Re: Dual NIC routing (?) problem
On Fri, Jun 20, 2008 at 4:50 AM, Yuri Pankov <[EMAIL PROTECTED]> wrote: > The MadDaemon wrote: >> >> On Tue, Jun 17, 2008 at 3:47 PM, Yuri Pankov <[EMAIL PROTECTED]> >> wrote: >>> >>> The MadDaemon wrote: >>>> >>>> List, >>>> >>>> I'm having a problem with a dual-homed host running 7.0-RELEASE with >>>> regards to traffic on one of the interfaces that I'm hoping someone >>>> knows something about. >>>> >>>> The goal of this box is to run Nessus on bge0 only (which is plugged >>>> into a trunk port on a switch), keeping fxp0 free as the admin >>>> interface and for serving web pages on my LAN. >>>> >>>> Here's ifconfig: >>>> >>>> bge0: flags=8802 metric 0 mtu 1500 >>>> options=9b >>>> ether 00:19:b9:22:a8:22 >>>> inet 0.0.0.0 netmask 0xff00 broadcast 0.0.0.255 >>>> media: Ethernet autoselect (100baseTX ) >>>> status: active >>>> fxp0: flags=8843 metric 0 mtu >>>> 1500 >>>> options=b >>>> ether 00:02:b3:bb:59:17 >>>> inet 10.20.10.24 netmask 0xff00 broadcast 172.20.10.255 >>>> inet 10.20.10.28 netmask 0x broadcast 172.20.10.28 >>>> inet 10.20.10.29 netmask 0x broadcast 172.20.10.29 >>>> media: Ethernet autoselect (100baseTX ) >>>> status: active >>>> >>>> /etc/rc.conf section: >>>> >>>> # Created: Mon Jun 9 09:32:52 2008 >>>> defaultrouter="10.20.10.254" >>>> hostname="darkhorse.mydomain.local" >>>> ifconfig_fxp0="inet 10.20.10.24 netmask 255.255.255.0" >>>> ifconfig_fxp0_alias0="inet 10.20.10.28 netmask 255.255.255.255" >>>> ifconfig_fxp0_alias1="inet 10.20.10.29 netmask 255.255.255.255" >>>> ifconfig_bge0="inet 0.0.0.0 netmask 255.255.255.0" >>> >>> Try using ifconfig_bge0="up" in /etc/rc.conf instead of assigning bogus >>> (probably) address. >> >> Tried that as well and it didn't work. I found a few different things >> regarding VLAN setup, so my new (and not working) configuration is >> this (in part): >> >> ## >> # VLAN Configuration # >> ## >> cloned_interface="vlan2" >> ifconfig_vlan2="inet 10.21.1.245 netmask 255.255.255.0 vlan 2 vlandev >> bge0" >> cloned_interface="vlan5" >> ifconfig_vlan5="inet 10.20.8.245 netmask 255.255.255.0 vlan 5 vlandev >> bge0" > > So 10.20.8.245 is in tagged vlan 5. Yes.. >> cloned_interface="vlan6" >> ifconfig_vlan6="inet 10.20.7.245 netmask 255.255.255.0 vlan 6 vlandev >> bge0" >> >> (I got the VLAN IDs straight from the router, so they are correct for >> each VLAN.) >> >> [EMAIL PROTECTED] [~]# ifconfig bge0 inet 10.20.8.245 netmask 255.255.255.0 > > and here you are trying to set 10.20.8.245 on parent bge0 without 802.1q > tagging, how do you expect it to work? I didn't, actually - lack of sleep = brainfart :( >> [EMAIL PROTECTED] [~]# ifconfig bge0 up >> [EMAIL PROTECTED] [~]# ifconfig bge0 >> bge0: flags=8843 metric 0 mtu 1500 >>options=9b >>ether 00:19:b9:22:a8:22 >>inet 10.20.8.245 netmask 0xff00 broadcast 10.20.8.255 >>media: Ethernet autoselect (100baseTX ) >>status: active >> [EMAIL PROTECTED] [~]# ping -c 2 10.20.8.4 >> PING 10.20.8.4 (10.20.8.4): 56 data bytes >> >> --- 10.20.8.4 ping statistics --- >> 2 packets transmitted, 0 packets received, 100.0% packet loss >> > > Sorry if I understood you incorrectly. No problem.. I believe if fixed it by setting this in /etc/rc.conf: cloned_interfaces="vlan2 vlan5 vlan6 vlan7 vlan107 vlan201 vlan212" ifconfig_vlan2="inet 10.21.1.245 netmask 255.255.255.0 vlan 2 vlandev bge0" ifconfig_vlan5="inet 10.20.8.245 netmask 255.255.255.0 vlan 5 vlandev bge0" ifconfig_vlan6="inet 10.20.7.245 netmask 255.255.255.0 vlan 6 vlandev bge0" ifconfig_vlan7="inet 10.20.253.245 netmask 255.255.255.0 vlan 7 vlandev bge0" ifconfig_vlan107="inet 10.21.7.245 netmask 255.255.255.0 vlan 107 vlandev bge0" ifconfig_vlan201="inet 10.20.1.245 netmask 255.255.255.0 vlan 201 vlandev bge0" ifconfig_vlan212="inet 10.21.2.245 netmask 255.255.255.0 vlan 212 vlandev bge0" ## # Bring up bge0 manually to make sure it's up: ifconfig_bge0="up" ## ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Dual NIC routing (?) problem
(Sorry, I replied to Yuri only by mistake) On Thu, Jun 19, 2008 at 10:49 AM, The MadDaemon <[EMAIL PROTECTED]> wrote: > On Tue, Jun 17, 2008 at 3:47 PM, Yuri Pankov <[EMAIL PROTECTED]> wrote: >> The MadDaemon wrote: >>> >>> List, >>> >>> I'm having a problem with a dual-homed host running 7.0-RELEASE with >>> regards to traffic on one of the interfaces that I'm hoping someone >>> knows something about. >>> >>> The goal of this box is to run Nessus on bge0 only (which is plugged >>> into a trunk port on a switch), keeping fxp0 free as the admin >>> interface and for serving web pages on my LAN. >>> >>> Here's ifconfig: >>> >>> bge0: flags=8802 metric 0 mtu 1500 >>>options=9b >>>ether 00:19:b9:22:a8:22 >>>inet 0.0.0.0 netmask 0xff00 broadcast 0.0.0.255 >>>media: Ethernet autoselect (100baseTX ) >>>status: active >>> fxp0: flags=8843 metric 0 mtu 1500 >>>options=b >>>ether 00:02:b3:bb:59:17 >>>inet 10.20.10.24 netmask 0xff00 broadcast 172.20.10.255 >>>inet 10.20.10.28 netmask 0x broadcast 172.20.10.28 >>>inet 10.20.10.29 netmask 0x broadcast 172.20.10.29 >>>media: Ethernet autoselect (100baseTX ) >>>status: active >>> >>> /etc/rc.conf section: >>> >>> # Created: Mon Jun 9 09:32:52 2008 >>> defaultrouter="10.20.10.254" >>> hostname="darkhorse.mydomain.local" >>> ifconfig_fxp0="inet 10.20.10.24 netmask 255.255.255.0" >>> ifconfig_fxp0_alias0="inet 10.20.10.28 netmask 255.255.255.255" >>> ifconfig_fxp0_alias1="inet 10.20.10.29 netmask 255.255.255.255" >>> ifconfig_bge0="inet 0.0.0.0 netmask 255.255.255.0" >> >> Try using ifconfig_bge0="up" in /etc/rc.conf instead of assigning bogus >> (probably) address. > > Tried that as well and it didn't work. I found a few different things > regarding VLAN setup, so my new (and not working) configuration is > this (in part): > > ## > # VLAN Configuration # > ## > cloned_interface="vlan2" > ifconfig_vlan2="inet 10.21.1.245 netmask 255.255.255.0 vlan 2 vlandev bge0" > cloned_interface="vlan5" > ifconfig_vlan5="inet 10.20.8.245 netmask 255.255.255.0 vlan 5 vlandev bge0" > cloned_interface="vlan6" > ifconfig_vlan6="inet 10.20.7.245 netmask 255.255.255.0 vlan 6 vlandev bge0" > > (I got the VLAN IDs straight from the router, so they are correct for > each VLAN.) > > [EMAIL PROTECTED] [~]# ifconfig bge0 inet 10.20.8.245 netmask 255.255.255.0 > [EMAIL PROTECTED] [~]# ifconfig bge0 up > [EMAIL PROTECTED] [~]# ifconfig bge0 > bge0: flags=8843 metric 0 mtu 1500 >options=9b >ether 00:19:b9:22:a8:22 >inet 10.20.8.245 netmask 0xff00 broadcast 10.20.8.255 >media: Ethernet autoselect (100baseTX ) >status: active > [EMAIL PROTECTED] [~]# ping -c 2 10.20.8.4 > PING 10.20.8.4 (10.20.8.4): 56 data bytes > > --- 10.20.8.4 ping statistics --- > 2 packets transmitted, 0 packets received, 100.0% packet loss > -- It said "use Linux 2.4 kernel or better" so I installed FreeBSD. Now everything runs better. Why didn't they just tell me to do that to begin with? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [Ports] How to find where a port is located?
On Mon, Jun 16, 2008 at 11:45 AM, Oliver Fromme <[EMAIL PROTECTED]> wrote: > Gilles <[EMAIL PROTECTED]> wrote: > > Currently, to find where a software is located under /usr/ports/, I > > rune the "find" command. Is there a database that I could query > > instead so that it gives out the whole path to that the application? > > In addition to the ways that others have suggested, there > is also this one: > > http://www.secnetix.de/tools/porgle/ You can also use the "quicksearch" option: [EMAIL PROTECTED] [~]# cd /usr/ports/ [EMAIL PROTECTED] [/usr/ports]# make quicksearch name=dsniff Port: dsniff-2.3_3 Path: /usr/ports/security/dsniff Info: Various sniffing utilities for penetration testing -- It said "use Linux 2.4 kernel or better" so I installed FreeBSD. Now everything runs better. Why didn't they just tell me to do that to begin with? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Dual NIC routing (?) problem
List, I'm having a problem with a dual-homed host running 7.0-RELEASE with regards to traffic on one of the interfaces that I'm hoping someone knows something about. The goal of this box is to run Nessus on bge0 only (which is plugged into a trunk port on a switch), keeping fxp0 free as the admin interface and for serving web pages on my LAN. Here's ifconfig: bge0: flags=8802 metric 0 mtu 1500 options=9b ether 00:19:b9:22:a8:22 inet 0.0.0.0 netmask 0xff00 broadcast 0.0.0.255 media: Ethernet autoselect (100baseTX ) status: active fxp0: flags=8843 metric 0 mtu 1500 options=b ether 00:02:b3:bb:59:17 inet 10.20.10.24 netmask 0xff00 broadcast 172.20.10.255 inet 10.20.10.28 netmask 0x broadcast 172.20.10.28 inet 10.20.10.29 netmask 0x broadcast 172.20.10.29 media: Ethernet autoselect (100baseTX ) status: active /etc/rc.conf section: # Created: Mon Jun 9 09:32:52 2008 defaultrouter="10.20.10.254" hostname="darkhorse.mydomain.local" ifconfig_fxp0="inet 10.20.10.24 netmask 255.255.255.0" ifconfig_fxp0_alias0="inet 10.20.10.28 netmask 255.255.255.255" ifconfig_fxp0_alias1="inet 10.20.10.29 netmask 255.255.255.255" ifconfig_bge0="inet 0.0.0.0 netmask 255.255.255.0" I'm not sure what other changes need to be made or where, but when I assign an IP/netmask to bge0, bring up the interface, and try to ping the gateway (or anything else), I get 100% packet loss. I've even tried to assign a new default route, but I get an error stating there's already a default route. I know I'm completely missing something here, but I just can't figure out *what*. Any help would be most appreciated. -MD -- It said "use Linux 2.4 kernel or better" so I installed FreeBSD. Now everything runs better. Why didn't they just tell me to do that to begin with? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sFTP on 7.0-RELEASE no worky
On Wed, Mar 26, 2008 at 3:30 PM, Dan Nelson <[EMAIL PROTECTED]> wrote: > In the last episode (Mar 26), The MadDaemon said: > > I have a 7.0-RELEASE box that I setup a few weeks ago for testing, > > and I just now tried to sftp into it and get the following: > > > > [EMAIL PROTECTED] [~]$ sftp 172.20.30.12 > > Connecting to 172.20.30.12... > > > > (banner snipped) > > > > Password: > > Received message too long 173305700 > > [EMAIL PROTECTED] [~]$ > > 173305700 = 0x0A546F64 = "\nTod" > > Make sure you don't have any commands in your shell's startup scripts > that might print anything if the incoming session isn't interactive. > > http://www.snailbook.com/faq/sftp-corruption.auto.html > > -- > Dan Nelson > [EMAIL PROTECTED] > d'oh! I had fortunes enabled, which was the culprit. Thanks for the link/answer, Dan. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
sFTP on 7.0-RELEASE no worky
I have a 7.0-RELEASE box that I setup a few weeks ago for testing, and I just now tried to sftp into it and get the following: [EMAIL PROTECTED] [~]$ sftp 172.20.30.12 Connecting to 172.20.30.12... (banner snipped) Password: Received message too long 173305700 [EMAIL PROTECTED] [~]$ I can SSH into the box all day long, but I can't sFTP or scp anything to it. Here's the /etc/ssh/sshd_conf (stock config with the modified Banner line): # $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $ # $FreeBSD: src/crypto/openssh/sshd_config,v 1.47 2006/11/10 16:52:41 des Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. # Note that some of FreeBSD's defaults differ from OpenBSD's, and # FreeBSD has a few additional options. #VersionAddendum FreeBSD-20061110 #Port 22 #Protocol 2 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 768 # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin no #StrictModes yes #MaxAuthTries 6 #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # Change to yes to enable built-in password authentication. #PasswordAuthentication no PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable PAM authentication #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'no' to disable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. #UsePAM yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes PrintMotd no #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 #PermitTunnel no # no default banner path Banner /etc/motd # override default of no subsystems Subsystem sftp/usr/libexec/sftp-server Has anyone noticed this before? I didn't have any luck with search engines.. Thanks, Kevin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: tar backup script
I believe the -T switch in tar is for "include the files in {file}"
tar cvf myfile.tar -T path/to/include
On 2/14/08, Wael Nasreddine <[EMAIL PROTECTED]> wrote:
> This One Time, at Band Camp, Steel City Phantom <[EMAIL PROTECTED]> said,
> On Wed, Feb 13, 2008 at 10:57:22PM -0500:
> > this isn't really bsd specific but i still need help with it. im writing
> a
> > backup script a clip from that script is this:
>
> > find /usr/local/www/data-dist/ -name config.php >
> > /usr/local/backupScript/include
> > find /usr/local/www/data-dist/ -name ClientFiles >>
> > /usr/local/backupScript/include
>
> > tar cvf /usr/local/backupScript/files/www-client-files.tar -I
> > /usr/local/backupScript/include /usr/local/www/data-dist
>
> > obviously im creating an include file from a directory. when the tar
> runs,
> > it correctly adds all the files in the include file. but once that is
> > finished, for some reason tar then goes back and adds all the files that
> are
> > in the /usr/local/www/data-dist directory, even the ones in the include
> > file. i was under the impression that the -I command would add ONLY the
> > files that are listed in the include. why is it adding those and then
> after
> > finishing that, adding all the others?
>
> Why won't you just do it this way??
>
> $ tar cvf /usr/local/backupScript/files/www-client-files.tar $( cat
> /usr/local/backupScript/include )
>
> --
> Wael Nasreddine
> http://wael.nasreddine.com
> PGP: 1024D/C8DD18A2 06F6 1622 4BC8 4CEB D724 DE12 5565 3945 C8DD 18A2
>
> .: An infinite number of monkeys typing into GNU emacs,
>would never make a good program. (L. Torvalds 1995) :.
>
--
It said "use Linux 2.4 kernel or better" so I installed FreeBSD. Now
everything runs better. Why didn't they just tell me to do that to
begin with?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
