Re: lspci on freebsd
Galdes, Andrew (ERHS) wrote: Hello all, I'm new to BSD. In linux i could run "#lspci" to see a list of the attached hardware. How can i do the same in FreeBSD 5? scanpci is part of Xorg and XFree86 both, I think. It'll give you the info you're after. Thanks, -Andrew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: dangerous situation with shutdown process
[ ...crossposting trimmed... ] Sergey N. Voronkov wrote: On Thu, Jul 14, 2005 at 04:17:06PM -0400, asym wrote: [ ... ] The funny thing about all the replies here.. is that this guy is not saying that sync doesn't work. He's saying that the timeout built into shutdown causes it to *terminate* the sync forcibly before it's done, and then reboot. Good observations. All finger pointing about IDE, SCSI, softupdates, and journals aside.. I think all he wants/needs is a way to increase that timer. Sort of. If you queue up a huge I/O operation which takes several minutes to complete, and then also insist upon shutting the machine down before the operation completes, well, one of them is going to have to preempt the other. Extending the shutdown indefinitely is not a reasonable option if the two-minute shutdown warning is coming from a UPS which is about to run out of battery, and the end result of killing a process that won't politely die when SIGTERM'ed to end up with clean filesystems is a better choice. If you can't increase shutdown timeout, decrease softupdates timers. # tail -3 /etc/sysctl.conf kern.metadelay=14 kern.dirdelay=15 kern.filedelay=17 That was my solution for shutdown wait timeout. This may help, too, but it may not always be enough. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: better disk reliability on a desktop machine
Nick Barnes wrote: [ ... ] I don't want to have to do all that ever again, after this iteration. You've had a learning experience, I see. :-) So I'm thinking I probably want to move to a RAID mirror filesystem, and keep some sort of quality backups offsite. 1. RAID mirror filesystem questions: 1a: should this be vinum? I have read and can follow the handbook instructions for a vinum root filesystem. You should use a "real" (not software-driven) hardware RAID solution, say from 3ware or Promise for (parallel) ATA or SATA, or maybe Adaptec or LSI's SCSI-based RAID hardware if you want to get fancy and are willing to spend the extra bucks. Note that a good RAID controller comes with a small internal battery backup which it's cache and the drives are powered off of. 1b: Will it help to upgrade to 5.x, to get this to go smoothly? Upgrading to 5.x is a seperate matter, but if you are rebuilding the box, it's a reasonable idea. 5.4 is only a bit different from 4.11 in terms of visible changes which might affect how you use it, but there are a lot of improvements underneath in terms of ACPI and USB support, as well as obviously better SMP (which is less likely to matter for a uniprocessor desktop). 2. taking backups offsite. Seems to me that the best route is a number of external firewire hard disks. This machine doesn't have motherboard firewire, so I'll need to get a PCI firewire board. 2a: Recommendations for an affordable PCI firewire board? The VIA 6202 (I almost said 6502, but that was another era :-) works good, as does the firewire interface found on sound cards from a common vendor. Limited testing suggests that they all have very similiar performance and CPU overhead. 2b: Should I upgrade to 5.x for the better firewire hardware support? The firewire support in 4.x seems to be very good, actually, and I think speaks highly of the people who wrote it. 3c: Opinions on using firewire hard disks for this at all? Would I be better off writing DVDs? Hard drives provide near-online backup, but only a single full iteration. You can do incrementals to DVD or CD-RW or tape, and keep many iterations handy, which is far more reliable. 3. making backups. 3a: I'm used to dump/restore, but it seems to me that rsync might be a better tool for this, as it would allow me to mount and browse the backup. Opinions? This is good if you set up an entire system as a backup, although you could dual-purpose that box and have it act as a fileserver, proxy server, who knows, as well. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
IPFW+natd & Cisco VPN tunnelling....
Hi, all-- I'm working on a new firewall running FreeBSD-5.4, IPFW, and natd for a small client network of about 50 boxes, using a single routable IP via a T1 link. They want to set up a Cisco 87x router as a VPN endpoint, my part is to set up forwarding of the VPN traffic via the firewall to this cisco. The firewall box is a Dell 2850 with dual Intel em NICs. Since I'm waiting for someone else to get that box up, I decided to check here whether my config is sane. I'm using a normal divert rule to forward traffic to natd, which is working fine, and have this as /etc/natd.conf: # NATD configuration options dynamic yes interface em1 #log yes log_denied yes use_sockets yes same_ports yes unregistered_only yes redirect_port tcp 192.168.1.2:www www redirect_proto gre ciscovpn redirect_port udp ciscovpn:500 500 redirect_port tcp ciscovpn:1 1 redirect_port tcp ciscovpn:pptp pptp ...where ciscovpn is obviously the hostname for the Cisco 870 box. Is there any way to convince natd to re-read the natd.conf file short of killing and restarting the daemon entirely? The manpage didn't say so, and "kill -HUP" terminates the process. -- -Chuck PS: It seems unfortunate that not including a natd_interface statement in rc.conf causes /etc/rc.firewall to not include a divert rule, but that can be corrected by using your own rules in a file and setting firewall_type. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: better disk reliability on a desktop machine
Chad Leigh -- Shire.Net LLC wrote: On Jul 15, 2005, at 11:01 AM, Chuck Swiger wrote: [ ... ] Hard drives provide near-online backup, but only a single full iteration. You can do incrementals to DVD or CD-RW or tape, and keep many iterations handy, which is far more reliable. If you use dump/restore you can do iterative backups to a spare HD as well... Sure. But a single spare HD is a single point of failure. Having one tape per week or per month going back 10 or 100 tapes gives much more redundancy -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: better disk reliability on a desktop machine
Chad Leigh -- Shire.Net LLC wrote: On Jul 15, 2005, at 1:15 PM, Chuck Swiger wrote: [ ... ] Sure. But a single spare HD is a single point of failure. Having one tape per week or per month going back 10 or 100 tapes gives much more redundancy Better yet -- using dump, backup to HD and then copy that dump file to tape or CD/DVD or another HD... I use 2 HDs and alternate which one I dump to each week. Agreed. Having an online backup location which then gets dumped to tape or some second place is excellent, since it makes restoring via rsync or whatever very easy. As someone else suggested, you can also stick things like config files into version control (like CVS, subversion, etc), and then back that up via the mechanism above. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: better disk reliability on a desktop machine
Stephen Hilton wrote: Chuck Swiger wrote: [ ... ] Sure. But a single spare HD is a single point of failure. Having one tape per week or per month going back 10 or 100 tapes gives much more redundancy But were the tapes all generated by the same tape-drive? if so it is once again a potential single point of failure. The created tapes may not be readable by any other drive due to mis-alignment etc... if that tape drive fails, the data on the tapes is lost also. It is true that tape alignment problems can make tapes unreadable, but the frequency of that sort of problem varies a lot by format: helical scan tapes such as DAT tend to have a lot more problems then linear formats like DLT or LTO/Ultrium. It is also a lot more likely that a data recovery company can make something out of a backup tape written by a misaligned drive than what you usually get from a blown hard drive. People design tapes, tape drives, and the on-media data format against the common sources of tape read errors, in part by using ECC prudently (again, the quality here can vary by format, and by the backup software being used). -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: RAID Level 55
Nikolas Britton wrote: I was reading on wikipedia about RAIDs trying to pass the time and I was thinking why not have RAID 5+5 or 5+5+5 levels, sure you waste 2/3th's of your space but wouldn't this be a killer setup for a directory server where fast reads are of the utmost importance? Actually, no. RAID-5 prioritizes cost and reliability at the expense of performance. RAID-5 does adequate for read-mostly volumes with big files, and does worst with lots of writes to small files. RAID-5,0 or -1,0 would be a much better choice. Would you add up the transfer rates for each drive to get the total transfer rate of the array?, if true you could easily saturate a 10 gigabit ethernet connection with a 555 array of IDE or SATA drives. Nope. Most machines are limited by their PCI bus and chipset to less than 1Gb/s of backplace bandwidth, although the higher-end boxes with multiple PCI busses or PCIe will do better. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Real IP under NAT
DerAlSem wrote: [ ... ] I've 5 external (real) IP, one is assigned on external if. Also there are 20 internal computers with 192.168.0.* ip's (NAT+IPFW). I need to assign one of that computer an external ip. Somebody told me, that it can be done with ARP-proxy, but i couldn't find any info on that. 10x in advance. See "man natd": -redirect_address localIP publicIP Redirect traffic for public IP address to a machine on the local network. This function is known as static NAT. Nor- mally static NAT is useful if your ISP has allocated a small block of IP addresses to you, but it can even be used in the case of single address: redirect_address 10.0.0.8 0.0.0.0 The above command would redirect all incoming traffic to machine 10.0.0.8. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Real IP under NAT
DerAlSem wrote: Hello Chuck, [ ... ] No, that won't work, because i need an external IP on LAN machine. Ext IP adresses - 1.2.3.1-1.2.3.5 Gate ext_if - 1.2.3.1 Gate int_if - 192.168.0.1 LAN (via NAT) machines - 192.168.0.2-20 Another LAN (via NAT) machine - 1.2.3.2 How? natd doesn't care whether you use routable or non-routable IPs; you can NAT an external IP, too, if you really want to. But if you simply want to set up a small DMZ where the hosts are not doing NAT but just using routable IP's, that's trivial: set gateway_enable in /etc/rc.conf, and away you go. In this case, you'd want three interfaces on the box, a WAN, a LAN, and a DMZ, preferably all on distinct subnets. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: `Content-Transfer-Encoding' & SendMail
Gerard Seibert wrote: [ ...relaying email via your ISP... ] Content-Transfer-Encoding: quoted-printable I do not want to use that encoding specifically at all times. Even when set within my mail program for something else, such as 8-bit, it is still converted to the above format. What can I do to prevent this from happening? Nothing, really. Any MTA along the delivery path is allowed to change the encoding to quoted-printable, and many MTA's will do so even if the other side advertizes the 8BITMIME ESMTP extension. You can avoid seeing that header if you send mail that does not contain non-printable characters, or if the receiving MTA converts the mail back to an 8-bit format. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: /etc/exports - a strange restriction
Sergey Matveychuk wrote: Norbert Koch wrote: /usr/tinderbox -ro -alldirs -maproot=0:0 localhost As far as I know, it is a restriction of the nfs specification. If you only want to export a single directory, you could e.g. use mount_null/mount_nullfs(8). Well, in my example remote host is localhost. But if I need to share files on a network? I've made a quick look at RFC1813 but could not find this restriction. But why this restriction anyway for? It's very unconvenient. NFS exports filesystems, not directory trees. NFS permits you to mount a subdirectory of an export/share, but you cannot mount two child directories of a share if those directories are ancestors of one another. It's easier to mount the root of an export/share, and then use symlinks on the local drive to reference the portion of the hierarchy that you want to use. Rely on filesystem permissions to control access, assuming you trust root on the client machine. (If you don't trust root on the client machine, then you probably shouldn't be using NFS at all.) See "Managing NFS and NIS" published by O'Reilley, or maybe even this by me: http://www.pkix.net/~chuck/doc/NFS/article.html :-) -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Where is bsdnews.com?
Andras Kende wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Odhiambo Washington Sent: Thursday, July 21, 2005 6:23 AM To: freebsd-questions@freebsd.org Subject: Where is bsdnews.com? Hi, I am trying to access bsdnews.com for this document: http://www.bsdnews.org/02/dummynet.php I was able to access the site, but it told me it didn't have permission to access the document. Sorry. But the site is down. I want to refer to it for a project I am working on, to configure OS X firewall with traffic shaping. I have read the man pages anyway but I want to see an example to be comfortable. -Wash http://www.netmeister.org/news/learn2quote.html -- +==+ |\ _,,,---,,_ | Odhiambo Washington<[EMAIL PROTECTED]> Zzz /,`.-'`'-. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +==+ She liked him; he was a man of many qualities, even if most of them were bad. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" You could access it from here: http://web.archive.org/web/20041010152755/http://www.bsdnews.org/02/dummynet .php Best regards, Andras Kende http://www.kende.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfw and tun0
Dirk GOUDERS wrote: I just started to use an ADSL line with PPPoE and want run a firewall between it and my local network. What I am wondering about is that even if I only have the default everything-blocking rule (deny ip from any to any) I still see incoming packets on tun0 with tcpdump. If you are using PPPoE, the system de-encapsulates the IP traffic off of the PPP session via the tun0 interface. tun0 can be treated as your "external interface" when writing firewall rules, setting up NAT, etc. [ ... ] Another example is that I saw several SYN packets directed to unprivileged ports that got answered with a RST packet by my machine. When I block those SYN packets, I still see them on tun0 but the RST responses disappear. Also, ipfw's counters show that it recognizes those packets... Right. This implies that the firewall rules are working. If you want to see what the situation looks like to a client machine behind the firewall, either tcpdump on a client machine, or tcpdump on the internal interface of the firewall box... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: join my freebsd box to windows domain?
perikillo wrote: I want to run freebsd 5.4 and join this machine to my windows 2k3 domain, i just want to browse with my freebsd machine the others windows clients and windows clients browse my box, i just want to be another machine on the domain, they are running Windows XP and others 2k. Fine. Samba can authenticate against an existing Windows domain. This is my first time i am going to try this, i want to know if is posible and wich software i need or where i can find some information about, i search with google, but all the examples talk about making freebsd domain member or PDC, is the only way...? No. But it's very common to make a Unix box a PDC using Samba. Them if is posible, i will need samba software? Any information or link are welcome. www.samba.org? NOTE: i want to setup this machine and be my backup server on my Redmond domain, this is way im investigate about this, i think that if i want to make one Unix system to be my backup system for window domain system i need to be another client on that domain, im right or wrong??? You cannot have a Samba box act as a BDC for a Windows PDC, but you can join a domain as a client, and you can read and backup files on network shares if you like. However, most people would rather use a Unix/FreeBSD system as a fileserver rather than some Windows box. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Can't Mount Root
Ima Camper wrote: [ ... ] da0 is my boot disk and contains /. However when I configured the disk using sysinstall during installation, I set it up as "dangerously dedicated". Now I wonder if my problem is that I should have used "bsdlabel -B /dev/da0" instead of "da0s1a" when attempting to install boot blocks? I suspect your device name ought to be /dev/da0a. If you are at the boot prompt, what happens if you enter a "?"...? Anyway, if you tell it the right place, and your fstab is OK, you ought to boot into the system as normal, from which point you can re-run bsdlabel with the right device name. Otherwise, boot off of an install CD, and run the command from a shell. You can also begin a custom install and exit after wrws; g just a new boot block via sysinstall, too. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfw and tun0
Dirk GOUDERS wrote: [ ... ] If you are using PPPoE, the system de-encapsulates the IP traffic off of the PPP session via the tun0 interface. tun0 can be treated as your "external interface" when writing firewall rules, setting up NAT, etc. Well, I am a little bit confused, because usually, I run machines with "real" NICs and if I activate firewall rules that drop packets from that NIC, I can run tcpdump on that NIC and will not see the dropped packets. Are you 100% certain of that? What you've described does not match how tcpdump on a BSD system works here: nfw1# ipfw add 10 deny ip from any to any 321 00010 deny ip from any to any dst-port 321 nfw1# tcpdump -nt -i fxp0 port 321 tcpdump: listening on fxp0 68.161.54.113.2145 > 199.103.21.225.321: S 610825795:610825795(0) win 57344 (DF) 68.161.54.113.2145 > 199.103.21.225.321: S 610825795:610825795(0) win 57344 (DF) ^C 44 packets received by filter 0 packets dropped by kernel tcpdump sees the incoming SYN packets just fine, even if IPFW denies them in the very first rule. This is the naive view, I have about this: NIC device (e.g. xl0) - packets -> packets ->... packets -> packets -> - ^^ || Here, ipfw checks Here, tcpdump listens the packets against and doesn't see dropped its rules and probably packets drops packets There's a diagram in the IPFW manpage that has a better description of the packet flow. tcpdump runs sooner than you've shown, and traffic through most interfaces is bidirectional. Right. This implies that the firewall rules are working. If you want to see what the situation looks like to a client machine behind the firewall, either tcpdump on a client machine, or tcpdump on the internal interface of the firewall box... Does that mean, that there is no way, to inspect the network traffic from tun0 after it has been "cleaned up" by ipfw and that is not forwarded to the internal NIC? You can either add a log rule after your IPFW reject rules, and have the firewall itself log the traffic which is permitted through, or you could use another divert rule and force that traffic into a daemon which looks at the packets (this is how natd works, after all). -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: change mediaopt of NIC to full-duplex
Vinicius Pavanelli Vianna wrote: The nic returns to half duplex with those bright kernel messages? i got this when there was some kind of arp conflict on the ip, and from cables, somehow my isp cisco switch defaults to half duplex all the time, so when disconnect and connect the cable it returns to half =/ Have your ISP update their Cisco switches' firmware, and recheck whether ethernet autonegotiate works then. If it doesn't, both sides will have to manually set full duplex... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD is Very slow to load some sites
Galdes, Andrew (ERHS) wrote: The website is www.anz.com.au. I suspect the security of the site is the problem but cannot be sure. Another thread on this list "[kde-freebsd] Konqueror very slow displaying some sites" puts it down to DNS. Any ideas? DNS response time is fine. However, it takes over 60 seconds for the site to answer a remote query via telnet, so I assume that the server is either overloaded or has been hacked. Apparently it's running IIS-4.0 on WinNT, so the safe money is on the latter... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Squid. No not Squidward. and FreeBSD
Derrick MacPherson wrote: Is there a document about setting up squid, optimization suggestions etc available somewhere? I've started looking and not come back with much that's new. Squid has reams of documentation available at www.squid-cache.org...? -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Can someone clarify ipfw's in/out/recv/xmit/via concepts?
Gary W. Swearingen wrote: [ ... ] The manpage says we have incoming and outgoing packets. In and out of what? Into and out of the system. NIC or kernel or ipfw or computer? Yes, all of those. The manpage describes: recv | xmit | via {ifX | if* | ipno | any} Is my "de0" an "ifX" or an "if*"? ("exact name" or "device name") "de0" is an "ifX". What would be an example of the other? "de*"? Does "ipno" mean an numerical Internet address? (It's not mentioned elsewhere in the manpage.) I think so. Does each of my NICs have both of the manpage's xmit and recv interfaces, or is one an xmit and one a recv for any one packet rule? Each of your NICs is logically a full-duplex device, which can both xmit and recv. If an incoming packet can be associated with an xmit interface, why can't an outgoing packet be associated with a recv interface? A packet which was created on the machine does not have an interface which it was received on. Packets which are being forwarded from other machines would have a recv interface. It seems that some people do their blocking of packets going from LAN to WAN "on" (so to speak) the LAN interface, some on the WAN interface, and some on both. It doesn't seem to make much difference on a pure firewall, except for rule-writing convenience. Right? That depends entirely upon the rules, it's not useful to make a generalization like that without a more specific context. Normally, people should use the "xmit via ifX" syntax for pipe/queue rules to avoid counting traffic twice as the packets pass through, but they can also be used to ensure that, say, traffic to 127.0.0.1 only goes through lo0, and not through some external connection by someone trying to source-route in as localhost. I suppose it would be best to put blocks everywhere possible or at least "where" the packets enter the computer. Right? If you are creating a firewall, you need to create a network topology which permits you to control network access, which means restricting traffic which flows over well-defined choke points (ie, your external internet links). -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: certance DAT
[ ...crossposting trimmed... ] .VWV. wrote: I would like to know, if the following product can be used, in order to make tape dumps or tape tars with the FreeBSD 4.x. http://www.certance.com/products/dds-dat/dat72/CD72LWH-SS Most probably. I've a Dell 2850 using a very similiar Seagate DAT72 tape drive, which dmesg claims as: sa0 at amr0 bus 1 target 6 lun 0 sa0: Removable Sequential Access SCSI-3 device ...and this works just fine with dump & tar via /dev/nsa0. I'd be happier if it was a DLT or LTO/Ultrium tape system, though. Note that I'm only getting about 2.5-3 MB/s effective transfer rates to it via: DUMPARGS="-0acLu -b 64 -C 24 -f /dev/nsa0" ...so it's not exactly super-zippy, either. Hmm, is it just me, or are the following numbers significantly low for a RAID-1 of two 10K RPM U320 SCSI disks...? /dev/amrd1 512 # sectorsize 73274490880 # mediasize in bytes (68G) 143114240 # mediasize in sectors 8908# Cylinders according to firmware. 255 # Heads according to firmware. 63 # Sectors according to firmware. Seek times: Full stroke: 250 iter in 1.824059 sec =7.296 msec Half stroke: 250 iter in 1.805398 sec =7.222 msec Quarter stroke: 500 iter in 4.254147 sec =8.508 msec Short forward:400 iter in 2.821081 sec =7.053 msec Short backward: 400 iter in 2.860203 sec =7.151 msec Seq outer: 2048 iter in 8.821875 sec =4.308 msec Seq inner: 2048 iter in 9.006505 sec =4.398 msec Transfer rates: outside: 102400 kbytes in 9.242111 sec =11080 kbytes/sec middle:102400 kbytes in 9.230325 sec =11094 kbytes/sec inside:102400 kbytes in 10.779231 sec = 9500 kbytes/sec [ This is running RELENG_5_4... ] -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: I got my vsftpd core dumped.
Deslay wrote: Hello guys, i always got my vsftpd core dumped and i have no idea why is that happening all the time... There 's some informations below. [ ...multiple sig11's deleted... ] Most probably a hardware problem like inadequate cooling or bad memory. Run memtest.org's checker or the memtest port overnight, and check whether your fans are working and adequate. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Need a good Unix script that..
Michael Sharp wrote: I need a simple sh script that will daily (via cron) crawl a website looking for multiple keywords, then reporting those keyword results and URL to an email address. Anyone know of a pre-written script that does this, or point me in the right direction in using the FreeBSD core commands that can accomplish this? If you feed the webserver's access log into various programs like analog, these will report on the keywords people used to search for when linking into the site. (This is not quite what you asked for, but I mention it because the suggestion might be closer to what you want to see... :-) Anyway, if you do not own the site & have access to the logfiles, you ought to honor things like /robots.txt and the site's policies with regard to copyright and datamining, but you could easily use lynx, curl, or anything similiar which supports a recursive/web-spider download capability, and then grep for keywords, do histograms, whatever on the content you DL. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Growisofs seg faults with DVD-RAM. Anybody else seen this?
Greg 'groggy' Lehey wrote: On Friday, 29 July 2005 at 22:50:13 -0700, Carl Delsey wrote: I was trying to use growisofs to write to a DVD-RAM and it kept seg faulting. It worked fine with a DVD-R. I tracked the problem down to place in the code where growisofs tries to perform an operation on a file handle it has already closed. I've implemented a workaround already. The problem is, that by my reckoning, this should affect anybody who is trying to use a DVD-RAM (not DVD+RW) with FreeBSD, but I haven't found any references to the problem on the net. My guess is that DVD-RAM isn't popular enough, and that people who have had problems with it haven't had the understanding to track the bug down. dvd+rw-tools doesn't support -RAM as well as other formats, in part because the {+,-}R(W) formats are much more common, in part because there are some pretty serious quirks in the older drives, but improvements would be welcome. I'm wondering if anybody else has seen this problem, and if you've found some other workaround for it? Or alternatively, you still have the problem and my patch would be useful to you. :-) Is this a workaround or a fix? The latter is obviously preferable. Also, does this only affect FreeBSD, or is it general? In the former case, contact the maintainer (mail address in the Makefile); in the latter, contact the project. I'd be happy to review or test them first if you'd like, but any changes of this sort really ought to go upstream to Andy Polyakov <[EMAIL PROTECTED]> or to the cdwrite mailing list at . -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: dmz server setup - opinions
Jeff wrote: I realize this may be partial religion and then potentially bias due to the list but here goes anyway. There is nothing wrong with bias, per se, if you are aware that it exists. :-) I need to build a DMZ server, of sorts, that will sit on the public internet. It will take in data from embeded devices and in turn services from behind a firewall will pull data from it to later process. The main processes that i need to run are ftpd,httpd, possibly smtpd(sasl2,tls), and later proprietary code that talks to the embeded devices. A "DMZ server" implies you are setting up a "screened public subnet" along with a backend LAN subnet. If you are setting up a firewall with three interfaces, OK, but you should avoid running any services on that box except for IPFW/dummynet/PF/ALTQ/whatever. If you are setting up a box that has two interfaces, one with a public IP and one doing NAT to a private LAN subnet, that is still a firewall, but you don't have a DMZ. If need be, you can run proxy services on that box, but it still would be better from the standpoint of security to run them on an internal box via NAT forwarding of whatever ports are needed. Originally i was thinking of using OpenBSD, as it seems to lend itself very nicely to the public but secure environment. On the other hand, if i were to use FreeBSD, i could jail each process, granted i could also chroot each process in OpenBSD and httpd is already done for me. I will be running a firewall on the box either way and will also have sshd and rsyncd running, only allowing access from the internal network. OK. I have move expierence with freebsd, but my limited knowlegdge based on an install and configuration of openbsd3.7 has made me comfortable with it as well. Any opinions on which OS is better suited for the task? Security and reliablity are the foremost concers( aren't they everyones ) and i think both OS are more then up to the task. Both OSes are up to the task. If you are going to just set up a firewall, using OpenBSD would be an easy choice. However, it sounds like you plan to install at least your custom software, a web server, and several other 3rd-party pieces: FreeBSD ports makes doing that and keeping it up-to-date securely very easy via portaudit & portupgrade. Many people seem to value things like "cost" and "performance", or even "convenience", more highly then they value "security" or "reliability". Don't take this for a suggestion to change what you are doing, however. :-) -- -Chuck PS: What is your security policy? If this doesn't have a clear answer to you, start with identifying what it is you are trying to protect, and what it is that you are trying to protect whatever-that-is against. Then read: http://www.ietf.org/rfc/rfc2196.txt ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: DVD burning..
Jeff Mitchell wrote: [ ... ] Installed the dvd tools to get growisofs since this seemed like the main alternative to cdrecord. (burncd didn't seem to like to burn DVDs, though I forget exactly its output.) growisofs seems to almost work, but breaks and is slow: growisofs -dvd-compat -speed=4 -Z /dev/cd0=buckdvd.iso That results in.. Executing 'builtin_dd if=buckdvd.iso of=/dev/pass0 obs=32k seek=0' /dev/pass0: "Current Write Speed" is 4.1x1385KBps. 1867776/2937458688 ( 0.1%) @0.4x, remaining 104:46 [ ... ] 16547840/2937458688 ( 0.6%) @0.0x, remaining 455:59 :-[ [EMAIL PROTECTED] failed with SK=6h/ASC=29h/ACQ=00h]: Input/output error builtin_dd: 8080*2KB out @ average 0.1x1385KBps :-( write failed: Input/output error /dev/pass0: flushing cache :-[ FLUSH CACHE failed with SK=2h/ASC=04h/ACQ=01h]: Resource temporarily unavailable :-[ SYNCHRONOUS FLUSH CACHE failed with SK=2h/ASC=04h/ACQ=01h]: Resource temporarily unavailable So it would seem to take hours to burn a DVD, and tanks after a few moments anyway. Is "sysctl hw.ata.atapi_dma" set to 1? It looks like your system isn't able to send enough data to the burner to run at 4x, perhaps try burning at 1x speed and see whether that is more reliable. (Often that works better with low-quality DVD-R media, anyway...) You might want to double check your ATA connections, is the burner on its own channel as the primary master, by preference...? -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Custom Sendmail through /etc/make.conf
Dan Mahoney, System Admin wrote: Hey all... I'm building a new box and thinking I'd like to stick with the "base" sendmail instead of building my own as I've traditionally been doing. Here is my devtools/Site/site.config.m4 file APPENDDEF(`confENVDEF', `-DSASL -DNETINET6') APPENDDEF(`confLIBDIRS', `-L/usr/local/lib') APPENDDEF(`confINCDIRS', `-I/usr/local/include') APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER -DSTARTTLS') APPENDDEF(`conf_libmilter_ENVDEF', `-D_FFR_MILTER_ROOT_UNSAFE ') APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto -lsasl') Fairly simple, turns on SASL, SSL, Milters, and inet6 What would I put in the /etc/make.conf, which expects things like: Something like: #SENDMAIL_CFLAGS+= -DMILTER -DSTARTTLS -DHASURANDOMDEV #SENDMAIL_CFLAGS+= -I/usr/local/ssl/include -I/usr/local/include #SENDMAIL_CFLAGS+= -DSASL=2 #SENDMAIL_LDFLAGS+= -L/usr/local/ssl/lib #SENDMAIL_LDADD=-lssl -lcrypto -lsasl -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: growisofs: no mkisofs options are permitted with =, aborting
Carl Delsey wrote: On Tue, Aug 02, 2005 at 09:50:03AM +0930, Greg 'groggy' Lehey wrote: [ ... ] growisofs -Z /dev/cd0=image.iso The version of growisofs that I use doesn't have a -Z option. From a system that does: -Z /dev/dvd Burn an initial session to the selected device. A special form of this option is recognized to support burning of pre-mastered images. See EXAMPLES section for further details. Is this your intention? If so, it seems that you're not sticking to the syntax. It's valid syntax ... just not documented in the man page. You have to go out to the website to find out about it. Look just before the NOTES section of the manpage: " To use growisofs to write a pre-mastered ISO-image to a DVD: growisofs -dvd-compat -Z /dev/dvd=image.iso where image.iso represents an arbitrary object in the filesystem, such as file, named pipe or device entry. Nothing is growing here and com- mand name is not intuitive in this context." -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Wireless access points for FreeBSD 4.3?
Jamie Ann P. Zamodio wrote: Hi, I've been searching the web for compatible wireless access points for FreeBSD 4.3. As of yet I've been unsuccessful in finding any kind of list. However we do have the following base stations in our lab: FreeBSD 4.3 dates back to early 2001: you are strongly advised to update to 4.11 or 5.4. Not only will a lot more wireless devices work under a version released in 2005, you even can take advantage of the NDISulator ("Project Evil") to run Windows XP drivers under FreeBSD. Anyway, if you are stuck using 4.3 for unimaginable reasons, I suspect the atheros or PRISM-2/2.5 chipsets are what you are looking for. Is there any way I can configure my FreeBSD 4.3 server to see any one of these? The set-up is, my server and base station are connected to a wired network, and then I have a wireless client running on Red Hat Linux 9 contacting the server through the wireless access point. Your question doesn't make it entirely clear whether you are looking for a wireless card/NIC for a FreebSD machine to talk to a base station, or whether you are having an issue sending traffic to or from a wired FreeBSD machine to some other Linux box via basestation to wireless...? It may be the case that you want to bridge or NAT a wireless subnet onto your LAN, but you should consult your basestation's docs for how to do that; FreeBSD would use nothing but normal TCP/IP routing to the basestation. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: growisofs: no mkisofs options are permitted with =, aborting
Carl Delsey wrote: [ ... ] You're right. My mistake. That's what I get for using my eyes to search a document instead of using the search feature. :-) No worry: growisofs' manpage and the way it uses command line arguments is not entirely consistent :-) To some extent, Andy doesn't want to fully document everything to encourage people to either "use the source, luke", or to create more user-friendly (but seperate) frontends like k3b. I don't fully understand the mindset of not making a program fully documented or oriented towards its users, but Andy has been reasonably responsive to integrating FreeBSD changes for the port, so I'm not going to complain... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: growisofs: no mkisofs options are permitted with =, aborting
Marc Fonvieille wrote: On Tue, Aug 02, 2005 at 10:50:01AM -0400, Chuck Swiger wrote: [ ... ] To some extent, Andy doesn't want to fully document everything to encourage people to either "use the source, luke", or to create more user-friendly (but seperate) frontends like k3b. I don't fully understand the mindset of not making a program fully documented or oriented towards its users, but Andy has been reasonably responsive to integrating FreeBSD changes for the port, so I'm not going to complain... I do not agree with that statement, Andy helped us to clearly document growisofs in the Handbook, it's just a shame people hardly read the DVD section. Regarding the complex or "invisible" options, they should not be used/exist if DVD burners firmware or DVD media were without bugs :( The Handbook has good documentation on using dvd+rw-tools as well as other software, and I would second the recomendation that people take a look at it if they want to burn CD's or DVD's. You are welcome to hold the opinion that the documentation is complete, but: 13-sec% cd /usr/ports/sysutils/dvd+rw-tools && make extract > /dev/null 14-sec% grep luke work/dvd+rw-tools-5.21.4.10.8/growisofs.c * - undocumented -use-the-force-luke flag to overwrite the media * - extended syntax for -use-the-force-luke option, it's now possible * to engage DVD-R[W] dummy mode by -use-the-force-luke=[tty,]dummy * - complement -use-the-force-luke=dao[:size] to arrange for piping * - implement -use-the-force-luke=seek:N -Z /dev/dvd=image to arrange * -use-the-force-luke=seek:N it's easier to maintain "tar-formatted" * - -use-the-force-luke=tracksize:size option by suggestion from K3b; * - -use-the-force-luke=wrvfy for WRITE AND VERIFY(10); * - -use-the-force-luke=4gms to allow ISO9660 directory structures * - more sane sanity check for -use-the-force-luke=tracksize:N; * - -use-the-force-luke=break:size to set Layer Break position for * - -use-the-force-luke=noload to leave tray ejected at the end; else if (!strncmp(opt,"-use-the-force-luke",19)) ...or consult the manpage, again: "There're several undocumented options commonly denoted with -use-the-force-luke prefix. Some of them serve debugging purposes. Some require certain knowledge about recording process or even OS kernel internals and as being such can induce confusing behaviour. Some are to be used in very specific situations better recognized by front-ends or automated scripts. Rationale behind leaving these options undocumented is that those few users who would actually need to use them directly can as well consult the source code or obtain specific instructions elsewhere." -- -Chuck "The human race's favorite method for being in control of the facts is to ignore them." -Celia Green ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Networking with FreeBSD
Stephan Weaver wrote: [ ... ] But AFAIK, By Placing all these network cards in the Same Machine, FreeBSD Will Bridge All Those Networks. FreeBSD is well-behaved in terms of security. It will not act as a layer-2 bridge or as a layer-3 IP router/firewall, unless and until you tell it to do so. See the options set in /etc/rc.conf and /etc/defaults/rc.conf such as: gateway_enable="NO" # Set to YES if this host will be a gateway. router_enable="NO" # Set to YES to enable a routing daemon. firewall_enable="NO"# Set to YES to enable firewall functionality firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) ...or "man bridge". How Can i keep the networks Separate, and Secure the Servers by Firewalling by ip addressing? Well, if you set the machines up on three or four seperate subnets, each on a seperate collision domain (ie, each with it's own hub or switch VLAN), you can firewall traffic both by subnet and by individual IPs. A proper ruleset will integrate anti-spoofing rules which will prevent a machine from sending traffic as if it were an IP on another subnet, or at least prevent the traffic from going through the firewall to reach your private internal networks. Obviously, you want to keep untrusted machines on another subnet than the servers you are protecting. Go read "Building Internet Firewalls" published by O'Reilley, as well as http://www.ietf.org/rfc/rfc2196.txt... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Networking with FreeBSD
Stephan Weaver wrote: [ ... ] Thank You So Very Much for your quick response. You're welcome. I am familar with firewalling, but i never done something like this. Mabee you can give me an actual Example from my reference. Using my networks ect. Sure, if I had lots of free time and nothing else to do, I could probably write up a security policy, firewall rules, along with pretty network topology diagrams and so forth. But I was up 'til 2AM doing pretty much just that for a client yesterday (*), and I'd rather not spend that much effort again today without a good cause, or at least more beer. :-) There is an expectation on the freebsd lists that you spend your own time to learn about the tasks you want to accomplish before asking other people to repeat what the documentation says for your own specific use case. ("Read the docs. Try stuff out. Ask questions which show what you've done and what the specific error message or problem you have is.") What i want to do is seperate the network's on the same wire. Hmm. Why do you want to put separate subnets on the same wire? (What does that mean to you, anyway? Using the same external ISP connection? All boxes all on the same ethernet hub? Something else? Consider IPsec. :-) -- -Chuck (*): Client is in Denmark. They wanted stuff "urgently" by this morning their time, after getting me something to respond to yesterday at 4PM my time. Bleh, this "global outsourcing" thing really is overrated ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: polling decreases throughput ~50%
Bill Campbell wrote: On Tue, Aug 02, 2005, Victor Semionov wrote: [ ... ] I was uploading some large file to my neighbor's windows box. With polling disabled, the transfer rate was 8 MB/s and CPU usage was 90%. I turned on polling with sysctl and CPU usage decreased to 50%, which I expected, but also the transfer rate dropped to 4.5 MB/s, about half. The numbers are approximate. The interface is a RealTek (rl driver). No background jobs were running. kern.polling.* all defaults. What is kern.hz set to? Does increasing it improve throughput? Why is that? I thought polling should decrease CPU usage by avoiding too many context switches when a hw irq is generated frequently, but it shouldn't make the transfer slower if there are no other jobs running. You have to poll often enough to keep the pipe full, otherwise your max throughput can be limited. Also, rl hardware isn't the greatest and probably requires a lot more CPU than a device with working buffer/DMA design. I certainly don't claim to be an expert on this subject so take this with a grain of salt. Interrupts were originally created to eliminate the need for polling allowing processes to sleep until an interrupt occurs rather than having the process in a loop testing to see if any input is ready or the device is available for further work. Blocking was created to eliminate the need for polling/sitting in a loop testing a condition. Interrupts were created to take the CPU away from normal processing in order to attend a high-priority, time-critical condition or signal which can't wait. A good serial chip/UART, or a NIC receiving packets, shouldn't fire an interrupt just because a character/packet came in, they should fire an interrupt when their SILO/buffer is getting full or has some data which hasn't been serviced in a while. ("Interrupt coalescing") -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: how to mirror the freebsd site
huang mingyou wrote: I wan't make a http mirror for the FreeBSD.Can I only mirror the i386 arch?and when I mirror finished how to join the mirorr site database? While you can mirror only the pieces you want, an official mirror needs to mirror complete chunks of stuff. See the fine documentation here: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/hubs ...although there are versions in other languages, too. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Vending
jon freddy wrote: To make FreeBSD even bigger, can I myself upload the ISO images onto my website and become a mirror? Sure. Everything you might want to know about doing so is here: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/hubs/article.html -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Post JDK14 installation requirements
Gerard Seibert wrote: In order to install JDK14, I need to run both of these commands: kldload linprocfs mount -t linprocfs linprocfs /compat/linux/proc After rebooting the system, do I have to re-run those commands again for java to be active? Would it be beneficial to put the mount command in /etc/fstab? I am not sure how to get the other one to run automatically at bootup if it is required. Normally, one would run those commands once, and use the java port to build a native Java for FreeBSD, which is being bootstrapped from running the precompiled Linux Java package you have to download yourself from Sun. Once you have a native FreeBSD java package, you don't need to mount linprocfs or use Linux emulation to run java -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: After Partitioning a Drive: WARNING - WRITE_DMA UDMA ICRCerror (retrying request)
Mark Kane wrote: [ ... ] My drives are like this PRIMARY IDE: Master - 160GB Slave - 60GB SECONDARY IDE: Master: TDK VeloCD CD Burner Slave: Sony DRU500A DVD Burner I never put optical drives on the same channel as hard drives. I was going to give Maxtor a call on the 80GB when I thought the 60GB was fine, but that was before I found the errors on the 60GB as well. Could something be bad on the board, or is this a FreeBSD problem, or other hardware? Without another known-working mainboard to test, you can't really be sure, but it's a hardware problem of some sort, perhaps due to poor cabling, perhaps a marginal or failing mainboard. If you use BIOS or atacontrol to slow down to UDMA 33 speeds, does everything work OK? -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ad10: WARNING - READ_DMA UDMA ICRC error (retrying request) LBA=11441599
O. Hartmann wrote: [ ... ] One of my SATA disks, the SAMSUNG SP2004C seems to show errors during operation (and also showd under 5.4-RELEASE-p3). Sometimes I get this error: ad10: WARNING - READ_DMA UDMA ICRC error (retrying request) LBA=11441599 while the machine still keeps working. Other days the box crashes completely. Is this a operating system bug or is this message an evidence of defective hardware? Back up any data you care about now. Use the smartmontools port or hunt down a utility from Samsung which'll do a surface test (read only, nondestructive). You can also run a "dd if=/dev/ad10 of=/dev/null bs=8192" to do a full read test under FreeBSD, and see how many CRC errors show up. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Sendmail & relaying from network
Gerard Seibert wrote: [ ... ] The two WinXP boxes are 192.168.0.3 and 192.168.0.2 respectively. The FreeBSD box is names 'ges.seibercom.net' and the main WinXP box is 'gerard.seibercom.net'. What sort of directive should I be using to allow the WinXP box to send mail through Sendmail and still have a secure system? cd /etc/mail/ echo "192.168.0 RELAY" >> access make all restart -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfw2 - too many dynamic rules
Stec John wrote: I need some help with ipfw2 on my squid box I have too many dynamic rules errors for dns Can I insert a dns static rule into my rules (as below) and how? [ ... ] # allow DNS,NTP queries out in the world add pass udp from any 1024-65535 to any 53,123 add pass udp from any 53,123 to any 1024-65535 add pass udp from any 53,123 to any 53,123 add pass tcp from me to any 53 setup keep-state Note that you probably want to use the combination of "setup keep-state" elsewhere in your rules, too. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfw2 - too many dynamic rules
Stec John wrote: Hi Chuck, are you suggesting to add these dns rules on top of the existing rules? Yes. Can I use "allow" instead of "pass"? Yes, they mean the same thing: allow Allow packets that match rule. The search terminates. Aliases are pass, permit and accept. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Installing 2nd CPU on SMP board
Glenn Dawson wrote: At 03:57 PM 10/19/2005, Kurt Buff wrote: [ ... ] You want to get the same speed, FSB, and family number of Xeon, and it is preferable to get the same stepping number if possible. It's better to match the sSpec numbers...those include the stepping, and not all processors of the same stepping have the same sSpec. Intel's documentation for dual-proc and multiproc compatibility is based on family ID and stepping #, not on the s-spec #. The family ID is akin to a major version number, and the stepping is akin to a minor version number. You can get the family ID and stepping from dmesg, you cannot get the sSpec number via that directly. For example: CPU: Intel(R) Xeon(TM) CPU 3.00GHz (2992.71-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0xf43 Stepping = 3 Features=0xbfebfbff Hyperthreading: 2 logical CPUs If you hunt down the right Xeon document: http://download.intel.com/design/Xeon/specupdt/30240216.pdf ...and search for "0xf43", you get: S-Spec CoreStepping CPUID CoreFreq FSB L2_cache SL7ZF N0 0F43h 3800 2 MB 604-pin micro-PGA -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: switching from layer 2 to layer 3 in C programming
Bsderss wrote: I m in developing a network application (from layer 2 to 3). Can anyone tell me how to switch from layer 2 to layer 3 in C programming? I'm not sure what you mean by this, but a literal answer can be found in: /usr/include/net/if_arp.h ...and "man 4 arp". -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: send-pr, how pr's are handled
Daniel Molina Wegener wrote: I have sent a PR (yesterday) with a patch through send-pr, when I will realize if this one were accepted? That depends on a lot of things. Important patches often get considered in a day or two, ones that are big/complex/etc may take longer. Security issues are also considered at a high priority. It helps to CC: someone responsible for the thing being patched, if there is such a person. In particular, patches sent to a port maintained by nobody can sit for weeks or even months. :-) If you're looking for additional insight, local conventions seem to suggest that one should wait a week after submitting a patch, and then ask about it mentioning the PR #. This gives maintainers who are away on a business trip, vacation, or other aspects of RealJob/RealLife(tm) adequate time to review the PR. If the PR sits for longer than 1 month, bring it up again as a maintainer timeout, if appropriate (ie, a PR about updating a port), or send a short email with the PR # and a description of the issue to one of the higher-level channels like releng, portmgr, etc. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Why is sendmail rewriting incoming adresses like this?
stan wrote: I've got the in tree sendmail set up on a 4.11-RELEASE machine, and I'm seeing somethign I do not understand. If I send it mail with a To that looks like this: [EMAIL PROTECTED] It's getting rewriten to: [EMAIL PROTECTED] I'd guess your virtusertable is doing it, but remove the -o flags ("hash -o ...") since that option prevents you from seeing errors with them. Do something like this: echo "3,0 [EMAIL PROTECTED]" | sendmail -bt -d0 -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: IPFW equivalent of iptables --state ESTABLISHED, RELATED
John Do wrote: Hi guys I'm having trouble with IPFW I need to allow user initiated traffic IN but I can't Basically in iptables for Linux I would have used something like -A INPUT -p tcp -m tcp --state ESTABLISHED,RELATED -j ACCEPT Can someone help me discover what the equivalent syntax in IPFW would be? I have tried to use "allow tcp from any to any established in" but it doesn't work "allow tcp from any to any established" ...as another poster said, however, this will allow data traffic not associated with legitimate connections in, too. If you want use stateful rules in IPFW, something like: check-state allow ip from me to any setup keep-state Take a look at /etc/rc.firewall for more detailed rules... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: RFC: my firewall ruleset(s)
Eric F Crist wrote: Hey all. I'm relatively new to shell scripting and I'm looking for some comments on my firewall script. Comments on either the ipfw rules themselves or on my scripting lack of ability would be appreciated. Ugh. :-) IPFW knows how to increment rule numbers all by itself; you can get rid of the "rulenum1=`expr $rulenum1 + 50`" stuff. The breakdown of sh functions like setup_loopback, setup_keepstate, setup_ntp is fine if you want to play with shell scripts, but it scatters your IPFW rules into different places. I'd rather see something that closely resembles what "ipfw list" gives you. You could chain several ports together into a list rather than listing them all seperately as individual rules, IPFW will end up doing less work. You have anti-spoofing for the lookback, lo0 interface, but not for your other interfaces. You should add anti-spoofing rules, and also block strict and loose source routing [1]: # Stop strict and loose source routing add deny log all from any to any ipoptions ssrr add deny log all from any to any ipoptions lsrr You should give some thought to ICMP filtering. Consider something like: add allow icmp from any to any icmptypes 0,3,4,8,11,12 You should use the log command more when developing a ruleset, to see what traffic you are blocking or permitting, until you've gotten your rules and network finalized. -- -Chuck [1]: This is known to hackers as the "how to go through a firewall as if it wasn't there" IP option if you don't block these. :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Preloading of shared libraries
Philip Lykke Carlsen wrote: Hey.. I wondered if it was possible to load a selection of shared libraies into the cache at boot time.. I figure that it would speed up starting things.. like the KDE login manager for instance.. hm.. is this possible? .. and if so.. would it speed up the process of starting stuff at all?.. Sort of. At one point, you could set the sticky bit on files as a hint to the pager to try and keep them in memory, which was intended for things like /bin/sh, cron, login, and maybe libc. Whether it would help in your particular case is harder to say, how much RAM does your machine have, and what kind of CPU? Some people believe that KDE requires excessive resources for what it does, consider fluxbox or something more lightweight... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: RFC: my firewall ruleset(s)
Used to carry Security, Compartmentation, User Group (TCC), and Handling Restriction Codes compatible with DOD requirements. 0 3 var. Loose Source Routing. Used to route the internet datagram based on information supplied by the source. 0 9 var. Strict Source Routing. Used to route the internet datagram based on information supplied by the source. 0 7 var. Record Route. Used to trace the route an internet datagram takes. [ ... ] You should use the log command more when developing a ruleset, to see what traffic you are blocking or permitting, until you've gotten your rules and network finalized. Is there a way to direct different rules to different facilities or log files? This is the primary reason I have not enabled logging more. You can probably change which facility IPFW logs to, and to change where that goes you'd change /etc/syslog.conf. I don't think you can log individual lines to a seperate facility, but you can grep by rulenumber which works just fine. [1]: This is known to hackers as the "how to go through a firewall as if it wasn't there" IP option if you don't block these. :-) Thanks for the great input! I'll work further to develop my script. Part of my reason for getting so involved with the shell scripting on this ruleset is so that I have an actual project with a purpose in front of me to develop my scripting abilities. You're welcome. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sendmail/mailertable question
stan wrote: On Mon, Oct 24, 2005 at 06:51:12PM -0400, Charles Swiger wrote: [ ... ] Get rid of the "hash -o" in your mailertable line, too. Your DNS wildcard MX records are telling sendmail that the mail should go to prod1.ivo.net: Just the -o part, right? Yes. If you want to disable DNS canonification, do something like this in your mailertable: listmaint.samp.ivosite.comsmtp:[IP_of_real_MX] ...where IP_of_real_MX if the IP address of the machine which is supposed to actually handle the mail for that machine, and is different from prod1.ivo.net. You can't fool your wildcard DNS record otherwise, because even if you try, remote SMTP hosts will look up the MX anyway. But it's _not_ different than prod1. I just want sendmail to pass the ucanonified name on to the downstream processing (think procmail) so that it's easy for automated downstream processing to handle it. If this mail is going to be delivered locally, then you ought to add listmaint.samp.ivosite.com to class w, perhaps via the file /etc/mail/local-host-names. - You might want to use MASQUERADE_EXCEPTION(), as in: FEATURE(`allmasquerade')dnl FEATURE(`masquerade_envelope')dnl FEATURE(`masquerade_entire_domain')dnl MASQUERADE_AS(`example.com')dnl MASQUERADE_DOMAIN(`example.com')dnl MASQUERADE_EXCEPTION(`www.example.com')dnl MASQUERADE_EXCEPTION(`public.example.com')dnl MASQUERADE_EXCEPTION(`private.example.com')dnl Sendmail will re-write the hostname for anything matching *.example.com, _except_ for www.example.com, public.example.com, as explicitly listed. And you either need to list www.example.com in class w (aka the local-host-names file), or you need to specify a mailertable entry using square brackets to send the mail to some other server which will perform local delivery for that hostname. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Installation problem with Freebsd 5.4
Jayesh Jayan wrote: If i install FreeBSD on to a HDD with a good machine where i have already installed freebsd before and then move the HDD to that machine. Will it work ?? Yes, probably, that's definitely a decent idea and worth a try. This is what happens when I try to install freebsd on the machine I can go till the step of Choosing distribution After I choose the distribution it starts the installation it shows transffering .. in a blue screen with a progress bar. it then transfers 32 of 33 chunks and then it comes up with the error mentioned before. Sometimes this is simply a problem with the CD being dirty or not being read correctly. This might also indicate your hardware is a little flaky. The AMD Athlons are fine processors, but the earlier AMD K6 and Cyrix CPUs are a bit less reliable and some contained interesting hardware flaws (like with the L2 cache). -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sendmail/mailertable question
stan wrote: [ ... ] Yes and no. Masquerading is for mail which passes through the server, which includes mail being delivered locally from some other machine. OK, that makes sense. Next question, since sendmail is _already_ rewriting the address, why will adding still more rewritng stop it from doing what it is doing now, since Masquerading isn't enabled presently. There's a big long discussion of this in cf/README, but reasonable people have been known to find sendmail documentation non-informative. :-) It might be the case that using statements of the form: VIRTUSER_DOMAIN(`example.com')dnl ...in your .mc file may help exclude them from canonification. It may also be the case that what you want to do is going to be better handled by two SMTP servers, one as an external gateway, using and exposed to DNS and your wildcard MX records, and one internal mailserver which handles local delivery, masquerading, a mailertable distributing mail to any other local SMTP destinations (think mailserver/listservers running on other machines), and even use FEATURE nocanonify if you want to/have to disregard DNS entirely. Put a spamfilter/virusfilter on your external relay, which will then serve as your SMART_HOST for the internal mailserver. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mail Server Configuration
Mark Carroll wrote: [ ... ] I tried to contact washington.edu about this but wasn't able to get any help. In which, I was trying to fix the mbox driver that is associated with Pine to make all of my new mail stay in /var/mail/username and not to transfer to /home/username/mbox. With this, I was also trying to move all of the mail in /home/username/mbox back to /var/mail/username. I tried to cp it to /var/mail/username but this made the box inaccessible. In monkeying around with the configuration, now I cannot receive mail in either box. Beforing monkeying with things (further :-), take some backups. Disable imapd, perhaps by killing inetd. Check whether SMTP delivery to /var/mail/username works. The simplest case involves delivery when no /var/mail/$user file exists, so check the ownership and perms created if that works. If that doesn't work, check your SMTP server and /var/log/maillog. If you could show me how to reset to my original configuration, I would be happy. If you could show me how I can move all of my email back to /var/mail/username with the mbox driver disabled so that imap can find it, I would be ecstatic. By default, UWash imapd should only move mail from /var/mail/$user to $user/mbox if $user/mbox exists. However, consider creating the following: 38-ns1% cat /usr/ports/mail/cclient/files/patch-mailsubdir --- src/osdep/unix/env_unix.c~ Mon Sep 13 17:31:19 2004 +++ src/osdep/unix/env_unix.c Sun Oct 9 00:14:45 2005 @@ -29,7 +29,7 @@ static char *myMailboxDir = NIL;/* mailbox directory name */ static char *myLocalHost = NIL;/* local host name */ static char *myNewsrc = NIL; /* newsrc file name */ -static char *mailsubdir = NIL; /* mail subdirectory name */ +static char *mailsubdir = "mail"; /* mail subdirectory name */ static char *sysInbox = NIL; /* system inbox name */ static char *newsActive = NIL; /* news active file */ static char *newsSpool = NIL; /* news spool */ ...where you ought to create a ~/mail directory for users. Anyway, that area of the file is how you change imap's idea of where to look. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: two quick conceptual questions RE: rsync (and rsyncing snapshots)
user wrote: First, how does rsync respond to, and perform, when the source filesystem is under very heavy change ? If I have a filesystem that I want to rsync up to a backup server, but that filesystem is _very busy_ with the creation, destruction and changing of files, how well does rsync perform, and how much does it interfere with the performance of the underlying filesystem that it is sending up to the backup server ? rsync complains when the filesystem changes underneath it, but it will continue to run. On the other hand, rsync is not going to safely maintain the referential integrity of a complex file like a live database, but it's okay for most other things including mbox's. Rsync imposes a significant workload if you are syncronizing a large tree of stuff which changes a lot, but it's efficient considering the size of the task. Related: it occurs to me that perhaps it would be better to snapshot the filesystem, mount the snapshot, and then rsync the snapshot. On the other hand, the filesystem is continuously altering the snapshot as files are destroyed or changed ... so perhaps this does not gain anything. Is rsyncing a snapshot of a busy filesystem always, ever or never easier than rsyncing the busy filesystem itself ? rsync'ing a snapshot is a fine idea. Finally, am I correct that there are _only two_ rsync comparison methods - the default checksum method, and the --size-only method ? Am I correct that rsync _always_ looks at the timestamp first, and then applies either checksum or size comparison ONLY IF the timestamps are different ? No, rsync checks both timestamp and size or checksum. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: two quick conceptual questions RE: rsync (and rsyncing snapshots)
user wrote: Chuck - thank you... Sure. On Tue, 1 Nov 2005, Chuck Swiger wrote: rsync complains when the filesystem changes underneath it, but it will continue to run. On the other hand, rsync is not going to safely maintain the referential integrity of a complex file like a live database, but it's okay for most other things including mbox's. Does it simply complain, or does that somehow alter (lessen) the integrity of the sync that is going on ? The files which it notices are either copied or noticed as being missing. Any new files which get created after rsync does it's first scan are not going to be picked up later on by rsync. rsync'ing a snapshot is a fine idea. Ok - because _nothing_ would change, and thus rsync would not complain, etc. My gut is that while rsync performance might be increased, filesystem performance would be about the same, since all destructions and changes on the underlying filesystem are still being committed to the snapshot ... can you think of a reason why this would not only increase the rsync performance, but the overall FS performance while rsyncing ? No. The point of using snapshots is to address the integrity concern above, they don't do anything in particular to change the performance. If disk I/O is a significant concern to you, add more spindles, use RAID-1 or RAID-10 configurations, or some combination of the two. Finally, am I correct that there are _only two_ rsync comparison methods - the default checksum method, and the --size-only method ? Am I correct that rsync _always_ looks at the timestamp first, and then applies either checksum or size comparison ONLY IF the timestamps are different ? No, rsync checks both timestamp and size or checksum. So you are saying even if the timestamps are identical, rsync will _still_ do either a size or checksum comparison ? That seems ... inefficient ? Is there a way to tell it "if the timestamps are identical, just move on" ? What happens if a program appends some more data during the same second? rsync has to fstat() the file anyway which potentially involves a disk operation, once it's done so, comparing both timestamp and size doesn't take a significant amount longer to do. -c, --checksum skip based on checksum, not mod-time & size -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Upgrading 4.11-STABLE to 5.4-STABLE
Steve Bertrand wrote: I want to upgrade my 4.11-STABLE server to 5.4-STABLE. I'm very used to using cvsup to upgrade between minor releases (IIRC the box was 4.9 or 4.10 originally) but a jump between major versions is scaring me a bit :) Oddly enough, and a little OT, (but semi-within the topic) I'm trying to update a 5.0 box to RELENG_5 right now with several different errors, too many to mention (generally they occur after rebooting after my installkernel. I can subsequently reboot off of kernel.old, as always). That's not surprising, if your kernel and userland are too far out of sync, lots of things won't work right like ps and ipfw and so forth. If the kernel boots OK into single-user mode, it should be OK to do the installworld. Anyway, you really don't want to stay with 5.0, even if it takes a reinstall from a 5.4 CD to get there :-) Since this is only a data box (running Samba), I'm not too worried, as I'll just reinstall...but I thought I'd throw it out there to see if there is a better approach to this particular upgrade (ie...incremental), as well as OP to get us both to STABLE. Note I also have a real production box at the following with the same issue, however, it's much more relied apon, so an upgrade as opposed to rebuild solution would be nice: FreeBSD pearl.ibctech.ca 4.11-STABLE FreeBSD 4.11-STABLE #4: Fri Jun 24 12:14:21 EDT 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/PEARL i386 Take full backups before you do anything. The thing is, there is nothing wrong with a 4.11 system, either, especially if it is a uni-processor machine. For SMP hardware, I'd be tempted to jump directly to 6.0 or wait for 6.1, rather than move to the middle/end of the 5.x releases. Keeping your ports up-to-date is a bigger concern, but things like portaudit and the people working on submitting both security warnings and patches to the ports help... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Fast diff command for large files?
Kirk Strauser wrote: I need to routinely find the diffs between two multigigabyte text files (exporting a set of FoxPro tables to a PostgreSQL database without doing a complete dump/reload each time, in case you were wondering). GNU diff from the base system and from ports chokes. The textproc/2bsd-diff works OK, but is glacially slow. Multigigabyte? Find another approach to solving the problem, a text-base diff is going to require excessive resources and time. A 64-bit platform with 2 GB of RAM & 3GB of swap requires ~1000 seconds to diff ~400MB. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: debug.log questions
Sean Murphy wrote: Charles Swiger wrote: [ ... ] I just checked two 5.4 servers running sendmail that came with FreeBSD they both have the /var/log/debug.log just there is no entires in the debug.log on the second server. However it just mails the FreeBSD daily reports to the other server. Can anyone else check there FreeBSD servers 5.4 running sendmail and have this debug.log? -rw--- 1 root wheel 0 May 8 2005 debug.log same date as I made the server excerpt from the syslog.conf *.=debug/var/log/debug.log your right there is an entry for the debug in the syslog.conf however Im pretty sure this file is default FreeBSD It turns out that you are right for 5.4, although that change has since been backed out: http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/syslog.conf ...in the most current version, if I'm following the branches correctly. In either event, it's fine to discard debug-priority logging, unless actually debugging something. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Installation problem with Freebsd 5.4
Vulpes Velox wrote: On Tue, 25 Oct 2005 15:58:01 +0200 Roland Smith <[EMAIL PROTECTED]> wrote: [ ... ] One thing you could try is to burn a 6.0-RC1 CD and try that. Test your memory with memtest86 (http://www.memtest86.com/). Memtest86 does not tell you if you have bad ram. It just indicates that something some where is wrong with that system there. I've seen it hit errors with bad motherboards as well. It's true that problems with overheating or a bad MB will generate errors that memtest86 will see, but memtest86 is really good at noticing bad RAM. It will catch errors that the BIOS self-test won't (which isn't too hard :-), and I've never seen memtest86 fail to detect bad RAM -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: high CPU activity for interrupts
[EMAIL PROTECTED] wrote: top(1) shows it like this: CPU states: 0.8% user, 0.0% nice, 0.4% system, 22.9% interrupt, 76.0% idle What could I do to figure out what's going on? Look at "vmstat -i"... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: system lacks resources
Vladimir Dvorak wrote: When the server is under mail load, these messages appears in logs: (host 127.0.0.1[127.0.0.1] said: 450 4.4.1 Can't connect to 127.0.0.1 port 10025, Net::SMTP: connect: Operation not permitted (Operation not permitted) at /usr/local/sbin/amavisd line 4323, line 839., MTA([127.0.0.1]:10025), id=63072-10 (in reply to end of DATA command)) When the load decreases, these messages are delivered. I thing this is problem related to allowed system resources. Has anyone met this problem ? How can I increase or where to tune system variables ? /etc/login.conf ? You should adjust the delivery concurrency of postfix in master.cf to match how many amavis/virus scanner tasks you are able to run on your system. For example, if you limit amavis to three children, you should have this: # virus scanning scanunix - - n - 3 smtp Remember that each amavis or virus-scanner process can require 30-50MB of RAM, depending on just how big the email going by is... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: kernel's PAGE_SIZE
Miguel wrote: Hi, im tunnig a postgresql server and i want to know what is the default value for kernel's PAGE_SIZE Run "sysctl hw.pagesize" and it will tell you. On most hardware (ie, x86), it's likely to be 4096 bytes... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ntpdate
Andrew P. wrote: On 11/16/05, dick hoogendijk <[EMAIL PROTECTED]> wrote: [ ... ] Thank you. I You are probably right. I'll get rid of ntpdate in rc.conf. I have two timeservers at the moment. I will look for some more in the Netherlands. Yours are to far away ;-) Last time I checked ntpd docs there was no way to tell ntpd to set the time to correct at once at startup. Imagine that you've left your box off for a few days. Your clock might get inaccurate by quite a few seconds (about 2-5 minutes a month on some hardware). So ntp either converges for the whole eternity, or just fails to work. Ntpdate at startup solves this problem. Running "ntpdate -b" at boot to forcibly syncronize the clock is a pretty good idea, but you actually can convince ntpd to sync even a clock which is badly off via: -g Normally, ntpd exits if the offset exceeds the sanity limit, which is 1000 s by default. If the sanity limit is set to zero, no sanity checking is performed and any offset is acceptable. This option overrides the limit and allows the time to be set to any value without restriction; however, this can happen only once. After that, ntpd will exit if the limit is exceeded. This option can be used with the -q option. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ICH6-R
Steve Bertrand wrote: [ ... ] - During install (this time it's 6.0-RELEASE as of Nov. 3), I have 3 selections to select from when FDISKing etc: ad4, ad6 and ar0. - I select ad0 to configure as this is the bootable RAID volume, and ^^^ ...? everything installs perfectly fine. I then proceed to reboot the box, and a blinking cursor appears in the top-left side of the screen, as if BSD wants to boot, but nothing ever happens. If you've configured or enabled a RAID setup in the BIOS, then ar0 ought to be the device you should use. If you are trying to install to a drive in normal, non-RAID mode, then ad0 (if you have it) would be the choice. If you've got static ATA numbering enabled in the kernel and you've got no parallel ATA devices attached, only SATA, then ad4 might be right. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ntpdate
Andrew P. wrote: On 11/17/05, Bob Johnson <[EMAIL PROTECTED]> wrote: [ ... ] Leading numbers are not necessary in most cases. I use: server europe.pool.ntp.org server europe.pool.ntp.org server europe.pool.ntp.org That selects 3 random servers from the whole europe pool. The point of using the leading numbers is to make sure the three servers chosen from the pool are actually different machines. If you've only got a small number of machines, having each contact an external NTP server is reasonable. If you've got, say, ten or more machines, set up three of them to contact external NTP servers and each other as peers, and have the rest of the machines on your network talk to your local NTP servers. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: EM64T supported?
Marc G. Fournier wrote: First off, what is it? On 32bit platforms, to address >4G of RAM, I recall that there is some sort of 'paging' that has to be done to address it ... does EM64T get around that somehow, or is this just another name for it? EM64T uses 64-bit wide registers and addressing, and can talk to >4GB of RAM natively. Older processors may still support >4GB of physical RAM using the PSE/PSE-36 CPU extensions, but are still using 32-bit registers. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: EM64T supported?
Dan Nelson wrote: In the last episode (Nov 17), Chuck Swiger said: EM64T uses 64-bit wide registers and addressing, and can talk to >4GB of RAM natively. Older processors may still support >4GB of physical RAM using the PSE/PSE-36 CPU extensions, but are still using 32-bit registers. PAE/PAE36, right? Note that if you enable PAE, some drivers may not be available. See the PAE kernel config file for a list. PAE is related, but I don't believe "PAE36" exists; cpuid lists these: PSEPage Size Extensions PAEPhysical Address Extension PSE-36 36-bit Page Size Extension I believe PSE lets you choose whether your MMU uses a 4KB or a 4MB pagesize for virtual address translation. PAE was the first attempt at supporting more than 4GB of address space, but I gather it requires doing bank swapping or something fairly awkward that doesn't play too well with VM, whereas PSE-36 integrates more easily. The other point you've made is correct, that is, a fair number of drivers don't understand PAE/PSE36 yet, and will not work using it-- generally because the hardware associated with the driver has a DMA engine which is limited to 32-bit addressing. You end up having to double-buffer or use "DMA bounce buffers", whatever phrase you wish to use. :-) This link seems to have a more complete description: http://www.microsoft.com/whdc/system/platform/server/PAE/pae_os.mspx -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: RST response in message log?
Antonio Gandara wrote: Just had a general question as to this message which appeared in the message log file and dmesg. While I understand it is reducing response to packets, I am perplexed as to what causes this to happen? I am running 4.11 Release. Nov 16 11:07:18 eagle /kernel: Limiting closed port RST response from 300 to 200 packets per second It means something was trying to connect to more than 300 TCP ports (per second) on your machine which are closed, most probably because someone is running a port scan against your machine. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Fun with passwd files
matt . wrote: [ ... ] The question now is this...I see a switch for pwd_mkdb which is "-p", meaning generate a /etc/passwd file. Going forward, when manually adding a new user to /etc/master.passwd, am I now to issue "pwd_mkdb -p " to properly update /etc/passwd at the same time? Seems to me this is the thing to do, however it's my first time really messing with this sort of thing... Set $EDITOR properly, and run "vipw". That program will let you edit the password file and then update the other system-specific password databases correctly. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: growfs(8) - no fear!
Wojciech Puchar wrote: i asked the question recently, no answers, but finally did it this way and all worked fine. i shifted my partition left with dd and resized with growfs. Thanksgiving break may have taken at least some of the reading list population out of regular contact, at least briefly. (Happy turkey day + 2, list. :-) I'd rather backup and reformat, or just use symlinks, then fool with growfs myself. I've tried it as an experiment, and it seemed to work, but I don't have enough data to really say more than that. but can bsdlabel be forced to write label with overlapping slices? for temporary operations it will be useful if i know what i'm doing. I think using "sysctl kern.geom.debugflags=16" may help, or some close variant (check the list archives), there is an anti-footshooting mechanism in place which will prevent you from changing the partition table if you have mounted partitions. Note that you can re-run sysinstall and use the label edittor in there if you like. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Kernel options optimal for desktop?
Alexander Polakov wrote: Good time of day to all freebsd-questions readers! I'm using FreeBSD 6.0 for my desktop. I think the GENERIC kernel is not optimal for desktop usage. So can you advise me what options to use for better performance? My hardware is a Pentium 3 [EMAIL PROTECTED] chipset, 512 Mb RAM, ATA100 30 GB HDD, GeForce2 MX400 video. Read the kernel section of the handbook. Read "man tuning" and "man make.conf", but for a simple beginning, figure out what tasks you want to benchmark (see "ls /usr/ports/benchmarks"), and get a baseline with the GENERIC kernel. Then you want to set CPUTYPE, disable the "cpu I486_CPU" and "cpu I586_CPU" statements, and maybe disable drivers you don't need, IPv6 (aka "options INET6"), etc. Be prepared to roll back to a working kernel if you change too much. Benchmark some more, and see whether you find anything interesting. Be prepared to have someone tell you to run /usr/src/tools/tools/ministat. :-) -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: License Question
Manolo Fredricks wrote: [ ... ] If I make modifications to FreeBSD and then distribute it (the modified FreeBSD) to others: Note that the details depend upon what part of FreeBSD you change, but the two general licenses are /COPYRIGHT (aka the "new" or "modified" BSD license) and the GPL (/usr/src/gnu/COPYING and too many others). 1. Must I provide the source code or can I choose not to? BSD: no, GPL: yes, but see clause 3c: c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) If you don't change the GPL'ed components of a FreeBSD release, you are allowed to point people back to the corresponding FreeBSD release sources. In other words, you can set up a shrinkwrapped appliance using third-party code and not have to provide the source code to your specific application. You might want to consider the Nokia firewall boxes as an example. 2. Must I license it under the FreeBSD license? The existing code already is under the BSD or GPL licenses. You can modify the code according to those licenses, and you can modify the code or combine it with external code which may result in the creation of a derivative work. 3. Can I license it under my own terms/license? If so, must I reproduce the FreeBSD copyright notice and the disclaimer and if so, where? You would probably need to talk to a laywer if you want to relicense the FreeBSD codebase, and I'm not one. Out of curiosity, what would be the terms of your license? (If you're not willing to answer publicly, OK, but see above.) 4. Who owns the copyright to my modifications, me or FreeBSD? You do. [1] 5. Must I contribute my modifications back to the FreeBSD project or can I choose not to? Nope-- you have the right to make private modifications of BSD code and redistribute them, or choose not to. For GPL code, see clause 3 a-c. Appreciate your feedback. Sure. Have fun, -- -Chuck [1] This is assuming your changes are significant enough to merit copyright protection in their own right; trivial changes like one-line patches, etc would not ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: so much clock interrupts?!
cpghost wrote: On Fri, Nov 25, 2005 at 07:45:03AM +0100, Markus Trippelsdorf wrote: Yes, I guess it increases performance on a high throughput webserver or router that uses polling. But on the Desktop it only increases the overhead without any benefits at all. 2000 interrupts per second per core for the timer is a ridiculous high number and I reduce it simply for aesthetic reasons. The default settings try to give a 1-millisecond timing granularity, which seems to work pretty well on Pentium-grade and above hardware. Desktop tasks now include soft realtime work like displaying video clips, and obviously realtime 3D games benefit from it HZ=1000. I'm also wondering wether 1000 Hz on a Soekris net4801 (Geode 266 MHz) won't be overkill. I'm planning to migrate some of them from 5.4 to 6.0, and doubting wether to change the new default to its more conservative previous setting of 100 Hz. For what it's worth, I have kern.hz="200" in /boot/loader.conf on an EPIA-M6000 running 6.0-STABLE... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: make index & make fetchindex
bsd wrote: I have a little script that I run twice a week that updates my ports automatically. I have quite often errors with the "make index" line because I have a refuse file to fasten the process of updating my server. My question is : can I safely replace the "make index" by the a "make fetchindex" ? If you refuse some ports, no. Eventually, something you use will be updated to depend on something you're refusing, and the dependency will break. Using no refuse file and "make fetchindex" works well. What will be the main differences if I do so ? What are the risks ? The other consideration is that it's fine to update ports automaticly on a test server or your personal machine. It is unwise to update a production machine in such a fashion, you will end up with services being shutdown and not restarted properly without human intervention. For a production system, you should run portaudit instead, and update your ports as need or the desire for a new version demands by hand. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: system time "slowing down" ?
Vizion wrote: On Monday 28 November 2005 16:00, Wojciech Puchar: [ ... ] Why not synchronize by running ntpd? or rdate? sure if you know the host you are using as a reference is itself reliably referenced! There's nothing wrong with rdate, but the NTPv4 protocol includes tests and detection measures for broken clocks which eliminate most "falsetickers". Running ntpd will try to generate an ntp.drift file which will compensate for the drift of the native clock, so if the problematic system is off by a consistent factor, ntpd can compensate for that, within limits. On the other hand, if the drift is variable or the clock hardware is just completely busted, then I'd replace the motherboard, or at least break apart the system and look for bad solder joints, leaky caps, etc, and try reconnecting everything again -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sysctl documentation
Wojciech Puchar wrote: where can i find documentation for sysctl variables, mostly vfs.* ? or it it's nonexistant, where can i look for info? "sysctl -d" will help in many cases, otherwise check the manpage for the associated driver, netgraph module, etc. Or UTSL. :-) While FreeBSD gives best performance in every case i tested (compared to other BSD's and linux) it doesn't mean it can't be faster after some tuning. OK. Well, see "man tuning" and the Handbook for a starting place... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: system time "slowing down" ?
[EMAIL PROTECTED] wrote: [ ... ] Here's a list of public, and 100% official I(i.e., stratum 1 ntp servers): http://tycho.usno.navy.mil/ntp.html Pick any of them and add it/tem to /etc/ntp.conf, then set up things so that ntpd is started at boot time and you're set (I actually have 3 of them in there and let nptd pick up the most suitable one). Unless you are publishing time service to other people, please consider using stratum-2 servers from the NTP pool: http://www.pool.ntp.org/ Most people will find a benefit from using NTP servers closer to them, and there are 48 servers in de.pool.ntp.org: http://www.pool.ntp.org/zone/de ...but a complete list can be found from: http://ntp.isc.org/bin/view/Servers http://ntp.isc.org/bin/view/Servers/StratumOneTimeServers http://ntp.isc.org/bin/view/Servers/StratumTwoTimeServers Keep on ticking, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf blocking nfs
Aaron P. Martinez wrote: > I am running FreeBSD 6.0-release and setting up a very basic firewall > using pf on my workstation. The ruleset is as follows: > > block in log all > pass quick on lo0 all > #pass in on $ext_if proto tcp from any to $ext_if port 22 keep state > pass out on fxp0 proto { tcp, udp, icmp } all keep state Your firewall config is not enough to permit NFS to pass. You might consider adding a "pass all" rule for machines on the local subnet. [ Perhaps you should re-evaluate your network so that you do not attempt to pass NFS through the firewall. If you have to do filesharing between machines over an untrusted connection, should should consider a VPN or SSH tunnel approach instead. ] -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf blocking nfs
Aaron P. Martinez wrote: [ ... ] > Actually my network looks like this: > > INT---firewall--internal router/firewall-good lan > || > ||-insecure lan (windoze machines) > | > |DMZ > > the good lan is the only one that does nfs, so the nfs doesn't actually > pass through the firewall, just connects to the internal router/firewall. > I am simply trying to avoid a worst case scenario (internal router gets > compromised) so trying to allow ONLY return packets. Is this unfeasable? I take it that your internal firewall box has three NICs, then? Normally, your firewall should not be doing anything else but security and would not be mounting NFS or depending on any other services on your network. If that is not possible, you should permit traffic through the interface on the "good LAN". -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: is child PID always minor to parent PID?
Javier Matos wrote: > Hi, I need to know if the PID of a child process is always higher to > parent PID because I made an algorithm to search a child and I want to > know if I can start searching for a process that have a higher number > than parent PID. No, the PID of a child could be less than the parent if randomize PIDs sysctl is set, or if the PID counter wraps. The fork() call returns the child's pid. Pay attention to that... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: cvsup question
Vasile C wrote: > How can I modify the cvsup reconnect time form 5 to 1 min ? A more useful approach would be to switch to downloading from another cvsup server... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: cvsup question
Vasile C wrote: >> A more useful approach would be to switch to downloading from another cvsup >> server... > I have a script in cron that does cvsup and portupgrade ... That is why I > want > to change the reconnect time .. I hope this is a testbed and is not a production system. Automaticly running portupgrade on a production system is a mistake... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: DNS refresh
Jean-Paul Natola wrote: > Sorry for the novice question, > > How does one go about refreshing a dns record on BSD box (without rebooting), > it is NOT a DNS server. Most BSD networks do not have dynamic DNS updating enabled on their nameservers, but that is the capability you seem to be asking about. If your network does have this enabled, it's possible that using dhclient to release and renew a DHCP lease on the BSD machine would be the right approach. Otherwise, change the zone file on the primary DNS server directly by hand. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: DNS refresh
Jean-Paul Natola wrote: > I'm in windows environment mainly, I recently setup a BSD box (static IP, and > DNS pointing to the windows DNS server) > > With Exim, SA and CLAM_AV > > All has been running relatively well (3 months give or take) > > Till today I started getting this: > > milter# freshclam > ClamAV update process started at Mon Dec 12 15:05:34 2005 > WARNING: DNS record is older than 3 hours. > WARNING: Invalid DNS reply. Falling back to HTTP mode. Presumably your Windows-based nameserver is having problems, and should be patched and/or rebooted. :-) Alternatively, you could point your BSD machine to another nameserver which is working properly by editting /etc/resolv.conf. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Getting the network traffic amount since the interface went up
Parv wrote: > I am interested to know the total amount of data passed through a > network interface (em0 in my case) since the interface went up. So > far, i have seen that pload, nload, & "netstat -b -I" report the > amount since the operating system has been up, not since the new > ethernet connection has been (re)established. > > Is there a way to find out the amount of traffic (in & out) since a > network interface has been up (not since the OS has been up)? There are lots of solutions to this problem, it kinda depends on what you're trying to do. You might set up an IPFW rule which matches just the traffic you care about, and look at "ipfw -a l". You can zero the counters at will if you like, too. From the ipfw manpage: Per-flow queueing can be useful for a variety of purposes. A very simple one is counting traffic: ipfw add pipe 1 tcp from any to any ipfw add pipe 1 udp from any to any ipfw add pipe 1 ip from any to any ipfw pipe 1 config mask all The above set of rules will create queues (and collect statistics) for all traffic. Because the pipes have no limitations, the only effect is collecting statistics. Note that we need 3 rules, not just the last one, because when ipfw tries to match IP packets it will not consider ports, so we would not see connections on separate ports as different ones. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: kern.maxdsiz "big memory/tuning" questions
Michael Dexter wrote: [ ... ] > However, I am not clear if: > > 1. It is permitted to use "M" and "G" notation (kern.maxsiz="1G")? - > some say yes, some say no and I would prefer not risk the system not > booting. Using "1G" or some number followed by "M" is working for me in 5.x and 6.0. > 2. Which tunables actually matter beyond kern.maxdsiz? Some say only > kern.maxdsiz and some suggest all three. 'man tuning' and the handbook > (~/handbook/configtuning-kernel-limits.html) only goes into maxfiles and > maxusers. Searches of this list and Google have yeilded what you see above. > > Could someone please share some wisdom or docs on this matter? The stuff listed in /etc/defaults/loader.conf is probably the most complete reference outside of the kernel source code itself, but you might find looking at the corresponding "sysctl -d" output for the variables in question. Note that the loader and sysctl don't always use the same name. Other than that, check what limits you're seeing in the shell you run. And double-check under /bin/sh too, for cron jobs or stuff started at boot. :-) -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: you need mirror from israel?
YairNet LinuxServ wrote: > Hello > we Compay WebHosting (Www.linuxserv.co.il) > You need to mirror freebsd from israel ,if yes give me help so mirror > good day. It's likely that this document will tell you all about mirroring FreeBSD: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/hubs/article.html Thanks for your interest, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: fquestions
Gary Kline wrote: > On Wed, Dec 14, 2005 at 01:42:21PM -0800, Kent Stewart wrote: [ ... ] > Does it make any sense to use O3 when compiling stuff, > when stuff includes world/kernel/drivers? Does upping the > optimization make any significant difference in system > performance, in other words? Kent? Anybody? No. You are likely to vastly increase the amount of time it takes to compile the system without gaining any performance that's noticable. The system generally shouldn't be spending a lot of CPU in the kernel, anyway, compared with the amount of time running user-mode code. (Firewalls and routers are a significant exception, however.) If you want your system to perform better, benchmark the work it's actually doing, and then tune from there. Spending lots of time to optimize a part of the system that is already pretty efficient isn't going to do much, whereas solving the bottleneck will make a useful difference. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: dvdrecord?
Wojciech Puchar wrote: [ ... ] >> I use growisofs to burn database backup files to DVD-R on a regular >> basis. The port name, dvd+rw-tools, is a little misleading in this >> regard. >> > i'n now writing DVD-R from image with it, now 800MB and still going. > anyway it can't record DVD-R from pipe, and can't have extra RAM buffer. > > dvdrecord CAN write from pipe in -dao mode if size is entered in options > > i were using that script: > > mkisofs -rq -jcharset iso8859-2 . 2>/dev/null| \ > dvdrecord $* -v tsize=`mkisofs -rq -jcharset iso8859-2 --print-size .` > x2k -delay=5 driveropts=burnfree -dao - > > to write directly files in dao mode to DVD-R. On burners which do not have buffer-underrun correction capabilities (ie, "BurnProof", "JustLink", etc), trying to create the ISO image on the fly and pipe it to the burning process can result in coasters. YMMV, but I prefer to create the .ISO image seperately, and confirm it contains what I think it should contain seperately, before trying to burn it. However, there's room for more tools in ports, so if you like dvdrecord enough to want to use it under FreeBSD, why not port it yourself? -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: dvdrecord?
Wojciech Puchar wrote: >> On burners which do not have buffer-underrun correction capabilities (ie, >> "BurnProof", "JustLink", etc), trying to create the ISO image on the >> fly and pipe it to the burning process can result in coasters. YMMV, but I >> prefer to > > ^^^ > anyway - it may not :) > > already recorded 800 DVD's without single failed. On decent hardware, there shouldn't be a problem, especially if your burner can handle underruns. However, I get bug reports from people using older burners and slow drives, people using USB burners at USB-1 speeds, and other circumstances which are somewhat marginal. As others have said, you can have growisofs invoke mkisofs on your behalf to burn a filesystem tree directly without creating a seperate .ISO file as an intermediate step. If you want to do so in DAO mode, one can use the (undocumented) flag: "-use-the-force-luke=dao". >> However, there's room for more tools in ports, so if you like >> dvdrecord enough to want to use it under FreeBSD, why not port it yourself? >> > because i'm asking why it wasn't first - i'm sure that there are many > people who needs this dvd+rw-tools was added to ports back in 2003, and depended on the mkisofs port (aka cdrtools). Apparently, dvdrecord is a fork of cdrtools, but I don't know which one appeared first. There's also burncd by Soren, which works fine for CD-R/RW burning, but doesn't do DVD-burning especially well. YMMV. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to disable UDMA for HDD?
Stevan Tiefert wrote: [ ... ] you did not understood what I wanted. I needed a suggestion how to install FreeBSD without UDMA-support. Your suggestion is only useful if the system is running, but that was not the case! What happens if you configure the BIOS of the system not to use UDMA modes for that device? Most BIOSes will let you control individual devices, so set whatever it is to PIO4; otherwise, disable UDMA for everything long enough to complete the install, and then tweak things from there. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Updating Emacs without installing X?
Kevin D. Kinsey, DaleCo, S.P. wrote: Your Name wrote: This is just a server box, and i dont want to have _any_ X running on it. Is there a way i can get Emacs current? i didn't originally set this machine up, but Emacs is installed from Ports and theres no X on the machine, so i dont know how it was originally done. Emacs requires XFree libraries, and I think imake, in order to build and run. Pshaw! :-) Emacs can be built for text-mode using normal make just fine, and the Emacs port knows how: cd /usr/ports/editors/emacs && env WITHOUT_X11=1 make install -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: cd and dvd burning program K3b and permissions for non-root users.
edwinculp wrote: I've installed K3b and it works great for the root user but I can't get it to work for any non-privileged user even though I have put the user in the wheel group and have set sysctl vfs.usermount=1, cd0 has permissions set to 666, the same in devfs.conf (That solves the problem for xmms but not for k3b. I believe k3b runs dvd+rw-tools underneath, so you might consider making dvd+rw-tools setuid-root. See the port's Makefile if you have questions. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Fetchmail/Sendmail rejects
Malcolm Kay wrote: [ ... ] I am quite happy to have these rejected but it seems they don't get deleted at the ISP end and clog up the mail box, I think eventually confusing fetchmail. You ought to convince your ISP to apply better spam filtering before they accept messages for you, which will reduce the problem you see. Responding to 2 or 3 lists using a valid e-mail address means that I receive a lot of spam including much with unresolvable addresses. Nowadays, you can receive a lot of spam regardless of what you do, so it helps to reject most of it immediately. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Fetchmail/Sendmail rejects
Malcolm Kay wrote: [ ... ] Thanks guys for the responses -- this really looks the way to go. Does anyone know how sendmail distinguishes between: reject=451 4.1.8 Domain of sender address does not resolve reject=553 5.1.8 .. Domain of sender address .. does not exist It seems the former is to be interpreted as a 'temporary' condition while the latter is to be interpreted as 'permanent' (and is by default deleted by fetchmail)? Sendmail pays attention to the return value from doing DNS queries. If sendmail receives an NXDOMAIN response, it treats that as a permanent, 5xx failure code. If sendmail gets a timeout/TRY_AGAIN, it will return a 4xx temp failure. It's not clear to me why this would matter if your ISP is the one running the mailserver: they aren't accepting the message in either case, which ought to mean that fetchmail will never see it. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Fetchmail/Sendmail rejects
Malcolm Kay wrote: On Sunday 15 August 2004 10:40, Chuck Swiger wrote: [ ... ] Sendmail pays attention to the return value from doing DNS queries. If sendmail receives an NXDOMAIN response, it treats that as a permanent, 5xx failure code. If sendmail gets a timeout/TRY_AGAIN, it will return a 4xx temp failure. This sort of takes us back one more level -- how does the DNS service decide between responding with NXDOMAIN and a timeout/TRY_AGAIN? Dan provided a good answer to this. And does the difference have any real significance? The real significance is that a 5xx response means the other side should give up and never attempt to redeliver that message. A 4xx response means the other MTA will keep retrying for several days. You want to reject spam permanently, and you want to do it as close to the source as possible. Meaning, you don't want to accept the message for relaying to some other machine, then have that other machine reject the message, because then your machine becomes responsible for generating a bounce. Which then clogs up your machine when bounces for spam are not deliverable. It's not clear to me why this would matter if your ISP is the one running the mailserver: they aren't accepting the message in either case, which ought to mean that fetchmail will never see it. None of it is particularly clear to me -- but apparently my ISP's server is not rejecting these messages. You should forward the log messages you showed us to your ISP, and ask them what's going on. Their mailservers should be rejecting the messages for the same reason your mailserver does. [ Hmm, I suppose it could also indicate that you have problems with your local DNS resolver, if you are getting lots of temp failures your ISP isn't. Unlikely, though, but you could test by switching to using their nameservers if you aren't doing so already. ] If all mail servers rejected these messages it would seem to me to make the spammers endeavours rather pointless. Spammers forge mail from legitimate addresses as well, but it certainly helps to reject mail from invalid domains. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Application level inspection - firewall?
Paul Hillen wrote: Quick question, is there an Application Level firewall available to FreeBSD. For some definitions of that buzzword, sure. I understand IPFilter is a stateful packet filter, but has it or any other packages moved to the next level - Application Level Inspection? Squid plus a firewall which blocks or redirects port 80 will serve for HTTP; Postfix or Qmail or whatever plus firewall rules which do the same for port 25 serve as application-level filtering for SMTP (enough to protect that Exchange server some people want to run), etc. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: multi-homing and pf; removing user with uid 0
Marc Cabanatuan wrote: [ ... ] Right now I've got a /27 and I am attemtpting to add 5 addresses of that adress block (ipv4) to the box as either seperate addreses (not aliases to the primary interface) or seperate addresses bound to sub-interfaces. So far I have been unsuccessful and the host told me to use aliases. FreeBSD doesn't let you configure multiple IP addresses within the same subnet. You will either have to use different netmasks, or else use aliases as recommended. I also wish for these settings to stay after (re)boot. See /etc/rc.conf, and add something like: # Sample alias entry. #ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0x" Not to mention they say my firewall is the problem and they couldn't get out to the internet from root console (im using pf and have the rule of 'pass out all'. Hmm. Next thing, a second account just 'showed up' on the box with uid 0. toor:*:0:0:Bourne-again Superuser:/root: - from /etc/master.passwd I suspect it was techs from the host, but I want it off the machine. How do I do this? FreeBSD ships with a toor account available but disabled, which can be useful if someone breaks the shell used by the root account itself. If you want to get rid of it, run vipw. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"