Need IMAP Server Selection Advice
Greetings, I'm a recent covert to FreeBSD from many years of using linux on both the server and the desktop. I'm currently using FreeBSD 5.3 on the server and a new variant of FreeBSD called OS/X on the desktop :D My question involves my server; what is the best strategy to a working IMAP server? I have my own domain, and have operated IMAP under linux for years without issue, but I can't seem to get it crankin' under FreeBSD. I'm quite certain this has more to do with my relative inexperience with FreeBSD than with FreeBSD itself. Whats the shortest path to a working configuration? I'm not particular about whose software I use; I just need to be able to hit it for mail via IMAP with Thunderbird or Mozilla. Thanks in advance! Best Regards, Jmaes -- === Woulds't thou so blame the fragrant blos'ms wilting as never to have had her bloom? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Very general shutdown question
On Mon, Feb 07, 2005 at 11:49:22AM +, Dick Davies wrote: * Steven [EMAIL PROTECTED] [0203 23:03]: Hello Ned, you can add the user to the operator group. it is possible to run shutdown then (but not halt etc). Be caneful of that, I think operator has other privileges too (can read from any disk for starters). You could also create a shutdown user with a login shell pointing to a shutdown script. But that won't work if they still don't have permission to run it... What if you put the shutdown user in the operator group? I don't plan to use this solution, but out of curiousity, are there any security problems with creating a privileged user with a widely known password but a login shell that does something specific, like shutting down the system? - James Cook [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Memory and Battery applets
On Sun, Feb 06, 2005 at 02:11:45AM -0500, Matt Aasted wrote: I'm running Gnome 2.8 on a recent version of FreeBSD Stable 5.3 on an x86 (dell latitude d600) processor, and whenever my system is on the memory usage shown in the gnome memory monitor slowly climbs to 100% over the course of about an hour. Gkrellm confirms that it the memory is slowly going away, even when I'm not interacting with the system. Should I be concerned about this (is there a memory leak or something or is the applet just buggy?) Are you sure it isn't just disk cache? As I understand it, FreeBSD keeps things it reads from disk in memory until that memory is needed by something else, the effect being that very little of physical memory is ever completely unused. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: trouble mounting partition on hard drive
On Sat, Feb 05, 2005 at 02:39:44PM -0600, Brian John wrote: Hello, I am unable to mount one of my ntfs partitions. When I try to mount it I get this: # mount /hd2_4 fstab: /etc/fstab:12: Inappropriate file type or format fstab: /etc/fstab:12: Inappropriate file type or format mount: /hd2_4: unknown special file or file system Here is my fstab file: ... /dev/ad1s7 /hd2_4 ntfsro.noauto 0 0 ^ There's the culprit (just a guess). - James Cook [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
qmail - smtp - can NOT send mail out
OK, i have 1 guy that cant get his mail. He can only send recivie to his own address. everyone else has email, and it works. ...usually. How do i find out where this users config got messed up. How do i begin to fix his mail? on another note: qmailctl stat: # qmailctl stat /service/qmail-send: up (pid 131) 187 seconds /service/qmail-send/log: up (pid 137) 187 seconds /service/qmail-smtpd: up (pid 33965) 0 seconds /service/qmail-smtpd/log: up (pid 138) 187 seconds /service/qmail-pop3d: up (pid 136) 187 seconds /service/qmail-pop3d/log: up (pid 140) 187 seconds messages in queue: 3814 messages in queue but not yet preprocessed: 3 Ok, i cant seem to make the smtpd get up over 1 second. I have an smtp listening to port 25. I took it out of the /etc/services and made it a #... This messed up all mail. So i switched it back. Mail works again, but why cant i get smtpd to work right? I tried to free up port 25 several different ways and nothing worked. I imagine that both of these issues are connected... any help is appreciated. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFW - How to allow NAT client to CVSup
Srot BULL wrote: Hi to everyone, I have 2 FreeBSD machines both running FreeBSD Stable 5.3 and both have ipfw as firewalls... One is running ipfw with NAT functions. Below is the is the rulesets for the machine: -- snip rulesets -- As you can see I am using the rulesets that are found in the Handbook. I have tried $CMD 00070 $SKIP tcp from me to any out via $INIC setup $KS uid root but still no go $CMD 00070 $SKIP tcp from me to any 5999 out via $INIC setup $KS but still no go Can anybody share their ipfw rulesets with me? To allow my other PC to cvsup... Thanks in advance... Srot BULL ___ I also had problems using a similar stateful ruleset with IPFW NAT. As I understand it, a stateful ruleset will not allow passive ftp connections from machines behind the firewall (although I was able to establish passive ftp from my gateway/router/firewall machine itself) This problem is documented in the mailing lists if you want to research it. I ended up changing to a much simpler, non-stateful ruleset on my gateway/router/firewall machine: #!/bin/sh ipfw -q -f flush # Set rules command prefix cmd=ipfw -q add pif=dc1 # public interface name of Nic card # facing the public internet $cmd 005 allow all from any to any via dc0 $cmd 050 divert natd ip from any to any via $pif $cmd 100 allow ip from any to any via lo0 $cmd 200 deny ip from any to 127.0.0.0/8 $cmd 300 deny ip from 127.0.0.0/8 to any $cmd 65000 allow ip from any to any $cmd 65535 deny log all ip from any to any This ruleset allows me establish passive ftp from any machine behind the firewall, including accomplishing CVSUP. So far I haven't had any problems with security. HTH Jim Coulter -- James A. Coulter [EMAIL PROTECTED] http://jacoulter.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: anyone know of good hardware lanmodems?
Sounds like a ROUTER with analogue line dialer + hub/switch built in. It may be chaper to build a dial up seserver with modem attached to it. TELEPHONE-MODEM-SERVER-SWITCH- user ? James H I know some cisco gears would do this but thats probably too expencive for the price... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Timothy Luoma Sent: Monday, January 17, 2005 11:51 AM To: FreeBSD-Questions Questions Subject: anyone know of good hardware lanmodems? I am wondering if anyone has any experience with 56k Lan Modems (these combine an Ethernet hub with a 56k modem). Apple's Airport Extreme does this, but it's only a 1-port, and it's fairly pricey. 3Com has one called office connect Anyone done any recent pre-purchase research on this that they'd be willing to share? If possible I'd like to be able to dial IN as well as out. Thanks TjL ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: I quit
to try to load Slackware and hope that maybe in a year BSD will be easier to wade through. I have to admit a bit of sorrow in having to do this as I wanted them both on the same machine. Slackware was my first unix like os, FreeBSD is way better (imo), the ports system makes life much easier for installing/updating 3rd party software. Also fbsd is stabler then linux. Though linux seems to be a little more cutting edge as far as *some* hardware and a *few* desktop apps. Keeps this in mind, *BSD makes a better production system (server for mission critical stuff), Linux will allow you to run a *little* more hardware/software, but its not going to be as stable. At the same time I wish to communicate my respect and admiration for the great job the BSD community is doing and hope in no way to communicate any disregaurd for everyones efforts. Right now I have to have Windows up and running also and am watching it go into a self destruct mode from somthing that it downloaded from the net all by it's self with no human operator touching it. There are so many Popups I had to pull the net cable just to stop it. They don't get no respect. Windows is designed to go into self destruct mode, it so they can sell upgrades and new hardware. It is my hope that the various Windows emulators will/are working well enough to run some of my mission critical programs. Espesially 'Trade Station' . I can't imagine having thousands of dollars riding on Microsoft reliability. Use vmware if you need to run windows apps. Never used Trade Station, but what vmware does is allows you to run windows in a gui on your desktop. It will be a little slugish, so its not very good for games or sound/vidio editing software, but it should work fine for your trading software. Keep in mind you will have to install windows into vmware, so its going to take more hard drive space. You will also need space for any windows apps you install. Vmware uses a virtual drive that it will create. the Default is 4gb. Like I said in the start of this email, you will probably want to get another hard drive. It would be better then getting a whole new PC like someone else suggested :-p If worse comes to worse, everyone can always use another hard drive no matter what os they use. ;-) Thank YouBill Gatlin Your welcome. Much success to you. -- - James ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: apache.. i can view my index.html on my LAN but not othersoutside my LAN
On Sunday 09 January 2005 06:10 am, Matteo Santori wrote: Are you sure the machine which is running apache in visible from outside? example gw (public ip) - pc-lan1 (private) - pc-lan2/apache (private) if you are not doing port redirecting on 80, ppl connecting to you from outside will watch the port 80 on your gw (which is close). Then, I suggest to redirect icoming connection on 80 on your machine running apache. You can do it in serval ways, just check what do u use and prefer. Hope this help, Greets, Matteo [ kambing ] zaimie wrote: i've read all the faqs, handbook and manual i currently have this problem i installed FreeBSD 5.3 Release on one of my systems in my LAN network And installed Apache 1.3.3 i did the config and did apachectl start i opened up port 80 on my router and link it to the FreeBSD system However.. i can view the index.html but not others outside my LAN network It states Server not found.. How do i let others outside of my LAN to view the index.html thingy in /usr/local/www/data/ Thx Also check your firewall rules and make sure that they aren't blocking inncomming connections to port 80. If you are using ipfw you will need something like this in /etc/rc.firewall for the firewall section you are using: (snip from the client section of my rc.firewall) ... # Allow and log connection setup ${fwcmd} add pass log tcp from any to a.b.c.d 80 setup # Continue to allow already established connections ${fwcmd} add pass tcp from any to any established ... -- - James ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ip address behind router ?
On Sunday 09 January 2005 06:38 am, FreeBsdBeni wrote: Hi, How do I find what ip address I'm really having ? My adsl modem/firewall gives me a dynamic private address : 192.168.1.101, which is what I see with an ifconfig. But how do I find the real (dynamic) address given to my modem by my provider ? I'm using 5.3-rel-p4. Most adsl gateways/modems have a web based configuration system, you should be able to access it from: http://192.168.1.1:80/ Look over the options and see if there is a status section, this will more then likely have the info you want. You really should get a static ip from your isp if you are going to be running a server, better would be a small block of them. You will also need to setup a static network and forward any ports from the dsl gateway to your freebsd box if you want to be able to access any services you are going to run. -- - James ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Samba on a router; doesn't work for outer network.
On Monday 03 January 2005 07:12 am, Rob wrote: Hi, I have tried to configure Samba on a FreeBSD (5.3) router NAT. I want to have a single accessible directory with a password, that can be accessed from the inner network (10.0.0.X) as well as from the outer network (outer network = Windows PCs that use the same external router as the FreeBSD PC). It works for the inner network, but not for the outer network (see below for network scheme). All Windows PCs are XP. For testing this, I use an 'open' firewall. I should tighten the firewall as soon as this is working. The /usr/local/etc/smb.conf (configured with swat) is as follows: # smb.conf -- [global] workgroup = CISR netbios name = SURFACE server string = FreeBSD Samba Server passdb backend = tdbsam log file = /var/log/samba/log.%m max log size = 50 dns proxy = No ldap ssl = no [share] comment = Shared stuff path = /home/share invalid users = @wheel valid users = share read only = No force create mode = 0700 force security mode = 0700 #- The network scheme is as follows: |IP on outer network | |-| | FreeBSD | || | Router | | Switch | |-| |||10.0.0.1 | | | | | | | | \--/ | | | | | 10.0.0.2 | | | 10.0.0.3 | 10.0.0.4 What could be blocking Samba on the outer network? What communication is essential for Samba to work on the outer network? What tests can I do on the router to find out what's going wrong? Thanks so much, Rob. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I belive you'll have to add the interfaces option and define all the interfaces that you want samba to use. You can use IP's or the interface names (rl0, wi0, ndis0, ed0, etc...). I think you will have to use the advanced option in swat to be able to define this. Swat will also have more details on this option in the help. In addition to setting firewall rules up, samba also has a deny/allow section, again the swat help on the option will give you more details. -- - James ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Samba on a router; doesn't work for outer network.
On Monday 03 January 2005 08:45 am, Rob wrote: James Jhai wrote: On Monday 03 January 2005 07:12 am, Rob wrote: Hi, I have tried to configure Samba on a FreeBSD (5.3) router NAT. I want to have a single accessible directory with a password, that can be accessed from the inner network (10.0.0.X) as well as from the outer network (outer network = Windows PCs that use the same external router as the FreeBSD PC). It works for the inner network, but not for the outer network (see below for network scheme). All Windows PCs are XP. For testing this, I use an 'open' firewall. I should tighten the firewall as soon as this is working. The /usr/local/etc/smb.conf (configured with swat) is as follows: # smb.conf -- [global] workgroup = CISR netbios name = SURFACE server string = FreeBSD Samba Server passdb backend = tdbsam log file = /var/log/samba/log.%m max log size = 50 dns proxy = No ldap ssl = no [share] comment = Shared stuff path = /home/share invalid users = @wheel valid users = share read only = No force create mode = 0700 force security mode = 0700 #- I belive you'll have to add the interfaces option and define all the interfaces that you want samba to use. You can use IP's or the interface names (rl0, wi0, ndis0, ed0, etc...). In addition to setting firewall rules up, samba also has a deny/allow section, again the swat help on the option will give you more details. Thanks. I have added following lines in the [global] section of smb.conf: interfaces = fxp0, rl0, lo0 bind interfaces only = Yes hosts allow = 123.45.67.89/28, 10.0.0.0/24, 127.0.0.1 hosts deny = ALL Is that what you are talking about? rl0 interface is connected to the 10.0.0.0/24 inner-network and fxp0 is connected to the outer-network with gateway 123.45.67.1. (I use real IP addresses instead of 123.45.67.89, of course). Rob. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Yes thats what I was talking about. Did that fix the problem? -- - James ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Samba on a router; doesn't work for outer network.
Wish that my advice fixed it for you. Sounds like you found a better solution though. -- - James ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
TCPDUMP performance
Hello, We've installed some FreeBSD machines as Gigabit sniffers, and I'm wondering if there are any things I can tweak (e.g., buffer size) to help TCPDUMP capture better (we often see packets dropped by the kernel). Any advice would be appreciated. Thanks, James __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Archos jukebox Studio 10?
Has anyone gotten one of these to work? While I was googleing I saw a mailing list dated back in 2002 about linux having a driver and someone starting to work on one for fbsd. It's a Hitachi_DK23DA-10 10gb USB drive (and it plays mp3s ;-). I know its not on the hardware list... I have all the kernel support compiled in. When I plug it in and unplug it dmesg shows: ... ugen0: detached ugen0: In-System Design USB Storage Adapter, rev 1.10/1.10, addr 2 ugen0: at uhub1 port 1 (addr 2) disconnected ugen0: detached ugen0: In-System Design USB Storage Adapter, rev 1.10/1.10, addr 2 ... vaio# camcontrol devlist MATSHITA UJDA720 DVD/CDRW 1.00 at scbus2 target 0 lun 0 (pass0,cd0) dmesg on boot with device pluged in and the usb active on the device lcd: ... uhci0: VIA 83C572 USB controller port 0x1c00-0x1c1f irq 9 at device 7.2 on pci0 uhci0: [GIANT-LOCKED] usb0: VIA 83C572 USB controller on uhci0 usb0: USB revision 1.0 uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered ugen0: In-System Design USB Storage Adapter, rev 1.10/1.10, addr 2 uhci1: VIA 83C572 USB controller port 0x1c20-0x1c3f irq 9 at device 7.3 on pci0 uhci1: [GIANT-LOCKED] usb1: VIA 83C572 USB controller on uhci1 usb1: USB revision 1.0 uhub1: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered ... I kind of have the feeling I am s.o.l. but I figured it was worth asking about. Its the only thing holding me back from formating windows off my sister pc and installing fbsd. Might have to go with slackware till/if there is support :-\ Does ndis only work with network cards? - James ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ndisulator - Linksys wireless-g PCI card Project Evil
On Wednesday 29 December 2004 09:08 pm, Jon Knight wrote: Hi all, I don't think I received a reply on this one; can some one please help me out? The Ndis0 seems to go up only when I ifconfig adhoc mode, when I try autoselect the ndis0 link goes down. Thanks Jon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jon Knight Sent: Thursday, 23 December 2004 3:19 PM To: freebsd-questions@freebsd.org Subject: Ndisulator - Linksys wireless-g PCI card Hi everyone, I have a wireless-g PCI Card Linksys WMP54G. Just installed FreeBSD 5.3 from CD. I'm trying to get this to work and talk to my access point which is also Linksys. I followed the instructions to compile the windows .inf and .sys into .h, .ko, .o. Did a 'make' on ndis as per instructions from a website I googled (I think it was http://www.xl0.org/FreeBSD/ndis.txt). I can see ndis0 in ifconfig, I can specify ifconfig ndis0 inet 192.168.0.8 netmask 255.255.255.0. Turned off wep on my AP to make things easier. Set the SSID. Now when I type ifconfig ndis0 media autoselect, nothing happens. Everything looks okay, I can locally ping the interface 192.168.0.8. I cannot wicontrol and list the local ap however. When I type ifconfig ndis0 mediaopt adhoc it says ndis0 link up. I try ifconfig ndis0 media autoselect and link is down. What's up with that (no pun intended) ? Many thanks Cheers, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I am using the linksys WPC11 b pccard. I have never had to mess with anything other then putting one line in rc.conf: ifconfig_ndis0=inet netmask 255.255.255.0 ssid LINKSYS It seems to default to autoselect. try: #ifconfig ndis0 inet 192.168.0.8 netmask 255.255.255.0 ssid YOURSSID I know it might be over simplified, but thats all I do and it defaults to autoselect. #ifconfig ... ndis0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 10.234.23.99 netmask 0xff00 broadcast 10.0.0.255 inet6 fe80::20d:41ff:fa41:5d37%ndis0 prefixlen 64 scopeid 0x5 ether 00:0d:4f:41:5f:e7 media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps) status: associated ssid PUBLIC 1:PUBLIC channel 6 authmode OPEN powersavemode OFF powersavesleep 100 rtsthreshold 2312 protmode CTS wepmode OFF weptxkey 1 Not sure if that is any help or not... let me know. -- - James ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BSD 5.3
On Wednesday 29 December 2004 10:24 pm, RHYTHMS wrote: I have been my friend and i to get KDE desktop or any desktop to get to load up during boot time on BSD 5.3 but with no luck at my friend who is more sabe in command line hasn't had any luck can you help me please I want to use it so I can get more use to it .My friend he is more linux but he can do it to . Yes and I had a look at the notes on the net and I'm still looking Regards julio ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] You will need to start gdm, kdm, or xdm on boot and then login, the login manager will allow you to choose the desktop. Read this: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/x-xdm.html -- - James ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ndisulator - Linksys wireless-g PCI card Project Evil
Jon, Is your router ip set to 10.0.0.*? Or is there a route for 10.0.0.0 on it... Is dhcp enabled on the router? (disable it if so, I have had problems with some dhcp not allowing ips if it didn't set them) I noticed the channel is -1 as well, not sure if that matters... I am far from an expert, so your have to forgive me if I am not much help. -- - James ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sendmail running on localhost 25?
Hello, Use: sendmail_enable=none This will disable all sendmail processes. On Thursday 23 December 2004 11:55 pm, John Conover wrote: I just installed 5.2.1, and after installing qmail, I still have sendmail running on localhost 25; even though I have sendmail_enable=NO in /etc/conf. Where is it launched? I don't see it in any /etc/rc* files. Thanks, John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sendmail running on localhost 25?
On Friday 24 December 2004 09:16 am, Ruben de Groot wrote: On Fri, Dec 24, 2004 at 03:26:15AM -0700, James typed: Hello, Use: sendmail_enable=none This will disable all sendmail processes. This will also disable those annoying daily, weekly and montly messages recieved from cronjobs. Who wants to read about your disks filling up, attempts to break into your server and other futilities anyway ;-) Thanks for the heads up on that Is there a way to make cron use something other then sendmail? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: -stable
Paul wrote: hi, i currently installed 4.10-release and cvsup to get -stable but it gave me 4.11-prelease is there a current tag that allow me to get 4.10-stable? regards, paul The same thing happened to me. After some googling, I found this: RELENG_4 marks the 4-STABLE branch. OS names along this branch all have the major version number 4 but *aren't* tied to any particular minor version number. Those change about every four months. Yes, a 4.8-STABLE OS did exist, for a few months after 4.8-RELEASE came out. That was back between April and August 2003. Then that code branch was successively relabelled (over the course of a few weeks) as 4.9-PRERELEASE, 4.9-RC, etc. until for a vanishingly short time it was technically 4.9-RELEASE and then became 4.9-STABLE. At which it remained until a few weeks ago when it became 4.10-BETA, etc. etc. until right now, you get 4.10-STABLE. 4.10-RELEASE hasn't quite happened yet: any day now though. http://www.atm.tut.fi/list-archive/freebsd-stable/msg17655.html I don't think we can go back to 4.10-STABLE using the stable branch tag. 4.10-STABLE has become 4.11-PRERELEASE and will soon become 4.11-STABLE itself (scheduled date is 24 January 2005 - release schedule here: http://www.freebsd.org/releases/4.11R/schedule.html) HTH Jim -- James A. Coulter [EMAIL PROTECTED] http://jacoulter.net ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: -stable CORRECTION
James A. Coulter wrote: Paul wrote: hi, i currently installed 4.10-release and cvsup to get -stable but it gave me 4.11-prelease is there a current tag that allow me to get 4.10-stable? regards, paul The same thing happened to me. After some googling, I found this: RELENG_4 marks the 4-STABLE branch. OS names along this branch all have the major version number 4 but *aren't* tied to any particular minor version number. Those change about every four months. Yes, a 4.8-STABLE OS did exist, for a few months after 4.8-RELEASE came out. That was back between April and August 2003. Then that code branch was successively relabelled (over the course of a few weeks) as 4.9-PRERELEASE, 4.9-RC, etc. until for a vanishingly short time it was technically 4.9-RELEASE and then became 4.9-STABLE. At which it remained until a few weeks ago when it became 4.10-BETA, etc. etc. until right now, you get 4.10-STABLE. 4.10-RELEASE hasn't quite happened yet: any day now though. http://www.atm.tut.fi/list-archive/freebsd-stable/msg17655.html I don't think we can go back to 4.10-STABLE using the stable branch tag. 4.10-STABLE has become 4.11-PRERELEASE and will soon become 4.11-STABLE itself (scheduled date is 24 January 2005 - release schedule here: http://www.freebsd.org/releases/4.11R/schedule.html) HTH Jim Sorry, I spoke too soon. Although I didn't find a procedure for it in the handbook, I read appendix A.6, CVS Tags,in the FreeBSD handbook and decided to try changing the default release tag from *default release=cvs tag=RELENG_4 to: *default release=cvs tag=RELENG_4_10 I then followed the make buildworld procedure in section 19.4 of the handbook and I now have: [EMAIL PROTECTED] ~ 314$ uname -a FreeBSD arlette.mshome.net 4.10-RELEASE-p5 FreeBSD 4.10-RELEASE-p5 #1: Sun Dec 19 20:43:22 CST 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/ARLETTE i386 So you can go back to 4.10 if that's what you want, but 4.11 should be everything 4.10 was and then some. Jim -- James A. Coulter [EMAIL PROTECTED] http://jacoulter.net ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cannot mount cdrom - not a newbie problem
Hi, Have you tried: # mount -t cd9660 /dev/cd0 /mntpnt Seeing as how you said its a cdrw, I remember reading somewhere to use /dev/cd0 and not /dev/acd0 On Tuesday 14 December 2004 07:16 am, Timothy Smith wrote: i have a genuine problem here. i noticed my backup cdrw's had stopped working at some point. upon furthur investigation i find i cannot mount cd's full stop. titan# mount -t cd9660 /dev/acd0c /mount cd9660: /dev/acd0c: Invalid argument the above command makes the drive light flicker for 3 seconds then the error. this is NOT a hardware problem. i get the exact same issue with my brand new dvd drive. here is what dmesg gas to say: acd0: DVD-R HL-DT-ST DVDRAM GSA-4160B at ata1-slave WDMA2 da0 at hpt3740 bus 0 target 0 lun 0 da0: HPT3xx RAID 1 Array 3.00 Fixed Direct Access SCSI-0 device da0: 190782MB (390721957 512 byte sectors: 255H 63S/T 24321C) Mounting root from ufs:/dev/da0s1a cd0 at ata1 bus 0 target 1 lun 0 cd0: HL-DT-ST DVDRAM GSA-4160B A301 Removable CD-ROM SCSI-0 device cd0: 16.000MB/s transfers cd0: cd present [1 x 2048 byte records] note this was working perfectly. i suspect that some how my ata device has gone bad some how. let me get the obvious replys out of the way: yes i have googled nothing i can find has even touched on a fix. yes there is a disc in the drive no it is not an audio disk. there is nothing else connected to the ide ports. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Help with IPFW + NATD + Passive FTP
:40:48 2004 # Enable network daemons for user convenience. # Please make all changes to this file, not to /etc/defaults/rc.conf. # This file now contains just the overrides from /etc/defaults/rc.conf. hostname=sara.mshome.net ifconfig_dc1=DHCP ifconfig_dc0=inet 192.168.1.1 netmask 255.255.255.0 firewall_enable=YES firewall_script=/etc/ipfw.rules firewall_logging=YES kern_securelevel_enable=NO linux_enable=YES moused_enable=YES named_enable=YES nfs_client_enable=YES nfs_reserved_port_only=YES nfs_server_enable=YES sendmail_enable=NONE sshd_enable=YES usbd_enable=YES ntpd_enable=YES inetd_enable=YES gateway_enable=YES natd_enable=YES natd_interface=dc1 natd_flags=-dynamic apache_enable=YES -- James A. Coulter [EMAIL PROTECTED] http://jacoulter.net ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Why can't I mount a Video CD in FreeBSD??
isnt VCD another CDFS with MPG1 DAT files ? Why wouldnt it mount ? damaged CD ? or are we talking about different VCD ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adam Fabian Sent: Thursday, November 25, 2004 1:58 PM To: Mark Jayson Alvarez Cc: [EMAIL PROTECTED] Subject: Re: Why can't I mount a Video CD in FreeBSD?? On Wed, Nov 24, 2004 at 05:40:09PM -0800, Mark Jayson Alvarez wrote: Good day! I'm getting an error whenever I mount a video cd. I can't remember the error right now because I already brought it back to the rental shop (its already overdue). I was also told by my friend that he too can't mount a video cd in his linux box. Do you happen to know why? A video CD does not have a filesystem, therefore it can't be mounted. You may be able to play it with the appropriate program, or extract the video data to files. -- Adam Fabian ([EMAIL PROTECTED]) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
badr new
test foo badr new plan - Do you Yahoo!? Meet the all-new My Yahoo! Try it today! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: NEW: cannot ssh to my computer
correct me if im wrong, but just because user is a part of WHELL group does that mean he/she is a root ? or equivlent of root ? I know lot of things like su - may require you to be wheel group but Im not sure why a user has to be non wheel group in order to log in. I think using SUDO is better than putting any user in to wheel too. but thats just me. James H -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rob Sent: Monday, November 22, 2004 10:10 PM To: FreeBSD Subject: Re: NEW: cannot ssh to my computer Panagiotis Christias wrote: On Mon, 22 Nov 2004 00:05:33 -0500, Ivan Georgiev [EMAIL PROTECTED] wrote: Just another thing ... If I remove myself from the group wheel then I CAN ssh to my computer; if I put myself back to wheel - then CANNOT ssh to the computer. How can I ssh and be a member of the wheel group? In that case, maybe PermitRootLogin yes in /etc/ssh/sshd_config and restarting sshd would help. For testing purpose, yes. The default is no. I think allowing root login in a not-secure environment is a bad idea. R. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Spamd and user_prefs
Greetings all! I've tried searching the archives for this, but came up blank. If I'm missing an obvious document or howto then I'm sorry in advance! I'm running 3.0.1 of Spamassassin and am having an issue getting user_prefs to work. I have spamass-milter setup and am using procmail for local delivery, everything works fine with the global configuration options. However, when trying to let users make rules I found that the ~/.spamassassin/user_prefs file is not being read in. Has anyone run into this before? James ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
xfce4-xmms-controller-plugin Undefined symbol pthread_mutex_trylock
After running gnome_update.sh (and getting around the gnomevfs2 issue) and a fresh cvsup of ports at around 2pm EST, installing the multimedia/xfce4-xmms-controller-plugin on 4.10-STABLE, and relauncing the xfce4-panel, I'm getting: ** (xfce4-panel:81087): WARNING **: xfce4-panel: module /usr/X11R6/lib/xfce4/panel-plugins/libxfcexmms.so cannot be opened (/usr/local/lib/libgthread12.so.3: Undefined symbol pthread_mutex_trylock) Searching the lists suggests that it's a libxml2 issue, and to recompile without threads, so, make rmconfig, recompile libxml2 (choose defaults, threads where off) and I'm still getting the error. Hints, suggestions? I would submit a PR, but no reverse DNS(dialup) and gtk-send-pr seems to never make it to the list. libxml-1.8.17_3 Xml parser library for GNOME libxml2-2.6.16 XML parser library for GNOME py23-libxml2-2.6.16 Python interface for XML parser library for GNOME ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: RDEsktop/VNC questions
use /usr/ports/net/tsclient too if you're on rdp more than vnc GUI to rdesktop (still got some limitation than CLI) James H -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Louis LeBlanc Sent: Thursday, November 11, 2004 10:15 AM To: FreeBSD Questions Subject: RDEsktop/VNC questions Quick question about interconnectivity. You OSX users may be familiar with a very slick little utility called RDC (Remote Desktop Connection). Some of you other *BSDers may also be familiar with one called VNC (Visual Network Connection ?) or RDP (?). The purpose of said utilities is to provide a sort of graphical shell similar to an X session from a remote machine in a window. There are several rdesktop and vnc clients in the ports, so rather than go through the flurry of install-tryout-uninstall/repeat, I figured I'd go to the place to ask questions. Here. So, who's using these clients, and how effective have you been finding them? Any gotchas? How cool is it? Do they just plain suck? And more to the point, which one(s) should I start with on the short list? All feedback is welcome - and appreciated. Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Pickle's Law: If Congress must do a painful thing, the thing must be done in an odd-number year. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Soundcard detection
On 11/11/2004, at 12:45 AM, Rob Eidukaitis wrote: I recently installed a new soundcard in my 4.10 machine. It's a soundblaster live 23 bit. I've tried loading the kernel module and compiling support into the kernel, both with no luck. When I do a pciconf I get: [EMAIL PROTECTED]:2:0: class=0x040100 card=0x10061102 chip=0x00071102 rev=0x00 hdr=0x00 vendor = 'Creative Labs' class= multimedia subclass = audio [EMAIL PROTECTED]:14:0:class=0x03 card=0x01671028 chip=0x47521002 rev=0x27 hdr=0x00 vendor = 'ATI Technologies' device = 'Rage XL PCI' class= display subclass = VGA I noticed that they both the soundcard and the graphics card appear to be pci3:*, could this be my problem? Would it help to move the soundcard on the motherboard? Any suggestions would be greatly appreciated, as I can't think of what else I can do. Attach a copy of your dmesg. Regards, James ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Knoppix-like FreeBSD-on-a-CD?
Paul Hoffman wrote: Sorry if I'm missing something obvious, but is there a FreeBSD-on-a-CD project similar to Knoppix for Linux? --Paul Hoffman [EMAIL PROTECTED] http://www.freesbie.org/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Knoppix-like FreeBSD-on-a-CD?
Erik Norgaard wrote: Paul Hoffman wrote: Sorry if I'm missing something obvious, but is there a FreeBSD-on-a-CD project similar to Knoppix for Linux? Yes: FreeBSIE www.freesbie.org, and I think another project called FreeBSD Live or similar. Cheers, Erik Yeah, there's this as well: http://livecd.sourceforge.net/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: release 5.3 'Configure' missing 'XFree86' option
On 10/11/2004, at 4:42 PM, Mike Jeays wrote: It seems to have Xorg as a replacment. I am having all sorts of trouble configuring X for one machine - it seems to be a new learning experience altogether. Guess I am a bit frustrated this evening... Configuring Xorg is quite simple. As root run the following commands Xorg -configure [...wait until it creates an custom configuration in your home dir based on your hardware, the screen may go blank during this stage...] mv ~user/Xorg.conf /usr/X11R6/lib/X11/Xorg.conf Are you planning to run a login manager (e.g. gdm, kdm, xdm)? This greatly simplifies the set-up process of Xorg (and XFree86 too) as Xorg would not need to run as an user to use a login manager. I find that running Xorg/XFree86 as root with a login manager is usually the easiest way to set up an X server on FreeBSD. Regards, James ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
gnomevfs2 build failure on 4.10
With gnome_update.sh and portinstall this same error comes up, with no make.conf,. Including after make rmconfig in devel/gnomevfs2 Fresh cvsup of ports, and removing the tarball. FreeBSD fortytwo.zapto.org 4.10-STABLE FreeBSD 4.10-STABLE #0: Sun Aug 15 23:13:02 EDT 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/FORTYTWO i386 cc -DHAVE_CONFIG_H -I. -I. -I../.. -O -pipe -I.. -I../.. -I./imported/neon -I/usr/local/include/libxml2 -I/usr/local/include -D_THREAD_SAFE -DORBIT2=1 -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/local/include/orbit-2.0 -I/usr/local/include/bonobo-activation-2.0 -I/usr/local/include/libbonobo-2.0 -I/usr/local/include/libxml2 -I/usr/local/include -I/usr/X11R6/include/gconf/2 -I/usr/include @INCLUDE_des@ -I../.. -I../.. -I../../libgnomevfs -I../../libgnomevfs -D_THREAD_SAFE -I/usr/local/include -O -pipe -c ne_request.c -Wp,-MD,.deps/ne_request.TPlo -fPIC -DPIC -o .libs/ne_request.o cc: cannot specify -o with -c or -S and multiple compilations gmake[3]: *** [ne_request.lo] Error 1 gmake[3]: Leaving directory `/usr/ports/devel/gnomevfs2/work/gnome-vfs-2.8.3/imported/neon' gmake[2]: *** [all-recursive] Error 1 gmake[2]: Leaving directory `/usr/ports/devel/gnomevfs2/work/gnome-vfs-2.8.3/imported' gmake[1]: *** [all-recursive] Error 1 gmake[1]: Leaving directory `/usr/ports/devel/gnomevfs2/work/gnome-vfs-2.8.3' gmake: *** [all] Error 2 *** Error code 2 I do a make patch cd work/gnome-vfs-2.8.3/ ./configure I get this error (related?) checking libintl.h usability... no checking libintl.h presence... no checking for libintl.h... no checking for ngettext... no checking for ngettext in -lintl... no configure: error: Your Gettext installation doesn't seem to support ngettext to handle translation of plural forms. Please install GNU Gettext with the following installed. # pkg_info |grep gettext gettext-0.13.1_1GNU gettext package p5-gettext-1.03 Message handling functions php4-gettext-4.3.9 The gettext shared extension for php ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD + MySQL or PostgreSQL
On 9/11/2004, at 3:13 PM, Nikolas Britton wrote: Which one, MySQL or PostgreSQL, is most compatible, stable, etc. with FreeBSD 4.x and 5.x P.S. I'm NOT looking for opinions on which is better a product. Both work perfectly fine with FreeBSD, although I find MySQL easier to set up and maintain under FreeBSD. There are also more documentation available on the web for MySQL+FreeBSD. However it is possible to run PostgreSQL on FreeBSD without any problems at all, especially if you have experience using PostgreSQL on other platforms (eg Linux) as the set-up and maintenance process should be similar on both sides of the fence. Are there any specific requirements you need in an SQL database server? Regards, James ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
portdb corrupt?
Hi i have problem updating the portdb since i cvsup portversion/portupgrade or anything will fail with same or similar msgs. Im not certain how I can start already tried portsdb -F but didnt make difference any help or comment is welcome flute# portsdb -uU Updating the ports index ... Generating INDEX.tmp - please wait..Warning: Duplicate INDEX entry: freeciv-gtk2-1.14.2 Warning: Duplicate INDEX entry: fvwm-imlib-2.4.19 Done. done [Updating the portsdb format:bdb1_btree in /usr/ports ... - 11889 port entries found .1000.2000.3000.4000.5000.60 00.7000.8000./usr/local/lib/ruby/site_ruby/1.8/portsdb.r b:587: [BUG] Segmentation fault ruby 1.8.2 (2004-07-29) [i386-freebsd4] Abort (core dumped) James H ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: portdb corrupt?
added /usr/local/etc/pkgtools.conf ENV['PKG_DBDRIVER'] = bdb_hash ENV['PORTS_DBDRIVER'] = bdb_hash and it worked! Thanks! James H -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Benjamin Thelen Sent: Saturday, November 06, 2004 12:18 AM To: James Hong Cc: [EMAIL PROTECTED] Subject: Re: portdb corrupt? James Hong wrote: Hi i have problem updating the portdb since i cvsup portversion/portupgrade or anything will fail with same or similar msgs. Im not certain how I can start already tried portsdb -F but didnt make difference any help or comment is welcome flute# portsdb -uU Updating the ports index ... Generating INDEX.tmp - please wait..Warning: Duplicate INDEX entry: freeciv-gtk2-1.14.2 Warning: Duplicate INDEX entry: fvwm-imlib-2.4.19 Done. done [Updating the portsdb format:bdb1_btree in /usr/ports ... - 11889 port entries found .1000.2000.3000.4000.5000. 60 00.7000.8000./usr/local/lib/ruby/site_ruby/1.8/por tsdb.r b:587: [BUG] Segmentation fault ruby 1.8.2 (2004-07-29) [i386-freebsd4] Abort (core dumped) James H ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] James, Kent Stewart explained what to do and how that came on 11/2/04 subject portupgrade core dump fix. Maybe it should have considered a security problem, as it is such a basic and widely used procedure and thus somehow security relevant? When will 4.11 released? :-) I suppose this bug is fixed in 4.11. Kind Regards, Benjamin ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Port for Motorola cell phones (V60c)?
I've been searching the ports tree and the freebsd.org site for anything similar to gnokii or scmxx, but for Motorola phones, ideally the V60c. I haven't found anything. Is there a port which will allow me to upload and download my phone's address book, settings, etc.? I'd rather not have to dust of my Windoze machine just to back up my phone's address book. Failing that, I'm considering a phone upgrade, and would appreciate testimonials from those who have phones which do have a port that supports it. Thanks in advance! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dummynet
Why don't you guys stop torturing yourself and wasting $1000s worth of your time and get yourself some real bandwidth management software? Its cheaper in the long run. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Funny, I thought that's what Dummynet did. It seems that you wouldn't want to steer a user into a horribly overpriced closed-source rate-limiting solutuion when it's available for free in the OS. BTW: Nice email addr. ;) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dummynet
In a message dated 10/28/04 12:52:14 PM Eastern Daylight Time, [EMAIL PROTECTED] writes: Funny, I thought that's what Dummynet did. It seems that you wouldn't want to steer a user into a horribly overpriced closed-source rate-limiting solutuion when it's available for free in the OS. BTW: Nice email addr. ;) Ah, but its not really available for free, because the free ones don't work well, aren't supported and don't scale. Plus it seems that unless you value your time at $2./hr its already cost you more than the $800. to try to use the free stuff. Are you planning on completely rewriting it yourself using dummynet as the code base? What good is open source if the entire code base is nowhere near as good as what you can buy? You would really struggle with an inadequate open source solution rather than pay for something that works? And I wouldn't talk about email addresses, mr so liberal I can't function normally in society. AOL buffers the 99% of mails I have no interest in reading, I can just block the domains of lists I dont feel like dealing with at any given time without having to unsubscribe and subscribe, and it uses no disk space or bandwidth in the process. Its ideal (except for the darned reader). TM ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I agree with some of that, but unless the person has the money to spend, then using dummnynet is acceptable. Not everyone can drop 10+ grand on a nokia firewall that has everything packaged into a nice gui. Regarding the email addr: If you look further, you'll the wink (I was ribbing you). Similar to another one of threads. Obviously, you can dish it out, but can't take it. I have seen your past replys; you offer nothing but abuse. Do you sit around and wait for a newbie to ask a question so you can make him/her feel stupid for asking it? Thx ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Installer
Personally, I think the FreeBSD install is incredibly simple. It really could not be easier, but if you want one that is, try DragonFlyBSD. The install of that is very, very simple, but you may run into issues with certain software packages. Jamie On Oct 12, 2004, at 5:45 PM, Jerry McAllister wrote: Dear Friends : I'm a Linux user since 1,999 and I'm really interested in start FreeBSD. OK, it's a new system, different versions and so on. My experience with computers started with Basic, after MS-DOS, Windows and Linux. When I tried Linux, 5 years-ago, partitions, kde, window maker and many of them, were only words. My first fear, was erase my HD. I did it many times, but I knew how to start again or recover. I'm writing these things, cause in these years using Linux, I saw a big evolution , specially the installer. Mandrake, Red Hat, Fedora, Slackware and another, made a goob job and you can do it , almost without problems. But, when I tried FreeBSD installer, I remembered Debian, the worst installer ! Probably another distributions, like Knoppix, Kurumin , Gnoppix to name a few, trying to make the life user easiest ! My first experience with FreeBSD, was 5.0, with a PC Master, brazilian magazine. After many tries, a XFree86 error, when I typed startx, disappointed me again and, I forgot it... On the last month, I downloaded the 2 CDs, 5.2.1, and, the same installer, errors, infinite loops... very disappointing ! I tried many lists, and with some support,to resolve or not, the problems. Again, I format my system and, here I am, with Windows (mainly for games and a problematic usb scanner) and Linux. I need a more stable system. Many people talked me very good about FreeBSD. For me, until now , the biggest deception ! Please, I don't know the FreeBSD objectives, but if you would like that more and more people can use it, CHANGE this installer. Confuse , in one word ! Disappointing ! I tried standard, express, custom , all packages, minimum, all kind of ways... I can't understand a looped install. Almost 2 hours after, an error... My video card is recognized , but when you did post-install, not ! You tried many XFrre86 configs and not When something happens and finally you can start KDE or GNOME or another, DHCP don't run and so on. Please change this installer and trying to better hardware and network configuration ! Until this, I'll never tried FreeBSD again ! Sincerely, Newton - Curitiba - Brazil The nice thing about the installer is that it works. Too bad you will be cutting yourself off from a good system because you will not take the time to learn it. You miss so much in life. jerry ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Installer
Sorry about that (not really), but Mac Mail places the reply at the top. Maybe I should use a Leet mail prog like yourself. On Oct 12, 2004, at 6:08 PM, Jerry McAllister wrote: Geez, another top poster who mangles the flow of the thread!! jerry Personally, I think the FreeBSD install is incredibly simple. It really could not be easier, but if you want one that is, try DragonFlyBSD. The install of that is very, very simple, but you may run into issues with certain software packages. Jamie On Oct 12, 2004, at 5:45 PM, Jerry McAllister wrote: Dear Friends : I'm a Linux user since 1,999 and I'm really interested in start FreeBSD. OK, it's a new system, different versions and so on. My experience with computers started with Basic, after MS-DOS, Windows and Linux. When I tried Linux, 5 years-ago, partitions, kde, window maker and many of them, were only words. My first fear, was erase my HD. I did it many times, but I knew how to start again or recover. I'm writing these things, cause in these years using Linux, I saw a big evolution , specially the installer. Mandrake, Red Hat, Fedora, Slackware and another, made a goob job and you can do it , almost without problems. But, when I tried FreeBSD installer, I remembered Debian, the worst installer ! Probably another distributions, like Knoppix, Kurumin , Gnoppix to name a few, trying to make the life user easiest ! My first experience with FreeBSD, was 5.0, with a PC Master, brazilian magazine. After many tries, a XFree86 error, when I typed startx, disappointed me again and, I forgot it... On the last month, I downloaded the 2 CDs, 5.2.1, and, the same installer, errors, infinite loops... very disappointing ! I tried many lists, and with some support,to resolve or not, the problems. Again, I format my system and, here I am, with Windows (mainly for games and a problematic usb scanner) and Linux. I need a more stable system. Many people talked me very good about FreeBSD. For me, until now , the biggest deception ! Please, I don't know the FreeBSD objectives, but if you would like that more and more people can use it, CHANGE this installer. Confuse , in one word ! Disappointing ! I tried standard, express, custom , all packages, minimum, all kind of ways... I can't understand a looped install. Almost 2 hours after, an error... My video card is recognized , but when you did post-install, not ! You tried many XFrre86 configs and not When something happens and finally you can start KDE or GNOME or another, DHCP don't run and so on. Please change this installer and trying to better hardware and network configuration ! Until this, I'll never tried FreeBSD again ! Sincerely, Newton - Curitiba - Brazil The nice thing about the installer is that it works. Too bad you will be cutting yourself off from a good system because you will not take the time to learn it. You miss so much in life. jerry ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sony PCVA-15XTAP2 monitor
Ben Paley wrote: Someone's offered me one of these monitors, a Sony PCVA-15XTAP2. I really don't know anything about it, except that it's widescreen and has a non-standard connector of some sort - power and signal through the same cable, apparently (I haven't actually seen it yet). Does anyone know anything about making it work (will I be able to run it with an adapter from my current generic agp card?) and specifically making it work with Xorg? The only thing I could find is a Japanese reference to the monitor where they appear to cut the connector off, although chances are that it's a proprietory DVI connector/adaptor. My Japanese is non-existant, but it might be a place to start. For one thing they appear to have the pinout chart, so who knows... http://niga.sytes.net/at/vaio_dvi.html James ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Ntpd assistance
i had a machine where internal clock runs 1.5 times faster than normal clock. as a result time will be about 5min faster every 30min or so. if internal clock is busted like mine, ntpd will not be able to sync time. It takes as long as few days to sync few min on your unix clock. Also if i remember correctly unix keeps internal clock and system clock separatly. read http://www.eecis.udel.edu/~mills/ntp/html/ntpd.html PS. use closer tier 2 or tier 3 and multiple sources (as long as they are public) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rob Sent: Thursday, September 23, 2004 2:37 PM To: [EMAIL PROTECTED] Subject: Re: Ntpd assistance alden.pierre wrote: /etc/rc.conf contains the following: ntpdate_enable=YES ntpdate_flags=timex.cs.columbia.edu xntpd_enable=YES# Run ntpd Network Time Protocol /etc/ntpd.conf contains the following: driftfile/etc/ntp/drift server 65.211.109.1 server 65.211.109.11 server 209.51.161.238 server 128.59.59.177 Use /etc/ntp.conf (NOT ntpd.conf). I would configure this system as follows: /etc/rc.conf: ntpdate_enable=YES ntpdate_flags=-b 65.211.109.1 65.211.109.11 209.51.161.238 128.59.59.177 xntpd_enable=YES /etc/ntp.conf: #-- # prohibit general access to this service #-- restrict default ignore #-- # localhost has full access to the server #-- restrict 127.0.0.1 #-- # servers to query #-- server 65.211.109.1 restrict 65.211.109.1 server 65.211.109.11 restrict 65.211.109.11 server 209.51.161.238 restrict 209.51.161.238 server 128.59.59.177 restrict 128.59.59.177 #-- # files to use #-- driftfile /var/db/ntp.drift - The idea is, that, at boot up, you force instant time synchronization with ntpdate, using the list of servers in ntpdate_flags=-b . (check the man page of ntpdate and the -b flag). Then you allow ntpd to start (xntpd_enable = YES), that will keep the time in sync with the servers in /etc/ntp.conf. As a regular user, verify nptd's sync behaviour with: ntpq -np I hope that helps. Rob. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Strange monthly run error(?)
After searching google/mailing lists, and man pages, I haven't found a reference to this in my monthly accounting run. (Skipped 2 of 329 records due to invalid time values) root 0.02 Any ideas where I should be looking, or the meaning of it? Running 4.10-STABLE ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
[OT] 6 Available Gmail Accounts Up for Grabs!
I have 6 Gmail invitations to give out and am offering on a first come, first served basis. Grab them while you can. http://gmail.google.com/gmail/a-5cb03dc1c9-e7e09b56fb-479b98b8bc http://gmail.google.com/gmail/a-5cb03dc1c9-c833787037-045d087df3 http://gmail.google.com/gmail/a-5cb03dc1c9-2465443bb0-3a1f06a6e3 http://gmail.google.com/gmail/a-5cb03dc1c9-548e8ffe38-563eb41fbd http://gmail.google.com/gmail/a-5cb03dc1c9-3ce74757d8-501f88b599 http://gmail.google.com/gmail/a-5cb03dc1c9-721a8fae6f-cfaf13a083 Happy Pickings! -- James W. Thompson, II (New Orleans, LA) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Portupgrade killed everytime
Try running it using strace, such as strace portupgrade vim and see what it's doing. I checked my kernel and found the PROCFS and PSUEDOFS options were in there. I have added this line to my fstab: proc/procprocfs rw00 I no longer see this message: # strace portupgrade vim strace: open(/proc/..., ...): No such file or directory trouble opening proc file (Google was my friend here!) However, my problems seem far from over. When I run strace now (e.g. strace -o /root/strace.out portupgrade vim), nothing happens. Typing 'top' shows this line: PID USER PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND 829 root 96 01352K 696K STOP0:00 0.00% 0.00% strace or sometimes it looks like this: 838 root 8 01356K 704K pioctl 0:00 0.00% 0.00% strace but the strace tool just doesn't want to generate any output. Strangely, I don't even see ruby appear in the top output when I use strace. Please guys, I would be so grateful if someone could offer me any advice or suggestions on this. Kind regards, James. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Portupgrade killed everytime
Adam Smith wrote: Try running it using strace, such as strace portupgrade vim and see what it's doing. Sorry I didn't get a chance to reply yesterday. I now have the strace port installed but have hit a small problem (as mentioned by Joshua Tinnin). I'm not familiar with strace either and is the error I see: # strace portupgrade vim strace: open(/proc/..., ...): No such file or directory trouble opening proc file A man procfs, was informative, but I'm a bit lost now on how to proceed... Steven Friedrich wrote: Have you been reading UPDATING? Certainly have. You might want to try what's there for this problem before you spend a lot of time troubleshooting... I got to step 5 and the problem was still happening: you can always deinstall portupgrade and all the ruby stuff (run pkg_delete -r ruby-\*) and reinstall portupgrade as a last resort. That didn't work, but ofcourse, I used pkg_add -r ruby-devel. Any ideas on how to proceed with the strace would be greatly appreciated. TIA, James. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
no user interface
I just installed 5.2.1 via download onto cdr media. I left about 10 gigs open for freebsd, and left 9 for my win2000. the dual boot works fine on my dell laptop, however when i go to load freebsd 5.2.1, i cant get into a graphical interface. Instead it stays in a dos-like interface with commands only. It recognizes my user name and the admin name of root, but there is only a command line and no background. i installed cd1, i have a boot only and a second disc which i have not installed. please point me in the correct direction james heck _ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Portupgrade killed everytime
Whenever I run portupgrade, I wait about 30 seconds only to see it die: # portupgrade clamav Killed # portupgrade vim Killed I have a recent cvsup of 'ports-all' on 5.2.1-RELEASE-p9 and have run 'make index' and 'pkgdb -F'. Someone at bsdforums.org has kindly suggested that I'm seeing a Ruby problem, so I tried to do a 'make install clean' on lang/ruby18 (after a pkg_delete -r ruby-\*). This failed to build with the following errors: [...] === Building for ruby-1.8.2.p2_1 cc -O -pipe -march=pentium2 -fPIC -I. -I. -c main.c cc -O -pipe -march=pentium2 -fPIC -I. -I. -c dmyext.c cc -O -pipe -march=pentium2 -fPIC -I. -I. -c array.c cc -O -pipe -march=pentium2 -fPIC -I. -I. -c bignum.c cc -O -pipe -march=pentium2 -fPIC -I. -I. -c class.c cc: {standard input}: Assembler messages: {standard input}:0: Warning: end of file not at end of a line; newline inserted {standard input}:1920: Error: unknown pseudo-op: `.p2al' Internal error: Killed (program cc1) Please submit a full bug report. [...] So, I used 'pkg_add -r ruby-devel' instead. A 'pkg_info' now shows: portupgrade-20040701_3 FreeBSD ports/packages administration... ruby-1.8.1.p2 An object-oriented interpreted scripting language ruby18-bdb1-0.2.2 Ruby interface to Berkeley DB revision 1.8x... ruby_r-1.8.1.p2An object-oriented interpreted scripting language Unfortunately, still no joy! If anyone could give me some suggestions, I would really appreciate it. Many thanks, James. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: problem with getway
On Wed, Aug 18, 2004 at 03:36:31PM +0800, AETCH wrote: I have install freebsd 4.x,and have two netcards. I want it as getway. I have config gateway_enable=YES in rc.conf,and then reboot. [a pc][freebsd]---[b pc] After reboot , I try to use a pc to ping b pc ,it`s not work ,but a pc and b pc can ping freebsd successful,why? Please give me a hand. Thanks!! aetch Have you built a kernel with IPFW enabled and have you enabled natd in your rc.conf? Both IPFW (or perhaps IPFILTER) must be enabled to allow packet forwarding. Just setting gateway=yes in rc.conf isn't enough (I know - I made the same mistake) You will have to enable natd and IPFW (or maybe IPFILTER) in rc.conf and build a custom kernel with IPFW enabled. Here's the lines I added to my kernel: # IP Aliasing and Firewall options options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPDIVERT and here's what I put in my rc.conf: gateway_enable=YES natd_enable=YES natd_interface=dc1 natd_flags=-dynamic You will also need to enable the firewall in rc.conf - what follows is for an entirely OPEN firewall, i.e. it allows anything and everything through. (But you must have the firewall enabled to use the IP forwarding capabilities): firewall_enable=YES #firewall_type=OPEN #firewall_script=/etc/openfirewall.rules and the contents of /etc/openfirewall.rules: /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via dc1 /sbin/ipfw add pass all from any to any Chapter 8 of the handbook (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html) and Chapter 14, Section 8 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html have most of the information you'll need. In future posts, paste the contents of your rc.conf and any other files involved- that will help the list answer your question more quickly. HTH Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Nightly cron message question
On Wed, Aug 18, 2004 at 09:04:48AM -0500, Kevin D. Kinsey, DaleCo, S.P. wrote: Jason Lieurance wrote: Hello, Late couple days on our Freebsd 4.7 email/web server I've got this message in the nightly cron jobs: Checking setuid files and devices: Checking for uids of 0: root 0 toor 0 You have this line: # 300.chkuid0 daily_status_security_chkuid0_enable=YES set in /etc/defaults/periodic.conf under the Security Options heading, most likely. I was under the impression that this was set by default, as that is the name of the directory it's in. I would be curious as to why this wasn't happening before. Check the dates on said file and directory. Have you recently run mergemaster, perhaps? I've searched and some said it had to do with an incomplete dmesg or something like that. There are some errors: pid 82522 (libhttpd.ep), uid 65534: exited on signal 11 snip Something dumped core or what not, then. but I've had those before w/o the: Checking for uids of 0: snip Any thoughts, thanks. Like I said, completely normal, although why they weren't coming in before I can't guess Kevin Kinsey DaleCo, S.P. FWIW, I also began seeing the same message in my daily cron output file as well two days ago. Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Security question - uids of 0
The following appeared in my latest daily security run output: Checking for uids of 0: root 0 toor 0 This is the first time I've seen this message. I checked /etc/passwd and found this: root:*:0:0:Charlie :/root:/bin/csh toor:*:0:0:Bourne-again Superuser:/root: I am running FreeBSD 4.10 as a gateway/router/firewall with IPFW for a small home LAN. I ran ps -aux and looked for any processes owned by toor but didn't find any. Is this something to be concerned about? Sorry if this is an obvious question, but I am still very much a newbie and trying to learn what I can about security. Thanks for your patience, Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Security question - uids of 0
On Mon, Aug 16, 2004 at 05:01:51PM +0200, Volker Kindermann wrote: Hi James, The following appeared in my latest daily security run output: Checking for uids of 0: root 0 toor 0 This is the first time I've seen this message. I checked /etc/passwd and found this: root:*:0:0:Charlie :/root:/bin/csh toor:*:0:0:Bourne-again Superuser:/root: I am running FreeBSD 4.10 as a gateway/router/firewall with IPFW for a small home LAN. I ran ps -aux and looked for any processes owned by toor but didn't find any. did you install bash? Normally, the bash from ports or packages will install the toor account so you don't have to change root's shell. If you installed bash then there's nothing to worry about this entry. If you don't need it, just use vipw and delete it. -volker Thank you Volker - I did install bash several weeks ago, so the sudden appearance of the message in my daily security run caught my attention. Thanks to everyone who sent the http://www.freebsd.org/doc/faq/security.html#TOOR-ACCOUNT link. Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Security log question
On Sat, Aug 14, 2004 at 04:39:58PM +0200, Alex de Kruijff wrote: On Wed, Aug 11, 2004 at 07:46:47PM -0500, James A. Coulter wrote: This message has been showing up in /var/log/security: Aug 6 01:56:44 sara /kernel: drop session, too many entries Aug 6 16:40:05 sara /kernel: drop session, too many entries Aug 7 13:25:23 sara /kernel: drop session, too many entries Aug 7 15:32:00 sara /kernel: drop session, too many entries Aug 7 15:32:03 sara last message repeated 3 times Aug 8 22:30:53 sara /kernel: drop session, too many entries Aug 10 19:47:31 sara /kernel: drop session, too many entries Aug 11 11:11:46 sara /kernel: drop session, too many entries Aug 11 13:08:15 sara /kernel: drop session, too many entries Aug 11 13:10:26 sara last message repeated 12 times Aug 11 13:20:34 sara last message repeated 55 times Aug 11 13:30:00 sara last message repeated 66 times Aug 11 16:49:26 sara /kernel: drop session, too many entries Aug 11 16:49:58 sara last message repeated 5 times Aug 11 16:52:04 sara last message repeated 20 times Aug 11 17:02:01 sara last message repeated 93 times Aug 11 17:18:01 sara /kernel: drop session, too many entries Aug 11 17:23:03 sara /kernel: drop session, too many entries I'm running FreeBSD 4.10 with IPFW and NAT as a gateway/router/firewall for a home LAN. I am the only user (I hope!) with access to this system. I googled the drop session message and found e-mail correspondence indicating this message is a result of having too many telnet or ssh sessions open at the same time and could be an indication of a DOS attack. I have disabled telnet in inetd.conf. I am running ftp with anonymous log-in disabled and ssh with root login disabled. I am also running apache 1.3. Is this message something I should investigate further, or is it like the script kiddies who scan my ports every night - just something to live with? Yes, but I don't think you are likly at risk to have someone bracking in on you system. You're server proberbly just handle the traffic nicly. You need to investigate further to find out what is causing this and what you can do about it. P.S. I notices you have very lone lines in you'r mail and use mutt. Whould you consider adding the following line to .muttrc (and install vim) so that this is automaticly wraped at 72 char? set editor=vim +':set tw=72' +':set ww=,,h,l,[,]' %s -- Alex Alex - thanks for the response and for the .muttrc tip. I added it and hopefully my mail will now wrap at 72 characters. Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Security log question
This message has been showing up in /var/log/security: Aug 6 01:56:44 sara /kernel: drop session, too many entries Aug 6 16:40:05 sara /kernel: drop session, too many entries Aug 7 13:25:23 sara /kernel: drop session, too many entries Aug 7 15:32:00 sara /kernel: drop session, too many entries Aug 7 15:32:03 sara last message repeated 3 times Aug 8 22:30:53 sara /kernel: drop session, too many entries Aug 10 19:47:31 sara /kernel: drop session, too many entries Aug 11 11:11:46 sara /kernel: drop session, too many entries Aug 11 13:08:15 sara /kernel: drop session, too many entries Aug 11 13:10:26 sara last message repeated 12 times Aug 11 13:20:34 sara last message repeated 55 times Aug 11 13:30:00 sara last message repeated 66 times Aug 11 16:49:26 sara /kernel: drop session, too many entries Aug 11 16:49:58 sara last message repeated 5 times Aug 11 16:52:04 sara last message repeated 20 times Aug 11 17:02:01 sara last message repeated 93 times Aug 11 17:18:01 sara /kernel: drop session, too many entries Aug 11 17:23:03 sara /kernel: drop session, too many entries I'm running FreeBSD 4.10 with IPFW and NAT as a gateway/router/firewall for a home LAN. I am the only user (I hope!) with access to this system. I googled the drop session message and found e-mail correspondence indicating this message is a result of having too many telnet or ssh sessions open at the same time and could be an indication of a DOS attack. I have disabled telnet in inetd.conf. I am running ftp with anonymous log-in disabled and ssh with root login disabled. I am also running apache 1.3. Is this message something I should investigate further, or is it like the script kiddies who scan my ports every night - just something to live with? TIA for any enlightenment/suggestions anyone can provide. Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: order of starting services at boot?
Just number them like so: [EMAIL PROTECTED] ls -l /usr/local/etc/rc.d/ total 32 -r-xr-xr-x 1 root wheel 248 Oct 6 2003 010.pkgtools.sh -rwxr-x--x 1 root wheel 391 Jan 28 2004 020.xinetd.sh -r-xr-xr-x 1 root wheel 1720 May 31 10:17 030.svscan.sh -r-xr-xr-x 1 root wheel 646 Jul 3 12:03 040.apache.sh -rwxr-x--- 1 root wheel 549 Apr 17 11:23 050.mysql-server.sh -rwxr-x--- 1 root wheel 181 Apr 17 11:55 055.mysql-client.sh -r-xr-xr-x 1 root wheel 756 Jun 29 14:26 060.snmpd.sh lrwxr-xr-x 1 root wheel44 May 31 14:46 075.courier-imap-imapd-ssl.sh - /usr/local/libexec/courier-imap/imapd-ssl.rc lrwxr-xr-x 1 root wheel40 May 31 14:59 080.courier-imap-imapd.sh - /usr/local/libexec/courier-imap/imapd.rc -r-xr-xr-x 1 root wheel 1853 May 28 12:29 100.squid.sh -- James S. - Original Message - From: Duane Winner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 10, 2004 5:09 PM Subject: order of starting services at boot? Hello, Can anybody explain to me how FreeBSD 5.2.1 controls the start order of the scripts in /etc/rc.d ? I've looked all over and am having trouble gleening what controls this. For instance, if I would like to start ipfw before dhclient (right now dhclient starts, then ipfw starts), how would I accomplish this? Thanks, Duane ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: order of starting services at boot?
Yeah. I guess that ipfw isn't started like that. Durr. I didn't reallt read the original post. -- James S. - Original Message - From: Dan Nelson [EMAIL PROTECTED] To: Duane Winner [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, August 10, 2004 6:30 PM Subject: Re: order of starting services at boot? In the last episode (Aug 10), Duane Winner said: Can anybody explain to me how FreeBSD 5.2.1 controls the start order of the scripts in /etc/rc.d ? I've looked all over and am having trouble gleening what controls this. The rc manpage explains rc.d/ and the magic keywords used inside its scripts. For instance, if I would like to start ipfw before dhclient (right now dhclient starts, then ipfw starts), how would I accomplish this? Add ipfw to dhclient's REQUIRE line. This change was made to -current, so when 5.3 ships it'll already do what you want :) -- Dan Nelson [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Security Log Question
Checked /var/log/security this morning and found these entries: Aug 4 09:00:45 sara /kernel: ipfw: limit 10 reached on entry 500 Aug 5 07:45:38 sara /kernel: drop session, too many entries Aug 5 17:54:32 sara /kernel: drop session, too many entries Aug 5 17:55:55 sara last message repeated 9 times Aug 6 01:56:44 sara /kernel: drop session, too many entries Aug 6 16:40:05 sara /kernel: drop session, too many entries Aug 7 13:25:23 sara /kernel: drop session, too many entries Aug 7 15:32:00 sara /kernel: drop session, too many entries Aug 7 15:32:03 sara last message repeated 3 times Can someone please tell this newbie if this something to be concerned about? Many thanks in advance! Jim C. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Newbie Security Question
I recently got my firewall up and configured (many thanks to JJB and everyone else for their help) and have been reading the daily security message from root with a great deal of interest. My question is, when I see entries like this: Aug 5 17:55:54 sara sshd[2099]: Failed password for root from 209.120.224.13 +port 40515 ssh2 Aug 5 17:55:55 sara sshd[2101]: Failed password for root from 209.120.224.13 +port 60426 ssh2 Aug 5 17:55:55 sara sshd[2103]: Failed password for root from 209.120.224.13 +port 54447 ssh2 Aug 5 17:55:59 sara sshd[2105]: Failed password for root from 209.120.224.13 +port 44460 ssh2 is it safe to assume someone has been trying to hack my system? I did a whois search on the IP and it went to a provider in Colorado. I'm asking because I'm curious - thanks again for everyone's help. Jim C. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Firewall Rule Set not allowing access to DNS servers?
I changed the DNS rules as you suggested, and the firewall works perfectly - thanks very much. This has been a great learning experience for me - thanks to all who responded. Jim C -Original Message- From: JJB [mailto:[EMAIL PROTECTED] Sent: Saturday, July 31, 2004 1:08 PM To: James A. Coulter; [EMAIL PROTECTED] Subject: RE: Firewall Rule Set not allowing access to DNS servers? Look back at the ipfw sample rule set and you will see that there are both udp and tcp protocol access to DSN. Also not that udp does not use setup keyword. # Allow out access to my ISP's Domain name server. # x.x.x.x must be the IP address of your ISP's DNS # Dup these lines if your ISP has more than one DNS server # Get the IP addresses from /etc/resolv.conf file $cmd 00110 allow tcp from any to x.x.x.x 53 out via $pif setup keep-state $cmd 00111 allow udp from any to x.x.x.x 53 out via $pif keep-state You DNS rules are # Allow out access to my ISP's Domain name server. # x.x.x.x must be the IP address of your ISP's DNS # Dup these lines if your ISP has more than one DNS server # Get the IP addresses from /etc/resolv.conf file $cmd 020 $skip UDP from any to 68.105.161.20 53 out via $pif setup keep-state $cmd 021 $skip UDP from any to 68.1.18.25 53 out via $pif setup keep-state $cmd 022 $skip UDP from any to 68.10.16.30 53 out via $pif setup keep-state As you can see you have no tcp protocol statements. Your udp rules use setup keyword which is only for tcp rules so your udp packets never match this rule and default to getting blocked which is why you get log error messages and you can not access public internet. Also if you look closely at the first 4 ipfw log messages you will see first message is about ip address 193.0.14.129 which is the primary dns server pointed to by url search pn.at.cox.net in /etc/resolv.conf Change your DNS rules to look like this # Allow out access to my ISP's Domain name server. # x.x.x.x must be the IP address of your ISP's DNS # Dup these lines if your ISP has more than one DNS server # Get the IP addresses from /etc/resolv.conf file $cmd 020 $skip udp from any to 193.0.14.129 53 out via $pif keep-state $cmd 021 $skip udp from any to 68.1.18.25 53 out via $pif keep-state $cmd 022 $skip udp from any to 68.10.16.30 53 out via $pif keep-state $cmd 023 $skip udp from any to 68.105.161.20 53 out via $pif keep-state $cmd 024 $skip tcp from any to 193.0.14.129 53 out via $pif setup keep-state $cmd 025 $skip tcp from any to 68.1.18.25 53 out via $pif setup keep-state $cmd 026 $skip tcp from any to 68.10.16.30 53 out via $pif setup keep-state $cmd 027 $skip tcp from any to 68.105.161.20 53 out via $pif setup keep-state -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of James A. Coulter Sent: Saturday, July 31, 2004 1:09 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Firewall Rule Set not allowing access to DNS servers? My LAN is configured with static IP addresses, 192.168.1.x. I have no problems communicating within the LAN. I have full connectivity with the internet from every machine on my LAN when the firewall is open. When I use the rule set in question, I can ping and send mail but I cannot access the DNS servers listed in resolv.conf. These are the same DNS servers placed in resolv.conf when the firewall is open. I'm sorry, but I never said dc1 was my inside nic. Again, I appreciate any help with this. The files you requested follow. Here's my ifconfig - a: sara# ifconfig -a dc0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 inet6 fe80::204:5aff:fe76:55f0%dc0 prefixlen 64 scopeid 0x1 ether 00:04:5a:76:55:f0 media: Ethernet autoselect (100baseTX full-duplex) status: active dc1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet6 fe80::2a0:ccff:fe33:e1f6%dc1 prefixlen 64 scopeid 0x2 inet 68.105.58.150 netmask 0xfe00 broadcast 68.105.59.255 ether 00:a0:cc:33:e1:f6 media: Ethernet autoselect (100baseTX full-duplex) status: active lp0: flags=8810POINTOPOINT,SIMPLEX,MULTICAST mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff00 ppp0: flags=8010POINTOPOINT,MULTICAST mtu 1500 sl0: flags=c010POINTOPOINT,LINK2,MULTICAST mtu 552 faith0: flags=8002BROADCAST,MULTICAST mtu 1500 Here's resolv.conf: sara# more /etc/resolv.conf search pn.at.cox.net nameserver 68.105.161.20 nameserver 68.1.18.25 nameserver 68.10.16.30 Here's the entire rule set I'm trying to use. I did follow the comments. Please note the variable pif is set to dc1, my outside nic. Start of IPFW rules
sound volume to high
Hi, I have my sound card setup, and it works ok.. but the volume is to high/loud. I tried setting the volume lower with the mixer command, but it didnt change the volume (even though it changed the setting). Heres my sound card info from dmesg: pcm0: VIA VT8235 port 0xbc00-0xbcff irq 11 at device 17.5 on pci0 pcm0: C-Media Electronics CMI9739 AC97 Codec I'd appreciate any help you could provide. Please email me directly, since im not subscribed to the list. TIA __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Firewall Rule Set not allowing access to DNS servers?
Thanks for the response. . . I changed rule 5 from x10 to dc0 - thanks Not sure why I would want my inside nic requesting DHCP service from my ISP. It has been working fine in the configuration I have it so I've left it the way it is. I checked the security log, and found this: Jul 30 08:58:37 sara /kernel: ipfw: 450 Deny UDP 68.105.58.150:2609 68.105.161.20:53 out via dc1 Jul 30 08:58:37 sara /kernel: ipfw: 450 Deny UDP 68.105.58.150:4067 68.1.18.25:53 out via dc1 Jul 30 08:58:37 sara /kernel: ipfw: 450 Deny UDP 68.105.58.150:3773 68.10.16.30:53 out via dc1 These are the three name servers specified in the rule set I checked the rule set and found this: # Allow out access to my ISP's Domain name server. # x.x.x.x must be the IP address of your ISP's DNS # Dup these lines if your ISP has more than one DNS server # Get the IP addresses from /etc/resolv.conf file $cmd 020 $skip tcp from any to 68.105.161.20 53 out via $pif setup keep-state $cmd 021 $skip tcp from any to 68.1.18.25 53 out via $pif setup keep-state $cmd 022 $skip tcp from any to 68.10.16.30 53 out via $pif setup keep-state Because security said the firewall was denying UDP packets, I changed the rules to this: $cmd 020 $skip udp from any to 68.105.161.20 53 out via $pif setup keep-state $cmd 021 $skip udp from any to 68.1.18.25 53 out via $pif setup keep-state $cmd 022 $skip udp from any to 68.10.16.30 53 out via $pif setup keep-state But that hasn't helped. I'm still getting: Jul 31 08:31:21 sara /kernel: ipfw: 550 Deny UDP 68.105.58.150:3178 68.105.161.20:53 out via dc1 Jul 31 08:31:21 sara /kernel: ipfw: 550 Deny UDP 68.105.58.150:4476 68.1.18.25:53 out via dc1 Jul 31 08:31:21 sara /kernel: ipfw: 550 Deny UDP 68.105.58.150:4747 68.10.16.30:53 out via dc1 FWIW, these rules are skipping to: # This is skipto location for outbound stateful rules $cmd 800 divert natd ip from any to any out via $pif $cmd 801 allow ip from any to any I apologize for being such a bother and I do appreciate any help or suggestions. TIA Jim C. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of JJB Sent: Friday, July 30, 2004 1:20 PM To: James A. Coulter; [EMAIL PROTECTED] Subject: RE: Firewall Rule Set not allowing access to DNS servers? Change this ipfw rule from 5 allow ip from any to any via xl0 To 5 allow ip from any to any via dc0 because dc0 is the lan interface name and not xl0. Change these statement in rc.conf because you have interface name backwards. Dc1 is the NIC connected to your cable modem and you want to get DHCP info from your ISP. Dc0 is the NIC connected to your LAN. From ifconfig_dc1=DHCP ifconfig_dc0=inet 192.168.1.1 netmask 255.255.255.0 to ifconfig_dc0=DHCP ifconfig_dc1=inet 192.168.1.1 netmask 255.255.255.0 You do not say how your LAN PCs get their ip address. You can hard code them on each LAN PC or you have to run isc-dhcp-server on your Gateway box to auto assign ip address to LAN PCs. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of James A. Coulter Sent: Friday, July 30, 2004 10:56 AM To: [EMAIL PROTECTED] Subject: Firewall Rule Set not allowing access to DNS servers? I am using FreeBSD 4.10 as a gateway/router for a small home LAN. My outside interface (dc1) is connected to a cable modem and is configured for DHCP. I have compiled and installed a custome kernel with IPFIREWALL and IPDIVERT options and with a rule set allowing any to any with no problems I am in the process of adding a proper rule set to provide security. I was referred to http://freebsd.a1poweruser.com:6088/FBSD_firewall/ and installed the Stateful + NATD Rule Set modified for my outside interface, domain name servers, and DHCP server. I can ping IP addresses and pass SMTP mail back and forth from the gateway/router and all machines on the LAN, but I cannot ping URLs - I am getting ping: cannot resolve www.freebsd.org: Host name lookup failure errors. This is what ipfw -a list looks like: sara# ipfw -a list 5 0 0 allow ip from any to any via xl0 00010 52 3640 allow ip from any to any via lo0 00014 0 0 divert 8668 ip from any to any in recv dc1 00015 0 0 check-state 00020 0 0 skipto 800 tcp from any to 68.105.161.20 53 keep-state out xmit dc1 setup 00021 0 0 skipto 800 tcp from any to 68.1.18.25 53 keep-state out xmit dc1 setup 00022 0 0 skipto 800 tcp from any to 68.10.16.30 53 keep-state out xmit dc1 setup 00030 0 0 skipto 800 udp from any to 172.19.17.22 67 keep-state out xmit dc1 00040 0 0 skipto 800 tcp from any to any 80 keep-state out xmit dc1 setup 00050 0 0 skipto 800 tcp from any to any 443 keep-state out xmit dc1 setup 00060 0 0 skipto 800 tcp from any to any 25 keep-state out xmit dc1 setup 00061 0 0 skipto 800 tcp from any to any 110
RE: Firewall Rule Set not allowing access to DNS servers?
-FDX, 100baseTX, 100baseTX-FDX, auto isa0: too many dependant configs (8) isa0: unexpected small tag 14 orm0: Option ROM at iomem 0xc-0xc7fff on isa0 pmtimer0 on isa0 fdc0: NEC 72065B or clone at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0 fdc0: FIFO enabled, 8 bytes threshold fd0: 1440-KB 3.5 drive on fdc0 drive 0 atkbdc0: Keyboard controller (i8042) at port 0x60,0x64 on isa0 atkbd0: AT Keyboard flags 0x1 irq 1 on atkbdc0 kbd0 at atkbd0 vga0: Generic ISA VGA at port 0x3c0-0x3df iomem 0xa-0xb on isa0 sc0: System console at flags 0x100 on isa0 sc0: VGA 16 virtual consoles, flags=0x300 sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 sio0: type 16550A sio1 at port 0x2f8-0x2ff irq 3 on isa0 sio1: type 16550A ppc0: Parallel port at port 0x378-0x37f irq 7 on isa0 ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode ppc0: FIFO with 16/16/9 bytes threshold plip0: PLIP network interface on ppbus0 lpt0: Printer on ppbus0 lpt0: Interrupt-driven port ppi0: Parallel I/O on ppbus0 IP packet filtering initialized, divert enabled, rule-based forwarding enabled, default to deny, logging limited to 10 packets/entry by default ad0: DMA limited to UDMA33, non-ATA66 cable or device ad0: 19623MB IBM-DTLA-305020 [39870/16/63] at ata0-master UDMA33 acd0: CDROM SONY CD-ROM CDU4821 at ata0-slave PIO4 Mounting root from ufs:/dev/ad0s1a Thanks, Jim C. -Original Message- From: JJB [mailto:[EMAIL PROTECTED] Sent: Saturday, July 31, 2004 10:28 AM To: James A. Coulter; [EMAIL PROTECTED] Subject: RE: Firewall Rule Set not allowing access to DNS servers? You better re-read what you posted in early post. You posted that dc1 is your outside NIC, which is connected to your cable modem which is connected to your ISP. Your outside NIC needs DHCP to get ip and dns info from your ISP. NOW YOU SAY dc1 IS INSIDE INTERFACE NAME. Make up your mind which is correct. Verify you have correct interface name coded in ipfw rules for NIC connected to cable modem and that the same NIC interface name is the one in rc.conf with DHCP option. When DHCP gets DNS info from ISP /etc/resolv.conf will auto updated with correct info. Read comments in sample firewall source and follow what comments say. You are making this harder than it really is. Also there is no setup option on UDP packets just keepstate Post full contents of your current dmesg.boot, rc.conf, ipfw rule set, and ipfw log files so people can see just want you have configured. And answer question of how you are assigning ip address to LAN PCs? Also post output of ifconfig -a command after boot completes. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of James A. Coulter Sent: Saturday, July 31, 2004 9:55 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Firewall Rule Set not allowing access to DNS servers? Thanks for the response. . . I changed rule 5 from x10 to dc0 - thanks Not sure why I would want my inside nic requesting DHCP service from my ISP. It has been working fine in the configuration I have it so I've left it the way it is. I checked the security log, and found this: Jul 30 08:58:37 sara /kernel: ipfw: 450 Deny UDP 68.105.58.150:2609 68.105.161.20:53 out via dc1 Jul 30 08:58:37 sara /kernel: ipfw: 450 Deny UDP 68.105.58.150:4067 68.1.18.25:53 out via dc1 Jul 30 08:58:37 sara /kernel: ipfw: 450 Deny UDP 68.105.58.150:3773 68.10.16.30:53 out via dc1 These are the three name servers specified in the rule set I checked the rule set and found this: # Allow out access to my ISP's Domain name server. # x.x.x.x must be the IP address of your ISP's DNS # Dup these lines if your ISP has more than one DNS server # Get the IP addresses from /etc/resolv.conf file $cmd 020 $skip tcp from any to 68.105.161.20 53 out via $pif setup keep-state $cmd 021 $skip tcp from any to 68.1.18.25 53 out via $pif setup keep-state $cmd 022 $skip tcp from any to 68.10.16.30 53 out via $pif setup keep-state Because security said the firewall was denying UDP packets, I changed the rules to this: $cmd 020 $skip udp from any to 68.105.161.20 53 out via $pif setup keep-state $cmd 021 $skip udp from any to 68.1.18.25 53 out via $pif setup keep-state $cmd 022 $skip udp from any to 68.10.16.30 53 out via $pif setup keep-state But that hasn't helped. I'm still getting: Jul 31 08:31:21 sara /kernel: ipfw: 550 Deny UDP 68.105.58.150:3178 68.105.161.20:53 out via dc1 Jul 31 08:31:21 sara /kernel: ipfw: 550 Deny UDP 68.105.58.150:4476 68.1.18.25:53 out via dc1 Jul 31 08:31:21 sara /kernel: ipfw: 550 Deny UDP 68.105.58.150:4747 68.10.16.30:53 out via dc1 FWIW, these rules are skipping to: # This is skipto location for outbound stateful rules $cmd 800 divert natd ip from any to any out via $pif $cmd 801 allow ip from any to any I apologize for being such a bother and I do appreciate any help
DHCP and the SIMPLE option in /etc/rc.firewall
I am setting up a firewall for a gateway/router running FreeBSD 4.10. This is for a small home LAN. I have already compiled and installed a custom kernel with the IPFIREWALL and IPDIVERT options and configured the firewall to pass any to any without any problems - now it's time to start locking it down. I would like to use the firewall_type=SIMPLE option rc.conf. But I'm not sure how I should set up my external nic in /etc/rc.firewall, i.e: # set these to your outside interface network and netmask and ip oif=ed0 onet=192.0.2.0 omask=255.255.255.240 oip=192.0.2.1 My outside interface is connected to a cable modem and is configured for DHCP Without a static IP address for my outside interface, how do I set these options? TIA for your help. Jim C. --- Check it out: The Black Dog Gallery http://polaris.umuc.edu/~jcoulter ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: DHCP and the SIMPLE option in /etc/rc.firewall
Thanks - I'm going to give the Stateful + NATD rule set a try. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of JJB Sent: Friday, July 30, 2004 8:20 AM To: James A. Coulter; [EMAIL PROTECTED] Subject: RE: DHCP and the SIMPLE option in /etc/rc.firewall The handbook Firewall section has been rewritten. It's temporally available from www.a1poweruser.com/FBSD_firewall/ as the Doc group works to sanitize the English. It incorporates the long awaited solution to getting ipfw + natd + stateful rules to function together, as well as OpenBSD pf firewall which is scheduled to become the third built in firewall software solution delivered with the FreeBSD install when 5.x ever makes it to the stable branch. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of James A. Coulter Sent: Friday, July 30, 2004 8:59 AM To: [EMAIL PROTECTED] Subject: DHCP and the SIMPLE option in /etc/rc.firewall I am setting up a firewall for a gateway/router running FreeBSD 4.10. This is for a small home LAN. I have already compiled and installed a custom kernel with the IPFIREWALL and IPDIVERT options and configured the firewall to pass any to any without any problems - now it's time to start locking it down. I would like to use the firewall_type=SIMPLE option rc.conf. But I'm not sure how I should set up my external nic in /etc/rc.firewall, i.e: # set these to your outside interface network and netmask and ip oif=ed0 onet=192.0.2.0 omask=255.255.255.240 oip=192.0.2.1 My outside interface is connected to a cable modem and is configured for DHCP Without a static IP address for my outside interface, how do I set these options? TIA for your help. Jim C. --- Check it out: The Black Dog Gallery http://polaris.umuc.edu/~jcoulter ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Firewall Rule Set not allowing access to DNS servers?
I am using FreeBSD 4.10 as a gateway/router for a small home LAN. My outside interface (dc1) is connected to a cable modem and is configured for DHCP. I have compiled and installed a custome kernel with IPFIREWALL and IPDIVERT options and with a rule set allowing any to any with no problems I am in the process of adding a proper rule set to provide security. I was referred to http://freebsd.a1poweruser.com:6088/FBSD_firewall/ and installed the Stateful + NATD Rule Set modified for my outside interface, domain name servers, and DHCP server. I can ping IP addresses and pass SMTP mail back and forth from the gateway/router and all machines on the LAN, but I cannot ping URLs - I am getting ping: cannot resolve www.freebsd.org: Host name lookup failure errors. This is what ipfw -a list looks like: sara# ipfw -a list 5 0 0 allow ip from any to any via xl0 00010 52 3640 allow ip from any to any via lo0 00014 0 0 divert 8668 ip from any to any in recv dc1 00015 0 0 check-state 00020 0 0 skipto 800 tcp from any to 68.105.161.20 53 keep-state out xmit dc1 setup 00021 0 0 skipto 800 tcp from any to 68.1.18.25 53 keep-state out xmit dc1 setup 00022 0 0 skipto 800 tcp from any to 68.10.16.30 53 keep-state out xmit dc1 setup 00030 0 0 skipto 800 udp from any to 172.19.17.22 67 keep-state out xmit dc1 00040 0 0 skipto 800 tcp from any to any 80 keep-state out xmit dc1 setup 00050 0 0 skipto 800 tcp from any to any 443 keep-state out xmit dc1 setup 00060 0 0 skipto 800 tcp from any to any 25 keep-state out xmit dc1 setup 00061 0 0 skipto 800 tcp from any to any 110 keep-state out xmit dc1 setup 00070 0 0 skipto 800 tcp from me to any uid root keep-state out xmit dc1 setup 00080 0 0 skipto 800 icmp from any to any keep-state out xmit dc1 00090 0 0 skipto 800 tcp from any to any 37 keep-state out xmit dc1 setup 00100 0 0 skipto 800 tcp from any to any 119 keep-state out xmit dc1 setup 00110 0 0 skipto 800 tcp from any to any 22 keep-state out xmit dc1 setup 00120 0 0 skipto 800 tcp from any to any 43 keep-state out xmit dc1 setup 00130 0 0 skipto 800 udp from any to any 123 keep-state out xmit dc1 00300 0 0 deny ip from 192.168.0.0/16 to any in recv dc1 00301 0 0 deny ip from 172.16.0.0/12 to any in recv dc1 00302 0 0 deny ip from 10.0.0.0/8 to any in recv dc1 00303 0 0 deny ip from 127.0.0.0/8 to any in recv dc1 00304 0 0 deny ip from 0.0.0.0/8 to any in recv dc1 00305 0 0 deny ip from 169.254.0.0/16 to any in recv dc1 00306 0 0 deny ip from 192.0.2.0/24 to any in recv dc1 00307 0 0 deny ip from 204.152.64.0/23 to any in recv dc1 00308 0 0 deny ip from 224.0.0.0/3 to any in recv dc1 00315 0 0 deny tcp from any to any 113 in recv dc1 00320 0 0 deny tcp from any to any 137 in recv dc1 00321 0 0 deny tcp from any to any 138 in recv dc1 00322 0 0 deny tcp from any to any 139 in recv dc1 00323 0 0 deny tcp from any to any 81 in recv dc1 00330 0 0 deny ip from any to any in recv dc1 frag 00332 0 0 deny tcp from any to any in recv dc1 established 00360 0 0 allow udp from 172.19.17.22 to any 68 keep-state in recv dc1 00370 0 0 allow tcp from any to me 80 limit src-addr 2 in recv dc1 setup 00370 0 0 allow tcp from any to me limit src-addr 2 in recv dc1 setup 00380 0 0 allow tcp from any to me 22 limit src-addr 2 in recv dc1 setup 00400 0 0 deny log logamount 10 ip from any to any in recv dc1 00450 81 5288 deny log logamount 10 ip from any to any out xmit dc1 00800 0 0 divert 8668 ip from any to any out xmit dc1 00801 645 59255 allow ip from any to any 00999 0 0 deny log logamount 10 ip from any to any 65535 1 347 deny ip from any to any This is what my /etc/rc.conf looks like: hostname=sara.mshome.net ifconfig_dc1=DHCP ifconfig_dc0=inet 192.168.1.1 netmask 255.255.255.0 firewall_enable=YES firewall_script=/etc/ipfw.rules firewall_logging=YES kern_securelevel_enable=NO linux_enable=YES moused_enable=YES named_enable=YES nfs_client_enable=YES nfs_reserved_port_only=YES nfs_server_enable=YES sendmail_enable=YES sshd_enable=YES usbd_enable=YES ntpd_enable=YES inetd_enable=YES gateway_enable=YES natd_enable=YES natd_interface=dc1 natd_flags=-dynamic Finally, this is what /etc/resolv.conf looks like: sara# more /etc/resolv.conf search pn.at.cox.net nameserver 68.105.161.20 nameserver 68.1.18.25 nameserver 68.10.16.30 Any ideas? Thanks, Jim C. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
SOLVED: NEWBIE: FreeBSD 4.10 Internet gateway/DNS problem
On Tue, Jul 13, 2004 at 10:51:21AM -0500, James A. Coulter wrote: I am trying to setup my FreeBSD 4.10 box as an internet gateway for a small home LAN (2x Win XP and 1x Win 98SE) The LAN operates without any problems when using the Win 98SE box as a gateway - all computers can access the internet I have two nics installed in the FreeBSD box: dc0 is the LAN interface via 4-port Linksys hub dc1 is the WAN interface via cable modem I have successfully connected to the internet with dc1 I can ping all other machines on my home LAN with dc0 and vice versa I cannot access the internet from any machine except the FreeBSD gateway ifconfig looks like this: snip I'm not sure what to do next. For some reason the Windows cannot access a name server. From what I understand from the literature I've been using (FreeBSD Handbook, Lehey's The Complete FreeBSD, and Anderson's FreeBSD: An Open-Source etc etc) all that should be needed is set gateway_enable=YES in /etc/rc.conf and I've done that. Google revealed some info on using natd for PPOE, but not sure if that applies to this problem. Definitely you must use NAT. Search Handbook for Network Address Translation. All suggestions/out-right solutions appreciated. TIA, Jim C. Hello. You might try something like this in your /etc/rc.conf : gateway_enable=YES ifconfig_dc1=DHCP dhcp_program=/sbin/dhclient dhcp_flags=-q ifconfig_dc0=inet 192.168.1.1 netmask 255.255.255.0 natd_enable=YES natd_interface=dc0 natd_flags=-dynamic And if you like some little protection : firewall_enable=YES firewall_script=/etc/rc.firewall firewall_type=OPEN firewall_logging=YES And it's never wrong to spend some time reading the man pages :-) Don't forget to put the IP of your Gateway on the Winboxes. /Hasse Sorry for the very late response and thanks very much for the suggestions to check out NAT. That was of course the problem. Being a newbie and life-long Windows user, I thought gateway_enable=YES in rc.conf was the magic word. But it isn't and I read up on NAT and natd and built a custom kernel with: options IPFIREWALL options IPDIVERT and made the changes to rc.conf as detailed above and now my FreeBSD box is passing packets back and forth from all the Windows boxes on my LAN to the WAN beautifully. Thanks again for your help! Jim C. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: runing FreeBSD on WinXP using free PC virtualization software
Virtual PC works really well too, but the original poster asked about 'free' options...honestly, I prefer MS Virtual PC to Bochs at this point, at least on my Mac; but Bochs is coming along nicely. On Sun, 18 Jul 2004 01:59:59 -0400, Aaron Myles Landwehr [EMAIL PROTECTED] wrote: ashadul hoque wrote: Hello everyone, Is there any free software to run FreeBSD on WinXP? I tried google and it looks like there is no free software to run FreeBSD on WinXP. regards Ashadul ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Micriosoft Virtual PC works. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- James W. Thompson, II (New Orleans, LA) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: runing FreeBSD on WinXP using free PC virtualization software
You could run it in Bochs. Check out the project at http://bochs.sourceforge.net/ I use it on my Mac and it works fine. On Sun, 18 Jul 2004 10:27:11 +0600, ashadul hoque [EMAIL PROTECTED] wrote: Hello everyone, Is there any free software to run FreeBSD on WinXP? I tried google and it looks like there is no free software to run FreeBSD on WinXP. regards Ashadul ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- James W. Thompson, II (New Orleans, LA) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
[Somewhat OT] Virtual Hosting Control Panels
I am curious if anyone is familar with any Free [fsf.org] or open source virtual hosting control panels except for Webmin and it's virtual hosting add-on. I currently use Plesk 7 on my dedicated server but would rather use a Free or open source alternative. Anyone have any experiences or ideas to share? Thansk! -- James W. Thompson, II (New Orleans, LA) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
natd ipfw
___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NEWBIE: FreeBSD 4.10 Internet gateway/DNS problem
I am trying to setup my FreeBSD 4.10 box as an internet gateway for a small home LAN (2x Win XP and 1x Win 98SE) The LAN operates without any problems when using the Win 98SE box as a gateway - all computers can access the internet I have two nics installed in the FreeBSD box: dc0 is the LAN interface via 4-port Linksys hub dc1 is the WAN interface via cable modem I have successfully connected to the internet with dc1 I can ping all other machines on my home LAN with dc0 and vice versa I cannot access the internet from any machine except the FreeBSD gateway ifconfig looks like this: dc0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet6 fe80::204:5aff:fe76:55f0%dc0 prefixlen 64 scopeid 0x1 inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 ether 00:04:5a:76:55:f0 media: Ethernet autoselect (100baseTX full-duplex) status: active dc1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet6 fe80::2a0:ccff:fe33:e1f6%dc1 prefixlen 64 scopeid 0x2 inet 68.105.58.150 netmask 0xfe00 broadcast 68.105.59.255 ether 00:a0:cc:33:e1:f6 media: Ethernet autoselect (100baseTX full-duplex) status: active lp0: flags=8810POINTOPOINT,SIMPLEX,MULTICAST mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff00 ppp0: flags=8010POINTOPOINT,MULTICAST mtu 1500 sl0: flags=c010POINTOPOINT,LINK2,MULTICAST mtu 552 faith0: flags=8002BROADCAST,MULTICAST mtu 1500 The contents of /etc/rc.conf are: hostname=sara.mshome.net ifconfig_dc0=inet 192.168.1.1 netmask 255.255.255.0 ifconfig_dc1=DHCP snip inetd_enable=YES gateway_enable=YES When I try to ping an outside address from a Windows box, I get this response: Ping request could not find host www.freebsd.org. Please check the name and try again. When I try to ping a known good URL, I get this response: Pinging 68.99.63.5 with 32 bytes of data: Request timed out. Ping statistics for 68.99.63.5: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss) I have tried setting the DNS servers on the Windows box to the addresses listed in /etc/resolv.conf: 68.105.161.20 68.1.18.25 68.10.16.30 I have also tried setting the DNS address directly to the default gateway 192.168.1.1 and get the same response. While searching around in /stand/sysinstall I found the named daemon enabled. I disabled with no change (I have since re-enabled it because I believe that was the default setting when I installed FreeBSD) FWIW, here's output of netstat -rn on the FreeBSD box: Internet: DestinationGatewayFlagsRefs Use Netif Expire default68.105.58.1UGSc23dc1 68.105.58/23 link#2 UC 20dc1 68.105.58.100:06:2a:cb:7c:54 UHLW20dc1 1199 68.105.58.150 127.0.0.1 UGHS00lo0 127.0.0.1 127.0.0.1 UH 2 26lo0 192.168.1 link#1 UC 10dc0 192.168.1.110 00:08:74:3b:8b:ba UHLW04dc0 1081 Internet6: Destination Gateway Flags Netif Expire ::/96 ::1 UGRSc lo0 ::1 ::1 UH lo0 :::0.0.0.0/96 ::1 UGRSc lo0 fe80::/10 ::1 UGRSc lo0 fe80::%dc0/64 link#1UC dc0 fe80::204:5aff:fe76:55f0%dc0 00:04:5a:76:55:f0 UHL lo0 fe80::%dc1/64 link#2UC dc1 fe80::2a0:ccff:fe33:e1f6%dc1 00:a0:cc:33:e1:f6 UHL lo0 fe80::%lo0/64 fe80::1%lo0 Uc lo0 fe80::1%lo0 link#4UHL lo0 ff01::/32 ::1 U lo0 ff02::/16 ::1 UGRS lo0 ff02::%dc0/32 link#1UC dc0 ff02::%dc1/32 link#2UC dc1 ff02::%lo0/32 ::1 UC lo0 And the results of netstat -rn on the Windows box: Active Routes: Network DestinationNetmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.110 20 127.0.0.0255.0.0.0127.0.0.1 127.0.0.1 1 192.168.1.0255.255.255.0192.168.1.110 192.168.1.110 20 192.168.1.110 255.255.255.255127.0.0.1 127.0.0.1 20 192.168.1.255 255.255.255.255192.168.1.110 192.168.1.110 20 224.0.0.0
Making the World Remotely
I am tracking RELENG_4_9 for a dedicated server and unfortunately have no way of accessing the system in single user mode. I have managed to get a custom kernel running but was wondering if there is any safe way to make world and install world remotely without having to arrange for a tech to do it for me at $100/hr. I was just wondering since the handbook only mentions doing install world from single user mode. Thanks! -- James W. Thompson, II (New Orleans, LA) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
SOLVED: NEWBIE: Logging into Cox Cable service
That's it Matt. Cycling the power on the modem did the trick. I guess the modem itself is registered with the ISP - that's how they know if it's legit or not. Thanks to all who helped this newbie out! Jim C. On Mon 7/12/2004 2:01 AM Matt Haley wrote: I have Cox.net here. What seems to happen is that the cable modem itself latches on (so to speak) to the MAC address of the nic you're using. Usually, all that is required is to power cycle the cable modem and it should see the new nic and you'll be able to get your DHCP response. HTH. On Sun, 11 Jul 2004 10:10:41 -0500, James A. Coulter [EMAIL PROTECTED] wrote: I am running FreeBSD 4.10 and am trying to connect to my Cox ISP via a an Ethernet nic and cable modem. I have DHCP for the nic enabled in /etc/rc.conf and can obtain an IP address from my Windows 98 gateway, but when I connect the nic to the cable modem and reboot I do not get a response from the cox DHCP server. The nic shows active in ifconfig, but no IP is assigned to it. I suspect the Cox DHCP server is expecting a username and password from dhclient.conf I googled and the closest answer I found was a short article in the FreeBSD Diary published in 2000 that gave this as an example dhclient.conf: interface de0 { send host-name cr123456-a; request subnet-mask, broadcast-address, routers, domain-name-servers, domain-name, time-servers; require domain-name-servers; } I tried substituting my own interface and looked up the hostname info cox provided to my Windows 98 box and swapped the computer names, but no luck. Is my hunch correct? When I set up my Windows boxes to connect to Cox with their CD, it always asked for the main account username and password so I'm guessing when the dhcp client sends out its request for an address, the Cox DHCP server is expecting a username and password. Can anyone tell me how to send the username and password? TIA, Jim C. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.718 / Virus Database: 474 - Release Date: 7/9/2004 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: I downloaded everything to no avail! ISO's fail to burn
Your cd burner software should have an option to create a cd from an image. This is different than just copying files to a bland cd-rom. Look in the 'File' drop-down menu. Don't feel bad - I made the same mistake and posted the same question on this board about two years ago. P.S. Google is your best friend when researching FreeBSD issues. HTH Jim C. -Original Message- From: [EMAIL PROTECTED] [mailto:owner-freebsd- [EMAIL PROTECTED] On Behalf Of Jerry Schromm Sent: Monday, July 12, 2004 5:22 PM To: [EMAIL PROTECTED] Subject: I downloaded everything to no avail! ISO's fail to burn Hi everyone, I am not sure how this works or if I will ever get feedback. Anyway I just discovered FreeBSD yesterday. I read all about it and I am excited to intrigue myself with this new pc adventure. Sounds great and I will learn something about code at the same time. I feel it had a kind of old school feeling to it, at the same time cutting edge technology. I am a believer in it's viability over Microsofts Windows. They love to hide information from us not inform us. The reason I am writing. I downloaded the 5.2.1 IS0's. I burned the boot disk successfully it seems. But I tried to burn the first big ISO file and it failed to burn. Some type of burn error following the track or something. Then I tried that other download that isn't the ISO but the regular files. That wouldn't do anything either. It burned but I can't instal it. That doesn't boot. Or install in anyway. I am wondering if FreeBSD is actually free or is this a way to get us to order the retail box lol. I don't want to feel that way. Yestersay I was so excited about this. I hope you can enlighten me some. Thanks a lot, Jerry Schromm Corning, California ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.718 / Virus Database: 474 - Release Date: 7/9/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.718 / Virus Database: 474 - Release Date: 7/9/2004 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NEWBIE: Logging into Cox Cable service
I am running FreeBSD 4.10 and am trying to connect to my Cox ISP via a an Ethernet nic and cable modem. I have DHCP for the nic enabled in /etc/rc.conf and can obtain an IP address from my Windows 98 gateway, but when I connect the nic to the cable modem and reboot I do not get a response from the cox DHCP server. The nic shows active in ifconfig, but no IP is assigned to it. I suspect the Cox DHCP server is expecting a username and password from dhclient.conf I googled and the closest answer I found was a short article in the FreeBSD Diary published in 2000 that gave this as an example dhclient.conf: interface de0 { send host-name cr123456-a; request subnet-mask, broadcast-address, routers, domain-name-servers, domain-name, time-servers; require domain-name-servers; } I tried substituting my own interface and looked up the hostname info cox provided to my Windows 98 box and swapped the computer names, but no luck. Is my hunch correct? When I set up my Windows boxes to connect to Cox with their CD, it always asked for the main account username and password so Im guessing when the dhcp client sends out its request for an address, the Cox DHCP server is expecting a username and password. Can anyone tell me how to send the username and password? TIA, Jim C. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.718 / Virus Database: 474 - Release Date: 7/9/2004 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
System Profile
Is there a way to find out what hardware was detected by FreeBSD or to get a list of what it recognizes on my system? -- James W. Thompson, II (New Orleans, LA) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Routing problem in IPv4/IPSec VPN environment
As a personal favor, I am building a VPN for a small business. I have chosen FreeBSD for this due to my greater familiarity. The project will consist of linking four sites, each with a FreeBSD system providing DHCP, NAT, and VPN services. I have built DHCP and NAT servers before, but the IPSec and VPN is new to me. Right now, the first two systems are nearly complete. The two machines are named goldengate and waltwhitman. Here's the IP config, currently: goldengate: external 192.168.1.101 internal 10.1.1.1 waltwhitman: external 192.168.1.102 internal 10.1.2.1 The external interfaces are in the reserved space because testing is taking place behind a cable/DSL router providing NAT services. The output of gifconfig -a; ifconfig -a; netstat -rn for each will be provided at the end of this message. IPSec, with Racoon, is properly exchanging keys. From goldengate, I can ping 10.1.2.1 and from waltwhitman I can ping 10.1.1.1. If a Windows computer is connected behind either system, they receive an IP (10.1.x.254, where x is the network number). The problem is, if behind the 10.1.2.1 firewall, I cannot ping 10.1.1.1 and vice-versa. I assume, at this point, this is some type of routing issue and not a problem with IPSec. This seems to be confirmed by the fact tracerouting to the local internal interface goes through the *other* internal interface first: waltwhitman$ ifconfig bge1; traceroute 10.1.2.1 bge1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=3RXCSUM,TXCSUM inet 10.1.2.1 netmask 0xff00 broadcast 10.1.2.255 inet6 fe80::209:5bff:fe60:e508%bge1 prefixlen 64 scopeid 0x2 ether 00:09:5b:60:e5:08 media: Ethernet autoselect (10baseT/UTP half-duplex) status: active traceroute to 10.1.2.1 (10.1.2.1), 64 hops max, 44 byte packets 1 10.1.1.1 (10.1.1.1) 0.848 ms 0.736 ms 0.783 ms 2 10.1.2.1 (10.1.2.1) 1.173 ms 1.262 ms 1.247 ms The other machine behaves identically, except the numbers are reversed. At this point, I have reached the limits of my knowledge. Any help would be appreciated. Thank you, James Notes on the output: IPv6 info removed from netstat output. There is a third interface in WALTWHITMAN which may break off to a DMZ in the future. No descision has been made and won't be for some time. The interface was given the IP 172.16.1.1. GOLDENGATE: goldengate$ gifconfig -a; ifconfig -a; netstat -rn gif0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1280 inet 10.1.1.1 -- 10.1.2.1 netmask 0x inet6 fe80::209:5bff:fe62:714e%gif0 prefixlen 64 physical address inet 192.168.1.101 -- 192.168.1.102 bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=3RXCSUM,TXCSUM inet 10.1.1.1 netmask 0xff00 broadcast 10.1.1.255 inet6 fe80::209:5bff:fe62:714e%bge0 prefixlen 64 scopeid 0x1 ether 00:09:5b:62:71:4e media: Ethernet autoselect (100baseTX full-duplex) status: active xl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=1RXCSUM inet6 fe80::2b0:d0ff:fe23:5b8d%xl0 prefixlen 64 scopeid 0x2 inet 192.168.1.101 netmask 0xff00 broadcast 192.168.1.255 ether 00:b0:d0:23:5b:8d media: Ethernet autoselect (100baseTX full-duplex) status: active lp0: flags=8810POINTOPOINT,SIMPLEX,MULTICAST mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff00 faith0: flags=8002BROADCAST,MULTICAST mtu 1500 gif0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1280 tunnel inet 192.168.1.101 -- 192.168.1.102 inet 10.1.1.1 -- 10.1.2.1 netmask 0x inet6 fe80::209:5bff:fe62:714e%gif0 prefixlen 64 scopeid 0x6 Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default192.168.1.1UGSc3 6082xl0 10.1.1/24 link#1 UC 20 bge0 10.1.1.1 00:09:5b:62:71:4e UHLW0 306lo0 10.1.1.254 link#1 UHLW214933 bge0 10.1.2/24 10.1.2.0 UGSc015578xl0 10.1.2.1 10.1.1.1 UH 0 2060 gif0 127.0.0.1 127.0.0.1 UH 1 48lo0 192.168.1 link#2 UC 30xl0 192.168.1.100:0c:41:7f:8a:6e UHLW42xl0 1042 192.168.1.100 00:30:65:2e:ae:f7 UHLW00xl0 1100 192.168.1.101 127.0.0.1 UGHS00lo0 192.168.1.102 00:b0:d0:a1:81:09 UHLW313842xl0 1054 WALTWHITMAN: waltwhitman$ gifconfig -a; ifconfig -a; netstat -rn gif0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1280 inet 10.1.2.1 -- 10.1.1.1 netmask 0x inet6 fe80
Routing problem in IPv4/IPSec VPN environment
(This message may reappear in the future, it was rejected by the lists from my webhost.) As a personal favor, I am building a VPN for a small business. I have chosen FreeBSD for this due to my greater familiarity. The project will consist of linking four sites, each with a FreeBSD system providing DHCP, NAT, and VPN services. I have built DHCP and NAT servers before, but the IPSec and VPN is new to me. Right now, the first two systems are nearly complete. The two machines are named goldengate and waltwhitman. Here's the IP config, currently: goldengate: external 192.168.1.101 internal 10.1.1.1 waltwhitman: external 192.168.1.102 internal 10.1.2.1 The external interfaces are in the reserved space because testing is taking place behind a cable/DSL router providing NAT services. The output of gifconfig -a; ifconfig -a; netstat -rn for each will be provided at the end of this message. IPSec, with Racoon, is properly exchanging keys. From goldengate, I can ping 10.1.2.1 and from waltwhitman I can ping 10.1.1.1. If a Windows computer is connected behind either system, they receive an IP (10.1.x.254, where x is the network number). The problem is, if behind the 10.1.2.1 firewall, I cannot ping 10.1.1.1 and vice-versa. I assume, at this point, this is some type of routing issue and not a problem with IPSec. This seems to be confirmed by the fact tracerouting to the local internal interface goes through the *other* internal interface first: waltwhitman$ ifconfig bge1; traceroute 10.1.2.1 bge1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=3RXCSUM,TXCSUM inet 10.1.2.1 netmask 0xff00 broadcast 10.1.2.255 inet6 fe80::209:5bff:fe60:e508%bge1 prefixlen 64 scopeid 0x2 ether 00:09:5b:60:e5:08 media: Ethernet autoselect (10baseT/UTP half-duplex) status: active traceroute to 10.1.2.1 (10.1.2.1), 64 hops max, 44 byte packets 1 10.1.1.1 (10.1.1.1) 0.848 ms 0.736 ms 0.783 ms 2 10.1.2.1 (10.1.2.1) 1.173 ms 1.262 ms 1.247 ms The other machine behaves identically, except the numbers are reversed. At this point, I have reached the limits of my knowledge. Any help would be appreciated. Thank you, James Notes on the output: IPv6 info removed from netstat output. There is a third interface in WALTWHITMAN which may break off to a DMZ in the future. No descision has been made and won't be for some time. The interface was given the IP 172.16.1.1. GOLDENGATE: goldengate$ gifconfig -a; ifconfig -a; netstat -rn gif0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1280 inet 10.1.1.1 -- 10.1.2.1 netmask 0x inet6 fe80::209:5bff:fe62:714e%gif0 prefixlen 64 physical address inet 192.168.1.101 -- 192.168.1.102 bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=3RXCSUM,TXCSUM inet 10.1.1.1 netmask 0xff00 broadcast 10.1.1.255 inet6 fe80::209:5bff:fe62:714e%bge0 prefixlen 64 scopeid 0x1 ether 00:09:5b:62:71:4e media: Ethernet autoselect (100baseTX full-duplex) status: active xl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=1RXCSUM inet6 fe80::2b0:d0ff:fe23:5b8d%xl0 prefixlen 64 scopeid 0x2 inet 192.168.1.101 netmask 0xff00 broadcast 192.168.1.255 ether 00:b0:d0:23:5b:8d media: Ethernet autoselect (100baseTX full-duplex) status: active lp0: flags=8810POINTOPOINT,SIMPLEX,MULTICAST mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff00 faith0: flags=8002BROADCAST,MULTICAST mtu 1500 gif0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1280 tunnel inet 192.168.1.101 -- 192.168.1.102 inet 10.1.1.1 -- 10.1.2.1 netmask 0x inet6 fe80::209:5bff:fe62:714e%gif0 prefixlen 64 scopeid 0x6 Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default192.168.1.1UGSc3 6082xl0 10.1.1/24 link#1 UC 20 bge0 10.1.1.1 00:09:5b:62:71:4e UHLW0 306lo0 10.1.1.254 link#1 UHLW214933 bge0 10.1.2/24 10.1.2.0 UGSc015578xl0 10.1.2.1 10.1.1.1 UH 0 2060 gif0 127.0.0.1 127.0.0.1 UH 1 48lo0 192.168.1 link#2 UC 30xl0 192.168.1.100:0c:41:7f:8a:6e UHLW42xl0 1042 192.168.1.100 00:30:65:2e:ae:f7 UHLW00xl0 1100 192.168.1.101 127.0.0.1 UGHS00lo0 192.168.1.102 00:b0:d0:a1:81:09 UHLW313842xl0 1054 WALTWHITMAN: waltwhitman$ gifconfig -a; ifconfig -a; netstat -rn gif0: flags=8051UP,POINTOPOINT,RUNNING
Burn
I down loaded the newest version release 5.2.1 i386 and I seem to have a problem burning disk 2 it says ziped it is 268 megs but when I unzip it and try to burn it to CD it says it is 799 megs ?? Any ideas? James Mooney IT Dept Decatur Hotels Corp 317 Magazine St New Orleans La.70130 504-962-5582 This e-mail may contain confidential, copyright or privileged information. If you are not the intended recipient or if you have received this e-mail in error, please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. I cannot guarantee the integrity of this communication, or that it is free from errors, viruses or interference. As the Internet is not a guaranteed secure environment, I cannot ensure that an email is not interfered with during transmission. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.699 / Virus Database: 456 - Release Date: 06/04/2004 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
newuser
I have BSD UNIX. What commands should I use from the root to create a new user. Thanks. Jamie Bell [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
4.10 and Plesk 7
I was curious if anyone here has had any experience using Plesk 7.x on FreeBSD 4.10. SW-Soft recommends 4.9 and I am fine with that but would like to use 4.10 if there are no issues. Thank! -- James W. Thompson, II (New Orleans, LA) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BSD ?
On Fri, 25 Jun 2004 12:18:57 -0700, Gill Elmgren [EMAIL PROTECTED] wrote: I have a Kayak XU800 dual processor computer and I'm confused as to which version of FreeBSD I sould download for installation on this machine. Thanks Best Regards Gill --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.708 / Virus Database: 464 - Release Date: 6/18/2004 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Somebody else can tell me if I'm wrong, but I believe that you would just use the x86 version from what I have googled it looks like it is a Pentium class machine so the x86 version should do the trick. -- James W. Thompson, II (New Orleans, LA) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
linksys pccard
I am running 4.9 stable on an Amstech Roadster 15 laptop. I was using a linksys Ethernet Card that was working perfectly until yesterday.Just out of the blue it began to freeze the whole system when I plug the card in.Everything works fine when I unplug it. Do you have any idea why it would be working great, then just decide to act this way? James Rogers Springville Utah __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Monthly security run.
Doing login accounting: total 1438.65 jimmie 1435.18 root 3.46 This all makes perfect sense, though I was wondering, if there's an easy way to get the script to log how many times (and optionally, who) uses su or su - and to what account they jumped to. Unfortunaly, I'm not a code monkey, so digging around in the source, and trying myself would probably break something. It's just an idea. Jimmie. __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems installing a USB keyboard
On Tue, Jun 01, 2004 at 11:26:43AM -0400, Robert Huff wrote: What am I missing? Sorry if this is something painfully obvious. It isn't, but you may find this applicable: http://www.freebsd.org/cgi/query-pr.cgi?pr=30570 Thanks for your reply! If I am not mistaken the fix for this problem is to remove the AT keyboard driver from the kernel? This is mentioned somewhere in the handbook, too I think. There are two entries in the kernel configuration for the keyboard (controller): device atkbdc0 at isa? port IO_KBD device atkbd0 at atkbdc? irq 1 # flags 0x1: remove and reconnect kbd correctly Which one has to be removed? Probably both, right? But as far as I understand, the atkbdc0 also controls the PS/2 mouse; does that mean it is not possible to use a USB keyboard with a PS/2 mouse? Sounds like I should keep using the keyboard with the USB-to-PS/2 converter, doesn't it? :) But I'll try removing the AT driver first Just my experence here, I'm using a USB KBD and PS/2 mouse just fine. ukbd0: Microsoft Microsoft Natural Keyboard Pro, rev 1.10/1.11, addr 3, iclass 3/1 My kernel config has: device atkbdc0 at isa? port IO_KBD #device atkbd0 at atkbdc? irq 1 device psm0at atkbdc? irq 12 ... device uhci device usb device ukbd device uhid That said, I A) can't pause the bootloader (no option in my BIOS for legacy USB support) B) or can I use a PS/2 KBD at all with this configuration. Hope it helps you out. Jimmie __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Diskless with read-only /etc?
I'm running a diskless 5.2-CURRENT, and it has a read-only /etc. sshd can't start, because it can't create /etc/ssh/ssh_host_key. I can work around this myself, of course, but is there a better way? Thanks. -- James Bowman http://acelere.net ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
support platform
Dear All I am James wang at IBMTaiwan and responsible for IBM xSeries. My question is : Can FreeBSD support IBM high end PC server ( x445, Xeon CPU ) ? thanks james wang WITH BEST REGARDS James Wang Manager,Taichung Office Tel : 04-305 5678 Ext 1548 or Direct : 04-324 1548 Fax : 04-301 4411 Mobil : 0932390262 Mail : [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
comments
My server had some apps running that should not have been there. You have a hacker using your site to gather info on servers. What are your plans to stop? What is your phone number and contact name? Here is part of the script. Notice USA as the country. This is one of many batch files that were found on my server. @echo off echo *---*info.txt echo *--Computer Specs --*info.txt echo *---*info.txt psinfo.exe -d info.txt echo *---*info.txt echo *--List of Current Processes Running --*info.txt echo *---*info.txt pslist.exeinfo.txt echo *---*info.txt echo *--Result of speed test from various countries--*info.txt echo *---*info.txt echo COUNTRY: DENMARK info.txt ftpc.exe -n -A -s:ftpc.cmds ftp.dk.FreeBSD.org Status-1of15 findstr /C:bytes rec Status-1of15info.txt del ncurses.tar.gz echo *---*info.txt echo COUNTRY: GERMANY info.txt del Status-1of15 ftpc.exe -n -A -s:ftpc.cmds ftp.de.freebsd.org Status-2of15 findstr /C:bytes rec Status-2of15 info.txt del ncurses.tar.gz echo *---*info.txt echo COUNTRY: NETHERLANDS info.txt del Status-2of15 ftpc.exe -n -A -s:ftpc.cmds ftp2.nl.freebsd.org Status-3of15 findstr /C:bytes rec Status-3of15 info.txt del ncurses.tar.gz echo *---*info.txt echo COUNTRY: USA info.txt del Status-3of15 ftpc.exe -n -A -s:ftpc.cmds ftp1.FreeBSD.org Status-4of15 findstr /C:bytes rec Status-4of15 info.txt del ncurses.tar.gz echo *---*info.txt echo COUNTRY: USA2 info.txt del Status-4of15 ftpc.exe -n -A -s:ftpc2.cmds ftp.lucasarts.com Status-5of15 findstr /C:bytes rec Status-5of15 info.txt del Indyprev.zip echo *---*info.txt echo COUNTRY: Canada info.txt del Status-5of15 ftpc.exe -n -A -s:ftpca.cmds ftp.crc.ca Status-6of15 findstr /C:bytes rec Status-6of15 info.txt del latest-defs.exe echo *---*info.txt echo COUNTRY: SWEDEN info.txt del Status-6of15 ftpc.exe -n -A -s:ftpc.cmds ftp.se.FreeBSD.org Status-7of15 findstr /C:bytes rec Status-7of15 info.txt del ncurses.tar.gz echo *---*info.txt echo COUNTRY: UK info.txt del Status-7of15 ftpc.exe -n -A -s:ftpc.cmds ftp.uk.FreeBSD.org Status-8of15 findstr /C:bytes rec Status-8of15 info.txt del ncurses.tar.gz echo *---*info.txt echo COUNTRY: FRANCE info.txt del Status-8of15 ftpc.exe -n -A -s:ftpc.cmds ftp8.fr.FreeBSD.org Status-9of15 findstr /C:bytes rec Status-9of15 info.txt del ncurses.tar.gz echo *---*info.txt echo COUNTRY: NL 2 info.txt del Status-9of15 ftpc.exe -n -A -s:ftpco.cmds 194.171.240.20 Status-10of15 findstr /C:bytes rec Status-10of15 info.txt del patch-2.4.19.gz echo *---*info.txt echo COUNTRY: NL 3 info.txt del Status-10of15 ftpc.exe -n -A -s:ftpce.cmds ftp.euronet.nl Status-11of15 findstr /C:bytes rec Status-11of15 info.txt del 5M.bin echo *---*info.txt echo COUNTRY: NL 4 info.txt del Status-11of15 ftpc.exe -n -A -s:ftpcy.cmds ftp.chello.nl Status-12of15 findstr /C:bytes rec Status-12of15 info.txt del LT.zip echo *---*info.txt echo COUNTRY: NO info.txt del Status-12of15 ftpc.exe -n -A -s:ftpcx.cmds ftp.no.FreeBSD.org Status-13of15 findstr /C:bytes rec Status-13of15 info.txt del MBM5300.EXE echo *---*info.txt echo COUNTRY: AT info.txt del Status-13of15 ftpc.exe -n -A -s:ftpch.cmds ftp.chello.at Status-14of15 findstr /C:bytes rec Status-14of15 info.txt del dx5ger.exe echo *---*info.txt echo COUNTRY: HU info.txt del Status-14of15 ftpc.exe -n -A -s:ftpch.cmds ftp.chello.hu Status-15of15 findstr /C:bytes rec Status-15of15 info.txt del dx5ger.exe del Status-15of15 echo *-- DONE ---*info.txt echo . +Speed Test Complete ___ [EMAIL PROTECTED] mailing list
Dependency hell
Hello all, It's been awhile since I used FreeBSD but I've been itching to try 5.x so I installed it the other day. Im having big problems with the ports collection and dependencies even though I've read through multiple docs on using portupgrade which is suppose to make dealing with dependencies easy. I apoligize if I'm missing something obvious here but I'd appreciate any help because I am not seeing any easy solutions. Problem in a nutshell: I install FBSD 5.2.1 Grab the latest ports tree portsdb -Uu Now,for example, I use portupdate to install a port that requires the latest version of expat - so expat is upgraded and I now have libexpat.so.5 Xterm no longer works because it depends on libexpat.so.4 Making a simple symlink from libexpat.so.4 to libexpat.so.5 will allow xterm to run again - but of course that's a dirty disgusting way to do things. From what I understood, pkgdb is the tool to fix this, but running pkgdb -F will not prompt me to change xterm dependencies from libexpat.so.4 to libexpat.so.5. This has been the case with a handful of other libraries that have been upgraded. Surely I don't need to recompile Xfree86 and everything else thats looking for libexpat.so.4 or another library that has been upgraded...right??? Heres an example with pango, which was upgraded with portupgrade. [EMAIL PROTECTED] lib]$sudo pkgdb -F --- Checking the package registry database [EMAIL PROTECTED] lib]$ Ok, so everything should be fine right? [EMAIL PROTECTED] lib]$epiphany /libexec/ld-elf.so.1: Shared object libpangoft2-1.0.so.200 not found ...but it isnt. [EMAIL PROTECTED] lib]$ls -lah libpangoft2* -rw-r--r-- 1 root wheel167K Apr 19 08:11 libpangoft2-1.0.a lrwxr-xr-x 1 root wheel 22B Apr 19 08:11 libpangoft2-1.0.so - libpangoft2-1.0.so.399 -rwxr-xr-x 1 root wheel148K Apr 19 08:11 libpangoft2-1.0.so.399 Shouldn't epiphany have been updated to use the new pango with pkgdb -F? What am I doing wrong?? Please help figure out what I'm missing here! Thanks, James Ziller Information Systems Quad/Graphics - Q/DS West Allis, Wisconsin [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Dependency hell
So in other words I do have to recompile everything that depends on a given library just because that library is updated to a slightly newer version?:( jz -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, April 19, 2004 9:20 AM To: Ziller, James Cc: '[EMAIL PROTECTED]' Subject: Re: Dependency hell Ziller, James [EMAIL PROTECTED] writes: Making a simple symlink from libexpat.so.4 to libexpat.so.5 will allow xterm to run again - but of course that's a dirty disgusting way to do things. From what I understood, pkgdb is the tool to fix this, but running pkgdb -F will not prompt me to change xterm dependencies from libexpat.so.4 to libexpat.so.5. No, that's not the tool to fix it. As /usr/ports/UPDATING would tell you, do a portupgrade -fr textproc/expat2. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Dependency hell
So then is there a way that the ports/package system can automatically handle replacing libfoo.so.3 with libfoo.so.4, so that packages compiled to use libfoo.so.3 can use libfoo.so.4 instead (assuming the new version is backward compatable)? Or can the port link against say libfoo.so (which should be a symlink to the version of the library that's installed)? Thanks for the responses, James -Original Message- From: Charles Swiger [mailto:[EMAIL PROTECTED] Sent: Monday, April 19, 2004 1:18 PM To: Ziller, James Cc: '[EMAIL PROTECTED]' Subject: Re: Dependency hell On Apr 19, 2004, at 10:28 AM, Ziller, James wrote: So in other words I do have to recompile everything that depends on a given library just because that library is updated to a slightly newer version?:( Well, you could simply use the old version of the library. It's not especially hard to write code in a way that maintains upwards compatibility-- putting a version # or sizeof(struct foo) in structures being passed around helps!-- but some projects don't bother. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Dependency hell - fixed
Thanks a lot for all the advice and explanations. My system is now back in working order after hours of recompiling, now I know how to avoid this mess to begin with! -jz -Original Message- From: Charles Swiger [mailto:[EMAIL PROTECTED] Sent: Monday, April 19, 2004 2:05 PM To: Ziller, James Cc: '[EMAIL PROTECTED]' Subject: Re: Dependency hell On Apr 19, 2004, at 2:34 PM, Ziller, James wrote: So then is there a way that the ports/package system can automatically handle replacing libfoo.so.3 with libfoo.so.4, so that packages compiled to use libfoo.so.3 can use libfoo.so.4 instead (assuming the new version is backward compatable)? If the new version of the library is backwards-compatible, it ought to be installed as libfoo.so.3 (not .4), and yes, the ports system will handle such upgrades in place just fine. In particular, OpenSSL (aka libssl.so.n) is an example of a library that has had many bugfiles and updates without changing version numbers often. You don't need to recompile everything that depends on libssl when you update libssl. People (should) only bump shared library numbers when the library's interface changes in an incompatible fashion. When that happens, it's a bad idea to try to fake the system out (say by symlinking libfoo.so.3 to .4): programs tend to crash when you try, or do worse things such as corrupt data or mishandle authentication and thus open up a security hole. Or can the port link against say libfoo.so (which should be a symlink to the version of the library that's installed)? libfoo.so is normally a symlink to the latest version of a particular shared library. A port that genuinely doesn't care which version of libfoo you have doesn't need to depend on a particular version #, and you'd see a line in the Makefile like: LIB_DEPENDS=foo:${PORTSDIR}/misc/foo ...but most ports end up with more specific dependencies (ie, foo.3). Maintaining backwards compatibility is not a high priority of the ports system and the result is that people end up recompiling a lot of stuff, but it's not easy to provide better solutions to this problem. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ! why?
On 25 Mar 2004, at 21:37, __Clint__ wrote: The [EMAIL PROTECTED] email was a one-time disposable email address that I only ever gave to FreeBSD.org. Well, you started out with the right strategy, but you abandoned it too soon. You've now blown what looks like your real email address. Never reveal your true email address, for it can be used against you. How have I blown it? I sent a note to [EMAIL PROTECTED] when I got spammed. The automatic bounceback said to send it to [EMAIL PROTECTED] If [EMAIL PROTECTED] is actually a mail list, I was never told. So yes -- maybe it's been blown (even further) now. But that is due to your poor bounceback message. 1) I get spam 2) I complain to abuse 3) it bounces with a message to use another address 4) I guess, from what you've said, that address is a mail list so in exchange for complaining about you selling my [EMAIL PROTECTED] email address to spammers, you have now redirected me into unknowningly posting to a mail list, thereby causing more spam. Maybe when I get spam I should just sit here helpless and do nothing. But that didn't work well for the jews in WWII. Complacency is not an attitude I like to adopt. Clint, Try to put things in perspective. You're saying you've received email you don't want - don't compare yourself to victims of the Holocaust. That drops your credibility to a lot less than 0. Secondly, you rant about creating an email address that is specific to this group, and expect us to derive from that, that you are an uber SPAM aware blocker. Then you plead newbie ignorance when you posted to an email address that you could have checked out with a trivial Google search. Here's a hint: http://www.google.com/search?q=freebsd- questions%40freebsd.orgsourceid=mozilla-searchstart=0start=0ie=utf -8oe=utf-8 - look at the search terms. Trivial. You're not a victim of SPAM, you're an attention seeker. Go and look for help with that issue on another list. James
Re: pkgtools.conf strangeness
Lee Harr wrote: 'www/mozilla/' = [ 'WITHOUT_MAILNEWS=1', 'WITHOUT_LDAP=1', 'WITHOUT_CHATZILLA=1', 'WITHOUT_COMPOSER=1', 'WITHOUT_CALENDAR=1', 'WITH_OPTIMIZED_CFLAGS=1', ], The thing I notice is that you have 'www/mozilla/' (with a slash at the end) while none of the others have a slash at the end. I don't know if that will make a difference, but it is something to try. I've tried as www/mozilla* www/mozilla-* www/mozilla www/mozilla/* and www/mozilla/ and always ends up the same. :( -- Randy Pratt wrote: All the make args are on one line and enclosed with one set of quotes. I'm not sure this is the cause of the problem you're seeing, but it might be worth a try. I've tried as one line, as you suggest (and shown in the pkgtools.conf.sample) and as an array. Same thing. As far as I know, all the other ports with their options are doing the same, yet, I've only seen it with mozilla. As I've been told on IRC (freenode #freebsd) the permissions are right on the file: -r--r--r-- 1 root wheel 14656 Mar 19 15:43 /usr/local/etc/pkgtools.conf So, I'm at a loss, (at least I know the args to pass on the command line, so all is not lost) Thanks for the ideas, and I'm going to keep at it. Jimmie = -BEGIN GEEK CODE BLOCK- Version: 3.12 GMU dpu s+:+ a? C UB P+++ L E--- W+++ N+++ o K+ w--- O+++ M- V-- PS+++ PE+++ Y++ PGP+++ 5-- X+ R* !tv b DI D G++ e* h* r+ z** --END GEEK CODE BLOCK-- __ Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. http://taxes.yahoo.com/filing.html ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
pkgtools.conf strangeness
It seems I can't get portupgrade -arR (or -f) to honor pkgtools.conf. I've run portsdb -Uu, I've rebuild mozilla almost a dozen times over the past few days trying to work this out, google and the lists gave some pointers, but they don't see to be working. Everytime I build it, it's using the default options in the www/mozilla/Makefile and not what's in pkgtools.conf. Any advice would help out. FreeBSD fortytwo.zapto.org 4.9-STABLE FreeBSD 4.9-STABLE #0: Thu Mar 4 04:07:58 EST 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/FORTYTWO i386 portupgrade-20040208 FreeBSD ports/packages administration and management tool MAKE_ARGS = { 'graphics/gimp-devel' = [ 'WITH_PYTHON=1', 'WITHOUT_PRINT=1', ], 'net/gaim' = [ 'WITHOUT_GTKSPELL=1', 'WITHOUT_AUDIO=1', 'WITH_GNUTLS=1', 'WITH_NSS=1', ], 'www/firefox' = [ 'WITH_OPTIMIZED_CFLAGS=1', ], 'x11-toolkits/open-motif-*' = [ 'WITHOUT_OPENMOTIF_DEMOS=1', ], 'multimedia/mplayer' = [ 'WITH_OPTIMIZED_CFLAGS=1', 'WITHOUT_RUNTIME_CPUDETECTION=1', 'WITHOUT_MEMCODER=1', 'WITH_GUI=1', ], 'irc/xchat2' = [ 'WITH_PYTHON=1', ], 'www/mozilla/' = [ 'WITHOUT_MAILNEWS=1', 'WITHOUT_LDAP=1', 'WITHOUT_CHATZILLA=1', 'WITHOUT_COMPOSER=1', 'WITHOUT_CALENDAR=1', 'WITH_OPTIMIZED_CFLAGS=1', ], 'mail/mutt' = [ 'WITHOUT_NLS=1', ], 'mail/postfix' = [ 'POSTFIX_OPTIONS=SASL2 IPv6TLS DB41', 'BATCH=yes' ], 'net/nicotine' = [ 'WITH_VORBIS=1', ], 'www/bluefish' = [ 'WITH_AUTO_COMPLETE=1', ], } Full pkgtools.conf, make.conf, and pkg_info at www.geocitites.com/h2g2_jimmiejaz/pkg_info.txt and www.geocities.com/mac13631/pkg_info.txt = -BEGIN GEEK CODE BLOCK- Version: 3.12 GMU dpu s+:+ a? C UB P+++ L E--- W+++ N+++ o K+ w--- O+++ M- V-- PS+++ PE+++ Y++ PGP+++ 5-- X+ R* !tv b DI D G++ e* h* r+ z** --END GEEK CODE BLOCK-- __ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
libxml2.so undefined reference to `pthread_equal' and pthread_once
FreeBSD fortytwo.zapto.org 4.9-STABLE FreeBSD 4.9-STABLE #0: Thu Mar 4 04:07:58 EST 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/FORTYTWO i386 Hopefully someone can point me in the right direction here. from ports/CHANGES The PTHREAD{CFLAGS,LIBS} macros have been made overridable on all versions of FreeBSD to allow for alternate threading implementations (e.g. -lc_r, -lthr, -mt, etc.). The default threading library has been changed to -lpthread from -lc_r on -CURRENT. I don't see a change for STABLE, so I'm really lost. when startx (then flip back to console) ** ( xfce-mcs-manager:PID-#) WARNING ** module /usr/X11R6/libxfce4/mcs-plugins/lib/xfce4settings.so: cannot be opened (/usr/local/lib/libxml2.so.5 undefind symbol pthread_equal) Recomipled, python, libiconv, libtool1(3,4 and 5), liniltool, libxml2, libxslt, xfce4-* gmp, pkgtools, pkg_instal, t1lib, atk, py23-mpz. Same issues still, and a few ports are failing to build do to: gimp-devel cc -O -pipe -march=pentiumpro -Wall -o .libs/wmf wmf.o -Wl,--export-dynamic -L/usr/local/lib -L/usr/X11R6/lib ../../libgimp/.libs/libgimpui-1.3.so /usr/ports/graphics/gimp-devel/work/gimp-2.0pre4/libgimp/.libs/libgimp-1.3.so /usr/ports/graphics/gimp-devel/work/gimp-2.0pre4/libgimpwidgets/.libs/libgimpwidgets-1.3.so /usr/ports/graphics/gimp-devel/work/gimp-2.0pre4/libgimpmodule/.libs/libgimpmodule-1.3.so ../../libgimpwidgets/.libs/libgimpwidgets-1.3.so ../../libgimp/.libs/libgimp-1.3.so /usr/ports/graphics/gimp-devel/work/gimp-2.0pre4/libgimpcolor/.libs/libgimpcolor-1.3.so /usr/ports/graphics/gimp-devel/work/gimp-2.0pre4/libgimpbase/.libs/libgimpbase-1.3.so ../../libgimpcolor/.libs/libgimpcolor-1.3.so ../../libgimpbase/.libs/libgimpbase-1.3.so -lwmf -lwmflite -lSM -lICE -lxml2 -ljpeg -lpng -lgtk-x11-2.0 -lgdk-x11-2.0 -lXrandr -lXi -lXinerama -latk-1.0 -lgdk_pixbuf-2.0 -lm -lpangoxft-1.0 -lXft -lfreetype -lz -lXrender -lXext -lfontconfig -lpangox-1.0 -lX11 -lpango-1.0 -lgobject-2.0 -lgmodule-2.0 -lglib-2.0 -liconv -lintl -Wl,--rpath -Wl,/usr/X11R6/lib /usr/local/lib/libxml2.so: undefined reference to `pthread_equal' /usr/local/lib/libxml2.so: undefined reference to `pthread_once I've followed the directions at onlamp for using portupgrade, and that fails for the same pthread_ errors. Any hints or cluesticks would help, the mailing lists seem to only have issues with 5.x [EMAIL PROTECTED] ~ ldd /usr/local/lib/libxml2.so /usr/local/lib/libxml2.so: libz.so.2 = /usr/lib/libz.so.2 (0x281ed000) libiconv.so.3 = /usr/local/lib/libiconv.so.3 (0x281fb000) libm.so.2 = /usr/lib/libm.so.2 (0x282e9000) Thanks in advance. __ Do you Yahoo!? Yahoo! Search - Find what youre looking for faster http://search.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Simplifying FreeBSD Installation
On 8 Mar 2004, at 22:44, Jerry McAllister wrote: It might help to have some wizards for network setup, but in the FreeBSD world, the network topologies are many and varied. So, just doing a MS predestination trick and creating a wizard that limits you to someone's narrow idea of a network would cause more trouble than just learning how to do it right. A couple of wizards to do a couple of very basic, no extras setups for say a dialup and a NIC hookup to an existing and well functioning lan might be useful, but FreeBSD goes so much beyond that that it leaves the world of wizards far behind. I like the point you make there. Wizards can't cover all the network configurations that some people may want. There is a simple wizard which will get you started, did the job for my workstation-cum-fileserver. But you're given the tools to do what we want. That's the value proposition for FreeBSD, it's meant to be configurable. Perhaps at the expense of 'friendliness', but it's never friendly at the expense of being open to configuration. No one is going to move to FreeBSD if all they want is someone to do everything for them. That type of person will not be swayed by evidence of a more powerful, better supported, more secure system. They are only interested in not doing anything. Most of them would prefer not to even have to stick in a CD or DVD if possible. So, FreeBSD or any of the other real OSen will not attract them. I thought that was a bit harsh. Different things for different people and I'm sure if all people could, they would love to prevent their computers from doing harm. You (Gerard) also should consider that there is a vast difference between the *BSD culture and the Linux culture, IMHO. There isn't the same desire to convert everyone, there's no jumping up and down screaming about the GPL etc. etc. The *BSD community wants the best OS not the most widely used OS. Being the best takes effort on everyone's part. Using a computer should be easy, but a *BSD is intended for a massive array of purposes. Many of which are hard, no other way of looking at it. My loose change :) James ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]