Re: mpd5 vs lt2pd vs sl2tps
On 2/20/2013 1:38 PM, Tim Gustafson wrote: Hi, I'm trying to get a FreeBSD box set up as an L2TP server. I've been tinkering with mpd5 and had some success, but I was wondering if anyone has been using l2tpd or sl2tps and what their experiences might have been. Are either of these easier to set up? More reliable? Especially for a configuration where LDAP authentication is preferred, or at least RADIUS if not LDAP? I have only used mpd5 from the ports, but I find it very reliable and efficient. We have LNS boxes that handle close to 700 endpoints at a time with ~ 300Mb of traffic. We use FreeRADIUS for backend authentication. The config and CLI are not my favorite, but generally I dont find myself making many changes. ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: LSI 9750-4i (tws based cards)
On 9/12/2012 3:30 PM, Mike Tancsa wrote: Does anyone have any experience with these cards ? We are looking for a controller that has a little more gas than the twa based cards which have been very reliable and stable for us on FreeBSD. I dont have any experience with 3ware/LSI's cards that use the tws driver. Has anyone used them yet ? For the archives... I ordered a 3ware 9750 4i card to test with and its quite fast! There is a small bug in the driver fixed now in HEAD as well as some cosmetic changes. But other than that it seems pretty solid. The same management interface as the twa and twe based cards. I ran a test box using a kernel with INVARIANTS and WITNESS with the card and 4 10k disks in raid 10. The card seems pretty zippy for the price. RW performance does seem to take advantage of the faster disk speeds 0{3w9750}# dd if=/dev/zero of=/mnt/test bs=1024k count=9000 9000+0 records in 9000+0 records out 9437184000 bytes transferred in 39.859600 secs (236760629 bytes/sec) 0{3w9750}# 0{3w9750}# umount /mnt 0{3w9750}# mount /dev/da0 /mnt 0{3w9750}# dd if=/mnt/test of=/dev/null bs=1024k 9000+0 records in 9000+0 records out 9437184000 bytes transferred in 27.887930 secs (338396720 bytes/sec) 0{3w9750}# For stress testing, I ran the disk.cfg component of http://people.freebsd.org/~pho/stress/index.html as well as random copies of dbench and bonnie as well as periodically accessing the disk while the stress scripts ran for 72hrs. The OS was netbooted, RELENG9 AMD64 0{3w9750}# tw_cli /c0 show Unit UnitType Status %RCmpl %V/I/M Stripe Size(GB) Cache AVrfy -- u0RAID-10 OK - - 256K931.303 RiW ON VPort Status Unit Size Type Phy Encl-SlotModel -- p0OK u0 465.76 GB SATA 0 -WDC WD5002AALX-00J3 p1OK u0 465.76 GB SATA 1 -WDC WD5002AALX-00J3 p2OK u0 465.76 GB SATA 2 -WDC WD5002AALX-00J3 p3OK u0 465.76 GB SATA 3 -WDC WD5002AALX-00J3 0{3w9750}# For some reason the card defaults legacy interrupts. Adding hw.tws.enable_msi=1 to /boot/loader.conf fixes that LSI 3ware device driver for SAS/SATA storage controllers, version: 10.80.00.003 tws0: LSI 3ware SAS/SATA Storage Controller port 0x4000-0x40ff mem 0xc246-0xc2463fff,0xc240-0xc243 irq 17 at device 0.0 on pci2 tws0: Using MSI tws0: Controller details: Model 9750-4i, 8 Phys, Firmware FH9X 5.12.00.007, BIOS BE9X 5.11.00.006 (probe65:tws0:0:65:0): INQUIRY. CDB: 12 0 0 0 24 0 (probe65:tws0:0:65:0): CAM status: Invalid Target ID (probe65:tws0:0:65:0): Error 22, Unretryable error da0 at tws0 bus 0 scbus0 target 0 lun 0 da0: LSI 9750-4iDISK 5.12 Fixed Direct Access SCSI-5 device da0: 6000.000MB/s transfers da0: 953654MB (1953083392 512 byte sectors: 255H 63S/T 121573C) tws0@pci0:2:0:0:class=0x010400 card=0x000113c1 chip=0x101013c1 rev=0x05 hdr=0x00 vendor = '3ware Inc' device = '9750 SAS2/SATA-II RAID PCIe' class = mass storage subclass = RAID bar [10] = type I/O Port, range 32, base 0x4000, size 256, enabled bar [14] = type Memory, range 64, base 0xc246, size 16384, enabled bar [1c] = type Memory, range 64, base 0xc240, size 262144, enabled cap 01[50] = powerspec 3 supports D0 D1 D2 D3 current D0 cap 10[68] = PCI-Express 2 endpoint max data 128(4096) link x4(x8) cap 03[d0] = VPD cap 05[a8] = MSI supports 1 message, 64 bit enabled with 1 message ecap 0001[100] = AER 1 1 fatal 0 non-fatal 0 corrected ecap 0004[138] = unknown 1 In summary, we like the card on FreeBSD. We make heavy use of the older 3ware cards in our company on various platforms, so our staff are comfortable using the management tools to swap out dead drives. We will probably start to use these cards for customer builds in the future where they need faster IO. ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
LSI 9750-4i (tws based cards)
Does anyone have any experience with these cards ? We are looking for a controller that has a little more gas than the twa based cards which have been very reliable and stable for us on FreeBSD. I dont have any experience with 3ware/LSI's cards that use the tws driver. Has anyone used them yet ? ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: RFC 2385 TCP MD5 support on FreeBSD8.3
On 9/6/2012 11:16 AM, SivaReddy Obili wrote: But we were not able to configure BGP MD5 on that machine. Perhaps you could post some details as to what you tried. Did you recompile the kernel with MD5 support ? In the kernel, you need optionsTCP_SIGNATURE optionsIPSEC device crypto If you have not built a customer kernel, cd /usr/src/sys/i386/conf cp GENERIC router in the file router, optionsTCP_SIGNATURE optionsIPSEC device crypto in /etc/make.conf add KERNCONF=router cd /usr/src make -j4 buildkernel make installkernel Then, in /etc/ipsec.conf add something like #.18 is the local machine, .29 the remote machine add 192.168.134.18 192.168.134.29 tcp 0x1000 -A tcp-md5 HelloMD5 ; add to /etc/rc.conf ipsec_enable=YES # Set to YES to run setkey on ipsec_file ipsec_file=/etc/ipsec.conf# Name of config file for setkey cd to /usr/ports/net/quagga and make install in your bgp config, the peer needs a line like neighbor 192.168.134.29 password HelloMD5 ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ppp connection goes down - requires reboot
On 7/12/2012 10:18 AM, David Banning wrote: Lately I have a problem where the ppp connection goes down. Watching the log I see the following; Jul 12 09:55:13 3s1 ppp[31115]: tun0: Phase: deflink: opening - dial Jul 12 09:55:13 3s1 ppp[31115]: tun0: Phase: deflink: dial - carrier Jul 12 09:55:18 3s1 ppp[31115]: tun0: Phase: deflink: Disconnected! Jul 12 09:55:18 3s1 ppp[31115]: tun0: Phase: deflink: carrier - hangup Jul 12 09:55:18 3s1 ppp[31115]: tun0: Phase: deflink: Connect time: 5 secs: 0 octets in, 0 octets out 5 seconds seems like a pretty tight for it to give up. Do you have any other defaults in your ppp.conf not shown below ? also add enable echo disable vjcomp set lqrperiod 10 set cd 10 and when its not working, try tcpdump -nei fxp0 You should see responses to your PADI requests from the remote BAS. Also get rid of the 209.161.205.12 line. Typically your ISP will assign you the static IP out of RADIUS and you dont need to specify it. ---Mike I shutdown ppp and restart it with no luck. I shutoff modem and reboot it and wait for connection light to go solid - still no go. my ppp.conf follows; default: # or name_of_service_provider set device PPPoE:fxp0 # replace xl1 with your ethernet device set mru 1492 set mtu 1492 set authname *** set authkey *** set log Phase tun command # you can add more detailed logging if you wish disable ipv6cp set dial set login set ifaddr 209.161.205.12 206.221.248.4 set ifaddr 10.0.0.1/0 10.0.0.2/0 add default HISADDR nat enable yes ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 32 bit to 64 bit
On 6/27/2012 9:37 AM, Tim Kellers wrote: Will the buildworld --- buildkernel KERNCONF=FOO64 allow a 32 bit installation to build a 64 bit kernel? I'd like to upgrade this machine to 64 bit AMD and I'd prefer not to do it from a DVD if I can do it from source. Has anyone tried this and succeeded (or failed spectacularly) on a remote install/upgrade? I have seen posts of people who have done it, but when we contemplated it a while back it was more trouble than it was worth. It was easier and safer to build a new image on a separate disk, install all the apps from the ports, and then migrate the customer data over. Even if the box is remote, it might be easier to ship the drive there and have someone change it out for you. ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: changing md5 hashed for sha
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 6/23/2012 9:37 AM, Christopher J. Ruwe wrote: For setting the dafault hash used to hash /etc/master.passwd, it has been recommended changing md5 for something more secure in the sense of being more expensive to crack. The handbook describes the procedure used in http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/crypt.html. Allegedly, hashes which were hashed with one of the sha-functions begin with the character $6$. Afer having changed my /etc/login.conf accordingly and having reset the passwords, the given there is not md5 anymore (I have tried with md5), but does not begin with the character $6$, but, as md5, with $1$, which is supposed to be md5-hashed. I fear I am a bit dense here, what am I getting wrong? Are you sure you ran cap_mkdb /etc/login.conf after adjusting the values in login.conf ? Also, this will only work on relatively recent versions of FreeBSD. ---Mike - -- - --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP551fAAoJEJXHwM2kc8rXS34H/j+uxWq8Pa9j0iXpehObx2iY LeeCZx7YbSv9AwGVHy/gTRtYP1uStBNn79oKV0ANSyjOT3F7l1MuygfJAqfXIKDm WdN4KX2D3tpAjVMdce1zX2rSy4OtXLYXpBXTiGmP2d/erAEtE9B8gJ8GQWDh0gWz 14CkQyefcF2YvmepSj3+9P69EzjlEm6vDMPyY/nrMlJcT8+ujtZX325+kQzQiiFX FFasbqekazHCUnKGZZY9arY01AxPKg5e2PXFZPQf3qQy3jHqOupnM3ei3D39O9aV gqJ/k2XDPjZYqAIy0gyPi99q4fCueYQFQrm2tyeTkV6+OxM8kdD5czx/FvySiG8= =FVSP -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: (Free 7.2) su -l didnt prompt password.Is it possbile?
On 6/18/2012 9:31 AM, Budnev Vladimir wrote: And It looked such way: %su -l Before you enter this command, post the output of id ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: (Free 7.2) su -l didnt prompt password.Is it possbile?
On 6/18/2012 10:24 AM, Budnev Vladimir wrote: But mb you can point in what case there is possibility to make su -l without any prompt. If the uid is 0, you wont need to enter a passwd ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pf firewall rule numbers
On 4/11/2012 8:34 PM, Fbsd8 wrote: In the pf log I see the rule number of the rule used to create the log file entry. pfctl -sr command does not list the rule number of each rule it lists. Hi, Try pfctl -sr -vv ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: fxp0 Link Going Up And Down
On 4/1/2012 4:21 PM, Tim Daneliuk wrote: I am seeing this intermittently: Apr 1 14:48:36 host kernel: fxp0: link state changed to DOWN Apr 1 14:52:27 host kernel: fxp0: link state changed to UP There were some fixes to the fxp driver on ~ March 26th that fixed the NIC bouncing up and down when it went into promisc mode. But those bounces were very short lived (a few seconds to transition). Your up/down events are minutes. Perhaps the cable modem is going into some sort of sleep mode ? Or perhaps just a hardware issue. If you can, try and put a simple hub or switch between the cable modem and your NIC and see if you still get bounces. Also, there are many variants of fxp hardware. Post the output of egrep -i fxp|phy /var/run/dmesg.boot and sysctl -a dev.fxp ---Mike This is observed both on some 8.2-STABLE and 8.3-PRERELEASE versions on the same server. I have replaced the ethernet cable as well as the device on the other end (a cable internet box), but the problem intermittently persists. It appears not to be a mechanical issue insofar as I can wiggle the cable at each end and not introduce this problem. fxp0 in this case is the on-board NIC of an Intel mobo. Ideas anyone? Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Many SATA disks
On 3/31/2012 6:28 PM, Daniel Feenberg wrote: We would like to build a FreeBSD machine ourselves with many (~15) SATA drives, but NOT use a RAID controller. We want to be able to remove any drive and connect it to an ordinary motherboard SATA port and mount the filesystem using only the OS provided drivers and tools. I have built many FreeBSD systems, but never used port multipliers and don't know which controllers advertised as RAID controllers will support a plain pass-thru mode. Would anyone like to make a suggestion from actual experience? The system will be used solely for archiving, so performance is not critical, but portability of the partitions to other systems is necessary. We use this controller http://www.addonics.com/products/adsa3gpx8-4e.php connected to 3 external drive cages. It works via the siis driver # camcontrol devlist | egrep ada|ulti WDC WD2001FASS-00U0B0 01.00101 at scbus0 target 0 lun 0 (ada0,pass0) WDC WD2001FASS-00U0B0 01.00101 at scbus0 target 1 lun 0 (ada1,pass1) WDC WD2001FASS-00U0B0 01.00101 at scbus0 target 2 lun 0 (ada2,pass2) WDC WD2001FASS-00U0B0 01.00101 at scbus0 target 3 lun 0 (ada3,pass3) Port Multiplier 47261095 1f06at scbus0 target 15 lun 0 (pass4,pmp2) WDC WD2002FAEX-007BA0 05.01D05 at scbus2 target 0 lun 0 (ada4,pass5) WDC WD2002FAEX-007BA0 05.01D05 at scbus2 target 1 lun 0 (ada5,pass6) WDC WD2002FAEX-007BA0 05.01D05 at scbus2 target 2 lun 0 (ada6,pass7) WDC WD2002FAEX-007BA0 05.01D05 at scbus2 target 3 lun 0 (ada7,pass8) WDC WD2002FAEX-007BA0 05.01D05 at scbus2 target 4 lun 0 (ada8,pass9) Port Multiplier 37261095 1706at scbus2 target 15 lun 0 (pass10,pmp0) WDC WD2002FAEX-007BA0 05.01D05 at scbus3 target 0 lun 0 (ada9,pass11) WDC WD2002FAEX-007BA0 05.01D05 at scbus3 target 1 lun 0 (ada10,pass12) WDC WD2002FAEX-007BA0 05.01D05 at scbus3 target 2 lun 0 (ada11,pass13) WDC WD2002FAEX-007BA0 05.01D05 at scbus3 target 3 lun 0 (ada12,pass14) Port Multiplier 37261095 1706at scbus3 target 15 lun 0 (pass15,pmp1) ST31000333AS SD35at scbus6 target 0 lun 0 (ada13,pass20) ST31000528AS CC35at scbus7 target 0 lun 0 (ada14,pass21) ST31000340AS SD1Aat scbus8 target 0 lun 0 (ada15,pass22) WDC WD1002FAEX-00Z3A0 05.01D05 at scbus11 target 0 lun 0 (ada16,pass23) They are part of a zfs pool, but you could use them as individual drives. If they are not part of some raid system, you will have of course no redundancy should a disk fail, unless you have some other plan for that. For us, the pool is not usable if one of the drive cages fails, so its not the most reliable setup for high availability. But its a backup server, so temporary down time should a PM fail is acceptable. Individual disks of course can be swapped out as needed. Also, using ZFS allows us to easily add to the storage capacity for more backups or for longer snapshot retention. ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Interrupt storm and Intel DQ67SW
sectors: 16H 63S/T 16383C) ada2 at ahcich2 bus 0 scbus3 target 0 lun 0 ada2: Hitachi HDS721010CLA332 JP4OA3EA ATA-8 SATA 2.x device ada2: 300.000MB/s transfers (SATA 2.x, UDMA6, PIO 8192bytes) ada2: Command Queueing enabled ada2: 953869MB (1953525168 512 byte sectors: 16H 63S/T 16383C) ada3 at ahcich3 bus 0 scbus4 target 0 lun 0 ada3: Hitachi HDS721010CLA332 JP4OA3EA ATA-8 SATA 2.x device ada3: 300.000MB/s transfers (SATA 2.x, UDMA6, PIO 8192bytes) ada3: Command Queueing enabled ada3: 953869MB (1953525168 512 byte sectors: 16H 63S/T 16383C) da0 at twa0 bus 0 scbus0 target 0 lun 0 da0: AMCC 9650SE-2LP DISK 4.08 Fixed Direct Access SCSI-5 device da0: 100.000MB/s transfers da0: 953664MB (1953103872 512 byte sectors: 255H 63S/T 121575C) SMP: AP CPU #3 Launched! SMP: AP CPU #1 Launched! SMP: AP CPU #2 Launched! ugen0.4: vendor 0x04d9 at usbus0 ukbd0: vendor 0x04d9 product 0x1400, class 0/0, rev 1.10/1.43, addr 4 on usbus0 kbd2 at ukbd0 ums0: vendor 0x04d9 product 0x1400, class 0/0, rev 1.10/1.43, addr 4 on usbus0 ums0: 5 buttons and [XYZ] coordinates ID=1 Trying to mount root from ufs:/dev/da0s1a ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: swap space
On 2/17/2012 6:54 PM, Jim Pazarena wrote: is there a command which can show the size of the hard drive swap? % pstat -T 438/12328 files 98M/10240M swap space ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: USB 3 / eSATA support
On 2/3/2012 9:31 AM, Dean E. Weimer wrote: Would I be a lot safer spending money on an eSATA card and a eSATA doc, knowing that this would give be better performance, but would prefer to not spend any more money than I have to. I dont have much experience with usb3 devices, but the eSata cages I have used work very well on RELENG8 and 9. ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: USB 3 / eSATA support
On 2/3/2012 1:56 PM, Dean E. Weimer wrote: Does anyone have any experience using the SYBA Cards on FreeBSD? SYBA SD-SATA2-2E2I PCI SATA II: http://www.newegg.com/Product/Product.aspx?Item=N82E16816124003 I dont, but I have used the cards from Addonics http://www.addonics.com/products/adsa3gpx1-2em.php Cards based on the Sil3132 work fine using the ahci driver in conjunction with the siis driver. The cables they sell are of good quality too. They also ship to me in Canada and have been painless to deal with. For more density, I make use of http://www.addonics.com/products/adsa3gpx8-4e.php ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 9 and 3G Modems
On 1/26/2012 10:58 AM, Odhiambo Washington wrote: Hi, kldload u3g kldload umodem Done, although kldload u3g tells me that file already exists! Perhaps because I booted up with my Huawei dongle plugged in. kldstat | grep u3g shows me nothing though. Looks like its already defined in the kernel! ugen6.2: HUAWEI Mobile Huawei Technologies at usbus6, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON It sees it. then sysctl -a dev.u3g [wash@pcbsd9] /home/wash# sysctl -a dev.u3g dev.u3g.0.%desc: Huawei Technologies HUAWEI Mobile, class 0/0, rev 2.00/0.00, addr 2 dev.u3g.0.%driver: u3g dev.u3g.0.%location: bus=1 hubaddr=1 port=6 devaddr=2 interface=0 dev.u3g.0.%pnpinfo: vendor=0x12d1 product=0x1001 devclass=0x00 devsubclass=0x00 sernum= release=0x mode=host intclass=0xff intsubclass=0xff intprotocol=0xff ttyname=U0 ttyports=3 dev.u3g.0.%parent: uhub More importantly, the driver sees it and has used cuaU0.* and ls -l /dev/cuaU* [wash@pcbsd9] /home/wash# ls -l /dev/cuaU* crw-rw 1 uucp dialer0, 117 Jan 26 18:23 /dev/cuaU0.0 crw-rw 1 uucp dialer0, 118 Jan 26 18:23 /dev/cuaU0.0.init crw-rw 1 uucp dialer0, 119 Jan 26 18:23 /dev/cuaU0.0.lock crw-rw 1 uucp dialer0, 123 Jan 26 18:23 /dev/cuaU0.1 crw-rw 1 uucp dialer0, 124 Jan 26 18:23 /dev/cuaU0.1.init crw-rw 1 uucp dialer0, 125 Jan 26 18:23 /dev/cuaU0.1.lock crw-rw 1 uucp dialer0, 129 Jan 26 18:23 /dev/cuaU0.2 crw-rw 1 uucp dialer0, 130 Jan 26 18:23 /dev/cuaU0.2.init crw-rw 1 uucp dialer0, 131 Jan 26 18:23 /dev/cuaU0.2.lock This is where you need to do a bit of experimenting. Some modems register these sub ports and others do not. Some are for out of band control and one will be the device you actually use in your ppp config. The init string sort of depends on your carrier. But a basic one to try in ppp.conf is below. For the set device line, you might need to change it to /dev/cuaU0.1 or /dev/cuaU0.2 invoke with ppp -ddial u3g You might need the authname and auth key, you might not. For the context you might need to change it from internet.com to something else. Again, ask your carrier for that info. Try first without the CGDCONT line as the default in the modem might do the trick. u3g: set device /dev/cuaU0.0 set server /var/run/gprs-internet 0177 set speed 921600 set timeout 0 set authname wapuser1 set authkey wap set dial ABORT BUSY TIMEOUT 2 \ \\ \ AT OK-AT-OK \ AT+CFUN=1 OK-AT-OK \ AT+CMEE=2 OK-AT-OK \ AT+CSQ OK \ AT+CGDCONT=1,\\\IP\\\,\\\internet.com\\\ OK \ ATv OK \ ATD*99# CONNECT set crtscts on disable vjcomp disable acfcomp disable deflate disable deflate24 disable pred1 disable protocomp disable mppe disable ipv6cp disable lqr disable echo #nat enable yes enable dns resolv writable set dns 8.8.8.8 set ifaddr 10.1.0.2/0 10.1.0.1/0 255.255.255.255 0.0.0.0 add default HISADDR # See ppp.link* -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 9 and 3G Modems
On 1/26/2012 12:00 PM, Odhiambo Washington wrote: Hi Mike, I guess the internet.com http://internet.com in AT+CGDCONT=1,\\\IP\\\,\\\internet.com http://internet.com/\\\ OK \ refer to the APN? I know I need to read ppp.conf again soon :) Hi, Yes, thats the APN. Your APN seems to be safaricom. Also, get rid of the line that has atv. Thats confusing your modem. ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 9 and 3G Modems
On 1/25/2012 5:43 AM, Odhiambo Washington wrote: I have a Huawei E1820 I will also try RTFM. Hi, kldload u3g kldload umodem plug in the modem Show the output of usbconfig then sysctl -a dev.u3g and ls -l /dev/cuaU* and dmesg On some 3g sticks, you have to send a command to put them in modem mode. Typically this is done by 'ejecting the cd' camcontrol eject pass0 But the driver knows of most of the variants out there and does that automatically for you. ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 9 and 3G Modems
On 1/24/2012 10:56 AM, Odhiambo Washington wrote: I am Google-ing for a recent definitive HOWTO use my 3G modem with FreeBSD/PC-BSD and what I get seem rather old. Someone can point me to a recent document detailing the steps. I have PC-BSD 9 on my laptop. Most of them just come up as cuaU* devices, but not all. The method to use them has not really changed, so chances are what you have found via google will still work. Take a look at the relevant man pages. man u3g What type of modem do you have ? ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: about igb queue
On 12/22/2011 5:03 PM, Коньков Евгений wrote: Здравствуйте, Коньков. Вы писали 22 декабря 2011 г., 20:22:38: КЕ I have configured that I receive traffic from LAN via igb1 and it is КЕ leaving to world via igb0 КЕ but when I see processes I see that on igb0 there is 4 queues but on КЕ igb1 it is only one. Do I must tune something or all is right here? vmstat -i shows interrupts assigned to the nic. Whats the netgraph stuff doing ? Perhaps provide more details about what the box is doing and do you have any modules loaded. Do you have any tunables set in /etc/sysctl.conf or in /boot/loader.conf ? ---Mike КЕ top -SIHP КЕPID USERNAME PRI NICE SIZERES STATE C TIME WCPU COMMAND КЕ11 root 155 ki31 0K32K RUN 1 287:27 70.21% idle{idle: cpu1} КЕ11 root 155 ki31 0K32K RUN 3 292:42 67.77% idle{idle: cpu3} КЕ11 root 155 ki31 0K32K CPU22 286:38 65.97% idle{idle: cpu2} КЕ11 root 155 ki31 0K32K RUN 0 282:58 57.13% idle{idle: cpu0} КЕ12 root -92- 0K 248K WAIT1 7:01 5.32% intr{irq257: igb0:que} КЕ12 root -92- 0K 248K WAIT0 9:35 5.03% intr{irq256: igb0:que} КЕ12 root -92- 0K 248K WAIT2 8:14 4.25% intr{irq258: igb0:que} КЕ12 root -92- 0K 248K WAIT3 9:48 3.71% intr{irq259: igb0:que} КЕ13 root -16- 0K32K sleep 2 6:42 3.08% ng_queue{ng_queue3} КЕ13 root -16- 0K32K sleep 3 6:42 2.98% ng_queue{ng_queue1} КЕ13 root -16- 0K32K sleep 0 6:42 2.93% ng_queue{ng_queue2} КЕ13 root -16- 0K32K sleep 2 6:43 2.69% ng_queue{ng_queue0} КЕ 7371 root210 15388K 5496K select 2 5:04 0.73% snmpd КЕ12 root -92- 0K 248K WAIT0 1:52 0.63% intr{irq261: igb1:que} getting information about interrupts shows that there is not interrupts from igb1 char igb_driver_version[] = version - 2.2.5; 2 usersLoad 0.50 0.53 0.50 Dec 22 23:59 Mem:KBREALVIRTUAL VN PAGER SWAP PAGER Tot Share TotShareFree in out in out Act 332272 13268 206228830088 122004 count All 494672 19520 433359290716 pages Proc:Interrupts r p d s w Csw Trp Sys Int Sof Flt117 cow 31201 total 1 172 72k 889 4135 14k 4041 660296 zfodata0 14 10 ozfod 5 ata1 15 3.9%Sys 5.0%Intr 0.4%User 0.0%Nice 90.7%Idle 3%ozfod 2 ehci0 16 ||||||||||| daefr 2 ehci1 23 ==++ 378 prcfr 4126 cpu0:timer 33 dtbuf 450 totfr 2920 igb0:que 0 Namei Name-cache Dir-cache110737 desvn react 2680 igb0:que 1 Callshits %hits % 37963 numvn pdwak 2187 igb0:que 2 45044492 100 27657 frevn pdpgs 2550 igb0:que 3 intrn igb0:link Disks ada0 da0 pass0 pass1 270288 wire 4355 igb1:que 0 KB/t 30.96 0.00 0.00 0.00 316488 act 3 igb1:que 1 tps 5 0 0 0 1264188 inact 1 igb1:que 2 MB/s 0.16 0.00 0.00 0.00 95204 cache 2 igb1:que 3 %busy 0 0 0 0 26800 free igb1:link 114912 re0 266 4127 cpu1:timer 4116 cpu3:timer 4125 cpu2:timer -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: strange behavior of restore(8)
On 10/24/2011 10:14 AM, Victor Sudakov wrote: Warren Block wrote: Lo and behold! On an amd64 system with 8GB RAM and 2 2.66GHz Xeon CPUs, restore -rNf home.dmp has successfully completed after 3 hours 15 minutes. What are the specs for the system that wrote the dumpfile originally 8.2-RELEASE-p3 amd64, 8GB RAM and 2xXeon 2.66GHz and the system that couldn't restore it? FreeBSD 6.4-RELEASE-p10 i386, 256M RAM, Pentium II 350.80MHz (yes, it's pretty old). ufs1 vs ufs2 ? Also if there are a lot of files, restore needs quite a bit of RAM. ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Where to post articles on FBSD
What about http://bsdmag.org/ ? ---Mike On 10/18/2011 10:55 AM, Alejandro Imass wrote: Hi, I have been using FBSD with EzJail and a lot of Perl stuff like developing and maintaining Catalyst jails and flavours, and hos to create a jail based on a previous Catalyst jail and such, (taking advantage of bsdpan) etc. etc. I'd like to publish some articles on this because I think that many administrators simply ignore the power of FBSD and the jails system especially with things like EzJail where I found that the info was scattered, incomplete or outdated. Where would be the place to publish these articles? FBSD Diary? Thanks, -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Installing FreeBSD 9 on an AMD 64 with 16 GB of memory
On 9/25/2011 5:16 AM, Jukka A. Ukkonen wrote: Booting proceeded as expected to the point when CD loader 1.2 was found and the little rotor started running in the beginning of the line. From that moment on there was absolutely no progress. Any hints and pointers about what to try next would be welcome. I had seen the same symptoms in the past on some motherboards with USB LEGACY Support enabled in the BIOS. Try and disable that and boot up from the CD. You might also have to disable something or another handoff as well that typically is set near the USB Legacy support option. ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPsec phase 1 and 2 negotiation in an infinite loop.
On 9/5/2011 11:58 PM, Mikhail Goriachev wrote: (p: #1 protoid=isakmp transform=1 (t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=3des)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024 (vid: len=16 afcad71372a1f1c96b8696fc99570100) 03:17:31.637424 IP (tos 0x0, ttl 50, id 0, offset 0, flags [DF], proto UDP (17), length 108) w.x.y.z.500 a.b.c.d.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 1 R ident: (sa: doi=ipsec situation=identity (p: #1 protoid=isakmp transform=1 (t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=3des)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024 OK, both sides are 3des, psk and sha1 dhgroup 1. Thats good. Note: a.b.c.d is my end. w.x.y.z is the other end. vid:, ke: and nonce: are scrambled. flag=0x8000, lorv=AES-CBC Sep 5 20:40:27 vpnmach racoon: DEBUG: encryption(aes) Sep 5 20:40:27 vpnmach racoon: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5 Sep 5 20:40:27 vpnmach racoon: DEBUG: hash(md5) Sep 5 20:40:27 vpnmach racoon: DEBUG: type=Authentication Method, ... yet, you have AES and md5 ?? where are those coming from ? Do you have an extra config for the remote somewhere in your files perhaps that is matching ? ---Mike remote w.x.y.z { exchange_mode main; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group modp1024; } } -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPsec phase 1 and 2 negotiation in an infinite loop.
On 9/5/2011 8:06 PM, Mikhail Goriachev wrote: Hi, Can anyone please comment/shed some light/give hints on the following?: I've got a VPN cranking between 8.2-RELEASE-p2 (my end) and an unknown appliance (the other party doesn't want to disclose specs). Everything works just fine and I had a stable and fully established connection for 4 months without a problem. However, today the tunnel went down. I'm using FreeBSD's IPsec and ipsec-tools-0.8.0_2 (racoon). Everything's up to date. The thing is, according to tcpdump, it seems that both machines are trying to get beyond phases 1 and 2 in an infinite loop: 00:00:04.024146 00:11:22:33:44:55 55:44:33:22:11:00, ethertype IPv4 (0x0800), length 378: 1.2.3.4.5.500 5.4.3.2.1.500: isakmp: phase 1 I ident 00:00:01.800582 55:44:33:22:11:00 00:11:22:33:44:55, ethertype IPv4 (0x0800), length 126: 5.4.3.2.1.500 1.2.3.4.5.500: isakmp: phase 1 R ident Configuration files and logs are available on request. post a dozen lines of tcpdump -s0 - -ni external int port 500 As well as the racoon logs and config as well as setkey -DP ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: random generated password
On 8/30/2011 2:16 PM, Michael wrote: Hello, When adding a new user it is possible to assign a random generated password. But is it possible to assign a random password for already existing users? 0(ich10)# pw useradd testuser1 -w random Password for 'testuser1' is: oFPw9BPe 0(ich10)# Preferably in a non-interactive and scriptable way. Is it possible with the base system tools? 0(ich10)# pw usermod testuser1 -w random Password for 'testuser1' is: km.y0LScI3p1 0(ich10)# pw usermod testuser1 -w random Password for 'testuser1' is: P5RrhmUl4Np2 0(ich10)# ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Racoon to Cisco ASA 5505
On 8/29/2011 7:34 AM, jh...@socket.net wrote: Thank you for all your help!! IT WORKS!!! Great! One final question. If I want to clean up my racoon configuration file, instead of using sainfo anonymous can the following be used instead? sainfo address 10.129.0.0/16 any address 192.168.100.0/22 any Not sure. You have the 10 networks as bunch of /24s. It might work. You would need to experiment. ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: System hanging, error messages with USB drive on FreeBSD 8.1
On 8/28/2011 11:20 AM, Brett Glass wrote: At 11:43 PM 8/27/2011, Polytropon wrote: I'm not sure if this will help you, but I also had similar problems with a Kingston USB stick (normal storage stick, no removable microSD card). It didn't work on any of my FreeBSD systems. So I finally returned it to the shop and got a Sony USB stick instead - no problems, works fine. So this is my assumption: Some hardware vendors maybe improperly implement the USB protocol in their devices, A Web search reveals that there are dozens which apparently have problems with FreeBSD, while Windows has problems with none of them. This leads me to believe that the problem is in FreeBSD, not the hardware. The vendors most probably write their own drivers for windows. They do not for FreeBSD and its best effort for FreeBSD. I have yet to come across a USB umass device that needs a quirks setting to make it work. But I am sure there are many out there as there are dozens of different vendors/OEMs out there of all sorts of quality. Having to deal with the edge cases using a single command is perfectly acceptable to me. If setting a quirks value for FreeBSD is not workable for you, perhaps Windows is a better choice for your use. ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Racoon to Cisco ASA 5505
On 8/26/2011 1:42 PM, jh...@socket.net wrote: I am seeing a couple of things that are concerning me. First, I am not seeing any traffic over the gif interface, except return traffic. For example if I ping from one of my sites (e.g. 10.129.30.0/24), I do not see any traffic on the gif interface. IP-IP interface ? (GIF). If you are using that, then you will need very different policies on both sides. You should mention these little details when posting your configs. Can you please post your FULL configuration / topology. Otherwise, its kind of impossible to know what the issue might be ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Racoon to Cisco ASA 5505
On 8/26/2011 2:40 PM, jh...@socket.net wrote: IP-IP interface ? (GIF). If you are using that, then you will need very different policies on both sides. You should mention these little details when posting your configs. Can you please post your FULL configuration / topology. Otherwise, its kind of impossible to know what the issue might be ---Mike Connecting 10.129.0.0/16 to 192.168.100.0/22. Their router is 192.168.100.1, and my BSD box is 10.129.10.40. What does their policy look like ? Are they really setting up an IP-IP tunnel on their side too ? Or just a regular ESP IPSEC tunnel. If they are not setting up an IP-IP tunnel, than get rid of the gif interface. -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: What USB dialup modem WILL work with 8.2?
On 8/26/2011 3:21 PM, Erik Trulsson wrote: So I am asking again: does anyone have a dialup modem of any kind which works correctly on 8.x to provide ppp-on-demand? If so what is it? (As for promises about what *will* 100% guaranteed work, which seems to be what you really want, I am afraid I can't give any. It has been several years since I last used a dialup modem, so I don't know for sure what *will* work with todays software, only what should work.) Works for me once umodem is loaded as a kld... # usbconfig show_ifdrv ugen0.1: OHCI root HUB AMD at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE ugen0.1.0: uhub0: AMD OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1 ugen1.1: EHCI root HUB AMD at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE ugen1.1.0: uhub1: AMD EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1 ugen1.2: USB Modem U.S.Robotics at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON ugen1.2.0: umodem0: AltIf0 ugen1.2: USB Modem U.S.Robotics at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON bLength = 0x0012 bDescriptorType = 0x0001 bcdUSB = 0x0200 bDeviceClass = 0x0002 bDeviceSubClass = 0x bDeviceProtocol = 0x bMaxPacketSize0 = 0x0040 idVendor = 0x0baf idProduct = 0x0303 bcdDevice = 0x0200 iManufacturer = 0x0001 U.S.Robotics iProduct = 0x0002 USB Modem iSerialNumber = 0x000a 002 bNumConfigurations = 0x0001 # sysctl -a dev.umodem dev.umodem.0.%desc: AltIf0 dev.umodem.0.%driver: umodem dev.umodem.0.%location: bus=1 hubaddr=2 port=1 devaddr=2 interface=0 dev.umodem.0.%pnpinfo: vendor=0x0baf product=0x0303 devclass=0x02 devsubclass=0x00 sernum=002 release=0x0200 mode=host intclass=0x02 intsubclass=0x02 intprotocol=0x01 ttyname=U0 ttyports=1 dev.umodem.0.%parent: uhub1 # cu -l /dev/cuaU0 Connected ati 5601 OK ati2 OK ati3 U.S. Robotics 56K FAX USB V1.1.0 OK Also just tried this modem below which I am surprised works! http://www.ncix.com/products/?sku=60062vpn=TFM-561Umanufacture=TRENDnet # usbconfig show_ifdrv ugen0.1: OHCI root HUB AMD at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE ugen0.1.0: uhub0: AMD OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1 ugen1.1: EHCI root HUB AMD at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE ugen1.1.0: uhub1: AMD EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1 ugen0.2: USB Modem Conexant at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=ON ugen0.2.0: umodem0: Conexant USB Modem, class 2/0, rev 1.10/1.00, addr 2 ugen0.2: USB Modem Conexant at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=ON bLength = 0x0012 bDescriptorType = 0x0001 bcdUSB = 0x0110 bDeviceClass = 0x0002 bDeviceSubClass = 0x bDeviceProtocol = 0x bMaxPacketSize0 = 0x0040 idVendor = 0x0572 idProduct = 0x1329 bcdDevice = 0x0100 iManufacturer = 0x0001 Conexant iProduct = 0x0002 USB Modem iSerialNumber = 0x0003 24680246 bNumConfigurations = 0x0002 # cu -l /dev/cuaU0 Connected ati 56000 OK ati2 OK ati3 CX93001-EIS_V0.2002-V92 OK # sysctl -a dev.umodem dev.umodem.0.%desc: Conexant USB Modem, class 2/0, rev 1.10/1.00, addr 2 dev.umodem.0.%driver: umodem dev.umodem.0.%location: bus=1 hubaddr=1 port=0 devaddr=2 interface=0 dev.umodem.0.%pnpinfo: vendor=0x0572 product=0x1329 devclass=0x02 devsubclass=0x00 sernum=24680246 release=0x0100 mode=host intclass=0x02 intsubclass=0x02 intprotocol=0x01 ttyname=U0 ttyports=1 dev.umodem.0.%parent: uhub0 ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Racoon to Cisco ASA 5505
On 8/26/2011 5:09 PM, jh...@socket.net wrote: Yes, post that to the list. I am not sure if this is the entire configuration or not, but this is what they have posted. crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto map rackmap 201 match address 201 crypto map rackmap 201 set peer Jefferson_City crypto map rackmap 201 set transform-set ESP-3DES-SHA crypto map rackmap interface outside crypto isakmp identity address crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 access-list 201 line 1 extended permit ip 192.168.100.0 255.255.252.0 10.129.10.0 255.255.255.0 access-list 201 line 2 extended permit ip 192.168.100.0 255.255.252.0 10.129.20.0 255.255.255.0 access-list 201 line 3 extended permit ip 192.168.100.0 255.255.252.0 10.129.30.0 255.255.255.0 access-list 201 line 4 extended permit ip 192.168.100.0 255.255.252.0 10.129.50.0 255.255.255.0 access-list 201 line 5 extended permit ip 192.168.100.0 255.255.252.0 10.129.60.0 255.255.255.0 access-list 201 line 6 extended permit ip 192.168.100.0 255.255.252.0 10.129.70.0 255.255.255.0 access-list 201 line 7 extended permit ip 192.168.100.0 255.255.252.0 10.129.80.0 255.255.255.0 Get rid of the gif interface as its not needed and make sure you match their policy's. And of course 1.1.1.1 is your actual public IP. setkey -F setkey -FP setkey -f /etc/ipsec.conf where ipsec.conf has the info below spdadd 10.129.10.0/24 192.168.100.0/22 any -P out ipsec esp/tunnel/1.1.1.1-184.106.120.244/unique; spdadd 192.168.100.0/22 10.129.10.0/24 any -P in ipsec esp/tunnel/184.106.120.244-1.1.1.1/unique; spdadd 10.129.20.0/24 192.168.100.0/22 any -P out ipsec esp/tunnel/1.1.1.1-184.106.120.244/unique; spdadd 192.168.100.0/22 10.129.20.0/24 any -P in ipsec esp/tunnel/184.106.120.244-1.1.1.1/unique; spdadd 10.129.30.0/24 192.168.100.0/22 any -P out ipsec esp/tunnel/1.1.1.1-184.106.120.244/unique; spdadd 192.168.100.0/22 10.129.30.0/24 any -P in ipsec esp/tunnel/184.106.120.244-1.1.1.1/unique; spdadd 10.129.40.0/24 192.168.100.0/22 any -P out ipsec esp/tunnel/1.1.1.1-184.106.120.244/unique; spdadd 192.168.100.0/22 10.129.40.0/24 any -P in ipsec esp/tunnel/184.106.120.244-1.1.1.1/unique; spdadd 10.129.50.0/24 192.168.100.0/22 any -P out ipsec esp/tunnel/1.1.1.1-184.106.120.244/unique; spdadd 192.168.100.0/22 10.129.50.0/24 any -P in ipsec esp/tunnel/184.106.120.244-1.1.1.1/unique; again, startup racoon with -d start tcpdumping the outside interface with the flags -s0 -vvv host 184.106.120.244 From inside your network, go to a machine that has an IP within the private range. e.g. 10.129.10.1 and ping the other side ping -S 10.129.10.1 192.160.100.1 ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Racoon to Cisco ASA 5505
On 8/25/2011 11:52 AM, jh...@socket.net wrote: I find wireshark helpful in these cases as it nicely decodes what options are being set. Your racoon conf is set to obey. Its possible they are proposing something different to you that you accept, where as what you are proposing might not be acceptable My vendor came back to me today and stated they found a configuration error on their end. Their most recent message states the traffic I am sending to them through the IPSec tunnel is not encrypted. What does your actual policy look like ? Is this the only ipsec config on your box ? If so, lets say your public IP is 1.1.1.1 and their ip is 184.106.120.244 try adding this to /etc/ipsec.conf spdadd 10.129.30.0/24 192.168.100.0/22 any -P out ipsec esp/tunnel/1.1.1.1-184.106.120.244/unique; spdadd 192.168.100.0/22 10.129.30.0/24 any -P in ipsec esp/tunnel/184.106.120.244-1.1.1.1/unique; do a setkey -F setkey -FP setkey -f /etc/ipsec.conf This is saying that you will create an ipsec policy between 2 networks. Your side behind 1.1.1.1 and their side behind 184.106.120.244. The policy states that packets with a source address of 10.129.30.0/24 destined to 192.168.100.0/22 will be encapsulated in an ipsec tunnel. Similarly, everything going the other direction - 192.168.100.0/22 going to 10.129.30.0/24... And *only* those packets. If you have a packet with a source address of 10.0.0.1 destined to 192.168.100.0/22, it will not be passed through the tunnel. Following is what they sent me from the ASA. Crypto map tag: rackmap, seq num: 201, local addr: 184.106.120.244 access-list 201 extended permit ip 192.168.100.0 255.255.252.0 10.129.30.0 255.255.255.0 local ident (addr/mask/prot/port): (192.168.100.0/255.255.252.0/0/0) remote ident (addr/mask/prot/port): (10.129.30.0/255.255.255.0/0/0) current_peer: Jefferson_City You then need to make sure your key exchange settings agree. Ask them for that portion of the ASA's config. You are proposing exchange_mode main,base,aggressive; You are known to them by IP (my_identifier address) You should probably add peers_identifier address; and then make sure in your psk.txt file you have something like 184.106.120.244 the-secret-psk-you-agreed-on Also, make sure their side is expecting 3des and hmac is sha1 or md5 as you posted in your original config. On your public wan interface, do a tcpdump of the remote IP. e.g. if its em0, do tcpdump -ni em0 -s0 -w /tmp/186.pcap host 184.106.120.244 startup racoon with the debug flag and from your network, try and ping an IP in their private network from your private network e.g. ping -S 10.129.30.1 192.168.100.1 When testing ipsec, get in the habbit of ALWAYS specifying the source IP so that you know the packet you are generating falls within the policy you have specified. If things dont work, look at the racoon logs for clues as well as look at the pcap afterwards with - tcpdump - -nr /tmp/186.pcap port 500 if it worked and you get a ping response, look at the full traffic to make sure its ESP and that the contents are indeed encrypted. ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: What dialup modem WILL work with 8.x and uart?
On 8/21/2011 12:34 PM, Lars Eighner wrote: Since uart in 8.x will not support my PCI 3com hardware modem (as FreeBSD sio has since 4.x) and my PR is gathering dust, before I buy any more coaster sets from osdisc.com, it behooves to ask if there are any dialup modems that 8.x uart actually supports for ppp on demand? A number of people have asked a number of times for you to provide details as to what exactly does not work given that a number of people use the same 3com modem you claim is totally broken. http://lists.freebsd.org/pipermail/freebsd-stable/2011-May/062731.html I have the following modem is a few dozen locations that works just fine on RELENG_7 and RELENG_8 using uart. uart2@pci0:0:14:0: class=0x070002 card=0x00d312b9 chip=0x100812b9 rev=0x01 hdr=0x00 vendor = '3COM Corp, Modem Division (Formerly US Robotics)' device = 'USR5610B (0005610-02) 56K Performance Pro Modem (PCI Internal) (USR5610B)' class = simple comms subclass = UART bar [10] = type I/O Port, range 32, base 0xe500, size 8, enabled cap 01[dc] = powerspec 2 supports D0 D2 D3 current D0 # cu -l /dev/cuau2 Connected ati3 U.S. Robotics 56K FAX INT V5.22.91 OK ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Racoon to Cisco ASA 5505
On 8/23/2011 7:22 PM, jh...@socket.net wrote: I have run into a weird situation, and I do not know if the problem lies on my side of the connection or my vendors. The tunnel comes up only after the vendor sends traffic to me. My side of the tunnel shows up and using tcpdump, I see packets flowing out the correct interface, to the correct IP address, but nothing is returned until the device(s) behind the vendor's ASA attempt to send traffic to me. Attached is the relevant output from setkey -DP 10.129.10.0/24[any] 192.168.100.0/22[any] any out ipsec esp/tunnel/1.1.1.1-2.2.2.2/use spid=357 seq=7 pid=12885 refcnt=1 10.129.80.0/24[any] 192.168.100.0/22[any] any out ipsec esp/tunnel/1.1.1.1-2.2.2.2/use spid=359 seq=6 pid=12885 refcnt=1 I am using anonymous because, if I am reading the logs right, that is being requested. I am using a PF firewall with pass in quick and pass out quick rules. This is just for testing and will be tightened later. What additional information is needed? pfctl -d and then try just to totally rule out pf. Also, which pf its helpful to always log everything, including pass as it helps in to narrow down issues. If its still not working, show the output of the tunnel coming up when the other side initiates the tunnel and then show the tcdump of when you try and initiate it. tcpdump -s0 -vvv -ni interface port 500 I find wireshark helpful in these cases as it nicely decodes what options are being set. Your racoon conf is set to obey. Its possible they are proposing something different to you that you accept, where as what you are proposing might not be acceptable ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: My server is under attack (I think)
On 8/19/2011 11:01 AM, Mark Moellering wrote: I keep seeing a flood of messages when I run dmesg -a that look like this: mail sshd[1831]: warning: /etc/hosts.allow, line 2: can't verify hostname: getaddrinfo(ip223.hichina.com, AF_INET) failed Is there anything I should be doing to make sure the server isn't First, look at line 2 of /etc/hosts.allow. Its probably an issue of the scanning IP having a PTR record mismatch. ie. some IP has a PTR record of ip223.hichina.com, but no corresponding A record. When the attacker/scanner hits port 22 of your box, tcpwrappers (as set in /etc/hosts.allow) tries to confirm the PTR record matches the A record, but there is a mismatch, and hence the log message. Take a look at /var/log/auth.log for more info. Its generally a good idea to block all network access as a first rule, and then add specific rules to let people in to just what is needed. So if you only manage the box via ssh from a range of hosts, block all access to ssh and allow it just from those trusted locations. ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sio won't compile in 8.2
On 7/22/2011 1:06 PM, Chuck Swiger wrote: On Jul 22, 2011, at 9:45 AM, Lars Eighner wrote: Since there does not appear to be any likelihood that uart will be fixed, I figure I will be stuck in 7.4 forever. But what does that mean in the not too distant future when 7.4 is no longer supported? Is there some way to prepare for that eventuality? Sure-- you could provide fixes for uart yourself, or adequately detailed bug reports so that whatever the problem is which you see could be worked on by other people. I thought this was deja vu all over again. Same issue as in http://lists.freebsd.org/pipermail/freebsd-stable/2011-May/062731.html I am guessing. ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: em0 NIC slow on 8.2-p1 amd64?
On 7/22/2011 1:50 PM, Eduardo Morras wrote: At 17:12 21/07/2011, Michael W. Lucas wrote: On Thu, Jul 21, 2011 at 05:01:57PM +0200, Eduardo Morras wrote: Have you tried other protocols? Http, rsync... It maybe a problem at client side, some ftp clients can set a maximun ftp transfer, like filezilla, winscp, FTP and NFSv3 both have similar results. ==ml Perhaps you have reached the maximum disk speed. Sorry not more ideas, but it doesn't look like a nic problem. Put the file in cache before sending it. If it's faster the problem is a bottleneck on hard disk or sata/ata/usb bus. What if you do a fetch -o /dev/null {http|ftp}://remotesite/file and see what speeds you get. That would get rid of the disk as an io issue ---Mike HTH ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: em0 NIC slow on 8.2-p1 amd64?
On 7/22/2011 3:08 PM, Michael W. Lucas wrote: Basically the same. I don't think it's disk. Are you able to saturate the ethernet ? Try something like /usr/src/tools/tools/netrate/netblast/netblast on the local ethernet and see if you can generate and receive a full gigabit on the wire ---Mike There's kern/152828 claiming a performance regression with em under 8.2, but I'm not sure if that is applicable to my system. I'd upgrade the kernel to test, but I'm not brave enough to downgrade the kernel to 8.0 for comparison. (I've never had good luck running an old kernel on a new userland.) ==ml -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: em0 NIC slow on 8.2-p1 amd64?
On 7/22/2011 3:08 PM, Michael W. Lucas wrote: Basically the same. I don't think it's disk. Are you able to saturate the ethernet ? Try something like /usr/src/tools/tools/netrate/netblast/netblast on the local ethernet and see if you can generate and receive a full gigabit on the wire # ./netblast 10.11.11.243 500 250 10 start: 1311363559.619619931 finish:1311363569.619418229 send calls:5210086 send errors: 1249890 approx send rate: 396019 approx error rate: 0 ./netblast 10.11.11.241 500 300 10 start: 1311346264.584043978 finish:1311346274.583848423 send calls:7417664 send errors: 4214676 approx send rate: 320298 approx error rate: 0 When the sender if an igb nic, I am able to push out 955Mb to the em0 nic acting as a sink. The other way around, 855Mb The em nic is em1@pci0:5:0:0: class=0x02 card=0x34ec8086 chip=0x10d38086 rev=0x00 hdr=0x00 vendor = 'Intel Corporation' device = 'Intel 82574L Gigabit Ethernet Controller (82574L)' class = network subclass = ethernet bar [10] = type Memory, range 32, base 0xb250, size 131072, enabled bar [18] = type I/O Port, range 32, base 0x1000, size 32, enabled bar [1c] = type Memory, range 32, base 0xb252, size 16384, enabled cap 01[c8] = powerspec 2 supports D0 D3 current D0 cap 05[d0] = MSI supports 1 message, 64 bit cap 10[e0] = PCI-Express 1 endpoint max data 128(256) link x1(x1) cap 11[a0] = MSI-X supports 5 messages in map 0x1c enabled ecap 0001[100] = AER 1 0 fatal 0 non-fatal 1 corrected ecap 0003[140] = Serial 1 001517ed36e4 em1: Intel(R) PRO/1000 Network Connection 7.2.3 port 0x1000-0x101f mem 0xb250-0xb251,0xb252-0xb2523fff irq 16 at device 0.0 on pci5 em1: Using MSIX interrupts with 3 vectors em1: [ITHREAD] em1: [ITHREAD] em1: [ITHREAD] em1: Ethernet address: 00:15:17:ed:36:e4 ifstat -b shows # ifstat -b -i igb0 igb0 Kbps in Kbps out 0.00 0.00 0.00 0.00 578794.0 0.00 855298.0 0.00 855365.9 0.00 855316.6 0.00 855335.2 0.00 855346.5 0.00 855358.6 0.00 855368.7 0.00 855356.6 0.00 727163.6 0.00 0.00 0.00 thats the em equipped machine generating the traffic ---Mike There's kern/152828 claiming a performance regression with em under 8.2, but I'm not sure if that is applicable to my system. I'd upgrade the kernel to test, but I'm not brave enough to downgrade the kernel to 8.0 for comparison. (I've never had good luck running an old kernel on a new userland.) ==ml -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: em0 NIC slow on 8.2-p1 amd64?
On 7/22/2011 4:10 PM, Michael W. Lucas wrote: 3.65 419155.4 Thats 400Mb/s no ? Whats the CPU in this thing ? Also your NIC version was 7.1.9. RELENG_8 has 7.2.3. Can you try that version if possible ? So no, I'm not saturating this network. Not even close. I have a machine with a 100Mbs vr0 that can spit out twice that much. How could FastE nics do 800Mb/s ? ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: em0 NIC slow on 8.2-p1 amd64?
On 7/20/2011 12:04 PM, Michael W. Lucas wrote: Hi, I'm running FreeNAS 8.0/amd64, with an 8.2-p1 kernel. When using FTP or SCP, performance maxes out around 30MB/s. This is on a gigabit network, no errors showing. what does sysctl -a dev.em show ? What kind of switch is the box plugged into ? Can you show the output of the switch interface showing how its connected e.g. flow control, duplex, interface counters etc. ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is there a
On 7/4/2011 2:07 PM, Bill Varney wrote: Repository of supported devices within FreeBSD? For whats in the tree itself, take a look at the tree http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/ There are also a few drivers in the ports tree (/usr/ports). There are some vendors who distribute the odd driver from their website, but those tend to be few and far between. The source code and the ports are your best bet to look through. Some drivers support many vendor devices under one driver (e.g. Intel's em supports a wide variety of nics). If you are interested in seeing specifically what is supported, install a copy of FreeBSD along with the source and grep through for specific device IDs you are looking for. ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Going STABLE in 64bit
On 6/16/2011 11:49 AM, Andy Wodfer wrote: Hi, I'm running 8.2 REL. Are there any specific things to be aware of when compiling kernel and making world in 64bit? Required kernel modules etc? I sometimes forget that the kernel config is in cd /usr/src/sys/amd64/conf/ and not cd /usr/src/sys/i386/conf/ ... so I will be editing the wrong kernel config file, rebuilding, and not understanding why the changes are not reflected in my kernel as loaded. But other than that and a little longer build times, all is pretty much the same Just to be clear, you have an existing 64bit 8.2 system you are just updating to stable right ? ---Mike I've only done this in 32bit. Thanks! Andreas --- Mvh/Rgds, Andreas Wideroe andr...@wideroe.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how do i fsck my server?
On 6/15/2011 3:50 PM, Gary Kline wrote: is there any way of scripting fsck *every* time i reboot this box? i just want to make abs certain that the filesystems are clean. ---didn't fscking used to be easier? Just override the defaults in /etc/rc.conf fsck_y_enable=YES and if you are paranoid, background_fsck=NO 0(cage)# grep -i fsck /etc/defaults/rc.conf fsck_y_enable=NO # Set to YES to do fsck -y if the initial preen fails. fsck_y_flags= # Additional flags for fsck -y background_fsck=YES # Attempt to run fsck in the background where possible. background_fsck_delay=60 # Time to wait (seconds) before starting the fsck. 0(cage)# ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Modifying Sendmail's Configuration the Correct way.
On 4/20/2011 2:47 PM, Martin McCormick wrote: dnl Dialup users should uncomment and define this appropriately dnl define(`SMART_HOST', `your.isp.mail.server') define(`SMART_HOST', `mailserver.okstate.edu') I usually do make make install make stop make start after the first make, you should be able to diff the created .cf file and the actuall sendmail.cf file. It doesnt actually install it, it just creates a temp copy. 0(cage)# make /usr/bin/m4 -D_CF_DIR_=/usr/share/sendmail/cf/ /usr/share/sendmail/cf/m4/cf.m4 cage.simianscience.com.mc cage.simianscience.com.cf 0(cage)# diff -u sendmail.cf cage.simianscience.com.cf --- sendmail.cf 2011-04-20 15:32:46.0 -0400 +++ cage.simianscience.com.cf 2011-04-20 15:32:52.0 -0400 @@ -76,6 +76,7 @@ + # $Id: proto.m4,v 8.741 2009/12/11 00:04:53 ca Exp $ # # level 10 config file format @@ -110,7 +111,7 @@ CP. # Smart relay host (may be null) -DS +DSsmarthost2.sentex.ca # operators that cannot be in local usernames (i.e., network indicators) 1(cage)# Then a full stop and start after the install should get you what you want. ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Ethernet cards Intel PRO/1000 QP (82571EB) and Intel PRO/1000 QP (82575GB)
On 3/3/2011 9:27 AM, Patrick Lamaiziere wrote: Hello, I've got two ethernet cards Intel PRO/1000 QP (82571EB) and Intel PRO/1000 QP (82575GB) in one router/firewall. I use OpenBSD 4.8 on this box. That works fine, but I see some input Ierr on the interfaces (using netstat), even when the load is not very high. $ netstat -I em2 -w2 (bandwith = 150 Mbits) em2 in packets errs 43263 0 4345817 39056 0 46648 124 44783 630 42571 0 45338 0 4093233 4371384 40193 193 40491 0 I would like to know if under FreeBSD, you see this kind of Ierr? what does sysctl -a dev.em show for the two cards and what version of FreeBSD are you using ? ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Ethernet cards Intel PRO/1000 QP (82571EB) and Intel PRO/1000 QP (82575GB)
On 3/3/2011 9:38 AM, Mike Tancsa wrote: On 3/3/2011 9:27 AM, Patrick Lamaiziere wrote: Hello, I've got two ethernet cards Intel PRO/1000 QP (82571EB) and Intel PRO/1000 QP (82575GB) in one router/firewall. I use OpenBSD 4.8 on this box. That works fine, but I see some input Ierr on the interfaces (using netstat), even when the load is not very high. $ netstat -I em2 -w2 (bandwith = 150 Mbits) em2 in packets errs 43263 0 4345817 39056 0 46648 124 44783 630 42571 0 45338 0 4093233 4371384 40193 193 40491 0 I would like to know if under FreeBSD, you see this kind of Ierr? what does sysctl -a dev.em On my RELENG_8 box anywhere from 150-200Mb. Its an i7 920 with HT disabled. I get the odd error when traffic might burst to ~300Mb, or if its a high pps DDoS netstat -I em3 -w2 -b input (em3) output packets errs idrops bytespackets errs bytes colls 56679 0 0 47939889 24152 09241389 0 54177 0 0 46428216 21228 07658356 0 56423 0 0 47128429 21150 07504242 0 56355 0 0 48825932 21268 07375570 0 51313 0 0 41167876 21769 07745953 0 50287 0 0 40457080 20546 07636296 0 53996 0 0 44835477 22446 08195803 0 56622 0 0 47612493 22716 09101322 0 55103 0 0 43807429 23357 09618771 0 51373 0 0 40845281 21921 07621992 0 51047 0 0 39974391 21696 08036735 0 54348 0 0 43621771 21423 08145924 0 57291 0 0 47342937 22954 07952060 0 53454 0 0 43216991 21437 08131857 0 53968 0 0 43914442 21597 08433904 0 55069 0 0 46510336 22778 07717062 0 53664 0 0 43481854 24254 09693232 0 57467 0 0 45683446 25757 09747942 0 54721 0 0 43217577 23125 09481772 0 62349 0 0 52526624 23861 09862234 0 em3@pci0:3:0:1: class=0x02 card=0x115e8086 chip=0x105e8086 rev=0x06 hdr=0x00 -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: android
On 2/14/2011 8:00 PM, ajtiM wrote: Hi! I bought HTC Inspire 4G phone and I lie to upload some mp3 files. When I connected a phoe to the USB port I got: da4 at umass-sim1 bus 1 scbus3 target 0 lun 0 da4: HTC Android Phone 0100 Removable Direct Access SCSI-2 device da4: 4 MB/s transfers How can I mount it, please? Try, ls -l /dev/da4* You will probably see /dev/da4s1 which is most likely msdos. If so, try mount_msdosfs /dev/da4s1 /mnt ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help with nanobsd.sh??
On 1/8/2011 7:27 PM, Robert Boyer wrote: I am trying nanobsd for the first time under 8.1 and have two fairly basic questions before I go about solving a few issues in my usual brute-force and wrong way. 1)Using a box stock system with a fresh install and the default nanobsd.sh with default configuration everything looks like it builds fine right up until 02:11:50 ## build diskimage 02:11:50 ### log: /usr/obj/nanobsd.full//_.di /usr/obj/nanobsd.full/_.mnt: write failed, filesystem is full Hi, I usually create a .conf file to override some of the defaults, including making a larger media size to match my CF as well as larger image size. eg. some of the options I have in base.conf BOOT_COMCONSOLE_SPEED=115200 BOOT_PXELDR_ALWAYS_SERIAL=1 NANO_DATASIZE=80960 NANO_PMAKE=make -j 5 NANO_KERNEL=nano5501 NANO_MEDIASIZE=180 NANO_NAME=alix NANO_SRC=/usr/src NANO_IMAGES=2 CONF_BUILD=' NO_PAM=YES ' then to build, I will do a sh ./nanobsd.sh -c base.conf 2)Is there an option to run nanobsd.sh without cleaning the obj directories? Really don't want to rebuild world and kernel from scratch for a couple of different packages in custom configs - let alone do it for solving build issues. Yes -b or -n just less the file to see the other options. Its just a giant shell script ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 9650SE-2LP raid card locks system
On 1/7/2011 9:31 PM, Troy Beisigl wrote: Well, it did lock up today. There is no way to do anything on the console. The entire machine is locked hard. The errors on the console show: twa0: ERROR: (0x05: 0x210B): Request timed out!: request = 0xc5633430 twa0: INFO: (0x16: 0x1108): Resetting controller...: I saw this on an i7 box running RELENG_6, but moving to 7 made all quite stable. Are you using 6 by chance ? The box is an i7 920 ACPI APIC Table: INTEL DX58SO FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 2 cpu2 (AP): APIC ID: 4 cpu3 (AP): APIC ID: 6 ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Upgrading from FreeBSD 4.10 to 8.1?
On 1/6/2011 11:27 AM, Robert Huff wrote: patrick writes: I know this is a bit crazy, but is there any opinion as to whether a binary upgrade using an 8.1 CD would work to upgrade a system running 4.10? Normally I would want to do a fresh install, but it's at a remote client site where it's not going to be easy to do it that way, and I'm going to need to guide someone less experienced through the install/upgrade process. While this may not be an option, my preference would be to 1) build a new machine, 2) install 8.1, 3) install the apps and data, 4) test thoroughly, then 5) ship the result to the remote location. Anything else is likely to be too painful for words. How old is the hardware as well? If its running 4.x, something is going to die on it sooner than later. I agree with the above. Send a new box or at the very least a new disk with 8.2 on it. Then, just mount the old 4.x disk and copy over the user data. ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 9650SE-2LP raid card locks system
On 1/4/2011 11:12 AM, Troy Beisigl wrote: I will have to check on its next lockup. It happens about every week to week and a half. Are you able to force the issue to recreate the problem ? ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 9650SE-2LP raid card locks system
I have a number of these cards and they work very well for us. What version of the firmware are you using on the card ? I have this on a busy db server. But its RELENG8. twa0: 3ware 9000 series Storage Controller port 0x1000-0x10ff mem 0xb000-0xb1ff,0xb400-0xb4000fff irq 19 at device 0.0 on pci12 twa0: [ITHREAD] twa0: INFO: (0x15: 0x1300): Controller details:: Model 9650SE-2LP, 2 ports, Firmware FE9X 3.08.00.016, BIOS BE9X 3.08.00.004 I have had good luck with Areca cards as well, but they start in 4 port models. But really, all should work just fine with this 3ware/LSI card ---Mike On 1/3/2011 3:58 PM, Troy Beisigl wrote: Hi All, We have been seeing a problem with FreeBSD 7.3 and up where the system will just hang when using a 9650SE-2LP raid card and 2 500G drives mirrored. The system will run for about a week and then the filesystem just hangs, causing the system to hang. We've looked through the logs and found nothing at all. We have changed the card and then the motherboard but the problem still exists. We have run this card with CentOS without fail in the same system configuration. If the card is not supported, can anyone recommend one that does work? Thanks, Troy Beisigl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 9650SE-2LP raid card locks system
On 1/3/2011 9:14 PM, Troy Beisigl wrote: Hi Mike, We are running the latest firmware. We upgraded to it in case this was the issue. As you can see from the log entry below, it shows the file system was not shut down cleanly because it was locked and had to be powered off. We are using Intel motherboards, so maybe something with FreeBSD and this card with the Intel motherboard? I know that this card works just fine with this board on CentOS, so... When it locks up, are you sure its the disk that locks up ? From the console, if you do a CTRL+T, what does it show its blocking on ? Are you able to build a debug kernel to see where things are stuck ? ---Mike Dec 29 17:36:12 web01 kernel: twa0: 3ware 9000 series Storage Controller port 0xd000-0xd0ff mem 0xd000-0xd1ff,0xd202-0xd2020fff irq 16 at device 0.0 on pci1 Dec 29 17:36:12 web01 kernel: twa0: [ITHREAD] Dec 29 17:36:12 web01 kernel: twa0: WARNING: (0x04: 0x0008): Unclean shutdown detected: unit=0 Dec 29 17:36:12 web01 kernel: twa0: INFO: (0x15: 0x1300): Controller details:: Model 9650SE-2LP, 2 ports, Firmware FE9X 4.10.00.007, BIOS BE9X 4.08.00.002 Troy Beisigl Original Message From: Mike Tancsa m...@sentex.net To: Troy Beisigl t...@i2bnetworks.com Cc: freebsd-questions@freebsd.org Sent: Mon, Jan 3, 2011, 13:32 PM Subject: Re: 9650SE-2LP raid card locks system I have a number of these cards and they work very well for us. What version of the firmware are you using on the card ? I have this on a busy db server. But its RELENG8. twa0: 3ware 9000 series Storage Controller port 0x1000-0x10ff mem 0xb000-0xb1ff,0xb400-0xb4000fff irq 19 at device 0.0 on pci12 twa0: [ITHREAD] twa0: INFO: (0x15: 0x1300): Controller details:: Model 9650SE-2LP, 2 ports, Firmware FE9X 3.08.00.016, BIOS BE9X 3.08.00.004 I have had good luck with Areca cards as well, but they start in 4 port models. But really, all should work just fine with this 3ware/LSI card ---Mike On 1/3/2011 3:58 PM, Troy Beisigl wrote: Hi All, We have been seeing a problem with FreeBSD 7.3 and up where the system will just hang when using a 9650SE-2LP raid card and 2 500G drives mirrored. The system will run for about a week and then the filesystem just hangs, causing the system to hang. We've looked through the logs and found nothing at all. We have changed the card and then the motherboard but the problem still exists. We have run this card with CentOS without fail in the same system configuration. If the card is not supported, can anyone recommend one that does work? Thanks, Troy Beisigl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: what process is sending this packet?
On 12/27/2010 9:30 AM, S Mathias wrote: I can see, that theres a program that keeps sending packets on port 25: Dec 27 14:11:46 a kernel: [ 6336.992320] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=61533 DF PROTO=TCP SPT=37263 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 Dec 27 14:12:01 a kernel: [ 6352.635704] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55853 DF PROTO=TCP SPT=40644 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 Dec 27 14:12:04 a kernel: [ 6355.641085] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55854 DF PROTO=TCP SPT=40644 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 Dec 27 14:12:10 a kernel: [ 6361.649059] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55855 DF PROTO=TCP SPT=40644 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 but where or how could i find out, that what process sends these packets? On FreeBSD, take a look at the audit subsystem http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: DES Cipher
On 12/22/2010 9:35 AM, Mohammad Hedayati wrote: On Wed, Dec 22, 2010 at 6:01 PM, Anton Shterenlikht me...@bristol.ac.uk wrote: On Wed, Dec 22, 2010 at 05:50:19PM +0330, Mohammad Hedayati wrote: Can anyone please show me a sample code for ciphering using DES in FreeBSD? bdes(1)? % ls -al zzz % bdes zzz zzz.des Enter key: % no, des(3) /usr/src/crypto/openssl/crypto/des ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Install problem with 8.0 Release
On 12/21/2010 5:24 AM, Graeme Dargie wrote: Hi list, I am trying to help a friend who is overseas install FreeBSD 8.0 i386. Left to his own devices the install failed, so I ran through it with him last night, all is fine till it gets to the root password screen where the install just hangs. He is not very techy, all I could glean was the system has an sis chipset and it previously ran windows 7 with no problems, I am hoping to get a more detailed spec of the machine, but I thought might make an initial enquiry to the list to see if anyone has come across this behaviour before, or are there any obvious possible causes ? Hard to say without more details as to why its hanging, but I would not bother with 8.0 as its quite old. Instead, try ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/ISO-IMAGES/8.2/FreeBSD-8.2-BETA1-i386-disc1.iso There is wider hardware support and many, many bug fixes. ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD IPSec stack contains backdoors?
Strange, reads like a totally reasoned response to me to an issue that is somewhere between a practical joke and something critical. I will go with the SECTeam's assessment. They have a proven track record for assessing and dealing with security issues. ---Mike On 12/17/2010 10:36 AM, Mike L wrote: Reads like an unacceptable response to an issue that seems quite critical. On Fri, Dec 17, 2010 at 4:31 AM, Giorgos Keramidas keram...@freebsd.orgwrote: The FreeBSD security officer team has already written an official response about this. Please have a look at: http://lists.freebsd.org/pipermail/freebsd-security/2010-December/005746.html Regards, Giorgos On Fri, 17 Dec 2010 14:28:37 +0600, Victor Lyapunov fullblastst...@gmail.com wrote: -- Forwarded message -- From: Victor Lyapunov fullblastst...@gmail.com Date: 2010/12/15 Subject: FreeBSD IPSec stack contains backdoors? To: FreeBSD Mailing List freebsd-questions@freebsd.org Hi folks, Recently OpenBSD developer Gregory Perry disclosed information about possible backdoors in OpenBSD IPSec stack (see http://permalink.gmane.org/gmane.os.openbsd.tech/22557) In particular, Gregory Perry, who has been working on a OpenBSD -ish implementation of IPSec says a number of backdoors have been introduced into the code. As far as I am aware, FreeBSD contains considerable amount of code ported from OpenBSD. The question is: was the FreeBSD's ipsec code ported from OpenBSD's implementation? If so, what might be the impact of this? Thanks, Victor Lyapunov. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 7.3 Get uart to grab modem instead of sio
On 12/9/2010 12:10 PM, Lars Eighner wrote: I am running 7.3. I would like uart to grab the modem, but sio does. I don't want to upgrade to 8.x until I see that things will work with uart. Hi, Take a look at /boot/device.hints. Replace sio with uart and you can remove sio from the kernel if you are not using it elsewhere. ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: massive hdd/geli problems after upgrade to 8.1-RELEASE
On 12/4/2010 12:08 PM, Michael Schaefer wrote: ad4: FAILURE - READ_MUL48 status=51READY,DSC,ERROR error=84ICRC,ABORTED LBA=594632984 Those do seem like hardware errors on the disk. But going back to the old kernel however should not make a difference. Try (/usr/ports/sysutiles/smartmontools and do a smartctl -x /dev/ad4 and see if the drive thinks it has any errors. Does atacontrol cap ad4 show any differences between the two kernels ? perhaps something new is enabled or disabled between versions like the power management ? ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: massive hdd/geli problems after upgrade to 8.1-RELEASE
On 12/4/2010 2:46 PM, Michael Schaefer wrote: http://pastecode.org/index.php/view/27349679 Well, the drive doesnt think it has any issues which is good! will do the atacontrol comparison later on since I would ahve to upgrade the system again. I stressed the hdd now with the old kernel for several hours copying reading/writing large amounts of data without any error. even the filesystem check ran through with just some softupdate inconsistencies but without sector errors... You should be able to boot with just an updated kernel. If I had to guess, it might be some power saving mode of the drive being enabled or disabled. atacontrol will hopefully shed some light on the issue. Not sure about the 4k sector thing. ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD and large harddrives
On 11/18/2010 7:16 AM, Andy Wodfer wrote: Hi, I'm going to build a server that's intended to store uncompressed videofiles (where 1 hour film equals about 500GB). I plan on using Western Digital 2TB or 3TB SATA harddrives. Total storage in version 1 of this server will probably be 8-12 TB. Harddrive speed is not so important so a 5400rpm drive would be OK. Seems like the green line of WD harddrives use both 5400rpm and 7200rpm. I will use RAID 5. I would stay away from the green series hard drives for this application. There have been a number of reports of issues with the drive's power saving design causing problems when used in raid arrays. Search the list for more details. Use their black series instead. The processor will be a 64bit capable Intel processor and I plan on using a Highpoint Rocketraid or 3ware Raid controller. I would use FreeBSD 8.2 ( a contemporary RELENG_8 snapshot in other words) that is AMD64. eg ftp://ftp.freebsd.org/pub/FreeBSD/snapshots/201011/FreeBSD-8.1-STABLE-201011-amd64-dvd1.iso Use ZFS for the file system. Snapshots for backup and data integrity. 3Wares are great controllers, but a decent MB with 6 SATA ports and then an additional eSata controller with external drive cage like this one. http://www.addonics.com/products/host_controller/adsa3gpx8-4e.asp see the man page for ahci on what is supported. Booting off zfs is a bit tricky. If you already have the 3ware card, a pair of smaller / cheaper drives for the base OS and then all your zfs drives for data storage is the least painful way to go right now. I do this for my backup server. 10TB of storage, but the box boots off a 3ware raid card in raid1 mirror for the base OS. ZFS is a bit of a different beast at first, but its very worth while to get to know and understand. ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to Best Prevent Unwanted named installation
At 04:58 PM 9/10/2010, Martin McCormick wrote: contrib/bind9 directory. What is the safest way to disable that build without adversly effecting the rest of the update? Hi, Take a look at the man page for src.conf (and make.conf for completeness). You can control parts of what gets built and installed. ---Mike The reason for doing these things in this order is that I would like to get bind running as quickly as possible since it takes a couple of hours or more to get the world built when we could be doing DNS. Since I am not using that version of bind, not getting it built is no problem. I don't even care if it gets built so long as it does not end up in /usr/sbin to clobber the new bind9.7. This is not really a complaint. I just want to prevent the installation of the old bind over the new one as simply as possible. Thanks. Martin McCormick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Mike Tancsa, tel +1 519 651 3400 Sentex Communications,m...@sentex.net Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is there a way to measure how much network traffic particular app generates?
At 02:37 PM 8/17/2010, Yuri wrote: For example skype, or web browser? I know SysGuard in kde4 shows network traffic per interface at particular time. But I am interested in per-application stats. There are a number of tools. Something like ntop presents a nice graphical interface and a graphical report. For a CLI type tool, Argus is very nice http://nsmwiki.org/index.php?title=Argushttp://nsmwiki.org/index.php?title=Argus ---Mike Yuri ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Mike Tancsa, tel +1 519 651 3400 Sentex Communications,m...@sentex.net Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Looking for PCI/PCIe AHCI controller
At 11:39 AM 7/25/2010, Paul Schenkeveld wrote: Hi, So now I am looking for an add-in SATA card that is supported by the FreeBSD ahci(4) driver. I don't need HW RAID support on the card as I'm running ZFS. I have PCI and PCIe (x1) slots free. I am using an SiL based card to add 4 more drives to my array that works quite well si...@pci0:8:0:0: class=0x010400 card=0x71321095 chip=0x31321095 rev=0x01 hdr=0x00 vendor = 'Silicon Image Inc (Was: CMD Technology Inc)' device = 'PCI Express (1x) to 2 Port SATA300 (SiI 3132)' class = mass storage subclass = RAID cap 01[54] = powerspec 2 supports D0 D1 D2 D3 current D0 cap 05[5c] = MSI supports 1 message, 64 bit cap 10[70] = PCI-Express 1 legacy endpoint max data 128(1024) link x1(x1) I bought it from http://www.addonics.com/http://www.addonics.com/ ---Mike Mike Tancsa, tel +1 519 651 3400 Sentex Communications,m...@sentex.net Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Long I/O pauses on same mass storage
At 09:46 AM 5/12/2010, A. Wright wrote: While I will run some further tests here, I thought I would ask: Is anyone else seeing poor disk I/O scheduling or locking behaviour in 8.0? Hi, On my backup server I am seeing somewhat better throughput/performance, at least with ZFS, but I have not done any rigorous comparisons. Certainly nothing perceptible from userland Is anyone aware of any of the filesytem changes that have occurred since 7.2 that may explain this? There are a lot, but then again the act of installing / upgrading could just mean you are now hitting bad sectors on the drive ? Does anyone have any thoughts on how to conclusively prove that the drive is at fault? I have not seen any errors logged to dmesg. Start with smartmontools to ask your disk if it has logged any errors and check once a day or so to see if sectors are being remapped. ---Mike Thanks, Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Mike Tancsa, tel +1 519 651 3400 Sentex Communications,m...@sentex.net Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Long I/O pauses on same mass storage
At 03:48 PM 5/12/2010, A. Wright wrote: I just noticed, however, the following two interesting lines that /var/log/messages seems to have acquired: May 12 15:44:00 qemg kernel: ad8: FAILURE - SMART status=51READY,DSC,ERROR error=4ABORTED May 12 16:05:27 qemg kernel: swap_pager: indefinite wait buffer: bufobj: 0, blkno: 294, size: 8192 The first dates from the point at which I turned on SMART data logging. The second one, however looks more interesting to me -- am I correct in thinking that there is no good reason why the swap_pager error would appear, aside from some sort of hardware related failure? When I see errors from the OS, but not on the actual disk itself, apart from driver errors (relatively rare on FreeBSD) it can be a cable issue or bad SATA port. But as chuck said, post all of the output from smartctl -a ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Long I/O pauses on same mass storage
At 04:27 PM 5/12/2010, A. Wright wrote: === START OF INFORMATION SECTION === Device Model: WDC WD15EARS-00S8B1 Serial Number:WD-WCAVY2700359 Isnt that one of those Western Digital Green drives ? I seem to recall a number of people complaining about similar issues where the drive stalls. Perhaps a firmware update ? Or perhaps a way to disable the power saving/spin down features ? Is your controller set to AHCI, or regular SATA. what does /var/run/dmesg.boot show ? ---Mike Mike Tancsa, tel +1 519 651 3400 Sentex Communications,m...@sentex.net Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
disabling all serial input / output at boot time
I have an embedded device (Alix box) that is running RELENG_8 off a CF that is designed to monitor / control a serial sensor device. The sensor is quite chatty and is always outputing data at 115200. The problem is that this will interrupt the boot process. I managed to get around boot0 by making this small hack (if there is a better way, please let me know. 0(ich10)# diff -u boot0.S.o boot0.S --- boot0.S.o 2010-04-13 15:11:22.0 -0400 +++ boot0.S 2010-04-13 15:27:02.0 -0400 @@ -356,7 +356,9 @@ */ #ifndef SIO movb $0x1,%ah # BIOS: Check - int $0x16 # for keypress + /* int $0x16 */ # for keypress + testb $0x02,%ah + #else /* SIO */ movb $0x03,%ah # BIOS: Read COM call bioscom @@ -538,7 +540,8 @@ pushw %bx # Save movw $0x7,%bx # Page:attribute movb $0xe,%ah # BIOS: Display - int $0x10 # character + /* int $0x10# character */ + nop popw %bx# Restore #else /* SIO */ movb $0x01,%ah # BIOS: Send 1(ich10)# and I added in /boot/loader.conf console=nullconsole I also tried # cat /boot.config -nmq But when I put an inline serial monitor to see why things are getting hung up, I still see the spinning slashes (/) show up. After that, it seems the boot process is hung and it never fully boots. There seems to be a window of opportunity where key presses on the serial console stop/pause one of the boot stages.. but boot.config should prevent that no ? I even tried to fake it out, but trying to make com2, the console in /boot/device.hints, but I still see the spinning slashes on com1 Is there any way to completely disable serial interaction and to truly make the bootup process quiet and non interactive ? ---Mike Mike Tancsa, tel +1 519 651 3400 Sentex Communications,m...@sentex.net Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail Five Second Greeting Delay
At 08:51 PM 4/1/2010, Norbert Papke wrote: When I connect to sendmail on a local interface, sendmail responds to the connection with its 220 greeting immediately. If I connect to sendmail from another machine on my (home) LAN, sendmail delays five seconds before sending the greeting. I would like it to respond immediately. What if you add define(`confTO_IDENT', 0s) to your mc file and remake your .cf file with that set ---Mike Mike Tancsa, tel +1 519 651 3400 Sentex Communications,m...@sentex.net Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: AMD 64 X2 - Dual Core?
At 02:46 PM 3/20/2010, Gene wrote: Hi - I just got a board with an AMD Athlon 64 X2 cpu. I was wondering - 1) Is the amd64 8.0 release the fbsd of choice here? Yes. 8.0R is the way to go. However, you might want to bring it upto date after installing it as there are a number of bug fixes and feature enhancements since the release of 8.0. The FreeBSD handbook tells you how to do it. and 2) Does it take advantage of the athlon's dual cores? Both the i386 (32bit) and AMD64 (64bit) versions take advantage of multiple cores. If you have more than 4G of RAM, use the 64 bit version, otherwise use the 32bit install. ---Mike Mike Tancsa, tel +1 519 651 3400 Sentex Communications,m...@sentex.net Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Hardware RAID controller questions - 3Ware vs RocketRaid
At 04:37 AM 3/18/2010, Andy Wodfer wrote: Hi, We're setting up two backup servers where each server will have about 4TB of harddrives (for now) connected (4x1TB and 8x500GB drives). Last night we ran into trouble with the 3ware controllers we have (9650SE-8LPML) because we couldn't create a larger RAID5 than 1.99TB. Are you sure its the controller that was giving that error ? I ran into something similar with my Areca controller on a backup server. I ended up creating 2 raid sets, one for the boot OS and the other for the backup spool and used gpart for the larger than 2TB RS. Perhaps the same needs to be done on the 3ware eg # df -h Filesystem SizeUsed Avail Capacity Mounted on /dev/da0s1a1.9G496M1.3G28%/ devfs 1.0K1.0K 0B 100%/dev /dev/da1s1d 29G 10G 16G39%/usr /dev/da1s1e 33G5.0G 26G16%/var /dev/da0s1d 61G 50G6.4G89%/var/db /dev/da2p1 2.6T797G1.6T33%/backup zbackup1 2.7T1.2T1.4T46%/zbackup1 I would go for the 3ware over the RocketRaid. We have used the 3ware cards for some time and they have been very reliable for us. The disk replacement process is well designed and has been reliable for us over the years. We also use some of the Areca cards and they have been good too. Not much experience with the RocketRaid. ---Mike Mike Tancsa, tel +1 519 651 3400 Sentex Communications,m...@sentex.net Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Virtual RS232 port link on IP or on network card
Hi, Not sure if this is what you want to do or not, but if you want to connect a device to a serial port on FreeBSD and then access that serial device over the network from a remote machine, try /usr/ports/comms/ser2net ---Mike At 10:08 AM 3/4/2010, Olivier GARNIER wrote: Hi, Is it possible to create a virtual COM port on FreeBSD. And to link it to a network card, or what whould be better to an ip adress on my network ? Thanks, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Mike Tancsa, tel +1 519 651 3400 Sentex Communications,m...@sentex.net Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
netflow vs pcap
I am trying to deploy more visibility into parts of my network and started to look at netflow. However, I often find for some deployments, I need full pcap headers to see what had been going on. e.g. customer calls after the fact saying, ~ 36hrs ago, there was a 'problem'. Do you know what happened... Having a full pcap (headers anyways) helps a great deal to understand / reconstruct what the site was actually seeing. In my limited foray into netflow, I dont seem to have that level of visibility where I can see how long the 3 way handshake took to setup, if ACKs were missed due to packet loss or packets were out of order etc etc. That being said, there are wonderful summary tools in netflow that allow you to quickly look for network anomalies. However, I can always export a pcap to netflow format and then use such tools. Is there a happy medium out there ? What are people using to audit network traffic out there ? Also, what are people using to capture and store netflow data ? ---Mike Mike Tancsa, tel +1 519 651 3400 Sentex Communications,m...@sentex.net Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 7.2 equiv for usbconfig on 8.0?
At 04:53 PM 1/5/2010, Steve Franks wrote: How do I reset my usb on 7.2 when I insert a card in the internal flash reader? usbconfig works great on 8, but I have systems I cannot upgrade at the moment... I dont think there is a reset equiv, but I usually do something like cat /dev/null /dev/da[#] where da# corresponds to the internal reader / device. eg. cat /dev/null /dev/da1 ---Mike Mike Tancsa, tel +1 519 651 3400 Sentex Communications,m...@sentex.net Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: copying a disk with ignoring errors
At 08:30 PM 1/5/2010, Polytropon wrote: recoverdisk This one worked for me to recover my mum's borked Windows XP HD. It was able to recover enough, that I only needed to find one missing dll. Prior to that, it wouldnt even boot up getting stuck on the failing parts of the disk. ---Mike Mike Tancsa, tel +1 519 651 3400 Sentex Communications,m...@sentex.net Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
whats in your /etc/security/ files ? (AUDIT subsystem)
I am looking at getting more out of the FreeBSD AUDIT system and was wondering if anyone has feedback beyond what is in the handbook or links to other resources on this topic. http://bsdmag.org/ had a nice intro article and http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html is actually pretty complete. But I was looking for additional feedback from folks using it on their servers in production. What do you find useful to log on large multi user systems ? What about boxes with limited access to just administrators ? Log everything? How do you manage your audit logs to ensure integrity ? Do you run at a higher secure level and make the file flags uappnd ? Write them to an nfs mount on a separate and separately secured system ? ---Mike Mike Tancsa, tel +1 519 651 3400 Sentex Communications,m...@sentex.net Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Root exploit for FreeBSD
At 09:41 AM 12/10/2009, Anton Shterenlikht wrote: From my information security manager: FreeBSD isn't much used within the University (I understand) and has a (comparatively) poor security record. Most recently, for example: http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.html Some say... world flat... some say roundish. There are lots of opinions to choose from. It would be nice to see an actual properly designed study quoted... or even some raw data referenced. and I am not talking about something vendor sponsored that examines such track records. In the case of the above mentioned zero day exploit someone posted, I think FreeBSD did a GREAT job at getting a fast unofficial patch out and then 2 days later an official advisory and patch out. Take a look at their actual track record at http://www.freebsd.org/security and judge for yourself based on that. Note, a good chunk of whats there is common across multiple operating systems (e.g ntpd, BIND, openssl etc) There are lots of reasons why someone might use or not use FreeBSD. In my _opinion_, a poor security record is not one of them... But judge for yourself based on their actual track record. ---Mike Mike Tancsa, tel +1 519 651 3400 Sentex Communications,m...@sentex.net Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Serial console trouble: loader and login works, but no kernel messages
At 12:10 PM 8/26/2009, Thomas Backman wrote: danny I already tried that (in /boot/loader.conf); it shows up in dmesg (and didn't before), but still no luck. Try adding it to /boot/device.hints eg hint.uart.0.at=isa hint.uart.0.port=0x3F8 hint.uart.0.flags=0x10 hint.uart.0.irq=4 hint.uart.1.at=isa hint.uart.1.port=0x2F8 Or, if you want to use loader.conf, try hw.uart.console=io:0x3f8 ---Mike Regards/thanks, Thomas ___ freebsd-curr...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org Mike Tancsa, tel +1 519 651 3400 Sentex Communications,m...@sentex.net Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Geom_eli problems
At 09:38 PM 5/19/2009, Bernt Hansson wrote: geli attach -k /root/da0.key /dev/da0 geli: Cannot read metadata from /dev/da0: Invalid argument. Does your kernel config have device crypto in it ? ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD bind performance in FreeBSD 7
At 10:44 AM 2/29/2008, Chris wrote: A weakness of freebsd is its fussyness over hardware in particular network cards, time and time again I see posts here telling people to go out buying expensive intel pro 1000 cards just so they can use the operating system properly when I think its reasonable to expect mainstream hardware to work, eg. realtek is mainstream and common as a A realtek as in rl (not re) works quite well (as in stable, predictable performance)-- we buy these for about $5 each from our supplier and are quite common. While it would be nice that all network cards worked as well as the em nics, its an issue that is easy to work around-- after all, I would rather be limited by my nic driver choice as opposed to vm and network stack issues which I cant work around. Also thankfully, a large chunk of the server MB market uses em nics. Yes, bge/bce based nics do seem to perform poorly on FreeBSD. Hopefully Broadcom might put similar resources into driver development as Intel does/has. ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Upgrading from FreeBSD 6.2 to FreeBSD 7.0
At 10:10 AM 2/20/2008, Hansa wrote: /usr/src/sys/i386/conf/TESTRABIT: unknown option IPSEC_ESP *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. kernel build duration: 00:00:00 STUCK My guess is that the ipsec (crypto?) source code is missing? Is this correct? If so, where can I find it and where should I put it? Hi, The options for IPSEC are different in RELENG_7. The KAME implementation is no longer there as its just FAST_IPSEC. So get rid of IPSEC_ESP and just have options IPSEC device crypto in your kernel. ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Nagios + 6.3-RELEASE == Hung Process
At 06:17 PM 2/4/2008, Jarrod Sayers wrote: On 03/01/2008, at 11:56 AM, Marc G. Fournier wrote: As noted in my original report, this isn't a nagios issue per se ... my first experience with this issue was with Azureus/java ... so its a 'threading issue in general' ... A patch to force the package to link against libthr() has been committed [1] and should be available once mirrors update as net-mgmt/ nagios 2.10_1. This has been tested since this conversation stated in the net-mgmt/nagios-devel port [2] without any negative feedback being We have been using nagios linked against libthr via libmap.conf since the end of November and its been working great since then. Prior to that, we would see 100% CPU usage a couple of times a week on various nagios procs. Hasnt happened since. ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
mixing uart and sio
I am in a rather annoying situation of having one serial application not work well with the uart driver (null modem cable connects onboard serial ports to a machine I have no control over) and a GPRS device where the sio driver causes a constant stream of interrupt overflows sio4: 109 more interrupt-level buffer overflows (total 109) sio4: 109 more interrupt-level buffer overflows (total 218) sio4: 109 more interrupt-level buffer overflows (total 327) sio4: 109 more interrupt-level buffer overflows (total 436) sio4: 109 more interrupt-level buffer overflows (total 545) sio4: 109 more interrupt-level buffer overflows (total 654) sio4: 109 more interrupt-level buffer overflows (total 763) dev.sio.4.%desc: Sierra Wireless AC860 dev.sio.4.%driver: sio dev.sio.4.%location: function=1 dev.sio.4.%pnpinfo: manufacturer=0x0192 product=0x0710 cisvendor=Sierra Wireless cisproduct=AC860 function_type=2 Attaching even at 9600 on this card, shows half of the chars are missed. However, with the uart driver, it works. The one small problem is that until I open the device, there is an interrupt storm on it. But after that, it works perfectly. e.g. attaching with sio shows the output of ati3 cut off # cu -l /dev/cuad4 Connected atz OK ati3 Manufacturer: Sierra Wireless, Inc. Model: AC860 Revision: U1_1_29ACAP G:/WORKSPACES/FIRMWARE/U1_1_29ACAP/MSM6275/SRC 2006/02/20 20:16:52 IMEI: 357806002095833 FSN: X172096078612 3GPP Release 5 +GCAP:atz OK ati3 Manufacturer: Sierra Wireless, Inc. Model: AC860 Revision: U1_1_29ACAP G:/WORKSPACES/FIRMWARE/U1_1_29ACAP/MSM6275/SRC 2006/ vs # cu -l /dev/cuau0 Connected atz OK ati3 Manufacturer: Sierra Wireless, Inc. Model: AC860 Revision: U1_1_29ACAP G:/WORKSPACES/FIRMWARE/U1_1_29ACAP/MSM6275/SRC 2006/02/20 20:16:52 IMEI: 357806002095833 FSN: X172096078612 3GPP Release 5 +GCAP: +CGSM,+FCLASS,+DS # vmstat -i interrupt total rate irq0: clk 287563995 irq3: sio1 1 0 irq4: sio0 307 1 irq5: vr1 1 0 irq7: 2 0 stray irq7 2 0 irq8: rtc 36840127 irq10: cbb0 sio4 59 0 irq11: vr0 3822 13 irq14: ata034495119 irq15: ata1 ohci0+ 2 0 Total 363094 1256 # vmstat -i interrupt total rate irq0: clk 89881987 irq5: vr1 1 0 irq7: 1 0 stray irq7 1 0 irq8: rtc 11504126 irq10: cbb0 uart0 44275486 irq11: vr0 695 7 irq14: ata021145232 irq15: ata1 ohci0+ 2 0 Total 167505 1840 cbb0: PCI-CardBus Bridge mem 0xa0005000-0xa0005fff irq 10 at device 14.0 on pci0 cardbus0: CardBus bus on cbb0 pccard0: 16-bit PCCard bus on cbb0 isab0: PCI-ISA bridge at device 20.0 on pci0 isa0: ISA bus on isab0 atapci0: AMD CS5536 UDMA100 controller port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xe000-0xe00f at device 20.2 on pci0 ata0: ATA channel 0 on atapci0 ata1: ATA channel 1 on atapci0 ohci0: OHCI (generic) USB controller mem 0xa0006000-0xa0006fff irq 15 at device 21.0 on pci0 ohci0: [GIANT-LOCKED] usb0: OHCI version 1.0, legacy support usb0: OHCI (generic) USB controller on ohci0 usb0: USB revision 1.0 uhub0: AMD OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered ehci0: EHCI (generic) USB 2.0 controller mem 0xa0007000-0xa0007fff irq 15 at device 21.1 on pci0 ehci0: [GIANT-LOCKED] usb1: EHCI version 1.0 usb1: companion controller, 4 ports each: usb0 usb1: EHCI (generic) USB 2.0 controller on ehci0 usb1: USB revision 2.0 uhub1: AMD EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub1: 4 ports with 4 removable, self powered uart1: 16550 or compatible at port 0x2f8-0x2ff irq 3 on isa0 Timecounter TSC frequency 433250425 Hz quality 800 Timecounters tick every 1.000 msec Fast IPsec: Initialized Security Association Processing. uart0: Sierra Wireless AC860 at port 0x3e8-0x3ef irq 10 function 1 config 34 on pccard0 interrupt storm detected on irq10:; throttling interrupt source ---Mike Mike Tancsa, tel +1 519 651 3400 Sentex Communications,[EMAIL PROTECTED] Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike
Re: why nfs is so slow?
On Tue, 11 Dec 2007 12:02:07 +0100 (CET), in sentex.lists.freebsd.questions you wrote: i'm getting about 6MB/s with NFS (100Mbit cross-connect ethernet), while over 9.5 by FTP. nfs is set to work over TCP. What mount options are you using ? I use something like the following 172.18.23.34:/backup/backup2 /offsite-backup nfs rw,-r=32768,-w=32768,tcp,noauto in fstab ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Mike Tancsa, Sentex communications http://www.sentex.net Providing Internet Access since 1994 [EMAIL PROTECTED], (http://www.tancsa.com) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipv6 connection question
On Wed, 11 Jul 2007 08:00:05 -0400, in sentex.lists.freebsd.questions you wrote: Hello: I've recently started getting these in the system log: +TCP: [::1]:49478 to [::1]:4080 tcpflags 0x2SYN; tcp_input: Connection attempt to closed port The program affected works anyway, but I'd like to dispense with the clutter. What's happening, and is there a way to fix it without re-compiling? (E.g. firewall setting.) Does sysctl -w net.inet.tcp.log_in_vain=0 get rid of them ? ---Mike Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Mike Tancsa, Sentex communications http://www.sentex.net Providing Internet Access since 1994 [EMAIL PROTECTED], (http://www.tancsa.com) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
nanobsd and mount issues
I have an odd situation where /etc and /var seem to be mounted twice now for some reason. # df Filesystem 1K-blocks Used Avail Capacity Mounted on /dev/ad0s1a245239 98076 12754443%/ devfs 1 1 0 100%/dev /dev/md0 4526 1784 238043%/etc /dev/md127990 124 25628 0%/var /dev/md2 4526 1788 237643%/etc /dev/md327990 436 25316 2%/var Any idea why this might be happening ? Its nanobsd off RELENG_6 on a Soekris 4511. ---Mike Mike Tancsa, tel +1 519 651 3400 Sentex Communications,[EMAIL PROTECTED] Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: device polling
On Thu, 21 Jun 2007 06:20:30 -0500, in sentex.lists.freebsd.questions you wrote: bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=5bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,POLLING media: Ethernet autoselect (100baseTX full-duplex) status: active Does this show its 'working'? Is there any way to test or verify this? Try ifconfig bge0 polling ifconfig bge0 -polling You should be able to see the difference in the interrupt rate in vmstat -i 1 when transferring many packets across the NICs ---Mike Mike Tancsa, Sentex communications http://www.sentex.net Providing Internet Access since 1994 [EMAIL PROTECTED], (http://www.tancsa.com) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Supported PCI Express x1 Ethernet Cards
On Fri, 20 Apr 2007 00:51:38 -0700, in sentex.lists.freebsd.questions you wrote: Does anyone have a suggestion for a supported 10/100/1000 PCI Express x1 ethernet card supported under 6.1? There are Intel and bge nics that I have used. The Intels are more common and work best I find. ---Mike Mike Tancsa, Sentex communications http://www.sentex.net Providing Internet Access since 1994 [EMAIL PROTECTED], (http://www.tancsa.com) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: fixing a PUC / uart speed issue
At 02:10 AM 3/24/2007, Marcel Moolenaar wrote: Try changing the frequency from COM_FREQ to (4 * COM_FREQ). The HTH, Thanks, it fixed it! BTW, would this be for all such cards with this PCI ID ? If so, should I file a PR ? If not, apart from keeping a private set of patches, whats the best way to work around this with each cvsup / buildworld ? ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
fixing a PUC / uart speed issue
Hi, I have a mini-pci UART that has a problem with its speed. When I connect to it at 300bps the other side sees this as 1200. e.g. Other PC PUC device 4800 1200 9600 2400 19200 4800 Its a mini-pci card on a soekris 4511 and dmesg on a RELENG_6 box shows puc0: Oxford Semiconductor OX16PCI954 UARTs port 0xe000-0xe01f,0xe020-0xe03f mem 0xa000-0xafff,0xa0001000-0xa0001fff irq 10 at device 16.0 on pci0 uart4: 16950 or compatible on puc0 uart5: 16950 or compatible on puc0 uart6: 16950 or compatible on puc0 uart7: 16950 or compatible on puc0 [EMAIL PROTECTED]:16:0: class=0x070006 card=0x chip=0x95011415 rev=0x00 hdr=0x00 vendor = 'Oxford Semiconductor Ltd' device = 'OX16PCI954 Quad UART' class = simple comms subclass = UART cap 01[40] = powerspec 1 supports D0 D2 D3 current D0 [EMAIL PROTECTED]:16:1:class=0x068000 card=0x chip=0x95101415 rev=0x00 hdr=0x00 vendor = 'Oxford Semiconductor Ltd' device = 'OX16PCI954 PCI Interface (disabled)' class = bridge cap 01[40] = powerspec 1 supports D0 D2 D3 current D0 product specs at http://www.commell.com.tw/Product/Peripheral/MiniPCI/MP-954.HTM I am guessing something needs to be changed in the puc driver for it ? /* Oxford Semiconductor OX16PCI954 PCI UARTs */ { Oxford Semiconductor OX16PCI954 UARTs, { 0x1415, 0x9501, 0, 0 }, { 0x, 0x, 0, 0 }, { { PUC_PORT_TYPE_COM, 0x10, 0x00, COM_FREQ }, { PUC_PORT_TYPE_COM, 0x10, 0x08, COM_FREQ }, { PUC_PORT_TYPE_COM, 0x10, 0x10, COM_FREQ }, { PUC_PORT_TYPE_COM, 0x10, 0x18, COM_FREQ }, }, }, but what ? Other than this odd speed issue, the card seems to work fine. Any pointers appreciated. Thanks, ---Mike Mike Tancsa, tel +1 519 651 3400 Sentex Communications,[EMAIL PROTECTED] Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Post DST changes
I am seeing some inconsistent and strange results after the DST change this weekend. On all the boxes, it seems setup OK # zdump -v /etc/localtime | grep 2007 /etc/localtime Sun Mar 11 06:59:59 2007 UTC = Sun Mar 11 01:59:59 2007 EST isdst=0 gmtoff=-18000 /etc/localtime Sun Mar 11 07:00:00 2007 UTC = Sun Mar 11 03:00:00 2007 EDT isdst=1 gmtoff=-14400 /etc/localtime Sun Nov 4 05:59:59 2007 UTC = Sun Nov 4 01:59:59 2007 EDT isdst=1 gmtoff=-14400 /etc/localtime Sun Nov 4 06:00:00 2007 UTC = Sun Nov 4 01:00:00 2007 EST isdst=0 gmtoff=-18000 And the command date gives the correct time. But until I restart some applications, I dont see the right times logged in syslog ?! e.g # date Mon Mar 12 08:17:06 EDT 2007 And looking at BIND's entries to syslog, I see the correct timestamps Mar 12 08:17:42 granite named[16080]: denied recursion for query from [198.73.192.129].1364 for 119.64.22.72.in-addr.arpa IN Mar 12 08:17:42 granite named[16080]: denied recursion for query from [198.73.192.129].1364 for 119.64.22.72.in-addr.arpa IN Mar 12 07:17:43 granite /kernel: Connection attempt to TCP 199.212.xx.x:995 from 74.97.26.112:53911 flags:0x02 Mar 12 08:17:50 granite named[16080]: denied update from [64.7.xx.90].2163 for xxx.com IN Mar 12 08:17:50 granite named[16080]: denied update from [64.7.xx.90].2163 for xxx.com IN yet mixed in notice the /kernel entry... Its an hour off !? if I restart syslogd, it corrects it for the kernel entry, but not for other applications. They all seem to log the time one hour back. Most applications seem this way. On my more recent boxes this didnt happen, but for some legacy RELENG_4 and older RELENG_5 and RELENG_6 boxes, the same odd behavior. /etc/localtime looks the same on all the boxes # md5 /etc/localtime MD5 (/etc/localtime) = 82980b1345aab5a97d90307edfefb6da [smtp1]% md5 /etc/localtime MD5 (/etc/localtime) = 82980b1345aab5a97d90307edfefb6da [smtp1]% yet different behaviour. Any idea whats up ? ---Mike Mike Tancsa, tel +1 519 651 3400 Sentex Communications,[EMAIL PROTECTED] Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Post DST changes
At 02:00 PM 3/12/2007, Bob Johnson wrote: On 3/12/07, Mike Tancsa [EMAIL PROTECTED] wrote: I am seeing some inconsistent and strange results after the DST change this weekend. On all the boxes, it seems setup OK [...] yet mixed in notice the /kernel entry... Its an hour off !? if I restart syslogd, it corrects it for the kernel entry, but not for other applications. They all seem to log the time one hour back. Most applications seem this way. On my more recent boxes this didnt happen, but for some legacy RELENG_4 and older RELENG_5 and RELENG_6 boxes, the same odd behavior. Restart any programs that aren't picking up the time change. From the tzsetup(8) man page: BUGS Programs which are already running when tzsetup creates or updates /etc/localtime will not reflect the updated timezone. - Bob Note self, Always read BUGS section from now on :( Thanks for pointing that out. ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (S)ATA performance in FBSD 6.2/7.0
At 04:38 AM 3/2/2007, O. Hartmann wrote: The last days I tried to figure out why some of my lab's FreeBSD boxes and also mine at home seem to be outperformed by some Linux setups around here and I saw something interesting. On my lab's FreeBSD 6.2/i386 box (ASUS P4P800, ICH5 with two SATA 150 ports, two SATA 300 drives attached) I copied big files (~ 5GB) from one drive to Something strange about your setup I would say. I just tried on a Segate SATA drive off an ICH5 chipset (plain old P IV 2.4Ghz). Do you have an option in your BIOS for native mode or compatibility mode for the SATA controller ? If so, try toggling that to native SATA mode [ns4]% iostat -c 1000 tty ad4twed0 cpu tin tout KB/t tps MB/s KB/t tps MB/s us ni sy in id 2 447 4.91 0 0.00 23.77 40 0.92 20 0 6 0 74 4 307 0.00 0 0.00 12.61 14 0.17 0 0 0 0 100 1 183 0.00 0 0.00 14.50 4 0.06 0 0 0 0 100 1 63 128.00 47 5.82 0.00 0 0.00 7 0 7 0 86 0 182 128.00 534 66.70 15.25 8 0.12 0 0 15 8 77 0 60 128.00 553 69.13 2.00 2 0.00 0 0 8 8 85 0 182 128.00 537 67.14 14.50 4 0.06 15 0 31 15 38 0 60 128.00 553 69.06 0.00 0 0.00 54 0 0 8 38 0 60 128.00 538 67.21 0.00 0 0.00 23 0 0 8 69 1 301 128.00 495 61.88 12.18 22 0.26 0 0 8 0 92 [ns4]# dd if=/dev/ad4 of=/dev/null bs=1024k ^C410+0 records in 410+0 records out 429916160 bytes transferred in 6.089321 secs (70601659 bytes/sec) [ns4]# [ns4]# atacontrol cap ad4 Protocol Serial ATA II device model ST3400833NS serial number 5NF25DTG firmware revision 3.AEH cylinders 16383 heads 16 sectors/track 63 lba supported 268435455 sectors lba48 supported 781422768 sectors dma supported overlap not supported Feature Support EnableValue Vendor write cacheyes yes read ahead yes yes Native Command Queuing (NCQ) yes - 31/0x1F Tagged Command Queuing (TCQ) no no 31/0x1F SMART yes yes microcode download yes yes security yes no power management yes yes advanced power management no no 65278/0xFEFE automatic acoustic management no no 0/0x00 254/0xFE [ns4]# ___ freebsd-performance@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-performance To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Serial Port Problems
On Thu, 01 Mar 2007 15:27:19 -0600, in sentex.lists.freebsd.questions you wrote: More Dell 2950 woes. I use serial ports to manage my FreeBSD machines remotely. I've never had any problems until now. I've installed FreeBSD 6.2 on a Dell 2950. The install goes without problems over the serial port. After the reboot, I get the typical: FreeBSD/i386 (test.host.net) (ttyd0) login: and I can log in just fine. If I disconnect and come back later (sometimes), or if I hit return without entering a login name (always) it starts spitting out junk like: I get similar strange results as well on Server Works BIOS based machines. I usually talk to them through a pm25. For me, I have to make sure flow control is off on both ends (no software, no hardware). Also, login gets confused if you start with an enter for some reason. I can generally recover from this seemingly hung state with a bunch of CTRL+d's. Not sure if it will help you, but the symptons are somewhat like what I see. Whats odd is that it all works just fine from the loader prompt and if I boot into single user mode. But soon as getty/login take over, its very picky. ---Mike Mike Tancsa, Sentex communications http://www.sentex.net Providing Internet Access since 1994 [EMAIL PROTECTED], (http://www.tancsa.com) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: em(1) 6.2.9 driver on FreeBSD 5.5?
On Thu, 08 Feb 2007 21:36:03 +0100, in sentex.lists.freebsd.questions you wrote: Hello, I have a HP ProLiant server with Intel PCI express gigabit ethernet card. Relevant output of pciconf -v -l: [EMAIL PROTECTED]:0:0: class=0x02 card=0x10838086 chip=0x10b98086 rev=0x06 hdr=0x00 vendor = 'Intel Corporation' class= network subclass = ethernet I have FreeBSD 5.5 and the FreeBSD kernel driver doesn't want to load it. If I download the driver from Intel pages and try to compile it, I get this: Why not just upgrade your box via cvsup to 6.2 ? It will then have the proper intel drivers as well as have a much more robust version of FreeBSD ? ---Mike Mike Tancsa, Sentex communications http://www.sentex.net Providing Internet Access since 1994 [EMAIL PROTECTED], (http://www.tancsa.com) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem with Serverworks HT1000 serial ATA support - Tyan S3992 Motherboard
At 10:18 PM 2/6/2007, Nicole Harrington wrote: I use RELENG_6 in i386 mode on this MB (two integrated em nics) and it works quite well Have you tried it with the tune for Diskd mentioned. No, But I have a box scheduled to be put together tomorrow and will give it a try. How much RAM do you have on them ? ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues
At 08:03 AM 2/6/2007, Chris wrote: On 06/02/07, Justin Robertson [EMAIL PROTECTED] wrote: I've actually already done everything you've suggested with little or no impact at all. One point where we have different results is with ADAPTIVE_GIANT, I actually noticed a drop of about 50kpps thruput when disabling it. Hmm I am surprised not more attention has been brought by your observations, I have noticed myself freebsd 4.x holds up much better during ddos then 5.x and 6.x probably due its better robustness and lighter code. When I ran through the tests with pmc compiled in there wasnt any obvious areas where it was spending a lot of time. What I was told was that the locking overhead was a big penalty and more emphasis was put on correctness than speed going from RELENG_4 to RELENG_5 and above. Supposedly the payoff will come as more CPU cores get added as there is better potential to scale with this design. While I did see some improvement in the box with SMP compiled in, it still has a ways to go for this application I do hope but will probably be dissapointed stability and robustness is on the todo list for the devs in aiming to get 6.x to where 4.x was. I have found stability to be quite good. But certainly as a firewall or router, the speed is not there yet. ---Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]