IPFW acting weird OR invalid ruleset?
Hey everyone. Below is my natd.conf file and my rc.firewall.rule file. I cannot figure it out, but if one of my machines that is behind my Masqurading Firewall tries to d/l a file that is on a FTP site, it fails to connect. FreeBSD 5.2.1 machine with 2 nics. xl0 outside Nic fxp0 inside Nic rc.conf: # enable firewall firewall_enable=YES # set path to custom firewall config firewall_type=/etc/fw/rc.firewall.rules # be non-verbose? set to YES after testing firewall_quiet=NO # enable natd, the NAT daemon natd_enable=YES # which is the interface to the internet that we hide behind? natd_interface=xl0 # flags for natd natd_flags=-f /etc/fw/natd.conf natd.conf: unregistered_only interface xl0 use_sockets dynamic # dyamically open fw for ftp, irc punch_fw 2000:50 rc.firewall.rules: # be quiet and flush all rules on start -q flush # allow local traffic, deny RFC 1918 addresses on the outside add 00100 allow ip from any to any via lo0 add 00110 deny ip from any to 127.0.0.0/8 add 00120 deny ip from any to any not verrevpath in add 00301 deny ip from 10.0.0.0/8 to any in via xl0 add 00302 deny ip from 172.16.0.0/12 to any in via xl0 add 00303 deny ip from 192.168.0.0/16 to any in via xl0 # check if incoming packets belong to a natted session, allow through if yes add 01000 divert natd ip from any to me in via xl0 add 01001 check-state # allow some traffic from the local net to the router #SMTP add 02000 allow tcp from any to any 25 setup keep-state # SSH add 04000 allow tcp from any to me dst-port 22 in via fxp0 setup keep-state add 04001 allow tcp from any to me dst-port 22 in via xl0 setup keep-state #IMAP-SSL add 04010 allow tcp from any to me dst-port 143 in via fxp0 setup keep-state add 04011 allow tcp from any to me dst-port 143 in via xl0 setup keep-state # NTP add 04020 allow tcp from any to me dst-port 123 in via fxp0 setup keep-state add 04021 allow udp from any to me dst-port 123 in via fxp0 keep-state add 04020 allow tcp from any to me dst-port 123 in via xl0 setup keep-state add 04021 allow udp from any to me dst-port 123 in via xl0 keep-state #webmin add 04030 allow tcp from any to me dst-port 1 in via fxp0 setup keep-state add 04031 allow tcp from any to me dst-port 1 in via xl0 setup keep-state #http add 04040 allow tcp from any to me dst-port 80 in via fxp0 setup keep-state add 04041 allow tcp from any to me dst-port 80 in via xl0 setup keep-state # DNS add 04050 allow udp from any to me dst-port 53 in via fxp0 add 04051 allow udp from any to me dst-port 53 in via xl0 add 04052 allow tcp from any to me dst-port 53 in via fxp0 add 04053 allow tcp from any to me dst-port 53 in via xl0 #POP add 04060 allow tcp from any to me dst-port 110 in via fxp0 setup keep-state add 04061 allow tcp from any to me dst-port 110 in via xl0 setup keep-state #HTTPS add 04070 allow tcp from any to me dst-port 443 in via fxp0 setup keep-state add 04071 allow tcp from any to me dst-port 443 in via xl0 setup keep-state #IMAPS add 04080 allow tcp from any to me dst-port 993 in via fxp0 setup keep-state add 04081 allow tcp from any to me dst-port 993 in via xl0 setup keep-state # drop everything else add 04090 deny ip from any to me # pass outgoing packets (to be natted) on to a special NAT rule add 04109 skipto 61000 ip from 192.168.1.0/24 to any in via fxp0 keep-state # allow all outgoing traffic from the router add 05010 allow ip from me to any out keep-state # drop everything that has come so far. This means it doesn't belong to an # established connection, don't log the most noisy scans. add 59998 deny icmp from any to me add 5 deny ip from any to me dst-port 135,137-139,445,4665 add 6 deny log tcp from any to any established add 60001 deny log ip from any to any # this is the NAT rule. Only outgoing packets from the local net will come here. # First, nat them, then pass them on (again, you may choose to be more restrictive) add 61000 divert natd ip from 192.168.1.0/24 to any out via xl0 add 61001 allow ip from any to any ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFW acting weird OR invalid ruleset?
[snip] Ok, I jumped earlier, but actually re-RTF ruleset, I've got a couple questions: - Is it only one pc that can't get through? - Do other services work from behind NAT? (http etc) It looks like rule 4109 should be BEFORE 4090, as 4090 denies all traffic and stops, and internal traffic can't go anywhere (or so it appears). Steve [snip] steve, Yes everything else seems to work fine. There are currently 2 PCs with this issue. 1 is XP the other is Win2k. This ruleset worked fine on FreeBSD 5.1, but I reformatted the box, and install 5.2.1 uploaded the rc.firewall.rules and natd.conf files, since the network interfaces where the same I didn't really have to change anything. I found these rules on this website: http://www.lugbe.ch/lostfound/contrib/freebsd_router/ here is the sample I used from the website: # be quiet and flush all rules on start -q flush # allow local traffic, deny RFC 1918 addresses on the outside add 00100 allow ip from any to any via lo0 add 00110 deny ip from any to 127.0.0.0/8 add 00120 deny ip from any to any not verrevpath in add 00301 deny ip from 10.0.0.0/8 to any in via ep0 add 00302 deny ip from 172.16.0.0/12 to any in via ep0 add 00303 deny ip from 192.168.0.0/16 to any in via ep0 # check if incoming packets belong to a natted session, allow through if yes add 01000 divert natd ip from any to me in via ep0 add 01001 check-state # allow some traffic from the local net to the router # SSH add 04000 allow tcp from 192.168.1.0/24 to me dst-port 22 in via ep1 setup keep-state # ICMP add 04001 allow icmp from 192.168.1.0/24 to me in via ep1 # NTP add 04002 allow tcp from 192.168.1.0/24 to me dst-port 123 in via ep1 setup keep-state add 04003 allow udp from 192.168.1.0/24 to me dst-port 123 in via ep1 keep-state # DNS add 04006 allow udp from 192.168.1.0/24 to me dst-port 53 in via ep1 # drop everything else add 04009 deny ip from 192.168.1.0/24 to me # pass outgoing packets (to be natted) on to a special NAT rule add 04109 skipto 61000 ip from 192.168.1.0/24 to any in via ep1 keep-state # allow all outgoing traffic from the router (maybe you should be more restrictive) add 05010 allow ip from me to any out keep-state # drop everything that has come so far. This means it doesn't belong to an established connection, don't log the most noisy scans. add 59998 deny icmp from any to me add 5 deny ip from any to me dst-port 135,137-139,445,4665 add 6 deny log tcp from any to any established add 6 deny log ip from any to any # this is the NAT rule. Only outgoing packets from the local net will come here. # First, nat them, then pass them on (again, you may choose to be more restrictive) add 61000 divert natd ip from 192.168.1.0/24 to any out via ep0 add 61001 allow ip from any to any ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Boot Loader Config
Hey all, I have a rather stupid question... I currently have an old Compaq DP6000 6266mmx box running as one of my test servers. The default boot option is Non-ACPI (running FreeBSD 5.1). If I just let the loader screen come up (The one with the little ascii devil) and not do anything, the machine will hang at boot. Somewhere around Mounting the / filesystem... If I select option # 2 ACPI enabled, then the machine boots with no problem. What can I modify to make the machine Automatically select option # 2 during the boot process? It gets a tad bit annoying to have to stand in front of the box everytime I want to reboot it. Thanks PS. I already have ACPI_ENABLE=YES in my rc.conf file. Yes this is a ACPI compliant Machine. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Boot Loader Config
What can I modify to make the machine Automatically select option # 2 during the boot process? Check out your /boot/loader.conf file. Comment out the hint.acpi.0.disabled=1 if it's in there. I don't know for sure that this will work, but I'd try it. my /boot/loader.conf file is empty. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
F-Prot update errors
I install F-Prot from the ports. If I run check-updates.pl from the console I get a sucessful update everytime (or a nothing updates found message) but if I added the script into the crontab (via crontab -e as root) I get the following Email: *** * F-Prot Antivirus Updater* *** There's a new version of: Document/Office/Macro viruses signatures on the web. Starting to download... Download completed. Preparing to install Document/Office/Macro viruses signatures. unzip: not found Error trying to unzip: macrdef2.zip. Make sure unzip is installed and it's location is within your PATH variable Fatal error.Exiting... if I do a echo $path I get: /sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin /root/bin if I do a which unzip I get: /usr/local/bin/unzip so unzip is clearly in the path... Anyone have any ideas? Here is my crontab string: 27 4,16 * * * /usr/local/f-prot/tools/check-updates.pl -cron ns1# uname -a FreeBSD ns1.valuedj.com 5.1-RELEASE FreeBSD 5.1-RELEASE #0: Thu Mar 11 09:35:27 PST 2004 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Imap Proxy server?
Hey all, I have looked into this before but never really found too much info on it. On one of my FreeBSD boxes I run Squirrelmail. I was told that there is a Imap Proxy server that can be ran on the local box to help with some slowness with accessing email. I have installed the Imap Proxy server from the ports but there doesn't seem to be any decent documentation. Also the link to the project site is no longer valid: http://www.kuleuven.net/projects/imapproxy/ Has anyone installed / configured this and gotten it to work correctly? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
named Configuration issue
I am running bind 9.x on my primary and secondary servers. Since both are on the same C class subnet I have used a free DNS hosting to be a secondary for my site.. I am trying to added NS and A name records to the 2 name servers but I recieve errors when I restart/reload bind. Here is my mydomain.com zone file. ; ; The full zone file ; $TTL 1H @ IN SOA ns1.mydomain.com. postmaster.mydomain.com. ( 2004052003 ; serial, todays date + todays serial # 1H ; refresh, seconds 2H ; retry, seconds 4W ; expire, seconds 1H ); minimum, seconds ; NS ns1.mydomain.com. NS ns2.mydomain.com. NS ns0.xname.org. NS ns1.xname.org. MX 10 mail.mydomain.com. localhost A 127.0.0.1 @ A 10.0.0.0 MX 10 mail.mydomain.com. ns1 A 10.0.0.1 MX 10 mail.mydomain.com. www CNAME ns1.mydomain.com. ns2 A 10.0.0.2 MX 10 mail.mydomain.com. mailA 10.0.0.3 MX 10 mail.mydomain.com. ns0.xname.org. A 195.20.105.149 ns1.xname.org. A 213.133.115.5 here is the error is /var/log/messages: May 20 18:07:14 ns1 named[718]: dns_master_load: mydomain.com:33: ignoring out-of-zone data (ns0.xname.org) May 20 18:07:14 ns1 named[718]: dns_master_load: mydomain.com:34: ignoring out-of-zone data (ns1.xname.org) if I comment out the ns0.xname.org and ns1.xname.org then I don't get the error. BUT then if you query my NS there is no A record for the xname NS. So I was told that they were Not Glued but if you query ns0.xname.org there are A records for ns0.xname.org and ns1.xname.org. How can I create A records for the 2 DNS servers that are my secondaries from another domain? If I just leave it, then any DNS test I run shows that my DNS servers do not contain the same zone information. Because the NS0 secondary has A records for NS0 but NS1 does not.. :-( ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Missing Port
I am tring to install mrtg on my test FreeBSD 5.1 box. I change into my /usr/ports/net/mrtg directory and find that there is only a README.html How can I get this port back? I tried to cvsup it with ports-all but the files are not there. What would be a quick solution to get the files? Without downloading the ports.tar.gz file and extracting it ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD Firewall as a Transparent Proxy?
I have seen lots of pages on google on how to setup Squid as a Transparent Proxy server on FreeBSD. However most of these refer to 4.9 stable, using IPTables. I am currently using natd and ipfw. Here are my Firewall rules rc.firewall.rules proxy# cat rc.firewall.rules # be quiet and flush all rules on start -q flush # allow local traffic, deny RFC 1918 addresses on the outside add 00100 allow ip from any to any via lo0 add 00110 deny ip from any to 127.0.0.0/8 add 00120 deny ip from any to any not verrevpath in add 00301 deny ip from 10.0.0.0/8 to any in via fxp0 add 00302 deny ip from 172.16.0.0/12 to any in via fxp0 add 00303 deny ip from 192.168.0.0/16 to any in via fxp0 # check if incoming packets belong to a natted session, allow through if yes add 01000 divert natd ip from any to me in via fxp0 add 01001 check-state # allow some traffic from the local net to the router # SSH add 04000 allow tcp from any to me dst-port 22 setup keep-state # ICMP add 04001 allow icmp from 192.168.1.0/24 to me in via xl0 # NTP add 04002 allow tcp from 192.168.1.0/24 to me dst-port 123 in via xl0 setup keep-state add 04003 allow udp from 192.168.1.0/24 to me dst-port 123 in via xl0 keep-state # DNS add 04006 allow udp from 192.168.1.0/24 to me dst-port 53 in via xl0 # drop everything else add 04009 deny ip from 192.168.1.0/24 to me # pass outgoing packets (to be natted) on to a special NAT rule add 04109 skipto 61000 ip from 192.168.1.0/24 to any in via xl0 keep-state # allow all outgoing traffic from the router (maybe you should be more restrictive) add 05010 allow ip from me to any out keep-state # drop everything that has come so far. This means it doesn't belong to an # established connection, don't log the most noisy scans. add 59998 deny icmp from any to me add 5 deny ip from any to me dst-port 135,137-139,445,4665 add 6 deny log tcp from any to any established add 6 deny log ip from any to any # this is the NAT rule. Only outgoing packets from the local net will come here. # First, nat them, then pass them on (again, you may choose to be more restrictive) add 61000 divert natd ip from 192.168.1.0/24 to any out via fxp0 add 61001 allow ip from any to any natd.conf proxy# cat natd.conf unregistered_only interface fxp0 use_sockets dynamic # dyamically open fw for ftp, irc punch_fw 2000:50 proxy# uname -a FreeBSD proxy.valuedj.com 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Fri Mar 26 19:14:17 PST 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/MYKERNEL i386 how would I set it so all incoming packets from xl0 would get redirected to port 8080 for the proxy server. I want to setup DansGuardian for content filtering and I don't want the people who will be using my network to find a way around disabling the Proxy in the browser. Anyone have any ideas? Thanks for your help ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Top posting
etiquetteetiquette http://www.google.com/search?q=rfc+top+postingsourceid=mozilla-searchstart=0start=0ie=utf-8oe=utf-8 Wow, almost every single reply to the list today was top posted. People, please know (and you must, you have to read them, too) that posting replies to the top of an email is, well, counter- intuitive, hard to follow, and goes against the general grain of RFC 1855. Please, it has been requested from many users of this list, do not top post replies, but don't stop sending them ;) Thanks, folks. It is amazing how people just do not care. I was reading a few postings on Yahoo's Finance pages (looking at people talking about the company I work for) and there is this one character who has been told many many many times, be he still insists on top posting and POSTING IN ALL CAPS... Someone should create a script that will bounce the message if all the words are in CAPS and if the message is top posted, with a reply on proper posting etiquette.. ;) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw question...
Hi list, I've this network configuration: router (169.158.120.177) server1 (169.158.120.178) running bind (named), tacacs+, exim, and a pop3 server server2 (169.158.120.179) running squid, apache2, mysql, proftpd (is acting as a GATEWAY) I've a LAN (192.168.1.0/24) and a breaking apart LAN (192.168.2.0/8, 192.168.2.8/8, 192.168.2.16/8), my question is: I want to protect my LAN, LAN and servers from the outside, I want to use ipfw, I have compiled a kernel in server2 (FreeBSD-4.8 on both servers) and I'm blocked (in out), I've some doubts about adding rules 'cause I've been seeing so many samples on the net and I'm a little bit confused...any suggestion about configuration ??? one thing that I learned was to make sure when you start opening ports (IE you have DENY ALL as default) that you start with the lowest port number.. I for the life of me could not get SMTP working, so I moved it from the bottom of my IPFW rules to the top, and walla it worked. If you would like I can post my IPFW rules. They are extemly simple for my SSH, POP3, SMTP, NTP, IMAP, BIND8 setup... ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
make install error with gd
trying to install gd and I get this error: /usr/local/include/freetype2/freetype/freetype.h:20:2: #error `ft2build.h' hasn't been included yet! /usr/local/include/freetype2/freetype/freetype.h:21:2: #error Please always use macros to include FreeType header files. /usr/local/include/freetype2/freetype/freetype.h:22:2: #error Example: /usr/local/include/freetype2/freetype/freetype.h:23:2: #error #include ft2build.h /usr/local/include/freetype2/freetype/freetype.h:24:2: #error #include FT_FREETYPE_H Anyone have any ideas? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: make install error with gd
Read /usr/ports/CHANGES -- you need to update the print/freetype2 port before you update graphics/gd. Also a good thing to do if you experience problems with compiling ports is to try cvsup(1)ing again, and see if the error persists. Cheers, Matthew Thanks Matthew, After i cvsup again this afternoon, that seemed to fix the issue. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
qmail-scanner.pl and perl 5.8?
This is probably a stupid question. I have been having problems correctly installing qmail-scanner-1.21 on my test webmail servers. I get this error: Testing suid nature of /usr/bin/perl... Whoa - broken perl install found. Cannot even run a simple script setuid Installation of Qmail-Scanner FAILED Error was: Checking for setuid nature of perl install What follows should be the UID of the qscand acount... uid=1013 See FAQ for further details if I look in /usr/bin I see: lrwxr-xr-x 1 root wheel23 Nov 6 11:49 suidperl - /usr/local/bin/suidperl if I do a ls -l /usr/local/bin | grep suidperl I get nothing. So the SymLink is pointing to nothing? I did: cd /usr/ports/lang/perl5.8 make install clean use.perl port Should I not use perl 5.8? did they remove the suidperl in 5.8? If you are wondering yes I cvsup my ports to the current. uname -a: FreeBSD [HIDDEN] 5.1-RELEASE FreeBSD 5.1-RELEASE #0: Thu Jun 5 02:55:42 GMT 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 Thanks in advance ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
IPFW problems connecting to port 25!
I have IPFW setup, and in my ruleset i have the following line add 04009 allot tcp from any to me dst port 80 in via x10 setup add 04010 allow tcp from any to me dst port 25 in via xl0 setup however if I enable the firewall and try to telnet into port 25, it cannot connect.. BUT if I disable the firewall I have NO problems. With the firewall enabled I can browse my webserver with no problem, but I cannot connect to port 25.. Any suggestions? FreeBSD 5.1-Current ipfw disable firewall I can access port 25 remotely ipfw enable firewall it cannot connect to port 25 remotely ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFW problems connecting to port 25!
[snip] You do have a rule for established connections? Kevin Kinsey DaleCo S.P. you know the only rule i have for that is add 6 deny log tcp from any to any established I am assuming this is incorrect? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFW problems connecting to port 25!
Aye, there's the rub. Last rule is usually
deny ip from any to any; somewhere above
that, but after the setup rules is allow ip from
any to my.ip.add.ress established* ... it does
no good to allow the setup packets but no
further data
Kevin Kinsey
DaleCo S.P.
*instead of allow ip this could conceivably
be protocol specific, e.g. if you only have tcp
services available, allow tcp from any to {me} established
Below is the rc.firewall.rules file. I found this on a How To website, I
just removed most of the NAT stuff because this is just a VERY SMALL
web/email/test server. I have added what you had mentioned above, but it
still does not connect to port 25. What do I have wronge? Thanks for all
your help...
# be quiet and flush all rules on start
-q flush
# allow local traffic, deny RFC 1918 addresses on the outside
add 00100 allow ip from any to any via lo0
add 00110 deny ip from any to 127.0.0.0/8
add 00120 deny ip from any to any not verrevpath in
add 00301 deny ip from 10.0.0.0/8 to any in via xl0
add 00302 deny ip from 172.16.0.0/12 to any in via xl0
add 00303 deny ip from 192.168.0.0/16 to any in via xl0
# allow some traffic from the local net to the router
# SSH
add 04000 allow tcp from any to me dst-port 22 in via xl0 setup keep-state
#IMAP-SSL
add 04001 allow tcp from any to me dst-port 143 in via xl0 setup keep-state
# NTP
add 04002 allow tcp from any to me dst-port 123 in via xl0 setup keep-state
add 04003 allow udp from any to me dst-port 123 in via xl0 keep-state
#webmin
add 04004 allow tcp from any to me dst-port 1 in via xl0 setup keep-state
#http
add 04005 allow tcp from any to me dst-port 80 in via xl0 setup keep-state
# DNS
add 04006 allow udp from any to me dst-port 53 in via xl0
#POP
add 04007 allow tcp from any to me dst-port 110 in via xl0 setup keep-state
add 04008 allow tcp from any to me dst-port 443 in via xl0 setup keep-state
#IMAPS
add 04009 allow tcp from any to me dst-port 993 in via xl0 setup keep-state
#SMTP
add 04010 allow tcp from any to me smtp in via xl0 setup
add 04011 allow tcp from any to me established
add 04012 allow udp from any to me established
# drop everything else
add 04020 deny ip from any to me
# allow all outgoing traffic from the router
add 05010 allow ip from me to any out keep-state
# drop everything that has come so far. This means it doesn't belong to an
# established connection, don't log the most noisy scans.
add 59998 deny icmp from any to me
add 5 deny ip from any to me dst-port 135,137-139,445,4665
add 6 deny log tcp from any to any established
add 60001 deny log ip from any to any
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
IDE cd-burner, Can it be done???
I have a IDE cd-burner in my FreeBSD 5.1 box. I have installed cdrecord from the ports but this looks like it needs a SCSI drive. Is there a CMD line cd-record package that works with a IDE cd-burner. Here is a line from dmesg: acd0: CD-RW MEMOREX CD-RW4224 at ata1-master PIO4 uname -a: 5.1-RELEASE FreeBSD 5.1-RELEASE #0: Thu Jun 5 02:55:42 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Unable to Install FreeBSD 5.2.1
This is a question for anyone running 5.2.1.. I currently have 5.1 running on a Test server, I decieded to try ver 5.2.1. However after I did the Make Buildworld Make Buildkernel Make installkernel reboot commands, the machine would no longer boot up to a login prompt. It would get as far as Setting Freqency to 28xxhz at 800mhz Time ticks every 10.00 msecond and the machine would just hang. No keyboard controll nothing. So I D/L the 5.2.1 ISO, and booted from Disc1 cd, and the same thing happens at the same point. Mind you this machine has been running 5.1 Just fine. The machine is a AMD Athlon XP 2800+ with a DCI NFII-400LA Motherboard. 512 megs of DDR 2600 ram, 60gig ATA 100 Maxtor drive, and a 24x CD-ROM Drive. Not sure if it matters but the FSB on the board is 333mhz, not sure where the 800mhz is coming from. Any help would be appreciated. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Installing Squirrel Mail from the Ports
Running FreeBSD 5.1, I Just ran CVSUP on my ports to bring them current. When I try to install Squirrelmail from /usr/ports/mail/squirrelmail I get the following error: SquirrelMail is installed into /usr/local/www/squirrelmail To use the old location /usr/local/squirrelmail define WITHOUT_WWWDIR when patching or installing === Vulnerability check disabled === Extracting for squirrelmail-1.4.2_1 Checksum mismatch for squirrelmail-1.4.2.tar.bz2. === Refetch for 1 more times files: squirrelmail-1.4.2.tar.bz2 SquirrelMail is installed into /usr/local/www/squirrelmail To use the old location /usr/local/squirrelmail define WITHOUT_WWWDIR when patching or installing === Vulnerability check disabled squirrelmail-1.4.2.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/. Attempting to fetch from http://eu.dl.sourceforge.net/squirrelmail/. fetch: http://eu.dl.sourceforge.net/squirrelmail/squirrelmail-1.4.2.tar.bz2: Requested Range Not Satisfiable Attempting to fetch from http://us.dl.sourceforge.net/squirrelmail/. fetch: http://us.dl.sourceforge.net/squirrelmail/squirrelmail-1.4.2.tar.bz2: Requested Range Not Satisfiable Attempting to fetch from ftp://ftp.kddlabs.co.jp/sourceforge/squirrelmail/. fetch: squirrelmail-1.4.2.tar.bz2: local modification time does not match remote Attempting to fetch from ftp://ftp.chg.ru/pub/sourceforge/squirrelmail/. SquirrelMail is installed into /usr/local/www/squirrelmail To use the old location /usr/local/squirrelmail define WITHOUT_WWWDIR when patching or installing === Vulnerability check disabled Checksum mismatch for squirrelmail-1.4.2.tar.bz2. === Giving up on fetching files: squirrelmail-1.4.2.tar.bz2 Make sure the Makefile and distinfo file (/usr/ports/mail/squirrelmail/distinfo) are up to date. If you are absolutely sure you want to override this check, type make NO_CHECKSUM=yes [other args]. *** Error code 1 Stop in /usr/ports/mail/squirrelmail. *** Error code 1 Stop in /usr/ports/mail/squirrelmail. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Installing Squirrel Mail from the Ports
Delete /usr/ports/distfiles/squirrelmail-1.4.2.tar.bz2, and try again. The file you have by that name has been corrupted somehow and the ports system is not happy with it. I just checked, and the tarball I downloaded from sourceforge is identical to the one I used the last time I updated squirrelmail. You should end up with: % ls -la squirrelmail-1.4.2.tar.bz2 -rw-r--r-- 1 root wheel 1888703 Oct 1 20:42 squirrelmail-1.4.2.tar.bz2 % md5 squirrelmail-1.4.2.tar.bz2 MD5 (squirrelmail-1.4.2.tar.bz2) = 8d8271c704a9f23d53138a4ceea38fb4 but the ports system will check that automatically for you. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK after deleting the file, I run make and get # make === Patching for squirrelmail-1.4.2_1 === Applying FreeBSD patches for squirrelmail-1.4.2_1 patch: can't cd to /usr/ports/mail/squirrelmail/work/squirrelmail-1.4.2: No such file or directory Patch patch-config-config_default.php failed to apply cleanly. *** Error code 1 Stop in /usr/ports/mail/squirrelmail. what I can do to get the port downloaded again? or how can I clean up after a failed install? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Installing Squirrel Mail from the Ports
Delete /usr/ports/distfiles/squirrelmail-1.4.2.tar.bz2, and try again. The file you have by that name has been corrupted somehow and the ports system is not happy with it. I just checked, and the tarball I downloaded from sourceforge is identical to the one I used the last time I updated squirrelmail. You should end up with: % ls -la squirrelmail-1.4.2.tar.bz2 -rw-r--r-- 1 root wheel 1888703 Oct 1 20:42 squirrelmail-1.4.2.tar.bz2 % md5 squirrelmail-1.4.2.tar.bz2 MD5 (squirrelmail-1.4.2.tar.bz2) = 8d8271c704a9f23d53138a4ceea38fb4 but the ports system will check that automatically for you. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK after deleting the file, I run make and get # make === Patching for squirrelmail-1.4.2_1 === Applying FreeBSD patches for squirrelmail-1.4.2_1 patch: can't cd to /usr/ports/mail/squirrelmail/work/squirrelmail-1.4.2: No such file or directory Patch patch-config-config_default.php failed to apply cleanly. *** Error code 1 Stop in /usr/ports/mail/squirrelmail. what I can do to get the port downloaded again? or how can I clean up after a failed install? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Installing Squirrel Mail from the Ports
make clean is the most thorough procedure-- it will also clean dependencies of the current port-- or you could simply delete the work subdirectory... -- -Chuck After running a make clean and removing the file from /usr/ports/distfiles It still downloads the file and shows it as being corrupt. Is there any way that i can specify a different server for it to download the bz2 from? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RIMPS on FreeBSD 5.1
Has anyone gotten RIMPS 3b3 working on FreeBSD 5.1, running APACHE2, PHP4, MYSQL4, Perl 5.8? If you have, can you stream audio to a machine running IE6? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
pkgdb -F and a few other questions
Hey All, By now I have posted alot of questions and you are probably getting tired of seeing my name in your inbox... But I have yet another for you. I am currently running FreeBSD 5.1-Current, I have SquirrelMail 1.4.2 and Courier Imap installed. I installed a plugin for SquirrelMail that required Perl 5.8 or above. Look to find out I have 5.6.1 installed. I ran CVSup -x -L 2 sup-ports and then a portupgrade -Rra and wala, still Perl 5.6.1. So I de-installed 5.6.1 and make install on perl 5.8.1, ran the pkgdb -Fa and all these errors poped up. Some of the app's were dependent on Perl 5.6.1, so I had it point to the Perl 5.8.1 and all is well, and ran a use.perl port command. For what ever reason I had to re-install SpamAssassin, and the razor-agents ports too. Now if i run pkgdb -F I get what you see below: --- Checking the package registry database Missing origin: bsdpan-CPAN-1.7.6 - Ignored. (the package is held; specify -f to force) Missing origin: bsdpan-Data-Dumper-2.121 - Ignored. (the package is held; specify -f to force) Missing origin: bsdpan-ReadLine-Perl-1.0203 - Ignored. (the package is held; specify -f to force) Missing origin: bsdpan-TermReadKey-2.21 - Ignored. (the package is held; specify -f to force) Missing origin: bsdpan-Text-Aspell-0.04 - Ignored. (the package is held; specify -f to force) obviously I have updated the perl incorrectly. 1) what would of been the correct way to update the perl from version 5.6.1 to 5.8.1 without causing package db problems? 2) how do i fix the above Missing origin errors? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD+Spamassassin+MySQL
I cannot seem to get SpamAssassin working with MySQL 4 I have setup the MySQL database, have given a saconfig user full access to this database. But SA does not seem to Query the SQL database. I have a SquirrelMail plugin that connects to the DataBase just fine, and writes data to it, but SA doesn't seem to grab the data. I have setup a local.cf file with the following: user_scores_dsn DBI:mysql:sa_config:localhost user_scores_sql_usernamesaconfig user_scores_sql_passwordpassword user_scores_sql_table userpref but when I run SPAMD -D and Cat out a sample spam file, I see no SQL lookup info, nor do I see any errors. I searched on Spamassassins website (the archives) have seen alot of people with this error, but not any fixes. I can only assume that it is with the DBI connector or the Mysql-Mysql perl module. I have verified that both are installed. p5-DBD-mysql-2.9002 MySQL driver for the Perl5 Database Interface (DBI) p5-DBI-1.38 The perl5 Database Interface. Required for DBD::* modules mysql-client-4.0.16 Multithreaded SQL database (client) mysql-server-4.0.16 Multithreaded SQL database (server) looking at the above do I need to set the user_scores_dsn to use DBD or is DBI correct? Do I need to install the p5-DBIWrapper from the ports? I am currently running FreeBSD 5.1 Current. Thanks for any help you can provide. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
[Fwd: Re: APC Smart-UPS 620VA]
Original Message Subject: Re: APC Smart-UPS 620VA From:[EMAIL PROTECTED] Date:Mon, November 3, 2003 11:04 pm To: Matthew Seaman [EMAIL PROTECTED] -- A Great port I use is APCUPSD. I have a APC 1400XL RackMount UPS (got it on ebay for around $130... I use the serial cable that came with it and installed the APCUPSD port. This allows me to monitor the UPS, send myself an email at work when the power goes out and come back up, as well as other power draw, battery life, time left on batteries, etc... is the APC Smart-UPS 620VA supported in freebsd? i searched the lists, but didnt find anything on that. anyways, if you can recommend any other APC UPS for freebsd, i'd like to hear your experiences. if i understand correctly i need a smart UPS to make freebsd shutdown in case battery gets empty? the UPS i need should be around 250euros. FreeBSD itself doesn't have any specific support for UPSes -- so long as you feed AC into the power supply, FreeBSD will be happy. In order to interface with a UPS, check out the sysutils/nut port (http://www.exploits.org/nut/) -- this will let you monitor UPSes attached to a serial port or attached by USB: pretty much all APC hardware should be supported, but you may need to use a specific cable. You don't need a 'smart' UPS per-se but less fancy boxes won't let you monitor the state of the UPS is such detail. Generally if the UPS can indicate it's on battery vs. on mains power then NUT can probably work with it. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Adaptec 29160N errors
Hi all, I have a AMD ThunderBird 1 gig machine on a Abit KT7A-Raid MB. When I install my Adaptec 29160N Ultra 160 scsi card, and try to do any writing to a DDS2 tape drive, I get a screen full of Ahc0 - Parity error then I get another error stating that the card is *Reporting* the errors and not *Generating* the errors, and that parity checking will be disabled. I have tried 2 different cards in 3 PCI slots, and a hand full of different internal and external SCSI cables and terminators. The cards have the latest 3.10.0.0 Bios and the MB also has the latest and greatest bios. I have also tried a few different scsi backup drives. Finally I installed a Adaptec AHA-2940 card, and no errors. I am currently running freeBSD 5.1-Current. Thanks for any help you may be able to provide me. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adaptec 29160N errors
The controller is complaining that some device in your system is generating PCI transactions that cannot be safely decoded because they contain parity errors. Just moving the 160 card won't make this situation go away. You need to find the source of these errors. Otherwise, you might as well live with the message in your dmesg log and go on with life. At the time of the errors there was and still is only 1 device on the controller. I have tried 2 different devices 1 internal 1 external as well as a handful of different cables. Again, this has nothing to do with the SCSI controller, the devices attached to it, or anything SCSI specific. Some other PCI device is causing the problem. the only other PCI device in the machine is the NIC. The BIOS for this card may be configuring it to ignore PCI parity errors. That was my guess as well. The 29160N has parity set to Auto, the AHA-2940 has no such option. But I have read about this issue and the 29160N cards with any NIX system, or some BSD system. Most of the issues were resolved by moving the card from one PCI slot to another. My MAIN concern is that the card controlls my Tape Backup Drive sa0... The last thing I want to have happen is all my data on the tapes be corrupt and/or un-Readable due to the parity errors ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adaptec 29160N errors
here are the errors from the messages log. This ONLY happened when A) a device was connected to the Adaptec 29160N and B) when the device was being used by dump. According the the replies I am afraid the problem may be related to the MB.. And ideas on how to trouble shoot it? For some reason this error no longer occurs with the AHA-2940. Could it be some IRQ conflict? I know that the SCSI controller used IRQ 11, as do alot of the other devices on the system.. ns1 kernel: ahc0: PCI error Interrupt at seqaddr = 0x16b ns1 kernel: ahc0: Data Parity Error Detected during address or write data phase ns1 kernel: ahc0: PCI error Interrupt at seqaddr = 0x16b ns1 kernel: ahc0: Data Parity Error Detected during address or write data phase ns1 kernel: ahc0: PCI error Interrupt at seqaddr = 0x8 ns1 kernel: ahc0: Data Parity Error Detected during address or write data phase ns1 kernel: ahc0: PCI error Interrupt at seqaddr = 0x9 ns1 kernel: ahc0: Data Parity Error Detected during address or write data phase ns1 kernel: ahc0: PCI error Interrupt at seqaddr = 0x82 ns1 kernel: ahc0: Data Parity Error Detected during address or write data phase ns1 kernel: ahc0: PCI error Interrupt at seqaddr = 0x16b ns1 kernel: ahc0: Data Parity Error Detected during address or write data phase ns1 kernel: ahc0: WARNING WARNING WARNING WARNING ns1 kernel: ahc0: Too many PCI parity errors observed as a target. ns1 kernel: ahc0: Some device on this bus is generating bad parity. ns1 kernel: ahc0: This is an error *observed by*, not *generated by*, this controller. ns1 kernel: ahc0: PCI parity error checking has been disabled. ns1 kernel: ahc0: WARNING WARNING WARNING WARNING ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SNMP help
In the last episode (Oct 30), Ronnie Clark said: Thanks all for the suggestions. I have the port installed, but how doDaemoncontrol I configure this beast to work with OpenView? I have looked at the online docs for the port, but it is all jibberish to this newbie. Anyone have a simple to follow doc or set of guidelines to setup net-snmp to be monitored by Openview? There shouldn't be any configuration needed. By default, net-snmp will output stats for network interfaces, disk usage, CPU load, memory/swap usage, and active processes. How to get all that stuff monitored by OpenView I have no idea. If it is anything like Compaq's Inside Manager, you should only need to set the SNMP community string in the FreeBSD SMNP Deamon. How this is done I am not sure. There should be a way for you to set the read only and full controll community strings. Then just add the server like you would any other server in Open View. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: PostFix error
daily_clean_hoststat_enable=NO daily_status_mail_rejects_enable=NO daily_status_include_submit_mailq=NO daily_submit_queuerun=NO [in periodic.conf(5), of course] I have added the above lines to my newly created /etc/periodic.conf file. Thanks for all the help. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
PostFix error
For some reason I get these errors on occasion. Mail is flowing, but I want to make sure this error goes away... Oct 28 03:01:00 ns1 postfix/sendmail[1523]: fatal: unsupported: -bh Oct 28 03:01:01 ns1 postfix/sendmail[1524]: fatal: unsupported: -bH Currently I am running FreeBSD 5.1, Postfix, Courier-Imap, SquirrelMail 1.4.2 They have all been install from the Ports, upgraded with PortUprage and CVSup. rc.conf has: sendmail_enable=NONE ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: PostFix error
You forgot to disable the log generation in the daily periodic(8) script. There are some other daily operations you should probably disable, too. Try: daily_clean_hoststat_enable=NO daily_status_mail_rejects_enable=NO daily_status_include_submit_mailq=NO daily_submit_queuerun=NO [in periodic.conf(5), of course] I see a periodic folder off of /etc but no periodic.conf file. Should I just create one with the above settings? Also it seems that there are only 2 errors, not 4. Ahhh I see the error now In the periodic folder, under daily there is a script called 150.clean-hoststat this file contains the following lines: if [ -z $(sendmail -bh 21) ]; then rc=2 else echo echo Removing stale entries from sendmail host status cache: rc=0 sendmail -bH || rc=1 this is the source of the bh errors. I will disable this command and see if I get any more errors. Thanks for pointing me in the right direction. Is there a way to do this is PostFix or is this done automatically? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
System Backup help.
I have been running BSD for a week or so now. I have everything setup just right, Webmail, DNS, IMAP, Webserver, etc I just install a DDS-2 tape drive, I have been reading about using dump for backing up filesystems. How can I use dump to backup the entire drive? If I try using: dump 0 -A ad0 it fails.. do I have to run dump on each slice? I plan on setting up a chron job that runs every night to do a incremental backup, then a full backup at the end of the week. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Noob FreeBSD 5.1 install question
Well, there's no law that says you *have* to use the ports system, but it's pretty strange not to take advantage of something so good... There are pre-compiled packages available, but these generally don't track the latest upstream updates to the ported software very efficiently. The ports tree does: updates to popular packages like apache generally go into the ports tree within a day or so of them being published. Rather than installing the ports and system sources by downloading tarballs from the FTP sites, there are arguments in favour of installing by running cvsup(1) to populate an empty directory. Sorry, what i was saying is that instead of installing the PORTS from the cd I was downloading the latest and greatest ports Tarball from the www.freebsd.org/ports site. Not the fact that I don't use them.. But thank you for the valuable info. I will put it in my book so I can remember to use it tonight. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Noob FreeBSD 5.1 install question
Hi All, I am new to this list and new to freeBSD. I run a Mandrake 9.1 server and wish to convert to FreeBSD. Here are 2 questions that I have. A) I have reinstall freeBSD many times over and over. I work with W2k machine at work and do a Unattended install when I don't want to select the same options over and over again on multiple machines. Is there a way I can create a install Config file to select all my options for me? Is there a way I can take a snapshot of the way the OS is currently configured and make a Install Config File? Maybe something that will auto set my TimeZone, Partition / Slice sizes, just to get the Base OS installed without any ports (except for maybe Lynx Text Web Browser) B) after installing Various ports on the system, do I have to do a Make Clean after each install or can I run Make Clean after installing all of my required Ports? Just as FYI I am running FreeBSD 5.1, I have downloaded and Burned the 2 ISO's (Full Install and Repair / Fix It) I run the install from the cd, then I choose to NOT install the ports, download the 19.x meg file from FreeBSD.org/ports and un Tar it into the /usr folder. Thanks for any help you can provide. John ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
