After 4.6 to 4.9, SSH Lockout
Hello, After upgrading from 4.6-STABLE to 4.9-STABLE (religiously following the Handbook), I could not login to a second or another ssh session. I still, however, have my current connection to where I performed the make world steps. This is a REMOTE machine and I do not want disconnect this current ssh session because of fear that I may not get a successful ssh connection again. Any ideas? Hope anyone can give a straight help. I am attaching below my ssh -v result from a local machine I used to try ssh to the remote one: -bash-2.05b$ ssh -v REMOTE_IP OpenSSH_3.5p1 FreeBSD-20021029, SSH protocols 1.5/2.0, OpenSSL 0x0090607f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to REMOTE_IP [REMOTE_IP] port 22. debug1: Connection established. debug1: identity file /home/myusername/.ssh/identity type -1 debug1: identity file /home/myusername/.ssh/id_rsa type -1 debug1: identity file /home/myusername/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9 FreeBSD localisations 20011202 debug1: match: OpenSSH_2.9 FreeBSD localisations 20011202 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.5p1 FreeBSD-20021029 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server-client aes128-cbc hmac-md5 none debug1: kex: client-server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 139/256 debug1: bits set: 1033/2049 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'REMOTE_IP' is known and matches the DSA host key. debug1: Found key in /home/myusername/.ssh/known_hosts:28 debug1: bits set: 1008/2049 debug1: ssh_dss_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: next auth method to try is publickey debug1: try privkey: /home/myusername/.ssh/identity debug1: try privkey: /home/myusername/.ssh/id_rsa debug1: try privkey: /home/myusername/.ssh/id_dsa debug1: next auth method to try is keyboard-interactive otp-md5 279 ka1364 ext S/Key Password: debug1: authentications that can continue: publickey,password,keyboard-interactive otp-md5 63 ka4161 ext S/Key Password: debug1: authentications that can continue: publickey,password,keyboard-interactive otp-md5 343 ka9768 ext S/Key Password: debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: next auth method to try is password [EMAIL PROTECTED]'s password: debug1: authentications that can continue: publickey,password,keyboard-interactive Permission denied, please try again. [EMAIL PROTECTED]'s password: debug1: authentications that can continue: publickey,password,keyboard-interactive Permission denied, please try again. [EMAIL PROTECTED]'s password: debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: no more auth methods to try Permission denied (publickey,password,keyboard-interactive). debug1: Calling cleanup 0x804c704(0x0) -bash-2.05b$ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cvsup from 4.6 to 4.9
Hello, I'm just confirming if aside from the normal steps: (i refer to this guide: http://bsdvault.net/sections.php?op=viewarticleartid=21 ), there are no other extra/special things i need to do to remotely upgrade a production server running 4.6-STABLE to 4.9-STABLE. If there is... please let me know :). Thanks in advance. chael ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
CVSup to local copy
Hello, I need to update the sources of several servers in my network. I have already made a cvsup -g -L 2 cvs-supfile on one of the servers and placed all under /home/ncvs. Would anyone be so kind to tell me what to do next? Can't seem to find the concrete steps on the net. Thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw keep-state (ASAP anwser need)
${fwcmd} add allow udp from any 1024-65535,53 to any 53
${fwcmd} add allow udp from any 53 to any 1024-65535
- Original Message -
From: Gregory Edigarov [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 09, 2003 5:32 PM
Subject: ipfw keep-state (ASAP anwser need)
Hello,
The folowing is a fragment of my rc.firewall which must allow all
traffic in and out of my named.
ipfw add 4100 allow udp from me to any 53 keep-state
ipfw add 4200 allow udp from any to me 53
ipfw add 4300 allow udp from me 53 to any
---
This is a fragment from my kernel configuration:
---
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #enable logging to
syslogd(8)
options IPFIREWALL_FORWARD #enable transparent proxy
support
options IPFIREWALL_VERBOSE_LIMIT=100#limit verbosity
options IPDIVERT#divert sockets
options IPSTEALTH
options ICMP_BANDLIM
options DUMMYNET
options BRIDGE
options IPFW2
---
It doesn't work. What am I missing?
--
With best regards,
Gregory Edigarov
--
profi.kharkov.uaSystems
Administrator
--
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ADSL question
Well, if you should opt for a USB modem, specifically the Alcatel Speedtouch modem, there is one ready on the ports: net/pppoa. The driver just had a recent upgrade so you may want to cvsup your net ports first. Everything is at http://speedtouch.sourceforge.net . I have mine setup like this and it works just great minus the wireless part, but that part is internal. Hello. I never touched ADSL before, now I booked an ADSL phone line. I have a small LAN, the server (FreeBSD 4.9 STABLE) is there as 192.168.0.1, providing services like NFS and it is a DHCP server. It also need to act as NAT for 802.11 notebooks in the room. I heard people say there are basically two types of ADSL modems. The either net modem act as a gateway for the LAN, and is more expansive; The PCI ADSL modem is cheaper, fitting one computer only, you need to configure NAT and so like on that computer for the LAN. I don't want to use the ethernet one, because I already have a standalone server, and I'm quite faimiliar with FreeBSD NAT DHCP router configuration, but configuring ethernet ADSL modem is new to me. I still need the server to connect wireless computers in the LAN, which ethernet ADSL modem cannot do it directly. So I think I need a PCI ADSL modem. The problem is, I wish to buy a FreeBSD compatible PCI ADSL modem, but looking into the hardware note (http://www.freebsd.org/releases/5.1R/hardware-i386.html) I didn't find any ADSL PCI card. Do FreeBSD support any PCI ADSL Card? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
celerons | pentiums
A newbie question: I don't know much really about the differences of the two processors except that (I think) Pentiums has a multimedia extension and Celerons has NOT. So, is there a significant gain (if any) in performance if you use Pentiums than Celerons on FreeBSD that is running as say a cache/proxy server? If not, is it right to think that the extra money we shell out for a Pentium is not really worth if we're not gonna be using it on a graphical environment with media players, et al? Thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD beside WinXP
Hello, I read somewhere before that there were partition or boot problems after installing 5.1 beside winXP. Has anyone been able to do this successfully? Is there something not obvious that I need to set/tweak while during sysinstall? This partition has seen several versions of Mandrake and Redhat (Fedora is a flap, btw, IMO), and they all do it automatically as if assuming that users DO install their OS beside some Windows. But I have grown tired of the linux fad/hype and just wanna try my favorite server OS on it to see how it does too on the desktop. But at the same time, I need my XP very much. My 40G hardisk is currently partitioned like this..: 512MB Windows swap | 512MB Linux/Unix swap | 20G NTFS | 10G FAT32 | Rest = Linux/Unix Thanks in advance =) chael ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD beside WinXP
Thanks for all the replies. And yes, that's what my FAT32 is for... sort of a mediator for the different OSes which also contains important files but no directories for working applications. Ok, let me get this in short. You basically recommend me to follow this http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/disks.html#NT-BOOTLOADER ? If I want to copy that /boot/boot1 from my FreeBSD partion to my drive C:\, how can I get to my FreeBSD partition, in the first place, if I won't be able to boot from it after installation? (because I assume the above steps would require you not to touch your MBR while installing FreeBSD). Can I create a boot disk to boot that FreeBSD? Thanks. On Thursday 20 November 2003 05:14 am, [EMAIL PROTECTED] wrote: As far as I am concerned, I tend to have 1 partition for the system and a separate one for user data - this way, you don't wipe everything out if your system crashes. This saved my life a couple of times. What do you need the 10GB FAT32 partition for? (I suspect the same purpose but with respect to Windows...?!?) If you want to pass large files, you need something you can write to from FreeBSD. You can read but not write to NTFS. I have a number of mutli-boot machines and I almost always have that much in one partition that is FAT32. FWIW, all of my multi-boot XP/FreeBSD have the main FreeBSD slice on the primary master. You can add /boot/boot0 to your c-drive and boot.ini and 5.x or 4.x boots like a charm using ntldr. My c-drive only contains data and does not contain an OS. Kent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Log every access to a file
Hello, How do you create/add a system log to monitor every access to a specific file (say a database file accessed through samba)? A sample line for syslog.conf would be greatly appreciated ?? :-) Thanks in advance. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems with latest update and network
I've posted a bad experience with 4.9_PRERELEASE (networking issue) (same ping: sento error) way back when they had it for cvs tag=RELENG_4. I had that machine downgraded back to cvs tag=RELENG_4.8 (4.8-RELEASE-p4) and it went well again. I wanted to try the RC but when I have just burned by RC2, I read that RC3 was already out isn't that frustrating? :D Hi! I just CVSup'd (last Thursday) and upgraded my system to RELENG_4. I now cannot connect (seemingly) to the network. Whenever I try to ping and outside system, I get ping: sendto: no route to host. I can't ping my router, or even hosts with known IP addresses. I don't see anything odd in `netstat -a` or `ifconfig`, but I'm not the worlds greatest networker, so I'm not sure that I would know what is odd. uname reports the system as 4.9_PRERELEASE. The ethernet card is (I think) and Intel card -- the device is 'ep'. Any suggestions on what I can look at to figure out what is going wrong? Thanks, Ricky Morse ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
logfile rotate
Hello, What config file is responsible for the rotation of logs? I have a logfile I need to rotate every 24 hours (it's not squid's). Thanks in advance. chael ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ADSL modem ip addresses
If you can get an Alcatel Speedtouch USB (probably the most commonly used) from your DSL provider, then you're in luck. It's in /usr/ports/net/pppoa. Install it. Then, lookin: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/pppoa.html . Remember, the device Alcatel SpeedTouch USB that should be in /etc/usbd.conf must be exactly the same as the detected device while booting-up or as displayed by the dmesg output. You may also refer here for more info: http://speedtouch.sourceforge.net/ Re IP address, I simply extract whatever the DSL connection provides and apply it in my ipfw firewall. I only have one NIC and the IP is static and private (192.168...). The NIC is serving my internal clients in a NAT + Transparent Proxy implementation. Hi, I'm organising an ADSL connection and I'm a bit confused about our options. We need to provide web, ssh and mail access to our network for users from home across the Internet with an ADSL connection. I figure the best way to do this is to setup a new machine to act as a firewall and run a web server sendmail on this box. (or I have seen something about using socket to divert these services to our existing server which has a private address). The firewall would have a NIC with a private IP address to connect to the rest of our network. What's the best way then to connect it to the ADSL line? Do we have a second NIC in the firewall machine with a real IP address connected to an ADSL modem and use ppp -natd on that interface? Does that mean we'd need 2 static IP addresses - one for the firewall one for the modem? (We really don't want to pay for 2 addresses) Or can we use a USB connection instead - are there FBSD drivers for ADSL modems? I can't see any in the supported hardware list. Or do we use a combined modem/router device to do the nat firewalling and have it redirect mail, web ssh access to our main server? (is that possible or do such devices not allow access into the network from the 'net?) Cheers, Ian ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
freebsd+postfix+mailscanner+uvscan
Hello, Anybody here has some links to help me out with this setup? Any help will be greatly appreciated =). Thanks in advance. chael ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: tranparent proxying, squid, nat, ipfw
your port 80 hijack is waaay to far below. it should be like in the first
three lines:
100 divert 8668 ip from any to any via ${oif}
200 allow tcp from ${oip} to any
300 fwd 127.0.0.1,3128 tcp from any to any dst-port 80
append the rest from here...
;-)
- Original Message -
From: synrat [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, October 06, 2003 11:40 AM
Subject: tranparent proxying, squid, nat, ipfw
I'm having a hard time getting this working together.
I have squid 2.5 stable working and with all the required
setting for transparent proxying. The machine has the kernel with IPFW and
forwarding options. NAT is on, firewall type is simple with some
modifications. Internal interface address is 192.168.1.1. Squid runs fine
when the browser is setup to access it, but the goal is not to have to do
that.
http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
I have the forwarding rule as well
fwd 127.0.0.1,3128 tcp from any to any 80
I tried 192.168.1.1,3128 in the rule. Tried putting it before both divert
rules. Here's my ipfw list output
00050 divert 8668 ip from any to any via rl0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from 192.168.1.0/24 to any in recv rl0
00500 deny ip from 66.92.100.0/24 to any in recv rl1
00600 deny ip from any to 10.0.0.0/8 via rl0
00700 deny ip from any to 172.16.0.0/12 via rl0
00800 deny ip from any to 192.168.0.0/16 via rl0
00900 deny ip from any to 0.0.0.0/8 via rl0
01000 deny ip from any to 169.254.0.0/16 via rl0
01100 deny ip from any to 192.0.2.0/24 via rl0
01200 deny ip from any to 224.0.0.0/4 via rl0
01300 deny ip from any to 240.0.0.0/4 via rl0
01400 divert 8668 ip from any to any via rl0
01500 deny ip from 10.0.0.0/8 to any via rl0
01600 deny ip from 172.16.0.0/12 to any via rl0
01700 deny ip from 192.168.0.0/16 to any via rl0
01800 deny ip from 0.0.0.0/8 to any via rl0
01900 deny ip from 169.254.0.0/16 to any via rl0
02000 deny ip from 192.0.2.0/24 to any via rl0
02100 deny ip from 224.0.0.0/4 to any via rl0
02200 deny ip from 240.0.0.0/4 to any via rl0
02300 allow tcp from any to any established
02400 allow ip from any to any frag
02500 allow tcp from any to 66.92.100.221 25 setup
02600 allow tcp from 192.168.1.0/24 to 192.168.1.0/24
02700 allow tcp from 192.168.1.0/24 to 192.168.1.0/24
02800 allow udp from 192.168.1.0/24 to 192.168.1.0/24
02900 allow udp from 192.168.1.0/24 to 192.168.1.0/24
03000 allow tcp from any to 66.92.100.221 80 setup
03100 allow tcp from any to 66.92.100.221 8080 setup
03200 allow tcp from any to 66.92.100.221 8021 setup
03300 allow tcp from any to 66.92.100.221 21 setup
03400 allow tcp from any to 66.92.100.221 22 setup
03500 allow tcp from any to 66.92.100.221 110 setup
03600 allow tcp from any to 66.92.100.221 143 setup
03700 allow tcp from any to 66.92.100.221 993 setup
03800 allow tcp from any to 66.92.100.221 995 setup
03900 allow icmp from any to any
04000 deny log tcp from any to any in recv rl0 setup
04100 allow tcp from any to any setup
04200 fwd 127.0.0.1,3128 tcp from any to any 80
04300 allow udp from 66.92.100.221 to any keep-state
04400 allow udp from 192.168.1.3 to any keep-state
65535 deny ip from any to any
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: tranparent proxying, squid, nat, ipfw
I have done a number of servers in this setup. It really is as simple as following this http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.8 plus the divert line as the first line in ipfw and the necessary NAT in rc.conf. However, if you are thinking of implementing WCCP+transparent proxy+NAT, it doesn't seem to work together, or at least not for me :-D (help?). I have read from Osnews that there's a new ipfw implementation that might solve this and it is due to come out with the 4.9-RELEASE. I'm not sure if this is related though...I didn't read thoroughly. chael Hi, my advice is, take it step by step. Set up your nat, apache (if you need it), squid (don't use httpd_accel at the beginning!). Now I'm a bit unsure what you want to do, if you want to force the use of a proxy for your NAT-Users, so create your redirection rule which redirects outgoing traffic to port 80 (,https,...) to your localhost squid. httpd_accel is for accelerating a specific webserver in your realm, you can use it to speed up the responses from your local apache or any other webserver in your lan (and thereby making it accessible from outside, if you set the ACL accordingly). The question is, what do you want to accomplish? Kind regards, Alex. Quoting Gil Agno Virtucio [EMAIL PROTECTED]: so far this was the simpliest squid configuration that i've seen... http://ezine.daemonnews.org/200209/squid.html hope this helps... - Gil Agno Virtucio Janitor/Collector/Messenger NEC System Integration and Construction Philippines Inc. 15th Floor BPI Buendia Center Gil Puyat Ave. Makati City 1200 Cellphone : +639163989695 Office Phone: +6328914167 - -Original Message- From: synrat [mailto:[EMAIL PROTECTED] Sent: Monday, October 06, 2003 11:40 AM To: [EMAIL PROTECTED] Subject: tranparent proxying, squid, nat, ipfw I'm having a hard time getting this working together. I have squid 2.5 stable working and with all the required setting for transparent proxying. The machine has the kernel with IPFW and forwarding options. NAT is on, firewall type is simple with some modifications. Internal interface address is 192.168.1.1. Squid runs fine when the browser is setup to access it, but the goal is not to have to do that. http_port 3128 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on I have the forwarding rule as well fwd 127.0.0.1,3128 tcp from any to any 80 I tried 192.168.1.1,3128 in the rule. Tried putting it before both divert rules. Here's my ipfw list output 00050 divert 8668 ip from any to any via rl0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from 192.168.1.0/24 to any in recv rl0 00500 deny ip from 66.92.100.0/24 to any in recv rl1 00600 deny ip from any to 10.0.0.0/8 via rl0 00700 deny ip from any to 172.16.0.0/12 via rl0 00800 deny ip from any to 192.168.0.0/16 via rl0 00900 deny ip from any to 0.0.0.0/8 via rl0 01000 deny ip from any to 169.254.0.0/16 via rl0 01100 deny ip from any to 192.0.2.0/24 via rl0 01200 deny ip from any to 224.0.0.0/4 via rl0 01300 deny ip from any to 240.0.0.0/4 via rl0 01400 divert 8668 ip from any to any via rl0 01500 deny ip from 10.0.0.0/8 to any via rl0 01600 deny ip from 172.16.0.0/12 to any via rl0 01700 deny ip from 192.168.0.0/16 to any via rl0 01800 deny ip from 0.0.0.0/8 to any via rl0 01900 deny ip from 169.254.0.0/16 to any via rl0 02000 deny ip from 192.0.2.0/24 to any via rl0 02100 deny ip from 224.0.0.0/4 to any via rl0 02200 deny ip from 240.0.0.0/4 to any via rl0 02300 allow tcp from any to any established 02400 allow ip from any to any frag 02500 allow tcp from any to 66.92.100.221 25 setup 02600 allow tcp from 192.168.1.0/24 to 192.168.1.0/24 02700 allow tcp from 192.168.1.0/24 to 192.168.1.0/24 02800 allow udp from 192.168.1.0/24 to 192.168.1.0/24 02900 allow udp from 192.168.1.0/24 to 192.168.1.0/24 03000 allow tcp from any to 66.92.100.221 80 setup 03100 allow tcp from any to 66.92.100.221 8080 setup 03200 allow tcp from any to 66.92.100.221 8021 setup 03300 allow tcp from any to 66.92.100.221 21 setup 03400 allow tcp from any to 66.92.100.221 22 setup 03500 allow tcp from any to 66.92.100.221 110 setup 03600 allow tcp from any to 66.92.100.221 143 setup 03700 allow tcp from any to 66.92.100.221 993 setup 03800 allow tcp from any to 66.92.100.221 995 setup 03900 allow icmp from any to any 04000 deny log tcp from any to any in recv rl0 setup 04100 allow tcp from any to any setup 04200 fwd 127.0.0.1,3128 tcp from any to any 80 04300 allow udp from 66.92.100.221 to any keep-state 04400 allow udp from 192.168.1.3 to any keep-state 65535 deny ip from any
Re: FreeBSD,Linux and any other os besides Microsoft.
FreeBSD is widely used as a server. Being such, hands on it are of administrators which prefer the way it is, as is. It shines over ALL in the use of command line. I think you would be much better off trying Linux Mandrake instead. Hello, I dont have a question but I would like to make a statement. I downloaded Freebsd version 5.0 release and unpacked it in great anticipation. I made a bootable CD (the best I could, It's not as easy as making a bootable windows CD) put the cd in my rom and found that BSD is not for me. Look, Im not trying to put BSD down or anything, I would love to have it on my computer fully working so that I could use something other than Windows! Im by no means bored with Windows, I find new and exciting things out with it all the time.I feel that im pretty literate when it comes to computers, which brings me to this: You people have to make a product that is just slightly more user friendly.Cant you think of a way to auto-mount your os like windows? Setting up your os is like trying to work your way through a jigsaw puzzle.(Windows even partitions your drive for you) If someone expects to challenge the makers of Windows they are going to have to come up with a user friendly system like Windows where you have an easy command format instead of what your trying to do. I mean come on, first you have to figure out what to partition the drive in because you dont explain any of this, then you have to mount everything,which is beyond the average users comprehension, then you have to figure out commands to pass along to the kernel..etc...etc...etc. With Windows all you do is stick in the disk and it's all pretty straight forward from there on out. Please, if you could just tell me of one of your systems thats a little more user friendly I would love to use it, and tell all my friends about it too so that they can spread the word about the new operating system thats fun and easy to use. Your Friend; AJAX ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Rebuilding the Kernel
If you just need to rebuild your kernel, edit the config file and do only this command under /usr/src/ dir: make buildkernel installkernel KERNCONF=yourkernel That's all. :-P On Tue, 16 Sep 2003 15:19:20 -0500, Charles Howse [EMAIL PROTECTED] wrote: So I can get it right in my head (now there's a challenge). The correct steps for building a custom kernel is: 1) update sources 2) rm -rf /usr/obj/* 3) make buildworld 4) edit kernel config file 5) make buildkernel 6) make installkernel 7) reboot 8) make installworld 9) mergemaster Many Thanks Mark. I believe that's mostly it, but there are smaller steps that may be important inbetween, like doing `chflags' on /usr/obj/* before removing the files - all this is in the manual, though. The steps outlined above are in the handbook - in that order. Take another look at the handbook and if you still have problem reply with specific issues. Here's a real good article. http://bsdvault.net/sections.php?op=viewarticleartid=21 # cd /usr/obj # chflags -R noschg * # rm -rf * One other step between removing the old /usr/obj and making buildworld: # mergemaster -p Jud ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem(s) resolving names with natd/ipfw.
1. I would try enabling named on the FreeBSD gateway and set it as a forwarder to the DNS of my ISP. Then set all the clients' primary DNS to that of the internal IP of your gateway. 2. I would also not use OPEN firewall type. I would not be comfortable with it. 3. I would also take out the lines firewall_type and firewall_script from rc.conf and instead create a shell script in a startup_dir (eg /usr/local/etc/rc.d) and put all my ipfw rules in there and chmod it to be executable. I think the original /etc/rc.firewall awaits variables set in rc.conf eg firewall_type, etc. - Original Message - From: Jose Albores [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, September 14, 2003 12:57 PM Subject: Problem(s) resolving names with natd/ipfw. The problem summary is as follows: I'm setting up a very simple LAN at home using only two machines with fixed private ip addresses either. The FreeBSD gateway is connected to the internet through my cablemodem ISP's modem. The problem is that the Windows XP client CANNOT access the Internet with alphabetic names (should be called a DNS problem?) but it YES CAN do it with ip addresses (numbers). AFAIK (being a newbie in networking issues) it seems that no problems arise from the gateway side after setting up natd/ipfw. From the client, I can ping to numeric addresses locally and outside. And (again using ip-numbers) I can telnet to my pop server's 110 port. But not with names. The (gateway) server has NO problems with alphabetic addresses. Neither pinging the local network nor with the internet. Maybe I forgot some flag for natd in my /etc/rc.conf? Is/are there other option/s in my kernel-configuration file needeed? Any hint will be appreciated. Please feel free to ask for any necessary info. These are the details. It's my first job with networks, and the scenario is as follows: The server: · Pentium 233 MMX. · OS: FreeBSD 4.8-RELEASE. Alternating with Win 98 for testing. · dc0: interfase to my cablemodem ISP. · vr0: interfase to my local network connected to a hub. The client: · AMD athlon xp 2.0 Ghz. · OS: Windows XP. Adding DNS servers to the network config in the client didn't solve the problem. BTW it's not necessary to add DNS entries when the server boots with Win 98 + Microsoft's ICS. On the server side, I built a new kernel with (all?) the necessary options: · The GENERIC kernel, adding: options IPDIVERT options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=200 options IPFIREWALL_DEFAULT_TO_ACCEPT The /etc/hosts file has three entries: 127.0.0.1 localhost localhost.homenet.org 192.168.0.1 daviddavid.homenet.org 192.198.0.2 goliath goliath.homenet.org My /etc/resolv.conf has been automagically generated when first configured the interfases. Maybe? it updates on every boot. And my networking-related lines in /etc/resolv.conf are as follows: --- Begin of /etc/rc.conf --- hostname=david.homenet.org # [...] chunking a few not-networking lines... ifconfig_dc0=DHCP ifconfig_vr0=inet 192.168.0.1 netmask 255.255.255.0 gateway_enable=YES firewall_enable=YES firewall_type=OPEN firewall_script=/etc/my.rc.firewall #firewall_script=/etc/rc.firewall ### did not work either!!! natd_enable=YES natd_interface=dc0 natd_flags= --- End of /etc/rc.conf --- The COMPLETE /etc/my.rc.firewall is extremely simple: --- Begin --- #!/bin/sh /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via dc0 /sbin/ipfw add pass all from any to any --- End --- Testing blindly the /etc/rc.firewall also did not work. Learning ipfw secrets will be left for the immediate future ;o))). TIA. -- José Albores - [EMAIL PROTECTED] Internet GRATIS es Yahoo! Conexión 4004-1010 desde Buenos Aires. Usuario: yahoo; contraseña: yahoo Más ciudades: http://conexion.yahoo.com.ar ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: No networking on 4.9-PRERELEASE
Dude, same here! Although mine's not an xl but an rl. I have posted it under subject sendto: buffer space not available. I tried several times with that 4.9-PRERELEASE. But after every 12hrs, I get the buffer space error. Now I brought it back to 4.8-RELEASE-p4 via cvsup and everything seems to be running fine and it's been 13+hrs already non-stop (crossing fingers) - Original Message - From: Mike Meyer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 15, 2003 2:40 AM Subject: No networking on 4.9-PRERELEASE I updated (via source) to 4.9-prerelease. No, I *tried* to update to 4.9-prerelease as of Sep 13th. The problem is that networking seems to be failing in the 4.9-prerelease kernel. I build on one system and test on a second system, installing via nfs. Following the nsame steps I always follow to install a new kernel and world fails when I try and install the world running the new kernel, as the nfs mount never happens. Trying to ping the build system results in Host is down messages. I can ping localhost and the ip address of the test machine with no problems; those both use the loopback network. The interface that's failing is xl0. Does anyone have an xl that's working with 4.9-prerelease? How about anyone else having network problems with 4.9-prelease. A solution would be best of all, of course. Thanks, mike -- Mike Meyer [EMAIL PROTECTED] http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
OK w/ 4.8R: sendto: buffer space not available
IMO, I think this area of dev should be revisited before 4.9-RELEASE. Because when I brought it down to 4.8-RELEASE via cvsup, it has not failed yet. It usually fails around 12 hrs from boot. And it has been 14+ hours now running very fine. One thing I noticed though... it seems that over time, the peak values on netstat -m grows. Although it is still far from the max value I set in kern.ipc.nmbclusters. Last value before networking stalls is around 9000 to 1+ on my mbuf clusters. Now with 4.8-RELEASE, the netstat -m shows a steady peak value of just 5226. Thanks. Yes, exact kernel configurations too. To be specific, I just copy/pasted the extra options plus the pseudo-device gre. And, yes. The same, on a 256MB machine. I have also tried the advice of Colin to set the sysctl : net.inet.raw.recvspace=131072 net.inet.raw.maxdgram=8192 net.inet.tcp.sendspace=131072 net.inet.tcp.recvspace=131072 net.inet.udp.maxdgram=8192 net.inet.udp.recvspace=131072 kern.ipc.nmbclusters=16384 at /boot/loader.conf (nmbufs automatically sets itself to x4 of nmbclusters) But that didn't work either. netstat -m peaks just over 9000 for mbuf clusters. I should try bring it back to 4.8-RELEASE now. Thanks. [EMAIL PROTECTED] writes: This is serious. I have just cvsuped stable-supfile again and did all necessary steps re kernel/world. It is still having this problem. Anybody stumbled accross the same? Should I just reinstall back to 4.8-RELEASE? Because I got another identical hardware/machine working without this error on 4.8-RELEASE. Same kernel configuration? options MAXDSIZ=(256*1024*1024) options MAXSSIZ=(256*1024*1024) options DFLDSIZ=(256*1024*1024) options NMBCLUSTERS=131072 On a 256MB machine? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sendto: buffer space not available
Yes, exact kernel configurations too. To be specific, I just copy/pasted the extra options plus the pseudo-device gre. And, yes. The same, on a 256MB machine. I have also tried the advice of Colin to set the sysctl : net.inet.raw.recvspace=131072 net.inet.raw.maxdgram=8192 net.inet.tcp.sendspace=131072 net.inet.tcp.recvspace=131072 net.inet.udp.maxdgram=8192 net.inet.udp.recvspace=131072 kern.ipc.nmbclusters=16384 at /boot/loader.conf (nmbufs automatically sets itself to x4 of nmbclusters) But that didn't work either. netstat -m peaks just over 9000 for mbuf clusters. I should try bring it back to 4.8-RELEASE now. Thanks. [EMAIL PROTECTED] writes: This is serious. I have just cvsuped stable-supfile again and did all necessary steps re kernel/world. It is still having this problem. Anybody stumbled accross the same? Should I just reinstall back to 4.8-RELEASE? Because I got another identical hardware/machine working without this error on 4.8-RELEASE. Same kernel configuration? options MAXDSIZ=(256*1024*1024) options MAXSSIZ=(256*1024*1024) options DFLDSIZ=(256*1024*1024) options NMBCLUSTERS=131072 On a 256MB machine? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sendto: buffer space not available
This is serious. I have just cvsuped stable-supfile again and did all necessary steps re kernel/world. It is still having this problem. Anybody stumbled accross the same? Should I just reinstall back to 4.8-RELEASE? Because I got another identical hardware/machine working without this error on 4.8-RELEASE. Also, netstat -m results is nowhere near the kernel max values. Thanks in advance. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 11, 2003 3:47 PM Subject: sendto: buffer space not available Hi, I have this 4.9-PRERELEASE proxy server which is set up with WCCP to my Cisco gateway. It is on a Pentium 4 with 256MB DDR. Traffic can get really high on its interface (not to mention the annoying icmp's which my ipfw rejects). It is OK a day or two from a fresh reboot but after a while, test pings reports a sendto: buffer space not available. I already have the following in my kernel config: options MAXDSIZ=(256*1024*1024) options MAXSSIZ=(256*1024*1024) options DFLDSIZ=(256*1024*1024) options NMBCLUSTERS=131072 Should I need to edit or add something? Is something set too high, or low? Btw, I am also running postfix, qpopper and httpd on this server. Hope somebody can help. Thanks in advance. Regards, chael ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
sendto: buffer space not available
Hi, I have this 4.9-PRERELEASE proxy server which is set up with WCCP to my Cisco gateway. It is on a Pentium 4 with 256MB DDR. Traffic can get really high on its interface (not to mention the annoying icmp's which my ipfw rejects). It is OK a day or two from a fresh reboot but after a while, test pings reports a sendto: buffer space not available. I already have the following in my kernel config: options MAXDSIZ=(256*1024*1024) options MAXSSIZ=(256*1024*1024) options DFLDSIZ=(256*1024*1024) options NMBCLUSTERS=131072 Should I need to edit or add something? Is something set too high, or low? Btw, I am also running postfix, qpopper and httpd on this server. Hope somebody can help. Thanks in advance. Regards, chael ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Running /etc/rc.firewall in the background
hmmm... /etc/rc.firewall is not an executable script. You should start with this: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html If you have the necessary options in your kernel, you can make it start vi rc.conf or a simple sh script placed in a startup dir. Eitherway, running ipfw rules shouldn't take more than a second or two. I have quite a few firewall rules (FreeBSD 4.7R). This causes the server start-up to take several minutes extra. I wanted to have the rules loaded in the background; like so: firewall_script=/etc/rc.firewall But, alas, that does not work. :( Is there a way to do this at all? Thanks! - Mark ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
What do you use for terminal?
Hello, Excuse me if this seems a bit off but I was just wondering what you pro's use as a graphical Terminal Emulator in *nix? Is there anything similar to the features of Vandyke SecureCRT for Windows? You know, one that you can create Logon Scripts (in app, without using shell scripts), save Sessions, etc.. ? Thanks in advance. Regards, chael ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to run a program as a daemon
I had the same problem once, but with httpd. I use the restartWrapper - A very nice perl script written by Mike McCauley, dunno his website though. Maybe you can google. David Banning wrote: I am running tmda-ofmipd for my smtp server and occasionally it dies. I wonder how I could set it up to run so that if it dies for some reason, it will start up again. Right now, it starts in my rc.local like so; /usr/local/bin/tmda-ofmipd -R imap://localhost -u tofmipd Look at DJB's daemontools, perhaps. But the general idea is that you have a monitor script which looks like: #! /bin/sh while : ; do /usr/local/bin/tmda-ofmipd -R imap://localhost -u tofmipd echo TMDA daemon died! Restarting in 5 seconds... sleep 5 done -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
freshly cvsuped, buildkernel errors
Hi, buildkernel on my freshly cvsuped (stable-supfile) 4.8 fails with the following errors: mkdep -f .depend -a -nostdinc -D_KERNEL -DKLD_MODULE -I- -I. -I@ -I@/../include -I/usr/obj/usr/src/i386/usr/include /usr/src/sys/modules/ida/../../dev/ida/ida.c /usr/src/sys/modules/ida/../../dev/ida/ida_disk.c /usr/src/sys/modules/ida/../../dev/ida/ida_pci.c /usr/src/sys/modules/ida/../../dev/ida/ida_eisa.c /usr/src/sys/modules/ida/../../dev/ida/ida.c:41: pci.h: No such file or directory mkdep: compile failed *** Error code 1 Stop in /usr/src/sys/modules/ida. *** Error code 1 Stop in /usr/src/sys/modules. *** Error code 1 Stop in /usr/obj/usr/src/sys/idotnet. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. I tried hashing out the ida line on the kernel config file too, but still didn't work. I have successfully compiled this kernel on my other machine (which is now 4.9-PRERELEASE). But it fails on this one. What could be the reason for the above error? Thanks in advance. chael ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freshly cvsuped, buildkernel errors
doesn't matter. after i re-cvsuped it using another mirror, i have now successfully installed the new 4.9-PRERELEASE kernel. thanks anyway. :) - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 8:26 AM Subject: freshly cvsuped, buildkernel errors Hi, buildkernel on my freshly cvsuped (stable-supfile) 4.8 fails with the following errors: mkdep -f .depend -a -nostdinc -D_KERNEL -DKLD_MODULE -I- -I. -I@ -I@/../include -I/ usr/obj/usr/src/i386/usr/include /usr/src/sys/modules/ida/../../dev/ida/ida.c /usr/src/sys/modules/ida/../../dev/ida/ida_disk.c /usr/src/sys/modules/ida/../../dev/ida/ida_pci.c /usr/src/sys/modules/ida/../../dev/ida/ida_eisa.c /usr/src/sys/modules/ida/../../dev/ida/ida.c:41: pci.h: No such file or directory mkdep: compile failed *** Error code 1 Stop in /usr/src/sys/modules/ida. *** Error code 1 Stop in /usr/src/sys/modules. *** Error code 1 Stop in /usr/obj/usr/src/sys/idotnet. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. I tried hashing out the ida line on the kernel config file too, but still didn't work. I have successfully compiled this kernel on my other machine (which is now 4.9-PRERELEASE). But it fails on this one. What could be the reason for the above error? Thanks in advance. chael ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 5.1 i386 not allowing incoming ftp connects?
Hmm... funny, i have thought that inetd_enabled=YES was default regardless if it's in rc.conf or not. Because even it it's not in rc.conf, you can still see it running when you ps -ax (/usr/sbin/inetd -wW). I have my pop3 (which requires editing the inetd.conf) working even if that line is not in my rc.conf. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 9:29 AM Subject: Re: FreeBSD 5.1 i386 not allowing incoming ftp connects? As it turns out, a one liner: inetd_enabled=YES added to rc.conf caused it to come up correctly. Now it is running fine! Thanks all Bob Keys ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
freeradius+mysql on freebsd
Hello, I have elementary knowledge in radius and a total newB on mysql. Would anyone know of and be so kind to paste a link on a how-to to start me on this? I can only find this in google which seems have non-english characters on it: http://www.y-min.or.jp/~nob/FreeBSD/freeradius.html Thanks in advance. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
stable = prerelease?
Hi, I have just cvsup-ed my 4.8-RELEASE using the stable-supfile. After recompiling, to my surprise, it is now a 4.9-PRERELEASE. Is that safe? A colleague told me he's been having troubles with it specifically the ps and top commands...even after recompiling his kernel. Thanks in advance. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NATD Firewall Rules Setup
I suggest you complete your ipfw rules basing on simple within
/etc/rc.firewall. Substitute variables assuming having natd_enable=YES and
firewall_enable=YES on rc.conf.
chael
- Original Message -
From: Thomas Smith [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, August 23, 2003 2:40 AM
Subject: NATD Firewall Rules Setup
I'm configuring a firewall (FreeBSD 4.8-RELEASE). I've got the firewall
locked down as I need it to be but am having issues getting NAT working.
The firewall config file is included below.
Note that if I add the allow all rule to the end of the file NAT works
fine. I'm certain its an IPFW issue but haven't been able to figure it
out--as I'm a bit new to IPFW and FreeBSD, pointers to documentation
(preferably with examples of usage) would be very helpful. I haven't
been able to find a lot of info outside of the Handbook and what I do
find regarding NAT includes three rules: 1) flush, 2) divert, 3) allow
all traffic.
# Internal network variables
iif=rl1
inet=192.168.20.0
iip=192.168.20.2
imask=255.255.255.0
# External network variables
oif=rl0
onet=216.161.174.0
oip=216.161.174.7
omask=255.255.255.0
# Clear current rules
/sbin/ipfw -f flush
# Allow TCP in, if setup succeeded
/sbin/ipfw add pass tcp from any to any established
# Allow all local traffic
/sbin/ipfw add pass all from 127.0.0.1 to 127.0.0.1
# Stop spoofing
/sbin/ipfw add deny all from ${inet}:${imask} to any in via ${oif}
/sbin/ipfw add deny all from ${onet}:${omask} to any in via ${iif}
# Stop RFC1918 nets on the external interface
/sbin/ipfw add deny all from 10.0.0.1:255.0.0.0 to any via ${oif}
/sbin/ipfw add deny all from 127.16.0.0:255.240.0.0 to any via ${oif}
/sbin/ipfw add deny all from 192.168.0.0:255.255.0.0 to any via ${oif}
# Allow internal network traffic
/sbin/ipfw add pass all from ${iip} to any
/sbin/ipfw add pass all from ${inet}:${imask} to ${iip}
# Allow NAT traffic out.
/sbin/ipfw add divert natd all from any to any via ${oif}
# Allow setup of SSH connections
/sbin/ipfw add pass tcp from any to ${oip} 22 setup
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
RAM increase + swap
Hello, If I put in additional 256MB RAM module ontop my already 256MB system, don't I need to increase the /swap partition size? Current swap is only at 512 (mem x 2). How do you resize a partition inside a freebsd slice, btw? Thanks in advance. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
speedtouch-modem_run pauses indefinitely
Hi, I am using: a) Alcatel Speedtouch USB b) speedtouch-1.2-beta2 from the newly CVSUPed net/pppoa ports. c) mgmt.o or firmware.bin from alcatel (doesn't make a difference eitherway) d) currently using 440BX chipset. Problem: the command modem_run -f /usr/local/libdata/mgmt.o doesn't return the prompt I have tried the above modem_run command both as command line or as usbd daemon (rc.conf + usbd.conf). But they both fail to return the prompt everytime after the microcode is uploaded to the modem. I also tried the firmware.bin that I download from Alcatel website but still the same. I have also tried it with the -m option of the modem_run command too. However, that is not to say that the setup is not working. I just needed to hit Ctrl-C after everytime the microcode seems to have done uploading to the modem, and then the rest of the daemons and scripts load up like normal. Everything is fine and PPP starts and is connected successfully. The only problem is why do I have to hit Ctrl-C? And what part of the modem_run command needed the SIG 2? Can I patch this out? I didn't have this problem using a different chipset (VIA). Is this problem related to the chipset then? Anybody came accross the same problem that might have a solution? Thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
