login
Hi, I have freebsd 4.8 and finley got it installed but I can't get past the login When I installed it it asked for a password and I did enter one but it never seems to work. I am running a HP Pavillion XE738. I reinstalled 4 times but can't get past the login? Can you help me please?thanks. chuck,at [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: updated ports tree
Killermink ! wrote: I see what your saying and i suppose I have two points: 1) Can you install a port without installing the ports tree? Yes, or sort of. You need things like the ports Makefiles in /usr/ports/Mk, but if you copy, say, archivers/gtar to /tmp/gtar and then deleted /usr/ports/archivers and the other categories, you could still build the gtar port by itself. Modulo dependencies. Frankly, if 300MB of disk space is an issue, using binary packages instead or else build your ports on another machine and create your own packages is probably the way to go. make package-recursive... 2) If you must install the ports tree, what is the best way to keep it up to date? cvsup. I am still new at this, and can't seem to find packages for all the ports in the tree... Where did you look, and what is missing? -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: compile signal code
Brian Henning wrote: [ ... ] I am having trouble compiling some signal related code in freebsd. What is the library I should link to get this to compile? man signal says that the standard C library contains the signal handling functionality. FreeBSD also supports the POSIX sigaction family. /usr/local/src gcc signal_handler.c /tmp/ccfXkcCV.o: In function `main': /tmp/ccfXkcCV.o(.text+0x11): undefined reference to `sigset' /tmp/ccfXkcCV.o(.text+0x23): undefined reference to `sigset' /tmp/ccfXkcCV.o: In function `sigusr': /tmp/ccfXkcCV.o(.text+0x9d): undefined reference to `err_dump' Presumably your code implements these? They aren't standard... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Dual Homed IP's
Adam Seniuk wrote: I have 2 mail servers, I would like to give those servers 2 ips so if one card dies the other will pick it up. But I am having a problem since most of the configurations that i have read up on have 2 different ip blocks. I have one large block that i can pick from. If you want true redundancy, you really ought to set up two seperate physical networks using different IP ranges, and multihome your system that way. That being said, take a look at man ng_one2many... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: remove users from system
OLAF STEIN wrote: i removed 2 users from my system by deleting their entries in /etc/passwd and /etc/group (they had their own group and where in no other groups) the users are still able to login after i deleted them Run pwd_mkdb. It would be a good idea to use vipw when editting password files directly, BTW -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw divert but no packet payload?
Tom R. no spam wrote: [ ... ] Any suggestions would be very appreciated. (I'm using FreeBSD as Mac OSX 10.2.8, [ ... ] If you actually are using FreeBSD, it would help to know whether you are using IPFW1 or IPFW2, and see the output of 'uname -a'. If you are using MacOS X, I would suggest re-asking your question on a MacOS mailing list. People here aren't going to know very much about MacOS-specific bugs or problems. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cdrw PIO4
w sx wrote: Does anyone have any tips on getting the CDRW drive set to UDMA mode? Add the following to your /boot/loader.conf: hw.ata.atapi_dma=1 ...and reboot. You might also be able to use atacontrol. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cdrw PIO4
anubis wrote: On Sun, 9 May 2004 3:17 am, w sx wrote: [ ... ] Have a look at man ata. Here is the important part ATAPI devices are set to PIO mode by default because severe DMA problems are common even if the device capabilities indicate support. You can always try to set DMA mode on an ATAPI device using atacontrol(8), but be aware that your hardware might not support it and can potentially hang the entire system causing data loss. While this advice was reasonable some years ago-- and to the extent that broken ATA hardware still exists may still be relevant now-- but please note that the Original Poster is trying to use a CD/RW burner. :-) It doesn't matter too much if you happen to read a CD slowly, but one ought to use DMA rather than PIO when burning CDs or DVDs. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: blacklist(s)
Gary Kline wrote: Can anyone point me to the website that told how to set up sendmail's FEATURE to use blacklists? There were at least fourr blacklist sites. I've grep'd thru my ~/Mail directory, can't find it? http://www.sendmail.org/m4/anti_spam.html http://mail-abuse.org/ http://www.rfc-ignorant.org/how_to_domain.php Any thoughts on spamcop.com? They're OK... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: COPTFLAGS (not?) only for compiling the kernel?
platanthera wrote: On Friday 14 May 2004 00:03, Giorgos Keramidas wrote: [ ... ] Yes, you do. But I'm sure that you will find the make.conf(5) manpage very informative and useful. not really. it says ... The /etc/make.conf file is included from the appropriate Makefile which specifies the default settings for all the available options. Options need only be specified in /etc/make.conf when the system administrator wishes to override these defaults. ... The manpage is correct. /etc/make.conf behaves much the same way as /etc/rc.conf and other config files with regard to default values. Take a look in /etc/defaults/make.conf, /etc/defaults/rc.conf, etc. [ ... ] to my understanding this explains what CFLAGS/COPTFLAGS are intended for and _implies_ you'd have to uncomment the flag definitions in /etc/make.conf to set them active, Your understanding is not correct, although it's not clear what we should change to help resolve the confusion. CFLAGS has a default value which will be used for everything you compile (meaning ports, the base system, and other things as well [1]) unless you specify something else. otherwise the settings specified in the respective Makefile would be used. No, the various Makefiles throughout the system *don't* set CFLAGS for themselves, they inherit it. The reason this happens is so that you, the user, can specify CFLAGS once, in a well-documented location, and actually have your settings respected by the various software you might compile. I had explicitly specified COPTFLAGS (-O -pipe) but not CFLAGS and saw -O overriding -O2 when compiling a port... Please tell us which port was listing the -O2? Ports which disregard CFLAGS are considered BROKEN and ought to be fixed... -- -Chuck [1]: Observe what happens if one does touch foo.c ; make foo.o... ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: blacklist(s)
Gary Kline wrote: [ ...speaking of anti-spam... ] According to the RFCs, one MUST NOT bounce mail sent to postmaster. One ought to read the rfc-ignorant.org site I mentioned. Oddly enough, even spammers tend not to spam [EMAIL PROTECTED], perhaps if only because the postmaster tends to be willing and able to respond to spam effectively. :-/ -- -Chuck begin forwarded message- This Message was undeliverable due to the following reason: Your message was not delivered because the return address was refused. The return address was '[EMAIL PROTECTED]' Please reply to [EMAIL PROTECTED] if you feel this message to be in error. Reporting-MTA: dns; out007.verizon.net Arrival-Date: Fri, 14 May 2004 20:39:04 -0500 Received-From-MTA: dns; mac.com (68.161.84.3) Final-Recipient: RFC822; [EMAIL PROTECTED] Action: failed Status: 5.1.1 Remote-MTA: dns; ns1.thought.org (216.231.43.140) Diagnostic-Code: smtp; 550 5.0.0 Verizon email not wanted here Subject: Re: blacklist(s) From: Chuck Swiger [EMAIL PROTECTED] Date:Fri, 14 May 2004 21:40:55 -0400 To: [EMAIL PROTECTED] Gary Kline wrote: [ ... ] Ack! I don't have a problem with refusing mail from *.dsl.verizon.net, or with *.client.comcast.net, or any other dialup/broadband range, but bouncing authenticated mail relayed via Verizon's mailservers is probably excessive. -- -Chuck ---begin forwarded message, snip to actual bounce message-- This Message was undeliverable due to the following reason: Your message was not delivered because the return address was refused. The return address was '[EMAIL PROTECTED]' Please reply to [EMAIL PROTECTED] if you feel this message to be in error. --===_ _= 3369445(29216)1084583438 Content-Type: message/delivery-status Reporting-MTA: dns; out009.verizon.net Arrival-Date: Fri, 14 May 2004 20:10:25 -0500 Received-From-MTA: dns; mac.com (68.161.84.3) Final-Recipient: RFC822; [EMAIL PROTECTED] Action: failed Status: 5.1.1 Remote-MTA: dns; ns1.thought.org (216.231.43.140) Diagnostic-Code: smtp; 550 5.0.0 Verizon email not wanted here --===_ _= 3369445(29216)1084583438 Content-Type: message/rfc822 Received: from mac.com ([68.161.84.3]) by out009.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id [EMAIL PROTECTED]; Fri, 14 May 2004 20:10:25 -0500 Message-ID: [EMAIL PROTECTED] Date: Fri, 14 May 2004 21:12:16 -0400 From: Chuck Swiger [EMAIL PROTECTED] Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7b) Gecko/20040421 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Gary Kline [EMAIL PROTECTED] CC: FreeBSD Mailing List [EMAIL PROTECTED] Subject: Re: blacklist(s) References: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at out009.verizon.net from [68.161.84.3] at Fri, 14 May 2004 20:10:25 -0500 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Command to display the complete picture of hard drive
Stephen Liu wrote: [ ... ] Why the denotation of hard drive = /dev/ad4sla, not /dev/hda, etc. FreeBSD isn't Linux. ad referrs to (A)TAPI (D)isk, the 4 refers to an IDE device which is after the standard primary secondary channels (which are ad0 - ad3), and s1a refers to the first FDISK partition, slice a. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Multiple IP's with DHCP?
GRF . wrote: I have Time Warner Road Runner Boradband service and I spoke to the technician and found that they allow 3 IP's to be pulled with basic service. I would like to set up My FreeBSD 4.9 box with two of these IP's. Why do you want to do so? What is probably happening is that you're being allocated a second IP on the same subnet, which isn't permitted because it isn't useful. You might be able to convince dhclient to override the netmask for the second IP, in much the same fashion as ifconfig xxx alias works. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Question re: eventual upgrade to 5-Stable
Robert Carr wrote: Is there any update as to when 5-stable might be released? Is 5.3 expected to be forked as 5-Stable? The last I heard, yes, 5.3 is expected to become 5-STABLE. Release schedules are harder to call. :-/ If I build a FreeBSD 5 server for home use (Postfix, Apache) and use FreeBSD 5.2.x, is the upgrade path to 5-stable expected to be as easy as cvs-up and make-world, or would I have to re-format my HD and re-install with 5-Stable? You ought to be able to cvsup and reinstall world to move from 5.2 to 5.3 without any special issues; no reformat needed. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: blacklist(s)
Gary Kline wrote: On Fri, May 14, 2004 at 10:00:58PM -0400, Chuck Swiger wrote: According to the RFCs, one MUST NOT bounce mail sent to postmaster. One ought to read the rfc-ignorant.org site I mentioned. [ ... ] Well, bit again. The line in my access file was 206.46 550 Verizon email not wanted here that I've commented out. This isn't the first time I've had to fine tune; it probably won't be the last. Apologies! Consider using FEATURE(`delay_checks', `friend') and add the following to the access map: Spam:abuse@ FRIEND Spam:postmaster@FRIEND [ Pre 8.12 versions of sendmail use To: instead ] ...which will allow you to block mail as you please using IP or other reject rules, yet not prevent delivery of mail to postmaster and abuse... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FTP Problems
Me Actionfigure wrote: Hi there..Im on 5.1 and every time I try to install a program using ftp, I usually get about 97% of it downloaded and get this error: 450 Socket write to client timed-out. 9838592 bytes received in 41:21 (3.87 KB/s) 421 Service not available, remote server has closed connection. That's a drag. Fortunately, however, ftp supports resuming interrupted downloads, as per the man page: reget remote-file [local-file] Reget acts like get, except that if local-file exists and is smaller than remote-file, local-file is presumed to be a par- tially transferred copy of remote-file and the transfer is continued from the apparent point of failure. This command is useful when transferring very large files over networks that are prone to dropping connections. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: network traffic
Buck Jones wrote: I would like two programs that sit on two computer and just talk to each other and tell what the speed they are talking and if there is a packet loss ping -f is a pretty good way of stress-testing a LAN. You can also use time ping -s 1000 -c 1000 -i 0.0001 host or so to send approx 1 MB via 1K packets, and divide. Using ftp or fetch or something that provides a speed rate is a little easier, if something running those services is handy... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: memory allocation/deallocation (malloc experts needed)
Till Plewe wrote: My problem is essentially that freeing large numbers of small chunks of memory can be very slow. I have run into this problem twice so far. [ ... ] One solution would be to divide the memory in larger regions and to tell malloc which chunk to use for the next few calls, respectively when a whole chunk could be freed. But I don't know how to do this. Consider using (or searching for information about) a zone-based malloc. NEXTSTEP used one and hence Darwin/OS X probably have sources available for you to consider... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 2 ISP on one FreeBSD router
Piotr Gnyp wrote: My question is: Is there a way to configure FreeBSD, so the NATed workstations will use two ISP at once and in case of one ISP failure the whole traffic will be put on one connection? Sure, that's a standard multihoming scenario. Get an AS number (www.arin.net) and set up BGP peering with your ISPs. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Detect CD Media Type?
Warren Block wrote: Are there any simple utilities that can detect the type of media loaded in a CD or DVD recorder? For example, a CD-R, or DVD+R, or CDRW. I'd like to make a backup script auto-sensing. The sysutils/dvd+rw-tools port comes with dvd+rw-mediainfo... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: two nics, one dhcp server
dave wrote: I've got a machine that i need to give two separate addresses to using two nics, both of which are 3c905's, working fine under 5.2.1. I've got lines in rc.conf set so they both get their addresses via dhcp, however this isn't working. Having both cards in the box neither gets an IP, singley they work fine. Cabling is working, and i'm out of ideas as to what to try. The subject implies that you are connecting both NICs to the same subnet. The simple answer is that this won't work-- it's not useful. A more complex answer is that you could configure the DHCP server to give a different subnet mask to one of the interfaces using a host entry specifying the MAC address of that interface. What are you trying to do? -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Strange pkg_info output
Jorn Argelo wrote: Recently I came across something which kind of bothered me. Every time when pkg_info removes and/or registers a package it gives this output: pkg_info: package bsdpan-DBD-mysql-2.9003 has no origin recorded pkg_info: package bsdpan-DBI-1.42 has no origin recorded pkg_info: package bsdpan-GD-1.19 has no origin recorded I've seen the same type of messages either when updating a Perl module using CPAN, or now when using perl-5.8.4 (via local modification to the port). Should I be worried about this? Or, how do I fix this? The messages are annoying but mostly harmless. I suspect that the package dependency information is no longer reliable, however, but if you are already updating Perl software past the versions currently in the ports repository, hopefully you know what you are doing. :-) I would be interested in a fix for this as well, however. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Strange pkg_info output
Garance A Drosihn wrote: [ ...snip thread about pkg_info: ... has no origin recorded messages... ] In my case, it was happening on something that I had always upgraded via ports portupgrade. It was not bsdpan (which I do not even have installed...), but I do not remember what it was. If you install perl from ports, you apparently get bsdpan included. I think bsdpan is supposed to create the appropriate package bill-of-materials for Perl modules when you use CPAN, only things seems to behave differently than the packages you get using the ports tree (which have a p5- prefix rather than bsdpan-). -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Strange pkg_info output
Garance A Drosihn wrote: At 4:49 PM -0400 5/25/04, Chuck Swiger wrote: If you install perl from ports, you apparently get bsdpan included. Hmm. How would I know if I had it? I don't seem to have any port with the letters 'pan' in it. and `locate bsdpan' does not find anything. I guess I don't really know what I should be looking for... How about this: 22-sec% cat /usr/ports/lang/perl5.8/distinfo MD5 (perl-5.8.2.tar.gz) = fa356b74f99166b63a68a322c3c68f91 SIZE (perl-5.8.2.tar.gz) = 11896287 MD5 (BSDPAN-5.8.0_1.tar.gz) = af9f075e073b14714cfeb8a7582013e7 SIZE (BSDPAN-5.8.0_1.tar.gz) = 6338 ...? :-) -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Strange pkg_info output
Christopher Nehren wrote: On Tue, May 25, 2004 at 14:01:11 EDT, Chuck Swiger scribbled these curious markings: Elbereth...? :-) pkg_info: package bsdpan-DBD-mysql-2.9003 has no origin recorded pkg_info: package bsdpan-DBI-1.42 has no origin recorded pkg_info: package bsdpan-GD-1.19 has no origin recorded Should I be worried about this? Or, how do I fix this? The messages are telling you that when you installed the package, BSDPAN did register it into the package database, but it (obviously) has no information about where from the ports tree you installed it; e.g., if you installed DBI from the ports tree, its origin would be databases/p5-DBI. The CPAN module is Perl's mechanism for updating itself, and thus is kept more up-to-date than the FreeBSD ports collection. The merits of customizing Perl more specificly for FreeBSD should be counterbalanced by the concern of modifying the behavior of a standard tool (similar to the concerns over archivers/gtar). Why you're installing packages that are in the ports tree without using the ports tree is beyond me. If you want it to be updated, send-pr with a patch. Unfortunately, the maintainer of perl is currently AWOL. See: http://www.freebsd.org/cgi/query-pr.cgi?pr=61444 http://www.freebsd.org/cgi/query-pr.cgi?pr=62209 http://www.freebsd.org/cgi/query-pr.cgi?pr=65925# from me... http://www.freebsd.org/cgi/query-pr.cgi?pr=66782 -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: patch
[EMAIL PROTECTED] wrote: I have a source ( in fact it's many sources) divided in many directories; and I have to patch it with a diff file. But when I perform the patch command, the computers wants to know which file I want to patch; but there are a lot of sources, and many of them have to be patched. So is there any option which can specify that all sources must be modified ? If you create the diff recursively (the -r option), it will record the directory structure so that patch knows how to find each of the changed files. Create the diff from the same relative position as the patch command will run and you should be fine, otherwise consider the -d and -p options to patch... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: fputs
Richard Burnett-Godfree wrote: In the code the software use fputs to output chars to the terminal. What seems to be happening is these are all buffered until the process terminates and then they all come out rather than being sent to the terminal during the program operation. Do I need to change an environment setting ?? Should I swap to printf ?? What is the syntax ?? You ought to add a fflush(stdout) to the code when and where you want to be sure that the output buffer is written... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: vipw: pw_edit(): No such file or directory
Kevin A. Pieckiel wrote: A server (that someone else has set up as a development box) gets the following error whenever I run vipw: vipw: pw_edit(): No such file or directory Where do I even begin to look to fix this? I would check what $EDITOR is set to, and verify whether that program is available on the machine. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 3Com 3c905B-TX Fast EtherLink XL Packet Loss
Technical Director wrote: [ ... ] 3Com 3c905B-TX showing up as xl0 plugged in using a etl certified (whooie) cat-5e to: Linksys EtherFast 4116 Using ping -f /{some address}/, I've noticed at these configured speeds the following: 10baseT/UTP half-duplex == 11% packet loss 10baseT/UTP full-duplex == 30% packet loss 100baseTX half-duplex == 70-80% packet loss 100baseTX full-duplex == 95-99% packet loss Some older cards simply won't handle the data rate of a flood ping; if you can do something like: ping -s 1000 -i 0.001 _address_ ...without packet loss, it's probably fine to use for normal purposes. The only other response I can think to give is to try swapping in a high-end card like a fxp. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5.2.1 goes beserk on EPIA M board
Robert Downes wrote: [ ... ] ad0: FAILURE - WRITE_DMA status=11 DSC,ERROR error=84ICRC,ABORTED LBA=4127103 I did have, yesterday, FreeBSD 5.0 running on my EPIA M successfully until I tried to buildworld using 5.2.1 sources, at which point my EPIA hard crashed and reset itself. I assumed my PSU had failed briefly, but is it possible that 5.2.1 has special problems with the EPIA board or processor? Sure, it's possible. 5.2.1 is very close to tracking -CURRENT, and there can be some fallout after people make changes to APCI, the ATAng code, and whatnot. However, I have to say that the EPIA hardware tends to be fairly sensitive to things like poor IDE cables, jumping everything according to spec, etc. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NFS server fail-over - how do you do it?
adp wrote: One of my big problems right now is that if our primary NFS server goes down then everything using that NFS mount locks up. If I change to the mounted filesystem on the client then it stalls: # pwd /root # cd /nfs-mount-dir [locks] If I try to reboot the reboot fails as well since FreeBSD can't unmount the filesystem!? Solaris provides mechanisms for NFS-failover for read-only NFS shares, but FreeBSD doesn't seem to support that. Besides, most people seem to want to use read/write filesystems, which makes the former solution not very useful to most people's requirements. The solution to the problem is to make very certain that your primary NFS server does not go down, ever, period. Reasonable people who identify a mission-critical system such as a primary NFS server ought to be willing to spend money to get really good hardware, have a UPS, and so forth to facility the goal of 100% uptime. A Sun E450 still makes a nice primary fileserver, although NAS solutions like a NetApp or an Auspex (not cheap!) should also be considered. The other choice would be to switch from using NFS to using a distributed filesystem which implements fileserver redundancy, such as AFS and it's successor, DFS. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: routing for 1000 users and 10Mbit internet.
hugle wrote: [ ... ] why then my users eats so much CPU? look: CPU states: 0.0% user, 0.0% nice, 0.8% system, 38.0% interrupt, 61.2% idle Mem: 21M Active, 177M Inact, 133M Wired, 1228K Cache, 199M Buf, 1677M Free I have only 61% idle ? usualy i have ~50 idle.. now I have P4 2.4GHZ maybe my setup is bad (kernel I mean)? ps. what those interrupt means? English as a second language, hmm? Very well: Your network card generates a signal when it receives a network packet and wants the OS to pay attention. That signal is called an interupt, and has a strong correlation with the term IRQ. You are seeing lots of interrupts because your router is dealing with lots of packets. It is very likely that you can improve the way your system handles this load by tuning your system better, yes. Read man tuning, and consider rebuilding your kernel using HZ=1000 or so, and enabling DEVICE_POLLING. You should also make sure you've got good network cards in the machine... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NFS server fail-over - how do you do it?
adp wrote: We can live with the chance that a file write might fail as long as we can switch over to another NFS server if the primary fails. Sorry, NFS simply won't work with the model of operation you've described. There is no way to do fallback to a secondary NFS server if the primary goes down when using read/write shares, nor does there exist any way to push the changes made to a secondary fileserver back to the primary, even if you could convince the clients to fail-over in the first place. Maybe Samba/CIFS would come closer to what you want, or else WebDAV over HTTP? -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Documentation for LDAP Mail Server
David Snyder wrote: I want to setup a mail server on my FreeBSD box that runs Postfix and Cyrus that authenticates through OpenLDAP and have encryption (ssl?). Also, I'd like everything to be database backed... DB3 or DB4? I can't seem to find anything on the internet that will show me how. It sounds like you've got a steep learning curve ahead, frankly. You would probably do better to start with listing your requirements and see whether you can do what you need to do with fewer moving pieces, because setting up LDAP and Cyrus can take a considerable amount of work. This being said, googling for postfix cyrus LDAP reveals a number of hits, including: http://www.sfobug.org/meeting_notes/chris_paul/sasl_openldap.html -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: c++ compile problem
John Oxley wrote: I have written and incredibly complex cpp program [ ...hello, world deleted... ] the compiler throws many error messages $ g++ -ansi -pedantic -Wall -ggdb -o hello hello.cpp 21 | wc -l 88 I have posted the messages at http://oxo.rucus.net/cpp-err.txt If I compile without -ansi and -pedantic, everything works fine. This is my first foray into cpp on FreeBSD, before I have coded only in C. Please could someone tell me what I am doing wrong. Don't use -pedantic unless you are willing to submit patches to fix the warnings being generated. However, if you update your OS from 5.1 to 5.2.1, you will probably discover that the warnings go away to due cleanups and fixes within the system header files made since 5.1... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Running FreeBSD/PostgreSQL on high-end dual Xeon box
Kenji M wrote: I had been considering the same setup, but it might make sense just to use 3 disk RAID5 with hot spare ready. The new RAID controller implementation might not buy us much by using 0+1 vs. 5. Any thoughts? I doubt many databases recommend RAID-5; using RAID 0+1 is likely to be a better choice. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Please help me understand pciutils output
Luke wrote: I suspect that my PCI bus is incompatible with some of the PCI cards I'm trying to use with it. The motherboard was made in 1996 and these cards are all much newer. One of the cards gives USB 2.0 support, but I'm not getting anywhere near USB 2.0 speed out of the USB 2.0 devices I plug into it. More details about the USB performance in terms of numbers you are seeing from some benchmark would be very useful. [ For instance, I know that I can get about 90% utilization of Firewire by seeing a 45MB/s transfer rate for an external Maxtor 5000 combo drive, and I get 1.5MB/s transfers for USB 1, but I haven't had a chance to benchmark the unit using USB 2. And then mention something such as, I was running dd bs=8192, or benchmarks/iozone, or some such...] I wonder if the problem is the speed of the PCI bus that the USB controller is plugged into. Well, a 33MHz PCI bus is still twice as fast as USB 2, but your MB is old enough that pushing two devices might be enough to saturate the chipset-- so you might see a difference between dd'ing between the USB device to /dev/null, and from the USB device to, say, a hard drive. I installed pciutils-2.1.11_1 and ran lspci -vv to get the following log. Should I be disturbed by the 66Mhz- status on everything except the RAID card, which is 66MHz+? No. Should I adjust the latency on anything? Woah! Let's consider some easier things than going into wizard mode. :-) Should I stop plugging new cards into old boards? 00:00.0 Host bridge: Intel Corp. 430HX - 82439HX TXC [Triton II] (rev 02) Maybe. Your motherboard is one of the earlier 66MHz FSB boards, and my memory suggests that the FX and maybe the VX had serious issues involving broken support for doing L2 caching if you had more than 64MB of RAM, and stuff like that. I think the HX fixed some but not all of of those issues, and the LX was the final revision which was quite good for the time. Dell used the LX motherboards (Aladdin?) for most of their PII systems, until replaced by the 100MHz FSB and motherboards with the relatively famous BX chipset. There's nothing wrong with P2-grade hardware, however, other than being dated, and I'm happier using comparitively cheap P3-grade processors today rather than P4-based spaceheaters, or AMD even, and using the cost savings on better equipment elsewhere in the system. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: suggestions for optimal filesystem-layout over multiple harddrives?
Geert Hendrickx wrote: using multiple harddisks can increase performance, since I/O can be done in parallel. But what would be an optimal filesystem-layout on, say, two disks of equal size? Swap should evidently be spread equally over the different drives. As for the filesystems, say I'd have a large /usr and /home, each on one harddrive, and smaller /, /var and /tmp which could reside on either disk. / and /usr would be mostly read-only. There is nothing wrong with the approach you are taking, and it will indeed help balance load out between multiple spindles. That being said, you have to know (by measuring) or at least predict what your I/O access patterns are between the various filesystems in order to gain full advantage. An easier way of balancing load between two or more drives involves using RAID-0 striping, although the drives do not have to be equal in size. Commodity ATA RAID controllers like Highpoint, Promise, 3ware are fairly cheap, or one could use software RAID like vinum. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: CVS vs CVSup
Joshua Lewis wrote: What is the difference between CVS and CVSup? The cvsup manpage quite reasonably provides a description: DESCRIPTION CVSup is a software package for distributing and updating collections of files across a network. The name CVSup refers to the package as a whole. It consists of a client program, cvsup, and a server program, cvsupd. [ ... ] Unlike more traditional network distribution packages, such as rdist and sup, CVSup has specific optimizations for distributing CVS repositories. CVSup takes advantage of the properties of CVS repositories and the files they contain (in particular, RCS files), enabling it to perform updates much faster than traditional systems. :-) CVS is a software version management system, CVSup is a distribution mechanism which understands CVS well. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Please help me understand pciutils output
Luke wrote: [ ... ] More details about the USB performance in terms of numbers you are seeing from some benchmark would be very useful. I agree. How can I benchmark my just my USB controller? Using a mass storage device like an external hard drive is probably the best bet. In the message you replied to, I made some suggestions with regard to using iozone, or dd, etc. Right now all I can say is that I've got a Netgear FA120 network interface plugged into a USB port and I can't squeeze more than 4Mb/s out of it. It's USB 2.0 compliant and should get close to 100Mb/s. I get faster results out of my old 10Mb ISA card. That almost sounds like the NIC is running at USB 1.1 speeds, yes. Note that you won't generally see more than about 90% utilization for network devices due to protocol overhead and latency, but you ought to be getting something closer to 50-80 Mbs... [ ...comments about NEC chip snipped... ] -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Scripting backup of file naming?
Bart Silverstrim wrote: [ ... ] *problem; on server1, I'm going to have two directories: ~/archive and ~/workingdir. I want the scp to move the files from server2 to ~/workingdir, tar and zip them as a file name with a date attached (like backup06072004.tgz) to make the filename distinctive, then move that file from ~/workingdir to ~/archive. The filename would need to be distinctive both to allow for reference when needing to restore a snapshot and also to keep the archives from overwriting each other when moved over. Consider the following script. You may want to switch to using scp rather than rsync, and you may choose to hardcode the SSH key rather than passing it in as the first argument. You might also want to change how $DESTROOT is set to match the paths you want to use. Finally, you will want to add something like: cd ${DESTROOT}/.. ARCHIVEFILE=/home/SOMEUSER/archive/backup`date +%Y%m%d`.tgz tar cf - ${CLIENT} | gzip --best ${ARCHIVEFILE} ...just before the final done. Test things out by hand for a while (or on a machine-by-machine basis), and then set this up in cron. -- -Chuck --- #! /bin/sh # # Backup script. Takes SSH key as the first argument, then a list of # one or more hostnames to backup. This script removes slashes found # in hostnames and tests whether a host is pingable before trying to # operate on that host. # # In other words, if you configure one host at a time to backup okay # by adjusting SSH keys and such, running ./backup.sh _ident_ *.com # at a later date will backup all of the hosts manually configured # automaticly. If a host is down, it will be skipped without its # files being deleted by the rsync --delete or rm commands # (if enabled; see below). # # Copyright (c) 2003. Charles Swiger [EMAIL PROTECTED] # $Id: backup.sh,v 1.3 2003/05/16 07:17:06 chuck Exp $ # if [ $# -lt 2 ]; then echo Usage: backup.sh SSH key host1 [host2...] exit 1 fi ID=${1} shift echo Authenticating via SSH key id: ${ID} echo PATH=/usr/local/bin:/usr/bin:/usr/sbin:/usr/libexec:/usr/lib:/bin:/sbin MKDIR=mkdir -p RM=/bin/rm -rf RSYNC_RSH=ssh -i ${ID} export RSYNC_RSH COPY=rsync -aqRC --copy-unsafe-links --delete # Alternative COPY version if you don't have or want to use rsync: # COPY=scp -rq -i ${ID} # Loop through all of the remaing arguments, and test whether reachable for name ; do CLIENT=`echo $name | tr -d '/'` if { ! /sbin/ping -q -c 1 -t 10 ${CLIENT} /dev/null ; } then echo ${CLIENT} is unpingable and may be down. Consult errors above. continue fi echo Backing up ${CLIENT} at `date`. # This is the destination to backup the client to. DESTROOT=/export/Backups/${CLIENT}/ # DANGEROUS: (optionally) completely clean contents first? # # You will probably be sorry if you leave this enabled and run # backups via cron. Only turn this on when running by hand. # ${RM} ${DESTROOT} ${MKDIR} ${DESTROOT} ${COPY} ${CLIENT}:/etc ${DESTROOT} 2 /dev/null ${COPY} ${CLIENT}:/var/log ${DESTROOT} 2 /dev/null ${COPY} ${CLIENT}:/var/named${DESTROOT} 2 /dev/null ${COPY} ${CLIENT}:/usr/local/etc${DESTROOT} 2 /dev/null ${COPY} ${CLIENT}:/opt/apache/conf ${DESTROOT} 2 /dev/null # add directory locations you care about here... done echo echo Finished backup at `date`. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Maximum Swap Size
Scott Ballantyne wrote: Hmmm... I didn't know there was a maximum swap size on FreeBSD 4.10 of 1677216 blocks... Is there an easy way to reduce this partition without redoing the entire install? Yes. Delete just the swap partition in place, then recreate it using a smaller size (using /stand/sysinstall or another tool of your choice). The rest of your existing partitions and the data in them should be fine... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Frontpage and jails and possible alternatives
Lucas Holt wrote: [ ... ] Personally, I find it odd to run frontpage extensions on a unix host. If people want microsoft technology, they should pay for NT hosting. I would very much rather administer a Unix box running software which plays nice with Windows protocols (if that is what the client has is paying for), than admin a Windows box. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SO_LINGER on socket with non-blocking I/O
Julian Cowley wrote: I've been developing an application that attempts to send data from one host to another via TCP. The intent is for the data transfer to be as reliable as possible, and to log whenever it detects that it has lost data (this is for a reliable syslog protocol, if you're wondering). Because my application doesn't (yet) have application-level acknowledgments, it has to depend on TCP to make sure the data gets through reliably. OK. TCP is really good at doing what you've asked. :-) When closing the socket, I want to make sure that the remaining data got through to the other end (or otherwise log something if it didn't). I've set SO_LINGER on the socket for this purpose, but one caveat is that I also have the socket in non-blocking mode. When your local TCP issues a close(), the TCP stack will iterate through a series of steps (the FIN-WAIT stages) to ensure that any remaining data will be sent and acknowledged before your local machine actually releases the socket. See RFC-793, 3.5. Closing a Connection CLOSE is an operation meaning I have no more data to send. The notion of closing a full-duplex connection is subject to ambiguous interpretation, of course, since it may not be obvious how to treat the receiving side of the connection. We have chosen to treat CLOSE in a simplex fashion. The user who CLOSEs may continue to RECEIVE until he is told that the other side has CLOSED also. Thus, a program could initiate several SENDs followed by a CLOSE, and then continue to RECEIVE until signaled that a RECEIVE failed because the other side has CLOSED. We assume that the TCP will signal a user, even if no RECEIVEs are outstanding, that the other side has closed, so the user can terminate his side gracefully. A TCP will reliably deliver all buffers SENT before the connection was CLOSED so a user who expects no data in return need only wait to hear the connection was CLOSED successfully to know that all his data was received at the destination TCP. Users must keep reading connections they close for sending until the TCP says no more data. My question is, what is the behavior of close() on a socket in non-blocking mode when SO_LINGER is set (to a non-zero time)? There seems to be two, possibly three, possibilities according to some web searches I've done: 1) the close() call immediately returns with an EWOULDBLOCK (EAGAIN) error. 2) the call blocks anyway regardless of the non-blocking mode setting. 3) the call returns immediately after the connection is forcibly reset, possibly losing any queued data that was to be sent. I'm pretty sure the third possibility only happens when SO_LINGER is set with a linger time of 0 seconds. Remember that the in-process reference to a socket's descriptor is not the same thing as the kernel's reference to the underlying TCB (or whatever FreeBSD calls the TCP control block). Even if you close() the descriptor, the system ought to continue to process any unsent data until the TCP stack succeeds or times out the TCP connection. It may be the case that what you want to use is shutdown(2), instead. In other words, possibility #1 is probably what should happen. #2 may happen if the local platform doesn't handle non-blocking I/O very well. #3 should only happen if you are using a TCP stack which is broken, but some people seem to prefer that, so who can say? -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: options tcp_drop_synfin and virtual hosts
dave wrote: Is there a doc that says what the tcp_drop_synfin option does and what effect it has on webservers and why it should never be used on such? The meaning of the SYN and FIN flags is discussed in RFC-793. Normally, one goes through the 3WHS and exchanges some data before one side decides to close, but HTTP requests can fit within the first data packet so one might shortcut or streamline the process (or am I mixing concepts from T/TCP?). Anyway, the effectiveness of the tcp_drop_synfin option is marginal compared to running a real firewall, even one on that host. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 160 Gb Harddisk: needs extra tweeking?
Rob wrote: It comes with a tiny CD-rom, about 8cm in diameter, entitled Data Lifeguard Tools. I don't know what to do with this CDrom. You can probably run the software on it to check the hard drive, format it (as in, create a MBR and probably FAT and maybe NTFS filesystems), etc. You don't need any of the software on there when using FreeBSD, per se, but the manufacturers utilities are generally useful for troubleshooting and diagnostics. I am planning to use this harddisk as the only harddisk in my PC and install FreeBSD (preferably version 5-Current) on it. Will I encounter problems? Does it need extra tweeking? Hopefully: no, no. The Western Digital homepage says somewhere: Hard drives larger than 137 GB require a controller card to utilize full drive capacity. What does that mean? If your motherboard is not new enough to support LBA/48-bit addressing, then your motherboard won't properly recognize the size of the drive. Older motherboards which support the previous LBA standard can only see up to 137 GB (and drives before that were limited to 8.4 GB using extended C/H/S, and before that to 540MB using classic BIOS C/H/S geometries). The short form of the above is, try the drive out and see what your BIOS recognizes it as. Another question. The Western Digital homepage lists this about the harddisk: Data Transfer Rate (Buffer to Host) 100 MB/s (Mode 5 Ultra ATA) 66.6 MB/s (Mode 4 Ultra ATA) 33.3 MB/s (Mode 2 Ultra ATA) 16.6 MB/s (Mode 4 PIO) 16.6 MB/s (Mode 2 multi-word DMA) Do I have to tell this to the kernel somehow, or is this a BIOS thing? This is some of both: your BIOS ought to have settings for enabling and controlling the DMA mode used to access the drive. The kernel will figure things out from there, although it does it's own testing to try and recognize problems with your cabling or configuration, and may fall back to running at a slower speed. See man atacontrol for ways of changing the speed while the system is running. Are there good reasons not to choose the fastest option Mode 5 here? Use the fastest speed you can. Good reasons not to choose the fastest speed might include using a 40-pin ATA-33 cable rather than a newer 80-pin cable, or having slower devices like a CD-ROM on the same IDE channel, or if your motherboard doesn't support all of the speeds the drive does. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Keep log_in_vain Value
Matt Cyber Dog LaPlante wrote: Right now on a FreeBSD 4.7 box, net.inet.tcp.log_in_vain and net.inet.udp.log_in_vain are both turned on. I know they can be disabled using sysctl, but this only fixes the problem until the machine is rebooted, at which point they both come back on. These default to off, so I would suggest you check /etc/sysctl.conf and see whether they are being turned on there, and then change that. :-) Otherwise, something like grep log_in_vain /etc/* might give a hint... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: arplookup WWW.XXX.YYY.ZZZ failed: host is not on local network
David Fuchs wrote: Ok, riddle me this: /kernel: arplookup WWW.XXX.YYY.10 failed: host is not on local network [ ... ] Static routes have been added to force all communication *between* these two hosts to use the secondary interfaces: WWW.XXX.YYY.25's static route: route add WWW.XXX.YYY.10 172.16.1.10 WWW.XXX.YYY.10's static route: route add WWW.XXX.YYY.25 172.16.1.25 You've identified the cause of the problem yourself. One solution would be to stop trying to route IPs which are on a directly connected subnet via your secondary interface. If you want the machines to talk to each other using your 172 network, have whatever services connect to or listen on those IPs rather than on your WWW.XXX.YYY network addresses. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IDE hard disk recoms
freebsd_daemon wrote: does someone have some recommondations for IDE hard disks to use in a small server? Sure. I'd pick up a 7200 RPM ATA drive with 8MB of cache, such as the Western Digital WD1200JB. Pick another size (40GB, 80GB, probably through 200GB) if you like. Seagate and Maxtor are also pretty good names; the former tends to be more expensive and higher performing, the latter are quiet, a little slow, but generally reliable and cheap. The IBM UltraStar models are quite good, whereas the DeskStars have dubious reliability, and Quantum made the term stiction famous more than a decade ago with the Q105 SCSI drives that wouldn't spin up, so I wouldn't rely on that vendor either. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Should gcc be accessable by others?
[EMAIL PROTECTED] wrote: Is it a good idea to change the permisions on the gcc tools to 750 ? I looked through the FreeBSD Handbook and could find no advice on this matter. Changing gcc to 750 might provide a small benefit to security, but if someone has enough access to be able to try to run gcc in the first place, they can probably upload their own compiler if they really wanted to (or more likely, a precompiled version of whatever tool they wanted to use), or else exploit some other local vulnerability. Also are there other tools that should not be available like strace? How can I find out which ones are potentially exploitable? The ports system provides a mechanism for analysing which programs use socket() and other system calls and thus may be potentially remotely exploitable. Anyway, the notion you are looking for is known as hardening a system, and a search on that term will probably give you more insight. Basicly, just changing perms on gcc isn't really enough, but if you take draconian measures to remove all programs that aren't needed, you can get a minimal system that is much harder to exploit. Such a system wouldn't be very useable to normal humans, however, so this is generally done only for firewalls and the like. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IDE hard disk recoms
Mike Woods wrote: Chuck Swiger wrote: Sure. I'd pick up a 7200 RPM ATA drive with 8MB of cache, such as the Western Digital WD1200JB. Pick another size (40GB, 80GB, probably through 200GB) if you like. Seconded, but id get the sata version and a caddy for a server, makes like easier with changes etc and caddies can be had with extra cooling fans installed which should help lengthen the life of the drive. If the original poster has SATA hardware support, definitely, he should take advantage of it. I suspect that he has parallel ATA, though. Also, your comments with regard to extra cooling are well-taken: IBM did some research on drive failure rates, and found that a 10C increase in the temperature of the drive enclosure basicly doubled the number of drive failures experienced after 3 years, or something close to that. Seagate and Maxtor are also pretty good names; the former tends to be more expensive and higher performing, the latter are quiet, a little slow, but generally reliable and cheap. I dont know about today but seagate drives used to have real longevity problems years ago (back in my amiga days :)) Yes, Seagates generally go for three or four years or so and then start showing gradual failures (ie, uncorrectable data errors from bad sectors) which accelerate in frequency until the drive becomes unusable. I've still got a 1GB Micropolis 2112 from 1990 that's in pretty good shape, I wish they were still around. The IBM UltraStar models are quite good, whereas the DeskStars have dubious reliability, and Quantum made the term stiction famous more than a decade ago with the Q105 SCSI drives that wouldn't spin up, so I wouldn't rely on that vendor either. IBM fixed the problems with the deskstars long ago (with the gxp120) and all the drives since have been known to be reliable drives with good preformance for a nice price, also hitachi own the deskstars now. I'd heard about IBM and Hitachi partnering on drives, but I (obviously :-) forgot some of the details. As for quantum, you've recomended them above :) Maxtor bought quantums hard dive division years ago and most maxtor drives since are basicly quantum designs or derivertives off them :) I remember a little about that as well, which was why I was dubious about WD drives two or three years ago when I first started experimenting with their new SE/JB line, but they've proven to be pretty solid devices since. I still wouldn't get a drive with the Quantum brand name on it today, however... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mail
Robert Huff wrote: Chuck Swiger writes: [ ... ] Would you care to nominate an inherently network-accessible program with such a track record? For example: 5.2.1 was released in late February; there are currently 12 security advisories*, of which I would consider at least 5 to be part of the core system. (As opposed to things in the base system, like BIND.) http://cr.yp.to/qmail/guarantee.html: In March 1997, I offered $500 to the first person to publish a verifiable security hole in the latest version of qmail: for example, a way for a user to exploit qmail to take over another account. My offer still stands. Nobody has found any security holes in qmail. Note that the author has chosen to view this guarantee as applicable to remotely exploitable holes resulting in being able to run programs as some user, rather than denial-of-service exploits (say, filling up the drive due to a mailbomb), and that there have been security issues with commonly used patches to qmail. Then again, anything which uses SSL (ie, qmail+TLS) has been vulnerable to the horde of OpenSSL issues... People who think that installing qmail today are likely to not be hacked due to a security hole in qmail over the next two years do indeed have some reason for their belief. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Redirection with a bridge ?
Matt Juszczak wrote: Is there a way to do IP redirection without using layer 3? (IPNAT or routing)? I have a bridge setup and want to redirect any port 80 traffic outgoing through the bridge to a specific server but it seems I can only do this with ipfw's forward/fwd or ipnat's rdr commands ... which are all layer 3 oriented and dont work with just a bridge... Well, you can use layer-2 bridging to forward network traffic to any directly connected physical subnet you want to, and you can use ifconfig alias to give machines on that subnet multiple IPs. If a machine sees traffic to its MAC address and/or is in promiscuous mode (which is what a FreeBSD bridge sets the interfaces it uses to), the machine will pay attention to those packets. If the packets contain IP addresses which the machine believes belong to it, then it will respond appropriately. Frankly, however, I suspect that you are confusing yourself more than you are solving the problem you actually want to solve. :-) Given a sufficiently complex set of firewall rules, packet forwarding, NAT re-writing, and whatever else, you can mangle packets in pretty much any way one can think of. Do this only when you need to, to the extent that is useful. If setting up a normal network and letting the default TCP/IP local-subnet and routing behaviors do the right thing is at all possible, let the default behavior work for you. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Turning off sshd version display when someone telnets to port.
Emperor of Florida wrote: [ ...concealing the purpose of a port... ] Currently when you telnet to it you will see: Escape character is '^]'. SSH-1.99-OpenSSH_3.6.1p1 YbrickRd As Jeremy said, SSH depends on exchanging the version of the procotols it is using in order for both sides to figure out what types of cryptography they can use. You have already improved the security of your installation significantly, and to the point where any gains beyond this are going to require heroic measures. You might consider setting up IPsec, or blocking inbound SSH connections from all but a few IP addresses, or changing SSH to use OPIE rather than reusable passwords. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Python application in rc.d.
Lewis Thompson wrote: I'm trying to create a port for a Python application that I want to start from local/etc/rc.d. The command is this: /usr/bin/su freevo -c /usr/local/bin/freevo -fs start /dev/null 21 Unfortunately when I boot up I get a message about Python not being configured/available at this time. Does the script set $PATH to include the location where python is? If you don't list /usr/local/bin explicitly, this may be the problem... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Python application in rc.d.
Lewis Thompson wrote: [ ... ] Does the script set $PATH to include the location where python is? If you don't list /usr/local/bin explicitly, this may be the problem... No, PATH doesn't get set but if I run it as /usr/local/bin/freevo.sh start from a login shell (i.e. after the system has booted) it works fine. I might be getting confused but I think this indicates the script is good and it's a start-up problem. Is this just wrong? No, you should not assume that running the command from an interactive shell is the same environment that a RC startup script or a cron job runs under. Adding an echo $PATH somewhere would probably give you more information, but without a more specific error message, I'll repeat my guess. [ Without seeing the exact error message, asking us what's really going on involves jedi mind tricks! :-) ] -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Win-modems
Kris Kennaway [EMAIL PROTECTED] wrote: On Wed, Jun 20, 2001 at 11:44:22AM +0300, Alex wrote: [...] You're living in the past, man! Heh! Amusing turn of phrase, this. -- -Chuck PS: In case the phrase he used doesn't translate, out of pity for interpreting foreign languages, Alex, please reset the date on your computer. Every once in a while, Kris takes the domain name in that email address of his a little too literally, resulting in obscure responses. :-) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's the best possible email failover solution
Bill Moran wrote: It's the mailboxes themselves that are difficult to get. Best we've got right now is backing up the Cyrus mail folders using rsync ... but this is very time- consuming, and (thus) only done once a day. In order for it to be done right, Cyrus has to be shut down while it's backing up. Are you using mbox files rather than maildir-style mailboxes? The latter uses one-message-per-file, and ought to work *much* better both in terms of performance and stability, and in terms of playing nice with the way rsync wants to back things up. [ I don't think that stuffing email into a database is a particularly good idea since that means keeping large blobs of non-relational data floating around, something that the filesystem can do a better job of handling... ] -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's the best possible email failover solution
Bill Moran wrote: Chuck Swiger [EMAIL PROTECTED] wrote: [ ... ] The latter uses one-message-per-file, and ought to work *much* better both in terms of performance and stability, and in terms of playing nice with the way rsync wants to back things up. Doesn't really matter. Fact is, the mail directories are something on the order of 3G. No matter how efficiently I store them, rsync is not going to be able to back them up fast enough to hit the level of redundancy I'm shooting for. You may well be right, as you aren't really talking about performing backups, you're talking about creating a fully redundant storage which is kept up-to-date in realtime. Although Maildirs might work a little better, since I wouldn't have to stop the IMAP server during backup. That, and the granularity of one-message-per-file fits perfectly with rsync's file-driven model. It takes about 30 minutes to rsync the system to the backup server right now. That's perfectly acceptable for nightly backup purposes. This is a 1.5Ghz with 256M RAM and 80G ATA 100 HDDs. If the system runs rysnc continuously 24/7, I still have 30mins old data. Oh, yes. Just don't forget that if you do eliminate this time gap, you still ought to have another system actually taking backups. Any change the system encounters will be replicated to the redundant mail storage system in real time, including bad changes. [ I don't think that stuffing email into a database is a particularly good idea since that means keeping large blobs of non-relational data floating around, something that the filesystem can do a better job of handling... ] It's a good idea if I want real-time redundancy. I see where you're coming from, and it's true that a RDBMS isn't the best way to store emails. But, when you look at the features available, it's the best way for this circumstance. With something like Slony, I'd have real-time redundancy with (I'm expecting) only a minor performance drop. Although I can't be sure until I can put something together to test. Reliability is much more important than performance in this case. Who cares if their email takes and extra 60 seconds to deliver, as long as it doesn't get lost! If the email arrives fast, it's useless if the server fails and the email is lost because the SMTP server told the delivering server that it had arrived and then crashed before it could be backed up. I suspect that the relatively heavy weight of database transactions compared with filesystem access is going to slow things down a fair amount, too, particularly when running against a replicated DB. But reliability over performance is a fine choice to make. :-) Using RAID improves fault-tolerance, but you still end up with a single-point-of-failure at the system level; using database replication gives you higher availability, which seems to be what you mean when you talk about reliability. Perhaps SAN or NAS concepts might be worth considering, as you can set up a fully-redundant fibre channel configuration where the storage is shared between two or more systems, thus with no single-point-of-failure. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: read vs. mmap (or io vs. page faults)
Matthew Dillon wrote: Mikhail Teterin wrote: =Both read and mmap have a read-ahead heuristic. The heuristic =works. In fact, the mmap heuristic is so smart it can read-behind =as well as read-ahead if it detects a backwards scan. Evidently, read's heuristics are better. At least, for this task. I'm, actually, surprised, they are _different_ at all. It might be interesting to retry your tests under a Mach kernel. BSD has multiple codepaths for IPC functionality that are unified under Mach. The mmap interface is supposed to be more efficient -- theoreticly -- because it requires one less buffer-copying, and because it (together with the possible madvise()) provides the kernel with more information thus enabling it to make better (at least -- no worse) decisions. I've heard people repeat the same notion, that is to say that mmap()ing a file is supposed to be faster than read()ing it [1], but the two operations are not quite the same thing, and there is more work being done to mmap a file (and thus gain random access to any byte of the file by dereferencing memory), than to read and process small blocks of data at a time. Matt's right that processing a small block that fits into L1/L2 cache (and probably already is resident) is very fast. The extra copy doesn't matter as much as it once did on slower machines, and he's provided some good analysis of L1/L2 caching issues and buffer copying speeds. However, I tend to think the issue of buffer copying speeds are likely to be moot when you are reading from disk and are thus I/O bound [2], rather than having the manner in which the file's contents are represented to the program being that significant. - [1]: Actually, while it is intuitive that trying to tell the system, hey, I want all of that file read into RAM now, as quickly as you can using mmap() and madvise(), what happens with systems which use demand-paging VM (like FreeBSD, Linux, and most others) is far more lazy: In reality, your process gets nothing but a promise from mmap() that if you access the right chunk of memory, your program will unblock once that data has been read and faulted into the local address space. That level of urgency doesn't seem to correspond to what you asked for :-), although it still works pretty well in practice. [2]: We're talking about maybe 20 to 60 or so MB/s for disk, versus 10x to 100x that for RAM to RAM copying, much less the L2 copying speeds Matt mentions below: Well, I think you forgot my earlier explanation regarding buffer copying. Buffer copying is a very cheap operation if it occurs within the L1 or L2 cache, and that is precisely what is happening when you read() into a fixed buffer in a loop in a C program... your buffer is fixed in memory and is almost guarenteed to be in the L1/L2 cache, which means that the extra copy operation is very fast on a modern processor. It's something like 12-16 GBytes/sec to the L1 cache on an Athlon 64, for example, and 3 GBytes/sec uncached to main memory. This has been an interesting discussion, BTW, thanks. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [OT] Re: What's the best possible email failover solution
Bill Moran wrote: Chuck Swiger [EMAIL PROTECTED] wrote: [ I don't think that stuffing email into a database is a particularly good idea since that means keeping large blobs of non-relational data floating around, something that the filesystem can do a better job of handling... ] [ ... ] During my research of the IMAP protocol, I determined that _the_best_ way to store email for high-performance would be to put them in a database. This is because IMAP doesn't see email as a big blob of text like POP does. It sees the headers as one thing, and the different MIME parts of the email each as a seperate thing that can be fetched independently of the other MIME parts. This is a pretty good layout for a one - many relationship in a database. Fact is, every current IMAP server that I'm aware of has to break emails apart on the fly in order to server IMAP. There's nothing wrong with applying database concepts to email, and it sounds like you want things which take advantage of database replication and transaction management and so forth in order to gain reliability, so perhaps you will find a DB better suited for your requirements than my comments above suggest. I don't mind being wrong when the result works better for someone. However, please remember that I know you are an optimist if you think I am a pessimist. :-) Now, I could be wrong on this count, as I never wrote the mailserver, so my theory could ultimately be proven wrong, but I guess I just don't agree with the statement that SQL is a bad way to store email until someone has actually proven it. My concern has less to do with the suitability of using a database to store mail as it has to do with database transactions becoming a potential bottleneck on the system as a whole. I've spent a great deal of time in my day job dealing with dynamic websites, which mostly means ones driven by content generated by a database. In my experience, you want to provide static content as efficiently as possible, and reserve database transactions for persisting changes to state and answering relational queries. The most relevant comparison is one involving a site where people can search for images by keyword, which someone was also storing in the database. The idea works fine under light to moderate load, but it turns out that keeping just the relational part of the image data (name, keywords, etc) and a filesystem reference, and generating a link using that path for Apache to serve directly scales much better. --- In the case of storing email in a DB, while you can break up a mail message into headers plus seperate MIME components, are you really going to want to decompose each and every mail message in a 3GB mail volume like that? Although if you throw enough RAM at a DB so that the entire thing fits into main memory, that can produce some spectacular results, and is almost doable for this specific case. Anyway, consider each time someone reads a message from the DB, you'd have to do two or three database transactions per message, maybe more, compared with read()ing or mmap()ing a single file in an IMAPD and doing strnstr()s for MIME boundary seperators in C. Remember that hitting the DB involves multiprocess IPC and adds a lot of latency compared to what a filesystem-based IMAP daemon does. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [OT] Re: What's the best possible email failover solution
Bill Moran wrote: Christian Laursen [EMAIL PROTECTED] wrote: If you are running FreeBSD 5, you should be able to make a filesystem snapshot and rsync from there. I suppose I should have commented on that ;) We're not running FreeBSD 5 on these production machines yet ... but it's likely we will be soon, so I'm considering using snapshots. To my understanding, we still have to stop Cyrus while the snapshot is being created (to ensure consistency) but since a snapshot takes a lot less time than an rsync, this should be a big improvement. Once the snapshot is created, rsync can take as long as necessary. No, snapshots can be taken without significantly interrupting running processes, although I'm not sure how long filesystem access gets blocked while creating the snapshot. You could also detach a RAID-1 mirror of the data (using vinum, ccd, whatever) and backup that, and then re-attach and resync the mirror drive to the live volume. Both of these methods make taking a very current backup easy; they do not provide live replication of the data, however. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: HardWare may be
wrote: Russia, Chitinskaya state, Chita city. Hello to you ?untranslatable name?, too. :-) FreeBSD 5.2.1, it freezes on start load(default) of install. Probably it because of that of incompatibility with the hardware. Perhaps so. You might try booting with APCI disabled, or in safe mode, and see whether that works. Also, it would help to tell us what hardware you have. If you can boot some form of Linux, a dmesg from that would be useful. Or you might try using FreeBSD 4.10 instead of 5.x. I the beginning user BSD. I do not know how to generate the Bug report. Welcome. You might find convenient information from: http://www.freebsd.org/ru/index.html http://www.freebsd.org/ru/docs.html [ Woah! I don't have much problems following the FreeBSD pages in French or Spanish, or even in German. But I only recognized the Docs link because of the FAQ entry when viewed in Russian. :-) However, I have learned that kohelept means concert. ] -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
'ftp' command does what...?
Hi, all-- Is there a reason why the ftp command does odd things when presented with the URL format on this particular FTP server? 5-epia% ftp ftp://ftp.andrew.cmu.edu Connected to ASG2.WEB.cmu.edu. 220 asg2.web.cmu.edu FTP server (Version 6.00+Heimdal 20031031+KTH-KRB 1.3-20031 030) ready. 331 Guest login ok, type your name as password. 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. 200 Type set to I. 500 'CWD ': command not understood. CWD command not recognized, trying XCWD. 500 'XCWD ': command not understood. ftp: The `CWD ' command (without a directory), which is required by RFC 1738 to support the empty directory in the URL pathname (`//'), conflicts with the server's conformance to RFC 959. Try the same URL without the `//' in the URL pathname. 221 Goodbye. 6-epia% uname -a FreeBSD epia.pkix.net 5.2-CURRENT FreeBSD 5.2-CURRENT #1: Sun May 9 04:56:46 EDT 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/EPIA i386 Hmph. I suspect that handling an FTP URL without any URI portion past the hostname ought to do the same thing as ftp hostname. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mounting hard disk in multiple locations
Alan Gerber wrote: I'm trying to mount a single hard disk slice in two separate locations (one location being r/o and another being r/w), and having a hard time figuring out how to do it. mount the slice r/w as a normal filesystem, then NFS export that filesystem RO and mount it again in the second location. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: any use to build from source?
Kai Grossjohann wrote: Charles Swiger [EMAIL PROTECTED] writes: Oh, yes. The first time you run into a problem and fix it yourself, or make a change to the programs to add some feature that you want, you will discover the serious advantages. However, if you never try to fix bugs or write code for yourself, then you aren't going to gain nearly as much from using source compared with using precompiled binaries. How does one deal with local changes in the software when installing as a port? One way is to put your local changes into files/patch-aa [1] using diff format. Other times it's as simple as defining some environment variables by passing them into make, via /etc/make.conf, etc. -- -Chuck [1]: Choose whatever name seems appropriate, perhaps files/patch-src-file.c; the patch-aa naming convention works fine but is depricated. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Forgot to add...
3BSD wrote: One thing I forgot to add to be previous e-mail about hardware compatibility was that I'm using the DVI port of my graphics card, connected to an LCD display, will that pose any problems? Generally not. To the extent that your configuration of video card and monitor can be treated as a generic (s)VGA display, FreeBSD will be plug-and-play for text mode (booting, console), and will also work genericly under X11. Getting 3D hardware support going for fast OpenGL stuff, and/or doing a multimonitor display mode are more complicated questions, but generally one can get such things working after more tweaking and time spent on your part. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mirrors needed?
Brad Pugh wrote: I just wanted to see if you guys in need of anymore mirrors for you're downloads? If so how much space does you're downloads need? Thanks for your offer. Please refer to: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/hubs/mirror-requirements.html -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IP alias + NAT through a single NIC?
Romain Kang wrote: I have a single physical network with 2 disjoint address spaces in it. Logical Net 1 is routable, while Logical Net 2 is in private space intended to keep devices there safe from the outside. Now I need to allow some Net 2 devices the capability to access the web, and putting in a second physical net is impractical. Can a FreeBSD box with just one NIC on the physical net be used as the router between the logical nets? Yes, although using one NIC compromises security a great deal compared with having two physical subnets seperated by a packet-filtering firewall. Set up an interface alias via ifconfig to go on the second network, enable ipforwarding and presumably NAT. If so, could it be used to limit outside access from Net 2 by hardware address? All outside traffic is going to go through the machine used as a router and acquire it's hardware address. If you have another router on net 1, blocking packets from that MAC on all of the hosts on net 2 would be useful, but you'd have to do it for each client machine, not just on this FreeBSD box itself. Or is there a proxy that would work for this configuration? Running a proxy server on the FreeBSD box is more secure than providing routing and NAT for the machines on net 2. squid works fine for this. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: a quick mailing list question
Vulpes Velox wrote: I've been going though transfering all the freebsd mailing lists I've subscribe to over to one account... the small problem I ran into is this, I can send emails from this new account fine, but for some reason if I send something to a list, it does not appear to show up... I niether recieve it nor does it show up in the archive... This message made it through. I've seen mailing list lag of up to 48 hours from time to time, so there may be some mail getting stuck on a queue for whatever reasons. any ideas on what is happening? No, although I'd wait a day or so and see whether the messages show up in list traffic, or whether you get a bounce. Also, you might dig up a message-id from your Sent messages mbox (if you keep them), and ask [EMAIL PROTECTED] to look into the matter. That's what postmasters are there for. :-) -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: firewall for web server
Peter Zyumbilev wrote: Do you know some good tutorial for bulding firewall for FreeBSD as web server. I found a lot of tutorials but for FreeBSD as router. First, are you building a firewall or a web server? If you're building a firewall, you don't want to run any services like WWW at all on the machine. If you're building a web server, you're probably not going to be routing traffic, no-- to corresponds to your second remark. Some commented premade script with comments will also do the job. I was plannding to use APF, but I am afarid to install it on FreeBSD without good tutorial. APF? -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NFS and Backups
Grant Peel wrote: I have recently decided to use some extra disk space on one of my servers as backup space. I have NFS client and Servers running OK, but was wondering how secure it really is. NFS is not secure at all. If you don't trust the local subnet, don't use NFS there. Certainly don't use NFS across the Internet, unless using a secure tunnelling/VPN protocol So if in my nfsd configuration, I specify a host called 'ahab' for example, how does the nfsd authenticate this host, and how secure is it? NFS doesn't authenticate the host. NFS trusts the resolver when reversing the IP addr into a hostname. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NFS and Backups
Bruce Hunter wrote: What should you use instead of NFS? I like the fact that I can open up a window and throw some files to my server. Maybe, something can be accessed through a firewall? rsync over ssh is very good for this. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Long-running connections stop working through a FreeBSD 5.1R firewall/NAT box...
Douglas Carmichael wrote: HTTP connections across the firewall work fine (ie. web browsing) and I can maintain a connection to a streaming radio station just fine from my PowerBook inside the firewall, but AIM, ICQ, and Yahoo Messenger seem to stay up for a while and then just unexpectedly disconnect (the client has to reconnect). What could be the problem? You're using NAT. NAT implementations have a finite number of dynamic rules available and/or time out old connections, thus dropping long-running persistent connections. (That behavior isn't desirable, but is normal for NAT) -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: JAILS: Shared IP?
Chris wrote: 1) What would be the advantage(s) or disadvanatage(s) of giving each website it's own IP vs sharing a single IP? Are you doing SSL? You'd need to give each SSL site it's own IP, but otherwise you can do what Apache calls name-based virtual domains and share. 2) Is one going to be more difficult to set up than the other? Not significantly. It's probably a little easier to set up four different webservers running on four different IPs. 3) Would it be better to use something like Webmin to configure the setup instead of trying to do it by hand, or does that take away from learning? webmin takes away from learning. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ogg encoding
Todd Stephens wrote: I found a port for mp32ogg to convert mp3 to ogg format, but is there a program to convert wav to ogg format? I like the ogg format, but it seems to me that there will be some data loss going from wav to mp3 and then to ogg. There will be data loss in converting from mp3 to ogg format because mp3 is already using lossy compression. You want to ogg the original source data, although a 44.1 KHz .wav file is basicly raw PCM audio plus a header, anyway. Anyway, look for something called sox, which is a good sound format converter utility. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Slow NAT firewall
Lay Tay wrote: [ ... ] Everything worked fine except that I noticed ssh connection takes a very long time. When I use PUTTY or WinSCP on a windows machine to connect to my internal machine, the authentication takes a very long time. WinSCP will alway timeout on the first try, when I hit retry, the authentication goes through. This does not happen if I insert a pass everything rule in ipfw. Sounds a lot like a DNS timeout. I'm not sure your rules for port 53 are doing exactly the right thing; where does DNS traffic go when you do this SSH connection? -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: tcp sendspace
Antoine Jacoutot wrote: I just wanted to know if setting: net.inet.tcp.sendspace=65535 was a bad idea ? Probably not. I'm not sure about all the consequences this could have, if any... Are you trying to solve a problem or tune network performance, or are you just asking what happens if you twiddle this particular knob? :-) There's a formula involving network latency and bandwidth which is relevant; that, plus the amount of traffic (how many connections) determines how much RAM the larger network buffer size could/will take up. You haven't told us what the machine is being used for, either-- network tuning a fileserver talking to clients on the LAN can be quite different than tuning a webserver feeding clients using 56K modems. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spam and virus filter for mailserver
Daniela wrote: [ ... ] What MTA would you recommend (sendmail is too insecure)? The two main choices are probably postfix and qmail. Can I just put the mail in the respective user's home directory with fetchmail, and configure their MUA's to get mail from there? Or do I put it in /var/mail/username? FreeBSD expects new mail to go in /var/mail/$USERNAME. Per se, local delivery is handled by the LDA (ie, procmail, /usr/libexec/mail.local), not by the MTA. Can I run an MTA in a chroot environment with an unprivileged UID? You can run an MTA in a chroot'ed environment. The MTA needs to be started as root, or setuid-root in order to bind to port 25, but can then drop privileges afterwards. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RealTek Nic Chip
Bill Campbell wrote: [ ... ] As a paper weight, yes, as a NIC no. I can't speak to these on FreeBSD, but they have a horrible reputation in the Linux world, and I gave up on them quite a while ago (as I did non-DEC Tulip cards). Agreed. I just had my third (out of three) Asante FastEthernet 10/100 cards with a PNIC-II die, and my primary response is simple relief at the notion of putting an fxp in... :-) -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Message format *again*
Greg 'groggy' Lehey wrote: [ ... ] I don't see anything in the standards that defines this format, so I suppose the answer should be yes. On a more practical basis, I don't know of any UNIX-based MUA which treats this correctly, and none of the messages I looked at it had this attribute. In addition, I can't see how format=flowed can distinguish between computer output (which should be quoted unchanged, possibly with very long lines) and text, which RFC 2822 recommends to be 78 characters or less. It also makes it almost impossible to quote. Netscape/Mozilla is the most common MUA which uses format=flowed. Mozilla certainly meets the UNIX-based MUA requirement, as it is available as a FreeBSD port. This message should be an example of that MIME content-type, and the raw ASCII representation should be fine for 80-column viewing. Quoting email written in format=flowed should also be okay, although not perfect, since Mozilla sometimes has a habit of prepending a space before a quoted line inconsistently, resulting in output like: Original Message Subject: Re: Mask IP:port with Domain Name Date: Fri, 27 Jun 2003 11:46:20 -0400 From: Chuck Swiger [EMAIL PROTECTED] To: John DeStefano [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Message-id: [EMAIL PROTECTED] MIME-version: 1.0 Content-type: text/plain; format=flowed; charset=us-ascii John DeStefano wrote: Chuck Swiger wrote: There's no way to avoid the port number in the URL, then. Consider switching to a provider that lets you host local services... Does that then nullify your previous recommendations? Nope. It just means that you can only get one of the two things you asked for. Can you recommend any such providers? Of dynamic DNS? Yes: www.dyndns.org. By hosting local services, do you mean DNS? No, I meant being able to run Apache on port 80. You said you didn't want to see IP or port number; the former can be solved by dynamic DNS, the latter can't be solved if your ISP blocks port 80. [ ... ] -- Mozilla tries to special-case the reformatting of quoted text to avoid breaking quotation levels, but it displays andthe same-- as a single colored vertical bar so it's not possible for a user to notice the issue during composition. For a detailed review of various test cases, please consult: http://bugzilla.mozilla.org/show_bug.cgi?id=199776 -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NFS server redundancy/failover
Guy Van Sanden wrote: [ ... ] Does anyone know if and how it is possible to set up a redundant NFS server? Yes, although true redundancy for NFS is available only for read-only shares. From man mount_nfs under Solaris: Replicated file systems and failover resource can list multiple read-only file systems to be used to provide data. These file systems should contain equivalent directory structures and identical files. It is also recommended that they be created by a utility such as rdist(1). The file systems may be specified either with a comma-separated list of host:/pathname entries and/or NFS URL entries, or with a comma -separated list of hosts, if all file system names are the same. If multiple file systems are named and the first server in the list is down, failover will use the next alternate server to access files. If the read-only option is not chosen, replication will be disabled. File access will block on the ori- ginal if NFS locks are active for that file. What I want to do is this, I have a primary NFS server that serves home directories and data storage. I also have a second system with a lot of disk-capacity, I could set it up as a 'mirror' using rsync. Now, when the primary NFS goes down, clients should automaticly look for the backup one. If the data is read-write, and you need fileserver redundancy, NFS is not adequate: you should consider AFS/DFS instead, although I've heard rumors that the OpenAFS (Arla?) software is somewhat broken on FreeBSD at this point. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Passwd command slow
Greg Goodman wrote: I have a server running freebsd 4.8. When you type the command passwd it hangs for more than 2 minutes before it finally responds and prompts to change an existing users password. Can anyone shed some light on this issue? That sounds a lot like an NIS timeout. Are you using NIS, or do you have a domainname set? Try running passwd -l and see whether that goes faster... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: tar vs cp
Jamie wrote: [ ... ] I don't know what the actual rationale is for this. Can anyone explain why it is oftentimes better to tar something rather than using cp when copying directories and their contents? tar handles symbolic links properly, whereas cp will copy through the contents of the link. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Email notification
Gabriel Striewe wrote: I would like to send an email notification to an outside email address whenever new mail arrives in a certain mailbox. What is the best procedure to follow here? See man vacation for instructions on how to set up one common autoresponder. Something like procmail will let you do more complicated things... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mail format problems
Siegbert Baude wrote: Greg 'groggy' Lehey wrote: [ ... ] http://www.lemis.com/email/email-format.html. I couldn't find any information on this page about the computer output topic. Is there a better method within Mozilla/Thunderbird than specifying a line length long enough for the computer output and then manually breaking the normal text lines? If you add the computer output lines to the message as a MIME attachment, Mozilla-- or Apple's Mail.app for the other poster-- will refrain from flowing the text the way it does for the lines you type. Doing so may be more effort than it's worth and run into issues like mailing list filters, but otherwise, Mozilla and other mail clients don't seem to distinguish typed input from a block of text pasted in. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: seperating user timezones from system timezones
Mailing Lists Catcher wrote: How to I allow users access to their own timezone without affecting the system processes? All of my systems regardless of location have always been set to UTC so logs and cron are in sync across timezones. Hmm. Unix has understood the notion of 'local time' versus UTC and most programs do the right thing even if you set the timezone for the entire system-- things like ntpd will syncronize via UTC even if TZ was set in their environment. If you want to run syslogd and cron in UTC, I believe you could do so by setting something like this in /etc/rc.conf: cron_program='/usr/bin/env TZ=UTC /usr/sbin/cron' syslogd_program='/usr/bin/env TZ=UTC /usr/sbin/syslogd' Recently I have had need to allow users to set their own timezone in the .cshrc using: sentenv TZ America/Detroit or sentenv TZ America/Denver or whatever applies. Of course, you meant 'setenv' and not 'sentenv'. But what I am finding out is that as long as the user is logged in it sets the environment for the entire system affecting log timestamps as well as cron events. Unless you set TZ in /etc/profile, it should not have a universal effect. Are you sure you didn't kill and restart syslogd as root with TZ configured to a non-UTC timezone? Maybe try setting TZ only if the shell is interactive, by adding the setenv after the line if ($?prompt) then...? -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
install problems
Hi, I'm having problems trying to install freebsd 4.8 on my sony vaio pcv-rx850.Everything is factory except I added a 2gig hard drive..The problem I have is my computer locks up trying to install and never gets to the menu. However if the hard drives are disconnected I can get to the menu but can get no further. Can you help or at least guide me in the right direction ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: install problems
probing for pnp devices on ppbus0 ppbus0: hewlett-packard deskjet 820c scp,vlink plip0: plip network interface on ppbus0 ad0: dma limited to udma33,non-ata66 cable or device ad0: read command timeout tag=0 serv=0 -resetting ata0: resetting devices.. this is where it locks up! - Original Message - From: Lowell Gilbert To: chuck miller Cc: [EMAIL PROTECTED] Sent: Saturday, October 18, 2003 12:24 PM Subject: Re: install problems chuck miller [EMAIL PROTECTED] writes: Hi, I'm having problems trying to install freebsd 4.8 on my sony vaio pcv-rx850.Everything is factory except I added a 2gig hard drive..The problem I have is my computer locks up trying to install and never gets to the menu. However if the hard drives are disconnected I can get to the menu but can get no further. Can you help or at least guide me in the right direction What is the last message before it locks up? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5.2 + ipfw2 + keep-state rules Bug
fbsd_user wrote: Using an fresh install of FBSD 5.2 RC2 I am trying to get stateful rules to function. For some reason ipfw2 seems to be issuing an ICMP:3.3 packet to my ISP's dns. [ ... ] # Internal gateway housekeeping $cmd 00100 allow all from any to any via lo0 # allow all localhost $cmd 00105 allow all from any to any via xl0 # allow all local Lan $cmd 00110 check-state log logamount 500 $cmd 00150 divert natd all from any to any $cmd 00170 count log logamount 500 all from any to any $cmd 00310 allow log logamount 500 tcp from any to any 53 out via rl0 setup keep-state $cmd 00311 allow log logamount 500 udp from any to any 53 out via rl0 keep-state $cmd 00315 allow log logamount 500 tcp from any to any 80 out via rl0 setup keep-state $cmd 00350 allow log logamount 500 icmp from any to any out via rl0 keep-state $cmd 00500 deny log logamount 500 all from any to any Something like the following would be better in terms of DNS and not blocking essential types of ICMP traffic: allow tcp from any to any 53 out via rl0 setup keep-state allow udp from any to any 53 allow icmp from any to any icmptypes 0,3,4,8,11,12 This allows bidirectional UDP-based DNS queries, but only outbound long (TCP-based) DNS queries like zone-transfers. YMMV, and it may not solve your problem-- it looked like your queries were coming from an internal host (10.0.10.5) using NAT? Are you sure that natd is okay? Maybe put the divert statement before the check-state rule? -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: usernames with uppercase
Spades wrote: I tried to add a username ie. Bryan, but FreeBSD doesn't allow me to do so. It gives me illegal username error. Any idea how to go about adding usernames like 'Bryan-admin' etc. You can create such users by directly editting the passwd database via 'vipw' rather than by running 'adduser'. Note that the restriction exists for a good reason (arguably), however-- expect mail delivery to break to that username, for example... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: i found something ugly about freeBSD
[EMAIL PROTECTED] wrote: Am probably wrong i hope but mysqld creates a file call /tmp/mysql.sock but this file got to be 777??? ...i loging with a other useran call a rm /ytmp/mysql.sock and mysql stop working ...O_o ..but then i did this ... Your mysql configuration isn't very secure. (Or: grunt affirmative your setting bad, if that's easier.) Try setting a umask of 022 for the owner of your mysql process, or else adjust mysql's configuration. You'll probably get more help from a mysql website or mailing list. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: where am I supposed to put my rc.firewall?
Eric F Crist wrote: I'm trying to add IPFW support. Where do I put my rc.firewall so that it gets read at boot time? I've tried /usr/local/etc/rc.d and /etc but neither seems to get read. Specify the location of your firewall script in /etc/rc.conf like so: firewall_enable='YES' firewall_type='/etc/ERICS_firewall' firewall_flags='-p /usr/bin/cpp' [ You might choose to use some other preprocessor... ] -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: where am I supposed to put my rc.firewall?
Peder Blom wrote: [ ... ] Add this to your rc.conf: (instead of firewall_type=...): firewall_script=/etc/grog.firewall See /etc/defaults/rc.conf ! While I won't speak against looking at /etc/defaults/rc.conf, setting firewall_type works fine; see the end of /etc/rc.firewall: *) if [ -r ${firewall_type} ]; then ${fwcmd} ${firewall_flags} ${firewall_type} fi ;; -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: where am I supposed to put my rc.firewall?
Peder Blom wrote: I've never done it this way, but in this case I assume that you just define the rules in '/etc/ERICS_firewall', thus: -- add 100 pass all from any to any via lo0 add 200 deny all from any to 127.0.0.0/8 add 300 deny ip from 127.0.0.0/8 to any add 600 allow all from any to any -- Using your suggestions for rc.conf, of course. Is this correct? Exactly. And then you add a preprocessor like cpp, and you can define: # set these to your inside interface network and netmask and ip #define IIF fxp0 #define INET 10.1.1.0/24 #define IIP 10.1.1.1 [ ...OIF info snipped... ] # port number ranges #define LOPORTS 1-1023 #define HIPORTS 1024-65535 # basic stuff add 100 pass all from any to any via lo0 add deny all from any to 127.0.0.0/8 add deny ip from 127.0.0.0/8 to any add deny all from INET to any in via OIF add deny all from ONET to any in via IIF ...and go from there. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: where am I supposed to put my rc.firewall?
Jack L. Stone wrote: At 02:04 PM 1.31.2004 -0500, Chuck Swiger wrote: # set these to your inside interface network and netmask and ip #define IIF fxp0 #define INET 10.1.1.0/24 #define IIP 10.1.1.1 [ ...OIF info snipped... ] # port number ranges #define LOPORTS 1-1023 #define HIPORTS 1024-65535 A simple example would be: # dynamic rules add check-state # permit some services inbound... add pass tcp from any HIPORTS to INET 22,80,143,443,993,3128 setup keep-state # ...but block most other services (ie, ones with root privs) add deny tcp from any to INET LOPORTS For a more complicated example, where PI is a mailserver which performs virus scanning and spamfiltering, PONG is an internal reader box: INET --- [FW1] --DMZ + Mailserver PI-- [FW2] --Internal subnet + PONG # on FW1: add pass tcp from PI HIPORTS to any 25 add pass tcp from any 25 to PI HIPORTS established add pass tcp from any HIPORTS to PI 25 add pass tcp from PI 25 to OIP HIPORTS established add unreach filter-prohib log tcp from any to INET 25 # on FW2: # permit SMTP exchange between pi and pong/fw add pass tcp from PI HIPORTS to PONG 25 add pass tcp from PONG 25 to PI HIPORTS established add pass tcp from PONG HIPORTS to PI 25 add pass tcp from PI 25 to PONG HIPORTS established [ ... ] # track SMTP from inside to outside and block SMTP from outside add pass log logamount 20 tcp from INET HIPORTS to any 25 setup add pass tcp from INET HIPORTS to any 25 established add pass tcp from any 25 to INET HIPORTS established -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help to configure FreeBSD as server
[EMAIL PROTECTED] wrote: Why? I can't understand. I try to solve this problem 5 days, but nothing helps me. When I entered DNS suffix: office.net - OK. But in my office that works without DNS-suffix. Consider the search parameter in /etc/resolv.conf. If you are using DHCP, your office network and your home network probably supply a different DNS suffix. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mail Delivery within Local Domain Takes Hours
Maxine Simpson wrote: [ ... ] 3. Mail between users in our local domain ([EMAIL PROTECTED] to [EMAIL PROTECTED]) takes ~4 hours to be delivered. (???) Any thoughts on what might be causing this? Several, although you should look at /var/log/maillog and see what's really going on. :-) The four-hour interval is sendmail's normal retry after a failed delivery attempt timeout, only the initial delivery attempt shouldn't fail when the mail is local. If you're running a recent sendmail, make sure you've got both the MTA (as root) and the client MSP queue running (as smmsp). Perhaps try: echo '3,0 [EMAIL PROTECTED]' | sendmail -bt ...that should end with something like: parsereturns: $# local $: user1 -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: switching to an internal DSL modem -- natd, ipfw
On Thu, Feb 05, 2004 at 08:39:40PM -0500, Mikhail Teterin wrote: [Now CC-ing Chuck Cranor -- the en's author] = = http://store.yahoo.com/softbuyweb/inpcidslmod3.html = The en(4) manual page and the description of this product (on the = page above) as one based on Efficient Network's chip. Can there be = anything else? =I'd be dubious.. the en driver was for an old expensive ATM card from ='95 or so.. even though the ad says it supports PPPoE among other =things, I'd be pretty surprised if we could talk to it.. Julian is right, the en driver is for the midway family of chips. this one could be for the lanai family of chips. you might try looking around for that. (e.g. i did a web search and found http://home.worldonline.dk/stok/lanai.html ). chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: AMD vs Intel ...
Marc Wiz wrote: On Mon, Feb 09, 2004 at 01:53:38PM -0500, Charles Swiger wrote: OK. The price difference for AMD vs. Intel is pretty significant, but be aware that you'll also pay a significant premium for dual-proc hardware versus single-proc machines: compare an AMD 2400MP versus the 2400XP price, or the 2.4GHz Xeon P4 vs. a Northwood P4, and then factor in the additional costs for a MP-capable motherboard. Try about $159 for a dual processor motherboard from Tyan. I just bought a S2466 for about that much brand new. You can get a decent single-proc AMD motherboard for about $55 (Shuttle AK39N w/ VIA KT400 + VT8235, onboard LAN and audio), which is one third the cost of your dual-proc MB, although obviously one can spend more on either type. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]