configuring snmpd when setting up jailed environment

[Don Munyak]

I am trying to make snmpd listen on a specific address for the JAIL
HOST(aka physical server) and each jailed environment (aka JAIL).

The server is server configured using the ezjail framework.

As I read man (8) snmpd, I should be able to do this.

I am trying to make the JAIL HOST listen on udp:161 192.168.222.90
and a JAIL to listen on udp:161 192.168.222.91

obviously, each JAIL alias IP would be distinct for each jailed environment.

I have edited JAIL HOST /usr/local/etc/snmp/snmpd.conf to include
   agentaddress udp:161 192.168..90

Where do I profile this?
How do I make this work?
What am I doing wrong?

I am humbly asking for assistance :)

Thanks
Don
===
Section: Net-SNMP (8)
SNMPD

SYNOPSIS
snmpd [OPTIONS] [LISTENING ADDRESSES]

-x ADDRESS
   Listens for AgentX connections on the specified address rather
than the default /var/agentx/master. The address can either be a
Unix domain socket path, or the address of a network interface. The
format is the same as the format of listening addresses described
below.
==

 some of my notes ===

JAIL Host hier, separate partition for jails
/usr/jails

basejail  newjail
/usr/jails/basejail
/usr/jails/newjails

I did not modify the ezjail.conf file


From JAIL HOST

# mount_procfs proc  /usr/jails/web/proc


From within the JAIL

I installed /usr/ports/net-mgmt/net-snmp
# make
# make install clean

mkdir /snmp in /usr/local/etc
create snmpd.conf file
# cp /usr/local/share/snmp/snmpd.conf.example /usr/local/etc/snmp/snmpd.conf

Made minial changes to snmpd.conf in JAIL Host and JAIL.
# sec.name  source  community
# com2sec   local  localhost   public
com2sec local 192.168.222.91 public
com2sec mynetwork 192.168.222.0/24  public

Added to JAIL rc.conf and JAIL HOST rc.conf
# vi /usr/jails/web/etc/rc.conf
snmpd_enable=YES
snmpd_flags=-a
snmpd_pidfile=/var/run/snmpd.pid

restart the JAIL


From JAIL

#  snmpwalk -c public -u com2sec -v 1 web system
This does output allot of expected snmp data EXCEPT that it is listing
the data for the JAIL HOST, not the JAIL.

#  less /var/log/snmpd.log
init_kmem: kvm_openfiles failed: /dev/mem: No such file or directory
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ezjail on FreeBSD 6.2

[Don Munyak]

Hello Dave...responses below

On 4/4/07, Dave [EMAIL PROTECTED] wrote:

Hello,
Is anyone running ezjail on 6.2?


Yes, 6.2-stable GENERIC. At install time I created a separate
partition for, /usr/jails which makes it default to the ezjail-admin
create jail default location.


I've got to set up three similar jails
and i'd like to run them off of one base. I'd like to create a jail flavor,
where one jail has file x while the others do not.


My limited understanding of Flavours...These are like templates to
quick rebuild or create 'like' jail containers. While your maybe
similiar, what x is (and how big) may make them different.


Two problems i'm having
with flavors is one adding packages such as shells


Got me here. Something I need to learn as well.


, and two adding users and
giving them the shells just added?


I would think the adding users could either be done from an ssh
session into a running jail, or using # jexec JID adduser. I'm not
sure how to do the shells, except to say that I know I read
somewhere...where you can setup/change the default shell, then for
each new user added, they would get this profile.


I'd also like it if i could mount my host
system's ports tree in the jail itself, so i wouldn't have to get multiple
copies of the ports tree. The only way i've found thus far of doing this is
via nullfs on the base system and was wondering if there was an easier
method of doing this?


Now this one I know can be done a couple of different ways. First is
in the FAQ. The other is in a post I just made last week for the same
reason. I read man ezjail-admin. Just issue the following

# ezjail-admin update -p.
This will update existing ezjails to have access to the host ports
tree. From within a running jail, when you type # cd /usr/ports, your
will really be going to /basejail/usr/ports. pkg_add -r and make/make
install clean all  work fine.

Ezjail also has a list you can join, if interested...although it is
not very active. Responses are reasonably quick, given the support is
free :)

Regards
Don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

problems installing perl-5.8.8

[Don Munyak]

I am having problems installing perl5.8.8 on a up-to-date FreeBSD-6.2.
After running...

web# cd /usr/ports/lang/perl5.8
web# make
scripts install perl...

web# make test
(8) tests fail with the following message

...something about you may need to set dynamic library search path,
LD_LIBRARY_PATH to point to the build directory;
setenv LD_LIBRARY_PATH `pwd`:$LD_LIBRARY_PATH; cd t; ./perl harness
###   LD_LIBRARY_PATH=`pwd`:$LD_LIBRARY_PATH; export LD_LIBRARY_PATH; cd t;
./perl harness
###   export LD_LIBRARY_PATH=`pwd`:$LD_LIBRARY_PATH; cd t; ./perl harness

so I cd in t
web# cd /varlang/perl5.8/work/perl-5.8.8/t
web# ./perl harness
web# /libexec/ld-elf.so.1: Shared object libperl.so not found,
required by perl

tried TEST too.. with same results
web# ./TEST
/libexec/ld-elf.so.1: Shared object libperl.so not found, required by perl
web# pwd
/var/ports/basejail/usr/ports/lang/perl5.8/work/perl-5.8.8/t
web# ./perl -I../lib harness
/libexec/ld-elf.so.1: Shared object libperl.so not found, required by perl
web#

I am really clueless to why this is failing or even how to setenv
LD_LIBRARY_PATH
I could really use some help.

ps.. I have spent all day googling
/libexec/ld-elf.so.1: Shared object libperl.so not found, required by perl
as well as variation of this message.

Thanks
Don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: problems installing perl-5.8.8

[Don Munyak]

 Don Munyak wrote:
 I am having problems installing perl5.8.8 on a up-to-date
 FreeBSD-6.2.  After running...
 
 web# cd /usr/ports/lang/perl5.8
 web# make
 scripts install perl...
 
 web# make test
 (8) tests fail with the following message



I can't explain why, but I was able to get perl-5.8.8 installed using
the following;

#  echo ENABLE_SUIDPERL=true  /etc/make.conf
#  make install clean

Finished compiling and installed without any error stop codes

This came from http://www.bsdguides.org/guides/freebsd/security/perl_setuid.php

Once correction

 scripts install perl...

Perl never actually installed. The install process halted with an
error stop code

Thanks for your suggestions :)

Don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: PowerApp 120/1550 Install problems

[Don Munyak]

On 3/17/07, Minnesota Slinky [EMAIL PROTECTED] wrote:

Hey list,

I'm trying to install FreeBSD 6.2-RELEASE on a Dell PowerApp 120
(1550) I just purchased.  The system claims to have an AIC 7899 SCSI
host adapter.  I've currently got a known-good 9GB Fujitsu hard disk
in the system, as ID 0.  During installation, the disk comes up as
da0.  After going through all the options for install, etc, I get an
error when it tries to write the file systems:

Unable to find device node for /dev/da0s1b in /dev! and mentions
that installation is aborting.  At first I thought it was a problem
with the SCSI backplane, but RHEL and Window 2000 Server both install
and operate without problems.

Thanks for your advice!

Eric Crist
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]



Don't know the answer, but have a suggestion.

How about getting a live cd to boot from and then query /var/log for
hardware spec's

Don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Fwd: IPF (ftp - pkg_add) help requested

[Don Munyak]

On 3/1/07, Kelly D. Grills [EMAIL PROTECTED] wrote:

On Thu, Mar 01, 2007 at 04:10:11PM -0500, Don Munyak wrote:

As I hinted at in my original response, If you'd rather keep your
firewall rules tighter, pkg_add(1) says:

Note: If you wish to use passive mode ftp in such transfers, set
the variable FTP_PASSIVE_MODE to some value in your environment.



ahh... now I see what your saying.

I have my server setup to disallow root login from console. I login as
user, then su to root. When I run # printenv |sort, This dispalys the
env varibale for me, not root.

How do I set|view env for root?..., specifically FTP_PASSIVE_MODE=YES

--
OT... Kelley, btw...Baxter is cool :) I had a Pekingese once. For
Halloween, I shaved off all her hair except for a 2 mohawk
head-2-tail. I'll have to find the picture to send you some day.
Thanks.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

IPF (ftp - pkg_add) help requested

[Don Munyak]

I am building a FreeBSD box to function as a FAMP server (LAMP) and
hopefully replace our existing mail server. I am having an issue with
IPF that I can't seem to figure out.

*** When IPF is enabled, I can't run # pkg_add -r package name.

{...snip from local console..}
p0069# pkg_add -rv bash
looking up ftp.freebsd.org
connecting to ftp.freebsd.org:21
setting passive mode
opening data connection
Error: FTP Unable to get
ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.1-release/Latest/bash.tbz:
Network is unreachable
pkg_add: unable to fetch
'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.1-release/Latest/bash.tbz'
by URL
pkg_add: 1 package addition's) failed
{...end-snip..}

*** When I disable ipf -D, all works fine.

IPF was compiled in the kernel when I did a buildworld.

p0069# uname -a
FreeBSD p0069.bm.local 6.1-RELEASE-p12 FreeBSD 6.1-RELEASE-p12 #0: Thu
Feb  8 13:55:26 EST 2007
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/WEBSERVER  i386
p0069#

When I issue ipfstat -ho, after pkg_add -r, the following lines increment
- pass out quick on em0 proto tcp from any to any port = 21 flags S keep state
- pass out quick on em0 proto udp from any to any port = 53 keep state
- block out log first quick on em0 all

# --
# /etc/ipf.rules
# logged to /var/log/firewall.log
# 02/28/2007
# --

# --
# EGRESS filtering
# --

# No restriction on Loopback Adapter
pass in quick on lo0 all
pass out quick on lo0 all

# DHCP Bootp
# pass out quick on em0 proto udp from any to any port = 67 keep state
# pass out quick on em0 proto udp from any to any port = 68 keep state

# ICMP
pass out quick on em0 proto icmp from any to any keep state

# Allow out http
pass out quick on em0 proto tcp from any to any port = 80 flags S keep state
pass out quick on em0 proto tcp from any to any port = 443 flags S keep state

# Allow ftp out
pass out quick on em0 proto tcp from any to any port = 20 flags S keep state
pass out quick on em0 proto tcp from any to any port = 21 flags S keep state

# Allow mail out
pass out quick on em0 proto tcp from any to any port = 110 flags S keep state
pass out quick on em0 proto tcp from any to any port = 143 flags S keep state
pass out quick on em0 proto tcp from any to any port = 25 flags S keep state

# Allow SSH Out
pass out quick on em0 proto tcp from any to any port = 22 flags S keep state

# Allow DNS
pass out quick on em0 proto udp from any to any port = 53 keep state
pass out quick on em0 proto tcp from any to any port = 53 flags S keep state

# Allow CVSUP
pass out quick on em0 proto tcp from any to any port = 5999 flags S keep state

# Keeping time
pass out quick on em0 proto tcp from any to any port = 37 flags S keep state
pass out quick on em0 proto tcp from any to any port = 123 flags S keep state

# Allow whois
pass out quick on em0 proto tcp from any to any port = 43 flags S keep state

# Razor  Spamassasin
# more later

# Block and Log the first occurance of everything else
block out log first quick on em0 all

# -
# INGRESS Filtering
# 

# Block all inbound traffic from non-routable or reserved networks
# block in quick on em0 from 192.168.0.0/16 to any
block in quick on em0 from 172.16.0.0/12 to any
block in quick on em0 from 10.0.0.0/8 to any
block in quick on em0 from 127.0.0.0/8 to any
block in quick on em0 from 0.0.0.0/8 to any
block in quick on em0 from 169.254.0.0/16 to any
# block in quick on em0 from 192.0.2.0/24 to any
block in quick on em0 from 204.153.64.0/23 to any
block in quick on em0 from 224.0.0.0/3 to any

# Block in Nasties
# stuff I don't want logged
block in quick on em0 proto icmp all icmp-type 8
block in quick on em0 all with frags
block in quick on em0 all with ipopts
block in quick on em0 all with short
# block return-rst in quick on em0 proto tcp all flags FUP
# block return-rst in quick on em0 proto tcp from any to any
# block return-icmp-as-digest(port-unr) in quick on em0 proto udp from
any to any

# Block all Netbios server. 137=name, 138=datagram, 139=session
block in log first quick on em0 proto tcp/udp from any to any port = 137
block in log first quick on em0 proto tcp/udp from any to any port = 138
block in log first quick on em0 proto tcp/udp from any to any port = 139
block in log first quick on em0 proto tcp/udp from any to any port = 81

# Allow in http/https
pass in quick on em0 proto tcp from any to any port = 80 flags S keep state
pass in quick on em0 proto tcp from any to any port = 443 flags S keep state

# allow incoming SSH
pass in quick on em0 proto tcp from any to any port = 22 flags S keep state

# SMTP/POP/IMAP
pass in quick on em0 proto tcp from any to any port = 25 flags S keep state
pass in quick on em0 proto tcp from any to any port = 110 flags S keep state
pass in quick on em0 proto tcp from any to any port = 143 flags S keep state

# Anit-Virus
# more later

# All the rest
block in log first quick on em0 all

# - EOF 

Fwd: IPF (ftp - pkg_add) help requested

[Don Munyak]

Apart from up dating to newer version, I don't see how upgrading to
6.2 will make a difference. Anyway, thanks for taking the time to
reply.

However, the solution is as follows.
Incidentally, this had nothing to do with pkg_add
And everything to do with FTP and IPFILTER.

===
Diagnosis...

{IPMON results}
# ipmon
01/03/2007 15:03:39.112348 em0 @0:17 b 192.168.222.69,63507 -
204.152.184.73,63471 PR tcp len 20 48 -S OUT
01/03/2007 15:04:09.128610 em0 @0:17 b 192.168.222.69,57187 -
62.243.72.50,59250 PR tcp len 20 48 -S OUT
01/03/2007 15:04:17.756186 em0 @0:17 b 192.168.222.69,59469 -
204.152.184.73,55984 PR tcp len 20 48 -S OUT
01/03/2007 15:04:23.832928 em0 @0:17 b 192.168.222.69,62647 -
62.243.72.50,58387 PR tcp len 20 48 -S OUT

My server was opening an additional session using ports  1024, which
I was not initially allowing.  ipf was blocking outbound due to this
rule. This is a known issue with ftp client sessions using active mode
when behind a firewall.

# Block and Log the first occurance of everything else
block out log first quick on em0 all

Solution 
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html
section 26.5.21.1 IPNAT Rules {or}
section 26.5.21.2 IPNAT FTP Filter Rules

I chose 26.5.21.2 for simplicity. This proabably isn't a  major issue
for me, since the server will be located behind a border (LAN)
firewall.  Basically changed:

# Allow ftp out
pass out quick on em0 proto tcp from any to any port = 20 flags S keep state
pass out quick on em0 proto tcp from any to any port = 21 flags S keep state

{ to...}

# Allow ftp out
pass out quick on em0 proto tcp from any to any port = 21 flags S keep state
pass out quick on em0 proto tcp from any to any port  1024 flags S keep state

{ and added }

#Allow Active mode data channel from ftp server
pass in quick on em0 proto tcp from any to any port = 20 flags S keep state



For good reading {Official IPF home page}
http://coombs.anu.edu.au/~avalon/ip-filter.html

Don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: pkg_add problems

[Don Munyak]

Thanks everyone. The issue seems to be related to IPF, which I am
trying to sort out. Basically when ipf is enabled, the connectivity
fails, although my pass out rule for ftp includes ports 20  21. With
ipf -D disabled, no problems. I'll probably post to a new thread after
I've tried some more first.

Thanks again.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

pkg_add problems

[Don Munyak]

I am having trouble using pkg_add -r some package. I keep getting
the following error.
---
p0069# pkg_add -r bash
Error: FTP Unable to get
ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.1-release/Latest/bash.tbz:
Network is unreachable
pkg_add: unable to fetch
'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.1-release/Latest/bash.tbz'
by URL
p0069#
-

I don't know if this has anything to do with it, but
- I have rebuilt the kernel successfully
-
p0069# uname -a
FreeBSD p0069.bm.local 6.1-RELEASE-p12 FreeBSD 6.1-RELEASE-p12 #0: Thu
Feb  8 13:55:26 EST 2007
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/WEBSERVER  i386

- And there is no ports tree installed.. ie /usr/ports does not exist.
- I can ping ftp.freebsd.org
- I can also ftpopen ftp.freebsd.org

Any thoughts on trouble shooting this would be appreciated.

Thanks
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: compiling error - /usr : filesystem full

[Don Munyak]

Here's some additional Information I have been able to find. The
narrative is just to further explain what I was doing.
-
I was in the process of rebuilding a new kernel for one of my laptops.
I did the whole cvsup_without-gui. I created a new kernel called
LAPTOP and commented all unnecessary drivers and options.

When I ran make buildkernel KERNCONF=LAPTOP, the process eventually
died with an error. I neglected to write down the exact error, but it
was something like

{objcopy) /usr : filesystem full

As you can see /usr is choking. I have not turned off the laptop.
Based on the information below, what can I delete to free up some
space. I use the word delete in broad terms. Much like the windows
world where you should 'uninstall' as opposed to simply deleting a
folder...I am not sure what to do...ie how to free up space.

The only thing I can think of is to simply # rm /usr/ports ... for
lack of a better example.

# du -ak /usr |sort -nr |  /tmp/file2.txt
This file had 24,000 lines so I deleted much of the file.

Your thoughts/suggestions will be much appreciated.



### output from running # df -m  /tmp/file1.txt
### where -m is MB
Filesystem  1M-blocks Used Avail Capacity  Mounted on
/dev/ad0s1a   495   55   40012%/
devfs   00 0   100%/dev
/dev/ad0s1e   495   10   445 2%/tmp
/dev/ad0s1f  2300 2286  -170   108%/usr
/dev/ad0s1d  1098   58   952 6%/var
devfs   00 0   100%/var/named/dev


### output from running # du -ak /usr |sort -nr |  /tmp/file2.txt
### where -a is 'display entry for each file in file hierarchy
### where -k is 'display block count in kilobyte'
2341378/usr
636728/usr/obj
636726/usr/obj/usr
636724/usr/obj/usr/src
428576/usr/src
402064/usr/ports
289070/usr/X11R6
273156/usr/local
232342/usr/obj/usr/src/sys
230268/usr/obj/usr/src/sys/LAPTOP
204636/usr/src/contrib
170340/usr/obj/usr/src/sys/LAPTOP/modules
170338/usr/obj/usr/src/sys/LAPTOP/modules/usr
170336/usr/obj/usr/src/sys/LAPTOP/modules/usr/src
170334/usr/obj/usr/src/sys/LAPTOP/modules/usr/src/sys
170332/usr/obj/usr/src/sys/LAPTOP/modules/usr/src/sys/modules
148210/usr/X11R6/lib
129236/usr/compat
129234/usr/compat/linux
116012/usr/compat/linux/usr
106724/usr/obj/usr/src/gnu
105986/usr/obj/usr/src/tmp
101880/usr/src/sys
100536/usr/obj/usr/src/tmp/usr
88956/usr/compat/linux/usr/lib
88856/usr/obj/usr/src/gnu/usr.bin
86464/usr/X11R6/share
83186/usr/local/share
79184/usr/local/lib
78854/usr/share
67228/usr/compat/linux/usr/lib/locale
61072/usr/obj/usr/src/lib
59326/usr/local/freebsd-update
59324/usr/local/freebsd-update/work
56616/usr/X11R6/lib/X11
52090/usr/obj/usr/src/tmp/usr/src
49418/usr/obj/usr/src/tmp/usr/src/gnu
49416/usr/obj/usr/src/tmp/usr/src/gnu/usr.bin
47864/usr/src/contrib/gcc
45808/usr/obj/usr/src/gnu/usr.bin/cc
44264/usr/X11R6/lib/X11/fonts
43932/usr/ports/distfiles
40422/usr/X11R6/share/doc
39098/usr/src/sys/dev
38956/usr/obj/usr/src/usr.sbin
37694/usr/obj/usr/src/tmp/usr/src/gnu/usr.bin/cc
33638/usr/share/doc
32104/usr/ports/devel
31654/usr/local/lib/perl5
31646/usr/lib
31414/usr/X11R6/lib/firefox
31082/usr/local/freebsd-update/work/4
30496/usr/compat/linux/usr/lib/locale/locale-archive
30218/usr/share/doc/en_US.ISO8859-1
28974/usr/local/lib/perl5/5.8.8
28080/usr/src/contrib/binutils
26840/usr/ports/www
26692/usr/src/crypto
26288/usr/local/share/doc
26166/usr/local/freebsd-update/work/3
25830/usr/X11R6/bin
24344/usr/bin
24190/usr/compat/linux/usr/share
24124/usr/X11R6/include
23604/usr/X11R6/share/doc/qt
23602/usr/X11R6/share/doc/qt/html
23142/usr/share/doc/en_US.ISO8859-1/books
21592/usr/X11R6/lib/firefox/components
21436/usr/local/bin
21240/usr/ports/games
20528/usr/obj/usr/src/usr.bin
19966/usr/src/lib
19820/usr/obj/usr/src/tmp/usr/lib
19572/usr/obj/usr/src/secure
19552/usr/ports/INDEX-6.db
19072/usr/obj/usr/src/sys/LAPTOP/kernel.debug
18534/usr/src/share
18488/usr/share/man
18464/usr/obj/usr/src/lib/libc
17866/usr/obj/usr/src/gnu/lib
16902/usr/src/contrib/bind9
16500/usr/obj/usr/src/secure/lib
16206/usr/src/sys/contrib
15788/usr/src/contrib/gdb
15758/usr/libexec
15666/usr/X11R6/include/firefox
15590/usr/obj/usr/src/gnu/usr.bin/cc/cc_int
15538/usr/local/freebsd-update/work/4/rollback
15538/usr/local/freebsd-update/work/4/install
15462/usr/obj/usr/src/tmp/usr/src/gnu/usr.bin/cc/cc_int
15348/usr/obj/usr/src/gnu/usr.bin/gdb
15312/usr/src/usr.sbin
15208/usr/ports/net
14984/usr/X11R6/lib/X11/fonts/100dpi
14934/usr/X11R6/share/locale
14688/usr/ports/graphics
14546

Re: rc.conf ...need help

[Don Munyak]

On 2/6/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:

On 06/02/07, Jerry McAllister [EMAIL PROTECTED] wrote:
 On Tue, Feb 06, 2007 at 03:58:06PM -0500, Don Munyak wrote:

  How can I edit rc.conf while in single user mode. I've tried vi  ee,
  but system doesn't recognize either.


Thanks to everyone.

I actually had fixed the file 2 minutes after receiving first reply
but was unable to respond until now. However, having 2-3 different
approaches and/or alternatives is also quite helpful.

Thanks Again,

Don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

compiling error - /usr : filesystem full

[Don Munyak]

Hello,

I was recompiling the kernel on my laptop when the process ended with errors.

/usr : filesystem full

I suspect that the HD is has too many files ??

can I simply remove/delete to ports from /usr/ports and try to recompile?

btw...I have used pkg_add in the past. Will deleting the ports files
tantamount to deleteing a folder in windows without uninstalling first
?

Thanks

Don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

rc.conf ...need help

[Don Munyak]

Hello,

I was tweaking the /etc/rc.conf file and apparently had a typo. Now
the system boots into single user mode. I know what my error is

syslogd_enable=YES  {left off the first }

How can I edit rc.conf while in single user mode. I've tried vi  ee,
but system doesn't recognize either.

Thanks
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

startup script with non-root user

[Don Munyak]

Hello,

I have an application I'd like to startup at boot, however, the script
needs to be started by a non-user account.

If I put the startup script in /usr/local/etc/rc.d/hobbit.sh

How do I get it to start using the user account 'hobbit'

Thanks
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: startup script with non-root user

[Don Munyak]

Thanks so much Martin  Greg. I give these a try.

Don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

How-to build / make / install

[Don Munyak]

How-to build/make/install

{disclaimer}...I've been using FreeBSD for about a year, so while I
consider myself still a n00b, I'm just not a complete n00b :) OS:
6.1-RELEASE

I really need some help building a package for install (if that's the
correct terminology).

hobbitmon is the next re-named version of big brother
http://hobbitmon.sourceforge.net/

I have downloaded the tar.gz file into /usr/local/etc
I extracted the tar using:

don-bsd# tar xvfz file.tar.gz

then I cd in to the directory
don-bsd# cd /usr/local/etc/hobbit-4.2.0

The directory listing is as follows:

don-bsd# pwd
/usr/local/etc/hobbit-4.2.0

don-bsd# ls -la
total 164
drwxr-xr-x  17 root  wheel512 Jan 18 09:38 .
drwxr-xr-x  20 root  wheel   1536 Jan 18 09:48 ..
-r--r--r--   1 root  wheel  17983 Aug  9 16:10 COPYING
-r--r--r--   1 root  wheel   1585 Aug  9 16:10 CREDITS
-r--r--r--   1 root  wheel  69402 Aug  9 16:10 Changes
-r--r--r--   1 root  wheel   3303 Aug  9 16:10 README
-r--r--r--   1 root  wheel   5063 Aug  9 16:10 README.CLIENT
-r--r--r--   1 root  wheel   9290 Aug  9 16:10 RELEASENOTES
drwxr-xr-x   2 root  wheel   1024 Aug  9 16:10 bbdisplay
drwxr-xr-x   2 root  wheel   1024 Aug  9 16:19 bbnet
drwxr-xr-x   2 root  wheel512 Aug  9 16:10 bbproxy
drwxr-xr-x   2 root  wheel   1536 Jan 17 17:01 build
drwxr-xr-x   2 root  wheel   1024 Aug  9 16:10 client
drwxr-xr-x   2 root  wheel   1024 Aug  9 16:10 common
-r-xr-xr-x   1 root  wheel431 Aug  9 16:10 configure
-r-xr-xr-x   1 root  wheel   6005 Aug  9 16:10 configure.client
-r-xr-xr-x   1 root  wheel  14018 Aug  9 16:10 configure.server
drwxr-xr-x   2 root  wheel512 Aug  9 16:10 contrib
drwxr-xr-x   3 root  wheel   1024 Aug  9 16:10 debian
drwxr-xr-x   2 root  wheel512 Aug  9 16:10 demotool
drwxr-xr-x   3 root  wheel   1536 Aug  9 16:10 docs
drwxr-xr-x   7 root  wheel   1536 Aug  9 16:10 hobbitd
drwxr-xr-x   2 root  wheel512 Aug  9 16:10 include
drwxr-xr-x   2 root  wheel   2048 Aug  9 16:10 lib
drwxr-xr-x   3 root  wheel512 Aug  9 16:10 rpm
drwxr-xr-x   2 root  wheel   2048 Aug  9 16:10 web
don-bsd#

The README says to simply
don-bsd# ./configure
don-bsd# make
don-bsd# make install

However, when I type ./configure  from /usr/local/etc/hobbit-4.2.0

don-bsd# ./configure

Configuration script for Hobbit

This script asks a few questions and builds a Makefile to compile Hobbit

Checking your make-utility
GNU make is required to build Hobbit.
If it is available as gmake, run configure as: 'MAKE=gmake
./configure.server'
don-bsd#

*

Help please, Thanks

~Don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Fwd: WWW Proxy/Traffic Analyzer

[Don Munyak]

-- Forwarded message --
From: Bachilo Dmitry [EMAIL PROTECTED]
Date: Jan 10, 2007 10:54 PM
Subject: Re: WWW Proxy/Traffic Analyzer
To: freebsd-questions@freebsd.org


We have an employee who spends quite a bit of time on the net and
currently have no way of analyzing where they go.  Are there any decent
proxy servers that I can put them on to see where they are going?

-Tom


I have recently installed Dansguardian + Squid onto 6.1-REALEASE. My
approach was not as an in-line, but rather transparent mode. Our proxy
server is in the DMZ. All outbound http requests from the LAN are
redirected at the firewall to the server in the DMZ. This approach
eliminates users ability to by-pass the proxy, as no changes to
browser settings are made.

If the proxy dies, all I need to do (temporarily) is disable the
redirector in the firewall.

So far, this setup works rather well. There are plenty of free tools
for analyzing the logs. The plus for us, by incorporating
Dansguardian, is the ability to further customize what is acceptable
and what's not.

~ Don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: How-to build / make / install

[Don Munyak]

Thanks, here's the latest attempts I've made...


Have you had a look in the ports tree to see if you can find Hobbit there?


Yes, no port is available.


Otherwise, gmake is available from ports/devel/gmake, just do cd
ports/devel/gmake and make install clean and then you've got it.


added gmake before hand. # make, then # make install clean

gcc and g++ are also installed.


Then you do MAKE=gmake ./configure-server or whatever in the source
catalog for hobbit.


Not sure what the source catalog is??

from /hobbit-4.2.0 folder

don-bsd# ./configure

Configuration script for Hobbit

This script asks a few questions and builds a Makefile to compile Hobbit

Checking your make-utility
GNU make is required to build Hobbit.
If it is available as gmake, run configure as: 'MAKE=gmake
./configure.server'
don-bsd#

I can see that this message is from the file configure.server. Snip
of code below.

{snip from configure.server file}

echo Checking your make-utility
MAKEVER=`$MAKE -version 21 | head -n 1 | awk '{print $1   $2}'`
if test $MAKEVER != GNU Make
then
echo GNU make is required to build Hobbit.
echo If it is available as \gmake\, run configure as: 'MAKE=gmake 
$0'
exit 1
fi

echo Checking pre-requisites for building Hobbit
echo 
. build/fping.sh
echo ; echo 
. build/rrd.sh
echo ; echo 
. build/pcre.sh
echo ; echo 

{...end-snip}

But seems to bail right after the echo If it is available as \gmake\...

Thanks
Don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ping: sendto: Can't assign requested address

[Don Munyak]

On 1/18/07, Questions [EMAIL PROTECTED] wrote:


Hello,


Let me preface this mail by saying:  I'm an idiot.


Now that we've gotten that out of the way, you don't have to say it!


I have a piece of networking equipment that does not have a factory
defaults button on it.   it has to be RMA'd and returned to the
manufacturer if you can't remember login credentials (forgot
username,pass/IP, etc)

I was assigning the unit an IP address of 172.20.1.x but I typod it.
127.20.1.x and as you can guess,  I can't connect to the unit from any
other device now.   127.x is loopback.

I have tried assigning a 127.20.1.x address to an ethernet interface in a
FreeBSD box,  and removinging the 127.0.0.1/8 on localhost.   I've also
gone into the routing table,  and removed all traces of routes for 127.x
and finally,  *tried* creating a route for 127.20.1.x to go out the
ethernet interface (link #2)

The problem with everything above is:  no matter what ip/subnet
combination I use, I get a message (when adding the route) that the
network is unreachable.   Then,  when I try to ping the device from the
fbsd box,  I get ping: sendto: Can't assign requested address

My question is:  Is it possible in any way, to change the 127 routing to
pass out my ethernet card long enough to re-ip this device?  I haven't yet
come up with a decent solution.

Thanks for any thoughts,

Jeff


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]




What's the piece of equipment?
Is there a serial(comm) port ?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Cacti -vs- mrtg

[Don Munyak]

Also check out CactiEZ . its a distribution package of sorts that will
load a complete system on a spare box. Basically a quick and dirty for
those not wanting to take all the steps of installing an OS first and
then the packages and plug-ins.

http://cactiusers.org/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

xfce panel install external plugin

[Don Munyak]

Hello,

I have a laptop loaded with freebsd + Xfce 4.2.x
I want to install the xfce4-battery-plugin

http://goodies.xfce.org/projects/panel-plugins/start

I presume this will add a battery monitor to the panel.
What do I need to do to install this or any other plugin

Thanks
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

ezjails, jails

[Don Munyak]

re: ezjails, jails

Hopefully a quick question. I am researching using EZJails from
http://erdgeist.org/arts/software/ezjail/

But a little confused by the jail concept.

I think I need to setup two jails, one(1) for email services and
one(1) for www services, on a single server.

q. If I am running a webserver for more than one(1) domain, should I
be using a single jail for each domain, or is one jail needed for
'ALL' www processing ?

q. If I am using a jail for each domain, does this imply loading
apache+php+mysql, for each www jail ?

q. Likewise with email and multiple domains, does multiple domains =
multiple email jails, as well as multiple copies of smtp, pop3,
webmail ??

q. Email and WWW services both require MySQL. Would I be installing
MySQL 'x' number of times?

What I want to do is he following:

We are a small company, so email traffic is minial..ie. less than 500
messages per day.
Likewise, www traffic is also minimal.
I want to build a single server to be located at a co-location facility.
This server would support both email and www services.

The email services would be built using instructions from
http://www.tnpi.biz/internet/mail/toaster.shtml
...that being stuff like qmail, RBL, spamassassin, clamav...etc
We have 5 separate domains for email services
The www services would be functionally similiar to LAMP
We have 5 separate domains for www

I would greatly appreciate any links or advice towards achiving my goals.

Thanks
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ezjails, jails

[Don Munyak]

Thanks a bunch Chad and Chris. Good stuff to digest.

Chris, If you have some links to good howto's and don't mind posting,
I'd be greatful

Don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ezjails, jails

[Don Munyak]

Thanks, I have no actual deadline. Just something I want/need to do in
the near future. The tearing down and restarting is also something I
was planning on.

Somewhat off-topic, but have you thought about using vmware,
specifically vmplayer. There have been many a propellar-head that have
reverse engineered the process of creating vmware templates. There are
several places on the web that you can either create a blank template
or download a preconfigured template. Then just install the OS. You
can even link the virtual CD drive to an ISO image so that during the
startup of the image, the VM is running from what it thinks is a live
cd.

This is how I am doing some of my practice build/tear down stuff

here some of my links

http://www.easyvmx.com/
http://www.easyvmx.com/tutorial.html
http://www.ffnn.nl/pages/articles/linux … eation.php
http://www.virtualization.info/2005/12/ … mware.html
http://www.hackaday.com/entry/1234000153064739/
http://sanbarrow.com/
http://www.brunofreitas.com/portal/viewtopic.php?t=41

Thanks again
Don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Fwd: Using BSD as filter

[Don Munyak]

If you want a freebsd firewall that works well with comcast, try m0n0wall

http://m0n0.ch/wall/

It is well supported worldwide, from home users to corporate environments.
It's small enough to run from compact flash, hard drive, even a live
ISO with floppy.
AND it's as easy to setup as any linkysys home router.

Been using it for over a year in a corp environment as well as home.

Don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

rebuild any statically linked ports

[Don Munyak]

I am following the instructions for keeping my freebsd system upto
date from http://www.taosecurity.com/keeping_...up-to-date.html

After running,

# freebsd-update fetch
# /usr/local/sbin/freebsd-update install

A message states Don't forget to rebuild any statically linked ports
to use the updated libraries after you install them.

what does this mean and how do I complish rebuilding statically linked ports?

Thanks
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: rebuild any statically linked ports

[Don Munyak]

Thanks for the info.

Don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: apache Jails

[Don Munyak]

On 8/25/06, albi [EMAIL PROTECTED] wrote:

On Fri, 25 Aug 2006 01:15:52 -0400
Don Munyak [EMAIL PROTECTED] wrote:

 I want to build a FreeBSD webserver to replace a M$ IIS web server.
 I've started researching using Jails but am a little confused.

 Given I am hosting four(4) websites, would I have four separate jails.
 each jail having a separate install of apache + php + mysql ?

 or would I be installing apache + php + mysql at the base system, and
 then have four separate jails for each web site and database files ??

there are even more possibilities :
- 1 host, 1 jail, apache with virtual hosts
- 1 host, 1 build-jail, 4 apache-jails
- 1 host, apache with virtual hosts

do you have different ip-addresses for those websites ?


No for different IP's. Each will share a common IP. Apache would do
hostname redirecting for incoming requests...I presume. I guess in
this case the following would be the direction I'm headed


- 1 host, 1 jail, apache with virtual hosts


Thanks again
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

apache Jails

[Don Munyak]

I want to build a FreeBSD webserver to replace a M$ IIS web server.
I've started researching using Jails but am a little confused.

Given I am hosting four(4) websites, would I have four separate jails.
each jail having a separate install of apache + php + mysql ?

or would I be installing apache + php + mysql at the base system, and
then have four separate jails for each web site and database files ??

Thanks
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Permission to Distribute OS and Demon Logo

[Don Munyak]

 The overwhelming majority of argentine PC users run un-licensed Microsoft
 Sytems and software. The remainder have licenses or use Linux. FreeBSD is
 unknown to the average PC user.


For the desktop pc, check out:

http://www.desktopbsd.org/
http://www.pcbsd.org/

Both are using FreeBSD as the OS. DesktopBSD uses KDE for GUI desktop.

I just started using dektopbsd and really like it, although I have
been using FreeBSD on a separate machine for about a year now. The
install for desktopBSD could get any easier.

Don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Virtual Private Servers???

[Don Munyak]

disclaimer...I have no personal experience with VM's...But, one of the
list services I belong to has mentioned this before.

See if Qemu might be of use.

http://fabrice.bellard.free.fr/qemu/

Don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Replacing windows XP at home.

[Don Munyak]

On 7/26/06, Joshua Lewis [EMAIL PROTECTED] wrote:


   I have a hard question to ask and I realize that there are a thousand
   answers to this question.
   I am replacing my XP system with a FreeBSD 6.1 system. I finished
   installing it last night and cvsuped. Now I need to choose a window
   manager.



http://www.osnews.com/story.php?news_id=3064
search google for window manage comparisons

I have used xfce. It's light weight, GUI and customiseable

http://www.xfce.org/

~Don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD 6.1 - Web Mail Serve

[Don Munyak]

On 7/21/06, Andrew Pantyukhin [EMAIL PROTECTED] wrote:

On 7/19/06, Allen D. Tate [EMAIL PROTECTED] wrote:
 I am preparing to setup a FreeBSD 6.1 machine with Apache/MySQL/PHP for
 my web server and I am curious as to your thoughts on the best mail
 server to install and why. Any mail server I should steer clear from at
 all costs? Thanks in advance for your input.


Mail::Toaster
http://www.tnpi.biz/internet/mail/toaster.shtml

I have no personal opinion, just a reccomendation from a colleague.
I am about to setup a mail server using the Mail::Toaster config.
I have spent a lot of time at the site and have seen relatively fee
negative impressions

~don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Creating_a_Stable_Secure_FreeBSD_Mailserver.pdf

[Don Munyak]

re: Creating_a_Stable_Secure_FreeBSD_Mailserver.pdf

The title of this thread references a document created several years ago.
The author wrote the article and posted in a forum at www.screamingelectron.org/
http://www.screamingelectron.org/forum/showthread.php?t=725page=1pp=10

He also posted an alternate location for pdf download.
http://bsdhound.com/downloads/Creating_a_Stable_Secure_FreeBSD_Mailserver.pdf.


Well...that link is broken. Googling turned up some hopeful leads, but
alas...also broken.
http://lists.freebsd.org/pipermail/freebsd-questions/2004-June/050783.html
~LINK~ 
http://gene.wins.uva.nl/~jmsteggi/Creating_a_Stable_Secure_FreeBSD_Mailserver.pdf

http://www.littleblackdog.com/viewtopic.php?t=17294start=15
~LINK~ 
http://bsdhound.com/downloads/Creating_a_Stable_Secure_FreeBSD_Mailserver.pdf


Also did a google on this cat's username  soup4you2. There are several
forums likewise with broken links as well as a yahoo account, but no
reply yet.

Does anyone have access to this updated pdf file. I'd really like to
get my hands on it.

btw...for anyone else looking for a like or similiar solution, check out
http://www.tnpi.biz/internet/mail/toaster.shtml [mail::toaster]

Thanks

~Don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Creating_a_Stable_Secure_FreeBSD_Mailserver.pdf

[Don Munyak]

On 7/20/06, Grant [EMAIL PROTECTED] wrote:

I don't know how updated this one is but i found a .pdf version here:

http://wumber.net/books/Creating_a_Stable_Secure_FreeBSD_Mailserver.pdf

Bye.
Grant.

On 20 Jul 2006, at 15:59, Don Munyak wrote:

 re: Creating_a_Stable_Secure_FreeBSD_Mailserver.pdf

 The title of this thread references a document created several
 years ago.
 The author wrote the article and posted in a forum at
 www.screamingelectron.org/
 http://www.screamingelectron.org/forum/showthread.php?
 t=725page=1pp=10

 He also posted an alternate location for pdf download.
 http://bsdhound.com/downloads/
 Creating_a_Stable_Secure_FreeBSD_Mailserver.pdf.


 Well...that link is broken. Googling turned up some hopeful leads, but
 alas...also broken.
 http://lists.freebsd.org/pipermail/freebsd-questions/2004-June/
 050783.html
 ~LINK~ http://gene.wins.uva.nl/~jmsteggi/
 Creating_a_Stable_Secure_FreeBSD_Mailserver.pdf

 http://www.littleblackdog.com/viewtopic.php?t=17294start=15
 ~LINK~ http://bsdhound.com/downloads/
 Creating_a_Stable_Secure_FreeBSD_Mailserver.pdf


 Also did a google on this cat's username  soup4you2. There are several
 forums likewise with broken links as well as a yahoo account, but no
 reply yet.

 Does anyone have access to this updated pdf file. I'd really like to
 get my hands on it.

 btw...for anyone else looking for a like or similiar solution,
 check out
 http://www.tnpi.biz/internet/mail/toaster.shtml [mail::toaster]

 Thanks

 ~Don
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to freebsd-questions-
 [EMAIL PROTECTED]





Thanks Grant...Much Thanks
Downloaded my copy for safe keeping

~don
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]