Re: pxeboot.bs and vlan tagging
On 06/02/2012 17:33, Rick Miller wrote: 2) do you fetch the kernel successfully? When using tftp, The kernel and kernel modules are fetched before the memory file system, so do pxeboot fetch the kernel but not the mfsroot? The reason for these questions is that your problem may be with the kernel and kernel modules and not pxeboot. Just to be sure. I see what you are saying. We will have to look at the packet captures to make that determination. The target system loads pxeboot.bs and consequently requests the following files: /boot/boot.4th (which it does not find) /boot/loader.rc /boot/loader.4th /boot/support.4th /boot/defaults/loader.conf /boot/device.hints /boot/loader.conf It is at this point where the failure occurs. The contents of loader.conf are: mfsroot_load="YES" mfsroot_type="mfs_root" mfsroot_name="/boot/mfsroot" Does this seem consistent with what you were theorizing that it's the kernel that has the problem with vlan tagging and not pxeboot.bs? See the other mail, the way pxeboot works IIRC, is that first the pxeboot is fetched using tftp, the pxeboot is given the next server and will fetch the kernel, modules and other files from /boot/ on that server, (path respective to the root of the tftp dir). The kernel loads and will then fetch the mfsroot file. As mentioned, by default this is done using nfs, and nfs is assumed if the kernel supports nfs, even if it only fetches one file. This I understand has to be this way since the network configuration set with dhcp does not specify the protocol. So, if your kernel supports nfs it will not use tftp and hence fail. The details are somewhat distant to me, it's been some time since I messsed arround with this. hope this helps. BR, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: pxeboot.bs and vlan tagging
On 06/02/2012 19:34, Rick Miller wrote: Thanks for your feedback, Erik! I do have a question below... The kernel I am using is the kernel from the DVD ISO as it is downloaded from freebsd.org. How do I determine what modules have been enabled and disabled in that kernel? I am under the assumption that NFS is compiled into that kernel. We can install 8.2-RELEASE with this kernel in VMs, but not bare metal. Is there an explanation as to why an NFS enabled kernel would work inside a VM, but fail on bare metal? The kernel distributed with the ISOs is the generic kernel, so if you have the source (it's also on the DVD) you'll find the GENERIC kernel configuration file in /usr/src/sys/YOUR_ARCH/conf/GENERIC and you can see what are the compile options. You'll see these options: options MD_ROOT # MD is a potential root device options NFSCL# New Network Filesystem Client options NFSD # New Network Filesystem Server options NFSLOCKD # Network Lock Manager options NFS_ROOT # NFS usable as /, requires NFSCL The first one is required, this allows your kernel to mount a memory disk device (your mfsroot), the others enable NFS. You need to rebuild the kernel with NFS disabled. BR, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Running OS tftp vs. pxeboot tftp
On 01/03/2012 16:16, Rick Miller wrote: Hi All, Are there significant differences in the implementation between the tftp client in FreeBSD 8.2-RELEASE and the client implementation in pxeboot.bs? I have no reason to believe there should be any difference. If you believe there is a problem with the supplied pxeboot, you can compile your own. You previusly wrote about VLAN tagging for your pxeboot nodes, but never wrote back if you solved the problem. What's your setup? I ask because I have encountered a scenario where pxeboot.bs is tftp'ing boot files from a PXE server and fails in random spots while attempting to download boot files to start a 8.2-RELEASE install. When we run the same sequence of tftp gets in a running 8.2-RELEASE instance continuously, we never received a single failure in a solid hour of attempts. You should have some log or other traces to debug on the problem, can't help much without. BR, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Running OS tftp vs. pxeboot tftp
Hi On 14/03/2012 11:44, Rick Miller wrote: I thought I would follow up on this as a couple individuals expressed an interest in it... We have isolated the configuration in which this occurs under. It occurs during the execution of pxeboot.bs on brocade switches with vlan tagging enabled. You might save yourself time and money buying a cheap switch and doing your jumpstart install on a separate closed network completely isolated from the rest of your networks, without VLAN tagging required. If you have lots of nodes to install it makes sense to maintain your own repository of freebsd and packages, and it's good practice to keep your preproduction systems separate from production, so there is no need for network access. BR, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: converting UTF-8 to HTML
On 21/04/2012 07:58, Matthias Apitz wrote: Is there something in the port to convert UTF-8 text to HTML encondings, like: $ echo ü | iconv -f utf-8 -t html ü of the encondings in hex based on the codepoint? AFAIK it's not possible. Browsers understand UTF-8 perfectly, simply add to the html header. Problems with character sets and maintaining a web site usually occur when you mix character sets due to improper editor setup. BR, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: converting UTF-8 to HTML
On 21/04/2012 08:29, Erik Nørgaard wrote: Browsers understand UTF-8 perfectly, simply add to the html header. Obviously I can't know what your project is, but you'll save yourself heaps of problems sticking to UTF-8, in particular if you plan on implementing any search functionality or have users submit content. Enforce and stick to UTF-8. When characters show up wrong in the users browser it's usually because the browser is set to use a non-UTF-8 charset by default such as windows-1252, the web server sends the charset=ascii in the http header and there is no or incorrect meta tag to resolve the problem. Non UTF-8 charsets are a leftover from last millenia that we sometimes still choke on .. sorry the rant ;) Cheers, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: converting UTF-8 to HTML
On 21/04/2012 16:10, Lars Eighner wrote: UTF-8 is a waste of storage for most people and is incompatiple with text-mode tools: it's simple another bid to make it impossible to run without a GUI. UTF-8 is variable with, ascii characters are stored as single bytes (not sure about iso-8859-1) while other characters are stored as two byte chars. If your text tools cannot display certain or all UTF-8 characters it is for one of the following reasons: it is either because the application does not support UTF-8, the display table is missing some characters, or the limited display capabilities of terminal/console mode and the complexity of that particular glyph. Neither of the first two cases are an agument against UTF-8, it's a it's an implementation issue, send a bug report or feature request to the developer. In the last case, I hope you're not saying that we should limit the fredom of expression to what can be expressed in console mode? :P Cheers, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: converting UTF-8 to HTML
On 22/04/2012 13:06, Polytropon wrote: How about the "extended ASCII character set" that has a mixture of "non-US glyphs" and semi-graphic symbols? http://asciiset.com/extended.gif I can't even write my name in that character set. As long as there are multiple charactersets you will have the problem of some characters being shown wrong. This is nothing particular for UTF-8, you have the problem even when choosing between the 10+ different ISO-8859. The only thing that UTF-8 introduce is the variable byte length characters so you can't equate no. bytes with no. characters. Cheers, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Off topic: NetBSD or OpenBSD for Alpha server ?
On 04/05/2012 19:51, Kenneth Hatteland wrote: So I checked the 2 other main contenders and just wanted to ask if anyone here had an opinion what 2 install of the BSDs ? Or perhaps FreeBSD 6.4 is a good choice ( I have not tested Open or Net BSD so FreeBSD is my hometurf) The machine will probably be a server to have fun with and hopefully learn something from. Perhaps some server role in my rig, routing, security etc. Any advise would be nice :) A few things you could consider: - which OS seems to be the most active? I recall NetBSD was about a dead end a few years ago, but maybe they got back. - which OS seems to offer you the best learning oportunity? If you're interested in security OpenBSD might be a choice. ... but then, why not try both, it's free. Or consider something completely different? If I had to go BSD, and not FreeBSD, I'd go with OpenBSD for the security. But I'd much rather like to try a microkernel system like QNX if that would be an alternative. BR, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Best mail setup for home server?
On 05/05/2012 17:21, Joshua Isom wrote: Before I deal with setting postfix to relay the mail, dealing with firewalls and other possible issues, is there a better alternative? postfix will do the job, it just works, local mail will continue to just work. There are alternatives like qmail and sendmail, but why bother if you're already familiar with postfix? The issues you will have will likely be the same regardless of your choice of MTA: Relaying mail through your server may cause outgoing mail to end up in recipients spambox, that at least if your MTA will send directly to the recipient mail server and not relay through, say, your google account. I don't know if you can set postfix up to relay through gmail using your google account, or if it is a good idea - you have to configure it with your password and in plaintext I suppose. But, is this the solution? It sounds like you've got an overly complicated setup. If you use a mail client you can configure multiple accounts, download messages for offline use etc. A mail client like Thunderbird will queue your mail if the smtp server cannot be reached. Consider the issues you otherwise will have when you're away and can't reach your server. BR, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Write only directory.
On 07/05/2012 20:38, Paul Halliday wrote: Is it possible to let a user write to a directory but not access the file after they write it? The file is being transferred via scp and after the transfer I don't want them to be able to re-fetch or even get a directory listing. Hi, If user has no shell access I suppose the problem is that the user might be able to overwrite an existing file. The problem is what owner/permissions/flags the files will have after transfer. I don't know if this will work, but check if setting append only flag on a directory might do. I would expect the append only flag on a directory to allow only creating new files, so existing files cannot be overwritten. Other flags might also be required, also check what you can do with ACL and extended attributes. BR, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
FBSD support for Intel mini-itx board w. realtek 8111D nic
Hi: I've got a fanless via based mini-itx box as my gateway and server and looking to upgrade to a Intel Atom based box. I believe it's supported out of the box. Now, I don't have an extra monitor, basically I'm gonna take the old disk, plug it in and hope it will boot (FBSD81, GENERIC kernel). So, I'm looking at the D945GSEJT which has a realtek 8111DL nic. Which driver is used for this nic? Well, basically I need to preconfigure the network so I can connect if/when it gets up. Thanks, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Link and network level in the tcp/ip stack
Hi: This is a generic question about may, should and must: I have the following setup: 192.168.28/24 +---+ |.196 |.1 SRV GW- RN |.28|.1 +---+ 10.225.162/24 The server, SRV, has default gateway set to 192.168.28.1, no routing has been configured for the 10.225.162/24 network. The gateway is a router, no NAT or firewall. Yup, we do have this setup, don't ask why. Now, the remote node RN pings the server on 192.168.28.196 fine, no problem. Then it pings 10.225.162.28 and get destination unreachable. OK, so I did tcpdump first on the 10.225.162.28 interface, and saw icmp echo requests coming in, but no replies going out. Then I did tcpdump on the other interface and got this: 13:39:43.233419 arp who-has 192.168.28.1 tell 10.225.162.28 obviously no reply, wrong network. So, the system strips the link layer and completely forgets about it? with the added overhead of having to figure things out again to send a reply? Since the server also keeps an updated arp table it's not like the link layer is completely delegated to the nic to take care of. For incoming connections, I would assume that the link address is preserved for replying, no need to send any arp requests. This also means that no routing would need to be defined on the 10.225.162.28 interface to receive connections from non-local nodes. What is the may/should/must protocol recommendation on this? I can't figure whether keeping the link layer for the reply will introduce loop problems or rather solve them. Thanks, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Link and network level in the tcp/ip stack
On 7/5/11 4:12 PM, Arun wrote: Just add default route at your node 10.225.162.28, and make the default GW for this route as 192.168.28.0/24 or the connected interface. Your SRV node should pass it to its default gw 192.168.28.1 which should take care of forwarding it to the destination RN. If your SRV node could NOT forward the ping reply then add a specific route there like - "pkt comes from 10.225.162.0 then forward it to 192.168.28.1. Thanks. Hi: There can only be one default gateway, anything else doesn't make sense. I did try adding a specific route on SRV for RN such that pings arriving on 10.225.162.28 would be responded correctly. But, then RN can no longer reach 192.168.28.196. No surprise there really. So, why do we have this setup? Well, some services like ssh that is used for administration must arrive on 192.168.28/24 where as the commercial service has a dedicated network on 10.225.162/24 and to ensure availability and bandwidth we cannot accept to have ssh coming in on that network. I should add that this is a Red Hat Linux, I ask here since the FBSD implementation of the tcp/ip stack is considered the reference implementation. So the question is which behaviour is correct, recommended or accepted? Stripping the link layer and reply according to the network layer, or keeping the link layer? Thanks, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
FreeBSD compatible mini-itx board
Hi: I am looking for a new low power mini-itx board for my firewall/home server. I've had VIA boards but flacky disk controller and other problems have made me look for something else. So, going all Intel, I hope there will be no hardware problems. I'm looking at The Intel D945GSEJT with an Atom N270 processor and the following specs: Mobile Intel 945GSE Express Chipset Intel 82945GSE Express Chipset Graphics/Memory Controller Hub Intel 82801GBM I/O Controller Hub (ICH7-M) Intel GMA950 RealTek 8111DL Gigabit Ethernet Controller Does FBSD support this? I don't care about graphics basic VGA is enough as this will be a headless server. But I do care that the disk controller is fully supported as well as the NIC. Any suggestions of alternative boards? AFAIK the N270 is single core 32bit, a dual core and/or 64bit alternative would be interesting. Also: The Intel manual mentions: "Support for DDR2 533 MHz SO-DIMMs (DDR2 800 MHz and DDR2 667 MHz validated to run at 533 MHz only)" Will faster RAM result in a less stable system? And what is Serial Presence Detect RAM? I've never seen this advertised. Lots of questions, I know... Thanks, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD compatible mini-itx board
On 19/5/11 7:49 PM, Chuck Swiger wrote: FreeBSD ought to support the 945G chipset and the ICH7 hub; also the RealTek NIC, but the latter isn't the highest quality NIC around. yeah, I'd rather have Intels own NIC dunno why they can't put them on their own boards. Realtek seem to be on all the Intel boards :S At least I'm adding an Intel PCI NIC. Also: The Intel manual mentions: "Support for DDR2 533 MHz SO-DIMMs (DDR2 800 MHz and DDR2 667 MHz validated to run at 533 MHz only)" Will faster RAM result in a less stable system? It indicates that they put faster RAM into the box, but ran it at a speed of 533MHz, which is slower than the memory is capable of running. In some cases, doing this lets you run the RAM at lower voltage or with tighter timing settings of CL/tRCD/tTP/etc. Thanks, currently I have, well ancient RAM on an old VIA board and it's not really any reliable. That with the flacky disk controller on the VIA board is my reason to go Intel. Regards, Thanks, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Where's my disk?
Hi: I'm moving my server to new hardware, but I will preserve the disk making the necessary changes to the configuration before the move. The first problem is that I have no idea how my disk will be recognized, now the root partition is on /dev/ad6s1a. The second problem is that the server is headless. I pretty much have to guess and remember. I have no way of knowing if a command was successful. oh, and the third problem is that this new one uses a USB keyboard and I only have a PS2 keyboard. This means that I need to figure out how the hard disk will be recognized so it will be mounted properly at first attempt. Or else have to go out investing in a lot of extra hardware. Any trick for doing this? Thanks, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Where's my disk?
On 4/6/11 10:48 AM, Polytropon wrote: On Sat, 04 Jun 2011 10:31:18 +0200, Erik Nørgaard wrote: The first problem is that I have no idea how my disk will be recognized, now the root partition is on /dev/ad6s1a. A good approach is to apply a label or use the UFSID of the partitions (which don't depend on controller position) instead of the device names. Thanks, I tried to add labels, and all file systems are labeled, except the root file system, it gives an error alpha# tunefs -L root /dev/ad6s1a tunefs: /dev/ad6s1a: failed to write superblock Can I use the fsid in fstab? alpha# mount -v /dev/ad6s1a on / (ufs, local, fsid c18a2f44f29adbc0) devfs on /dev (devfs, local, multilabel, fsid 00ff00060600) /dev/ufs/local on /usr/local (ufs, local, fsid c58a2f44da5dfaa7) /dev/ufs/var on /var (ufs, local, fsid c98a2f44462bb250) /dev/ufs/tmp on /tmp (ufs, local, fsid d38a2f44b88ac8e5) /dev/ufs/home on /home (ufs, local, fsid d58a2f449675649f) /dev/ufs/share on /home/share (ufs, local, fsid e28a2f4464800a20) devfs on /var/named/dev (devfs, local, multilabel, fsid 01ff00060600) As for the screen I've usually done without, I know my system well, but if the disk moves, I'm lost. For the keyboard, maybe a PS2 to USB adapter? Thanks, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Where's my disk?
On 4/6/11 3:09 PM, Warren Block wrote: On Sat, 4 Jun 2011, Erik Nørgaard wrote: Thanks, I tried to add labels, and all file systems are labeled, except the root file system, it gives an error alpha# tunefs -L root /dev/ad6s1a tunefs: /dev/ad6s1a: failed to write superblock The filesystem has to be unmounted or mounted ro to set a label. Thanks, but not enough: alpha# mount -f -o ro / alpha# mount /dev/ad6s1a on / (ufs, local, read-only) devfs on /dev (devfs, local, multilabel) /dev/ufs/local on /usr/local (ufs, local) /dev/ufs/var on /var (ufs, local) /dev/ufs/tmp on /tmp (ufs, local) /dev/ufs/home on /home (ufs, local) /dev/ufs/share on /home/share (ufs, local) devfs on /var/named/dev (devfs, local, multilabel) alpha# tunefs -L root /dev/ad6s1a tunefs: /dev/ad6s1a: failed to write superblock BR, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Partitioning with gpart or old style slices?
Hi: I just realized how many years ago I haven't been partitioning any disks .. this system is so stable :) So, now I see I have gpart as alternative to fdisk/bsdlabel. I have a 320GB disk which will be dedicated to FBSD, is there any advantage - or any problems (problems as in I've never tried that before) - using gpart instead of the "old" scheme? Do I need kernel modules not in the generic kernel or create extra boot partition? Thanks, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Partitioning with gpart or old style slices?
On 5/6/11 7:03 AM, Robert Simmons wrote: On Sunday, June 05, 2011 12:40:22 AM Matthias Apitz wrote: # gpart create -s mbr ad4 # Init the disk with an MBR # gpart add -t freebsd ad4# Create a BSD container # gpart create -s bsd ad4s1 # Init with a BSD scheme # gpart add -t freebsd-ufs -s 1G ad4s1 # 1GB for / # gpart add -t freebsd-swap -s 2G ad4s1 # 2GB for swap # gpart add -t freebsd-ufs -s 2G ad4s1 # 2GB for /var # gpart add -t freebsd-ufs -s 1G ad4s1 # 1GB for /tmp # gpart add -t freebsd-ufs ad4s1 # all rest for /usr # gpart set -a active -i 1 ad4 You need to install the bootcode: This will install the interactive one: gpart bootcode -b /mnt2/boot/boot0 ad4 this will install the non-interactive one: gpart bootcode -b /mnt2/boot/mbr ad4 Thanks Warren, great article, and thanks all for the follow up posts as well. Just one more question, the usual mbr and boot files will boot a gpt partition? I see there are some additional files gptboot and pmbr? Thanks, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
How to restrict jail's network access?
Hi: I'm planning to move services to run in jails. Two jails: 1: Mail related: postfix, cyrus imap and openldap 2: Web related: apache and postgresql No service should be able to connect out of the jail to remote hosts, except for postfix that need to connect out to port 25 for delivery to other domains. I don't want to allow a ssh out of a jail to the local node, as that could allow a compromised jail to jump to the host server - even if only theoretically. Both jails need to access the named that runs chrooted on the host server but may not access remote DNS services. Otherwise than this there is, any connection to remote nodes or the host server on the loopback interface must be blocked. I don't have extra IPs to create jails with separate interfaces, but there is no conflicting port assignments so this shouldn't be a problem. I have considered to isolate the jails by only offering a loopback interface and let the firewall impose these policies, but is this at all possible? How would you go about implementing the above policies? Thanks, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
8_RELEASE buildkernel fails
Hi: I csup'ed my source tree and rebuilt world succesfully, but buildkernel fails with the following error: cc -c -O -pipe -std=c99 -g -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -nostdinc -I. -I/usr/local/src/sys -I/usr/local/src/sys/contrib/altq -D_KERNEL -DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h -fno-common -finline-limit=8000 --param inline-unit-growth=100 --param large-function-growth=1000 -mno-align-long-strings -mpreferred-stack-boundary=2 -mno-mmx -mno-3dnow -mno-sse -mno-sse2 -mno-sse3 -ffreestanding -fstack-protector -Werror /usr/local/src/sys/net/if_vlan.c /usr/local/src/sys/net/if_vlan.c: In function 'vlan_ioctl': /usr/local/src/sys/net/if_vlan.c:1424: error: stray '\1' in program *** Error code 1 Stop in /usr/local/obj/usr/local/src/sys/GENERIC. *** Error code 1 Stop in /usr/local/src. *** Error code 1 Stop in /usr/local/src. I've cleaned and retried a few times, csup'ed again, but it fails at the same point. Any suggestions? Thanks, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ISC dhcp server
On 18/10/2011 08:38, n dhert wrote: isc-dhcp31-server was removes from the ports. The Freebsd Handbook still refers to it... Can a /usr/local/etc/dhcpd.conf configuration file from isc-dhcp31-server, without changealso be used in isc-dhcp42-4.2.2 ? I think so, I use dhcp 4.1 and didn't change my 3.1 configfile. BR, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Breakin attempt
On 22/10/2011 16:12, Polytropon wrote: Is there _any_ reason why moving from port 22 to something different is _not_ a solution? Yes Reason why I'm asking: Moving SSH away from its default port seems to be a relatively good solution as break-in attempts concentrate on default ports. So in case a sysadmin decides to move SSH to a "hidden" location, what could be an argument against this decision? Moving to a non standard port does not provide you any additional real security. The random scannings and occasional attacks will disappear from your logs but these are not interesting, they fail because you already hardened your server. Those who are determined to break into your server will also find your ssh running on a non-standard port. On the other hand, those legitimate users who rely on ssh to connect remotely to their account may not be able to because the firewall on the network only allows access to standard ports for whatever reason, and running ssh on port, say, 24 is a non-standard port. It is actually common to block access to most ports and allow access only through a proxy, and then open for those particular services that will not run through a proxy. Hence, if you want to be sure to be able to connect remotely, your best bet is to run your services on standard ports. In summary, nothing is won moving ssh to a nonstandard port except for potential problems. BR, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
No network in mixed FBSD81/90 chroot environment
Hi: I have a system running FBSD81 preparing migrate to 90 on a different disk, so the new disk and partitions are mounted in /mnt. To build FBSD90 on the new disk I mount devfs on /mnt/dev and chroot to /mnt. Today I finished make build/install world/kernel in /mnt, and now I no longer have network access, interfaces are visible with ifconfig but no ip is set and can't be set from within the chroot environment. Is this to be expected? How do I get my network access back? Thanks, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: No network in mixed FBSD81/90 chroot environment
On 29/11/2011 13:50, Erik Nørgaard wrote: Today I finished make build/install world/kernel in /mnt, and now I no longer have network access, interfaces are visible with ifconfig but no ip is set and can't be set from within the chroot environment. Is this to be expected? How do I get my network access back? Should add: Network on the host FBSD81 system works fine. -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: No network in mixed FBSD81/90 chroot environment
On 29/11/2011 15:58, Damien Fleuriot wrote: On 11/29/11 1:58 PM, Erik Nørgaard wrote: Today I finished make build/install world/kernel in /mnt, and now I no longer have network access, interfaces are visible with ifconfig but no ip is set and can't be set from within the chroot environment. Is this to be expected? How do I get my network access back? Should add: Network on the host FBSD81 system works fine. When you chroot to your /mnt/ folder you're still using the 8.x kernel and thus the 8.x NIC drivers, with a 9.x userland. This might be your problem. That seems strange though, first, drivers are loaded into the kernel so there is no mismatch there, 8.1 drivers in 8.1 kernel. And then, this is the output from ifconfig, first the chroot environment, then the host environment: FreeBSD chroot # ifconfig re0: flags=8943 metric 0 mtu 1500 options=389b ether e0:69:95:77:f1:20 media: Ethernet autoselect (100baseTX ) status: active plip0: flags=8810 metric 0 mtu 1500 lo0: flags=8049 metric 0 mtu 16384 options=3 pflog0: flags=141 metric 0 mtu 33200 FreeBSD chroot # exit alpha# ifconfig re0: flags=8943 metric 0 mtu 1500 options=389b ether e0:69:95:77:f1:20 inet 192.168.0.1 netmask 0xfe00 broadcast 192.168.1.255 media: Ethernet autoselect (100baseTX ) status: active plip0: flags=8810 metric 0 mtu 1500 lo0: flags=8049 metric 0 mtu 16384 options=3 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 nd6 options=3 pflog0: flags=141 metric 0 mtu 33200 So, the devices are there, just no network connectivity. What are you trying to achieve with this, a smooth 8.x -> 9.x transition ? Well, I don't know what happened on the host system, but the kernel fails building, even kernel 8.2, at if_vlan. Since I decided to migrate to the other disk and upgrade to 9.0 I created a chrooted environment on the new disk and build sources there. Now, the tricky part is that this is a headless system and I need it to be up or at least be sure that I can roll back if something fails. You may want to, instead, install your 9.0 on a different machine (possibly a VM), then use dump on the filesystems to inject them properly on your new disk on the original machine. You should then be able to reboot on the new disk just fine. Thanks, for the suggestion, but sounds risky, the disks are not identical size. It seems I have a workaround that will get my new disk ready: Using fetch-recursive I've downloaded the sources of the ports I need installed, so I can build in the chroot without network access. BR, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Which Lenovo Laptop?
On 08/12/2011 15:01, Pierre-Luc Drouin wrote: so which current 14" Lenovo laptop is the best for FreeBSD compatibility right now? Is it the T420 with the Nvidia card (Nvidia card forced in the BIOS)? Sleep modes work with the T420, right? And I guess Intel Wi-Fi cards are the most supported ones, right? Hi: I got an E520 and tried to install 90RC2 on it, ACPI problems with thermal zone 0 (-273). I got the system installed awkardly: the installer was useless as the console would fill with acpi error messages. Tried to boot live and run sysinstall on a different console but wouldn't install. Eventually I did everything manually. But then trying buildworld got the system hanging without any error message probably due to overheating. So, the final resort was to install linux .. that suck. :( I don't know the other series. Good luck and let me know. BR, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: pxebooting different versions/variants of FreeBSD
On 11/12/2011 13:18, Dura Zell wrote: Is there a way to circumvent the need need of the dhcp option "root-path" and set it instead manually via a config file or as parameter? If not: How can I achieve my goal of pxebooting the different versions of FreeBSD? Hi: No. The only thing you can do is to set root-path for each host with host declarations in your dhcpd.conf. This is useful if you know the mac of each computer and that for example certain macs correspond to 64bit systems while others to 32bit. However, in the installer you can choose the version to install if you want a different. BR, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ipv6 in FreeBSD 9
On 14/01/2012 18:07, Marco Beishuizen wrote: Hi, In 8.2 ipv6 was enabled by adding ipv6_enable="YES" in rc.conf, and all worked fine. In FreeBSD 9 that changed to ipv6_activate_all_interfaces="YES". But now there are still some error messages at boot time, and ipv6 doesn't seem to work correctly: ... root: /etc/rc: WARNING: $ipv6_firewall_enable is not set properly - see rc.conf(5). root: /etc/rc: WARNING: $ipv6_enable is not set properly - see rc.conf(5). ... I do not use a static IP adress, but DHCP. Wat do I need to do more to enable ipv6? Don't use ipv6, but reading above: Did you replace ipv6_enable with ipv6_activate_all_interfaces? because the error seems to tell you that you must keep ipv6_enable Or, maybe there was an error with mergemaster? old scripts, new kernel variables? BR, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ipv6 in FreeBSD 9
On 15/01/2012 21:41, Marco Beishuizen wrote: On Sun, 15 Jan 2012, the wise Erik Nørgaard wrote: Don't use ipv6, but reading above: Did you replace ipv6_enable with ipv6_activate_all_interfaces? because the error seems to tell you that you must keep ipv6_enable I replaced it with the new lines because according to the manpage ipv6_enable is deprecated. But why shouldn't I use ipv6? Sorry, meant to say, I don't use ipv6 so I can't do much debugging. Or, maybe there was an error with mergemaster? old scripts, new kernel variables? I ran mergemaster, but didn't get any error messages. Afaik all scripts in /etc are new. OK, in the error messages you posted it seems that some script checks or use these variables. Maybe try to run the different networking scripts manually and see where it fails. BR, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: pxeboot.bs and vlan tagging
On 06/02/2012 16:35, Rick Miller wrote: We are PXE booting into FreeBSD 8.2-RELEASE to perform system builds. The pxeboot.bs file was recompiled with TFTP support. 8.2-RELEASE builds were working fine until we attempted a build on bare metal in an environment that utilizes vlan tagging. When the system loaded the pxeboot.bs file it prompted that a disk containing the mfsroot.gz be inserted. Hi, a few questions: 1) do you use tftp or nfs? if you built pxeboot with tftp, did you also build the kernel with tftp? I assume that you want to use tftp since you fetch a memory file system as root device. 2) do you fetch the kernel successfully? When using tftp, The kernel and kernel modules are fetched before the memory file system, so do pxeboot fetch the kernel but not the mfsroot? The reason for these questions is that your problem may be with the kernel and kernel modules and not pxeboot. Just to be sure. I have a couple of questions that I am hoping I can use to glean a proper solution: 1) Does the 8.2-RELEASE pxeboot.bs source code support use of vlan tagging? 2) Can I get vlan tagging support with newer 8.2 code? 3) Will the 9.0-RELEASE code have better support for vlan tagging and can I use it to build an 8.2-RELEASE system? I did a grep in the source and it seems there is a kernel module for vlan tagging, if you load the kernel succesfully it may be a question of getting that module loaded as well, or rebuild the kernel. But I can't give a better answer. My best guess is not to rely on vlan tagging unless you can configure that on the hardware. Or, normally there is a default vlan that corresponds to no tag. If you can configure that for pxe and use tagging for the other networks. BR, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: pxeboot.bs and vlan tagging
On 06/02/2012 17:11, Rick Miller wrote: See my responses inline... On Mon, Feb 6, 2012 at 10:54 AM, Erik Nørgaard wrote: On 06/02/2012 16:35, Rick Miller wrote: We are PXE booting into FreeBSD 8.2-RELEASE to perform system builds. The pxeboot.bs file was recompiled with TFTP support. 8.2-RELEASE builds were working fine until we attempted a build on bare metal in an environment that utilizes vlan tagging. When the system loaded the pxeboot.bs file it prompted that a disk containing the mfsroot.gz be inserted. Hi, a few questions: 1) do you use tftp or nfs? if you built pxeboot with tftp, did you also build the kernel with tftp? pxeboot.bs was compiled with TFTP enabled. We made 3 modifications to the kernel not related to tftp. One change was to the NIC source code to improve small packet performance, we compiled a custom kernel that disabled FLOWTABLE and enabled ROUTETABLES. TFTP is the intent for PXE, we did not want to rely on NFS. For the remainder of the install, we've written code into sysinstall to support pure HTTP installs. 2) do you fetch the kernel successfully? When using tftp, The kernel and kernel modules are fetched before the memory file system, so do pxeboot fetch the kernel but not the mfsroot? The reason for these questions is that your problem may be with the kernel and kernel modules and not pxeboot. Just to be sure. I see what you are saying. We will have to look at the packet captures to make that determination. There used to be some kernel options in older versions but I think the necessity for these were removed with 7.0. Can't find them right now. Also, there is a trick when you want to use tftp, by default the kernel will try nfs if it has been built with nfs code, so check for references to nfs. The generic kernel is built with with the option options NFSCL options NFSD options NFSLOCKD options NFS_ROOT these should be disabled. Thanks for this information, it has given me some other things to think about and could potentially lead to a proper solution. My approach to this is to create a closed network with one server providing all the necessary services (dhcp, tftp and ftp/http) as well as a local mirror with all the required files for installation. If you have a lot of servers, it makes no sense that each sould fetch packages from the public mirrors, hence for installation there should be no need for access to external networks. If you do this you can configure your switches accordingly without any need for vlan tagging. BR, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
What is your favorite board for a micro system?
Hi! What is your favorite mini/micro/nano/pico-itx platform for home projects? I currently run a home server on an Intel mini-itx board but was looking around for something fun to play with with the following specs: - mini-itx or smaller, low profile - fanless - low power 12V external PSU - 1 LAN, preferably 2 - 2 USB2/3 - Flash bootable, but with option for hdd boot - GPIO would be fun - hdmi out would be nice I have tried VIA boards but found they were flacky... Any suggestion regarding ARM vs Intel based? Thanks, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Client Authentication
On 24/03/2013 05:22, Doug Hardie wrote: Basically, my outgoing mail server is being systematically attacked to try passwords looking for one that works. Have you investigated to identify where these attacks originate from? Even if the IP is not fixed, they often belong to ranges assigned to a particular country or even a particular ISP. AFAIK best practice is to use port 25 for relaying mail between the servers, hence your server should only allow incomming mail on this port. This does not require authentication. Users should connect to port 587 on your server to send mail. This ofcourse requires authentication. If your users are not mobile, then you can simply block port 587 for external connections. Even if you have mobile users you can likely make some safe assumptions about where they will connect from, for example only national connections. The situation is such that most of our users are older and their computer is a hand-me-down so they can talk to their grandchildren. Passwords are a great inconvenience for them and create numerous problems with remembering them even when they are simple. So, I assume that each user has a PC or laptop for personal use only? Do you need mail passwords to be the same as computer or network passwords? If not then help your users choose a strong mail password and enter it in the mail client's password manager. Writing down a password can actually be a better solution than bad passwords. If people have a private PC at home, it may even be acceptable to stick a post-it to the screen. Consider implementing a password policy that is enforced by technical means, requireing regular change and strength test before a new password is accepted. You may get heaps of user complaints with this though. But I think that users aversion for good passwords is that they have no idea of how to pick one that is easy to remember yet hard to guess, and that they may have to authenticate many times with many different passwords throughout the day. This situation requires a technical solution. I have been investigating the use of client authentication through SSL. With certificates you will likely encounter user problems as with passwords: You can install the certificates in the users keychain, with or without password protection or protected by the system password. This may actually be OK if that requires physical access to the user's computer. Or you can use some card reader as you mention, but if users have problem managing a piece of paper with a password, how will they do with a card? You will have to deal with lost cards in stead of forgotten passwords. From the description of your users I don't think this is a solution. In either case, whenever a certificate expire you will have to update it and help install the new certificate, and it becomes a hazle if the users gets a new computer. Any ideas/suggestions on this will be appreciated. Thanks, I think, given user's abilities the best option is use port 587 for authenticated outgoing SMTP with STARTTLS and a server side certificate. Restrict external access to port 587. Use mail client's password manager to store mail password and help users choose a strong password which will only be used once. Or, you can make away with the mail client and offer a web interface. Then mail can only be relayed for connections from localhost. BR, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Client Authentication
On 24/03/2013 17:50, Waitman Gobble wrote: On Sun, Mar 24, 2013 at 1:25 AM, Doug Hardie wrote: One idea is to run a different server process on 25 which does not do SMTP AUTH,, then run SMTP AUTH on 465 or 587. I don't really see a reason to advertise SMTP AUTH on 25, for some reason all mail servers seem to do AUTH on all ports or none. Maybe there is a way to configure SMTP AUTH only on certain ports, one way I can think of is to run two processes with two configs. Port 25 should be open for external connections and allow only local delivery. 465 is STMPS and should be configured as 25 but with SSL, this is really only useful if you have a certificate issued by a trusted CA as other servers will otherwise reject your certificate as untrusted. Port 587 is for message submission, see RFC 2476, you can configure it with TLS (serverside) and it should only advertise STARTTLS. Here you can create your own CA as you control all clients who are authorized to connect and can install the CA certificate. A simpler setup though is to have yor MTA listen on both port 25 and 587 and announce all services required for local delivery plus STARTTLS. Then require TLS for authentication. I understood you use dovecut as MDA? which is your MTA? With postfix the above is pretty simple to set up. BR, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: line lengths in /etc/hosts
On 27 Mar 2013, at 09:57, per...@pluto.rain.com (Perry Hutchison) wrote: > Is there a limit on line length in FreeBSD's /etc/hosts? > > I'm not finding any mention of such a limit in hosts(5), but > characters beyond the first 660 or so seem to be ignored. > > To answer the inevitable followup "why would anyone need such > a long line in /etc/hosts": > > With this line in /etc/nsswitch.conf > > hosts: files dns > > I can easily suppress access to unwanted web sites by adding > names to the localhost line in /etc/hosts, like this: > > 127.0.0.1localhost localhost.my.domain bad1.com bad2.com ... > > My version of that line has gotten rather long :) AFAIK you can have multiple lines. BR ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Adding lines to /etc/rc.conf during sysinstall wihout being "REMOVED"
Josh Endries wrote: Does anyone know the correct way to add lines to rc.conf without sysinstall commenting them out and prepending "REMOVED" to them, during an automated install.cfg routine? Currently I have a pkg I made that adds stuff like ntp.conf and rc.conf, but all the lines in my custom rc.conf are removed after the script finishes. I looked through the code for sysinstall but didn't see any way to disable this behavior (my C isn't very good). What would be the correct way to do this? I'm now having my pkg install a rc.d script which cat's >> /etc/rc.conf... could you post your install.cfg? Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Adding lines to /etc/rc.conf during sysinstall wihout being "REMOVED"
Josh Endries wrote: Here is my install.cfg: debug=YES #nonInteractive=YES #noWarn=YES disk=ad0 partition=all bootManager=standard diskPartitionEditor #diskPartitionWrite ad0s1-2=swap 4194304 none ad0s1-1=ufs 524288 / ad0s1-3=ufs 19531250 /home 1 ad0s1-4=ufs 2097152 /tmp 1 ad0s1-5=ufs 19531250 /usr 1 ad0s1-6=ufs 0 /var 1 diskLabelEditor diskLabelCommit hostname=test netDev=vr0 nfs=192.168.0.3:/var/export/6.0-RELEASE/ tryDHCP=YES mediaSetNFS #nameserver=192.168.0.7 dists=base distSetCustom installCommit ... command=cp /dist/pkgtools.conf /usr/local/etc system command=sed -i '' 's/md5/blf/' /etc/login.conf system command=cap_mkdb /etc/login.conf system command=pkg_add /dist/packages/All/my_base.tgz system shutdown have you considered command=shutdown system ? it may not be the nicest way to do things though. After sysinstall's "shutdown" and reboot, it comments out these lines (using "#REMOVED: %s"). Converting them to something like this in install.cfg didn't help, regardless of quotes: command=echo sshd_enable="YES" >> /etc/rc.conf system two things: try this before shutdown: command=cp /etc/rc.conf /tmp/rc.conf system and also try to echo like this: command=echo 'sshd_enable="YES"' >> /etc/rc.conf I don't know how sysinstall treats quotes. Well, honestly, I don't _know_ the answer to your question, but I hope this helps. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Wireless NIC in FreeBSD 6.0 ?
Yuan Jue wrote: ath0: flags=8843 mtu 1500 inet 166.111.208.137 netmask 0xfe00 broadcast 166.111.209.255 ether 00:11:85:1b:21:79 media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/36Mbps) status: associated ssid A314b channel 11 bssid 00:09:5b:d1:fa:c4 authmode OPEN privacy OFF txpowmax 30 protmode CTS bintval 100 PING 166.111.8.28 (166.111.8.28): 56 data bytes ping: send to: No route to host it means I cannot connect to the internet even when I have got the wireless card an IP address using DHCP. WHY? can anybody help on this? any suggestion would be much appreciated. Take a close look at the ip/broadcast of your nic and the ip of the host you're trying to ping. Your NIC: 166.111.208.137/23 Your DNS: 166.111.8.28 They are not on the same network as far as I can see. Now, check that you have the default route set, # route -n get default Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Wireless NIC in FreeBSD 6.0 ?
Erik Nørgaard wrote: Your NIC: 166.111.208.137/23 Your DNS: 166.111.8.28 Just now when I think of it, maybe you meant to ping 166.111.208.28? Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Wireless NIC in FreeBSD 6.0 ?
Yuan Jue wrote: On Sunday 25 December 2005 19:53, you wrote: yes. they are not on the same LAN. but when I use my local NIC to connect the internet, everything is fine. the following is how my local NIC works: [EMAIL PROTECTED] ifconfig bge0: flags=8843 mtu 1500 options=1a inet 166.111.208.204 netmask 0xfe00 broadcast 166.111.209.255 ether 00:0d:9d:90:e0:68 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff00 [EMAIL PROTECTED] ping 166.111.8.28 PING 166.111.8.28 (166.111.8.28): 56 data bytes 64 bytes from 166.111.8.28: icmp_seq=0 ttl=251 time=0.525 ms why does this work? it has the same netmask and broadcast address as the wireless NIC. Any more explanations? OK, now, if you have two nic's configured for the same lan things get wierd. Try # ifconfig bge0 down And, check that default route is set correctly. I think the default route binds not only to an ip but also to the interface that connects to that network, so maybe you have configured both bge0 and ath0 and default route set to go out bge0. Now, when you disconnect bge0 and try to ping, your ping is not sent on ath0 as you might think but on bge0. To check this kind of problems, use snort to sniff what's actually leaving your interface. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Wireless NIC in FreeBSD 6.0 ?
Yuan Jue wrote: one more question since I use a fixed IP address in my dormitory and a dynamic IP address in the classroom or library, i need to change my local NIC configure from time to time. In fact, I use the fixed IP address as my default setting, which is as follows: what is the right way to do it? or is there any better solution for my situation? Try to take a look at dhclient.conf(5) and dhclient(8) and set all interfaces to be configured with dhcp. I think it should be posible to configure default values so there is something to fall back on if a lease is not obtained. Note that dhclient is new in FBSD 6, this is also why you had to take down the other interface. The old dhclient would reset all dhcp configured interfaces, the new doesn't, which is quite neat because usually you would have the two interfaces connected to /different/ networks. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: dhclient fixed leases
Maxim Vetrov wrote: I'm on 6.0 release. The "default" will not help - I have several networks without dhcpd. So 'default option routers 10.0.1.5;' will work only for one and fail for others. Well, in that case I have dificult seeing how fixed leases will help you, how should dhclient choose which fixed lease to use? One fixed lease or one default would work. Otherwise, it seems that you should create a script that interactively lets you log on a particular network, and start dhclient if needed or configure your nic with a fixed ip using ifconfig. Regards, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: A strategic question
Jozef Baum wrote: ... to install FreeBSD, one needs already a lot of knowledge about the system. To acquire that knowledge, one needs experience on an installed system. But to have an installed system, one needs already a lot of knowledge about the system. That's the problem. The handbook doesn't tell you that, at the "last chance" message, you have to take out the boot CD and to insert CD 1. But if you don't do so, nothing gets installed. 1st: I don't think I have ever installed an unknown system and got it right the first time: OS/2, RedHat Linux, OpenBSD and FreeBSD. I have always installed the system, used it about a month and then reinstalled. So you install the system the best you can, then start learning your way around it and figure out what went wrong. First time, don't worry about things getting messed up, just don't throw it directly into production. You might find yourself reinstalling a few times, but that's just part of the game. 2nd: It's true that the FreeBSD developers have not gone out of their way to make a sleek installer, but unlike other OS's, the installer is something you'll hardly ever use. I installed my laptop with 5.2.1 two years ago, since then I have continuously upgraded everything and run 6.0 now, but I haven't used the installer at all. So, there is a catch, those who use the installer has yet to get the experience to make it better and those who know how just don't have that itch scratching. 3rd: If there is an error or something missing then you can file a problem report for the documentation and explain what you find missing. I configured a German ISO keyboard, but many keys don't work correctly. One has to look with Google to find additional information about configuring a German keyboard. Getting keyboards right is a science and one of the most frequently asked questions. The thing is that you have to deal with both keyboard and character sets, and further some programs let the user change the keyboard for that program only: emacs, pine, thunderbird. While not particularly for german keyboard, there is an article about setting things up and you should be able to figure out the needed changes - heck the examples are for german! http://www.freebsd.org/doc/en_US.ISO8859-1/articles/euro/index.html The locate command did not work, as the locate database seemed to be corrupted. I had to figure out how to rebuild this database. An all system you need to build/rebuild the locate database regularly. The root user had a csh, while ordinary users had a sh shell. I had to figure out how to provide the same shell to the root user and the other users, as all those virtual users are all one and the same person, me. There is one principle you should adhere to on any system: Let root keep default settings. This is challenging at first, but in critical situations an advantage. I tried to setup an X Window environment (nVidia Geforce video adapter), but the horizontal and vertical refresh rates of the manufacturer didn't work, I had to experiment to find out the one X likes. Then I could startup X, only to not having configured at all my German keyboard. see the above article, it also have the part covering X11. I tried to install emacs during installation, but it didn't succeed. Returning to the post-installation tasks after having installed the system resulted in a successfull installation of emacs (working only after a system reboot). Well, this is where sometimes you install, gain some experience and reinstall. Anyway, there is no reason you have to get everything installed at install time. I have learned to prefer a lean system at install and then add stuff as needed. Otherwise I allways end up with lots of crap that I don't need. Why is it that FreeBSD people, who seem to be perfectly able to formulate correct algorithms for implementing UNIX concepts, and translating them into code, don't care at all about a novice user, providing him with an installation program that doesn't work as it should, even without a GUI? As another stated this: It seems you want the system to think your way - which more or less requires the developers to think your way. This is obviously unrealistic and unreasonable to require - but your luck is that unlike other operating systems, you can make FreeBSD behave as you like it. I know UNIX is all about solving problems, but is it really interesting to make it apparently deliberatly so difficult for a newcomer? Is it really the policy of those guys to make the entry level to UNIX difficult, only to avoid a breakthrough of UNIX (FreeBSD) to the desktop users? I don't think anyone makes things difficult on purpose. but as above statement, their brain might just not work like yours. Not better, nor worse, just different. And there is no "avoding breakthrough to desktop" - I have used FreeBSD on my desktop, laptop actually, for three years. Before that I used RedHat for 4 ye
scanner problems: I/O error/scanner application hangs
Hi: I had my scanner, Epson 2480, working half a year ago on FBSD 6.0, now it's been a while since I used it, I have upgraded to FBSD 6.1-PREREL as well as upgrading applications, and now it doesn't work. First scanner probe gives an I/O error, second hangs: charm# date && scanimage -L && date && scanimage -T || date Fri 24 Feb 2006 23:07:28 CET device `snapscan:/dev/uscanner0' is a EPSON EPSON Scanner flatbed scanner Fri 24 Feb 2006 23:07:29 CET scanimage: open of device snapscan:/dev/uscanner0 failed: Error during device I/O Fri 24 Feb 2006 23:07:29 CET charm# date && scanimage -L && date && scanimage -T || date Fri 24 Feb 2006 23:07:33 CET Killed Fri 24 Feb 2006 23:09:09 CET I need to turn off the scanner in order to repeat, it is not enough to unplug the usb port. The scanner is found correctly after applying the patches I submitted (pr usb/86094), otherwise it appears as a ugen device. My system is: FreeBSD charm 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #3: Fri Feb 24 22:25:37 CET 2006 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/CLIENT6 i386 No difference whether uscanner is compiled in kernel or loadable module. Sane: sane-backends-1.0.17 sane-frontends-1.0.14_1 xsane-0.991 I believe I had it working with sane-backends 1.0.15 and xsane 0.80 Any ideas? Thanks, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Updating OpenSSH
Daniel A. wrote: So, basically, if I want the newest version of OpenSSH running on my system, I have to not use the one shipped with 6.0-RELEASE, and install OpenSSH from ports? Please don't toppost. Installing from ports you'll get version 3.6.1. Before you get paranoid, check the changelog - are there any changes that you actually need? do they provide increased security? Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Help with IP Filter 4.1.8
Roman Serbski wrote: Hi all, I am having a problem with ipf after recent upgrade to 6.1-PRERELEASE. Any help would be greatly appreciated. ipf: IP Filter: v4.1.8 (416) Kernel: IP Filter: v4.1.8 Running: yes Log Flags: 0 = none set Default: pass all, Logging: available Active list: 0 Feature mask: 0xa I am trying to allow outgoing dns requests from my server to DNS server of ISP. Here is my ruleset: ipfstat -oh 0 pass out quick on lo0 from any to any 0 pass out quick on xl0 proto tcp from any to any port = domain flags S/FSRPAU keep state 1 pass out quick on xl0 proto udp from any to any port = domain keep state 0 block out log quick on xl0 all ipfstat -ih 0 pass in quick on lo0 from any to any 0 block in quick on xl0 all Could you change your last rule to this: block in log quick on xl0 all and then tell what you see in the log. This would give some information if any traffic is blocked in the first place. Actually, adding the log keyword to all rules for the xl0 interface might be a good idea for debugging. Also, is this the complete ruleset or did you remove rules you thought were irrelevant? If so, then post the whole ruleset. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Help with IP Filter 4.1.8
Roman Serbski wrote: Start over with a clean /usr/src and /usr/obj tree and read the file ``/usr/src/UPDATING'' for instructions about upgrading from source. Dear Erik and Giorgos, Thanks a lot for your assistance! I just cvsuped one hour ago, build/install kernel/world and now everything is working just fine! I had probably a bad luck during first cvsup... One last question (just for curiosity). What is the procedure for _upgrading_ of ipf? I mean, since ipf is already included in the base (v4.1.8), is it possible to upgrade it to v4.1.10? The ipf source is as I understand it compiled as kernel modules or into the kernel and some administrative applications are compiled to interact with the kernel. Hence, as mentioned by Giorgos, upgrading by downloading the source from the official site should be done with care. The recommended way is as Giorgos say to update your source and go with the current version included in FreeBSD. When I suggested to look at more resent versions it was more to check the history and see if there was some bug discovered in 4.1.8 that had been corrected and could have been causing your troubles. If there are such bugs you should file a problem report. If changes are minor it may be possible to merge the newer version into the FreeBSD code, but at the cost that on next cvsup you will have to do it again unless the newer version has been adopted. If there are no such problems, don't bother to update. In such a crucial part of the system it is important to be aware of the actual benefit from upgrading. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Arplookup strange messages
Pietro Cerutti wrote: Hi list, today in the daily security report (periodic) of a i386 machine there is this message repeated about 30 times: +arplookup 0.0.0.0 failed: host is not on local network From rfc 3330: 0.0.0.0/8 - Addresses in this block refer to source hosts on "this" network. Address 0.0.0.0/32 may be used as a source address for this host on this network; other addresses within 0.0.0.0/8 may be used to refer to specified hosts on this network [RFC1700, page 4]. I think in packet filter you can specify 0/32 and it will automatically be replaced by the ip on the relevant interface, this is useful when you have nics configured with dhcp. However, not all programs support this and will instead try to make an arplookup which is bound to fail. So first question is, what program causes this arplookup? - Do you in your firewall rules specify 0/32? - Do you have correctly set antispoofing? If your firewall does not drop packets from 0/8 then it may try to send a response to the invalid ip. - Do you have dhcp configured somewhere for some host? IIRC dhcp requests are sent with source 0/32 to destination 255.255.255.255/0 (rfc 2131). Your firewall may (it shouldn't, but check anyway) incorrectly try to route it if you don't have the antispoofing setup. If dhcp configuration fails, sometimes the interface gets assigned the address 0/32 unless some fallback have been configured. This could be a client on your network that is misconfigured. The machine is the router (ipnat) and firewall (ipfilter) for a small home network. It runs postfix, sshd and nfsd. My guess is to take a look at your firewall rules and check if there are any misbehaving dhcp clients. Since I'm away from home now, I can't sit in front of it and check what's wrong. Furthermore, it seams that the machine is not accepting ssh logins anymore, after those strange messages. Well, then you have a problem correcting this - maybe someone can reboot the machine for you? Hope this helps, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: resolv.conf getting rewritten at system startup
Duane Whitty wrote: I use DHCP to configure my network interface. At startup my resolv.conf is overwritten, setting my nameserver to the address of the router running DHCP. dhclient, also the new one updates /etc/resolv.conf with the information received from the dhcp server. You can change things by configuring dhclient editing /etc/dhclient.conf see dhclient.conf(5) and dhcp-options(5) Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Solved, sort of: configuring fetch to passive mode
Erik Norgaard wrote: This ought to be a configuration tunable, but I can't find any documentaion on it: How to I force fetch to use passive mode? It appears that this is indeed an environment variable, and is further set in login.conf, so this turned out not to be the cause of the problem. Instead, it seems that there is a problem with pf to be investigated. Thanks for listening :) and to those who replyed of course. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: 6.1-BETA 4 stable for normal use?
Marc G. Fournier wrote: I am using 6.1-PRERELEASE which has actually been upgraded from 6.1-BETA3. The system as such is stable, but there are some nuisances. These are not fatal in any way but may cause confusion. So in particular if you're new to FreeBSD, better stay with 6.0. Like ... ? Well, I have another machine at work which for some yet unknown reason requires me to reload the pf rule set in order to fetch - I posted on that last week. And I have minor errors like when I run "man pf.conf" and exit the man-page then I get this error: col: write error grotty: ():31713:fatal error: output error Not all manpages give that though. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: 6.1-BETA 4 stable for normal use?
Kris Kennaway wrote: On Wed, Mar 22, 2006 at 09:55:34PM +0100, Erik N?rgaard wrote: Marc G. Fournier wrote: I am using 6.1-PRERELEASE which has actually been upgraded from 6.1-BETA3. The system as such is stable, but there are some nuisances. These are not fatal in any way but may cause confusion. So in particular if you're new to FreeBSD, better stay with 6.0. Like ... ? Well, I have another machine at work which for some yet unknown reason requires me to reload the pf rule set in order to fetch - I posted on that last week. And I have minor errors like when I run "man pf.conf" and exit the man-page then I get this error: col: write error grotty: ():31713:fatal error: output error Did you file PRs? If not, and you only posted to this list, your emails did not reach any of the relevant people. No, I need to investigate more and ensure me that it has not been a passing error. For example, the mentioned problem with pf, I first thougt it was a misconfiguration problem that fetch didn't use passive ftp, in which case this was the right forum. Then by accident I discovered that reloading the ruleset solved the problem. Rebooting, I would have the problem again until a new reload of the ruleset. I then tried at home to repeat on a different machine which had been updated almost at the same time but without luck. So, I there may be some error in updating or that very snap I got. In any case I need to investigate that more. And the other error, I have now tried and found that it appears only in Eterm, not in xterm or on the console. It may have been introduced as the ports version is now 0.9.3_4. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to start a script running at boot time?
[EMAIL PROTECTED] wrote: Hi, I have a script I would like to launch at boot time, as a non-root user, to remain running in the background. What is the best way to accomplish this? I looked through the rc* stuff, and it looks like overkill for what I need, plus my scripting isn't that strong either. I know I can do something like: su - user -c "script_to_run" But I don't even know what's the best place to include that. Any suggestions, or examples? A sample script could be /etc/rc.d/sysctl, it contains a block sysctl_start() which is executed when you run # /etc/rc.d/sysctl start Using that as a sample you can insert you custom startup code. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How do you keep users from stealing other user's ip??
Mark Jayson Alvarez wrote: Good day, We are trying to reorganize our local area network and I need some tips on how you are managing your own lan... We have a vanilla pc router with interface facing our private lan and interface facing the Internet. One problem which we are experiencing right now is that any user from private lan can use any ip address he wants. If he boots his computer with a stolen ip address, the poor owner of that machine(not active at the moment) will give automatically up his ip address to this user. The same scenario for public ip addresses. Basically, we need to track down the users through their ip address.. But this is trivial as of now since anyone can use any ip he wants. Even if there is a solution out there to tie up his mac address to his ip address..(sort of checking the mac first before giving him an ip, possibly through dhcp..) still, users can just download applications which will enable him to change his mac address Now, where thinking about authenticating users before he is allowed to use a particular network service(internet proxy, mail etc.) because I guess it is a clever way of keeping the bad users from doing something bad within your network when after all, the reason why he is plugging his lancard to the network is to use a particular service. However, it still doesn't keep them from playing around and steal other ip addresses or mac addresses and thus denying network access to those legitimate owners. I'm thinking about tying dhcp with authentication, and freeradius comes to mind.. I just need some more tips from you. User's workstations are mixed Windows and *nixes. Some have laptops with wireless interfaces. Any idea how to handle this situations?? I once set up such a solution in a student house with about 120 users. People had their own private pcs so we couldn't just take away their admin rights on their own pc. Now, question to ask: - Are all users legitimate users? Do users have friends coming in and connect to the network? is it wired or do you have neighbors trying to use the net also? - What is the benefit of stealing another users ip? Do you have limitations on access such as download? Is it to hide behind another user? In our case we had a wired network, so all users was legitimate users, but we had a limitation on download so some users would try to use their neighbors ip to get more quota. What we did was: 1) Static ip assigned with dhcp - people wouldn't need to learn to configure their computer. 2) Static arp table on router, to spoof, one would have to spoof mac-address. 3) Require registration of all hosts owned by the user: To hold users accountable for their hosts. 4) Count traffic per host, up and download, this was done with ipfilter. 5) Make current usage visible, the users could always check their quota and knew when they hit the limit. That way they didn't get surprises and annoyed. This actually worked fine. It was sufficiently complicated to spoof that people wouldn't bother. A different and possibly better way around this would be to limit bandwidth for ports higher than 1023, this is where most file sharing takes place. You can do that with packet filter, I still haven't figured how to effectively implement traffic quotas on packet filter as accounting is not so easy. If your concerns are people trying to hide behind others identity, or unauthorized access such as if you have a wireless lan, then there are two good options: 1) Use authpf with packet filter. This requires the user to authenticate with the firewall to get access. No proxy needed. 2) Let each client establish a VPN to the router, this have the advantage of also encrypting traffic if you have a wireless or non-switched network. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Not an easy install
Tim wrote: Why couldn't you guys make a install easy instead of this and that, ok I am a newbie and it should be easy, I have installed Ubuntu, it was like a dream, smooth as silk, Fedora pretty much the same FreeBSD, its a nitemare if you have never done it, I am now reloading windows and then putting back Ubuntu, unless someone over there can make it simple even for me. If you want simple installation why don't you stick to windows? This question is a faq, improving the installer is low priority. The fact is that most FreeBSD users don't really care: It works, it installs, and once you've got your system installed you'll never use it again. There is no need for an annual reinstallation as some other OS'es tend to require. So your initial effort to get started pays off, I think. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Urgent Help needed: How to boot in single user mode with usb keyboard
Ian Lord wrote: Hi, I am currently in a maintenance window trying to rebuildworld... I am doing it on a dell poweredge with a built in drac wich emulate a usb keyboard... When I need to boot on the drac, I need to use boot with usb keyboard in the menu... Now I need to boot in single mode WITH usb keyboard and I can't figure out... I saw in a post that I could do the following in boot loader: set hint.atkbd.0.flags="0x1" boot -s Is the kernel you boot built with support for usb keyboard? if not, I think you can do something like load ukbd boot -s you may also need some other modules depending on your hardware. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Cyrus-IMAP disallowing clear text connections
Hi: I have a Postfix/Cyrus-IMAP setup, Postfix requires TLS and user authentication to relay mail, and cyrus requires TLS and user authentication to retrieve mail. Or so I thought: I just tested to see that things were in fact encrypted and unencrypted connection was refused, works fine for Postfix but Cyrus-IMAP accepts unencrypted connections _and_ authentication even though I have set the following in imapd.conf allowplaintext: yes allowplainwithouttls: no How do I force the use of TLS for Cyrus-IMAP? Also: Postfix allows hiding authentication mechanisms unless TLS is invoked (so in clear text, capabilities just show STARTTLS), while Cyrus-IMAP announces everything. Is there anyway to be more strict with the cyrus in respect of what it announces? Thanks, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Cyrus-IMAP disallowing clear text connections
Anish Mistry wrote: On Sunday 26 March 2006 16:37, Erik Nørgaard wrote: Cyrus-IMAP accepts unencrypted connections _and_ authentication even though I have set the following in imapd.conf allowplaintext: yes allowplainwithouttls: no How do I force the use of TLS for Cyrus-IMAP? Also: Postfix allows hiding authentication mechanisms unless TLS is invoked (so in clear text, capabilities just show STARTTLS), while Cyrus-IMAP announces everything. Is there anyway to be more strict with the cyrus in respect of what it announces? > sasl_minimum_layer: 128 Thanks, but that doesn't do it, everything still goes through nice and clear unless I set the client to use TLS. Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: User unknown?
Guillaume R. wrote: Hello I'm trying to setup (for the first time under FreeBSD!) my usual setup to read my mail (postfix+fm+procmail+mutt) But I got a serious problem: when I try to fetch the mails for my user those mails dont go in /var/mail/my_user but *always* in /var/mail/root... I read all the mails I receive from the system and I could see that on this box my_user is...unknown so I can't having those mails in a normal way. Does anyone could help me by telling me which files I must modify so that it works (I suppose I got to change my hostname too but I cant find any /etc/hostname file...) Thx PS:btw does anyone remember the option so that fetchmail fetch *all* the mails (the one non-read and the other one read as well)? Thx again Sounds like you're coming from Linux? Did you add the user? can you login as that user? If you pasted the user info into master.passwd then you need run pwd_mkdb to update the db files. If you pasted into passwd, then that's not the way to do it. Use pw(8) to add users and keep files correctly updated. You set hostname in rc.conf. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipnat syntax error?
Juergen Heberling wrote: Could someone please check me on this ... fw1# ipnat -CFn -f /etc/ipnat.rules 0 entries flushed from NAT table 1 entries flushed from NAT list syntax error error at "-", line 1 /etc/ipnat.rules contains: map em0 192.168.1.0/24 -> 204.134.75.1-10 .. snip .. line 1 in the rules file is the example from the FreeBSD handbook. I'm running FreeBSD6.0 stable. It seems to be a documentation bug, the ipf-howto.txt distributed with ipfilter makes no mention of that notation, instead you should use cidr notation, for example 204.134.75.0/29 Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipnat syntax error?
Juergen Heberling wrote: /etc/ipnat.rules contains: map em0 192.168.1.0/24 -> 204.134.75.1-10 .. snip .. I tried your suggestion of using the cidr notation format and that work; thank you! However I am concerned about overlapping mappings in the cidr range with host-to-host maps - my cidr range is a /28, for example, and I want to map (spoof) some IP address in the middle to, say the web or mail servers. In order to avoid the overlap I was counting on the "range" specification on the map command. Well, my suggestion is not to exhaust your precious /28 address space right away. And don't make your life unnecessary difficult, why choose the addreses in the middle for bimap? Rather than using all your external ip's right away I would save some for later expansion, and reserve one for debugging. You may need to connect a laptop on the external net to figure out what's going on. You could do this: x.x.x.0/29 to servers (bimap), x.x.x.8/30 debug and future expansion (not mapped), x.x.x.12/30 map for lan clients. If you stick to cidr you can also write your filter rules in cidr making it far easier to read an maintain. For the mapping, and bimapping consider this: The /24 network you want to map, it contains at most 254 hosts. If you map that network to a single ip, then each host can establish at least 256 simultaneous connections. My experience is that this is far mor than needed in most normal operating environments. I'd suggest using the same ip as on the firewall external interface. If the purpose of binatting is to make one service available, http say, then you may consider using rdr. IIRC you can also use rdr to round robin load balancing incoming connections. That way you can have one host serving http and another serving smtp on the same external ip. The only reason to use different ip's is if you're hosting a number of https servers, each need a different ip. There's no point in bimapping all ports on a external ip to one single internal ip if most of them are blocked by the filter. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: disable listen on ports
Niklaus wrote: Hi, How do i disable users on a system to run their own http proxy. I don't want to allow users who have login accounts on my system to listen to any port . How do i do that. Putting up a packet filter as some suggest may break other things. Instead, you can take a look at MAC, Mandatory Access Controls. There is a module mac_portacl(4) that can control this. You need to compile your kernel with options MAC and then add mac_portacl_load="YES" to loader.conf But don't ask me how it works, haven't used it. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: reconfiguring a package
Luiz Eduardo Guida Valmont wrote: I'm sorry if this is one of those rtfm cases, but I've exhausted my options so far (except asking for help here ^^). When you "make install" a package, for some the first thing you get is a screen where you choose some compile-time options that affect the package's dependancies (eg. "postgresql support" when trying to install amarok). The question is simple: is there a way or a make target that deletes my choices and / or forces make to ask them again? Use the make target, 'config', eg: # make config install clean should do. Alternatively, you can simply delete the config from /var/db/ports/ that will clear any previous choices. Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: TCP/IP source Code
Chava Leviatan wrote: > Hello, > > How can i get the TCP/IP source code , mainly sys/netinet. > > I have been browsing the site for a while , but havn'yt managed to discover > how can I get those > simple .c, .h files > > Any help is highly appreciated While you're at it, you might want to get a copy of TCP/IP illustrated, I think it's vol 2 that goes in detail with the BSD implementaion. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Negative look ahead with capturing using pcre
Hi: I am trying to write some rules for filtering email with postfix header rules. In particular, I'd like to discard anything in a character set I don't understand, or rather accept ascii, iso-8859-* and utf-8. So I have created the following rule for mime header checks: /^Content-Type:.*?charset\s*=\s*"?(?!us-ascii|iso-8859-\d+|utf-8)(.*?)"?.*$/i WARN MHD1000 Invalid charset: "$1". Use UTF-8 or ISO-8859-X I have two problems: First: This rule catches a lot of legitimate mail, ascii or iso character sets Secondly: I'd like to catch the character set that is rejected so I can adjust it if legitimate mail gets blocked. In the above I don't allow windows-1252 for example. So, how do I do negative look ahead with capturing using pcre? Thanks, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: PXEboot install failing to load kernel
Chris wrote: > I am trying to perform a netboot install of FreeBSD 6 to a Thinkpad > X40 laptop from linux on my desktop. I've followed what guides I can > but the info is either for older versions of FreeBSD (the CD structure > has changed?) or assumes an existing FreeBSD install to work from (for > dissecting floppy images etc). The assumption that you have some other existing FreeBSD installation makes certain things easier: In particular compiling the loader with tftp support, posibly creating a custom kernel and a memory file system. If you can get hold of these from download, then you should be fine. > I have downloaded the i386 bootonly iso and I have followed portions > of several guides which has got me as far as tftp serving the pxeboot. > I assume the dhcp and tftp parts are working ok as the laptop gets > hold of pxeboot fine but then fails to load the kernel. pxeboot can either attempt to fetch the kernel with tftp or nfs, (the standard pxeboot does not support tftp). If it doesn't get the kernel then either there is a misconfiguration so it doesn't fetch it correctly with tftp or the nfs server is incorrectly setup. You should post the relevant part of your dhcpd.conf. > I have tried nfs serving the boot directory of the cd and the kernel > directory within that without any luck, is the kernel passed by tftp > or nfs? I have tried tailing var/log/daemons but the failure to load > kernel message on the laptop is the only useful indicator I get. I would recommend to go without nfs: You can have pxeboot fetch kernel, and the loader.* files as well as a memory filesystem using tftp. It's easier to setup the server part, you have to setup tftp anyway and already have it working, going for nfs just introduces an extra source for errors. I wrote down what I did when I tried to setup pxeboot, , you may have found it - and yes, I do assume that you have a working FreeBSD for some parts, but read on, it may not be relevant for you. Check out www.daemonsecurity.com/pxe/ I want to update this so let me know if there are any errors or things that could be better explained. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How do I know what a meta port installs?
Per Berger wrote: I have installed a couple of "meta" ports, for example gnome2. How can I see exactly which ports the meta port installs? I have tried to figure it out but failed... I am right now installing "gnome2-power-tools" and can see that it installs apache (!) which causes some concern regarding configuration and security. So; what else did it install? How do I find out? A meta port installs a number of packages by depending on them. For example in the ports/x11/gnome2/Makefile you will find a variable "RUN_DEPENDS=" and then a long list of things. All these dependencies are installed when you "make install" but since it is a run-time dependency, nothing happens if you just type "make". What you won't see, is that each of these packages most likely depends on other packages etc. that are also installed. Tracing this till the end is hard. What may give you some idea is to install the portupgrade tools and run portupgrade -rRn gnome2 This will not install anything (-n) but recurse up and down in the dependencies to tell you what would be done. This may not show you all dependencies as portupgrade should only want to upgrade what is _not_ up to date. Regarding gnome2-power-tools: First, it may install apache as a (sub-) dependency, but apache won't start unless you start it, as such it does not introduce new network accessible services. Second: Do you actually need all that? The easiest way to keep a system clean and updated is to stay at minimal needs, install as needed. You will learn that first time you try to upgrade a major package ... Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sendmail
Gert Cuykens wrote: Just how big is this movie and are you sure his ISP's/private mail server would even accept it? Its 5.5mb and my gmail doesnt want to sent it :( So how do you do that with the sendmail command ? As everyone else notes, this is not a job for e-mailing. Even if you want to e-mail the file, it is not a job for sendmail. When you send attachments they are typically base64 encoded, this explodes the file from 5.5MB to about 8MB. You can cut it up in two ways: Use transcode to make shorter clips and send separately or convert the file to base64, then cut it up manually and ask your friend to concateneate the attachments and deconvert from base64. The second option is the low tech - transcode is not designed to be user friendly. But, as everyone suggest: Setup anon ftp, an apache webserver, or give ssh access - all of these are faster, simpler and better. This is posible if you are not NAT'ed and have a reasonably fixed ip. Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: can i delete /stand ?
Gert Cuykens wrote: It bugs me... yes you can. If you need to run sysinstall later it will be in /usr/sbin/sysinstall You might want to check your init_path in loader.conf, in /boot/defaults/loader.conf it is set to /sbin/init:/sbin/oinit:/sbin/init.bak:/stand/sysinstall it would be sensible to replace /stand/sysinstall by /rescue/init Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: can i delete /stand ?
Gert Cuykens wrote: You might want to check your init_path in loader.conf, in /boot/defaults/loader.conf it is set to /sbin/init:/sbin/oinit:/sbin/init.bak:/stand/sysinstall it would be sensible to replace /stand/sysinstall by /rescue/init What happens if i leave /stand/sysinstall and put nothing in return ? How will singel user look like ? The same. /stand/sysinstall starts the installer, it's the last thing the loader will try if everything else fail, then it must be because you have no system and would like to install one - right? But then, you might as well use an install disc. Asuming you have a working system there is really no use for /stand. All the files in /stand are hardlinks to the /stand/boot_crunch file. Some people like sysinstall as a postconfiguration tool, and documen- tation refers to this. But you can run it from /usr/sbin/sysinstall On the other hand it surprises me that /rescue/init is not in the init_path, for system recovery it is far more usefull than sysinstall, it will give you a single user like system with a shell. So, if you can't stand /stand - go ahead delete it - but don't sue me if you some day need it :-) Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfilter problems
Angelin Lalev wrote: Two days ago I've switched the firewall on my FreeBSD 5.3 RELEASE router from ipfw to ipfilter. The firewalls are not my speciality and ipfilter looked simplier way to do NAT with firewall, because it separates NAT rules from filtering rules. The router has two interfaces rl0 (192.168.0.254/24) and rl1 (82.137.64.106/29, 192.168.5.1/24, 10.1.6.2/24). The ipfilter is compiled in kernel: == options IPFILTER options IPFILTER_LOG options IPFILTER_DEFAULT_BLOCK /etc/ipnat.conf map rl1 192.168.0.1/27 -> 82.137.64.106/32 /etc/ipf.rules pass in quick on lo0 pass out quick on lo0 pass out quick on rl0 all pass in quick on rl0 all pass in quick on rl1 proto tcp from 192.168.5.1/24 to 192.168.5.1 port = 80 flags S keep state pass in quick on rl1 proto tcp from 192.168.5.1/24 to 192.168.5.1 port = 3128 flags S keep state # local counter-strike server. No NAT. pass in quick on rl1 from 192.168.5.1/24 to 192.168.0.50 keep state block in quick on rl1 from 192.168.5.1/24 to any pass out quick on rl1 all keep state The problem On 192.168.0.0/24 network I have 6 machines. The router itself is an old 166 MHz Pentium box, but load averages are not bigger than 10%. When one of the machins makes dns lookup (the dns server is on outside - 62.73.78.2) it fails with timeout in about 9 of 10 times. ipfstat -t shows that a rule is created - something like this: Source IP Dest IPST PR pkts.bytes 192.168.0.4,1029 62.73.78.2,53 0/0 udp 165 9992 Any help will be appreciated. Well, the short answer is: there is no keep state in the line pass in quick on rl0 all the dns reply you get back times out because your default rule is block and there is nowhere in the "in" rules for rl1 that allows the reply back. Some recomendations: 1) I have a bit of dificulty understanding your network setup - why do you have two private networks on your external interface? May scetch in a diagram. 2) Having default block can be done by adding the rules block in all block out all in the op of the ruleset rather than compile in the kernel. It makes it explicit. It also means that you can connect if no rules are pressent - this is usefull for installing while the machine is behind a gateway. Anyway, with your pass in all rules, you have almost effectively disabled the default block anyway. 2) For your security, in all pass rules, state "from" and "to" even if it is "any" it makes it more explicit. Split on protocols for security and control. 3) At least when setting up your firewall, use "log" in all block rules and enable ipmon, then you can see where your packets are blocked. 4) Use groups to structure your rules, and group them accordingly visually. It makes them easier to manage and for large rulesets optimises the firewall. 5) Always keep state! Doing so, all "out" rules only apply to the gateway itself, it makes the ruleset shorter and firewall faster. 6) You probably want to enable the ftp-proxy in your nat-rule and define which port-ranges are used for nat'ed connections. and a lot more you'll learn along the way :-) Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: can i delete /stand ?
dick hoogendijk wrote: Some people like sysinstall as a postconfiguration tool, and documen- tation refers to this. But you can run it from /usr/sbin/sysinstall I can't. Nor have I something like '/rescue/init' So I assume you're taking me (us?) on? I don't know which system you're on. Both are present on 5.3 and -CURRENT. Now, it's some time ago I installed, it may be added later as I have rebuilt my world with updated sources. Anyway, regarding /stand/sysinstall, you can safely delete it unless you use it for configuration/installation tasks. Now, I just looked at the dates on my directories, it seems a new /stand was installed last time I installed world - so you'll have to get rid of it again and again :-) Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: can i delete /stand ?
Chris wrote: I did like the idea of rm -r /boot I hate that / in the beginning - can I get rid of it by 'rm -r /'? Really, while I can sometimes find it intertaining to wonder and discuss the reasons for whatever wierdness people my prefer, and see the discussion to go off track. I think we should just answer the question and if you can't do that, let it go. Some people want to order their socks according to colour, and if they are out of order their life is a missery. If this kind of person comes to me and ask if he can order his sock drawer according to colour, I'd say sure, your sock drawer will function perfectly with your socks ordered according to colour - as long as I can keep mine disordered according to your scheme. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: IPFILTER and NFS
Matt Juszczak wrote: Howdy, Trying to get IPFILTER and NFS working. A google search didn't show much about my specific issue. With ipfilter working, nfs initially works, until someone tries to login. Then it stops working. With my firewall down on the NFS-CLIENT machine, it works fine. Any ideas? It appears to be an issue with random ports It is, NFS is an RPC service where the RPC deamon is requested to for info on which port mountd binds to. I wrote an howto for diskless clients, www.daemonsecurity.com/pxe/ - here's what to do: Enable nfs in /etc/rc.conf: rpcbind_enable="YES" # Run the portmapper service (YES/NO). nfs_server_enable="YES" # This host is an NFS server (or NO). mountd_enable="YES" # Run mountd (or NO). mountd_flags="-r -p 59" # Force mountd to bind on port 59 As a minimum you need to enable rpcbind, nfsserver and mountd. lockd and statd provides file locking and status monitoring. By default, when mountd starts it binds to some arbitrary port, and rpc is used to discover which, making it imposible to firewall. With option '-p' mountd can be forced to bind to a specific port. Port 59 is assigned to "any private file service" (see /etc/services). This limits the number of ports relevant to 59, 111 and 2049. You can't force lockd and statd to bind to specific ports (they are alos RPC services) and AFAIK you can't have disk quotas work correctly because of this. AFAIK NFS4 should address these problems, but the NFS4 server is still experimental. Till then, RPC is a security nightmare. Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Rsync Setup
Robert Slade wrote: Hi, I'm trying to get my brain around rsync. What I am trying to do is synchronise 2 directories on different machines. I have an rsync server running on one machine and running it as a client on the other. I have been able to get this setup to work. However, it just syncs the directories on machine A with those on B. If B has a later version of the file on A it gets overwritten with the older version from A. I have done a fair bit of reading on rsync which leads me to believe that it will only work one way. Is this correct? If so, is there any other way of synchronising the 2 directories so that they end up with the latest version of the file(s) from either machine. you can only do one way at a time, so what you need to do is: rsync machine_A:/pathA machine_B:/pathB rsync machine_B:/pathB machine_A:/pathA Then what you need is to find the correct options so that the first rsync does not overwrite files that should have been synced the other way. options -u and -t seems to do that. You can do this as a batch script on just one of the machines, so you don't get any race conditions. My options are -Cuvaz, but I only sync one way. You should be carefull: if clocks on the servers are out of sync, you may get syncing the wrong way! and you will have problems deleting files, this has to be done both places. If you instead can assing one machine as master and the other as slave, so you only sync one way, then you avoid all these problems. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfilter.log
Francis Whittington wrote: Hi guys, I've been following this guide: http://www.unixguide.net/freebsd/fbsd_installguide/index.php So far I have gotten the firewall/router to work. Everything seems to be okay, except I do not see anything being logged in ipfilter.log. My rc.conf options are: moused_enable="YES" moused_port="/dev/psm0" moused_type="auto" moused_flags="-m 2=3" allscreens_flags="-m on -c blink -h 200" clear_tmp_enable="YES" hostname="gateway.fbsdbuds.com" saver="logo" ifconfig_rl0="DHCP" ipfilter_enable="YES" ipfilter_rules="/etc/ipf.rules" ipmon_enable="YES" ipmon_flags="-Ds" ipnat_enable="YES" ipnat_rules="/etc/ipnat.rules" ifconfig_rl1="inet 10.0.10.2 netmask 255.255.255.248" gateway_enable="YES" Two things: First: You can log directly to a file instead of through syslog: ipmon_flags="-D /path/to/logfile" Second: Have you any rules in your ruleset with the "log" keyword? Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sendmail
Gert Cuykens wrote: On Apr 1, 2005 9:59 AM, Erik Nørgaard <[EMAIL PROTECTED]> wrote: As everyone else notes, this is not a job for e-mailing. Even if you want to e-mail the file, it is not a job for sendmail. When you send attachments they are typically base64 encoded, this explodes the file from 5.5MB to about 8MB. You can cut it up in two ways: Use transcode to make shorter clips and send separately or convert the file to base64, then cut it up manually and ask your friend to concateneate the attachments and deconvert from base64. The second option is the low tech - transcode is not designed to be user friendly. But, as everyone suggest: Setup anon ftp, an apache webserver, or give ssh access - all of these are faster, simpler and better. This is posible if you are not NAT'ed and have a reasonably fixed ip. well i can setup a ftp but then i have to leave my pc on all the time , people need to sleep you know and i cant sleep whith PR in the background. irc wasnt made to sent files either and look at it now , its more popular then ftp :) more popular does not mean better, just more popular. So how do i get a movie in my friends mailbox using sentmail ? I was thinking in de lines of sendmail -t [EMAIL PROTECTED] -a movie.mpeg -m hello.txt -s hello ? there is a trick you may find handy: "man mail" it tells you all about the options and stuff. Then you'll find that something along the lines 'cat movie.mpeg | mail -s "movie" [EMAIL PROTECTED]' will fail, because you first have to convert your movie.mpeg to base64 and wrap the lines at every 72 characaters. But otherwise you do something like this: 'cat | mail -s "subject" [EMAIL PROTECTED]' and the format of is described in rfc2822 and others, eg. the mime-stuff in rfc2045-2048+/- Read that, if you still have problems, then ask again. It still may fail because the recipient won't take large mails, so you will have to chop it of as explained in previous mail. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
ssh key fingerprints
Hi, How do I see the fingerprints of my ssh keys, both user and host keys? I know I can get the fingerprint of the host key by removing the host from my known hosts and connecting, but there ought to be some more straight forward way, and what about the user keys? And how do I determine the key lenght from the public key file? Thanks, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: too many illegal connection attempts through ssh
Edwin D. Vinas wrote: shown below is snapshot of too many illegal attempts to login to my server from a suspicious hacker. this is taken from the "/var/log/auth.log". my question is, how do i automatically block an IP address if it is attempting to guess my login usernames? can i configure the firewall to check the instances a certain IP has attempted to access/ssh the sevrer, and if it has failed to login for about "x" number of attempts, it will be blocked automatically? This question is asked on the list ever so often - see the archives for suggestions. These are automated attacks, they come regularly as crackers, black hats or script kidies scan across the net. You can avoid the automated scanning by chaning port, but this won't stop the determined cracker - he will scan all your ports and identify which services are running on which ports. Ask yourself a few questions: * Do you need to allow ssh from anywhere? If not, restrict to the relevant ip blocks. * Do you need to allow password based authentication? If not, disable it and use only ssh keys, in sshd_config: PasswordAuthentication no PubkeyAuthentication yes * Do all users need to have ssh access? If not, restrict to specific groups of users, in sshd_config, eg: AllowGroups staff * Is it a problem appart from the log messages? Trying to login with a nonexistent username is usually not a problem. Other tips: Disable ssh1, reduce the number of simultaneous non-authen- ticated connections, set timeouts etc. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Very confused
Tom Vilot wrote: apache and the ports tree I find a bit confusing. I want: Apache with mod_perl and mod_ssl. I had apache with mod_ssl by installing apach13-modssl. But I kinda need mod_perl compiled in statically. If I deinstall apache13-modssl, and then install apache13-modperl, I don't have mod_ssl anymore. How do I install JUST mod_ssl? Or ... more specifically ... how do I install both? I think the whole mod_ means that you don't compile anything statically in. I installed apache13-modssl and then installed modperl separately, works fine. Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Very confused
Tom Vilot wrote: I think I finally figured this out --- by having two different apache installs: one with ssl the other with perl. installing both apache13-modssl and apache13-modperl could/should cause problems - they should be marked as conflicting, if not submit a pr. Installing apache13-modssl and mod_perl should not cause a problem, this is the solution I am refering to. I want mod_perl compiled in statically. I have been finding that if I leave it as a loadable module, I get my signal 11 core dumps in Apache If you get a coredump then please investigate the problem, submit here or submit a problem report. I must say that I have installed mod_perl mostly to have it supported since my dynamic web is still php. However, I have tested and it works fine. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD & mini-ITX
Benjamin Keating wrote: I've been eyeing up these mini-ITX boards - would like to make a quite little file server. Does anyone here run a mini-ITX board (what model)? Does it work out of the box? Anything not supported? I'd go for one of VIA's as AMD's and others are still a little new and pricey. Recommend a shop to purchase from (in the US)? I bought a VIA EPIA CL1000 (now PD, dual NIC) and a Morex Cubid 3688 case one year ago from mini-itx.com. I installed FBSD 4.10 and later FBSD 5.3-5.4 with out any problems. I haven't installed X11, I don't see the point as it's a server remotely controled with ssh, and I don't have a spare monitor anyway. The only issues I have had are: 'halt -p' reboots instead of powerdown, so I had to 'halt' then powerdown manually. ACPI doesn't read cpu temperature. I use it at home as my mail/web/whatever server with a DSL connection, generally with a load of 0.00. The DSL limits the traffic so it simply can't get too much network load. I have had one problem that gave me some grey hairs, which I initially thought it to be MB or disk problem, but it turned out to be ip-filter rather than hardware. mini-itx.com reports noice of < 25dB. The fans may produce that level of noice if they were not mounted. I found resonances causing the box to be quite noicy, in particular the cpu fan. You can buy some stuff to make the fan run slower and it helps. But what really helps is to reduce vibrations: Raise the cpu fan a bit from the cooler plates using some heat tolerable silicon, this makes the fan run more freely and transfers less resonances to the cooler plates and onto the MB. Also place the box on rubber feet so it won't pass on vibrations. I run my box with only the cpu fan, no others, the box is hot but it runs without problems. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Does Firefox 1.0.4 suck, or is it just me ?
Jeff MacDonald wrote: I'm running the firefox 1.0.4 from ports. When I open new tabs up, or new windows the whole jobby tends to freeze up on me pretty hard. Could be memory shortage. I have found opening tabs to be far faster than opening new windows which makes my firefox hang. Also, I have noted certain web pages seem to hang the browser while loading, including opening new tabs, however I believe it to be bad web coding. Most anoying however is, when I open a new tab - I have a blank page as start page - it hangs until that blank page is "loaded" before allowing me to enter a url. I tried the linux version from ports, which is just a precompiled version 1.0 it works great, only hitch is that Everytime i click my icon to run linux-firefox it asks me which profile to use, since default is already being used. This hitch is with linux and native version as well as mozillas suite, it's due to file locking. Thing is that the running process will be unaware of any changes to config files bookmarks etc. For the same reason, you sometimes have to remove a "lock" file if firefox crashes. Certainly, it could be solved more elegantly with some IPC signal to the running process opening a new window. This should be trivial since something similar is used to make thunderbird open a mail editor when you click a mailto: link in the browser, and similarly, thunderbird can force opening a webpage from the reader. I'm really loving haveing FreeBSD as a desktop, but this is a tad frustrating, if anyone can shed some light that would be great. Honestly, you must be the owner of a rare specie of perfectly running XP if these issues are what keeps you from using FBSD on your desktop. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: firewall on FreeBSD
mess-mate wrote: I've a firewall/router/proxy with openbsd and think to replace it with freebsd 5.4 Do you mean freebsd's PF don't support the 'quick' keyword ?? Thought PF on freebsd and openbsd was identical, isn't ? It's a port, pf on FBSD 5.4 is the same as pf on OBSD 3.6, AFAIK. So if your OBSD is the latest or updated after 3.6, then you might have functionalities not supported yet on FBSD. The basic stuff is all the same, I don't think anyone could survive without 'quick', just as 'pass' and 'block' are supported on both platforms :-) Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: upgrading all ports
Dick Hoogendijk wrote: I want to do a portupgrade on all installed ports. What's the right way? "portupgrade -arR ?" or "portupgrade -a" ? I hesitate and don't want to screw up my machine. portupgrade isn't suitable for upgrading the entire machine, even though you do recursive and Recursive. It is much faster to deinstall everything and then installing from ground up. And it is far more secure in not screwing up. I recommend writing down a list of apps you need to be happy, deinstall everything and then install those apps. Dependencies comes along fine, and then whatever remains can be installed as needed. Anyway, the worst that can happen is that you will screw up some user app's - ok this is bad - but your system won't require a reinstall :-) Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: upgrading all ports
Kirk Strauser wrote: On Saturday 25 June 2005 06:36 am, Erik Nørgaard wrote: It is much faster to deinstall everything and then installing from ground up. And it is far more secure in not screwing up. On toy systems, maybe. I've got 654 ports installed on the machine I'm typing this on, and I assure you that it's much, much faster to selectively upgrade a few of them rather than starting over from scratch. I think you overlooked one important thing in the original post, and in my post as well: We are talking about upgrading the entire system, not just a few ports. Upgrading a few ports is faster using portupgrade, yes. Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: upgrading all ports
Alex Zbyslaw wrote: Erik Nørgaard wrote: portupgrade isn't suitable for upgrading the entire machine, even though you do recursive and Recursive. What, in your opinion, makes it unsuitable? I've used portugrade exclusively and never had trouble. Unsuitable if - it is slower than the altertative to deinstall all ports and reinstall. - thinks break I don't claim it won't work, I don't claim that things will break, but they may depending on what is being upgraded which was not mentioned in OP. The problem is that the double (up and down) recursive resolution of interdependencies quickly becomes very complex with the result that some ports may be updated multiple times, or that portupgrade will choke trying to figure out where to start. It then quickly becomes much faster to simply deinstall all ports and reinstall. It also lets you clean up any junk that may have been left for whatever reasons. And, then there are the general warnings about upgrading Gnome (not minor minor upgrades) eg 2.8 to 2.10, upgrading perl and friends, module paths etc. These are things that can ofcourse be resolved, I just found it easier to clean up the whole thing and reinstall it, see /usr/ports/UPDATING - there are numerous warnings on portupgrade. For single/few apps upgrade portupgrade is fine, or if the system is mostly up to date so a full upgrade will only affect a few packages. I have had my system serverely down after using portupgrade because of problems with dependencies on X11. OP did not mention how old the system to be upgraded is. So in the particular case it is dificult to say. But I assume that if he wants to upgrade his _entire_ system then I can assume significant updates to be done. Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
wireless config in dhclient.conf (CURRENT)
Hi, I have a problem configuring dhclient for my wireless interface, ath, on -CURRENT. I updated my system recently and are now using the port of dhclient from OpenBSD. I have a Comtrend DSL/AP on channel 11 with ssid ISPY, my wired server (FBSD 5.4) is running isc-dhcpd v. 3. My neighbour has a 3Com DSL/AP on channel 6 with default configuration, running a dhcp server. On my laptop I have a 3Com PCMCIA card, ath0. According to the documentation I can find on the web, I should include an entry in /etc/dhclient.conf like: interface "ath0" { media "ssid ISPY mode 11g"; } but doing so dhclient fails to get a lease on boot. Instead it enters into an "infinite" loop (long, I eventually pressed CRTL-C), changing link state to up, sending one dhcp request, and changing linkstate to down. This does not change if I include a "channel 11" in the media line. Since configuration failed the interface is not configured and dhclient is not running. If I log in and run dhclient it fails as above - no surprise. If I manually set ssid and mode, then I can run dhclient at it associates and gets a lease as it should. If I leave no configuration, it sometimes picks up my neighbours AP and get a lease from that - his signal is at times stronger than my own (probably Comtrend crap against 3Com). How do I correctly configure dhclient for my wireless nic so it associates with my network? Thanks, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Looking for arp scanner
Fabian Anklam wrote: I've browsing freshports.org for an arp scanner and found only arpscan, which is marked broken and knowlan, which hasn't been updated in years. What's the tool of choice to map out IP-Adresses on a subnet when you know that quite a few hosts are firewalled from ping? Active: arping will send out an arpdiscover for the ip entered. Passive: snort can sniff arp packets arriving at your interface. Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
dhclient.conf for wireless interface
Hi, I am trying to configure dhclient to associate with the correct accesspoint, I use FreeBSD Current with the new dhclient ported from OpenBSD. The examples I can find mentions that I should create an entry in my dhclient.conf like this: interface "ath0" { media "ssid AP1 mode 11g", "ssid AP2 mode 11g"; } and dhclient will then first try to associate with AP1 and then AP2. The problem is that with that setup dhclient enters into an aparently infinite loop bringing up and down the interface, until I break it. I have to manually run 'ifconfig ssid AP1 mode 11g' first. Can anyone point me to the correct manpage for configuring dhclient? This is not covered in the dhclient.conf(5) dhclient(8) ifconfig(8) or ath(4) man-pages. I have a 3Com wireless NIC, broadcom AP, my dhcp server is isc-dhcp v.3 running on FBSD 5.4. I usually get associated with my neighbours 3Com AP running with a default setup. Thanks, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: PHP PCRE
Myron Turner wrote: I just installed FreeBSD 5.4 with PHP 5.0.3 for the express purpose of testing out a web-based application. I was wondering what the rationale is for excluding PCRE from the current php distribution.As I understand it, the PCRE extensions are included by default in PHP 5. This suggests that the FreeBSD organization opted not to include these. A search of mailing lists shows that people have been having problems because of this. For me, the solution is not to install a rebuilt php on my test machine, because I have to have the assurance that my application will run on any FreeBSD system. On FreeBSD you are given the option of installing a pure php with no extra bells or whistles. Then you can add the extensions you neeed using the php5-extensions metaport, which really just installs individual modules such as devel/php5-pcre. And, AFIAK, installing extensions afterwards does not require that you rebuild php5. I have had problems with this too - usually they amounted to forgetting about the extensions, because back then when I first used it, extensions was installed with the php base (I think this was with php 4.1?). As for reasoning: For security reasons or performance it may be wise to exclude what you don't use. pcre is not the fastest thing AFAIK. Now, I must add the disclaimer that I'm using php4 Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: I have found a pc on the side curb
Martin wrote: maybe there is a universal password for admin that bypass all password. something like that. Try booting into single user mode. Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Perl module for parsing tcpdump file
Hi, I was wondering if there is a perl module that can read the tcpdump formated files produced by pflog. I've been looking in the ports collection but can't seem to fine a port whose name decrypts to tcpdump. I have a script that parses my maillog and blocks owned hosts or relays used by owned hosts. Now, I'd like to parse the firewall log to unblock those who have become sane again. Thanks, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Firewire setup/test
Hi, I want to buy a miniDV camera, transfer the DV stream using firewire. Now, I'm really newbie on firewire devices and DV, I have none so far, and I'd really like to test and see it work before throwing out $1000. I know, this is probably one of those questions that I would answer by "go try, see if it works" but I'd rather not get embarrased in the shop trying to get silly permissions or other things right :-) So, how make sure that I can access the firewire device as ordinary user and test with gvdrecv, kino or other programs? Do I need to configure the device as root before I switch to ordinary user privileges? how? Thanks! Erik Here's my setup: Kernel config file: # FireWire support device firewire# FireWire bus code device fwe # Ethernet over FireWire (non-standard!) #device sbp# SCSI over FireWire (Requires scbus and da) device fwip# IP over FireWire (rfc2734 and rfc3146) # dmesg fwohci0: mem 0xe580-0xe58007ff irq 11 at device 10.2 on pci0 fwohci0: [GIANT-LOCKED] fwohci0: OHCI version 1.0 (ROM=1) fwohci0: No. of Isochronous channels is 4. fwohci0: EUI64 00:e0:18:00:03:09:43:39 fwohci0: Phy 1394a available S400, 2 ports. fwohci0: Link S400, max_rec 2048 bytes. firewire0: on fwohci0 fwe0: on firewire0 if_fwe0: Fake Ethernet address: 02:e0:18:09:43:39 fwe0: Ethernet address: 02:e0:18:09:43:39 fwip0: on firewire0 fwip0: Firewire address: 00:e0:18:00:03:09:43:39 @ 0xfffe, S400, maxrec 2048 fwohci0: Initiate bus reset fwohci0: node_id=0xc800ffc0, gen=1, CYCLEMASTER mode firewire0: 1 nodes, maxhop <= 0, cable IRM = 0 (me) firewire0: bus manager 0 (me) # sysctl -a|grep firewire firewire2723K - 29 16,32,64,512,1024,2048,4096 debug.firewire_debug: 0 hw.firewire.try_bmr: 1 hw.firewire.hold_count: 3 hw.firewire.fwmem.eui64_hi: 0 hw.firewire.fwmem.eui64_lo: 0 hw.firewire.fwmem.speed: 2 hw.firewire.fwe.stream_ch: 1 hw.firewire.fwe.tx_speed: 2 hw.firewire.fwe.rx_queue_len: 128 hw.firewire.fwip.rx_queue_len: 128 dev.firewire.0.%desc: IEEE1394(FireWire) bus dev.firewire.0.%driver: firewire dev.firewire.0.%parent: fwohci0 dev.fwe.0.%parent: firewire0 dev.fwip.0.%parent: firewire0 # sysctl -a | grep fwoh dev.fwohci.0.%desc: Ricoh R5C552 dev.fwohci.0.%driver: fwohci dev.fwohci.0.%location: slot=10 function=2 handle=\_SB_.PCI0.IE94 dev.fwohci.0.%pnpinfo: vendor=0x1180 device=0x0552 subvendor=0x1043 subdevice=0x1687 class=0x0c0010 dev.fwohci.0.%parent: pci0 dev.firewire.0.%parent: fwohci0 # ls -l /dev lrwxr-xr-x 1 root wheel5 1 Jan 1970 fw0 -> fw0.0 crw-rw 1 root operator 15, 32 20 Jul 08:14 fw0.0 crw-rw 1 root operator 15, 96 20 Jul 08:14 fw0.1 crw-rw 1 root operator 15, 97 20 Jul 08:14 fw0.2 crw-rw 1 root operator 15, 98 20 Jul 08:14 fw0.3 lrwxr-xr-x 1 root wheel8 1 Jan 1970 fwmem0 -> fwmem0.0 crw-rw 1 root operator 15, 33 20 Jul 08:14 fwmem0.0 There's no firewire0 device, but this may be because I have nothing attached. -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Epson 2480/2580 scanner support
Hi, Sorry if this question is misplaced, but the sane project hosts no user mailing list, and the hardware list brought no luck. Looking at the handbook it seems that ny scanner supported by the sane backend is supported on FBSD. Now, the ports version is 1.0.15, on the sane home page, they list support for version 1.0.13 and the CVS version. I'm interested in the Epson 2480 or 2580, for the stable version 1.0.13, they are listed with basic/minimal support while the CVS version mentions good/basic support. (snapscan backend) Can anyone enlighten me as to how well these devices are supported by the ports-version 1.0.15? Second, on the snapscan web page, they warn: 05/22/05: Warning! I've received a report from a user who was left with a broken scanner after using the Epson 2480 in transparency mode in 2400 DPI with xsane. According to the report the scanner power light went red and the scanner "smelled hot". After power-cycling the scanner it was not possible to scan anymore... Can anyone confirm this? and know if the problem has been corrected in newer versions? The scanner is primarily for scanning negatives, if anyone can recommend me an alternative, supported and with an equivalent pricetag I'll really appreciate! Thanks, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: DHCP failing with WiFi after 6.0 upgrade
Jesse Sheidlower wrote: I recently took my IBM ThinkPad X23, which had been running 4.11, and did a fresh install (backup files, wipe disk, install from scratch) to 6.0. Most things have gone smoothly, though there are still a few things to iron out. My biggest problem is that I can't seem to get DHCP to work with my wireless card. I have an Orinoco Gold 802.11b card that's always worked fine; I'm about to replace it with something else for 802.11g with a new WAP. There seem to be minor differences in how the card goes in; under 4.11 I would get various beeps when I plugged it in and after it associated, but now it's silent. And I had to remember to load WEP in my kernel. But I can seem to get things started by issuing the command ifconfig wi0 ssid jesterWAP wepmode on wepkey 0x[DELETED] which does seem to successfully reach my WAP: # ifconfig wi0 wi0: flags=8843 mtu 1500 inet6 fe80::202:[DELETED] prefixlen 64 scopeid 0x3 ether 00:02:[DELETED] media: IEEE 802.11 Wireless Ethernet autoselect (DS/2Mbps) status: associated ssid jesterWAP channel 6 bssid 00:[DELETED] stationname "FreeBSD WaveLAN/IEEE node" authmode OPEN privacy MIXED deftxkey UNDEF wepkey 1:104-bit txpowmax 100 bintval 100 I can't seem to get a DHCP lease, however: # dhclient wi0 DHCPDISCOVER on wi0 to 255.255.255.255 port 67 interval 5 DHCPDISCOVER on wi0 to 255.255.255.255 port 67 interval 13 DHCPDISCOVER on wi0 to 255.255.255.255 port 67 interval 7 DHCPDISCOVER on wi0 to 255.255.255.255 port 67 interval 8 DHCPDISCOVER on wi0 to 255.255.255.255 port 67 interval 13 DHCPDISCOVER on wi0 to 255.255.255.255 port 67 interval 15 No DHCPOFFERS received. No working leases in persistent database - sleeping. (Under 4.11, I didn't get any verbose output from dhcpclient.) I can get a DHCP lease with fxp0, my Ethernet card; also, some Macs in the house have no problem getting leases through the WAP. (The DHCP server is in a separate router, not in the WAP.) Is there something that's changed under 6.0, or is there just something I'm forgetting to do? I do plan to get a new card, but I want to get this working too. Just about everything about dhclient has changed. The dhclient from ISC has been replaced by a complete new development from the OpenBSD team. Options that previously worked are nolonger recognized. Among these options are the options to configure what wireless network to associate with. Also, added is wpa_supplicant which is used to choose the WLAN to connect to. If there are other WLAN's in your neighbourhood and you have not configured wpa_supplicant, it is likely that you associate with the wrong network and that network doesn't offer a lease. One thing to do, mostly for testing: Reset completely your card so it does not appear to be associated with any network. When you run dhclient and it fails, you should at least be able to see what network it is associated with if any. So, read up on the man-pages, and start over. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Thanks for FBSD6
Dominique Goncalves wrote: basically the meat of the script looks like: ifconfig ath0 ssid "my wireless network" dhclient ath0 if someone can tell me what /etc/rc.conf options i need to set to duplicate that, that would be cool. i played around with it for a while but never got it to work without my custom script. You can use in /etc/rc.conf: ifconfig_ath0="DHCP ssid your_ssid" That's FreeBSD 5.X and prior way of doing it. The suggested way to config your wirerless is with wpa_supplicant(8). In rc.conf add: wpa_suplicant_enable="YES" ifconfig_ath0="DHCP" and create wpa_supplicant.conf: network={ ssid="MyWireless" mode="11g" } The neat thing is that you can configure multiple networks and wpa_supplicant will try them in order. Note that dhclient was replaced with the new OpenBSD implementation in FBSD6, and wpa_supplicant introduced to handle association with wireless networks. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"