if_bridge and ipfw
I can't seem to grasp why this is working differently.
FreeBSD 6.2 using ipfw + if_bridge
LAN -- em1(if_bridge + ipfw)em0 -- internet
so I am at 10.10.16.6 and try to ping say www.yahoo.com
in ruleset:
1100 allow icmp from any to 10.10.16.0/27{1-10,13,14,19,22,23} icmptypes
0,3,11,12,13,14
2100 allow ip from 10.10.16.0/27 to any in via em1
gets dropped by following rule as shown in logs:
4700 deny log ip from any to any
Log entry: ipfw: 4700 Deny ICMP:8.0 10.10.16.6 69.147.114.210 out via em0
If I add this rule all works great:
2101 allow icmp from 10.10.16.6 to any icmptypes 8
My confusion is shouldn't the icmp be allowed in rule 2100? Or is it with
if_bridge I have to make a rule for
both interfaces.
The rule 2100 allow ip from 10.10.16.0/27 to any in via em1 allowed the icmp
passage,
out of em0 through the bridge in 6.2 using bridge(4).
This entire ruleset is the same with if_bridge as has been working with
bridge(4).
I just moved to if_bridge since the bridge(4) is obsolete.
Thanks for your help.
dave
Get the Yahoo! toolbar and be alerted to new email wherever you're surfing.
http://new.toolbar.yahoo.com/toolbar/features/mail/index.php
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sendmail + spamassassin
--- dick hoogendijk [EMAIL PROTECTED] wrote: What is the best way to integrate spamassasin with sendmail? MIMEDefang? -- I use XamimeLT used with sendmail, clamav and spamassassin. My mail server isn't very busy, about 2000 messages a day pass(or attempt to) through it and I haven't had a problem with it. It's no longer a port(used to be called inflex). But the install is relatively easy. XamimeLT's web site is http://pldaniels.com/xamimelt/. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can't Upgrade Python Through Ports
--- Ted Johnson [EMAIL PROTECTED] wrote: Hi; I have python 2.3.5 and I'd like to upgrade to 2.4.3. I've tried installing from FreeBSD ports and the oldfashioned way from source code, with the configure make make install dance, and still when I call up my python interpreter it tells me I'm in 2.3.5! Why? I didn't do altinstall! What gives? TIA, Ted2 Where is the 2.3.5 version installed? Perhaps it is installed in a directory earlier in your PATH than the 2.4.3 versions directory(/usr/local/bin/). __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Indiana goes to DST
--- DAve [EMAIL PROTECTED] wrote: Chuck Swiger wrote: DAve wrote: Not ever having had to configure DST before, any advice on a work around since most OSes provide no DST for my timezone? You underestimate the true power of this operating system. :-) Nah, I underestimated the power of our state legislature 8^o Either change the /etc/localtime symlink to point to the right timezone file, or run /stand/sysinstall, choose Configure for post-install config, select Time Zone, and you'll end up being prompted with these choices: x x 1 Eastern Time x x 2 Eastern Time - Michigan - most locations x x 3 Eastern Time - Kentucky - Louisville area x x 4 Eastern Time - Kentucky - Wayne County x x 5 Eastern Standard Time - Indiana - most locations x x 6 Eastern Standard Time - Indiana - Crawford County x x 7 Eastern Standard Time - Indiana - Starke County x x 8 Eastern Standard Time - Indiana - Switzerland County ...which will do the same thing. Selections 5 through 8 will no longer be valid in April. The list of counties changed. More counties than #6, #7, #8 are going to Central TZ, one county is going with Commerce Time, and item #5 (most locations) is switching to DST. So I must setup DST manually, or select to #1. I think. Take a look at /usr/src/share/zoneinfo/northamerica, particularly for Indianapolis. It looks like, at least on a 6-Stable system(March 7), that if you use the Indianapolis choice you will get the DST change. It(the 6-stable zoneinfo file) isn't as new as the one obtained from the link below but the change for Indianapolis looks the same. This has instructions for updating zone file info. https://engineering.purdue.edu/ECN/Resources/KnowledgeBase/Docs/20060128100824 I had to use this on some 4.11-stable systems that I have in production. If you find any discrepancies in the above, please let me know. Thanks. Dave __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: I've got spyware!!??
--- Garrett Cooper [EMAIL PROTECTED] wrote: On Feb 23, 2006, at 12:19 AM, Joseph Vella wrote: I just installed flash in Firefox. I was playing around with the autoscrolling feature, when all of a sudden some ugly website pops up. It was something I clicked with the mouse wheel. I tried it again and sure enough the same site pops up. It was kind of tricky to do. I had to be scrolling and then click real fast. I found that if I turned off the autoscrolling, anytime I clicked in the browser window with the mouse wheel this site would come up. On a couple of occasions a page within the Microsoft site would come up instead. I deleted the mozilla directory in my home directory. After that the first three clicks of my mouse wheel would cause the Microsoft page to come up, after that the other site would come up. How could there be spyware on my FreeBSD computer and how do I get rid of it? Not sure if this is true for FreeBSD, but try deleting the ~/.macromedia directory and see what happens. This may remove any unwanted cached flash apps. Interesting though. If this persists, someone may have found and exploited a security issue with Flash =\... -Garrett I think it is something in Firefox. I see the same thing. When the middle mouse button is clicked on a page, it goes to a seemingly random page.(Notice seemingly) It looks like it can be disable by typeing about:config in the address bar of firefox and changing the middlemouse.contentloadurl to false. Also, google middlemouse.contentloadurl for what it does. It has something to do with loading clipboard contents as URL. Read https://bugzilla.mozilla.org/show_bug.cgi?id=216899. There is a mention of a Google I'm Feeling Lucky search being done, which may be what you are seeing. Dave __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfw and if_bridge
Hello all. I had my firewall crash using releng_6(sata corruption/failure of some sort) and during rebuild I decided to move to ipfw + if_bridge instead of using ipfw + bridge(4) since bridge(4) is becoming obsolete. Anyway, i had some problems getting ruleset to work. I've cut ruleset down to pertinent parts to show what I am seeing. I have a system with 2 cards, em0 and em1, being used as a filtering bridge. em0 faces router and em1 faces internal lan. network = 10.1.1.0/24 em0 address = (has none) em1 address = 10.1.1.17 some internal lan machine = 10.1.1.12 --begin ruleset- -f flush add 100 pass layer2 mac-type arp add 200 check state add 300 deny log tcp from any to any established in via em0 add 400 allow icmp from any to 10.1.1.0/24 icmptypes 0,3,11,12,13,14 add 500 pass tcp from 10.1.1.17 to any setup keep-state add 600 pass udp from 10.1.1.17 to any keep-state add 700 pass ip from 10.1.1.17 to any add 800 deny log ip from 10.1.1.0/24 to any in via em0 add 900 pass tcp from 10.1.1.0/24 to any in via em1 setup keep-state add 1000 pass udp from 10.1.1.0/24 to any in via em1 keep-state add 1100 pass ip from 10.1.1.0/24 to any in via em1 add 1200 deny log ip from any to any end ruleset- Sysctl variables: net.link.bridge.pfil_member=1 net.link.bridge.ipfw=1 rc.conf entries: ifconfig_em1=inet 10.1.1.17 netmask 255.255.255.0 cloned_interfaces=bridge0 ifconfig_bridge0=addm em0 addm em1 up firewall_enable=YES firewall_type=/etc/firewall/ipfw.conf With bridge(4) I could ping from inside machine(10.1.1.12) to router or any other out-of-lan address. After if_bridge i would get in logs after same ping attempt: 1200 Deny ICMP:8.0 10.1.1.12 to (router ip address) out via em0 TCP outbound connections work. After changing rulesets from in via to recv, icmp now works. (ex: add 1100 pass ip from 10.1.1.0/24 to any recv em1) This blocking of the icmp packet out via em0 even though the ruleset says to allow it because it came in via em1 doesn't seem to be correct behavior to me. The tcp/udp rulesets work even though there is intermittant pop-ups in the logs saying the connections were blocked out via em0. Any enlightenment on this is appreciated. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /etc/mail/local-host-names
--- Wojciech Puchar [EMAIL PROTECTED] wrote: how line should look at this file to enable anybody in IPv4 10.0.0.0/8 to relay through this server 10. seems not to work. thanks I think you need to put that in /etc/mail/access as 10 RELAY and then do a #make maps Check the Makefile in /etc/mail/ for more on the make option Read /usr/share/sendmail/cf/README for more info. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: AaaarrrGGGH. linuxpluginwrapper and linux-mozilla.
--- Gary Kline [EMAIL PROTECTED] wrote: On Tue, Oct 11, 2005 at 07:43:51PM -0700, Gary Kline wrote: On Tue, Oct 11, 2005 at 09:54:16PM -0400, Chris Hill wrote: On Tue, 11 Oct 2005, Gary Kline wrote: tao# `/compat/linux/sbin/ldconfig -p | grep libX` libX11.so.6 Hm. So nothing but libX11... . Not necessarily. Run it again unquoted, like so: tao# /compat/linux/sbin/ldconfig -p | grep libX ...and you should see more. Running the command in `quotes' will try to execute the first match that grep finds, which on my machine is (you guessed it) libX11.so.6. Right! ...But then I rebuilt and reinstalled linux_base-8, too. So hard to say what might have been missing. Anyway, time to see if anything works now :) Well, in short, no-joy. I've updated linux_base-8, reinstalled linuxpluginwrapper--(I may have the wrong flash installed, but no biggie). With mozilla on my Thinkpad, it simply exits. linux-mozilla on the TP does fire up mplayerplugin. But it prints Stopped on the GUI display; to stdout or stderr it prints href=(null); On the browser URL display it shows: http://www.kuow.org/kuow2/kuow2.asx I get the Stopped string on both my laptop and here in my offfiice with the FBSD mozilla, linux-mozilla, and firefox. This is what Isee on my xterm on tao: p5 23:40 tao [6596] (Gecko:40836): Gdk-WARNING **: gdk_property_get(): length value has wrapped in calculation (did you pass G_MAXLONG?) LoadPlugin: failed to initialize shared library /usr/X11R6/lib/linux-flashplugin6/libflashplayer.so [Shared object libpthread.so.0 not found, required by libflashplayer.so] checking to see if we need to make a button n-url=http://www.kuow.org/kuow2/kuow2.asx url=http://www.kuow.org/kuow2/kuow2.asx href=(null) If I have to pkg_delete anything I'd rather delete the linux ports. Don't know if ths would help. aNybody have any ideas why mplayerplugin just quits? (I'd be pulling out my hair if I had enough left:-) (*mumble*) gary Did you copy the pertinent file from /usr/local/share/examples/linuxpluginwrapper to /etc/libmap.conf ? I believe there were some version bumps after 6.beta3. (If that is relevent to you) __ Yahoo! Music Unlimited Access over 1 million songs. Try it free. http://music.yahoo.com/unlimited/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: IPFW won't go away!
Did you install the kernel after building? At least the one without the IPFIREWALL* option? (in /usr/src) make buildkernel KERNCONF=MYKERNEL make installkernel KERNCONF=MYKERNEL Also check /boot/loader.conf for ipfw_load=YES and make sure /boot/defaults/loader.conf says ipfw_load=NO. __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mouse wheel problem
--- Alejandro Pulver [EMAIL PROTECTED] wrote: On Tue, 30 Aug 2005 11:57:18 -0500 Efren Bravo [EMAIL PROTECTED] wrote: Hi, I've written on /etc/rc.conf : moused_port=/dev/psm0 moused_flags=-r high -z 4 moused_type=auto moused_enable=YES and on /etc/X11/xorg.conf Section InputDevice Identifier Mouse0 Driver mouse Option Protocol auto Option Device /dev/sysmouse Option Buttons 5 Option ZAxisMapping 4 5 EndSection But the scrollwheel doesn't work. I've tried with Kde's Applications. Have I a bad configuration? Thanks... Hello, It works for me without the ZAxisMapping option (and the same options in rc.conf): IdentifierMouse1 Drivermouse OptionProtocol Auto OptionDevice/dev/sysmouse OptionButtons 5 Best Regards, Ale I had a heck of a time getting my wheel to work in RELENG_6. Eventually, starting moused with setting in rc.conf(below) and turning off Emulate3Buttons (had to put line in with the false. commenting out didn't work) and adding the Buttons line worked. The instructions out of the handbook didn't work this time. xorg.conf sections-- Section InputDevice # Identifier and driver Identifier Mouse1 Driver mouse Option Protocolauto Option Device /dev/sysmouse Option Emulate3Buttons false Option Buttons 5 EndSection rc.conf--- moused_enable=YES moused_type=auto moused_flags=-z 4 excerpt from dmesg-- psm0: PS/2 Mouse irq 12 on atkbdc0 psm0: [GIANT-LOCKED] psm0: model IntelliMouse, device ID 3 (It is a Logitech optic mouse.Two button with Wheel) __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can someone clarify ipfw's in/out/recv/xmit/via concepts?
--- Gary W. Swearingen [EMAIL PROTECTED] wrote:
I see in another msg that I'm not the only one
scratching my head over
the ipfw manpage's explanation of
in/out/recv/xmit/via concepts. I've
spent many hours reading that manpage and working on
my rc.firewall
(and it seems to work OK, based on the logging), but
I can't figure
out what it's trying to tell me, even with that nice
ASCII art.
(I hope your replies will help me get some
clarifications into the
manpage.)
^ to upper layers v
| |
+--+
^ v
[ip_input] [ip_output]
net.inet.ip.fw.enable=1
| |
^ v
[ether_demux][ether_output_frame]
net.link.ether.ipfw=1
| |
+[bdg_forward]+
net.link.ether.bridge_ipfw=1
^ v
| to devices |
+ +
FROM BOTH TO BOTH
NICS? NICS?
Here's a pic of my firewall:
+--+
| +-+ |
| |KERNEL | |
| +-+ |
|| || ||
|v ^v ^|
|| || ||
| +-++-+ |
| | NIC |FW | NIC | |
| +-++-+ |
|| || ||
+--+
| || |
v ^v ^
| || |
WANLAN
The manpage says we have incoming and outgoing
packets.
In and out of what? NIC or kernel or ipfw or
computer?
The manpage describes:
recv | xmit | via {ifX | if* | ipno | any}
Is my de0 an ifX or an if*?
(exact name or device name)
What would be an example of the other?
Does ipno mean an numerical Internet address?
(It's not mentioned elsewhere in the manpage.)
Does each of my NICs have both of the manpage's xmit
and recv
interfaces, or is one an xmit and one a recv for any
one packet rule?
If an incoming packet can be associated with an xmit
interface, why
can't an outgoing packet be associated with a recv
interface?
P.S.
It seems that some people do their blocking of
packets
going from LAN to WAN on (so to speak) the LAN
interface, some on
the WAN interface, and some on both. It doesn't
seem to make much
difference on a pure firewall, except for
rule-writing convenience.
Right?
I suppose it would be best to put blocks everywhere
possible
or at least where the packets enter the computer.
Right?
Help!!
Here is a link to a thread that help me to understand
the in/out/recv/xmit stuff.
http://groups-beta.google.com/group/comp.unix.bsd.freebsd.misc/tree/browse_frm/thread/240d22a55265689/4bb2dd91a376fa6c?rnum=1hl=en_done=%2Fgroup%2Fcomp.unix.bsd.freebsd.misc%2Fbrowse_frm%2Fthread%2F240d22a55265689%2F2c14cdd252d01ff2%3Fhl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26rnum%3D4%26prev%3D%2Fgroups%3Fq%3Dipfw%2Bout%2Brecv%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3D3B5E86C8.8438BEE7%2540amit.cz%26rnum%3D4%26#doc_8d3d7ceea76d1cca
ok kind of long ...do a search in google groups using-
Why is there a out recv interface spec in ipfw?
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Newbie IPFW Questions
--- Jim Campbell [EMAIL PROTECTED] wrote: Glenn Dawson wrote: At 08:18 PM 7/17/2005, Jim Campbell wrote: I have a machine set up as a classroom to learn about FreeBSD. It is running 4.11 primarily because anything later can't see my hard drive. As background, my FBSD machine has an address of 192.168.1.110. It is situated behind a hardware firewall (a Linksys router). $pif is vr0. I'm having problems setting up IPFW to communicate with an Onion router. The puzzling part is that I am able to use the Onion router but my /var/log/security file says that some of the packets are being dropped. Following is what I hope are the pertinent lines from my /etc/ipfw.rules file: $cmd 00225 allow tcp from me to any 9001-9033 out via $pif setup keep-state $cmd 00299 deny log all from me to any out via $pif $cmd 00332 deny log tcp from any to me established in via $pif Next is an excerpt from the /var/log/security file: Jul 17 21:49:58 JimsP1G /kernel: ipfw: 299 Deny TCP 192.168.1.110:2218 128.148.34.133:9001 out via vr0 Jul 17 21:49:59 JimsP1G /kernel: ipfw: 299 Deny TCP 192.168.1.110:4959 131.175.189.134:9001 out via vr0 Jul 17 21:50:18 JimsP1G /kernel: ipfw: 332 Deny TCP 128.148.34.133:9001 192.168.1.110:2218 in via vr0 Jul 17 21:50:29 JimsP1G /kernel: ipfw: 332 Deny TCP 131.175.189.134:9030 192.168.1.110:4566 in via vr0 Now my questions. First, why isn't rule 225 allowing all the packets out to the Onion router? It seems to me that ipfw should allow all packets in the port range 9001-9033 out or none. Rule 225 will only match packets used to setup the tcp session, once it's established you need another rule that will allow the established session to function. Rule 299 is denying everything from leaving your machine except for the packets allowed by rule 225. It appears that I didn't include enough of the ipfw.rules file. Following is another abstract: # # Allow the packet through if it has previous been added to the # the dynamic rules table by a allow keep-state statement. # $cmd 00015 check-state It's my understanding that this rule allows through any returning packets that match the dynamic rule established by Rule 225. Next, the two inbound packets should be returning in response to an outbound packet. Why are they being dropped? Are they exceeding some timeout? Rule 332 is denying all established traffic from entering your machine. So, while rule 225 allows you to establish a tcp session with another system on ports 9001-9033, once the session is established, rule 225 no longer applies and rule 332 is then throwing all those packets away. -Glenn Part of my problem is that I don't understand the protocols being used by the Onion routers. It appears that Tor (the application on my machine that sets up the communication with the Onion routers) begins to communicate with the Onion routers as soon as it starts. This communication continues as long as the FBSD machine is alive. Really shook me up when I first started using Tor and Privoxy. I thought someone was hacking my machine :-) The really puzzling thing about this situation is that at least some of the messages concerning the Onion protocol are getting through. I can ask for www.google.com and sometimes it resolves to Google in Europe, sometimes to Google in Asia, and sometines to Google here in the US. Ipfw appears to be only dropping some of the packets. Perhaps I should set up another machine to sniff the packets that occur. Maybe that would give me an idea of what is happening with the Onion protocol. In any event, thanks for your input to my problem, and if you have any other ideas I would appreciate them very much. I've been chewing on this problem the better part of a week. Thanks, Jim check the output of #ipfw show and make sure the check-state line is there. Your config says- $cmd 00015 check-state and I think..(at least on a 5.4 machine) it should say $cmd 00015 add check-state Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Security for webserver behind router?
--- Eilko Bos [EMAIL PROTECTED] wrote: From the keyboard of Ted Mittelstaedt, written on Wed, Jan 19, 2005 at 11:25:00PM -0800: I am running Apache 1.3.33, as you suggest I should. You say as long as Apache is secure; what should I do to be sure that Apache is secure? Nothing, you nor nobody can do this. All you can do is subscribe to the Apache mailing list and if someone discovers a hole in Apache at some point in the future, then you can immediately patch your installation with the inevitable patch that will shortly follow. Don't forget that Apache's nature is offering content. What about unsafe PHP/CGI-scripts? You can secure Apache, but that doesn't help when your webapplication is a big hole to your system. Just my 0.2$c Grtz, You can also use usr/ports/www/mod_security to help secure Apache. __ Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less. http://info.mail.yahoo.com/mail_250 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Which OS should we use?
--- Paul Schmehl [EMAIL PROTECTED] wrote: --On Tuesday, January 11, 2005 05:48:41 PM -0800 sp0ng3b0b [EMAIL PROTECTED] wrote: I'm in the same boat. I've had mixed results with 5.3. I advise you to test it out for your needs. If your hardware and apps play well together, go for it. As a web, mysql and samba server, I've had no problems. As an IDS running snort, I've had problems with the nge driver. I need these NICs for monitoring gigabit links. Simply uping the interface caused FreeBSD to panic. I posted here and opened a problem report, but got no replies. FWIW, I never saw a kernel panic until I used 5.3, but I do acknowledge that the technology added is new and results may very. Thanks for pointing that out. In fact, *one* of the servers *will* be running snort. I'm not sure what our NICs are, though. I believe they're Intel, but I'll have to check. I'm using 5.3 on a Dell PE750 as a firewall with snort running. Has dual Intel Pro 1000/100 (em drivers). Also have 5.3 running on a PE1750 as a email virus and spam scanner. __ Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD server(s) to backup multi-platform systems remotely
--- Danny [EMAIL PROTECTED] wrote: On 30 Dec 2004 09:52:30 -0500, Lowell Gilbert [EMAIL PROTECTED] wrote: And there's actually a *third* possible goal, which is quick recovery of accidentally deleted (or overwritten, etc.) user data. UFS2 filesystem snapshots are a remarkably easy way to provide this. This would be nice, but I am not going to get that granular at this point. Thank you for the reminder, though. And then there's RAID, which doesn't solve any of these problems, but can help you get back up fast after losing a disk. Hardware RAID, yes, for hardware failure. Got that covered. Each of these goals has a different best solution, and in some cases the solution even depends on the details of the environment. Figure out exactly what you need before deciding how to fill that need. From a backup point of view, my goal... On a nightly and automated basis - to take a snapshot of all new and modified data from a FreeBSD server and Windows server. Then compress and hopefully encrypt the data and send it to a remote FreeBSD server through some form of efficient and secure file transfer. Uncompressed the nightly data may total ~20MB. From a restore point of view, my goal... To be able to download the compressed backup(s) from the remote server and restore the previous days data. Hopefully this explains my situation. Thank you, ...D ___ I haven't caught all of this thread but I'll share what I do. I use rsync to sync file to a server for backup. 6 FreeBSD and one Win2K which have been set up to rsync at different times in the morning hours. On the Win2k machine, I have cygwin running that I use to rsync the data over every night. I think there is rsync for windows but I liked the command line capabilities that cygwin gives me. All use ssh in the rsync. So after the night rsync's, I'll have a copy of files on the backup server's harddrive and will also have a copy on tape. Tape runs in morning after all servers have sync'd. __ Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less. http://info.mail.yahoo.com/mail_250 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD server(s) to backup multi-platform systems remotely
--- Danny [EMAIL PROTECTED] wrote: On Thu, 30 Dec 2004 08:31:34 -0800 (PST), Dave McCammon [EMAIL PROTECTED] wrote: I haven't caught all of this thread but I'll share what I do. I use rsync to sync file to a server for backup. 6 FreeBSD and one Win2K which have been set up to rsync at different times in the morning hours. Any of this communcation/transfer encrypted or compressed? What type of backup would you compare your solution to -- incremental, differential, full, etc.? rsync in FreeBSD use ssh as default transport. rsync in cygwin is made to use ssh with command line option. Type of backup---read the man page for rsync-- It basically sync's a copy of whatever you tell it to to someplace that you tell it to. Whole file systems or just one file. Then the next time rsync runs, it copies the files that have changed since the last rsync. This is my explanation...please read the man page for more. Rsync is located in the ports. How many GB's you transfer? Total transfered a night..I don't know. It depends on what is on the machine. A few K on one machine, 70-90M per file on another, etc... All machines are on one LAN so no transfers over T1 yet. All-in-All there is 13G that is stored on the backup server from the 7 servers but not all 13G's are transfered every night. On the Win2k machine, I have cygwin running that I use to rsync the data over every night. I think there is rsync for windows but I liked the command line capabilities that cygwin gives me. All use ssh in the rsync. [...] How do you restore files? rsync them back or scp. I use dump on the tape backup so if an archived file(s)is needed it is restored to a different location then copied to the server where it is needed. __ Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ipfw Impossibility - Perpetual Motion Achieved!
--- Jason C. Wells [EMAIL PROTECTED] wrote: Pray tell how is this report from 'ipfw show' even possible? 17100 3 228 count ip from any to any 65535 27 1986 deny ip from any to any If rule 17100 only counted three packets, then how did the very next rule count 27? I do not use 'skipto' rules. We appear to be passing more packets out of rule 17100 than are going in. If we can harness this energy, we can power the universe! :) I believe the 27 count is from boot-up before rule 17100 is loaded. __ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw - denying all - what port for OE
--- David Banning [EMAIL PROTECTED] wrote: My server is my desktop. My ipfw rules follow. Whenever I take out line 12000 is runs fine. When I put it back in I can't run OE. 01000 allow tcp from any to any 10060 01040 allow tcp from any to any 22 10100 allow tcp from any to any 80 10200 allow tcp from any to any 10080 10300 allow tcp from any to any 3128 10400 allow tcp from any to any 8180 10600 allow tcp from any to any 8025 10700 allow tcp from any to any 110 10800 allow tcp from any to any 25 10810 allow tcp from any to any 109 10820 allow tcp from any to any 106 11001 allow tcp from any to any 389 11002 allow tcp from any to any 636 11003 allow tcp from any to any 379 11004 allow tcp from any to any 390 11005 allow tcp from any to any 3268 11006 allow tcp from any to any 3269 11007 allow tcp from any to any 143 11008 allow tcp from any to any 993 11009 allow tcp from any to any 995 11010 allow tcp from any to any 119 11011 allow tcp from any to any 563 11012 allow tcp from any to any 443 11013 allow tcp from any to any 465 11015 allow tcp from any to any 625 11016 allow tcp from any to any 135 11017 allow tcp from any to any 935 12000 deny tcp from 209.188.66.29 to any I may be assuming alot here with the info you have given but Correct me if I'm wrong but I'm assuming 209.188.66.29 is your machine and it has the services running and, your ipfw setup in your kernel has IPFIREWALL_DEFAULT_TO_ACCEPT. With that setup, OE will work without rule 12000 because the client-to-server packets match rule 10700 and server-to-client will match the last rule (65535 in #ipfw show). With rule 12000 inserted, client-to-server packets match rule 10700 but server-to-client get blocked by 12000. You may try adding: 01050 allow tcp from any to any established and add to the end of the rest of the allow rules setup example: 01000 allow tcp from any to me 10060 setup or try rewriting your rules to use dynamic rules. example: 01050 check-state 01000 allow tcp from any to me 10060 setup keep-state 01040 allow tcp from any to me 22 setup keep-state 10100 allow tcp from any to me 80 setup keep-state 10200 allow tcp from any to me 10080 setup keep-state . (last rule) 5 deny ip from any to any Now, if your setup doesn't match what I outlined above, please send your output of (as root) #ipfw show . With this output we can better help you adjust your ruleset. You may want to also include your /etc/rc.conf file and what firewall options your have in your kernel config. ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw - denying all - what port for OE
--- David Banning [EMAIL PROTECTED] wrote: I am attempting to block everything except ports 80, 110, 25 and a few others, but I can't seem to get Outlook Express mail clients to collect mail on the network. Does anyone happen to know what ports they use? I have tried 110, 25, 443 and about 20 others. I tried using tcpdump to track the activity when I have all ports open and use OE, but it seems to use a different port each time: ports like 2843 and other non-allocated port numbers. The client(OE) will use a non-privileged port to connect to the POP3(I assume this is what you want) server port 110. To be clearer, are you attempting to block everything except 80,110,25, and a few others _in_ or _out_? If you are allowing the client to connect,let's say out, to the pop server, are you allowing the return traffic? Example:(arrows for traffic flow) Client request client(2843)-ipfw allow-pop3(110) Server reply client(2843)-ipfw established-pop3(110) Simple rule example allow tcp from any to me established allow tcp from me to (server) 110 setup deny ip from any to any This is similar to the example in the ipfw man page. Simple rule using dynamic rules check-state allow tcp from me to (server) 110 setup keep-state deny ip from any to any When me makes a setup connection to pop server it creates a dynamic rule for return traffic. After looking at the man page again, this rule is like the example except i didn't use the established rule. Read through the examples in the man page and look at key words like established, keep-state, setup, check-state. ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Protecting SSH from brute force attacks
--- Vulpes Velox [EMAIL PROTECTED] wrote: On Thu, 7 Oct 2004 15:15:25 -0700 (PDT) Luke [EMAIL PROTECTED] wrote: There are several script kiddies out there hitting my SSH server every day. Sometimes they attempt to brute-force their way in trying new logins every second or so for hours at a time. Given enough time, I fear they will eventually get in. Is there anything I can do to hinder them? I'd like to ban the IP after 50 failed attempts or something. I'd heard that each failed attempt from a source was supposed to make the daemon respond slower each time, thus limiting the usefulness of brute force attacks, but I'm not seeing that behavior. I forget where in /etc it is, but look into setting up something that allows a certian number of failed logins before locking that IP/term out for a few minutes and if it is constantly from the same place look into calling their ISP or the like. Or in a few cases, like I have done in a few cases, and a deny from any to any for that chunk of the net... man login.conf for more info :) ___ Following the advice from here: http://isc.sans.org//diary.php?date=2004-09-11. What I did was to only allow access to one machine through my firewall for the ssh connections (ipfw limit). 2 per source address. And, for that one machine, I changed the sshd port to a different number. I was getting the same brute force attacks but they have dropped to nil since. ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Too many dynamic rules, sorry
You'll generally need to keep state on UDP when you
play online games.
If you're smart, you don't allow arbitrary UDP
packets from the outside
world into your network, but if you're playing
Unreal or something, then
all communication is via UDP, and you won't be able
to play.
The best solution is to allow all UDP traffic to
_leave_, while keeping
state. the keep-state remembers the ip/port
information on the outgoing
packets, and thus allows return packets to get back
in (by matching the
ip/port pair).
Now, when you know the port, it doesn't really make
sense to use
keep-state, and all you're really doing is spamming
your state tables.
If you look in the /etc/rc.firewall that ships with
FreeBSD, you'll see
these rules (designed to handle running a DNS
server):
# Allow access to our DNS
${fwcmd} add pass tcp from any to ${oip} 53
setup
${fwcmd} add pass udp from any to ${oip} 53
${fwcmd} add pass udp from ${oip} 53 to any
Granted, it's three rules instead of 1, but it does
not use your state
tables unnecessarily (sp?)
Unless you have above the #Allow access to our DNS
rules-
${fwcmd} add pass udp from ${oip} to any keep-state
to allow all UDP to leave.
the first incoming packet to port 53 will match the
stateless rule
${fwcmd} add pass udp from any to ${oip} 53
but the reply will create a dynamic rule
because first match is
${fwcmd} add pass udp from ${oip} to any keep-state
___
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Too many dynamic rules, sorry
--- Bill Moran [EMAIL PROTECTED] wrote:
Rob [EMAIL PROTECTED] wrote:
Norm Vilmer wrote:
Here are the rules that I have that keep-state
on the outside interface:
#For DNS
add 01300 pass udp from ${oip} to any 53
keep-state
# For NTP
add 01400 pass udp from ${oip} to any 123
keep-state
# For VPN
add 01500 pass gre from any to any keep-state
# For ICMP
add 01600 pass icmp from any to any via ${oip}
keep-state
Do you think these are causing the problem?
Aren't udp and icmp state-less protocols?
In that case, keep-state would not make much
sense.
I use 'keep-state' only for tcp rules.
I may be wrong, moreover, I haven't followed the
full thread :).
You'll generally need to keep state on UDP when you
play online games.
If you're smart, you don't allow arbitrary UDP
packets from the outside
world into your network, but if you're playing
Unreal or something, then
all communication is via UDP, and you won't be able
to play.
The best solution is to allow all UDP traffic to
_leave_, while keeping
state. the keep-state remembers the ip/port
information on the outgoing
packets, and thus allows return packets to get back
in (by matching the
ip/port pair).
Now, when you know the port, it doesn't really make
sense to use
keep-state, and all you're really doing is spamming
your state tables.
If you look in the /etc/rc.firewall that ships with
FreeBSD, you'll see
these rules (designed to handle running a DNS
server):
# Allow access to our DNS
${fwcmd} add pass tcp from any to ${oip} 53
setup
${fwcmd} add pass udp from any to ${oip} 53
${fwcmd} add pass udp from ${oip} 53 to any
Granted, it's three rules instead of 1, but it does
not use your state
tables unnecessarily (sp?)
HTH.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
__
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Too many dynamic rules, sorry
--- Bill Moran [EMAIL PROTECTED] wrote:
Rob [EMAIL PROTECTED] wrote:
Norm Vilmer wrote:
Here are the rules that I have that keep-state
on the outside interface:
#For DNS
add 01300 pass udp from ${oip} to any 53
keep-state
# For NTP
add 01400 pass udp from ${oip} to any 123
keep-state
# For VPN
add 01500 pass gre from any to any keep-state
# For ICMP
add 01600 pass icmp from any to any via ${oip}
keep-state
Do you think these are causing the problem?
Aren't udp and icmp state-less protocols?
In that case, keep-state would not make much
sense.
I use 'keep-state' only for tcp rules.
I may be wrong, moreover, I haven't followed the
full thread :).
You'll generally need to keep state on UDP when you
play online games.
If you're smart, you don't allow arbitrary UDP
packets from the outside
world into your network, but if you're playing
Unreal or something, then
all communication is via UDP, and you won't be able
to play.
The best solution is to allow all UDP traffic to
_leave_, while keeping
state. the keep-state remembers the ip/port
information on the outgoing
packets, and thus allows return packets to get back
in (by matching the
ip/port pair).
Now, when you know the port, it doesn't really make
sense to use
keep-state, and all you're really doing is spamming
your state tables.
If you look in the /etc/rc.firewall that ships with
FreeBSD, you'll see
these rules (designed to handle running a DNS
server):
# Allow access to our DNS
${fwcmd} add pass tcp from any to ${oip} 53
setup
${fwcmd} add pass udp from any to ${oip} 53
${fwcmd} add pass udp from ${oip} 53 to any
Granted, it's three rules instead of 1, but it does
not use your state
tables unnecessarily (sp?)
HTH.
Sorry, wasn't done with last message.
Look at your dynamic table, if you are getting DoS'd,
try using the limit option instead of keep-state or
tweak the net.inet.ip.fw.dyn_(*)_lifetime to a level
that suits your needs.
Or, rewrite your rules removing the keep-state options.
___
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Too many dynamic rules, sorry
--- Norm Vilmer [EMAIL PROTECTED] wrote:
Dave McCammon wrote:
--- Bill Moran [EMAIL PROTECTED] wrote:
Rob [EMAIL PROTECTED] wrote:
Norm Vilmer wrote:
Here are the rules that I have that keep-state
on the outside interface:
#For DNS
add 01300 pass udp from ${oip} to any 53
keep-state
# For NTP
add 01400 pass udp from ${oip} to any 123
keep-state
# For VPN
add 01500 pass gre from any to any keep-state
# For ICMP
add 01600 pass icmp from any to any via ${oip}
keep-state
Do you think these are causing the problem?
Aren't udp and icmp state-less protocols?
In that case, keep-state would not make much
sense.
I use 'keep-state' only for tcp rules.
I may be wrong, moreover, I haven't followed the
full thread :).
You'll generally need to keep state on UDP when
you
play online games.
If you're smart, you don't allow arbitrary UDP
packets from the outside
world into your network, but if you're playing
Unreal or something, then
all communication is via UDP, and you won't be
able
to play.
The best solution is to allow all UDP traffic to
_leave_, while keeping
state. the keep-state remembers the ip/port
information on the outgoing
packets, and thus allows return packets to get
back
in (by matching the
ip/port pair).
Now, when you know the port, it doesn't really
make
sense to use
keep-state, and all you're really doing is
spamming
your state tables.
If you look in the /etc/rc.firewall that ships
with
FreeBSD, you'll see
these rules (designed to handle running a DNS
server):
# Allow access to our DNS
${fwcmd} add pass tcp from any to ${oip}
53
setup
${fwcmd} add pass udp from any to ${oip}
53
${fwcmd} add pass udp from ${oip} 53 to
any
Granted, it's three rules instead of 1, but it
does
not use your state
tables unnecessarily (sp?)
HTH.
Sorry, wasn't done with last message.
Look at your dynamic table, if you are getting
DoS'd,
try using the limit option instead of keep-state
or
tweak the net.inet.ip.fw.dyn_(*)_lifetime to a
level
that suits your needs.
Or, rewrite your rules removing the keep-state
options.
___
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
I think I follow you. I am going to have to play
around with the
DNS rules supplied with rc.firewall to see if I can
get them to
work. Just putting them in as given, my machines
inside the firewall
can not do nslookup's.
I am a little afraid to play with the
net.inet.ip.fw.dyn_(*)_lifetime
level, I have seen a number of posting where people
increase the value,
mine is set to 300 (default). I did remove
keep-state from all my rules
excpet the gre rule. I also set the
net.inet.ip.fw.dyn_max to 8192 which
helps.
Maybe I need a good book on the subject. Any
suggestions?
Norm Vilmer
What you may you may want to do is lower the
net.inet.ip.fw.dyn_ack_lifetime.
This will help the dynamic rules to be cleared faster
on connections that don't get completed with the FIN
or RST.
Besides, I believe the UDP dynamic rules are
controlled by net.inet.ip.fw.dyn_udp_lifetime.
On my bridging-firewall, it is set to 10 but in the
man page for ipfw it shows default as 5 (unless the 5
is just an example not the default).
Here is some links that I have bookmarked
http://www.kgb.ro/Ipfw-HOWTO
http://freebsd.amazingdev.com/blog/archives/000112.html
http://www.toad-one.org/howto/FreeBSD/Ipfw-Advanced-Supplement-HOWTO.txt
___
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Cardbus not working for 3com 656B netcard
--- Davon Shire [EMAIL PROTECTED] wrote: Hello everyone, back in the days of 5.1.xxx my 3com CFM656B (That's not the exact model number sorry but it's in my machine at home at the moment.) worked beautifully. I had changed to the 5.1 branch of FreeBSD because finally I could use something other than a ratty Linksys 10mbps pccard in my laptop. I cvsup'd religeously and the world built well (usually) and the kernels kernelled and I was a righteous FreeBSD guru. But then.. 5.2.1 hit and my 3com netcard no longer functioned. I searched high and low for fixes, answers cvsup every chance I had and never once did the card work again. Everything shows normal in the dmesg but the bus never resets and the system can't get the station address. I checked interrupts and the card bus is there sharing life with the pccard interface at irq 10. If I'm using 5.1 of the OS (which I reinstalled the other day because i'm trying to get my new Linksys wifi card running) the 3com works and data flows at a reasonable rate. Does anyone know of a fix for the cardbus since that's the only thing I can find that seems like it's out of wack? same hardware works fine with 5.1 but 5.2 is toiletville. My 10mbps linksys card still works but it is a 16 bit pccard and nothing and no cards that I have that are 32bit cardbus work at all. This is on a IBM Iseries thinkpad 1141. It's been my main work horse since I bought it in 2000. Please help make a ratty old laptop useful again. I'll do what I can to provide information to get this problem fixed. Since I see current is now trying to breath life into FreeBSD-6.0 and I would hate to see this problem continue. Thank you in advance for everything. Sincerely Davon If you are getting dmesg errors similar to kernel: cbb0: cbb_power: 0V kernel: cbb0: bad Vcc request. ctrl=0xf000ff00, status=0xf000e2c3 kernel: cbb_power: 0V Try this patch ? http://lists.freebsd.org/pipermail/freebsd-mobile/2004-September/004726.html I have a 3com575B that quit working after going to 5.3 beta from 5.2.1. The above patch made it work again. Here is another that may help. http://www.freebsd.org/cgi/query-pr.cgi?pr=66848 __ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
bridging on 5.3 beta not working
Maybe I should post this to the CURRENT mail list or maybe STABLE(even though releng_5 isn't stable yet) but I wanted to try here first. I can't seem to get bridging working on a new install of 5.3 beta. I set up the system correctly as far as I can tell(see info below). I gave one nic(em0) an ip and can reach other machines(using ssh as the test). If I move the ethernet cable from em0 to em1 I can't get out to any machines. Perhaps this is not a valid test (seems it should be). I must also mention that I did try both ports plugged in(between two switches) but no traffic was getting through. below is the output of `sysctl net.link.ether.bridge' net.link.ether.bridge.version: 031224 net.link.ether.bridge.debug: 0 net.link.ether.bridge.ipf: 0 net.link.ether.bridge.ipfw: 1 net.link.ether.bridge.copy: 0 net.link.ether.bridge.ipfw_drop: 0 net.link.ether.bridge.ipfw_collisions: 0 net.link.ether.bridge.packets: 382 net.link.ether.bridge.dropped: 0 net.link.ether.bridge.predict: 201 net.link.ether.bridge.enable: 1 net.link.ether.bridge.config: em0:0,em1:0 I have `options BRIDGE' compiled in the kernel, along with options IPFIREWALL options IPFIREWALL_VERBOSE I can send the entire kernel config if needed. output from `ipfw show' 65000 722 74390 allow ip from any to any 65535 1 108 deny ip from any to any Below is dmesg.boot. Copyright (c) 1992-2004 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.3-BETA1 #5: Wed Aug 25 14:57:39 EST 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/BG Timecounter i8254 frequency 1193182 Hz quality 0 CPU: Intel(R) Pentium(R) 4 CPU 3.40GHz (3400.14-MHz 686-class CPU) Origin = GenuineIntel Id = 0xf34 Stepping = 4 Features=0xbfebfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE Hyperthreading: 2 logical CPUs real memory = 1073479680 (1023 MB) avail memory = 1045135360 (996 MB) ACPI APIC Table: DELL PE750 FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 ioapic0: Changing APIC ID to 2 ioapic1: Changing APIC ID to 3 ioapic0 Version 2.0 irqs 0-23 on motherboard ioapic1 Version 2.0 irqs 24-47 on motherboard npx0: [FAST] npx0: math processor on motherboard npx0: INT 16 interface acpi0: DELL PE750 on motherboard acpi0: Power Button (fixed) Timecounter ACPI-fast frequency 3579545 Hz quality 1000 acpi_timer0: 24-bit timer at 3.579545MHz port 0x808-0x80b on acpi0 cpu0: ACPI CPU on acpi0 cpu1: ACPI CPU on acpi0 pcib0: ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0 pci0: ACPI PCI bus on pcib0 pcib1: ACPI PCI-PCI bridge at device 3.0 on pci0 pci1: ACPI PCI bus on pcib1 em0: Intel(R) PRO/1000 Network Connection, Version - 1.7.25 port 0xece0-0xecff mem 0xfe2e-0xfe2f irq 18 at device 1.0 on pci1 em0: [GIANT-LOCKED] em0: Ethernet address: 00:c0:9f:44:bd:ed em0: Speed:N/A Duplex:N/A pcib2: ACPI PCI-PCI bridge at device 28.0 on pci0 pci2: ACPI PCI bus on pcib2 aac0: Dell CERC SATA RAID 2 mem 0xf400-0xf7ff irq 24 at device 1.0 on pci2 aac0: [FAST] aac0: Unknown processor 100MHz, 48MB cache memory, optional battery not installed aac0: Kernel 4.1-0, Build 7028, S/N bc68d4 aac0: Supported Options=1097cWCACHE,DATA64,HOSTTIME,RAID50,WINDOW4GB,SOFTERR,ALARM uhci0: UHCI (generic) USB controller port 0xcce0-0xccff irq 16 at device 29.0 on pci0 uhci0: [GIANT-LOCKED] usb0: UHCI (generic) USB controller on uhci0 usb0: USB revision 1.0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1: UHCI (generic) USB controller port 0xccc0-0xccdf irq 19 at device 29.1 on pci0 uhci1: [GIANT-LOCKED] usb1: UHCI (generic) USB controller on uhci1 usb1: USB revision 1.0 uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered pci0: base peripheral at device 29.4 (no driver attached) pci0: base peripheral, interrupt controller at device 29.5 (no driver attached) pci0: serial bus, USB at device 29.7 (no driver attached) pcib3: ACPI PCI-PCI bridge at device 30.0 on pci0 pci3: ACPI PCI bus on pcib3 em1: Intel(R) PRO/1000 Network Connection, Version - 1.7.25 port 0xdcc0-0xdcff mem 0xfdee-0xfdef irq 21 at device 2.0 on pci3 em1: [GIANT-LOCKED] em1: Ethernet address: 00:c0:9f:44:bd:ee em1: Speed:N/A Duplex:N/A pci3: display, VGA at device 14.0 (no driver attached) isab0: PCI-ISA bridge at device 31.0 on pci0 isa0: ISA bus on isab0 atapci0: Intel 6300ESB SATA150 controller port 0xfea0-0xfeaf,0x376,0x170-0x177,0x3f6,0x1f0-0x1f7 at device 31.2 on pci0 ata0: channel #0 on atapci0 ata1: channel #1 on atapci0 pci0: serial bus, SMBus at device 31.3 (no driver attached) fdc0: floppy drive controller port 0x3f7,0x3f0-0x3f5 irq 6 drq 2 on acpi0 fdc0: FIFO enabled, 8 bytes threshold fd0: 1440-KB 3.5 drive on fdc0 drive
RE: IP bandwidth
--- Michael Clark [EMAIL PROTECTED] wrote: Bandwithd and IPaudit do a good job. I use both. Michael Clark Nemschoff Chairs Inc mclark at nemschoff dot com CompTIA A+, Network+, Server+, MCP Voice: (920) 457 7726 x294 Fax: (920) 453 6594 -Original Message- From: Philip Payne [mailto:[EMAIL PROTECTED] Sent: Friday, July 02, 2004 4:43 AM To: Radu MOLNAR; Arek Czereszewski Cc: [EMAIL PROTECTED]; John Lee Subject: RE: IP bandwidth John Lee wrote: dear all, i'm using a freebsd 4.10-stable server with 50 IP addresses. Is there any program i can install that will be able to tell me: - how much bandwidth (ie. kbps) each individual IP is using? trafcount seems to count total traffic only, any idea? I.e. ipfw + rrdtools or mrtg from ports (net-mgnt): netramet, bandwidthd Any of these make real time statistics like iptraf under linux. I also need something like this for both general interface (realtime) statistics and for traffic monitorring (i can use tcpdump for this but it would be nice to have both caracteristics in one program). I've used /usr/ports/net-mgmt/darkstat in the past on my home network. Its pretty simplistic but it might be of use. Phil. ___ Try Port: iftop-0.16 Path: /usr/ports/net-mgmt/iftop Info: Network utility for real-time bandwidth usage information Maint: [EMAIL PROTECTED] Index: net-mgmt pkg-descr- iftop provides real-time bandwidth usage information on a specified interface, listed by host pairs. WWW: http://www.ex-parrot.com/~pdw/iftop/ __ Do you Yahoo!? Yahoo! Mail is new and improved - Check it out! http://promotions.yahoo.com/new_mail ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfw MAC question
FreeBSD bridge/ipfw fxp0-external fxp1-internal I allow all from internal network in fxp1 I just added a logging statement- ipfw add log deny ip from any to any in via fxp1 before there was the default- deny ip from any to any and now I am seeing this in my logs- Deny MAC in via fxp1 What could this be? Everything is running fine so this seems to be harmless. __ Do you Yahoo!? Yahoo! Photos: High-quality 4x6 digital prints for 25¢ http://photos.yahoo.com/ph/print_splash ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5.2.1 ncplist s - kernel panic
--- Feczak Szabolcs [EMAIL PROTECTED] wrote: http://www.mail-archive.com/[EMAIL PROTECTED]/msg60154.html Im having nearly the same thing as the above thread ... Though I have RELEASE not rc, any solution for this yet ? I would like to use samba and ncpfs on the machine and looks like smaba is buggy on 4.9, and ok on 5.2.1 see th PR by me : http://www.freebsd.org/cgi/query-pr.cgi?pr=64719 though ncpfs seems to be broken in 5.2.1 critical ... any suggestions ? -- I haven't seen anything back on this yet. I upgraded to current after posting the dumps (see http://groups.google.com/groups?hl=enlr=ie=UTF-8oe=UTF-8selm=20040219150356.GA53711%40faq.goivytech.net ) I was going to wait until 5.3 stable was released to see if any changes had been made. I haven't posted to the current list as I don't subscribe to it. If anyone needs anymore info on this let me know. __ Do you Yahoo!? Yahoo! Small Business $15K Web Design Giveaway http://promotions.yahoo.com/design_giveaway/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5.2.1 ncplist s - kernel panic
--- Feczak Szabolcs [EMAIL PROTECTED] wrote: On Fri, Apr 02, 2004 at 09:50:00AM -0800, Dave McCammon wrote: I haven't seen anything back on this yet. I upgraded to current after posting the dumps (see http://groups.google.com/groups?hl=enlr=ie=UTF-8oe=UTF-8selm=20040219150356.GA53711%40faq.goivytech.net ) So does this means, that it is still broken in current ? I haven't cvsuped since the posting to be sure if any changes have been made. (I dual boot the machine so I haven't had a real need to do more work on it.) If I have time next week I'll upgrade to the latest current code and see what happens. __ Do you Yahoo!? Yahoo! Small Business $15K Web Design Giveaway http://promotions.yahoo.com/design_giveaway/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: apache log files rotation
--- fbsd_user [EMAIL PROTECTED] wrote: Can apache logs be rotated by /etc/newsyslog.conf? If not, how is it normally done? ___ Here is the relevent portion of my newsyslog.conf /var/log/httpd-access.log 640 14*$D0 Z /var/run/httpd.pid /var/log/httpd-error.log 640 14*$D0 Z /var/run/httpd.pid man newsyslog for more info on the fields. __ Do you Yahoo!? Yahoo! Search - Find what youre looking for faster http://search.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
kernel panic with netware stuff in 5.2.1-RC
I'm getting a kernel panic when trying to mount a nwfs file system or when trying to do a ncplist s. The system also panics on shutdown, referencing IPXrouted in the panic. Instruction pointer is c0516a06 and nm turns up nothing with nm -n /boot/kernel/kernel|grep c0516a06. With nm -n /boot/kernel/kernel| grep c0516a0, nm returns c0516a00 T turnstile_head and with grep c0516a, I get c0516a00 T turnstile_head c0516a10 T turnstile_empty c0516a30 T read c0516ac0 T pread Getting this on a 5.2.1-RC cvsuped yesterday. Using a basic kernel with options ipx added. Config at bottom. In loader.conf I have-- if_ef_load=yes nwfs_load=yes ncp_load=yes and in /etc/rc.conf ipxrouted_enable=yes ifconfig_rl0f1_ipx=ipx 0x71ad01b Everything worked fine until I cvsupped from 5.2 to 5.2.1RC. Any help is appreciated. KERNCONF(Cleaned up)= [snip] machine i386 #cpuI486_CPU #cpuI586_CPU cpu I686_CPU ident ABY maxusers0 #To statically compile in device wiring instead of # /boot/device.hints #hints GENERIC.hints makeoptions DEBUG=-g options SCHED_4BSD options INET#InterNETworking #optionsINET6 options FFS options SOFTUPDATES options UFS_ACL options UFS_DIRHASH #optionsMD_ROOT #optionsNFSCLIENT #optionsNFSSERVER #optionsNFS_ROOT #optionsMSDOSFS #optionsCD9660 options PROCFS options PSEUDOFS#Pseudo-filesystem framework options COMPAT_43 options COMPAT_FREEBSD4 #optionsCOMPAT_LINUX#Linux Compatibility #optionsSCSI_DELAY=15000 options KTRACE options SYSVSHM options SYSVMSG options SYSVSEM options _KPOSIX_PRIORITY_SCHEDULING options KBD_INSTALL_CDEV options AHC_REG_PRETTY_PRINT options AHD_REG_PRETTY_PRINT options IPX #optionsNWFS #optionsNCP # Debugging for use in -current #optionsDDB #optionsINVARIANTS #optionsINVARIANT_SUPPORT #optionsWITNESS #optionsWITNESS_SKIPSPIN # To make an SMP kernel, the next two are needed #optionsSMP #optionsAPIC_IO device isa device eisa device pci # Floppy drives device fdc # ATA and ATAPI devices device ata device atadisk device atapicd device atapifd device atapist options ATA_STATIC_ID # SCSI Controllers #device ahb #device ahc #device ahd #device amd #device isp #device mpt #device ncr #device sym #device trm #device adv #device adw #device aha #device aic #device bt #device ncv #device nsp #device stg # RAID controllers interfaced to the SCSI subsystem #device asr #device ciss #device dpt #device iir #device mly # SCSI peripherals device scbus #device ch #device da #device sa #device cd device pass #device ses # RAID controllers #device aac #device aacp #device amr #device ida #device mlx #device pst #device twe # atkbdc0 controls both the keyboard and PS/2 mouse device atkbdc device atkbd device psm device vga options VESA options SC_PIXEL_MODE #device splash #Sound device pcm device sc # Enable this for the pcvt (VT220 compatible) console # driver #device vt #optionsXSERVER
Re: freebsd mount nwfs
--- Malcolm Kay [EMAIL PROTECTED] wrote: On Tue, 9 Dec 2003 17:03, Cristian Salan wrote: On Mon, Dec 08, 2003 at 11:51:55AM +, Feroz F. Basir wrote: Hi, I read your email to freebsd mailing list. You be able to mount nwfs under freebsd. I'm trying to mount nwfs as well but failed for some reason. I compiled in IPX, NCP and NWFS in kernel. I put these two line below in rc.conf file: ipxrouted_enable=YES ifconfig_fxp0_ipx=ipx 0x00010010 This is base on freebsd example. When I ran ncplist s I got nothing at all. What am I missing here? Can you ched some light, please? How do I go about setting this ipx thingy under fxp0 interface? I have not been able to find the original posting; perhaps to a different mail list. I am mounting nwfs on freebsd versions 4.5 to 4.8. The details of how to do this a not easy to find -- even when I've done it before. I think I originally only found the way through a query to this mailing list. At least for FBSD 4.x it is necessary to generate additional pseudo interfaces derived from the fxp0 (or whatever your base interface is) interface each dedicated to a particular IPX variant. This is done with the pseudo-device ef in the kernel configuration or you should be able to use the loadable module if_ef.ko. Take a look at the man page ef(4). Now configure with # ifconfig fxp0f2 ipx 0x00010010 or whatever the appropriate variant is in your case or if you are not sure you should be able to fire up all 4 variants I have actually included this in the kernel configuration with: options IPX #IPX/SPX communications protocols options NCP #NetWare Core protocol pseudo-device ef # Multiple ethernet frames support options ETHER_II# enable Ethernet_II frame options ETHER_8023 # enable Ethernet_802.3 (Novell) frame options ETHER_8022 # enable Ethernet_802.2 frame options ETHER_SNAP and then in rc.conf you could use : ifconfig_fxp0f2_ipx=ipx 0x00010010 Malcolm Kay What I did on a 4.9 box (also works on 5.1) in /boot/loader.conf- if_ef_load=YES #Loads pseudo-device ef (man(4) ef) nwfs_load=YES #Loads nwfs module ncp_load=YES #Loads NCP module in kernel conf- options IPX in /etc/rc.conf- ifconfig_rl0f1_ipx=ipx 0x71ad01b #See Note below ipxrouted_enable=YES #Note #my setup is using rl device #pseudo interface used (the rl0f1) #is determined by frame type used #on Novell server. see man(4) ef __ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFW and Dynamic Rules
--- Adam Seniuk [EMAIL PROTECTED] wrote: I keep getting /kernel: Too many dynamic rules, sorry im my log file several times and i am not sure whats going on I have read some articles but they are all in 2000 and for FreeBSD 4.0. If someone could give me a clue into what this is and how I can fix it. That would be great! Thanks. Adam Seniuk [EMAIL PROTECTED] [snip] From the IPFW(8) net.inet.ip.fw.dyn_max: 8192 Maximum number of dynamic rules. When you hit this limit, no more dynamic rules can be installed until old ones expire. Default on my FBSD 4.9 box with (options IPFW2 in kernel config) is 4096. It may be helpful to tweak this setting or adjust the expire time.(net.inet.ip.fw.dyn_ack_lifetime). There are other sysctl knobs you can tweak. Check the man page. __ Do you Yahoo!? Yahoo! Hotjobs: Enter the Signing Bonus Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: IPFW 'keep state' 'limit'
--- fbsd_user [EMAIL PROTECTED] wrote: The FBSD 5.2 man IPFW does not say anything different that the 4.9 man IPFW. Are you saying the man doc in 5.2 is wrong? 5.2 is using the ipfw2 code for IPFIREWALL I believe. Documenting the fact that 'limit' performs the same function as 'keep state' in additional to 'limit' stated purpose is very important information. Also that 'limit' and 'keep state' can not be coded together is another very important piece information that need to be documented in the man IPFW data. Should this be submitted as an problem report? Snippits from IPFW(8) on FBSD 5.2 ---[begin snip]--- STATEFUL FIREWALL Stateful operation is a way for the firewall to dynamically create rules for specific flows when packets that match a given pattern are detected. Support for stateful operation comes through the check-state, keep-state and limit options of rules. [snip]- Dynamic rules will be checked at the first check-state, keep-state or limit occurrence, and the action performed upon a match will be the same as in the parent rule. ---[end snip--- There is also an occurence farther down under the EXAMPLES area in the DYNAMIC RULES area which doesn't mention the limit option. ---[begin snip}--- Dynamic rules are checked when encountering the first check-state or keep-state rule. ---[end snip] Granted it doesn't say anything about them not working if used together but, since it does say that they both create dynamic rules, it looks to be intuitively implied that they wouldn't be used together. __ Do you Yahoo!? Yahoo! Hotjobs: Enter the Signing Bonus Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bridge - bridge box disappears from the network (even though it h as an ip assigned to one of the interfaces)
--- Fredrick Nilsson [EMAIL PROTECTED] wrote: Hello! I've spent almost the entire evening trying to track this down. But it seems that I'm totally stucked. Hopefully, someone out there has a solution :) Anyway, here's the problem: I'm using bridge, but I'm not able to contact the bridge box over the network. This only applies to the boxes that are using the bridge. If a box outside the bridged enviroment, tries to contact the bridge box, there's no problem what so ever. The interface that is assigned an ip, is the external interface (the one connected to my vdsl-modem), and it gets it's ip from a DHCP server. This is my relevant (at least, I hope so ;) configurations: Kernel-config options BRIDGE options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_DEFAULT_TO_ACCEPT /etc/sysctl.conf net.link.ether.bridge_cfg=fxp0,rl0 #net.link.ether.bridge_ipfw=1 (yes, for now i commented ipfw filtering, just to make sure that some misconfiguration, was the cause of my problem) net.link.ether.bridge=1 /etc/rc.conf ifconfig_fxp0=DHCP ... firewall_enable=YES firewall_type=open firewall_quiet=YES firewall_logging=YES Br .fredrick Do the boxes on the inside of bridge have ip addresses on the same subnet as the dhcp assigned ip on bridge box? If you are trying to use different address ranges than you are having a routing problem. __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Backup Server
man mysqldump and check out the man page for rsync at http://www.freebsd.org/cgi/man.cgi?query=rsyncapropos=0sektion=0manpath=FreeBSD+5.1-RELEASE+and+Portsformat=html you can dump the databases and use rsync on the single machine(client) to copy or pull the files/directories of your choosing from the servers to the client. Please look at the man page and look at the scripts for rsync that were given in this thread. It is quite easy to setup. After looking back at one of your other replies, You don't need to have rsync running as a daemon on any of the machines. You just need to have rsync installed on all. Rsync will basically tunnel through ssh (or rsh if you want) to do the transfers(or synchronizations). --- Matthew Juszczak [EMAIL PROTECTED] wrote: I'm not worried about down time. I'm strictly worrying about backing up: /home and /usr/local/mysql/var On server 1 and /home and /var/mail On Server 2. Thats it. Any ideas? Thanks! -Matt On Mon, 2003-12-29 at 22:48, anubis wrote: On Sat, 27 Dec 2003 03:30 am, samy lancher wrote: Hello all, I have a 4.5 FreeBSD server. It is our Email, web and database server. I would like to setup a backup server so that when the main server goes down the backup server takes over its job. Could some one please tell me the best way to setup a backup server and also suggest some good documentation. Thanks in advance, Naveen. - Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I have had a bit of a look into this myself and this is my take on it. I would like to hear of other people experiences too. There are a number of things that you have to decide on first before you go any further. These are: budget how critical the system is to downtime how much data you are willing to lose how long are you willing to wait for the second system to kick in. These will determine how you are going to build your system. You will have to keep the answers in mind when you are looking at any solution. What you seem to be looking for is a failover system. There is a fair bit written about failover systems. Googling will find you lots. Make sure that you look up linux high availability and failover as well to get a broader view. I have added some links below. There is really 2 things that you are trying to do here. Provide redundancy for the services and redundancy for the data. The services are a bit easier and cheaper than the data. The big problem is the data, especially databases. Due to their nature they cant easily be copied while live. A solution to this is a SAN. With lots of money it is easier as you can buy yourself a SAN and hook the two machines to it and host the data on the SAN. With some clever scripts from those HA sites when one machine goes down the other can take over and use the same data. There are other solutions using a fancy Y shaped SCSI cable to a external drive array. Others my be able to help here as I dont know about them. The other alternative is 2 identical machines. When you have 2 machines with the master storing data on its local drives it gets tricker. This is where you have to decide on how much data you are willing to lose. As an example we have a bsd box that rsyncs our windows fileserver ever hour. Should windas go down we run a script on the workstations remapping our drives to the bsd box. In this case we are prepared to lose up to an hours work. We are also prepared to lose say 15-30 minutes of time mucking around. In your situation perhaps what you could do is upgrade to 5.1 and rsync snapshots of your data to the secondary machine. You could use the failover setup as described on HA sites to fire up the services on the secondary machine and take over. This should work as snapshots are supposed to capture an instant in time but I couldnt guarantee it until I tested it. You would still be losing data as you could only snapshot data and transfer it in discrete intervals. A handy thing that linux has that I dont think that freebsd has is drbd. This is a block device that can mirror data across a network. If freebsd had this it would be easy to make the second machine a true mirror of the first. I wonder if they are looking at a thing similar to this in the future. Look here for some intersting reading http://linux-ha.org/ http://www.drbd.org/ http://sporner.dnsalias.org/ http://failover.othello.ch/getting_started.html ___
RE: bridge - bridge box disappears from the network (even though it h as an ip assigned to one of the interfaces)
--- Fredrick Nilsson [EMAIL PROTECTED] wrote: It's all on the same subnet. Could it be that my switch is conflicting somehow? This is my setup: Internet---Bridge---Switch---all other boxes Basically the same setup I use..It could be the switch. Do the other machines on the same switch have problems communicating with each other? If not, plug the cable from the bridge into a known good port and give it a try. Also, check your log files for any messages that may tip you off. __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Backup Server
--- Charles Swiger [EMAIL PROTECTED] wrote: On Dec 29, 2003, at 3:21 PM, Matthew Juszczak wrote: With rsync, it appears that my machine would need to run the server software, and the two servers would run clients. That just wouldn't work. While one can run rsync as a daemon (which might not be suitable for your purposes given what you've said), it's also possible to invoke rsync via SSH from either the client or the server... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Backup Server
--- Charles Swiger [EMAIL PROTECTED] wrote: On Dec 29, 2003, at 3:21 PM, Matthew Juszczak wrote: With rsync, it appears that my machine would need to run the server software, and the two servers would run clients. That just wouldn't work. While one can run rsync as a daemon (which might not be suitable for your purposes given what you've said), it's also possible to invoke rsync via SSH from either the client or the server... -- -Chuck install rsync from the ports on all machines and on the clients do a /usr/local/bin/rsync -azRv --delete /etc backup_server:/backup/ (modify command to your needs..see man rsync) in a cron job or from command line. This command will use rsync-over-ssh from the client to the backup_server. It will ask for a password unless you set up keys for auto-login with ssh. __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: shutdown and reboot
--- pics [EMAIL PROTECTED] wrote: Hi, I've had experience with RH Linux but am not very familiar with FreeBsd. For some reason, I cannot get the machine to reboot or to shutdown. I looked at the man pages for the shutdown command, and, for rebooting, typed #shutdown -r now. but I still have the same problem as I did with the reboot command: ... Saving firewall state tables:. Dec 23 17:08:40 syslogd: exiting on signal 15 Waiting (max 60 seconds) for system process 'vnlru' to stop...stopped and that's where it just freezes!!! Also, for shutdown, after printing some stuff on the screen, it asks me for a shell then gives me the shell's prompt like nothing happened. This is shutting down to single user mode. Not halting or rebooting the machine. I'm no sys admin so some help is appreciated. Thanks. __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
grep, netstat, and bridging
I this a feature, bug, or just some logical thing that grep does( or perhaps netstat)? Scenario: IP addresses comp1=xx.xx.xx.1 comp2=xx.xx.xx.6 comp3=xx.xx.xx.12 comp1 and comp3 run FBSD 4.9 stable comp2 runs FBSD 5.1-RELEASE comp1 is a bridging firewall using ipfw A: comp2# netstat -n |grep xx.xx.xx.1 tcp4 0 0 xx.xx.xx.6.54953 xx.xx.xx.12.3551 TIME_WAIT tcp4 0 0 xx.xx.xx.6.54952 xx.xx.xx.12.3551 TIME_WAIT tcp4 0 0 xx.xx.xx.6.22xx.xx.xx.1.1233 ESTABLISHED B: comp2# netstat -n |grep xx.xx.xx.1. tcp4 0 0 xx.xx.xx.6.54954 xx.xx.xx.12.3551 TIME_WAIT tcp4 0 0 xx.xx.xx.6.54953 xx.xx.xx.12.3551 TIME_WAIT tcp4 0 0 xx.xx.xx.6.22xx.xx.xx.1.1233 ESTABLISHED C: comp2# netstat -n |grep xx.xx.xx.12 tcp4 0 0 xx.xx.xx.6.54957 xx.xx.xx.12.3551 TIME_WAIT tcp4 0 0 xx.xx.xx.6.54956 xx.xx.xx.12.3551 TIME_WAIT Actually..I see the same output on a cygwin machine behind the comp1 firewall. So, does this have something to do with the bridging as I do not see the same behavior on another FBSD machine that is on a different network? __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: see release version in /usr/src
--- Kevin D. Kinsey, DaleCo, S.P. [EMAIL PROTECTED] wrote: Nelis Lamprecht wrote: On Thu, 2003-12-18 at 16:16, Lev Klimin wrote: Hi! How can I see, what is release version in my /usr/src? try: grep BASE /usr/src/release/Makefile Not sure if that works for 5.x though.. Doesn't seem to, but it might just be PBKAC on my end. NP with 4.9 though... #grep FreeBSD /usr/src/UPDATING gives a little bit of a clue on either, but probably isn't exactly 'authoritative' Kevin Kinsey see /usr/src/sys/conf/newvers.sh __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (UPDATE) apcupsd 3.10.8 master/slave setup(whoops 3.10.6)
For the record. The quick fix for Apcupsd 3.10.6 hangup problems was to delete the apcaccess status parts out of the scripts in /usr/local/etc/apcupsd/. (commok, onbattery, etc...). Event messages still get walled and mail still gets sent. Just non of the UPS status information in messages. The status info can still be gotten by doing a apcaccess status on the command line (which used to not work, either). What was happening was that when the power to the UPS was pulled...the master server's apcupsd got stuck in the script(or something associate with the status part of the script) which stalled apcupsd. No slaves could contact the master and, when power was restored, apcupsd wouldn't respond to the event. I believe this also happened when in standalone mode, come to think of it. Anyway, thanks to Lewis Watson in the apcupsd-user list. __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
apcupsd 3.10.8 master/slave setup
Anyone have a master/slave or an NIS setup working correctly that can share some insight? If power is pulled from UPS, the master sends the warning to its console but... -the slaves lose their connection to the master -an apcaccess status on the master after plug is pulled will hang. -when ups is plugged back in to power outlet there is no status change sent. - here is the apcupsd stuff from 'ps -aux' -- root 31938 0.0 0.3 3864 1536 ?? Is4:49PM 0:00.27 /usr/local/sbin/apcupsd --kill-on-powerfail root 32071 0.0 0.1 632 264 ?? I 5:03PM 0:00.00 /bin/sh /usr/local/etc/apcupsd/apccontrol onbattery RACK_UPS 1 0 root 32072 0.0 0.1 632 264 ?? I 5:03PM 0:00.00 /bin/sh /usr/local/etc/apcupsd/onbattery RACK_UPS 1 0 root 32074 0.0 0.1 632 264 ?? I 5:03PM 0:00.00 /bin/sh /usr/local/etc/apcupsd/onbattery RACK_UPS 1 0 root 32075 0.0 0.1 992 564 ?? I 5:03PM 0:00.01 /usr/bin/mail -s master.mydomain.net Power Failure !!! root root 32076 0.0 0.3 3312 1352 ?? I 5:03PM 0:00.01 /usr/local/sbin/apcaccess status -- master config is stock slave config is stock with below changed UPSCABLE ether UPSTYPE net DEVICE master.mydomain.net:3551 The above configs are recommended from http://www.apcupsd.com/3.10.x-manual/ch04s06.html __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How do I have sendmail forward emails from root...
--- Michael E. Mercer [EMAIL PROTECTED] wrote: Hello peoples, I've tried quite a few things and just can't seem to get sendmail to forward emails generated by root processes to go to [EMAIL PROTECTED]. I am running 4.9-Stable. How am I supposed to configure this? I have added a line to /etc/mail/aliases root: [EMAIL PROTECTED] Also added to my domain specific .mc configuration file these lines: MASQUERADE_AS(`nc.rr.com')dnl MASQUERADE_DOMAIN(`mmercer.com') FEATURE(allmasquerade)dnl FEATURE(masquerade_envelope)dnl FEATURE(masquerade_entire_domain)dnl FEATURE(nocanonify)dnl define(`SMART_HOST', `smtp-server.nc.rr.com') Thanks in advance! Michael Did you run newaliases? __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: apcupsd 3.10.8 master/slave setup
My bad Subject should be apcupsd 3.10.6 master/slave setup (from ports) --- Dave McCammon [EMAIL PROTECTED] wrote: Anyone have a master/slave or an NIS setup working correctly that can share some insight? If power is pulled from UPS, the master sends the warning to its console but... -the slaves lose their connection to the master -an apcaccess status on the master after plug is pulled will hang. -when ups is plugged back in to power outlet there is no status change sent. - here is the apcupsd stuff from 'ps -aux' -- root 31938 0.0 0.3 3864 1536 ?? Is4:49PM 0:00.27 /usr/local/sbin/apcupsd --kill-on-powerfail root 32071 0.0 0.1 632 264 ?? I 5:03PM 0:00.00 /bin/sh /usr/local/etc/apcupsd/apccontrol onbattery RACK_UPS 1 0 root 32072 0.0 0.1 632 264 ?? I 5:03PM 0:00.00 /bin/sh /usr/local/etc/apcupsd/onbattery RACK_UPS 1 0 root 32074 0.0 0.1 632 264 ?? I 5:03PM 0:00.00 /bin/sh /usr/local/etc/apcupsd/onbattery RACK_UPS 1 0 root 32075 0.0 0.1 992 564 ?? I 5:03PM 0:00.01 /usr/bin/mail -s master.mydomain.net Power Failure !!! root root 32076 0.0 0.3 3312 1352 ?? I 5:03PM 0:00.01 /usr/local/sbin/apcaccess status -- master config is stock slave config is stock with below changed UPSCABLE ether UPSTYPE net DEVICE master.mydomain.net:3551 The above configs are recommended from http://www.apcupsd.com/3.10.x-manual/ch04s06.html __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: apcupsd 3.10.8 master/slave setup(whoops 3.10.6)
Did forget to mention that I made the port with --enable-net --- Dave McCammon [EMAIL PROTECTED] wrote: Anyone have a master/slave or an NIS setup working correctly that can share some insight? If power is pulled from UPS, the master sends the warning to its console but... -the slaves lose their connection to the master -an apcaccess status on the master after plug is pulled will hang. -when ups is plugged back in to power outlet there is no status change sent. - here is the apcupsd stuff from 'ps -aux' -- root 31938 0.0 0.3 3864 1536 ?? Is4:49PM 0:00.27 /usr/local/sbin/apcupsd --kill-on-powerfail root 32071 0.0 0.1 632 264 ?? I 5:03PM 0:00.00 /bin/sh /usr/local/etc/apcupsd/apccontrol onbattery RACK_UPS 1 0 root 32072 0.0 0.1 632 264 ?? I 5:03PM 0:00.00 /bin/sh /usr/local/etc/apcupsd/onbattery RACK_UPS 1 0 root 32074 0.0 0.1 632 264 ?? I 5:03PM 0:00.00 /bin/sh /usr/local/etc/apcupsd/onbattery RACK_UPS 1 0 root 32075 0.0 0.1 992 564 ?? I 5:03PM 0:00.01 /usr/bin/mail -s master.mydomain.net Power Failure !!! root root 32076 0.0 0.3 3312 1352 ?? I 5:03PM 0:00.01 /usr/local/sbin/apcaccess status -- master config is stock slave config is stock with below changed UPSCABLE ether UPSTYPE net DEVICE master.mydomain.net:3551 The above configs are recommended from http://www.apcupsd.com/3.10.x-manual/ch04s06.html __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: CPU type
--- flux [EMAIL PROTECTED] wrote: How do I know what type of CPU (Model, Mhz, etc...) do I have without rebooting my FreeBSD box? Is there any command to show this kind of information? Thank you. -- Best regards, flux mailto:[EMAIL PROTECTED] #more /var/run/dmesg.boot __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Serial Ports are there, but not in /dev
--- Dr. Lyman Hazelton [EMAIL PROTECTED] wrote: I have a pair of standard serial ports which show up in dmesg thus: sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 sio0: type 16550A sio1 at port 0x2f8-0x2ff irq 3 flags 0x10 on isa0 sio1: type 16550A However, they don't show up as devices in /dev. Anyone have some idea why the system might not like them, and how I can get them to show up as devices? I have a serial PalmPilot (actually, a Kyocera phone) I'd like to be able to use with KPilot. Are you looking for /dev/sio0 and /dev/sio1 or /dev/cuaa0 and /dev/cuaa1? __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: UPS
--- dave [EMAIL PROTECTED] wrote: Hello, I've got a 5.1 box and a few other systems, one that comes to mind and a cable modem, possibly other stuff will be added in the future, that i'd like to put a UPS on. I'm looking for information and user experiences with UPS's under fbsd. I'd like something that i can query via fbsd or with a web interface to determine it's status and automatic powerdown when the power gets low on the UPS. Any info appreciated. Thanks. Dave. ___ [EMAIL PROTECTED] mailing list check out apcupsd in the ports. also check out recent apcupsd thread in archives. __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: apcupsd
--- HOLLOW, CHRISTOPHER [EMAIL PROTECTED] wrote: Hi... I have the same UPS and cable running with apcupsd on FreeBSD 4.8. I have nothing but good things to say about the UPS and apcupsd. Detects and reports power failures and power restores. Properly halts the system upon reaching remaining-charge-percentage or time-until-failure thresholds. I have messages logging to stdout and to apcupsd.log via syslog. apcupsd does not send out email notification (AFAIK) but I have swatch configured to email me any apcupsd syslog messages. I receive bi-weekly self-test messages. It has been working flawlessly for about 18 months. Chris Barry Skidmore wrote: OS: 5.1-RELEASE UPS: Back-UPS 650, serial interface Cable: 940-0020B With the above setup apcupsd detects a power failure, but not a return of power, and thus does not send a notification email. Also, apcupsd does not halt the system. I noticed in the docs that for this to work on FreeBSD you need a Smart UPS, and use the --kill-on-powerfail option at the command line. Since I do not have a Smart UPS, I have not tried this option. My question is what model number of APC UPS is working well for you with apcupsd 3.10.6 My current setup did work fine with Red Hat 9.0 and upcupsd 3.8.0, so I do not think this is an issue with the cable. Thanks, Barry On Mon, 2003-12-08 at 01:22, Robert Huff wrote: Hello: Are there any users of apcupsd on the list? If so, please respond to me privately. I have a question about recommended UPS's that work well with FreeBSD. There are. :-) QHat's the question? Robert Huff [snip] I've got 4 FBSD 4.9 servers, 1 Win2k server, 1 FBSD 5.1 server running on a apc Smart-UPS 1400XL w/extra battery(all rack mount) with APCUPSD 3.8.6. One of the FBSD 4.9 servers is the master. I've got two W2k servers running on a Smart-UPS 1000XL w/extra batter. Both running APCUPSD 3.8.6. One master, the other slave. And there is another FBSD 4.9 server running on a Smart-UPS 620 running APCUPSD 3.8.6 as a standalone. The FBSD master on 1400xl collects info from the standalone and W2K master for the web based network monitor. All host send email to root when there is an event(except tests). The mail is sent by the scripts(changeme, commfailure, commok, mainsback, and onbattery) called from apccontrol in the /usr/local/etc/apcupsd directory. 3.8.6 works like a charm, except for the zombie process that happens on the FBSD master and standalone which doesn't seemed to cause any problems. Dave __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Multiple RealTect adaptors
--- Peter Rosa [EMAIL PROTECTED] wrote: Hello again, of course, everything was there: dmesg - YES ifconfig - YES rc.conf - YES But, whenever the machine boots, ifconfig returns: rl0: flags 8843 snip mtu 1500 inet 192.168.1.11 netmask snip ether snip media snip status: active rl1: flags 8843 snip mtu 1500 ether snip media snip status: no carrier Both have the same flags. Second has no IP/MSK/BCAST. ifconfig rl1 192.168.1.12 netmask 255.255.255.0 always returns config: ioctl (SIOCIFADDR): File exists What could be wrong ? It is the same when I xchange both cards/use another PCI slots. Peter I believe it has something to do with the netmask and the interface rl1 being on the same subnet. It should work by giving the interface a subnet of 255.255.255.255. __ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
p5-DBD-ODBC build error
FreeBSD 4.8-STABLE #0: Thu Aug 14 15:55:21 EST 2003 on i386 arch. When try to make install in /usr/ports/p5-DBD-ODBC In file included from dbdodbc.h:7, from ODBC.h:9, from ODBC.xs:1: /usr/local/include/sqlucode.h:45: syntax error before `SQLLEN' /usr/local/include/sqlucode.h:49: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:60: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:73: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:81: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:93: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:117: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:140: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:152: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:163: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:174: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:205: syntax error before `SQLULEN' /usr/local/include/sqlucode.h:211: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:222: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:233: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:247: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:260: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:270: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:278: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:302: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:318: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:327: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:336: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:347: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:357: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:367: syntax error before `SQLWCHAR' /usr/local/include/sqlucode.h:555: syntax error before `SQLULEN' /usr/local/include/sqlucode.h:560: syntax error before `SQLULEN' *** Error code 1 Stop in /usr/ports/databases/p5-DBD-ODBC/work/DBD-ODBC-1.06. *** Error code 1 Any help is appreciated. __ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RealTek Nic Chip
--- Tony A, Fields [EMAIL PROTECTED] wrote: Greg, Sorry for the mangling?? Sorry that you don't seem to understand my problem or I just am not making myself clear? Please let me restate. I have two network interface cards. One is being recognized but the other is not. The one that is recognized is the D-Link DFE-530TX. After running the pciconfi -vl there are two network interfaces listed [EMAIL PROTECTED]:4:0 nVidia Corp nForce MCP2 Networking adapter [snip] I don't think there are drivers in FreeBSD for this card yet. I think the following link may clarify. http://lists.freebsd.org/pipermail/freebsd-hackers/2003-July/002228.html __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
httpd -l and suexec error
Any pointers FBSD 5.1 Release Apache 1.3.28 type following command to view compiled modules #httpd -l and get- Compiled-in modules: http_core.c mod_so.c suexec: disabled; invalid wrapper /usr/local/sbin/suexec This is from a straight install of apache. Shouldn't I be getting more info for installed modules? __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: crontab same time execution order
--- Chuck Swiger [EMAIL PROTECTED] wrote: Dave McCammon wrote: If two entries in the crontab are for the same time, which entry gets ran first? It's not deterministic, or if it happens to be so under FreeBSD, it's not on other platforms and you should not rely on a particular order. If you've got commands which depend on each other in cron, do something like: command1 ; command2 ; command3 ...or... command1 command2 command3 Thanks for the reply. Basically, what I am looking for is to get a command to run right before newsyslog rotates a log file(awstats and apache log file. After I sent the message, I started playing with /etc/crontab and noticed that the lower on the list the sooner the command would run (per /var/log/cron) in comparison with a command set to run at the same time. What I did was put an 'echo' command above the newsyslog entry, restarted cron,waited for top of hour, checked log, moved command below the newsyslog entry, restarted cron, waited for top of hour and checked log file. The command ran before cron when listed lower and then ran after when command was listed above the newsyslog entry. I also noticed that when the 'atrun' command runs at the top of the hour, it will run after the newsyslog entry and newsyslog is listed lower in the /etc/crontab file. Perhaps this predictable behavior is in FreeBSD only. (I don't have access to other platforms). Or perhaps my simple test was too simple. It just seemed to be too predictable to not at least try to get some feed back. __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
crontab same time execution order
If two entries in the crontab are for the same time, which entry gets ran first? __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
find -exec question
Here is the setup:
foo is some directory on the system.
jack is a user and I am using the ACL's in 5.1 to
allow Jack rw access to all files and directories
nested within the directory foo.
What is the difference in the find command between:
find foo -exec setfacl -m u:jack:rw {} \;
-and-
find foo -exec setfacl -m u:jack:rw {} +
or is there any difference?
__
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Hell of a time, Cont'd
--- John McClure [EMAIL PROTECTED] wrote: Firstly, thanks for the help so far. My disk is an IBM 27G. The Disklabel config looks like this: Part Mount Size Newfs Part - - ad0s1a /1024MB UFS1Y ad0s1b swap 1024MB SWAP ad0s1d /var 256MB UFS1+S Y ad0s1e /tmp 256MB UFS1+S Y ad0s1f /usr23545MB UFS1+S Y Also, for the f partition I make sure that: newfs -f 2048 -b 16384 As far as my installation specs go, I choose All to install everything, including source, which I want, and I choose the ports collection as well because it feels me with a sense of divine power, and I also actually use it. As you can see, my /usr mount should have plenty o' space. When I specify mount points manually I enter / or /usr, not mnt/usr. However, I've only, on most tries, been specifying the root partition and swap, so I can control those sizes, and letting the Auto config take over after that. Finally, when I create the initial slice, I allocate the whole space for freebsd, which I want, and I press S in order to ensure that it is bootable. Thanks again. Any advice is hugely appreciated. Are you getting the error message when the files start to copy? Where are you installing from? CD/DVD? FTP? I had install problems using a realtek/8139 based NIC using ftp as install source. Either swap cards or use the URL option (specified ip address to ftp.freebsd.org) was the recommeded fix. Had something to do with rl driver, the name lookup and the memory disk (/mnt) used in install... don't remember exactly. I had this with 4.7 floppies and 5.0 install floppies. __ Do you Yahoo!? Yahoo! Tax Center - File online, calculators, forms, and more http://platinum.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: transparent ipfw
--- Dave [Hawk-Systems] [EMAIL PROTECTED] wrote: Been browsing for a bit (knowing I will get some rtfm responses from this) but havnt come across a solid answer for this. Most solutions involve NAT or some other non-routable ip block type of solution. Have the following (192.168.100.0/24 used in place of routable addresses) - Internet connection coming into port 1 of Cisco switch(switch address 192.168.100.1). - Other FreeBSD servers(192.168.100.2 - 192.168.100.252) connected to various ports on the switch using the switch as the gateway device. - Other networks(192.168.101.0/24 etc...) connected to the switch which is bridging them over to the internet connection out of port 1. Wish to place a FreeBSD server in front of the switch to count traffic to and from various IP addresses for the entire network. NIC1 on the FreeBSD box would go to the Internet Connection NIC2 on the FreeBSD box would go to the switch. All addresses used are routable(3 /24 blocks will be coming down to NIC1), and all addresses/packets should be passed through without any NAT or other readdressing taking place. Aside from telnetting into the box itself, it doesn't need any IP addresses except for whatever is needed for the above setup. Comments appreciated, this would be my first implementation of ipfw / fw rules in general using a FreeBSD box. Dave http://www.freebsd.org/doc/en_US.ISO8859-1/articles/filtering-bridges/index.html __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: firewall revisited
--- Giorgos Keramidas [EMAIL PROTECTED]
wrote:
On 2003-03-05 09:32, Brian Henning
[EMAIL PROTECTED] wrote:
Hello-
currently my rc.conf is set up like this for my
gateway router.
gateway_enable=YES
firewall_enable=YES
firewall_type=OPEN
natd_enable=YES
natd_interface=rl1 # natd -interface rl1,
public interface
natd_flags=# sysctl
net.inet.ip.forwarding=1
how can i have the script /etc/ipfw.rules run
instead of
/etc/rc.firewall. can i change
firewall_type=OPEN to firewall_type= and
create the entry
firewall_script=/etc/ipfw.rules?
Why are you confused?
That depends on what you're trying to do and what
the contents of
/etc/ipfw.rules are. There are currently the
following ways to set up
a completely custom set of firewall rules:
1. Rewrite /etc/rc.firewall
This can easily be done, if you replace
/etc/rc.firewall with your
custom script. This isn't recommended though
since you'd have to
carefully track all changes to the official
version of the
rc.firewall script and merge any interesting
stuff back to your
version of the script.
2. Add a new firewall type to rc.firewall
Copying one of the existing firewall types you
cann easily add a
new one, and make sure that it loads all (and
only) the ipfw(8)
rules that you want. This can be difficult to
keep up to date
after changes to the rc.firewall script, but not
as difficult to
keep up to date as option #1.
3. Write your own version of a firewall script
Copy `rc.firewall' to a new script (i.e.,
`rc.firewall.local') and
make your changes to the new script. Then set
firewall_script to
point to the new script in `/etc/rc.conf'. For
example:
% cat /etc/rc.firewall.local
fwcmd=/sbin/ipfw
${fwcmd} -q flush
${fwcmd} add 1 pass ip from any to any
% grep firewall_script /etc/rc.conf
firewall_script=/etc/rc.firewall.local
This is a fairly nic way of doing things, but it
doesn't work
correctly if you want to tweak the way ipfw(8) is
called by
settings things like firewall_quiet=YES in your
`rc.conf' file.
Mostly because the logic for all those
firewall_xxx options is
implemented as part of the existing `rc.firewall'
script.
4. Create a ruleset file, and point rc.firewall to
it
You can always write your own set of firewall
rules, without a
${fwcmd} prefix, and save it to a file, i.e.
`/etc/ipfw.rules'.
This is a plain text file that contains *only*
firewall rules.
No shell commands. You can use `#' for comments
(as shown in the
sample file below):
% cat /etc/ipfw.rules
flush
add allow ip from any to any
Then you just need to make sure that your
`rc.conf' contains the
following two lines:
firewall_enable=YES
firewall_type=/etc/ipfw.rules
The firewall_type value is the *FULL* path to the
ruleset file. It
is important to include the leading `/'
character. This way,
ipfw(8) will know that this is the path of a rule
file and not the
name of a command (like `add' in `ipfw add ...').
This is the way I usually prefer setting ipfw(8)
up. For various
reasons. One of them is that my firewall rules
are not lost in
between the lines of some shell script that I
don't remember I have
edited. Another reason is that having made no
changes to the
original `rc.firewall' script, there is no need
to take care for
merging changes later with mergemaster(8).
Phew. This was long.
GREAT Explanation. The difference in using
firewall_script and firewall_type ought to be outlined
in the Handbook.
__
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
Re: named messages in /var/log/messages
--- Marc Schneiders [EMAIL PROTECTED] wrote: On Tue, 14 Jan 2003, at 18:10 [=GMT-0600], Dan Nelson wrote: In the last episode (Jan 14), Stacey Roberts said: named[143]: denied update from [host_IP].1268 for 1.168.192.in-addr.arpa IN Is that host running Windows 2000 or XP? Does it also have Register this connection's addresses in DNS checked in (deep Yes, its a Win2K Pro machine. You'll get the messages on whatever machine is the primary DNS for your domain. The checkbox tells W2K to directly update the DNS record for its IP (usually handed to it by the DHCP server). I prefer the Netware way, where the DHCP server notifies the DNS server itself, instead of hoping the client does it right. You can safely ignore the message if you want. I've been seeing these message for the last year or so. You can get rid of these messages as previously suggested by going to the W2K machine and adjusting the DNS properties(the best way). Or you can try the suggestion at this link. http://www.acmebw.com/askmrdns/archive.php?category=90question=619 __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Need help with newbie training on DNS/Bind
--- Didier Wiroth [EMAIL PROTECTED] wrote: Hey, I would really recommand: DNS and BIND - 4th Edition (Covers Bind 9) ISBN 0-596-00158-4 Covers bind and name resolution in every possbile aspect! A really must have book! These own seems to be good (I personnaly don't have it, but it sounds interesting) and also good addition to the previous mentionned book: DNS and BIND Cookbook http://www.amazon.com/exec/obidos/tg/detail/-/0596004109/qid=1039168701/ sr=1-2/ref=sr_1_2/103-3722991-0502249?v=glances=books#product-details Hope this helps Didier [a lotta snippin'] DNS and BIND highly recommended and don't forget http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/dns.html Could be quite useful since the newbie would be working on a FreeBSD server.(Assumed since you mailed to this list). __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
jumpy optic mouse
__ Do you Yahoo!? Yahoo! Mail Plus Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
jumpy optic mouse
Anyone got a fix for a jumpy optic mouse in X It is a PS/2 Labtec Optical Mouse. Works fine in Win2k. Generic PS/2 worked fine before I switched. probed at boot as: psm0: PS/2 Mouse irq 12 on atkbdc0 psm0: model 4D+ Mouse, device ID 8 Freebsd 5.0-current Nov 19. Latest Xfree4 from ports (in Xfree config under Mouse0) Option Protocol Auto Option Device /dev/psm0 have tried sysmouse as protocol--didnt' work have tried PS/2 as protocol--didn't work. have tried /dev/sysmouse as device--didn't work have tried above both (sysmouse, /dev/sysmouse)together--didn't work have tried above with moused_enable=YES in rc.conf which didn't work Thanks. __ Do you Yahoo!? Yahoo! Mail Plus Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: jumpy optic mouse
--- Kliment Andreev [EMAIL PROTECTED] wrote: Works fine in Win2k. Generic PS/2 worked fine before I switched. Option Protocol Auto Option Device /dev/psm0 There are two XFree86Config files. Maybe you are modifying the wrong one. Just a guess... With one modification to /etc/X11/XF86Config I had created a bigger problem(X died completely) so I presumed that was the place. Where is the other file? __ Do you Yahoo!? Yahoo! Mail Plus Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: jumpy optic mouse
In the /usr/X11R6/lib/X11/ directory, I only have example config files. One is XF86Config.98 and the other is XF86Config.eg. --- Kliment Andreev [EMAIL PROTECTED] wrote: With one modification to /etc/X11/XF86Config I had created a bigger problem(X died completely) so I presumed that was the place. Where is the other file? /usr/X11R6/lib/X11/XF86Config To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message __ Do you Yahoo!? Yahoo! Mail Plus Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: jumpy optic mouse
--- Kliment Andreev [EMAIL PROTECTED] wrote: In the /usr/X11R6/lib/X11/ directory, I only have example config files. One is XF86Config.98 and the other is XF86Config.eg. So you have one XF86Config file. Check this also, it might help. http://www.xfree86.org/4.0.1/XF86Config.5.html This worked but a little bit of a hassle. With X running-plugged in a working PS/2 scroll mouse- hit the CTL-ALT-BKSP to restart X. The mouse worked fine. Unplugged working PS/2 scroll mouse-plugged in PS/2 optic mouse-hit the CTL-ALT-BKSP and now optic mouse works fine. hm. Any suggestion why? __ Do you Yahoo!? Yahoo! Mail Plus Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: jumpy optic mouse
--- Gary W. Swearingen [EMAIL PROTECTED] wrote: Dave McCammon [EMAIL PROTECTED] writes: Anyone got a fix for a jumpy optic mouse in X It is a PS/2 Labtec Optical Mouse. How jumpy? Do you just need to play with the mouse settings of xset? Mouse will move normally, then, all of the sudden, jump to left of screen or bottom left of screen. Mouse setup is fairly well documented. I think most people configure moused to run the mouse and then tell X to use /dev/sysmouse instead of /dev/psm0. Maybe you've got the two mouse drivers both going after /dev/psm0 or something. Using moused and pointing X to sysmouse protocol and /dev/sysmouse didn't work at all. Mouse became extremely eratic. Regular PS/2 mouse worked fine with same setup as I have now. Optic PS/2 mouse has to be plugged in after X is started with the regular PS/2 mouse. __ Do you Yahoo!? Yahoo! Mail Plus Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
lukemftp in inetd.conf
What happened to the lukemftpd option in inetd.conf? (version below) $FreeBSD: src/etc/inetd.conf,v 1.44.2.16 2002/11/12 17:32:47 obrien Exp $ __ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Junior hacker assignment :o
--- Mike Hogsett [EMAIL PROTECTED] wrote:
Look in /usr/src/sys/kern/kern_shutdown.c
static void
shutdown_halt(void *junk, int howto) {
...
}
Looks interesting.
- Mike
Hi,
--- Mike Hogsett [EMAIL PROTECTED] wrote:
Well whatever function the kernel is in while it
loops, polling the
keyboard asking press any key to reboot could
have
additional logic for
a countdown timer to reboot.
Great!
How and where to do this? I don't know.
Not so great ;)
Thanks a lot,
Carlos.
Not a real programmer but
I wonder if adding the following (taken from
shutdown_reset lines in kern_shutdown.c)
DELAY(100);
cpu_reset();
to the following in the cpu_halt(); area would work.
You would have to modify the delay time.
/*
* If the shutdown was a clean halt, behave
accordingly.
*/
static void
shutdown_halt(void *junk, int howto)
{
if (howto RB_HALT) {
printf(\n);
printf(The operating system has halted.\n);
printf(Please press any key to reboot.\n\n);
switch (cngetc()) {
case -1: /* No console, just die */
cpu_halt();
/* NOTREACHED */
default:
howto = ~RB_HALT;
break;
}
}
}
__
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
Re: Junior hacker assignment :o
--- Dave McCammon [EMAIL PROTECTED] wrote:
--- Mike Hogsett [EMAIL PROTECTED] wrote:
Look in /usr/src/sys/kern/kern_shutdown.c
static void
shutdown_halt(void *junk, int howto) {
...
}
Looks interesting.
- Mike
Hi,
--- Mike Hogsett [EMAIL PROTECTED] wrote:
Well whatever function the kernel is in while
it
loops, polling the
keyboard asking press any key to reboot
could
have
additional logic for
a countdown timer to reboot.
Great!
How and where to do this? I don't know.
Not so great ;)
Thanks a lot,
Carlos.
Not a real programmer but
I wonder if adding the following (taken from
shutdown_reset lines in kern_shutdown.c)
DELAY(100);
cpu_reset();
to the following in the cpu_halt(); area would work.
You would have to modify the delay time.
/*
* If the shutdown was a clean halt, behave
accordingly.
*/
static void
shutdown_halt(void *junk, int howto)
{
if (howto RB_HALT) {
printf(\n);
printf(The operating system has halted.\n);
printf(Please press any key to reboot.\n\n);
switch (cngetc()) {
case -1: /* No console, just die */
cpu_halt();
/* NOTREACHED */
default:
howto = ~RB_HALT;
break;
}
}
}
DUH!! on my part. My previous response was a little
overboard.
Why not just increase the delay to close to your
ups battery's runtime.
(from kern_shutdown.c, starts on line 380)
/*
* Everything done, now reset
*/
static void
shutdown_reset(void *junk, int howto)
{
printf(Rebooting...\n);
DELAY(100); /* wait 1 sec for printf's to
complete and be read */
/* cpu_boot(howto); */ /* doesn't do anything
at the moment */
cpu_reset();
/* NOTREACHED */ /* assuming reset worked */
}
__
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
