Re: pkg_delete delete files even if md5 check fails

[Jeremy Chadwick]

On Fri, Nov 07, 2008 at 03:25:30PM +0100, Johan Hendriks wrote:
> How can i tell pkg_delete to delete all files of a package even if the md5 
> checks fail?

Does the -f flag do this?

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Hardware Raid + hot-replace failed disk

[Jeremy Chadwick]

 here imagining you clicking your mouse at 6000 clicks per
second, eyeballs rolling around, sweating profusely.  :-)  I wish
FreeBSD mailing list people wouldn't do this to new folks, because all
it's doing is confusing you.

The simple answer is this: on FreeBSD, there is not a reliable way to
grow an existing filesystem without taking the machine down, bringing
it into single-user, or rebooting it.  In fact, I would go so far to
say there is not a reliable way on FreeBSD to grow a filesystem at all;
you are generally forced to back up all of your data, then recreate
the filesystem.

ZFS doesn't make this any easier, by the way -- you cannot "grow" a
zpool.  You can add disks in real-time (no rebooting/single-user) to a
separate zpool (think: separate filesystem), but you cannot add
disks to an existing zpool.

Yes, I am aware Linux has LVM, which provides all of this capability
for you, without having to reboot.

If you're really wanting something like a end-user NAS, which allows
you to remove/add disks as you please, and the filesystem shrinks/grows
with it, then you need to be looking at a product from Data Robotics
called Drobo.

Note that Drobo does not work under FreeBSD, as far as I know (it
probably shows up as a umass/da device, but if you remove/add disks,
I'm absolutely certain the filesystem does not grow.  Linux Drobo
users have been dealing with that problem for quite some time too,
and Data Robotics is *just now* getting around to addressing it)

Hope this helps.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: 7.1-BETA2 installation on ASUS P4S8X fails BIG MEDIUM ERROR

[Jeremy Chadwick]

On Wed, Nov 05, 2008 at 05:26:38PM +0100, Christoph Kukulies wrote:
> Christoph Kukulies schrieb:
>> Christoph Kukulies schrieb:
>>> Hi Al,
>>>
>>> thanks for pointing me to safe mode install. That I will probably try 
>>> tomorrow.
>>> The day ended up in havoc: I tried to boot a floppy to do an ASUS  
>>> BIOS upgrade and somehow messed with the power cable.
>>> A big flash occurred originating from the power supply. I opened the  
>>> power supply, found a blown fuse, ran to the electronics store,  
>>> bought a new fuse (+ one in reserve), inserted the fuse, tried the  
>>> power supply, with connections off and a firework, prematurely - your 
>>> presidential elections aren't finished yet - , developed in front of  
>>> my face. Will continue tomorrow, when America has a new president.
>>>
>>
>> Back at the problem: I chose 3. safe mode to no avail. Still get this
>>
>> acd0: FAILURE - READ BIG MEDIUM ERROR asc=0x11 ascq=0x00
> I now tried with a 7.0 BETA  Boot CD (which I had laying around from  
> possibly another fruitless attempt in the past to
> update that system from 5.1 or something to 7.x). Same picture. Hangs on  
> this
>
> acd0: FAILURE - READ BIG MEDIUM ERROR asc=0x21 ascq=0x00
> (asc=0x21 at this time FWIW).

This won't help you get FreeBSD installed any quicker, but it will give
you some insight to what the error messages mean.

ATAPI essentially uses SCSI commands but over an ATA bus, which is why
atapicam(4) exists (which is what's giving you the xpt_* errors).  The
problem is that not all drives are created equal, so some behave
differently to certain commands than others.

ASC and ASCQ are, in layman's terms, "error codes" with added degrees of
granularity.  ASC = Additional Sense Code, ASCQ = Additional Sense Code
Qualifier.  These are fairly well-documented all over the web, and per
T10 specifications.  Looking at a chart, specifically noting errors that
are for CD (MMC) devices, we find:

ASC 0x11, ASCQ 0x00 == Unrecovered Read Error
ASC 0x21, ASCQ 0x00 == Logical Block Address (LBA) Out of Range

Your first reaction will be "So does this mean I have a bad CD?", and
the answer is "not necessarily".  It could be that the drive does not
support the commands FreeBSD expects available to read a CD in this
particular fashion.  But it could also be a badly burned CD, or a
CD burned with buggy software.

If at all possible, try another CD drive of some kind.  Get one from a
friend, borrow one, or buy one.  People have had good experiences with
Plextor and Pioneer drives, while recent Samsung drives have been
hit-or-miss.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Apache environment variables - logical AND

[Jeremy Chadwick]

On Wed, Nov 05, 2008 at 08:24:16PM +1100, Ian Smith wrote:
> On Tue, 4 Nov 2008, Jeremy Chadwick wrote:
>  > On Wed, Nov 05, 2008 at 05:33:45PM +1100, Ian Smith wrote:
>  > > I know this isn't FreeBSD specific - but I am, so crave your indulgence.
>  > > 
>  > > Running Apache 1.3.27, using a fairly extensive access.conf to beat off 
>  > > the most rapacious robots and such, using mostly BrowserMatch[NoCase] 
>  > > and SetEnvIf to moderate access to several virtual hosts.  No problem.
>  > > 
>  > > OR conditions are of course straighforward:
>  > > 
>  > >   SetEnvIf  somevar
>  > >   SetEnvIf  somevar
>  > >   SetEnvIf  !somevar
>  > > 
>  > > What I can't figure out is how to set a variable3 if and only if both 
>  > > variable1 AND variable2 are set.  Eg:
>  > > 
>  > >   SetEnvIf Referer "^$" no_referer
>  > >   SetEnvIf User-Agent "^$" no_browser
>  > > 
>  > > I want the equivalent for this (invalid and totally fanciful) match: 
>  > > 
>  > >   SetEnvIf (no_browser AND no_referer) go_away
>  > 
>  > Sounds like a job for mod_rewrite.  The SetEnvIf stuff is such a hack.
> 
> It may be a hack, but I've found it an extremely useful one so far.
>
>  > This is what we use on our production servers (snipped to keep it
>  > short):
>  > 
>  > RewriteEngine on
>  > RewriteCond %{HTTP_REFERER} ^:  [OR]
>  > RewriteCond %{HTTP_REFERER} ^http://forums.somethingawful.com/  [OR]
>  > RewriteCond %{HTTP_REFERER} ^http://forums.fark.com/[OR]
>  > RewriteCond %{HTTP_USER_AGENT} ^Alexibot[OR]
>  > RewriteCond %{HTTP_USER_AGENT} ^asterias[OR]
>  > RewriteCond %{HTTP_USER_AGENT} ^BackDoorBot [OR]
>  > RewriteCond %{HTTP_USER_AGENT} ^Black.Hole  [NC,OR]
>  > RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE[OR]
>  > RewriteCond %{HTTP_USER_AGENT} ^Xaldon.WebSpider
>  > RewriteRule ^.* - [F,L]
>  > 
>  > You need to keep something in mind however: blocking by user agent is
>  > basically worthless these days.  Most "leeching" tools now let you
>  > spoof the user agent to show up as Internet Explorer, essentially
>  > defeating the checks.
> 
> While that's true, I've found most of the more troublesome robots are 
> too proud of their 'brand' to spoof user agent, and those that do are a) 
> often consistent enough in their Remote_Addr to exclude by subnet and/or 
> b) often make obvious errors in spoofed User_Agent strings .. especially 
> those pretending to be some variant of MSIE :)

I haven't found this to be true at all, and I've been doing web hosting
since 1993.  In the past 2-3 years, the amount of leeching tools which
spoof their User-Agent has increased dramatically.

But step back for a moment and look at it from a usability perspective,
because this is what really happens.

A user tries to leech a site you host, using FruitBatLeecher, which your
Apache server blocks based on User-Agent.  The user has no idea why the
leech program doesn't work.  Does the user simply give up his quest?
Absolutely not -- the user then goes and finds BobsBandwidthZilla which
pretends to be Internet Explorer, Firefox, or lynx, and downloads the
site.

Now, if you're trying to block robots/scrapers which aren't honouring
robots.txt, oh yes, that almost always works, because those rarely spoof
their User-Agent (I think to date I've only seen one site which did
that, and it was some Russian search engine).

If you feel I'm just doing burn-outs arguing, a la "BSD style", let me
give you some insight to how often I deal with this problem: daily.

We host a very specific/niche site that contains over 20 years of
technical information on the Famicom / Nintendo Entertainment System.
The site has hundreds of megabytes of information, and a very active
forum.  Some jackass comes along and decides "Wow, this has all the info
I want!" and fires off a leeching program against the entire
domain/vhost.  Let's say the program he's using is blocked by our
User-Agent blocks; there is a 6-7 minute delay as the user goes off to
find another program to leech with, installs it, and attempts it again.
Pow, it works, and we find nice huge spikes in our logs for the vhost
indicating someone got around it.  I later dig through our access_log and
find that he tried to use FruitBatLeecher, which got blocked, but then
6-7 minutes later came back with a leeching client that spoofs itself
as IE.

And it gets worse.

Many of these leeching programs get stuck in infinite loops when it
comes to fo

Re: Apache environment variables - logical AND

[Jeremy Chadwick]

On Wed, Nov 05, 2008 at 05:33:45PM +1100, Ian Smith wrote:
> I know this isn't FreeBSD specific - but I am, so crave your indulgence.
> 
> Running Apache 1.3.27, using a fairly extensive access.conf to beat off 
> the most rapacious robots and such, using mostly BrowserMatch[NoCase] 
> and SetEnvIf to moderate access to several virtual hosts.  No problem.
> 
> OR conditions are of course straighforward:
> 
>   SetEnvIf  somevar
>   SetEnvIf  somevar
>   SetEnvIf  !somevar
> 
> What I can't figure out is how to set a variable3 if and only if both 
> variable1 AND variable2 are set.  Eg:
> 
>   SetEnvIf Referer "^$" no_referer
>   SetEnvIf User-Agent "^$" no_browser
> 
> I want the equivalent for this (invalid and totally fanciful) match: 
> 
>   SetEnvIf (no_browser AND no_referer) go_away

Sounds like a job for mod_rewrite.  The SetEnvIf stuff is such a hack.

This is what we use on our production servers (snipped to keep it
short):

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^:  [OR]
RewriteCond %{HTTP_REFERER} ^http://forums.somethingawful.com/  [OR]
RewriteCond %{HTTP_REFERER} ^http://forums.fark.com/[OR]
RewriteCond %{HTTP_USER_AGENT} ^Alexibot[OR]
RewriteCond %{HTTP_USER_AGENT} ^asterias[OR]
RewriteCond %{HTTP_USER_AGENT} ^BackDoorBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^Black.Hole  [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE[OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon.WebSpider
RewriteRule ^.* - [F,L]

You need to keep something in mind however: blocking by user agent is
basically worthless these days.  Most "leeching" tools now let you
spoof the user agent to show up as Internet Explorer, essentially
defeating the checks.

If you're that concerned about bandwidth (which is why a lot of people
do the above), consider rate-limiting.  It's really, quite honestly, the
only method that is fail-safe.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Re: Authentication with SSH using public keys

[Jeremy Chadwick]

On Tue, Nov 04, 2008 at 12:39:36PM -0800, [EMAIL PROTECTED] wrote:
>>
>>
>> > Following onto the e-mail I made before, apparently that little 
> permissions
>>
>> > difference for the directory, .ssh, was the problem. Changing it to 
>> 644 
> has,
>>
>> > apparently, fixed the problem.
>>
>>
>>
>> Cool :) . I learnt this from my first SSH public-key authentication
>>
>> configuration ;)
>>
>>
>>
>> Ashish
>>
>> --
>>
>
> Of course I meant to say that changing the perms to 755 fixed it, not 
> 644. I'm still reviewing the docs but I think that this directory could 
> be made 700, is that correct? Or, at the least, 750?

The ~/.ssh directory should be 700.  Remember, sshd runs as root, which
means the permissions shouldn't really matter (sans the execute bit,
which as I said is needed for directories).

You don't want 750 unless you ***really*** intend for members of the
same group to have read access to your ~/.ssh/ directory.  Based on the
OP's description of the setup, he does not need this.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Watching /var/log/pflog grow

[Jeremy Chadwick]

On Tue, Nov 04, 2008 at 08:13:54PM +0100, cpghost wrote:
> How can I watch /var/log/pflog grow with tcpdump, "tail -f" style?
> 
> This won't work:
>   $ tail -f /var/log/pflog | tcpdump -n -s 116 -r -
> because tail doesn't start at the right location.
> 
> Using a blocksize (-b) with tail may also not be right,
> because the captured packets are not the same size.
> 
> This seems to work:
>   $ tcpdump -n -s 116 -i pflog0
> but now, both tcpdump and pflogd are competing for the same
> interface pflog0.
> 
> I'm afraid that in the latter case, every packet will be
>   EITHER logged by pflogd
>   XORdisplayed by tcpdump.
> Is that so?
> 
> If yes, /var/log/pflog would be incomplete, because some packets
> would have been snatched away from pflog0 by tcpdump, before
> pflogd ever got a chance to read them out.
> 
> Is there a way to watch /var/log/pflog grow, while
> still making sure that pflogd logs EVERY packet that appears
> on the pflog0 interface? How?

Please post this to freebsd-pf, where you can get better help.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: 7.1-BETA2 installation on ASUS P4S8X fails BIG MEDIUM ERROR

[Jeremy Chadwick]

On Tue, Nov 04, 2008 at 12:46:43PM -1000, Al Plant wrote:
> Jeremy Chadwick wrote:
>> On Tue, Nov 04, 2008 at 08:13:34AM -1000, Al Plant wrote:
>>> Julien Cigar wrote:
>>>> I've this problem too on almost all my machines. The only solution I've
>>>> found is to disable DMA (atapi_dma), but then performances are very poor
>>>> (and I'm still unable to burn a CD/DVD)
>>>>
>>>> On Tue, 2008-11-04 at 16:03 +0100, Christoph Kukulies wrote:
>>>>> Hi,
>>>>>
>>>>> don't know whether it's the CDROM drive (a Creative 52x mx) or 
>>>>> the  motherboard (ASUS P4S8X) or what.
>>>>> Anyway, I tried to install a recent version of FreeBSD 
>>>>> (7.1-BETA2) and the installation
>>>>> hangs right in the boot process of the installation CD disc1.
>>>>>
>>>>> I see
>>>>>
>>>>> acd0: FAILURE - READ BIG MEDIUM ERROR asc=0x11 ascq=0x00
>>>>> run_interrupt_driven_hooks: still waiting after 60 seconds for xpt_config
>>>>> run_interrupt_driven_hooks: still waiting after 120 seconds for xpt_config
>>>>> run_interrupt_driven_hooks: still waiting after 180 seconds for xpt_config
>>>>>
>>>>> and so on.
>>>>>
>>>>> Any clues?
>>>>>
>>>>> --
>>>>> Christoph Kukulies
>>>>> ___
>>>>> freebsd-questions@freebsd.org mailing list
>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>>>> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
>>> 
>>>
>>> Aloha,
>>>
>>> I have had similiar happen on 7 and 8 Freebsd installs recently.
>>>
>>> If you install using safe mode it will work. Then in /boot/loader.conf
>>>
>>> #boot/loader.conf
>>> hw.ata.ata-dma=0
>>> hw.ata.atapi_dma=0
>>
>> There is no hw.ata.ata-dma tunable.  I think you mean hw.ata.ata_dma
>> (note: underscore, not hyphen).  If you really are using hw.ata.ata-dma,
>> it does nothing.  :-)
>>
>> Also folks, please remember that "ATA DMA" is for hard disks, and
>> "ATAPI DMA" is for ATAPI devices (CD/DVD drives).  
>>
>> Error messages from xpt_* functions are from by the ATAPI-to-CAM
>> emulation layer (think: SCSI emulation for ATAPI devices), but are
>> likely signs of underlying compatibility problems between the CD/DVD
>> drive and FreeBSD, and not the fault of atapicam(4).
>>
>> I'm not sure if there's a loader hint to disable xpt.
>>
>>> The error that comes up when you burn a CD seems to be bogus as I 
>>> have  used the CD's with out error for installing on other boxes.
>>
>> The "READ BIG MEDIUM ERROR" often indicates that the CD/DVD drive does
>> not support a specific read operation mode; some CD/DVD manufacturers
>> don't implement this command for various reasons.
>>
> Aloha Jeremy,
>
> Thanks for catching the - vs _ .
>
> I hear  you, but I have to do the hw settings like above or the servers  
> wont boot they stick at a db>
> or mountroot>

Those are two very different things.  A db> prompt indicates you're
hitting a kernel panic, while a mountroot> prompt indicates the OS can't
find your root filesystem.

> I think the 7 and 8 series OS are looking for SATA and dont like the IDE  
> drives I use.

I understand, but what I'm saying is that "hw.ata.ata-dma=0" (note the
hyphen) is not fixing/solving anything, because it contains a typo.

> I know the atapi setting is for CD's and These are brand new DVD/CD RW  
> burners fwiw.
>
> A month or so back there were several people on line complaining about
> this.
>
> Maybe one of the FreeBSD  comitters will have a look and see if  
> something is wrong.

The "I get dropped to a mountroot prompt" problem has been reported many
times, and so far there haven't been any indications what causes it to
happen for people.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: 7.1-BETA2 installation on ASUS P4S8X fails BIG MEDIUM ERROR

[Jeremy Chadwick]

On Tue, Nov 04, 2008 at 08:13:34AM -1000, Al Plant wrote:
> Julien Cigar wrote:
>> I've this problem too on almost all my machines. The only solution I've
>> found is to disable DMA (atapi_dma), but then performances are very poor
>> (and I'm still unable to burn a CD/DVD)
>>
>> On Tue, 2008-11-04 at 16:03 +0100, Christoph Kukulies wrote:
>>> Hi,
>>>
>>> don't know whether it's the CDROM drive (a Creative 52x mx) or the  
>>> motherboard (ASUS P4S8X) or what.
>>> Anyway, I tried to install a recent version of FreeBSD (7.1-BETA2) 
>>> and the installation
>>> hangs right in the boot process of the installation CD disc1.
>>>
>>> I see
>>>
>>> acd0: FAILURE - READ BIG MEDIUM ERROR asc=0x11 ascq=0x00
>>> run_interrupt_driven_hooks: still waiting after 60 seconds for xpt_config
>>> run_interrupt_driven_hooks: still waiting after 120 seconds for xpt_config
>>> run_interrupt_driven_hooks: still waiting after 180 seconds for xpt_config
>>>
>>> and so on.
>>>
>>> Any clues?
>>>
>>> --
>>> Christoph Kukulies
>>> ___
>>> freebsd-questions@freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
> 
>
> Aloha,
>
> I have had similiar happen on 7 and 8 Freebsd installs recently.
>
> If you install using safe mode it will work. Then in /boot/loader.conf
>
> #boot/loader.conf
> hw.ata.ata-dma=0
> hw.ata.atapi_dma=0

There is no hw.ata.ata-dma tunable.  I think you mean hw.ata.ata_dma
(note: underscore, not hyphen).  If you really are using hw.ata.ata-dma,
it does nothing.  :-)

Also folks, please remember that "ATA DMA" is for hard disks, and
"ATAPI DMA" is for ATAPI devices (CD/DVD drives).  

Error messages from xpt_* functions are from by the ATAPI-to-CAM
emulation layer (think: SCSI emulation for ATAPI devices), but are
likely signs of underlying compatibility problems between the CD/DVD
drive and FreeBSD, and not the fault of atapicam(4).

I'm not sure if there's a loader hint to disable xpt.

> The error that comes up when you burn a CD seems to be bogus as I have  
> used the CD's with out error for installing on other boxes.

The "READ BIG MEDIUM ERROR" often indicates that the CD/DVD drive does
not support a specific read operation mode; some CD/DVD manufacturers
don't implement this command for various reasons.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Slow swith between console (ALT - Fx) proliant DL160

[Jeremy Chadwick]

On Tue, Nov 04, 2008 at 03:48:57PM +0100, Johan Hendriks wrote:
> 
> 
> >>Onderwerp: Re: Slow swith between console (ALT - Fx) proliant DL160
> 
> On Tue, Nov 04, 2008 at 03:36:51PM +0100, Johan Hendriks wrote:
> >> Hello all
> >> I have a small issue when i switch between my console?s on a proliant 
> >> DL160 G5 machine.
> >> It has a time gap from around 1 to 2 seconds and then it will switch to 
> >> the next console after pressing ALT - F2
> >> 
> >> Do I need to set something in my loader.conf or sysctl.conf?
> 
> >Chances are you're using a USB keyboard.  Place the following in
> >/boot/loader.conf and reboot the machine:
> >
> >hint.kbdmux.0.disabled="1"
> 
> 
> No i have a normal ps/2 keyboard connected to it.

Try the above anyway.  There are known problems (and LORs) in kbdmux.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Slow swith between console (ALT - Fx) proliant DL160

[Jeremy Chadwick]

On Tue, Nov 04, 2008 at 03:36:51PM +0100, Johan Hendriks wrote:
> Hello all
> I have a small issue when i switch between my console?s on a proliant DL160 
> G5 machine.
> It has a time gap from around 1 to 2 seconds and then it will switch to the 
> next console after pressing ALT - F2
> 
> Do I need to set something in my loader.conf or sysctl.conf?

Chances are you're using a USB keyboard.  Place the following in
/boot/loader.conf and reboot the machine:

hint.kbdmux.0.disabled="1"

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: how much memory can be support in FreeBSD system?

[Jeremy Chadwick]

On Tue, Nov 04, 2008 at 09:52:20PM +0800, Alex Zhang wrote:
> I'm a new comer and want to configure a Virtual server base on UNIX. The
> safe, steady and easy for maintenance is needed. 
> 
> Approximately 8GB memory will be mounted. Can anyone tell me how much memory
> can be supported in FreeBSD?

On 64-bit FreeBSD (what's called "amd64", but is not specific to AMD
CPUs; don't let the name mislead you), you should be able to use up
to 1TB of memory.

On 32-bit FreeBSD (what's called i386), you can use up to 4GB (but
once you surpass ~3GB, you'll only see ~3.25GB usable; this is not
a FreeBSD problem, it's an x86 design thing).

On 32-bit FreeBSD, you can use what's called PAE mode to increase
that 4GB limit to 64GB, but there are repercussions to using PAE
(read the Wikipedia article).  There are also numerous drivers on
FreeBSD which do not work in PAE mode.

If at all possible, make sure your processor works in 64-bit mode
and go with amd64.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Problems with FreeBSD

[Jeremy Chadwick]

On Tue, Nov 04, 2008 at 11:11:15AM -0200, J MPZ wrote:
> Hi Jeremy,
> 
> I tried without none rules on ipfw FreeBSD (just "allow ip from any to any")
> and error continues occurring.

Then I have no idea.

> How I can disable the TCP extensions?
> 
> I tried to set this value on this sysctl (sysctl net.inet.tcp.rfc1323=0) but
> not work.

Setting the sysctl to 0 disables TCP extesnsions.

But by "not work" do you mean "it didn't solve the problem", or "setting the
sysctl failed"?  I think you mean "it didn't solve the problem", in
which case, it's not the source of the problem.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: help with MY Book external drive

[Jeremy Chadwick]

On Tue, Nov 04, 2008 at 12:06:03PM +, AN wrote:
>
>
> On Tue, 4 Nov 2008, Jeremy Chadwick wrote:
>
>> On Tue, Nov 04, 2008 at 11:13:21AM +, AN wrote:
>>> I just purchased a WD MY Book external USB disk, I reformatted in UFS and
>>> created a filesystem with sysinstall.  I was able to put data on it
>>> successfully, however overnite I had a power failure.  Now I am unable to
>>> mount the drive.  The blue light is on, so it seems to be getting power
>>> but the computer does not see it when I plug in the USB cable.  I can not
>>> run fsck because the system says /dev/da0s1d no such file or directory.
>>> I tried da0s1, da0s1c, and da0s1d no luck.  I also tried to plug the disk
>>> into another machine, same thing the disk is not recognized.  Is it
>>> totally gone?Any help to recover this disk would be really
>>> appreciated.
>>
>> Possibly, especially if you plug it into another machine and experienced
>> the same problem.  When you plug the drive in, does the FreeBSD kernel
>> output anything?  If so, what all does it output?
>>
>> -- 
>> | Jeremy Chadwickjdc at parodius.com |
>> | Parodius Networking   http://www.parodius.com/ |
>> | UNIX Systems Administrator  Mountain View, CA, USA |
>> | Making life hard for others since 1977.  PGP: 4BD6C0CB |
>>
>
> Hi Jeremy:
>
> No messages from the kernel, nothing when I plug it in.

Then chances are the ATA-to-USB or SATA-to-USB controller that is
internal to the hard disk enclosure is dead.

> It is not making any 'clicking' sounds that you usually get when a
> drive dies.

"Clicking" is in no way shape or form "usual" for a drive failure; it's
just one of the hundred ways a drive can fail.  Most drives I've seen in
the past 5 years fail silently.

> I just  don't get it.  Maybe a power spike crushed it, but if so why
> is the light on?

This is really something you should be asking Western Digital.  :-) What
makes you think the power LED is at all related to the hard disk being
functional?  The power LED could be directly wired to the AC power
supply, in which case it just indicates the PSU works, and tells you
nothing about the status of the drive, or the controller that interfaces
with the drive.

Your options as I see them:

1) Call Western Digital and get a replacement MyBook; you will very
likely get a new MyBook, and your old hard disk/data will be gone
permanently,

2) Purchase a replacement MyBook.  Open it up, open yours up, and
swap the hard disks (e.g. your hard disk inside of the new MyBook
enclosure).  This will void your warranty on *both* MyBook products,
but will help determine if just the ATA/SATA-to-USB controller is
shot, or if the hard disk is shot,

3) Open your MyBook up, and remove the hard disk.  Attempt to hook the
disk directly to your PC via ATA or SATA; if it's an ATA 2.5" disk, you
may need to buy an adapter to make it work with standard 40 or 80-pin
IDE ribbon cables (make sure you note which is pin 1!  Some of those
adapters are non-keyed, so you could end up sticking pin 40 where pin 1
is, and destroy the PCB entirely)

I hope this situation has introduced you to the world of backups, and
why they need to be performed regularly.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: help with MY Book external drive

[Jeremy Chadwick]

On Tue, Nov 04, 2008 at 11:13:21AM +, AN wrote:
> I just purchased a WD MY Book external USB disk, I reformatted in UFS and 
> created a filesystem with sysinstall.  I was able to put data on it 
> successfully, however overnite I had a power failure.  Now I am unable to 
> mount the drive.  The blue light is on, so it seems to be getting power 
> but the computer does not see it when I plug in the USB cable.  I can not 
> run fsck because the system says /dev/da0s1d no such file or directory.  
> I tried da0s1, da0s1c, and da0s1d no luck.  I also tried to plug the disk 
> into another machine, same thing the disk is not recognized.  Is it 
> totally gone?Any help to recover this disk would be really 
> appreciated.

Possibly, especially if you plug it into another machine and experienced
the same problem.  When you plug the drive in, does the FreeBSD kernel
output anything?  If so, what all does it output?

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Default file permissions

[Jeremy Chadwick]

On Tue, Nov 04, 2008 at 10:00:24AM +0200, Roey D wrote:
> I have a server running Azureus to download torrent files. The Azureus
> directory is accessible to other computers using samba.
> Azureus dumps it's completed files with the 644 permissions, making
> them writable only for the owner.
> As far as I looked, Azureus cannot be configured to dump it's files
> with different permissions.
> Is there any way to apply a "Inherited file permissions" on a specific
> directory? (i.e all files created on this folder will have a specific
> permission set, unless specifically changed by some application)
>  I prefer doing this with the classic permission system, rather then using 
> ACLs.

See umask(2), which is also a command-line utility.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Authentication with SSH using public keys

[Jeremy Chadwick]

On Mon, Nov 03, 2008 at 07:29:46PM -0700, Andrew Falanga wrote:
> 
> >
> > >debug1: Authentications that can continue: publickey,keyboard-interactive
> > >debug1: Next authentication method: publickey
> > >debug1: Trying private key: /home/andy/.ssh/identity
> > >debug1: Offering public key: /home/andy/.ssh/id_rsa
> > >debug2: we sent a publickey packet, wait for reply
> > >debug1: Authentications that can continue: publickey,keyboard-interactive
> >
> > It seems OpenSSH (on your dad's box) hasn't recognized your private key, so
> > how about checking permissions of ~/.ssh/authorized_keys and ~/.ssh on his
> > box. Or how about enabling verbose logging on his box, using 'LogLevel'
> > parameter in sshd_config.
> >
> > HTH
> > Ashish Shukla
> 
> 
> Following onto the e-mail I made before, apparently that little permissions 
> difference for the directory, .ssh, was the problem.  Changing it to 644 has, 
> apparently, fixed the problem.

Which doesn't make sense for two reasons:

1) Directories must have the execute bit set (644 lacks that),
2) ~/.ssh should be 700 for security reasons.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Problems with FreeBSD

[Jeremy Chadwick]

On Mon, Nov 03, 2008 at 10:43:52PM -0200, J MPZ wrote:
> Hi guys,
> 
> I have some problem with my FreeBSD server. I have this:
> 
> ####  #
> # Linux1  #  -> ASA  -> Internet  -> # FreeBSD  #  -> # Linux2 #
> ####  #
> 
> If I run a ssh for Linux1 to FreeBSD, my connection freeze when the return
> of some command is a big text. Example:
> 
> I make a ssh connection in the from the Linux1 to FreeBSD server, then, I
> execute some commands, like: 'pwd', 'whoami', 'ls /'... this work perfectly.
> But, if I run some command that return a big text, like as: 'ls /dev/', or
> top, my connection freeze.
> 
> In other terminal, the tcpdump continues showing packets in this connection
> that was freeze.

Does the FreeBSD machine run a firewall at all, e.g. pf(4)?

If so, you probably have some rules which are broken.  (I've seen this
problem on FreeBSD 6.x when using rules which are not correctly
configured to match initiate state).  Also, if a firewall is in use and
you're blocking all forms of ICMP, that would impact path MTU discovery.
Naughty.

You might also try disabling TCP extensions on the FreeBSD box to see if
it makes any difference.  Note that this can impact performance (large
TCP window sizes won't be negotiated), but it's worth disabling for a
test case.

sysctl net.inet.tcp.rfc1323=0

> If I try to access the Linux2, throught FreeBSD (redirect port on natd or
> redirect port with rinetd), the same thing happens.
> 
> Is this a problem with FreeBSD? Someone know how I can fix it? Some sysctl?

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: raid tool

[Jeremy Chadwick]

On Mon, Nov 03, 2008 at 05:19:29PM +0200, Brent Clark wrote:
> John Nielsen wrote:
>> If you replace "raid5" with "redundancy and n-1 capacity" then you 
>> could also look at geom_raid3, which is much simpler to configure than 
>> gvinum and also part of the base system. Additionally, FreeBSD 7.x has  
>> experimental support for ZFS (again in the base system and not in 
>> ports). That includes raidz, which is designed to have all of the good 
>> features of raid5 and none of the bad. I use it and it works well but 
>> you will need to do some reading and some manual tuning of your system. 
>> You'll also want a system with plenty of RAM and preferrably running  
>> FreeBSD-amd64 (vs FreeBSD-i386).
>>
>> If you want to look in to RAID1 or RAID1+0 see geom_mirror and  
>> geom_stripe, also in the base system.
>>
>> JN
>
> Hiya
>
> Thanks for this. I was looking at ZFS and I am impress with what I read,  
> unfortunately no AMD 64 and I only have 1Gig Ram.

You can use ZFS on i386 and with 1GB RAM.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: fastest raw device copy?

[Jeremy Chadwick]

On Mon, Nov 03, 2008 at 09:04:47AM +0100, Wojciech Puchar wrote:
>> Would there be anything wrong in
>>
>>  cat /dev/ad0 > /dev/da0
>>
>> ?
>
> small block size, IMHO 4kB with cat

Not to mention, doesn't cat operate on a character level and not a block
level?

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: MySQL not restarted after portupgrade

[Jeremy Chadwick]

On Mon, Nov 03, 2008 at 12:52:53AM -0500, Andrew Berry wrote:
> For some reason, after running portupgrade databases/mysql51-server,  
> MySQL is brought down, but not restarted. It's not a huge issue, as I  
> just have to remember to run the rc.d script after upgrading, but I was 
> wondering if anyone else had seen this? portupgrade seems to work fine 
> with other daemons such as Apache and Courier IMAP.

This is a per-port thing, unless portupgrade provides some form of
rc.subr script restarting itself.  There is no "standard" for this.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: FreeBSD on Eeepc 1000h

[Jeremy Chadwick]

On Sun, Nov 02, 2008 at 01:56:27PM +0100, Sven Aluoor wrote:
> On Sun, 2 Nov 2008 08:42:53 +0100
> Matthias Apitz <[EMAIL PROTECTED]> wrote:
> > El día Sunday, November 02, 2008 a las 02:48:13AM +0300, Boris
> > Samorodov escribió:
> > > Seems that you may be interested at:
> > > http://docs.freebsd.org/cgi/getmsg.cgi?fetch=343551+0+current/freebsd-current
> 
> Hi Boris
> 
> This link reference to an empty document
> 
> > Known issues and FreeBSD work for the eeePC series are described here:
> > http://wiki.freebsd.org/AsusEee
> > 
> > HIH
> 
> Hi Matthias
> 
> Thanks for the wikipage. I quote from there:
> 
> Atheros L1 FastEthernet
> This one is second generation of L1 controller which is supposed to be
> heavily modified by Atheros after acquiring Attansic. This controller
> uses different bits/meaning in register layouts and seems to use
> different descriptor formats. This is not supported by the age(4)
> driver. 
> 
> In clear text: at the moment there is no driver available? Is this
> correct?

This might be applicable:

I recently send Yong-Hyeon PYUN an Asus P5Q SE motherboard, solely to
develop a driver for the Attansic L1 chip that's on the motherboard.
After a few weeks he returned to me a driver called ate(4), which
supports the Atheros AR8121/AR8113/AR8114 NICs.  The description I
got, as well as the driver:

"Ok, here is a working driver, ate(4), for Atheros AR8121/AR8113
and AR8114. It passed minimal functional requirement of network
driver of FreeBSD but it still needs more test and cleanups.
I'm not sure you have hardwares to test ate(4) but if you have
it give it a try. Note it seems that the hardware, at least AR8121,
has checksum offload bug so I disabled Tx side checksum offload.
TSO seems to work though.

The Tx performance is 920Mbps or higher but Rx performance
is 850~870 Mbps which is lower than Tx. It also requires a lot of
CPU cycles to push the hardware to limit but I think it comes from
hardware limitation not from ate(4) itself."

There is absolutely no guarantee that this is the same exact NIC used on
the Asus Eee, but there's a chance.

This driver isn't publicly available yet, and I do not feel comfortable
sending it to people here without Yong-Hyeon's permission.  I've CC'd
him so he can put it up on freebsd.org somewhere and let folks test it,
assuming it will/does work with the Asus Eee.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: OT: Shell Script using Awk

[Jeremy Chadwick]

On Sat, Nov 01, 2008 at 08:17:54PM -0800, David Allen wrote:
> On 11/1/08, Jeremy Chadwick <[EMAIL PROTECTED]> wrote:
> > On Sat, Nov 01, 2008 at 06:21:55PM -0700, David Allen wrote:
> >> My apologies for asking on this list, but I'm stuck without Perl and need
> >> to use awk to generate a report.
> >>
> >> I'm working with a large data set spread across multiple files, but to
> >> keep things simple, say I have A Very Long String that containing records,
> >> each delimited by a single space.  I need to print those records in
> >> columnar format, but with only 7 columns per line:
> >>
> >> record1  record2  record3  record4  record5  record6  record7
> >> record08 record09 record10 record11 record12 record13 record14
> >> ...
> >>
> >> Should be simple, but I'm getting nowhere.
> >
> > $ cat input
> > col1 col2 col3 col4 col5 col6 col7 col8 col9 col10 col11 col12 col13 col14
> >
> > $ cat output.awk
> > {
> > print $1 " " $2 " "  $3 " "  $4 " "  $5 " "  $6 " "  $7
> > print $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14
> > }
> >
> > $ cat intput | awk -f output.awk
> > col1 col2 col3 col4 col5 col6 col7
> > col8 col9 col10 col11 col12 col13 col14
> 
> Thanks for the reply, Jeremy, but that approach would require an
> entirely manual approach, which isn't suitable for what I'm working
> with.  Writing a script that's the same size as the data I'm working
> with isn't an option.  ;-)

I'm confused -- what's the problem?

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: OT: Shell Script using Awk

[Jeremy Chadwick]

On Sat, Nov 01, 2008 at 06:21:55PM -0700, David Allen wrote:
> My apologies for asking on this list, but I'm stuck without Perl and need
> to use awk to generate a report.
> 
> I'm working with a large data set spread across multiple files, but to
> keep things simple, say I have A Very Long String that containing records,
> each delimited by a single space.  I need to print those records in
> columnar format, but with only 7 columns per line:
> 
> record1  record2  record3  record4  record5  record6  record7
> record08 record09 record10 record11 record12 record13 record14
> ...
> 
> Should be simple, but I'm getting nowhere.

$ cat input
col1 col2 col3 col4 col5 col6 col7 col8 col9 col10 col11 col12 col13 col14

$ cat output.awk
{
print $1 " " $2 " "  $3 " "  $4 " "  $5 " "  $6 " "  $7
print $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14
}

$ cat intput | awk -f output.awk
col1 col2 col3 col4 col5 col6 col7
col8 col9 col10 col11 col12 col13 col14

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: crons and syslogd not running

[Jeremy Chadwick]

On Fri, Oct 31, 2008 at 08:56:33PM -0400, Michael P. Soulier wrote:
> I upgraded from 5.5 to 6.3, and I've noticed that many of my cronjobs defined
> in /etc/crontab don't seem to be running anymore. I have nightly jobs that
> obviously aren't running, and /var/log/cron makes no mention of them.
> 
> Looking for logs, I found syslogd down, although cron was up.
> 
> Any idea of where I should look? Stability problems in syslogd?

"dmesg" might show something like syslogd crashing or segfaulting for
some reason.

And no, I've never experienced any stability problems with syslogd on
FreeBSD (any version; 2.2.8 through 7.1).

Otherwise, I'd say the upgrade may have gone awry at one particular
stage of your upgrade.  If the problem doesn't recur, I wouldn't worry
too much about it.  Upgrading between major versions always seems to
have quirks/risks.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Firewalls in FreeBSD?

[Jeremy Chadwick]

On Fri, Oct 31, 2008 at 01:27:40PM -0400, Lowell Gilbert wrote:
> Jeremy Chadwick <[EMAIL PROTECTED]> writes:
> 
> > On Fri, Oct 31, 2008 at 12:35:30PM -0400, Lowell Gilbert wrote:
> 
> >> Okay, I guess I'm a little confused by the line about "ONLY allow data
> >> back on these ports IF the windows box has established the connection
> >> out first then deny everything else."  I read that as saying that the
> >> Windows box had sent a packet on the same connection (4-tuple, at
> >> least) that should be later accepted heading *to* the Windows box.
> >> That's just a stateful rule, and it seems to be at odds with what you
> >> wrote in your first message in the thread.  The apparent disagreement
> >> was why I said anything in the first place; it sounds like there's
> >> more than one model of how the game works.
> >
> > I understand the confusion.  Here's the actual protocol that the game
> > appears to be using (since the OP has stated forwarding a port range to
> > his LAN PC solves the problem -- meaning, his original description of
> > how the game protocol worked is accurate):
> 
> I see.  If that is the case, then the word "connection" in the line I
> quoted from Jack Barnett does *not* mean a TCP session, but something
> a little more nebulous.  "Game session" might cover it.  
> 
> [I *was* aware of that possible confusion, which was why I specified
> an address/port tuple as the definition of "connection."]
> 
> Sorry for the distraction; I see that (short of a deep-inspection
> snooping of the protocol), what has already been done is as good as
> you can get.

Nah, it's cool -- the misunderstanding is... understandable.  :-)

I've never seen a game behave this way (specifically, the gameserver
initiating a *brand new connection* rather than utilising an existing
one, or having the client initiate a connection to the server -- in
which case, a stateful firewall will work perfectly and no firewall
rules are needed).

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Cannot login to root account on FreeBSD 7.0

[Jeremy Chadwick]

On Fri, Oct 31, 2008 at 09:36:17AM -0700, mdh wrote:
> Right - sorry, my bad on that one.  But do substitute -ggdb for your -g, as 
> that'll give us GDB-specific debugging symbols.  

Best not to take any chances.  Use both: -g3 -ggdb   :-)

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Firewalls in FreeBSD?

[Jeremy Chadwick]

On Fri, Oct 31, 2008 at 12:35:30PM -0400, Lowell Gilbert wrote:
> Jeremy Chadwick <[EMAIL PROTECTED]> writes:
> 
> > On Fri, Oct 31, 2008 at 12:05:28PM -0400, Lowell Gilbert wrote:
> >> Jeremy Chadwick <[EMAIL PROTECTED]> writes:
> >> 
> >> > On Thu, Oct 30, 2008 at 06:34:31PM -0500, Jack Barnett wrote:
> >> >>
> >> >> Ok, I had some progress with this last night. Basically what I do is:
> >> >>
> >> >> in natd - redirect_port 1000 to 1 to the internal windows box.
> >> >> set ipfw to "open" file wall.
> >> >>
> >> >> Obviously this isn't prefect - but gives some idea of what's going on.
> >> >>
> >> >> What I'd like to do, is a) keep the nat redirects since that works  
> >> >> pretty well.
> >> >> b) in ipfw, ONLY allow data back on these ports IF the windows box has  
> >> >> established the connection out first then deny everything else.
> >> >
> >> > This is called "port triggering" in the residential router world.  I
> >> > don't know how to do this on FreeBSD.
> >> 
> >> Stateful rules are the only way to do it.
> >> In fact, this is the main purpose of stateful rules.
> >
> > Read this part of the thread, where I outline protocol flow (based on
> > what the OP has stated about the protocol, which so far appears to be
> > accurate):
> >
> > http://lists.freebsd.org/pipermail/freebsd-questions/2008-October/thread.html
> >
> > Stateful rules will not solve this problem.
> >
> > The OP wants a feature that tells ipfw or pf "after the TCP handshake
> > has completed, dynamically add a port forward for port X on interface Y
> > to machine A on port Z; when the TCP session is FIN'd cleanly, or
> > extinguishes, dynamically remove that port forward".
> 
> Okay, I guess I'm a little confused by the line about "ONLY allow data
> back on these ports IF the windows box has established the connection
> out first then deny everything else."  I read that as saying that the
> Windows box had sent a packet on the same connection (4-tuple, at
> least) that should be later accepted heading *to* the Windows box.
> That's just a stateful rule, and it seems to be at odds with what you
> wrote in your first message in the thread.  The apparent disagreement
> was why I said anything in the first place; it sounds like there's
> more than one model of how the game works.

I understand the confusion.  Here's the actual protocol that the game
appears to be using (since the OP has stated forwarding a port range to
his LAN PC solves the problem -- meaning, his original description of
how the game protocol worked is accurate):

windows= 192.168.x.x machine on the LAN
natgwlan   = private LAN-facing IP of FreeBSD box (e.g. gateway IP)
natgwwan   = public Internet-facing IP of FreeBSD box
gameserver = game server (public Internet IP)

* = randomly-allocated port number
gameport  = some static port # for the game (OP hasn't disclosed this)
range = some specific range of port numbers (OP says 1000-1)

This is what would happen if the windows machine was on the Internet
directly (no NAT, no firewall):

Step 1)  windows:* -->  gameserver:gameport
Step 2)  gameserver:*  -->  windows:range

Note that the randomly-allocated port number is *not* identical
between all of the above steps; literally each is a new port and
unrelated to the previous -- hence why state tracking won't work.

Now with NAT in the way, this is what happens for Step 1:

windows:*  <-->  natgwlan
 natgwwan:*  <--> gameserver:gameport

Once the TCP handshake is completed for Step 1, the following happens
as a result of Step 2 -- again, note this is a *brand new connection*
being initiated from the gameserver:

gameserver:*  <-->  natgwwan:range

The problem is that these are all brand new connections being initiated,
and there's no way to cross-reference them, which is why state tracking
won't work to solve the OPs problem.

The "port triggering" method I described above, commonly available
on residential routers, is configured so that once the TCP handshake
is completed in Step 1, the router/natgw *immediately* adds a port
forward and firewall allow/pass rule (you have to configure it to
say what port range to forward, and what LAN IP to forward the packets
to).

Thus, the following would happen immediately after the TCP handshake was
completed in Step 1:

- natgw adds a firewall pass rule for natgwwan:range
- natgw adds a forwarding rule for natgwwan:1000 --> windows, where
  the po

Re: Firewalls in FreeBSD?

[Jeremy Chadwick]

On Fri, Oct 31, 2008 at 12:05:28PM -0400, Lowell Gilbert wrote:
> Jeremy Chadwick <[EMAIL PROTECTED]> writes:
> 
> > On Thu, Oct 30, 2008 at 06:34:31PM -0500, Jack Barnett wrote:
> >>
> >> Ok, I had some progress with this last night. Basically what I do is:
> >>
> >> in natd - redirect_port 1000 to 1 to the internal windows box.
> >> set ipfw to "open" file wall.
> >>
> >> Obviously this isn't prefect - but gives some idea of what's going on.
> >>
> >> What I'd like to do, is a) keep the nat redirects since that works  
> >> pretty well.
> >> b) in ipfw, ONLY allow data back on these ports IF the windows box has  
> >> established the connection out first then deny everything else.
> >
> > This is called "port triggering" in the residential router world.  I
> > don't know how to do this on FreeBSD.
> 
> Stateful rules are the only way to do it.
> In fact, this is the main purpose of stateful rules.

Read this part of the thread, where I outline protocol flow (based on
what the OP has stated about the protocol, which so far appears to be
accurate):

http://lists.freebsd.org/pipermail/freebsd-questions/2008-October/thread.html

Stateful rules will not solve this problem.

The OP wants a feature that tells ipfw or pf "after the TCP handshake
has completed, dynamically add a port forward for port X on interface Y
to machine A on port Z; when the TCP session is FIN'd cleanly, or
extinguishes, dynamically remove that port forward".

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Cannot login to root account on FreeBSD 7.0

[Jeremy Chadwick]

On Fri, Oct 31, 2008 at 08:15:25AM -0700, Jeremy Chadwick wrote:
> Are you sure this machine does not have hardware problems?  Please
> download and run memtest86++ from a CD.  You shouldn't have to run this
> very long (15-20 minutes at tops in this case); errors will be quite
> obvious.

Oops, this should have been memtest86+.  :-)

http://www.memtest.org/

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Cannot login to root account on FreeBSD 7.0

[Jeremy Chadwick]

On Fri, Oct 31, 2008 at 08:39:46PM +0530, Pramod Dematagoda wrote:
> On Fri, 2008-10-31 at 16:00 +0100, Mel wrote:
> > On Friday 31 October 2008 15:53:23 Pramod Dematagoda wrote:
> > > On Fri, 2008-10-31 at 07:09 -0700, Jeremy Chadwick wrote:
> > > > On Fri, Oct 31, 2008 at 06:59:04PM +0530, Pramod Dematagoda wrote:
> > > > > But now I've faced a big problem, I can no longer seem to login to the
> > > > > root account where whenever I supply the proper credentials to the
> > > > > login screen, I always get thrown back to the login screen. This
> > > > > started happening after I installed D-bus and HAL through the FreeBSD
> > > > > ports which were built upon Xorg 1.5.1 which I had built myself
> > > > > previously, so I am wondering if something I did may have caused the
> > > > > problem.
> > > >
> > > > Reboot the machine and at the FreeBSD beastie/loader menu, hit "4" to
> > > > boot into single-user mode.  Once there, do:
> > > >
> > > > # mount -a
> > > > # mount -o rw -u /
> > > > # passwd root
> > > >
> > > > And change the password.  "reboot" and you should be good to go.
> > >
> > > Hey Jeremy,
> > >
> > > Thanks for looking into the problem, but unfortunately your solution did
> > > not work, I changed the root password to something else, however I still
> > > cannot login to root once I boot FreeBSD normally.
> > 
> > There should be in indication in /var/log/messages or /var/log/auth.log.
> > 
> I checked /var/log/messages, and I found something interesting, it seems
> that csh exits with signal 11(core dumped) right after a root login,
> there is nothing out of the ordinary in auth.log. But now what do I do
> to fix the problem, change the shell?

csh should not sig11.

Are you sure this machine does not have hardware problems?  Please
download and run memtest86++ from a CD.  You shouldn't have to run this
very long (15-20 minutes at tops in this case); errors will be quite
obvious.

You can try changing the shell to /bin/sh, but this is not recommended
(meaning, if/when you get the system working again, please change it
back to /bin/csh -- I can't stress this enough).

You can change the shell by following the above steps I gave you, but
using "chsh" instead of "passwd root".

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: fastest raw device copy?

[Jeremy Chadwick]

On Fri, Oct 31, 2008 at 03:36:02PM +0100, Christoph Kukulies wrote:
> Ivan Voras schrieb:
>> Jeremy Chadwick wrote:
>>   
>>> On Fri, Oct 31, 2008 at 09:48:16AM +0100, Christoph Kukulies wrote:
>>> 
>>
>>   
>>>> What would be the fastest way to do that sector by sector copy? I'm 
>>>>  using dd right now,
>>>>
>>>> dd if=/dev/ad0 of=/dev/da0 bs=1000
>>>>   
>>
>>   
>>> On the flip side, your blocksize (bs) there is quite high for no good
>>> reason.  I'd pick something more like bs=64k or bs=128k.  The default
>>> (512) is too small for what you want, but 10MBytes is silly.
>>> 
>>
>> Not only that, but "1000" isn't even correct - it needs to be a
>> multiple of sector size. Generally, using suffixes will do the right thing:
>>
>> dd if=/dev/ad0 of=/dev/da0 bs=1m
>>
>>   
> OK, I understand that 1000 isn't good, I just thought it wouldn't  
> harm. But if it is a transfer rate killer then I'd better think of  
> typing ^C now. The command is running for 6 hours now.

Six hours?  Hmm...  That seems too long, but of course the FreeBSD USB
stack is involved, and a USB device in general.  I would have assumed
that copy should have finished after 2-3 hours tops.

> An idea how I can check the current amount of transfered byed alongside  
> the running dd command? Or watch the current i/o rate?

iostat or gstat (I'm willing to bet you prefer the latter) will get you
what you want, more or less.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Cannot login to root account on FreeBSD 7.0

[Jeremy Chadwick]

On Fri, Oct 31, 2008 at 06:59:04PM +0530, Pramod Dematagoda wrote:
> But now I've faced a big problem, I can no longer seem to login to the
> root account where whenever I supply the proper credentials to the login
> screen, I always get thrown back to the login screen. This started
> happening after I installed D-bus and HAL through the FreeBSD ports
> which were built upon Xorg 1.5.1 which I had built myself previously, so
> I am wondering if something I did may have caused the problem.

Reboot the machine and at the FreeBSD beastie/loader menu, hit "4" to
boot into single-user mode.  Once there, do:

# mount -a
# mount -o rw -u /
# passwd root

And change the password.  "reboot" and you should be good to go.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: fastest raw device copy?

[Jeremy Chadwick]

On Fri, Oct 31, 2008 at 09:48:16AM +0100, Christoph Kukulies wrote:
> Hi list,
>
> I'm considering using a bootable USB stick with FreeBSD to perform a  
> backup of my notebooks'
> 500 GB hard disk to a physically identical (same make, same type, same  
> size) hard disk attached to  USB.
>
> What would be the fastest way to do that sector by sector copy? I'm  
> using dd right now,
>
> dd if=/dev/ad0 of=/dev/da0 bs=1000
>
> but maybe there is a utility which does this faster or a larger buffer  
> size? Probably the limit will be
> the USB 2.0 bus speed anyway?

In general, what you're doing is correct for a block copy.  There is
nothing (that I know of) which is faster; you're copying 500GB of data
(including the unused portion -- you *did* ask for a block copy),
and this takes a long time.  Be patient.

On the flip side, your blocksize (bs) there is quite high for no good
reason.  I'd pick something more like bs=64k or bs=128k.  The default
(512) is too small for what you want, but 10MBytes is silly.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Filesystem, RAID Question

[Jeremy Chadwick]

On Thu, Oct 30, 2008 at 10:05:43PM -0500, Rich Winkel wrote:
> On Thu, Oct 30, 2008 at 07:33:47PM -0700, Jeremy Chadwick wrote:
> > > One of the main functions of softupdates is to order disk updates in such
> > > a way that the fs organizational integrity is maintained at all times.
> > 
> > And we've recently found that this is simply not the case.  The benefits
> > of SU are applicable to very specific environments; desktop PCs are the
> > main ones, offering great performance improvements there.
> 
> Thanks for pointing that out.  Is this an acknowledged bug in SU?  Is it
> still a problem in 7.0?

It's a problem in every release.  I believe it's more of an engineering
oversight; I don't know if it's truly fixable.  I guess there are some
kinds of filesystem errors which can't safely be fixed automatically.

There's no harm in background_fsck="no", but the reason that's not the
default is that most people want their system back up and working
immediately after a crash (don't want to wait for fsck to finish).

It's a personal choice: I would prefer the system stay down longer due
to a thorough fsck than have it come back up and still have some
underlying corruption that's being silenced.

The thread is below.  It is quite long and complex, so be sure to have
coffee or water on hand.

http://lists.freebsd.org/pipermail/freebsd-stable/2008-September/thread.html#45211

I kind of consider all of this "water under the bridge" now that ZFS is
available, and addresses all of these problems quite effectively.

> > > Of course this doesn't protect against actual sector corruption, but if
> > > the disk is between writes at the time it loses power, the fs structure
> > > is supposed to still be internally consistent.  At least that's my
> > > understanding of it.
> > 
> > Yep, that's how I understand it as well.  But this is a different topic
> > than what we were discussing 2-3 replies ago, talking about how a RAID
> > controller with cache + BBU is sufficient enough to guarantee data
> > integrity even when power is lost -- that's incorrect.
> 
> The reason I brought it up is that it occurred to me that if the hardware
> raid card reorders disk i/o it would mess with SU's ordering.  I wonder
> whether this was happening in the previous thread you referred to
> concerning fsck?

Quite honestly, I don't understand the technical details of RAID card
I/O re-ordering vs. softupdates to be able to state "yeah, that's a
problem".  Someone much more familiar with the intricacies will have
to comment on this, and I believe freebsd-fs would be a better group
for that discussion, not -questions.

But I assume that if it was a problem, we'd be seeing a *very* large
number of business customers (making the assumption they're the ones
using hardware RAID cards) complaining regularly and loudly.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Filesystem, RAID Question

[Jeremy Chadwick]

On Thu, Oct 30, 2008 at 08:41:59PM -0500, Rich Winkel wrote:
> On Thu, Oct 30, 2008 at 04:38:49PM -0700, Jeremy Chadwick wrote:
> > On Thu, Oct 30, 2008 at 06:12:07PM -0500, Rich Winkel wrote:
> > > Doesn't hw.ata.wc affect only card-level caching?
> > 
> > hw.ata.wc causes the ata(4) subsystem to disable write caching on all
> > disks attached to the subsystem.  It does not disable card features.
> 
> I mean, the individual disks are invisible to the OS unless the
> card's driver (and the card itself) specifically supports it.

Correct.

With regards to ATA: ata(4) has support for pass-through on some RAID
cards, such as Promise.  FreeBSD will see the individual disks (e.g.
ad4, ad6, etc.) as well as the array (e.g. ar0).

With regards to SCSI: pass(4) provides this capability.  I don't think
in the case of SCSI that the disks will appear in FreeBSD (e.g. da0)
though.  Instead, pass(4) can be used to query individual disks on an
array, e.g. smartctl's -d flag (e.g. -d 3ware, -d marvell, etc.).

In both cases (ATA and SCSI), the card itself has to support
pass-through, *and* the FreeBSD driver has to have code to allow for
such, otherwise no go.

> > There's also the below PR, which extends atacontrol to permit disabling
> > and enabling write caching on a per-disk basis.
> > 
> > http://www.freebsd.org/cgi/query-pr.cgi?pr=127717
> 
> But not on disks which are behind hardware raid cards, correct?

Correct.  For FreeBSD to be able to disable write caching on disks
behind a RAID controller, one of two things is needed:

1) Pass-through support (see above),
2) A native CLI program that interfaces with the card directly (usually
   written by the vendor).

Sadly, #2 appears to be the most common choice when a RAID card is used.
I say "sadly" because many vendors do not support FreeBSD, and only
offer Linux CLI programs -- requiring an administrator to install Linux
emulation, Linux libraries, etc., and *hoping* that it works.

If the neither of the above options are available, then your only choice
is to go into the RAID card's BIOS and disable write caching in there,
assuming the option exists (on many cards it does).

> > What gives you the impression that during a power outage your data is
> > going to be intact?
> 
> One of the main functions of softupdates is to order disk updates in such
> a way that the fs organizational integrity is maintained at all times.

And we've recently found that this is simply not the case.  The benefits
of SU are applicable to very specific environments; desktop PCs are the
main ones, offering great performance improvements there.

But there's a known problem with the "background fsck" feature of
FreeBSD, which is only applicable to filesystems which use SU; sometimes
fsck does not correct all errors, causing the filesystem to be marked
clean, even though there are actual problems with it.  There's a thread
from about a month ago discussing why background_fsck="no" is highly
recommended when using SU.

> Of course this doesn't protect against actual sector corruption, but if
> the disk is between writes at the time it loses power, the fs structure
> is supposed to still be internally consistent.  At least that's my
> understanding of it.

Yep, that's how I understand it as well.  But this is a different topic
than what we were discussing 2-3 replies ago, talking about how a RAID
controller with cache + BBU is sufficient enough to guarantee data
integrity even when power is lost -- that's incorrect.

Back to write caching:

Disabling write caching on disks does not guarantee integrity in the
case of such failures either -- on the other hand, by disabling an extra
layer of caching, you've essentially diminished the risk by only a
nominal amount.

I personally believe disabling write caching is not a plausible option
for users; the performance hit is major (I have done tests) -- write
speeds drop to 12% of total capability.  Meaning: 70MB/sec with WC
enabled, 8.4MB/sec with WC disabled.  This is *without* a controller
that does caching of any kind.

Essentially you can use this to benchmark which is faster: write
caching disabled on disks + caching enabled on a controller, or
write caching enabled on disks + caching disabled on a controller.
It would be interesting to see benchmark comparisons of different
controllers.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Large discrepancy in reported disk usage on USR partition

[Jeremy Chadwick]

On Fri, Oct 31, 2008 at 11:50:39AM +1030, Brendan Hart wrote:
> >> #: df -h
> >> Filesystem  SizeUsed   Avail Capacity  Mounted on
> >> /dev/aacd0s1a   496M163M 293M36%/
> >> devfs   1.0K1.0K 0B  100%   /dev
> >> /dev/aacd0s1e   496M15M  441M3% /tmp
> >> /dev/aacd0s1f28G25G  1.2G96%/usr
> >> /dev/aacd0s1d   1.9G429M 1.3G24%/var
> 
> > Is this output untruncated? Is df really df or an alias to 'df -t nonfs'?
> 
> Yes, it really is the untruncated output of "df -h". I also tried the "df -t
> nonfs" and it gives exactly the same output as "df". What are you expecting
> that is not present in the output ?
> 
> > Is it possible that nfs directory got written to /usr at some point in
> time? 
> > You would only notice this with du if the nfs directory is unmounted.
> > Unmount it and ls -al /usr/mountpoint should only give you an empty dir
> 
> Bingo!! That is exactly the problem. An NFS mount was hiding a 17G local dir
> which had an old copy of the entire NFS mounted dir. I guess it must have
> been written incorrectly to this standby server by RSYNC before the NFS
> mount was put in place. I will add an exclusion to rsync to make sure it
> does not happen again even if the NFS dir is not mounted.
> 
> Thank you for your help, you have saved me much time rebuilding this server.

Can either of you outline what exactly happened here?  I'm trying to
figure out how an "NFS mount was hiding a 17G local dir", when there's
no NFS mounts shown in the above df output.  This is purely an ignorant
question on my part, but I'm not able to piece together what happened.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Large discrepancy in reported disk usage on USR partition

[Jeremy Chadwick]

On Fri, Oct 31, 2008 at 11:15:15AM +1030, Brendan Hart wrote:
> > What you showed tells me nothing about SMART, other than the remote 
> > possibility 
> > its basing some of its decisions on the "general SMART health status", 
> > which means jack squat.  I can explain why this is if need be, but it's
> > not related to the problem you're having.
> 
> Thanks for this additional information. I hadn't understood that there was
> far more information behind the simple SMART ok/not ok reported by the PERC
> controller.

Here's an example of some attributes:

ID# ATTRIBUTE_NAME  FLAG VALUE WORST THRESH TYPE  UPDATED  
WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate 0x000f   200   200   051Pre-fail  Always   
-   0
  3 Spin_Up_Time0x0003   178   175   021Pre-fail  Always   
-   6066
  4 Start_Stop_Count0x0032   100   100   000Old_age   Always   
-   50
  5 Reallocated_Sector_Ct   0x0033   200   200   140Pre-fail  Always   
-   0
  7 Seek_Error_Rate 0x000e   200   200   051Old_age   Always   
-   0
  9 Power_On_Hours  0x0032   085   085   000Old_age   Always   
-   11429
 10 Spin_Retry_Count0x0012   100   253   051Old_age   Always   
-   0
 11 Calibration_Retry_Count 0x0012   100   253   051Old_age   Always   
-   0
 12 Power_Cycle_Count   0x0032   100   100   000Old_age   Always   
-   48
192 Power-Off_Retract_Count 0x0032   200   200   000Old_age   Always   
-   33
193 Load_Cycle_Count0x0032   200   200   000Old_age   Always   
-   50
194 Temperature_Celsius 0x0022   117   100   000Old_age   Always   
-   33
196 Reallocated_Event_Count 0x0032   200   200   000Old_age   Always   
-   0
197 Current_Pending_Sector  0x0012   200   200   000Old_age   Always   
-   0
198 Offline_Uncorrectable   0x0010   200   200   000Old_age   Offline  
-   0
199 UDMA_CRC_Error_Count0x003e   200   200   000Old_age   Always   
-   0
200 Multi_Zone_Error_Rate   0x0008   200   200   051Old_age   Offline  
-   0

You probably now understand why having access to this information is
useful.  :-)  It's very disappointing that so many RAID controllers
don't provide a way to get at this information; the ones which do I am
very thankful for!

> > Either way, this is just one of many reasons to avoid hardware RAID
> controllers if given the choice.
> 
> I have seen some mentions of using gvinum and/or gmirror to achieve the
> goals of protection from Single Point Of Failure with a single disk, which I
> believe is the reason that most people, myself included, have specified
> Hardware RAID in their servers. Is this what you mean by avoiding Hardware
> Raid? 

More or less.  Hardware RAID has some advantages (I can dig up a mail of
mine long ago outlining what the advantages were), but a lot of the time
the controller acts as more of a hindrance than a benefit.  I personally
feel the negatives outweigh the positives, but each person has different
needs and requirements.  There are some controllers which work very well
and provide great degrees of insights (at a disk level) under FreeBSD,
and those are often what I recommend if someone wants to go that route.

I make it sound like I'm the authoritative voice for what a person
should or should not buy -- I'm not.  I predominantly rely on Intel ICHx
on-board controllers with SATA disks, because ICHx works quite well
under FreeBSD (especially with AHCI).

I personally have no experience with gmirror or gvinum, but I do have
experience with ZFS.  (I'll have a little more experience with gmirror
once I have the time to test some reported problems with gmirror and
high interrupt counts when a disk is hot-swapped).

> > I hope these are SCSI disks you're showing here, otherwise I'm not sure how 
> > the 
> > controller is able to get the primary defect count of a SATA or SAS disk.  
> > So, 
> > assuming the numbers shown are accurate, then yes, I don't think there's 
> > any 
> > disk-level problem.
>
> Yes, they are SCSI disks. Not particularly relevant to this topic, but
> interesting: I would have thought that SAS would make the same information
> available as SCSI does, as it is a serial bus evolution of SCSI. Is this
> thinking incorrect?

I don't have any experience with SAS, so I can't comment on what
features are available on SAS.

Specifically with regards to SMART: historically, SCSI does not provide
the amount of granularity/detail with attributes as ATA/SATA does.  I do
not consider this a negative against SCSI (in case, I very much like
SCSI).  SAS might provide these details, but I don

Re: Filesystem, RAID Question

[Jeremy Chadwick]

On Thu, Oct 30, 2008 at 04:38:49PM -0700, Jeremy Chadwick wrote:
> ...
> In this scenario, write caching on the disks is usually done by the
> controller itself (through a BIOS option), and not by FreeBSD.

This should have read: "... usually enabled/disabled by the controller
itself".  :-)  Sorry if that confused anyone.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Firewalls in FreeBSD?

[Jeremy Chadwick]

On Thu, Oct 30, 2008 at 06:34:31PM -0500, Jack Barnett wrote:
>
> Ok, I had some progress with this last night. Basically what I do is:
>
> in natd - redirect_port 1000 to 1 to the internal windows box.
> set ipfw to "open" file wall.
>
> Obviously this isn't prefect - but gives some idea of what's going on.
>
> What I'd like to do, is a) keep the nat redirects since that works  
> pretty well.
> b) in ipfw, ONLY allow data back on these ports IF the windows box has  
> established the connection out first then deny everything else.

This is called "port triggering" in the residential router world.  I
don't know how to do this on FreeBSD.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Filesystem, RAID Question

[Jeremy Chadwick]

On Thu, Oct 30, 2008 at 06:12:07PM -0500, Rich Winkel wrote:
> On Wed, Oct 29, 2008 at 07:49:00PM +, Matthew Seaman wrote:
> > Given that you don't have a BBU, what is the status of write caching
> > on the individual hard drives?  You'll have to use 3dm2 or the CLI 
> > equivalent to investigate this, as the RAID controller tends to hide 
> > that level of information from the OS.  However, this setting is the
> > same thing as controlled by the hw.ata.wc sysctl -- and like that 
> > it has a major effect on disk IO performance.  Turning write caching 
> > off is the safe, conservative thing to do for maximum data security.  
> 
> Doesn't hw.ata.wc affect only card-level caching?

hw.ata.wc causes the ata(4) subsystem to disable write caching on all
disks attached to the subsystem.  It does not disable card features.

There's also the below PR, which extends atacontrol to permit disabling
and enabling write caching on a per-disk basis.

http://www.freebsd.org/cgi/query-pr.cgi?pr=127717

> It seems likely that the softupdates queuing order might be scrambled
> by card-level caching if it juggles pending writes around to minimize
> seek times.  If so, it would be disasterous for data integrity in
> the event of a power outage.  Disk-level caching might be safe
> though ...  Someone needs to ask 3ware whether the card reorders
> updates and if so, if there's a setting to keep them in order.

What gives you the impression that during a power outage your data is
going to be intact?

The RAID card itself may have a BBU, so during loss of power any cached
data *on the card* will be attempt to be flushed to disk... except the
PC (including hard disks -- unless they're powered from some other
source) is already down/offline by this point.  And let's not forget
that the OS/kernel is also gone, which means any writes which were
sitting in cached memory in the kernel are lost as well.

Even disabling write caching on the disks themselves won't help,
although it might help with actual I/O performance (using 2 levels of
caching: RAID controller, and OS/kernel).  In this scenario, write
caching on the disks is usually done by the controller itself (through
a BIOS option), and not by FreeBSD.

For some reason people think that a H/W RAID card with a BBU guarantees
data integrity (keyword: guarantees).  I'm still trying to understand
why people think that.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Marvell 88E8052 PCI-E LAN on FreeBSD 7.0

[Jeremy Chadwick]

On Thu, Oct 30, 2008 at 11:33:34AM -, Graham Bentley wrote:
> Hi ALl,
>
> I have a DFI LanParty Mobo that includes Marvells 88E8052
> and 88E8053 LAN IF.
>
> Using the module with 7.0 [msk] the network preformance
> is terrible, Opera / Links stall, or wont page load at
> all although pings to the router are fine?
>
> I then tried using Marvells own driver the website [myk]
> and the results where about the same.
>
> Just before I was about to give up and put in my trusty
> old 3Com 3C509 [xl] I noticed that in the Marvell doco
> there where several tunable params so decided to try
> out a few.
>
> I discovered that adding -txcsum and -rxcsum (i.e.
> disabling hardware checksuming) to the ifconfig
> statement, the performance was as quick as it is
> on that other OS!

Yong-Hyeon Pyun can probably explain what's going on here.  I've CC'd
him on this mail; he usually hangs out on -stable though.

You need to keep something in mind here: Marvell does not give out
documentation for their cards publicly, so Yong-Hyeon has to
reverse-engineer and "tinker" with what he already knows.  Some hardware
feature do not work, others are buggy, others work fine on specific
revisions of the chip while later ones break.

And if you tell me "Well Linux has support for this chip!", I will throw
the following evidence back in your face: Marvell and other companies
are giving Linux developers development PCI cards to develop drivers
with (sometimes even before the card is out in the market), so Linux has
the upper hand here.  They are not doing this with the BSDs.

Purely as an example: in my Wiki, section "Network devices", see the
entry for the 88E8040 NIC.  I'm still working with Yong-Hyeon to try to
get him access to a laptop that has this chip so he can write the
driver.

http://wiki.freebsd.org/JeremyChadwick/Commonly_reported_issues

This should give you some idea of the complexities.  As I said, Linux
has the upper hand, because they're getting support from Marvell.

> It seems that hw cs is on by default so I added the
> above to my ifoncfig line in /etc/rc.conf and now
> all is snappy!
>
> I was wondering how could this be the case and also
> if anyone else had this issue with Marvell chips?

I would urge you to go out and purchase an Intel Pro/1000 PT card, which
runs for around 30-40 USD.  It's good to have a spare NIC on hand
anyways -- your 3C509 xl(4) based NIC probably won't cut it, especially
if you're complaining about performance.  :-)  No one uses those cards
any more except individuals running on hardware from 1997, which you are
obviously not.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Setting a different default source address

[Jeremy Chadwick]

On Thu, Oct 30, 2008 at 09:19:48AM +, Chris Hastie wrote:
> Is it possible to set a default source address on a machine?
> 
> I have an ADSL connection with a fixed IP and a further /29 routed to
> it. Until recently I used an ADSL router which acquired the connection
> IP, and then the first of the /29 on the internal interface.
> 
> In an effort to conserve both IPs and the number of machines I have
> running I have recently changed to using an ADSL modem (Vigor Draytek
> 110) which essentially does no more than change the PPPoA to PPPoE. A
> FreeBSD machine then handles the connection using ppp.
> 
> The machine in question has always used one of the /29 addresses, and
> continues to do so (this is assigned to its DMZ facing NIC, vr0). Now,
> of course, outgoing packets are using the connection address, which is
> assigned to tun0.
> 
> Whilst I can override this on an application by application basis for
> many things (eg postfix smtp_bind_address parameter, ping -S switch) is
> there any way to override it system wide, so that the address from the
> /29 is used by default?
> 
> I think I succeeded in doing something similar for an IPv6 tunnel by not
> assigning an IP address to gif0 and configuring the routing as follows
> in rc.conf:
> 
> ipv6_defaultrouter="-interface gif0"
> 
> But I'm not clear whether this would work with ppp, and if so, how to do it.

Try freebsd-net?

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Status line for text mode console

[Jeremy Chadwick]

On Thu, Oct 30, 2008 at 07:04:59AM +0100, Polytropon wrote:
> Some question, inspired by my mainframe time...
> 
> Is there a port that allows FreeBSD to be equipped with some kind
> of status line when using the shell on a text mode console? With
> "status line" I mean some automagically updating text line that
> informs about... date, time, terminal, actual system load, number
> of users logged in or another status, for example like this:
> 
> [EMAIL PROTECTED]:~/src/bla% _
>
> ---
> [EMAIL PROTECTED]:ttyv2 (3)  .:I  <= =>2008-11-30 07:02:15
> 
> For example, the status line sits in line 25, line 24 contains
> a barrier, and the shell runs on lines 1 - 23.
> 
> Is there anything comparable? Or do I have to write my own? :-)

Sounds like something screen(1) offers.  See sysutils/screen.

In general, this is really not something the *operating system* offers,
or the shell.  This is often the responsibility of a third-party
program that manipulates the pty.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: gmirror + subset of partitions gjournal'd, autosync setting?

[Jeremy Chadwick]

On Wed, Oct 29, 2008 at 11:04:37PM -0700, Carl wrote:
> Carl wrote:
>> I've built a GEOM mirror on a single slice of a single disk and am 
>> about to insert the second disk. Of the partitions in the mirror, I 
>> made only a few of them gjournal'd. I've seen it recommended that one 
>> disable autosynchronization for the mirror if using journaled 
>> filesystems.
>>
>> 1. Is that recommendation a must or a nice-to-have? What are the actual 
>> consequences of not taking that advice?
>>
>> 2. In a case like mine, the non-journaled partitions need  
>> autosychronization enabled to benefit from being mirrored, right?
>>
>> 3. Exactly how would I disable autosynchronization for the journaled  
>> partitions in the mirror, but not for the rest?
>
> Can no one help me with this question?

Are you aware of the freebsd-fs list?  freebsd-questions is mainly for
generic "How do I use ls(1)?" questions.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Large discrepancy in reported disk usage on USR partition

[Jeremy Chadwick]

On Thu, Oct 30, 2008 at 02:04:36PM +1030, Brendan Hart wrote:
> On Thu 30/10/2008 12:25 PM, Jeremy Chadwick wrote:
> >> Could the "missing" space be an indication of hardware disk issues i.e.
> >> physical blocks marked as bad? 
> 
> >The simple answer is no, bad blocks would not cause what you're seeing.
> >smartctl -a /dev/disk will help you determine if there's evidence the disk
> is in bad shape.  I can help you with reading SMART stats if need be.
> 
> I took a look at using the smart tools as you suggested, but have now found
> that the disk in question is a RAID1 set on a DELL PERC 3/Di controller and
> smartctl does not appear to be the correct tool to access the SMART data for
> the individual disks.  After a little research, I have found the aaccli tool
> and used it to get the following information:

Sadly, that controller does not show you SMART attributes.  This is one
of the biggest problems with the majority (but not all) of hardware RAID
controllers -- they give you no access to disk-level things like SMART.
FreeBSD has support for such (using CAM's pass(4)), but the driver has
to support/use it, *and* the card firmware has to support it.  At
present, Areca, 3Ware, and Promise controllers support such; HighPoint
might, but I haven't confirmed it.  Adaptec does not.

What you showed tells me nothing about SMART, other than the remote
possibility its basing some of its decisions on the "general SMART
health status", which means jack squat.  I can explain why this is if
need be, but it's not related to the problem you're having.

Either way, this is just one of many reasons to avoid hardware RAID
controllers if given the choice.

> AAC0> disk show defects 00
> Executing: disk show defects (ID=0)
> Number of PRIMARY defects on drive: 285
> Number of GROWN defects on drive: 0
> 
> AAC0> disk show defects 01
> Executing: disk show defects (ID=1)
> Number of PRIMARY defects on drive: 193
> Number of GROWN defects on drive: 0
> 
> This output doesn't seem to indicate existing physical issues on the disks. 

I hope these are SCSI disks you're showing here, otherwise I'm not sure
how the controller is able to get the primary defect count of a SATA or
SAS disk.  So, assuming the numbers shown are accurate, then yes, I
don't think there's any disk-level problem.

> I have done some additional digging and noticed that there is a /usr/.snap
> folder present. "ls -al" shows no content however. Some quick searching
> shows this could possibly be part of a UFS snapshot...

Correct; the .snap directory is used for UFS2 snapshots and
mksnap_ffs(8) (which is also the program dump -L uses).

> I wonder if partition snapshots might be the cause of my major disk
> space "loss".

Your /usr/.snap directory is empty; there are no snapshots.  That said,
are you actually making filesystem snapshots using dump or mksnap_ffs?
If not, then you're barking up the wrong tree.  :-)

> I also took a look to see if the issue could be something like running out
> of inodes, But this does't seem to be the case:
> 
> #: df -ih /usr
> Filesystem   SizeUsed   Avail Capacity iused   ifree %iused  Mounted
> on
> /dev/aacd0s1f 28G 25G1.1G96%  708181 3107241   19%   /usr

inodes != disk space, but I'm pretty sure you know that.

I understand at this point you're running around with your arms in the
air, but you've already confirmed one thing: none of your other systems
exhibit this problem.  If this is a production environment, step back a
moment and ask yourself: "just how much time is this worth?"  It might
be better to just newfs the filesystem and be done with it, especially
if this is a one-time-never-seen-before thing.

> I will wait and see if any other list member has any suggestions for me to
> try, but I am now leaning toward scrubbing the system. Oh well.

When you say scrubbing, are you referring to actually formatting/wiping
the system, or are you referring to disk scrubbing?

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Firewalls in FreeBSD?

[Jeremy Chadwick]

On Thu, Oct 30, 2008 at 01:36:58PM +1100, Terry Sposato wrote:
> Quoting Jack Barnett <[EMAIL PROTECTED]>:
>
>>
>>yes, that is my setup.
>>hrm... well, I disabled the firewall completely, restarted, but still
>>doesn't work.
>>I have gateway and natd both enabled.  x10 is the "external" interface
>>(the one that is dhcp and connects to the cable modem).
>>I don't want to redirect anything to my windows box.  I just want
>>anything that connects out from my windows box to be able to connect
>>or send data back in.
>>For example, I load up a client (game) and it connects out on XYZ
>>port.  The server will send data back on ABC.
>>The problem, from what I can tell; is that I can get a connection out
>>- but when the server tries to send data back on ABC it is discarded.
>>Polytropon wrote:
>>
>> If I understood you correctly, your setting is:
>>
>> (Modem/Router)---DHCP---(FreeBSD)---("Windows")
>>
>> I may respond directly on your configuration settings:
>>
>> On Wed, 29 Oct 2008 20:19:31 -0500, Jack Barnett  
>> [1]<[EMAIL PROTECTED]> wro
>> te:
>>
>>
>>  gateway_enable="YES"
>>  #firewall_enable="YES"
>>  #firewall_type="open"
>>  firewall_type="simple"
>>  #firewall_type="open"
>>  firewall_logging="YES"
>>
>>
>> Use instead:
>>
>> gateway_enable="YES"
>> natd_enable="YES"
>> natd_interface="xl0"
>>
>> You may add special redirect directives to NATD's settings, such
>> as
>> natd_flags="-redirect_port tcp 192.168.1.2:5900 5900"
>> natd_flags="-redirect_port tcp 192.168.1.5:23 "
>>
>> or
>> natd_flags="-redirect_address 192.168.1.2 141.44.165.58 \
>> -redirect_address 192.168.1.5 141.44.165.58"
>>
>> Examples taken from a very old configuration. :-)
>>
>> Then,
>>
>> firewall_enable="YES"
>> firewall_type="/etc/ipfw.conf"
>>
>> Then, be sure to have nice firewall settings, you can use things
>> similar to this, enabling just the services you really need and want,
>> it's easy to write your own one or to rewrite this:
>>
>> -f flush
>> add divert natd ip  from any to any via xl0
>> add allow   tcp from any to any ftp in recv xl0
>> add allow   tcp from any to any ssh in recv xl0
>> add allow   tcp from any to any authin recv xl0
>> add allow   udp from any to any ntp in recv xl0
>> add allow   udp from any to any ntalk   in recv xl0
>> add denyudp from any to any x11 in recv xl0
>> add reset   tcp from any to any x11 in recv xl0
>> add allow   ipencap from any to any
>> add allow   ip  from any to any
>>
>> This should work fine. NB to use the correct interface names.
>>
>> References
>>
>>1. mailto:[EMAIL PROTECTED]
>> ___
>> freebsd-questions@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
>>
>
> Jack,
>
> It is most likely caused by your ruleset not being stateful. If packets 
> are going out certain sessions and your firewall isn't then allowing back 
> in you would see the issue you are seeing. I am not sure how this is 
> accomplished via ipfw as I use pf but there would be a tonne of 
> documentation out there on how to make your rules stateful.

Are you sure about that?  Read his statement once more:

>>For example, I load up a client (game) and it connects out on XYZ
>>port.  The server will send data back on ABC.

I assume based on this, the following is happening:

- 192.168.x.x:a sends packet to gameserver:xyz

- NAT gateway translates packet (where "natgw" is a public WAN IP)

  192.168.x.x:a <--> natgw:b <--> gameserver:xyz

- gameserver sees packet to port xyz, and initiates new connection
  to natgw:abc
  
- NAT gateway drops packet destined to WAN IP port abc, because the
  gameserver:abc connection is *new*, and does not relate to the
  previous NAT'd gameserver:xyz connect

Re: Building an inode

[Jeremy Chadwick]

On Thu, Oct 30, 2008 at 03:35:04AM +0100, Polytropon wrote:
> Hi again,
> 

This is really a question for -fs or -hackers.  -questions is
for generic stuff -- what you're doing is fairly low-level.

Try re-posting your question to -fs, wait a week, then try -hackers.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Large discrepancy in reported disk usage on USR partition

[Jeremy Chadwick]

On Thu, Oct 30, 2008 at 12:11:58PM +1030, Brendan Hart wrote:
> The space reserved as minfree does not appear to have been changed from the
> default setting of 8%.

Okay, then that's likely not the problem.

> Is your suggestion that I should change it to a larger value?

That would just make your problem worse.  :-)

> I don't understand how modifying it now could fix the situation, but I
> could be missing something.

Well, the feature I described isn't what's causing your problem, but to
clarify: if you change the percentage, it applies immediately.  I read
"I don't understand how modifying it now could fix ..." to mean "isn't
this option applied during newfs?"

> I have not observed the problem on any of the other ~dozen FreeBSD servers
> in our data centre. 

Unless someone more clueful chimes in with better hints, the obvious
choice here is going to be "recreate the filesystem".  I'd tell you
something like "try using ffsinfo(8)?", but I've never used the tool,
so very little of the output will make sense to me.

> Could the "missing" space be an indication of hardware disk issues i.e.
> physical blocks marked as bad? 

The simple answer is no, bad blocks would not cause what you're seeing.
smartctl -a /dev/disk will help you determine if there's evidence the
disk is in bad shape.  I can help you with reading SMART stats if need
be.

Since you booted single-user and presumably ran fsck -f /usr, and
nothing came back, I'm left to believe this isn't filesystem corruption.

> Is it possible on UFS2 for disk space to be allocated but hidden somehow?
> (although I have been running the commands such as "du -x" as superuser)

That's exactly what the above tunefs parameter describes.

> Similarly, is it possible on UFS2 for disk space to be allocated in "lost
> cluster chains" ?

I don't know what this means.  Someone more clueful will have to answer.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Large discrepancy in reported disk usage on USR partition

[Jeremy Chadwick]

On Thu, Oct 30, 2008 at 11:12:32AM +1030, Brendan Hart wrote:
> I have inherited some servers running various releases of FreeBSD and I am
> having some trouble with the /usr partition on one of these boxen.
> 
> The problem is that there appears to be far more space used on the USR
> partition than there are actual files on the partition. The utility "df -h"
> reports 25GB used (i.e. nearly the whole partition), but "du -x /usr"
> reports only 7.6GB of files.

Have you tried playing with tunefs(8), -m flag?

I can't reproduce this behaviour on any of our systems.

icarus# df -k /usr
Filesystem   1024-blocksUsed Avail Capacity  Mounted on
/dev/ad12s1f   167879968 1973344 152476228 1%/usr
icarus# du -sx /usr
1973344 /usr

eos# df -k /usr
Filesystem  1024-blocksUsedAvail Capacity  Mounted on
/dev/ad0s1f32494668 2261670 27633426 8%/usr
eos# du -sx /usr
2261670 /usr

anubis# df -k /usr
Filesystem  1024-blocksUsedAvail Capacity  Mounted on
/dev/ad4s1f80010344 1809620 71799898 2%/usr
anubis# du -sx /usr
1809620 /usr

horus# df -k /usr
Filesystem  1024-blocksUsedAvail Capacity  Mounted on
/dev/ad4s1f32494668 1608458 28286638 5%    /usr
horus# du -sx /usr
1608458 /usr

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: gmirror slice insertion, "FAILURE - READ_DMA status=51"

[Jeremy Chadwick]

On Tue, Oct 28, 2008 at 08:41:31PM -0700, Carl wrote:
> Jeremy Chadwick said:
>>> ad6: FAILURE - READ_DMA status=51   
>>> error=40 LBA=134802751
>>
>> Are you sure you don't have a bad hard disk?  This looks to be like a
>> classic block/sector failure.
>
> I hadn't realized that a bad block would manifest itself with a message  
> about DMA. Seems like such semantics would be a little obscure to most  
> users, apparently including me.

Do not let the term "DMA" confuse you -- the operation was a read
operation, and DMA is used to do the transfer of data between
disk/controller/local memory.  You might see things like "READ_DMA48"
and "WRITE_DMA48", which just indicate that 48-bit LBA addressing mode
is in use when attempting the operation.

For sake of comparison, you should see what Linux and Solaris do.  For
example, when a disk falls off the bus (silently) on a Linux machine
using ext3fs, all I've ever seen is continual spewing of "ext3fs journal
errors" on the console -- absolutely no indication that the disk itself
has actually fallen off the bus.  With SCSI disks under Solaris, the
level of detail you get is perfect -- it's very easy to determine what
happened.  But in the case of ATA disks, you get more or less something
that looks similar to FreeBSD.

If you have complaints about the formatting of the output, I would
recommend filing a PR for it, or bringing it up with Soren Schmidt
([EMAIL PROTECTED]), author of the ata(4) layer.  I will agree with you
that some more coherent error messages would be useful.

>> So you're saying that the *exact* same READ_DMA error, at the *exact*
>> same LBA, is reported on ad4?  If so, that's very bizarre.
>
> No, perhaps I wasn't clear enough. Both instances were on ad6, so far.

Then that makes ad6, or something specific to ad6, the culprit.

>> Can you please provide the output from the following commands?
>
> See end of message. Let me know if you then want more (in- or out-of-band).
>
> Having now installed smartmontools, you can see below that I ran it for  
> both ad4 and ad6. Sure enough, ad6 has logged 2 READ DMA errors - does  
> that make this a definitive bad disk then?

I'll have to look at the output.  See below.

> Should I not be worried about ad4 too? Those Raw_Read_Error_Rate and  
> Seek_Error_Rate numbers should be zero or very close to it, shouldn't  
> they? I don't know how to interpret what I'm seeing in that output, so  
> I'd appreciate any insight. Should I be returning both disks for  
> warranty claims (they're both very recently purchased)?

As you've admitted, the problem is that most people don't know how to
interpret SMART data, and start "freaking out" over things which are
normal.  People focus on the RAW values, which for many attributes is
the wrong thing to look at.  For example, on Seagate disks, a insanely
high Raw_Read_Error_Rate and Seek_Error_Rate means absolutely nothing;
it's normal.  But with another vendor, it might actually be accurate.
Welcome to one of the problems with SMART: the specification does not
state what format the raw data must be in.

Seagate chooses to encode some raw data for some SMART attributes in a
custom format.  The format is not publicly documented.  This is why you
have to go off of the adjusted values shown in VALUE/WORST/THRESH.
"How am I supposed to know all of this?!"  You aren't -- it comes with
experience.

> Is there anything I should know about this model of hard disk with  
> regards to being known for problems? Also, is there a good test I can  
> perform to hopefully flush out any problems before I put this thing into  
> service?

I'm confused: what gives you the impression there's a problem with
*this model* of hard disk?  I've seen no evidence presented that
indicates such.  What makes you ask that question?

None of us here work at Seagate, so even if there was a known problem
with this specific model of disk, we wouldn't know.  For all we know,
there could be little 3mm tall terrorists dancing on the platters, ready
to leap out at any moment and stab us!  :-)

Please keep something in mind: just because you have brand new hard
disks *does not* guarantee they're free of errors.  I have seen hundreds
of "brand new" hard disks fail right out of the box, including SCSI
disks (which people, for some reason, think are "less likely to have
this problem" simply because they cost more money).  I deal with this
situation on a daily basis at work, believe it or not.

> # vmstat -i

Interrupts look fine; I was looking for anything that might indicate an
absurdly high rate.

atacontrol cap output looks fine too, nothing weird or out of the
ordinary (I wasn't expecting an

Re: build ImageMagick 6.4.4.1_1 from ports failed...

[Jeremy Chadwick]

On Wed, Oct 29, 2008 at 02:49:36PM +0200, Aggelidis Nikos wrote:
> On Wed, Oct 29, 2008 at 2:02 PM, Anton Shterenlikht <[EMAIL PROTECTED]> wrote:
> > In any case you can build and install without tests,
> > and then do 'make check' separately.
> >
> > I'm building IM on i386 7.0-stable and 8.0-current.
> > Will let you know how the tests go soon.
> >
> > Post also your /etc/make.conf
> >
> 
> here it is:
> NO_OPENSSH = YES
> # added by use.perl 2008-10-28 20:44:42
> PERL_VER=5.8.8
> PERL_VERSION=5.8.8

Your "NO_OPENSSH = YES" line is broken, by the way.  You have a space
between the "H" and the "=".

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: gmirror slice insertion, "FAILURE - READ_DMA status=51"

[Jeremy Chadwick]

On Wed, Oct 29, 2008 at 02:00:21AM -0700, Carl wrote:
> Jeremy Chadwick wrote:
>> Seagate chooses to encode some raw data for some SMART attributes in a
>> custom format.  The format is not publicly documented.  This is why you
>> have to go off of the adjusted values shown in VALUE/WORST/THRESH.
>> "How am I supposed to know all of this?!"  You aren't -- it comes with
>> experience.
>
> And yet my failing drive's VALUE numbers are still all above their  
> THRESH values, despite it being bad enough to cripple the system. One  
> might argue those threshold values leave something to be desired.

I'd urge you to file complaint(s) with drive manufacturers, as they're
the ones who decide the values.  Thresholds are not defined per the
ATA-ATAPI specification, so technically they can pick whatever value
they want.  This is exactly why you'll encounter people screaming "SMART
is worthless, the drive is already dead by the time the overall SMART
health check fails!"

If you go this route, please CC me, as I'd be quite to see what
manufacturers have to say.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Newbie question about pkg_add

[Jeremy Chadwick]

On Wed, Oct 29, 2008 at 11:14:34AM +0800, Canhua wrote:
> Hi, good day all. I am new to FreeBSD.
> I tried to pkg_add -r a package (py-networkx), which tell me that:
> Error: FTP Unable to get ftp://ftp.freebsd.org/pub/
> FreeBSD/ports/i386/packages-7.0-release/Latest/py-networkx.tbz:
> File unavailable (e.g., file not found, no access)
> 
> although I know that py-network does exist in /usr/ports.
> Actually I could go to /usr/ports/math/py-networkx and make install
> using ports means.
> 
> Then I could learn from this that there are softwares that could be
> install from ports while not able to be added from package system?
> Am I right?

Correct -- not every port has a package.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Security | Kernel message

[Jeremy Chadwick]

On Tue, Oct 28, 2008 at 05:26:03PM +0100, Jos Chrispijn wrote:
> A prt of my daily security run:
>
> triton.xxx.xxx.xxx kernel log messages:
> +++ /tmp/security.VnqB8ZT62008-10-27 23:53:32.0 +0100
> +em0: link state changed to DOWN
> +em0: link state changed to UP
> +em0: link state changed to DOWN
> +em0: link state changed to UP
> +em0: link state changed to DOWN
> +em0: link state changed to UP
>
> Is there a way of adding the time on every DOWN and UP line?

No, because the messages are in the kernel log.  The kernel itself does
not print timestamps, because that's silly.

Try doing this:

1) Edit /etc/syslog.conf and enable /var/log/all.log,
2) touch /var/log/all.log
3) chown root:wheel /var/log/all.log
4) chmod 600 /var/log/all.log
5) killall -HUP syslogd

Then wait until the next event, and examine /var/log/all.log, which will
contain timestamps.

Also, are you seeing any "watchdog timeout" events on em0 as well?  If
so, please read the "Network devices" section of my Wiki regarding what
this problem could be (specific to certain models of Intel 82573 NIC):

http://wiki.freebsd.org/JeremyChadwick/Commonly_reported_issues

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Looking for the right "FreeBSD.iso"

[Jeremy Chadwick]

On Tue, Oct 28, 2008 at 12:01:28PM -0400, Jerry McAllister wrote:
> On Mon, Oct 27, 2008 at 09:16:04PM -0700, Jeremy Chadwick wrote:
> 
> > On Mon, Oct 27, 2008 at 09:56:56PM -0600, Steven Susbauer wrote:
> > > Jerry McAllister wrote:
> > >>>  Maybe I am wrong, but I feel it shouldn't be necessary to waste 
> > >>> 3 CDs
> > >>>from installation if I have a high-speed permanent Internet  
> > >>> connection.
> > >>> So
> > >>> wouldn't just 1 DVD-RW do?
> > >>
> > >> Basically, you are wrong, because you haven't looked far enough in to
> > >> things to know that FreeBSD has done it that way from the beginning
> > >> (or almost that far back).I have never done a complete install from
> > >> a CD or DVD, but just acquired the first disk, booted the install 
> > >> program and then done the install over the net.   I've been doing that 
> > >> for more than 10 years and am far from being an early adopter.   Others 
> > >> have
> > >> done so much longer.
> > >>
> > >> But, some people are [still] not in the positition to be able to do  
> > >> installs over the net.   Their service is inadequate or, in some
> > >> cases they are not even connected, so the whole system is made available
> > >> to them on disk as well.
> > >>
> > >> Actually, I believe, if you are doing just the FreeBSD install, and
> > >> not at the same time installing some of the ports, it is still layed
> > >> out to need only the first CD even if you are not installing over the 
> > >> net.   But, I haven't checked recent versions.  The other CDs contain 
> > >> the sources for various ports and some special case things.
> > >>
> > >> jerry
> > >>
> > > This is still the behavior. You can install any of the base
> > > distributions for that release with only disc 1, as well as some of the
> > > ports. I have had issues booting the netinstall cds for some reason, and
> > > installing the distribution from the cd goes faster anyway.
> > 
> > Just make sure that if you choose "src" or "ports", that you properly
> > "adopt" your src and ports trees.  (This is why I often advocate not
> > installing src/ports from CD/DVD/FTP/whatever, and instead using
> > csup once the box is up and working).
> 
> Do you really mean  'update'  instead of "adopt"
> 
> Otherwise, I don't know what you mean by "adopt" in this context.

Nope, I said "adopt" and I do in fact mean "adopt".  The below site is
for cvsup, but what I'm describing affects csup as well -- it's just
the nature of the beast.

http://www.cvsup.org/faq.html#caniadopt

The simple version of why this is necessary: when you install src or
ports from the installation media, there is no associated CVS database
to cross-reference what version of the file correlates with what on the
cvsup server.  The databases are stored in /var/db/sup (or /usr/sup
if you're using a very old version of FreeBSD with very old supfiles).
Thus, "adopting" means you need to create those databases to make sure
the cvsup/csup tools are truly "in sync" with what exists on your
filesystem (in /usr/src and /usr/ports).

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: collecting pv entries -- suggest increasing PMAP_SHPGPERPROC

[Jeremy Chadwick]

On Tue, Oct 28, 2008 at 10:44:49AM -0400, Francis Dubé wrote:
> Jeremy Chadwick a écrit :
>> On Mon, Oct 27, 2008 at 12:56:30PM -0700, Chuck Swiger wrote:
>>   
>>> On Oct 27, 2008, at 12:38 PM, FreeBSD wrote:
>>> 
>>>>> You need to keep your MaxClients setting limited to what your 
>>>>> system can run under high load; generally the amount of system 
>>>>> memory is the governing factor. [1]  If you set your MaxClients 
>>>>> higher than that, your system will start swapping under the load 
>>>>> and once you start hitting VM, it's game over: your throughput 
>>>>> will plummet and clients will start getting lots of broken 
>>>>> connections, just as you describe.
>>>>> 
>>>> According to top, we have about 2G of Inactive RAM with 1,5G Active 
>>>>  (4G total RAM with amd64). Swapping is not a problem in this case.
>>>>   
>>> With 4GB of RAM, you're less likely to run into issues, but the most  
>>> relevant numbers would be the Swap: line in top under high load, or 
>>> the output of "vmstat 1" / "vmstat -s".
>>> 
> We're monitoring our swap with cacti, and we've never been swapping even  
> during high load because we dont let apache spawn enough process to do 
> so.

I'm not sure you fully understand the concept of swapping (the term can
be used for a multitude of things).  :-)  Some processes which sit
idle/unused will have portions of their memory "swapped out" (to
swap/disk) to allow for actively running processes to utilise physical
memory.  This is something to keep in mind.

>>> It would also be helpful to know what your httpd's are looking like 
>>> in  terms of size, and what your content is like.  For Apache serving 
>>> mostly static content and not including mod_perl, mod_php, etc, you 
>>> tend to have 5-10MB processes and much of that is shared, so you 
>>> might well be able to run 400+ httpd children.  On the other hand, as 
>>> soon as you pull in the dynamic language modules like perl or PHP, 
>>> you end up with much larger process sizes (20 - 40 MB) and much more 
>>> of their memory usage is per-process rather than shared, so even with 
>>> 4GB you probably won't be able to run more than 100-150 children 
>>> before swapping.
>>> 
> Here's an example of top's output regarding our httpd process :
> 54326 apache1  960   156M 13108K select 1   0:00  0.15% httpd
> 54952 apache1  960   156M 12684K select 1   0:00  0.10% httpd
> 52343 apache1   40   155M 12280K select 0   0:01  0.10% httpd
>
> Most of our page are in HTML with a LOT of images. Few PHP pages, very  
> light PHP processing.
>
> 156M x 450 process = way more RAM than what we have (same for RES).  
> Concretely, how must I interpret these results ?

It's as I expected -- you don't understand the difference between
SIZE (SZ) and RES (RSS).  The simple version:

SIZE == amount of memory that's shared across all processes on the
machine, e.g. shared libraries.  It doesn't mean "156MB is being taken
up per process".

RES == amount of memory that's specifically allocated to that individual
process.  The three httpd processes above are taking up a total of
~38MBytes of memory (13108K + 12684K + 12280K).

> Right ! I would really appreciate few explanation on this. Do the shared  
> pages counts as active or inactive RAM ? How can i calculate how much  
> physical RAM an apache process is taking ? How the VM works in this  
> regard ? ;)

Others will have to explain the shared memory/pages aspect, as it's
beyond my understanding.  But recent versions of 7.0 and 7.1-PRERELEASE
contain a tool called procstat(1) which can help you break down the
memory usage within a process.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Zero-Fill format before installation

[Jeremy Chadwick]

On Tue, Oct 28, 2008 at 10:21:00AM +, Bullet 446 wrote:
> I have a remote machine with KVM access that I'd like to format and
> reinstall FreeBSD 7.0. I've succeded in formatting /dev/ad6 but not the main
> drive, /dev/ad4.
> Is it possbile to zero-fill format during the installation instead of simply
> deleting and recreating partitions?
> 
> I've tried booting into single user mode without any success:
> # umount -a
> umount: /cdrom: not a file system root directory
> umount: /var: not a file system root directory
> umount: /usr: not a file system root directory
> umount: /tmp: not a file system root directory
> # dd if=/dev/zero of=/dev/ad4
> dd: /dev/ad4: Operation not permitted

You need to tell GEOM to allow you to overwrite the MBR at the start
of the disk.

sysctl kern.geom.debugflags=16 then do the dd again.

I STRONGLY recommend you add "bs=64k" to that dd statement, or else it's
going to take a million years.  :-)

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: gmirror slice insertion, "FAILURE - READ_DMA status=51"

[Jeremy Chadwick]

On Tue, Oct 28, 2008 at 12:04:49PM +0100, Wojciech Puchar wrote:
>>> error=40 LBA=134802751
>>
>> Are you sure you don't have a bad hard disk?  This looks to be like a
>> classic block/sector failure.  This does not appear to be the infamous
>> famous "DMA timeout" problem, especially if this is the only error
>> you're getting.
>
> he can temporarity boot with hw.ata.ata_dma=0

They're SATA disks, so this won't do anything sadly.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Looking for the right "FreeBSD.iso"

[Jeremy Chadwick]

On Mon, Oct 27, 2008 at 09:56:56PM -0600, Steven Susbauer wrote:
> Jerry McAllister wrote:
>>>  Maybe I am wrong, but I feel it shouldn't be necessary to waste 
>>> 3 CDs
>>>from installation if I have a high-speed permanent Internet  
>>> connection.
>>> So
>>> wouldn't just 1 DVD-RW do?
>>
>> Basically, you are wrong, because you haven't looked far enough in to
>> things to know that FreeBSD has done it that way from the beginning
>> (or almost that far back).I have never done a complete install from
>> a CD or DVD, but just acquired the first disk, booted the install 
>> program and then done the install over the net.   I've been doing that 
>> for more than 10 years and am far from being an early adopter.   Others 
>> have
>> done so much longer.
>>
>> But, some people are [still] not in the positition to be able to do  
>> installs over the net.   Their service is inadequate or, in some
>> cases they are not even connected, so the whole system is made available
>> to them on disk as well.
>>
>> Actually, I believe, if you are doing just the FreeBSD install, and
>> not at the same time installing some of the ports, it is still layed
>> out to need only the first CD even if you are not installing over the 
>> net.   But, I haven't checked recent versions.  The other CDs contain 
>> the sources for various ports and some special case things.
>>
>> jerry
>>
> This is still the behavior. You can install any of the base
> distributions for that release with only disc 1, as well as some of the
> ports. I have had issues booting the netinstall cds for some reason, and
> installing the distribution from the cd goes faster anyway.

Just make sure that if you choose "src" or "ports", that you properly
"adopt" your src and ports trees.  (This is why I often advocate not
installing src/ports from CD/DVD/FTP/whatever, and instead using
csup once the box is up and working).

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: almost OT os x

[Jeremy Chadwick]

On Mon, Oct 27, 2008 at 10:19:56PM -0400, kalin m wrote:
> this is a bit OT but since bsd and os x have enough in common in the  
> core some people here might have dealt with an os x server before..
>
> ok. here is the problem. i have this os x server put on my lap to  
> administer and there are some really weired things happening.
>
> the machine has 2 inet interfaces - 2 cards. one of them - en0 (network  
> A) - is wired to 192.168.x.x and the other - en1 (network B) - has an  
> external ip which is not on the same subnet (network)  the 192.168.x.x  
> belongs to. so far so good.
>
> theoretically the en1 (network B) card should be accessible through the  
> external ip no matter where you a coming from
>
> what happens is that if somebody on network A (of en0)  tries to access  
> the machine via 192.168.x.x - it works. but if that somebody wants  
> access that machine via the external ip on network B (en1), like they  
> would access any other external IP -  they can not. this is weired  
> because they can access any other machine on B . now me being on the  
> network B i can access the machine via the external IP which is also on  
> B, but, and this is the weirdest, i can not access it from outside  
> either A or B with that same IP (?!?).  but i can access any other  
> machine on B from outside either subnet   

What you're describing sounds like a network loopback problem (at least
this is what the Linux folks refer to it as).

I would recommend you re-post this question to freebsd-net, as someone
there can explain to you what's happening in detail, why it happens, and
how to solve it effectively.

Also, keep in mind that the "FreeBSD and OS X have enough in common"
concept is a horrible one -- they do have some pieces in common, but
OS X really *is* quite a different beast in numerous respects.  Apple,
sincerely and honestly, has tinkered with all sorts of pieces.  Please
keep that in mind.  :-)

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: gmirror slice insertion, "FAILURE - READ_DMA status=51"

[Jeremy Chadwick]

On Mon, Oct 27, 2008 at 06:56:24PM -0700, Carl Voth wrote:
> I'm setting up a dual-disk server and am trying to bring it up with  
> gmirror and gjournal. One slice per disk, the goal being to create a  
> single mirror from said slices with some of the partitions journaled.  
> Installed FreeBSD-7.0RELEASE to ad4, then used technique from here to  
> create single-disk mirror/gm0 on ad6:
>
>   http://people.freebsd.org/~rse/mirror/
>
> Modified ad4s1a /boot.config to pass control to boot stage 3 on ad6. So  
> far, so good. Began Ralf's procedure for inserting ad4s1 into  
> mirror/gm0. The synchronization began and reached 6% when this little  
> horror appeared:
>
> ad6: FAILURE - READ_DMA status=51  
> error=40 LBA=134802751

Are you sure you don't have a bad hard disk?  This looks to be like a
classic block/sector failure.  This does not appear to be the infamous
famous "DMA timeout" problem, especially if this is the only error
you're getting.

> I reinstalled FB7 to ad4, redid the /boot.config modification to make  
> ad6/gm0 bootable again and retried the insertion of ad4 into gm0. Exact  
> same error messages at exactly the same point with same consequences.  

So you're saying that the *exact* same READ_DMA error, at the *exact*
same LBA, is reported on ad4?  If so, that's very bizarre.

> Now, I see that other folks are having unexplained DMA problems too,  
> albeit in different contexts. What should I be concluding here? Those  
> other folks don't seem to be concluding it's bad drives. If there were  
> bad sectors, I'd get different error messages, yes?

The "error=40" part of what you're seeing seems to imply
there's an uncorrectable read transaction that's happened.  What other
people see are DMA timeouts, but no actual sign of uncorrectable errors.

The problem with the "DMA timeout" issue is that it manifests itself in
hundreds of different ways.  Each case so far has to be handled on an
individual basis.

> FWIW, I'm using gjournal on 3 partitions in mirror/gm0.
>
> Here's my server's parts list:
> - Seagate ST31000340AS Barracuda 7200.11, 1TB, SATA (x2).

Can you please provide the output from the following commands?

dmesg
vmstat -i
atacontrol list
atacontrol cap ad4
atacontrol cap ad6
smartctl -a /dev/ad4
smartctl -a /dev/ad6

Thanks.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: reviving games/freebsd-games

[Jeremy Chadwick]

On Mon, Oct 27, 2008 at 08:53:46PM +0100, clemens fischer wrote:
> Some of the programs in games/freebsd-games, notably hack and larn, have
> the following problem:  Given the declarations:
> 
>   char *scrollname[] = { char *potionname[] = {
>   "\0enchant armor", "\0sleep",
>   "\0enchant weapon","\0healing",
>   ......
>   "\0 "  "\0 "
>}; };
> 
> (in larn/data.c) the code continues to flag the availability of some
> scroll or potion by writing into the first byte of the strings in these
> arrays:
> 
>   for (i=0; i   for (i=0; i 
> This leads to SIGSEGV crashes.  I think this came about with the gcc-4xx
> series of our compiler, but I'm not really sure.  I verified that
> scrollname and potionname reside in the writable .data segment.  The
> segv is reproducable.  Does anybody know what is wrong with this code?
> I assume i could arrange for the flagging to be done in a separate data
> structure, but since the programs worked for years this way, I think
> there should be an easier way.

You've already filed a PR on this?  ports/127728.  Though that PR
encapsulates two or 3 different things, which isn't good.

Secondly, there have been complaints about similar issues in the past.

http://lists.freebsd.org/pipermail/freebsd-ports/2008-January/046245.html
http://lists.freebsd.org/pipermail/freebsd-ports/2008-March/047244.html

I think the bottom line here is that until someone steps up and actually
volunteers to fix the code, it will remain broken.  (I don't normally
tote this attitude, but in this case it's applicable: this is a
volunteer project!  :-) )

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: collecting pv entries -- suggest increasing PMAP_SHPGPERPROC

[Jeremy Chadwick]

On Mon, Oct 27, 2008 at 12:56:30PM -0700, Chuck Swiger wrote:
> On Oct 27, 2008, at 12:38 PM, FreeBSD wrote:
>>> You need to keep your MaxClients setting limited to what your system 
>>> can run under high load; generally the amount of system memory is the 
>>> governing factor. [1]  If you set your MaxClients higher than that, 
>>> your system will start swapping under the load and once you start 
>>> hitting VM, it's game over: your throughput will plummet and clients 
>>> will start getting lots of broken connections, just as you describe.
>>
>> According to top, we have about 2G of Inactive RAM with 1,5G Active  
>> (4G total RAM with amd64). Swapping is not a problem in this case.
>
> With 4GB of RAM, you're less likely to run into issues, but the most  
> relevant numbers would be the Swap: line in top under high load, or the 
> output of "vmstat 1" / "vmstat -s".
>
> It would also be helpful to know what your httpd's are looking like in  
> terms of size, and what your content is like.  For Apache serving mostly 
> static content and not including mod_perl, mod_php, etc, you tend to have 
> 5-10MB processes and much of that is shared, so you might well be able to 
> run 400+ httpd children.  On the other hand, as soon as you pull in the 
> dynamic language modules like perl or PHP, you end up with much larger 
> process sizes (20 - 40 MB) and much more of their memory usage is 
> per-process rather than shared, so even with 4GB you probably won't be 
> able to run more than 100-150 children before swapping.
>
>> After checking multiple things (MySQL, networks, CPU, RAM) when a drop 
>> occurs, we determined that everytimes there is drop, the number is 
>> Apache's process is MaxClients (ps aux | grep httpd | wc -l) and the 
>> new http request doesn't get answer from Apache (the TCP hanshakes 
>> completes but Apache never push the data).
>
> Yes, that aspect is going to be the same pretty much no matter what the 
> bottleneck is or how large you set MaxClients to.  You will end up with 
> significantly better results (fewer drops, higher aggregate throughput) 
> if you tune appropriately than if you try to ramp MaxClients up further 
> than the available hardware can support.
>
> You might find that checking out the URLs being most commonly listed in 
> http://yourdomain.com/server-status when you run into high load problems 
> will point towards a particular script or dynamic content which is 
> causing a bottleneck.

One of the problems here is that the individual reporting the problem is
basing all of his conclusions on the first couple lines of top(1)
output, and is not bothering to look at per-process RSS or SZ.  "I have
lots of Inactive RAM, so what's the problem!??!"

We should probably take the time to explain to the user the fact that
shared pages per process != amount of RAM that's been touched/used at
one point but is currently unused.  Without someone explaining how the
VM works in this regard, he's going to continue to be confused and
correlate things which aren't necessarily related.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: SSH Port forwarding when "PermitRootLogin"==no ?

[Jeremy Chadwick]

On Mon, Oct 27, 2008 at 12:04:46PM -0500, Kevin Kinsey wrote:
> Hello,
> 
> I'm (still) trying to work around a limitation I've encountered
> with a new service provider (cf. "MTA on non-standard port").
> 
> As root:
>  # ssh -L 24:server:52525 server
> 
>fails because root logins aren't permitted in
> /etc/sshd_config on the server.

I recently discussed how to deal with this in a manner that does not
involve compromising root's security:

1) Make a public key on the machine you're doing "ssh -L 24:server:52525 server"
   from.  Run ssh-keygen as root
2) Place contents of /root/.ssh/id_rsa.pub in /root/.ssh/authorized_keys
   on "server".  Make sure the /root/.ssh directory is perm 0700,
   and authorized_keys is perm 0600.
3) On "server", edit /etc/ssh/sshd_config and change this line:

#PermitRootLogin no

...to:

PermitRootLogin without-password

4) Send a SIGHUP signal to the master sshd process.  This might
disconnect any existing SSH sessions to the machine:

kill -HUP `cat /var/run/sshd.pid`

If you're concerned about what "without-password" does, read the man
page.  It WILL NOT let people SSH into the root account, UNLESS they
have the private key (on "server").

> Also as root:
>  # ssh -L 24:server:52525 [EMAIL PROTECTED]
> 
> fails - an terminal session is established, but
> when I telnet localhost:24 I receive this in the
> terminal:
>
> channel 3: open failed: administratively prohibited: open failed

No idea what the "channel 3: open failed" part means, but the latter
likely implies firewalling rules of some kind on the local machine.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: DHCP and MAC addresses

[Jeremy Chadwick]

On Mon, Oct 27, 2008 at 06:54:30PM +0300, Odhiambo Washington wrote:
> I wonder what makes people live in both worlds - *BSD & Linux - is it
> for similar reasons?

Living in "both worlds" is a good thing: keeping an open mind about
operating systems and software is one of the best choices one can make.
BSD falls short in some areas where Linux excels, and Linux falls short
in some areas where BSD excels.

It's about using whatever tool works to get things done.  If that's BSD,
great.  If that's Linux, great.  If that's Windows, great.  But the
worst thing one can do is remain close-minded about operating systems;
one-sided advocacy (pro-BSD or pro-Linux) does nothing but hurt the
open-source concept.  (I'll remind folks that ZFS came from Solaris)

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Looking for the right "FreeBSD.iso"

[Jeremy Chadwick]

On Mon, Oct 27, 2008 at 12:34:42AM +0100, LennyCZ wrote:
> Hello!
>
>  I would like to try FreeBSD on my machine, but I did not find any
> information regarding the ISO files on FreeBSD FTP sites.
>
>  For example, in ISO directory for 7.0 release, I found these files:
>
> 7.0-RELEASE-i386-bootonly.iso
> 7.0-RELEASE-i386-disc1.iso
> 7.0-RELEASE-i386-disc2.iso
> 7.0-RELEASE-i386-disc3.iso
> 7.0-RELEASE-i386-docs.iso
> 7.0-RELEASE-i386-livefs.iso
>
>  Please could you tell me which files I exactly need to download & burn
> to install a "normal" FreeBSD installation? Do I need all three *-disc[n]
> discs? If so, is there a DVD version available?

You only need one:

7.0-RELEASE-i386-disc1.iso

If you plan on installing many binary packages (from the installer,
not once FreeBSD is installed), then you might also want "disc2".

More importantly, I *strongly* recommend you download the 7.1-BETA2
ISO(s) instead.  You'll find them in the releases/ directory on the FTP
mirrors.

>  Maybe I am wrong, but I feel it shouldn't be necessary to waste 3 CDs
>from installation if I have a high-speed permanent Internet connection.

You should try sending this note to most of the Linux distributions,
many of which *require* a DVD drive (what makes you think everyone
has one?), or require you to download 2 or 3 CDs.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: MTA on non-standard port

[Jeremy Chadwick]

On Sun, Oct 26, 2008 at 06:55:53PM -0500, Kevin Kinsey wrote:
> Hello,
> 
> Quick thanks to Andrew Clark, Jeremy Chadwick, Tim Kellers,
> Jeff Goldberg, and anyone whose reply I've not seen re:
> this issue.
> 
> Isn't hard, as several pointed out.  Now I've sendmail listening
> on any port I want to.  Problem is, still can't touch it from
> here (and you might have guessed, the base issue is a new provider
> of a lower-class service who I'm guessing only allows certain
> ports by default).

Most consumer ISPs in the United States block two kinds of traffic to
their customers' IP blocks:

1) Incoming SMTP (e.g. someIP:* --> yourIP:25)
2) Outbound SMTP (e.g. yourIP:* --> someIP:25)

#2 has become prominent in the past few years, and is applied by ISPs
because they want to curb their customers sending spam out onto the
Internet (usually as a result of viruses, trojans, etc.), getting their
IPs blocked by DNSBLs and giving them a bad social rep.  Instead, they
force customers to relay outbound mail through their own SMTP servers
(called a "smart host" in sendmail terms).

There's absolutely no way around this; you can beg them all you want,
but the chances of them adding a pass-through for you is very slim.
Story time again...

My setup, just to give you some idea: my home LAN has a FreeBSD box used
for all kinds of purposes.  The box itself does not have direct Internet
access (it sits behind a Linksys WRTSL54GS NAT router, which DOES NOT
have incoming port 25/587 forwarded).  The BSD box listens on
localhost:25,587, and bsdIP:25,587.  This allows other machines on the
LAN to send mail through the BSD box, and of course local utilities on
the BSD box to do the same.

The Linksys router has two outbound firewall rules applied to it: it
only allows bsdIP on my LAN to connect to someIP:25,587 -- thus, only
one machine on my LAN is allowed to speak SMTP to the world.  I do this
purely as a precautionary measure (in case one of my friends comes over
with his/her laptop, which happens to be infected and sends spam, etc.
-- it won't work, period).

All this worked great until Comcast put in place outbound SMTP filters,
which stopped postfix from being able to connect to someIP:25 (where
someIP is some random MX/mail server on the Internet).  I was forced to
set up "smart relaying", causing postfix to siphon all outbound mail
through comcastmailserver:25, which worked fine for a few years.

A couple months ago, Comcast stirred up the ants.  They blocked my
ability to send mail to anyIP:25 (including to their own SMTP servers!),
citing "an incident of spam from my IP address".

I asked them provide timestamps, Reference IDs, or even queue IDs, and
also explained my LAN setup and how what they were claiming happened
simply could not happen without my knowledge of it.  They refused, as in
in literally "We will not provide you any of that".  Abuse and I got
into a very long discussion on the phone about this, and told me a lot
of conflicting things (more or less just inducing me to ask more
questions, because their story didn't make any sense).  They did
eventually tell me what *day* the spam was sent, which allowed me to go
look through my logs -- over and over, and I found absolutely no sign
of any illegitimate mail in my mail logs.

I was told they would lift the block (which was done at the cable modem
level, not at the router level) if I could "permanently guarantee no
more incidents of spam".  I told them that was impossible to guarantee,
because there *was no incident of spam* from my IP in the first place,
and they were refusing to work with me to figure out how/why they were
claiming that.  So we sat there on the phone, silent, basically saying
nothing -- a total standstill.

Eventually they stated that I could send mail through their mail servers
on port 587.  I quickly set this up, and found it failed -- their
servers require SMTP AUTH on port 587, no exceptions (note: this is
NOT mandatory by the RFC; it's OPTIONAL).  This meant I had to go
through the pains of dealing with Cyrus SASL2 (thankfully postfix
makes this easier to deal with than sendmail), and upon configuring it
all, mail once again began to flow.  That's how things remain now.

The reason I do not like siphoning mail through Comcast: their mail
servers are known to act wonky or /dev/null mail for mysterious reasons.
I've had two separate incidents of me sending mail to individuals,
witnessing Comcast's servers say "OK/accepted", but the mail never
reached the destination.  In one case, one recipient ran his own mail
server, and was able to confirm that he saw absolutely no Comcast IP
connect to his server during a 24 hour period.  To this day the mail
has never arrived.

All the anti-spam advocates praise ISPs stepping in and becoming the
"middle man" for spam siphoning/fi

Re: FreeBSD 7.0-RELEASE (GENERIC) firefox3 /usr/bin/ld: cannot find -lgio-2.0

[Jeremy Chadwick]

On Sun, Oct 26, 2008 at 11:10:48AM -0700, David Christensen wrote:
> freebsd-questions:

Try freebsd-ports for this question, as your issue is with a port.  :-)

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Drive Disconnection

[Jeremy Chadwick]

t that *does not* use a
Silicon Image, VIA, or SiS chip and instead something like an Intel ICH
or nVidia nForce controller, I would recommend buying something like
this and using it instead:

http://www.icydock.com/product/MB559power_bracket.html
http://www.cooldrives.com/essaii3gbexp.html
http://www.newegg.com/Product/Product.aspx?Item=N82E16812119021

Finally, and I don't know if you're doing this, but -- be aware you
can't "hot-swap" disks via eSATA without having a hot-swap-capable
controller that fully supports hot-swapping.  Meaning: you can't yank
that d2 Quadra enclosure off the eSATA port whenever you feel like it.
You'll need to use "atacontrol detach" to properly detach it first, and
that's assuming the SATA controller you're using supports hot-swapping
(things with AHCI behave fairly well in this regard).

> -Original Message-
> From: Jeremy Chadwick [mailto:[EMAIL PROTECTED]
> Sent: Fri 10/24/2008 7:09 PM
> To: Jacobs, Mark - Data Center Operations <[EMAIL PROTECTED]>
> Cc: freebsd-questions@freebsd.org
> Subject: Re: Drive Disconnection
>  
> On Fri, Oct 24, 2008 at 02:02:41PM -0400, Mark Jacobs wrote:
> > I have an external Lacie 1Tb drive attached to a FreeBSD 6.4-PRERELEASE
> > system via an ESATA connection.
> > 
> > atapci0: 
> > 
> > I cleaned off the drive by writing random data to it. The write took
> > overnight and didn't experience any problems. I then added a filesystem
> > to the drive and mounted it on the system.
> > 
> > However when I perform an rsync backup from a FreeBSD 7.1 PRERELEASE
> > system to the drive over an NFS connection the drive disconnects and the
> > server reboots.
> 
> You've not provided enough information to help track this down.  What
> model/brand of disk is attached to that controller?  What does smartctl
> -a have to say about the disk?  What gets printed on the console before
> it reboots?  Do you have the same problem if you run
> 7.1-PRERELEASE/BETA2?
> 
> > Does anyone have an idea where to go from here?
> 
> The only generic advice I can give you at this point) is to avoid
> Silicon Image controllers, particularly their SATA controllers.  They
> have a history of causing data corruption on Linux, FreeBSD, and
> Windows, and some have reported other miscellaneous problems with them
> as well.  There's not enough evidence in this thread so far to blame the
> SiI controller, but when I see them, I become immediately suspicious.
> 
> -- 
> | Jeremy Chadwickjdc at parodius.com |
> | Parodius Networking   http://www.parodius.com/ |
> | UNIX Systems Administrator  Mountain View, CA, USA |
> | Making life hard for others since 1977.  PGP: 4BD6C0CB |
> 
> 
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Drive Disconnection

[Jeremy Chadwick]

On Fri, Oct 24, 2008 at 02:02:41PM -0400, Mark Jacobs wrote:
> I have an external Lacie 1Tb drive attached to a FreeBSD 6.4-PRERELEASE
> system via an ESATA connection.
> 
> atapci0: 
> 
> I cleaned off the drive by writing random data to it. The write took
> overnight and didn't experience any problems. I then added a filesystem
> to the drive and mounted it on the system.
> 
> However when I perform an rsync backup from a FreeBSD 7.1 PRERELEASE
> system to the drive over an NFS connection the drive disconnects and the
> server reboots.

You've not provided enough information to help track this down.  What
model/brand of disk is attached to that controller?  What does smartctl
-a have to say about the disk?  What gets printed on the console before
it reboots?  Do you have the same problem if you run
7.1-PRERELEASE/BETA2?

> Does anyone have an idea where to go from here?

The only generic advice I can give you at this point) is to avoid
Silicon Image controllers, particularly their SATA controllers.  They
have a history of causing data corruption on Linux, FreeBSD, and
Windows, and some have reported other miscellaneous problems with them
as well.  There's not enough evidence in this thread so far to blame the
SiI controller, but when I see them, I become immediately suspicious.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: root | su

[Jeremy Chadwick]

On Fri, Oct 24, 2008 at 10:45:04PM +0200, Jos Chrispijn wrote:
>> Since the person asking didn't give any details of what he wants to do, 
>> it's hard to say, but your point is correct regardless.  
>
> The idea behind my question is this:
> I am responsible for a server on which an(other) idiot keeps loggin in  
> as user root, allthough he has his own user account and is part of the  
> wheel group. To prevent this nub to change any other user account in God  
> mode, I am searching for a solutions on this.

You're trying to solve a social (possibly personal?) problem with
technology.  Simply put, this is a bad idea.

I would highly recommend you either talk to "the idiot" and explain to
him why what he's doing is improper or foolish, or simply pull his root
access entirely.  If this is a work-related incident, talk to your boss
about it if at all possible (but see below).  If you call the shots,
simply yank their access.

Here's you a story, maybe to lighten up my above criticism.  I hope you
enjoy it.

Back in the early-to-mid-90s I worked at a small ISP in Palo Alto as a
combination junior SA (sans root) and phone support monkey.  There were
two people who had root access on the FreeBSD boxes: one fellow was a
clueful, friendly, and very technical UNIX system administrator (also
partial owner), and another fellow (also partial owner) who was a
complete tool -- imagine Dilbert's boss with basic UNIX CLI and "how to
plug in Ethernet" knowledge.

One day, we got some phone calls from customers stating they were having
authentication dial-up problems or something (I can't remember).  I
didn't have root access to determine what the problem was, so I called
up the UNIX SA and told him what was going on.  He sighed, then agreed
to take a look.  About 15 minutes later he called back stating he'd
fixed it.

The next day, we started getting calls from customers again -- same
issue.  I called the SA ("didn't you fix this yesterday?!?!"), he sighed
again, and 15 minutes later had it fixed.  I asked what the deal was,
and all he said was "I'll explain it next time I'm in the office".  A
few weeks later I saw him and reminded him of the incident.

The other individual who had root -- who also just happened to be my
boss -- had gotten on the box in the middle of the night and decided to
basically "screw with things", telling no one.  After the UNIX SA had
fixed things the first time, that night my boss went back and screwed
with things a second time, leaving things in a completely broken state
again -- and like before, told no one.  "How is this even possible?" I
asked.

The SA explained that he had worked with my boss at previous jobs, and
"he was known for doing this sort of thing", hence the sighing.  I
believe his words were "Whenever something crazy would happen to the
systems at , we'd almost always find traces of  having
logged in and modified seemingly random config files, broke things, and
left them that way.  He'd often do this at absurd hours of the night,
almost as if he didn't want someone catching him in the process".

I asked how he dealt with the situation, and he said "At the previous
job?  His root access was eventually removed, as it was the only way.
At this job?  Well, let's just say the Email conversation is quite
heated and will soon be involving the guys who financially back us".

Food for thought.  Cheers!

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: duplicate a drive

[Jeremy Chadwick]

On Fri, Oct 24, 2008 at 01:29:18PM -0300, Joey Mingrone wrote:
> Hi,
> 
> My laptop "died" recently and to get back to work as quickly as
> possible I simply took the laptop ide drive and put it into an old
> desktop using a 2.5" -> 3.5" ide adapter.  After loading a few new
> drivers into the kernel everything is working quite well.
> 
> The next thing I've tried to do, without success, is mirror the
> contents of the 2.5" drive to a 3.5" drive in the desktop.
> 
> The 2.5" drive is sliced/partitioned like this:
> 
> Filesystem  SizeMounted on
> /dev/ad0s2a 989M   /
> /dev/ad0s2d 989M   /tmp
> /dev/ad0s2f  59G /usr
> /dev/ad0s2e 989M   /var
> 
> ad0s1 is a 20GB slice that I have window installed on.
> 
> The drive's total capacity is 80G.
> 
> The 3.5" drive is only 70G so I'll have to skip the ad0s1 slice.
> Ideally what I'd like to do is copy everything from the ad0s2 slice to
> the 3.5" and run the OS off that drive.  Then, each dump the contents
> of the 3.5" drive to the 2.5" drive.  That way if either drive dies
> I'll, hopefully at worst, just have to switch which drive I boot from.
> 
> Can anyone with experience doing something this make suggestions?

ports/sysutils/cpdup?

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: MTA on non-standard port

[Jeremy Chadwick]

On Fri, Oct 24, 2008 at 10:50:39AM -0500, Kevin Kinsey wrote:
> Hello,
> 
> For various reasons, I find myself in need of an MTA
> accepting submission on a port other than 587 (or 25).
> 
> It'd be Real Nice(tm) if sendmail could Just Do It,
> but I'd be willing to look at other options as well,
> as long as I can get a good spam solution to play nice
> with the server (currently I'm running dual-sendmail
> with Amavisd-new and spamassassin).
> 
> Anyone doing such a thing, or have a few hints handy?

It can do it.

See the DAEMON_OPTIONS macro in your /etc/mail/hostname.mc file.
(Remember: DO NOT edit sendmail.cf directly).  Here's a hint:

http://www.sendmail.org/~gshapiro/8.10.Training/DaemonPortOptions.html

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: FreeBSD-7.1, BETA2 or PRERELEASE

[Jeremy Chadwick]

On Fri, Oct 24, 2008 at 03:07:32PM +0530, Masoom Shaikh wrote:
> Hi folks,
> y'day I csuped the src and built installed the kernel from RELENG_7
> I was expecting FreeBSD-BETA2 in output of `uname -a`
> it is still -PRERELEASE, is it by decision or I have to change something ?
>
> I greped /usr/src for PRERELEASE but cud not locate it. I guess release
> engineering team does that. comments ?

This question keeps coming up.

http://lists.freebsd.org/pipermail/freebsd-questions/2008-October/184992.html

RELENG_7 == PRERELEASE.  There is no "BETA2" tag to follow.

No one is sure at this point where the "BETA2" string has come from
(meaning why it was idealised or why it's being used).  I'm of the
belief that it's something Ken is hand-hacking in newvers.sh before
building + making ISO releases and putting them up on the mirrors.
And I am also of the opinion that this should stop, and we should simply
name the releases PRERELEASE-MMDD to signify the build date.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Upgrading 7.1-PRERELEASE

[Jeremy Chadwick]

On Fri, Oct 24, 2008 at 07:52:11AM +0200, Leslie Jensen wrote:
>
>
> Jeremy Chadwick skrev:
>> On Fri, Oct 24, 2008 at 06:41:05AM +0200, Leslie Jensen wrote:
>>> Jeremy Chadwick skrev:
>>>> On Fri, Oct 24, 2008 at 06:24:56AM +0200, Leslie Jensen wrote:
>>>>> I'm running 7.1-PRERELEASE. Yesterday I csup'ed and upgraded as 
>>>>> I've  done several times in order to install 7.1-BETA2. 
>>>>> Everything went as it  should, but my system still says 
>>>>> 7.1-PRERELEASE. In my stable-supfile I  have "*default 
>>>>> release=cvs tag=RELENG_7".
>>>>>
>>>>> Can anyone tell me where I can make sure that my system upgrades to 
>>>>> BETA-2?
>>>> You are essentially running BETA2, with even newer fixes since the BETA2
>>>> release.  You should stay with the RELENG_7 tag.
>>>>
>>> Thanks Jeremy
>>> I thought that the uname tag would change to "BETA-2"
>>
>> I sincerely do not know where "BETA2" (not "BETA-2") comes from.  It's
>> not defined anywhere in src/sys/conf/newvers.sh in CVS:
>
> I got it from here
> http://lists.freebsd.org/pipermail/freebsd-stable/2008-October/046037.html
> /Leslie

You've misunderstood what I said.  :-)

I want to know where the "BETA2" string actually came **from**, meaning
who or what idealised it and why.  It is not a CVS tag, and it's not
referred to anywhere other than the "here's the ISOs" mails that come
from Ken.

The problem is that this string generates confusion; you are not the
first person who has gotten confused by this (downloading version
labelled with XYZ and upon building world/kernel, seeing version ABC,
inducing an Email to a mailing list asking "I downloaded XYZ, but I'm
seeing string ABC.  Where is the tag for XYZ?  I want to follow it",
only to be told "XYZ is actually PRERELEASE").

In essence what I'm saying is we're inconsistent with the strings
we use for distributions of FreeBSD.  Users **barely** understand
the difference between -STABLE and -RELEASE, and only a select few
understand the difference between CVS tags RELENG_x and RELENG_x_y.

For distributions that are not STABLE or RELEASE, we need to stick with
a single string, and that string (IMHO) should be PRERELEASE-MMDD
(to signify the build date).

>> http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/conf/newvers.sh
>>
>> To me, this means someone is hand-hacking the file before making ISO
>> releases.  The problem with this is there's no way to correlate what CVS
>> tag said string is based on; I have to assume it's RELENG_7.
>>
>> CC'ing Ken, who can probably explain where "BETA2" comes from, since I
>> believe he's the one who makes the builds.
>>
>> 
>> I really wish we'd name our not-yet-RELEASE-or-STABLE ISO releases as
>> FreeBSD x.y-PRERELEASE-MMDD, which would make more sense to users.
>> 

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Upgrading 7.1-PRERELEASE

[Jeremy Chadwick]

On Fri, Oct 24, 2008 at 06:41:05AM +0200, Leslie Jensen wrote:
> Jeremy Chadwick skrev:
>> On Fri, Oct 24, 2008 at 06:24:56AM +0200, Leslie Jensen wrote:
>>> I'm running 7.1-PRERELEASE. Yesterday I csup'ed and upgraded as I've  
>>> done several times in order to install 7.1-BETA2. Everything went as 
>>> it  should, but my system still says 7.1-PRERELEASE. In my 
>>> stable-supfile I  have "*default release=cvs tag=RELENG_7".
>>>
>>> Can anyone tell me where I can make sure that my system upgrades to BETA-2?
>>
>> You are essentially running BETA2, with even newer fixes since the BETA2
>> release.  You should stay with the RELENG_7 tag.
>>
> Thanks Jeremy
> I thought that the uname tag would change to "BETA-2"

I sincerely do not know where "BETA2" (not "BETA-2") comes from.  It's
not defined anywhere in src/sys/conf/newvers.sh in CVS:

http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/conf/newvers.sh

To me, this means someone is hand-hacking the file before making ISO
releases.  The problem with this is there's no way to correlate what CVS
tag said string is based on; I have to assume it's RELENG_7.

CC'ing Ken, who can probably explain where "BETA2" comes from, since I
believe he's the one who makes the builds.


I really wish we'd name our not-yet-RELEASE-or-STABLE ISO releases as
FreeBSD x.y-PRERELEASE-MMDD, which would make more sense to users.


-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Printing to a Lanier LD160c does not work

[Jeremy Chadwick]

On Thu, Oct 23, 2008 at 09:42:41PM -0700, Martin Alejandro Paredes Sanchez 
wrote:
> El Jue 16 Oct 2008, Jeremy Chadwick escribió:
> > On Thu, Oct 16, 2008 at 08:36:42PM +, [EMAIL PROTECTED] wrote:
> > > I am trying to setup a Lanier LD160c (admincolor) that has a network
> > > interface.  I am new to FreeBSD and tried to follow the handbook.  I am
> > > able to print to a HP 5SI (corp-admin) with no problems.  There are no
> > > errors in the lpd-errs and the file is drained from the queue, but the
> > > printer does not print anything.  And this is a working printer to
> > > Windows. lpr -P admincolor testfile.txt
> > >
> > > printcap:
> > > corp-admin|hp|laserjet|Hewlett Packard LaserJet 5Si:\
> > >
> > >         :lp=\
> > >         :sd=/var/spool/output/corp-admin:rm=corp-admin:\
> > >         :lf=/var/log/lpd-errs:\
> > >         :if=/usr/local/libexec/crlfilter:sh:tr=\f:mx#0:
> > >
> > > admincolor|hp|laserjet|LANIER LD160c RPCS:\
> > >
> > >         :lp=\
> > >         :sd=/var/spool/output/admincolor:rm=admincolor:\
> > >         :lf=/var/log/lpd-errs:
> >
> > If this printer is hooked up on the network (e.g. via Ethernet), I
> > believe you need to set the lp variable to the hostname or IP address of
> > the printer, e.g.:
> >
> > admincolor|hp|laserjet|LANIER LD160c RPCS:\
> >
> >   :lp=192.168.1.100\
> >   :sd=/var/spool/output/admincolor:rm=admincolor:\
> >   :lf=/var/log/lpd-errs:
> >
> 
> Negative, leave the lp capability blank, explicitly (:lp=:).
> 
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/printing-advanced.html#PRINTING-ADVANCED-NETWORK-RM

Then the printcap(5) man page should reflect this; the existing
explanations for both fields are painfully terse.

lp str   /dev/lpdevice name to open for
output, or [EMAIL PROTECTED] to
open a TCP socket
rm str   NULL   machine name for remote
printer

I can file a PR (to doc) on this if recommended.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Upgrading 7.1-PRERELEASE

[Jeremy Chadwick]

On Fri, Oct 24, 2008 at 06:24:56AM +0200, Leslie Jensen wrote:
> I'm running 7.1-PRERELEASE. Yesterday I csup'ed and upgraded as I've  
> done several times in order to install 7.1-BETA2. Everything went as it  
> should, but my system still says 7.1-PRERELEASE. In my stable-supfile I  
> have "*default release=cvs tag=RELENG_7".
>
> Can anyone tell me where I can make sure that my system upgrades to BETA-2?

You are essentially running BETA2, with even newer fixes since the BETA2
release.  You should stay with the RELENG_7 tag.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Boot device question

[Jeremy Chadwick]

On Thu, Oct 23, 2008 at 10:42:26AM -0500, Greg Larkin wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Chris Pratt wrote:
> > I have a server with 6 hot-swap SATA slots. It was delivered
> > with the first slot empty and 5 drives set up as /dev/ad4 through
> > /dev/ad12. I'd never paid attention to this until I wanted to add
> > a 6th, now 4 years later. When I popped it in, I realized the
> > empty bay was not 6 but rather bay 1, and of course it wouldn't
> > boot. Presumably /dev/ad2 had now come alive for the first time.
> > I popped out the disk, rebooted and after it was up, I plugged it
> > back in (hot) and ran sysinstall. It didn't see the disk so I couldn't
> > fdisk it. No device files existed for it.
> > 
> > I was thinking a right approach would be to change fstab to
> > reference ad2 for all the system disk file systems, shutdown,
> > move that drive to the first bay and plug the new drive into the
> > 2nd bay. This seemed like more of a permanent solution.
> > If those /dev/ad* files are created at boot dynamically,
> > this should work. I've found docs that imply that they are
> > dynamically discovered and created from FreeBSD 5 forward
> > (auto-discovery?). Are they or do I need to create them prior to
> > start up.
> > 
> > The thing is, there is no easy recovery from failure here since I
> > have no console monitor to let me see what's going on or to fix
> > fstab if it fails (counter-intuitively, the only place I can access
> > the console is from remote locations ;-)), so I just want to know
> > if I'm thinking straight? The plan is:
> > 
> > 1. Change /etc/fstab entries for ad4 filesystems to ad2
> > 2. Shutdown
> > 3. Put the system disk in Bay 1
> > 4. Power up
> > 
> > Should it boot?
> 
> Hi Chris,
> 
> I don't know the answer to that question, but I do know that you can
> wire physical devices to specific devices files in /dev.  I use the
> /boot/device.hints file to do that.  Check this page for more
> information:
> http://threads.seas.gwu.edu/cgi-bin/man2web?program=scbus§ion=4
> 
> Halfway down the page, you'll see directives like:
> 
> hint.da.0.at="scbus0"
> hint.da.0.target="0"
> hint.da.0.unit="0"
> 
> I believe you can do something similar with your ad devices, and force
> the new drive to a different /dev/ad? device file that doesn't cause a
> boot problem.

AFAIK, at/target/unit are hint commands only available to da(4),
at least that's what I see from the source code.  I see no such
support for ad(4), so I do not think this will work for him.

Also, I'll remind people once more: stop modifying device.hints!  The
file can/will be overwritten in some cases, and you will lose your
changes!  You're living dangerously.

Use loader.conf to do what you need; you can literally copy/paste
those lines into loader.conf and achieve the same, without the risks.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Boot device question

[Jeremy Chadwick]

On Thu, Oct 23, 2008 at 08:12:38AM -0700, Chris Pratt wrote:
> I have a server with 6 hot-swap SATA slots. It was delivered
> with the first slot empty and 5 drives set up as /dev/ad4 through
> /dev/ad12. I'd never paid attention to this until I wanted to add
> a 6th, now 4 years later. When I popped it in, I realized the
> empty bay was not 6 but rather bay 1, and of course it wouldn't
> boot. Presumably /dev/ad2 had now come alive for the first time.
> I popped out the disk, rebooted and after it was up, I plugged it
> back in (hot) and ran sysinstall. It didn't see the disk so I couldn't
> fdisk it. No device files existed for it.
>
> I was thinking a right approach would be to change fstab to
> reference ad2 for all the system disk file systems, shutdown,
> move that drive to the first bay and plug the new drive into the
> 2nd bay. This seemed like more of a permanent solution.

This is the solution I go with, because it's obvious and doesn't add
more complexity to the picture.

If the installation was originally done when the disk was considered
ad4, for example, you should still be able to boot that drive (no matter
what port it's on, assuming SATA), choose single-user at the
beastie/loader menu, then make changes to /etc/fstab.  Upon reboot (in
multi-user mode) things should "just work", sans any programs which you
have that might refer to disks by device (e.g.  smartd.conf, etc.)

You can avoid the single-user step if you enjoy living dangerously.

> If those /dev/ad* files are created at boot dynamically,
> this should work. I've found docs that imply that they are
> dynamically discovered and created from FreeBSD 5 forward
> (auto-discovery?). Are they or do I need to create them prior to
> start up.

They are, and it's hard to explain why/how.

The "dynamic" aspect is entirely dependent upon different features/modes
of the ATA configuration though.  For example, a SATA controller
operating in "Legacy/Compatible" mode might show two SATA disks as
ata0-master and ata0-slave (even though they're SATA); the same
controller in "Enhanced" mode might show the disks as ata4-master
and ata5-master; the same controller in AHCI mode might show the disks
as ata8-master and ata10-master.

I think some people deal with this problem using glabel(8), but as I
mentioned, I prefer to do things the old-fashioned way.

> The thing is, there is no easy recovery from failure here since I
> have no console monitor to let me see what's going on or to fix
> fstab if it fails (counter-intuitively, the only place I can access
> the console is from remote locations ;-)), so I just want to know
> if I'm thinking straight?

See bottom of my mail.

> The plan is:
>
> 1. Change /etc/fstab entries for ad4 filesystems to ad2
> 2. Shutdown
> 3. Put the system disk in Bay 1
> 4. Power up
>
> Should it boot?

How certain are you that "bay 1" correlates with ad4?  That's the real
question here.

You obviously have *some* form of access to the machine physically --
or, your co-location provider is offering "remote hands" capability.
This would be the first time I'd *ever* heard of a co-lo offering that
feature without volunteering to put a VGA monitor + keyboard on the
machine so they can see what's going on for you.  (Most providers will
give you "remote hands" for free, as long as the duration of incident
does not exceed 10-15 minutes).

Since these bays are hot-swappable, why don't you have the remote hands
person insert a new disk into the spare/empty bay?

You should be able to run "atacontrol attach " (where channel
is the ATA channel which has no disk attached to it, see atacontrol
list), and then see what the newly-inserted disk's device name is.  Make
note of it, then do "atacontrol detach ", then have the remote
hands person remove the disk they just installed.  After that, edit
/etc/fstab with the information you just obtained, shutdown -p now,
then have the remote hands person move the OS disk into the spare/empty
bay; that should be sufficient.

All that said:

I strongly urge you to take the time to consider the volatility of your
situation.  You have something that is obviously critical to you, in a
remote location, with no remote way to manage it other than SSH.  The
year is 2008: there are tons of ways to solve this problem.  Your
provider should really offer serial console hookups, KVM-over-IP, or at
bare minimum, their remote hands folks should be permitted to hook up
a keyboard and VGA monitor and have you step them through what to do
over the phone.  Our co-lo provider offers this for free, as long as
the duration of the incident does not take more than 10-15 minutes;
otherwise, it's expensive (hundreds of dollars).

If you'

Re: Can't upgrade or deinstall phpMyAdmin

[Jeremy Chadwick]

On Thu, Oct 23, 2008 at 09:58:24AM +0200, Valentin Bud wrote:
> the main reason i don't like to install phpmyadmin from ports is the
> following:
> # pwd
> /usr/ports/databases/phpmyadmin
> 
> # make all-depends-list | grep x11
> /usr/ports/x11/libXpm
> /usr/ports/x11/xextproto
> /usr/ports/x11/xproto
> /usr/ports/x11/libX11
> /usr/ports/x11/libXext
> /usr/ports/x11-toolkits/libXt
> /usr/ports/x11-toolkits/libXaw
> /usr/ports/x11/bigreqsproto
> /usr/ports/x11/xcmiscproto
> /usr/ports/x11/xtrans
> /usr/ports/x11/kbproto
> /usr/ports/x11/inputproto
> /usr/ports/x11-fonts/xf86bigfontproto
> /usr/ports/x11/libXau
> /usr/ports/x11/libXdmcp
> /usr/ports/x11/libSM
> /usr/ports/x11/printproto
> /usr/ports/x11-toolkits/libXmu
> /usr/ports/x11/libXp
> /usr/ports/x11/libICE
> 
> I am not that good in FBSD so i'm asking, is there a way to install
> phpmyadmin
> without installing all the above mentions as depends x11 stuff?

I explained this in my mail.  "make config", remove the features you
don't want, then "make all-depends-list".

I'm pretty sure the one which is causing you grief is the PDF feature,
but it's up to you to decide what you need/do not need.

As I said in my other mail, be aware that disabling some of the
features will cause phpmyadmin to complain to the visitor that said
feature is missing; mbstring is a good example.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Can't upgrade or deinstall phpMyAdmin

[Jeremy Chadwick]

On Thu, Oct 23, 2008 at 08:59:57AM +0200, Valentin Bud wrote:
> May i ask a question. Why do you use phpmyadmin from ports? It installs
> lots of libraries hence possible security threats in the future. So instead
> of
> taking care of updating a bunch of libraries just for phpmyadmin why don't
> you simply download it from http://www.phpmyadmin.net/, put in the apache
> doc
> root, set it up and so you have to take care to update it when a new version
> comes
> out.
> my 2 cents,
> v

You're talking about the dependencies it has on bzip2, GD, OpenSSL, PDF,
zlib, mcrypt, and mbstring.  These are *optional*; nothing stops you
from unchecking them in "make config".

However, be aware that removing some of them will cause phpmyadmin to
work fine, but emit warning messages to the user that  feature is
not available.  This is why said features are enabled by default.

I do not advocate downloading software and just "dumping it" into some
directory on a machine; if you really want to go that route, then why
use ports at all?  Heck, why use FreeBSD, just use Slackware Linux.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: what else is needed to make ftp passive work

[Jeremy Chadwick]

On Wed, Oct 22, 2008 at 01:58:31PM -0500, Len Conrad wrote:
> two machines on the same private network.  
> 
> ftp  10.0.0.24
> Connected to 10.0.0.24.
> 220 mx1.fairhope.net FTP server (Version 6.00LS) ready.
> Name (10.0.0.24:username): 
> 331 Password required for username.
> Password:
> 230 User username logged in.
> Remote system type is UNIX.
> Using binary mode to transfer files.
> ftp> ls
> 229 Entering Extended Passive Mode (|||64341|)
> 
> at this point, there is a long delay, that eventually completes:
> 
> 200 EPRT command successful.
> 150 Opening ASCII mode data connection for '/bin/ls'
> 
> ... and the rest of the ftp session runs fast.
> 
> on the ftp server, if we "ipfw disable firewall", the ftp session runs 
> without delay.
> 
> in hosts file, both machines have both of their records, so we don't think 
> the delay is query for PTR of either IP.
> 
> our ipfw.rules:
> 
> # stateful
> $IPF 50 check-state
> $IPF 60 allow tcp  from any to any established 
> $IPF 70 allow all  from any to any out keep-state
> $IPF 80 allow icmp from any to any
> 
> # open well-known ports
> 
> # FTP
> $IPF 120 allow tcp from any to any 20 in
> $IPF 121 allow tcp from any to any 20 out
> $IPF 122 allow tcp from any to any 21 in
> $IPF 123 allow tcp from any to any 21 out
> 
> In inetd.conf, we've added "-l -l -d" but don't get any ftpd debug info 
> written to /var/log/messages or /var/log/xferlog or dmesg system buffer.
> 
> So what else is needed inf our ifpw.rules for the ftpd params to get the 
> switch to Extended Passive Mode to run quickly?

You're not understanding the FTP protocol properly, specifically the
difference between Passive and Active mode.  This is why you're having
issues.

You need to punch firewall holes to your FTP server on the following
ports:

 Inbound: TCP port 21   (main ftpd daemon)
 Inbound: TCP ports 49152 to 65535  (used in FTP passive mode)
Outbound: TCP port 20   (used in FTP active mode)

Yes, you read that range correctly.  And yes, it's quite large.  Yes,
there is a way to diminish it, but it will affect other programs on
FreeBSD, so I do not recommend adjusting it.  It's controlled by
sysctls.  See the -U option of ftpd, but note that it doesn't do
anything for FreeBSD 5.0 or later.

I highly recommend you stick the FTP server on its own IP address (e.g.
bind the FTP server to its own IP using IP aliases), and then apply
those rules to a specific IP address, e.g.:

ipfw add 120 allow tcp from any to ftp.server.ip 21 in
ipfw add 121 allow tcp from any to ftp.server.ip 49152-65536 in
ipfw add 122 allow tcp from ftp.server.ip 20 to any out

Finally, I recommend if this machine is RELENG_6 or later, that you look
in to using pf(4) instead.  You'll thank me later.  :-)

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Extract Songs from DVD

[Jeremy Chadwick]

On Wed, Oct 22, 2008 at 06:45:02PM +0300, Odhiambo Washington wrote:
> On Wed, Oct 22, 2008 at 6:42 PM, Ted Mittelstaedt <[EMAIL PROTECTED]> wrote:
> >
> > I think ffmpeg will also convert these, and it supports more
> > conversions than sox does.  Actually, both sox and ffmpeg rely
> > heavily on external libraries to perform their conversion functions,
> > they are more "front end" programs than anything else.
> >
> 
> Are there similar (but Free) programs for Windows?

For extraction: try Exact Audio Copy (EAC), or CDex.  It all depends on
if the CD audio tracks are truly available on the DVD or not, and if the
softwares can detect them.  Both can do MP3, Ogg, or other conversions
on-the-fly.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: UFS2 or ZFS for 3TB disk?

[Jeremy Chadwick]

On Tue, Oct 21, 2008 at 11:06:07PM -0600, Anthony Chavez wrote:
> The subject says it all.
> 
> I will soon be installing an Areca ARC-1110 and 3x 1.5TB Seagate
> Barracuda SATAs into a 3.2GHz Northwood P4 with 1GB of RAM, and I'm
> wondering which would be the most stable filesystem to use.
> 
> I've read the bigdisk page [1] and the various information about ZFS on
> the FreeBSD Wiki [2].  I'm aware of the tuning requirements that ZFS
> requires, and upgrading to 4GB of RAM would be quite possible as it was
> understood beforehand that ZFS requires a large quantity of it.

The official Solaris ZFS Wiki answers this question.  The "I really
don't want to this to get pedantic" answer is: caching.

> 1. I'm aware of the fact that ZFS works better on 64-bit platforms, and
>  that alone has me thinking that it's not a good fit for this particular
> machine.  But apart from that, it seems that ZFS is not yet stable
> enough for my environment (only about 25 users but in production
> nonetheless).  To me, [3] paints all sorts of ugly pictures, which can
> be summarized as "count on ZFS-related panics and deadlocks happening
> fairly regularly" and "disabling ZIL in the interest of stability will
> put your data at risk."  Comments about live systems using ZFS (on
> 7.0-RELEASE or 7-STABLE) would be appreciated.

You should review the past 3-4 months of freebsd-fs and freebsd-stable
mailing list posts.  Stabilising ZFS has been thoroughly discussed there.

http://lists.freebsd.org/pipermail/freebsd-fs/
http://lists.freebsd.org/pipermail/freebsd-stable/

To date I've only heard of one person having to disable the ZIL to get
stability on RELENG_7.  Everyone else has followed the "standard" tuning
procedures, which is to tune kmem_size, kmem_size_max, arc_min, and
arc_max.  prefetch_disable being set can also help performance-wise
(many of us find that disabling prefetching provides less "stalls" or
interruptions during extreme disk I/O).

Remember that kmem_size and kmem_size_max cannot be increased past 2GB
(and you should NOT set them to 2048M!) on RELENG_7 (i386 and amd64).
If you want more memory made available to the kernel, you'll need to run
CURRENT.  None of this affects userland.

What you need to keep in mind is that you need to tune things to get ZFS
stable on RELENG_7, and you will need to keep tune it if you experience
panics relating to ZFS or kmem exhaustion.  The way to avoid panics is
to start with something very restrictive (I advocate 1536M for kmem_size
and kmem_size_max, 16M for arc_min, and 64M of arc_max, on a machine
with 2GB of RAM), and then gradually increase arc_max by ~16M
increments.  You cannot tune this, reboot, let it run for 24 hours and
go "IT WORKS".  You will need to seriously test this over a
period of many days, if not weeks.  Each person's environment is
slightly different, and it depends greatly upon the type of data being
accessed, how often, and what sort of workload.  There is no "standard".

I use ZFS to manage a raidz1 zpool across 4 500GB disks (all SATA) on my
home machine, which gets thrashed pretty hard due to the content sizes
(500-600MB files).  This machine has 2GB of RAM, and runs amd64.

I also use it in my co-lo as a replacement for /home and on another
machine to be used for backups (rsnapshot+rsync across ssh, results
stored on a ZFS filesystem).  This machine has 2GB of RAM, and runs
i386.

The "it works better on amd64 platforms" is true, but there is
absolutely nothing that stops you from using it on i386.  You should
feel confident using it on both.  If you really want to know of the
performance difference of ZFS on amd64 vs. i386, assuming Google has
nothing, you might ask pjd@ directly.  I think the general deal is that
ZFS was developed with 64-bit pointers and 64-bit values in mind, and
while those are not entirely available on x86 (sans MMX/SSE/SSE2/SSE3
registers) without a bit more work, "long long" on i386 works fine.

IMHO, you should be using ZFS for what you want to accomplish.  If you
do go the UFS2 route, I would recommend you set background_fsck="no" in
your rc.conf, especially since it's obvious data integrity matters a lot
to you (but then again, if it does matter that much, ZFS's checksum
ability should trump your interest in UFS2 entirely).

That's really all I'm going to say on the matter.  (Sorry if that sounds
rude, I'm just incredibly scared that my above comments will induce some
pedantic flame war or battle of sort, which is not my intention.)

> [1] http://freebsd.org/projects/bigdisk
> [2] http://wiki.freebsd.org/ZFS
> [3] http://wiki.freebsd.org/ZFSKnownProblems

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking  

Re: mirror site

[Jeremy Chadwick]

On Tue, Oct 21, 2008 at 04:20:16PM -0400, Steve Eschweiler wrote:
> I am very interested in any mirror site opportunities you have.  Hivelocity
> would be interested in providing a server(s) to FreeBSD.  Please let me know
> what to do from here.

http://www.freebsd.org/doc/en/articles/hubs/  should have all of the
necessary details, including who you should contact (not -questions).
:-)

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: page fault while in kernel mode

[Jeremy Chadwick]

On Tue, Oct 21, 2008 at 03:22:28PM -0400, Robert Fitzpatrick wrote:
> On Tue, 2008-10-21 at 15:09 -0400, John Baldwin wrote:
> > Alternatively, you could just remove the 'device adv' line from your
> > kernel 
> > config rather than adding lots of 'nodevice' lines at the bottom.  You
> > can 
> > usually do 'man 4 ' to see what devices it supports.  In
> > this 
> > case, adv(4) supports mostly ancient Advansys SCSI host adapters.
> > The 
> > manpage has a full list of the various model numbers, etc.
> 
> Yes, that is what I thought. Right now, I am just commenting them out,
> now I know what people mean when they say they are running a
> trimmed/clean kernel.
> 
> I did see one potential issue...
> 
> # USB support
> device  uhci# UHCI PCI->USB interface
> device  ohci# OHCI PCI->USB interface
> device  ehci# EHCI PCI->USB interface (USB 2.0)
> device  usb # USB Bus (required)
> 
> I see all of these with nodevice lines in the PAE file. Although I have
> USB ports, I don't use them, but I was concerned by the 'required' on
> the last one, is it OK to remove? Also, would I then need to disable USB
> in the BIOS to avoid errors?

If you remove "device usb", you will also need to remove uhci, ohci,
ehci, umass, ukbd, etc. etc. etc... from your config as well.

You do not need to disable USB support in the BIOS; the kernel will
simply state that it sees devices on the PCI bus but lacks a driver to
attach to them.  This will not harm anything.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: page fault while in kernel mode

[Jeremy Chadwick]

On Tue, Oct 21, 2008 at 02:35:22PM -0400, Robert Fitzpatrick wrote:
> On Tue, 2008-10-21 at 12:03 -0400, John Baldwin wrote:
> > Some drivers don't work with PAE (see all the 'nodevice' lines 
> > in /sys/i386/conf/PAE).  You'll need to purge those drivers from your
> > config.  
> > If you are using the hardware those drivers support, then you can't
> > use PAE.
> 
> Thanks for the help. Excuse the ignorance, I'm more a programmer than
> system guy. How do I purge a driver, or know which driver to look for,
> from the config and know what the driver supports? Do you mean, in this
> case, remove 'nodevice adv' from the PAE file? If so, I don't know what
> that supports :/

Yeah, I don't think anyone's really explaining this very well to you, so
I'll try a different approach:

Certain FreeBSD drivers do not work in PAE mode.

The drivers which don't work are listed in the /sys/i386/conf/PAE
file.  They're prefixed by the word "nodevice", which tells the
kernel config reader "DO NOT build this device, because it won't
work".

You will need to take the "nodevice" lines from /sys/i386/conf/PAE and
put them into your kernel config file.  (There are alternative methods
such as using "include" directives and so on, but I'm trying to keep
this explanation simple.)

Make sense now?  :-)

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: mysql connection through ssl tunnel

[Jeremy Chadwick]

On Mon, Oct 20, 2008 at 03:25:23PM -0400, John Almberg wrote:
> On Sep 23, 2008, at 10:09 AM, Vincent Hoffman wrote:
>> John Almberg wrote:
>>> I have two FreeBSD machines. One is a application server, the other a
>>> database server running mysql. These machines are in two different
>>> locations. I'd like to allow the application server to access mysql
>>> through an SSH tunnel.

I'm somewhat amazed at the fact that everyone so far has gone completely
wild with SSH to solve this problem.

Has anyone made the OP aware that MySQL *does* in fact support SSL
natively, and that it can be used between client and server, as well as
between master and slave (for replication)?

The SSH tunnelling idea is fine if you want to access a MySQL server
behind a firewall or on a private network, but I'm a bit confused as to
why everyone's going to great lengths to use SSH to accomplish something
MySQL has support for natively.

Please clue me in.  :-)

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: I've just found a new and interesting spam source - legitimatebounce messages

[Jeremy Chadwick]

ing your own box
only used by you -- and I have a feeling a lot of people who post on
this list are exactly that.  It's a **completely** different game when
you've got other people reliant upon your mail filtering decisions.

The problem with blocking mail "early on" (meaning before it's queued,
e.g. SMTP 5xx or 4xx rejections) is that the end-user has no knowledge
of this.  They simply do not get the mail.  They're left in the dark,
wondering "Did  send the mail?  Are they lying to me?  What's
going on???".  It's a very sensitive thing when you're a hosting
provider.

In the case of my users, they would much rather get the mail and have it
incorrectly flagged as spam, than not get it at all.  I personally
believe this directly reflects on the state of anti-spam affairs: we've
gotten so aggressive that *who KNOWS* what kind of legitimate mail we're
blocking.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: page fault while in kernel mode

[Jeremy Chadwick]

On Mon, Oct 20, 2008 at 12:07:17PM -0400, Robert Fitzpatrick wrote:
> On Sun, 2008-10-19 at 13:16 -0700, Jeremy Chadwick wrote:
> > On Sun, Oct 19, 2008 at 03:50:01PM -0400, Robert Fitzpatrick wrote:
> > > I took a working 5.4-i386 server and trying to convert its RAID 5 to
> > > RAID 10 and load 7.0 amd64. I kept getting BTX halted even after
> > > flashing the latest bios and firmware for the raid card, Intel SRCZCR,
> > > in this dual Xeon 2.4GHz supermicro superserver. I have another server,
> > > bit newer, but same basic hardware makeup with Xeon 3.0 procs that runs
> > > 6.1-amd64 fine. Anyway, so I have resorted to the i386 version of 7.0 to
> > > see if the server is just incapable of running amd64, which after
> > > passing the initial boot where amd64 failed, now gives me the subject
> > > error after some reference to GEOM_LABEL. I did rebuild the RAID to
> > > RAID-10, can someone tell me what this error means?
> > > 
> > > http://columbus.webtent.org/freebsd.png
> > 
> > Can you please try 7.1-BETA2 instead (ISOs are now available)?  There
> > have been fixes/improvements to BTX since 7.0-RELEASE which could fix
> > your problem.
> > 
> 
> Thanks, but that didn't work either trying 7.1-BETA2 amd64 :(
> 
> Forgot to mention I added memory to this server as well, took it from
> 2GB it was using under 5.4-RELEASE up to 6GB filling all slots, that is
> why I wanted to load amd64. I reduced down to 4GB and now am able to
> install 7.0-RELEASE i386. Does this mean that I may have a hardware
> issue or can FreeBSD produce the page fault I was getting when using
> over 4GB with i386?

i386 cannot address more than 4GB unless the kernel is built with PAE
mode enabled.  This isn't enabled in GENERIC for many (justified)
reasons.  If you have more than 4GB, you should be using amd64, so you
made the right decision there.

> I would love to figure out this BTX halted issue instead...any ideas
> on that?

Boot loader problems are difficult to figure out/debug for reasons which
should be obvious.  I'm CC'ing John Baldwin here, who has experience
with BTX.  He might be able to shed some light on this.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: mounting an MP3 player?

[Jeremy Chadwick]

On Mon, Oct 20, 2008 at 03:51:20PM +0200, Johannes-Maria Kaltenbach wrote:
> 
> Hello,
> 
> > Message: 3
> > Date: Sun, 19 Oct 2008 14:57:43 +0100
> > From: dgmm <[EMAIL PROTECTED]>
> > Subject: Re: mounting an MP3 player?
> >
> [...]
> >
> > Have you tried just mounting da0 etc?  The may not be any slices.
> 
> yes, I tried all /dev/da*; in each case the result was
> mount: /dev/da...: Device not configured

One thing people here haven't mentioned is that device quirks (meaning:
"one-offs" in the driver code) might be required to get this device to
work.  It's a common problem, and exists in many operating systems.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: page fault while in kernel mode

[Jeremy Chadwick]

On Sun, Oct 19, 2008 at 03:50:01PM -0400, Robert Fitzpatrick wrote:
> I took a working 5.4-i386 server and trying to convert its RAID 5 to
> RAID 10 and load 7.0 amd64. I kept getting BTX halted even after
> flashing the latest bios and firmware for the raid card, Intel SRCZCR,
> in this dual Xeon 2.4GHz supermicro superserver. I have another server,
> bit newer, but same basic hardware makeup with Xeon 3.0 procs that runs
> 6.1-amd64 fine. Anyway, so I have resorted to the i386 version of 7.0 to
> see if the server is just incapable of running amd64, which after
> passing the initial boot where amd64 failed, now gives me the subject
> error after some reference to GEOM_LABEL. I did rebuild the RAID to
> RAID-10, can someone tell me what this error means?
> 
> http://columbus.webtent.org/freebsd.png

Can you please try 7.1-BETA2 instead (ISOs are now available)?  There
have been fixes/improvements to BTX since 7.0-RELEASE which could fix
your problem.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Bind BIND 9.3.5 configuration

[Jeremy Chadwick]

On Sun, Oct 19, 2008 at 06:22:27AM -0700, Kevin wrote:
> I installed bind 9.3.5 on my new FreeBSD 6.3 server. I copied
> named.conf directly from my old server (originally from the Internet),

Since you've done this, you should use mergemaster to interactively
merge the changes in the system default src/etc/namedb/named.conf into
yours.  This should solve any errors you receive.

> Q1. Bind gave me errors on the following lines due to missing files, I
> have only empty.db, localhost-forward.db and localhost-reverse.db.
> Should I modify all localhost.rev to localhost-reverse.db? Is it safe
> to remove all lines about localhost-v6.rev?

See above.

> Q2. Regarding the following lines, it seems that I should uncomment
> the forwarders, is it the the same IP in /etc/resolv.conf? Or I need
> to ask my ISP?
> ---
> // If you've got a DNS server around at your upstream provider, enter
> // its IP address here, and enable the line below.  This will make you
> // benefit from its cache, thus reduce overall DNS traffic in the Internet.
> /*
> forwarders {
> 127.0.0.1;
> };
> */

No, you don't need to ask your ISP, and no, you don't need to enable
forwarders unless you want to.  You should read the official BIND docs
on what forwarders do, to get the full understanding.  :-)

> Q3. About the following comments, should I enable a local name server?
> and how to do it exactly? I have added 127.0.0.1 in resolv.conf, but
> how to enable it in /etc/rc.conf?
> --
> // If you enable a local name server, don't forget to enter 127.0.0.1
> // first in your /etc/resolv.conf so this server will be queried.
> // Also, make sure to enable it in /etc/rc.conf.
> 
> I have used this configuration for several years and always quite
> confused. I have put my named.conf at
> http://www.msofficeforums.com/named.conf . Please give me some
> suggestions. Thanks!

You should put "nameserver 127.0.0.1" in /etc/resolv.conf, that way your
own local machine as a resolver (e.g. will rely on the BIND/named
daemon).

/etc/rc.conf is used to enable BIND/named on startup.  You should
place the following there:

named_enable="yes"

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: pfSense

[Jeremy Chadwick]

On Sat, Oct 18, 2008 at 02:44:57PM -0700, Gary Kline wrote:
>   I've been using the FBSD firewall pfSense since last January
>   without fully understanding it.  Now I'm getting some clues as to
>   one *possibility* why my new laptop may not be working.  --It is
>   more probably a hardware fauly, but maybe somebody can clue me in
>   How both my wife and my daughter and I (with my new ThinkPad G41)
>   were given IP's _within_ the "Range" that was set up.
> 
>   My private IP's are listed as 
> 
>   10.47.0.0 -- 10.47.0.255
> 
>   and my Range is listed as
> 
>   10.47.0.101 to 10.47.0.120.  The "Range" is described on one
>   site:
> 
>  You will need to set the Range of the DHCP server which 
>  will regulate how many IP addresses you will give out.
> 
>   My wife's Dell XP has 10.47.0.119; daughter's Macbook is
>   10.47.0.115; and when I clicked around and made my daughter's
>   computer IP "static", pfSense gave me an error.  It said that 
>   it was incorrectly within the "Range".  How can I change/edit it
>   so that it is outside the range?  I would like everything
>   possible to be set in concrete.  Will pfSense pick an IP outside
>   the range?

You should ask this on the pfSense mailing list, but, I will answer
your question regardless -- but I make the assumption the DHCP server
used in pfSense is ISC dhcpd.

You *cannot* include static IPs (in this case, "static IP" means an IP
address that is always returned for a specific MAC address) within the
"dynamic pool".  ISC dhcpd will not let you do this, and for good
reasons (you can read the docs if you want the answer).

Instead, you should give your wire and daughter's machines IPs outside
of the "dynamic pool" range, e.g. 10.47.0.121 and upwards.  This
will work fine.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Disable CTRL-ALT-DEL

[Jeremy Chadwick]

On Sat, Oct 18, 2008 at 10:58:29AM +0300, Manolis Kiagias wrote:
> Peter Boosten wrote:
>> Manolis Kiagias wrote:
>>   
>>> Olivier Nicole wrote:
>>> 
>>>> Hi,
>>>>
>>>> On FreeBSD 6.3 how to disable the CTRL-ALT-DEL from halting/rebooting
>>>> the system?
>>>>
>>>> Best regards,
>>>>
>>>> Olivier
>>>> 
>>> There are two ways of doing this, both described in the FreeBSD FAQ here:
>>>
>>> http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/admin.html#CAD-REBOOT
>>> 
>>
>> Hmmm, didn't know about the second one, and doesn't seem to be working
>> either (on both 7.0 and 6.3):
>>
>> sysctl hw.syscons.kbd_reboot=0
>> sysctl: unknown oid 'hw.syscons.kbd_reboot'
>>
>>
>> Peter
>>   
> It seems you are right. Just checked on 6.3 and 7.0 and it does not  
> exist. It does exist in 6.2, however.

Hmm...

# sysctl hw.syscons.kbd_reboot=0
hw.syscons.kbd_reboot: 1 -> 0
# sysctl hw.syscons.kbd_reboot=1
hw.syscons.kbd_reboot: 0 -> 1
# uname -a
FreeBSD icarus.home.lan 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #0: Thu Oct  2 
03:04:20 PDT 2008 [EMAIL 
PROTECTED]:/usr/obj/usr/src/sys/PDSMI_PLUS_RELENG_7_amd64 amd64

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Problem with www/mod_cband

[Jeremy Chadwick]

On Fri, Oct 17, 2008 at 11:47:38AM -0700, mdh wrote:
> It seems possible, however, that mod_cband's functionality could be
> replicated by a simple script that watches the access log files and
> makes an update to a .htaccess file for the virtualhost when the
> virtualhost in question exceeds a given bandwidth limit which would be
> configured in the script.

Well, that's assuming you want to use the "maximum aggregate bandwidth
per site every month" concept.  I, for one, do not, because all it takes
is one prick wget -r'ing the site and pow, the site is down for
everyone.  You could block based on IP, but believe me, they'll find or
get another.  (I've personally seen this with Italian users, where
they'd switch to another IP to get around pf(4) blocks I put in place.)

I personally prefer to just bandwidth limit sites, only permitting
XXX Kbyte/sec across *all visitors*.  It's the only "safe" way to deal
with 95th-percentile billing in co-locations.

Also, don't forget that Apache only writes an entry to the log file
*after* the transfer is finished, not when the request is submit.  :-)

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Problem with www/mod_cband

[Jeremy Chadwick]

On Fri, Oct 17, 2008 at 08:31:29PM +0200, Mel wrote:
> On Friday 17 October 2008 19:53:59 Jeremy Chadwick wrote:
> 
> > Regarding alternatives: there aren't.  Bandwidth limiting is a
> > long-standing feature of Apache that's missing, which is a huge
> > disappointment.
> 
> Never used it, but www/mod_bw is not a real world alternative?

http://www.ivn.cl/apache/files/txt/mod_bw-0.8.txt

I believe the problem I ran into with this module was that it would
only work with static content, and not with interpreted languages
(such as PHP) or other things.  I know there's a directive in the
module to tell it what output types it supports, but I don't think it
worked quite right.

I'd have to go back and try it.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Problem with www/mod_cband

[Jeremy Chadwick]

On Fri, Oct 17, 2008 at 12:57:41PM -0400, David Karapetyan wrote:
> FreeBSD office19.resnet.nd.edu 7.0-RELEASE-p5 FreeBSD 7.0-RELEASE-p5 #0: 
> Wed Oct  1 10:10:12 UTC 2008 
> [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC  i386
> 
> Hello everyone. Every time I try to use the mod_cband module in my 
> apache22 webserver, apache segfaults upon restart. Things work fine when 
> I disable the module from httpd.conf. Is this module broken, and if so, 
> what comparable alternatives are there?

Be aware that mod_cband has quite a horrible bug.  This is a Debian bug
report, but the same problem applies to FreeBSD.  Be sure to read the
entire bug, not just the original report.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=418645

Regarding alternatives: there aren't.  Bandwidth limiting is a
long-standing feature of Apache that's missing, which is a huge
disappointment.

The best solution I've found on FreeBSD is to use pf(4) with ALTQ,
and give each VirtualHost its own IP address, then rate-limit the IP
address using pf(4).  Yes, I realise this is impractical for sites
which have many vhosts and use name-based virtualhosts.

Welcome to my world...

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator  Mountain View, CA, USA |
| Making life hard for others since 1977.  PGP: 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"