Re: System Intrustion Detection
M, There are several choices you can make to deal with this. First, be sure your root password is 'strong'. Generally 'strong' means that it is a combination of upper case, lower case, and numbers with a decent lenght. I personally go with at least 12 characters and throw in some punctuation as well. Also, don't use real words. Second, configure your ssh daemon to only support public key authentication (PubkeyAuthentication, RSAAuthentication). This means every user need to have a public/private key pair. One part stays on the server, the other goes to the remote system and is used to authenticate with the server. This also makes the password attacks you are seeing pretty useless. Third, if your users are all coming in from a relatively small list of IP addresses, you can consider using tcpwrappers (which should have been built in to your sshd daemon). This allows you to configure the sshd daemon to only allow access from a restricted set of ip addresses (or block a specific set of addresses). This method will also stop those messages from appearing in your mail once it is set up properly. I use all three techniques. Unfortunately, I have found that I have to pretty much exclude large parts of the world from accessing my ssh server for the third option to be effective and it is getting worse. I used to have to block only a hand full of countries but I'm now seeing attempts from several continents. M. Goodell [EMAIL PROTECTED] said: More and more each day I am seeing my root emails contain hundreds of entries like this: May 8 02:23:35 warpstone sshd[26092]: Failed password for root from 222.185.245.208 port 50519 ssh2 May 8 16:37:41 warpstone ftpd[34713]: FTP LOGIN FAILED FROM 211.44.250.152, Administrator Basically, people are attemtpting to hack into my server often with a few thousands of attempts each day. What measures can I take to stop these attempts? Is there a way I can detect these attacks and automatically cut them off? Are any of the security ports effective against this? Thank you! M Goodell -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to Stop Bruit Force ssh Attempts?
On Tuesday 11 April 2006 21:35, Jonathan Franks wrote: On Mar 18, 2006, at 12:39 PM, Chris Maness wrote: In my auth log I see alot of bruit force attempts to login via ssh. Is there a way I can have the box automatically kill any tcp/ ip connectivity to hosts that try and fail a given number of times? Is there a port or something that I can install to give this kind of protection. I'm still kind of a FreeBSD newbie. I setup SSH to use public key authentication only. That way they can hammer away at my ssh server till the cows come home and they will never get in with a password. I also use tcpwrappers (built into ssh daemon) for the particularly obnoxious ones. If you are using PF, you can use source tracking to drop the offenders in to a table... perhaps after a certain number of attempts in a given time (say, 5 in a minute). Once you have the table you're in business... you can block based on it... and then set up a cron job to copy the table to disk every so often (perhaps once every two minutes). It works very well for me, YMMV. If you don't want to block permanently, you could use cron to flush the table every so often too... I don't bother though. -Jonathan -- Ean Kingston, BSc, CISSP, ARO Computer Security and Privacy Consulting PGP KeyID: CBC5D6BB ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Firefox with mplayer-plugin won't play
I can't seam to get mplayerplug-in to work with firefox. The plugin appears to load fine. The video box shows up in the browser, the media appears to download (buffering) and then the thing stops (stopped displayed). When I tell it to play it just goes back to stopped. Oddly, if I use mplayer at the command line with the url (copy from the plugin menu pasted to the command line) everything is fine. Does anyone have an idea what I might have missed: here are the ports, all installed from source. mplayer-gtk-0.99.7_11 mplayerplug-in-3.21 firefox-1.5.0.1,1 linux-flashplugin-6.0r79_3 linuxpluginwrapper-20051113 and a broken acroread7 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw and ssh
Okay Anthony,
Here is a bit more detail on your IPFW setup. Here is the section of
rc.firewall that is relevant what we've discussed. View this in HTML mode if
you can. I've highlighted changes in red and my own comments in blue. I also
noticed that you use a Netgear router in your setup. You need to make sure that
you pass port 22 inbound connections through your netgear router to your
Freebsd system. That would be a setup on your netgear system.
# set these to your network and netmask and ip
net=192.0.2.0 # This should be set to your internal network's address
# Most home firewalls and routers use 192.168.1.0
mask=255.255.255.0# This should be your internal network's
netmask.
# Most home firewalls and routers use 255.255.255.0
ip=192.0.2.1 # This should be your local machines IP address.
# If you are using DHCP to assign an address to your
system, this will not work as written. Fortunately, IPFW now supports the
meta-address 'me', which resolves to all your local addresses.
setup_loopback
# Allow any traffic to or from my own net. This allows all computers on
your network to talk to your computer without any restrictions.
${fwcmd} add pass all from ${ip} to ${net}:${mask}
${fwcmd} add pass all from ${net}:${mask} to ${ip}
# Allow TCP through if setup succeeded. This allows any existing TCP
connections to work. This way you only need one rule (setup) for each inbound
service you want.
${fwcmd} add pass tcp from any to any established
# Allow IP fragments to pass through
${fwcmd} add pass all from any to any frag
# Allow setup of incoming email. This one allows outside systems to
send e-mail to your system. If you aren't running a mail server you may want to
remove this line. This is also the line we are going to copy to allow your ssh
server to work.
${fwcmd} add pass tcp from any to ${ip} 25 setup
# Allow inbound connections to my ssh server. This will allow anyone
access to my system through SSH provided they can authenticate.
${fwcmd} add pass tcp from any to ${ip} 22 setup
# Allow setup of outgoing TCP connections only. This is what lets you
initiate sessions with other systems (like http, and ssh)
${fwcmd} add pass tcp from ${ip} to any setup
# Disallow setup of all other TCP connections. If you put any TCP stuff
after this it won't work because this line prevents all further TCP rules from
being applied.
${fwcmd} add deny tcp from any to any setup
# Allow DNS queries out in the world
${fwcmd} add pass udp from ${ip} to any 53 keep-state
# Allow NTP queries out in the world
${fwcmd} add pass udp from ${ip} to any 123 keep-state
# Everything else is denied by default, unless the
# IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel
# config file.
On Wednesday 05 April 2006 22:27, Anthony M. Agelastos wrote:
Thank you for your very prompt reply. I tried your suggestion and it
didn't work. I do not know why. Is the location where I place this in
the client profile important?
I have also tried the person's actual IP address as well as the IP
address of the router (just in case it is not doing something weird)
to no avail.
What is the easiest way of making changes to the firewall rules and
applying them so I do not have to reboot each time? I assume a
kldunload ipfw.ko and then a kldload ipfw.ko should do it, but I
don't want to risk doing something incorrect while I am trying to
debug my current problem.
On Apr 5, 2006, at 10:08 PM, Ean Kingston wrote:
You neglected to include the 'add' in your first fwcmd.
You may want to try something simple to start with. I haven't used
ipfw in a
while so hopefully my syntax is still good. Here is a simple
starting point:
# Allow person SSH access
mip=xxx.xxx.xxx.xxx # IP Address of person
${fwcmd} add allow tcp from ${mip} to me 22 in # allow connection
to ssh
${fwcmd} add allow tcp from me 22 to ${mip} out # allow me to respond
I think all you really need is this:
# Allow setup of incoming ssh
${fwcmd} add pass tcp from ${mip} to ${ip} 22 setup
Since the rest of it should be taken care of by the rest of the
'client' ipfw
setup.
On Wednesday 05 April 2006 21:50, Anthony M.Agelastos wrote:
Hello everyone,
Allow me to preface my problem by saying that I am very ignorant when
it comes to networking. I do apologize if this is trivial. In any
event, I enabled the client ifpw firewall located in /etc/
rc.firewall. This appears to work well for my needs... except for one
additional item. I need someone outside of my network to have SSH
access to my machine. I know his/her IP address. So, I have added
some additional items to rc.firewall
Re: Using Macromedia flash with native firefox
Thanks sort of. As your previous post mentioned, you were trying to do this with firefox 1.0.7 and you couldn't get it to work with firefox 1.5. Well, I went through it anyway and still couldn't get it to work but, oddly, when I started putting the flash stuff back into /usr/X11R6/lib/browser_plugins, I no longer needed to mess with the flash6.so files. So, at least it's a bit cleaner now. I think all I had to do was to link two files so that they appear in /usr/X11R6/lib/browser_plugins: flashplayer.xpt - ../linux-flashplugin6/flashplayer.xpt libflashplayer.so - ../linux-flashplugin6/libflashplayer.so On Thursday 06 April 2006 01:24, Chandan Haldar wrote: This mail in the freebsd list archives describes what I did to get firefox 1.0.7 and flash 6 working: http://www.freebsd.org/cgi/getmsg.cgi?fetch=660877+665553+/usr/local/www/db /text/2006/freebsd-questions/20060305.freebsd-questions Look at how I had to change MOZ_PLUGIN_PATH (towards the end). Perhaps this will do the trick for you too. Good luck. Chandan Ean Kingston wrote: I've been trying to get Macromedia Flash 6 (linux-flashplayer6) to work with native firefox (1.5) on FreeBSD 6.0 and running into some annoying problems. I know I needed linuxpluginwrapper to get this to work and so installed it along with the linux flash plugin port. I tried several times, reviewed the port build notes, looked for readmes, and searched some with Google. I found several detailed installation instructions but none of them worked for me. In order to get it to work, I copied flashplayer.xpt and libflashplayer.so from the linux-flashplayer6 installation directory into the browser_plugins directory. I took this from instructions for getting an older flashplayer5 to work. This at least got me to an error message (about not being able to locate libpthreads.so. That is one of the things that linuxpluginwrapper is supposed to take care of. After several more attempts at trying to resolve this, I resorted to a brute force method. I copied the flash6.so library that came with linuxpluginwrapper to the browser_plugins directory as libpthreads.so. This is a very bad solution but I got flash working. So, my question is how do I get this to work properly? For any who might be able to help, here is some relevant info: Installed: firefox-1.5.0.1,1 linuxpluginwrapper-20051113 linux-flashplugin-6.0r79_3 messy file copies: flashplayer.xpt - ../linux-flashplugin6/flashplayer.xpt libdl.so.2 - /usr/local/lib/pluginwrapper/flash6.so libflashplayer.so - ../linux-flashplugin6/libflashplayer.so libpthread.so.0 - /usr/local/lib/pluginwrapper/flash6.so So, how do I get this to work without the messy file copy? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston, BSc, CISSP, ARO ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Using Macromedia flash with native firefox
I've been trying to get Macromedia Flash 6 (linux-flashplayer6) to work with native firefox (1.5) on FreeBSD 6.0 and running into some annoying problems. I know I needed linuxpluginwrapper to get this to work and so installed it along with the linux flash plugin port. I tried several times, reviewed the port build notes, looked for readmes, and searched some with Google. I found several detailed installation instructions but none of them worked for me. In order to get it to work, I copied flashplayer.xpt and libflashplayer.so from the linux-flashplayer6 installation directory into the browser_plugins directory. I took this from instructions for getting an older flashplayer5 to work. This at least got me to an error message (about not being able to locate libpthreads.so. That is one of the things that linuxpluginwrapper is supposed to take care of. After several more attempts at trying to resolve this, I resorted to a brute force method. I copied the flash6.so library that came with linuxpluginwrapper to the browser_plugins directory as libpthreads.so. This is a very bad solution but I got flash working. So, my question is how do I get this to work properly? For any who might be able to help, here is some relevant info: Installed: firefox-1.5.0.1,1 linuxpluginwrapper-20051113 linux-flashplugin-6.0r79_3 messy file copies: flashplayer.xpt - ../linux-flashplugin6/flashplayer.xpt libdl.so.2 - /usr/local/lib/pluginwrapper/flash6.so libflashplayer.so - ../linux-flashplugin6/libflashplayer.so libpthread.so.0 - /usr/local/lib/pluginwrapper/flash6.so So, how do I get this to work without the messy file copy? -- Ean Kingston, BSc, CISSP, ARO ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw and ssh
You neglected to include the 'add' in your first fwcmd.
You may want to try something simple to start with. I haven't used ipfw in a
while so hopefully my syntax is still good. Here is a simple starting point:
# Allow person SSH access
mip=xxx.xxx.xxx.xxx # IP Address of person
${fwcmd} add allow tcp from ${mip} to me 22 in # allow connection to ssh
${fwcmd} add allow tcp from me 22 to ${mip} out # allow me to respond
I think all you really need is this:
# Allow setup of incoming ssh
${fwcmd} add pass tcp from ${mip} to ${ip} 22 setup
Since the rest of it should be taken care of by the rest of the 'client' ipfw
setup.
On Wednesday 05 April 2006 21:50, Anthony M.Agelastos wrote:
Hello everyone,
Allow me to preface my problem by saying that I am very ignorant when
it comes to networking. I do apologize if this is trivial. In any
event, I enabled the client ifpw firewall located in /etc/
rc.firewall. This appears to work well for my needs... except for one
additional item. I need someone outside of my network to have SSH
access to my machine. I know his/her IP address. So, I have added
some additional items to rc.firewall for this. Here is what I added.
# Allow person SSH access
mip=xxx.xxx.xxx.xxx
${fwcmd} allow tcp from any to any 22 out setup keep-state
${fwcmd} add pass tcp from ${mip} to me 22 setup limit src-
addr 2
I have tried many, many differing variations of this from items I
have found online. I cannot get any of them to work. My network setup
is as follows
internet - cable modem - netgear router - freebsd 6.1-prerelease
This user can SSH into my machine when I set the firewall to open.
Any ideas?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
--
Ean Kingston, BSc, CISSP, ARO
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: top and ps fail on 6.0-BETA5
On September 23, 2005 02:33 pm, Doug Poland wrote:
Hello,
I've noticed that top and ps are failing on my recently re-built
6.0-BETA5 box. Ordinarilly that means that the world and the kernel
are out of sync. However, I've cvsup'd and rebuilt and installed world
and GENERIC (several times).
Doug,
Have you been tracking the freebsd-current mailing list? 6 is the bleeding
edge of FreeBSD and problems with it tend to get discussed much more on
-current than they do on -questions.
Yesterday I rebuilt all my ports and today did a fresh
cvsup/rebuild/install. Still seeing the message:
[EMAIL PROTECTED] top
kvm_open: kinfo_proc size mismatch (expected 648, got 768)
top: Out of memory.
Here's uname:
FreeBSD ammon.polands.org 6.0-BETA5 FreeBSD 6.0-BETA5 #0: Fri Sep 23
12:07:46 CDT 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386
/usr/src/UPDATING says:
20050609:
Changes were made to kinfo_proc in sys/user.h. Please recompile
userland, or commands like `fstat', `pkill', `ps', `top' and `w'
will not behave correctly.
The API and ABI for hwpmc(4) have changed with the addition
of sampling support. Please recompile lib/libpmc(3) and
usr.sbin/{pmcstat,pmccontrol}
I've googled the lists but have found nothing on this. I must be doing
something wrong.
--
Ean Kingston
E-Mail: ean AT hedron DOT org
URL: http://www.hedron.org/
I am currently looking for work. If you need competent system/network
administration please feel free to contact me directly.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Challenge: LTO2 autoloader with freebsd?!
On September 22, 2005 10:58 am, Lowell Gilbert wrote: AMANDA (I *don't* think it's in ports, check the University of Maryland/Google, etc.). It is, indeed, in ports. And it works with auto-loaders and even some tape libraries. I've used Amanda with simple auto-loader before without a problem. You eject the current tape and the loader automatically puts the next one it. When the stack is done some loaders will put the first one back in some require user intervention. If you can afford it a smart loader that knows which slot is currently in the drive is much better and Amanda works well with those. -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Turning PC speaker on and off
On September 19, 2005 08:20 pm, Rem P Roberti wrote: How does one go about enabling and disabling the PC speaker? Probably not what you are looking for but a few years ago I re-wired my PC speaker to include a switch so I could actually turn off the speaker. It worked great until I had to change cases. I think it cost me all of 25 cents for a switch at the electronics store. Thanks, Rem -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Looking for media system reccomendations
Hi all, I'm looking for some hardware suggestions for low-power/small footprint systems suitable to create a multimedia computer for my living room. I'm leaning toward mini-itx boards and cases. Specifically I want the following capabilities: Remote control capable (IR port I think) TV out (svideo is sufficient for now) audio out (at least 4 channels) wireless (802.11g) sata with room for at least 1 drive internal room for a dvdrom drive preferably fanless definitely low power I can do some simple coding to get the remote control working if necessary but I have no clue what would be good hardware for this project and from what I can tell the hardware list is a bit vague on the details of exactly what mini-itx boards work well with freebsd. -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (no subject)
On September 19, 2005 01:57 pm, mailtrail wrote: I needed a quick firewall to guard an ISDN line, so I grabbed a K6/166. This box only came out of service a couple months ago, having run for several years on 4.3-stable (set up some time in 2001). The NIC card that is in it is an ISA bus card, a WD8003 (it was operating as ed0 in its previous incarnation). More for amusement than anything else, I decided to use that card, if I could, with a recent version of FreeBSD, so I loaded 5.4-R onto it. I now realize that I no longer have any idea how to tell the kernel how to find a non-PnP ISA card. Here is the kernel.conf file from the old box: en ed0 Interface ed0 (someone correct me if I'm wrong it's been a while) po ed0 0x300 Port to interface ed0 id 0x300 (bit of physical memory to access the nic) ir ed0 10 IRQ for ed0 is 10 iom ed0 0xd8000 I/0 memory for ed0 0xd8000 (for direct memory access IIRC) f ed0 0 I forgot this one, sorry. q I don't even remember what lines 1 and 5 mean. How do I set IRQ, memory address, etc for a non-PnP ISA card under 5.4-R, if that is even possible? If not possible, is it supported under 4.11? This isn't critical by any means. The motherboard has two open PCI slots on it, so I could just use PCI NIC cards for the firewall, but I am curious if the old cards can still be used. I also have a second ISA NIC card, a WD8013, so it would be somewhat amusing to have this box running a firewall using those two old NIC cards. The ISA bus should be able to easily keep up with 128Kb of traffic; the old version of the box was a mail- and web-server, and never had problems keeping up with ISDN speeds. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 5.4 Custom CD making...
On September 16, 2005 11:03 am, Deepak Naidu wrote:
thanx for the hint, ya thats ok, is sysinstall only
used for jumpstart installation, or is it do something
with custom CD.
b'cos i wanted it to be made in a custom-CD containing
my apps, and configs, so that it gets installed on
different hardware machines.
Sysinstall is for installing FreeBSD. It works with a variety of install
types. As long as you stick with the format of the install CD you should be
able to add to it and have an installable system.
Regards,
Deepak Naidu.
--- Lowell Gilbert
[EMAIL PROTECTED] wrote:
Deepak Naidu [EMAIL PROTECTED] writes:
any clue on this ??
Well, start with man sysinstall and use the
batch facility.
--- Deepak Naidu [EMAIL PROTECTED] wrote:
Hi,
I wanted to create a custom FreeBSD 5.4,
which
will include my needed packages, and the
partition
type(ie / , /var, /usr and the partition size)
what
I prefix, this will not ask user with sysinstall
options, if needed only root password.
In short making my own distro.
I hope some one have this valuable info..
Linux your Life, Don't Window it [[]]
{ All for the best }
___
How much free photo storage do you get? Store your holiday
snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
--
Ean Kingston
E-Mail: ean AT hedron DOT org
URL: http://www.hedron.org/
I am currently looking for work. If you need competent system/network
administration please feel free to contact me directly.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: setting a network printer
On August 22, 2005 12:25 pm, Roldán wrote: hello, i have a network printer and i need to set up in order to print, what can i do? I have used cups, lpd, and aspfilter. It all depends on what your printer supports and what you want to use it with. Like the others have said, read the handbook. -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to use Bochs?
On August 11, 2005 11:09 am, Norbert Koch wrote: I have installed Bochs successfully from ports. At first, I planned to install Windows in Bochs, but soon I found that Bochs needed to be configured before functioning properly. How to configure? I have no idea. I visited the homepage of Bochs just now, but with no gains. It has been ages since I used bochs but in short you need to create a hard disk image file and a bochsrc configuration file. There are a bunch of hard disk image files (http://bochs.sourceforge.net/diskimages.html) available on the bochs home page and the bochs manual has an entire chapter on creating the configuration file (http://bochs.sourceforge.net/cgi-bin/topper.pl?name=New+Bochs+Documentationurl=http://bochs.sourceforge.net/doc/docbook). Years ago I used it when I had to run an old windows (3.1) application that wouldn't work under wine. It worked well. I strongly suggest you to give qemu a try. It installs from ports including a bios and I already successfully booted e.g. the netbsd installation cd from in it under FreeBSD5.4. Norbert ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Obtaining portsmanager meta package for alternate OS
On July 14, 2005 04:03 pm, Michael C. Shultz wrote: On Thursday 14 July 2005 11:37, Garrett Cooper wrote: Hello, I was wondering if anyone could point me to the release notes or code so I could look up the dependencies for the portsmanager package and possibly compile it on Mac OS X Tiger. Try running configure then make just like any other linux program and see if it compiles, if it doesn't let me know what the error is. I understand Mac OS X is based on FreeBSD, does it have FreeBSD's port infrastructure? My Mac (OSX 10.2) doesn't have anything remotely resembling a port infrastructure installed as part of the OS. All the OSS that I've installed was done through what I will call binary 'bundles' mostly from .dmg files. They each provided their own installer (usually using the applescript langauge). For those who might care, a .dmg file is a mac disk image and seams to be the mac equivolent of tar. Sometimes the installer is a text file that says move the files to your applications directory. For example can you do things like: make make install make package make deinstall ??? You would need to install a compiler. If the above work diferently or /var/db/pkg/* is different then portmanager won't work. Would be interesting to know the similarities/differences between FreeBSD and Mac OS X ports infrastructure. /var isn't really used by the MAC except for /var/log and /var/run. As far as portmanager's dependices, to run it requires libc and to compile just needs standard autotools if I recall correctly. My FreeBSD machine is currently at home (sadly without an internet connection to the outside world :(), and I would like to keep it up to date by periodically fetching the ports 'source files'/packages and port snapshots. So I thought I could accomplish this via building the portsmanager package and running it off of my laptop at school since it's the only way I can accomplish my task at hand. However, with that in mind, I was wondering if there was a better way to fetch ports/packages without having to manhandle too many programs/scripts, or if anyone has discovered a better solution to this type of 'issue'. Thanks and your responses are greatly appreciated as solving this 'problem' will help save me a great deal of time :)! -Garrett To use portmanager this way you'll need a way to keep your ports tree current and a way to get the current distfiles. If you can do these two things somehow then just drop the current distfiles into /usr/ports/distfiles and update your ports tree and portmanager should run OK. -Mike -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 5.x raid...
On July 14, 2005 11:42 pm, David Kelly wrote: On Jul 14, 2005, at 7:56 PM, Casper wrote: I can`t find gvinum man on my 5.4 and in google too :) Use the vinum manpage and documentation just mentally substitute gvinum for vinum in all commands. Also, as mentioned before, gvinum is not yet feature complete so some of the things listed in the documentation for vinum doesn't work yet. It's sort of hit-and-miss. There is enough of gvinum to be able to setup a mirror (I did that on 5.3). Also, if upgrading from a 4.x system gvinum will read the vinum config from the disk BUT after you run gvinum the first time you may have problems getting back to vinum (according to the readme). The change in name from vinum to gvinum is because of the new disk sub-system (geom). IIRC It is optional in late version of 4.x and early versions of 5.x. It's off by default in 4.x and on by default in 5.x. What I was told a year ago was that vinum development and support in the 5.x series had ceased and that gvinum was slated to replace vinum. As I said previously vinum worked once running but had about a 50/50 probability of remembering my configuration between reboots. Simply changing the startup file /etc/rc.d/vinum to start gvinum rather than vinum solved the problem completely using the drives configured with vinum without rebuilding the volume. Gvinum is necessary due to internal changes in FreeBSD due to GEOM. It has also been said that gvinum does not yet have all the features of vinum. What its lacking, I can't say. I`m thinking for my server better tool is gmirror? Gvinum worked for my striped volume. I can't say how gmirror differs from gvinum. Maybe someone who has run both will speak. The gvinum mirror command I provided earlier should have you up and running very quickly. Suggest you try it. Beat on the system. Practice removing a plex, trashing it as if it were a new drive, then rebuilding the mirror. Then do the same for gmirror. Now is the right time to play with it before the system goes into production and becomes too precious to play with. -- David Kelly N4HHE, [EMAIL PROTECTED] Whom computers would destroy, they must first drive mad. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DHCP Server Offline.
On July 15, 2005 10:11 am, Stephan Weaver wrote: Hello folks, I have a Stand Alone FreeBSD Firewall / Nat / Dhcp Server. Everything seems to work fine, up until this morning. Users seem to complain they could not get on the network anymore. Further investigation revealed the dhcp server could not be contacted. Further more, only some of the users were online. I am guessing that these clients who were online had an ip address from the dhcp server at a previous time and the lease didnt expire as yet. And users who were not online, the lease expired and attempted to contact the dhcp server and failed. I Would appreciate any help or suggestions. Set the lease expire time to at least 5 days (7 to 10 is better) and the renewal time to between 4 and 12 hours. Then setup a dhcp monitoring process that will alert you if it fails to get an address or renewal. Make sure you have more addresses available than you ever expect to give out. I go with 50% more. I've known some admins that want at least double. Like what to do in the future incase this happens again. Setup 2 dhcp servers on the network. If one fails, the other will hopefully continue to serve addresses. Monitor this one as well. I Would like to find out what had happened. Start reading logs. The last thing that i had done to the server was setup, configure and install 'ntop'; dont know if this would cause a problem. Thank you in advance. Stephan Weaver P.S. Please reply to my Directly at @ [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Whats up with KCalc?
On July 12, 2005 08:01 am, Igor Robul wrote: Parv wrote: in message [EMAIL PROTECTED], Well, did you try any other calculating software? grpn, perl, and dc gave me 46(.0...) even after asking for a result upto 20 digits. Here is a naive guess: kcalc stores the number in such a way that it causes the abnormality as above(?). I have checked KCalc on Mandrake Linux 10.1 (different version of KDE) and it gives correct result. I just checked it on FreeBSD 5.4 and it gives the correct answer. KCalc 1.8 compiled from port. -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Whats up with KCalc?
On July 12, 2005 10:23 am, Igor Robul wrote: Ean Kingston wrote: I just checked it on FreeBSD 5.4 and it gives the correct answer. KCalc 1.8 compiled from port. 5.4-RELEASE? or 5-STABLE? on 5-STABLE with KCalc 1.8.1 (KDE 3.4.1) it gives correct results up to 44+1 than it gives wrong results with 45+1, 46+1, 47+1 etc. Even if I restart KCalc. Looks like I am a bit back-level KDE-3.4.0 KCalc 1.8 on FreeBSD 5.4-RELEASE-p2 -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: adding unused disk space for FreeBSD
On July 9, 2005 09:04 am, [EMAIL PROTECTED] wrote: Hi all, I have a FreeBSD slice (/dev/ad4s3) on which my FreeBSD system lives and some unused free diskspace (resulting from deletion of another OS (no names :-))) on the harddisk. I'd like to use this free diskspace with FreeBSD. I was unable to figure out how to do that using 'fdisk and friends'. You can do it on the command line with fdisk, bsdlabel, and newfs. It is a bit easier to explain using sysinstall so, here is the sysinstall way: #/stand/sysinstall Configure-Fdisk-(select the disk)-(select the unused slice)-T(to change type to FreeBSD)-W(to save the changes)... Label-choose the disk and start creating partitions-be sure to make the new slices for newfs -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: adding unused disk space for FreeBSD
On July 9, 2005 11:07 am, you wrote: Thanks, Ean, for your reply. I tried it as you proposed. The problem is that when it comes to saving the changes the following message pops up: 'ERROR: Unable to write data to disk ad4!' Did you run it as root? Please copy the list with your answer. Carlo. -- Original-Nachricht -- From: Ean Kingston [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Date: Sat, 9 Jul 2005 10:52:20 -0400 Subject: Re: adding unused disk space for FreeBSD On July 9, 2005 09:04 am, [EMAIL PROTECTED] wrote: Hi all, I have a FreeBSD slice (/dev/ad4s3) on which my FreeBSD system lives and some unused free diskspace (resulting from deletion of another OS (no names :-))) on the harddisk. I'd like to use this free diskspace with FreeBSD. I was unable to figure out how to do that using 'fdisk and friends'. You can do it on the command line with fdisk, bsdlabel, and newfs. It is a bit easier to explain using sysinstall so, here is the sysinstall way: #/stand/sysinstall Configure-Fdisk-(select the disk)-(select the unused slice)-T(to change type to FreeBSD)-W(to save the changes)... Label-choose the disk and start creating partitions-be sure to make the new slices for newfs -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postfix vs. qmail?
On June 29, 2005 08:48 am, [EMAIL PROTECTED] wrote: For one who wants to host email accounts for multiple domains, which is better? I've started installing and configuring qmail according to the tutorial on qmailrocks.org but i'm wondering if i should stop and consider postfix before pressing on. You have just opened up a big can of worms (similar to the Linux vs BSD debate). Go with what you want. Like the others I prefer Postfix (but I've never used Qmail so I can't really help you). -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Using unix mail with maildir format
On June 29, 2005 08:50 am, bsd wrote: Hello, Does anyone know if there is a way to read mail with unix mail program? The standard mail command only reads mbox formatted mail stores. I've been using this program since couple of years and I am quite happy with It… I can't seem to find a shortcut to have It read maildir format… There is no shortcut. You would have to modify it yourself. -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Software RAID-1 on FreeBSD 5.4
On June 29, 2005 05:59 pm, Mark Bucciarelli wrote: On Wed, Jun 29, 2005 at 09:56:16PM +0200, ptitoliv wrote: But I have a last question. My disks are differents. One is a Maxtor detected with a 111 GB capacity and the other is a Seagate detected with a 114 GB capacity. Will I have problems trying to use RAID with this configuration ? Not with gmirror. Dunno about ccd. Last time I tried ccd it would work fine on dissimilar drives so long as the partitions (not slices) that are used for the mirroring were exactly the same size. -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: firewall on freebsd
On June 24, 2005 09:33 am, Khanh Cao Van wrote: I'm going to learn about the freebsd firewall . In the handbook list some of them and I could not find out what is the best . So I decided to post here hoping to gain some of your opinion and experience . I would like to know what firewall was the most wanted ? I have used Linux several months and IP tables was a good statefull firewall . What about in freeBSD ? All three are well written and all three pretty much do the same thing. Some things you may want to consider when choosing which firewall product to use: IPFW is part of FreeBSD and only runs on FreeBSD. Filtering is implemented in the kernel, NAT is a user-land daemon. IPFilter is written to work with many operating systems (FreeBSD and Solaris are two examples). Filtering and NAT both run in the kernel. IPF was written for OpenBSD and later ported to FreeBSD. IPF came into existence because of disagreements between certain members of the OpenBSD team and the author of IPFilter. Filtering is done in the kernel and I believe NAT is also in-kernel. I have used both IPFW and IPFilter professionally. I prefer IPFW but only because I am more used to its filtering language. I have not found a sufficiently good technical reason for choosing one over the other. For anyone who wants to start the in-kernel vs user-land NAT argument, I've already been through it and there are valid arguments for both sides. So, I won't get into it again. -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD L2TP client
On June 21, 2005 08:24 pm, Mike Tancsa wrote: On Tue, 21 Jun 2005 00:42:52 +, in sentex.lists.freebsd.questions you wrote: On Mon, Jun 20, 2005 at 08:31:51PM -0400, Mike Tancsa wrote: On Mon, 20 Jun 2005 19:05:28 +, in sentex.lists.freebsd.questions you wrote: I am looking for a way to use FreeBSD as a L2TP VPN client. Does anyone know of a way to do this. I found ng_l2tp, but I'm not quite sure how to use it. If anyone has a good how-to, or can give me some direction, I'd appreciate it. Thank you. I used to use pptpclient (from the ports) but I think the vpn server supported pptp as well as l2tp. At least it was easy to set up so may be worth a try. See /usr/ports/net/sl2tps ---Mike What I really need is a VPN client. I already have a server. I need a way to connect from various locations with my laptop. I havent used it, but http://www.like.e-technik.uni-erlangen.de/propro/freebsd/ with mpd might work. I dont think any of these implementations have any encryption however. ---Mike Mike Tancsa, Sentex communications http://www.sentex.net Providing Internet Access since 1994 [EMAIL PROTECTED], (http://www.tancsa.com) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Xorg installation fails
On June 21, 2005 08:46 pm, Simon Ulfsbecker wrote: Hi readers, I would greatly appreciate any suggestions as to why my Xorg installation fails. Xorg.0.log file can be fetched at: http://hem.bredband.net/simulf/Xorg.0.log No promises I have a clue here. I am by no means an X setup expert. My technique is to choose hardware that is explicitly listed as compatible in the documentation (and early on in the probe list) but I did notice a few things: First, your output indicates that you don't yet have an xorg.conf setup. Try running xorgconfig from the command line and answering the questions very carefully. Go through the video card database and find your exact video card if you can when selecting the video card. Secondly, I noticed that xorg probed your video card as a radeon but it chose to use the generic ati driver. I think there is now an included radeon specific driver. Third, I believe that xorg defaults to a ps2 mouse/keyboard if your hardware has ps2 ports without even looking elsewhere. I used to have an old serial mouse and XFree86 failed to find it on hardware with ps2 ports. If I explicitly configured xorg to use the serial mouse there was no problems. On the mouse topic, I have since switched to using the FreeBSD moused console mouse utility and configuring xorg to use the sysmouse device instead. You have to configure this manually to get xorg to use the sysmouse properly. As for your logitech mouse, I've used those (serial, ps2, and usb) on various systems without a problem using moused so unless you are having hardware problems it should work fine. During standard installation of freeBSD 5.4 my logitech USB 3 button mouse fails to be detected, but when doing a post install mouse configuration the pointer shows up and can be moved around when testing the mouse deamon. Still, my mouse pointer is reported as missing when running Xorg -config xorg.conf.new after that. Using a USB to PS/2-adapter might do the trick, but adhering to moore's law, my motherboard (Asus p4p800 deluxe) can't handle a PS/2 mouse for some odd reason. My box won't boot and the monitor wont power on having anything plugged into the PS/2 port (!). Some errors are also reported for my ATI Radeon 9800 pro GFX adapter, but I think it's the non present pointer device that is hindering me from doing an Xorg -config. I'm out of clues... Best regards, Simon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cloning with nfs?
On June 22, 2005 02:40 am, Dick Hoogendijk wrote: Yesterday I ruined my partition table on one of my machines. Luckely this machine was almost an exact copy of another that still is running fine. So, I can follow the procedure of copying one disk to another (following the handbook). But this requires a fysical removal / action on the machines and harddisks witch I don't want to do if not needed. I did a minimal install on the crashed machine (#B) If disk'cloning' can be done through NFS that'll be the way to go for me. Will it be enough to export /var /usr /tmp and / (#B) to mountpoints on machine #A and then follow the 'normal' dump/restore procedure mentioned in the handbook? Or are there side_effects and will fysical placement of the 'new' drive in machine #A be the right way to do it? I don't think restore works reliably on NFS mounted disks but I have copied disks using dump/restore through ssh. I would not do a blind dump/restore of / or /var. Those filesystems can contain some installation specific information. I think the only thing out of / that you need to copy would be /etc and possibly /boot if you have a custom kernel. Just remember that a kernel install is not as simple as copying files. You don't need to copy /tmp since it should not contain any information that is needed to survive a reboot. Just reboot after you restore. As for /usr you should be able to dump/restore that one. If you have additional packages installed, you will also want to copy /var/db/pkg and possibly /var/db/ports. Likewise, if the system is a mail server, you will want to copy over the appropriate directory structure (typically /var/spool) but you need to make sure you don't copy over any of the spool files or your users are going to get 2 copies of the same message delivered. Thanks for any advice. -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Using FreeBSD to examine/work on a Solaris disk
On June 22, 2005 10:25 am, Lowell Gilbert wrote: Wesley Groleau [EMAIL PROTECTED] writes: I have an i386 FreeBSD 5.4 I've stuck a disk from a Sun Ultra 10 on the ATA0 slave. If possible, I'd like to mount it to see what's what. (and tweak some /etc files so I can get into the Sun). Is there an fstype to mount the disk? Or even a way to see the partition table? Nope. FreeBSD does not support the SUN filesystem. SUN does not use a PC type partition table (called slices in FreeBSD terminology) on Sparc systems (which the Ultra 10 is). And, as Lowell mentioned, there is the endian issue. All the ones I tried wouldn't work. FreeBSD does recognize there is a disk there. Good the disk works. Of course, I can't be sure it's Solaris---previous owner might have been into Linux/BSD/whatever. If you want to learn a lot about filesystems, you could spend the next year writing a program to access the raw disk device and start picking apart the contents of the disk one block/byte at a time. To start with, there's probably a problem with endianness (on the metadata structures). Even if the Sun ran FreeBSD, that would still apply. I'd estimate that this is about the level of a semester project for an undergraduate programmer... -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 4.x - 5.x
On June 20, 2005 11:28 am, Kövesdán Gábor wrote: Hello, it must be a well-discussed topic, but I don't know where to find a good description about upgrading from 4.x to 5.x. There is a production machine running 4.10 and the owner wants me to upgrade it to 5.4. Could somebody tell me the most important points to care? Or do You know a good howto? I don't know a good howto but I did a source upgrade from 4.11 to 5.3 a while back. I ran into a few issues (due to laziness on my part): Some changes in kernel config files for building custom kernel. Some changes in /etc (especially rc.conf). I wound up installing a fresh /etc and then manually adding my changes. Significant changes to the disk sub-system. I'm using vinum for disk mirroring. If you are using vinum, read up on gvinum carefully. I migrated too soon. Should have waited for 5.4. 5.4 is much better than 5.3. -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: any ipf wizards out there?
On June 20, 2005 12:32 pm, Gary Kline wrote: Folks, A couple weeks ago I realized that my ipf ruleset was messing up my web access ... ad had been for months I just tried an older, simpler ipf.rules. Same results. Can anybody out there in FreeBSD-land clue me in please? Probably not without more detail. If you provided your rules someone might be able to help you debug them a bit. A description of your network would probably help too. -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Still looking for w finger who commnds don't give info.
On June 20, 2005 12:36 pm, Dixit, Viraj wrote: These commands use to give me information on who is logged on in BSD 5.3 now for some reason no information is given from these commands when super users are logged on. Any info.? Thanks!! They work on my 5.4-p2 system. Did you remember to add back sessreg if you wanted X logins to be recorded as well? -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Still looking for w finger who commnds don't give info.
On June 20, 2005 12:54 pm, you wrote: I am not sure what you are telling me, please explain. Thanks! First, I do not have the same problem that you have. So it is probably not a bug in the OS but an installation error on your system. That is w, finger, and who are working as expected (for me). Second. If you want to include the status of people that logged in via xdm(1) (or equivalent), you need to use the sessreg(1) utility in order to update the utmp and wtmp files (those files are used by w, finger, and who to determine the login status of users). Also, please reply to the mailing list. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ean Kingston Sent: Monday, June 20, 2005 9:52 AM To: freebsd-questions@freebsd.org Subject: Re: Still looking for w finger who commnds don't give info. On June 20, 2005 12:36 pm, Dixit, Viraj wrote: These commands use to give me information on who is logged on in BSD 5.3 now for some reason no information is given from these commands when super users are logged on. Any info.? Thanks!! They work on my 5.4-p2 system. Did you remember to add back sessreg if you wanted X logins to be recorded as well? -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD/UNIX backups to DVD+RW
On June 17, 2005 10:34 am, James Riendeau wrote: What I was doing did work fine for me; I just couldn't add multiple dumps to the same disk. It turns out this was the wrong way to do it. I'm not sure how a 32K block size would help. The -B4589840 I used tells dump that the 'tape' it will be writing to can hold 4589840 kb (4.37 Gs), the size of a standard dvd. Unfortunately, growisofs provides direct access to the DVD and dump does not use a ISO compliant file format, so growisofs cannot find the end of the last session (who knew? :). I was told the way to do this properly is to dump a partition to a file in say /tmp/fullbackup/, gzip it, and repeat until I have all the partitions. Then write /tmp/fullbackup to the dvd: (Note, I added -B10485760 to limit backups to 10 G's. You have to give dump some -B value or it will attempt to write out a catalog of standard size tapes. You should adjust this value to whatever meets your needs.) # dump -0 -uL -C16 -B10485760 -f /tmp/fullbackup/usr.dumpfull /usr # gzip /tmp/fullbackup/usr.dumpfull # dump -0 -uL -C16 -B10485760 -f /tmp/fullbackup/var.dumpfull /var # gzip /tmp/fullbackup/var.dumpfull # dump -0 -uL -C16 -B10485760 -f /tmp/fullbackup/home.dumpfull /home # gzip /tmp/fullbackup/home.dumpfull # dump -0 -uL -C16 -B10485760 -f /tmp/fullbackup/root.dumpfull / # gzip /tmp/fullbackup/root.dumpfull # growisofs -speed=4 -Z /dev/cd0 -J -R /tmp/fullbackup If you're pressed for space, you can do the above, but write each file to the dvd before removing the gzipped dump file and creating the next one. The first file would be written with the -Z (new session) option, then the rest with the -M (append) option instead. If this still takes too much space, I suppose you could try to pipe the dump directly to gzip, but I couldn't figure out how. If anybody knows, please reply. dump -0 -uL -C16 -B10485760 -f - $fs | gzip $fs.dumpfull.gz Of course, after you gzip the dump image, it should be smaller than it was so you can actually fiddle with the -B option to get the gzipped file as close to a full DVD as possible. To do a restore, I found the following works: - Recreate the partition (in my case this would involve playing with gmirror first in the event of catastrophic disk/system failure) - cd into the mounted partition (ex, cd /usr) - mount the backup dvd and restore: # cd /usr # mount -t cd9660 /dev/your dvd drive /cdrom # restore -rfv -P 'gunzip -c /cdrom/usrfullbackupfilename.gz' But don't take my word for it, you should always do a test restore (into /tmp if necessary if you haven't any blank hard drives handy) before a catastrophic event happens to make sure the process works smoothly. Thanks to all those who replied, - James Riendeau I'm posting this to the list for posterity's sake. In case someone else has this problem, they will have full instructions at their disposal, provided they can find it. On 6/17/05 4:56 AM, Wojciech Puchar [EMAIL PROTECTED] wrote: I'm trying to setup backups to the DVD-RW drive on our new server before it goes into production. I've got the DVD-RW drive working, and I figured out how to dump to it: # dvd+rw-format /dev/cd0 # dump -0 -uL -C16 -B4589840 -P 'growisofs -speed=4 -Z /dev/cd0=/dev/fd/0' /usr with both DVD+RW and DVD-RW i was able to write DIRECTLY to /dev/ under NetBSD if only blocks were 32k should be possible with FreeBSD too. A test restore comes out clean: # restore -Nxvb /dev/cd0 The problem is most of the partitions are tiny ( 1G) and I would like to fit more then one partition on each DVD. I figured just passing -M (append data) instead of -Z (new session) would do it: # dump -0 -uL -C16 -a -P 'growisofs -speed=4 -M /dev/cd0=/dev/fd/0' /home But growisofs fails with :-( /dev/cd0 doesn't look like isofs..., and of course dump fails with Broken pipe. Any clues to how to get this to work? (Webpage link is sufficient if there is something out there. I couldn't find one.) I'm fairly new to the FreeBSD/UNIX world, so please be gentle. Thanks, -james ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: df: root partition at 108% capacity! Can't find why...
On June 15, 2005 05:24 pm, SteveW wrote: Hi All, df: root partition at 108% capacity! Can't find why... After searching google freebsd.org I am no nearing to figuring this out, other than this is a known problem. Either I or the system managed to get the root partition back to under 100% but only just... I have looked for any large files that might be taking up space but have yet to locate anything over 3meg. Any suggestions, ideas, thoughts gratefully received. 1. Create a separate /tmp filesystem. You should never let ordinary users (or daemons) write to the root filesystem. Unless you really need the nearly 4G of space you have in /var for a specific reason, you should be able to take some space out of there for your /tmp. 2. Use du to track down large files/directories, as was suggested by someone else. 3. Double check the size of hidden files in / and /root. 4. When you find out what is/was filling your filesystem, change the configuration so it doesn't happen again. Thanks, Steve INFO: FreeBSD 4.7-RELEASE-p10 / 80gig drive df was: /dev/ad0s1a 252M 250M -18.5M 108% df now: FilesystemSize Used Avail Capacity Mounted on /dev/ad0s1a 252M 230M 1.8M99%/ /dev/ad0s1g29G 2.3G24G 9%/home /dev/ad0s1f 3.0G 1.7G 1.0G62%/usr /dev/ad0s1e 3.9G75M 3.5G 2%/var procfs4.0K 4.0K 0B 100%/proc After the cras dmesg was filled with this: pid 8967 (cp), uid 0 on /: file system full pid 8967 (cp), uid 0 on /: file system full -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Remote server warnings
On June 16, 2005 10:02 am, Greg Maruszeczka wrote: Jonathan Arnold wrote: I'm going to be moving my server to a remote site, where I'll only be able to ssh to it for any kind of service. It has been local, hooked up via a KVM switch, so it will be a new setup for me. What sorts of problems should I keep an eye out for? What kind of setup should I have? I've turned on ssh. What else should I do? How hard will it be to update my system remotely? Thanks in advance for any help you can provide. If you can, switch the console to a serial port and connect a null modem cable between the serial port of your system and some other system that you have at least user level access to at the remote site. That way you can get to the console in the event of problems. Use rsa/dsa keys and disable password auth in sshd_config. You can generally do port upgrades via ssh without issue. Obviously you have to be careful when performing major updates like `make world` where it's usually recommended that you drop to single-user mode before installing world. Some folks claim they do the whole make world dance by remote and just don't reboot or drop to single-user mode. Personally, I'd never do this on a production box but I recall some good discussion on this list a few months ago about this very topic. Check the archives if you're interested. G ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix on BSD
On June 16, 2005 11:54 am, Bart Silverstrim wrote: Probably off-topic, but it's a sysadmin question that maybe someone on the list could send a quick blurb answer about :-/ I'm trying to filter some mail coming into Postfix based on the body content. I have the line body_checks = regexp:/usr/local/etc/postfix/body_checks in main.cf. The file contains: # Will this stop RR collateral damage messages? /^* This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments./ REJECT Possible automated RoadRunner mail scanning collateral damage. Eliminate the notifying text and resend message. # Borrowed check lines /^This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm,/ REJECT Email reporting virus detected /^This e-mail in its original form contained one or more attached files that were infected with the / REJECT Email reporting virus detected ** The files are owned root, wheel with rwrr, so it should be readable by the postfix processes. I do a postfix reload, send an email from the Internet to this mail server containing the key phrase(s), and they seem to go right through! Am I missing something? Yes you are missing something. Postfix does not do multi-line expression matching. I (have, am) going through docs and examples to try to figure it out...but any hints from people on the list using postfix would be appreciated. The logs aren't showing any error messages from postfix on reload (or start/stop). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix on BSD
On June 16, 2005 12:06 pm, Bart Silverstrim wrote: On Jun 16, 2005, at 12:00 PM, Ean Kingston wrote: On June 16, 2005 11:54 am, Bart Silverstrim wrote: Probably off-topic, but it's a sysadmin question that maybe someone on the list could send a quick blurb answer about :-/ I'm trying to filter some mail coming into Postfix based on the body content. I have the line body_checks = regexp:/usr/local/etc/postfix/body_checks in main.cf. The file contains: # Will this stop RR collateral damage messages? /^* This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments./ REJECT Possible automated RoadRunner mail scanning collateral damage. Eliminate the notifying text and resend message. # Borrowed check lines /^This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm,/ REJECT Email reporting virus detected /^This e-mail in its original form contained one or more attached files that were infected with the / REJECT Email reporting virus detected ** The files are owned root, wheel with rwrr, so it should be readable by the postfix processes. I do a postfix reload, send an email from the Internet to this mail server containing the key phrase(s), and they seem to go right through! Am I missing something? Yes you are missing something. Postfix does not do multi-line expression matching. Maybe I'm misunderstanding you, but the lines wrapped in the email and are one line each in the actual configuration file. Postfix scans the body of the email message one line at a time. Your expressions have more text that would usually go on a single line in an email. Also the asterisk in /^* This e-mail was sent from a Road Runner IP address. has been removed now...a warning was appearing in the maillog. No longer gives warning, but still lets the m ail through. Postconf shows that the value for body_check is pointing at the correct file... -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Outsourcing a modem pool for dialup? Any advice?
On June 9, 2005 03:20 pm, Tony Shadwick wrote: We can also provide this sort of thing for you, but it won't be anywhere near as cheap as the single ISP account you're using. We have to allow enough lines for simultaneous connections. The good news is that it is overnight, and you are correctly staggering the connections, then it might not be a problem, but if we have to purchase an additional PRI line to handle the need, then that cost would be passed along. Give me a call: 314-436-1700 I'm in Canada and looking for work (since the last company I worked for shrunk) and I would be willing to set up a dialup pool in Toronto for you with 800 service and whatever you want for cost plus a reasonable paycheck for myself. Of course, Tony would probably offer you a better price. If you are interested, e-mail me off list. Or, if anyone knows of available BSD/Solaris jobs let me know. Thanks. On Thu, 9 Jun 2005, Michael C. Shultz wrote: On Thursday 09 June 2005 10:38, Philip Hallstrom wrote: Hi all - Our company has a product such that a small server is installed at each customer site. This server dials up to the Internet every night and exchanges some content with a central server in our data center. Total transaction takes about 5 minutes. Customers can have multiple sites. Our largets to date has three, but some potentials have several hundred. In the cases where the site does not have an existing Internet connection we currently use dialup via a major ISP. This works for now, but won't for the long haul for a couple of reasons: - they all are all sharing the same username and password (yes yes, I know...) - we're moving into canada and this ISP doesn't have many local numbers up there. - Dealing with local numbers and their somewhat frequent changing is a real headache. What I want is a modem pool with one local number (tied into an 800 number) where I can create as many username/password pairs as needed. I want that local number to never change :-) Now... to make it fun... - No, I can't install a dialup server in our corporate datacenter. - No, I can't setup a freebsd server in satellite office. That leaves me with an outsourced solution that needs to work with FreeBSD's PPP. Anyone know of anyone that does this sort of thing? Or an ISP that has a service geared towards this (our current one does not). Thanks! -philip You may not like the price but the local phone company likely provides this service. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: help! Strange traffic
On June 9, 2005 10:19 pm, Karan Gupta wrote: Hi Im running a fBSD T1 router(a gatewat with a sangoma 514 csu/dsu card) that performs dhcp, nat, ipfw firewall. FreeBSD rtr-eee..com 4.8-RELEASE FreeBSD 4.8-RELEASE #4: Thu Jul 31 04:47:04 PDT 2003 root@:/usr/src/sys/compile/GENERIC i386 Im seeing the following traffic on doing tcpdump on the external interface 01:12:15.875308 201.93.36.43.1913 web.visp.ashosting.nl.http: S 1396310016:1396310016(0) win 16384 01:12:15.876288 201.93.36.41.1587 web.visp.ashosting.nl.http: S 802357248:802357248(0) win 16384 01:12:15.885340 201.93.37.127.cuillamartin web.visp.ashosting.nl.http: S 1656750080:1656750080(0) win 16384 01:12:15.886056 201.93.36.250.1194 web.visp.ashosting.nl.http: S 1188954112:1188954112(0) win 16384 01:12:15.886794 201.93.36.118.1613 web.visp.ashosting.nl.http: S 474546176:474546176(0) win 16384 01:12:15.887628 201.93.36.120.1135 web.visp.ashosting.nl.http: S 224526336:224526336(0) win 16384 01:12:15.895344 201.93.37.129.1073 web.visp.ashosting.nl.http: S 5767168:5767168(0) win 16384 01:12:15.896286 201.93.37.131.timbuktu-srv3 web.visp.ashosting.nl.http: S 2056323072:2056323072(0) win 16384 01:12:15.905302 201.93.37.225.1341 web.visp.ashosting.nl.http: S 2125070336:2125070336(0) win 16384 01:12:15.906042 201.93.37.223.docstor web.visp.ashosting.nl.http: S 1558642688:1558642688(0) win 16384 01:12:15.915253 201.93.38.91.1842 web.visp.ashosting.nl.http: S 1312751616:1312751616(0) win 16384 01:12:15.916105 201.93.38.89.1326 web.visp.ashosting.nl.http: S 1620377600:1620377600(0) win 16384 The 201.x.x.x is NOT from my local network. That would mean that web.visp.ashosting.nl is being hosted on my network(weird!!)) This name doesnt resolve to any IP address either. How do i block this. I tried blocking 201.93.0.0/16 but then the traffic started coming from 195.x.x.x First, try the tcpdump again but without name resolution. That way you can verify where web.visp.ashosting.nl is. If the address for web.visp.ashosting.nl is not in your network then someone probably has a routing issue. Once you verify that the routing issue isn't on your side you need to talk to your upstream provider to help fix it. If the address for web.visp.ashosting.nl is in your network, chase it down and see if it is having problems. You may also want to do some more detailed sniffing of the traffic to see exactly what that http session is doing. -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
kernel panic with unmount: dangling vnode on boot
Hi all, I just updated my 5.3 system to 5.4p1 from source and ran into a serious problem. During boot, when the filesystems are being mounted, the system goes into a kernel panic and reports panic unmount: dangling vnode it then reboots. I have found PR 79665 which appears to be related. I have also found that booting to single user mode and manually mounting the filesystems will bypass this problem but it is not a good workaround since I don't have battery backup and the power here is less than ideal (short outages 3 or 4 times a year). The system this is being tested on is using gvinum for a number of filesystems: /tmp is stripped, /home is mirrored, / /var /usr are ordinary filesystems. The system is a dual PIII so I'm using an SMP kernel. I've stripped unused device drivers and added a few things so I will re-try with generic and generic+smp when I get a chance. Once I get the system back up (after the most recent reboot) I will build a generic kernel and see if that has the same problem. Does anyone else have similar problems and, if so, are there any workarounds so that I can boot cleanly. I really don't want to lose gvinum but I will if I have to. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mounting /tmp with noexec
Hello, I wonder if it is safe to mount /tmp with noexec flag. I already discoved that I have to pay attention to this before installing a world, because this task requires to execute binaries in /tmp. Are there any further pitfalls which I should take into account or even could keep me from doing this? I haven't seen a reply to your query so let me say that I have mounted /tmp noexec for years and the only problems I've had were the installworld problem you mentioned and a few badly written 3rd party installers that expect to be able to execute from /tmp. I also mount /tmp nosuexec and async. Sometimes after a system crash I have to rebuild /tmp because of the async but the systems just don't crash that often. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gvinum - gmirror
On Apr 4, 2005 9:40 AM, Uro¹ Gruber [EMAIL PROTECTED] wrote: 5.4 will be worth the upgrade, but I would wait for it to become final before installing it on any production servers. Can I take the above statement to mean that the vinum attach command (and other missing functionality from gvinum) will be working again. If so, thank you very much for your hard work. Also, any idea of the state of growfs (especially as it related to gvinum)? If you have any test systems please start testing it. The more 5.4 is tested before release the better. I don't think that you will be able to migrate a gvinum volume to a gmirror volume in place. You will have to back it up, remove the gvinum volume, then configure gmirror and restore the data, etc. --Nick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (LONG) ATA Benchmark: 5.x Reads Slower than Writes
Adaptec SCSI RAID1: avg 160/s Adaptec SCSI RAID10: avg 412/s Sequential Read laptop 2.5 ATA: avg 76/s # SLOWER than write! gmirror ATA RAID1: avg 251/s # SLOWER than write! Adaptec SCSI RAID1: avg 7862/s Adaptec SCSI RAID10: avg 7618/s Random Create laptop 2.5 ATA: avg 124/s gmirror ATA RAID1: avg 354/s Adaptec SCSI RAID1: avg 155/s Adaptec SCSI RAID10: avg 504/s Random Read laptop 2.5 ATA: avg 57/s # SLOWER than write! gmirror ATA RAID1: avg 144/s # SLOWER than write! Adaptec SCSI RAID1: avg 7655/s Adaptec SCSI RAID10: avg 7413/s CONFUSION Now, I could explain poor read performance by: - Less RAM == Less buffer - Bigger Disks == Slower Seeks - Less CPU == ??? I DO have a 4.8-STABLE with a single IDE disk, no Soft Updates, and faster read than write: Version 1.93c --Sequential Create-- Random Create anubis. -Create-- --Read--- -Delete-- -Create-- --Read--- -Delete-- files:max/sec %CP /sec %CP /sec %CP /sec %CP /sec %CP /sec %CP 10:104884:0/5 183 32 1739 97 502 16 176 32 1624 94 368 13 Latency 707ms 11487us 32824us 488ms 207ms 117ms However, seeing read SLOWER than write ... I have to wonder if something fishy is going on. Suggestions? Ideas? I'm fresh out, at the moment. My suspicion is that something in 5.x is out-of-tune!? Thanks a lot. Sincerely, -danny -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: suspending login
Ean Kingston wrote: If you change the password entry then, when you want to enable the user again, the user has to enter a new password. This way, the user keeps his/her old password. Note, the question asked for suspend, not remove. I read suspend as implying that the account may be used again. No, you don't replace the password, you just insert an invalid character - one which can never be the result of crypt(). That invalid character is typically an asterisk. To unlock the account, you remove the asterisk. It's how pw usermod -L and -U work. I hadn't considered that. I will be doing that from now on. Thanks. For the OP, it's important to use all three approaches if your victim is untrustworthy. If you change the password but nothing else he can still get in via SSH; if you change the shell but nothing else he can still get in via FTP (possibly); if you change the home directory but nothing else he can still get in via SSH (and mess with /tmp or /var/tmp). So if you are locking out the user to preserve evidence of some misdeed, be sure to do all three. If this is just a real-life buddy who's welching on some money he owes you, though, doing only one will probably be sufficient. (Well, doing one and saying things to him like I bought a .45 last week and It turns out that if you do enough cocaine most juries won't convict you of murder.) I hadn't thought of that either. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: suspending login
On Tue, 2005-04-05 at 18:50 -0400, Ean Kingston wrote: On April 5, 2005 06:42 pm, Bob Ababurko wrote: Hello all- I am trying to figure out how to suspend a login for a user. Do I have to do this with password aging or is there an easier(read brute force) way to disallow a user from logging in? the safest way is to set the shell to /sbin/nologin and the home directory to /nonexistant in your auth system. The latter is especially needed if you allow ssh for remote login since the public-key authentication mechanisms sometimes bypass the normal login restrictions. Am I mistaken here, or will doing that only deny the user a shell and home directory? The user will still be able to authenticate against the password database right? To the best of my knowledge the correct way of doing this is either the asterisk method in the password field using vipw or the more user friendly way of using pw(8) with the lock command. Yes, that will allow the user to authenticate against the password database but the user has no home directory and a shell that kicks the user out right away. If you change the password entry then, when you want to enable the user again, the user has to enter a new password. This way, the user keeps his/her old password. Note, the question asked for suspend, not remove. I read suspend as implying that the account may be used again. If what is wanted is a permanent removal of the user then the entire home-directory and it's contents should be removed as well. Also, a search for all files owned by that user needs to be done and those files need to be cleaned up. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Domainname
I didn't think when I was doing my last install, and now my system has a domainname it shouldn't have. Too many different operating systems compete for space in my brain and I can't seem to find any information about fully qualified domainname in the fine manual, since all it talks about is NIS/YP, which isn't my problem. Any hints? Have a look at /etc/rc.conf (the hostname setting). -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: vinum trouble on 5.3-Stable
I upgraded to 5.3 on one system a while ago. And when it boots up vinum panics the system on startup with this message: panic: unmount: dangling vnode I found that if I boot in single user mode and mount / to make it rw, then start vinum, everything is fine. I just patched the kernel for the sendfile bug so this has come up again. Is this an order of execution problem? Do I change when vinum is started? What the solution. AFAIK the only current solution is to switch to gvinum. There are more details about it in the archive. I'm happy (apart from this) with 5.x and plan to upgrade my main server to 5.x. Now that I got a good handle (I think on bind 9). -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: suspending login
On April 5, 2005 06:42 pm, Bob Ababurko wrote: Hello all- I am trying to figure out how to suspend a login for a user. Do I have to do this with password aging or is there an easier(read brute force) way to disallow a user from logging in? the safest way is to set the shell to /sbin/nologin and the home directory to /nonexistant in your auth system. The latter is especially needed if you allow ssh for remote login since the public-key authentication mechanisms sometimes bypass the normal login restrictions. -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: *attaching* a file to /usr/bin/mail message
On 2005-04-02 14:08, Colin J. Raven [EMAIL PROTECTED] wrote:
Does anyone happen to know how you would *attach* *not readin the
contents of, but actually *attach*) a file using /usr/bin/mail?
Not very easily, is one answer. You can probably get away with uuencode
output filtered to the standard input of mail(1), but that's not really
a MIME attachment.
Okay, if you really want to use mail, here is what a mail message
(suitable for sending through /usr/bin/mail looks like when it has a
UUEncoded attachement. Technically you are supposed to MIME-Encode the
attachment but pretty much every mail client that supports attachments
will read a UUEncoded attachment.
From: System Administrator[EMAIL PROTECTED]
To: test user[EMAIL PROTECTED]
Subject: Testing mail attachments.
Content-Type: multipart/mixed;
boundary=This_can_not_match_any_other_line_in_the_message
MIME-Verion: 1.0
--This_can_not_match_any_other_line_in_the_message
Content-Transfer-Encoding: quoted-printable
Content-type: text/plain
Hi, Attached is a simple text file to test multi-part sending. The file was
originally called sample.txt and was created on a SUN system.
Notice the string specified in the boundary=... bit in the headers. That
string should not occur anywhere in the body except as part of the mime
part delimitters.
--This_can_not_match_any_other_line_in_the_message
Content-Transfer-Encoding: x-uuencode
Content-Type: text/plain;
name=sample.txt
Content-Disposition: attachment;
filename=sample.txt
begin 644 sample.txt
M5AIR!IR!A('-A;7!L92!F:6QE('[EMAIL PROTECTED];!B92!U=65N8V]D960@
M=[EMAIL PROTECTED]@95L:79EF5D(%S(%N(4M;6%I; IA='1A8VAM96YT+B!)=!I
MRP@;V)V:6]UVQY([EMAIL PROTECTED]5X=!F:[EMAIL
PROTECTED]AIR!S:]U;[EMAIL PROTECTED]@=AE
.(9O=7)T:!L:[EMAIL PROTECTED]@
end
--This_can_not_match_any_other_line_in_the_message--
You use it like this:
/usr/bin/mail [EMAIL PROTECTED] mail_with_attachment.txt
Obviously, you will have to uuencode your own attachment and replace the
one from the example.
On my system mail has no -a (attach) flag, and some Googling told me
mailx might solve the problem, but /usr/bin/mailx just invokes mail
Other mail user agents do have a -a flag though. At least mail/mutt
does and I've used it successfully in the past. If you are not stuck
with mail(1) only, you can always use mutt for this.
mutt -a /path/to/file [EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
--
Ean Kingston
E-Mail: ean_AT_hedron_DOT_org
PGP KeyID: 1024D/CBC5D6BB
URL: http://www.hedron.org/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Outgoing port 113 connections
My firewall keeps reporting that it denies outgoing 113 port connections. Why would I allow port 113 outgoing connections? I don't seem to have any problems at the moment. So that applications on your system can perform a remote ident request. I don't know of any program that requires ident to work. Some (like ssh in some configurations) will try it to get more information about the remote user by trying an ident call over the network. Also, how would I identify which program is trying to connect to 113 port? $ grep 113 /etc/services auth113/tcpident tap#Authentication Service auth113/udpident tap#Authentication Service You may also try sockstat, netstat, and tcpdump. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mksnap_ffs woes
Francisco Reyes wrote: In my experience databases DO NOT like file system backups unless the database is NOT running. The more heavily you use the database the least it will play nice with file system backups. Unfortunately we have no choice. Sorry if this has been mentioned before but have you considered a split-mirror-backup? It would involve some downtime but only a few minutes for each backup. It would be cheaper than replacing all the clients. Is using the database backup routines an option? Nope. Does the database has any type of replication? Nope again. BTW, we have almost no room for changes on the client side :( What is the client side? Some *old* PCs (need ISA slots) running an old DOS [wannabe] application (actually a plethora of .BAT files and some .EXEs) on Windows 95 or 98 :( Not even the firm who made that crap is willing to put their hands on it. Replacing the software would mean replacing the hardware (not only the PCs, but the attached machines too) at multiple sites, which would mean a HUGE amount of money; that's behind my power and is to be considered out of question. Given that you said it is in Samba is seems it's some type of windowd database. Is it a workgroup type of DB like Access or Foxpro? SQL server? It's some bunch of DBFs with associated indexes and God only knows what else. Given the clients need to be up 24/7, I though of filesystem snapshots as the only solution. I'll keep trying a bit more, since it seems doing them on a daily schedule doesn't do any harm. The problems so far have only arisen when I manually started a backup script (possibly interrupting it, cleaning up, and starting again). bye Thanks av. P.S. The firm who sold that crap, also implemented the file server before mine; just without any RAID and/or backup facility. These data are vital to that business. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall questions
Only a little note about the comment: On FreeBSD you have a choice of IPFW, IPF, and PF. IPFW is FreeBSD only, IPF runs on many OSes (but not Linux), Since i have been reading the Ipfilter maillist, you can see that Ipfilter now runs on Linux too. This is only information. Greetings. Wow, I stand corrected. The last time I talked to Darren (years ago) he said IPFilter would never run on Linux. I guess the Linux folks fixed whatever was vexing him about their architecture. On Mar 23, 2005 1:03 PM, Ean Kingston [EMAIL PROTECTED] wrote: I have been looking for a great firewall, something not too technical, since I have only been using FreeBSD for two months now. I have FreeBSD-4.8 installed, Apache-1.3, and Netqmail-1.05. I am also planning on running an NTP time server and possibly a forum in the future. The web site is expected to become a well-recognized site, so that complicates matters. More attention to the site means more attacks. If it's a firewall you might want to upgrade to the latest in the series you are using (4.11). There may be security holes in 4.8 by now. Also, I am looking for antiviral protection for both the FreeBSD server, and any Windows or Macintosh systems that may be using the POP mail. I know qmail has one solution, which was contributed by a qmail user, but what are the alternatives? There are very few anti-virus packages for FreeBSD. AFAIK there are no viruses that target FreeBSD. There are a few that target x86 hardware but these don't propagate over the 'net. Have a look at amavis (it's in the ports collection). I've never used it but it's been mentioned a number of times on various lists. Also, F-Prot (www.f-prot.com http://www.f-prot.com) provides an AV product for FreeBSD (NetBSD, and OpenBSD too). They even have a mail scanner product. I used the file scanner for a while but stopped the last time I upgraded the OS. Any suggestions as to what firewall would provide me with the best protection, while not being overly too complicated? For simplicity, get one of the Firewall Router devices and stick your FreeBSD system behind it. Most have a web interface to manage them. Just make sure you get the Firewall model and not the Router with NAT model. Unless you get lucky, the guy a Best Buy (or whereever) won't have a clue about the differences and will not be able to help even if he thinks he is helping. You need to do your research on this. On FreeBSD you have a choice of IPFW, IPF, and PF. IPFW is FreeBSD only, IPF runs on many OSes (but not Linux), and PF is a port of the OpenBSD firewall. All are included with the FreeBSD distribution but require a kernel recomple (it's explained in the handbook and isn't nearly as scary as it sounds). All are about a complicated to configure/manage. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ATAPI/CAM not working.
I have these optios in kernel: device atapicam device scbus device cd device pass device ata and I think these should be enough? still dmesg | grep cd shows only this: acd0: DVDR HL-DT-ST DVDRAM GSA-4120B/A102 at ata1-master UDMA33 no cd0. So I can't burn any cd's or dvd's. what could be wrong here? What does 'camcontrol devlist' show? And, of course, the obligatory silly questions: 1 Did you build your new kernel? 2 Did you install your new kernel? 3 Are you sure you installed your new kernel (ie uname -a show right info)? -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Vinum Problem
On Sun, 2005-03-27 at 16:59, Ean Kingston wrote: On March 27, 2005 10:35 am, Robert Slade wrote: Hi, I have managed to setup a vinum volume using 2 striped disks, the volume is created and I can do newfs on it and mount it. However, when I set start_vinum=YES in rc.conf, vinum loads then I get panic, followed by hanging vnode. I'm using 5.3. Any pointers please. In 5.3, you need to use gvinum instead of vinum. To do this set start_vinum=NO in /etc/rc.conf and set geom_vinum_load=YES in /boot/loader.conf. gvinum will read your vinum configuration just fine so you only need to make the changes I suggested to get it to work. Althought this is documented, it is not what I would call 'well documented' yet. Ean, Thank you, that got me further, I appears to have created a new /dev/gvinum/test, which seems to the right size, but when I mount it as /test, I get not a directory when I try and ls it. The mount point needs to exist prior to mounting a filesystem so, try something like this (as root): mkdir /test mount /dev/gvinum/test /test mount | grep test That last one should produce the following output, /dev/gvinum/test on /test (ufs, local, soft-updates) which indicates that you have a mounted filesystem on /test. I have tried to find documentation on geom, but that seems to be related to mirroring. Ya, documentation is still being worked on. For basic stuff (like creating concatinated volumes) you can use the vinum documentation and replace 'vinum' with 'gvinum' when you try things. Using your 'test' filesystem is a very good idea. Some aspects of vinum still aren't fully implemented in gvinum. Remember, if you just created your /test volume. It should be empty. You did run 'newfs /dev/gvinum/test' after creating it and before mouting it, right? -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Vinum Problem
On March 27, 2005 10:35 am, Robert Slade wrote: Hi, I have managed to setup a vinum volume using 2 striped disks, the volume is created and I can do newfs on it and mount it. However, when I set start_vinum=YES in rc.conf, vinum loads then I get panic, followed by hanging vnode. I'm using 5.3. Any pointers please. In 5.3, you need to use gvinum instead of vinum. To do this set start_vinum=NO in /etc/rc.conf and set geom_vinum_load=YES in /boot/loader.conf. gvinum will read your vinum configuration just fine so you only need to make the changes I suggested to get it to work. Althought this is documented, it is not what I would call 'well documented' yet. -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mount error.
People, Partitioning ad0s2 is fine. But I get a mount error in the newfs section. Specifically: Error mounting /mntg/dev/ad0s2e on /mnt/usr : Invalid argument Gary, are you mounting it by hand? I wouldn't expect to see either the '/mntg' or the '/mnt' parts. Anybody know what's causing this and how to get past this? double check to make sure your /etc/fstab is configured correctly. Make sure that the device (/dev/*) and the mount point (*/usr) actually exist before the filesystem gets mounted. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dual-boot troubles; /usr won't mount
On Wed, Mar 23, 2005 at 06:22:43PM +, RW wrote: On Wednesday 23 March 2005 06:44, Gary Kline wrote: The first CD boots 5.3 ad brings up /stand/sysinstall. Every options I have tries sees the NTFS as ad0s1. Is there another choice to chose to divvy up the drive to give me more than three slices? This is where the handbook gets muddy. Can anybody 'splain this better?? FreeBSD is not Linux. Linux uses the same partitioning as Windows, 4 primary partitions, or 3 primaries and an extended partition. FreeBSD has its own type of partitioning scheme which you could put directly onto the disk, but this is known as dangerously-dedicated mode since it isn't compatible with other non-bsd OSs and might cause problems with some BIOSes. Most people will install FreeBSD in what's known as a slice, this wraps a group of native BSD partitions inside a normal PC primary partition. You only need one slice for a FreeBSD installation. Which sections should I print out and go in a corner to read? The one called Installing FreeBSD If memory servers, the slices I created were ad0s2 / Sorry for jumping in here but I've never seen a filesystem with a device name like that before. As I understand it the device name reads like this: ad0 -- primary ATA disk on first IDE cable s2 -- second slice (what DOS/Windows/Linux call a partition) a -- first partition (BSD definition of a partition) Your list appears to be missing the 'a'. This would indicate to me that you mistyped your example or didn't run disklabel (or bsdlabel) to setup the FreeBSD partitions. Can one run newfs on the slice without using disklabel first? I didn't think that was possible. I know you can run disklabel directly on the disk (ie ad0) and you wind up with devices missing the 'sX' part, like ad0a. I do this to zip disks all the time. ad0s3 SWAP ad0s4 /usr I tagged ad0s2 to be bootable; selected everything to be installed and okay the create script. /usr had trouble with newfs because of a bad superblock in 0s4. My guess is that the difficulty stems from a foul-up from the disk labeling. I've been installing BSD since 4.1 at Cal and FreeBSD since 2.0.5; I'm familiar with the standard protocols. This is my first go at trying to dual-boot such different systems. gary -- Gary Kline [EMAIL PROTECTED] www.thought.org Public service Unix ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Acroread7
On stardate Wed, 23 Mar 2005, the wise Andreas Davour entered: Exactly the same. As Erik (et al) wrote, it will all be pulled in and resolved as dependencies if you have a sufficienyly up-to-date ports tree. Kind of annyoing that it wasn't caught before it was comitted at all, but considering the total confusion that reigns right now with two different acroread ports it's just what can be expected. I did a cvsup 30 minutes ago, and then it worked. /Andreas Hmm I also did a cvsup, but it makes no difference, I still get the sam error. I guess I have an other problem on my system. You may need to do a make clean or a make distclean in the port directory after doing a cvsup. I've found that some ports don't realize that things have changed after a cvsup and so continue to try and build with half built old code. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall questions
I have been looking for a great firewall, something not too technical, since I have only been using FreeBSD for two months now. I have FreeBSD-4.8 installed, Apache-1.3, and Netqmail-1.05. I am also planning on running an NTP time server and possibly a forum in the future. The web site is expected to become a well-recognized site, so that complicates matters. More attention to the site means more attacks. If it's a firewall you might want to upgrade to the latest in the series you are using (4.11). There may be security holes in 4.8 by now. Also, I am looking for antiviral protection for both the FreeBSD server, and any Windows or Macintosh systems that may be using the POP mail. I know qmail has one solution, which was contributed by a qmail user, but what are the alternatives? There are very few anti-virus packages for FreeBSD. AFAIK there are no viruses that target FreeBSD. There are a few that target x86 hardware but these don't propagate over the 'net. Have a look at amavis (it's in the ports collection). I've never used it but it's been mentioned a number of times on various lists. Also, F-Prot (www.f-prot.com) provides an AV product for FreeBSD (NetBSD, and OpenBSD too). They even have a mail scanner product. I used the file scanner for a while but stopped the last time I upgraded the OS. Any suggestions as to what firewall would provide me with the best protection, while not being overly too complicated? For simplicity, get one of the Firewall Router devices and stick your FreeBSD system behind it. Most have a web interface to manage them. Just make sure you get the Firewall model and not the Router with NAT model. Unless you get lucky, the guy a Best Buy (or whereever) won't have a clue about the differences and will not be able to help even if he thinks he is helping. You need to do your research on this. On FreeBSD you have a choice of IPFW, IPF, and PF. IPFW is FreeBSD only, IPF runs on many OSes (but not Linux), and PF is a port of the OpenBSD firewall. All are included with the FreeBSD distribution but require a kernel recomple (it's explained in the handbook and isn't nearly as scary as it sounds). All are about a complicated to configure/manage. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Firewall questions
http://www.unixguide.net/freebsd/fbsd_installguide/index.php This install guide covers both of the 2 firewalls that come built in to FreeBSD for all 4.x release. Software firewalls are heads and shoulders above hardware firewalls which can not do stateful type of protection. You might want to check your sources again. My Linksys hardware firewalls do a good job of providing statefull packet inspection. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Accessing Windows XP Desktop (Home Edition) remotely
XP Home edition does not have Remote Desktop. XP Pro has. I am running the former. -Wash oops. missed the home part in the original post. sorry. Go with VNC. I'm not sure how it works cross-platform, but ultravnc has a file transfer option where it can send files over the vnc ports. Works like a charm. I use RealVNC all the time. Both ways. I've even used it through SSH port forwarding. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Accessing Windows XP Desktop (Home Edition) remotely
On Tuesday 22 March 2005 02:18 pm, Christopher Nehren wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2005-03-22, daniel scribbled these curious markings: security note: vnc is *not* encrypted and is not generally considered secure. any ports you open/forward should be directed to your ip only. even better, try a knocking daemon. This is why you set up an SSH tunnel between the two machines. The Handbook (as always) shows how to do this, with examples. Best Regards, Christopher Nehren To forward a VNC session through SSH, the user will need to install a SSH application on the Windows computer. PuTTY is a free example, and is available at: http://www.chiark.greenend.org.uk/~sgtatham/putty/ AFAIK Putty is a client only. The original user wanted to access his WinXP Home system from FreeBSD. So, Putty isn't going to do it. I think there is an OpenSSH implementation (both client and server) for Win32 that runs on XP. I know the cygwin implementation works (but the original poster may not want that much added to the XP system). http://www.cygwin.com/ and http://www.openssh.org/ -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How do I get growfs to work on a gvinum mirror?
Hi, Please excuse the re-post. I'm hoping that my question just got lost in the numerous conversations over the weekend and that I'm not suffering from bleading-edge technology that nobody else has tried in production yet. How do I make growfs actually grow a gvinum disk on FreeBSD 5.3? I've read the man pages, the Handbook, and done some searching with no luck. To help understand what I'm trying to accomplish here, I've created a filesystem that mounts to /export on a gvinum volume. The volume is configured as a mirror. I want to double it's size. To do this I used gvinum to add a subdisk to each plex of the mirror (this worked fine). gvinum now reports the volume as 32GB (it used to be 16GB). The filesystem is still 16GB. When I unmount the filesystem and run growfs on the device it claims there is no space to grow: # growfs -s 33554432 /dev/gvinum/export growfs: we are not growing (8388608 - 8388608) And yet # disklabel /dev/gvinum/export # /dev/gvinum/export: 3 partitions: #size offsetfstype [fsize bsize bps/cpg] a: 3355443204.2BSD 2048 16384 0 b: 335544320 swap c: 335544320unused0 0 # raw part, don't edit disklabel: partition c doesn't cover the whole unit! disklabel: An incorrect partition c may cause problems for standard system utilities better still: # gvinum list 2 drives: D a State: up /dev/ad1s1g A: 58662/108326 MB (54%) D b State: up /dev/ad0s1g A: 58662/108326 MB (54%) 5 volumes: ... V exportState: up Plexes: 2 Size: 32 GB 8 plexes: ... P export.p1 C State: up Subdisks: 2 Size: 32 GB P export.p0 C State: up Subdisks: 2 Size: 32 GB 12 subdisks: ... S export.p1.s0 State: up D: bSize: 16 GB S export.p0.s0 State: up D: aSize: 16 GB S export.p0.s1 State: up D: aSize: 16 GB S export.p1.s1 State: up D: bSize: 16 GB -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
[OT] Re: MS Exchange server on FreeBSD?
On Fri, 2005-03-18 at 08:06, Christian Tischler wrote: Hi, I would like to run an MS exchange server. But I am not at all willing to set up an MS box at all. As I know I could run something like VMware virtual server or Wine, but I do not know if such an combination would be stable (sopken in terms of windows stability). The next consideration would be the performance of the overal setup. Any hints or suggenstions would be great. As someone who has inhereted an Exchange server I have a few hints for you. 1 Run Exchange on a Dedicated Windows Server (2000 or 2003). Do not fiddle with VMware or Wine. You are going to need a license for Windows to run Exchange under VMware (or bochs). You are probably going to need a license of Windows to run it under wine (if that is even possible). In any case, you will lose stability if you don't dedicate a system to Windows. 2 You need to keep the disk where Exchange stores its mail database at least 55% free or Exchange will not work properly. This is because you need to periodically rebuild the Exchange database to keep performance tollerable. Also when mail is deleted in an exchange mail store, it is not actually deleted but just marked for deletion. You need to take the mail store offline (so nobody can access their mailbox) periodically and run a tool to purge the deleted items. This takes hours on any decent sized mail system. When this happens it creates temporary files roughly 110% the size of the mail store. 3 Exchange is a pig. You would be best to have another Windows system running Active Directory to support your Exchange server. If you are thinking of using the Active Directory emulation available in Samba, forget it. Exchange changes the structure of the Active Directory when it is installed. You need a real Active Directory server. 4 On the topic of Exchange being a pig; you should set up a couple of FreeBSD systems that act as your MX hosts for inbound e-mail. Put something like Postfix or Exim (or any other smtp software you like) on there and setup at least simple spam filtering (even if it is just RBLs). Have these Postfix (or exim) system feed mail to your Exchange server. There are articles on the Web about how to get Postfix to check the validity of recipients against an Exchange server so you can bounce bogus mail at the border if you want. You could also have this system do the virus scanning (again numerous articles are available). 5 Exchange does an enormous amount of logging so those disks are going to fill up quickly. You need to run special tools before you delete the logs or you run the risk of not being able to recover your mail database in the event of catastrophic failure. Read over item 3 again, the process is similar. 6 Exchange shuts down when the disk that holds the mail store is 90% full. It will not restart until you free up some disk space. If you reach this situation you probably aren't following point 5 or point 3 enough. 7 Familiarize yourself with http://support.microsoft.com/?scid=kb;en-us;313184spid=1760sid=global you are going to be reading it (and related sites) a lot. 8 Unless you have users demanding shared calendars and automatic meeting scheduling, try to find a solution other than Exchange. I'm partial to Postfix, Courier-IMAP, OpenLDAP, SquirrelMail. I have never heard of anyone using Exchange on a non-Windows machine, and I can't see much point. The license fee for Exchange swamps the OS license. I expect you could run VMWare with Windows as a guest OS, but for something as critical as your mail server, I would dedicate a Windows machine to it. I doubt it would work with WINE. Basically, if you have to hold your nose to run Exchange, you may as well hold it a little tighter and run Windows. If not, look at FreeBSD/Sendmail-or-Postfix/Evolution as a very reliable mail service. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD 5.3 gvinum and growfs
Hi, How do I make growfs actually grow a gvinum disk on FreeBSD 5.3? I've read the man pages, the Handbook, and done some searching with no luck. To help understand what I'm trying to accomplish here, I've created a filesystem that mounts to /export on a gvinum volume. The volume is configured as a mirror. I want to double it's size. To do this I used gvinum to add a subdisk to each plex of the mirror (this worked fine). gvinum now reports the volume as 32GB (it used to be 16GB). The filesystem is still 16GB. When I unmount the filesystem and run growfs on the device it claims there is no space to grow: # growfs -s 33554432 /dev/gvinum/export growfs: we are not growing (8388608 - 8388608) And yet # disklabel /dev/gvinum/export # /dev/gvinum/export: 3 partitions: #size offsetfstype [fsize bsize bps/cpg] a: 3355443204.2BSD 2048 16384 0 b: 335544320 swap c: 335544320unused0 0 # raw part, don't edit disklabel: partition c doesn't cover the whole unit! disklabel: An incorrect partition c may cause problems for standard system utilities better still: # gvinum list 2 drives: D a State: up /dev/ad1s1g A: 58662/108326 MB (54%) D b State: up /dev/ad0s1g A: 58662/108326 MB (54%) 5 volumes: ... V exportState: up Plexes: 2 Size: 32 GB 8 plexes: ... P export.p1 C State: up Subdisks: 2 Size: 32 GB P export.p0 C State: up Subdisks: 2 Size: 32 GB 12 subdisks: ... S export.p1.s0 State: up D: bSize: 16 GB S export.p0.s0 State: up D: aSize: 16 GB S export.p0.s1 State: up D: aSize: 16 GB S export.p1.s1 State: up D: bSize: 16 GB ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: firefox share profile in freebsd and windows!
Ean Kingston said the following on 03/15/05 11:01: On March 14, 2005 08:55 pm, heccj wrote: Ean Kingston said the following on 03/15/05 02:43: Perhaps this is not proper site to place this question,but i just meet this problem! I want to share my firefox 1.0.1 profile in windows xp and freebsd 5.3,i can run with:firefox -safe-mode,it will freeze when i use:firefox,obviousely,it's because of the extensions.When you setup extensions in windows xp,firefox can't start in freebsd,when you setup extensions in freebsd,firefox can't start in windows!Why? Why? Because Windows XP and FreeBSD are completely different operating systems. Their binaries are not compatible. How to resovle it? If you can figure out how to keep the extensions directories separate while keeping the rest of the preferences the same it should work. At the worst, you could export your bookmarks from one and import them into the other. Then you would just have to go through the preferences and make sure the settings are the same otherwise. The bookmarks and history or other data can share correctly, Good. just extesions!Some extensions can setup into the firefox program dir in windows(can in freebsd?), I'm not sure what you are trying to say. just extensions can't work correctly.If all the extension can setup at firefox main direcotory,this is not a problem,i can setup in windows and freebsd individually.Unfortunetly,only seral extension can setup like that! You might have to start messing around in the firefox configuration/property files to get that to work. Unfortunately, that is beyond my capabilities. I think they are all text files so you should be able to edit them with vi. but most just setup into the profile extesions dir. I believe you can simply move the extension to the global extensions directory and restart Firefox. I have tried,if the extesions at profile directory are moved into firefox's main directory,firefox can not find this extensions at all. If you try it, make a note of which extensions you moved because you might have to move them back. If all the extension can select setup dir at setup time,perhaps this problem can be resolved. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: The options when you install a port!
Hi! How could i know the options of a port?And Could i set some default options?I meet this problem when i setup a big port like gnome2,it needs a lot of time,and a lot of confirm dialog will pop out.If i know these options and set the values,i can setup these ports without interact! Read the port makefile. There is usually instructions at the top explaining the available options. These can be put into /etc/make.conf (I'm not sure of the syntax). For example, I recently built mplayer. At the top of /usr/ports/multimedia/mplayer it says: # New ports collection makefile for:mplayer # Date created: 10 August 2001 nstalL# Whom: Thomas E. Zander # with lots of help from Vladimir Kushnir # $FreeBSD: ports/multimedia/mplayer/Makefile,v 1.111 2005/03/06 10:34:15 oliver Exp $ # # There are many knobs to tune mplayer towards your specific wishes # and preferences. # You can activate a knob by typing something like # make -DKNOB or make KNOB=yes instead of just make # It then goes on to explain what all the 'KNOB's are. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: firefox share profile in freebsd and windows!
Perhaps this is not proper site to place this question,but i just meet this problem! I want to share my firefox 1.0.1 profile in windows xp and freebsd 5.3,i can run with:firefox -safe-mode,it will freeze when i use:firefox,obviousely,it's because of the extensions.When you setup extensions in windows xp,firefox can't start in freebsd,when you setup extensions in freebsd,firefox can't start in windows!Why? Why? Because Windows XP and FreeBSD are completely different operating systems. Their binaries are not compatible. How to resovle it? If you can figure out how to keep the extensions directories separate while keeping the rest of the preferences the same it should work. At the worst, you could export your bookmarks from one and import them into the other. Then you would just have to go through the preferences and make sure the settings are the same otherwise. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: firefox share profile in freebsd and windows!
On March 14, 2005 08:55 pm, heccj wrote: Ean Kingston said the following on 03/15/05 02:43: Perhaps this is not proper site to place this question,but i just meet this problem! I want to share my firefox 1.0.1 profile in windows xp and freebsd 5.3,i can run with:firefox -safe-mode,it will freeze when i use:firefox,obviousely,it's because of the extensions.When you setup extensions in windows xp,firefox can't start in freebsd,when you setup extensions in freebsd,firefox can't start in windows!Why? Why? Because Windows XP and FreeBSD are completely different operating systems. Their binaries are not compatible. How to resovle it? If you can figure out how to keep the extensions directories separate while keeping the rest of the preferences the same it should work. At the worst, you could export your bookmarks from one and import them into the other. Then you would just have to go through the preferences and make sure the settings are the same otherwise. The bookmarks and history or other data can share correctly, Good. just extesions!Some extensions can setup into the firefox program dir in windows(can in freebsd?), I'm not sure what you are trying to say. but most just setup into the profile extesions dir. I believe you can simply move the extension to the global extensions directory and restart Firefox. If you try it, make a note of which extensions you moved because you might have to move them back. If all the extension can select setup dir at setup time,perhaps this problem can be resolved. -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: copying cron files between computers
Hello, I'm want to keep the cron files between two 5.3-STABLE computers synchronized. From my reading on cron(8), crontab(1), and crontab(5), accomplishing this might be a little convoluted. Would something like this work? computer-A: root# crontab -u joeuser -l /usr/home/joeuser/cron get files from computer-A to computer-B computer-B: root# crontab -u joeuser /usr/home/joeuser/cron It would work, but... Cron stores it's files in /var/cron/tabs/. Each user has it's own file (with the user's name). You can simply copy all (or some) of the files in that directory over to the new location. The biggest reason why you are not supposed to edit those directly is that cron can have a bit of a fit if the file format is invalid. As long as it was validated when it was first saved it should copy fine. As an alternative, would anyone suggest a cron replacement, like mcron? As I read it, mcron stores it's files in a users ~/.cron directory. Thereby eliminating the dump and read of each user's cron. Thanks for the help and suggestions. -- Regards, Doug ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: WebDAV on Freebsd
Hello, I apologize for the intrusion, but I got your email off a Google search for WebDAV on FreeBSD. I just bought a virtual server and need to install webdav and then allow Sunbird to publish and share calendars. I am all about using IMAP and I think I need to start using this for better efficiency. Would it be possible for you to help out? I'll be happy to help you out but you really should join one or more mailing lists. Joining a mailing list (related to your subject) gives you input from more than one person so if there is a problem that I am not familiar with, someone else can help. It also means that in the future, others who search for the same subject can benifit from e-mail discussions in archives (like you did). So, how about we start with the basics: When you say 'virtual server', do you mean an Apache Virtual Server or a FreeBSD jail? If you are not sure, ask the folks supplying the virtual server. What version of Apache is it (1.3 or 2.0)? If you are using an Apache Virtual Server, you are going to have to ask your supplier if they include support for dav module for apache. To learn some more about what I'm asking check out these websites: Apache Virtual Server: http://httpd.apache.org/docs/mod/core.html#virtualhost Dav module for Apache: http://www.webdav.org/mod_dav/ FreeBSD Jail: http://docs.freebsd.org/44doc/papers/jail/jail.html -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring xdm
I have FreeBSD 5.3-RELEASE with Xorg X server installed on my machine and I have problems with configuring xdm. Namely, the problem is: if I run xdm on X display :0, and set session program, /usr/X11R6/bin/wmaker for example, in ~/.xsession, when I try to login using xdm, after few seconds of blank screen I see again xdm login prompt, but no wmaker. After this, my ~/xsession-errors contain message like this: Connection to display :0 refused by server. I tried following command in .xsession: I'm not super familiar with wmaker but your ~/.xsession should look something like this: exec /usr/X11R6/bin/wmaker xinit /usr/X11R6/bin/wmaker -- /usr/X11R6/bin/Xorg :1 xinit is only run if you are not using xdm. As in if you log in on the command line first and start X manually. This worked, but in this case after login I have two X displays on different terminals: one with only X server screen with cross cursor, and another with wmaker. Does it mean that if I run xdm on display :0 then I cannot run session program on the same display? XDM should hand off control of the display to the session manager (wmaker in your case). After you tried my suggestion, if things still don't work post a copy of your .xsession and .xsession-errors and I'll have a look. Also, if you have fiddled with any of the files in /usr/X11R6/lib/X11/xdm post those a well. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: feedback on a good DNS server
I am looking into setting up a DNS server on our network using an existing FreeBSD box. I have been looking around and reading comments on different DNS servers out their but everyone has mixed feelings. I know someone who uses BIND and is happy with it .. is their any reason why BIND wouldn't be a good choice? All i need is to have DNS running on a webserver so we can host our site internally...any feedback on this setup and/or DNS server is appreciated I belive Bind is still included with the base FreeBSD OS. I've used it in the past and never had any problems with it. As always, YMMV. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Size of FreeBSD
On Tue, Mar 08, 2005 at 11:04:11AM -0800, Mark Goodell wrote: Could you please tell me how big FreeBSD is, in terms of both (1) the bare minimum needed to run applications and (2) the typical installation. How many 1.44MB diskettes, for example. Isn't this information available on the website? It is to some degree. The floppy installer requires 2 1.44MB floppies and performs a network install. See the handbook for more details on this. The base system, fully installed is around 250MB. This does not include source, ports, or X11 (the GUI). You can trim that down quite a bit by removing development tools, examples, man pages, ... BUT I don't know of any documentation on exactly how to do it. A typical desktop install is going to use between 2 and 8 GB depending on what you install. It can also get much bigger (again depending on what you want installed). I personally have had a 4.x system running as a firewall on a single 540MB hard drive. It included proxies for e-mail, http, and dns (inbound and outbound) as well as local logging of ipfw and natd. I stripped the base OS down to about 80MB on that system. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Just installed FreeBSD
Katsuki Hirata wrote: Hi, I just installed FreeBSD and I have no clue how to run it. I'm sure it's installed right. When I boot, and after loginging with both root and/or another username, I don't know what to do from there on. How do I get gnome or KDE on? Is it supposed to be a graphical thing like Windows or Redhat linux? what's the command to load the operating system Hi, Sorry to but into the middle of this conversation but people appear to be giving you a lot of advice that will take quite a while to understand and implement. Some of that advice is good but it doesn't really get you where you want to be. If you haven't done so yet, try this: Login as root run 'pkg_add -r kde' from the command line edit /etc/ttys (with ee or whatever editor you like. Look for the line that looks like this: ttyv8 /usr/X11R6/bin/xdm -nodaemon xterm off secure and change the word 'off' to 'on'. Then save the file. Now, reboot your system. You should find that you now have a graphical user interface and when you log in, you are running kde. If you don't find kde running when you log in. Do this: Log in as the user you want to be able to run KDE and edit the file '.xsession'. Put 'exec /usr/local/bin/startkde' at the top of that that file and save it. Then, log out and log back in again. That got the job done. Now the fun part is figuring out what else you can do . That is where a lot of the other advice is going to come in handy. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gmirror / gstripe
On Sunday, March 6, 2005, at 04:55 PM, John Pettitt wrote: I'm considering making a raid0+1 array out of 4 x 250GB USB drives using gmirror and gstripe on a FreeBSD 5.3 box. Questions: 1) Has anybody done this? What should I watch our for? I haven't done this on FreeBSD or with USB drives (but have on Solaris with SCSI). Make sure all your USB drives always show up as the same device (in /dev) or you may wind up corrupting your system. 2) Stripe then mirror right? (or mirror then stripe? Does it matter?) That is the way I've always done it but I don't see any reason not to do it the other way. Just remember how you did it should you need to recover. (I already have a 600gb stripe set on this machine made out of two 300gb drives) John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: CGI script executing and Apache help (2nd try important)
On Sunday, March 6, 2005, at 05:19 PM, Shawn B wrote: I am running FreeBSD-4.8 with Apache 1.3 installed. I changed the htdocs directory in httpd.conf to /home/user1/public_html/ and I added a /cgi-bin/ in the same user directory. Scripts will not execute from the cgi-bin, as the scripts contents are displayed in the browser window. I went through httpd.conf using the search feature in Easy Editor, editing sections that have .cgi in it. Now, I am stumped as to how to get the CGI scripts to execute. Try searching again. This time for 'cgi-bin'. You will notice there is a section similar to the htdocs bit that defines cgi-bin. If you are going to run a web server it might be prudent to go through the apache configuration and documentation site to try and understand what the configuration file has set up for you. You can find the web server documentation at: http://httpd.apache.org/docs/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Moving a directory hierarchy - best practice?
I have spent 20 minutes or so googling around to find the best way to _move_ a complete directory hierarchy. But must admitt that I haven't foundmany good answers. The best suggestion was from http://badgertronics.com/knowledge/one.adp?parent=25: To move /tmp/blarg to /var: % cd /tmp % tar cvf - blarg | (cd /var; tar xf -) I bet there must be atleast one utils like a binary named mvdir or similar that simply taked two directory names as argument. But I can't find any. How do you guys move around your directory structures from prompt? //J I use: Quick and dirty: $ mv /tmp/blarg /var/blarg If it's really important stuff: $ rsync -a /tmp/blarg /var/ $ rm -rf /tmp/blarg I'm interested to hear others' methods. someone else posted the cpio method so I'll skip that. I've been know to use dump and restore when the data was especially fragile but usually go with the mv command. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: natd, ipfw problem
It's been a while but I'll see if I can help out. On Friday, March 4, 2005, at 06:52 PM, Florian Hengstberger wrote: Hi! Tell me if I should post this otherwhere. Given two network cards sis0 (external) and vr0 (internal) I'm trying to give my girlfriend access to the web. Her ip is 192.168.0.2, I've installed natd, a proper kernel and configured my firewall, but so far only pings from her computer to the web works. I guess there's something wrong with my firewall, because only with the two standard entries (divert and allow all) everything is fine. But now after hours of googling I can't find anything which is wrong in my firewall. the /etc/natd.conf: interface sis0 use_sockets yes same_ports yes redirect_port udp 192.168.0.2:53 53 redirect_port tcp 192.168.0.2:53 53 redirect_port tcp 192.168.0.2:80 80 redirect_port tcp 192.168.0.2:443 443 redirect_port udp 192.168.0.2:123 123 redirect_port tcp 192.168.0.2:123 123 Unless you want her to run her own dns, web, and mail I don't think you need any of the redirect_port directives. Double-check to make sure that: - your firewall has routing enable - her computer has the proper gateway and dns servers set up my firewall: add 00401 divert natd all from any to any via sis0 add 00402 allow ip from any to any via vr0 ### TCP ### add 00501 check-state add 00502 deny tcp from any to any in established add 00503 allow tcp from any to any out setup keep-state # allow dns queries, dns-port=53 add 00601 allow udp from any to any 53 keep-state via sis0 # allow ntp queries, ntp-port=123 add 00603 allow udp from any to any 123 keep-state via sis0 # allow all outgoing udp traffic add 00621 allow udp from any to any out via sis0 ### ICMP ### # allow outgoing pings and the reply add 00701 allow icmp from any to any out icmptypes 8 add 00702 allow icmp from any to any in icmptypes 0 # deny and log incoming pings from the outside add 00703 deny log icmp from any to any in icmptypes 8 via sis0 ### SAMBA ### # allow netbios services to local net, but log everything for debugging purposes add 00801 allow log tcp from any to any 137-139 via vr0 add 00802 allow log udp from any to any 137-139 via vr0 Thanks a lot Florian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: questions on file formats
On Friday, March 4, 2005, at 07:35 PM, Dave Pesner wrote: Does FreeBSD support the .DMG file format? I need to know this because I'm looking for a free alternative for an OS X emulator and a liscensed copy of OS X(isn't open source software great) for my next computer. If BSD does support OS X file formats such as DMG, great. I believe that a .dmg file is a virtual disk in a file (generally used to install software). Although FreeBSD does have equivalent things (virtual disks and software packaging) I don't think it supports .dmg files specifically. You should also know that FreeBSD is not going to run any software written for the Mac. There will be substitutes for most of the Mac software but you will probably find that some of the data file formats are proprietary to Apple and don't work anywhere else. That being said, there are a lot of file formats that can be manipulated by software available for FreeBSD. This would include .mp3, .avi, .txt, .rtf, .pdf, .jpg, .gif, ... If not, please suggest a free UNIX based operating system that does, and works with AMD64. You may want to look at the Darwin project. It is the open source project that was a spin off of OS X. It may support some of the file formats used by OS X but it isn't going to run any of the software that requires Aqua (the OS X GUI) since that isn't part of Darwin. Also, I have no idea what platforms Darwin supports. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sharing directories with jails
How dangerous is it to share the ports directory with jails on the system? I am using the jails to give other access to a freebsd system. You can assume they are untrusted (hence the jail ;)). Is it enough just to: ln -s /usr/ports /usr/jail/ajail/usr/ports That won't work. The jail does a chroot (along with other things) when it starts up so the link inside the jail will wind up pointing to itself. The only way I've been able to figure out how to do something like that is by running an NFS server outside the jail and then run an NFS client inside the jail to get access to the disk space outside the jail via NFS. I actually have a separate jail for the NFS server and export everything read-only. Now, I'm sure you've thought of this but I'm going to say it for anyone reading the archives. You do know that giving the jailed processes access to anything outside the jail will reduce the security advantages of having a jail in the first place? Besides, why would you provide a jailed process with access to development tools? You are just making it much easier for anyone with access to the jail to build/install software to help them break out of the jail. Thanks Chris -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: apachectl startssl at boot time ?
Hi, I can start apache with SSL ok from the command line apachectl startssl I've now put the following into /etc/rc.conf hoping that it will start at boot time. apache_enable=YES apache_flags=startssl Try apache_flags=-DSSL instead. This starts Apache on boot time but not with SSL It seems like startssl is being passed as an argument to httpd rather than apachectl. You are right, the startup scripts call httpd directly. If you look at the apachectl script you will see that the 'startssl' command does the following: startssl|sslstart|start-SSL) if [ $RUNNING -eq 1 ]; then echo $0 $ARG: httpd (pid $PID) already running continue fi if $HTTPD -DSSL; then echo $0 $ARG: httpd started So, if you do what I said above, your web server will start up with ssl support. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sharing directories with jails
On Thursday 03 March 2005 12:42 pm, Chris Hodgins wrote: [cut original question and answer] Ok perhaps I should clarify what my intentions are a little more. I am planning on providing a FreeBSD jail for any member of a geek society I am a member of. When I say they are untrusted, I mean that I won't be giving them full root access to my server but I trust them enough not to do anything malicious inside a jail. It is just like a fun place they can play and not have to worry to much about breaking things. How easy is it exactly to break out of a jail if you have access to development tools? http://www.securiteam.com/unixfocus/5WP031535U.html How current is this? The article appears to be dated 2001. Are there still buffer-overflow issues with /proc? If you use securelevels you can a sigificantly improve security. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gvinum question
How do I break a mirror in gvinum in FreeBSD 5.3?; gvinum detach doesn't seem to be implemented. I have a machine (colo, so no easy physical access) on which one of the disks on the root mirror seems to be corrupted, so I need to remove it from the mirror and rebuild. But without detach, I'm at a loss... Any suggestions? Would vinum detach work? I know gvinum will work with disks configured using vinum so maybe the vinum command will detach things properly. That is good to know. Now I need to figure out how to get my 5.3 system to use vinum again instead of gvinum. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dir ~
On 28 fév 2005, Rob wrote: Hi, I typed mv file dir/~ and I now have dir/~ but when I go to that it takes me to my home which happened to be root, I tried to delete the directory and it started deleting roots home. Is there a way to delete this ~ dir? I haven't seen the painfully obvious option yet so you might consider it: rm '~' NOTE the quote marks. They will prevent shell expansion. Dunno if my answer got lost but a solution I would suggest is to try a combination of ls/find/rm My best bet on this issue is to list this by inode -i.e. ls -i and then track this inode using the inum switch of the find command to delete the item. This is usually how I deal with such entries. Hope that helps. -- sometimes i feel like we're making emacs better and better because we don't know what to do with emacs once it is finished. -- AlexSchroeder on #emacs @OPN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: recovering root password, was Help!Help!Help!
On Tuesday, March 1, 2005, at 09:50 PM, Replies wrote: Hi, I have just spent over the last two years developing a unique classified ads service which was online and had Free BSD as the security on it. We ended up with a very aggressive and belligerent programmer who left us but left us some nasty little bugs behind to really screw us up.. who we now can't find. I need to know how to change or eliminate a root password. As I still have our test server in my possession is there any way to actually remove the folder that the passwords are held in.the reason I ask this is that when we actually changed the password on our production server it released some sort of worm that totally crashed and eliminated our online site, and all our data we have spent two years developing. It also started trying to access other sites which we only found out about this when our site crashed and we got compalints our from our ISP that our server was trying to agressively access other servers out there on the net. The Only saving grace is that we had it all backed up on our test server but it has the same problem...I expect...I believe that he has probably left us the same worm in our test serverthe unfortunate thing is that because we do not know the root password we are worried that if we try to crack or eliminate it the same thing may happen...and then we are automatically out of business. Is there any way around thisI can prove I am the owner of the site...the URL and the server and any other information you may need if necessary First, make another backup of your test server. You may want to do this by building a new system with a fresh install of FreeBSD, physically removing the hard drive from your test server, installing it as a second drive (not the boot drive) in your newly created server, and do the backup (to tape, cd, or dvd). Then, after the backup, change the root password in the test servers hard drive. If you mount the root partition from the test server's hard drive as /mnt you could use vipw -d /mnt/etc to do it. Finally, take the advice you got from Chris. I really need help as this is 2/12 years work as it stands gone. Thanks God Bless Freddy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 5.3 - Raid
On February 27, 2005 08:59 am, Robert Slade wrote: Hi, Sorry if this is dumb question. I have a new install of FreeBSD on a single IDE drive. I have backed this up so I am not too concerned about drive failure. I have now added 2, 250 Gbyte drives (ad3 and ad4) to hold data. I would like to mirror them using sofware raid and mount them as /home to hold the users data which is critical. I have read the manual and searched the web for a simple way to do the above. The manual seems to cover complex solutions and may be somewhat behind the times. The handbook is pretty up to date (I just looked at it). I would suggest you ignore the section that describes 'ccd'. It is easier to set up than vinum but I have found the current implementation of ccd to be unreliable. If you are using FreeBSD 5.x (hopefully 5.3), use gvinum instead of vinum. It works the same way (commands and options) as vinum but (from what I understand) it has some improvements. I guess what I am looking for is a howto couched in such a way that even a windows user can understand :-). I assume you have physically installed your two disks (ad3, ad4). If you have not done so yet, use fdisk(8) to create a single slice (what Windows calls a partition). This can also be done through sysinstall Also, if you have not done so yet, use bsdlabel(8) to create a FreeBSD partition (no Windows equivalent). Be sure to set the 'fstype' to 'vinum'. At this stage I will assume that you have set up your two disks so that you have ad3s1a and ad4s1a as the slices you wish to use for vinum. I think you can do this with sysinstall as well. NOTE: you do not need to use newfs to create the filesystem, that would happen after you have setup your RAID volumes. Create a file, we will call it gvinum.conf and put the following into it: # Define the FreeBSD Partitions to be used for Vinum drive a device /dev/ad3s1a drive b device /dev/ad4s1a # # Define each volume/plex/subdisk volume home # home volume plex org concat# concatinated plex (1st half of mirror) sd length 8192m drive a # 1st subdisk of concatinated plex plex org concat# concatinated plex (2nd half of mirror) sd length 8192m drive b # 1st subdisk of 2nd concatinated plex Now, use the vinum(8) 'create' command to set things up using the configuration file. You should now have a /dev/gvinum/home device. You can newfs it, mount it, and add it to your /etc/fstab. newfs /dev/gvinum/home mount /dev/gvinum/home /home Any suggestions please. Do read and try to understand chapter 17 of the FreeBSD handbook if you want to get into software RAID. Rob, you really need to understand how software RAID works if you want to take advantage of it. When you have a disk failure, you need to know what to do to recover your data. In order to do that you really need to understand how the software RAID works. You may want to consider setting up a seconds FreeBSD partition on each of your two new disks so that you can fiddle with RAID and figure out how to recover from a disk failure. -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Need IMAP Server Selection Advice
James, It looks like you got a lot of discussion about your question without getting a real answer to your question so I would like to try. On February 20, 2005 08:05 pm, James Stallings II wrote: Greetings, I'm a recent covert to FreeBSD from many years of using linux on both the server and the desktop. I'm currently using FreeBSD 5.3 on the server and a new variant of FreeBSD called OS/X on the desktop :D My question involves my server; what is the best strategy to a working IMAP server? I have my own domain, and have operated IMAP under linux for years without issue, but I can't seem to get it crankin' under FreeBSD. The hands down easiest way to get IMAP up and running on your FreeBSD system is to install The UW-IMAP server from ports or packages. As root, simply run pkg_add -r imap-uw This will install a simple IMAP server that works with the default sendmail installation. It will work with the clients you mentioned. If you are planning on running a large mail server (hundreds or thousands of users) you probably want to go with one of the other ones that were mentioned. Courier-IMAP is my choice but I understand the Cyrus and Binc are also quite good. I'm quite certain this has more to do with my relative inexperience with FreeBSD than with FreeBSD itself. If you are not familiar with the ports and packages system yet, read up on it in the handbook. Whats the shortest path to a working configuration? I'm not particular about whose software I use; I just need to be able to hit it for mail via IMAP with Thunderbird or Mozilla. IMAP-UW is the easiest. It is not the most robust or feature rich. Thanks in advance! Best Regards, Jmaes -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How can I start a GUI application through SSH
On February 21, 2005 03:25 pm, Brian John wrote: Hello, I would like to be able to start an X application through ssh. I want the app to actually run on my local box (meaning I want the window to pop up on the box that I am ssh-ing to), but I just want to be able to start it remotely. Can someone help me figure out how to do this? For the purpose of this discussion, the 'server' is the remote system the one you are ssh-ing to. The 'client' is the one you are ssh-ing from. 1) Before you leave, go to the server and logon at the console so that you have X running. Make a note of the 'DISPLAY' variable setting. Probably :0.0. $ echo $DISPLAY :0.0 Do NOT log out. 2) Use SSH to connect to the server as the same user that logged on. 3) Set the DISPLAY variable to the one indicated in step 1. $ export DISPLAY=:0.0 4) Run the command you want (with nohup and in the background. $ nohup xterm -sb That will run the command so that output is displayed on the server console and let you log out of your ssh session. If you want to learn more, you should read up on the xauth command. Also, try to understand X toolkit basics. Why do you want to do this anyway? -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: webdav and mozilla calendar
On February 19, 2005 07:22 am, synrat wrote: Could you kindly share your config ? I seem to have webdav loading but can't figure out how to post calendars. Thanx a lot in advance. From httpd.conf: LoadModule dav_module libexec/apache/libdav.so AddModule mod_dav.c Alias /Calendars /path-to-Calendars-dir Directory /path-to-Calendars-dir Options Indexes Multiviews DAV On Order deny,allow Require valid-user /Directory Then I just used the export calendar from the Mozilla. Unfortunately, I switched to Firefox recently so I haven't got mozilla calendar anymore. I do still have the DAV server running so I could install mozilla and test it out again if you need some more help. Ean Kingston wrote: On February 18, 2005 08:45 pm, synrat wrote: has anyone been able to get mozilla calendar publishing to work with webdav/apache2 ( freebsd 5.3 ) I got it to work with Webdav/apach1.3 but haven't tried 2. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Deinstalling perl module installed using CPAN
On Fri, Feb 18, 2005 at 03:55:52PM +0100, BSD todoo wrote: How to deinstall a perl module (bsdpan-MailTools-1.64) that has been installed using CPAN ? # pkg_delete bsdpan-MailTools-1.64 If it was installed with CPAN, it is not in the FreeBSD package database so how is a pkg_delete going to uninstall it? Last time I checked, CPAN did not have an uninstall option. Does anyone know any better? I think you can get an install list out of the source (which might be somewhere in ~/.cpan) and remove all the appropriate files by hand but this might leave perl in an unstable state. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: webdav and mozilla calendar
On February 18, 2005 08:45 pm, synrat wrote: has anyone been able to get mozilla calendar publishing to work with webdav/apache2 ( freebsd 5.3 ) I got it to work with Webdav/apach1.3 but haven't tried 2. -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Apache modules
I have installed apache+mod_ssl-1.3.33+2.8.22, and, when trying to add php4-4.3.10_2 and mod_perl modules, I observed that they depend on apache-1.3.33_1. But I didn`t find a ssl module for apache-1.3.33_1. What does it mean, that I can`t run a apache server with perl, php and ssl modules installed? What can I do? Thank you in advance. I found that if you build the PHP port after installing apache+mod_ssl, it will happily use the apache that is already installed and not require that apache be built. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: vinum vs. DPT smartcacheIV raid
I have a box with DPT PM2044 SmartCacheIV UW-SCSI PCI cards which can do RAID-5 in hardware, but I'd have to use the DOS volume manager to set up the array. I have heard reports that vinum woudl be faster than using the native card. Is this true? Doubtful, though I have heard that there are some rare special circumstances where software raid can be faster. Given your hardware, you will probably not experience those conditions. Should I not bother with doing the hardware raid and just go with vinum? Use the hardware RAID, especially if you are going to use a simple RAID configuration (like one big RAID-5 virtual disk). Just make sure you have some way of figuring out if one of the disks goes bad. Worst case you could boot off a DOS floppy once in a while to make sure all the disks are still good. The rest of the system is a k6-2 400mhz with 256mb ram (amount might change). I will also have moderate network i/o on the pci bus (obviously). -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: vinum vs. DPT smartcacheIV raid
On Wed, Feb 16, 2005 at 09:58:17AM -0500, Ean Kingston wrote: I have a box with DPT PM2044 SmartCacheIV UW-SCSI PCI cards which can do RAID-5 in hardware, but I'd have to use the DOS volume manager to set up the array. I have heard reports that vinum woudl be faster than using the native card. Is this true? Doubtful, though I have heard that there are some rare special circumstances where software raid can be faster. Given your hardware, you will probably not experience those conditions. The reason I asked is because http://www.shub-internet.org/brad/FreeBSD/vinum.html I did not know that. Interesting read. suggests vinum can be marginally better than the hardware raid on the smartraid range of cards (which have an even faster processor onboard than the smartcache range). The CPU platform is more or less comparable. Then again it is with old Fbsd, so I don't know how accurate that is. You may have noticed that there were comments about not trusting vinum's RAID5 support in that article. If you are using FreeBSD 5.3, the default is now gvinum (sort of second generation of vinum). The gvinum tools don't give you the ability to create RAID5 virutal disks so if that is what you want, you may not want to go with vinum or gvinum. Another thing to consider is if you use software RAID and your application gets CPU bound, you are going to take a double performance hit (both disk and cpu). I don't know your situation so it is your call. Should I not bother with doing the hardware raid and just go with vinum? Use the hardware RAID, especially if you are going to use a simple RAID configuration (like one big RAID-5 virtual disk). Just make sure you have some way of figuring out if one of the disks goes bad. Worst case you could boot off a DOS floppy once in a while to make sure all the disks are still good. The rest of the system is a k6-2 400mhz with 256mb ram (amount might change). I will also have moderate network i/o on the pci bus (obviously). -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org URL: http://www.hedron.org/ -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: moving files from bad sectors
I have a hard disk that looks like its going out. So far, there are 6 reported crc errors. However, I have a file that I would like to read as much as possible of using tar, but the whole job stops like this: # tar cvf /dev/nrsa0 /home /root/tarhome.cat tar: Removing leading `/' from member names tar: /home/smbshare1/BUDGETS/RXS0008 fy04 kellogg report and summary.xls: Read error at byte 14848, reading 10240 bytes: Input/output error tar: Error exit delayed from previous errors When attempting to cp that same file I get another error and the cp stops. Are there any tools that will permit me to cp as much of this file as possible, ie all sectors up to, and then past, the bad spot? dd will let you specify parts of files to skip over. You will probably have to do some fiddling with the arguements to get it just right for your file. as another possibility, are there any tools that I can use with fsck that would mark the sector as bad so its not reused? -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Diskless NFS mounts weirdness
[EMAIL PROTECTED] wrote: 1. /var *is* actually mounted on 192.168.122.1:/pool/diskless_rw/192.168.122.11/var but it is not listed in mount(8)s output. Why? 2. Which part of the system created /dev/md0 and mounted that on /var? I don't need that and would like to save some RAM anyway. I guess you are using 5.3 or newer? the /etc/rc.d/diskless script has been replaced, by among other things, a script /etc/rc.d/var which creates a memory disk, /dev/md0, using up your precious ram. I have tried to remove the script but get an error because nfs wants to update the /var/db/mounttab - before /var is actually mounted - so the mount fails. The /etc/rc.d/var script creates a memory disk if it detects that /var is read-only - which is the case since the nfs mount failed. And the memory disk is then populated. If the root partition is rw-mounted the nfs-mount will succeed. If you have enough ram this is not a problem, simply let var be a memory disk. You can set the size of the memory disk in rc.conf. /dev/md0 on /var (ufs, local, soft-updates) 192.168.122.1:/pool/diskless_rw/192.168.122.11/var on /var (nfs) Now this is wierd - how can you have to mounts on the same mount point? Wierd yes, but very easy to do. A mount point is just a directory. That directory does not have to be empty. First /dev/md0 was mounted, then the NFS share was mounted. So, the NFS share is what is being used as /var. This indicates poor design (or an error). -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: X on a server Re: Freebsd vs. linux
On February 13, 2005 03:53 am, Anthony Atkielski wrote: Chad Leigh -- Shire.Net LLC writes: You can install the X libraries and client apps on your server -- this works fine at secure level 3 and does not require kernel configurations changes or special daemons or anything. What it allows you to do is then link software against the X libraries and then redirect the display to your workstations X server. This meets your criteria and can be handy for certain things. Your apps still run in userland only and there is no HW touching stuff. You are not running the X Server on your FBSD Server machine. I'll consider it, although it still sounds complicated. What do I gain from X that I don't already have with remote terminal sessions like those created with SecureCRT? I know it looks pretty, but what server-related things can I do with X that I cannot do with ordinary terminals? I'm not aware of anything right now; it seems that everything can be done from a command line (thank goodness--working with Windows is a nightmare precisely _because_ so many things cannot be done from a command line). I run an XLoad app on every server with the display on my desktop (set to update once a minute. It lets me keep an eye on the general health of the servers during the day. Asside from that I haven't found a truely useful GUI app for servers. -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
