zfs over geli over zfs (was: Re: zfs flag denoting unclean shutdown?)
On 10/02/2013 08:13 PM, Matthew Seaman wrote: On 02/10/2013 16:34, Nikos Vassiliadis wrote: Is there a way to know if a zfs pool had an unclean shutdown? An attribute or maybe something during mount time similar to what ufs does (WARNING: / was not properly dismounted)? Other than looking at the system logs for evidence of an abnormal shutdown, no. (Absence of anything in the logs is pretty good evidence for the system falling over pretty hard... Usually something to do with the power being turned off.) However, due to the design of ZFS unclean shutdowns like this are nowhere near as problematic as on UFS. Basically, you're guaranteed that what is written on disk is always consistent. You might lose a few transactions -- essentially the last few seconds of file system activity -- but that doesn't usually make a great deal of difference after the system reboots again. Oh, yeah -- absolutely no time will be needed to be spent cleaning and repairing filesystems: with ZFS, reboot after crash is as fast as a normal reboot. Thanks Matthew, I realized I should have used a more appropriate subject. I'll explain what my actual goal is:) I am after a really specific use-case and the last minute transactions are important. Using a zpool over geli over a zvol. I'd like to know if during shutdown the kernel flushes all zfs files caches in order so these last minutes transactions won't be lost. The unmounting order is far from obvious (zfs over geli over zfs) and i wonder if such a scheme will succeed. I can't afford losing the last transactions of my home dir every time i shutdown my laptop;) The obvious solution is to create two slices and dedicate a slice to geli. Like this: mypool lives on slice1 myencpool lives on slice2.eli I am after this: mypool lives on slice1 myencpool lives on /dev/zvol/mypool/avolume.eli The second scheme will allow me to have an encypted home and not to pre-allocate space. A quick test showed that it might work... On the other hand conceptually seems like a very bad idea haha. I think I've heard people doing this zfs over geli over zfs before... Thanks for any thoughts, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
zfs flag denoting unclean shutdown?
Hi, Is there a way to know if a zfs pool had an unclean shutdown? An attribute or maybe something during mount time similar to what ufs does (WARNING: / was not properly dismounted)? Thanks, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: to gmirror or to ZFS
On 07/16/13 21:27, Johan Hendriks wrote: Op dinsdag 16 juli 2013 schreef Charles Swiger (cswi...@mac.com) het volgende: Hi-- On Jul 16, 2013, at 10:33 AM, Johan Hendriks joh.hendr...@gmail.comjavascript:; wrote: [ ... ] I would us a zfs for the os. I have a couple of servers that did not survive a power failure with gmirror. The problems i had was when the power failed one disk was in a rebuilding state and then when the background fsck started or was busy for some time it would crash the whole server. Well, don't do that. :-) When the server reboots because of a powerfailure at night, then it boots. Then it starts to rebuild the mirror on its own, and later the fsck kicks in. Not much i can do about it. You could add geom_journal which will minimize the time of fsck to a second or something like that. Then you don't have to use background fsck anymore. Actually geom_journal's manual page mentions an interesting side-effect of geom_journal over a geom_mirror: you can turn off component synchronization. Geom_journal will re-play last writes so whatever was changed just before the crash will be re-written to both disks. I haven't used this but it makes sense in theory. Maybe i should have done it without the automatic attachment for a new device. I always turn off automatic synchronization or stale components as well. It seems to me that people don't really use geom_journal or maybe they just don't talk about it like it's some sort of secret:) just my two cents, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: does ifconfig see netgraph bridges?
Hi, On 05/19/2013 04:57 PM, Joe wrote: I create a ng bridge but issuing ifconfig does not show the bridge. Running 9.1-RELEASE. Is this a bug? ifconfig is not supposed to know about a netgraph bridge. So this is by design. Also, since the bridge is supposed to be transparent to the network i wouldn't know what kind of information would be relevant to ifconfig, that is the netgraph bridge has no MAC, no IP etc. What info are you after? Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: posix sh problem
On 4/4/2013 3:32 μμ, Mark Felder wrote: Hi all, Hopefully someone here is much more clever than I am. I've run out of ideas on how to cleanly convert this chunk of ksh to posix sh. This is from a BB/Hobbit/Xymon monitoring script for ZFS. I'd really like to have this working cleanly on FreeBSD without requiring any funky shells or using any temporary files. The following is supposed to be able to loop through the output of multiple zpools reading one line at a time and each line item is set as a variable: /sbin/zpool list -H | while read name size used avail cap dedup health altroot do # do interesting things here done Unfortunately you can't pipe through read in posix sh. I am not sure about posix compliance but I haven't seen a bourne-like shell not supporting the prog | while read a b c ... syntax. FreeBSD's /bin/sh supports this. Did you mean something else, did I misunderstand your question? Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: w and who don't list users in FreeBSD 9.0 and 9.1
On 19/3/2013 6:03 μμ, Ruben de Groot wrote: On Tue, Mar 19, 2013 at 04:59:56PM +0100, Istvan Gabor typed: Hello: I have both FreeBSD 9.0 and 9.1 on two different computers. w and who commands do not list logged in users in any of them (either for root or a regular user). The output of w is: root@:/root # w 4:56PM up 10 mins, 0 users, load averages: 0.18, 0.26, 0.20 USER TTY FROM LOGIN@ IDLE WHAT root@:/root # And the output of who: root@:/root # who root@:/root # Why is this and how can I fix it? This can happen if your kernel and world are out of sync. It can also happen if /var/run/utx.active is corrupt. Could you try deleting it? It will be re-created after a successful login. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: process eating up all memory - what should happen next?
On 7/3/2013 12:17 μμ, Polytropon wrote: On Thu, 7 Mar 2013 10:01:03 GMT, Anton Shterenlikht wrote: I have a process that eats up al memory, in my case science/paraview if I try to analyse a large model. What should FreeBSD do when a process tries to use all RAM or more? In this case, the swap space would be used, until the system runs out of swap space. I my case I get a complete freeze, can't even login from the console, and requiring a cold reboot. I guess this is not supposed to happen, but what is supposed to happen in situations like this? A normal reboot (including a proper shutdown) should at least be possible. If the machine seems to freeze entirely, this simply looks wrong, so maybe it's more than just eating all the RAM? You could try to impose a resource limit, see man limits for details, so you could trigger the undesired behaviour while e. g. only 50% of the available RAM is being used by _that_ process (and therefor still leaving enough resources for other system and user processes). You could also monitor resource consumption with tools like top, htop, vmstat or systat in adjacent xterms while you run the test, seeing trouble pile up... I think Anton is interested in the system's behavior when there is no enforced limit. Processes tend to be killed quite quickly when there is no on-disk swap backing. root@awethu:/root # swapinfo Device 1K-blocks UsedAvail Capacity root@awethu:/root # nice python -c 'a = [f for f in range(8000)]' Killed When on-disk swap backing exists and multiple processes are competing for memory things are are not that straightforward. I think you hit a bug on ia64. Could you test the behavior using the above program and report back? I would run top in one terminal(so i can monitor and kill the program) and I would use a second terminal to run the program using increasingly larger values. Also, I wouldn't try that under X, at least i would test first without X... HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Journaling for a flaky FreeBSD VirtualBox guest.
On 28/2/2013 9:41 πμ, Alan Gutierrez wrote: I'm getting to know FreeBSD by running a 64-bit FreeBSD guest in a VirtualBox machine on my OS X Mountain Lion laptop. On occasion, when waking up from sleep, the FreeBSD virtual machine will not restart. VirtualBox marks it as Aborted. Maybe you should pause the guest before putting the host to sleep? When I restart FreeBSD, I've found on a number of occasions that the `.git` directory of the project I was working on when my laptop went to sleep has become corrupted. `git` won't recognize the directory. I try to rebuild the repository with `git fsck`, but it's usually broken. My `.zsh_history` file has been corrupted at restart, which I've recovered by removing the last line which contains binary nonsense. I run a Linux guest that suffers the same abuse, but does not lose data. My question: If anyone runs FreeBSD in VirtualBox, what VirtualBox settings do you use so that UFS will work correctly and recover recent writes? I'm using UFS built by the install media. % mount /dev/ada0p2 on / (ufs, local, journaled soft-updates) devfs on /dev (devfs, local, multilabel) I'm using the disk and disk controller setup that VirtualBox suggested when when I told it I was building a FreeBSD machine. A single IDE drive on an IDE controller with Use host I/O cache enabled. The VirtualBox documentation says that a virtual SATA controller is preferred if you choose to uncheck Use host I/O cache enabled. http://www.virtualbox.org/manual/ch05.html#iocaching So... * How should I configure my filesystem for maximum durability, since the VirtualBox virtual drives appear to be flaky? I think geom_journal will serve you better for this purpose. Geom journal records everything, that is data and metadata changes. I have used geom journal on my freebsd-current box and it has stood tenths of kernel panics and a few power-offs without a single failure. I haven't researched about the type of controller or other settings since it was never needed to. Occasional full fscks never revealed corruption. Just my 2 cents, HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: svn.freebsd.org over https fails
On 26/2/2013 4:27 πμ, Shane Ambler wrote: On 26/02/2013 08:39, Nikos Vassiliadis wrote: Hi, Since a few weeks connecting to svn.freebsd.org over https fails. Is this deliberate? It used to work... Thanks in advance, Nikos Not sure about it working before but I don't see svn.freebsd.org responding to https now. The two mirrors do respond to https - svn0.us-east.freebsd.org svn0.us-west.freebsd.org If you don't get the two mirrors responding then you are probably using openssl from ports? make sure you update to 1.0.1_8 it fixed svn over https a couple of weeks ago. Oh thanks. I didnt realize that svn.freebsd.org was not the recommended one. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
svn.freebsd.org over https fails
Hi, Since a few weeks connecting to svn.freebsd.org over https fails. Is this deliberate? It used to work... Thanks in advance, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: vnet without epair
On 2/10/2013 1:12 AM, Teske, Devin wrote: On Sat, 9 Feb 2013, Fbsd8 wrote: What I am doing is writing documentation that describes the new 9.1 jail extensions for jail.conf and the rc.conf jail statements. I am going to submit changes to /etc/defaults/rc.conf and as long as I was on the jail subject thought I may as well include vnet because it was missing from /etc/defaults/rc.conf. Thanks for taking this on. Thank you too. The documentation needs updating. This is very welcome. I did google search and could only find 9.0 vnet jails using epair. I'm surprised you didn't find my own page on vnet jails using netgraph: http://druidbsd.sf.net/vimage.shtml I have seen this but I got the idea that it is not in ports(?) and this stopped me from trying. Thanks for your efforts, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: packages listing
On 2/10/2013 8:57 AM, Polytropon wrote: On Sat, 9 Feb 2013 22:52:37 -0800 (PST), Dánielisz László wrote: Hi Everybody, Do you have any idea how can I list those installed packages that are not required by any other? You can use sysutils/pkg_cutleaves to determine those. I use this: #!/bin/sh pkg_info -R '*' | sed -n ' /^Information for /{ N N /Required by:/d s/^Information for \(.*\):\n\n$/\1/p } ' HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: vnet without epair
On 2/10/2013 2:54 PM, Teske, Devin wrote: It's not in ports only because I first wanted to see where jail.conf would take us w/respect to vimages. I see. However, this package not being in ports shouldn't prevented you from trying it -- it's extremely stable and as I mentioned, we've been using it heavily at $work for over 12 months now. When you download the package (*.tgz) and pkg_add it, it installs the following two files only: /etc/rc.d/vimage /etc/rc.conf.d/vimage NOTE: The rc.conf.d file is the documentation on usage If you haven't tried it, then I hope you will because I think the new jail.conf stuff falls short. Don't get me wrong, jail.conf is a great start, but simply adding the ability to manage the vnet aspect of a jail does not make a vimage (what's missing is the built-in support for generating bridges as vimages are brought up/down dynamically). I feel that before I add this to ports I need to reprogram it to use jail.conf (not directly). That will simplify its code and [should] make it smaller. I was somewhat waiting on /etc/rc.d/jail to blaze the trail for me. In short, the landscape has been changing fast enough that it's prevented me from adding this to ports, but in spite of that it's still very much real _and_ real stable. Yes, of course. I will try it and report back to you my findings. What I - nikos - really need from a script like yours is the ability to generate arbitrarily complex topologies with interconnected vnet jails. Something like: abc---d | | hef---g | | i Like a cut-down version of imunes[1] without the need of a graphical user interface. I understand that is not common case and that is why I was always using ad hoc scripts. But one can always hope(or write one himself/herself of course!). 1. http://web.archive.org/web/20120418053250/http://imunes.tel.fer.hr/imunes/ Thanks, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: packages listing
On 2/10/2013 3:09 PM, Teske, Devin wrote: Just curious, why not use pkg_info -Ra instead of pkg_info -R '*' ? Because I didnt know -a;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: vnet without epair
On 2/10/2013 3:56 PM, Teske, Devin wrote: Excellent! This is precisely what I was after when I wrote the vimage package and its contents. I'm familiar with IMUNES and netgraph fits the bill well (especially with ngctl dot being useful in providing visual confirmation when you've achieved the desired network layout -- when ngctl dot | dot -Tsvg -o netgraph.svg starts to look like your IMUNES graph, then you know you're making progress toward having the right configuration). You'll be soon hearing from me then! Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: vnet without epair
On 2/10/2013 4:02 PM, Nikos Vassiliadis wrote: On 2/10/2013 3:56 PM, Teske, Devin wrote: Excellent! This is precisely what I was after when I wrote the vimage package and its contents. I'm familiar with IMUNES and netgraph fits the bill well (especially with ngctl dot being useful in providing visual confirmation when you've achieved the desired network layout -- when ngctl dot | dot -Tsvg -o netgraph.svg starts to look like your IMUNES graph, then you know you're making progress toward having the right configuration). You'll be soon hearing from me then! Hi Devin, A request. Could you create a pkgng package as well? 10 has switched to pkgng... Thanks in advance, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: vnet without epair
On 2/9/2013 5:57 PM, Fbsd8 wrote: Has any one been able to get RELEASE 9.1 to enable jail vnet without having to use epair? Yes, you can use vnet-enabled jails with several types of interfaces. Physical ones like em0 etc, virtual ones like vlan0 etc, netgraph ethernet-like interfaces like ngeth etc and if_epair interfaces. What all these have in common is that they all are ethernet-like. You don't mention what kind of use and more or less most interfaces are usable in a vnet jail. Could you share more on what you are trying to achieve? Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
assigning values to variables in the background
Hi, A bit of an OT question. I am writing a bourne shell script that collects data from a router. Since netstat vmstat can run for a numbers of iterations I thought I would use just that: stats() ( nstats=`netstat -I ng0 -q 1 60 | tail -1` rawdata=`vmstat -c 2 60 | tail -1` wait ... The logic was: 1. run the first process in the bg 2. run the second process 3. wait to make sure the first process has finished 4. continue further It makes perfect sense why this doesn't work. Both commands run in the foreground. I am going to split the time between netstat and vmstat. So, it will be 30 seconds of netstat and 30 seconds of vmstat. But I am still interested/curious how one should go for this using the shell. So, can this be done without files? Any thoughts? Thanks, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: assigning values to variables in the background
On 1/15/2013 9:30 PM, Greg Larkin wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 1/15/13 12:42 PM, Nikos Vassiliadis wrote: Hi, A bit of an OT question. I am writing a bourne shell script that collects data from a router. Since netstat vmstat can run for a numbers of iterations I thought I would use just that: stats() ( nstats=`netstat -I ng0 -q 1 60 | tail -1` rawdata=`vmstat -c 2 60 | tail -1` wait ... The logic was: 1. run the first process in the bg 2. run the second process 3. wait to make sure the first process has finished 4. continue further It makes perfect sense why this doesn't work. Both commands run in the foreground. I am going to split the time between netstat and vmstat. So, it will be 30 seconds of netstat and 30 seconds of vmstat. But I am still interested/curious how one should go for this using the shell. So, can this be done without files? Any thoughts? Thanks, Nikos Hi Nikos, As far as I can tell, the backticks are what's causing the problem. Even though you put the first command in the background (maybe with the inside the backticks, though), the assignment to the nstats variables causes the script to block. If you switch to using temp files, you may have more luck, e.g.: netstat -w 1 -I ng0 -q 60 | tail -1 /tmp/netstat.$$ npid=`echo $!` vmstat -w 2 -c 60 | tail -1 /tmp/vmstat.$$ vpid=`echo $!` wait $npid nstats=`cat /tmp/netstat.$$` rm -f /tmp/netstat.$$ wait $vpid rawdata=`cat /tmp/vmstat.$$` rm -f /tmp/vmstat.$$` Yes, this looks probably like something I will use too. Just for the fun of it and using a separator(Robert's idea), I came up with this: delay=10 a=$( ( echo netstat `netstat -I ng0 -q 1 $delay | tail -1` netstat ) ( echo vmstat `vmstat -c 2 $delay | tail -1` vmstat ) ) echo $a If someone else has something else to add I'll be glad to hear it, no matter how crazy! Thanks for your answers Greg Robert, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipfwNG project?
On 12/4/2012 4:24 PM, Rick Miller wrote: I came across the wiki doc for ipfwNG (http://wiki.freebsd.org/IpfwNg) and wondered if any of the concepts of this project are currently being developed for FreeBSD and when we might start seeing those concepts included in releng/ code. Hi, I would ask first ipfw@, then net@ and last and most importantly the author of the wiki page directly. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: List all hard drives on system (with capacities)... How?
On 12/7/2012 1:34 AM, Tim Daneliuk wrote: On 12/06/2012 05:30 PM, Ronald F. Guilmette wrote: I'd like to write a small program or shell script that simply lists all of the physical hard drives attached to the local system, along with their product identifiers and their respective capacities. The following simple script works well for both PATA/SATA and USB hard drives, but it does not list drive capacities: #!/bin/sh atacontrol list | grep ': ad[0-9]' | sed 's/^.*: //' camcontrol devlist | grep '(da[0-9]' | sed -E 's/^(.*) \((da[0-9]+).*$/\2 \1/' How can I modify the script above in order to get it to print out the respective drive capacities? Look into fdisk -s I think fdisk should need a valid partition table, or not? diskinfo works nice with all disk-like devices be it a physical disk, a slice, a partition, a swap-backed device etc. Its output is easily parsable using a single line per device and if you use -v you will get the same info in human-readable form. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /usr/sbin/ppp doubling connections on tun0
On 11/20/2012 2:49 AM, andrew clarke wrote: I'm using /usr/sbin/ppp for PPPoE over an ADSL modem in bridged mode: # ifconfig tun0 tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST metric 0 mtu 1492 options=8LINKSTATE inet 203.217.27.170 -- 203.215.15.252 netmask 0x inet 203.214.46.107 -- 203.215.7.251 netmask 0x Opened by PID 49158 What would cause this? Notice the two IP addresses assigned to the same interface. It should just have one address assigned. Yes, I think this is caused by NAT. It seems that this is feature: iface-alias Default: Enabled if -nat is specified. This option simply tells ppp to add new interface addresses to the interface rather than replacing them. The option can only be enabled if network address translation is enabled (``nat enable yes''). With this option enabled, ppp will pass traffic for old interface addresses through the NAT engine (see libalias(3)), resulting in the ability (in -auto mode) to properly connect the process that caused the PPP link to come up in the first place. Disabling NAT with ``nat enable no'' will also disable `iface-alias'. One could say that it's a surprising one! But, yes, is deliberate. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: fsck on a mounted fs as read-only
On 5/31/2012 12:19 PM, dmi...@zhigulinet.ru wrote: Good afternoon. Could not tell whether you can run fsck on checking mounted file system as read-only, if prior to that with which the parameters ftp # mount ... / dev/aacd0 on / var / ftp (ufs, NFS exported, local, read-only) Could you copy paste the exact lines? The / dev/aacd0 on on / var / ftp parts make no sense to me. It should be: some_dev on some_dir (ufs, NFS exported, local, read-only) Launched with these parameters and this is what gives ftp # fsck -yf / dev/aacd0 ** / Dev/aacd0 (NO WRITE) ** Last Mounted on / var / ftp ** Phase 1 - Check Blocks and Sizes As I understand it does not fix the fsck filesystem. fsck filesystem_goes_here for example fsck /dev/ada0s1a or fsck mount_point_goes_here for example fsck / You are probably trying to fsck the wrong device... Rebooting to single user and fscking the RO mounted / fs works as usual. Please provide more info. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Regarding PCI-E error display in FreeBSD
On 5/23/2012 1:45 PM, subramani.p wrote: Does FreeBSD has provision to display PCI-E errors. we are observing a FreeBSD OS hang while performing a phy break of an expander during IOs on the drives attached to the expander. The same test when run under linux we could see Linux OS popping up PCIe related error messages which was detected through their AER module. Please help me in understanding if there are any such modules in FreeBSD through which PCIe related error message can be viewed. Hi, Check if this helps: http://lists.freebsd.org/pipermail/freebsd-current/2012-May/033734.html Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: VLANs, default route not working on boot
On 4/20/2012 9:54 PM, Chad M Stewart wrote: cloned_interfaces=vlan4 vlan7 ifconfig_vlan4=inet 192.168.4.21 netmask 255.255.255.0 vlan 4 vlandev em0 ifconfig_vlan7=inet 192.168.7.21 netmask 255.255.255.0 vlan 7 vlandev em0 ifconfig_vlan7=alias 192.168.7.31 netmask 255.255.255.255 ifconfig_vlan7=alias 192.168.7.41 netmask 255.255.255.255 ifconfig_vlan7=alias 192.168.7.41 netmask 255.255.255.255 ifconfig_vlan7=alias 192.168.7.51 netmask 255.255.255.255 ifconfig_vlan7=alias 192.168.7.61 netmask 255.255.255.255 ifconfig_vlan7=alias 192.168.7.71 netmask 255.255.255.255 defaultrouter=192.168.7.1 This is not the correct syntax. From the rc.conf manual page: ipv4_addrs_ed0=192.0.2.129/27 192.0.2.1-5/28 It is also possible to add IP alias entries using ifconfig(8) syntax. Assuming that the interface in question was ed0, it might look something like this: ifconfig_ed0_alias0=inet 127.0.0.253 netmask 0x ifconfig_ed0_alias1=inet 127.0.0.254 netmask 0x HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Token Ring (really)
On 4/8/2012 4:41 PM, Jay West wrote: Adam wrote... Otherwise, it's time to abandon steamships for airplanes. Sounds like you have a primed business opportunity just waiting to be exploited. --- Actually, this is for a historical re-creation project. Airplanes would be entirely inappropriate for a historical display, so steamships it is. Last I checked, there was no primed business opportunity in doing something for non-profits (museums, etc.) :) I guess I'll have to see how tough it would be to yank the TR code from 7x and get it running under 9x. Probably above my skillset, but I'll have a looksee. J Hi, You could try finding an ethernet to token ring translating bridge, though I am not aware of the budget will need - or if you'll find one anyways. Just a thought, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: some kind of binary sed(1) command
On 2/2/2012 8:22 AM, Matthias Apitz wrote: Hello, I have a normal ASCII file wich has in some places two lines of '*', separated by an empty line, i.e. \n *\n \n *\n \n and I want to substitute the \n between the star lines by \f; the 'binary' sed command would just be s/*\n\n*/*\n\f*/ which ofc does not work with sed(1) because it is line oriented; I could write something in perl, C, awk or whatever language, but I would prefer to do it with the normal commands... any ideas? Thanks matthias Perhaps, something like this: raidmadi% sed '/\*\*\*\*/{ N;N;s/\(\*\*\*\*\n\)\(\n\)\(\*\*\*\*\)/\1\\f\ \3/; }; ' \f foo foo Keep in mind that I am using zsh which allows you to write multi-line commands. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: can not destroy ng interface
On 1/12/2012 7:53 AM, Коньков Евгений wrote: Hi, Freebsd-questions. # ifconfig ng0 ng0: flags=88d1UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST metric 0 mtu 1400 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL meta-up# ifconfig ng0 destroy ifconfig: SIOCIFDESTROY: Invalid argument why I can not destroy interface? The destroy ifconfig command is meant to be used on clonable interfaces. You can destroy a netgraph node using ngctl. Try 'ngctl kill ng0:'. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 2 distinct DSL lines with same endpoint (8-STABLE)
On 1/9/2012 10:20 PM, Christoph Egger wrote: Hi all! I'm having a FreeBSD 8 gateway that is supposed to do NAT/firewall stuff with internet coming through 2 distinct DSL modems from the same carrier. Unfortunately I can only run ppp on one of these lines as the endpoint address for both lines are the same so bringing up the second line fails in | PPp ON elephant Warning: tun1: AIFADDR X.X.X.X - Y.Y.Y.Y returns -1 | Warning: iface add: ioctl(SIOCAIFADDR, X.X.X.X - Y.Y.Y.Y): File exists | Error: ipcp_InterfaceUp: unable to set ip address Where Y.Y.Y.Y is already also used for the other ppp connection. This seems to be a known Problem with FreeBSD ppp (google turns up some results) but I haven't found any usefull workarounds. Can anyone suggest some way to get this kind of setup working? You need equal cost multipath routing support to do this. The *correct* way is to build a kernel with option RADIX_MPATH and then add more than one routing entries to the same destination, in your case: a.b.c.d - e.f.g.h i.j.k.l - e.f.g.h 0.0.0.0/0 via tun0 0.0.0.0/0 via tun1 There is also a hackish way to achieve the same thing by: changing the peer's address to something else arbitrary and using a firewall to forward there packets. The first ppp on tun0 will be: a.b.c.d - e.f.g.h You'll change it to a.b.c.d - 192.168.90.1 The second ppp on tun1 will be: i.j.k.l - e.f.g.h Then you'll use your favorite firewall to send packets to 192.168.90.1 and e.f.g.h. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Forward error correction routines?
On 12/14/2011 5:45 AM, Dennis Glatting wrote: I am looking for /any/ forward error correction code under FreeBSD, whether Hamming Codes, Golay Codes, Reed-Solomon, BCH codes, etc. or convolution encoders/decoders. All I've found is: * libfec, which only runs under i386 (I am 64 bit), and * reed-solomon, which is merely a library and no executables. Is there any usable utilities? Clue please. You could try this: http://users.softlab.ntua.gr/~ttsiod/rsbep.html It is meant to be used with storage devices and does interleaving so it can recover a lost sector. Hint: the decoded output contains garbage at the end, you have to use the included utility(or dd) to get the correct file size. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Disabling geom_journal
On 12/13/2011 5:59 PM, Vincent Hoffman wrote: Hi all, I'm sure I have seen this come up before but a google doesnt help. I am trying to disable gjournal on a disk so i can move to suj as part of moving on to the 9.x series, I have umounted the FS but when i try to stop the journal it automatically starts it on the gtpid of the device and if i stop that it goes back to the original device name. [root@ostracod ~/doc]# gjournal list Geom name: gjournal 2909580316 ID: 2909580316 Providers: 1. Name: ada1p2.journal Mediasize: 494739118080 (460G) Sectorsize: 512 Mode: r0w0e0 Consumers: 1. Name: ada1p2 Mediasize: 495812860416 (461G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 17408 Mode: r1w1e1 Jend: 495812859904 Jstart: 494739118080 Role: Data,Journal [root@ostracod ~/doc]# gjournal stop ada1p2.journal [root@ostracod ~/doc]# gjournal list Geom name: gjournal 2909580316 ID: 2909580316 Providers: 1. Name: gptid/9e1798be-b5f3-11de-a1eb-00012e273257.journal Mediasize: 494739118080 (460G) Sectorsize: 512 Mode: r0w0e0 Consumers: 1. Name: gptid/9e1798be-b5f3-11de-a1eb-00012e273257 Mediasize: 495812860416 (461G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 17408 Mode: r1w1e1 Jend: 495812859904 Jstart: 494739118080 Role: Data,Journal Any idea how to stop this without setting kern.geom.label.gptid.enable=0 in my loader.conf and rebooting? You don't have to reboot, just set kern.geom.label.gptid.enable to zero, gjournal stop ada1p2, gjournal clear ada1p2 and re-enable gptid labels. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Do you run OSSEC on 9.0?
Since /dev contains a special filesystem which cannot be used for simple files and directories, I would say that the IDS needs some knowledge about it and generic file-checking rules don't apply there. This sounds like a false alert, something must have changed from 8 to 9 and/or the ossec port (and/or ossec signatures). Disclaimer: I am not an ossec user! Nikos On 11/24/2011 11:04 AM, Odhiambo Washington wrote: Getting the same too, since I upgraded my 8.2 - 9.0-PRE. Would be interested in the answers too. On Thu, Nov 24, 2011 at 10:32, Rossbasarev...@gmail.com wrote: I am getting emails about hidden files in /dev. Before that (on 8.2) everything was OK. What should I do? OSSEC HIDS Notification. 2011 Nov 24 08:17:25 Received From: coffin-rootcheck Rule: 510 fired (level 7) - Host-based anomaly detection event (rootcheck). Portion of the log(s): Files hidden inside directory '/dev'. Link count does not match number of files (9,27). --END OF NOTIFICATION ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: radiusd-cistron
On 11/19/2011 10:38 PM, Jim Pazarena wrote: I recently switched from FBSD 7.0 i386 to FBSD 8.2 amd64 my radius only sees garbage in place of the password, so no one can authenticate. Since I changed both OS (7.0-8.2) AND platform (i386-amd64), I am unsure where to start looking for an encryption problem. Any suggestions would be appreciated. Yes, I could switch to freeradius, but would that change/help an encryption issue? I am not sure if cistron works correctly on 64bit architectures. Is plain text authentication working? Cistron is unmaintained, but there is a very low traffic mailing list, you could ask there. http://lists.cistron.nl/mailman/listinfo/cistron-radius HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Very large swap
On 10/14/2011 8:08 AM, Dennis Glatting wrote: This is kind of stupid question but at a minimum I thought it would be interesting to know. What is the limitations in terms of swap devices under RELENG_8 (or 9)? A single swap dev appears to be limited to 32GB (there are truncation messages on boot). I am looking at a possible need of 2-20TB (probably more) with as much main memory that is affordable. The limit is raised to 256GB in HEAD and RELENG_8 http://svnweb.freebsd.org/base?view=revisionamp;revision=225076 I am working with large data sets and there are various ways of solving the problem sets but simply letting the processors swap as they work through a given problem is a possible technique. I would advise against this technique. Possibly, it's easier to design your program to user smaller amounts of memory and avoid swapping. After all, designing your program to use big amounts of swapped out memory *and* perform in a timely manner, can be very challenging. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Turning system accounting data into money
On 10/11/2011 5:06 PM, Polytropon wrote: This is _not_ a spam message trying to sell something stupid to the list. I'm just searching for a solution to turn consumed computing resources into a number and a currency symbol. :-) Reason: A growing amount of (my) customers seems to like this concept: They speed a low fee for access to systems and applications, and they want to pay according to what they did with that system. The access fee covers access and some basic services (backup quota), and for anything more advanced they want to be charged per units used, or per consumed resources. This can be dialog time (SSH), disk I/O, disk occupied, pages printed (can happen) or pages required to print on exceptional specific forms (can happen once or twice a year and is charged with an additional fee for fold, staple mutilate). Sounds stupid? I have _real_ customers intendedly requesting that payment model (instead of just pay amount n Euro a month and do whatever you like). Accidentally, I remembered history. So I thought: This funcitonality has been present on UNIX systems for many decades. But _how_ to use it? I know there's the command set for accounting, for example the ac command. But what does its output total 7264.15 mean? There also are acct (process accounting), sa (for system accounting) and pac (for printer accounting, just dooesn't seem to work with CUPS). I'd also like to use the /etc/csh.logout resp. ~/.logout mechanism. When a user logs in, he will be presented the program he uses (or a menu, in case he uses different ones). This can also be a regular remote desktop session. When he logs out, a message should be displayed that informs him how much will be charged for the session. At the end of the month, he should get an invoice with the proper accumulated amount. For example, if a user wishes to issue a make a backup _now_, because I intendedly want _this_ current state backed up _now_, this will be seen as additional I/O load and disk occupation (because it's handled aside of the regular backup runs that should be part of the basic package charged with the conneciton fee). Or as I said, he issues printing for stuff he cannot print at home, so he will be charged for 500 pages. And in case he transfers 10 GB data in, and 10 GB data out, he will be charged for that traffic, as well as for the I/O. The sessions in questions will be SSH sessions (text mode) as well as SSH/X sessions (remote desktops). Maybe someone already uses something similar he wants to share? Suggestions and inspirations are welcome. Yes, the builtin accounting facilities do most of the stuff you are interested in. Just add 'accounting_enable=YES' in your /etc/rc.conf, run '/etc/rc.d/accounting start' and use sa to examine the output. I believe the per-user accounting will fit the bill nicely. You did not mention jails, right? The networking part perhaps can be a firewall's job, though I don't know if the per-user IP traffic rules work properly. There were some problems regarding this ages ago... The builtin printing stuff I believe is for use with the ancient printing tools and I know nothing about CUPS... Hey, these are pretty old stuff you are looking for or perhaps this email was stuck in the mail server's queue for 25 years;) HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: need help with pf configuration
On 10/9/2011 10:39 AM, Victor Sudakov wrote: Patrick Lamaiziere wrote: I have a configuration with 2 inside interfaces, 1 outside and 1 dmz interface. The traffic should be able to flow 1) from inside1 to any (and back) 2) from inside2 to any (and back) 3) from dmz to outside only (and back). I need no details, just a general hint how to setup such security levels, preferably independent of actual IP addressses behind the interfaces (a :network macro is not always sufficient). You may use urpf-failed instead :network urpf-failed: Any source address that fails a unicast reverse path forwarding (URPF) check, i.e. packets coming in on an interface other than that which holds the route back to the packet's source address. Excuse me, I do not see how this is relevant to my question (allowing traffic to be initiated from a more secure interface to a less secure interface and not vice versa). What if you combine macros and lists? The ruleset below seems scalable to any number of interfaces. inside1 = em1 inside2 = em2 dmz = em0 insides = { $inside1:network $inside2:network } pass in on $dmz from $dmz:network to any block in on $dmz from any to $insides This expands nicely to: lab# pfctl -vf te inside1 = em1 inside2 = em2 dmz = em0 insides = { em1:network em2:network } pass in on em0 inet from 192.168.73.0/24 to any flags S/SA keep state block drop in on em0 inet from any to 10.0.0.0/29 block drop in on em0 inet from any to 192.168.56.0/24 HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: disappearing files
On 7/28/2011 10:15 AM, ad...@prnet.org wrote: Hi, I am using FreeBSD 8.2 with an UFS filesystem containing a jail. I do a tar of the whole jail every night. Suddenly after a few weeks of operation, tar complains about being unable to stat /usr/lib/libmilter.so. From inside the jail: ls /usr/lib | grep ^libmilter.so$ returns libmilter.so ls /usr/lib/libmilter.so returns ls: libmilter.so: No such file or directory ls -l /usr/lib /dev/null returns ls: libmilter.so: No such file or directory Trying to access the file from the main system gives the same result. A reboot returns everything to normal. Exactly the same also appeared on another machine some time ago, the only difference was that it appeared on another file. Does anyone know what can cause this problem ? File system corruption would cause such behavior. And/Or perhaps something is wrong with the underlying disk device. I would search the logs for messages indicating that the storage medium is failing. Does dmesg contain anything related? I would also unmount and fsck the file system. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can gpart create ntfs and FAT-32 partitions?
On 7/28/2011 7:55 AM, Kevin Oberman wrote: I want to create a GPT disk structure that has the following partitions: MBR NTFS (1.2G) NTFS (200G) FreeBSD OS (250G) NTFS (15G) FAT-32 (100G) (needs to be RW for W7 and FreeBSD and ntfs-3g is just not stable enough) FreeBSD data only (380G) The NTFS partitions are to place the Windows7 system, recovery partition (which I may not use), and Lenovo's odd SYSTEM_DRV that is required for booting. gpart has no indications of how to create an NTFS or FAT partition. Any way to so this? Or, should I use W7 to do that and leave the space for the FreeBSD ones? No, you can do this with gpart. gpart knows the following MS related GUIDs. The types you need to use in -t are ms-basic-data, ms-ldm-data etc. { ms-basic-data, G_PART_ALIAS_MS_BASIC_DATA }, { ms-ldm-data, G_PART_ALIAS_MS_LDM_DATA }, { ms-ldm-metadata, G_PART_ALIAS_MS_LDM_METADATA }, { ms-reserved, G_PART_ALIAS_MS_RESERVED }, { ntfs, G_PART_ALIAS_MS_NTFS }, I don't know which partition types you should use for the wanted partitioning scheme. The struct that defines the known gpart GUIDs is in /sys/geom/part/g_part.c at line 69(on HEAD). HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ARP tables in FreeBSD (vs Linux)
On 5/23/2011 10:46 PM, Rogelio wrote: I found that a certain Linux gateway was having a difficult time with thousands of ARP entries (about 13K concurrent ARP entries in 10 min from ISP subscribers), so I put it behind a Cisco 7201 router and added an IP helper to the interface. Now it seems to be working much much better. Was the rate of ARPs the problem? Or the size of the ARP table? Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: VIMAGE in fbsd 9.0
On 5/15/2011 7:49 PM, Fbsd8 wrote: What is the current status of VIMAGE in Freebsd 9.0? I *think* all VIMAGE related code in 9.0 has been merged to 8-STABLE. It is still tagged experimental. Most things work. Is there something that doesn't work for you? Is VIMAGE going to be included in the basic 9.0 release as part of the default kernel? Speaking unofficially, VIMAGE will not be in the GENERIC kernel for 9.0-RELEASE. It will be tagged stable first, remain an optional feature for some time and then I think there is the possibility of appearing in the GENERIC kernel. I believe that's not going to happen soon, if ever. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can I bridge the same subnet across a VPN?
On 5/5/2011 12:24 AM, David Brodbeck wrote: The problem I've always found with bridged solutions is they don't cope well under heavy traffic loads when the VPN link is slower than the LANs they're bridging between. And the VPN link is usually slower if it's over a WAN. The link tends to get saturated. There is no inbuilt reason why a L2 VPN is more easily saturated than a L3 VPN. After all protocols doing bulk transfers should - and mostly - use TCP which autotunes the rate of sent packets. And TCP should be able to saturate the lower-bandwidth link of the whole path. That's normal and desirable. Some care must be taken with the broadcast and multicast traffic which goes through the L2 VPN. Just my 2 cents, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: lockf command
On 4/13/2011 12:08 PM, Bastien Semene wrote: I wish that if command #2 can't acquire the lock, lockf exits (exit 0 would be nice). If I set -t 1, lockf is quite what I'm waiting for. But I like to do this in a clear way : if it can't acquire the lock it exits, no timeout wait. Am I misunderstanding something ? What should I change ? You should use -t0, something like: lab# lockf -t 0 /tmp/lock /bin/csh You have mail. lab# lockf -t 0 /tmp/lock /bin/csh lockf: /tmp/lock: already locked lab# echo $? 75 lab# HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Strange behavior of MTU on loopback interfaces.
On 2/25/2011 9:29 AM, c0re wrote: Hello all! I'm testing setting lower MTU on loopback interfaces to avoid some MTU problems with IPSEC in a path of traffic. ifconfig lo1 create ifconfig lo1 mtu 1300 ifconfig lo1 5.5.5.5/32 # ifconfig lo1 lo1: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 1300 inet 5.5.5.5 netmask 0x #ifconfig em0 em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=9bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM ether 12:ac:29:7c:fa:39 inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 media: Ethernet autoselect (1000baseTXfull-duplex) status: active And I set only one Listen 5.5.5.5:80 in http.conf in apache 2.2 # sockstat -4 | grep 80 www httpd 96843 3 tcp4 5.5.5.5:80*:* www httpd 96838 3 tcp4 5.5.5.5:80*:* www httpd 96837 3 tcp4 5.5.5.5:80*:* www httpd 96836 3 tcp4 5.5.5.5:80*:* www httpd 96835 3 tcp4 5.5.5.5:80*:* www httpd 96834 3 tcp4 5.5.5.5:80*:* root httpd 96833 3 tcp4 5.5.5.5:80*:* I run tcpdump -ni em0 port 80. And made telnet 5.5.5.5 80 from other host and saw something wrong. 10:26:01.640866 IP 10.0.0.2.57553 5.5.5.5.80: S 1049284626:1049284626(0) win 65535mss 1460,sackOK,eol 10:26:01.640902 IP 5.5.5.5.80 10.0.0.2.57553: S 2144222949:2144222949(0) ack 1049284627 win 65535mss 1460,sackOK,eol 10:26:01.642632 IP 10.0.0.2.57553 5.5.5.5.80: . ack 1 win 65535 5.5.5.5:80 said that it has got tcp mss 1460. Why? I was waiting for something like 1260. It uses the MTU of the outgoing path, which is 1500. You change the MTU for specific paths, using route and the mtu modifier. Like this: lab# ifconfig em0 em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=9bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM ether 08:00:27:17:c3:de inet 192.168.73.193 netmask 0xff00 broadcast 192.168.73.255 media: Ethernet autoselect (1000baseT full-duplex) status: active lab# route change 192.168.73.0 -mtu 1100 change net 192.168.73.0 lab# route -n get 192.168.73.0 route to: 192.168.73.0 destination: 192.168.73.0 mask: 255.255.255.0 interface: em0 flags: UP,DONE,STATIC recvpipe sendpipe ssthresh rtt,msecmtuweightexpire 0 0 0 0 1100 1 0 lab# All packets going to 192.168.73.0/24 will use IP packet sizes up to 1100. IMHO it's better to leave the physical interface's MTU unchanged and use the routing subsystem to define the maximum IP packet size per path. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Tuning routing table size in FreeBSD 8.0 and 7.2
On 2/24/2011 4:51 PM, Damien Fleuriot wrote: On 2/24/11 3:00 PM, nikitha wrote: Hi, Could you plz share the information on the maximum number of routes that can be added (by default) in FREEBSD 8.0/7.2 kernel? In Linux the sysctl rt_max_size is used. Is there a similar tunable parameter in freeBSD? [snip] I could not find a sysctl that matched what you're looking for. AFAIK, the routing table is limited only by the amount of RAM you can allocate to it. Yes. You can use vmstat -z | grep rtentry to examine it. It seems trivial to add a limit there(without having thought of multiple routing tables and vnet). Out of curiosity, why would you want such a limit? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to label a GELI device
J. Porter Clark wrote: I have an encrypted partition, /dev/da0s1d. I can use geli attach da0s1d and obtain a device /dev/da0s1d.eli, which is a UFS filesystem. All that works just fine. I'd like to label /dev/da0s1d so that I don't have to refer to the exact drive number, etc., which might change if I reboot with a USB stick in the system or whatever. But glabel puts the label in the last sector, which is where GELI stores metadata. You don't have to worry about this. geli uses the last sector for its metadata and creates a device with one sector less to its clients. The original device is 2048 sectors, the device geli provides is 2047 sectors: moby# diskinfo /dev/md0 /dev/md0.eli /dev/md0512 1048576 20480 0 /dev/md0.eli512 1048064 20470 0 There is no way for the internal GEOM to mess with the external's metadata. So, how do I make this work? glabel apart from the generic device labeling, supports UFS labels which are *part* of the filesystem, that is, you *don't* have external metadata living in a sector outside the filesystem. Check tunefs manual page and specifically the -L option. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FTP server link aggregation
On 12/15/2010 3:11 PM, Matthew Law wrote: I have a single FreeBSD box acting as an FTP server for multiple FreeBSD and Linux clients on the same /24 subnet (all gigabit ethernet). It is currently connected by just one of it's two gig ethernet ports. I also have two cisco switches with an etherchannel between them (using 2 x gig ports on each switch). I would like to connect the remaining NIC on my FreeBSD box to the other switch and enable 802.3ad on those switch ports to aggregate traffic between them. This is in the hope that it can better serve multiple FTP clients. Is my thinking correct? Other than the network interface changes which are documented here: http://www.freebsd.org/doc/handbook/network-aggregation.html are there any further tweaks I could make to improve things? -the server is a 'standard install' and does not use ZFS. It has an adaptec 5408 RAID card with 4 x SATA II drives and, IIRC, 128K stripe size and plenty of RAM. Is there a way of testing this other than initiating large file transfers to this server from multiple hosts? A simple ping from multiple sources to your server will do. LACP will associate each SRCMAC and DSTMAC pair to one physical interface. Creating traffic with many different SRCMAC and DSTMAC pairs will use both physical interfaces. But, I do vaguely remember that if_lagg was not able to perform at 2 * 1Gbps level. Use systat -ifstat to check what's happening and please, post your performance findings to the list! HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can a home LAN server use a jail as a router?
On 12/7/2010 8:15 PM, Xn Nooby wrote: I hope this helps you in your investigation(s). Yes, thank you and the previous poster. It sounds like my outer box needs to be the router, and everything else should be a jail. I will do some more reading up on jails. Thanks! You can create infinitely complex network topologies, using vnet jails. Check the URLs below to get the picture: http://imunes.tel.fer.hr/virtnet/eurobsdcon07_tutorial.pdf http://wiki.freebsd.org/Image/VNETSamples Just my 2 cents, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipfw fwd and ipfw allow
On 9/7/2010 5:52 PM, Victor Sudakov wrote: A packet generated locally 1) should be forwarded by a 'fwd' rule and 2) should create a dynamic 'allow' rule for returning traffic. Could you please suggest a ruleset for this. The fw has the 10.0.0.1 IP address. The 10.0.0.100 IP address belongs to another computer running a TCP service at . The IPFW rules: fw# ipfw list 00100 fwd 10.0.0.100 tcp from any to 10.90.10.3 dst-port keep-state 00200 deny ip from any to any 65535 allow ip from any to any Trying to connect to TCP 9998 fails because of rule 200: fw# nc -v 10.90.10.3 9998 nc: connect to 10.90.10.3 port 9998 (tcp) failed: Permission denied While trying to connect to TCP succeeds and creates a IPFW state: fw# nc -v 10.90.10.3 Connection to 10.90.10.3 port [tcp/*] succeeded! ^Z Suspended fw# ipfw -d show 00100 61 3315 fwd 10.0.0.100 tcp from any to 10.90.10.3 dst-port keep-state 00200 45 2644 deny ip from any to any 65535 00 allow ip from any to any ## Dynamic rules (9): 00100 2 112 (292s) STATE tcp 10.0.0.1 27320 - 10.90.10.3 fw# HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipfw fwd and ipfw allow
On 9/7/2010 12:00 PM, Victor Sudakov wrote: Am I asking something unreasonable? Not really, but if you ask, one could say that IPFW is a first match wins firewall, so a fwd or an allow action would be the terminal one. You must design your rules accordingly. There is also the skipto action which can alter the way packets flow through the rules. Could you describe in a conrete example what you're trying to achieve? HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipfw fwd and ipfw allow
On 9/7/2010 2:00 PM, Victor Sudakov wrote: Nikos Vassiliadis wrote: Am I asking something unreasonable? Not really, but if you ask, one could say that IPFW is a first match wins firewall, so a fwd or an allow action would be the terminal one. You must design your rules accordingly. There is also the skipto action which can alter the way packets flow through the rules. Could you describe in a conrete example what you're trying to achieve? I want forwarded packets to create a dynamic allow rule. You can combine fwd and keep-state. Could you be more specific? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Routing Question
On 8/27/2010 9:09 PM, Doug Hardie wrote: On 27 August 2010, at 05:07, Patrick Lamaiziere wrote: Le Thu, 26 Aug 2010 18:17:19 -0700, Doug Hardiebc...@lafn.org a écrit : PF's route_to will return the packets to the proper router, but I have not been able to figure out which ones those would be. The source IP address can be any on either network and its highly likely that we will see packets from the same source network on both at the same time. The only distinction I see in the input packets between the two paths is the MAC address of the router. I don't see any way in pf or the system to use that to affect the return path though. the filter option reply-to looks to be what you need. It works by keeping the state of a connection (see pf.conf(5)). That works great on the output if you can figure out which packets to use it on. The only way I can see to separate the traffic is using the router MAC address. I don't find anything in pf that will look at that. Yes, pf cannot use the MAC address to classify a packet. The most sensible sollution would be installing a single router to handle both lines but I know it's not always feasible to do so for several reasons. ipfw can use MAC addresses for classification, perhaps you hack some rules using fwd, skipto and mac. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NATD Question
On 8/27/2010 9:14 PM, Michael J. Kearney wrote: Will natd forward rtmp:// ??? I am sure libalias and natd know nothing about rtmp. freebsd# cat /etc/natd.conf use_sockets redirect_port tcp 192.168.0.3:3389 10.1.10.172:3389 redirect_port tcp 192.168.0.2:1935 10.1.10.172:1935 redirect_port tcp 192.168.0.2:8790 10.1.10.172:8790 redirect_port tcp 192.168.0.2:6000-6100 10.1.10.172:6000-6100 interface fxp0 log Everything else seems to work just fine. What am I doing wrong ? Some protos need special handling when an IP address is changed. Are you sure rtmp can be redirected only by changing the destination address? Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: any shortcuts to doc to ascii?
Polytropon wrote: On Thu, 27 May 2010 16:36:08 -0700, Gary Kline kl...@thought.org wrote: i don't see any ascii suffix [for OOo]. i saved as .txt. This should be right. The .txt extension refers to ASCII text, at least in standard-compliant operating systems. same krap. the \x94, x9d, \x9c... same with catdoc. i'll try antiword. [forgot about that. ] This makes me believe that the original DOC file has been created with a wrong character set or language setting. Windows - as far as I know - does not use standard locales such as all other systems do, but uses an arbitrary setting. It is a valid UTF-8 encoded text: [...@moby ~]$ python -c 'print Don%c%c%ct % (0xe2, 0x80, 0x99)' | file - /dev/stdin: UTF-8 Unicode text You'll be able to see the character if you fire up a UTF-8 capable terminal with proper locale settings. [...@moby ~]$ LC_ALL=en_US.UTF-8 xterm -u8 After that, just print the char: python -c 'print Don%c%c%ct % (0xe2, 0x80, 0x99)' and use copy paste to pass it to tr to translate it to something else, for example: tr ' ' $file $output Another idea may be that the character that you think should be an apostrophe isn't an apostrophe. I often do see this in german texts with misplaces apostrophes that are in fact accent grave or accent acute, or a character from UTF-8 that just looks like an apostrophe. For example, if the original document contains We don`t and this ` is not a real ', then conversion tools will of course use the escape notation for this unknown character. Indeed, the standard tool for encoding translations, iconv, chocks on this. Yet, it worked when I tried to convert from utf-8 to greek encoding('iconv -f utf-8 -t iso-8859-7'). Some info on the char: http://www.fileformat.info/info/unicode/char/2019/index.htm HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD router - large scale
Svein Skogen (Listmail Account) wrote: Actually, I'd find an answer from the FreeBSD Networking gurus useful as well. My trusted Cisco 3640 is getting old (had it's ten-years-of-service birthday a little while ago), so I guess I must be prepared to replace it with something new. Preferrably something that can do proper NAT port mapping to the inside servers in an RFC1918-adressed DMZ, proper NAT mapping for the client net, incoming VPDN (virtual private dialin network, such as PPTP+MPE and L2TP+IPSEC tunelling), sane IDS in the border-gateway, GRE or IPinIP tunelling with crypto for remote-sites, etc If somebody has a good starting-point for documentation on these features, I'm more than willing to do a procject on it to create a mini-howto/handbook-section on setting up FreeBSD as your border gateway, provided I have someone to ask when the documentation is ... flaky. ;) Although I feel that you'll have to write book to cover all the things mentioned above, I'll try to reply to your question... These is just pointers... Several forms of NAT are supported with the following tools: ipfw pf ipf ng_nat I doubt there is some form of NAT you will miss. the net/mpd5 port can do PPTP, the MPPE part is blurry to me. L2TP is supported for LNS/LAC scenarios. I don't know if you can/how difficult is to combine IPSEC with L2TP. The most famous open source IDS is snort, you'll find it in the ports. For GRE and IPIP read gre and gif manual pages. Again, IPSEC is not integrated to these, yet there is IKE support via ipsec-tools port. You'll have to check for yourself the documentation. Though I can say that all the FreeBSD stuff mentioned above are well documented as usual and there is always this list if you have questions. Good luck replacing the aging Cisco... Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: File system
Eitan Adler wrote: gjournal will replay all write attempts (metadata and data) before the failure, so you should be relatively sure that all writes are done correctly. As I understand it journals work by writing to disk a log of all the changes that have to be made - waits for confirmation that it wrote the data - and then attempts to make those changes. If after the confirmation there is a crash the log file is replayed. Certain virtual machines will report to the OS that it wrote the data to disk before it actually does so. In that case journaling doesn't actually help as the log file is still not on some form of stable storage. I am not an expert on the subject, I thought the journal will replay all logged write attempts and since the number of all write attempts logged in the journal will be much bigger than the number of requests a cache can hold you will be sure that all writes will be done on the filesystem. Again, I am not an expert on the subject... Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: File system
Craig Whipp wrote: On Mon, May 10, 2010 10:53 am, Nikos Vassiliadis wrote: Ansar Mohammed wrote: Hello All, I have a FreeBSD VM running. Whenever I reboot the VM without a clean shutdown it boots into single user mode and I have to run fsck. When I run fsck, the file system clearly has issues. Is there any way to have FreeBSD run on a better file system that wont crap out on me everytime I do and unclean shutdown? I am really surprised no one proposed geom journaling. With gjournal, I never had to do a manual full fsck and have had plenty of unclean shutdowns. I also occasionally do fsck the filesystem and there were no errors ever found. It definitely adds the ease factor I am looking for in a journaling sollution in the case of an unclean shutdown... Correct me if I'm wrong, but since this FreeBSD install is running inside of a VM, in addition to any of the precautions suggested here to get data written or journaled to the disk as safely as possible, isn't there still the issue of whether the VM actuall commits these writes to the physical disk? I guess the time needed for some data to be committed to stable storage will be bigger in a VM environment. But that's always the case, be it a VM, or a disk controller. There will be always some data in-flight, some delay and a cache which will hold your data before they arrive to stable storage. gjournal will replay all write attempts (metadata and data) before the failure, so you should be relatively sure that all writes are done correctly. I think Ansar just want to avoid fsck and gjournal provides that. To ensure real data integrity one should use something else, perhaps ZFS and not a journaling fs. PS: I didn't see your message in time... Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: File system
Ansar Mohammed wrote: Hello All, I have a FreeBSD VM running. Whenever I reboot the VM without a clean shutdown it boots into single user mode and I have to run fsck. When I run fsck, the file system clearly has issues. Is there any way to have FreeBSD run on a better file system that wont crap out on me everytime I do and unclean shutdown? I am really surprised no one proposed geom journaling. With gjournal, I never had to do a manual full fsck and have had plenty of unclean shutdowns. I also occasionally do fsck the filesystem and there were no errors ever found. It definitely adds the ease factor I am looking for in a journaling sollution in the case of an unclean shutdown... Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Extended VLAN?
On 4/14/2010 1:04 AM, Dan D Niles wrote: I have two FreeBSD routers. I would like both locations to share the 10.10.0.0/16 network. If I were using Cisco routers I would use extended VLANs. How would I do that with FreeBSD routers? I already have a tunnel set up and routing different networks in the 192.168.0.0/16 range. Router A: ifconfig em2 inet 192.168.1.1 netmask 255.255.255.0 ifconfig gif0 create 192.168.1.1 192.168.2.1 netmask 255.255.255.0 tunnelrouterA routerB route add 192.168.2.0/24 129.168.2.1 Router B: ifconfig em2 inet 192.168.2.1 netmask 255.255.255.0 ifconfig gif0 create 192.168.2.1 192.168.1.1 netmask 255.255.255.0 tunnelrouterB routerA route add 192.168.1.0/24 129.168.1.1 This routes traffic between 192.168.1.0/24 and 192.168.2.0/24 as I would expect. The docs say I can use a tunnel with a bridge, which seems like it would do what I want. Router A: ifconfig em3 inet 10.10.1.1 netmask 255.255.0.0 ifconfig bridge0 create addm em3 addm gif0 Router B: ifconfig em3 inet 10.10.2.1 netmask 255.255.0.0 ifconfig bridge0 create addm em3 addm gif0 I cannot ping 10.10.2.1 from router A or 10.10.1.1 from router B. Should I be able to use a bridge this way? Am I missing some piece? If I recall correctly the recommended setup is to assign the IP address to the bridge interface and leave the bridge members unnumbered. These problems you are seeing must be some corner case in FreeBSD's routing and/or ARP subsystems. See if assigning the IP to bridge0 helps Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Extended VLAN?
On 4/14/2010 6:38 PM, Dan D Niles wrote: OK, this is weird. I ran wireshark on the destination side (across the bridge). When I try to ping the destination router, the arp request is sent across the bridge, but there is no arp reply. It seems like the destination router is not responding to arp requests that come in over the bridge. Since the router knows that 10.10.0.0/16 is attached to the em3 interface it sends the ARP reply over that interface and not the gif0 one. That ARP reply does not goes to the other side of the bridge as it should. I don't know the reasoning behind it but I have heard it in the past. Perhaps assigning IP addresses to member interfaces of a bridge is probably bad practice (at least regarding the particular implementation). HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sftp server with speed throttling
Dan Naumov wrote: What are my options if I want to run an sftp server with speed throttling? My understanding is that openssh (which includes sftp) in base does not support this directly, so I would have to either use a custom kernel with ALTQ (and I would really rather stick to GENERIC so I can use freebsd-update) which sounds like a bit too much configuration work or pass sftp traffic through PF and throttle it (ugly, would also affect ssh traffic). You could examine the possibility of using ipfw and dummynet: 1) ipfw and dummynet are availabe in the GENERIC kernel. 2) Most of the time you can classify bulk/interactive traffic by examining the packet's length. IP packets carrying sftp traffic tend to be limited by MTU size or PMTU discovery. IP packets carrying ssh traffic tend to be much smaller. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: kernel panic when if_lagg is not loaded.
Leslie Jensen wrote: I have set upp aggregation of my wlan and and wired NIC following the instructions in the handbook. http://www.freebsd.org/doc/handbook/network-aggregation.html I forgot to add the if_lagg_load=YES in /boot/loader.conf. When I rebooted I got a kernel panic. Should this be considerd normal or is it something I should report? No, it's not normal. Please, report it in an explicit way, commands given and/or changes to rc.conf, loader.conf etc. Try first here questions@ and then n...@. Nonetheless I see no such behavior on my system. if_lagg loads automatically when needed(ifconfig lagg create etc). Secondly I see there'a a reference to the lagg(4) man page. I think it would help future readers of the above page if a comment about loading if_lagg_load=YES in /boot/loader.conf would be added. On 8.0-STABLE if_lagg loads automatically and I think it always did load automatically, though I am not sure. What's the FreeBSD version you are working on? Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: kernel panic when if_lagg is not loaded.
Leslie Jensen wrote: I'm on a 8.0-RELEASE-p2 system. Actually after more testing I found out that the line ifconfig_iwn0=ether 00:16:ea:61:01:e8 in my rc.conf is the culprit. If I comment it out the system will start but only with the wired interface working. If you don't comment the line it causes a kernel panic? If that's the case, you should report it to n...@. If you could include a backtrace of the panic, it would be most helpful. I have if_lagg_load=YES in /boot/loader.conf and the following in /etc/rc.conf wpa_supplicant_enable=YES ifconfig_em0=up # ifconfig_iwn0=ether 00:16:ea:61:01:e8 wlans_iwn0=wlan0 ifconfig_wlan0=WPA cloned_interfaces=lagg0 ifconfig_lagg0=laggproto failover laggport em0 laggport wlan0 DHCP /Leslie hm, what you do really matches the process described in the handbook. It should work, please report it. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
is there a native driver for 'Dell Wireless 1397'?
Hi, I am interested in buying a laptop from the Dell Inspiron 15 series. Most of them are having a wifi card branded as 'Dell Wireless 1397'. Is there a driver for this? I would prefer a native driver, but success stories using it with NDIS or other general comments regarding the Dell Inspiron 15 series are welcome. Thanks, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: is there a native driver for 'Dell Wireless 1397'?
On 3/10/2010 12:13 PM, George Liaskos wrote: On Wed, Mar 10, 2010 at 10:05 AM, Nikos Vassiliadisnvass9...@gmx.com wrote: Hi, I am interested in buying a laptop from the Dell Inspiron 15 series. Most of them are having a wifi card branded as 'Dell Wireless 1397'. Is there a driver for this? I would prefer a native driver, but success stories using it with NDIS or other general comments regarding the Dell Inspiron 15 series are welcome. Hello, From a quick google query this card should have a Broadcom BCM43xx chipset. http://www.freebsd.org/cgi/man.cgi?query=bwi Thanks, but I've already done the quick google and the not-so-quick google look. The results were not that positive. Do you know by personal experience that this card is working with bwi driver? Or at least with NDIS and amd64? Thanks, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: is there a native driver for 'Dell Wireless 1397'?
On 3/10/2010 12:41 PM, Leslie Jensen wrote: I bought a Dell Latitude 6500 two years ago. The Dell Wireless was not supported then by FreeBSD. I got an Intel card from Dell instead and the iwn driver works well. http://forums.freebsd.org/showthread.php?t=8041 I guess you have not looked back to 'Dell Wireless 1397' with a recent FreeBSD? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: is there a native driver for 'Dell Wireless 1397'?
On 3/10/2010 1:00 PM, George Liaskos wrote: No, i do not have this card but i trust the man pages :) Me too. Yet I will not buy new/non-mainstream hardware based on the manual. Hence the question... All I am looking for is an I have and it works with FreeBSD-[89] and amd64|x86. I found this post : http://www.linuxquestions.org/hcl/showproduct.php/product/4325/sl/i 0c:00.0 Network controller: Broadcom Corporation BCM4312 802.11b/g (rev 01) Maybe what you find is based on experiences before May 16, 2009? Yes, prior to the 8.0 release. All I find online is about failure and references about the driver being included in FreeBSD-8 branch. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: is there a native driver for 'Dell Wireless 1397'?
On 3/10/2010 10:50 AM, Mario Lobo wrote: I have 8-STABLE amd64 I have a dell vostro 1320 with a 4315 wireless and got it working with the bwn driver from HEAD (svn) and the net/bwn-firmware-kmod port. That's good to hear, thanks! Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Detecting cards in USB card reader
On 2/7/2010 1:28 AM, Mike Clarke wrote: curlew:/root# cat /dev/null /dev/da0 curlew:/root# ls -l /dev/da0* crw-r- 1 root operator0, 176 6 Feb 23:15 /dev/da0 crw-r- 1 root operator0, 129 6 Feb 23:18 /dev/da0s1 I can use this to initialise the card reader but I'd feel more comfortable with something a bit less dangerous looking. While it may feel dangerous, is perfectly safe. There is no way doing an IO operation on a disk-like device using requests othen than multiplies of the physical block which currently is 512 bytes. Opening the disk for writing and trying to do a write request, will just force GEOM to re-examine the device. lab# echo asd | cat /dev/da0 cat: stdout: Invalid argument failed lab# echo /dev/da0 lab# echo $? 1 failed lab# /bin/echo asd /dev/da0 /bin/echo: write: Invalid argument failed Closer look: lab# truss sh -c echo /dev/da0 snip open(/dev/da0,O_WRONLY|O_CREAT|O_TRUNC,0666) = 2 (0x2) dup2(0x2,0x1,0x1b6,0x108,0x2830d040,0x2830235c) = 1 (0x1) close(2) = 0 (0x0) write(1,\n,1) ERR#22 'Invalid argument' failed FreeBSD lost the ability of doing such transparent transformations when the support for block devices went away. Yes, I know, it feels awkward. Apparently, you can easily drop the support for block devices but not the habitual feeling of danger of UNIX tradition. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Cheating OS fingerprinting
On 2/7/2010 3:54 PM, yavuz wrote: Hi all, I want to cheat os fingerprinting tools ( primary nmap) in my freebsd machine. Assume I am using freebsd 8 and I want to be seen as a windows xp machine when someone scans my ports. In order to determine target host's OS, nmap sends seven TCP/IP crafted packets (called tests) and waits for the answer. Results are checked against a database of known results (OS signatures database). If the answer matches any of the entries in the database, it can guess that the remote OS is the same that the one in the database... snip I want to implement a freebsd tool that cheats os fingerprinting. If I recall correctly, honeyd does this and much more. Check net/honeyd. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gjournal on compact flash
On 1/30/2010 1:35 AM, Adam Vande More wrote: There is an rc flags to automatically do a full fsck instead of backgroud, but I am unsure exactly what you mean by user intervention. Practice has shown that while softupdates handle most situations cleanly, they don't handle ALL situations. In short, having to do a blind_yes_to_all full fsck is not an option for me. OTOH a journaling solution like gjournal or softupdates journaling, makes sure that the filesystem will be surely consistent after an ungraceful power cycle. I am not in a hurry and waiting for SUJ to hit the 8 branch seems sensible. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gjournal on compact flash
On 1/28/2010 6:51 PM, Adam Vande More wrote: On Thu, Jan 28, 2010 at 10:42 AM, Nikos Vassiliadisnvass9...@gmx.comwrote: Hi, I am using a 40MB journal on a 500MB compact flash. Would that be sane, or I am causing more harm than good? My concerns are: 1) wear leveling. The journal is on specific part of the disk writing again and again. That should be handled by the CF itself. Though I am not sure it does a good job??? 2) I do care about ungraceful power cycles and I've seen posts on the net, mentioning: More, If you interrupt power at arbitrary times while the device is writing, you can lose the integrity of the file system being modified. The loss is not limited to the 512 byte sector being modified, as it generally is with rotating disks; you can lose an entire erase block, maybe 64K at once. I guess the above comment renders the use of a journaling filesystem useless. But, doing some naive tests, power cycling the machine while writing and checksumming the data after fsck in preen mode, revealed no error. Thanks in advance for any insights, Nikos Soft Updates seem more appropriate for a 500MB CF drive than gjournal. AFAIK, they are a wash in terms of reliability, and gjournal needs to write all data twice meaning it's slower, and increases the wear on the drive. The big drawback to soft updates is the fsck times after an unclean shutdown which really shouldn't be an issue on a 500MB drive. fsck time in my case is not an issue. What concerns me mostly is a situation where user intervention is required. The CF filesystem will be used in a embedded system and should work without user intervention. I too feel that geom journaling is not the best solution for my needs, but softupdates need more attention than gjournal. Perhaps, I should wait for SUJ, which will be in the tree soon. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
gjournal on compact flash
Hi, I am using a 40MB journal on a 500MB compact flash. Would that be sane, or I am causing more harm than good? My concerns are: 1) wear leveling. The journal is on specific part of the disk writing again and again. That should be handled by the CF itself. Though I am not sure it does a good job??? 2) I do care about ungraceful power cycles and I've seen posts on the net, mentioning: More, If you interrupt power at arbitrary times while the device is writing, you can lose the integrity of the file system being modified. The loss is not limited to the 512 byte sector being modified, as it generally is with rotating disks; you can lose an entire erase block, maybe 64K at once. I guess the above comment renders the use of a journaling filesystem useless. But, doing some naive tests, power cycling the machine while writing and checksumming the data after fsck in preen mode, revealed no error. Thanks in advance for any insights, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD + exFAT
On 1/15/2010 3:19 PM, Jerry wrote: I know that this was asked approximately 1 year ago; however, I was wondering if there had been any movement on it. Specifically, getting FreeBSD to recognize the 'exFAT' format. It is becoming a very common format for use on removable drives. It's patented and it probably comes with a multi-page aggrement and a price. Wikipedia (http://en.wikipedia.org/wiki/ExFAT#Licensing) says: Companies can integrate exFAT into a specific group of consumer devices, including cameras, camcorders and digital photo frames for a flat fee. Mobile phones, PCs and networks have a different volume pricing model. The above sound pretty much inappropriate for an open source operating system like FreeBSD. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Buld echo
On 1/12/2010 12:21 PM, Jos Chrispijn wrote: I have 35 log files that I want to flush once a day. In order to keep them exist I now do an 'echo logfile.log' How can I do such in one command having the same effect on all log files? You could use truncate(1). Something like: truncate -s 0 file1 file2 file2 ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: which IP+gateway for Freebsd guest VM in VMware workstation
On 12/27/2009 2:36 PM, Len Conrad wrote: Take a look here: http://www.freebsd.org/doc/en/books/handbook/config-network-setup.html thanks, I've been setting up FreeBSD for 10 years, and have multimple FreeBSD VMs running in several ESXi hosts. Sorry, I didn't mean to offend you. I just didn't know your experience with FreeBSD. [snip] The physical Ethernet adapter has a fixed public IP. I have only one public IP from the ISP. In the VMWare Virtual Network Editor, this i/f is listed as VNnet0, Type Bridged, Connected column is -, and Subnet Address is - [snip] I'd like to stay with bridged. You have only one IP address from your ISP, you can't use bridged, since bridged configuration will connect the guest's ethernet to another physical ethernet and that's all. You'll have to have another IP address to assign to the guest. Since you don't, you have to use some form of NAT to share the host's IP with the guest(s). [snip] ifconfig shows em0 with .98 and correct broadcast IP, but status: no carrier This is interesting, why a virtual ethernet would report no carrier? It probably indicates a hardware problem. Or at least a wrong combination of FreeBSD driver + VMware virtual hardware version. Could you boot another version of FreeBSD just to check if the em interface finds the ethernet's carrier? Assuming that you are trying to install 8.0 release, try the latest from the 7 branch... I recall that there were some problems with FreeBSD-8.0-CURRENT regarding em network interfaces a few months ago, but I never saw them myself and I was a heavy user of VMware workstation the months before 8.0 release. [snip] I'd like to be able to ssh/ftp into the FreeBSD VM from Internet, so I'd prefer to stay away from DHCP for the FreeBSD VM networking. I am not really sure if you can achieve this, without a second IP address from your ISP. Can VMware workstation do any other form of NAT besides translating the host's IP to the guest's IP??? Anyway, investigate a bit more on the no carrier problem and post back to the list. Perhaps, another list that's a good candidate for such questions is: http://lists.freebsd.org/mailman/listinfo/freebsd-emulation Though it mainly is for solutions running *on* FreeBSD, guys and girls there, tend to be knowledgeable about solutions running on *something* and having FreeBSD as a guest OS. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Checksum mismatch -- will transfer entire file
On 12/28/2009 7:46 AM, Victor Sudakov wrote: To cut a long story short, I would rather continue using cvs, perhaps until there is subversion-light in the base system. I use successfully cvs for the same reasons. Most of the time I use the French mirror and I have also used the two USA ones. I haven't bother with Japan and Taiwan, since they're far away. Check this out: http://www.freebsd.org/doc/en/books/handbook/anoncvs.html Most of the time(99%) anoncvs.fr.FreeBSD.org seems to be in-sync with the main repositories... HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Checksum mismatch -- will transfer entire file
On 12/28/2009 11:11 AM, Victor Sudakov wrote: Are you sure you understand me? I was talking about mirroring the whole repository with cvsup/cvsupd protocol, that's where the Checksum mismatch -- will transfer entire file error occurs. Sorry, I missed the part of conversation about cvs mode in cvsup. I thought you were talking about cvs not working... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: which IP+gateway for Freebsd guest VM in VMware workstation
On 12/27/2009 12:10 AM, Len Conrad wrote: VMWare has lots of info how to set up the (Windows XP) VMWare Workstation networking side, but not much on setting up networking in the guest OS. I've tried NAT and bridging, no DHCP, and can't ping anything except the localhost IPs. XP ipconfig shows the fixed IP, plus 2 192.168.c.d IPs from VMnet1 and VMnet8. I'm sure this is really simple, but my experimentation has come up with zilch. Take a look here: http://www.freebsd.org/doc/en/books/handbook/config-network-setup.html The guest OS will have an em0 interface which is connected to a host interface VMnet1, VMnet8 or similar. Actually the guest's networking configuration is simpler than the host's one. You should configure the em interface with an appropriate IP address: 1) Bridging: WinXP fixed IP and FreeBSD fixed IP for example, WinXP 192.168.10.100 and FreeBSD 192.168.10.101 2) host to host: WinXP 192.168.c.d and FreeBSD 192.168.c.x for example, WinXP 192.168.20.100 and FreeBSD 192.168.20.101 3) NAT: WinXP 192.168.e.d and FreeBSD 192.168.e.x for example, WinXP 192.168.30.100 and FreeBSD 192.168.30.101 Keep in mind that using DHCP is much more easy as you don't have to search for the appropriate address yourself, the VMware's DHCP server will offer it. Using DHCP from the FreeBSD side is as easy as typing dhclient em0. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Loadbalance outgoing traffic over two cable modems in same network
On 12/21/2009 6:03 AM, Mel Flynn wrote: Hi, I've looked over http://www.openbsd.org/faq/pf/pools.html but this assumes two different gateways for the two interfaces. I'm faced with two cable modems from the same ISP, with the same gateway. I can't lagg(4) the interfaces, since specific IP's are bound to specific modems. This can probably be fixed from the ISP side. It should probably be some antispoofing rule that drops the packets you are sending via the wrong interface. You could try communicating the problem to the ISP and hope for the best... So I'm wondering if using stick-address with a round-robin nat pool is really sufficient to do load balancing of outgoing traffic and not get into session problems with various protocols. Has anybody had similar experiences? I have no experience on this, but theoretically a state can expire while the upper layers are still active... so, I *think* you may have problems... Of course, you could increase the lifetime of states A few, mostly random thoughts, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cross-link serial console
Gary Gatten wrote: Ahh A Null modem cable? Or, perhaps BSD will allow you to configure the serial interface in the software - make one end a DCE type and the other by default will remain a DTE. He has to use a null-modem cable. The wires sending and receiving data are fixed, so one cannot change these using software. To the original poster: Did you plan to run a getty/login on the serial link? That would be messy, since login on system A will writing data to login on system B and vice versa. I think creating a PPP link between the two and using IP is the way to go. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Routes to local addresses through lo0 on 8.0-BETA4
Sergey Listopad wrote: Hi! On 8.0-BETA4 gate I see than in routing table are number of routes (link# records) through lo0 for some local addresses: hole netstat -rnfinet | grep lo0 127.0.0.1 link#7 UH 030764lo0 172.22.254.10 link#7 UHS 00lo0 192.168.253.254link#7 UHS 00lo0 Is it normal. On older FreeBSD I see link# records only for network prefix. Yes, it is normal. It's one of the user-visible changes from the ARP and NDP rewrite in 8.0. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: me in ipfw rules - does it include aliases?
Tom Worster wrote: the ipfw man page says: me matches any IP address configured on an interface in the system. which suggests that if i code my rules using me then when i add an alias ip address to an interface with ifconfig, these me rules will immediately work for the newly added address as they do for other addresses. is that correct? Yes, the me keyword is expanded to whatever IP address is assigned on any interface in the system. It's updated whenever an IP address is added to or removed from an interface. Use the simple ruleset bellow to test it yourself: lab# ipfw list 00100 allow ip from me to me 65535 deny ip from any to any add alias ping alias = success remove alias ping alias = failure It's a really useful keyword, yet it's not panacea. When using it, one has to think the possibility of an attacker who uses me addresses. Use some interface checking as well in your ruleset... Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: me in ipfw rules - does it include aliases?
Tom Worster wrote: thanks, nikos. You're welcome. i'm interested in your other comment about the risks of using me. All I am saying is that you have to take care of attacks which use me addresses. Packets with source address a me address coming from a network interface, AKA spoofed packets. Apparently a me source address cannot come from a wire[1], right? It's not a great risk, but you better filter them out. Also, it is very possible that such attacks are not applicable to your network. Or not. I am just pointing the possible false sense of security when using rules which match me addresses. Just be sure that me is really your firewall and not somebody else... for the best possible security, i'll post my ruleset here for y'all to review ... or maybe not :-) You better not:) [1] by the word wire, I mean every non-loopback interface Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ifconfig -alias - removed wrong ip ?
Adam Vande More wrote: On Tue, Sep 1, 2009 at 8:20 AM, claudiu vasadi claudiu.vas...@gmail.comwrote: 1.) Is it normal for the ifconfig rl0 -alias to remove the normal IP and not the alias one ? (I think that by this syntax it could be right but the parameter -alias is specified and the OS should know to remove the alias IP and not the normal IP) Yes Yes, there is no difference between normal and alias IP. alias is the keyword used by the ifconfig utility to add an other IP address to an interface. All IP addresses bound to an interface are equivalent, I mean there is any hierarchy of importance of the addresses. ifconfig int0 -alias just happens to remove the first IP address. You really should use ifconfig int0 delete 192.168.0.1 2) I dnt really understand why am I not able to connect to the second (alias) ip? It seems that somehow it's dependant to the normal one Yup, you need to re-init networking to regain access. Most probably, you rendered the default gateway unreachable with the removal of the IP. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can partitions span more than one drive?
Ruben de Groot wrote: On Wed, Aug 26, 2009 at 04:56:03PM +0300, Nikos Vassiliadis typed: RW wrote: On Wed, 26 Aug 2009 08:45:47 -0400 John Almberg jalmb...@identry.com wrote: Question: is it possible to just expand my existing /backup partition to encompass both the current drive and the new drive? I'm guessing not, since Chapter 8 in Absolute FreeBSD says that a partition is part of a slice, You can join 2 partitions into 1 with gconcat. OTOH that would wipe any existing data as you would need to put a new filesystem on the combined partition. No, you can always use growfs to expand the filesystem. But of course, the usual warnings apply, read carefully the growfs manual... You can not use growfs to expand a gconcat provider to the new gconcat device. What I mean is: 1) you have a filesystem on device A and a spare disk device B 2) concatenate A and B using gconcat 3) growfs the fs in the concatenated device and you are done. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can partitions span more than one drive?
RW wrote: On Wed, 26 Aug 2009 08:45:47 -0400 John Almberg jalmb...@identry.com wrote: Question: is it possible to just expand my existing /backup partition to encompass both the current drive and the new drive? I'm guessing not, since Chapter 8 in Absolute FreeBSD says that a partition is part of a slice, You can join 2 partitions into 1 with gconcat. OTOH that would wipe any existing data as you would need to put a new filesystem on the combined partition. No, you can always use growfs to expand the filesystem. But of course, the usual warnings apply, read carefully the growfs manual... Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Network card Intel and 802.1P tag
Andrey O.Sokolov wrote: Any idea how I can see 802.1P tag on em? You should, I guess, with no extra steps. Perhaps the em driver has some hardware capability, which set the priority tag to zero? Is the vlan hardware processing enabled? Could you post the output of ifconfig em0? Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Network card Intel and 802.1P tag
Gary Gatten wrote: Not ALL chipsets / drivers support 802.1Q / p , maybe this is one of them? The vlan driver handles tagging itself in software. You don't need support by the hardware driver or the NIC itself. That said, Intel NICs are known to work correctly and support dot1Q tags natively in hardware. Maybe this behavior is some regression with the priority tags, which by the way are completely ignored by the vlan driver. You cannot set a priority tag or have the vlan driver process it in a special way. I guess processing priority tags is not very useful since one cannot expect a FreeBSD box to replace a switch! As I understand Andrey just runs tcpdump on the physical interface. He doesn't use the vlan driver. He should see everything that reaches the ethernet port. tagged or not. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Network card Intel and 802.1P tag
Andrey O.Sokolov wrote: Is the vlan hardware processing enabled? How I can enable this processing? ifconfig em0 vlanhwtag enables vlan processing in hw ifconfig em0 -vlanhwtag disables vlan processing in hw Maybe one these will work correctly without the zeroing effect. Perhaps off topic, but why are you interested in priority tags, since FreeBSD will silently ignore them? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [?? Probable Spam] Re: Network card Intel and 802.1P tag
Andrey O.Sokolov wrote: I tried both variant on both NIC - fxp and em The result doesn't change ;( You should post to net@ and maybe the maintainer will help you. Include pciconf. Perhaps off topic, but why are you interested in priority tags, since FreeBSD will silently ignore them? I developing QoS-model for big network. I have casualy found out this problem, when I analyzed the traffic with different COS-value from various devices. Yes, but at the end of the day FreeBSD will ignore the priority tag. It would be just cosmetic. But, I agree that you should see the correct priority tag. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
PPPoE server (high traffic in WDM network)
Hello Michelle, I think you better ask about the performance you should expect out of a PPPoE server on the mpd forum. There people on the forum with real numbers. If I go with 1 U Sun Fire X4100M2 the Opteron has 4 Cores and 4 threads per core (AFAIK there is a 8 threads version too) I would ask about this as well. i386? amd64? number of cores? http://sourceforge.net/forum/forum.php?forum_id=44693 HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd-update: from 7.1-STABLE to 7.2-RELEASE?
Axel wrote: From now on, I want to use freebsd-update to simplify the process and follow the RELEASE branch (+patches) instead. But it seems that freebsd-update cannot help me upgrade from 7.1-STABLE to 7.2-RELEASE. Any tips on how to make the transition to RELEASE? You must use CVSup for one last time. RELENG_7_2_0_RELEASE is the CVS|CVSup tag you should use to update your sources to 7.2-RELEASE. Build and install that and then, you can start using binary updates... Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ng_netflow and ipv6
Reinhard Haller wrote: I'm missing ipv6 traffic (all ssh-traffic is going over ipv6) in the filtered netflow output. I've checked the netflow data with tcpdump/wireshark, there is no ipv6 netflow monitored. ng_netflow implements netflow version 5, which doesn't support IPv6. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to change default source address?
luc...@lastdot.org wrote: Hi guys, I need to change the default source address on a freebsd server. My situation is somehow similar to this (http://marc.info/?l=freebsd-questionsm=122535960804508w=2). In linux i can easily do it like: ip ro replace default via 10.10.10.1 src a.b.c.d (where a.b.c.d is em0 alias). Any ideas? The most straightforward solution would be to call your ISP and tell them to change the PPP IP to the IP you want from your network. For example: 10.0.0.1/24 on your lan0 and 10.0.0.1 on the ppp interface. Other than that, perhaps jail to fool the system to use another address or some form of NAT. There is no such thing as in the Linux example, as far as I know. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: PPPoE server (high traffic in WDM network)
Hello Nikos, Hi, I just saw your answer while browsing. I am not on i...@... Please CC questi...@. Am 2009-07-16 12:27:06, schrieb Nikos Vassiliadis: Michelle Konzack wrote: I am ongoing to install a CWDM (1GE) and DWDM (10GE) network for the Alvarion BreezeACCESS VL (38 base stations) and more then 200 Iskratel FTTH DSLAMS of 96 ports (each with 100MBit, but only one 1GE Upstream) each. So, you'll have 96*200 possible PPP clients. How many concurrent PPP sessions do you care to support? And more importantly, how much aggregate bandwidth? Because the customers are permanently On-Line du to the VoIP-Telephone, we count with the full number of clients... The distance between the FTTH DSLAM and the customers can be up to 10km. The idea is now, that we do not simply connect the FTTH DSLAM's to the CISCO switches but building a redunant Ethernet Carrier Network. This mean, we can install in each village there own FTTH DSLAM even if there are 2500 hausholds and we install 26 FTTH DSLAM's there. This mean in theorie 250 GBit Customer Downstream, 26 Gbit Upstream but we count with a 10 GE which is maybe used to 30-50%. OK, if we switch to an Ethernet Carrier Network I could install one or two PPPoE Servers in each village. But if one goes down, the second has to handel 2500 client connections. I *think* the number of clients is doable. I don't know about the bandwidth. Note: This is ONLY the base installation between Kehl, Rheinau, Renchen and Oberkirch (arround 35.000 hausholds) and the whole region has 150.000 hausholds. Don't understand what you mean round-robin and loadbalancing? Read below. snip FreeBSD has a RADIUS library in base. The two notable users of libradius are ppp and net/mpd. The only choice in a ISP environment I think is the net/mpd5 port. Read the outline here: http://www.freebsd.org/cgi/url.cgi?ports/net/mpd5/pkg-descr It is very good and is actually used in large setups. Thankyo for the link, I will red on if I am in Office... Can't reply, but keep in mind that filling a 10GE pipe is a hard task on its own. It depends on how many customers you have and with an Internet access of 100 Mbit plus services like IPTV and VOD you can fill up a 10 GE pipe. I meant filling a 10 Gbit pipe with a general purpose computer architecture is a hard task. Packet forwarding at these rates is tricky. I *think* having more low fidelity BRASs, will serve your needs better that a few high fidelity ones. You mean, putting a bunch of small 1U Servers into a 19 42RU? Yes, you may find that having two small boxes instead of bigger one gives better results performance-wise. You also have to test if SMP helps and how much. A beast with 16 cores is more powerful from a regular computer with 2 cores, but does it help in your setup? You can try NanoBSD and TinyBSD which are FreeBSD based and I believe can fit the bill. These two run with their filesystems read-only mounted which is ideal for flash memories. Can you recomment it for an ISP setup? It's FreeBSD running from a read-only mounted medium. No more, no less. Yes, it's fine for an ISP setup. Hmmm, I am right, that NanoBSD can be bootup over network? (this would be another solution) NanoBSD is meant to run in embedded stand-alone devices. So, I *guess* that is conceptually very far from net booting. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Two VPN via two DSL lines to one ISP
Anton wrote: Hello freebsd-questions, Have one ISP and two lines from him. Connection to Internet are made via=PN. Could load-balancing be realized with help of mpd5 or some other util=ty, which provides VPN connections? With mpd you can combine several ppp links in to one. This process is called multilink ppp and effectivelly combines the bandwidth of each link in to one virtual pipe with bigger bandwidth. Yet, your ISP have to support multilink ppp as well. I am not sure what you mean when you say Connection to Internet are made via VPN? If that's not what you are looking for, please elaborate. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Two VPN via two DSL lines to one ISP
Anton wrote: Asked tech's of ISP - they said that they do not dupport multilink ppp You can achieve almost the same effect with the aid of a firewall. There many posts/tutorials/examples on the net, regarding load sharing and (pf|ipf|ipfw). Try to adapt one to your setup and post your questions to the list. A google search for load balancing pf reveals the official pf FAQ: http://www.openbsd.org/faq/pf/pools.html Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: PPPoE server (high traffic in WDM network)
Michelle Konzack wrote: I am ongoing to install a CWDM (1GE) and DWDM (10GE) network for the Alvarion BreezeACCESS VL (38 base stations) and more then 200 Iskratel FTTH DSLAMS of 96 ports (each with 100MBit, but only one 1GE Upstream) each. So, you'll have 96*200 possible PPP clients. How many concurrent PPP sessions do you care to support? And more importantly, how much aggregate bandwidth? What I now need are a PPPoE Severs (round-robin and loadbalancing) which must work using FreeRadius and PostgreSQL. Don't understand what you mean round-robin and loadbalancing? Read below. There was someone on the debian-isp which has suggested me to use FreeBSD, because the PPPoE it is already build to authenticate against Radius. FreeBSD has a RADIUS library in base. The two notable users of libradius are ppp and net/mpd. The only choice in a ISP environment I think is the net/mpd5 port. Read the outline here: http://www.freebsd.org/cgi/url.cgi?ports/net/mpd5/pkg-descr It is very good and is actually used in large setups. So, what I like to know is, if I have a 1GE and 10GE network, how many clients can one PPPoE Server handel and what are the CPU/Memory requirements? Can't reply, but keep in mind that filling a 10GE pipe is a hard task on its own. I *think* having more low fidelity BRASs, will serve your needs better that a few high fidelity ones. [snipped] Note 1: Even if I use a Sun Fire, I would prefer a microBSD running from an industrial SD/CF card. MicroBSD seems OpenBSD based. Can't comment on this. You can try NanoBSD and TinyBSD which are FreeBSD based and I believe can fit the bill. These two run with their filesystems read-only mounted which is ideal for flash memories. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD FIBs (setfib) - How to modify?
Brent Bloxam wrote: The documentation on FIBs is pretty slim unless I've been looking in the wrong places, all I've seen are a few mentions in errata and release notes. setfib(1) doesn't offer much in the way of associated commands, and definitely doesn't explain how to actually work with a FIB. I'm curious if there's a command to specifically modify a FIB beyond 0, besides something like setfib 1 route add ... setfib selects the routing table for locally originated outgoing packets. Besides locally originated packets, there are packets arriving from the network and need to be forwarded. These packets can be classified in a specific routing table with the aid of ipfw. That's all there is. I can't think of something else that needs to be thought with regard to multiple routing tables. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD FIBs (setfib) - How to modify?
Brent Bloxam wrote: Nikos Vassiliadis wrote: Brent Bloxam wrote: The documentation on FIBs is pretty slim unless I've been looking in the wrong places, all I've seen are a few mentions in errata and release notes. setfib(1) doesn't offer much in the way of associated commands, and definitely doesn't explain how to actually work with a FIB. I'm curious if there's a command to specifically modify a FIB beyond 0, besides something like setfib 1 route add ... setfib selects the routing table for locally originated outgoing packets. Besides locally originated packets, there are packets arriving from the network and need to be forwarded. These packets can be classified in a specific routing table with the aid of ipfw. That's all there is. I can't think of something else that needs to be thought with regard to multiple routing tables. HTH, Nikos Sorry, perhaps I wasn't clear. What I'm interested in is if there's a way to deal with *modifying* those other routing tables, besides using setfib as I described (e.g., you want to have a different default gateway). There would be no reason to have multiple routing tables if they're carbon copies of one another. setfib has no internal commands. setfib runs the command you tell it to in a specific routing table. You modify/inspect the routing tables with the standard tools, that is route, netstat, some dynamic routing daemon(quagga, etc) and in general everything that's related to the routing table. Just start a shell in FIB 10 and every command forked from that shell will be bound to FIB 10. setfib 10 csh ... do some work exit you're back in FIB 0. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org