't super plentiful and the nice ones aren't cheap 2: for a file server, I want gig-E, something not built on to the VIA boards, at least not since I've last checked (could be available now) 3: I think it actually ends up being cheaper to buy a little cube system w/ a standard AMD/Intel chip 4: Many of the cases for the via boards don't have multiple drive bays... since you mention file server, I assume you'd want to at least mirror 2 drives 5: for the price, you may just want to consider buying a USB-NAS adapter (Linksys and Dlink both have them) or getting a Buffalo Terrastation (or similar) and save yourself a lot of work assembling, etc. Of course, this assumes you only want to use the box as a fileserver. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Analyzing SNORT logs stored in mysql
Anyone know of any good packages that can create reports (preferably HTML) for snort logs stored in mysql? Thanks, Brent ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Bootable CD with virus checking for NTFS
I've been searching around for a bootable CD that can virus fix NTFS partitions. Obviously that means it needs to be able to mount NTFS partitions as RW. I've found several CD's based on Linux that will check in RO mode, but none that will (safely anyways) in RW. Pipe dream? Heck, doesn't even need to be free as long as the cost is reasonable. Just so extra emails aren't generated, I've tried: Helix Ultimate Boot CD (this one claims NTFS RW, but when I boot, it appears to be RO... Haven't actually tried using on an infected system yet) Auditor Whoppix Thanks! Brent ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Anyone booting from RAID
I have an Intel motherboard with onboard SATA raid. It uses the Adaptec ICH5 chip, which appears to be supported in the very latest 5.3-beta6. However, on install, it sees the individual disks (ad4 ad6) instead of the mirror. How do I install to the mirror instead of an individual disk? Thanks, Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Firewall concept question
Looking to use a FreeBSD server as a firewall for a modem pool. The theory is we only want to give them access to HTTP and DNS (which we could do as proxy on the FreeBSD box). For accountability reasons, each modem will be assigned a specific IP address. That way, I'll be able to use Radius accounting to keep track of who was logged in on what ip at what time. The idea being that if someone uses the modems to launch an attack or whatever, we have something to work with for tracking the user down if the authorities come knocking. I haven't set up a FreeBSD firewall before, so I have a best way question: Should I use transparent mode where each modem has a public ip address or use something like static NAT entries? I'd planned on using a transparent mode, since I was familiar with it from using a Netscreen. It would seem to have the easiest accounting. But, wasn't sure if I could do that using FreeBSD, so static NAT entries would be the next best thing... Right? I would also entertain the idea of using something like Squid so all access is through a local proxy, then simply lock the firewall down completely. But, I'm still concerned about the accountability in case someone manages to launch an attack thru the proxy. I'd have to have some way of easily mapping back to the ip of the modem based on the external information given to me by authorities (ie: public ip address). Any other suggestions for methods to accomplish this task are welcome. Thanks! Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Confused about SATA Raid
I installed FreeBSD 5.3 Beta 6 today on an Intel s875wp1-e server board. I enabled RAID on the ICH5 SATA ports. Using its BIOS, I built a 2 drive mirror. FreeBSD saw both the native disks (ad4 and ad6). I installed to ad4. I ran atacontrol create RAID1 ad4 ad6. It said ar0 was created. Now I'm stuck. How do I make the system use ar0 instead of adX? Can I simply change the /etc/fstab file and reboot? Thanks! Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Backup Mail Server Questions
That's the hard part. The Secondary MX'ing part is fairly easy. All you do is get your friend to add an MX record to the DNS 'yourfriend.com' zone listing your server as a high numbered MXer: $ORIGIN yourfriend.com. @ INMX 0 smtp.yourfriend.com. 10 smtp2.yourfriend.com. 30 smtp.you.com. And then add: yourfriend.comRELAY to /etc/mail/access and rebuild access.db. That means your machine will accept e-mails addressed to users @yourfriend.com and queue them up for relaying onto to his servers as soon as they come back up again. If his site has to go down for an extended length of time, you can make special arrangements to store incoming mail for longer than the usual 5 days and then flush it over to him when he comes back up. I have a question that builds off this. Is there a way to make the backup MX server understand that some mail is ultimately destined for it and try to deliver it locally? Here would be an example: Mydomain.com is MX'd to mail.mydomin.com, which handles email for all my users. On that server, I've set up an alias for support@ that is actually a forward to my ticket system box (ie: [EMAIL PROTECTED]). In the event my main mail server is down, I'd like to use the tickets.mydomain.com box as the backup MX. Its already running SMTP to handle the tickets, so seems a logical choice. What would be ideal is to have mail destined for support@ to be delivered locally. So, for example, a user can create a ticket saying the mail server is down (of course that is only useful if admins have off-site email addresses the ticket system notifies for redundancy, but that's easy enough). Mostly interested in knowing how to do this under Postfix, but I'm not married to it. Thanks, Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Layer 4 switching in FBSD?
Maybe the Eddie Mission? http://eddie.sourceforge.net/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Bertrand Sent: Friday, July 09, 2004 6:15 AM To: [EMAIL PROTECTED] Subject: Layer 4 switching in FBSD? I'd like to implement some style of load balancing for my smtp and spamassassin servers. It was suggested to me that layer-4 switching was the way to go. I do not want to do round-robin DNS, as it could prove to be a problem if one of the boxes goes down. For bridging type firewalls and/or network surveylance equipment, I often put 5 NIC's into a FBSD box and it works perfectly great. I'd like to know if FBSD is capable of layer-4 switching, or some other similar technology to load balance that it can do while loaded up with NIC's. Tks for any input, suggestions or advice. Cheers, Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: 2.7 Terabyte array and bsdlabel on 5.3-BETA2 wierdness
dmesg: 3ware device driver for 9000 series storage controllers, version: 2.50.00.000 twa0: 3ware 9000 series Storage Controller port 0xc800-0xc8ff mem 0xfb80-0xfbff,0xfe9ffc00-0xf Pre-9500 controllers have a hardware limit of 2TB per RAID volume. Likely that's your issue. And, before you decide to break it into 2 RAID volumes, be aware the highly optimized and blazing fast performance is *only* on the first volume. Additional volumes are very slow. Its something 3ware doesn't advertise but will usually admit to if confronted. Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Dumb perl upgrade question
-Original Message- In the immortal words of Brent Wiese [EMAIL PROTECTED]... Am I missing some environment variable somewhere or what? Did you run use.perl port after you upgraded the port? D'oh! See, I knew it was dumb. For some reason, I didn't think that needed to be done after an upgrade since I'd done it after installing perl 5.8.2 from ports originally. But, its now looking at 5.8.4. Thanks! Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Bind 9 answer limit question
This isn't really FreeBSD specific, but I'm running Bind on FreeBSD, so it qualifies. ;) Can you limit the number of responses bind will give for a round-robin A record? Microsoft DNS allows you to do this with a AddressAnswerLimit registry change. The idea being you may have 16 ips in a round-robin, but in order to keep the packet size w/in spec, you only want to return 8 of them. Thanks! Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Dumb perl upgrade question
This is the sort of thing I know I should know, but I don't right now... Too many other stresses... Upgraded perl from 5.8.2 to 5.8.4 (both were ports). I need to recompile a bunch of modules (for example, mod_perl). But, most of them error out because they can't find perl 5.8.2 libraries. Am I missing some environment variable somewhere or what? Thanks! Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Bind 9 answer limit question
I have an idea. Why don't you tell him how it's done with djbdns? Or at the very least, give him a rousing RTFM. Flaming aside, I did look for this answer in the bind docs before posting. Either I missed it, or its not there. I did see other things that reference round-robins, but not this. While I'm not completely opposed to switching to djbdns, I'd prefer sticking to Bind if it can be done w/o hacking any code up. Thanks, Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Courier-imap + Postfix problem
Sorry, I missed this question and have been away from the list for a bit. Hopefully you figured this out by now, but just in case, I've answered below. -Original Message- snip All i got to do now, it seems, is start portmap and fam on system boot. I know portmap_enable=YES in rc.conf does the trick, but what about starting fam? Look in /usr/local/etc/rc.d There will likely be several startup scripts in there for other services. Use one as a skeleton to start up fam. Likely, if you installed fam from ports, there will already be a startup script in that directory, it'll just need to be renamed. Many ports will put the scripts there with a -sample extension. Check to make sure that file looks in the right places for your daemon and if so, rename it to remove the -sample and it'll start up on boot. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Courier-imap + Postfix problem
Thanks. But now i'm back in the dark. Does anyone have any idea what the source of my errors in maillog could be? To recap, i'm running postfix and courier-imap and i'm getting errors as follows: maillog: Jun 20 15:47:05 server imapd-ssl: Failed to create cache file: maildirwatch (fre Jun 20 15:47:05 server imapd-ssl: Error: Input/output error Jun 20 15:47:05 server imapd-ssl: Check for proper operation and configuration Jun 20 15:47:05 server imapd-ssl: of the File Access Monitor daemon (famd). Jun 20 15:47:05 server imapd-ssl: Failed to create cache file: maildirwatch (fre Jun 20 15:47:05 server imapd-ssl: Error: Input/output error Jun 20 15:47:05 server imapd-ssl: Check for proper operation and configuration Jun 20 15:47:05 server imapd-ssl: of the File Access Monitor daemon (famd). Any info would be great! I don't have the file your log describes. I don't think its part of courier. At least not if you installed it from the ports. Or, maybe its only written temporarily if someone is using imap via ssl (my mail server isn't active enough on imap-ssl to watch for that). It looks like maybe you have the File Access Monitor installed (/usr/ports/devel/fam)... I know nothing about it, but its likely something misconfigured on it that isn't allowing courier to write the file or something. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Courier IMAP and SSL question
Posted this once before, got no response... Hoping maybe someone may have some ideas now... Please!!! -Original Message- I'm a bit stumped and hoping someone else has had (and solved) my problem. First, working on a system installed by another tech. That's always lovely. FreeBSD 4.9 Courier-IMAP 3.0.2 from ports with mysql support Openssl 0.9.7d (I believe also from ports) I have .pem certs that I believe were created with the mkimapdcert program. They're in /usr/local/share/courier-imap In /usr/local/etc/courier-imap, I have the imapd and imapd-ssl files. Some snippets from the imapd.cnf (which is actually linked to imapd) file: RANDFILE = /usr/local/share/courier-imap/imapd.rand [ req ] default_bits = 1024 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type prompt = no [ req_dn ] C=US ST=AZ L=Phoenix O=Mail Server OU=Automatically-generated IMAP SSL key CN=*.clientdomainname.com [EMAIL PROTECTED] [ cert_type ] nsCertType = server I think the CN being wildcard was so the certificate didn't need to be rebuilt when moving from test mode into production since this was a client migration, not a new install. OK, the strangeness... First, imapd.rand doesn't exist anywhere on the box. Second, when I try to start either pop3 or imap in ssl mode (using the scripts placed by the port install in /usr/local/etc/rc.d), I get this: RANDFILE: not found default_bits: not found encrypt_key: not found distinguished_name: not found x509_extensions: not found prompt: not found Subject: I hit ctrl-C here ^C^C (Interrupt -- one more to kill letter) ^C POP3: not found nsCertType: not found RANDFILE: not found default_bits: not found encrypt_key: not found distinguished_name: not found x509_extensions: not found prompt: not found No $home variable set. ~/.mailrc: No match. Subject: again, ctrl-c a couple times ^C^C (Interrupt -- one more to kill letter) ^C POP3: not found nsCertType: not found If I look at the process list, its started up and clients can connect to it. I tried googling around for this and so far have come up nothing, so I'm guessing this is something really dumb that I'm missing. I don't care about hitting ctrl-C a couple times, but if the box is rebooted, it just sits there at these prompts. First time, it did this before starting up SSH, which really sucked. :) At least I got that order changed. I wish I had more info about how it was originally set up. Thanks for any help! Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Swap question
I recently added a new disk to a 4.9 machine. I was having problems running out of swap space, so I used a couple gigs of this drive as another swap partition. It is listed as a swap partition in /etc/fstab. I couldn't actually find something that would confirm this, so hoping someone here can. I saw in man swapon something about only the first swap partition is used when the machine boots. The implication was any other swaps needed to be turned on afterwards. But, since everything in /etc/fstab gets mounted, I think I'm ok (I do not have the noauto flag set). The box reboots fine, so there aren't any errors. However, mount -p (or mount -pv) do not list swap partitions. So, are both swaps being used and is there a way I can tell? Thanks! Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: 3Ware Escalade problem
Here is what my system is telling me. twe0: unexpected status bit(s) 80PCIPERR twe0: PCI parity error: Reseat card, move card or buggy device present. Here is what I am running. FreeBSD 4.7 p25 boot disk IDE SCSI tape drive twe0 is an Escalade 7500-4 twe1 is an Escalade 7000-2 I have tried two different 7500-4 cards. I have changed slots. I have tried 3 different motherboards. 2 ASUS P2BS 1 MSI K7 Master-S What I suspect. The Escalade 7500-4 is a 64 bit card. I am using it on a 32 bit bus. The manual doesn't say you can't but I am suspicous. Both 7500-4 cards worked just fine on Linux and Windows on both 32 and 64 bit motherboards IIRC. 3Ware maintains a list of motherboards where 32bit support works. It will only run 64bit on many board (most of the Intel server boards for example). You may want to check that list for your board(s) (I was too lazy to look it up). Also, I've seen some of the 7500's still shipping w/ old firmware. And, like a lot of PCI problems, it could be the slot. If you can, move it to a different slot. I've also seen this problem on riser cards that share the same pci slot with other cards. Some of the newer risers have little daughter-boards that plug into adjacent slots to rememdy that problem. Good luck, Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Fastrak s150 tx4 SATA Raid help
I have an onboard Promise s150 tx4 SATA raid chip. Anyone have any luck running this under FreeBSD 4.9? Will it run under 4.9? Any experiences with it under 5.x? Due to already overbudgeting on this particular box, moving to a 3ware card is unlikely unless I can't for 100% sure get it running on the Promise card... Cheers, Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Rsync autologin over ssh question
Here is what I need to do: I need to somehow automate an rsync from 1 box to several others. I have set up SSH for RSAAuthentication, the method I'd prefer to use (over RHostsRSA). I am able to slogin to the other boxes w/o supplying the passphrase. But here is where I'm stuck. How do I make a script run w/o the passphrase? The goal is to put this script in the users crontab. I've googled for help on this, which is how I got to the point I'm at, but now I need some further guidance. I am notified by email when the boxes reboot, so logging back into them to add the passphrase back into memory isn't a problem. I'd rather not use Rhosts if I can avoid it, and I also want to avoid running rsync daemon. If anyone has suggestions on a better and/or more secure method to do this, happy to hear it. Ultimately, I'd also like to be able to trigger this sync from a webpage, so if anyone has done that (using sudo I'd imagine), feel free to suggest things there too. Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Dual p3 or single xeon for ipsec
Which do you think would be more effective as an IPSEC tunnel gateway? A dual p3 1.26ghz server or a single 2.6 ghz (800mhz fsb) Xeon? Things that would be common to both: FreeBSD 4.9 (maybe possibly 5.3 release when its officially out), SMP kernel on dual Intel 64bit dual gig-e 1000bTX nic RAM (up to 2GB if it'll make a difference) IDE drives (we're just pushin bits so I wouldn't think drives would be too important) What I'm most interested in is pushing the most bits possible between points A and B, which will be separated by the public internet. Encryption doesn't need to be insanely high. The files being pushed aren't sensitive and user/pass info won't be exchanged via plaintext. I noticed the Intel gig-e server nics have encryption offloading (sticker on the last box I got). Anyone know how effective? I can't seem to find info about it on their site. One more question related to this, and I apologize if this is dumb or poorly worded... Can I use jumbo frames on the public side of the gateways? My understanding is that everything between would need to be able to deal with jumbo frames and I don't know the answer to that. Again, this may be a weird question, but can the gateway store up a few frames from its internal side and send it as 1 jumbo frame out the public side? Does that question even make sense? And, last question, anyone played with the pci-x stuff? If that's all its cracked up to be, it somewhat makes this email moot. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Postfix - Sasl - mysql
Brent Wiese wrote: I (tried) following the instructions at: http://high5.net/howto/ I have postfix virtual users working in MySQL. I have courier imap/pop3 working w/ virtual users. I wanted to add SMTP auth. I added the cyrus-sasl2 port (also chose support for it in postfix port) WITH_MYSQL. No go. I added the following lines to /usr/local/lib/sasl2/smtpd.conf (found this in another faq/tutorial, so it may be incorrect) sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sql sql_engine: mysql mech_list: login plain crammd6 digestmd5 sql_user: postfix-user sql_passwd: thepassword sql_database: postfix sql_statement: SELECT password FROM mailbox WHERE username = '%u' sql_verbose: yes That works for me.. No go. Still getting no user in db in /var/log/maillog. I get: postfix/smtpd[23761]: sql_select option missing postfix/smtpd[23761]: auxpropfunc error no mechanism available In /var/log/messages I turned on logging in mysql and it didn't log any queries. Any other suggestions? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Postfix - Sasl - mysql
I used those instructions, although I modified some for my specific configuration. the username field in my database is [EMAIL PROTECTED] however. Yes, that is how mine is. I had to create a plain-text password This is what I want to avoid. I think this is what the patch listed on the howto.net page is supposed to fix, but it doesn't apply right for me. Here's my working smtpd.conf: # smtpd.conf pwcheck_method: auxprop auxprop_plugin: sql mech_list: plain login sql_engine: mysql sql_hostnames: localhost sql_user: postfix-user sql_passwd: thepassword sql_database: postfix sql_select: select pass_plain from mailbox where username='[EMAIL PROTECTED]' Once I cleaned up my syntax (per another post, thanks!) while comparing to this, I'm now able to check the DB correctly (I turned on MySQL logging to make sure), except for the whole encrypted vs plaintext thing. If I use PAM, is that going to break courier-IMAP? Anyone succesfully patched a recent ( = .17) cyrus-sasl2 to use encrypted passwords in MySQL? Thanks for all the help, I think I'm nearly there. :) Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Postfix - Sasl - mysql
I (tried) following the instructions at: http://high5.net/howto/ I have postfix virtual users working in MySQL. I have courier imap/pop3 working w/ virtual users. I wanted to add SMTP auth. I added the cyrus-sasl2 port (also chose support for it in postfix port) WITH_MYSQL. No go. I added the following lines to /usr/local/lib/sasl2/smtpd.conf (found this in another faq/tutorial, so it may be incorrect) sasl_pwcheck_method: auxprop sasl_auxprop_plugin: mysql login plain crammd6 digestmd5 mysql_user: postfix-user mysql_passwd: thepassword mysql_database: postfix mysql_statement: SELECT password FROM mailbox WHERE username = '%u' mysql_verbose: yes (I also tried sasl_ in front of all the lines). When I try to use SMTP Auth from Outlook Express, I get this in the logs: Apr 6 20:35:01 server01 postfix/smtpd[22279]: warning: SASL authentication failure: no user in db Apr 6 20:35:01 server01 postfix/smtpd[22279]: warning: SASL authentication failure: no secret in database Apr 6 20:35:01 server01 postfix/smtpd[22279]: warning: swing.bjwcs.com[208.185.25.11]: SASL NTLM authentication failed I'm using cyrus-sasl-2.1.18 and postfix 2.0.19. I also tried compiling w/ the patch listed in that tutorial link above, but it breaks. I read somewhere that mysql stuff changed in cyrus-sasl-2.1.17. Any help? I think I'm really close... I'm just so frustrated at this point, I'm probably no longer thinking clearly. Thanks! Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: apache+mod_ssl + php4 crashes
I have trouble running apache with php4. when i try to start httpd, it crashes with signal 11. If i remove php4 from httpd.conf, apache runs fine. Installed packages: apache+mod_ssl-1.3.29+2.8.16_1 The Apache 1.3 webserver with SSL/TLS functionality php4-4.3.4_7PHP Scripting Language (Apache Module and CLI) php4-horde-4.3.4_7 A default PHP configured for the Horde framework Any ideas? Did you install these as ports? I've had trouble when cvsup'ing the ports because /lang/php4 has apache13 as the port it looks at when in actuality, you want it looking at apache13-modssl. I've done it enough times now that I instinctively go change it, but that annoyed for a long time because I'd forget and it'd go install normal apache and complain a lot when starting. Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: SMP vs. Hyperthreading?
Hi, I've got a machine with a P4 that supports HTT (Hyperthreading) so I thought about setting up a SMP-kernel. SMP HT. I'm not an expert on this, but when I went to an Intel conference a couple years ago which discussed hyperthreading, it was made pretty clear it wasn't the same as SMP. But, like I said, I'm not an expert so I don't know what exactly its doing at the very low levels. Under 5.2.1 it's a different story though: /var/log/messages shows that there are 2 CPUs but the message indicating the second CPU has been launched is missing (/kernel: SMP: AP CPU #1 Launched!). When I run a cpuburn-Test under 5.2.1 CPU load indicated by top shows 100% so I assume SMP/HTT is not active. That is the message for the second CPU. The first is CPU #0 and is always active. Every dual-cpu machine I've installed SMP kernel on only shows the second CPU launching. So my primary question is - how do I get SMP running under 5.2.1 with a hyperthreading-capable P4?? I haven't used 5.x, but in 4.9, there is a specific line in the kernel config for hyperthreading support (to which I've read mixed reviews on this list). Good luck Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
4.9 vs 5.2 with consideration of support for SMP, hyperthread, and 3ware
I know I've seen the 4.9 vs 5.2 debate go on a lot, but usually without discussing the exact usage and maturity of certain drivers. I am building a server that has 2 XEON hyperthreaded CPUs. It will have 2 3Ware 7500-series controllers and disks most likely in RAID10 (still debating that choice, but its for another thread). While this server will be used in production, it is understood by the client that we're not offering 5 nines (due to the nature of the situation, not the o/s). With that being said, I'm not looking for the run 4.9 because it's the latest stable branch. I also do not want to be on the bleeding edge as far as 5.2 would be concerned. I'd probably pick the latest production release and stick to that. I don't want to spend all my time cvsup'ing sources and buildworld'ing (especially given the probability I'll be duplicating this config another 3 times). What I'm looking for is experience and/or opinion on 4.9/5.2 in regards to better support, speed (where applicable), and stability in regards to HyperThreading (it won't pain me to not use hyperthreading, but if I can, might as well), 3ware controllers, and SMP. Also, if anyone has experience or opinion about benefits of one or the other on Apache and PHP, that is also welcome. Anything special someone has done to get better use of multi-cpu in regards to those programs, etc. Thanks in advance! Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
CURL in PHP performance question
Running 4.9_REL with about 10 or so jails. One of my users wants my to compile CURL so they can use it with PHP, which is being run as an Apache module (not cgi). I've never used it, but based on the way it reads, it seems like the overhead of the calls on even a moderately busy site could have serious server impacts. Am I worried about nothing or do I need to put my foot down so he doesn't affect the other jail users by taking up all the resources? Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Mini atx for firewall
also you can get PCI doublers... no idea how well they work, but! anyone had experience of them? You can always get the Intel dual/quad server NIC's. Even come in dual gig-e flavor! Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Mail in a Jail
Hi, I run my web sites from a jail. The time has come that i now need to send an email from one of those sites using the mail() function in php. I would like to know, what files do i need to be able to send mail from the jail using the mail command. The box is using sendmail as its mta, and is running 4.9 release. This plagued me too. I found a very easy solution: esmtp in the ports. A few catches: 1: You need an external SMTP server that will relay the mail for you. I was unable to get it to talk to the main host's SMTP, probably a feature of jailing... Luckily, I have another box on the LAN who's sole purpose is to relay mail for machines on the LAN. 2: After you install esmtp, change your sendmail links (/usr/sbin/sendmail at least I think) to point at it. 3: If you compiled PHP w/ a non-existent sendmail, you have to recompile. It's a little confusing, but if you dig far enough in the docs, mail() will not compile if sendmail doesn't exist (it tests). Enjoy! Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: mpd VPN Server / W2K Clients
Hello, I am trying to configure mpd for road warrior w2k clients to connect to, and I'm running into a few issues, hoping some of you could help out. I'm not sure if there are other issues that need to be configured differently besides mpd, like ppp or natd, etc. Or do you need to change options in the W2K VPN client. Below are my specs, mpd config files, and error message. Please let me know if you have any I know its been a while since you posted (I don't get to read this list as often as I'd like to), but in case you didn't get it working, the thing that threw me for a while was putting gateway_enable=yes in rc.conf (syntax might be slightly different). Its in the MPD readme file, but you don't see that file when installing from ports. ;) Don't forget to run some sort of firewall so you only allow pptp traffic to bridge that connection. Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Support for affordable S-ATA RAID controllers (xs4)
The 3ware cards are quite expensive, according to the pricing lists I've seen so far. I wonder if the 8506-card mentioned in another post also works in 32bit PCI slots. Otherwise, I'd need a Xeon board. But that's another post in the thread. 3Ware cards are expensive, but you get what you pay for. Whatever code they have to optimize the disk use works wonders. I also believe the price is reasonable given its hardware RAID5. BE AWARE however (found this out the hard way), their performance optimizing code only works on the FIRST volume. Shouldn't be an issue with a 4-6 port card, but when you use 200gb+ drives on a 12 port card, you end up over the 2TB volume limit and the second volume is slow as molassas... Cheers, Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Sending email via PHP mail command in jail
Just in case anyone was following this thread, esmtp in the ports works beautifully. Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Sending email via PHP mail command in jail
put SMTP = my.relay.mail.box into your /usr/local/etc/php.ini It was my understanding this only worked in the Windows version of PHP... That's according to PHP.net's site and the comments in the php.ini file. I just added it and the test is still failing. Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Sending email via PHP mail command in jail
I have a 4.9 system running various jails. My clients want to be able to send confirmation emails via PHP's mail() command. Postfix doesn't seem to install right in the jail. I found a program called mini-sendmail and compiled it to use a relay server I have... It works fine from command line, but terminates oddly when called from php. Any suggestions? I don't need an SMTP daemon running, just the ability to send confirmation messages. Like I mentioned above, I have a relay box I can use if the solution is something like mini-sendmail. Thanks, Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: (Semi)hot swap IDE
Hello! I'm looking for a cheap solution to back up a FreeBSD 4.8 machine. Cheap meaning that tape drives are out of question. Even external FireWire drives are deemed a bit too expensive by the folks for whom I'm doing this research. This leaves one option I can think of - standard IDE drive in one of those removable HDD trays. We'd probably use two drives, one being active in the machine and the other being kept somewhere out of the house for safety. clip I personally think this a great alternative to tape, especially given the low cost per GB of drive space. 3ware cards support hot swapping IDE and there are several hot-swap IDE drive trays in the $50-75 range. You *MUST* make sure the trays are really hot swap. Most are not. The ones that are will be very specific about saying so. Another alternative I just found this past weekend... There is a company making hot swap IDE trays, but instead of being IDE out, they're USB 2.0. Its still an internal bay though. Its really quite cool and works very well. It takes the headache out of it too since we all know USB is hot-swap. ;) I *think* the mfg was incase or something like that. I picked up the unit for $50 at fry's electronics (if you don't have one, they're probably on the outpost.com website) and 2 extra drive chassis for $13 each. The chassis are fully enclosed too, so dropping them into a briefcase should be no problem. Cheers, Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: (Semi)hot swap IDE
Hello! I'm looking for a cheap solution to back up a FreeBSD 4.8 machine. Cheap meaning that tape drives are out of question. Even external FireWire drives are deemed a bit too expensive by the folks for whom I'm doing this research. This leaves one option I can think of - standard IDE drive in one of those removable HDD trays. We'd probably use two drives, one being active in the machine and the other being kept somewhere out of the house for safety. clip I personally think this a great alternative to tape, especially given the low cost per GB of drive space. 3ware cards support hot swapping IDE and there are several hot-swap IDE drive trays in the $50-75 range. You *MUST* make sure the trays are really hot swap. Most are not. The ones that are will be very specific about saying so. My computer vendor uses these: http://www.amtrade.com/pc/ata133_ide_mobil_hdd_racks.htm I personally have not used them, so don't blame me if they end up not working as advertised, but my vendor is happy with them. I have also never used that company or its website until today, so I have nothing in the way of recommending for or against. Another alternative I just found this past weekend... There is a company making hot swap IDE trays, but instead of being IDE out, they're USB 2.0. It came to my attention that FreeBSD 4.x lacks USB 2.0 support. I used these USB 2.0 trays in a Windows server and hadn't thought that USB 2.0 might not be supported in FreeBSD 4.x. I don't use USB in my FreeBSD servers, so this never crossed my mind. I'm providing the link to the HDD trays above to show my apologies. :) Cheers, Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Apache serving docs from samba share
I'd like to have apache serve its docs from a samba mounted drive share. I've seen articles of people doing this, so my question is more performance related. Has anyone benchmarked this setup? The NAS is fast as snot and lightly used. I've been able to sustain over 100mb/s writing to it over gig-e, so we can assume that its speed is adequate. I don't imagine the apache sites will be too heavily hit, but it definitely won't be a few hits a day type site. Are there any good web pages discussing this anyone can point me to? Also, somewhat related, anyone using sftp and samba to offer secure ftp to Window's shares? Any issues? Thanks, Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Backup Server
Greetings, I have an NT 4 server Sorry to hear that. I'm sure you realize MS no longer officially supports NT4 right? Well, no matter, on to the real questions... that I wish to back its data up to a FreeBSD box running Samba. The thought being that since I cannot back all the NT 4 data up to one tape (24GB compressed), that I could back it up every other night. The nights it didn't go to tape, it would go to the Freebsd box. Why bother with tape at all? The speed is abysmal. If you need the ability to move the media, buy 5 USB 2.0 or Firewire external 100+GB drives. Oh, that's right, you're running NT 4. ;) Should I use Freebsd 4.x or 5.x ? The disk drives in the to be installed FreeBSD box are SCSI. Should I use Vinum ? I don't know about 4 vs 5. I only use 4.x. Your limiting factor here is going to be network speed. You could remove a possible disk bottleneck using vinum, but you'd want to stripe the disks and then you double (or x # of drives) your risk of a drive failure. If you have all night to run the backups, then staying at 100bt is probably fine, but you may want to consider gig-e. If you do that, you can run jumbo frames and get much better perf. Even if you stick to 100bt, you should probably tune things some. I can't remember if NT4 supports changing tcpwindow sizes, but its probably worth looking into, even if they're very close to each other ( 2ms). Just curious about others thoughts before I start setting it up. You should look into this software: http://backuppc.sourceforge.net/info.html Do you already have the hardware for this box? If you don't, instead of spending money on scsi, you may want to consider using serial ATA and 3Ware's RAID cards. Put 4 or 5 SATA drives on a 3Ware in RAID5 and you have a cheap speedy fault-tolerant system. SATA drives are only like $10 more than their parallel ancestors. I've given up scsi in favor of this config. I just built a 6TB system using 24 SATA drives and 2 3Ware 12 port controllers and its *very* fast. I haven't speed tested it yet, but I also have a 2TB system using 12 ata133 drives and a single 3ware 12 port card and I can write at over 110mb/s over gig-E (reads are somewhere around 170mb/s). I expect the new sata one will be limited more by nic now. Good luck! If you decide you might want to go the 3ware route, let me know and I can put you in touch with the vendor I have build these for me. Great pricing and excellent service. Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Newbie: Touchy Travan tape drive rewind problem
I have to agree with Bill. I don't like the me-too postings, but in this case, I can't recommend highly enough dumping that Travan. I've never had one work for more than a year or so before dying various deaths. Get yourself a nice big 250GB USB/firewire drive and zip your backups tight. You'll be a lot happier. :) -Original Message- On Wed, Nov 12, 2003, Christophe wrote: I've installed FreeBSD 4.9-RELEASE on a Dell 400SC with an ATA Travan tape drive, accessing it through /dev/ast0. On linear writing operations, it works great... but there appears to be some kind of timeout problem on rewind: A good general rule about using the Travan tape drives is -- don't. We used them for about a year until they started giving all kinds of wierd problems that appeared to be hardware related, timeouts, not able to read tapes after they were written, etc. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX:(206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ The very powerful and the very stupid have one thing in common. Instead of altering their views to fit the facts, they alter the facts to fit their views ... which can be very uncomfortable if you happen to be one of the facts that needs altering. -- Doctor Who, Face of Evil ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: JAIL can't FTP ports?
In addition to Rus' comments: 1) Can I use FTP to install ports or packages without going through sysinstall? Yes, and to me, this seems the smarter way to do it. You can pkg_add -r to your hearts content, or, if you want all the ports (which I prefer over packages myself), use fetch to grab the latest ports.tar.gz and unzip it. 2) If not, is there any other way to get the entire ports collection into the jail, without actually being at the console? SSH in and do the fetch I mentioned above. And if I create a jail from a system with no ports, does that mean the jail will have no ports? And if my system has the entire ports collection installed, will a new jail also have them? I do not believe (I could be wrong, I've only done jail setups once) that when you create the jail it does not install the ports tree whether its on your box or not. However, if you want to avoid the bandwidth hit of fetching the ports.tar.gz, you could copy it over from the master into the jail/ports dir. If its an old ports.tar.gz, then you can cvsup it from inside the jail... I found this link to be superb when setting up jails for the first time: http://www.onlamp.com/pub/a/bsd/2003/09/04/jails.html Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: IPSEC tunnel issue..
Here's my situation. I've got 2 networks at different facilities that are using public routable IP's. Each end has a fbsd box in bridge mode as their firewall between the lan and the cisco routers at each end. I've been tasked to establish a secure tunnel between these two networks and I'm having some trouble. I've searched google for ipsec information on this but every thing that I have found depicts a private lan behind the public ip's of the tunnel endpoints. Has anyone been able to establish this type of tunnel successfully? If so, can you please direct me to some information on this? So if I understand correctly, you're running the FreeBSD firewall in transparent mode? Hosts behind the firewall use public addresses on the same subnet as the firewall public? I think you may need to switch to NAT mode so you're running a non-net-routeable (private) LAN. You can always stack more public Ips on the firewall and port forward. Or, if you run a routing daemon and have all your hosts point to it as the default gateway, build the tunnel and route anything that isn't through the tunnel at your real gateway. Or, build the tunnel and add routes to all the hosts specifing the FreeBSD box as the gateway for the remote network. This can be a pain to admin long term, but if, for instance, you run a Windows domain, you can run a route add batch file when users log into the network. Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Probably dumb apache question
Probably not the most appropriate list for this, but the best of the ones I subscribe to... I have set up a new freebsd/apache/mod_ssl server. I want to force all connections to use SSL. I know I can simply turn off listening on port 80, but because I know people using this site will instinctivly type http instead of https, I'd like to force a redirect. I'm guessing I'll need to use mod_rewrite, but was hoping there was an out of box way like ForceSSL directive or something. The box does not use vhosts if that matters at all... If mod_rewrite, anyone have a good rewrite rule handy? Cheers, Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ATA mirroring solution required
I was looking for a secondary controller to give each drive it's own channel on the controller (ie a promise/HPT one) but have no experience with these under FreeBSD. Can someone recommend one if possible that works flawlessly or an alternative solution? I have a Promise TX2000 running under 4.8 and it works fine so far. That card is about $75 online. One of the nice things is you can tell it to mirror the original drive so you don't have to reinstall. Other cards (like the 3Ware Escalades) kill both drives data when you create the mirror, so you have to reinstall/restore backup. Cheers, Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
GoVideo software
Anyone have a GoVideo/SonicBlue network dvd player? The software that comes with it is only for Windows, but all my files are on FreeBSD. Anyone write/port it? Getting an answer from GoVideo is nearly impossible. I always seem to get the techs that have been there 2 days or less. Cheers, Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Slow SSH authentication with ipfw
In my experience, this is almost always a DNS resolving issue. You have the rule for DNS though... Do you have an internal DNS resolver you could set in your resolv.conf? Take the firewall out of the picture? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lay Tay Sent: Monday, September 08, 2003 3:50 PM To: [EMAIL PROTECTED] Hello, I've configured a FreeBSE v4.8 STABLE system on a HP Vectra machine (Pentium III 850 with 256MB RAM) as a firewall/router. I then have another similar machine setup internally with SSH service started (OpenSSH on a SuSE 8.1 Linux). Everything worked fine except that I noticed ssh connection takes a very long time. When I use PUTTY or WinSCP on a windows machine to connect to my internal machine, the authentication takes a very long time. WinSCP will alway timeout on the first try, when I hit retry, the authentication goes through. This does not happen if I insert a pass everything rule in ipfw. I suspect my firewall rules has something to do with it. Can someone check and see if I'm doing something wrong? Thanks. Here's extract from my rc.firewall: internalip=xxx.xxx.xxx.xxx externalip=xxx.xxx.xxx.xxx # Stateful packet inspection ${fwcmd} add check-state # Allow TCP through if setup succeeded ${fwcmd} add pass tcp from any to any established # Allow incoming HTTP request ${fwcmd} add pass tcp from any to ${internalip} 8080 setup ${fwcmd} add pass tcp from any to ${externalip} 80 setup # Allow incoming SSH connection ${fwcmd} add pass tcp from any to ${internalip} 22 keep-state # Allow incoming FTP connections - Active Connection only ${fwcmd} add pass tcp from any to ${internalip} 21 ${fwcmd} add pass tcp from ${internalip} 20 to any 1024-65535 # Allow setup of incoming email ${fwcmd} add pass tcp from any to ${internalip} 25 setup # Allow setup of outgoing TCP connections only ${fwcmd} add pass tcp from ${internalip} to any setup ${fwcmd} add pass tcp from ${externalip} to any setup # Allow DNS queries out in the world ${fwcmd} add pass udp from any to any 53 keep-state ${fwcmd} add pass tcp from any to any 53 keep-state # Allow IP fragments to pass through ${fwcmd} add pass all from any to any frag # Disallow setup of all other TCP connections ${fwcmd} add deny tcp from any to any setup ;; ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Arp cache needs clearing or machine stops responding
Does it strike anyone else as odd that this would need to be done? Could this be an indication of ARP slamming, a trick to force a switch to transmit everything over all ports (like a hub) so a packet sniffer could be snatching bad things off the wire? Does any one know where to find the arp cache? Mine keeps telling me it needs flushed. Where is it? HELP Belinda mock [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: /usr/local/etc/rc.d files not running on reboot
My machine crashed last night and upon reboot not all the services that are executable in the /usr/local/etc/rc.d ran. Any clues how I can find out why this happened? snip This happened to me on 4.8 recently too. What it ended up being was the sendmail-client startup thing. I'd replaced sendmail w/ postfix, but for some reason, this sendmail-client thing still tried to run, and since I wasn't running sendmail, it just sat there forever. If I ctrl-c'd on the console, it would proceed to run all the startup scripts. I haven't used sendmail in years, but I think this was meant to clear the queue out. I'm not sure if there is a rc.conf entry to stop it (didn't look close enough, but sendmail_enable=NO didn't do it). I just commented the sendmail-client stuff out. Its been a while so I don't remember exactly where this stuff was, but you can probably find it. Once I did that, everything ran again. Cheers, Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Server rebooted at 3 a.m. and 7 a.m. for the past few days
Do you have any scripts that run at those times? If you run something like a database update or something that can crank some CPU cycles, you could be overheating the box, causing a reboot. Could happen all of a sudden if a fan decided to quit... Dmesg show any panics? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Magnus J Sent: Thursday, August 14, 2003 5:22 PM To: Steve Hovey Cc: [EMAIL PROTECTED] Subject: Re: Server rebooted at 3 a.m. and 7 a.m. for the past few days Hello Thanks for replying. /etc/crontab looks OK. This is how 'last' looks like (user1 is myself) user1 ttyp0zzz.12.28.40 Thu Aug 14 12:43 - 13:30 (00:46) user1 ttyp1zzz.12.28.40 Thu Aug 14 12:20 - 13:30 (01:09) user1 ttyp0zzz.12.28.40 Thu Aug 14 12:08 - 12:21 (00:12) user1 ttyp0zzz.12.27.12 Thu Aug 14 10:06 - 11:22 (01:15) user1 ttyp1zzz.12.28.52 Thu Aug 14 08:06 - 08:07 (00:00) user1 ttyp0zzz.12.28.52 Thu Aug 14 07:10 - 08:07 (00:56) reboot ~ Thu Aug 14 07:10 reboot ~ Thu Aug 14 03:09 reboot ~ Wed Aug 13 07:13 reboot ~ Wed Aug 13 03:09 reboot ~ Tue Aug 12 07:12 reboot ~ Tue Aug 12 03:09 reboot ~ Mon Aug 11 07:11 reboot ~ Mon Aug 11 03:09 reboot ~ Sun Aug 10 07:10 reboot ~ Sun Aug 10 03:08 reboot ~ Sat Aug 9 07:10 reboot ~ Sat Aug 9 04:22 reboot ~ Sat Aug 9 03:08 reboot ~ Fri Aug 8 07:10 reboot ~ Thu Aug 7 22:21 user1 ttyp4zzz.12.28.14 Mon Aug 4 22:39 - 22:40 (00:00) wtmp begins Mon Aug 4 22:39:55 CEST 2003 bash-2.05b# date Fri Aug 15 02:06:22 CEST 2003 bash-2.05b# Should I worry about these messages? Jul 16 14:06:47 magnus1 sshd[22292]: scanned from zzz.7.104.10 with SSH-1.0-SSH_ Version_Mapper. Don't panic. Jul 16 14:06:47 magnus1 sshd[22291]: Did not receive identification string from zzz.7.104.10 Jul 27 19:58:36 magnus1 sshd[1811]: scanned from zzz.18.53.102 with SSH-1.0-SSH_Ve Jul 27 19:58:36 magnus1 sshd[1811]: scanned from zzz.18.53.102 with SSH-1.0-SSH_Ve rsion_Mapper. Don't panic. Jul 27 19:58:36 magnus1 sshd[1810]: Did not receive identification string from zzz.18.53.102 Jul 28 07:00:07 magnus1 sshd[2568]: Did not receive identification string from zzz.155.91.132 Jul 29 05:59:55 magnus1 sshd[3798]: Did not receive identification string from zzz.235.37.77 Jul 30 10:53:55 magnus1 sshd[5285]: Did not receive identification string from zzz.111.110.6 Jul 30 10:56:51 magnus1 sshd[5289]: Did not receive identification string from zzz.111.110.6 Jul 30 12:51:46 magnus1 sshd[5365]: Did not receive identification string from zzz.212.236.18 Jul 31 02:57:59 magnus1 sshd[5935]: Did not receive identification string from zzz.30.187.2 Aug 4 08:15:11 magnus1 sshd[14242]: Did not receive identification string from zzz.246.43.167 Previously, I have had easily two months of uptime on this server. Regards Magnus --- Steve Hovey [EMAIL PROTECTED] skrev: I would start with your cron jobs On Thu, 14 Aug 2003, [iso-8859-1] Magnus J wrote: Hello everyone I'm not sure if I should have posted this to freebsd-security, but I start here. I'm out traveling, and finally got a chance to login to my server back home through SSH, which is running 4.8 and is protected by an IPFILTER firewall. Looking at /var/log/messages , the server has been mysteriously rebooted around 3 a.m. and 7 a.m. CET every day for the past few days. I have never seen this before. It doesn't look like hardware problem because it's not random and there are no messages about filesystems not being unmounted cleanly. Any ideas where I should start looking to see what's going on? Obviously I will try to monitor what's happening next time around 3 a.m. and 7 a.m., which processes are running, etc., but is there something special I should look out for? Unfortunately, I have not installed Tripwire. Best regards Magnus (not a member of this list) Yahoo! Mail - Gratis: 6 MB lagringsutrymme, spamfilter och virusscan. Se mer på http://se.mail.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL
RE: Server rebooted at 3 a.m. and 7 a.m. for the past few days
There are several system utils that'll stress the CPU/disk in the ports section. I'd try some of those to see if you can cause a reboot. If so, it might help diagnose... If you have a bad cpu fan, it doesn't take much to crash the box. I've seen this a lot in older dual p2/p3 box style cpus. The fan on the cpu who's less than a finger-width from the other CPU siezes up. The box will run fine under no load, but as soon as you put any kind of load on the box, it dies. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Magnus J Sent: Thursday, August 14, 2003 7:16 PM To: Luke Kearney Cc: [EMAIL PROTECTED] Subject: Re: Server rebooted at 3 a.m. and 7 a.m. for the past few days Hello Running /usr/local/etc/cvsup/update.sh manually caused the machine to reboot. Unfortunately, /var/log/cvsup.log doesn't provide any information about why. Any recommendation on what I should use to get more messages? Thanks Magnus --- Luke Kearney [EMAIL PROTECTED] skrev: - Original Message - From: Magnus J [EMAIL PROTECTED] To: Brent Wiese [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, August 15, 2003 10:44 AM Subject: RE: Server rebooted at 3 a.m. and 7 a.m. for the past few days Hello dmesg shows no panic, and nothing that consumes much CPU has been running since the first reboot. Around 3 a.m. the daily periodic runs (which is default) and around 7 a.m. cvsup runs. Thanks Magnus --- Brent Wiese [EMAIL PROTECTED] skrev: Do you have any scripts that run at those times? If you run something like a database update or something that can crank some CPU cycles, you could be overheating the box, causing a reboot. Could happen all of a sudden if a fan decided to quit... Dmesg show any panics? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Magnus J Sent: Thursday, August 14, 2003 5:22 PM To: Steve Hovey Cc: [EMAIL PROTECTED] Subject: Re: Server rebooted at 3 a.m. and 7 a.m. for the past few days Hello Thanks for replying. /etc/crontab looks OK. This is how 'last' looks like (user1 is myself) user1 ttyp0zzz.12.28.40 Thu Aug 14 12:43 - 13:30 (00:46) user1 ttyp1zzz.12.28.40 Thu Aug 14 12:20 - 13:30 (01:09) user1 ttyp0zzz.12.28.40 Thu Aug 14 12:08 - 12:21 (00:12) user1 ttyp0zzz.12.27.12 Thu Aug 14 10:06 - 11:22 (01:15) user1 ttyp1zzz.12.28.52 Thu Aug 14 08:06 - 08:07 (00:00) user1 ttyp0zzz.12.28.52 Thu Aug 14 07:10 - 08:07 (00:56) reboot ~ Thu Aug 14 07:10 reboot ~ Thu Aug 14 03:09 reboot ~ Wed Aug 13 07:13 reboot ~ Wed Aug 13 03:09 reboot ~ Tue Aug 12 07:12 reboot ~ Tue Aug 12 03:09 reboot ~ Mon Aug 11 07:11 reboot ~ Mon Aug 11 03:09 reboot ~ Sun Aug 10 07:10 reboot ~ Sun Aug 10 03:08 reboot ~ Sat Aug 9 07:10 reboot ~ Sat Aug 9 04:22 reboot ~ Sat Aug 9 03:08 reboot ~ Fri Aug 8 07:10 reboot ~ Thu Aug 7 22:21 user1 ttyp4zzz.12.28.14 Mon Aug 4 22:39 - 22:40 (00:00) wtmp begins Mon Aug 4 22:39:55 CEST 2003 bash-2.05b# date Fri Aug 15 02:06:22 CEST 2003 bash-2.05b# Should I worry about these messages? Jul 16 14:06:47 magnus1 sshd[22292]: scanned from zzz.7.104.10 with SSH-1.0-SSH_ Version_Mapper. Don't panic. Jul 16 14:06:47 magnus1 sshd[22291]: Did not receive identification string from zzz.7.104.10 Jul 27 19:58:36 magnus1 sshd[1811]: scanned from zzz.18.53.102 with SSH-1.0-SSH_Ve Jul 27 19:58:36 magnus1 sshd[1811]: scanned from zzz.18.53.102 with SSH-1.0-SSH_Ve rsion_Mapper. Don't panic. Jul 27 19:58:36 magnus1 sshd[1810]: Did not receive identification string from zzz.18.53.102 Jul 28 07:00:07 magnus1 sshd[2568]: Did not receive identification string from zzz.155.91.132 Jul 29 05:59:55 magnus1 sshd[3798]: Did not receive identification string from zzz.235.37.77 Jul 30 10:53:55 magnus1 sshd[5285]: Did not receive
RE: DMA limited to UDMA33, non-ATA66 cable or device
This will happen sometimes if the cable is reversed. There is one connector that should be labeled specifically for the motherboard (or is sometimes a different color). If a standard 3 connector cable, its the one by itself, vs the 2 that are spaced a few inches apart. Maybe people reverse the cable because of length problems (speaking from experience...). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ugo Bellavance Sent: Thursday, July 24, 2003 7:58 PM To: [EMAIL PROTECTED] Subject: DMA limited to UDMA33, non-ATA66 cable or device Hi, --System FreeBSD 4.8 release It is a kernel that I recompiled only to enable SMP. The same error comes with the generic stock generic Kernel. It is a dual Athlon MP 1800+ on a tyan MB. The Raid card is a TX-2000 with 2 Hot swap superswap enclosure. The only other IDE device, the cd-rom is on the IDE controller on the motherboard. The raid is a RAID1 with 2 Western Digital 80 Gb, 8 Mb cache, 7200rpm, each of them is ont a separate channel. I checked the cable and they are connected on the right side. I even tried to put them the other way around and I get the same error message. --Problem: FreeBSD only puts my drive in udma33 while the Motherboard, cables, enclosures and drives support udma100. I don't know if it is a bogus error, because I don't know how to test it (like hdparm in linux). --Other data: output from dmesg atapci1: Promise TX2 ATA133 controller port 0x1010-0x101f,0x1024-0x1027,0x1028-0x102f,0x1030-0x1033,0x1038-0x103f mem 0xf000-0xf000 irq 2 at device 8.0 on pci0 ad4: DMA limited to UDMA33, non-ATA66 cable or device ad6: DMA limited to UDMA33, non-ATA66 cable or device ar0: 1907348MB ATA RAID1 array [65535/255/63] status: READY subdisks: 0 READY ad4: 76319MB WDC WD800JB-00CRA1 [155061/16/63] at ata2-master UDMA33 ad4: SuperSwap enclosure [FAN:4218rpm TEMP:28.0C 5.022V 12.078V] 1 READY ad6: 76319MB WDC WD800JB-00CRA1 [155061/16/63] at ata3-master UDMA33 ad6: SuperSwap enclosure [FAN:4166rpm TEMP:28.0C 4.941V 11.895V] Jul 24 21:16:08 bibi /kernel: acd0: CDROM HL-DT-ST CD-ROM GCR-8520B at ata1-master PIO4 output of atacontrol list atacontrol list ATA channel 0: Master: no device present Slave: no device present ATA channel 1: Master: acd0 HL-DT-ST CD-ROM GCR-8520B/1.00 ATA/ATAPI rev 0 Slave: no device present ATA channel 2: Master: ad4 WDC WD800JB-00CRA1/17.07W17 ATA/ATAPI rev 5 Slave: no device present ATA channel 3: Master: ad6 WDC WD800JB-00CRA1/17.07W17 ATA/ATAPI rev 5 Slave: no device present Nothing interesting in /var/log/messages Other logs can be provided upon request. I just don't want to make the post too long. Thanks for your help. Ugo Bellavance __ Post your free ad now! http://personals.yahoo.ca ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd- questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: HSF modems
All the HSF modems I've seen are winmodems and to my knowledge, are unsupported in non-windows environments. But (hopefully) I'm wrong... Brent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of bsd_junkie Sent: Wednesday, July 30, 2003 2:09 PM To: [EMAIL PROTECTED] Subject: HSF modems I was trying to setup a computer W/freebsd-5.1 for a friend. After the install i noticed the modem a internal pci- HSF modem was not showing up. After doing some research on google it appears this is a issue and not a bug or misconfigured modem. Is the latter true and if it is and freebsd wont work with this modem, is there any *NIX that might work as we dont have the extra money currently to buy a external modem. Thanks for all the hard work on freebsd. sincerly, BSD_Junkie ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd- questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: IPSEC with Dynamic IP addresses
Does anyone know of any documentation on how to do this ? I have searched through google and I find lots of references to people saying, use certificates but beyond that I havent found any actual documentation on how to do it. You need to use aggressive mode. Check out this link (hopefully it'll work, if not, go to their knowledge base/network/vpn): http://www.snapgear.com/faqomatic/public_html/fom-serve/cache/89.html This is somewhat specific to snapgear, but since they're running freeswan on coldfire linux, it should be close enough to help. Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: VPN setup problem - proxy arp I think
Set gateway=YES in rc.conf and reboot. Then look into ipfw so you don't end up passing bogus traffic. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Koroush Saraf Sent: Monday, June 30, 2003 7:09 PM To: [EMAIL PROTECTED] Subject: VPN setup problem - proxy arp I think Hi all, I read the setup at http://www.blackh0le.net/articles/vpn-dun-howto.html to setup my VPN. However, I'm having a problem which I think is proxy-ARP not working. I like to ask you to see if you know what's going on. When I ping 10.77.1.1 from windows XP machine the packets get to the 10.77.1.1 machine, but they don't have a return path to get back. When I do ping the windows machine from 10.77.1.1 I get: ping: sendto: Host is down When I add static route to 10.77.1.1 the machines can talk to each other. (route add 10.77.1.50/32 10.77.1.2) But I don't think I need to setup a static route if Proxy ARP worked! I've included my config files in this email. Please note that the I get a message back saying [pptp1] no interface to proxy arp on for 10.77.1.50 could this be my problem? how can I fix it? Thanks very much, ~koroush = I network looks as follows Freebsd 4.6 IP 10.77.1.1/24 | | fxp0:10.77.1.2/24 Freebsd 4.8 (DELL2) (only 1 network card) ng0: 10.77.13 | | Windows XP machine with tunnel. 10.77.1.50 == Config files for Dell 2: DELL2# ifconfig -a fxp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 129.197.244.10 netmask 0xfff0 broadcast 129.197.244.15 inet 10.0.0.249 netmask 0xff00 broadcast 10.0.0.255 inet 10.77.1.2 netmask 0xff00 broadcast 10.77.1.255 inet 10.77.2.2 netmask 0xff00 broadcast 10.77.2.255 inet 10.77.3.2 netmask 0xff00 broadcast 10.77.3.255 inet 10.77.4.2 netmask 0xff00 broadcast 10.77.4.255 inet 10.77.5.2 netmask 0xff00 broadcast 10.77.5.255 ether 00:07:e9:87:ca:4f media: Ethernet autoselect (100baseTX full-duplex) status: active lp0: flags=8810POINTOPOINT,SIMPLEX,MULTICAST mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00 lo1: flags=8008LOOPBACK,MULTICAST mtu 16384 ppp0: flags=8010POINTOPOINT,MULTICAST mtu 1500 sl0: flags=c010POINTOPOINT,LINK2,MULTICAST mtu 552 faith0: flags=8002BROADCAST,MULTICAST mtu 1500 ng0: flags=88d1UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST mtu 1256 inet 10.77.1.2 -- 10.77.1.50 netmask 0x ng1: flags=8890POINTOPOINT,NOARP,SIMPLEX,MULTICAST mtu 1500 ng2: flags=8890POINTOPOINT,NOARP,SIMPLEX,MULTICAST mtu 1500 ng3: flags=8890POINTOPOINT,NOARP,SIMPLEX,MULTICAST mtu 1500 ng4: flags=8890POINTOPOINT,NOARP,SIMPLEX,MULTICAST mtu 1500 === DELL2# pwd /usr/local/etc/mpd DELL2# cat mpd.conf default: load client1 load client2 load client3 load client4 load client5 pptp_common_settings: set link type pptp set pptp enable incoming set pptp disable originate set iface disable on-demand set iface enable proxy-arp # set iface idle 1800 set bundle enable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap # set link keep-alive 10 60 set link mtu 1260 set ipcp yes vjcomp # set ipcp ranges 10.77.1.1/32 10.77.1.50/32 # set ipcp dns 10.77.1.1 # set ipcp nbns 10.77.1.1 set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 # set ccp yes mpp-e128 set ccp yes mpp-stateless client1: new -i ng0 pptp1 pptp1 set ipcp range 10.77.1.2/24 10.77.1.50/24 load pptp_common_settings client2: new -i ng1 pptp2 pptp2 set ipcp range 10.77.2.2/32 10.77.2.50/32 load pptp_common_settings client3: new -i ng2 pptp3 pptp3 set ipcp range 10.77.3.3/32 10.77.3.50/32 load pptp_common_settings client4: new -i ng3 pptp4 pptp4 set ipcp range 10.77.4.3/32 10.77.4.50/32 load pptp_common_settings client5: new -i ng4 pptp5 pptp5 set ipcp range 10.77.5.3/32 10.77.5.50/32 load pptp_common_settings DELL2# = DELL2# cat mpd.secret demo1 demo1 10.77.1.50/24 demo2 demo2 10.77.2.50/24 demo3 demo3 10.77.3.50/24 demo4 demo4 10.77.4.50/24 demo5 demo5 10.77.5.50/24 RUN TIME DELL2# mdp default mdp: Command not found. DELL2# mpd default Multi-link PPP for FreeBSD, by Archie L. Cobbs. Based on iij-ppp, by Toshiharu OHNO. mpd: pid 281, version 3.13 ([EMAIL PROTECTED] 09:44 23-Jun-2003) [pptp1] ppp node is mpd281-pptp1 mpd: local IP address for PPTP is 129.197.244.10 [pptp1]
RE: NAT and MTU
In the last episode (Jul 08), Brent Wiese said: I have a machine that is being double-NAT'd. Would it make sense to set the MTU lower to account for the NAT overhead? It makes sense to me as I know MTU, but I like to check in case my thinking isn't right. :) There is no overhead; all NAT does is rewrite IP addresses in the header (and in some data packets of certain protocols like FTP). It adds no extra data. I never messed w/ NAT enough to have learned this. There's always something to learn! Thanks to all who responded. Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NAT and MTU
I have a machine that is being double-NAT'd. Would it make sense to set the MTU lower to account for the NAT overhead? It makes sense to me as I know MTU, but I like to check in case my thinking isn't right. :) Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Startup scripts not running on 4.8
I have never had this issue before in all the years I've ran freebsd. I have a relatively new install of 4.8 (my only 4.8 box). When I reboot the box, none of the scripts in /usr/local/etc/rc.d are being run, nor are the things in /etc/rc.local. I've checked the /etc/defaults/rc.conf and see that local_startup includes that dir and none of my scripts have spaces in the name, so the script_name_sep is fine. The box is in a remote datacenter so I'm unable to look at the console right now. Message log and dmesg are giving no clues as to whats happening. I checked perms on the files/dirs and they appear to be fine. I haven't really messed with the box much since the initial install, so everything should be set to the default. Running the scripts manually works fine. Other rc.* files seem to run fine (sshd and postfix start fine). Any ideas? Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Creating a IPSec tunnel between a Windows machine and a machinerunning FreeBSD
The topology is as fallows: Node A - Internet -- Node B - Internal net B where node A's external address is 111.111.11.111 node B's internal address is 12.3.4.567 external address is 222.222.222.2 Node A is running windows 2000 and I am using PGPnet to make a tunnel to Node B which is running FreeBSD and I am using racoon on that machine. The tunnel has to be working for all traffic. I am not sure, but I think that Node B is not set up as gateway/router. It is very important that the connection is set up as a tunnel and not as a transporter. I greatly appreciate your help. Sincerely First, don't use PGPnet, use Win2k's built in IPSEC stuff. To get to it, do a start/run, mmc, then file, add/remove snap-in, add. Ipsec security policies (choose local computer), close. Add a new policy and create the 2 tunnels. The wizards are actually confusing so I don't use them. The key is to uncheck the mirror rule. It doesn't work because of how you have to specify the tunnel end points. You'll also need to enable Routing and Remote Access (RRAS). Make sure you set up the filters to only allow the tunnel traffic (security thing). After you get that set up (start/run/ipsecmon is useful) racoon is pretty easy. You'll probably need to enable_gateway=YES in your rc.conf. If you do that, you'd be wise to set up ip filtering to keep out rogue traffic. I can't remember now if that option is actually needed for ipsec tunnels. I know it is for MPD using pptp. Also, don't set up the gif() stuff that you see in all the FAQ's. You only need racoon. If these 2 boxes aren't your default routers for the internal lans, then you'll need to add routes to the hosts. Do not set up routes on the 2 gateway boxes, the tunnels will forward the traffic. Ping in w2k is mostly stupid. You cannot set which NIC it sources from, so you will not be able to ping thru the tunnel from the w2k gateway. Drive shares and such will work. You can ping from hosts thru the tunnel though, so use that to test. Here is a big thing that I do not believe I've seen in the FAQ's: you need to lower the MTU of the w2k inside NIC and all the NICs of the hosts using the tunnel. W2k does not correctly negotiate MTU, even w/ the reg entry that is supposed to do it set. You need to add DWORD MTU to hkey_local_machine\system\currentcontrolset\services\tcpip\parameters\interf aces and find the correct interface in that list of GUIDs. Use ping from a host keep upping the packet size until you find the one that doesn't work, then lower it. It'll probably be somewhere around 1420 to account for the ipsec overhead. After creating that MTU entry, you'll need to reboot. Good luck. You can probably tell this took an extreme amount of time to figure out. Maybe one day I'll write my own FAQ... Hahaha! Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Creating a IPSec tunnel between a Windows machine and a machinerunning FreeBSD
The topology is as fallows: Node A - Internet -- Node B - Internal net B where node A's external address is 111.111.11.111 node B's internal address is 12.3.4.567 external address is 222.222.222.2 Node A is running windows 2000 and I am using PGPnet to make a tunnel to Node B which is running FreeBSD and I am using racoon on that machine. The tunnel has to be working for all traffic. I am not sure, but I think that Node B is not set up as gateway/router. It is very important that the connection is set up as a tunnel and not as a transporter. I greatly appreciate your help. Sincerely First, don't use PGPnet, use Win2k's built in IPSEC stuff. To get to it, do a start/run, mmc, then file, add/remove snap-in, add. Ipsec security policies (choose local computer), close. Add a new policy and create the 2 tunnels. The wizards are actually confusing so I don't use them. The key is to uncheck the mirror rule. It doesn't work because of how you have to specify the tunnel end points. You'll also need to enable Routing and Remote Access (RRAS). Make sure you set up the filters to only allow the tunnel traffic (security thing). After you get that set up (start/run/ipsecmon is useful) racoon is pretty easy. You'll probably need to enable_gateway=YES in your rc.conf. If you do that, you'd be wise to set up ip filtering to keep out rogue traffic. I can't remember now if that option is actually needed for ipsec tunnels. I know it is for MPD using pptp. Also, don't set up the gif() stuff that you see in all the FAQ's. You only need racoon. If these 2 boxes aren't your default routers for the internal lans, then you'll need to add routes to the hosts. Do not set up routes on the 2 gateway boxes, the tunnels will forward the traffic. Ping in w2k is mostly stupid. You cannot set which NIC it sources from, so you will not be able to ping thru the tunnel from the w2k gateway. Drive shares and such will work. You can ping from hosts thru the tunnel though, so use that to test. Here is a big thing that I do not believe I've seen in the FAQ's: you need to lower the MTU of the w2k inside NIC and all the NICs of the hosts using the tunnel. W2k does not correctly negotiate MTU, even w/ the reg entry that is supposed to do it set. You need to add DWORD MTU to hkey_local_machine\system\currentcontrolset\services\tcpip\parameters\interf aces and find the correct interface in that list of GUIDs. Use ping from a host keep upping the packet size until you find the one that doesn't work, then lower it. It'll probably be somewhere around 1420 to account for the ipsec overhead. After creating that MTU entry, you'll need to reboot. Good luck. You can probably tell this took an extreme amount of time to figure out. Maybe one day I'll write my own FAQ... Hahaha! Now that is all said and done, if what you're trying to do is give that single w2k box access to the internal lan behind the freebsd box, you'd be better using MPD on the unix box which supports MS's PPTP protocol. That is much easier on the w2k box to set up. It sets up as a dial connection like a modem. Its also much easier to use if the w2k box has a dynamic ip (road warrior setup). Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: VPN from one Win2k host to a FreeBSD network?
Allow me to ask this once again also then. In my situation, I have my FreeBSD box here at home. Periodically I need to VPN into my work. Here is the layout: FreeBSD (home via DSL) --- (Inet) --- (Cisco PIX) --- (Work net) IP via DSLOutside IP/Inside IP I could be talking totally out of my *** here because I don't use PIX's, but I seem to recall newer versions of the PIX software supporting MS's PPTP. If that truly is the case, then MPD should work fine since it can be both a client and a server. This is why, for most offices, I recommend using Snapgear.com products. They're great for offices using T3 or less, have all the firewalling you want and no-per-user-license-fee ipsec and pptp support (although # of tunnels are limited, but that's more a hardware-limitation thing). And they're cheap as heck. If you're paid anything decent, the time it'll take you to get this figured out will have paid for a Snapgear box twice over. :) Good luck! Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: very slow NIC
This sounds like an auto-sense problem. If you're hooked up to a hub, 10 half is the best you'll get. If it's a switch, it may be setting itself full-duplex. If its not a managed switch (you can't tell it what the ports should set themselves to), you can try changing the settings on the card (man ifconfig), but more than likely you're stuck. However, its odd its 1 direction... You may just have a bad cable. Try swapping it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TOPCAT CONSULTING Sent: Tuesday, June 10, 2003 5:10 PM To: [EMAIL PROTECTED] Subject: very slow NIC I have an ethernet card that just doesn't seem to be performing well in both directions (in and out)when I access this NIC from another machine on the LAN, file transfer is extremely fast, but when I use this machine to access another machine on the LAN, I can barely get 10 kb/sec out of it! Anyway dmesg.boot reports the card as: rl0: RealTek 8139 10/100BaseTX rev 0x10 int a irq 9 on pci0.13.0 rl0: Ethernet address: 00:20:18:88:96:47 rl0: autoneg complete, link status good (half-duplex, 10Mbps) So, is full-duplexing not turned on or something? How do I turn full-duplexing on? Or maybe that's not the problem? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd- questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: VPN from one Win2k host to a FreeBSD network?
Use MPD (its in the ports) for PPTP support, which is built into w2k. On the user side, its friendly to set up because it presents the user w/ a modem-type setup where you dial a vpn box. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Kelly Sent: Friday, May 30, 2003 9:03 AM To: [EMAIL PROTECTED] Subject: VPN from one Win2k host to a FreeBSD network? This has been covered many times before, I'm sure, just I just can't find it now I have need. A consultant with one Win2k system behind a home-office NAT firewall needs to speak Microsoft protocols to an NT4 server inside my FreeBSD NAT firewall. Also connect to the Oracle database. I currently have an IPsec VPN to yet another site with an identical FreeBSD firewall as I have here. Microsoft protocols flow over that link as well. The fact her remote Win2k system is already behind NAT suggests to me using Win2k built-in IPsec isn't going to work with racoon? She can ssh to my FreeBSD system. I have not disabled sshd port forwarding. An attractive low threshold of pain might be to use PuTTY on Win2k and port forward to here. Research suggests she would have to disable filesharing, or possibly remove that module, in order to free ports 137-139 so this would work. Might work but isn't low threshold of pain. Simple ssh port forwarding should work fine for Oracle. Next thought would be to tunnel PPP thru SSH. Have found plenty of examples of how to do this Unix to Unix but not from inferior OS's. Yet another thought was to use PPPoE. Win2k should have a PPPoE client. Is there a tool on FreeBSD to receive such connections? Would it appear on the Win2k system as another network interface or would it be her sole interface while it is up? Encryption for PPPoE? -- David Kelly N4HHE, [EMAIL PROTECTED] = The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd- questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: FreeBSD 4.8 running on Dell 1655MC Blade Server
I can't answer your question directly, but you may want to check out RLX... Much higher density (300ex model): http://www.rlx.com/ I know they're approved for Linux, but maybe they'll approve a FreeBSD image for you. Their support seems to be pretty responsive. Brent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Williams Sent: Friday, May 23, 2003 1:16 AM To: [EMAIL PROTECTED] Subject: FreeBSD 4.8 running on Dell 1655MC Blade Server Hi, We are thinking of purchasing a couple of Dell 1655MC Blade servers to replace a number of web servers. Can anyone confirm that FreeBSD 4.8 is compatible with this kit? Dell cannot confirm that it will work with FreeBSD. Any info on this would be appreciated. Cheers, Tim Williams ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd- questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Mod_perl nightmares
I have to believe I'm overlooking something simple here, but I'm pulling my hair out over this... I am running 4.5. I have the latest ports list. I have installed apache 1.3.27, mod_ssl, mod_php 4.3.1 and mod_perl 1.27. Previously, it was running the same, minus mod_perl. Php is fine. I can still happily access my mysql dbs and have fun with php. However, I cannot get a perl prog to run to save my life. I don't get any errors with this in my httpd.conf: LoadModule perl_modulelibexec/apache/libperl.so AddModule mod_perl.c I tried the most basic httpd.conf additions from http://perl.apache.org. When I hit the perl cgi w/ my browser, I get asked to download it. The logs show a 200 success code. Execute perms are on the script. All it does is the basic hello world stuff. Here is what I added to httpd.conf, first in the specific virtualhost I wanted to test this on, then globally, both producing the same results (this is nearly word-for-word from the mod_perl site): Alias /perl/ /usr/local/www/data/maint/perl/ PerlModule Apache::Registry Location /perl/ SetHandler perl-script PerlHandler Apache::Registry Options +ExecCGI PerlSendHeader On allow from all /Location If I insert: PerlModule Apache::DBI Which is ultimately what I need, even an apachectl configtest core dumps. I installed Apache::DBI from CPAN. I suspect if/when I fix the first problem, this one will work too, or at least be more obvious. Any ideas? Any more info I can provide? Thanks Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Three Terabyte
~ On 27-Mar-2003, Francisco J Reyes wrote message Re: Three Terabyte ~ Highly recommend you go with Raid 10 and not 5. I 2nd that. Raid 5 offers very very POOR performance. While it sucks up the most diskspace, Raid 10 is maximum performance and great fault tolerance. For an i/o intensive service like a mail server or something, raid 5 will eventually cause your server to get crushed over time as the number of users increases. The you're forced to convert to raid 10. We learnt this the hard way. ;) Normally, I'd also agree with this. However, a friend of mine built a NAS using the 3ware card and 11 200gb WD drives in a RAID5 config and can sustain 85mbit/s *write* (the test was several hours long). I suspect it would do even more with a gig-E card. Of course, that test would be fairly meaningless when you're doing something like a mail spool, but it proves the application should drive the method. Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Moving Disks to new PC Machines
Joseph Maxwell wrote: Hello, I need to move my system ( actually 2 hard disk) to another machine w/ different MotherBoard and CPU. The disks have been configured as a bootablesyetm disk and the other data storage. How can I reconfigure to achieve this with the minimum amount of perturbation. While the disks are in the old machine, verify that your current kernel has compiled-in support for all the devices needed on the new machine. If necessary, make a new kernel. Then move the disks to the new machine and you're ready to go. An easier option is just copy the generic kernel back into place... Or just specify it at boot. That way, if you're not sure of what devices you'll need, you can verify using dmesg. You did keep a copy of it around for emergencies, right? :) Brent To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Upgrading mobos...raid 1 to no raid?
It depends on the RAID chip. I believe (don't quote me on this tho) that the Promise raid chips in mirroring mode uses a master drive, then mirrors that to the secondary drive as it can (I'm sure using some complicated methodolgy). In theory, you should just be able to use the regular wd driver and let the system boot up, assuming you didn't pull that from your kernel... Of course, the best thing to do is to backup the drive first before attempting. There are lots of new boards out there that have the raid chips on them. Why not stick to one of those? They're not much pricier and the convenience of mirroring when a drive dies is so nice... :) Just make sure its the same chip... Promise and Highpoint are the 2 most common and they don't mix. I had a stripe on a promise and moved it to a highpoint (figuring I'd have to break and rebuild it). The highpoint claimed to recognize it and the o/s saw the stripe, but everything was corrupted on disk checks and such, so don't let it fool you! brent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Zach Thompson Sent: Tuesday, March 25, 2003 7:10 AM To: [EMAIL PROTECTED] Subject: Re: Upgrading mobos...raid 1 to no raid? On Tue, 2003-03-25 at 06:55, Zach Thompson wrote: Also, when and how should I change the mount points for the file systems, e.g. via an install cd, before I switch mobos, etc.? Sorry, really meant the device as this is what will be changing. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: FW: Retrieving web based mail?
The company I worked for is in the process of being merged. Lot's of fun :-( In any case one of the results of this is a huge problem for me in mail retrieval. I use a freeBSD laptop as my primary machine. I had been using fetchmail to retrieve my email, and passing the mail on to sendmail on the local machine. The new powers that be have decided to turn of the POP2 server. There suggested alternative is a miserable web based mail access (Lotus Notes, I think, if it matters). Now, I was wondering if someone had cobbled together something (perl script), to essentially screen scrape email of w web interface? I am hoping to replace the fetchmail part of my setup with something. Suggestions? If you're able to get a copy of the webmail pages, you may be able to decipher the calls that log you in/present your new mail/etc. Then, just build a perl script to connect to the web server and run the relevant commands and parse the results as you see fit. Lotus Notes also has a stand-alone client. Not sure what protocol it uses, but maybe they have it enabled and you can find something that will interface with it. Like maybe it uses IMAP or something. Lotus is known for its abilty to replicate (techies, of course, would use the more accurate term synch), so there is probably a way to interface with that... Never know, if you come up w/ something good enough, you could submit it to the ports and help the other poor people that are subjected to Notes use... Brent To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Freebsd - restarting itself - followup
Right now I have the exact same thing happening to one machine. It is located offsite (naturally) and about 10 days ago it had a random shutdown (did not come back up) followed by a random reboot a couple days later. It had been running 50-60 days previous. The shutdown occurred just after business hours, the reboot at about 4am. I now have the machine emailing me at specific intervals to try to narrow things down. I have a couple ideas for the both of us. One is that maybe the machine is plugged into a faulty power line, something that is borking the current enough to cause reboots. Another is that maybe the PSU is dying prematurely (3mos old for me). I wish us both good luck. -Derrick Almost certainly heat related. Even really good cpu/ps fans in a clean environment will only last a year or so running 24/7. Most just weren't built with this kind of use in mind. I made a habit of checking fans yearly and replacing as needed. However, I've never had box shutdown, only reboot. Did it really shut down, or was it maybe hung on boot wanting a manual fsck or something? If it actually shutdown, and you're not connected to a ups running a shutdown daemon, I would suspect someone did it accidentally or intentionally... Maybe something like kill 1? :) I was also never a power supply snob in the past, but I can honestly say now that I will not buy generic p/s anymore. I went thru 2 generic p/s on my home machine before buying the nice $100 antec... I haven't had any problems since... No lockups/reboots/etc. It definitely turned my thinking around. Brent To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: ipsec and gre tunnels
It's a common mistake to do both gif and ipsec. I realize many of the handbooks you find say to do it. They're wrong. They've been contacted and most won't change them, which just misleads more people. Use ipsec in tunnel mode instead of transport and ditch gif. Hi, I currently have a vpn setup between a few lans using freebsd, ipsec and gif tunnels It all works perfectly. However I noticed that a new pseudo device for gre tunnels. As the overhead it supposed to be less for this type of tunnel I decided to test things out. I cvs and made world and kernel on the two test machines. No problems here. I tested original tunnels, all working ok and racoon was doing key exchange no problems. I setup the test gre tunnel with the following syntax /sbin/ifconfig gre0 create tunnel hostA hostB /sbin/ifconfig gre0 192.168.250.34 192.168.250.33 netmask 255.255.255.252 /sbin/route add 192.168.250.33/30 -interface gre0 /sbin/ifconfig gre0 up Cool the tunnel is up and seems to work ok. Now I implement the following ipsec policy which is just an extension of what I was using before for the gif tunnels spdadd 0.0.0.0/0 0.0.0.0/0 4 -P out ipsec esp/transport//require; spdadd 0.0.0.0/0 0.0.0.0/0 4 -P in ipsec esp/transport//require; # these 2 rules are so i can connect to my ethernet dsl modem # without the traffic getting encrypted, which is bad spdadd 10.0.0.0/24 10.0.0.0/24 gre -P out none ; spdadd 10.0.0.0/24 10.0.0.0/24 gre -P in none ; spdadd 0.0.0.0/0 0.0.0.0/0 gre -P out ipsec esp/transport//require; spdadd 0.0.0.0/0 0.0.0.0/0 gre -P in ipsec esp/transport//require; Hmm, now the tunnel doesn't work. Key exchange seems to be ok as the gif tunnel is still working. Does anyone have any idea why the tunnel should stop working? The man page for setkey as a mysterious reference under the upperspec description We have many protocols in /etc/protocols, but protocols except of TCP, UDP and ICMP may not be suitable to use with IPsec. You have to consider and be care- ful to use them. icmp tcp udp all protocols Could gre be one of these protocols and if so why? root on gateway# ifconfig gre0 gre0: flags=9051UP,POINTOPOINT,RUNNING,LINK0,MULTICAST mtu 1476 tunnel inet hostB -- hostA inet 192.168.250.34 -- 192.168.250.33 netmask 0xfffc root on gateway# ifconfig gif0 gif0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1280 tunnel inet hostB -- hostA inet 192.168.250.1 -- 192.168.250.2 netmask 0xfffc root on gateway# ping 192.168.250.33 PING 192.168.250.33 (192.168.250.33): 56 data bytes ^C --- 192.168.250.33 ping statistics --- 6 packets transmitted, 0 packets received, 100% packet loss root on gateway# ping 192.168.250.1 PING 192.168.250.1 (192.168.250.1): 56 data bytes ^C --- 192.168.250.1 ping statistics --- 5 packets transmitted, 0 packets received, 100% packet loss root on gateway# ping 192.168.250.2 PING 192.168.250.2 (192.168.250.2): 56 data bytes 64 bytes from 192.168.250.2: icmp_seq=0 ttl=64 time=37.682 ms 64 bytes from 192.168.250.2: icmp_seq=1 ttl=64 time=37.543 ms 64 bytes from 192.168.250.2: icmp_seq=2 ttl=64 time=37.981 ms 64 bytes from 192.168.250.2: icmp_seq=3 ttl=64 time=37.159 ms ^C --- 192.168.250.2 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max/stddev = 37.159/37.591/37.981/0.296 ms root on gateway# setkey -DP 0.0.0.0/0[any] 0.0.0.0/0[any] ip4 in ipsec esp/transport//require spid=1004 seq=5 pid=75744 refcnt=1 10.0.0.0/24[any] 10.0.0.0/24[any] gre in none spid=1006 seq=4 pid=75744 refcnt=1 0.0.0.0/0[any] 0.0.0.0/0[any] gre in ipsec esp/transport//require spid=1008 seq=3 pid=75744 refcnt=1 0.0.0.0/0[any] 0.0.0.0/0[any] ip4 out ipsec esp/transport//require spid=1003 seq=2 pid=75744 refcnt=1 10.0.0.0/24[any] 10.0.0.0/24[any] gre out none spid=1005 seq=1 pid=75744 refcnt=1 0.0.0.0/0[any] 0.0.0.0/0[any] gre out ipsec esp/transport//require spid=1007 seq=0 pid=75744 refcnt=1 root on gateway# setkey -D hostB hostA esp mode=transport spi=226290556(0x0d7ceb7c) reqid=0(0x) E: 3des-cbc 9ef25cfa f136ecac e6548771 b6675ea5 2427613a d8079969 A: hmac-sha1 fe01a845 3c3288ae 329bdd2e bff2bdb8 19224348 seq=0x replay=4 flags=0x state=mature created: Mar 5 12:14:01 2003 current: Mar 5 12:14:02 2003 diff: 1(s) hard: 30(s) soft: 24(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0hard: 0 soft: 0 sadb_seq=3 pid=75781 refcnt=1 hostB hostA esp
RE: Dmesg filled with arp: link address is broadcast for IP address
arp: link address is broadcast for IP address 10.6.8.22! arp: link address is broadcast for IP address 10.6.8.22! arp: link address is broadcast for IP address 10.6.8.22! arp: link address is broadcast for IP address 10.6.8.22! Then I put the suspect host on to DHCP on reboot I got this in dmesg: - arp: link address is broadcast for IP address 169.254.14.80! Sounds like the IP address on your unix box is an IP that falls on a subnet boundry. IE: 10.6.8.31 mask 255.255.255.224 Brent To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Bizarre Networking Problem
Well the problem is solved, but I am not happy about the solution as it makes absolutely no sense to me. xl0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 options=3rxcsum,txcsum inet 192.246.38.10 netmask 0xff00 broadcast 255.255.255.0 inet 208.23.240.10 netmask 0xff00 broadcast 208.23.240.255 ether 00:04:75:b0:24:12 media: Ethernet autoselect (100baseTX full-duplex) status: active Your nic is set autosense. While probably not the only culprit, if you can manage your 3com switch, hard set the port and your NIC to 100 full duplex. It may not solve the problem, but its one more variable eliminated. I was running a HP 4000M and all the machines set auto. I did a code upgrade on the switch and all of sudden performance went in the gutter because, for some reason, autosense broke. Once I hard set 100fd on everything, performance was once again stellar. The broadcast for 192.246.38.10 is wrong too. You shouldn't have to run in promiscous mode to solve this... Doing so is going to kill your CPU when traffic gets high. Brent To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
5.0 SMP
Anyone using 5.0 on a multi-processor system? Later 4.X versions seemed to be pretty stable but haven't seen anything about 5.0. I have a chance to replace a very high load single proc server doing a lot of PHP crunching with a dual p3 550 and wondering if that's a smarter move than getting a newer p3 1ghz+. Its definitely cheaper since I already own the dual-proc... Brent To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
is this a gif() problem or something else
I am running an ipsec tunnel (gif/racoon) between an Alpha Freebsd box and a win2k box. I actually have several tunnels and they all set up and work. The key to this particular tunnel is that the servers are only a few hops away on a 100mb uplink. While transferring a large file (approx 900 mb), I'm seeing about 75mb/s, which is great. However, about 75-80% of the way thru, the alpha reboots and this error is logged in dmesg: fatal kernel trap: trap entry = 0x2 (memory management fault) a0 = 0x1c795105b6a647 a1 = 0x1 a2 = 0x0 pc = 0xfc4adec0 ra = 0xfc4a5b1c curproc= 0 panic: trap syncing disks... fatal kernel trap: trap entry = 0x2 (memory management fault) a0 = 0x58 a1 = 0x1 a2 = 0x0 pc = 0xfc5c4c84 ra = 0xfc5cbcc8 curproc= 0 I watched the load manually during the xfer and it never peaked over .81 that I saw. I'm suspecting this is either a problem w/ the gif() code (maybe specific to alpha build), a heat problem or a bad stick of RAM? Was curious if this rang any bells. I'd hate to spend a ton of time chasing down false leads if someone else has already been through this. Thanks, Brent To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: PPP
Hi all, I have a question related to PPP. I have a FreeBSD -STABLE box set up as a gateway to a dial up account with Internode. I have also 2 Windows boxes with the default gateway set to the FreeBSD box. Question: Is there anyway to set up an Icon on a Windows box that will dial up the modem that's hanging off of the FreeBSD gateway. [ssh'ing in and running ppp manually is to much of an ask for people that want to use a computer to actually do work ;-)]. Has anyone done this before. clip I'm going to venture a guess that you want a dial-on-demand setup. Look at mpd (/usr/ports/net/mpd). Current version is 3.9. Should do what you want. Brent To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Proxy-arp not working right
I finally figured this out and and answered my own question. Wanted to post the findings to the list so if anyone else goes through what I did, it'll come up on archive site searches. I didn't have gateway_enable=yes in rc.conf. Yes, it was that simple. When I installed the box, I answered no to that question because it was simply a web server. Added the line, rebooted, and voilla! It passes packets between interfaces fine now! Brent -Original Message- From: [EMAIL PROTECTED] [mailto:owner-freebsd-questions;FreeBSD.ORG] On Behalf Of Brent Wiese Sent: Tuesday, October 15, 2002 1:56 PM To: [EMAIL PROTECTED] Subject: Proxy-arp not working right I have a 4.5 box w/ the GENERIC kernel loaded. I've installed mpd and can connect via pptp from a win2k box. I can see that mpd adds the proxyarp ip entry, however, other machines on the same subnet can't ping the IP and the win2k box can't ping them. The FreeBSD box and win2k box ping each other fine. I can see the arp entry using arp -a: ? (192.168.187.150) at 0:90:27:88:62:dc on fxp0 permanent published (proxy only) [ethernet] I can also see the arp entry in my router, but the router cannot ping it. I've confirmed it is the correct MAC. I used the exact same account on the win2k box to pptp to a snapgear vpn box (it runs poptop) and it worked fine, so I believe everything is correct on the win2k side. Am I missing something? Any more info I can provide? Brent To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Proxy-arp not working right
I have a 4.5 box w/ the GENERIC kernel loaded. I've installed mpd and can connect via pptp from a win2k box. I can see that mpd adds the proxyarp ip entry, however, other machines on the same subnet can't ping the IP and the win2k box can't ping them. The FreeBSD box and win2k box ping each other fine. I can see the arp entry using arp -a: ? (192.168.187.150) at 0:90:27:88:62:dc on fxp0 permanent published (proxy only) [ethernet] I can also see the arp entry in my router, but the router cannot ping it. I've confirmed it is the correct MAC. I used the exact same account on the win2k box to pptp to a snapgear vpn box (it runs poptop) and it worked fine, so I believe everything is correct on the win2k side. Am I missing something? Any more info I can provide? Brent To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Mpd on a DEC alpha
I am trying to connect 2 networks via pptp using mpd. I have confirmed my files are set up correct because I can connect 2 Intel Freebsd boxes successfully. However, when trying to connect an alpha to the Intel, it fails. I get tons of these messages: pid 50112 (mpd): unaligned access: va=0x12005c175 pc=0x12002ecb8 ra=0x12002ec68 op=stq It eventually says its using the ng0 interface. I'm running 4.5 for alpha, the GENERIC kernel. Any ideas? Any more info I can provide that may help? And to answer the inevitable question - yes, I have to use PPTP in this particular instance. Thanks, Brent To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message