Re: Is this possible? DHCP / DNS related.
On 9/24/05, Ben Racine [EMAIL PROTECTED] wrote: I have recently set up a web server on my college network. It is behind DNS and DHCP servers that are out of my control. What I would like to do is be able to associate a name something like bsdserve..edu . However, I'm fairly new at all this, but from what I've been able to gather, it seems as though the only way to do this would be to put a record in the campus DNS which isn't possible. Any insight? Thanks. -Ben Racine Being a former collage network admin, I can tell you that it will be next to impossible to get a DNS entry put on the core domain collage.edu. Unless you have friends in the IT department there. I would suggest NOT saying anything to the IT department about your server, as this is probably a AUP violation, and puts you on the radar. If you can get the DNS entry, I would suggest they delegate the sub-domain to you. In bind, it would require two entries, a A record and NS record. bsdservr IN A your.server.ip freebsdserver IN NS bsdserver.campus.edu. Doing this would allow you to make sub-domains so you could have host1.freebsdserver.campus.edu host2.freebsd.campus.edu etc.. You will need to run your own DNS server to handle the delegation and resolution. -Erik- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: rsync and moving files [Re: backup w/ snapshots]
On 8/29/05, Norberto Meijome [EMAIL PROTECTED] wrote: Svein Halvor Halvorsen wrote: * Svein Halvor Halvorsen [2005-08-28 23:53 +0200] Does this sound reasonable? Is there any precautions I should take? Are there any other tools better suited for the task at hand? I'm responding to my own message. Let's say I happen to move all music from /music/artist - album/ to /music/artist/album. Even though a local snapshot would handle this well, rsync would create new files on the remote machine, and when I then take a snapshot there, it will be HUGE! isn't that the whole point of having a backup? to have *another* copy of your files? and I guess that yes, if the files are new in the remote system, when you take a snapshot the difference with the previous snapshot will be the size of the new data (only guessing from how snapshots work in Linux, so feel free to flame ..err..correct me :) ) Beto ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] cat /usr/ports/sysutils/rsnapshot/pkg-descr -Erik- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Illegal access attempt - FreeBSD 5.4 Release - please advise
On 8/24/05, ro ro [EMAIL PROTECTED] wrote: Hi All, I was browsing through my log files and noticed that someone (or many people) is trying to gain illegal access to my server (see snippet from log files below). The below log file clearly indicates someone trying to hackaway at my personal server. I performed the following steps: nmap -v 210.0.142.153 and noticed that this person/institution had port 80 and 21 open. I visited their website and it appears to be someone from hongkong. http://www.chkpcc.edu.hk/ HERE IS THEIR CONTACT INFORMATION AS IT APPEARS ON THEIR WEBSITE - Confucian Ho Kwok Pui Chun College 孔 教 學 院 何 郭 佩 珍 中 學 Address 地址: Fu Shin Est., Taipo, N.T., HKSAR 香港新界大埔富善村 Tel 電話: 852-2666-5926 Fax 傳真: 852-2660-7988 E-mail 電郵: [EMAIL PROTECTED] - When I saw the logs for the first time. I took the following steps: 1) AllowUsers in sshd contained only users that I wanted to have access to my ssh 2) Created a decent rulest within ipfw that permitted incoming access to only two ports ssh and http I took the issue of creating a good firewall quite lightly and now I regret that decision.. now I have learnt... Can someone provide me with guidance on this issue and advise me on next steps to take action against such losers. Thanks RV Aug 23 08:19:03 free sshd[22519]: Illegal user lp from 210.0.142.153 Aug 23 08:19:06 free sshd[22521]: Illegal user admin from 210.0.142.153 Aug 23 08:19:08 free sshd[22523]: Illegal user admin from 210.0.142.153 Aug 23 08:19:10 free sshd[22525]: Illegal user admin from 210.0.142.153 Aug 23 08:19:12 free sshd[22527]: Illegal user admin from 210.0.142.153 Aug 23 08:19:15 free sshd[22529]: Illegal user admin from 210.0.142.153 Aug 23 08:19:17 free sshd[22531]: Illegal user admin from 210.0.142.153 Aug 23 08:19:19 free sshd[22533]: Illegal user admin from 210.0.142.153 Aug 23 08:19:22 free sshd[22535]: User root not allowed because not listed in AllowUsers Aug 23 08:19:24 free sshd[22537]: User root not allowed because not listed in AllowUsers Aug 23 08:19:27 free sshd[22539]: User root not allowed because not listed in AllowUsers Aug 23 08:19:29 free sshd[22541]: User root not allowed because not listed in AllowUsers Aug 23 08:19:33 free sshd[22543]: User root not allowed because not listed in AllowUsers Aug 23 08:19:35 free sshd[22545]: User root not allowed because not listed in AllowUsers Aug 23 08:19:37 free sshd[22547]: Illegal user apache from 210.0.142.153 Aug 23 08:19:40 free sshd[22549]: Illegal user dan from 210.0.142.153 Aug 23 08:19:42 free sshd[22551]: Illegal user electra from 210.0.142.153 Aug 23 08:19:44 free sshd[22553]: Illegal user student from 210.0.142.153 Aug 23 08:19:47 free sshd[22555]: Illegal user school from 210.0.142.153 Aug 23 08:19:49 free sshd[22557]: User mysql not allowed because not listed in AllowUsers Aug 11 20:16:10 free sshd[21585]: Illegal user test from 210.245.197.16 Aug 11 20:16:12 free sshd[21587]: Illegal user guest from 210.245.197.16 Aug 11 20:16:14 free sshd[21589]: Illegal user admin from 210.245.197.16 Aug 11 20:16:16 free sshd[21591]: Illegal user admin from 210.245.197.16 Aug 11 20:16:23 free sshd[21593]: Illegal user user from 210.245.197.16 Aug 11 20:16:32 free sshd[21601]: Illegal user test from 210.245.197.16 Aug 14 03:39:21 free sshd[32377]: Illegal user 1 from 61.145.222.10 Aug 14 03:39:26 free sshd[32379]: Illegal user a from 61.145.222.10 Aug 14 03:39:31 free sshd[32381]: Illegal user a from 61.145.222.10 Aug 14 03:39:38 free sshd[32383]: Illegal user abuse from 61.145.222.10 Aug 14 10:47:49 free sshd[33623]: Illegal user admin from 64.222.146.197 Aug 14 10:47:51 free sshd[33625]: Illegal user administrator from 64.222.146.197 Aug 14 10:47:52 free sshd[33627]: Illegal user jack from 64.222.146.197 Aug 14 10:47:53 free sshd[33629]: Illegal user marvin from 64.222.146.197 Aug 14 10:47:58 free sshd[33631]: Illegal user andres from 64.222.146.197 Aug 14 10:47:59 free sshd[33633]: Illegal user barbara from 64.222.146.197 Aug 14 10:48:01 free sshd[33635]: Illegal user adine from 64.222.146.197 Aug 14 10:48:02 free sshd[33637]: Illegal user test from 64.222.146.197 Aug 14 10:48:04 free sshd[33639]: Illegal user guest from 64.222.146.197 Aug 14 10:48:07 free sshd[33641]: Illegal user db from 64.222.146.197 Aug 23 08:18:40 free sshd[22499]: Illegal user demo from 210.0.142.153 Aug 23 08:18:43 free sshd[22501]: Illegal user postgres from 210.0.142.153 Aug 23 08:18:45 free sshd[22503]: Illegal user postmaster from 210.0.142.153 Aug 23 08:18:47 free sshd[22505]: Illegal user postgres from 210.0.142.153 Aug 23 08:18:49 free sshd[22507]: Illegal user postgres from 210.0.142.153 Aug 23 08:18:52 free sshd[22509]: Illegal user ftp from 210.0.142.153 Aug 23
Re: Illegal access attempt - FreeBSD 5.4 Release - please advise
On 8/24/05, Michael Dale [EMAIL PROTECTED] wrote: Also, most if not all of the blocks below are Asia netblocks that I have had more then 3 attempts to gain access to my servers. 220.0.0.0/8 202.0.0.0/7 134.208.0.0/16 218.0.0.0/8 210.0.0.0/7 221.0.0.0/8 219.0.0.0/8 195.116.0.0/16 59.0.0.0/8 195.133.91.0/24 222.0.0.0/8 Not always a good idea. A lot of Australian users have been having issues because of people doing this. More info here: http://forums.whirlpool.net.au/forum-replies.cfm?t=324246#r2 You are right, its not a good idea, but when they attempt access I email the logs and and a nice email (NOT a 3 page complaint followed by demands and treat of legal recourse (I work at a large ISP so I know)) I get no where, those ISP's are leave me no other choice. I should also state that I remove the netblocks from my blackhole list about every 3 months, but the same blocks always end up back on the list. -Erik- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Dump on large file systems
On 8/14/05, John Pettitt [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 I tried to dump a 600gb file system a few days ago and it didn't work. dump went compute bound during phase III and never wrote any data to the dump device (this on an up to date RELENG_5 box). - is this a known problem? Are there any work arounds? John -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) iD8DBQFC/1VpaVyA7PElsKkRAwnlAKCiqEJ5BLoKpHIRCOLMbcSjrpNBjgCgyyZp nM+KOXrDZs96+nk7QV6hOCc= =7Kv9 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] If you are dumping that 660G slice to a file, you will need to split it up into smaller chuncks. dump -0auLf - / | split -a4 -b1024m - patth/to/dump/file. The above line will create 1G files and append the filename (see the trailing .) eg.. 20050815-root. 20050815-root.aaab You can also gzip it, but this makes the backup take a long time. dump -0auLf - / | gzip | split -a4 -b1024m - patth/to/dump/file.gz. -Erik- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: i can't block win98 computers
On 8/15/05, vladone [EMAIL PROTECTED] wrote: Hi! I try to block some computers to acces my gateway based on MAC address. I use this ipfw rule: ipfw add 100 deny mac any xx:yy:aa:bb:cc:dd in via $private_interface With this i can block XP computers but not work with Win98. I dont understand what is happened! I try against different computer with win98 OS and i can't block it. Only messenger is blocked but navigation work well. Computers with WinXP OS is blocked succesfull. I believe as is an problem with TCP packets that comming from Win98 computers but i dont know how i can resolv this. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] IIRC, 98 had a hacked down version of the TCP/IP stack opposed to the normal unix stack. All though I don't think this would be a issue, as 98 boxes would not be able to use any type of switch if the TCP/IP stack did not have some type of MAC header in it. Clear your arp table and look to see if you get an arp address for the 98 boxes. You might find that you have a typo in the address, or pull the MAC right off the card it self. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Stranges with ARP
On 8/12/05, vladone [EMAIL PROTECTED] wrote: I dont understand. U want to block users that not have corect MAC address?. Then permit only corect MAC and deny any else. Problem with illegal connected users is not very easy to resolv. Any guy that have some ability, can change MAC address with one that exist in network and voila! Solutions for this is to buil some authentication with VPN. But is not very easy to implement. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Also you can use PPoE ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem w/ PAM…
On 8/10/05, Sean P. Malone [EMAIL PROTECTED] wrote: …and the problem is evidently me! Okay. I was messing around with pam_radius in and attempt to authenticate POP requests off of our existing Active Directory. Although I was able to get SSH to authenticate off of AD, I never could get POP. Today I finally realized that our checkpasswd program can ONLY valid off of the local user DB – we use qmail. That made sense so I decided to ditch pam_radius. In my eagerness to get rid of it and move on, I believe that I've delete a file(s) from /user/lib. Namely, pam_radius.s0 and pam_radius.s02 (from memory). If it is true that the absence of these original files is causing my problem, I really need to somehow restore PAM. It seems that I have a fail open situation here. I can ssh to the host and get a shell without entering a password. Luckily, one cannot ssh in as root, but one can first ssh in as them self (w/o being asked a password) and then su right into root – yes, w/o a password! I'm novice enough to blame myself right off the bat for moving to fast. Thus, I've pulled the system off the network and am hoping that I can somehow restore PAM w/o a reinstall. The system is still non-production so, sigh, there is no backup. :( Does anyone know if I can fix PAM? FreeBSD v5.3 Thanks! Sean ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I would try reinstalling openssh. If that does not fix your problem, backup what your need and reinstall. -Erik- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Simple question of dns?
On 8/10/05, Carstea Catalin [EMAIL PROTECTED] wrote: I want to configure my dns to redirect all request from : http://www.mail.mydomain.com http://www.mail.mydomain.com to http://mail.mydomain.com Many users do first request and my server respond only al the second url. Tks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] DNS will not do redirects, that's a function of a web server. You can do an aliases. The format would be like this in the zone file. www.mail IN CNAMEmail.domain.com. So going to www.mail.domain.com is the same as using mail.domain.com. The only time it is not good to do the above, is when your web server is doing name based virtual hosting. -Erik- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Port Scan
On 7/28/05, Cody Holland [EMAIL PROTECTED] wrote: Does anyone know what could be causing this? Some of these are probes from external IP's, but a lot of these are the servers probing itself. Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:65215 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:65215 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:65215 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:65215 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:65215 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:65215 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:65215 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:65215 flags:0x02 Connection attempt to UDP 206.123.80.170:1026 from 218.66.104.140:38828 Connection attempt to UDP 206.123.80.170:1027 from 218.66.104.140:38828 Connection attempt to UDP 206.123.80.170:137 from 61.231.179.224:1026 Connection attempt to UDP 206.123.80.170:137 from 201.26.75.232:1031 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:55955 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:63129 flags:0x02 Connection attempt to UDP 127.0.0.1:123 from 127.0.0.1:56993 Connection attempt to UDP 127.0.0.1:123 from 127.0.0.1:56993 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:64144 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:64144 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:64144 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:64144 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:64144 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:64144 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:64144 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:64144 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:64144 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:51848 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:55282 flags:0x02 Connection attempt to UDP 127.0.0.1:123 from 127.0.0.1:53426 Connection attempt to UDP 127.0.0.1:123 from 127.0.0.1:53426 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:64592 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:64592 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:64592 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:64592 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:64592 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:64592 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:64592 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:64592 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:64592 flags:0x02 Connection attempt to UDP 206.123.80.170:1026 from 221.10.201.190:44654 Connection attempt to TCP 206.123.80.170:135 from 206.123.215.83:28963 flags:0x02 Connection attempt to TCP 206.123.80.170:135 from 206.123.215.83:28963 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:58536 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:57678 flags:0x02 Connection attempt to UDP 127.0.0.1:123 from 127.0.0.1:55382 Connection attempt to UDP 127.0.0.1:123 from 127.0.0.1:55382 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:51988 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:51988 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:51988 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:51988 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:51988 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:51988 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:51988 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:51988 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:51988 flags:0x02 Connection attempt to UDP 206.123.80.170:1026 from 220.175.8.154:38035 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:55080 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:57468 flags:0x02 Connection attempt to UDP 127.0.0.1:123 from 127.0.0.1:62552 Connection attempt to UDP 127.0.0.1:123 from 127.0.0.1:62552 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:49701 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:49701 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:49701 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:49701 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:49701 flags:0x02 Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:49701 flags:0x02 Connection
Re: Dead disk? READ_DMA Failure
On 7/28/05, Erik Nørgaard [EMAIL PROTECTED] wrote: Hi, Please read on although this is a long one... I might panic and coredump myself if I don't get this fixed. I have a one year old Hitachi Travelstar 60GB/4200RPM disk. This night and since then, I get these errors: ad0: TIMEOUT - READ_DMA retrying (2 retries left) LBA=48926527 ad0: TIMEOUT - READ_DMA retrying (1 retry left) LBA=48926527 ad0: FAILURE - READ_DMA timed out or ad0: TIMEOUT - READ_DMA retrying (2 retries left) LBA=50299455 ad0: FAILURE - READ_DMA status=51READY,DSC,ERROR error=40UNCORRECTABLE LBA=50299455 The LBA number varies, but otherwise it is consistent. Eventually the device is removed from /dev and no disk is accessible, although mount shows mounted devices. I have booted in single user mode and run fsck manually multiple times to correct all found errors, most errors are on /, /usr and some on /var, yet the problem reappears. I have tried to reinstall, toggling newfs to recreate /, /usr and /var hoping that any bad blocks or sectors would be removed or marked unusable. But the problem remains. Is there a way I can reformat or fix the disk so that broken areas will not be used again? Please, how far from the grave are my data? Any suggestion on which new drive to choose? I have looked at Western Digital Scorpio WD600VE 60 GB. Given the mentioned error, does this indicate an error that would be covered by standard guarantee? after all the disk is just one year old... The system: FreeBSD 5.4, Epia Mini-ITX CL1000, 256MB RAM, 60 GB HDD. Thanks, Erik GnuPG: http://www.locolomo.org/home/norgaard/norgaard.gpg.asc pub 1024D/11D11F9E 2003-08-15 Erik Norgaard [EMAIL PROTECTED] Key fingerprint = C394 81C4 D137 EEE5 39BE 82D5 3E6B FB3E 11D1 1F9E ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Its been in my experience that once the disk starts getting bad sectors, it will just get worse with time. If DOS could format around bad sectors, I'm sure BSD can do it. I would suggest that you backup your data, and RMA the drive. That is the safest way to go about this. If you cant/wont RMA the drive then make that 60G drive hold non-vital information, and use another drive for your system slices. -Erik- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Backup Server with Freebsd 5.4. Help.
On 7/22/05, perikillo [EMAIL PROTECTED] wrote: On 7/22/05, lars [EMAIL PROTECTED] wrote: perikillo wrote: Hi people. I like to hear some experienced about this situation and see if is possible: We have in the company i work, one backup system running Windows NT 4 with some Seagate Backup Exec 7.8 over one SCSI system HP SuRestore Ultrium 230, this system has working good for some years, but next week we are going to receive one new Dell server running win server 2k3, this will be our PDC, and we need to get rid of Windows NT system backup, and i want to install the backup system with Freebsd 5.3 or 5.4 and bacula or another backup system that you now is working with my HP device. Them, i can use Freebsd 5.3 or 5.4 with my HP device with bacula or other software to backup files on my windows domain? The PDC is going to run win 2k3 here is going to be the files we want to backup. Did you check www.bacula.org whether your tape drive is supported by Bacula? Or how to setup Bacula on MS Windows? Yes, is supported, but the OS dosent appear, this way i want to knows if someone has this tape drive working with freebsd 5.3 or 5.4. About setup bacula under Redmond software, i dont want pay more license only to use it like backup system, this why i want to use freeebsd, to use one simply hardware and backup my windows files for windows 2003. Some has this configuration? I have always like the bacula software. I have not used it in about a year though. This was on a w2k AD domain. The problem only I had using it, was the MS agent. It had issues backing up MS systems files. I just cron'd MSbackup to backup the system state to a SMB mount, and used the agent for everything else. Also you will have to run the agent as administrator or an account with-in the administrators group. If your HP device will work the app mt it should work with bacula. Sometimes it will require a bit of hacking. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Restrict Tunneling thru SSH
On 7/22/05, Trevor Sullivan [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hornet wrote: On 7/21/05, Trevor Sullivan [EMAIL PROTECTED] wrote: Hello list, I am curious as to whether or not it is possible to restrict certain users from tunneling traffic through SSH. I would like to be able to tunnel my own traffic, but provide user logins that are restricted from accessing the rest of my inside network. Is it possible to restrict this by user? Thanks Trevor I'm pretty sure it is an all or nothing config option in sshd.conf in the global sense. But you can make specific options for specific hosts. So could I possibly restrict SSH tunneling by IP (host)? I guess my concern is that if I create a user account, it will be able to tunnel to other machines on my network w/o restriction. Is the way to do this maybe a DMZ or separate VLAN? Trevor Yes, should be able to do this via your sshd config. I would recommend using webmin for this. I have not done this before, but it looks do able. Are your user going to be using ssh, or is this just a SMB box? If it is just a SMB box, then I would just set the shell account to nologin since that is separate from the SMB account. Also I guess you could set a up firewall and restrict the ports that can talk on the LAN. -Erik- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Backup Server with Freebsd 5.4. Help.
On 7/22/05, perikillo [EMAIL PROTECTED] wrote: On 7/22/05, lars [EMAIL PROTECTED] wrote: perikillo wrote: Hi people. I like to hear some experienced about this situation and see if is possible: We have in the company i work, one backup system running Windows NT 4 with some Seagate Backup Exec 7.8 over one SCSI system HP SuRestore Ultrium 230, this system has working good for some years, but next week we are going to receive one new Dell server running win server 2k3, this will be our PDC, and we need to get rid of Windows NT system backup, and i want to install the backup system with Freebsd 5.3 or 5.4 and bacula or another backup system that you now is working with my HP device. Them, i can use Freebsd 5.3 or 5.4 with my HP device with bacula or other software to backup files on my windows domain? The PDC is going to run win 2k3 here is going to be the files we want to backup. Did you check www.bacula.org whether your tape drive is supported by Bacula? Or how to setup Bacula on MS Windows? Yes, is supported, but the OS dosent appear, this way i want to knows if someone has this tape drive working with freebsd 5.3 or 5.4. About setup bacula under Redmond software, i dont want pay more license only to use it like backup system, this why i want to use freeebsd, to use one simply hardware and backup my windows files for windows 2003. Some has this configuration? I have always like the bacula software. I have not used it in about a year though. This was on a w2k AD domain. The problem only I had using it, was the MS agent. It had issues backing up MS systems files. I just cron'd MSbackup to backup the system state to a SMB mount, and used the agent for everything else. Also you will have to run the agent as administrator or an account with-in the administrators group. If your HP device will work the app mt it should work with bacula. Sometimes it will require a bit of hacking. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Restrict Tunneling thru SSH
On 7/22/05, Trevor Sullivan [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hornet wrote: On 7/21/05, Trevor Sullivan [EMAIL PROTECTED] wrote: Hello list, I am curious as to whether or not it is possible to restrict certain users from tunneling traffic through SSH. I would like to be able to tunnel my own traffic, but provide user logins that are restricted from accessing the rest of my inside network. Is it possible to restrict this by user? Thanks Trevor I'm pretty sure it is an all or nothing config option in sshd.conf in the global sense. But you can make specific options for specific hosts. So could I possibly restrict SSH tunneling by IP (host)? I guess my concern is that if I create a user account, it will be able to tunnel to other machines on my network w/o restriction. Is the way to do this maybe a DMZ or separate VLAN? Trevor Yes, should be able to do this via your sshd config. I would recommend using webmin for this. I have not done this before, but it looks do able. Are your user going to be using ssh, or is this just a SMB box? If it is just a SMB box, then I would just set the shell account to nologin since that is separate from the SMB account. Also I guess you could set a up firewall and restrict the ports that can talk on the LAN. -Erik- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Restrict Tunneling thru SSH
On 7/22/05, Trevor Sullivan [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hornet wrote: On 7/21/05, Trevor Sullivan [EMAIL PROTECTED] wrote: Hello list, I am curious as to whether or not it is possible to restrict certain users from tunneling traffic through SSH. I would like to be able to tunnel my own traffic, but provide user logins that are restricted from accessing the rest of my inside network. Is it possible to restrict this by user? Thanks Trevor I'm pretty sure it is an all or nothing config option in sshd.conf in the global sense. But you can make specific options for specific hosts. So could I possibly restrict SSH tunneling by IP (host)? I guess my concern is that if I create a user account, it will be able to tunnel to other machines on my network w/o restriction. Is the way to do this maybe a DMZ or separate VLAN? Trevor Yes, should be able to do this via your sshd config. I would recommend using webmin for this. I have not done this before, but it looks do able. Are your user going to be using ssh, or is this just a SMB box? If it is just a SMB box, then I would just set the shell account to nologin since that is separate from the SMB account. Also I guess you could set a up firewall and restrict the ports that can talk on the LAN. -Erik- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [OT Re: SPAM Problem]
On 7/23/05, Greg Maruszeczka [EMAIL PROTECTED] wrote: Aaron Siegel wrote: Hello This message is off topic but I was not sure were else I can go to get help with my problem. For the past week I have been receiving messages from various mail servers which have bounced messages I have not sent but have my email address as the originator of the bounced message. I believe there are some SPAMers using my email address on their SPAM. I would really like to avoid changing my domain name. Has anyone experienced this problem? Is there something I can do? It's probably blowback resulting from the activities of worm-infected windows hosts. Someone you correspond with got infected and the worm subsequently propagated itself by picking your name from their address book and inserting it into the from: header of the message carrying the worm. Then, badly configured MTAs send helpful NDRs to the sender informing them that they're messages couldn't be delivered Pretty routine, really. G ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Yeah, that should, for the most part blow over is a few weeks. In the mean time just filter to the trash. If it to big of problem, you can always delete the NDR's from your mailbox using a script on a cron job. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH tunnelling
On 7/21/05, C Burchell [EMAIL PROTECTED] wrote: I would like to use a FreeBSD 5.3 RELEASE machine to perform data tunnelling from a remote location. If anyone on the list is famliiar with secure-tunnel.com - I'm trying to create something similar. I have a FreeBSD server colocated in a remote facility, and I'd like to be able to pipe all traffic from a local PC to that server so that traffic appears to 'originates' from the collocated server. Is this possible? Any guidance would be appreciated. I am using FreeBSD 5.3_RELEASE and VanDyke SecureCRT on the client. Cheers, Chris If you want to originate ALL traffic from the remote facility, then a VPN would be the best option. If you just want certain traffic like www, then ssh tunnels would be best of course you prolly will have to set a proxy. I have a friend that uses SecureCRT, never much cared for it since putty is (IMHO is better) free. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: undelete in FreeBSD?
On 7/21/05, Xu Qiang [EMAIL PROTECTED] wrote: Hi, all: I mis-deleted /usr/local/bin directory in my FreeBSD. How can I restore it? Looking for your help urgently, thanks, Xu Qiang Use your backups, you do make backups dont you? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: frontend for openssl?
On 7/21/05, Mipam [EMAIL PROTECTED] wrote: Hi All, Openssl is very cool, but not always very easy to use. Does there exist a frontend for openssl that can create and sign certificates bit one that also can create and sign pkcs7 certs? Maybe something exists to help you create your own certificate authority? Bye, Mipam. ___ Webmin has a Certificate Manager plugin. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OT: Helpdesk/Call tracking software (now VERY off topic)
On 7/20/05, Matt Juszczak [EMAIL PROTECTED] wrote: While I'm here, anyone know something that can integrate with LDAP to pull customer info? Of course the tickets would be stored in MySQL, etc but a way to search for customers, etc. via ldap would be awesome http://www.otrs.org Philip Hallstrom wrote: Never used it, but RT always seems to get good praise... http://www.bestpractical.com/rt/ On Thu, 21 Jul 2005, Cezar Fistik wrote: Dear group, Sorry for OT, but I'm sure someone in this group can help me. I'm looking for an open source helpdesk/call tracking application for use in an ISP customer support dept. We need something that will allow us to register all incomming calls, to assign tasks to different admnis/engineers according to customer's problem, to be able to see the status of each opened issue and so on. Nothing unusual. I made a search and found a number of such applications, but there are so many...it wouldn't be possible to test all of them. So please just tell me what you are using and how would you rate it. Thank you very much. -- Best regards, Cezar mailto:[EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] !DSPAM:42ded945986391657816232! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Some sort of filter based filesystem
On 21 Jul 2005 10:29:05 -0400, Lowell Gilbert [EMAIL PROTECTED] wrote: Svein Halvor Halvorsen [EMAIL PROTECTED] writes: * Lowell Gilbert [2005-07-20 09:19 -0400] You're right that the outputs wouldn't *have* to be pre-generated, but doing it on the fly would make the project both more difficult to implement and (I think) less convenient to use. This, I do not get. Why is it, that this would be less convenient? In fact, I see no other use for this than to save disk space when you want data available in several (information perserved) formats? I see it as being something you will usually want when you're copying the music off somewhere else. In that case, the speed hit would be annoying. I don't expect people to play the same songs in different formats on the same machine... It seems that if you were to do such a thing, that's all that box would be able to do is the conversion until you are done. Also if you are reading faster then you are writing and don't have lots-o-ram, its all going to go to swap. Then you are writing the file essentially twice, and boging down the drive even futher. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Restrict Tunneling thru SSH
On 7/21/05, Trevor Sullivan [EMAIL PROTECTED] wrote: Hello list, I am curious as to whether or not it is possible to restrict certain users from tunneling traffic through SSH. I would like to be able to tunnel my own traffic, but provide user logins that are restricted from accessing the rest of my inside network. Is it possible to restrict this by user? Thanks Trevor I'm pretty sure it is an all or nothing config option in sshd.conf in the global sense. But you can make specific options for specific hosts. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OT: Helpdesk/Call tracking software
On 7/20/05, Cezar Fistik [EMAIL PROTECTED] wrote: Dear group, Sorry for OT, but I'm sure someone in this group can help me. I'm looking for an open source helpdesk/call tracking application for use in an ISP customer support dept. We need something that will allow us to register all incomming calls, to assign tasks to different admnis/engineers according to customer's problem, to be able to see the status of each opened issue and so on. Nothing unusual. I made a search and found a number of such applications, but there are so many...it wouldn't be possible to test all of them. So please just tell me what you are using and how would you rate it. Thank you very much. -- Best regards, Cezar mailto:[EMAIL PROTECTED] http://otrs.org/ Is a great OSS helpdesk software. I have installed it for the many IT orgs I have worked with/in. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DoS prevention .Sysctl parameters to prevent this?
On 19 Jul 2005 10:28:21 -0400, Lowell Gilbert [EMAIL PROTECTED] wrote: vladone [EMAIL PROTECTED] writes: Recently i have in gateway freebsd that go down due to an DoS attack. I dont know exactly what is (i dont have experience), but is useful if someone, with more wiyh more experience, can give some parameters for sysctl to prevent Dos an flood problem. Or perhaps with ipfw rules. Any help will be apreciated! The question is too general. Every resource that is consumed by incoming traffic is potentially subject to a denial-of-service attack. Furthermore, most denial-of-service attacks are actually using up your incoming bandwidth, so there isn't much you can do on your machine after those packets have already traversed your incoming link. You hit the nail on the head. Really the best this you can do, is have tight firewall, netflow samples of your in/out data, and some cool scriptage to figure out if something is happening (and I'm talking about more the just some pretty graphs). Then call your ISP to block the hosts. Now if this is a DDoS and it is from a well built network, pretty much you will have to have the ISP null your host or network until it subsides. See the manual for security(7), and see if that gives you a good start. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: putty login
On 7/18/05, John Larson [EMAIL PROTECTED] wrote: I have a freebsd 4.11 apache2 webserver with one dedicated windows client connected between two nic cards. I am not connected to the internet. I can login using putty with the numbers (192.168.1.4 http://192.168.1.4) but I would like to be able to log in using www.larson.com http://www.larson.com. I have put this www.larson.com http://www.larson.com wherever I can think of (/etc/hosts, /etc/resolv.conf).help please John Larson This website, is it hosted internally, and no access to the public is needed? If so, you need to edit the winboxes host file and add the domain. Or setup a internal DNS server for your local domains. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Question on Routing
On 7/16/05, Mark [EMAIL PROTECTED] wrote: I'm looking for a reccomendation on the best software to publish RIP routes for IPSpace I own. I'm aware I'd have to get approval from my bordering routers to allow me to publish routes for public space, but I am just looking to publish updated routes (dynamically) via RIP or BGP from a FreeBSD based system. I've seen this done with gated, but at least for now I'd like to use a free piece of software. Thanks, Mark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I think Zebra is the software you are looking for. It will do some neat stuff with routing. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DHCP assigned unregistered IP address
On 7/15/05, Alex Zbyslaw [EMAIL PROTECTED] wrote: Bob Hall wrote: However, note the When the Cable Modem is disconnected from the Internet... so the only reason it should be handing you the local IP is if it cannot talk back to the DHCP server it gets your real IP from. If Yea, that's pretty obvious. It's also pretty undesirable. Apparently, Motorola decided the checkbox was confusing and removed it, replacing it with this automatic behavior. Blea. Learning from Microsoft ;-) If it happens again, you might want to talk to your provider to find out *why*. Does this thing have any flashing lights on the front? There are LEDs, but they didn't indicate anything was wrong. There have been many reboots over the time I've been with this ISP, and this is the only time this happened. I'm not going to demand an explanation for a fluke. I just meant that it might indicate a fault somewhere in either your modem or (more likely) some of the hardware between it and the ISP. Somewhere I have a list of acceptable values for some of the (to me) impenetrable signal levels etc. which my 4100 can show me. At least if I see one of those is bad, then I know it's not my fault. If things don't return to normal in a while, then maybe it's worth contacting tech support or checking their status page (which I can only do because I still have a separate dial-up account for just such emergencies). Also if the 4100 can't reach the DHCP server, the green lights won't ever all come on, so it's pretty obvious when there is a fault. Of course, that might be because the local DHCP server has been turned off ;-) A better question is why the tech I talked to told me that the unregistered IP address wasn't a problem. But she did tell me that she was new, and generally the techs can distinguish between their cloacal anatomy and a geophysical excavation. My experience of virtually every large organisation is that there are two types of techs. The ones for whom their cloacal anatomy is indistinguishable from their articulatio cubiti, and the ones who actually know how to listen, diagnose a problem etc. With the rise in call centres, the former are becoming more prevalent, and it gets harder to get your problems referred to the latter. When the person you talk to has a script which doesn't go beyond turn if off; leave it for 30 seconds and turn it back on again, you are in trouble. You must use comcast. :) --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DHCP assigned unregistered IP address
On 7/14/05, Robert Huff [EMAIL PROTECTED] wrote: Glenn Dawson writes: Sounds like you have one of the motorola cable modems. They will assign exactly that address if they are turned on and can't communicate with the cable companies network. In such situations, my 3Com shows a red light in the appropriate slot. Do Motorolas not do this? Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] When you try to go to any web site, is it redirection you to the same web page? Also try 'dig @216.235.128.31 www.yahoo.com' and 'dig @216.235.128.31 www.freebsd.org' and if you get the same IP, you might need to re-register with your ISP. I had a similar problem, where their DHCP server got hosed and I experienced the same issue. Also :) did you pay your bill. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Screen display problem during installation
On 7/11/05, Jim Mozley [EMAIL PROTECTED] wrote: Hornet wrote: Can you swap out the video card as a temp solution? Thanks for the response. This would not really be practical, I have several servers that may need upgrading on different sites. They are 1U rack mount servers in different data centres and it would make upgrading very awkward, assuming I can find a card that will fit within the case. Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Ahh, but awkwardness and upgrading is almost always synonymous. Maybe you can get a USB floppy drive and try to console that way? You may want to also look at the BIOS and see if there is an update or tweak on the video card or AGP. I know you said you tested it on another PC, but did you test it on another server of the same EXACT spec's (BIOS version included)? Also if this video card shares mem with the system mem, you could try giving the card like 32M to start on, then take that back down once its up and working. -Erik- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Screen display problem during installation
On 7/11/05, Jim Mozley [EMAIL PROTECTED] wrote: Jim Mozley wrote: I'm trying to install 5.4 on a system that currently has 4.10 on it. My problem is that when the system boots from the install disk 1 I cannot see the initial menu due to a display problem. I see the initial boot information then the box that should have the selection options in, but without the content of the box. The box just overwrites the display information, leaves the boot information on the screen and I see BSD Daemon to the right of it. I don't have a floppy drive on the system to attempt a console install so I cannot use that solution. From memory I didn't have any problems with the 4.10 install, so I tried on another PC with the same CD and this displayed the initial menu OK. Any ideas on what I could do to resolve this? Sorry for the repost but I didn't receive any replies on this, I couldn't see that I'd asked a FAQ! Any help appreciated, Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Can you swap out the video card as a temp solution? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: PF firewall log problems
I guess I'm failing to see the point of writing to the log faster. If you need real time stats, use tcpdump -n -e -ttt -i pflog0. If you want to get say the last 1000 entries in the log and then go to realtime, use: sudo tcpdump -n -e -tt -c 1000 -r /var/log/pflog sudo tcpdump -n -e -ttt -i pflog0 On 7/7/05, fbsd_user [EMAIL PROTECTED] wrote: I am viewing pf log this way tcpdump -n -e -ttt -r /var/log/pflog Your reference to pflog man page is useless. Been there already. That gives some field names but not what is in them One of the pf mane pages says there is way to shorten buffer write cycle time. How do tell PF in rc.conf these over ride options?? -Original Message- From: Hornet [mailto:[EMAIL PROTECTED] Sent: Thursday, July 07, 2005 8:54 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] ORG Subject: Re: PF firewall log problems On 7/7/05, fbsd_user [EMAIL PROTECTED] wrote: How can I change the default wait time for PF buffer writes to the log file? The log records are being held in the buffers for a long time before being written out. I want to change this to a shorter time. How are you viewing the data? Realtime tcpdump tcpdump -n -e -ttt -i pflog0 or Viewing pflog tcpdump -n -e -ttt -r /var/log/pflog Anything written to the tty is going to be a bit slower, of course if you can jack into your brain all would be solved. Are there any tools or ports for use on the PF log file to create better standardized reports? I think there is one called hatchet. Of course you can't beat good old fashion grep,awk, and maybe sed Where can I find a description of the PF log record fields? http://www.freebsd.org/cgi/man.cgi?query=pflogsektion=4 Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: tar Syntax Help
On 7/7/05, Drew Tomlinson [EMAIL PROTECTED] wrote: I'm trying to copy an entire file system while using an exclude file to avoid copying things such as /dev, /proc, etc. I've read the man page and found the -X or --exclude-from tar option. I've create a file called /exclude.list. It contains lines such as: /exclude.list /dev /proc But I can't figure out how to form the correct command line. I basically want to do this: tar -cvf - --exclude-from /exclude.list -C / . | tar xpf - -C . I've search the web and found examples that look similar to the above but this does not work for me. tar attempts to copy /dev and I get all the associated errors. I've tried other placements of either -X, X, and --exclude from on the command line various things happen from it just being ignored to tar thinking I want to create and archive named -X, etc., to tar trying to add a file named -X, etc. to the current archive. I'm at a loss. I'm using 4.11 and trying to make a good backup before upgrading to 5.4. Can anyone tell me the secret incantation to make this work? Thanks, Drew -- Visit The Alchemist's Warehouse Magic Tricks, DVDs, Videos, Books, More! http://www.alchemistswarehouse.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I wrote this years ago, http://www.justlinux.com/forum/showpost.php?p=294384postcount=1 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Logging into FreeBSD
On 7/8/05, Daniel Auman [EMAIL PROTECTED] wrote: Hi all, I'm afraid I must show my extreme ignorance. Using FreeBSD 5.4 I've created a log-in that starts a script I created #!/bin/sh mysql -u username -ppassword Are you says that you have the password hardcoded into your script? If so, make sure the read premission are set that only that user can access that script. Otherwise, your leaving your self wide open. It works fine. I get motd, then the mysql prompt. When I type the quit command I lose my SSH connection which is great! Problem is I don't have a clue how to even search for security problems related to using a custom login similar to what I've created. Can anybody point me in the right direction(s)? I'm happy to do the reading on my own. Thanks a lot, Daniel Auman Personalized Computer Systems, Inc. 4486 Indian Ripple Road Dayton, Ohio 45440 Phone: (937)296-7416 Fax: (937)431-0775 email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Redirecting requests
I'm using PF, and have this which works like a champ rdr on $public proto tcp from any to any port 3389 - 1.2.3.4 port 3389 rdr on $public proto tcp from any to any port 3390 - 1.2.3.5 port 3389 pass in on $public proto tcp from any to any port {3380:3390} keep state On 7/8/05, Bob Bomar [EMAIL PROTECTED] wrote: I am looking for the best way to redirect request on a specific port. Baiscally all I want to do is when a connection is made to a port, say 5000, send that request out through another port, say 2000, on the other interface. Any ideas? -- Bob Bomar [EMAIL PROTECTED] - FreeBSD: The Power to Serve http://www.freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Redirecting requests
Then change from any to any to from any to $intreface1 I think that is the syntax. On 7/8/05, Bob Bomar [EMAIL PROTECTED] wrote: On Fri, Jul 08, 2005 at 11:43:55AM -0400, Hornet wrote: I'm using PF, and have this which works like a champ rdr on $public proto tcp from any to any port 3389 - 1.2.3.4 port 3389 rdr on $public proto tcp from any to any port 3390 - 1.2.3.5 port 3389 pass in on $public proto tcp from any to any port {3380:3390} keep state On 7/8/05, Bob Bomar [EMAIL PROTECTED] wrote: I am looking for the best way to redirect request on a specific port. Baiscally all I want to do is when a connection is made to a port, say 5000, send that request out through another port, say 2000, on the other interface. Any ideas? My problem lies in the fact that the first machine and second machine will have the same IP address, its a long story, but that is what the client wants. -- Bob Bomar [EMAIL PROTECTED] - FreeBSD: The Power to Serve http://www.freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Has this box been hacked?
On 7/8/05, Brett Glass [EMAIL PROTECTED] wrote: Give ME a break. You're only stating the obvious: the more daemons are running, the more exposure. Brett say hello to my insta-trash filter. Get a hair cut you damn hippie http://www.ymmv.com/gifs/brett.gif This particular box is running BIND 8, a transparent Squid proxy, and SSH. BIND is sandboxed and Squid is running as a nonprivileged user. Squid is also set not to take requests from outside. I wasn't the one who configured it; I've been asked to analyze it. --Brett At 11:56 PM 7/6/2005, Ted Mittelstaedt wrote: http://www.ymmv.com/gifs/brett.gif Sure, FreeBSD 4.11 is very easy for a remote attacker to root. All you need to do is let a user on it setup some convenient password like the word password for the root user, and use the same on an easy-to-remember userID like sam or bob, then put a DNS entry in for it like porno-pictures.example.com and post that on a popular website and it shouldn't take but a few days for it to get rooted. Other than that, give me a break, Brett. If this is a router and an out of the box install then there's no services turned on that can be rooted. Is it customary to run a webserver on your router nowadays? Give us a list of services this box is running and we can give you a better idea of how easy it might be to root. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Brett Glass Sent: Wednesday, July 06, 2005 9:42 AM To: [EMAIL PROTECTED] Subject: Has this box been hacked? A client had a network problem, and I wanted to make sure that his FreeBSD 4.11 router wasn't the cause of it, so I rebooted it. I then did a last command and saw the following: root ttyv0 Tue Jul 5 12:01 - 12:05 (00:04) adminttyp0localhostTue Jul 5 11:57 - 11:57 (00:00) root ttyv0 Tue Jul 5 11:49 - 12:00 (00:11) reboot ~ Tue Jul 5 11:49 shutdown ~ Tue Jul 5 11:47 root ttyv0 Tue Jul 5 11:37 - shutdown (00:10) reboot ~ Tue Jul 5 11:36 shutdown ~ Tue Jul 5 05:36 shutdown ~ Tue Jul 5 11:22 Note the shutdown entry with the time 5:36 AM, which is odd because it's out of chronological order and the other logs don't show the typical debug messages at that time. Where might such an entry come from? How likely is it that the box has been rooted? Are there known exploits that might have been used to root a FreeBSD 4.11-RELEASE machine? (The only unusual activity I can see in the logs is a few attempts to log in as root via SSH. The attempts that were logged were not successful, but of course a skilled attacker would cover his tracks.) --Brett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: PF firewall log problems
On 7/7/05, fbsd_user [EMAIL PROTECTED] wrote: How can I change the default wait time for PF buffer writes to the log file? The log records are being held in the buffers for a long time before being written out. I want to change this to a shorter time. How are you viewing the data? Realtime tcpdump tcpdump -n -e -ttt -i pflog0 or Viewing pflog tcpdump -n -e -ttt -r /var/log/pflog Anything written to the tty is going to be a bit slower, of course if you can jack into your brain all would be solved. Are there any tools or ports for use on the PF log file to create better standardized reports? I think there is one called hatchet. Of course you can't beat good old fashion grep,awk, and maybe sed Where can I find a description of the PF log record fields? http://www.freebsd.org/cgi/man.cgi?query=pflogsektion=4 Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem updating apache 2.1.x via port
On 7/6/05, bsd [EMAIL PROTECTED] wrote: I have a problem updating my apache port. Compile seem to be ok and then install goes wrong. Any idea how to fix that ? === Installing for apache-2.1.4 === apache-2.1.4 depends on file: /usr/local/lib/libcrypto.so.3 - found === apache-2.1.4 depends on file: /usr/local/bin/perl5.8.7 - found === apache-2.1.4 depends on shared library: expat.5 - found === apache-2.1.4 depends on shared library: iconv.3 - found === Generating temporary packing list === Checking if www/apache21 already installed Making install in srclib Making install in pcre Making install in os Making install in unix Making install in server Making install in mpm Making install in prefork find: /usr/local/include/apr-1/apr.h: No such file or directory find: /usr/local/include/apr-1/apr_allocator.h: No such file or directory find: /usr/local/include/apr-1/apr_anylock.h: No such file or directory find: /usr/local/include/apr-1/apr_atomic.h: No such file or directory find: /usr/local/include/apr-1/apr_base64.h: No such file or directory find: /usr/local/include/apr-1/apr_buckets.h: No such file or directory find: /usr/local/include/apr-1/apr_date.h: No such file or directory find: /usr/local/include/apr-1/apr_dbm.h: No such file or directory find: /usr/local/include/apr-1/apr_dso.h: No such file or directory find: /usr/local/include/apr-1/apr_env.h: No such file or directory find: /usr/local/include/apr-1/apr_errno.h: No such file or directory find: /usr/local/include/apr-1/apr_file_info.h: No such file or directory find: /usr/local/include/apr-1/apr_file_io.h: No such file or directory find: /usr/local/include/apr-1/apr_fnmatch.h: No such file or directory find: /usr/local/include/apr-1/apr_general.h: No such file or directory find: /usr/local/include/apr-1/apr_getopt.h: No such file or directory find: /usr/local/include/apr-1/apr_global_mutex.h: No such file or directory find: /usr/local/include/apr-1/apr_hash.h: No such file or directory find: /usr/local/include/apr-1/apr_hooks.h: No such file or directory find: /usr/local/include/apr-1/apr_inherit.h: No such file or directory find: /usr/local/include/apr-1/apr_ldap.h: No such file or directory find: /usr/local/include/apr-1/apr_ldap_init.h: No such file or directory find: /usr/local/include/apr-1/apr_ldap_option.h: No such file or directory find: /usr/local/include/apr-1/apr_ldap_url.h: No such file or directory find: /usr/local/include/apr-1/apr_lib.h: No such file or directory find: /usr/local/include/apr-1/apr_md4.h: No such file or directory find: /usr/local/include/apr-1/apr_md5.h: No such file or directory find: /usr/local/include/apr-1/apr_mmap.h: No such file or directory find: /usr/local/include/apr-1/apr_network_io.h: No such file or directory find: /usr/local/include/apr-1/apr_optional.h: No such file or directory find: /usr/local/include/apr-1/apr_optional_hooks.h: No such file or directory find: /usr/local/include/apr-1/apr_poll.h: No such file or directory find: /usr/local/include/apr-1/apr_pools.h: No such file or directory find: /usr/local/include/apr-1/apr_portable.h: No such file or directory find: /usr/local/include/apr-1/apr_proc_mutex.h: No such file or directory find: /usr/local/include/apr-1/apr_queue.h: No such file or directory find: /usr/local/include/apr-1/apr_random.h: No such file or directory find: /usr/local/include/apr-1/apr_reslist.h: No such file or directory find: /usr/local/include/apr-1/apr_ring.h: No such file or directory find: /usr/local/include/apr-1/apr_rmm.h: No such file or directory find: /usr/local/include/apr-1/apr_sdbm.h: No such file or directory find: /usr/local/include/apr-1/apr_sha1.h: No such file or directory find: /usr/local/include/apr-1/apr_shm.h: No such file or directory find: /usr/local/include/apr-1/apr_signal.h: No such file or directory find: /usr/local/include/apr-1/apr_strings.h: No such file or directory find: /usr/local/include/apr-1/apr_strmatch.h: No such file or directory find: /usr/local/include/apr-1/apr_support.h: No such file or directory find: /usr/local/include/apr-1/apr_tables.h: No such file or directory find: /usr/local/include/apr-1/apr_thread_cond.h: No such file or directory find: /usr/local/include/apr-1/apr_thread_mutex.h: No such file or directory find: /usr/local/include/apr-1/apr_thread_rwlock.h: No such file or directory find: /usr/local/include/apr-1/apr_time.h: No such file or directory find: /usr/local/include/apr-1/apr_uri.h: No such file or directory find: /usr/local/include/apr-1/apr_user.h: No such file or directory find: /usr/local/include/apr-1/apr_uuid.h: No such file or directory find: /usr/local/include/apr-1/apr_version.h: No such file or directory find: /usr/local/include/apr-1/apr_want.h: No such file or directory find:
Re: Remote access to a user's mail spool
I would have to say that, for what you are trying to do, you are going the long way about it. If I was to be stuck having to this, I would make a php/perl script with web GUI that just pares out the users subjects and adds a check box and delete button. Security can be implemented in so many ways with Apache that I would recommend that you read the Apache manual. I would go so far as setting an IP alias on the interface and limiting the networks that can access the script. Or just lock the shell access correctly. Erik On 7/5/05, Matt Juszczak [EMAIL PROTECTED] wrote: Hi all, We're an ISP, and we are currently looking for a way for our tech support guys to access customer's email without having shell access to the server, or knowing the customer's password. We'd like to install a custom webmail client on our private internal LAN webserver that would only show the user's inbox and the ability to delete the messages (couldn't read messages, etc.). The problem is that we would have to know the user's password in order for my PHP script to go out and fetch the mail. Is there a way I can setup and/or patch one of the POP3 clients (of course I would firewall this and do an SSH tunnel with the pop3d running on localhost only on the mail server, so I would keep things secure) so that it could be given any random password and would authenticate? Or is this some kind of patch I would need to write? Maybe a better option would be to write a custom client/server interface via ssh to interact with the mail spool (possibly calling mail over ssh remotely, with public/private key authentication and sudo access to mail for the remote account) Any ideas? Thanks, Matt PS: I can admit that I originally posted this to the dovecot mailing list, but am now seeing it might be a system-related issue vs. a pop3 daemon issue. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where is the memory
In top, if you type in u it will prompt you for an account which you can monitor the processes and mem. Of course, this will not work for apps that are opened under different credentials. On 7/4/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, How can I track where/who is using the system memory? I have a 2GB (RAM) system running Freebsd 5.4, basically as a mail gateway. After a few hours up, TOP shows me about 300MB of free memory. No swap yet. But the sum of RSS column of ps axum, gives me about 600MB used. I know that kernel allocated memory doesn´t show in ps, but I think it´s not using 1.4GB. The head of top is like this: last pid: 7323; load averages: 1.49, 1.11, 1.30 up 4+05:57:30 19:01:05 184 processes: 1 running, 183 sleeping CPU states: 16.7% user, 0.0% nice, 3.5% system, 0.6% interrupt, 79.3% idle Mem: 333M Active, 1218M Inact, 157M Wired, 42M Cache, 112M Buf, 256M Free Swap: 8192M Total, 8192M Free Also, why there is a difference between free memory reported by top and vmstat? Could it have some memory leak? Is there any report of it in freebsd 5.x? Thank you, - Marcelo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: autoblocking many ssh failed logins from the same IP....
Below (and atached) is a script I wrote do exactly what you are talking about. It's commented, so edit to your taste. I have been using to for about 4 months. Since I am using PF as my firewall, it is customized for that. If you are using something other then PF, again... edit to your taste. -Erik- #!/usr/bin/perl # created by [EMAIL PROTECTED] 03/05 my $time=localtime(); use strict; use Time::localtime; use Mail::Send; my $hostname=domain.orIP.com; #The white list that contains either the account or host. my $whilelist=/home/user/scripts/sshwhitelist; #LOG to search on my $logfile=/var/log/auth.log; #Where to read the current list of blackhole address. my $blacklist=/etc/pf.blackholes; #Name of the table in your pf.conf my $tablename=blackhole; #Where to store the cache file. This is removed and updated daily my $cache=/root/.sshprotect.cache; #Where to log actions taken. my $log=/root/sshprotect.log; #Command you want to run in response of a potential attack. my $command=whois; my $useip=1; #useful in conjunction with $command which will do something with the IP. #comment out if not needed. #Max attempts a host can have until blocked. my $attempts=5; # Set this to run the $command or print a report or email the report, # also update will update the $blacklist and reload the blackholes table. # abuse will try to find and email the offending network about the attack # These can be combind to run all actions: #my $action=run print; #my $action=print; my $action=email run update abuse; #my $action=print email update; #my $action=print email; #Email setup; my $to=[EMAIL PROTECTED]; my $from=[EMAIL PROTECTED]; my $cc=; my $subject=Excesssive login attempts; my $debug=0; my $host; my @logs; my @whtlst; my %track; my @blacklist; my $block=1; my @abuse; my @cache; my $currentcache; my @runoutput; my $version=1.2.1beta; print Version: $version\n if $debug; #find todays datemask use vars qw($yr $mon $day $today $mday); $yr=localtime-year() + 1900; $mon=localtime-mon() + 1; $mday=localtime-mday(); if ($mon != /\d\d/) {$mon=0$mon;} if ($mday 10) {$mday=0$mday;} $today=$yr$mon$mday; print $today\n if $debug; #no Time::localtime; open (WRITELOG, $log) || die $log $!\n; open (BLACK,$blacklist) || die $blacklist $!\n; while (BLACK) { chomp; push (@blacklist, $_); } close BLACK; open (WHITE, $whilelist) || die $whilelist $!\n; while (WHITE) { chomp; push (@whtlst,$_); } close WHITE; open (READCACHE, $cache) || print $cache $!\n; while (READCACHE) { chomp; push (@cache, $_); } close READCACHE; open (WRITECACHE, $cache) || print $cache $!\n; if (@cache[0] $today) { close WRITECACHE; system (rm -f $cache); open (WRITECACHE, $cache) || print $cache $!\n; print Cache file is out of date @cache[0] $today\n if $debug; @cache=(); print WRITECACHE $today\n } open (LOG, $logfile) || die logfile $!; while (LOG) { chomp; if ( /Failed password for illegal user (.*) from (.*) port/ || /Failed password for (.*) from (.*) port/ || /Illegal user (.*) from (.*)/ || /Did not (receive) identification string from (.*)/ ) { my $account=$1; my $host=$2; ckwhtlst($account, $host); if ($block == 0 ) { next; } ckcache($host); if ($block == 0 ) { next; } ckblklst($host); if ($block == 0 ) { next; } $block=1; if ($track{$host}) { $track{$host}=$track{$host}+1; print $host is now $track{$host} user=$account\n if $debug; } else { $track{$host}=1; } } } close LOG; for my $host (%track) { if (!$host) {print Nothing Found\n; exit;} if ($track{$host} = $attempts) { push (@abuse,$host); ckcache($host); print WRITECACHE $host\n if !$block == 0; if ($action =~ /print/) { print Host $host, past $attempts attempted logins\n; } if ($action =~ /run/ $useip) { (@runoutput=`$command $host`); } if ($action =~ /run/ !$useip) { (@runoutput=`$command`); } if ($action =~ /update/) { update($host); } } } #Sends emails if ($action !~/email/) { exit; } elsif (@abuse) { send_email(@abuse); } if ($action !~/abuse/) { exit; } elsif (@abuse) { abuse_email(@abuse); } sub ckwhtlst { (my $account, my $host)[EMAIL PROTECTED]; foreach (@whtlst) { if (!/$account|$host/) { $block=1; return; } else { print $host or $account is on the while list.\n if $debug; $block=0; return; } } } sub ckblklst { my [EMAIL PROTECTED]; foreach (@blacklist) { if (/$host/) { print $host $_ is already blacklisted\n if $debug; $block=0; return; } else { $block=1; } #print $host is NOT blacklisted\n if $debug; } } } sub ckcache { my [EMAIL PROTECTED]; if ([EMAIL PROTECTED]) { $block=1; return;} foreach (@cache) { if (/$host/) { $block=0; print $host is already cached\n if $debug; return; } else { $block=1; } #print $host is not found in cache\n if $debug; } } } sub update { open (OUT,
Re: running derive6 in wine
I have not used this app, but looking at their web site, the app feels very ActiveX'ish. It requires IE and I'm sure it 3D modeling relies on ActiveX. I don't think wine support ActiveX stuff. On 6/28/05, P.U.Kruppa [EMAIL PROTECTED] wrote: Hi! Does anyone have any experience with running the Computer Algebra System derive6 in wine? I downloaded two missing .dlls and get the application started. Calculations on the algebra sheet can be done, but as soon as I try to open a graphics window derive6 will freeze. I'am running this on 5.4 -STABLE and run wine right out of the box, i.e. didn't set any special configurations yet. Please mind: This is not a very serious problem and of course I know about maxima, mupad and yacas, which do fine work. Thanks though for your answers, Uli. * * Peter Ulrich Kruppa - Wuppertal - Germany * * ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Possibly silly question. . .
I found it here: http://www.freebsd.org/cgi/ports.cgi?query=Kopetestype=allrelease=4.10-RELEASE%2Fi386 Its for an older release, so I *would* think it will worked. Let me know if it does. On 6/28/05, Bryan Maynard [EMAIL PROTECTED] wrote: Hey all, I was just looking through the ports collection to portinstall Kopete, but I couldn't find it! I checked the spelling and capitalization to make sure I was entering my search correct, and I was. I know Kopete is availible - I've used it in a previous install. It's just been a while since I tried to install it. My current install had to be very minimal, so I've been adding things as I need them. I know this is silly and I'm sorry. I'd really appreciate a little help jogging my memory, thanks! :-D Bryan P.S. I tried running kopete and Kopete from the Run Command dialog to see if I already had it installed but to no avail. I am running FreeBSD 5.4-STABLE #3: Fri Jun 17 12:58:02 UTC 2005 (according to uname) and KDE 3.4. -- Open Source: by the people, for the people. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Share Printers, Printing Long.
On 6/22/05, Rick Preston [EMAIL PROTECTED] wrote: On 6/22/05, Stephan Weaver [EMAIL PROTECTED] wrote: Hello, I have suscessfully installed my DSL MODEM Behind my FREEBSD Firewall. Ever Since i have done this, i noticed that my windows users, when trying to print to shared printers, it takes very long for them to access the printers. I have an empty ipf.rules and my ip nat rules looks like map vr0 192.168.0.0/24 - 0.0.0.0/32 proxy port ftp ftp/tcp map vr0 192.168.0.0/24 - 0.0.0.0/32 portmap tcp/udp 4:6 map vr0 192.168.0.0/24 - 0.0.0.0/32 my dhcp.conf looks like cat /usr/local/etc/dhcpd.conf option domain-name pizzaboys.org; option domain-name-servers 192.3.132.1, 196.3.132.4; default-lease-time 86400; max-lease-time 86400; authoritative; ddns-update-style none; log-facility local1; subnet 192.168.0.0 netmask 255.255.255.0 { range 192.168.0.100 192.168.0.200; option routers 192.168.0.2; } Any Assistance Please Are the shared printers in the 192.168.0/24 subnet? Are they connected to workstation that get their IP through DHCP? What are you using for workstation name resolution? What are you using for a port type on the windows machines, \\workstation\printer? is it DSL--firewall-- workstationsprinters? Looks to me like it is a name resolution thing. Your DNS servers are outside your subnet and probably doesn't know what is in your network. Yes, I would agree, if you are printing to shares, \\workstation\printer. You may need to run a WINS server. or create an lmhosts file on each box. Answer these questions and I can probably give you some ideas. Cheers, Rick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]