Re: blocking yahoo messenger
On 1/2/06, Imran Imtiaz [EMAIL PROTECTED] wrote: how can I block yahoo messenger using ipf? [snip] Have a look at at http://www.bsdforums.org/forums/showthread.php?t=10225 ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf blocking nfs
[snip] In your original post, there was something about a short packet. I'm guessing this might screw things up. You might try adding 'scrub in all' before the filtering rules. [smip] Be careful with scrub and NFS. From http://openbsd.bay13.net/faq/pf/scrub.html One reason not to scrub on an interface is if one is passing NFS through PF. Some non-OpenBSD platforms send (and expect) strange packets -- fragmented packets with the do not fragment bit set, which are (properly) rejected by scrub. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Aztech modem
On 10/29/05, Greg 'groggy' Lehey [EMAIL PROTECTED] wrote: On Tuesday, 15 November 2005 at 6:37:40 +0330, Mohsen Pahlevanzadeh wrote: Dears, I can use my modem in GNU/Linux (each distro,without problem) My modem is external its mark is Aztech.I use dos port. But i can't use /dev/cuaa0 or plus in FreeBSD. Please guide .. http://www.lemis.com/questions.html Greg Same question as http://www.bsdforums.org/forums/showthread.php?t=35879 ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Has this box been hacked?
On 7/6/05, Brett Glass [EMAIL PROTECTED] wrote: A client had a network problem, and I wanted to make sure that his FreeBSD 4.11 router wasn't the cause of it, so I rebooted it. I then did a last command and saw the following: root ttyv0 Tue Jul 5 12:01 - 12:05 (00:04) admin ttyp0 localhost Tue Jul 5 11:57 - 11:57 (00:00) root ttyv0 Tue Jul 5 11:49 - 12:00 (00:11) reboot ~ Tue Jul 5 11:49 shutdown ~ Tue Jul 5 11:47 root ttyv0 Tue Jul 5 11:37 - shutdown (00:10) reboot ~ Tue Jul 5 11:36 shutdown ~ Tue Jul 5 05:36 shutdown ~ Tue Jul 5 11:22 Note the shutdown entry with the time 5:36 AM, which is odd because it's out of chronological order and the other logs don't show the typical debug messages at that time. Where might such an entry come from? How likely is it that the box has been rooted? Are there known exploits that might have been used to root a FreeBSD 4.11-RELEASE machine? (The only unusual activity I can see in the logs is a few attempts to log in as root via SSH. The attempts that were logged were not successful, but of course a skilled attacker would cover his tracks.) If you would have installed something like tripwire or aide, you would have been in a better position to find out whether the box has been owned. See http://www.onlamp.com/pub/a/bsd/2003/04/03/FreeBSD_Basics.html =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Using unix mail with maildir format
On 6/29/05, bsd [EMAIL PROTECTED] wrote: Does anyone know if there is a way to read mail with unix mail program? I've been using this program since couple of years and I am quite happy with It… I can't seem to find a shortcut to have It read maildir format… The program maildir2mbox (part of qmail), can convert a Maildir into mbox format. See http://qmail.bzimage.dk/man/man1/maildir2mbox.html. There is also a short shell script called qail which runs maildir2mbox and then mail. =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: installing big qmail server ... where to start?
See http://www.lifewithqmail.org/ldap/ Maybe you could ask on the qmail-ldap mailing list ;) =adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: illegal user root user failed login attempts
On 4/26/05, Peter Kropholler [EMAIL PROTECTED] wrote: I run a server at home on port 22. There are loads of illegal user attempts to login every few days. As its at home I protect myself by having only one user on the sshd AllowUsers list and with a very strong password and no admin/sysman priveleges. So essentially every failed login attempt is illegal. Is there any way to actually record what passwords the hackers' scripts are trying? I am just really intrigued to know what they are thinking might work. I realize that it's not normally appropriate to log people's passwords but in my case I am literally the only user who will ever legitimately login to my machine __ Moving your ssh port away from port 22 seems to stop these attempts. These logons seem to come from cracked Linux boxes. This issue has been discussed quite a lot on this list. For a non-list discussion, see http://www.freebsdforums.org/forums/showthread.php?s=threadid=27683 =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Enabling Gratuitous ARP
On 4/14/05, Adam Smith [EMAIL PROTECTED] wrote: Hi, In a particular network scenario we have, swapping an ethernet link between two FreeBSD machines using the same IP and a different MAC is proving to be a problem. We have discovered that in order to make this work we will need to enable gratuitous ARP. Does anyone know how to turn this feature on? http://openbsd.org/faq/faq6.html#CARP and http://www.freebsd.org/cgi/man.cgi?query=carpapropos=0sektion=0manpath=FreeBSD+6.0-currentformat=html It looks like carp is available in FBSD 5.4 =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf synproxy and fragments
On Apr 2, 2005 12:18 AM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I'm running 5.3 stable. I've recently switched from ipfilter to pf to take advantage of the traffic shaping, and I've run into something I don't understand. I read the documentation on the synproxy option and it sounded good to me, so I replaced my keep state rules with synproxy state. After doing this, I noticed that my filesharing programs stopped downloading. I switched back to keep state for the rules that handled my filesharing traffic and the problem went away. Today my brother called and told me that he couldn't get to my website anymore because his firewall said that my http service was sending a fragment attack. I replaced synproxy state with keep state for the rules pertaining to httpd and the problem went away. Specifically, the http traffic rule was (formatted): pass in quick on $ext_if proto tcp from any to any port 80 flags S/SAFR synproxy state queue(http_out,ack_out) Having tried a few other firewalls in the past, I know that some of them don't like fragmented packets at all. This week's events make me believe that pf's synproxy option is causing my server to send out fragments, and those fragments aren't well-received. Is this normal with synproxy? Am I misusing synproxy? Is this just a coincidence? In http://archives.neohapsis.com/archives/openbsd/2005-03/2760.html somebody reported a similar problem. Maybe you could try his solution by leaving out flags S/SAFR =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: possible bug report re: (malformed?) internet addresses
On Thu, 31 Mar 2005 05:45:37 -0400, fredthetree [EMAIL PROTECTED] wrote: Almost forgot. $ uname -a FreeBSD computer 5.4-PRERELEASE FreeBSD 5.4-PRERELEASE #0: Tue Mar 1 05:39:33 AST 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/MACHINE i386 (I haven't cvsup'd and re-built in a little while.. maybe one of you who have could verify the problem still exists..) -dan On Thu, 31 Mar 2005 05:43:12 -0400, fredthetree [EMAIL PROTECTED] wrote: $ ping mr-chips-.deviantart.com ping: cannot resolve mr-chips-.deviantart.com: Unknown server error $ ping etc-etc-etc.deviantart.com PING etc-etc-etc.deviantart.com (69.28.181.43): 56 data bytes 64 bytes from 69.28.181.43: icmp_seq=0 ttl=50 time=108.127 ms At first it may seem logical to point the blame to the server, after noting Unknown server error, however, I am perfectly able to connect to this address on a Windows machine. The problem is reproducible with any address which has a - before a . I am not sure where the problem lies, it is obviously not just within 'ping,' as I first noticed this problem within firefox/mozilla. No problem on FreeBSD plato.utp.xnet 5.3-STABLE-20050116-JPSNAP FreeBSD 5.3-STABLE-20050116-JPSNAP #0: Sun Jan 16 01:31:07 UTC 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 consulting a local dnscache, part of djbdns, nameserver running under OpenBSD dig mr-chips-.deviantart.com ; DiG 9.2.3 mr-chips-.deviantart.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 27024 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mr-chips-.deviantart.com. IN A ;; ANSWER SECTION: mr-chips-.deviantart.com. 86400 IN A 69.28.181.43 ;; Query time: 293 msec ;; SERVER: 192.168.222.10#53(192.168.222.10) ;; WHEN: Thu Mar 31 23:08:23 2005 ;; MSG SIZE rcvd: 58 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ppp problems with routing
On Mon, 28 Mar 2005 19:13:47 -0500, PS [EMAIL PROTECTED] wrote: Hello I use freeBSD 4.11 with pppoe. I used almost default ppp.conf (as in freebsd handbook) for dynamic ip. my config is here http://block111.servehttp.com/ppp.conf Twice a day I restart ppp from cron with `killall -INT ppp` and if the new connection default gateway is different then the old default route isn't removed, e.g. after ppp restart I have this: ifconfig - ... inet 66.11.172.181 -- 66.11.165.1 netmask 0x inet 66.11.180.20 -- 66.11.190.1 netmask 0x before I had inet 66.11.172.181 -- 66.11.165.1 netmask 0x only, but after I sent INT to ppp the new ip has a different dafault gateway and the old one isn't removed. Should the old default route/ip be removed or not? In my case the old ip becomes invalid. Thank you ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Have you tried: add! default HISADDR Note the exclamation mark ! after the add. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [repost] ip.forwarding with pf
On Thu, 03 Mar 2005 06:30:52 -0600, J.D. Bronson [EMAIL PROTECTED] wrote: No one replied to this and I thought it was easy for someone on this list to help me? I am going to run pf and setup FBSD as a router (3 NICs). And I see there are some options: net.inet.ip.fastforwarding or net.inet.ip.forwarding Can someone tell me which is appropriate when FreeBSD 5.4-PRE is used as a router running pf with built in NAT ? And what is the difference on these 2 options? -- I don't know the difference, but here is a report of WinXP clients having problems with net.inet.ip.fastforwarding: http://www.freebsdforums.org/forums/showthread.php?s=threadid=29094 =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Change MAC address of LAN card in rc.conf. How?
On Sun, 27 Feb 2005 05:54:49 -0800 (PST), Rob [EMAIL PROTECTED] wrote: Hi, I'm running 5.3 STABLE. I need to change the MAC address of my PC. I know it can be done like this: ifconfig rl0 ether 11:22:33:44:55:66 So I guessed I could make life a little easier by adding this in my /etc/rc.conf file as: ifconfig_rl0=inet 192.168.123.2 netmask 255.255.255.0 ether 11:22:33:44:55:66 However, this does not seem to work. No IP address is assigned to the LAN card after bootup. Apparently something is wrong here. Any idea how I can do this at bootup? echo 'ifconfig rl0 ether 11:22:33:44:55:66' /etc/start_if.rl0 =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Transfering from SCSI to IDE ?
On Wed, 23 Feb 2005 18:12:29 + (GMT), ali boreiri [EMAIL PROTECTED] wrote: Dear Sir : I have a FreeBSD system with a squid cache installed on it on my 17 GB SCSI drive. Recently I get an image of it by Norton GHOST on a 80GB IDE drive. Transferring was successful but when system on new IDE disk booted , after pimary freeBSD boot menu boot proccess continued till an error occured in mounting file system and disk; and then system ask me to mount root and a mount prompt appeared. Messages appears on screen are as below: Mounting root from ufs:/dev/da0s1a setrootbyname failed ffs_mountroot: can't find rootvp Rootmount failed:6 mount root mount root ? List of GEOMD Managed disk devices: ad1s1f ad1s1e ad1s1d ad1s1c ad1s1b ad1s1a ad1s1 acd0 ad1 fd0 Now please tell me what must I do ;and refer me to a compelete step by step guide in mounting partition of this IDE disk (which the image of a SCSI disk is on it.)and no change perform to partitions for properly working of squid cache. Thank you : Dr.A.Boreiri Maybe you should forget about the Ghost shortcut, and not ignore 30 years of Unix backup history ;) Use dump to make a backup of your SCSI disk. Do a minimal FBSD install on your IDE disk, using a similar partition and disklabel scheme as the FBSD install on the SCSI disk. Now use restore to transfer the backups to the IDE disk. Please note that dump and restore work on complete filesystems. =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: djbdns question
On Wed, 23 Feb 2005 14:45:16 -0600, Darryl Hoar [EMAIL PROTECTED] wrote: Greetings, I setup djbdns on a freebsd server attached to my internal network. It answers for the local machine on the domain for my internal while forwarding all others to our ISP for resolution. I set this up a 2 years ago and haven't needed to do a thing other than to add/remove machines. Well, now I need to change the domain name from osborneindustries.com to osborneinternal.com. Unfortunately, I haven't found any documentation that takes you through the changes to convert and already running tinydns/dnscache setup from one domain name to a different one. Anybody have any pointers here ? Change directory to the tinydns data directory (cd /service/tinydns/root) , edit your tinydns data file. Editing can be done in one sweep with # mv data data.old # sed -e 's/osborneindustries.com/osborneinternal.com/g' data.old data Now run make to generate a new data.cdb file from the edited data file. Tinydns will notice the change, no need to start/stop or give a -HUP to tinydns. The only other thing left is to tell dnscache about the change. # cd /service/dnscache/root/servers You will see a file called osborneindustries.com The contents of that file is the IP address of your tinydns server. Rename this file with mv to osborneinternal.com =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: djbdns question
On Thu, 24 Feb 2005 22:18:01 +0100, J65nko BSD [EMAIL PROTECTED] wrote: On Wed, 23 Feb 2005 14:45:16 -0600, Darryl Hoar [EMAIL PROTECTED] wrote: Greetings, I setup djbdns on a freebsd server attached to my internal network. It answers for the local machine on the domain for my internal while forwarding all others to our ISP for resolution. I set this up a 2 years ago and haven't needed to do a thing other than to add/remove machines. Well, now I need to change the domain name from osborneindustries.com to osborneinternal.com. Unfortunately, I haven't found any documentation that takes you through the changes to convert and already running tinydns/dnscache setup from one domain name to a different one. Anybody have any pointers here ? Change directory to the tinydns data directory (cd /service/tinydns/root) , edit your tinydns data file. Editing can be done in one sweep with # mv data data.old # sed -e 's/osborneindustries.com/osborneinternal.com/g' data.old data Now run make to generate a new data.cdb file from the edited data file. Tinydns will notice the change, no need to start/stop or give a -HUP to tinydns. The only other thing left is to tell dnscache about the change. # cd /service/dnscache/root/servers You will see a file called osborneindustries.com The contents of that file is the IP address of your tinydns server. Rename this file with mv to osborneinternal.com I forget to mention that a restart of dnscache is needed # svc -t /service/dnscache At http://www.freebsdforums.org/forums/showthread.php?s=threadid=25244 you can find a comfortable dnscachectl script to start/stop and many other things with dnscache. =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Partial web page loading
It could have something to do with an incorrect MTU size. This can cause partial loading of webpages. See http://www.cisco.com/warp/public/794/router_mtu.html Adriaan On Sun, 20 Feb 2005 12:46:09 -0800, Scott Stevenson [EMAIL PROTECTED] wrote: I'm a relatively new user of FreeBSD (5.3 release), and have encountered a problem that I haven't seen on other platforms. The details and a screenshot are outlined here: http://theocacao.com/document.page/82 Essentially, web content (text and images alike, it seems) occasionally fails to load in entirety. I personally haven't be able to recreate this yet, but a few people have sent me emails about it. I didn't hear anything about this prior to switching to FreeBSD. This is the exact same content I had running on a Red Hat-based machine running the same version of Apache. I've done a lot of googling and looking through mailing list archives, but haven't been able to identify any real leads yet. Syslog doesn't suggest anything is amiss. My environment is: FreeBSD 5.3-Release Apache 2.0.50 PHP 5.0.2 BIND 9.3.0 Both Apache and PHP were built from ports. I realize Apache is a few versions behind, and I'm going to upgrade it. Looking at the changelog, though, I can't seem to find anything that would pertain to this. Any ideas? Thanks, - Scott -- http://treehouseideas.com/ http://theocacao.com/ [blog] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring PF
On Sun, 20 Feb 2005 11:42:41 -0700, Pat Maddox [EMAIL PROTECTED] I'd still like to find a good example config file that works well for a web server. I posted an easy to adapt config file 3 days ago, haven't you seen it? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring PF
On Fri, 18 Feb 2005 00:28:30 -0700, Pat Maddox [EMAIL PROTECTED] wrote:
Can you guys let me know if this looks like a good conf file? I've
got web, mail, ftp, ssh, and DNS that I need to have open.
# Macros
ext_if=fxp0
SYN_ONLY=S/FSRA
tcp_services = { 21, 22, 25, 53, 80, 143 }
icmp_types = echoreq
# Default deny
block all
## Filtering rules
# Default TCP policy
block return-rst in log on $ext_if proto TCP all
This block rule is not needed, You alreadt have a default deny policy
pass in log quick on $ext_if proto TCP from any to $ext_if port
$tcp_services flags $SYN_ONLY keep state
# Default UDP policy
block in log on $ext_if proto udp all
This block rule is not needed, You alreadt have a default deny policy
pass in log quick on $ext_if proto UDP from any to $ext_if port 53 keep state
# Default ICMP policy
block in log on $ext_if proto icmp all
This block rule is not needed, You already have a default deny policy
pass in inet proto icmp all icmp-type echoreq keep state
block out log on $ext_if all
This block rule is not needed, You alreadt have a default deny policy
pass out log quick on $ext_if from $ext_if to any keep state
# Allow the local interface to talk unrestricted
pass in quick on lo0 all
pass out quick on lo0 all
On Fri, 18 Feb 2005 03:17:30 +0100, J65nko BSD [EMAIL PROTECTED] wrote:
On Wed, 16 Feb 2005 19:18:17 -0700, Pat Maddox [EMAIL PROTECTED] wrote:
I've managed to come up with something that works so far. I am having
two problems though.
The first is that I can't authenticate for IMAP anymore. No clue why,
it just keeps rejecting my password. maillog shows imapd: LOGIN
FAILED, that's it.
Also, after enabling pf, all my UDP ports show as open. I've got a
ruleset of
block in log on $ext_if proto udp all
So all UDP ports should be shown as closed. Doesn't really make any
sense to me. Anyone care to help?
Thanks for the help so far.
Pat
Start with a default policy to block and log all traffic
# --- default policy
block log from any to any
Now you only have to open ports to let traffic in. If you don't know
which port to open for a certain protocol, you can run tcpdump -eni
pfl0g. tcpdump will show which rule blocked, and on which port
address combination.
How about this?
# --- pf.conf skeleton for server
# j65nko freebsdforums.org
#
# --- MACRO Section -
EXT_IF=fxp0
PING = echoreq
# --- allowed incoming services initiated by clients
TCP_IN = { ssh, smtp, pop3, imap, http, https }
#UDP_IN = { domain }
# --- allowed services initiated by server
TCP_OUT = { smtp }
UDP_OUT = { domain }
# -- TABLE Section --
# -- OPTIONS Section
set loginterface $EXT_IF
# - TRAFFIC NORMALIZATION
scrub in all
# -- TRANSLATION Section (NAT/RDR)
# -- FILTER section
# --- DEFAULT POLICY
block log all
# --- LOOPBACK
pass quick on lo0 all
# === INCOMING
# --- EXTERNAL INTERFACE
# --- TCP
pass in quick on $EXT_IF inet proto tcp from any to $EXT_IF port
$TCP_IN flags S/SA keep state
# --- UDP
#pass in quick on $EXT_IF inet proto udp from any to $EXT_IF port
$UDP_IN keep state
# --- ICMP
#pass in quick on $EXT_IF inet proto icmp from any to $EXT_IF
icmp-type $PING keep state
# === OUTGOING
# --- EXTERNAL INTERFACE
# --- TCP
pass out quick on $EXT_IF inet proto tcp from $EXT_IF to any port
$TCP_OUT flags S/SA keep state
# --- UDP
pass out quick on $EXT_IF inet proto udp from $EXT_IF to any port
$UDP_OUT keep state
# --- ICMP
pass out quick on $EXT_IF inet proto icmp from $EXT_IF to any
icmp-type $PING keep state
# - end of pr.conf
=Adriaan=
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring PF
On Wed, 16 Feb 2005 19:18:17 -0700, Pat Maddox [EMAIL PROTECTED] wrote: I've managed to come up with something that works so far. I am having two problems though. The first is that I can't authenticate for IMAP anymore. No clue why, it just keeps rejecting my password. maillog shows imapd: LOGIN FAILED, that's it. Also, after enabling pf, all my UDP ports show as open. I've got a ruleset of block in log on $ext_if proto udp all So all UDP ports should be shown as closed. Doesn't really make any sense to me. Anyone care to help? Thanks for the help so far. Pat Start with a default policy to block and log all traffic # --- default policy block log from any to any Now you only have to open ports to let traffic in. If you don't know which port to open for a certain protocol, you can run tcpdump -eni pfl0g. tcpdump will show which rule blocked, and on which port address combination. =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: keeping freebsd uptodate - doubt
On Fri, 04 Feb 2005 22:16:30 -0600, Billy Newsom [EMAIL PROTECTED] wrote:
saravanan ganapathy wrote:
cvsup -g -L 2 /root/ports-supfile
Once you get your cvsup stuff straightened out, try this script, which I run
every other day. Change the Log file if you want. This updates my sources
to stable and updates the ports tree. I use two different cvsup files and
commands so the two don't get confused. Don't try to use the same config
file and cvsup command for the two different types of updates!! (In my
experience, you're asking for trouble.)
You will need to install a few ports first, but you should get the idea. If
you read the output every day (or you could email it to yourself, which I may
eventually do if I like it), you will see which ports need to be updated.
This script will probably contiune to get better as it gets added to. Like I
need to include the security audited version of ports that need updated!
BEGIN CODE... mydaily.sh
#!/bin/sh
#
# Billy borrowed stuff on 12/18/2004 from:
#http://www.oreillynet.com/pub/wlg/6041?page=lastx-order=date
#
LOGF=/var/log/cvsup.log
echo START @ `/bin/date` $LOGF
#/bin/date $LOGF
#use fastest_cvsup to find fastest geographically
#close mirror; I'll check Canada and the US
if SERVER=`/usr/local/bin/fastest_cvsup -Q -c ca,us`; then
echo Using STABLE Server: $SERVER $LOGF
/usr/local/bin/cvsup -L1 -h $SERVER -l /var/log/cvs-lock-s
/root/stable-supfile $LOGF
echo STABLE done @ `/bin/date` $LOGF
else
echo cvsup-STABLE has a fastest_cvsup problem on...`/bin/date` $LOGF
fi
if SERVER=`/usr/local/bin/fastest_cvsup -Q -c ca,us`; then
echo Using PORTS Server: $SERVER $LOGF
/usr/local/bin/cvsup -L0 -h $SERVER -l /var/log/cvs-lock-p
/root/ports-supfile $LOGF
echo PORTS done @ `/bin/date` $LOGF
else
echo cvsup-PORTS has a fastest_cvsup problem on...`/bin/date` $LOGF
fi
#-U (which takes a long time to execute) isn't needed
#with the fetchindex command
cd /usr/ports
make fetchindex $LOGF
/usr/local/sbin/portsdb -u $LOGF
# command1 21 | command2
# echo Looking for security patches
# freebsd-update fetch
# This program not working for me. unComment above line if it works for U.
echo The following ports need upgrading $LOGF
/usr/local/sbin/portversion -l $LOGF
echo $LOGF
echo STOP at `/bin/date`. $LOGF
echo $LOGF
END CODE... mydaily.sh
--
Billy
___
You can use exec at the top of your script to redirect all output
to a file. This way don't need to add $LOG at the end of each
line.
#!/bin/sh
LOGF=/var/log/cvsup.log
# --- redirect all script output to logfile
exec ${LOGF} 21
=Adriaan=
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BIND9 doesn't seem to do anything
On Sat, 29 Jan 2005 17:57:50 -0700, Pat Maddox [EMAIL PROTECTED] wrote: The named process is always in the kserel state. I've got no idea what that is, and all I can find on Google is that programs hang in that state. So I don't know what to do. There's no output, I can't find any logs, there's just no way for me to tell what's wrong. On Sat, 29 Jan 2005 15:59:46 -0800, Thomas Foster [EMAIL PROTECTED] wrote: you might want to add named_enable=YES in your /etc/rc.conf check out the following tutorial on setting up Bind9 http://www.section6.net/help/bind.php Hope this helps.. T - Original Message - From: Pat Maddox [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Sent: Saturday, January 29, 2005 3:54 PM Subject: BIND9 doesn't seem to do anything I installed BIND9 from the ports earlier, edited the config files a bit, but I can't get it to run at all. When I type named, or /etc/rc.d/named start, there's no output at all, and then I find that named isn't running. I've tried this again with the default install as well, without touching and files, but same thing. There also isn't anything in the logs folder, so I guess it's not creating an error log of anything. Any ideas? Thanks, Pat netstat -an -f inet should show something like this. A nameserver LISTENing on port 53 for TCP and another line for for UDP. tcp0 0 192.168.222.10.53 *.*LISTEN udp0 0 192.168.222.10.53 *.* =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How does FreeBSD access NetBSD, OpenBSD?
On Thu, 27 Jan 2005 19:17:33 -0800, Loren M. Lang [EMAIL PROTECTED] wrote: I have FreeBSD, OpenBSD, and NetBSD on the same hard drive of my system. How can I mount the NetBSD or OpenBSD partitions from FreeBSD? Slice 1 - Ext3fs for data between linux/bsd Slice 2 - OpenBSD slice with 4 ufs partitions and swap (a,b,e,f,g) Slice 3 - FreeBSD slice with 4 ufs partitions and swap (a,b,d,e,f) Slice 4 - Extended slice composed of: Slice 5 - NetBSD slice with 4 ufs partitions and swap (a,b,e,f,g) Slice 6 - Unformatted as of yet. FreeBSD is, of course running fine, but I can't see any of the other slices/partitions on the drive including the ext3fs partition. $ ls /dev/ad1* /dev/ad1/dev/ad1s3 /dev/ad1s3c /dev/ad1s3f /dev/ad1s6 /dev/ad1s1 /dev/ad1s3a /dev/ad1s3d /dev/ad1s4 /dev/ad1s2 /dev/ad1s3b /dev/ad1s3e /dev/ad1s5 I can seem to access all the linux partitions on my first drive ad0, but that drive is only linux so there are no complex partitions in slices like on ad1. I would expect that the nature of geom, I should be able to access all the partitions fine, but I might be missing something. [snip] OpenBSD and NetBSD have one single label for the whole disk or all slices, unlike FreeBSD that has a separate disklabel for each slice. See http://www.freebsdforums.org/forums/showthread.php?s=threadid=27859 =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adding a partition
On Fri, 28 Jan 2005 15:36:08 +0101, David J. Weller-Fahy [EMAIL PROTECTED] wrote: I left about 26GB free on my 80GB hard drive. Having found a use for that space, I now want to add a partition. I've not added one by hand, and /stand/sysinstall gives me a 'cannot write to ...' message, so I want confirmation that what I'm about to do won't crump on me. ;] System is two 80GB ATA hard drives on a 'Promise PDC20269 UDMA133 controller' (according to dmesg), with one on each channel (both master). I'm running software raid using atacontrol. My current partition table follows: #v+ dave[tigger]~ sudo bsdlabel ar0s1 # /dev/ar0s1: 8 partitions: #size offsetfstype [fsize bsize bps/cpg] a: 104857604.2BSD 2048 16384 8 b: 2097152 1048576 swap c: 1562963220unused0 0 # raw part, don't edit d: 73400320 304087044.2BSD 2048 16384 28544 e: 2097152 31457284.2BSD 2048 16384 28552 f: 12582912 52428804.2BSD 2048 16384 28552 g: 12582912 178257924.2BSD 2048 16384 28552 #v- To use up the unused space, I believe I need to add the following line: #v+ h: 52487298 1038090244.2BSD 2048 16384 28552 #v- Could someone who's done that before confirm whether that looks right? First you need to create a FreeBSD slice with fdisk, say /dev/ar0s2. Only then you can disklabel that /dev/ar0s2. =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPSec without AH
On Sun, 23 Jan 2005 13:47:35 +0100, Erik Norgaard [EMAIL PROTECTED] wrote: Hi, Due to the problems of IPSec with NAT I was thinking if it is posible to setup IPSec without Authenticated Headers? Does anyone know of a howto? My postulate is that since data is encrypted, this should provide the same security as SSL/TLS - or better as _all_ protocols are encapsulated - or did I miss something? Thanks, Erik The AH (Authenticated Header) protocol cannot be used with NAT, NAT modifies the header of packets, while AH is supposed to protect that header from being modified. Another IPSEC protocol ESP (Encrypted Security Payload), both authenticates and encrypts, and thus has no problem with NAT traversal. BTW I am not an IPSEC expert, just scratched its surface a little bit ;) =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPSec without AH
On Sun, 23 Jan 2005 14:54:46 +0100, Erik Norgaard [EMAIL PROTECTED] wrote: J65nko BSD wrote: Due to the problems of IPSec with NAT I was thinking if it is posible to setup IPSec without Authenticated Headers? Does anyone know of a howto? The AH (Authenticated Header) protocol cannot be used with NAT, NAT modifies the header of packets, while AH is supposed to protect that header from being modified. Another IPSEC protocol ESP (Encrypted Security Payload), both authenticates and encrypts, and thus has no problem with NAT traversal. Thanks, AFAIK, ESP and AH are used in conjunction in IPSec, ESP for encrypting the packet payload, and AH for authentication. ESP in it self does not provide authentication, but only encrypts the payload - hence the names :-) Since ESP only encrypts the payload, as you say, ESP has no problem with NAT, whereas AH appends a signed checksum of the header. And since NAT alters the header, verifying the AH fails. Ofcourse, it requires access to the (public?) keys to create valid encrypted packets. Hence, if the public key is kept as a shared secret among the authorized users, one could assume that ESP packets are authenticated/trusted. This is my idea, discard AH, rely on ESP and assume that anyone capable of producing decryptable packets must have access to the pre-shared secret public key and hence authorized. Your are not the first to have this idea. The authors of Secure Architectures with OpenBSD already published this ;) AH would work, if both ends were NATaware, such that the rigth src/dst ip could be inserted in the header before checking. It just occured to me that maybe this could be done by adding yet another IP/IP tunnel? Cheers, Erik OpenBSD 3.6 supports NAT traversal. From http://openbsd.org/36.html: isakmpd(8) now supports NAT-traversal and Dead Peer Detection (RFC 3706). Don't know how ling it would take to before this is supported by FreeBSD ;) =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 'nat pass' not working in PF
On Fri, 21 Jan 2005 08:20:45 -0600, Andrew L. Gould [EMAIL PROTECTED] wrote:
I'm running pf in FreeBSD 5.3 on my laptop. The filters for the local
box work fine.
I'm also working on a pc for a friend; but ran out of ethernet ports in
my router. This pc doesn't have a wireless adapter; so I adjusted my
pf rules to use my laptop as a gateway for the pc.
I want my filters to remain intact for the laptop; but I want nat to let
all the pc's traffic through. (It has it's own firewall.) According
the OpenBSD pf tutorial, adding the word 'pass' after 'nat' in the nat
command will allow nat traffic to bypass the filter rules.
Unfortunately, this doesn't seem to work.
If my default 'block log all' rule is left uncommented, I can only ping
ip addresses (not host names that require nameservers). No other
activity passes through. If I comment it out, all traffic passes; but
my laptop is left unprotected.
Any advice?
The relevant lines from my pf rules follow:
ifdev = ath0
natdev = fxp0
scrub in all no-df
nat pass on $ifdev from $natdev:network to any - $ifdev
icmp_types = echoreq
block log all
#other filtering rules follow
Thanks,
Andrew Gould
How about something like this:
EXT_IF = fxp0
INT_IF = xl0
TCP_OUT = { ssh, www, https, smtp, pop3 }
UDP_OUT = { domain }
ICMP_OUT = echoreq
scrub in all no-df
nat on $EXT_IF from $INT_IF:network to any - $EXT_IF
# -- default policy
block log from any to any
# -- LOOPBACK
pass quick on lo0 from any to any
# -- EXTERNAL
# -- tcp
pass out quick on $EXT_IF inet proto tcp from any to any port $TCP_OUT
flags S/SA keep state
# -- udp
pass out quick on $EXT_IF inet proto udp from any to any port $UDP_OUT
keep state
# -- icmp
pass out quick on $EXT_IF inet proto icmp from any to any icmp-type
$ICMP_OUT keep state
# -- INTERNAL
pass on $INT_IF from any to any
=Adriaan==
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sendmail: host name lookup failure
On Thu, 23 Dec 2004 15:09:08 +1030, Paul A. Hoadley [EMAIL PROTECTED] wrote: On Mon, Dec 20, 2004 at 10:54:42PM +1030, Paul A. Hoadley wrote: I have actually solved the problem. I intend to post a summary for the archive when I return to the site later in the week, at which time I'll be able to identify the OS/nameserver combination at fault. I am told it's running Windows 2000 DNS Server. Presumably that's Microsoft's own DNS implementation built into Windows 2000. Here's a teaser, though: it's a Microsoft product (I just don't know which), and it's returing SERVFAIL status for a record query. Sometimes it behaves: dig tsb.coremedicalsolutions.com. ; DiG 9.3.0 tsb.coremedicalsolutions.com. ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 8959 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;tsb.coremedicalsolutions.com. IN ;; AUTHORITY SECTION: coremedicalsolutions.com. 3600 IN SOA archibald2.coremedicalsolutions.com. marc.coremedicalsolutions.com. 1480 900 600 86400 3600 ;; Query time: 281 msec ;; SERVER: 192.168.10.2#53(192.168.10.2) ;; WHEN: Thu Dec 23 15:03:23 2004 ;; MSG SIZE rcvd: 98 But sendmail seems intent on asking for just about every permutation on each domain name invovled, so sometimes it returns the bogus answer: dig tsb ; DiG 9.3.0 tsb ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 43109 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;tsb. IN ;; Query time: 245 msec ;; SERVER: 192.168.10.2#53(192.168.10.2) ;; WHEN: Thu Dec 23 15:04:42 2004 ;; MSG SIZE rcvd: 21 (By 'sometimes' I don't mean it's non-deterministic. Every time sendmail asks for the record of an unqualified hostname, the nameserver responds with SERVFAIL.) The consequence of this is that sendmail repeatedly defers delivery until the mail expires. Curiously, sendmail's WorkAroundBroken option did not help, and I don't know why. Daryl Tester suggested using a mailertable entry, and this worked. I still don't know why WorkAroundBroken isn't working in this case. From [EMAIL PROTECTED] Fri Jan 21 03:59:02 2005 Date: Fri, 21 Jan 2005 03:58:59 +0100 (CET) From: J65nko BSD [EMAIL PROTECTED] To: [EMAIL PROTECTED] A couple of months ago some root servers started doing something they never did before: handing out IPV6 referrals $ dig +norecurse kpn.com @a.root-servers.net ; DiG 9.2.3 +norecurse kpn.com @a.root-servers.net ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 25453 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 14 ;; QUESTION SECTION: ;kpn.com. IN A ;; AUTHORITY SECTION: com.172800 IN NS A.GTLD-SERVERS.NET. com.172800 IN NS G.GTLD-SERVERS.NET. com.172800 IN NS H.GTLD-SERVERS.NET. com.172800 IN NS C.GTLD-SERVERS.NET. com.172800 IN NS I.GTLD-SERVERS.NET. com.172800 IN NS B.GTLD-SERVERS.NET. com.172800 IN NS D.GTLD-SERVERS.NET. com.172800 IN NS L.GTLD-SERVERS.NET. com.172800 IN NS F.GTLD-SERVERS.NET. com.172800 IN NS J.GTLD-SERVERS.NET. com.172800 IN NS K.GTLD-SERVERS.NET. com.172800 IN NS E.GTLD-SERVERS.NET. com.172800 IN NS M.GTLD-SERVERS.NET. ;; ADDITIONAL SECTION: A.GTLD-SERVERS.NET. 172800 IN 2001:503:a83e::2:30 A.GTLD-SERVERS.NET. 172800 IN A 192.5.6.30 G.GTLD-SERVERS.NET. 172800 IN A 192.42.93.30 H.GTLD-SERVERS.NET. 172800 IN A 192.54.112.30 C.GTLD-SERVERS.NET. 172800 IN A 192.26.92.30 I.GTLD-SERVERS.NET. 172800 IN A 192.43.172.30 B.GTLD-SERVERS.NET. 172800 IN 2001:503:231d::2:30 B.GTLD-SERVERS.NET. 172800 IN A 192.33.14.30 D.GTLD-SERVERS.NET. 172800 IN A 192.31.80.30 L.GTLD-SERVERS.NET. 172800 IN A 192.41.162.30 F.GTLD-SERVERS.NET. 172800 IN A 192.35.51.30 J.GTLD-SERVERS.NET. 172800 IN A 192.48.79.30 K.GTLD-SERVERS.NET. 172800 IN A 192.52.178.30 E.GTLD-SERVERS.NET. 172800 IN A 192.12.94.30 ;; Query time: 115 msec ;; SERVER: 198.41.0.4#53(a.root-servers.net) ;; WHEN: Fri Jan 21 01:06:01 2005 ;; MSG SIZE rcvd: 497 Somehow an IPV6 referral may entice a nameserver into actually issue a query via IPV6. BIND in the OpenBSD base
Re: Copying directory trees only for new files
On Mon, 10 Jan 2005 00:08:35 +0100, Anthony Atkielski [EMAIL PROTECTED] wrote: What's the safest and most elegant way to copy an entire directory tree such that only newer files and directories are actually copied? Have a look at rsync http://rsync.samba.org/ It is in ports ;) [snip] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFW and whois lookup
On Fri, 7 Jan 2005 19:33:32 -0700, V Foulk [EMAIL PROTECTED] wrote: [snip] # ipfw list 65535 allow ip from any to any I did have more elaborate rule sets that worked great, with the exception of the whois/hostname lookups. $ grep whois /etc/services whois 43/tcp nicname In pf the following rule would allow whois requests, initiated by clients behind the firewall pass out quick on xl0 proto tcp from any to any port = whois flags S/SA modulate state [snip] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Packet filtering with pf and gif tunnels.
On Sun, 9 Jan 2005 00:23:55 +, Lewis Thompson [EMAIL PROTECTED] wrote: Hi, I am wondering what sequence a packet goes through when it is passing through a gif tunnel. I have the following interface and gif tunnel (with the equivalent being on the same subnet at the other side): fxp0: a.a.a.a/24 gif0: a.a.a.a - a.a.a.b (192.168.0.1/32 - 192.168.0.2/32) My question is really what order does the packet go pass through my firewall (pf) in? i.e., is it: in on fxp0 from a.a.a.b to a.a.a.a (unencapsulated) in on gif0 from 192.168.0.2 to 192.168.0.1 or does it just magically ``appear'' on gif0 straight away? Now I write it out I am assuiming that it passes through pf twice (first on fxp0 and secondly on gif0); if this is in fact the case, what sensible rule might I add to allow this encapsulated traffic from a.a.a.b? Currently I have pf configured as follows: pass all pass quick proto icmp block in on fxp0 pass out on fxp0 keep state pass in on fxp0 proto tcp from any to fxp0 port 22 keep state The reason I ask this question is that for my tunnel endpoints to ping each other, a.a.a.a must be doing so (a.a.a.b has no firewall). Thank you, -Lewis Thompson. For some debugging strategies in a similar case with IPSEC see http://www.bsdforums.org/forums/showthread.php?s=threadid=18601 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sendmail and mbox permissions
On Wed, 5 Jan 2005 23:23:29 +0300, Eugene M. Minkovskii [EMAIL PROTECTED] wrote: Hi. I use FreeBSD 5.3 and sendmail. When root rechieve the mail, mailbox's (/var/mail/root) permission bits has been setted to 600. Who and how it does? Can I change this behavior? -- For security reasons, the root account should not receice any mail. One of sendmail's alternatives qmail will even NEVER send any mail to the root account. Enter an alias for root in /etc/mail/aliases and run the newaliases command. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: defered mail
On Mon, 3 Jan 2005 10:23:07 +0200, tethys ocean [EMAIL PROTECTED] wrote: My problem is about defered mail. On our server sendmail is running and sometimes some mail defered. I am researching how I can get managed to send defer mail information to senders? I am taking a mail from root but sender didnt take a mail that consist your mail defered bla bla blaso I will take next tree minutes.. is it possible? if it is possible how I can manage? in sendmail.cf O Timeout.queuereturn=2d O Timeout.queuewarn=4h O Timeout.queuewarn.normal=4h mailq /var/spool/mqamavis (5 requests) -Q-ID- --Size-- -Q-Time- Sender/Recipient--- iBVC8fpT049046-6361 Fri Dec 31 14:12 [EMAIL PROTECTED] (host map: lookup (bbscomputer.net): deferred) [EMAIL PROTECTED] iBVCIB9u051147-6361 Fri Dec 31 14:21 [EMAIL PROTECTED] (host map: lookup (bbscomputer.net): deferred) [EMAIL PROTECTED] iBVDjmck072838- 19579 Fri Dec 31 15:46 [EMAIL PROTECTED] (host map: lookup (gesan.com.tr): deferred) [EMAIL PROTECTED] iBV68HLM055154- 30 Fri Dec 31 08:08 [EMAIL PROTECTED] (host map: lookup (active.net): deferred) [EMAIL PROTECTED] iBVAnlhq030740- 354708 Fri Dec 31 12:49 [EMAIL PROTECTED] (host map: lookup (jungletree.org): deferred) [EMAIL PROTECTED] Total requests: 5 As far as I can see, there is not much what you can do about it ;) $ host bbscomputer.net ;; connection timed out; no servers could be reached $ host gesan.com.tr Host gesan.com.tr not found: 2(SERVFAIL) $ host active.net active.net has address 12.161.44.180 $ host -t mx active.net active.net mail is handled by 10 mail.active.net. $ host mail.active.net Host mail.active.net not found: 3(NXDOMAIN) $ host jungletree.org Host jungletree.org not found: 3(NXDOMAIN) =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: basic freebsd programming
On Sun, 02 Jan 2005 21:11:42 +0300, Andrew P. [EMAIL PROTECTED] wrote: Hello and Happy New Year! I need to write some very basic C programs under FreeBSD. I am new to Unix programming and not very good at C programming either, so I'm looking for documentation on some topics. The ones that are the most interesting for me now is how to write small daemons best and how to read ipfw info from a program. Man pages help me very much, but I really need some guide. The problem is that doc project doesn't seem to have released anything like it. I looked through dev-, arch-, porters- handbooks, read design-44bsd - but I didn't find what I want. Of course I can refresh my C skills and gain some Unix-coding knowledge by reading a couple' thousand pages, but I don't feel like it's necessary for what I want to write - just a basic statistics collector. Should I explore FreeBSD source code or is there some solid piece of documentation? Best wishes, Andrew P. This could be useful: http://www.khmere.com/freebsd_book/index.html Table of Contents: * I. Introduction * Chapter 1: FreeBSD's Make * Chapter 2: Bootstrapping BSD * Chapter 3: Processes and Kernel Services * Chapter 4: Advanced Process Controls and Signals * Chapter 5: Basic I/O * Chapter 6: Advanced I/O * Chapter 7: Processes Resources and System Limits * Chapter 8: FreeBSD 5.x * All source code * Entire book in a tarball ==Adriaan== ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS TTL problem
On Wed, 22 Dec 2004 12:47:34 +0100, Mark Frasa [EMAIL PROTECTED] wrote: Hello, I am using a djbdns DNS server which operates almost perfect. There is 1 small problem, i have for my domain frasa.net 2 namservers: frasa.net. 3600IN NS ns1.frasa.net. frasa.net. 3600IN NS ns2.frasa.net. This is when i resolve directly on ns1.frasa.net or ns2.frasa.net When I resolve on my ISP's nameserver and serveral others: frasa.net. 172800 IN NS ns1.frasa.net. frasa.net. 172800 IN NS ns2.frasa.net. The problem is that this is a TTL of 2 days. When i Trace the dig, is see that the root servers are providing the 2 days TTL: ;; Received 512 bytes from 198.32.64.12#53(l.root-servers.net) in 169 ms frasa.net. 172800 IN NS ns1.frasa.net. frasa.net. 172800 IN NS ns2.frasa.net. ;; Received 95 bytes from 192.42.93.30#53(G.GTLD-SERVERS.net) in 154 ms Can anyone explain this behaviour? Yes, you have something like this in your tinydns data file: .frasa.net:80.69.78.171:ns1.frasa.net:3600 .frasa.net:80.69.78.172:ns2.frasa.net:3600 If you change the 3600 into a higher number , like 172800 you will have the same TTL as the GTLD-SERVERS.net servers ;) == Adriaan === ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Desperate for Help
On Tue, 21 Dec 2004 17:24:02 -0500, alfredo perez [EMAIL PROTECTED] wrote: Heloo list I have been trying to set up my FreeBSD 5.3 to get my emails with no results. I have installed and set up Mutt, Ssmtp and Fetchmail. None of them are working properly. I have no idea where to start first. I have already read the man pages and followed several how-tos I found on the internet but no results. I was wondering if any of you know of a web site with steps that I can follow to sep up my Mutt, fetchmail and ssmtp. I dont want to give up on this!!! THANKS Start with fetchmail. You need a .fetchmailrc file in your home directory. Some examples poll pop.domain2.com protocol POP3 timeout 60 no dns user loginname password 'poppassword' is homedirowner here, options fetchall fetchlimit 0 poll pop3.domain.com protocol POP3 user [EMAIL PROTECTED] password poppasswd is homedirowner here, options fetchall As you can see some ISP's require only your login name, others require [EMAIL PROTECTED]. You can run fetchmail -v to see where you get stuck. This is an example for googles gmail, using SSL poll pop.gmail.com protocol POP3 timeout 60 no dns user gmailname password gmailpassword ssl is homdirowner here, options fetchall fetchlimit 0 If you are new to all this MTA, MUA and SMTP thing, you could consider to use Pine. mutt is nice but as a beginner Pine is probably easier to understand and configure than mutt. Just take step by step ;) J65nko ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: X kills su
On Sat, 18 Dec 2004 11:31:24 -0500, Robert William Vesterman [EMAIL PROTECTED] wrote: After I exit from X windows, I no longer have the ability to su (to root, at least). It doesn't even ask for my password - it just immediately says bad su from myacct to root. If I then exit, and immediately log back in as myacct, I am able to su to root no problem. I am running 5.3-STABLE, and the latest X (or very, very near it). It happens with at least two distinct WMs (Window Maker and Fluxbox). Any idea? Or any further information I can provide? Thanks, Bob Vesterman. Did you change your root shell recently? Somebody on the list reported about the systems inability to run ppp from boot-up. His problem was caused by using bash as the root shell. Restoring sh as the root shell fixed it :) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OT: Backing up machine to machine, cvsup vs. rsync vs... ?
On Thu, 9 Dec 2004 14:14:53 -0500, Communications Machine [EMAIL PROTECTED] wrote: Hey all, Looking for a (cheap but effective) solution to nightly backup or synchronize about 100-200gigs of data. Figure this might be a tad bit off-topic, but sent to the general questions list hoping to find anyone out there doing something similar. I was hoping to do something along the lines of cvsup or rsync, so-as to only have to sync changes daily. Here's a better picture of the scenario: ~~ File Server 1 has (roughly) 750GB Storage on RAID 5 Array, runs as a PDC using combination of Samba, OpenLDAP and some in-house utilities. This machine is very fast by comparasin to all of our other machines (dual AMD Opteron 244, 2GB RAM, running 5.3-RELEASE/amd64), and runs under minimal load/stress. Server two runs as an incoming filter for email (spamassassin/mimedefang/custom stuff using milter interface), and as a proxy server for network users during the day (running squid). This machine is considerably slower (AMD 350Mhz K62, 768Mb RAM, ATA133 disks running 4.9-RELEASE/i386), but should be adequate for the job. This machine has two 80GB disks which we'd like to use to sync data to. Ideally, we would like to backup certain directories nightly, so as to have a mirror of the important files (100-200GB or so) on the second server in the event that the first ever goes down, (essentially avoiding a tape-backup solution we cannot afford). The two machines will be connected with a dedicated ethernet link (cross cable) driectly from to each other at 100Mbps. How do I reliably synchronize the data in selected directories from one machine to the other on a nightly basis? Any ideas/suggestions/comments/questions will be greatly appreciated. -- Thank-you Nathan Vidican [EMAIL PROTECTED] I will skip the rsyn or cvsup issue;) Have you considered the security implications of such an setup? A publicly accessible email server, handling incoming mail directly connected to a corporate file server. That is a security nightmare. You would be playing with fire. In case the mail server gets hacked, the attacker has direct access to your mission critical file server. Please put this out of our mind ;) The sendmail box belongs in properly setup DMZ firewall and should not be allowed to initiate any connections with any of your internal network boxes. If that box gets hacked, it cannot be used to launch an attack against your local network. Get a refurbished PII or PIII box to do the backup. Adriaan ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
