ACPI Warning: 32/64X FACS address mismatch in FADT

[J.D. Bronson]

I have an INTEL DP43TF motherboad with an Intel Core 2 Quad. (non-HTT)
When I boot up Freebsd 8.1 I see a message like this:

ACPI Warning: 32/64X FACS address mismatch in FADT..(blah)..using 32

I cant determine if this is OK and a cosmetic type of message or 
something more serious to question.


Google turned up several hits but nothing explains what this is and/or 
the importance of it.


Thanks,


--
J.D. Bronson
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Backing up freebsd to 1 file?

[J.D. Bronson]

I have a freebsd 8.0 install and was wondering if it is possible to tar 
up the entire install...for backup purposes.


# cd /
# tar -cvf backup.tar {list of directories}

then I can ftp the tar file out to another machine.

This works in theory, but if I need to do a restore tar complains
on 'tar -xpf backup.tar'.

Under OpenBSD, this works as expected. It has given me an easy way
to backup/move/restore or anything I want to do w/o complaining.

I am running Freebsd on a machine that has no other drives/tapes or 
anything so my options for backup are limited.


All I am trying to do is get a complete image (or snapshot) of my entire 
install on this machine and then if I needed to reload or reinstall, I 
could do a bare bones freebsd install, copy over the tar'd up file and 
extract it from within / and then reboot an I would be go to go.


Thoughts on this would be appreciated...



--
J.D. Bronson
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Backing up freebsd to 1 file?

[J.D. Bronson]

 be created by the time your system boots on.


Nice answer by Sergio, but I personally would use the j option with tar
to compress to bzip2;

3) tar --one-file-system -cvjf /mnt/backup.tbz ./ var usr home

Though I prefer personally to use dump/restore because:

- If you're on UFS, you don't have to single-user the system, just use
the L option (live filesystem)
- Restore has an awesome 'interactive' mode
- See Zwicky [1]

I'll send you my dump scripts if you're interested. It's dead easy to use!

Chris

[1] http://www.coredumps.de/doc/dump/zwicky/testdump.doc.html

.



I think Sergio has a nice script. I had been doing something similar but 
I know I recall when untarring  (restoring if you will) it was 
complaining about not being able to do things. It was not sockets and 
similar stuff that gets rebuilt on reboot. I do not have failures handy 
to post (yet).


Truth be told? - I am running FreeBSD hosts within ESXi. I can backup 
the hosts within ESXi but need to take the host offline and its a 
cumbersome ordeal. If I had RAID on ESXi, I wouldn't be so worried per 
se but this is not an option. ESXi is very fussy about what is supported 
and I dont have the $ for SCSI and SCSI Raid.


Basically what I need to do is create a fully restorable backup for 2 
reasons:


1. Easy to create another host on ESXi. I can setup/flavor my fbsd 
install and then once thats done, setup another host.


2. Obvious backup reasons.

...right now, if the SATA drive fails that is hosting the fbsd install I 
am dead in the water. I have 5 hosts on this machine spread across 4 
SATA drives but nothing is mirrored or RAIDed in anyway.


I am at the mercy of these drives w/o any backup-




--
J.D. Bronson
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Backing up freebsd to 1 file?

[J.D. Bronson]

On 4/18/10 10:39 AM, Warren Block wrote:

If you don't have any other drives, where will the backup file be stored
so it survives a system failure or reinstall?


Thoughts on this would be appreciated...


dump/restore is the standard safe way; you can send it over ssh to back
up to a file on another machine.  Sometimes people use dd, which can be
effective if you use some tricks like filling unused space with zero so
compression is effective.

There's another option.  I've mentioned clonezilla.org here before as a
way to back up Windows systems; it's fast and only copies used sectors.


I would sftp/scp the file over to another unix (or windows via samba) 
machine I have. Then burn the resulting file to DVD RW media.




--
J.D. Bronson
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: vi editing

[J.D. Bronson]

preface each line:

:%s/^/new word /g

--
J.D. Bronson
Information Technology
Aurora Health Care - Milwaukee WI
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Blocking a slow-burning SSH bruteforce

[J.D. Bronson]

On 1/1/10 8:56 AM, David Rawling wrote:

I tend to think there's not much I can do about this, but I'll ask anyway.

I've implemented sshguard to block the normal bruteforce attacks - which
seems to be working reasonably well.

However now I have the following:

Jan  1 17:42:52 timeserver sshd[1755]: error: PAM: authentication error
for illegal user but from 190.146.246.36
Jan  1 17:55:09 timeserver sshd[1788]: error: PAM: authentication error
for illegal user byung from 212.243.41.9
Jan  1 18:07:38 timeserver sshd[1809]: error: PAM: authentication error
for illegal user cac from 148.233.140.193
Jan  1 18:20:06 timeserver sshd[1832]: error: PAM: authentication error
for illegal user cachou from 121.52.215.180
Jan  1 18:32:21 timeserver sshd[1851]: error: PAM: authentication error
for illegal user calla from 212.243.41.9
Jan  1 18:44:35 timeserver sshd[1884]: error: PAM: authentication error
for illegal user calube from 83.211.160.211
Jan  1 19:09:12 timeserver sshd[1923]: error: PAM: authentication error
for illegal user cancy from 194.51.12.238
Jan  1 19:21:35 timeserver sshd[1946]: error: PAM: authentication error
for illegal user candice from 82.106.226.77
Jan  1 19:46:12 timeserver sshd[1997]: error: PAM: authentication error
for illegal user candyw from 116.55.226.131

Now this seems to me to be a dictionary attack on timeserver, and I'd
guess that it's a botnet behind it. It's rather sophisticated since it's
only attempting 1 user and password combination per source - so it's far
too little to trigger the sshguard rules. Even if it did trigger, it
wouldn't prevent the attacks.

Apart from switching away from user authentication to private/public
keys ... is there anything I can do to mitigate these attacks? Any
advice welcome.

Dave.

--


Few options I can think of in random order...I use #1:

1. Run SSH on an obscure port. Seriously, thats one of the easiest 
things to do. Since I have done that, I have had ZERO attempts and it 
works perfectly as long as users know the odd port. In fact, I dont know 
anyone in our IT circle of friends that runs SSH on port 22.


2. Consider controlling/limiting access via 'pf' if your running 'pf'.

Of course with your examples coming from all different IPs, thats not 
likely gonna help much.


3. Just ignore it - they aren't getting in...similar to spammers being 
rejected by RBLsits traffic, but cant be a whole lot.


4. Limit login time window too...I run a very narrow window of time to 
login and a LOW number of attempted logins per session.


-JD



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Blocking a slow-burning SSH bruteforce

[J.D. Bronson]

On 1/1/10 9:19 AM, David Rawling wrote:

Darn.

1 is out because 22 is the one port that most organisations (including
mine) allow out of their networks for administering routers.

2 is unfortunately not an option (as a consultant I do work from many
networks)

4 - again I might have to log in any time ...

3 seems the best approach.

Thanks for your thoughts, it's good to get second opinions.

Dave.


I understand using/needing port 22 opened...but what another widely used 
port..like for Citrix (sp?) or something? - most firewalls have those 
ports open.


As far as controlling login time and access, I meant something like this:

# Authentication:
LoginGraceTime 1m
MaxAuthTries 2

# Allow staff access and users no access
AllowGroups staff



--
J.D. Bronson
Information Technology
Aurora Health Care - Milwaukee WI
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Virtualbox and bridged interface.

[J.D. Bronson]

Just a shot in the dark here...

MAC Authentication?

I was running FREEBSD inside virtualbox on a macbook
and was using 'bridged' networking.

If I didnt list the 'fake' mac address in the FREEBSD virtual
inside my Access point - I was going nowhere.

Took me awhile to figure out why I wasnt going anywhere...

--
J.D. Bronson
Information Technology
Aurora Health Care - Milwaukee WI
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: fdisk/bsdlabel/disklabel: Class not found?

[J.D. Bronson]

bsdlabel: Class not found
re-edit the label? [y]:

You cant edit it. You can only say N and it exits w/o
saving any changes.

This is very annoying, because you cannot do anything with the label 
unlike the old days..


I had to mount an older drive and then I was able to edit the bsdlabel
on the 8.0 drive as it was not 'online' -

--
J.D. Bronson
Information Technology
Aurora Health Care - Milwaukee WI
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: geometry does not match label (255h,63s != 16h,63s)

[J.D. Bronson]

I see this too. I even went so far as to edit the labels
and start again and then I got the opposite:

geometry does not match label (16h,63s != 255h,63s)

..so I gave up. Google didnt turn anything up but I dont
see this on FreeBSD 7.x at all. Only 8

So far, it has not been any issue from what I can tell
and only apparent (for me) when gmirror is setup.

--
J.D. Bronson
Information Technology
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: geometry does not match label (255h,63s != 16h,63s)

[J.D. Bronson]

What if we tried a custom kernel and removed these lines:

options GEOM_PART_GPT   # GUID Partition Tables.
options GEOM_LABEL  # Provides labelization

I think that might remove these 'errors'.

--
J.D. Bronson
Information Technology
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: geometry does not match label (255h,63s != 16h,63s)

[J.D. Bronson]

Well then so much for my idea of removing those options from the kernel.
Darn.

Well if they have 'been' there since earlier FreeBSD
I wonder why we never saw them until 8.x now ?
There must be some reason...

They do not appear to be anything but cosmetic but still
annoying and worrisome for people like us.

I suppose the next thing would be to find the offending code
and comment it out...

:-)


--
J.D. Bronson
Information Technology
Aurora Health Care - Milwaukee WI
Office: 414.978.8282 // Fax: 414.978.3988
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: dump/restore don't work, handbook lies

[J.D. Bronson]

At 02:49 AM 9/1/2008 +0100, RW wrote:

 dump -C 32 -0Lf - / | ( cd /mnta ; restore xf - )

One minor caveat: dumping a live filesystem require dump to take a
snapshot, which in turn require soft-updates to be turned-on. The
default in sysinstall is to enable it for everything but the root
partition.


I always enable soft-updates on all partitions during install or 
anytime a drive is replaced :-)


/dev/ad0s1a on / (ufs, local, soft-updates)
devfs on /dev (devfs, local)
/dev/ad0s1d on /usr (ufs, local, soft-updates)
/dev/ad0s1e on /var (ufs, local, soft-updates)
/dev/ad0s1f on /home (ufs, local, soft-updates)
/dev/ad0s1g on /staff (ufs, local, soft-updates)
/dev/ad0s1h on /users (ufs, local, soft-updates)

-JD

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: dump/restore don't work, handbook lies

[J.D. Bronson]

At 05:03 PM 8/31/2008 -0600, Lloyd M Caldwell wrote:

Hello,

this all on a 7.0 freebsd system.

Dump/Restore do NOT work as indicated in the handbook (or man 
pages). It would be better to remove information from the handbook 
rather then have information that doesn't work.


Are you trying to resize the same disc or migrate to a NEW disk?

Migrating to a new (larger) disc is trivial, at least in my experience.
(I have never tried to resize any partitions though on a same disc, 
since new hard drives are cheap enough)


Here is what I do to migrate to a totally new disc:

Shutdown and install 2nd DRIVE
boot machine...
run sysinstall on the 2nd DRIVE (slice/dice/and setup MBR)

then I run a small script like this:
(Some presumptions are made ahead of time here)

#!/bin/sh

newfs /dev/ad2s1a
newfs /dev/ad2s1d
newfs /dev/ad2s1e
newfs /dev/ad2s1f
newfs /dev/ad2s1g
newfs /dev/ad2s1h
sleep 4
tunefs -n enable /dev/ad2s1a
tunefs -n enable /dev/ad2s1d
tunefs -n enable /dev/ad2s1e
tunefs -n enable /dev/ad2s1f
tunefs -n enable /dev/ad2s1g
tunefs -n enable /dev/ad2s1h
sleep 4
mount /dev/ad2s1a /mnta
mount /dev/ad2s1d /mntd
mount /dev/ad2s1e /mnte
mount /dev/ad2s1f /mntf
mount /dev/ad2s1g /mntg
mount /dev/ad2s1h /mnth

dump -C 32 -0Lf - / | ( cd /mnta ; restore xf - )
dump -C 32 -0Lf - /usr | ( cd /mntd ; restore xf - )
dump -C 32 -0Lf - /var | ( cd /mnte ; restore xf - )
dump -C 32 -0Lf - /home | ( cd /mntf ; restore xf - )
dump -C 32 -0Lf - /staff | ( cd /mntg ; restore xf - )
dump -C 32 -0Lf - /users | ( cd /mnth ; restore xf - )

umount /mnt*


Then shut down.
Place the 2nd drive in the 1st slot and turn it back on.

Maybe there is a better or simpler way, but I have been doing this for years
and never had any issues.

YMMV

-JD 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

error on console on startup?

[J.D. Bronson]

Jul 27 06:18:06 router kernel: Starting devd.
Jul 27 06:18:07 router kernel: hw.acpi.cpu.cx_lowest:
Jul 27 06:18:07 router kernel: C1
Jul 27 06:18:07 router kernel:
Jul 27 06:18:07 router kernel: sysctl:
Jul 27 06:18:07 router kernel: hw.acpi.cpu.cx_lowest
Jul 27 06:18:07 router kernel: :
Jul 27 06:18:07 router kernel: Invalid argument
Jul 27 06:18:07 router kernel: Additional TCP options:
Jul 27 06:18:07 router kernel: .

Can someone point me to what might be causing this 'invalid' argument?
This is on a Pentium3 machine...

sysctl -a | grep cx
hw.acpi.cpu.cx_lowest: C1
dev.cpu.0.cx_supported: C1/0
dev.cpu.0.cx_lowest: C1
dev.cpu.0.cx_usage: 100.00%

-JD

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: make buildworld fails on 6.2-STABLE

[J.D. Bronson]

so I deleted /usr/src
redownloaded from a different mirror and tried
make buildworld again...

It still failed -but this time at a different point:


mkdep -f .depend -a-DIN_GCC -DHAVE_CONFIG_H -DPREFIX=\/usr\ 
-I/usr/obj/usr/src/gnu/usr.bin/cc/cc/../cc_tools 
-I/usr/src/gnu/usr.bin/cc/cc/../cc_tools 
-I/usr/src/gnu/usr.bin/cc/cc/../../../../contrib/gcc 
-I/usr/src/gnu/usr.bin/cc/cc/../../../../contrib/gcc/config 
-DDEFAULT_TARGET_VERSION=\3.4.6\ -DDEFAULT_TARGET_MACHINE=\\ 
/usr/src/gnu/usr.bin/cc/cc/../../../../contrib/gcc/gcc.c 
/usr/src/gnu/usr.bin/cc/cc/../../../../contrib/gcc/gccspec.c
echo cc: /usr/obj/usr/src/tmp/usr/lib/libc.a 
/usr/obj/usr/src/gnu/usr.bin/cc/cc/../cc_int/libcc_int.a  .depend

=== gnu/usr.bin/cc/cc1 (depend)
sed -e /^@@ifobjc.*/,/^@@end_ifobjc.*/d  -e /^@@ifc.*/d -e 
/^@@end_ifc.*/d 
/usr/src/gnu/usr.bin/cc/cc1/../../../../contrib/gcc/c-parse.in  c-parse.y

yacc -d c-parse.y
yacc: e - line 1811 of c-parse.y, syntax error
{ if ($1 == error_}ark_node)
   ^
*** Error code 1

Stop in /usr/src/gnu/usr.bin/cc/cc1.
*** Error code 1

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: make buildworld fails on 6.2-STABLE

[J.D. Bronson]

At 09:16 AM 07/26/2007, Heiko Wundram (Beenic) wrote:

Am Donnerstag 26 Juli 2007 15:54:36 schrieb J.D. Bronson:
 internal compiler error: Segmentation fault: 11
 Please submit a full bug report,
 with preprocessed source if appropriate.
 See URL:http://gcc.gnu.org/bugs.html for instructions.

Most probably a (physical) memory error.

As the message says, this has pretty much nothing to do with the upping of
world, but is an internal compiler error, which I've only seen on
development snapshots of gcc (improbable that these are distributed with
STABLE), or flaky memory (which is much more likely the cause).

--


thanks - ironically I have never had ANY issue building world on this 
machine until today. I have deleted /usr/src and re cvs'd from a diff 
mirror as a test.


-JD 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

make buildworld fails on 6.2-STABLE

[J.D. Bronson]

Can someone help me with this?
I cvs'd up this am to 6.2-STABLE and now buildworld fails..


In file included from 
/usr/src/gnu/lib/libstdc++/../../../contrib/libstdc++/include/bits/locale_facets.h:2963,

 from /usr/obj/usr/src/tmp/usr/include/c++/3.4/locale:46,
 from 
/usr/src/gnu/lib/libstdc++/../../../contrib/libstdc++/config/locale/generic/collate_members.cc:36:
/usr/obj/usr/src/tmp/usr/include/c++/3.4/bits/time_members.h:62: 
internal compiler error: Segmentation fault: 11

Please submit a full bug report,
with preprocessed source if appropriate.
See URL:http://gcc.gnu.org/bugs.html for instructions.
*** Error code 1

Stop in /usr/src/gnu/lib/libstdc++.
*** Error code 1

Stop in /usr/src/gnu/lib.
*** Error code 1

Stop in /usr/src.
*** Error code 1





--
J.D. Bronson
Telecommunications Site Support
Aurora West Allis Memorial Hospital
Office: 414.978.8282 Fax: 414.977.5299

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: pf and keep/modulate state on 6.2

[J.D. Bronson]

At 04:40 PM 7/25/2007 -0700, Drew Tomlinson wrote:
Excuse me for butting in.  This has been discussed on the pf 
list.  A search of the archives will find you the details but 
basically 4.1 and FBSD 6 won't work together as I understand 
it.  Major changes are required.  However work has been done in 
CURRENT and is undergoing testing now but will not be back ported to 
STABLE because of the major changes.


HTH,

Drew


Thanks for the heads up. I am not on the 'pf' list - but for 
firewalling, we only use OpenBSD now...freebsd we still use for 
servers and stuff but I really prefer something thats current.


:-)

-JD 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Intel PWLA8391GT NIC...does it work?

[J.D. Bronson]

At 09:50 AM 07/17/2007, Modulok wrote:

For anyone who has this NIC...

Is the Intel PWLA8391GT network interface card supported on 6.1
Release? I read the hardware notes section and it didn't mention it. I
also read the man page for the em(4) driver, it mentions some of the
other models, but not this one specifically. The only thing I could
find on google was the mention of it in a review on newegg.com, but
the guy never mentions what version of FreeBSD he's using, or what
driver the card uses. If anyone has this card...does it work and which
driver does it use...and any gotchas?


this looks like the Intel Pro 1000GT card?
if so, its supported by the 'em' driver
and I use it w/o any issues in 6.2

-JD 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

6.2-stable power management

[J.D. Bronson]

Is there any way to verify ALL power management is disabled?
I have totally disabled it in my BIOS and I have
totally disabled it in the hard drives...

Yet I keep hearing a drive spin down and then immediately back up
over and over (at times).

If I install a different OS on this same machine, this does not 
happen..so I am thinking something within 6.2-stable is doing this?


any thoughts or ideas?

-JD

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

device polling

[J.D. Bronson]

I added these to my kernel:

options HZ=1000
options DEVICE_POLLING

and then added this to /etc/sysctl.conf:
kern.polling.enable=1

I rebooted and sysctl does show polling enabled
and the nic's report it as well (bge):


bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
options=5bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,POLLING
media: Ethernet autoselect (100baseTX full-duplex)
status: active

bge1: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500
options=5bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,POLLING
media: Ethernet autoselect (100baseTX full-duplex)
status: active

Does this show its 'working'?
Is there any way to test or verify this?

Thanks :)

-JD

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ppp is broken???

[J.D. Bronson]

At 07:53 AM 05/07/2007, =?ISO-8859-2?Q?Nagy_L=E1szl=F3_Zsolt?= wrote:


disable iface-alias# Stop adding old IP address as alias when ppp
   # redials because line was lost. These old IPs
   # showed using  ifconfig -a   on tun0.

 iface clear   # Remove all previous IP address


I'll try this.

Post contents of your ppp.conf  and rc.conf files for review for why you
keep losing your connection.


ppp.conf:

papchap:
# set log Phase Chat LCP IPCP CCP tun command
set log phase tun command
set device PPPoE:rl0
set speed sync
set mru 1492
set mtu 1492
set ctsrts off
set dial
set login
enable lqr
add default HISADDR
# enable dns # I use my own DNS server (named)
enable tcpmssfixup
# non-default below (hack for pptpd)
set authname [EMAIL PROTECTED]
set authkey i_am_not_telling_this
nat enable yes
 nat port tcp 172.16.0.48:3389 51234



Specifying NAT in your ppp.conf is whats causing this.
If you add the 2 lines mentioned above, it should take care of this.

For people that DONT use NAT within ppp.conf (perhaps they use 
pf)..this is not an issue normally.


-JD







--
J.D. Bronson
Telecommunications Site Support
Aurora West Allis Memorial Hospital
Office: 414.978.8282 Fax: 414.977.5299
http://www.myspace.com/wrqz

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

pf message on dmesg

[J.D. Bronson]

pfr_detach_table: refcount = 0.


I am starting to see these at times.
What do they mean? - My pf is not overworked and I have added 
sufficient table entries:


set optimization aggressive
set state-policy if-bound
set timeout tcp.established 600
set timeout tcp.opening 30
set skip on lo0
set block-policy drop
set require-order yes

set limit { states 2, frags 1, src-nodes 2 }

-JD










--

J.D. Bronson

Telecommunications Site Support

Aurora West Allis Memorial Hospital

Office: 414.978.8282 Fax: 414.977.5299

http://www.myspace.com/wrqz

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

dhcp/update of A records on Bind

[J.D. Bronson]

Ok...I have DHCP on fxp0 to my ISP (cable)
and I have a public DNS server (static IP) off site.

I want to be able to update my own public DNS server A records
if/when my DHCP IP changes.

I am familar with nsupdate and I have used TSIG in the past to do this.
Does FBSD 6.2-stable offer any EASY way of doing this via DHCP?

Can dhclient kick something off perhaps?

I have a shell script but looking for a cleaner easier more concise way.
I am sure dhclient knows when the IP changes at least :)

thanks in advance.

-JD

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

ipfilter and DHCP

[J.D. Bronson]

Ok...what do you guys do to handle a change of IP/network via DHCP 
with ipfilter?


I have been told that if my IP changes while the machine is up and 
running that ipfilter WON'T see this change and needs to be 
told...supposedly it only reads the IP when it starts itself.


If this is true, is there any easy way to fix this?
I run ipcheck.py and that can invoke a script if needed if it notices 
and IP changed


ipnat.conf:
map bge1 192.43.82.0/24 - 0/32 proxy port ftp ftp/tcp
map bge1 192.43.82.0/24 - 0/32 portmap tcp/udp auto
map bge1 192.43.82.0/24 - 0/32

rdr bge1 0.0.0.0/0 port 25 - 192.43.82.170 port 25


I presume if it reads the IP and fills in the '0/32' + '0.0.0.0/0' 
values at startup...having my IP change could be disasterous.


thanks for any tips-

-JD

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

ip fast forward on 6.2

[J.D. Bronson]

Is it proper to enable 'ip fastforwarding' on 6.2 when running pf ?
I am attached to a cable modem (10MB speed) and only use DHCP.

I have a 6.2 machine thats being used as a router and of course ip 
forwarding is enabled...but when I try to enable ip fastfowarding, I 
see throughput drop or surge up/down whereas without this enabled, 
throughput is higher and more consistent.


I have to use both or forwarding of packets doesnt work.

Anyone have any comments on this good/bad?

-JD

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ssh login as root

[J.D. Bronson]

At 06:43 PM 3/10/2007 +0200, you wrote:

Hi.
Actually I would prefer to do it via su.
Here a really newbie question:
1) How do I join regular user to 'wheel' group ?
2) How do I join a user to some group 'some_group' ?.
Which manpage to read ?

Thanks,
Dima.


Easiest way?

vi /etc/group

man group


-JD 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

dhclient.conf + resolv.conf

[J.D. Bronson]

I am trying to have dhclient setup my resolv.conf perfect.
I am very close.

I have this in dhclient.conf:

-
interface bge1 {
supersede domain-name wixb.com;
prepend domain-name-servers 192.l68.1.1;
request subnet-mask, broadcast-address, routers, domain-name-servers;
 }
-
What this is giving me is this:

search wixb.com
nameserver 192.168.1.1
nameserver 24.94.163.100
nameserver 24.94.163.101

What I would like to do is change the 'search' to 'domain' and cant 
figure out what I am missing?


-JD

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: pfctl: DIOCSETSTATUSIF

[J.D. Bronson]

At 12:51 AM 3/1/2007 +0100, Daniel Gerzo wrote:

Hello pf,

I'm having the following problem:

db2# pfctl -f /etc/pf.conf
No ALTQ support in kernel
ALTQ related functions disabled
pfctl: DIOCSETSTATUSIF
Exit 1
db2# uname -srm
FreeBSD 7.0-CURRENT #0: Wed Feb 28 23:47:39 CET 2007 amd64

pf related items in kernel:

device  pf
device  pflog

--
Best regards,



any chance you have this in pf.conf:
set loginterface tun0

and tun0 isnt up yet?

DIOCSETSTATUSIF generally means that pfctl is trying to operate on a 
non-existant interface


-JD 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

.lesshst

[J.D. Bronson]

I have noticed since I installed 6.2, that anyone that uses csh has 
these files created in their ~home dir.


Even root.

Anyone have a .profile/.cshrc/.login that can shut this off?





--
J.D. Bronson
Telecommunications Site Support
Aurora West Allis Memorial Hospital
Office: 414.978.8282 Fax: 414.977.5299
Microsoft Gives you Windows || Unix Gives you a home

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: named not starting during boot

[J.D. Bronson]

At 09:23 AM 02/27/2007, Noah Garrett Wallach wrote:



Wojciech Puchar wrote:

named is not starting when I reboot a FreeBSD 6.2 server and I cant


figure

out why.
there are no error mesasges in /var/log/messages during the boot


process.


even when I manually start there are no error messages.

# grep named /etc/rc.conf
named_enable=YES
# pkg_info | grep bind
bind9-9.3.4 Completely new version of the BIND DNS suite with


updated


why you are installing bind from ports - there is bind9 in base 
system. and it's controlled with named_enable.




because there are security exploits and keeping upto date version is 
important to me.

http://www.isc.org/index.pl?/sw/bind/bind-security.php


I actually rolled my own version of Bind (9.4.0) and have it working 
perfectly and starting under rc.conf


(I had to edit /etc/rc.d/named though)

-JD 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

pf.conf and cable modem

[J.D. Bronson]

I am converting from DSL to RoadRunner this week and wondering if 
there is anything special I need to do to my pf.conf for passing DHCP 
into my NIC?


From what I can tell...the NIC comes up *then* pf comes up.
But if I dont permit the periodic DHCP stuff in, I am wondering if 
that will cause an issue.


I think if I just permit everything OUT my NIC hooked up to RR I will 
be ok...but wanted to ask the group:


pass out quick on $ext_if from ($ext_if) to any keep state

-JD

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: pf and keep/modulate state on 6.2

[J.D. Bronson]

At 02:52 AM 02/26/2007, you wrote:

Wow, this fixed my FTP-over-DSL-to-6.2 problem too. With modulate
state, I was getting ~30K/sec. With just keep state, I'm now getting
more like what my connection is capable of. This is between two 6.2
hosts on opposite sides of the Atlantic.

Ted, I use pf because I like the format of the configuration file, I
like the logging and pftop, and like how it's harder to lock yourself
out of a remote machine by accident :)

/JMS


I use pf since its newer (I think?) and I came from openbsd..pf just 
works and the config file is nice and sweet.


I had thought that modulate state would put a load on my proc, but 
sheesh, its a p4-3.06 - thats more than robust for a router.


I wonder if we should file a bug on this?

I am glad my post helped here. I still use modulate state for any 
INCOMING connections though (www/smtp/etc).


-JD 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: configuring console on 6.2

[J.D. Bronson]

At 01:55 PM 2/26/2007 -0800, Noah wrote:

running 6.2

I am trying to get the console DB9 port to work.  I want to be able 
to log in via the DB9 port and alos I want console messages to 
continue to output to the VGA card as well.


Adding the following:

echo 'console=comconsole'  /boot/loader.conf

stops the dumping of console messages to the VGA during boot.


What changes do I need to make to make that happen?


http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/serialconsole-setup.html

the manual/handbook is a great thing.

-JD 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

pf and keep/modulate state on 6.2

[J.D. Bronson]

I was noticing sporadic FTP transfers DOWN to my fbsd 6.2 machine 
over my DSL line...it would go/pause/go/pause - just a bit, but 
overall slowed the transfers down quite a bit.


I looked at my pf.conf file and changed MODULATE state to KEEP state
in all places and my issues went awayfast clean consistent downloads.

If I changed it back...the issues came back.

is this expected behavior? - the machine is a p4-3.06 with 1GB ram 
and hardly doing anything but PPPoE and pf with NAT.


Anyone have any comments they could share?

-JD

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: Making startup order static

[J.D. Bronson]

At 02:02 PM 9/10/2006, White Hat wrote:

--- Martin Werner [EMAIL PROTECTED] wrote:

 Hi,

 thought about using PROVIDE and REQUIRE keywords
 (see
 /usr/local/etc/rc.d/clamav-clamd.sh resp.
 clamav-freshclam.sh

 Maybe you might want to have a look into man rc or
 man rcorder

 Cheers,
   -Martin-

  FreeBSD 6.1
 
  I need to keep several programs starting in a
  particular order.

  clamav-clamd
  clamav-freshclam
  clamsmtpd
  saslauthd
  dovecot
  postfix
  fetchmail

  By default, they do not start in that order. I
have
  modified the rc.d files to force them to start in
  the
  order specified above.
 
  The problem is that every time I update these
  programs
  the rc.d startup file is modified which destroys
the
  changes I have made. This then requires me to
  recreate
  the modifications to force the start up order I
  require.
 
  Is there anyway I can achieve this goal in a
  simplified manner? I thought perhaps there might
be
  something I could add to the /etc/rc.conf file;
  however, I have not discovered it.

Martin, I don't think that you understood what I
meant. Either that or I described it incorrectly.

I did modify the rc.d files using BEFORE: and
REQUIRE:. That works just fine. The problem is if one
of those files is updated, the rc.d file is
overwritten resulting in the loss of my customization.
I therefore have to manually edit those files again. I
was trying to find someway to circumvent that
procedure.



how about putting them in /usr/local/etc/rc.d
and then using a numeric to start them

001file.sh
002file.sh

or create a script with just one file.sh ?

-JD 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

ipfilter on 6.1

[J.D. Bronson]

I got a full load of 6.1p4 installed and all built. I have pppoe and 
ipfilter running almost perfect.


Clients can use the machine (as a router) and get out perfectly!
No issues with network performance at all. I am very pleased...until...

I found out that the router itself cant get out 100%.

My ipconfig is basically this:

bge0 - 10.43.82.174
alias 10.43.82.171 - for bind9 views
alias 10.43.82.51 - for bind9 views

bge1 - connected to dsl modem

well I cant even telnet from the machine to itself!
'destination unreachable'

DNS requests from the server itself (to itself - it runs bind) are 
unanswered yet it is able to fully answer requests from internal or 
external clients...just not itself!


If I use a public DNS server -or- use the IP of the machine I want to 
connect up to, the router is able to get out and uses the correct IP.


I used the same configs from solaris on here (ipf.conf and ipnat.conf)
and only needed to change sppp0 to tun0.

this should take care of anything the machine itself needs:

ipf.conf==
# Pass LAN traffic to/from bge0
pass in quick on bge0 all keep state keep frags
pass out quick on bge0 all keep state keep frags

# Pass traffic to WAN and keep state
pass out quick on tun0 proto tcp all flags S keep state keep frags
pass out quick on tun0 proto udp all keep state keep frags
pass out quick on tun0 proto icmp all keep state keep frags

==

I am totally baffled. Its like I am being blocked somehow but even 
with ipfilter WIDE open - traffic still wont pass.


I am wondering if this is some quirk with the interface 
aliases...although running the basic same setup on solaris - it works 
perfectly.



-JD

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ipfilter on 6.1

[J.D. Bronson]

At 03:40 PM 8/26/2006, Giorgos Keramidas wrote:


Don't show us the ipf.conf file you are using, but the output of:

% ipfstat -hni
% ipfstat -hno

Then we can really know what rules you have loaded in IP Filter.



# ipfstat -hni
2 @1 pass in quick on bge0 all keep state keep frags

# ipfstat -hno
1 @1 pass out quick on bge0 all keep state keep frags
1 @2 pass out quick on tun0 proto tcp from any to any flags S/FSRPAU 
keep state keep frags

1 @3 pass out quick on tun0 proto udp from any to any keep state keep frags
0 @4 pass out quick on sppp0 proto icmp from any to any keep state keep frags


...they seem to match exactly.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ipfilter on 6.1

[J.D. Bronson]

At 04:05 PM 8/26/2006, J.D. Bronson wrote:


# ipfstat -hni
2 @1 pass in quick on bge0 all keep state keep frags

# ipfstat -hno
1 @1 pass out quick on bge0 all keep state keep frags
1 @2 pass out quick on tun0 proto tcp from any to any flags S/FSRPAU 
keep state keep frags

1 @3 pass out quick on tun0 proto udp from any to any keep state keep frags
0 @4 pass out quick on sppp0 proto icmp from any to any keep state keep frags


...they seem to match exactly.



ahh..so  I saw a typo aboveso I changed that from 'sppp0' to 
'tun0' but it make no differenceI thought I was onto something.


-JD 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ipfilter on 6.1

[J.D. Bronson]

At 05:07 PM 8/26/2006, Giorgos Keramidas wrote:

Weird.  This doesn't seem ot include *ANY* block rules at all.

Is this a standard 6.1 installation, or do you have local IP Filter
modifications (like, for instance, a modified 'default' rule which
blocks everything, instead of allowing everything)?


Yes and no.

I did build a kernel with BLOCK as a default...
but my IPF rules are pass it all with no specific blocking...

My next step was to try a kernel without the block, but I cant see 
how that should matter...since I 'am' allowing it out...?


-JD 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ipfilter on 6.1

[J.D. Bronson]

At 05:19 PM 8/26/2006, Giorgos Keramidas wrote:


You are implicitly blocking all traffic on the lo0 interface (by the
modified default policy to block all traffic, and missing an explicit
rule to allow lo0 traffic).

When a system tries to connect to itself, it uses lo0/127.0.0.1 and this
is not possible with your setup.

I hope this helps a bit,

-- Giorgos



Oh geezI cant believe I forgot lo0. HOW STUPID.
I will edit this and take another look at it.

once I have this working..I still want to figure out why pf was not happy.

Thanks for pointing this out guys...I feel foolish, but glad someone told me.

-JD


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ipfilter on 6.1

[J.D. Bronson]

At 06:37 PM 8/26/2006, Giorgos Keramidas wrote:

Cool!  If this is indeed the fix, let us know :)

If you also feel like it and you are not limited by contract or
other things, I'd be interested to see how you modified IP Filter
to make it use a block by default policy.

Regards,
Giorgos


This fixed it. WHEW!

Simply adding this to my own kernel:

options IPFILTER
options IPFILTER_LOG
options IPFILTER_DEFAULT_BLOCK



then:

# ipf -V

ipf: IP Filter: v4.1.8 (416)
Kernel: IP Filter: v4.1.8
Running: yes
Log Flags: 0 = none set
Default: block all, Logging: available
Active list: 0
Feature mask: 0xa


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ipfilter on 6.1

[J.D. Bronson]

Ok guys...now that I have ipfilter working...I need to run a few 
commands in /etc/ppp/ppp;linkup and cant figure out the syntax...



% cat /etc/ppp/ppp.linkup

# It is no longer necessary to re-add the default route here as our
MYADDR:

! sh -c /sbin/ipnat -CF -f /etc/ipnat.conf
! sh -c /sbin/ipf -F -f /etc/ipf.conf
! sh -c /sbin/ipf -Fa -f /etc/ipf.conf
! sh -c /sbin/ipf -y

...I also tried with !bg and that failed to.
whats the best way to get these commands to run once my ppp link is up?

thanks-

-JD

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ipfilter on 6.1

[J.D. Bronson]

At 07:59 PM 8/26/2006, you wrote:


I'd go for the simpler syntax of:

MYADDR:
 ! /sbin/ipf -y


well that didnt work either. what a pain. :(

tun0: Warning: /etc/ppp/ppp.linkup: ! /sbin/ipf -y: Invalid command


perhaps its time to write a script and simply reference the script 
from ppp.linkup


-JD 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

pf + ftp throughput

[J.D. Bronson]

given the following rules:

# Permit internal network to send packets through the firewall
pass in quick on $INT_IF from $INT_IF:network to any flags S/SA keep state

# Permit traffic from firewall to initiate connection to internal network:
pass out quick on $INT_IF from any to $INT_IF:network flags S/SA keep state

..I have noticed that if I use 'keep state' ftp rates are fine 
(machine to machine...not via ftp-proxy) but if I change this to 
'modulate state'

my ftp rates fall...

For example...moving a 50MB file:

'keep state' = 11-12MB/sec over 100MB-FDX
'modulate state = 6-7MB/sec over 100MB-FDX

..it took me a while to determine the culprit here - but I am curious 
as to why this is the case?


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: pf + ftp throughput

[J.D. Bronson]

At 02:10 PM 6/16/2006, Darrin Chandler wrote:

On Fri, Jun 16, 2006 at 01:59:01PM -0500, J.D. Bronson wrote:
 For example...moving a 50MB file:

 'keep state' = 11-12MB/sec over 100MB-FDX
 'modulate state = 6-7MB/sec over 100MB-FDX

 ..it took me a while to determine the culprit here - but I am curious
 as to why this is the case?

Since modulate state substitues its own high quality random sequence for
the TCP stream in both directions, a wimpy CPU or similar problem could
easily cause this, I think. Still, I'm surprised to see a 50% hit from
using modulate state.


Yes. I am too!
This is a P4-3.06 with 1GB ram...under almost no load...so I cant 
fault the CPU this time


-JD 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: pf + ftp throughput

[J.D. Bronson]

At 02:27 PM 6/16/2006, Darrin Chandler wrote:

The only two things that come to mind are 1) pf is using a really
complex and slow random source, or 2) something is going haywire with
the connection.

Have your tried tcpdump on either interface (not pflog) to see if
anything strange is going on (ACK storms, etc)? Just fishing at this
point...


Thanks. Well its on the same segment of the lan on a 3Com managed 
(and not busy) switch.


I am using S/SA and I thought that should help ACK issues

for a trial, I am going to fire up a drive loaded with OpenBSD 3.9 
and PF and see if there is anything better/worse with the same pf.conf file.


Something is amiss and unacceptable!

-JD





--
J.D. Bronson
Information Services
Telecommunications Site Support
Aurora West Allis Memorial Hospital
Office: 414.978.8282 Fax: 414.977.5299

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

ppp starts BEFORE syslogd

[J.D. Bronson]

Ummm...I would like to see what ppp is doing (in userland) and since 
it logs to /var/log/ppp.log under syslogd...since syslogd does not 
start BEFORE ppp...how can I make this possible?


rcorder /etc/rc.d/*

...
/etc/rc.d/ppp
/etc/rc.d/ipfw
/etc/rc.d/nsswitch
/etc/rc.d/ip6addrctl
/etc/rc.d/atm2
/etc/rc.d/pfsync
/etc/rc.d/pflog
/etc/rc.d/pf
/etc/rc.d/routing
/etc/rc.d/ip6fw
/etc/rc.d/network_ipv6
/etc/rc.d/mroute6d
/etc/rc.d/route6d
/etc/rc.d/mrouted
/etc/rc.d/routed
/etc/rc.d/NETWORKING
/etc/rc.d/devd
/etc/rc.d/ipsec
/etc/rc.d/mountcritremote
/etc/rc.d/devfs
/etc/rc.d/ipmon
/etc/rc.d/ramdisk-own
/etc/rc.d/newsyslog
/etc/rc.d/syslogd
...

See? - so nothing is logged to /var/log/ppp.log until AFTER syslogd is started.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

popa3d

[J.D. Bronson]

I noticed this when compiling the port of popa3d on 6.1:

/*
 * Locking method your system uses for user mailboxes.  It is important
 * that you set this correctly.
 *
 * *BSDs use flock(2), others typically use fcntl(2).
 */
#define LOCK_FCNTL  1
#define LOCK_FLOCK  0


..why are we using 'fcntl' when the messages saus for *BSDs use 'flock' ?

Anyone have any idea?

-JD

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: pop3 server recommendation (APOP/TLS)

[J.D. Bronson]

John wrote:

On Wed, Feb 15, 2006 at 06:08:10AM -0600, J.D. Bronson wrote:

I am looking for a recommendation for a pop3 server
that can do APOP and TLS on port 110.

Qpopper was a disaster and I am not interested in cyrus (and dealing 
with maildirs)...


Is there any other option?

Qpopper worked with some of the clients (like eudora) but then had 
issues with  Thunderbird or Pegasus..


What issues did you have? Has been working fine here with thunderbird
for a long time.


humm.

I can get APOP to workbut when I enable SSL I then see issues.
It seems to me that thunderbird tried some different auth than I was 
allowing. I dont recall as I tried so many different POP3 servers.


I will try it again someday and post more concrete answers.

I had trouble getting pegasus/eudora/thunderbird mail all to work with 
qpopper (APOP/TLS) over port 110.


-JD
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

pop3 server recommendation (APOP/TLS)

[J.D. Bronson]

I am looking for a recommendation for a pop3 server
that can do APOP and TLS on port 110.

Qpopper was a disaster and I am not interested in cyrus (and dealing 
with maildirs)...


Is there any other option?

Qpopper worked with some of the clients (like eudora) but then had 
issues with  Thunderbird or Pegasus..


Thanks,

-JD

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

qpopper/gdbm

[J.D. Bronson]

I am trying to compile qpopper (from src) and use APOP with the gdbm database.

gdbm was installed from ports and works fine.

I setup my env as such:

LDFLAGS=-L/usr/lib -L/usr/local/lib -R/usr/lib -R/usr/local/lib

and ldconfig shows gdbm:
# ldconfig -r | grep gdbm
86:-lgdbm.3 = /usr/local/lib/libgdbm.so.3

I ran ./configure --enable-apop
...
...
checking ndbm.h usability... yes
checking ndbm.h presence... yes
checking for ndbm.h... yes
checking gdbm.h usability... yes
checking gdbm.h presence... yes
checking for gdbm.h... yes
checking dbm.h usability... no
checking dbm.h presence... no
checking for dbm.h... no
checking for pam_authenticate in -lpam... yes
checking which database manager to use ... checking gdbm ... checking 
for gdbm_open in -lgdbm... yes

found gdbm

so configure detected this

but then when I ran 'make',
the build fails!

/usr/bin/gcc -c -I.. -I.. -I.  -I../mmangle -I../common   -O2 -pipe 
-mtune=pentium4 -idirafter /usr/local/include -freg-struct-return 
-DHAVE_CONFIG_H  -DFREEBSD -DUNIX popauth.c -o popauth.o
/usr/bin/gcc  -o popauth base64.o scram.o md5.o  hmac.o 
popauth.o  -lgdbm  ../common/libcommon.a

/usr/bin/ld: cannot find -lgdbm
*** Error code 1

Stop in /tmp/qpopper4.1a2/popper.
*** Error code 1


Can anyone point something out to me as to how to get ld to find 
-lgdbm when ldconfig and configure already picked it up?


-JD

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: pf and scrubbing bubbles

[J.D. Bronson]

At 02:31 PM 1/29/2006, Russell E. Meek wrote:

Chuck Swiger wrote:


J.D. Bronson wrote:



I am using this in my pf.conf (on 6.0) and was wondering if these settings
are appropriate.

While 'scrub' by itself is always recommended, I added a few more things
that seem to ought to be there?

I use this for all the NICs...WAN and LAN...
with the exception to remove filtering on loopback:

===
scrub all random-id reassemble tcp fragment reassemble
no scrub on lo0 all
===

anyone see any issues with this - especially since its on the WAN
and LAN NICs?



You're shifting a fair amount of workload onto the firewall by 
requiring it to

re-write all of the packets to change the IPID field; it would be highly
desirable to have NICs which can do hardware checksums.

There's a potential for DoS'ing the firewall if it does fragment reassembly,
modulo how well PF handles such fragmentation attacks.  If you 
permit Path MTU

discovery to function, blocking fragments entirely may be a more reasonable
approach than trying to reassemble them on the firewall.

(If you need to support older machines which don't do PMTUd, that 
may not be an

option for you, though...)



Chuck,

Here is really all that you need for your scrub rules.

==
scrub in on $ext_if no-df
scrub out on $ext_if random-id
==

Remember:

fragment-reassemble is default and does not need to be added.

You really do not need to scrub packets on your internal LAN 
interfaces as it will slow you down.


Here is a site for you which should offer a few tips and tricks.

https://www.solarflux.org/pf/pf-tips.php

Thanks,

Russell



I was actually the one that asked about this...not Chuck. But thanks 
for the insight...it was good reading.


-JD 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

pf and scrubbing bubbles

[J.D. Bronson]

I am using this in my pf.conf (on 6.0) and was wondering if these settings
are appropriate.

While 'scrub' by itself is always recommended, I added a few more things
that seem to ought to be there?

I use this for all the NICs...WAN and LAN...
with the exception to remove filtering on loopback:

===
scrub all random-id reassemble tcp fragment reassemble
no scrub on lo0 all
===


anyone see any issues with this - especially since its on the WAN
and LAN NICs?

things run fine, but I thought it wouldnt hurt to ask the group.

-JD

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

apache error

[J.D. Bronson]

I have apache2.2 and running http only for now.
All is running fine, but I noticed that once a page comes up..as soon
as I click a link, I see this in the 'access.log' file for apache:

www.wixb.com - - [28/Jan/2006:11:55:12 -0600] GET / 400 456
www.wixb.com - - [28/Jan/2006:11:55:13 -0600] GET / 400 456

this happens right after clicking ANY link whatsoever...but all the 
pages come up fine.


Any tips on trying to figure this out?

there is nothing in the error.log file...

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

slowness on 6.0 with apache2.2 (from src)

[J.D. Bronson]

I installed 6.0 and cvsup'd to the security fixes and rebuilt world.
All went well.

Then i installed apache2.2 from src (not ports) with a basic:

./configure --enable-so --enable-ssl

It installed and runs.

However, here is my issue:

My main web page has 1 image per se. However, it is comprised of 32 
little images...


What I am seeing is that each image comes down 1 by 1 SLOWLY and 
apache2.2 spawns tons of child processes!


Under OpenBSD/Solaris, I see a completely different thing...the image 
comes up instantly and apache only spawned 1 extra child.


I used the SAME config files on all 3 OSs and the same 
hardware/drives/etc. This by the way is all over my internal LAN...so 
it never hits the internet.


With all the variables being equal - but the OS.

Since things work excellent on OpenBSD/Solaris, what is it that 
freebsd is not doing (or doing differently)?


Any thoughts on this?

-JD

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

sendmail from src on 6.0

[J.D. Bronson]

I have a question about building sendmail from src on freebsd6.0..

What database options are available (by default) for me to use?
Is there any Berkeley on the full install and if so, does anyone have 
a site.config.m4 they can share?


I would prefer to use whatever is inherent to FBSD rather than 
installing BDB (new) if I dont have to. Postfix seems to link up to 
something when I build it (hash is available) - but I am unsure of 
where/what it's picking up.


Thanks :)

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Newbie Q: freeBSD vs openBSD

[J.D. Bronson]

At 08:14 AM 11/27/2005, Giorgos Keramidas wrote:

On 2005-11-27 11:55, Wojciech Puchar [EMAIL PROTECTED] wrote:
 Newbie for freeBSD. One question freeBSD vs openBSD...what's the
 difference...security...supportdevelopment stage...other pros 
 cons for each.

 People say that OpenBSD is the most secure.
 I say i would be as secure as it's system administrator.

 If we talk about performance, i agree with most people's opinion :)

Very, uhm, 'diplomatic' way to put it :P

To the original poster:
This is a question that pops up very frequently.  One of the most rational
responses that you will probably receive is something along the lines of:

``They both have strong and weak points.  They both have some good
and exciting features.  They both provide an extensive toolset
around a base UNIX core system, and a configurable, extensible,
documented way to install third-party software.  To see which one of
these two fits your needs, you'll probably have to try them both and
see how things work out.''

You can also search the archives of this list, as there are dozens of
threads around this topic and similar ones, i.e. NetBSD vs. FreeBSD
vs. OpenBSD vs. Linux vs. some other OS.


One thing that comes to mind...If you like to play and build custom 
kernels...then FreeBSD is for you. If you build a custom kernel under 
OpenBSD...don't dare ask for any help from anyone.


it seems the OpenBSD group doesn't actually like questions. You can 
get flamed for the best worded question. Under FreeBSD, the community 
is more open to ideas and people trying things.


In addition...some parts of the core of OpenBSD cannot easily be 
upgraded w/o issues. (Like openSSL for example)...and if you try and 
fail and ask for helpwell read above again !


Both OSs are fine. They are only as 'secure' as the admin makes them.
As far as performance and device support - see if your hardware 
item(s) is supported with one OS vs the other.


I chose FreeBSD since my hardware is better 'seen' by this OS and 
that this group is open to discussions - it seems sometimes,  we are 
encouraged to play with this OS


YMMV.

-JD


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: right place to load kld modules

[J.D. Bronson]

At 04:13 PM 11/27/2005, Wojciech Puchar wrote:

/etc/lkm.conf in NetBSD?


How about /etc/rc.local or create a script file to go in
/usr/local/etc/rc.d to do what you want?


rc.local starts after usbd, and module driver that is attached after 
inserting the device does not attach!


is it bug?



don't we load modules in /boot/loader.conf ?

Thats where I had to load that module for Apache 2.1-beta IIRC...




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Yesterday's -STABLE kernel corrupts LAN

[J.D. Bronson]

At 02:45 PM 11/26/2005, matt . wrote:

Wow I must be missing something here on a very basic, fundamental level.

I run FreeBSD-RELEASE on a production box.  I have my reservations but it
was the only release that supported my RAID controller, so I had no choice
(or buy a $300 raid card that was supported).  Anyway it works fine so far
(knock heavily and repeatedly on huge pieces of wood).

I've read the FreeBSD notes regarding the differences between STABLE,
CURRENT and RELEASE.  So uh, what is supposed to be run on a production
box?  In plain sight on the FreeBSD site it says Latest production release
which is 6.0-RELEASE...are we only supposed to run RELEASE on production
systems or are we supposed to run STABLE?  Seems to me it's
counter-intuitive to call something STABLE and not have it meant for
production.  My head hurts.

matt


I couldnt agree more with this comment. My head hurt after
trying to figure this out as well..

Yea. The information seems to contradict itself.
The only thing I have been able to 100% figure out is:

#*default release=cvs tag=RELENG_6_0
- release branch/security fixes only
Results in: 6.0-RELEASE

#*default release=cvs tag=RELENG_6
- 6.0 + changes will eventually be 6.1
Results in: 6.0-STABLE

It is perhaps a bit easier in OpenBSD land. -STABLE means only 
bugfixes and important patches. In FreeBSD - this seems not the case?


-JD


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

pf + NAT loopback

[J.D. Bronson]

I had all of this working with PPPoE + PF, but now i have a T-1
with several IPs all aliased off of the main.

pf is working finehowever, I now have lost NAT LOOPBACK.

What I need is a way to go from one LAN machine to the WAN and 
loopback to the other LAN machine.


Since this 'just works' with pppoe, how do I do it with pf?

simple pf.conf:

binat on $bge1 from 192.168.82.170 to any - 67.x.x.1
binat on $bge1 from 192.168.82.171 to any - 67.x.x.2
binat on $bge1 from 192.168.82.172 to any - 67.x.x.3
binat on $bge1 from 192.168.82.173 to any - 67.x.x.4
and so on.

I need to use 192.168.82.172 to go and connect to public
67.x.x.2

This results in an immediate connection refused. I see nothing in the 
pflog and I even tried pass out quick all.


So I dont think pf is technically blocking it -but

Why do I need this? - I run 2 external DNS servers (with views) and 
as such NS2 needs to talk to NS1 but using the WAN NAT loopbacks.


Help?





--
J.D. Bronson
Information Services
Aurora Health Care - Milwaukee, Wisconsin
Office: 414.978.8282 // Fax: 414.977.5299

-Taco Bell is *not* the Mexican Telephone Company-


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: Solaris patches and Solaris Express

[J.D. Bronson]

At 03:52 AM 11/17/2005, Ted Mittelstaedt wrote:

Hmmm,

   We run a lot of Solaris 8 and FreeBSD.  I find Solaris 8 pretty
much the same speed as FreeBSD for what we do.  However, one thing
is that we do not run X-windows on either our Solaris 8 or FreeBSD
systems, because they are servers and there is no need for it.

  I've generally not found trouble obtaining the patches for Solaris
I've needed, most of them are in the cluster patch, and the ones that
aren't yet are critical (such as the repaired ncsd program) are
available on the Internet on non-Sun-approved websites.

  The performance of Xorg/XFree86 vs Openwindows is greatly different
as you point out.  It is possible to compile Xorg on Solaris 8, at
least Solaris x86 - I've heard of people doing it but I've never
done it myself.

Ted


Indeed. But this is not Solaris 10 - thats when all of this changed.





--
J.D. Bronson
Information Services
Aurora Health Care - Milwaukee, Wisconsin
Office: 414.978.8282 // Fax: 414.977.5299

-Taco Bell is *not* the Mexican Telephone Company-

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

rcorder again..

[J.D. Bronson]

Well...I was surprised that no one replied. I was trying to figure 
out why ppp-user would start BEFORE pf fired up


It appears easy enough to change, but its untested:

Edit /etc/rc.d/ppp-user:

# $FreeBSD: src/etc/rc.d/ppp-user,v 1.7 2004/12/15 12:39:28 brian Exp $
#

# PROVIDE: ppp-user
# REQUIRE: netif isdnd pf --- add pf
# KEYWORD: nojail

=

Then rcorder shows things BETTER:

/etc/rc.d/netif
/etc/rc.d/pfsync
/etc/rc.d/pflog
/etc/rc.d/pf
/etc/rc.d/isdnd
/etc/rc.d/ppp-user


my only concern might be that tun0 is not created until ppp-user 
launches (correct me if I am wrong) and pf might have an issue with 
an interface that doesnt yet exist. Under OpenBSD, tun0 is there 
before ppp even starts.

Wouldnt we WANT pf to be active prior to ppp launching (like in openbsd?)


Can someone kindly comment on this please?

thanks guys!




--
J.D. Bronson
Information Services
Aurora Health Care - Milwaukee, Wisconsin
Office: 414.978.8282 // Fax: 414.977.5299

-Taco Bell is *not* the Mexican Telephone Company-

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

ppp.linkup but for cable?

[J.D. Bronson]

I am looking for a way to monitor a cable NIC in the freebsd box so 
that if the cable line fails, I can get an email *like in ppp.linkdown*


Is there such a thing?




--
J.D. Bronson
Information Services
Aurora Health Care - Milwaukee, Wisconsin
Office: 414.978.8282 // Fax: 414.977.5299

-Taco Bell is *not* the Mexican Telephone Company-

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Solaris patches and Solaris Express

[J.D. Bronson]

At 09:32 PM 11/15/2005, Victor Watkins wrote:


 Do community member find these additional features worth the cost?

No.

We just want to get our patches without jumping through any hoops, or
worrying about if the check made it through the mail, or if Sun FUBAR'ed
our support account info rather than there being a problem with the
Update Manager connecting, etc.

No longer personally worried about it though..I nuked my Solaris install
and have a nice, shiny new FreeBSD 6.0 kit now, and I gotta say, after
Solaris 5.10 x86, the speed difference alone is breathtaking.


Ironically, I too did the same exact thing. Sun screwed me around 
with whats free..whats not free - patches available...patches restricted.


Then when Update manager stopped working - I said enough was enough.

I nuked my solaris 10 install - and opted for FreeBSD. Not only is it 
much faster and easier to work with, but I can feel more assured that 
if/when a patch is needed, I wont be dick'ed around to get it.


Solaris x86 has never offered stellar performance, but when 10 came 
out we all had high hopes. That faded fast. I have 2 MAJOR bugs filed 
that still have not been addressed (reported March 2005) - and there 
are many users out there that dont even know about some of these. 
They likely will find out someday :-(


I still run 1 solaris machine and thats a sparc running 9.0 ...as 
soon as the machine dies or the OS is no longer supported, the 
machine will find a nice resting spot in some city dump (or recycler)









--
J.D. Bronson
Information Services
West Allis Memorial Hospital
Aurora Health Care - Milwaukee, Wisconsin
Office: 414.978.8282 // Fax: 414.977.5299

-Taco Bell is *not* the Mexican Telephone Company-


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Solaris patches and Solaris Express

[J.D. Bronson]

At 11:29 AM 11/16/2005, Lee Capps wrote:

At 18:46 Tue 15 Nov 2005, J.D. Bronson wrote:

 I still run 1 solaris machine and thats a sparc running 9.0 ...as
 soon as the machine dies or the OS is no longer supported, the
 machine will find a nice resting spot in some city dump (or recycler)


Not to start a holy war or anything, but if you're really
feeling motivated, I believe you can run netbsd or one of several
flavors of linux on that sparc.  Not sure about FreeBSD.

Regards,


Yes. this is truebut from my past experience...the best things 
that run on SPARC are Sun basedso I didnt want to re-invent the 
wheel so to say :)









--
J.D. Bronson
Information Services
Aurora Health Care - Milwaukee, Wisconsin
Office: 414.978.8282 // Fax: 414.977.5299

-Taco Bell is *not* the Mexican Telephone Company-

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

rcorder on 6.0

[J.D. Bronson]

I find this a bit odd and would like someone to kindly explain it. 
While looking at rcorder on /etc/rc.d/*  I noticed this start order:


...
...
/etc/rc.d/ppp-user
/etc/rc.d/ipfw
/etc/rc.d/nsswitch
/etc/rc.d/ip6addrctl
/etc/rc.d/atm2
/etc/rc.d/pfsync
/etc/rc.d/pflog
/etc/rc.d/pf

..how I interepret this is that userland 'pppoe' is starting before 
pfsync/pflog and pf. - Am I correct?


This is exactly the opposite of openbsd.

I think I can figure out a way to re-arrange these so that ppp-user 
starts AFTER the pf stuff...is there any reason this is done this way?


Thanks for any clarification on this





--
J.D. Bronson
Information Services
West Allis Memorial Hospital
Aurora Health Care - Milwaukee, Wisconsin
Office: 414.978.8282 // Fax: 414.977.5299

-Taco Bell is *not* the Mexican Telephone Company-


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Release engineering confusion

[J.D. Bronson]

At 05:16 PM 11/16/2005, Steve Bertrand wrote:

Hi all,

I'm a little confused about which tags to use in my supfiles for cvsup.

I've installed 6.0-RELEASE, and really want to stay with STABLE. AFAICT,
in my supfile, I should have the following to do so:

*default tag=RELENG_6_0

...is that correct? I used this, and after a buildworld I got an error.
I'm not concerned about that right now though. Also, is RELENG_6
considered to be the most current, up-to-date release of the 6.0 track,
as opposed to STABLE?

Steve



according to the example in /usr/share/examples/cvsup:
# The following line is for 6-stable.  If you want 5-stable, 4-stable,
# 3-stable, or 2.2-stable, change to RELENG_5, RELENG_4, RELENG_3,
# or RELENG_2_2 respectively.
*default release=cvs tag=RELENG_6
*default delete use-rel-suffix


So I used this in my cvsup-file
*default release=cvs tag=RELENG_6

and buildworld fails on libcurses..







--
J.D. Bronson
Information Services
West Allis Memorial Hospital
Aurora Health Care - Milwaukee, Wisconsin
Office: 414.978.8282 // Fax: 414.977.5299

-Taco Bell is *not* the Mexican Telephone Company-


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

ACPI on 6.0-RC1

[J.D. Bronson]

acpi0: reservation of fec01000, 1000 (3) failed
acpi0: reservation of fee0, 1000 (3) failed


I notice that in 'dmesg' - but this machine has been running fine for 
days under a good load.


Is this anything to be concerned (or fixed) about though?

thanks-




--
J.D. Bronson
Information Services
Telecommunications Site Support
Aurora Health Care - Milwaukee, Wisconsin
Office: 414.978.8282 // Fax: 414.977.5299

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: automatic fsck -y at boot

[J.D. Bronson]

/etc/rc.conf:

fsck_y_enable=YES



I personally use these:
fsck_y_enable=YES
background_fsck=NO




At 12:14 PM 10/17/2005, kyr wrote:

Hello,
   This is the first time I'm asking for help because all my other 
problems were solved by the handbook or other e-mails.


The question is how can i make freebsd to AUTOMATICALLY CORRECT 
(fsck -y not just fsck) the inconsistency of a HD at boot time after 
a power failure.


After a non clean shutdown I always have a problem with the /var 
partition (because the squid cache is there) it always corrects with 
the fsck -y in single mode manually but the problem is that the 
server is located in a basement where the access is not very easy 
especially when raining :(


The server is a P4 3Ghz 1Gb ram
OS: Freebsd 5.4
Role: Router, DHCPD, DNS, NAT, Firewall, Proxy, SMBD

Thanks
Kyriakos Kyriakou
Xanthi, Greece
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]






--
J.D. Bronson
Information Services
Telecommunications Site Support
Aurora Health Care - Milwaukee, Wisconsin
Office: 414.978.8282 // Fax: 414.977.5299

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

fsck question

[J.D. Bronson]

I am running the beta 5 of 6.0 and was wondering if anyone could
help me figure out why fsck is not happy...

At boot time: (forced fsck - things look fine)

Oct 14 06:50:16 shadow kernel: ** /dev/ad0s1d
Oct 14 06:50:16 shadow kernel: ** Last Mounted on /usr
Oct 14 06:50:16 shadow kernel: ** Phase 1 - Check Blocks and Sizes
Oct 14 06:50:16 shadow kernel: ** Phase 2 - Check Pathnames
Oct 14 06:50:16 shadow kernel: ** Phase 3 - Check Connectivity
Oct 14 06:50:16 shadow kernel: ** Phase 4 - Check Reference Counts
Oct 14 06:50:16 shadow kernel: ** Phase 5 - Check Cyl groups
Oct 14 06:50:16 shadow kernel: 65946 files, 473793 used, 9677846 free 
(15150 frags, 1207837 blocks, 0.1% fragmentation)


But then once the machine is up I see this:

shadow# fsck -f /dev/ad0s1d
** /dev/ad0s1d (NO WRITE)
** Last Mounted on /usr
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
UNREF FILE I=1060395  OWNER=root MODE=100644
SIZE=0 MTIME=Oct 14 06:50 2005
CLEAR? no

..how can I find *this* file its not happy about?




--
J.D. Bronson
Information Services
Telecommunications Site Support
Aurora Health Care - Milwaukee, Wisconsin
Office: 414.978.8282 // Fax: 414.977.5299

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: fsck question

[J.D. Bronson]

At 07:14 AM 10/14/2005, Bernhard Fischer wrote:

 UNREF FILE I=1060395  OWNER=root MODE=100644
 SIZE=0 MTIME=Oct 14 06:50 2005
 CLEAR? no

 ..how can I find *this* file its not happy about?

The option -i of ls shows you the inode number of the files. So you 
could make

an ls -lRi tmpfile and then searching for the inode number within tmpfile.

Regards,
bh



When I shut off apache2, this problem goes away.
so it must be some file thats open or something and as such nothing 
to worry about


thanks-






--
J.D. Bronson
Information Services
Telecommunications Site Support
Aurora Health Care - Milwaukee, Wisconsin
Office: 414.978.8282 // Fax: 414.977.5299

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

openssl 0.9.8 with 5.4-stable

[J.D. Bronson]

I know this may not be supported, but I was wondering if anyone was 
successful in installing the src of openssl 0.9.8 into the base 
install of 5.4 (overwriting the originals) ?


thanks-




--
J.D. Bronson
Information Services
Aurora Health Care - Milwaukee, Wisconsin
Office: 414.978.8282 // Fax: 414.314.8787

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

bsdlabel question..

[J.D. Bronson]

# /dev/da0s1:
type: SCSI
disk: da0s1
label:
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 2234
sectors/unit: 35889147
rpm: 15000
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0   # milliseconds
track-to-track seek: 0  # milliseconds
drivedata: 0

8 partitions:
#size   offsetfstype   [fsize bsize bps/cpg]
  a:  104857604.2BSD 2048 16384 8
  b:  2097152  10485764.2BSD 2048 16384 28552
  c: 358891470unused0 0 # raw 
part, don't edit

  d: 16777216  31457284.2BSD 2048 16384 28552
  e:  8388608 199229444.2BSD 2048 16384 28552
  f:  2097152 283115524.2BSD 2048 16384 28552
  g:  2097152 304087044.2BSD 2048 16384 28552
  h:  3383291 325058564.2BSD 2048 16384 28552


...This is on a FreeBSD 5.4 machine with a Fuji 15K 18GB scsi drive.

Does this disklabel look right? (28553 bps/cpg?)

thanks!




--
J.D. Bronson
Information Services
Aurora Health Care - Milwaukee, Wisconsin
Office: 414.978.8282 // Fax: 414.314.8787

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

correct syntax for openssl 0.9.8 in port

[J.D. Bronson]

I update my port tree on 5.4 to the latest and I am trying to figure 
out what steps I need to build openssl 0.9.8 in /usr/ports/security/openssl

and end up overwriting any base files.

This question comes up often, perhaps a comment can be put into the makefile?

I have tried all the ideas on the archives and either it wont build 
or it keeps trying to build 0.9.7g !!!


*ANY* advice will be greatly appreciated.

I am able to compile the src code cleanly, but that install will 
place files in their own spot and obviously not overwrite base files.


thanks!




--
J.D. Bronson
Information Services
Aurora Health Care - Milwaukee, Wisconsin
Office: 414.978.8282 // Fax: 414.314.8787

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: correct syntax for openssl 0.9.8 in port

[J.D. Bronson]

At 12:57 PM 7/30/2005, Kris Kennaway wrote:

On Sat, Jul 30, 2005 at 12:46:37PM -0500, J.D. Bronson wrote:
 I update my port tree on 5.4 to the latest and I am trying to figure
 out what steps I need to build openssl 0.9.8 in /usr/ports/security/openssl
 and end up overwriting any base files.

 This question comes up often, perhaps a comment can be put into the
 makefile?

 I have tried all the ideas on the archives and either it wont build
 or it keeps trying to build 0.9.7g !!!

 *ANY* advice will be greatly appreciated.

 I am able to compile the src code cleanly, but that install will
 place files in their own spot and obviously not overwrite base files.

Read the makefile for the appropriate variables to set.

Kris


This is obviously my issue. I cannot figure out what variables to set.
What I think it should be, it whines about.

Can someone at least POST what we should use so this will at least be 
in the archives once and for all?


thanks!






--
J.D. Bronson
Information Services
Aurora Health Care - Milwaukee, Wisconsin
Office: 414.978.8282 // Fax: 414.314.8787

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

IDE message - error or cosmetic?

[J.D. Bronson]

May 11 15:13:05 shadow kernel: ad0: 38166MB ST340014A/8.01 
[77545/16/63] at ata0-master UDMA100
May 11 15:13:05 shadow kernel: ad2: FAILURE - SET_MULTI 
status=51READY,DSC,ERROR error=4ABORTED
May 11 15:13:05 shadow kernel: ad2: 9787MB QUANTUM FIREBALLlct20 
10/APL.0900 [19885/16/63] at ata1-master UDMA100
May 11 15:13:05 shadow kernel: SMP: AP CPU #1 Launched!

I have seen this with (4) Maxtor/Quantum drives and I cant believe 
all of them are bad...

Is this a cosmetic error or a serious issue?
thanks-


--
J.D. Bronson
Off The Hook Phone Repair, Inc.
For Fast Repairs: CALL US - IF YOU CAN
Office: 414.978.8282 // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

build world failure help needed

[J.D. Bronson]

I am trying to build world on 5.4-RC4 and need some assistance
troubleshooting the build...
it builds fine until:
=== bin/ls
/usr/bin/gcc -O2 -pipe -DCOLORLS -Wsystem-headers -Werror -Wall 
-Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes 
-Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual 
-Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter 
-Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -c 
/usr/src/bin/ls/cmp.c
/usr/bin/gcc -O2 -pipe -DCOLORLS -Wsystem-headers -Werror -Wall 
-Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes 
-Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual 
-Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter 
-Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -c 
/usr/src/bin/ls/ls.c
/usr/src/bin/ls/ls.c: In function `main':
/usr/src/bin/ls/ls.c:330: warning: passing arg 1 of `tgetstr' 
discards qualifiers from pointer target type
/usr/src/bin/ls/ls.c:331: warning: passing arg 1 of `tgetstr' 
discards qualifiers from pointer target type
/usr/src/bin/ls/ls.c:332: warning: passing arg 1 of `tgetstr' 
discards qualifiers from pointer target type
/usr/src/bin/ls/ls.c:333: warning: passing arg 1 of `tgetstr' 
discards qualifiers from pointer target type
/usr/src/bin/ls/ls.c:338: warning: passing arg 1 of `tgetstr' 
discards qualifiers from pointer target type
/usr/src/bin/ls/ls.c:340: warning: passing arg 1 of `tgetstr' 
discards qualifiers from pointer target type
*** Error code 1

Stop in /usr/src/bin/ls.
*** Error code 1
Stop in /usr/src/bin.
*** Error code 1
Stop in /usr/src.
*** Error code 1
Stop in /usr/src.
*** Error code 1
Stop in /usr/src.
Help?


--
J.D. Bronson
Off The Hook Phone Repair, Inc.
For Fast Repairs: CALL US - IF YOU CAN
Office: 414.978.8282 // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: build world failure help needed

[J.D. Bronson]

At 10:56 AM 05/09/2005, Kent Stewart wrote:
On Monday 09 May 2005 05:56 am, J.D. Bronson wrote:
 I am trying to build world on 5.4-RC4 and need some assistance
 troubleshooting the build...

 it builds fine until:

 === bin/ls
 /usr/bin/gcc -O2 -pipe -DCOLORLS -Wsystem-headers -Werror -Wall
 -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes
 -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual
 -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter
 -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -c
 /usr/src/bin/ls/cmp.c
 /usr/bin/gcc -O2 -pipe -DCOLORLS -Wsystem-headers -Werror -Wall
 -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes
 -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual
 -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter
 -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -c
 /usr/src/bin/ls/ls.c
 /usr/src/bin/ls/ls.c: In function `main':
 /usr/src/bin/ls/ls.c:330: warning: passing arg 1 of `tgetstr'
 discards qualifiers from pointer target type
 /usr/src/bin/ls/ls.c:331: warning: passing arg 1 of `tgetstr'
 discards qualifiers from pointer target type
 /usr/src/bin/ls/ls.c:332: warning: passing arg 1 of `tgetstr'
 discards qualifiers from pointer target type
 /usr/src/bin/ls/ls.c:333: warning: passing arg 1 of `tgetstr'
 discards qualifiers from pointer target type
 /usr/src/bin/ls/ls.c:338: warning: passing arg 1 of `tgetstr'
 discards qualifiers from pointer target type
 /usr/src/bin/ls/ls.c:340: warning: passing arg 1 of `tgetstr'
 discards qualifiers from pointer target type
 *** Error code 1

You aren't seeing the error. This usually means you are running -jx of
some size for x. You have run with no -j to see the error. If you time
the build, you will probably see a smaller build time on non-smp
systems when you don't provide a -j.
Kent
that was with NO '-j' flag
if I go into /usr/src/bin/ls and try to make it manually it bombs as well:
# make
Warning: Object directory not changed from original /usr/src/bin/ls
/usr/bin/gcc -O2 -pipe -DCOLORLS -Wsystem-headers -Werror -Wall 
-Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes 
-Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual 
-Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter 
-Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -c cmp.c
/usr/bin/gcc -O2 -pipe -DCOLORLS -Wsystem-headers -Werror -Wall 
-Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes 
-Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual 
-Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter 
-Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -c ls.c
ls.c: In function `main':
ls.c:330: warning: passing arg 1 of `tgetstr' discards qualifiers 
from pointer target type
ls.c:331: warning: passing arg 1 of `tgetstr' discards qualifiers 
from pointer target type
ls.c:332: warning: passing arg 1 of `tgetstr' discards qualifiers 
from pointer target type
ls.c:333: warning: passing arg 1 of `tgetstr' discards qualifiers 
from pointer target type
ls.c:338: warning: passing arg 1 of `tgetstr' discards qualifiers 
from pointer target type
ls.c:340: warning: passing arg 1 of `tgetstr' discards qualifiers 
from pointer target type
*** Error code 1

Stop in /usr/src/bin/ls.
so I looked at this closly. if I remove the  -DCOLORLS   from the 
make file...it will build.

In addition, if we copy these files in /usr/src/bin/ls to /tmp, it 
will build fine...so then I looked at all the CFLAGS and tested with 
and without each one...

-Wwrite-strings = causes the build to fail.
I dont know what any of this means...so hopefully someone can tell me 
more based on this finding.




--
J.D. Bronson
Off The Hook Phone Repair, Inc.
For Fast Repairs: CALL US - IF YOU CAN
Office: 414.978.8282 // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: build world failure help needed

[J.D. Bronson]

At 08:13 PM 5/9/2005, Kris Kennaway wrote:
On Tue, May 10, 2005 at 03:51:53AM +0300, Abu Khaled wrote:
  # make
  Warning: Object directory not changed from original /usr/src/bin/ls
  /usr/bin/gcc -O2 -pipe -DCOLORLS -Wsystem-headers -Werror -Wall
  -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes
  -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual
  -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter
  -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -c cmp.c
  /usr/bin/gcc -O2 -pipe -DCOLORLS -Wsystem-headers -Werror -Wall
  -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes
  -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual
  -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter
  -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -c ls.c
  ls.c: In function `main':
  ls.c:330: warning: passing arg 1 of `tgetstr' discards qualifiers
  from pointer target type
  ls.c:331: warning: passing arg 1 of `tgetstr' discards qualifiers
  from pointer target type
  ls.c:332: warning: passing arg 1 of `tgetstr' discards qualifiers
  from pointer target type
  ls.c:333: warning: passing arg 1 of `tgetstr' discards qualifiers
  from pointer target type
  ls.c:338: warning: passing arg 1 of `tgetstr' discards qualifiers
  from pointer target type
  ls.c:340: warning: passing arg 1 of `tgetstr' discards qualifiers
  from pointer target type
  *** Error code 1
It looks like you may have nonstandard -W settings, in particular
-Werror.  Don't do this unless you're willing to fix the warnings
encountered in your build.
Kris
I didnt do anything. the build failed.
so I removed the cflags reference to -DCOLORES and then build world fine.
so then I replaced the reference and was able to build world normally.
I have no idea why this failed in the first place!


--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

cvs tag for 5.4-BETA1 ?

[J.D. Bronson]

What cvs tag should I be using to be working at 5.4-BETA1?
tag=RELENG_5 ?
..thanks :)
When I last cvsup'd and build world/kernel it still showed 5.4-PRERELEASE
so I wanted to make sure.

--
J.D. Bronson
Off The Hook Phone Repair, Inc.
24 Hour Service // Free Estimates
For Fast Repairs: CALL US - IF YOU CAN
Office: 414.978.8282 // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

installworld fails (5.4-PRE)

[J.D. Bronson]

I cvsup'd to 5.4-PRE and built world. (I was already in 5.4-PRE)..
I have never had any issues until today
World and kernel built fine. I follow the same steps as always
but this time I have a twist:
# make installkernel - that works fine
# make installworld
...
...
...
cd: can't cd to /usr/include/dev/acpica
*** Error code 2
Stop in /usr/src/include.
*** Error code 1
Humm...
shadow# cd /usr/include/dev
shadow# ls -al
total 38
drwxr-xr-x  14 root  wheel   512 Mar  9 20:37 .
drwxr-xr-x  46 root  wheel  4608 Mar  9 20:37 ..
-r--r--r--   1 root  wheel  4210 Mar  2 17:00 acpica
drwxr-xr-x   2 root  wheel   512 Feb 28 16:04 an
drwxr-xr-x   2 root  wheel   512 Feb 28 16:04 bktr
drwxr-xr-x   2 root  wheel   512 Feb 28 16:04 firewire
drwxr-xr-x   2 root  wheel   512 Feb 28 16:04 ic
drwxr-xr-x   2 root  wheel   512 Mar  9 20:37 ieee488
drwxr-xr-x   2 root  wheel   512 Feb 27 20:09 iicbus
drwxr-xr-x   2 root  wheel   512 Feb 28 16:04 ofw
drwxr-xr-x   2 root  wheel   512 Feb 28 16:04 ppbus
drwxr-xr-x   2 root  wheel   512 Feb 27 20:09 smbus
drwxr-xr-x   2 root  wheel  1024 Mar  2 17:00 usb
drwxr-xr-x   2 root  wheel   512 Feb 28 16:04 utopia
drwxr-xr-x   2 root  wheel   512 Feb 28 16:04 wi
Well...why is it trying to cd into a directory
that does not exist?
and how do I fix this?
Thanks :)

--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: installworld fails (5.4-PRE)

[J.D. Bronson]

At 07:48 AM 03/10/2005, Pietro Cerutti wrote:
 shadow# cd /usr/include/dev
 shadow# ls -al
 -r--r--r--   1 root  wheel  4210 Mar  2 17:00 acpica

 and how do I fix this?
The problem here is that the acpica folder is not executable (you can
not cd into it). chmod 755 acpica should solve it.

 Thanks :)

drwxr-xr-x  14 root  wheel   512 Mar  9 20:37 .
drwxr-xr-x  46 root  wheel  4608 Mar  9 20:37 ..
-r--r--r--   1 root  wheel  4210 Mar  2 17:00 acpica
But acpica is -not- a directory ???



--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

session in wrong state/PPPoE

[J.D. Bronson]

I have started seeing this on the console and in /var/log/messages...
I dont know what it means and things are working fine so far...
Since I dont see it on EACH boot, is this an ISP issue?
How do I troubleshoot this?
The PPPoE session is usually established the very 1st time and I couldnt be 
happier

I am running 5.4-PRE with userland PPPoE.
any thoughts?

--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

in-kernel pppoe ?

[J.D. Bronson]

Does 5.4PRE offer in-kernel pppoe to use to connect to my DSL ISP (pppoe)?
I have userland pppoe configured and running and was wondering if
anyone has this working and opinions...
Thanks :)

--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

pf question

[J.D. Bronson]

First my ifconfig -A:
# ifconfig -A
bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
address: 
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.82.1 netmask 0xff00 broadcast 192.168.82.255
inet 192.168.82.2 netmask 0x broadcast 192.168.82.2
I use a rule in the firewall such as this:
# macros
int_if = bge0
pass in on $int_if from $int_if:network to any modulate state
pass out on $int_if from any to $int_if:network modulate state
This expands to:
pass in on bge0 inet from 192.168.82.0/24 to any modulate state
pass in on bge0 inet from 192.168.82.2 to any modulate state
pass out on bge0 inet from any to 192.168.82.0/24 modulate state
pass out on bge0 inet from any to 192.168.82.2 modulate state
..Why does it pick the alias IP on the nic and not the actual IP?
Is this intended by design?

--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

SCHED_ULE with 5.4-PRE ?

[J.D. Bronson]

options SCHED_ULE
I ran this option on 5.2.1 with P4 HTT and never had any issues.
I understand it was removed...but have the issues been resolved
and is it worth using with only HTT and not true SMP?
Thanks-

--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

pf seems to start late?

[J.D. Bronson]

Mar  4 06:15:11 sole kernel: Setting hostname: sole.domain.com
Mar  4 06:15:11 sole kernel: bge0: 
flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
Mar  4 06:15:11 sole kernel: options=1aTXCSUM,VLAN_MTU,VLAN_HWTAGGING
Mar  4 06:15:11 sole kernel: inet 192.168.1.1 netmask 0xff00 broadcast 
192.168.1.255
Mar  4 06:15:11 sole kernel: media: Ethernet autoselect (none)
Mar  4 06:15:11 sole kernel: status: no carrier
Mar  4 06:15:11 sole kernel: lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST 
mtu 16384
Mar  4 06:15:11 sole kernel: inet 127.0.0.1 netmask 0xff00
Mar  4 06:15:11 sole kernel: Starting ppp as root
Mar  4 06:15:11 sole kernel: Working in ddial mode
Mar  4 06:15:11 sole kernel: Using interface: tun0
Mar  4 06:15:11 sole kernel: Starting dhclient.
Mar  4 06:15:11 sole kernel: bge1: 
flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
Mar  4 06:15:11 sole kernel: options=1aTXCSUM,VLAN_MTU,VLAN_HWTAGGING
Mar  4 06:15:11 sole kernel: inet 65.12.14.18 netmask 0xf000 broadcast 
255.255.255.255
Mar  4 06:15:11 sole kernel: media: Ethernet autoselect (100baseTX 
full-duplex)
Mar  4 06:15:11 sole kernel: status: active
Mar  4 06:15:11 sole kernel: Additional routing options:
Mar  4 06:15:11 sole kernel: IP gateway=YES
Mar  4 06:15:11 sole kernel: .
Mar  4 06:15:11 sole kernel: Starting devd.
Mar  4 06:15:11 sole kernel: Mounting NFS file systems:
Mar  4 06:15:11 sole kernel: .
Mar  4 06:15:11 sole kernel: Starting syslogd.
Mar  4 06:15:11 sole kernel: Mar  4 06:15:11 sole syslogd: kernel boot file 
is /boot/kernel/kernel
Mar  4 06:15:11 sole kernel: Starting named.
Mar  4 06:15:12 sole kernel: Setting date via ntp.
Mar  4 06:15:15 sole kernel: 4 Mar 06:15:15 ntpdate[345]: step time server 
x.x.x.x offset -0.534182 sec
Mar  4 06:15:15 sole kernel: Clearing /tmp.
Mar  4 06:15:16 sole kernel: ELF ldconfig path: /lib /usr/lib 
/usr/lib/compat /usr/local/lib
Mar  4 06:15:16 sole kernel: a.out ldconfig path: /usr/lib/aout 
/usr/lib/compat/aout
Mar  4 06:15:16 sole kernel: Enabling pflogd
Mar  4 06:15:16 sole kernel: .
Mar  4 06:15:16 sole kernel: Mar  4 06:15:16 sole kernel: pflog0: 
promiscuous mode enabled
Mar  4 06:15:16 sole kernel: Enabling pf.
Mar  4 06:15:16 sole kernel: pf enabled

..shouldnt PF start right after the interfaces come up?
The interface comes up and then NTP/NTPD start...and duing this time for 
5secs or more there seems to be no pf runningwhy is this and why doesnt 
NTP/NTPD start AFTER pf is loaded up?

I think under OpenBSD...pf loads before anything else network related to at 
least offer minimum protection.

Am i missing something?
Ideally, I think pf should launch immediately after the ppp kernel fires.

--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

[repost] ip.forwarding with pf

[J.D. Bronson]

No one replied to this and I thought it was easy for someone on this list 
to help me?

I am going to run pf and setup FBSD as a router (3 NICs).
And I see there are some options:
net.inet.ip.fastforwarding
or
net.inet.ip.forwarding
Can someone tell me which is appropriate when FreeBSD 5.4-PRE is used as a
router running pf with built in NAT ?
And what is the difference on these 2 options?

--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: [repost] ip.forwarding with pf

[J.D. Bronson]

At 09:15 AM 03/03/2005, Tomas Quintero wrote:
Are you entirely sure you want to do it using PF? Has PF even been
fully implemented into the 5.x series?
I recently setup an FBSD router with 3 external NICs and 1 internal,
using NAT and open ipfw rules for now, until I learn a bit more about
ipfw.
--
-Tomas Quintero
Yes...pf can be a loadable module or compiled into the kernel.
I am seeking more information on the if.forwarding options though...


--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: [repost] ip.forwarding with pf

[J.D. Bronson]

At 12:13 PM 03/03/2005, Chris Hodgins wrote:
Hmm I found this:
http://mailman.twdx.net/pipermail/occaid/2003-October/000250.html
Google for freebsd net.inet.ip.fastforwarding.
Chris
Hey guys...all of this seems really coolbut is it appropriate for one 
to use 'fast forwarding' when using pf/nat ?

It -seems- to me that if one wants to use pf and/or nat that 'fast 
forwarding is not applicable nor desired.

OTOH, if it IS desirable, I certainly want to use it.
thanks-

--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

dumb network question

[J.D. Bronson]

Ok. I admit it. I cant figure what I am missing.
I have 2 NICs in this machine.
NIC 1 is a LAN NIC and static IP. - that I can figure out.
NIC 2 needs to be DHCP (from cable modem).
and I want the default router to be the DHCP cable
modem gateway IP (passed from dhclient).
What do I need to setup in /etc/rc.conf
to make this happen?
Thanks and sorry for the dumb question.

--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: dumb network question

[J.D. Bronson]

At 02:10 PM 3/3/2005, Thomas Foster wrote:
hostname=my.hostname.whatever
ifconfig_NIC1=inet a.b.c.d netmask 255.255.255.0
ifconfig_NIC2=DHCP
gateway_enable=YES
replace NIC1 and NIC2 with the interface names.. and of course.. a.b.c.d 
with the internal IP address..

be sure theres no gateway defined for the internal interface.. and if you 
need help setting up a firewall/router, be sure and check out :

http://www.section6.net/help.php
Hope this helps
T
Yea...this is great. One last question guys...
for the nic that I have using for PPP...do I need anything special?
(like in OpenBSD I have to toss 'up' in hostname.fxp0 for example)
or does it -just- work.
thanks!

--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

ppp + syslog

[J.D. Bronson]

how do I get ppp to log to syslog when as the machine boots
up...ppp starts and connects before syslogd starts!?
I have my ppp and pf config working fine...but I would like to see what 
happens as it boots to /var/log/ppp.log

if I kill ppp and start it manually it does log fine.
Thanks!

--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

ip forward and pf

[J.D. Bronson]

net.inet.ip.fastforwarding
or
net.inet.ip.forwarding
Can someone tell me which is appropriate when FreeBSD 5.4-PRE is used as a 
router running pf with built in NAT ?

And what is the difference on these 2 options?
Lastly, do I still need to set
gateway_enable=YES ?
(or does that do the same thing as sysctl commands above)
Thanks!

--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: make world fails..how to troubleshoot?

[J.D. Bronson]

At 08:49 AM 03/01/2005, Lowell Gilbert wrote:
J.D. Bronson [EMAIL PROTECTED] writes:
 I am running:
 FreeBSD 5.3-STABLE-SNAP001 FreeBSD 5.3-STABLE-SNAP001 #0: Sun Jan 30
 03:57:47 UTC 2005
 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC  i386

 and I cvs'd up using:
 *default release=cvs tag=RELENG_5

 (I first deleted /usr/src and then ran cvsup)

 Then following the normal way of building world, I went into
 /usr/src and issued:

 make buildworld

 After about 5-7mins I see this:

 building shared library libkrb5.so.7
 building static krb5 library
 ranlib libkrb5.a
 sh /usr/src/tools/install.sh -C -o root -g wheel -m 444   libkrb5.a
 /usr/obj/usr/src/i386/usr/lib
 sh /usr/src/tools/install.sh -s -o root -g wheel -m 444
SNIP



 Anyone shed some lite on this?
Are you using a -j option in the build?
If so, try it again without, so that the error will show more clearly.
Also, try another cvsup, in case you had hit a transient build problem
(there apparently was one over the weekend -- I seem to recall it
being in a different area, but I may be remembering incorrectly).
Yes...I hit this bug...I was not using any -j in the build and still no 
clear errors...after someone else noticed this and cvs was updated..all is 
well

thanks-

--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

make world fails..how to troubleshoot?

[J.D. Bronson]

I am running:
FreeBSD 5.3-STABLE-SNAP001 FreeBSD 5.3-STABLE-SNAP001 #0: Sun Jan 30 
03:57:47 UTC 
2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC  i386

and I cvs'd up using:
*default release=cvs tag=RELENG_5
(I first deleted /usr/src and then ran cvsup)
Then following the normal way of building world, I went into
/usr/src and issued:
make buildworld
After about 5-7mins I see this:
building shared library libkrb5.so.7
building static krb5 library
ranlib libkrb5.a
sh /usr/src/tools/install.sh -C -o root -g wheel -m 444   libkrb5.a 
/usr/obj/usr/src/i386/usr/lib
sh /usr/src/tools/install.sh -s -o root -g wheel -m 444 libkrb5.so.7 
/usr/obj/usr/src/i386/usr/lib
sh /usr/src/tools/install.sh -C -o root -g wheel -m 444  heim_err.h 
k524_err.h 
/usr/src/kerberos5/lib/libkrb5/../../../crypto/heimdal/lib/krb5/krb5-protos.h 
/usr/src/kerberos5/lib/libkrb5/../../include/krb5-types.h 
/usr/src/kerberos5/lib/libkrb5/../../../crypto/heimdal/lib/krb5/krb5.h 
krb5_err.h /usr/obj/usr/src/i386/usr/include
ln -fs libkrb5.so.7 /usr/obj/usr/src/i386/usr/lib/libkrb5.so
1 error
*** Error code 2
1 error
*** Error code 2
1 error
*** Error code 2
1 error
#

And then it stops. I did a full make world using the same gear Saturday and 
it worked fine...this is another new identical machine...but I cannot get 
world to build and this error means little to me..

Anyone shed some lite on this?
thanks!

--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

trouble booting 5.3 on i386 IBM

[J.D. Bronson]

I created a bug report and nothing was entered,so I thought I would ask the 
group again if anyone has seen this??
Brand new drives...brand new full install:

Using 5.3 release is when I 1st noticed this. CVSup to 5.3-STABLE does not 
fix this trouble.

If both IDE channels are enabled and they are all set to AUTO/AUTO for 
master/slave and there is no drive (yet) installed to IDE channel2, the 
machine hangs at boot. If I install a drive to IDE channel2, the machine boots.

If I disable IDE channel2, the machine will boot as well.
When it hangs, all I see on the console is:
FreeBSD/i386 BOOT
Default: 0:ad(0,a)/boot/loader
boot:
..if I hit return at this point, the beastie menu comes up.
The machine will NOT boot on it's own.



--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

correct cvsup for 5.3 snapshot

[J.D. Bronson]

I am currently running a snapshot FreeBSD 5.3-STABLE-SNAP001
and I want to update this...I am presuming to 5.3-STABLE ?
Is this the correct cvsup file?
*default host=someserver.freebsd.org
*default base=/var/db
*default prefix=/usr
*default release=cvs tag=RELENG_5_3
*default delete use-rel-suffix
*default compress
src-all
Thanks-

--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]