Re: [gentoo-user] New laptop is slow.
Grant wrote: I just finished installing Gentoo on a Dell Vostro 1320 laptop. It has a 2.2Ghz Core Duo CPU, 3GB RAM, and a 7200RPM hard drive. Navigating within firefox is pretty slow. It's the response time of the application, not the network. It's much slower than my previous laptop which has much weaker specs. Now that it's working how do you like the screen, size, etc? That's one of the laptops I've been considering. kashani
Re: [gentoo-user] Anyone using sys-devel/gcc-4.4.1
Stroller wrote: On 1 Oct 2009, at 06:38, Dale wrote: Volker Armin Hemmann wrote: ... gcc-porting helped tho Thanks. What exactly is gcc-porting? Well, duh! It's where you enlarge polish the compiler's intake valves, to improve airflow. Stroller. Do you have to add larger jets to your proprocessor as well? kashani, moto geeks unite!
Re: [gentoo-user] Ultramonkey 3 + Gentoo a Match Made in Hell?
Mike Williams wrote: On Monday 28 September 2009 04:41:08 Nick Khamis wrote: So no Ultramonkey 3 on Gentoo? Anyone? Looks to me like Ultramonkey is just some documentation, and as kashani said, some skeleton configs for Debian. I do not see any actual ultramonkey software or even special sauce. Quite useful documentation though. I do load balancing on Gentoo to Gentoo, pretty much all I needed to get it going was to install heartbeat with USE=ldirectord, compile the appropriate kernel modules, then setup ldirectord. http://www.linuxvirtualserver.org/Documents.html#manuals is particularly helpful, if a bit out of date. Especially the LVS/* pages. The best explanation I found was this thread http://article.gmane.org/gmane.linux.highavailability.ultramonkey/1353 And looking into some of the patches Ultramonkey built, they are based on some much older tools like heartbeat 1.2.4 where as 2.0.7 is current in Gentoo. I'd guess most of the usefulness of Ultramonkey was rolled into the actual packages doing the dirty work... probably so they could retire the stupid stupid name. :-) kashani
Re: [gentoo-user] Ultramonkey 3 + Gentoo a Match Made in Hell?
Nick Khamis wrote: Hello Everyone, Does anyone have any experience building Ultramonley 3 on Gentoo. I downloaded ultramonkey 3 from here http://www.ultramonkey.org/download/3/source/ultramonkey-3-1um.1.tar.gz;. It is in the source folder but Is see no source. I understand how this could be an ultramonkey question just trying my luck on the gentoo forum first. Regards, Ninus I think the issue is that Ultramonkey hasn't updated any software since 2005. And what their calling source looks like a skeleton config for a meta package that'll work only in Debian. kashani
Re: [gentoo-user] Re: OT: iptables w/ 2 web servers
James wrote: So the best I can do is forward all traffic( 80, 443, etc) for the group of websites to a proxy behind the firewall, then use software such as what kashani suggested (proxypass, Squid, ngnix, lighttpd, or Varnish) and parse the traffic with some form of vhosts implementation on a single server (nated IP)? That's not quite correct. Let's assume you don't install anything on the firewall. Instead you'll forward port 80 to a single server internally on port 4080 which you've set Squid, Varnish, Ngnix, or Lighttpd to listen on. internet - firewall:80 - server1:4080 Your proxy accepts the connection and then looks at its config or in most case the proxy is smart enough to use DNS to go to the server it needs. Using DNS might be an issue in your case since the IPs will resolve to the single public IP. site1 - server1:80 site2 - server2:80 site3 - server3:3128 site4 - server1:80 site5 - server123.dreamhost.com:80 site6 - localhost:80 site6/newapp - server7:80 site6/newapp1 - server8:80 and so on. You can really do just about anything here. All connections are going to come through your proxy, but the serving of the pages will be done by the web servers. I would not worry about the number of connections to your proxy, all the proxy solutions list above about are capable of handling a few thousand connections. Here's the link to the Apache proxy module. It should give you some ideas on what you can do. I recommend using some other proxy software than Apache just to simplify the setup and make it easier to hold the system in your head. Also prefork Apache is the slowest and uses the most resources of your options which is another reason to use a seperate proxy. http://httpd.apache.org/docs/2.2/mod/mod_proxy.html kashani
Re: [gentoo-user] [OT] Good fast IDE hard drive but cheap and BIG.
Dale wrote: kashani wrote: Dale wrote: Hi, I recently got DSL and youtube is growing on me. LOL I been trying to find a really good hard drive that is around 400 to 500Gb and pretty fast. It has to be a IDE drive, you know, the big wide cables. I don't have SATA on this rig. I have a Maxtor that I like and is pretty fast but it appears they are a little hard to find nowadays. In matter of importance: size, price, speed. Newegg is great but will consider others as well. Thanks for any pointers. Open to ideas. SATA PCI card should be $20. I'd then go with a SATA II drive. kashani I been looking at these cards on newegg. I haven't had a SATA drive before and confess I don't know a lot about them. They are faster and have little bitty cables. I'm looking at this one: http://www.newegg.com/Product/Product.aspx?Item=N82E16816124003 I notice that it has two internal and two external connectors. Can I assume that the eSATA means external or is that something else? Also while I have the link and you are most likely looking at it, is this a good fast card? It appears to be a pretty recent revision since it also says SATA II. http://en.wikipedia.org/wiki/ESATA esata is different sort of connection, but a number of new external drives are starting to support it. This looks to be your best choice. http://www.newegg.com/Product/Product.aspx?Item=N82E16815102102cm_re=pci_sata_II-_-15-102-102-_-Product I assume that any motherboard that does not support SATA also does not support PCI-E or PCI-X, but you should make sure that you have a free slot and verify that slot type before buying something. kashani
Re: [gentoo-user] [OT] Good fast IDE hard drive but cheap and BIG.
Dale wrote: USB. There is another idea. Ooops, out of USB plugs too. Crap, I can't put in a drive without buying something to plug it into. LOL I do have USB 2.0 on here. I have to have 2.0 for the printer but my camera has to have 1.0. Weird I know. Perhaps it's new or at least newer computer time? kashani
Re: [gentoo-user] Re: [OT] Good fast IDE hard drive but cheap and BIG.
Dale wrote: I also remember this from way back when I was working on puters. I got a new job when winder 3.1 came out. Anyway. If a electronic device can survive the first couple to six months of usage, they usually last a while from the electronic point of view. That is short of spilling your Yep, it's been studied and even has a a fun name. http://en.wikipedia.org/wiki/Bathtub_curve kashani
Re: [gentoo-user] OT: iptables w/ 2 web servers
James wrote: Hello, I have one static IP with DNS (primary and secondary) performed by my isp. I'm setting up a second web server with a different domain name. It is setup already by the ISP for DNS. Could someone post some simple iptable examples of how to route 2 different web server traffic streams to 2 different machines? Both are inside the same DMZ2 different machines with different (NAT) IP addresses. Right now, all port 80 traffic is auto forwarded to a single NAT address on the firewall. Simple. Now I have to figure out how to forward different web traffic streams to 2 different NAT ip addresses, each on a different ip address and a different machine. I do not want to put the sites on the same machine, for a variety of reasons, beside one machine moves in a few months to a different physical location (and network numbers). Suggestions or a good book for example would be keen. I use raw IPtables/netfilter on the firewall. All servers are gentoo. I'm not sure it's possible via firewall rules because they are operating at the IP level and you'd really need to be doing deep looks into the packets to read the http request headers in order to figure out which server should be getting the connection. The simplest solution is to run a reverse proxy on your firewall that actually accepts the http connection, reads the http request, and then forwards it on to the correct web server. You can do this in apache via proxypass, Squid which is your most powerful and flexible option, ngnix, lighttpd, or Varnish. There are some security concerns with this type of setup, ie running daemons open to the public on your firewall, reverse proxies need to be locked down, hard to do IP based restrictions on the webserver, etc. kashani
Re: [gentoo-user] [OT] Good fast IDE hard drive but cheap and BIG.
Dale wrote: Hi, I recently got DSL and youtube is growing on me. LOL I been trying to find a really good hard drive that is around 400 to 500Gb and pretty fast. It has to be a IDE drive, you know, the big wide cables. I don't have SATA on this rig. I have a Maxtor that I like and is pretty fast but it appears they are a little hard to find nowadays. In matter of importance: size, price, speed. Newegg is great but will consider others as well. Thanks for any pointers. Open to ideas. SATA PCI card should be $20. I'd then go with a SATA II drive. kashani
Re: [gentoo-user] Re: trying to track down broken dependency
Torsten Veller wrote: * kashani kashani-l...@badapple.net: 3. Doctored up portage.mask to mask the errant virtuals =virtual/perl-Digest-SHA-5.47 =virtual/perl-Test-Harness-3.17 Thought grumpy thoughts at developers who let packages into ~x86 with completely broken deps. Hard mask that crap next time. There are no broken deps and there is no crap that should be masked. When building bugzilla-3.4.1-r1 which requires ~x86 I have to unmask a number of perl modules. Two of those modules, listed above, attempt to pull in perl-5.10.1 which isn't in portage. Hardmasking packages that require dependencies that don't exist makes sense. If you'd like to explain otherwise a little more data other than cause I said so is required. kashani kash...@www01 /usr/portage/dev-lang/perl $ cat /usr/portage/virtual/perl-Test-Harness/perl-Test-Harness-3.17.ebuild # Copyright 1999-2009 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/virtual/perl-Test-Harness/perl-Test-Harness-3.17.ebuild,v 1.2 2009/08/25 10:56:52 tove Exp $ DESCRIPTION=Virtual for Test-Harness HOMEPAGE=http://www.gentoo.org/proj/en/perl/; SRC_URI= LICENSE=GPL-2 SLOT=0 KEYWORDS=~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd IUSE= DEPEND= RDEPEND=|| ( ~dev-lang/perl-5.10.1 ~perl-core/Test-Harness-${PV} ) kash...@www01 /usr/portage/dev-lang/perl $ ls ChangeLog Manifest files metadata.xml perl-5.8.8-r5.ebuild perl-5.8.8-r6.ebuild
Re: [gentoo-user] trying to track down broken dependency
Michael Higgins wrote: Perl 5.8 is at end-of-life. Gentoo volunteers are *very* (PAINFULLY) slow in getting 5.10 into the official tree. They unfortunately need all the help they can get, since this is a major failure of Gentoo to keep up with the upstream developers and (FWIW) other distros. This isn't news, BTW... Please report the error on b.g.o., so the perl herd (or whoever is really doing the work now) can fix the problem. Also, #gentoo-perl is the only place to get any real help on these gentoo-perl issues... (devolution to IRC chat being yet another systemic failure, IMO, but that's the place the folks making these mistakes may communicate with users). Better yet, take the plunge and go on to install 5.10.1 from the perl-experimental overlay (good luck with *that*) and report how you fixed any issues you come across. It's only going to get to be a worse mess unless everyone who is able picks up the slack for these guys. And you will have to upgrade eventually anyway... so why not now? My $.02, not terribly helpful though, I suppose. :( FWIW I'm also running RT and it's 200 odd Perl module dependencies on the same machine. I can assure you that I have no interest in updating the whole stack to perl-5.10 and the QA nightmare that will require. I solved this the old fashioned way after a bit of coffee this morning. Still seems like Portage should be smart enough to tell about the missing dep if I asked it correctly. 1. created fake perl-5.10 ebuild which was really just renaming perl-5.8.8-r2 and commenting out any {$PN} patches so I didn't need to make a bunch of fake patch files in files/. This allowed portage to tell me what was requiring perl-5.10 instead of bombing out. 2. Figured out that while the virtual/perl packages weren't specifying perl 5.10 the actual perl-core were which is why it didn't make sense earlier. 3. Doctored up portage.mask to mask the errant virtuals =virtual/perl-Digest-SHA-5.47 =virtual/perl-Test-Harness-3.17 Thought grumpy thoughts at developers who let packages into ~x86 with completely broken deps. Hard mask that crap next time. 4. Add the needed packages in portage.keywords and make it pretty and organized. # bugzilla and deps for bugzilla-3.4.1-r1, added 20090919 www-apps/bugzilla dev-perl/Daemon-Generic dev-perl/DateTime-TimeZone dev-perl/Data-ObjectDriver dev-perl/File-Flock dev-perl/TheSchwartz perl-core/Module-Build perl-core/Test-Harness virtual/perl-Module-Build virtual/perl-Test-Harness And now I've got a fancy new bugzilla. kashani
[gentoo-user] trying to track down broken dependency
kash...@www01 ~ $ emerge -pvt bugzilla These are the packages that would be merged, in reverse order: Calculating dependencies... done! emerge: there are no ebuilds to satisfy ~dev-lang/perl-5.10.1. (dependency required by perl-core/Module-Build-0.35 [ebuild]) (dependency required by dev-perl/DateTime-TimeZone-0.98 [ebuild]) (dependency required by www-apps/bugzilla-3.4.1-r1 [ebuild]) (dependency required by bugzilla [argument]) I don't see anything in man emerge that would help me track down the missing dependency. Is there any easy way to do this or do I have to track it down the Modeule-Build dependency tree which looks to be the culprit. kashani
Re: [gentoo-user] trying to track down broken dependency
Paul Hartman wrote: On Fri, Sep 18, 2009 at 5:40 PM, kashani kashani-l...@badapple.net wrote: kash...@www01 ~ $ emerge -pvt bugzilla These are the packages that would be merged, in reverse order: Calculating dependencies... done! emerge: there are no ebuilds to satisfy ~dev-lang/perl-5.10.1. (dependency required by perl-core/Module-Build-0.35 [ebuild]) (dependency required by dev-perl/DateTime-TimeZone-0.98 [ebuild]) (dependency required by www-apps/bugzilla-3.4.1-r1 [ebuild]) (dependency required by bugzilla [argument]) I don't see anything in man emerge that would help me track down the missing dependency. Is there any easy way to do this or do I have to track it down the Modeule-Build dependency tree which looks to be the culprit. kashani What version of bugzilla are you trying to emerge? That perl is newer than any I see in my portage. Are you using an overlay? www-apps/bugzilla-3.4.1-r1 seems to emerge fine and works with perl 5.8 here. I'm trying to get bugzilla-3.4.1-r1 (or 3.4.1) to work which is just ~x86 and not any overlay. I'm planning to update a system in Nov and wanted to play with the latest build at home. Mostly interested in 3.4.1 since the API is a bit newer and not completely backwards compatible. Has a few nice things in it though. Module-Build-0.35 doesn't seem to require perl 5.10 in the ebuild so it must be a dependency of a dependency. Same in DateTime-TimeZone. I'd like portage to tell me where the dependency tree is breaking, ie which package is asking for perl-5.10, so I can mask or futz with the ebuild for that package appropriately. kashani
[gentoo-user] Courier-imap-4.5.0 noticeably faster than 4.0.6
Ran into some issues updating to courier-imap-4.0.6-r3 on my VPS so I decided to take the plunge and go straight to 4.5.0 which is unstable. 4.5.0 is much faster and Thunderbird barely registers email in the Inbox before the messages are moved to the appropriate folder. My installation is also a combination of cyrus-sasl, authdaemon from courier-authlib, Mysql based virtual accounts, ssl certs for imap and smtp, and Postfix. No changes were needed in courier-imap config files other than restoring imap.conf settings. I don't think Courier-imap is faster than Dovecot based on other people's experience, but has rather reached speed parity with it. If you're already on Dovecot and happy, stay, if you've been thinking about Dovecot but have a complex system to move I'd recommend trying the upgrade to 4.5.0. I also update gamin and use +fam with courier-imap which might affect the overall speed. The update from 0.1.9 to 0.1.10 doesn't look like it would account for the increased speed. kashani
Re: [gentoo-user] Gentoo, MySQL, UltraMonkey Clusters
Nick Khamis wrote: I should also point out that we are interested in load balancing and high availability. Regards, Ninus. Alright there's a lot going on here so I'm going to break down the last ten years of dealing with sort of thing into three pages. :-) Stability vs Flexibility I'm a start up guy (five and counting) so I always prefer flexibility, but you need to decide based on your application. Also depends on how much money you have to build in fault tolerance, back ups, etc. You yourself as the admin also need to be disciplined in your methods. That means having actual QA processes, test/stage VMs, unit tests, and being able to enforce those processes. Gentoo allows enormous flexibility and being able to have things like glibc-2.9 immediately while RHEL4 shipped with 2.3 and RHEL5 with 2.5 means you can take advantage of incremental fixes in NPTL that is missing in stable distros. Also having gcc-4.4 is a big win on modern processors. Mysql Definitely go with Mysql 5.1 and hell if you're going to be building your own or if it's already in an overlay somewhere look at Mysql 5.4. Basically it's 5.1 plus the Google, Percona, and everyone else that has been rolling custom patches for Mysql. If you don't want to be that far out on the bleeding edge look at using Percona's build, linked below. If you want to go way way way out to the bleeding edge and can wait a year to ramp up, Drizzle is very interesting. http://dev.mysql.com/tech-resources/articles/mysql-54.html http://www.percona.com/percona-lab.html http://www.mysqlperformanceblog.com/ http://drizzle.org/wiki/Drizzle_Features High Availability Round Robin db masters almost never works unless you've designed your schema from the ground up to work that way. If you're wondering if yours was, it wasn't. Even when you do it right it can be flakey. Easier and simpler to write to one master which then writes to a number of slaves. If you want to get fancy to you can have two round robin masters with two slave each. When a master fails you need to point to the other master as well as pull the two slaves from the broken master out or rotation. How to accomplish that is up to you, but I prefer a somewhat manual process. Swapping masters around automatically is usually a good way to end up with corrupt data somewhere. YMMV. Simple round robin VIPs should work with your Mysql slaves. Not sure if Ultramonkey does that. Connection pools usually suck and I wouldn't bother with them as modern OS threading makes it nearly pointless. Make sure your application is closing Mysql connections properly which I've had issue with far too often. Storage Engines in Mysql Sphinx Don't use myisam tables for full text searches. Hell if you have the time don't use your database for full text search, but if you do look at using the Sphinx full text engine. You'll need to build the plugin yourself. Innodb Use the innodb plugins, it's much faster Myisam Don't use. Really. xtradb Innodb fork by Percona. Looks interesting and I have tried it. Things to remember about databases Buffers are configured on a per storage engine basis. If you give 12GB to Innodb you can't also give 12GB to Sphinx... unless you have a 32GB machine. RAID 10 is your friend, but RAM is almost always better *if* your database will fit into RAM. Make sure your RAID card has battery backup, write cache on your disks is turned off, and that you actually check your RAID card's config to make sure cache is turned on an DMA or whatever is enabled. It's almost never correct out of the box. Fixing your queries, index, and schema is 10-100x more effective than dicking around with Mysql settings, custom compile, and hardware tweaks unless you've done something really moronic. mysqldump will not give consistent backups of Innodb. Use a slave, stop the slave, take a backup preferably through LVM snapshotting so it doesn't take forever, bring the slave back up and put it into rotation. Stored procedures will make your life difficult. It's easy to say code-1.3.2 is on production. It's hard to say code-1.3.2 and stored-procs-1.1.1 are on production when the push process is different, the teams are different, etc. You *can* manage it, but given a choice it buys you very little and I never meet a DBA that didn't like to tweak things directly. Hell I've meet far too many that needed to taught how to checkin code. kashani
Re: [gentoo-user] Gentoo, MySQL, UltraMonkey Clusters
Nick Khamis wrote: We are looking to set up a cluster that uses MySQL, UltraMonkey and yours truly Gentoo. Where best to check first then the group of the O.S. of choice. Anyone have any feedback, comments, advice etc... please send them this way. We are looking to set it up for free as in beer so which MySQL version should I use, UltraMonkey etc... Documentation, guides, sense of directions will be humbfully received! The problem right now is that Mysql 5.1 isn't the normal Gentoo tree, just 5.0. I say start with the database you plan to use for the next five years. Going with 5.0 at this point doesn't make much sense unless you really want to transition with real production data in the next year. I expect one of the overlays has 5.1 and I'd attempt to use that. What sort of application are you setting up? What sort of Mysql setup are you looking for? Not a lot to go on here. kashani
Re: [gentoo-user] Bogon List
Grant wrote: I was just reading about the Bogon List here: http://www.webmasterworld.com/webmaster/3978016.htm and I'm wondering if I could be using it on my Gentoo server in any software I'm running. Does anyone know if it shows up in the shorewall or apache2 config anywhere? - Grant If I were going to attempt to use it and didn't want to maintain it, I'd use this service. http://www.team-cymru.org/Services/Bogons/routeserver.html Then it's a matter of peering with their route server and injecting null routes into your routing table which might be complicated if you weren't a network engineer at an ISP in another life. :-) It's not actually that hard, but most of the documentation assumes you have some idea how more than just static routing works. Or you can just cron a weekly/monthly wget of http://www.cymru.com/Documents/bogon-bn-agg.txt and set it to alert you if the md5sum changes. kashani
Re: [gentoo-user] Bogon List
Grant wrote: I should have been more specific. That link I posted discusses how blocking the Bogon List can cause problems as some of the IPs on the list come into use. I'd like to not use it at all, and I'm wondering if I'm using it as part of a default setup of shorewall, apache2, or other software. Do you know of any software that uses it by default? - Grant Ah. Yeah shorewall turns it on by default unless that's changed. You should be fine if you keep Shorewall updated which installs a new bogon file or you can turn it off. http://sourceforge.net/mailarchive/forum.php?thread_name=4404A628.1010301%40shorewall.netforum_name=shorewall-users I can't think of anything other than firewall rules that include their own bogon filter because they do go out of date within a year or two. kashani
Re: [gentoo-user] gentoo sites go down too much!
Dan Farrell wrote: On Thu, 13 Aug 2009 20:05:07 +0200 pk pete...@coolmail.se wrote: gentoo.org works for me (both this afternoon, around 15.00 and right now, 20.03). f.g.o. also works right now. g-w.com also works. Your're all right; the gentoo.org thing must have been a transient hiccough somewhere between me and them. Forum is working fine too. I was too quick to criticize. Also, gentoo-wiki _just_ came back up, apparently. Nevertheless I think anyone who uses it agrees that it goes down _too_much_. I know, these aren't the gentoo people on the wiki. I'm more concerned with the hole it leaves when it disappears than I am with pointing fingers. I'd like to see the conversation about Gentoo hosting docs in a wiki rather than the XML stuff we've got now picked up again. My time is limited and I'm not going to learn a whole doc system when I can just fix the docs in a tenth of the time it takes to even figure out where to get the Gentoo docs in order to edit them. Hell someone can wiki - xml the thing and create official releases every couple of months while the wiki docs continue on as unstable releases. kashani
Re: [gentoo-user] Website disabling right click
Dale wrote: They may have cheap prices but their website sucks. May be cheap to get customers to put up with their crappy site. LOL Get a better website, may get customers and make more cash. :/ This type of nonsense is pretty standard with industrial non techy or general consumer sites. I buy a lot of motorcycle parts and tools. Almost every site that isn't online only is as bad as this site or worse. kashani
Re: [gentoo-user] [OT] Rusty on MySQL specifics
Alan McKinnon wrote: On Monday 13 April 2009 22:10:20 Mick wrote: Hi All, I am not sure if I am alarming myself unnecessarily, but this is what I observed: Login as e.g. mick; (this is a unix acccount) mysql -u root -p Enter password: XX mysql GRANT ALTER, CREATE, CREATE TEMPORARY TABLES, CREATE VIEW, INDEX, INSERT, SELECT, UPDATE ON database1.* TO 'db_user1'@'localhost' IDENTIFIED BY 'passwd1'; Query OK, 0 rows affected (0.00 sec) mysql FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec) mysqlquit Now if I login into database1 as db_user1 and then press the up arrow key at the mysql prompt I end up seeing all the previous commands that I ran as root, including the 'passwd1'!!! Isn't this a rather serious security problem? How could I do it differently? Not at all. What you are seeing when pressing the up arrow is not commands stored by MySQl, but commands stored by your shell. It's complex to explain, so bear with me: I don't know about complicated. cd more .mysql_history Works just like .bash_history kashani
Re: [gentoo-user] Re: {OT} TCP or UDP?
Etaoin Shrdlu wrote: On Tuesday 24 February 2009, 18:21, Florian Philipp wrote: Nikos Chantziaras schrieb: Grant wrote: How can I find out whether I should be specifying TCP, UDP, or both for iptables (shorewall) config? By knowing the application's protocol for which you write the rules for :P [...] So you have to research a bit to see if the application uses TCP or UDP. You can also have a look at /etc/services which lists the more common protocols and their ports. Or even sniff the traffic and see which protocols are used. You're going to miss stuff that way. Take for example a DNS server. Normally requests are UDP over port 53. However once your request exceeds 512 bytes TCP is used on port 53. That rarely happens and in fact many ISPs don't seem to be aware that this can happen. Chances are you're going to find almost everything you need at http://www.shorewall.net/Documentation_Index.html which is going to far better than trying to cobble everything together yourself. kashani
Re: [gentoo-user] Oracle10g install on current gentoo
Konstantinos Agouros wrote: Hi, I tried to install Oracle10g 10.2.0.1 on a gentoo box. Install ran through until it tried to start the tnslistener. That would get stuck in an endless loop it seems with tnslistener running at 100% CPU. strace telling me it is calling times() endlessly. Anybody got a clue what I am doing wrong? Did you install all the compat packages it requires? I would use this site as a base for installing all the packages you will need on Gentoo. http://www.puschitz.com/InstallingOracle10g.shtml kashani
Re: [gentoo-user] Re: Gentoo's advantage: 'optimized for your system' -- huh?
Volker Armin Hemmann wrote: because it kept the 'i am too cool to read the docs' idiots away. Being forced to read the documentation is a good thing - and it did not hurt gentoo's popularity. Only after it started to catering to idiots and more and more of loud mouthed 'I am the centre of the universe, I don't need to read docs, use google or bugzilla. I demand an answer and help NOW' assholes came on board, the popularity went down. The above statement is ridiculous and I've said my piece on it several times. Not worth the bother of debunking it yet again so I'll just link the infamous Elitist Chowderhead thread from four years ago. http://thread.gmane.org/gmane.linux.gentoo.user/109660/focus=109984 What people forget is that a well built installer has to run through a number of steps that get you a running system. Ideally a system that has exactly what you expect to be installed and how. Whether this is a GUI, ncurses based, whatever is besides the point. An installer project builds a set of tools that eventually can be used to install hundreds of machines in a uniform way and that is damn useful. kashani
Re: [gentoo-user] problem with mail server
Marcin Nis'kiewicz wrote: Hello I'm testing mail server with mysql backend. Generally it works quite well. But from time to time during testing, single mails can't be send because of smtp errors: in mail.log Feb 3 13:47:37 mail postfix/smtpd[28339]: NOQUEUE: reject: RCPT from unknown[ip]: 451 4.3.0 u...@domain.org: mailto:piotr...@kujawy.com.pl Temporary lookup failure; from=u...@domain.org mailto:piotr...@kujawy.com.pl to=u...@domain2.org mailto:piotr...@kujawy.com.pl proto=ESMTP helo=domain.org http://domain.org in mail.warn Feb 3 13:47:37 kurier4 postfix/trivial-rewrite[2438]: warning: transport_maps lookup failure when I check transport_map: postconf | grep transport_map address_verify_transport_maps = $transport_maps fallback_transport_maps = mailbox_transport_maps = mydestination = $myhostname, localhost.localdomain, $transport_maps proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks transport_maps = mysql:/etc/mail/sql/mysql-transport.cf http://mysql-transport.cf my /etc/mail/sql/mysql-transport.cf http://mysql-transport.cf looks like that: user = postfix password = password dbname = maildb table = transport select_field = destination where_field = domain hosts = 127.0.0.1 Generally I'm thinking that it could be mysql error - but there is nothing wrong in its error log... I set really big limit of concurrent connections max_user_connections = 1000 So what can be wrong? Any ideas? Thank in progress for any help best regards nichu I think you've got a couple of problems, but none of them individually jump at as the cause of your problems. However making these three changes together might help. 1. Turn your max_user_connections in Mysql down to something sane. Default is 100 which is fine unless you're also running a web app against the same Mysql instance. 2. Use proxy in your Mysql connections from Postfix. Postfix can be configured to open a connection to Mysql and keep it open. Basically acts a connection pool and keep Postfix from opening hundreds of connections to Mysql on a very busy server. I recommend *always* using the proxy: statement anytime you're connecting to Mysql from Postfix. Your new transport_map statement will look like this. transport_maps = proxy:mysql:/etc/mail/sql/mysql-transport.cf Generally you shouldn't be running into connection issues because you're hitting Mysql on localhost which means it'll default to a socket connection. It's possible that opening a new session is taking to too long occasionally and using proxy should alleviate that. 3. You're using Postfix 2.1 or earlier query syntax. Hell it might even be Postfix 1.x syntax. This is the new syntax for Postfix 2.2 or better. This really isn't a problem, but the new syntax is far more powerful and suspect bugs that creep into the parser around old syntax aren't noticed or getting fixed. user = postfix password = password hosts = localhost dbname = maildb query = SELECT destination FROM domain WHERE domain='%s' I'm not sure what how-to you've been using, but I'd look at a few others to see some of the other options available. The one you're using seems to be pretty far out of date. While not wrong in any way it isn't taking full advantage of the last seven years of updates in Postfix. kashani
Re: [gentoo-user] Gentoo's advantage: optimized for your system -- huh?
Grant Edwards wrote: Whenever I see a write-up of Gentoo, it's describe as a system similar to BSD ports where you build packages from source. The main benefit claimed for this approach is that you get better performance because all executables are optimized for exactly the right instruction set. Where did that bit of apocrypha come from, and why is it parroted by so many people? IIRC as late as 2001 almost all distros were primarily built for i386 there were definite improvements to be had by moving to i686. For things that do complicated math like Mysql, openssl, etc there were noticeable improvements. Apache likely doesn't benefit at all from anything beyond i686, but things like video encoding/decoding do have code that can take advantage of mmx, sse, etc. Additionally when NTPL hit glibc-2.3 Gentoo was one of the first distros that let you move to a NTPL glibc which practically doubled Mysql performance in our environment. Not instruction based, but most other distros required waiting an additional six months for a release to get this. kashani
Re: [gentoo-user] Re: gentoo mail server
James wrote: It's fully virtual, supports smtp and imap over ssl, sasl, skipped TLS, and easy to manage. I do not recommend the Gentoo Virtual How-to, it's ancient and silly. Is this the page your refer to? http://www.gentoo.org/doc/en/virt-mail-howto.xml Yep and the things I don't like are: 1. password stored in clear text 2. complicated use of pam_mysql rather than using sasl's DBD layer directly 3. No admin interface 4. Have to edit /etc/postfix/main.cf to add domains rather than rely on the database lookup. 5. Lack of useful troubleshooting section I used to have a how-to on gentoo-wiki which I need to recreate. Maybe this weekend. Very cool. In regards to stability... don't update right away. When Postfix 2.6 comes out, give it a month. Or play with it in a virtual server. Same with Mysql 5.1. Or whatever. I've run three separate companies on Gentoo and never had much of an issue though I always had a test/stage/qa environment of some sort. Also keep an eye on the forums and this mail list. That'll usually give you a heads up when an update isn't quite right. Well all of this is great news. I've pretty much decided to build a postgtres mail server, mostly like what you have outlined.. I'm likely to set up a second, duplicate machine for testing. I've never done it with Postgres, but I know PostfixAdmin supports it so it shouldn't be too hard. I think Steveb had it working at somepoint. Do you use a regular gentoo kernel, hardened setup, or what packages to keep the mail server tightly secure? I generally found that keeping Webapps and users off you mail server was good enough security. Also when building most of this stuff years ago the hardened kernels were a bit painful. Probably much easier now. kashani
Re: [gentoo-user] gentoo mail server
Tom Brown wrote: Hey guys, I've been using gentoo on my desktop for several months now. I works great. It cut five minutes off my build time when I build our product tree. It went from 20 to 15 minutes. I setup our email server using Debian. Its been solid as a rock and very low maintenance. However, it provides an antiquated environment. I'm looking at using gentoo for the email so I'll have an up-to-date system. Peformance is fine on the Debian system, but hey, faster is always better. I was hoping you guys could give me warm fuzzies about stability and maintenance with gentoo when it comes to a production server. What about major upgrades? If I keep the system updated regularly, is a major upgrade necessary? I've been running a Gentoo mail server for either work or personal use and usually both since 2001. No real problems, but you do have to watch some updates especially sasl and courier. My current system is Postfix-2.5 At minimum I'd use Postfix-2.2 which has the better syntax for your virtual statements. Postgrey for greylisting, had some issues with sqlgrey. PostfixAdmin, because using phpmyadmin to manage your accounts and domains is futile. I'm still on 2.1 and need to check out the newer version. Requires PHP and a webserver. courier-imap and cyrus-sasl. Thinking about moving to Dovecot since you can use dovecot-sasl with Postfix under Gentoo. Mysql5 It's fully virtual, supports smtp and imap over ssl, sasl, skipped TLS, and easy to manage. I do not recommend the Gentoo Virtual How-to, it's ancient and silly. I used to have a how-to on gentoo-wiki which I need to recreate. Maybe this weekend. In regards to stability... don't update right away. When Postfix 2.6 comes out, give it a month. Or play with it in a virtual server. Same with Mysql 5.1. Or whatever. I've run three separate companies on Gentoo and never had much of an issue though I always had a test/stage/qa environment of some sort. Also keep an eye on the forums and this mail list. That'll usually give you a heads up when an update isn't quite right. kashani
Re: [gentoo-user] Tips/Tricks for Gentoo on low-spec computer?
Grant Edwards wrote: I'm in the process of installing Gentoo on a rather old machine. It's an old HP Pavilion with a 450MHz Celeron Mendocino and 256MB of PC133 SDRAM. I'm using an nVidia PCI FX6200 video board instead of the i810 on-board chip, and it's got a decent hard drive (160GB). I was wondering if there were any particular tips/tricks for getting the best performance out of such a machine. It's to be used for basic word processing and a few games. Hopefully the nVidia 6200 will allow OpenGL to run fast enough for something like TuxRacer. I chose XFCE for the desktop along with both Abiword and OpenOffice. I probably should have installed OOo from a binary package, but I decided to build it just to see how long it would take (so far it's at about 26 hours and counting). I usually just pull the drive and put it in a faster computer. Build the OS with conservative CFLAGs and swap the drive back when done. I've rarely had issues with this. kashani
[gentoo-user] baselayout and openrc issues from inside a vserver
I've been putting off the openrc upgrade on my vserver account for some time and think it's finally come around to bite me. Here's the info. I don't run the host OS only the vserver. The latest changes to profiles depreciated my old profile last night so I updated. I'm now using /usr/portage/profiles/default/linux/x86/vserver as eic-sync suggested. The issue appears to be that baselayout-vserver has been masked by /usr/portage/profiles/package.mask with this message. - sys-apps/baselayout-vserver-1.11.14-r4 (masked by: package.mask) /usr/portage/profiles/package.mask: # mask pending removal # Benedikt Böhm hol...@gentoo.org (10 Jan 2009) # baselayout-vserver is unmaintained and obsoleted by # baselayout-2/openrc. please upgrade. removal in 30 days. That makes sense, but my vserver profile has masked baselayout-2. !!! One of the following masked packages is required to complete your request: - sys-apps/baselayout-2.0.0 (masked by: package.mask) /usr/portage/profiles/targets/vserver/package.mask: # Benedikt Boehm hol...@gentoo.org # Mask baselayout in vservers. Use baselayout-vserver instead! I suspect I need to change my profile to something that isn't vserver, but I haven't been able to find any docs or post of how to proceed. kashani
Re: [gentoo-user] Reconciling users and services
Grant wrote: mysql only needs to connect to a daemon running on the same system, and I think it does so via a unix socket as opposed to tcp. I can see from netstat that /var/run/mysqld/mysqld.sock is connected, there is no mention of a tcp mysql connection, and nmap does not show a mysql port to be open. Is there anything else I should do as far as locking down mysql? I'm the only one with shell access to the system. mysql should be running as a non-root user (probably mysql) and for what you use, should be listening on localhost only. If you need to connect over the How can I check to make sure mysql is only listening to localhost? It doesn't show up with nmap. - Grant sudo netstat -ptln It' also works without sudo, but then you don't see the process associated with the open TCP port. kashani
Re: [gentoo-user] baselayout and openrc issues from inside a vserver
Willie Wong wrote: I think you should file a bug and see what the devs say. As far as I see, default/linux/x86/vserver and default-linux/x86/vserver as well as targets/vserver/ have not been touched for about 9 months now. Something is amiss with regards to vserver. W Yeah I don't see any changes in the profliles now that you mention it so it must be this entry from /usr/portage/profiles/package.mask that started the problem. # mask pending removal # Benedikt Böhm hol...@gentoo.org (10 Jan 2009) # baselayout-vserver is unmaintained and obsoleted by # baselayout-2/openrc. please upgrade. removal in 30 days. sys-apps/baselayout-vserver If I comment that out, I can at least keep working on the system until I figure out which way to proceed. kashani
Re: [gentoo-user] baselayout and openrc issues from inside a vserver
Peter Alfredsen wrote: On Mon, 19 Jan 2009 10:28:05 -0800 kashani kashani-l...@badapple.net wrote: I've been putting off the openrc upgrade on my vserver account for some time and think it's finally come around to bite me. Our vserver team had this to say about it on -dev a few days ago. - - baselayout-2/openrc isn't stable yet, in fact it's even masked in profiles/targets/vserver/package.mask i don't care. baselayout-vserver is a hack, the vserver profiles are deprecated since ages (although i think the restructuring revived them), and the vserver team (that's only me currently) doesn't support anything else beside openrc. Greets, Bene So, you should probably migrate to the normal profiles as recommended by the vserver howto: Whoops, missed the link to the vserver howto: http://www.gentoo.org/proj/en/vps/vserver-howto.xml Unfortunately that doc isn't very up to date or very well written. Hell the mentioned baselayout 1.13 doesn't even exist in portage. It appears that I should. 1. Change profile from vserver to server so I don't have to go mucking about in package.mask 2. emerge -C baselayout-vserver emerge baselayout-2 openrc 3. clean up openrc baselayout issues. 4. Make backups, restart, and hope it doesn't explode. That sound about right? The other side is that I have no control over the host OS, I just pay for a hosted vserver. Is any of this goes to have issues if I update the quest and the host is not aware? kashani
Re: [gentoo-user] non-PHP webmail in portage?
Grant wrote: Does anyone know of a good (or OK) webmail client in portage that doesn't use PHP? I use squirrelmail now but I have PHP installed only for that and I think PHP slows apache2 down a bit. - Grant I don't think you'll find anything faster except maybe written in C, which is doubtful. The only other language you might find webmail written in is Perl/CGI and that is definitely not faster in my experience. PHP is about as good as you will get IMHO. I actually don't mean to speed up squirrelmail and PHP. The main function of that system is to run a website in perl, and I thought I might be bogging down apache2 a bit just by opening it up to PHP interpretation (-D PHP). Is that the case? It would also be nice not to be exposed to PHP exploits. It just seems kind of silly to maintain and run PHP just for webmail. - Grant Adding -D PHP makes your memory footprint larger, but unless you're actually using PHP that's the only side affect of loading it. If you're concerned about security, make sure you're using the sushosin USE variable and keeping PHP and Squirrelmail up to date. Regardless of which language or mail package you use you're going to have to keep them updated. One other thing to think about is whether or not finding a Perl webmail system is going to make your life any easier. Say you do find one and it installs a ton of Perl modules like all Perl applications. Some of those will be updates of Perl modules that your actual site depends on which may or may not break the site. Now you've got two applications to QA when you update any Perl module that is a dependency of both. kashani
Re: [gentoo-user] non-PHP webmail in portage?
Grant wrote: Does anyone know of a good (or OK) webmail client in portage that doesn't use PHP? I use squirrelmail now but I have PHP installed only for that and I think PHP slows apache2 down a bit. - Grant Have you installed dev-php5/eaccelerator for caching PHP opcode? That's probably more useful than swapping the underlying language your webmail client in implemented in unless your system is completely starved for RAM. kashani
Re: [gentoo-user] Re: kernel config hell
Hung Dang wrote: I would suggest to follow the Gentoo handbook first. Leave all options you are not sure as default, using lspci to find out more about your hardware specifications. From my experiences I will make sure that the kernel is bootable first then adapt it to hardware later. Use modules or not is your choice, both ways work fine. If you want to make sure that thing is stable, you can back up your old config later then have a bunch of test kernels to test. The help from kernel config interface does help you to get a general idea about what is the purpose of the option. Not everyone can get the kernel work for the first try, do not panic. Once you get through the first time, thing will go more smoothly than you thought. It happened to me one year before but now it take me about less than 10 minutes to have the new kernel configured in my computer. Good luck, I'll second what Hung said, getting your kernel right takes a bit of time. However I'll add a few points. Back in the day I used to build super stripped down kernels, but eventually realized it was kinda ridiculous. Why spend almost thirty hours for almost no real world gain other than driving yourself insane? It was almost worth my time on a Sparc5 with 64MB, but today you're better off spending your time cooking dinner and spending the $20 you saved vs the restaurant on RAM. Well maybe you'd need to do that twice. :-) On the other hand I learned a fair amount about what not to screw with by ripping everything out. If you want to go that route, it'll take you around a week to make almost all the mistakes. Realize this will happen and then enjoy the process. I also recommend taking notes or you'll keep repeating your mistakes. The other thing is don't get carried away in stripping things out of your kernel. Need to mount and ISO, oops you removed loopback support. Need to make your machine into a DHCP server, oops your removed (gah I should remember this) sockets (i think). Need to use OpenVPN, oops you removed tap/tun interfaces. The list goes on and on. Yeah you can install those as modules once you figure out that they are missing which can be frustrating when the errors aren't very clear. My advice is take the middle path. Cut the complete crap out like parallel ports, ISDN, and SCSI cards that aren't actually in your system. Leave most of the rest alone for the most part unless you're pretty sure you know what it is. As you get a bit more comfortable and have a history of working kernels you can experiment more. kashani
Re: [gentoo-user] Best website backup practice
Mick wrote: On Wednesday 17 December 2008, kashani wrote: Momesso Andrea wrote: So there is no way if I want to keep the databases runnung? If your database isn't terribly busy I'd setup a second Mysql instance on the same machines and make it a slave of your primary. Then when it's time to backup you can stop the slave and make a backup without disturbing the master instance. Aha! Never done this. How would you go about it? To be honest I've never attempted it. Most of my recent installations have been large enough where having an actual backup server was a requirement. However Gentoo does include the /etc/init.d/mysqlmanager startup script. You'd need to muddle through it and figure out how to separate the pid files, suffixes, conf file enough to make it work. When finished you'd want you slave instance running only on localhost and say port 4306. Then you tell it your master is localhost port 3306. Mysql likes to assume localhost is always a socket so you might want to add an entry into /etc/hosts to trick it into connecting via tcp, but I'm not sure if it matters. something like 127.0.0.1 localhost mastermysql.yourdomain.com Additionally be careful with the conf setting in your Mysql installation. I think the standard Gentoo conf uses 64MB of RAM. If you've modified your production copy make sure you keep the slave copy small. You might need to raise the keybuffer in your slave if you have large indexes. I suspect you can ignore most of this in a web application environment, but it's good stuff to keep in mind later on. I'm moving this week and with the holidays I've got no time to try it, but if you have question after the first I'd be happy to help you sort it out. kashani
Re: [gentoo-user] {OT} Why RAID1?
Grant wrote: Do you guys think RAID1 is unnecessary with an SLC SSD drive? No need for RAID1, brand new technology always works right in the first generation. There are never problems. :-D It would be interesting to run RAID1 between an SSD and SATA drive. I wonder what sort of issues the disparity in speed would cause. kashani
Re: [gentoo-user] Best website backup practice
Momesso Andrea wrote: On Wed, Dec 17, 2008 at 10:55:36AM -0800, Kyle Bader wrote: This is a great method that I utilize: http://www.mikerubel.org/computers/rsync_snapshots/ And what about the database? I like LVM snapshotting for databases, but that takes some planning and you have to stop the database. However your mysqlbackup are actually very unsafe because I know for certain that Mediawiki uses Innodb tables. mysqlbackup does not guarantee a lock (I forget the actual details of the issue) for Innodb so your backup could be crap. Chances are you'd be fine on a database that isn't very busy, but don't get in the habit of doing it that way. kashani
Re: [gentoo-user] Best website backup practice
Momesso Andrea wrote: On Wed, Dec 17, 2008 at 01:03:46PM -0800, kashani wrote: I like LVM snapshotting for databases, but that takes some planning and you have to stop the database. However your mysqlbackup are actually very unsafe because I know for certain that Mediawiki uses Innodb tables. mysqlbackup does not guarantee a lock (I forget the actual details of the issue) for Innodb so your backup could be crap. Chances are you'd be fine on a database that isn't very busy, but don't get in the habit of doing it that way. kashani So there is no way if I want to keep the databases runnung? If your database isn't terribly busy I'd setup a second Mysql instance on the same machines and make it a slave of your primary. Then when it's time to backup you can stop the slave and make a backup without disturbing the master instance. kashani
Re: [gentoo-user] {OT} Why RAID1?
Grant wrote: I'm about to buy a couple Samsung Spinpoint F1 hard drives and I was planning on setting them up in a RAID0 array. Everyone seems to love RAID1 though, and I'm a little confused as to why. Don't daily backups secure 99% of the data that RAID1 does? They even protect in the event of theft or fire which RAID1 doesn't. If one hard drive dies in a RAID1 array, does the system keep running? If so, that's good, but there are so many other components that could die. In 15 years I've lost the power supply, video card, modem, motherboard, and CPU, but never a hard drive. With all these potential points of failure, how much greater system reliability do mirrored hard drives really offer? In fifteen years I've lost roughly fifteen hard drives and one power supply. Hard drives have moving parts and that equals failures. Congratulations on being lucky, though you have wonder why so many thing that don't normally have issues are having issues in your system. :-) Do I back my stuff up? Yes. Do I also run RAID1? Yes. Why? Because having to go dig you backup out is really time consuming whereas ordering a new hard drive and plugging it in requires next to no work. In almost all cases I can think of your RAID1 system will continue to keep running with the lost of a single disk. Also RAID1 acts like RAID0 when you're reading from it so there is a performance increase on reads. kashani
Re: [gentoo-user] Postfix + mySQL
Federico J. Fernández wrote: Hi List, I've been configuring a mail server with Postfix+mySQL+Courier+Squirrelmail according to [1]. Courier IMAP is working with the mySQL authentication, but I can't send mails via postfix. When I send an email I get an unkwon user error. I suspect that postfix is not using the defined mySQL table for some reason. I tried to see the virtual map with postmap but I get a strange error: server postfix # postmap mysql:/etc/postfix/mysql-virtual-maps.cf postmap: fatal: unsupported map type: mysql I think the syntax you need is postmap -q string mysql:/etc/postfix/mysql-virtual-maps.cf However looking at the mail logs is far simpler. If nothing jumps out at you in the logs post the output of postconf -n and cat /etc/postfix/mysql-virtual-maps.cf (minus user/passwd of course). FWIW the Gentoo Virtual How-To is very unfancy and requires you to enter all virtual domains manually into the main.cf within virtual_mailbox_domains. If you do not do this, Postfix doesn't know that the domain exists. I suggest doing something like this where it's a db call and you should never need to touch your main.cf. IIRC this will work if you added the optional mysql-transport table. virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-transport.cf I also recommend ditching the Gentoo How-to and using PostfixAdmin which is light years better in schema and administration. kashani
Re: [gentoo-user] Oracle 10 or 11...
Steve wrote: I am interested in the possibility of running a small-scale oracle server for some experimental development work. Ideally, I'd install on gentoo - as this is my server box... though I guess there may be hoops through which I must jump... I found this: http://en.gentoo-wiki.com/wiki/HOWTO_Install_Oracle_10g But it isn't in English... or, I think, up to date. Is there a howto for a currently available oracle download I can follow? Does anyone on this list run oracle on their Gentoo install? http://www.puschitz.com/InstallingOracle10g.shtml I used this how-to as a rough guideline a few years ago when I setup a test server on Gentoo. It's RHEL based, but isn't too hard to adapt to Gentoo... IIRC the lib-compat stuff was the only thing I needed to do ... and the path stuff was annoying as well. He also includes some tuning stuff for actually using the db which is nice. kashani
Re: [gentoo-user] Re: gentoo-wiki.com - Needs your help!
Alan McKinnon wrote: I have a response to that site owner and most here are not going to like it: You are an idiot. This is an elementary error and you fully deserve what has happened. Now stop whinging about how the big bad nasty terrible person is treating you and actually take some responsibility for your own mistakes. Wasn't this wiki also 0wned and defaced sometime in the last year? http://gentoo-wiki.com/ Just thought I would summarize for everyone who doesn't want to read all of the below stuff: everyone in this whole mess is at fault; I personally failed to do proper backups, TelX was a dick about billing and has been extorting customers, And Skiplink handled the situation VERY poorly on the customer service end IMHO. You're a bit late to the blame party. kashani
Re: [gentoo-user] No more... more?
Mike Diehl wrote: The other day I was updating a fairly ancient system by trying to first clear out some emerge blockers. I've taken care of the blockers, but now I find that my system no longer has a more command: # more bash: more: command not found I also notice that sys-apps/more is masked: * sys-apps/more [ Masked ] Latest version available: 2.12r Latest version installed: [ Not Installed ] Size of files: 1,338 kB Homepage: http://www.kernel.org/pub/linux/utils/util-linux/ Description: Primitive text file viewer License: GPL-2 Surely this isn't what I'm supposed to install just to get more. Please advise. You didn't happen to unmerge coreutils did you because it was blocking? If so that is the cause of your problems. I'm not sure how to recovery from a lack of coreutils since most of your system binaries are now gone. kashani
Re: [gentoo-user] No more... more?
kashani wrote: You didn't happen to unmerge coreutils did you because it was blocking? If so that is the cause of your problems. I'm not sure how to recovery from a lack of coreutils since most of your system binaries are now gone. kashani Oh good it wasn't coreutil. Watch out for that one if you run into it though that problem might be older than your machine. Remove mktemp and then emerge coretuils and you should be fine. kashani
Re: [gentoo-user] Is gentoo-portage and gentoo-wiki offline?
Alan McKinnon wrote: On Friday 17 October 2008 23:27:44 RYAN vAN GINNEKEN wrote: heehee have been wanting to get onboard with gentoo for a while now how ironic that the wiki site i was so looking forward to using is down the same day my gentoo box is up heehee. Let's see, how shall I put this? Oh stuff it, might as well be honest. gentoo-wiki.com is notorious for being up and down more often than you change your underwear. It's also been compromised at least twice in the last 12 months. The home page was last updated so long ago I'm no longer sure if it was still in this millennium. As the fellow who maintains the Bind and Postfix w/PostfixAdmin how-tos on the wiki I take a small amount of umbrage with the above statements. :-) Also my Bind how-to was added to the front page after I updated it in July. I generally try to update the docs with recent packages every six months or so though I am guilty of letting them sit a bit longer. However Gentoo has no official Bind documentation. The official Gentoo Virtual Mail how-to offers about half the functionality, explanation, and troubleshooting info in my doc. Also the Gentoo virtual mail server has remained essentially unchanged in the last six years whereas my doc has continued to change and improve. And while we're being honest my virtual server build kicks the crap out of the official one in just about every way. I won't say that all docs on gentoo-wiki are of this quality or better than the Gentoo docs, but you will be missing out on some genuinely useful information by dismissing the gentoo-wiki out of hand. In regards to the soon to be asked why not update the Gentoo docs if you're so darn smart question going through a number of heads. In real life I manage just over 7000 servers as part of a larger group and am directly responsible for a bit over 1500 of them. I can devote an hour or two every couple of months to updating my home Gentoo box and fixing my wiki entries or I can fight with Guide XML for three or four hours and generally produce nothing useful. kashani http://gentoo-wiki.com/index.php?title=HOWTO_Setup_a_DNS_Server_with_BIND http://gentoo-wiki.com/HOWTO_Setup_a_Virtual_Postfix/Courier_Mail_System_with_PostfixAdmin
Re: [gentoo-user] Is there a way to automate rsync of updated portage tree across multiple boxes without each having to pull it down from a gentoo mirror
Vaeth wrote: Could you please use a mail client which insert correctly the fields In-Reply-To ans Reference ? Thanks for the hint, I was not aware of this. But unfortunately, it appears that it is not just a question of the mail client: I am subsribed to the list as post-only (for several reasons which I do not want to discuss now) and I am actually reading/replying the usenet copy linux.gentoo.user of this list. If you know how I could find out (and use with pine) the correct data in this way, I would be glad to do so, but I am afraid it is impossible. However, due to lack of time this will probably anyway be the last falsely referencing posting for quite a while: my frequent postings in the previous days were really a big exception. Trying to follow the thirty odd threads your client is creating when their should be only one is really really annoying. And you're completely wring about NAT routers, but damned if I can find the actual parts of the thread I want to respond to. kashani
Re: [gentoo-user] [getting on-topic I think] dial-up, switching isp's and other thoughts.
Dale wrote: But isn't this true of any ISP or email host? Dale Not on my server which I run myself. Want to buy domain hosting with imap-ssl, pop3-ssl, and smpt-ssl (sorry no non ssl user connections) with no searching or archiving of your mail for $30 a year? :-) kashani
Re: [gentoo-user] Exim, Outlook 2007, and Thunderbird
Michael Sullivan wrote: My MSOutlook 2007 and my Mozilla Thunderbird email clients on my laptop cannot connect to my exim mail server. I can't seem to figure out why. Can anybody help me fix this? And the log files say what? kashani
Re: [gentoo-user] Exim, Outlook 2007, and Thunderbird
Michael Sullivan wrote: The problem is with dovecot. (port 110 is the IMAP port, isn't it? I can't telnet to it.) camille log # emerge -pv dovecot These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] net-mail/dovecot-1.1.1-r1 USE=doc ipv6 kerberos ldap mysql pam ssl -debug -managesieve -mbox -pop3d -postgres -sieve -sqlite3 -suid -vpopmail 2,221 kB Total: 1 package (1 reinstall), Size of downloads: 2,221 kB To see what ports equals what, look at /etc/services which should exist on all *nix boxes and tracks nearly all the major ports. pop is 110, imap 143, and imaps 993 I would make sure that dovecot is actually running, then make sure it's listening on ports you expect with sudo netstat -ptln , and then I'd post the logs from any transactions. Troubleshooting mail servers without the relevant log entries is usually painful and frustrating. kashani
Re: [gentoo-user] Exim, Outlook 2007, and Thunderbird
Michael Sullivan wrote: dovecot doesn't seem to have a log. How do I turn on logging for dovecot? I'd suspect it's either logging to /var/log/mail* or /var/log/messages Have you checked both? I forgot: camille log # netstat -ptln Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address tcp0 0 0.0.0.0:143 0.0.0.0:* LISTEN 4311/dovecot And are you connecting via IMAP in your clients, the server addresses are correct, you can telnet to your mail server on port 143, etc? kashani
Re: [gentoo-user] Exim, Outlook 2007, and Thunderbird
Michael Sullivan wrote: My public IP address is 70.234.122.254 [EMAIL PROTECTED] ~ $ telnet 127.0.0.1 143 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. * OK Dovecot ready. ^] telnet quit Connection closed. [EMAIL PROTECTED] ~ $ telnet 70.254.122.254 143 Trying 70.254.122.254... telnet: connect to address 70.254.122.254: Connection refused Are you port forwarding port 143 through your NAT if you're using NAT? Are you allowing imap in your firewall rules? I'd also try the suggesting of changing to listen = * suggested here. http://gentoo-wiki.com/Dovecot#Configure kashani
Re: [gentoo-user] Exim, Outlook 2007, and Thunderbird
Michael Sullivan wrote: Are you port forwarding port 143 through your NAT if you're using NAT? Are you allowing imap in your firewall rules? I'd also try the suggesting of changing to listen = * suggested here. http://gentoo-wiki.com/Dovecot#Configure kashani From nmap: 143/tcp filtered imap 443/tcp filtered https So yes you have a firewall and you have not checked the rules? That's generally what filtered means. kashani
Re: [gentoo-user] Weird df listing
Michael Sullivan wrote: On Tue, 2008-09-02 at 15:39 +0200, Volker Armin Hemmann wrote: you have space left, but the inodes are all used up. Typical problem for fs like extX. What fs should I use instead? For future reference what's the current standard? I would verify that you are actually out of inodes before attempting to fix that problem. df -i should show you your inode usage. As everyone else has stated ext3 is set to keep 5% of the disk available for root by default and that is likely what the issue is. I would not change this as ext3 and most other file systems start having severe fragmenting issues at 90% usage and up. kashani
Re: [gentoo-user] Weird df listing
Volker Armin Hemmann wrote: On Dienstag, 2. September 2008, kashani wrote: Michael Sullivan wrote: On Tue, 2008-09-02 at 15:39 +0200, Volker Armin Hemmann wrote: you have space left, but the inodes are all used up. Typical problem for fs like extX. What fs should I use instead? For future reference what's the current standard? I would verify that you are actually out of inodes before attempting to fix that problem. df -i should show you your inode usage. As everyone else has stated ext3 is set to keep 5% of the disk available for root by default and that is likely what the issue is. I would not change this as ext3 and most other file systems start having severe fragmenting issues at 90% usage and up. kashani with 5% reserved for root he would see 5% free. Not true because to a general user the disk is full and df will reflect that. People have been asking this same question for decades. http://groups.google.com/group/comp.os.linux.setup/browse_thread/thread/84c3ca88bef26f90 kashani
Re: [gentoo-user] Re: df and du difference
Platoali wrote: /dev/console (deleted) mysqld 5679mysql5u REG8,1 01009860 /tmp/iby8kN8L (deleted) mysqld 5679mysql6u REG8,1 01009861 /tmp/ib3OyWjn (deleted) mysqld 5679mysql7u REG8,1 01009862 /tmp/ibCqa6uY (deleted) mysqld 5679mysql8u REG8,1 01009863 /tmp/ibnDCmHz (deleted) mysqld 5679mysql 12u REG8,1 01009864 /tmp/ibaQcs5a (deleted) ... Nothing so big. just about 20 lines and the biggest ones are these. This server hosts accounting software for an ISP: just a couple python scripts, apache with PHP and a small Postgresql database. You're going to have to rebuild this server because someone is eventually going to break it. The number one rule of shared database servers is never put /tmp inside / because eventually some idiot will kick off some poorly thought out job to crunch some numbers and he will fill /tmp and therefore / and break your server. /tmp should always be it's own partition in this type of environment. I have also found 5GB to be a good size as well since most crazy jobs would die around 4GB on 32 bit systems. kashani
Re: [gentoo-user] how touchy is /var really? And how to keep tabs on a new disk?
Michael Higgins wrote: So, in setting up a huge repository of junk, I mean, important business documents, I nearly ran out of disk space on rootfs. Much of it was living in /var, like half the disk's worth. I'd just dropped a new disk in for /home... to move some Outlook files to IMAP maildir folders. Had I been thinking ahead, I would have partitioned it for /var as well, but I didn't. So, I rsyncd /var to /home/varlink, moved /var to /oldvar, 'soft' linked /var to /home/varlink/var and restarted some services that were less than happy with the change, like the mail servers, mysql. Everything seems to work now. Now, was that a stupid thing to do, or should everything under /var continue to work still, without issues? I've done it that way and don't remember running into any issues. I also did the shut all services down, rsync var to somewhere, change mounts, sync it back trick without taking the machine down. No long term issues with that other than having to rebuild the qmail queue at the time. qmail is weird and inodes are tied into the queue mechanism so that was expected. Modern MTAs shouldn't have the issue. Mysql Innodb can be a bit odd if you move the database around, but as long as nothing changes relative the mysql datadir it will also be fine. You might want to check your Mysql install and purge bin logs if you haven't lately. That tends to be the silent /var filler-upper in many systems. expire_logs_days = 7 is your friend. kashani
Re: [gentoo-user] Good Library Management software
Dirk Uys wrote: Other than that there is also the added complexity to the installation. You have to create a user in the database, create the database and grant the user all the needed permission to that specific database. And what if one app prefers mySQL and another one postgreSQL? Now I need to run two database servers that will be quite capable to fill the data needs of two small businesses just because I want to use a music player and a library utility for my ~50 books laying around. I can see your point and in many ways I agree. The issue is that local data storage limits the application in larger environments. A db provides a ready made and easily understandable way for multiple machines to read and write data. Being a large IT shop person I tend to avoid anything that does not use a db since it's unlikely that I will be able to use it at a job in the future. Nothing worse than having www07 go down and take the company blog with it because we couldn't run the blog software on all ten machines because it had to use local storage. Additionally it's easier to backup one db cluster than twenty odd applications. I can recommend a few things to make dealing with a db easier. 1. Settle on Mysql, 99% of anything you'll install can use it. 2. However apps that can use more than one database backened are *always* better written, more mature, and is usually a sign that the schema has been designed rather than tossing data in tables. 3. Don't mess with my.cnf unless you really need to. Default Mysql serving settings spec about 100MB of RAM usage which should be plenty for local apps with small storage needs. 4. Spend an hour learning about how your db works and come up with a system for user accounts and database names. I always do something like this in Mysql: create database kash_gallery2; grant all privileges on kash_gallery2.* to [EMAIL PROTECTED] identified by 'mys3cr3tp2ss'; This way I know that only the kash_gallery2 user can access the kash_gallery2 db. I also know that kash_gallery2 is my Gallery install and not someone else's. I can easily add kash_gallery3 when a new version comes out and don't have to worry about how to deal with db 'gallery' which I think is the default. You'll have to change the settings in the config file of the app to reflect your changes, but that should be simple. kashani
Re: [gentoo-user] Re: Mail on multiple laptops
Grant Edwards wrote: And how do I configure Mutt to use download/sync IMAP? Mutt isn't really intended to download/sync IMAP (I presume you're referring to offline usage). Mutt is intended to be used online -- to be connected to an IMAP server while you're using it. The whole point of IMAP is that you don't download all your mail. You leave it on the server. I've read about MUAs who are supposed to maintain a local mirror of all of the mail and sync it periodically with the server, but I've never met anybody who actually uses IMAP that way. I use IMAP that way. Nothing worse than trying to get stuff done on the plane and not having access to the email though you can see all the headers. Thunderbird allows you to choose folders for offline sync and you can tell it to use all of them and automatically add new folders to the offline sync list. Sucks the first time you sync a large maildir, but much more useful if you're offline or traveling quite a bit. If you're using Mutt I'd look into offlineimap http://www.linux.com/feature/133834 kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] My last words on cryptology and cryptography.
Alan McKinnon wrote: The calculation is quite simple - measure how quickly a specific computer can match keys. Divide this into the size of the keyspace. The average time to brute force a key is half that value. AFAIK this still averages out at enormous numbers of years, even at insane calculation rates like what RoadRunner can achieve. 256 bit keys. The 115792089237316195423570985008687907853269984665640564039457584007913129639936 keys are quite a lot to check (although, if all the atoms in the universe [estimated 10^78] were to test 1 key/sec, it'd only take about 0.1157920892 seconds). However.. 512 bit keys with all the atoms testing a trillion keys/second would take about (2^512)/(10^78)/60/60/24/(36525/100)/(10^12) or 4.2486779507765473608e56 years.. I submit that brute forcing an AES key of reasonably length is currently impossible in an amount of time that would matter to the human race. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] My last words on cryptology and cryptography.
Steven Lembark wrote: I submit that brute forcing an AES key of reasonably length is currently impossible in an amount of time that would matter to the human race. On average yes. As already pointed out, however, there is nothing to prevent the first guess from matching a key and cracking one particular example of the cipher in 0.0001 seconds. Therefore, brute forcing an AES key of any length is quite possible, even if it is unlikely. q.e.d. This is not interesting data nor particularly relevant. That said, the chances of your key is not randomly guessed are far far better than average. Getting lucky is not the same as being able to evaluate a significant portion of the key space in a short period of time. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] h
Sebastian Günther wrote: * Volker Armin Hemmann ([EMAIL PROTECTED]) [27.06.08 00:12]: and this is why nobody uses brute force. There a better ways to crack keys. NSA has tons of experts in mathematics and cryptanalysis. Plus very sophisticated hardware. I am sure for most ciphers they use something much more efficient than stupid brute force. The thing about this keys is, that there is no better way than to brute force such keys. The algorithm uses a function which inverse is a known hard problem which resides in NP, which is a class of functions equal to just guessing. I don't believe this is true. The algorithm uses a function which is *assumed* to be a hard problem. You assume the problem is hard because you and anyone you know have not been able to make it easy. That does not mean that someone has not discovered some math that does make it easy. Here's a reference to the interesting meet-in-the-middle attack which reduced 3DES key space down to 112 bits from 192. Obviously that was unknown when 3DES was built. http://en.wikipedia.org/wiki/Triple_DES#Security kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Apache2 + PHP5 problem
Mateusz A. Mierzwiński wrote: Can anybody tell me what happend with PHP5 under (Linux athene 2.6.23-gentoo-r3 #1 PREEMPT RT Sun Dec 9 01:12:25 Local time zone must be set--se x86_64 Intel(R) Celeron(R) CPU 2.53GHz GenuineIntel GNU/Linux) Gentoo? My server runs with error (and white pages after accessing): [Tue May 20 13:59:11 2008] [notice] child pid 2554 exit signal Segmentation fault (11) [Tue May 20 13:59:11 2008] [notice] child pid 2556 exit signal Segmentation fault (11) [Tue May 20 13:59:13 2008] [notice] child pid 2611 exit signal Segmentation fault (11) After unloading PHP5 modules (moving 70_php5_mod) and restarting Apache everything is OK but... without PHP. What's up. This is PHP build flags: [ebuild R ] dev-lang/php-5.2.6_rc4 USE=apache2 berkdb bzip2 cgi cli crypt ftp gd hash iconv imap iodbc mysql mysqli ncurses nls odbc pcntl pcre pic posix readline session simplexml soap sockets ssl sysvipc threads unicode xml xmlreader xmlrpc xmlwriter zip zlib Is your Apache also built with threads? If it is not I would rebuild PHP without threads and try again. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: Constant hammering from Chinese IPs on prt 102[67]
Mick wrote: This is typical grc.com style FUD for paranoid MSWindows users. He is a really good salesman in IT snakeoil (his background is in marketing). I'll second this. He's clown. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] OT: Looking for SATA controller recommendation
Roy Wright wrote: Albert Hopkins wrote: I think as long as you stay away from RAID, in particular fake HW RAID, then it would be difficult to find a SATA controller that wasn't supported by the kernel. Thank you. The hardware search is being a little more difficult than I had hoped. I'm finding: * Internal SATA 1 (PCI) * Internal SATA 2 (PCI-X) * eSATA (PCI, PCIe) * hardware RAID (PCI, PCIe, PCI-X) using proprietary binary drivers Looks like I need to rethink my storage upgrade. Thank you, Roy http://www.newegg.com/Product/ProductReview.aspx?Item=N82E16816103058 The Adaptec card looks reasonable though one of the comments indicates that someone had issues doing RAID5 via Linux with it which seems strange. You can always test and return if it doesn't work out. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Network access to MySQL
Peter Humphrey wrote: Having just installed mysql on my server, I've found that I have to set bind-address = 0.0.0.0 in /etc/mysql/my.cnf to enable me to connect to mysqld over the local network: leaving it at the default 127.0.0.1 causes connection requests to be rejected. Is there a more secure value for this parameter? I want to be able to connect over either of two network segments, 192.168.2.0/29 and 192.168.3.0/29, as well as locally on the server box. I've tried a compound setting in bind-address, but mysqld then refuses to start. 0.0.0.0 is the only setting I've found so far that lets me in. I generally remove the bind setting so that Mysql listens on all IPs on the box. You can then have firewall rules at your border or locally on the box to control access to 3306. You can also set access on a per user basis within mysql GRANT CREATE,DELETE,INSERT,SELECT,UPDATE PRIVILEGES ON your_db.* TO 'your_user'@'localhost'; GRANT CREATE,DELETE,INSERT,SELECT,UPDATE PRIVILEGES ON your_db.* TO 'your_user'@'192.168.2.%'; and so on. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Doubt about FLAG use
Net Warrior wrote: I'm on it :) thank you guys !! Here's an example from my server to get you going # apache stuff # urandom makes Apache start faster on unused systems dev-libs/aprurandom www-servers/apache -threads mpm-prefork # other daemons net-dns/bind-mysql -threads net-mail/courier-imap -berkdb fam gdbm dev-libs/cyrus-sasl -berkdb -mysql authdaemond urandom www-servers/lighttpd-mysql -ssl fam mail-mta/postfixmysql sasl ssl vda I like to put the subtracts in front and the adds after as well as keeping them in alphabetical order. Comments will also help you remember why you did stuff so when you jump to the next major version you can glance over package.use and see if anything jumps out at you. It all makes it easier to read and manage as your /etc/portage/* files gets more complicated. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Doubt about FLAG use
Net Warrior wrote: Well, after all I'm confused after reading the thread. Should I use this or not ? *USE=-ipv6 -ftp emerge -av mplayer* you should vi /etc/portage/package.use and add # mplayer fixes media-video/mplayer -ftp -ipv6 and then verify that you're getting what you want before emerging. This way you know your changes will remain the next time you run emerge uD world or update mplayer on its own. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] local caching DNS?
Andrew Gaydenko wrote: Hi! === On Wednesday 09 April 2008, you wrote: === ... Does not seem to matter here much, since I suspend, not turn off. But anyway, most DNS names should be cached only few hours, half a day or so (well, there are some that have week long timeouts, but not many). Not sure I have noticed drawbacks of using a permanent cache during few years - probably I use too stable net resources :-) As an admin that occasionally has cause to shift traffic between coasts for maintenance I hate *hate* anything that ignores my TTLs and consider such software broken and bane upon our fair Internet. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] IMAP authentication not secure?
Grant wrote: I've been using claws-mail with my IMAP server. I'm giving thunderbird a try but it won't work if I have Use secure authentication checked under Server Settings. The secure auth button refers to NTLM which is also called Secure Password Authentication (SPA) or Windows Integrated Login. You don't need it and your imap server won't support it without jumping through some hoops. As long as you're using imap over SSL there is no reason for it. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Master - Slave MySQL Database Server
Kaushal Shriyan wrote: hi is this a correct documentation *http://howtoforge.com/mysql_master_master_replication* for Master Slave Replication and is there a test case to test this setup Thanks and Regards Kaushal That how-to is passable, but leaves out a number is considerations. 1. Install Mysql on the master and slave. Make sure the slave version is the same or NEWER than the master. Master/Slave will break if the master is running a later version than the slave. In the future you will always update you slave first. 2. Get your master running and get your my.cnf setup. If you using innodb you'll need to increase memory settings for it and possible tweak your ibdata log file sizes. Do this first before even thinking about the slave. 3. add replication user to master. GRANT REPLICATION SLAVE ON *.* TO 'repl'@'db02.yourdomain.com' IDENTIFIED BY 'slavepass'; 4. Make your slave config exactly the same as the master with two exceptions. You can use smaller memory if you must, but do not change the ibdata and iblog file sizes unless you're going to import from a mysqldump. master # REPLICATION === log-bin = /var/lib/mysql/db01-bin expire_logs_days= 7 server-id = 101 slave # REPLICATION === log-bin = /var/lib/mysql/db02-bin expire_logs_days= 7 server-id = 201 skip-slave-start read-only 5. Now shutdown your master cleanly and delete the logs. You should really, really be sure you shut down cleanly before deleting your bin-logs. sudo /etc/init.d/mysql stop cd /var/lib/mysql/ sudo rm -rf db01-bin.* cd ../ sudo rsync -av mysql/ mysql-slave/ sudo /etc/init.d/mysql start 6. Copy your slave mysql dir over to the slave. Mysql should be down on the slave before doing this. rsync -av /var/lib/mysql-slave/ [EMAIL PROTECTED]:/var/lib/mysql-slave/ ssh db02 cd /var/lib/ sudo chown -R mysql: mysql-slave/ sudo rsync -av mysql-slave/ mysql/ This way you don't have to start from scratch you screw it up. Any you will screw it up at least once. 7. Start up the slave and tell it where to start. sudo /etc/init.d/mysql start mysql -u root -p CHANGE MASTER TO MASTER_HOST='db01.yourdomain.com', MASTER_USER='repl', MASTER_PASSWORD='slavepass', MASTER_LOG_FILE='db01-bin.01', MASTER_LOG_POS=4; start slave; show slave status; The starting log position is always 4 when Mysql starts up fresh with no logs, which is why we deleted them. Plus why copy around a lot of 1GB log files when you rsync. If you have the option to shut your master down, it's a nice short cut to avoid looking up the log position when you dump and what not. Also rsync is much faster than doing a master-dump mysqldump in most cases which makes for less production downtime. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Two instances of MySQL Database Server
Daniel da Veiga wrote: I don't understand why use a chroot to simply run another instance of MySQL. Is there any good reason? All you gotta do is create a new configuration file that points to a different database location and uses a different port, and clone and edit another /etc/init.d/mysql script to point to the new config file. A chroot would be just a waste of space, since you can use the same binary for multiple instances. About the only reason to run multiple instances is testing different versions hence the chroot. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Two instances of MySQL Database Server
Daniel da Veiga wrote: On Thu, Apr 3, 2008 at 6:18 PM, kashani [EMAIL PROTECTED] wrote: Daniel da Veiga wrote: I don't understand why use a chroot to simply run another instance of MySQL. Is there any good reason? All you gotta do is create a new configuration file that points to a different database location and uses a different port, and clone and edit another /etc/init.d/mysql script to point to the new config file. A chroot would be just a waste of space, since you can use the same binary for multiple instances. About the only reason to run multiple instances is testing different versions hence the chroot. The OP asked about different instances, not versions. true, but again one of the few rational reasons to do this is to test multiple versions. Otherwise it's an efficient way to split your system resources in half. The OP could look at /etc/init.d/mysqlmanager which seems to support the idea of instances, but I'm not sure it would be useful outside running the same binary on a different port. Isn't MySQL slotted, so you can run different major versions (4 and 5, for example) at the same time? Not slotted in any meaningful within the system. You have to chroot. There was an attempt to do it within Gentoo a few years back, but it overly complicated for the average user and poorly implemented. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] OT - Exim question
Michael Sullivan wrote: Do I need to add 192.168.1.100 to the hostlist in exim.conf and restart exim? Yes - this is easy solution for your problem ;) -- Sergey It didn't work: Mar 13 15:13:31 baby exim[26470]: 2008-03-13 15:13:31 unqualified recipient rejected: amy H=([192.168.0.2]) [192.168.1.100] (failed to find host name from IP address) baby bind # grep 192.168.1.100 /etc/exim/exim.conf hostlist relay_from_hosts = 127.0.0.1 : 192.168.1.2 : 192.168.1.3 : 192.168.1.4 : 192.168.0.2 192.168.1.100 Is there any other option? Add 192.168.0.2 and .100 to your /etc/hosts file. You've got Exim set to deny IP addresses that do not resolve. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Detecting 64 bit Intel chips
Alan McKinnon wrote: Hi all, Sometime in the last month someone posted (in a thread that went wildly OT) a definite way to determine if an Intel cpu is 32 or 64 bit. Unfortunately I can't find the post anymore. It involved checking the cpu-family, model and flags fields in cpuinfo. Could that same kind soul please repost the info? And if possible the same for AMD? cat /proc/cpuinfo and look for lm, which stands for long mode, under the flags. I'm pretty sure that works for Intel and AMD. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: How to do port-based routing?
Grant Edwards wrote: I found shorewall and firestarter, but neither looked very useful to me: 1) They're both designed for configuring firewalls, and I'm not building a firewall machine. 2) Neither seemed to have any way to specify port-based routing. So it looks like plain iptables is the way to go. I'm not aware of any iptables front end that will also manager policy based routing which is Cisco-ese and maybe general Network-ese for what you're trying to do. However I would use shorewall (or whatever you prefer) to do most of the work and then insert your custom rules where they need to go. All policy routing regardless of actual implementation has you build an ACL of traffic you'd like messed with. Then you need to specify what happens to traffic that matches the ACL. However one thing the original how-to you linked left didn't completely spell out is NAT. You MUST NAT on each interface or you'll have all sorts of routing fun that does not work. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: How to do port-based routing?
Grant Edwards wrote: I don't understand why I have to do NAT. Can you explain why? (Or point me to docs that explain why?) router01.your.network.com eth0 - 10.11.12.1 eth1 - 24.1.2.231 - Comcast eth2 - 64.1.2.132 - Speakeasy Naturally RFC 1918 space is useless outside your network so you have to NAT. However you need to make sure that you are making your policy routing decisions at eth0. You don't want traffic marked as originating from 24.1.2.231 going out eth2 since Speakeasy could (and should) drop traffic that is not origination from its IP space. Additionally traffic will be routing back to your via Comcast connection resulting in asymmetric routing which can increase the chances of packets arriving out of order. router01.your.network.com eth0 - 24.2.3.1/29 eth0 - 64.2.3.1/29 eth1 - 24.1.2.231 - Comcast eth2 - 64.1.2.132 - Speakeasy Same case with this setup even with real IPs. The chances of convincing any ISP to accept routes smaller than /24 from you are tiny. And finding anyone who knows what you even want to do even when you have the IP space is pretty much non-existent. I know, I've tried. Same thing in this case, you'll NAT at eth1 and eth2 and policy router at eth0. If you are doing this from a single machine with two IP's and no other networks or interfaces, it should just work. Linux should use the IP of interface the packet leaves from, but I'd use tcpdump to make sure. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] SSL CUPS and SMTP on port 587
Grant wrote: Here's my main.cf (I'm using postgrey): mydestination = mydomain.com setgid_group = postdrop smtpd_recipient_restrictions = permit_mynetworks, check_policy_service inet:127.0.0.1:10030 reject_unauth_destination, permit virtual_alias_maps = hash:/etc/postfix/virtual message_size_limit = 2048 smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_key_file = /etc/ssl/postfix/server.key smtpd_tls_cert_file = /etc/ssl/postfix/server.crt smtpd_tls_CAfile = /etc/ssl/postfix/server.pem smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom How does that look? Where is your mynetwork statement. You need to have at least 127.0.0.1 in it or locally generated emails won't be able to relay. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] SSL CUPS and SMTP on port 587
Grant wrote: I actually don't have a mynetworks statement in main.cf at all and I send from squirrelmail all over the place. I won't be able to specify a single IP for my laptop. Can I allow authenticated users to send? You connect to squirrelmail from many different IPs via HTTP, but squirrelmain only calls SMTP from the localhost IP, 127.0.0.1. So add the default mynetworks back in if you want Squirrelmail to be able to send at all. And quit trying out poorly thought out security tricks in Postfix if you don't know what you're doing. Once that is fixed you can start looking at why you can't authenticate. I'm going to guess that you haven't bothered to setup smtp authentication via sasl yet. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] SSL CUPS and SMTP on port 587
Grant wrote: My ISP (Cox) blocks outgoing port 25 so I can't submit mail to my remote mail server. From what I understand, port 587 is commonly used to get around this. Can I have postfix listen on port 25 and port 587? Has anyone set that up? I do it slightly differently: I leave an SSH connection from my box to the mail server, which maps some local port to port 25 on the mail server, and send all my mail to the local port. Yeah I think I'll do that if port 587 doesn't work out. From what I understand, using 587 in this way is somewhat of a standard? In your master.cf uncomment the following lines and then restart Postfix. It should just work if you already have TLS setup. smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] SSL CUPS and SMTP on port 587
Grant wrote: I uncommented the above line and added the following to main.cf: smtpd_tls_security_level = may as instructed here: http://www.postfix.org/TLS_README.html#server_enable and restarted postfix, but I still can't send. In claws-mail, I tried specifying 587 and I'm specifying Use SSL for SSMTP. I'm guessing TLS isn't set up properly? You need more than that. My /etc/postfix/main.cf looks like this and you'll need to create the actual certs listed below as well. I recommend smtpd_tls_auth_only so that anyone trying to smtp auth is required to do it over an encrypted session. # TLS stuff smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_key_file = /etc/postfix/newkey.pem smtpd_tls_cert_file = /etc/postfix/newcert.pem smtpd_tls_CAfile = /etc/postfix/cacert.pem #smtpd_tls_loglevel = 3 #smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom Additionally check to see what port Postfix is listening on. It's on port 465 on my server and you'll need to set your mail client to SSL rather than TLS. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Mailman trouble
Johannes Skov Frandsen wrote: Anybody had the same problem and found a solution? Worst case scenario, how do I move my existing lists to a fresh installation of mailman? http://forums.gentoo.org/viewtopic-t-641573-highlight-.html There are a couple twists. You'll need to update the mailman user to point to the right homedir, make sure your lists are in the right place, etc. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] [OT] Migrating Drupal websites
Mick wrote: Thanks for the prefix tip! I was thinking of letting each site to have its own database within mysql, but my wife wants each one separately. As long as they are separable both for backups and uploads I don't mind really. Aren't multiple mysql instances going to affect server performance? You figure out the prefix idea after inheriting a db server with Members, Member, 1Member, and so on. And also Logs, New_logs, etc which you'd need to lookup to see which site were which database. It was a mess. :( I even do it on my own server for databases just in case I ever have to add a friend or migrate my data to someone else's machine. Yes running multiple instances will be more overhead, but there are odd cases when it's useful. I'd stick with just assigning a db per site in your case. If you're using Innodb I'd also set innodb_file_per_table which will cause Mysql to put Innodb data files in the same dir under /var/lib/mysql/$db_name/ rather than using the default /var/lib/mysql/ibdata files. It's a bit easier to tell where your data is and you get better disk IO that way as well. IIRC per table will not apply retroactively so you'll need to dump and reimport any db you'd like to take advantage of it. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Fake IMAP - Real IMAP
Grant wrote: I'm thinking I may not have explained this properly. My local ISP is Cox and I get the above list of filtered ports when port scanning my remote machine which is hosted halfway across the country. Cox can't prevent me from scanning the SMTP port on my remote machine right? My host must be filtering the ports? It's fairly standard practice on large mostly residential user ISPs to filter outgoing port 25 traffic to any IP, but the local SMTP servers. This stops a fair amount of spam, but can make troubleshooting complicated. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] [OT] Migrating Drupal websites
Mick wrote: I am not quite sure how best to setup a local Drupal development server. This is only for developing the websites, which when ready for publishing will be migrated to the hosting server. Still at the planning stage with all this, I want to keep each website separate. So I was thinking of having separate MySQL users, each with their own MySQL database. Also, I am not sure where to save (physically) each database. Is it prudent to keep them separately under the respective virtual host domainname fs (/var/www/domainname), or should I leave these under the default /var/lib/mysql/, or where ever they are normally stored? Haven't looked into tablespaces yet. For the sake of avoiding a major domestic, I want to make sure that migration to the hosting server will happen without any glitches, or worse having to redesign the website from scratch! What's a clever way of going about this? Are you going to be running multiple instances of Mysql or just letting each site have it's own db within Mysql? Most of the time people do that later and if that is the case Mysql will store each db in it's own dir under /var/lib/mysql/. I do recommend using a customer prefix for databases. Some thing like acme_drupal, sears_drupal, etc which will make it much simpler to remember what db is for what. You'll need to work out your release system. I'm not sure what tools drupal offers if any. Have you looked through their docs? kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: {OT} CUPS alternative?
Grant wrote: I don't know about large setups, where it might be very possible that port knocking becomes a major PITA as you say. But I have setup and used port knocking for remote ssh access lots of time in the past, and never had a problem. This is just my little experience, of course. OK, port knocking is going back on the todo list. I don't free as strongly as Alan, but I've never been overly impressed with the idea of port knocking. Mostly because any monitoring of services would be a total nightmare. And troubleshooting it would suck. Is the service down? Is it the knock? and so on. What I do like is openvpn. Script kiddies don't look for it and I prefer to have full access to my home boxes rather than having to mess with port forwarding. As far as complexity goes its easy to setup in an afternoon and there are clients for Windows, OSX, Linux, BSD, etc. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Routing problem ?
Mick wrote: I agree that this is not related to the ISP. What you probably need to do is set up RIP2 in your router 1, to be able to recognize other subdomains (192.168.2.XXX). Then it'll process packets coming from that subdomain. The router manual ought to help you out on setting this up. grumpy network engineer Sure let's make something simple really complicated. And sucky. / Is there some sort of dynamic routing happening on this network? Different possible paths to get to machines? Links we might want to balance traffic over? Other routers sending route updates? If not, then why would we want the added complexity of a routing protocol? There are all of two routes on this network and they never change. Static routing is the right choice and functionally no different than if the route had been inserted via a routing protocol. No routing protocol will make router1 NAT addresses it doesn't want to. Adding that subnet to the NAT list will, but that is outside the routing table or it would have already worked. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Is Gentoo on the Sales block?
James wrote: I only ask because Sun just paid a billion dollars for MySQL http://www.infoworld.com/article/08/01/16/sun-mysql_1.html How is it that Open Source is for sale? GPL? Dual license. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Routing problem ?
Mike Mazur wrote: Router1 needs a route to point back to PC2 so when traffic bound for it comes it, it'll know what to do with it. route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.23 Also if you want PC2 to access the net, you would need PC1 to be smart enough to route/NAT packets from PC2 to Router 1. Not true in this case. Router1 is the NAT device and everything else is internal or so I assumed. You don't want NAT behind NAT on your network if you can help it. It tends to break things and is hard to troubleshoot. PC1 does need to have IP forwarding turned on which the original poster mentioned he configured. The tests I would run are: ping 192.168.2.43 from router1. That'll test that router1 knows how to get to 192.168.2.0. I don't think packet forwarding has to be working for this to return since the interfaces are all local on PC1. ping router 1 from PC2 and vice versa. That'll make sure that PC1 is forwarding packets correctly. If both of these are fine, it's possible the router1 is not NATing 192.168.2.0/24 addresses. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Routing problem ?
Holla wrote: 192.168.1.1 +-+ ++ | |---| Router1 |=ASDL conn | | ++ | | | | | | | |192.168.1.23 +---+ 192.168.2.43 | |--| PC1 |))). +-+ +---+ . . Passive Hub . 192.168.2.1. ++ . | Router2|--))).. ++ | | +--+ | PC2 | +--+ 192.168.2.24 Yep it's a routing problem. Router1 needs a route to point back to PC2 so when traffic bound for it comes it, it'll know what to do with it. route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.23 kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] postfix with TLS
Jules Colding wrote: Hi I'm trying to configure my postfix server to use TLS, which should be quite straightforward according to the different guides I have found using Google. snip According to the guides this should be the desired output and TLS should work, but all my mail clients (Thunderbird, mail(mac)) chokes when I try to send a mail. What error does your MUA return and what are the errors that Postfix logs from the same transaction? I'm betting this is a SASL problem and not a TLS problem. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Firefox update results in Yahoo request for newer version
Mark Knecht wrote: Yeah, my wife's 32-bit machine is still blocked. My son's 32-bit machine which hasn't been updated yet is still fine as is my 64-bit machine. Logically so far I do think it's a Gentoo problem. If it was specific to some Yahoo server that my house is pointed at it would have been at least consistent on my wife's son's machines, or so I think. Strange problem. What's the exact URL you have set for your homepage? I'll be able to track down which team to poke if I have that. kashani, works at Yahoo. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Gentoo on Dell PowerEdge 2600 / 2800? AMI / LSI MegaRAID driver?
Stroller wrote: On 20 Dec 2007, at 07:26, kashani wrote: I used Redhat, Fedora, and Gentoo on 2550, 1650, 2650, 1750, 1850, and 2850 PowerEdge servers ... Blimey! You obviously know your stuff. So how do you find Gentoo measures up to Redhat / Fedora on these machines? Never had an issue with Gentoo on any of them. The SCSI and ether drivers were well supported. Other than the CPU/RAM the main different between 2650, 2850, and 2950 was the SCSI card. I'd choose the 2850 over the 2650 given a choice for anything with heavy I/O and the 2950 are noticeably faster than the 2850 for our db stuff. Ours is a 2800, and it's the 2600 that I find most readily / cheaply available. Looks like the xx50 models are the rack-mount lower-profile models of the same generation. Looks like they're more expensive secondhand and it's not obvious if hot-swap PSUs are available? I am not sure about the xx00 series, but you could hot swap PSUs in the xx50 machines. The machines at this site aren't under high-load, so that's not really a problem. We like this class of servers for the redundancy of the moving-and-failure-prone kind of parts (PSU disks). If I might ask some follow-up questions: Are the SCSI cards in these models the same brand / chipset / Linux driver, please? Or are they completely different? Hmmm the SCSI card was onboard and you could get RAID by adding the memory dimm/unlocker doohicky if your system didn't come with it. We hit Ebay and picked up a bunch for cheap. Within a series the SCSI card was always the same other than maybe minor revision. Perc3i ver 3, ver 2, and etc in the 2600 and then Perc4i ver 1, ver 2 in the 2800. You'd never have an issue with an early rev or later rev having issues in any 2.6 kernel I ran. kashani -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Gentoo on Dell PowerEdge 2600 / 2800? AMI / LSI MegaRAID driver?
Stroller wrote: Just a quick question to see if any of the list members are using Gentoo - or any other Linux distro for that matter - on Dell PowerEdge 2600 or 2800 servers? A site I manage has had from new a 2800 running Windows, which we're quite happy with (the 2800, that is, not Windows ;). We really need new hardware for our Linux-based mailserver similar systems seem to be quite affordable on the secondhand market, and it would make quite a bit of sense for us to use one of these. I haven't done much digging yet, but thought a quick show of hands here might save some time. It looks like the SCSI hot-swap / RAID controller uses an AMI / LSI MegaRAID driver which is (?) part of the main kernel - anyone know if that does status updates (dead-hard drives c) to the syslog? Does it depend on any userland utilities that are only available as RPM or whatever? I know RedHat /or Suse are supported on this machine, but I've been using Gentoo so long now I find it hard to use them thar binary distros. It'd also be nice if power-supply failures were logged in the same way - anyone know? I've had some experience in the past with a Compaq Proliant 6500 and certain utilities for that would only report problems via SNMP, which was a bit of a pain. I used Redhat, Fedora, and Gentoo on 2550, 1650, 2650, 1750, 1850, and 2850 PowerEdge servers. Never had an issue and never had driver issues other than early tg3 ether driver problems with Redhat 8. I'd assume the 2800 and 2600s are roughly the same. Other than the CPU/RAM the main different between 2650, 2850, and 2950 was the SCSI card. I'd choose the 2850 over the 2650 given a choice for anything with heavy I/O and the 2950 are noticeably faster than the 2850 for our db stuff. The SCSI on 2850's should be megaraid and you want the megaraid-new driver and Linux kernels would have issues if you tried to build both new and old so just pick new. (this might have changed in the past year since I've built a custom kernel for a 2850). I never had driver issues with any distro provided kernel or my own kernels. IIRC you can pull the megarc RPMs from Dell's website and install them. I never got around to making them work with Gentoo, but it shouldn't be terribly hard. I don't know of anything in the normal driver that will tell you any ifo about status or failed drives, but I never looked that hard. I bought most of my 2850's about two years ago. Dual Xeon's, 8GB, 6 x 10k 146GB drives, and remote management card for about $4000. Discount as appropriate. kashani -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Gentoo Rules
Grant wrote: Gentoo's foundation is great. I can't think of any major changes that should to happen to it. But Gentoo is at this point *only* a foundation. It needs more (removable) layers. FreeBSD created extra layers on its own foundation and called the result PC-BSD which is aimed at the make-it-easy crowd. PC-BSD is gaining momentum quickly and that will benefit FreeBSD greatly. I repeat, that will benefit FreeBSD greatly. That's exactly the kind of thing Gentoo should be doing. Removable layers for ease of use, removable layers for server deployment, removable layers for anything and everything. That's moving forward. In regards to BSD, it died the day Linux 2.4 was released. I deal with it on a daily basis as an admin and take great joy at plotting its total replacement with Linux, any Linux. It's good to see BSD getting off it's insular and inbred ass and doing something like PC-BSD. I'm sure it'll be successful in keeping the faithful from having to run Linux on their desktops, but I don't see it pulling many newer users in when you can run Ubuntu, Gentoo, or half a dozen other systems. However I'm extra grumpy today and the retarded legacy BSD4 servers are responsible. Maybe PC-BSD is more interesting than doing things Linux distros have been doing since they began. Is it? kashani -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Re: OT:hardware sniffer equipment
James wrote: COST is the key factor. Why pay somebody for something, when you can get equivalent functionality for very few dollars. A flat hub is all I need (want).. With a flat hub and a portable, you can mix in any amount of target software and do many things with a flat but and a linux device. I'd consider an embedded (linux) board with a few ports, if they are or can be setup as a flat hub. Thanks for your input, Cost is pretty low these days. $300 for 10/100 24 port with vlans and port mirroring. http://www.dell.com/content/products/productdetails.aspx/pwcnt_3424?c=usl=ens=bsdcs=04 Not sure the throughput you're dealing with, but I had issues with anything over 15-20 mb/s being moved down to half duplex. If you're just messing about home or in a low bandwidth office this doesn't matter so much. I've got two 5234's (same thing with GigE and bigger backplane) I'd let go for $500 + shipping if you or anyone else is interested. :-) kashani -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Re: Apache loading mod_php?
James wrote: H, This is a web server for internal purposes only In this file I have this: DocumentRoot /var/www/localhost/htdocs Directory /var/www/localhost/htdocs Options Indexes FollowSymLinks AllowOverride All Order allow,deny Allow from all /Directory So how do I get symlinks to work? That's all I have in mine. Are the logs files spitting anything interesting out? I'd try testing a normal html file first and then trying PHP incase you're running into open base dir issues. kashani -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Re: Apache loading mod_php?
James wrote: I how have a simple php page working I'll figure out why the php pages are not working across a symlink. In you vhost config file you probably have something like this Directory /var/www/www.badapple.net/htdocs Options -Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny Allow from all /Directory FollowSymLinks is probably off by default. This is a bit of a gotcha because rewrite rules don't work when it's turn off either. kashani -- [EMAIL PROTECTED] mailing list