Re: Small Redundant web/mail setup

[Ted Mittelstaedt]

- Original Message - 
From: "Ian Lord" <[EMAIL PROTECTED]>
To: 
Sent: Wednesday, October 18, 2006 5:34 AM
Subject: Small Redundant web/mail setup


> Hi,
> 
> I need to setup a high-availability setup for mail/web setup
> 
> I was thinking about the following setup:
> 
> 4 servers total:
> 

overkill, just asking for trouble.

> Data Servers:
>  1 Server holding all the websites data and mail messages. It 
> would serve these files via nfs to the application servers.
>  It would also run mysql
> 
>  A second server Also sharing it's content via nfs, 
> replicating it's data though rsync each ?? minutes. The mysql would 
> run as a slave of theprimary
> 
> Application Servers:
>  Both servers would be running apache, php, sendmail and 
> posfix and would serve content from the share nfs drive.
> 
> 1- Is this a viable solution, I mean by that, Is it Like this big ISP 
> are set up ?
> 

no

The really big ISP's use proprietary commercial clustering solutions
that make multiple systems appear as one single system.  We are talking
hundreds of thousands to millions of users.  We are not talking 5000
users or fewer.

You can easily serve 5K users on a single server.  You just need to
get good hardware.  In other words, costs start at $5000 and go up.

A lot of people are under the misconception that they can get several
cheap $900 servers and assemble them into a redundant setup that is
highly reliable.

The real secret is in getting expensive name-brand hardware that
doesen't go down.  If you can afford that, your fine.  If you can't,
then you need to find a different table to play at.

Ted
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

How to do health check

[Faiyaz Ali]

Hi,

I'm new in unix world,

1) how to do helthcheck on unix machine ?

2) how the check on system information eg. RAM, CPU, HD capacity

Thanks
Faiyaz Ali
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Uucp mail coming in

[Ted Mittelstaedt]

read the smtp standard to find out what the difference is between the
envelope
address and the header address is.

Ted

- Original Message - 
From: "Dale Johnston" <[EMAIL PROTECTED]>
To: 
Sent: Wednesday, October 18, 2006 8:27 AM
Subject: Uucp mail coming in


> I keep getting messages from spammers adddressed to [EMAIL PROTECTED]
Uucp
> has been eliminated from my /etc/mail/aliases, why are these still coming
> thru?  I've even tried aliasing uucp to bit-bucket. they still come thru
>
> Thanks
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
>

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: increasing transmit speeds in WAN setting?

[Ted Mittelstaedt]

Hi Moses,

I know your not going to believe me but you are running into a
driver bug of some kind.  If you have a really high quality ethernet
switch with full management in it you can probably see it - login to
the switch and look at the port statistics. Cisco routers are designed
to sense for this and you will see it in their logs, they will issue the
error message "late collissions" or any decent hardware network
sniffer will show it.

The most common problem is the switch and network card aren't
properly negotiating duplex.  Another area is flow control on full
duplex being messed up, this is particularly critical on gigabit E.

The reason your getting good throughput on local connections is
that the layer 1 is simply continuing to retransmit until the packet
goes through, and the retransmissions are happening so fast that
you don't realize it.  That is also why latency is so heavily affecting
it.

You can try several things.  First, temporarily try switching
over to a 10/100 card like an Intel EtherExpress Pro/100
if you have a PCI slot in the server.  If that works then your going
to have to try replacing your switch.  If you have a really good
switch you can try hard coding it's ports speed and duplex and
try the same on the server, and see if that does anything.

You also should be aware that many of the smaller and cheaper
gigabit switches do not have the ability to take sustained
gigabit ethernet speeds with back-to-back packets, their
internal processors aren't fast enough.  Once more, this is
a problem that won't show up on a local connection since the
retransmissions are so fast.

Ted

- Original Message - 
From: "Moses Leslie" <[EMAIL PROTECTED]>
To: 
Sent: Wednesday, October 18, 2006 10:31 PM
Subject: increasing transmit speeds in WAN setting?


> Hi,
>
> We're running 6.1-R, and are having difficulty getting decent speeds as
> latency increases.  The server is connected via gbit copper, and is gbit
> or better to the internet (depending on the path).
>
> For everything local, we're able to get what you'd expect (300+MBit
> without really any tuning).  However, when the latency is 60-80ms (IE
> across the US), we're unable to get better than around 300KB/s.
>
> It appears to be possibly related to the tcp.inflight stuff, but disabling
> it or messing with some of the related sysctls doesn't appear to help
> much.  Downloads often start quickly, but are then throttled back down to
> 300KB/s within 10 seconds or so.  We've changed the hz (100 to 1), the
> net.inet.tcp.sendspace, kern.ipc.maxsockbuf, and tried different
> variations on the inflight tunables, but nothing has made a positive
> difference of more than ~20KB/s at best.
>
> If the server is running linux (2.6 kernel with default TCP settings), we
> can get much better speeds, 600-1000KB/s easily.  If we were going for
> time/distance records, we would try changing around tcp settings on the
> client, but we're trying to maximize performance for standard surfers who
> wouldn't know how to do that, so we're looking for anything that is server
> side only.
>
> We've been searching high and low for any tuning ideas but aren't able to
> find anything that's made a difference.  From looking at how the
> congestion stuff works in the source, it appears that something like:
>
> http://www.sigusr1.org/weblog/index.php?/categories/6-Hacks
>
> might be happening here, but we're kind of stabbing in the dark.
>
> Does anyone have any tuning ideas for 6.1 in a WAN setting?
>
> Thanks,
>
> Moses
>
>
>
>
>
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
>

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

sysinfo equivalent in Freebsd

[Ashok TM]

Hi,

In linux we have  "sysinfo"  system call which provides overall system
statistics.
struct sysinfo {
  long uptime; /* Seconds since boot */
  unsigned long loads[3];  /* 1, 5, and 15 minute load
averages */
  unsigned long totalram;  /* Total usable main memory size
*/
  unsigned long freeram;   /* Available memory size */
  unsigned long sharedram; /* Amount of shared memory */
  unsigned long bufferram; /* Memory used by buffers */
  unsigned long totalswap; /* Total swap space size */
  unsigned long freeswap;  /* swap space still available */
  unsigned short procs;/* Number of current processes
*/
  unsigned long totalhigh; /* Total high memory size */
  unsigned long freehigh;  /* Available high memory size */
  unsigned int mem_unit;   /* Memory unit size in bytes */
}

How to find the similar statistics from freebsd , is there any equivalent
system call in freebsd. ?

I tried using WMMemFree (ports to bsd )without much luck .


Regrds
atm
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Xorg

[Subhro]

Hello Folks,

I would like to know which is the latest version of Xorg present in
the ports tree. The one I can find in 6.9. However the latest version
present on the Xorg homepage is 7.1 which was release on May 22, 2006.
Has it been ported to the ports tree yet? If not when can it be
expected to be done.

Thanks and Best Regards
Subhro

--
Subhro Kar
Security Engineer
iViZ Techno Solutions Pvt. Ltd.
Dhanshree Bldg, 1st Floor
Plot XI-16, Sector V
Salt Lake City
700091
India
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

increasing transmit speeds in WAN setting?

[Moses Leslie]

Hi,

We're running 6.1-R, and are having difficulty getting decent speeds as
latency increases.  The server is connected via gbit copper, and is gbit
or better to the internet (depending on the path).

For everything local, we're able to get what you'd expect (300+MBit
without really any tuning).  However, when the latency is 60-80ms (IE
across the US), we're unable to get better than around 300KB/s.

It appears to be possibly related to the tcp.inflight stuff, but disabling
it or messing with some of the related sysctls doesn't appear to help
much.  Downloads often start quickly, but are then throttled back down to
300KB/s within 10 seconds or so.  We've changed the hz (100 to 1), the
net.inet.tcp.sendspace, kern.ipc.maxsockbuf, and tried different
variations on the inflight tunables, but nothing has made a positive
difference of more than ~20KB/s at best.

If the server is running linux (2.6 kernel with default TCP settings), we
can get much better speeds, 600-1000KB/s easily.  If we were going for
time/distance records, we would try changing around tcp settings on the
client, but we're trying to maximize performance for standard surfers who
wouldn't know how to do that, so we're looking for anything that is server
side only.

We've been searching high and low for any tuning ideas but aren't able to
find anything that's made a difference.  From looking at how the
congestion stuff works in the source, it appears that something like:

http://www.sigusr1.org/weblog/index.php?/categories/6-Hacks

might be happening here, but we're kind of stabbing in the dark.

Does anyone have any tuning ideas for 6.1 in a WAN setting?

Thanks,

Moses





___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: can burn cd's, can't read once burnt

[Garrett Cooper]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Timothy Smith wrote:
> Garrett Cooper wrote:
> 
> Timothy Smith wrote:
>  
> 
 Paul Schmehl wrote:

   
> --On Thursday, October 19, 2006 00:17:33 +1000 Timothy Smith
> <[EMAIL PROTECTED]> wrote:
>
> 
>> i have an odd issue with 6.0 that i've been trying to solve for
>> ages and
>> nobody seems to know how to answer.
>>
>> 1. i can mount any cd's or dvd's THAT I DIDN'T BURN. makes no
>> difference
>> what media is used.
>>
>> 2. i burn a dvd like so
>>
>> growisofs -dvd-compat -Z /dev/cd0=bailes.iso
>>
>>   
> Are you sure this shouldn't be
> growisofs -dvd-compat -Z /dev/acd0=bailes.iso ?
>
> Paul Schmehl ([EMAIL PROTECTED])
> Adjunct Information Security Officer
> The University of Texas at Dallas
> http://www.utdallas.edu/ir/security/
> 
 not unless the freebsd handbook is wrong.
 it burns the dvd, i just can't mount it on this computer. i can mount
 under windows.
   
> 
> Not sure, but it's either UDF or ISO9660 format, and if you
> don't have the correct support built into your kernel or if you don't
> have the right fs mentioned in fstab, the kernel/mount will refuse to
> mount the DVD since it doesn't know how to interpret the contents. Try
> either mounting with -t udf or -t auto and see if you can mount the disk.
> Also, if the DVD is an audio DVD, you can't mount it; just use a
> program like xMMs to play it directly by setting up the CDROM plugin
> properly.. You need to be a part of the operator group, or set the
> permissions for the drive properly in order to mount it.
> -Garrett
>
> none of the above apply, since i can mount the original dvd just fine,
> but i can't mount the burnt image. :/ i'm at a loss with what to do

Cheap DVDs? Old DVD burner firmware? Upgrading your firmware may help a
lot in this case, as it did for me with my cheap media in my Phillips
DVD+/-RW drive..
- -Garrett
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFNvPe6CkrZkzMC68RAoG1AJ9KKoHghOsbyFzSVAdENBu3sr9WvACaA05M
O7lfLs9hZAW3NIIC4Jl8HC0=
=tw39
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: can burn cd's, can't read once burnt

[Timothy Smith]

Garrett Cooper wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Timothy Smith wrote:
 


Paul Schmehl wrote:

   


--On Thursday, October 19, 2006 00:17:33 +1000 Timothy Smith
<[EMAIL PROTECTED]> wrote:

 


i have an odd issue with 6.0 that i've been trying to solve for ages and
nobody seems to know how to answer.

1. i can mount any cd's or dvd's THAT I DIDN'T BURN. makes no difference
what media is used.

2. i burn a dvd like so

growisofs -dvd-compat -Z /dev/cd0=bailes.iso

   


Are you sure this shouldn't be
growisofs -dvd-compat -Z /dev/acd0=bailes.iso ?

Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
 


not unless the freebsd handbook is wrong.
it burns the dvd, i just can't mount it on this computer. i can mount
under windows.
   



Not sure, but it's either UDF or ISO9660 format, and if you
don't have the correct support built into your kernel or if you don't
have the right fs mentioned in fstab, the kernel/mount will refuse to
mount the DVD since it doesn't know how to interpret the contents. Try
either mounting with -t udf or -t auto and see if you can mount the disk.
Also, if the DVD is an audio DVD, you can't mount it; just use a
program like xMMs to play it directly by setting up the CDROM plugin
properly.. You need to be a part of the operator group, or set the
permissions for the drive properly in order to mount it.
- -Garrett
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFNt2K6CkrZkzMC68RAo81AKCH5B/4DDoETPxG9IIYpRYHyd/22ACfeShd
5Q1ndeKDiLmEqr8Ip7KgxPc=
=XTP4
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

 

none of the above apply, since i can mount the original dvd just fine, 
but i can't mount the burnt image. :/ i'm at a loss with what to do

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: can burn cd's, can't read once burnt

[Garrett Cooper]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Timothy Smith wrote:
> Paul Schmehl wrote:
> 
>> --On Thursday, October 19, 2006 00:17:33 +1000 Timothy Smith
>> <[EMAIL PROTECTED]> wrote:
>>
>>> i have an odd issue with 6.0 that i've been trying to solve for ages and
>>> nobody seems to know how to answer.
>>>
>>> 1. i can mount any cd's or dvd's THAT I DIDN'T BURN. makes no difference
>>> what media is used.
>>>
>>> 2. i burn a dvd like so
>>>
>>> growisofs -dvd-compat -Z /dev/cd0=bailes.iso
>>>
>> Are you sure this shouldn't be
>> growisofs -dvd-compat -Z /dev/acd0=bailes.iso ?
>>
>> Paul Schmehl ([EMAIL PROTECTED])
>> Adjunct Information Security Officer
>> The University of Texas at Dallas
>> http://www.utdallas.edu/ir/security/
> 
> not unless the freebsd handbook is wrong.
> it burns the dvd, i just can't mount it on this computer. i can mount
> under windows.

Not sure, but it's either UDF or ISO9660 format, and if you
don't have the correct support built into your kernel or if you don't
have the right fs mentioned in fstab, the kernel/mount will refuse to
mount the DVD since it doesn't know how to interpret the contents. Try
either mounting with -t udf or -t auto and see if you can mount the disk.
Also, if the DVD is an audio DVD, you can't mount it; just use a
program like xMMs to play it directly by setting up the CDROM plugin
properly.. You need to be a part of the operator group, or set the
permissions for the drive properly in order to mount it.
- -Garrett
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFNt2K6CkrZkzMC68RAo81AKCH5B/4DDoETPxG9IIYpRYHyd/22ACfeShd
5Q1ndeKDiLmEqr8Ip7KgxPc=
=XTP4
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: tao.thought.org is back.....

[Chuck Swiger]

On Oct 18, 2006, at 5:14 PM, Gary Kline wrote:

This would work [or ought to!]; right now, all my mail e[x]change
entries are equi-valued at 50.  But this seems like a back door
way of dealing with sendmail.  I'm the first to admit that it's a
less tha[n] optimal suite, obscure beyond words, (etc).  But I'd
like to understand how to resolve this problem with sen[d]mail


You can override MX prioritization by using a mailertable.

But you will need to list IP addresses in square brackets to disable  
MX lookups and force other MX hosts to relay mail to where-ever you  
want.  Therefore, the simple answer is to make sure that the final  
destination for email to your domain is listed as the highest- 
priority MX record (ie, lowest numeric MX value).


And you will either need to masquarade for your domain, or you will  
need to list all of the hostnames for which email is being addressed  
to in class w (aka /etc/mail/local-host-names) on the mailserver  
which performs local delivery


--
-Chuck

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: tao.thought.org is back.....

[Giorgos Keramidas]

On 2006-10-18 17:14, Gary Kline <[EMAIL PROTECTED]> wrote:
> On Thu, Oct 19, 2006 at 12:57:08AM +0300, Giorgos Keramidas wrote:
> > On 2006-10-18 14:12, Gary Kline <[EMAIL PROTECTED]> wrote:
> > > 
> > > This is only for sendmail *wizards* out there.  It took me two
> > > hours of messing round with the /etc/mail/* files on ns1|sage
> > > before I just gave up.  After I rebooted both servers to get mail 
> > > to default to tao.  
> > > 
> 
>   [[ ... ]]
> 
> > > My one question is given that mail defaults to my
> > > ns1.thought.org, HOW can I get it to go to (say) zen.thought.org,
> > > or to tao.thought.org?  or to ethos.thought.org?   OR what 
> > > re-initialization do I  have to do?  other than a shutdown -r
> > > now??
> > > 
> > > I thought I had this down cold, but nope.
> > > 
> > > gary
> > > 
> > > PS:  Mail from my magnesium.net account mailed explicitedly to
> > >  [EMAIL PROTECTED], [EMAIL PROTECTED],
> > >  [EMAIL PROTECTED], or [EMAIL PROTECTED] other
> > >  words,  using the FQDN-- gets to which ever server.  But how
> > >  do I make "[EMAIL PROTECTED]" reach a specific server??
> > > 
> > > PS:  Apologizes if this seems like an obscure question; it IS
> > 
> > By setting the "MX" records for `thought.org' up so that the one with
> > the lowest value of them all points to that specific server.
> > 
> > This should be configured in the name-server which hosts the DNS zone
> > for `thought.org'.
> 
> This would work [or ought to!]; right now, all my mail echange
> entries are equi-valued at 50.  But this seems like a back door
> way of dealing with sendmail.  I'm the first to admit that it's a
> less tha optimal suite, obscure beyond words, (etc).  But I'd
> like to understand how to resolve this problem with senmail

Sendmail (or any other MTA, for that matter) should really *trust* the
DNS admin to properly configure MX records.

There's nothing wrong with relying on MX records which, for example,
point to:

thought.org.IN  MX  10  mx1.thought.org.
thought.org.IN  MX  20  mx2.thought.org.

If I understood what you are trying to do, then a nice set of MX
priorities *does* what you want.  Why would you want to mess with
mailertables? :)

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: tao.thought.org is back.....

[Gary Kline]

On Thu, Oct 19, 2006 at 12:57:08AM +0300, Giorgos Keramidas wrote:
> On 2006-10-18 14:12, Gary Kline <[EMAIL PROTECTED]> wrote:
> > 
> > This is only for sendmail *wizards* out there.  It took me two
> > hours of messing round with the /etc/mail/* files on ns1|sage
> > before I just gave up.  After I rebooted both servers to get mail 
> > to default to tao.  
> > 

[[ ... ]]

> > My one question is given that mail defaults to my
> > ns1.thought.org, HOW can I get it to go to (say) zen.thought.org,
> > or to tao.thought.org?  or to ethos.thought.org?   OR what 
> > re-initialization do I  have to do?  other than a shutdown -r
> > now??
> > 
> > I thought I had this down cold, but nope.
> > 
> > gary
> > 
> > PS:  Mail from my magnesium.net account mailed explicitedly to
> >  [EMAIL PROTECTED], [EMAIL PROTECTED],
> >  [EMAIL PROTECTED], or [EMAIL PROTECTED] other
> >  words,  using the FQDN-- gets to which ever server.  But how
> >  do I make "[EMAIL PROTECTED]" reach a specific server??
> > 
> > PS:  Apologizes if this seems like an obscure question; it IS
> 
> By setting the "MX" records for `thought.org' up so that the one with
> the lowest value of them all points to that specific server.
> 
> This should be configured in the name-server which hosts the DNS zone
> for `thought.org'.

This would work [or ought to!]; right now, all my mail echange
entries are equi-valued at 50.  But this seems like a back door
way of dealing with sendmail.  I'm the first to admit that it's a
less tha optimal suite, obscure beyond words, (etc).  But I'd
like to understand how to resolve this problem with senmail

(*mumble*)

gary


> 

-- 
   Gary Kline [EMAIL PROTECTED]   www.thought.org Public service Unix

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: can burn cd's, can't read once burnt

[Timothy Smith]

Paul Schmehl wrote:

--On Thursday, October 19, 2006 00:17:33 +1000 Timothy Smith 
<[EMAIL PROTECTED]> wrote:



i have an odd issue with 6.0 that i've been trying to solve for ages and
nobody seems to know how to answer.

1. i can mount any cd's or dvd's THAT I DIDN'T BURN. makes no difference
what media is used.

2. i burn a dvd like so

growisofs -dvd-compat -Z /dev/cd0=bailes.iso


Are you sure this shouldn't be
growisofs -dvd-compat -Z /dev/acd0=bailes.iso ?

Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/


not unless the freebsd handbook is wrong.
it burns the dvd, i just can't mount it on this computer. i can mount 
under windows.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: tao.thought.org is back.....

[Gary Kline]

On Wed, Oct 18, 2006 at 10:36:37PM +0100, Jan Grant wrote:
> On Wed, 18 Oct 2006, Gary Kline wrote:
> 
> > My one question is given that mail defaults to my
> > ns1.thought.org, HOW can I get it to go to (say) zen.thought.org,
> > or to tao.thought.org?  or to ethos.thought.org?   OR what 
> > re-initialization do I  have to do?  other than a shutdown -r
> > now??
> 
> Sounds like you need a mailertable entry that maps your incoming domain 
> name to smtp:whatever.thought.org
> 

Hm.  I did use the mailertable until a few years ago.  Here's
what I had.  What I never understood was how the "%1" in the 
rely entry/line worked.  t

Now that I (somehow) have [EMAIL PROTECTED] -> [EMAIL PROTECTED],
I'm relectant to mess with things.   What *may* have fixed thing
was when I put [bck] this mapping into virtuserable.   ---I do
have
scripts to re-pinit stuff, but it didn't work until I did a full 
reset (reboot).

Thanks for this1! Anybody else know how to do change this and
reinitialize???

gary

Re:


##
## List of domains (possibly wildcarded) and destination mailers
##
#.my.domain xnet:%1.my.domain
#uuhost1.my.domain  suucp:uuhost1
#.bitnetsmtp:relay.bit.net
# (21dec03 1730)
# thought.org   tao.thought.org
.thought.orgrelay:[%1.thought.org]


-- 
   Gary Kline [EMAIL PROTECTED]   www.thought.org Public service Unix

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: some issues about partitions and boot manager in dual boot cases with Windows

[Jerry McAllister]

Hi,

I am having a little trouble following exactly what you are asking,
but will take a shot at some of it, anyway.

By the way, please break your lines at about 72 character length.  It
makes it much easier to read and especially to answer in a text based
Email reader such as many of us use.Most Email programs allow you
to set this and if yours does not, just hit the ENTER key as your line
gets about that long.  It will help.

>Hi, I'm actually looking forward to install on my computer a 
> freeBSD edition (very probably PC-BSD).  I found this OS extraordinary 
> after a first experience with a live CD. 

Yup.  It is.

> The only thing that keeps me back is the installation: I got a almost 10 
> (even not more) manuals about freeBSD and none, absolutely none, does not 
> specify the very commun possibility of having a disk already with 2 
> partitions in Windows, not to mention even further possibilities as 
> having 2 disks, from wich one having 2 partitions. 

I guess this is what I do not understand.   Most books on FreeBSD that
I have seen, including the FreeBSD handbook (available online at the
FreeBSD website and is essential reading) ve two possibilities.
The first is installing on a disk that is completely given to FreeBSD
and the second is dividing the disk between Some other OS (usually MS-Win 
of some flavor) and FreeBSD.   None that I have seen say two partitions
in Windows being required (just allowed if desired).

> 
> For instance I have 2 computers, each with 2 SATA disks: on the first, the 
> master, Windows 2000 or XP, and on the other, on the first partition, the 
> other Windows flavor, respectively XP and 2000, the second partition, in 
> both cases, being left for data. Both systems are in dual boot; I decided 
> to have ready (and use) both Windows flavors after a couple of very bad 
> experiences of crushings; thus, in cas of crush, at least on of the 2 OS 
> would be still working allowing me to access the data.

Well, you have to make room for FreeBSD somewhere.  FreeBSD does not
run from a Windows slice.   It requires its own slice.   Note, the term
"slice" which generally corresponds to what the MS-Win world calls a
"primary partition"BSD Unix uses the term 'partition' to refer to
a subdivision of a slice.That can at first be confusing, because
sometimes people forget and use both terms interchangeably and they
are definitely not the same thing.

Just a little summary:
In the MS and also the BSD world a disk can be divided in to four
primary divisions which in the BSD world are called slices.   In
each world there are ways of further dividing the slices in to sub-units.
In the BSD world those are called partitions.  In the MS world, they
have something called extended partitions, (but they are not the same).

You need to have at least one slice (primary partition is MS speak) to
install FreeBSD.  That slice will be designated as a FreeBSD type and
MS-Win will no longer be able to talk to it.   Although FreeBSD, which
is smarter, will be able to talk to most of the other MS-Win slices.
(I don't know if it can talk to an extended partition yet or not)

That FreeBSD slice can be all of a disk or just part of it and be 
one of the primary slices which are number 1..4.If a single disk
has more than one OS, and one of those is some MS-Win thing, then it is 
normally better to leave the MS-Win stuff as first on the disk.  FreeBSD
doesn't care, but MS-Win might skrew up otherwise.  If you are going to
use a whole disk for FreeBSD, then it doesn't matter.

> Now I decided to install the freeBSD on the second partition of the 
> second disk (in each case more than 100 GB) and I cannot find in any 
> manual how, or even if or not, this second partition, of the second 
> disk will appear in Sysinstall Program; normally, it would appear as 
> a "da2" specification, but will it be recognized by freeBSD as "a disk", 
> that is, a 3rd disk ? 

OK.  I think you are saying that, on each disk, you have set up two
MS-Win partitions.   I am presuming by that you mean primary partitions
and not some extended thing.  You are planning on installing FreeBSD in
the second primary partition, which FreeBSD would call slice 2 on disk 1.
That is easily do-able.   

I think SATA disks show up as ad_n.   SCSI disks are da_n where 'n' is
the disk number starting from 0.In that case your first disk would
look like ad0 to FreeBSD and the second would be ad1.   If there are
two slices on each disk, they would be ad0s1 and ad0s2 on the first disk
and ad1s1 and ad1s2 on the second disk.   It sounds like you want to
put FreeBSD on ad1s2.

If I am wrong on this identifier, then it will just be da0 and da1 as
with SCSI disks.   Just switch the a & d characters in all the commands.

> And if not, do I have to format, allocating the necessary space, in 
> freeBSD (Unix) system files ? This because this second partition of 
> the second disk is already formated in NTFS of Windows ... In t

Re: smbfs & rsync

[Antony Mawer]

On 19/10/2006 4:35 AM, Vahan Yerkanian wrote:

Greetings,

On one of my machines running 6.1-RELEASE rsync over a smbfs share is 
failing with the following error:


building file list ... rsync: readdir("/ipa1/tmimage/2001"): Bad file 
descriptor (9)

done
IO error encountered -- skipping file deletion

sent 246047 bytes  received 20 bytes  492134.00 bytes/sec
total size is 3876995600  speedup is 15755.85
rsync error: some files could not be transferred (code 23) at 
main.c(892) [sender=2.6.8]


where /ipa1 is a smbfs share.

I've googled and found this [1] particular article that pinpoints a 
simple coding mistake, anyone knows if this is going to be fixed in 
6.2-RELEASE? /usr/sbin/mount_smbfs is the binary affected,


[1] http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/78953



You're on the right track with the PR, and Jim Carroll did the hard work 
of coming up with a patch for the issue. Unfortunately I haven't had the 
chance to test the patch, but will try and make time to...


I'd imagine this is probably too late to get into 6.2 (any dev's care to 
comment?), but if we're able to test + verify it works then I don't see 
why it shouldn't make 6.3.


SMBFS could still use a bit of polish in areas... there are also UCS2 
patches outstanding that would make talking to MacOSX servers much more 
pleasant:


http://people.freebsd.org/~imura/kiconv/

Cheers
Antony
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: tao.thought.org is back.....

[Giorgos Keramidas]

On 2006-10-18 14:12, Gary Kline <[EMAIL PROTECTED]> wrote:
> 
> This is only for sendmail *wizards* out there.  It took me two
> hours of messing round with the /etc/mail/* files on ns1|sage
> before I just gave up.  After I rebooted both servers to get mail 
> to default to tao.  
> 
> After my first "fatal trap" on 01 Sept, I changed (uncommented) my 
> ^Cw tao.thought.org
> line on sage's sendmail.cf to get mail going to sage rather than tao.
> I do realize that this Cw line means: route all mail for "tao" to
> localhost, which here was sage.  With this Cw commented out, mail
> for [EMAIL PROTECTED] was routed to tao.  Uncommented, and mail
> stayed in sage.thought.org.
> 
> My one question is given that mail defaults to my
> ns1.thought.org, HOW can I get it to go to (say) zen.thought.org,
> or to tao.thought.org?  or to ethos.thought.org?   OR what 
> re-initialization do I  have to do?  other than a shutdown -r
> now??
> 
> I thought I had this down cold, but nope.
> 
> gary
> 
> PS:  Mail from my magnesium.net account mailed explicitedly to
>  [EMAIL PROTECTED], [EMAIL PROTECTED],
>  [EMAIL PROTECTED], or [EMAIL PROTECTED] other
>  words,  using the FQDN-- gets to which ever server.  But how
>  do I make "[EMAIL PROTECTED]" reach a specific server??
> 
> PS:  Apologizes if this seems like an obscure question; it IS

By setting the "MX" records for `thought.org' up so that the one with
the lowest value of them all points to that specific server.

This should be configured in the name-server which hosts the DNS zone
for `thought.org'.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: tao.thought.org is back.....

[Jan Grant]

On Wed, 18 Oct 2006, Gary Kline wrote:

>   My one question is given that mail defaults to my
>   ns1.thought.org, HOW can I get it to go to (say) zen.thought.org,
>   or to tao.thought.org?  or to ethos.thought.org?   OR what 
>   re-initialization do I  have to do?  other than a shutdown -r
>   now??

Sounds like you need a mailertable entry that maps your incoming domain 
name to smtp:whatever.thought.org

jan

-- 
jan grant, ISYS, University of Bristol. http://www.bris.ac.uk/
Tel +44 (0)117 3317661   http://ioctl.org/jan/
New Freedom of Information Act: theirs, to yours. Happy now?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

tao.thought.org is back.....

[Gary Kline]

This is only for sendmail *wizards* out there.  It took me two
hours of messing round with the /etc/mail/* files on ns1|sage
before I just gave up.  After I rebooted both servers to get mail 
to default to tao.  

After my first "fatal trap" on 01 Sept, I changed (uncommented) my 
^Cw tao.thought.org
line on sage's sendmail.cf to get mail going to sage rather than tao.
I do realize that this Cw line means: route all mail for "tao" to
localhost, which here was sage.  With this Cw commented out, mail
for [EMAIL PROTECTED] was routed to tao.  Uncommented, and mail
stayed in sage.thought.org.

My one question is given that mail defaults to my
ns1.thought.org, HOW can I get it to go to (say) zen.thought.org,
or to tao.thought.org?  or to ethos.thought.org?   OR what 
re-initialization do I  have to do?  other than a shutdown -r
now??

I thought I had this down cold, but nope.

gary

PS:  Mail from my magnesium.net account mailed explicitedly to
 [EMAIL PROTECTED], [EMAIL PROTECTED],
 [EMAIL PROTECTED], or [EMAIL PROTECTED] other
 words,  using the FQDN-- gets to which ever server.  But how
 do I make "[EMAIL PROTECTED]" reach a specific server??

PS:  Apologizes if this seems like an obscure question; it IS


-- 
   Gary Kline [EMAIL PROTECTED]   www.thought.org Public service Unix

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Gnome 2.16 and Xorg 7.x

[Kris Kennaway]

On Thu, Oct 19, 2006 at 01:06:01AM +0400, Andrew Pantyukhin wrote:
> On 10/18/06, Kris Kennaway <[EMAIL PROTECTED]> wrote:
> >On Wed, Oct 18, 2006 at 01:31:20PM -0400, Michael Johnson wrote:
> >> On 10/18/06, Pavel Porubov <[EMAIL PROTECTED]> wrote:
> >> >Please add Gnome 2.16 and Xorg 7.x to the next FreeBSD 6.2. After about
> >> >a month there will be Gnome 2.18 and you want to to add to FreeBSD 6.2
> >> >just Gnome 2.14. Thanks.
> >> >
> >>
> >> Well.. just because you asked so nice we will put GNOME 2.16 in
> >> FreeBSD 6.2.
> >
> >You travelled back in time a few months to start work on it, too - now
> >THAT's service!
> 
> I'm just thinking, why do we always have to lag behind? Can't
> we just once release something before it's been written (and long
> before it's been ported to FreeBSD)? Just for kicks.

Great idea!  Let's put that on the todo list for 7.0 :)

Kris

pgpqm1Bn2lsay.pgp
Description: PGP signature

hald service

[eoghan]

Hi
Can I enable hald in my rc.conf. I am trying to start it in console,  
get no error message but I still cant load the
"Removable Drives and Media" option from my System Prefs menu. Say  
hald service is required but not started

Using Gnome 2.16, FreeBSD 6.1
Thanks
Eoghan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Gnome 2.16 and Xorg 7.x

[Andrew Pantyukhin]

On 10/18/06, Kris Kennaway <[EMAIL PROTECTED]> wrote:

On Wed, Oct 18, 2006 at 01:31:20PM -0400, Michael Johnson wrote:
> On 10/18/06, Pavel Porubov <[EMAIL PROTECTED]> wrote:
> >Please add Gnome 2.16 and Xorg 7.x to the next FreeBSD 6.2. After about
> >a month there will be Gnome 2.18 and you want to to add to FreeBSD 6.2
> >just Gnome 2.14. Thanks.
> >
>
> Well.. just because you asked so nice we will put GNOME 2.16 in
> FreeBSD 6.2.

You travelled back in time a few months to start work on it, too - now
THAT's service!


I'm just thinking, why do we always have to lag behind? Can't
we just once release something before it's been written (and long
before it's been ported to FreeBSD)? Just for kicks.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

some issues about partitions and boot manager in dual boot cases with Windows

[danan]

   Hi, I'm actually looking forward to install on my computer a freeBSD 
edition (very probably PC-BSD).  I found this OS extraordinary after a first 
experience with a live CD. 
The only thing that keeps me back is the installation: I got a almost 10 (even 
not more) manuals about freeBSD and none, absolutely none, does not specify the 
very commun possibility of having a disk already with 2 partitions in Windows, 
not to mention even further possibilities as having 2 disks, from wich one 
having 2 partitions. 

For instance I have 2 computers, each with 2 SATA disks: on the first, the 
master, Windows 2000 or XP, and on the other, on the first partition, the other 
Windows flavor, respectively XP and 2000, the second partition, in both cases, 
being left for data. Both systems are in dual boot; I decided to have ready 
(and use) both Windows flavors after a couple of very bad experiences of 
crushings; thus, in cas of crush, at least on of the 2 OS would be still 
working allowing me to access the data.

Now I decided to install the freeBSD on the second partition of the second disk 
(in each case more than 100 GB) and I cannot find in any manual how, or even if 
or not, this second partition, of the second disk will appear in Sysinstall 
Program; normally, it would appear as a "da2" specification, but will it be 
recognized by freeBSD as "a disk", that is, a 3rd disk ? 

And if not, do I have to format, allocating the necessary space, in freeBSD 
(Unix) system files ? This because this second partition of the second disk is 
already formated in NTFS of Windows ... In this case, do I have to put exactly 
the measure of the partition (done in Windows) for formating in freeBSD ? I ask 
this because in a forum I noticed that someboyd had some problems after leaving 
a little space between his 2 partitions of the disk (the first with Windows, 
the second of Linux). 

And a last thing, even more worring: the booting and the MBR; do I have to 
leave the MBR untouched or to install the freeBSD boot manager in MBR ? In a 
Linux manual it is clearly specified, in the chapter about dual boot with 
Windows, that in this last case - if the Linux boot manager is installed in MBR 
- than Windows OS (XP or 2000) will not boot anymore ... So, leave the MBR 
untouched when installing freeBSD or not ?

Excuse for my long message but I'm a little exasperated and don't understand 
why this extremly important aspects are not stressed enough in the BSD manuals: 
how to install the boot (in case of coexistence with other OS, mostly Windows) 
and how to choose and partition the disks already partitioned ... 

I am almost sure that many potential freeBSD users are hold back from 
installing it because of these capital issues ... 


Thank you very much

Dana

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Gnome 2.16 and Xorg 7.x

[Kris Kennaway]

On Wed, Oct 18, 2006 at 01:31:20PM -0400, Michael Johnson wrote:
> On 10/18/06, Pavel Porubov <[EMAIL PROTECTED]> wrote:
> >Please add Gnome 2.16 and Xorg 7.x to the next FreeBSD 6.2. After about
> >a month there will be Gnome 2.18 and you want to to add to FreeBSD 6.2
> >just Gnome 2.14. Thanks.
> >
> 
> Well.. just because you asked so nice we will put GNOME 2.16 in
> FreeBSD 6.2.

You travelled back in time a few months to start work on it, too - now
THAT's service!

Kris


pgp0UTUoUVipG.pgp
Description: PGP signature

Re: Routing with external interface doesn't work after a while

[Erik Norgaard]

Martin Turgeon wrote:


You're right on this, the filtering rules aren't written with the brackets.
But isn't pf routing the packets to an interface instead of an IP address.


I can't tell you if this affects your setup since I have't seen the 
ruleset.


You're going to tag then nat and then filter the packets. If any of 
these steps you apply non-dynamic rules, that is you use $ext_if instead 
of ($ext_if) for the ip address on the external interface, then you're 
likely to have things behave unexpectedly.


Things suddenly stop working after weeks without problems, just sounds 
very much like your firewall setup doesn't follow changes of the 
interface configuration. Without knowing the details of your setup, I 
can't tell you much more.


What also confuses me is that you have tags in your nat rules - you 
might add a tag for later use in filtering, but you also check if a tag 
exist, and I don't know how or where this is set.


Cheers, Erik
--
Ph: +34.666334818  web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Routing with external interface doesn't work after a while

[Martin Turgeon]

You're right on this, the filtering rules aren't written with the brackets.
But isn't pf routing the packets to an interface instead of an IP address.

Thanks a lot

Martin

-Message d'origine-
De : Erik Norgaard [mailto:[EMAIL PROTECTED] 
Envoyé : 18 octobre 2006 12:41
À : Martin Turgeon
Cc : freebsd-pf@freebsd.org; [EMAIL PROTECTED];
freebsd-questions@freebsd.org
Objet : Re: Routing with external interface doesn't work after a while

Martin Turgeon wrote:
> The NAT rules are already written that way:
> 
> nat on $wan_if tag LAN_WAN_NAT tagged LAN_WAN -> ($wan_if)
> nat on $wan_if tag WLS_WAN_NAT tagged WLS_WAN -> ($wan_if)
> nat on $wan_if tag AP_WAN_NAT tagged AP_WAN -> ($wan_if)
> nat on $wan_if tag VPN_WAN_NAT tagged VPN_WAN -> ($wan_if)

How are your tags created? If somewhere in the nat/tag/filtering process 
  you've missed the dynamic update of the external ip it may fail there...

Cheers, Erik
-- 
Ph: +34.666334818  web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ipfilter / ipnat & /usr/sbin/ppp ? (answered)

[Nathan Vidican]

Answer found, NAT implemented using libalias library:  man 3 libalias


--
Nathan Vidican
[EMAIL PROTECTED]

On Wed, 18 Oct 2006 13:59:29 -0400, Nathan Vidican wrote
> using:
> 
> ppp -ddial -nat 
> 
> How does the "-nat" flag implement nat for PPPoE ? Using ipfw/natd, 
> ipnat/ipfilter, and is it hard-coded or can it be optionally changed?
> 
> Can I use rules created for/through ipfilter/ipnat, or should I 
> simply disable NAT translation on the ppp interface and enable it 
> through ipnat on it's own?
> 
> --
> Nathan Vidican
> [EMAIL PROTECTED]
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-
[EMAIL PROTECTED]"

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Mandriva Pulse

[Andrea Venturoli]

Hello.

Has anyone had the chance to peek at the above software?
Does it live up to its promises? I can't seem to find any real life info 
on it, only the producer's brochures, which don't make it so clear what 
it can and can't do?
Do you know of any place where it's downloadable (without installing a 
whole linux distro)? It looks like it can't be downloaded, although it's 
GPLed...

Would it work on FreeBSD? Is someone already doing this?

 bye & Thanks
av.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: php5 port

[Bill Moran]

In response to Eric <[EMAIL PROTECTED]>:

> Nian wrote:
> > Hello
> > 
> > I tryed to install your php5-5.1.6_2 recently. It works fine but when
> > I run php --version the version is 5.1.2?
> > 
> > matilda# php --version
> > PHP 5.1.2 (cli) (built: Mar 16 2006 03:15:52)

March 16th isn't very recently.

Looks like on March 16th, someone installed PHP in a non-standard way
and it's picking up the wrong one.

-- 
Bill Moran
Collaborative Fusion Inc.


IMPORTANT: This message contains confidential information and is
intended only for the individual named. If the reader of this
message is not an intended recipient (or the individual
responsible for the delivery of this message to an intended
recipient), please be advised that any re-use, dissemination,
distribution or copying of this message is prohibited. Please
notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or
error-free as information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses. The
sender therefore does not accept liability for any errors or
omissions in the contents of this message, which arise as a
result of e-mail transmission.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: php5 port

[Eric]

Nian wrote:

Hello

I tryed to install your php5-5.1.6_2 recently. It works fine but when
I run php --version the version is 5.1.2?

matilda# php --version
PHP 5.1.2 (cli) (built: Mar 16 2006 03:15:52)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies



thats odd, mine looks like this:

PHP 5.1.6 with Suhosin-Patch 0.9.5 (cli) (built: Oct 16 2006 16:00:28)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
with eAccelerator v0.9.5-rc1, Copyright (c) 2004-2006 eAccelerator, 
by eAccelerator



be sure to update your ports tree and try a reinstall. I have never had 
that happen to be before. The date on your php executable is old as 
well. are you sure it: a) compiled clean and b) was installed?


Eric
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Problems with USB Palm sync

[Damian Wiest]

On Wed, Oct 18, 2006 at 08:53:18AM -0400, Jonathan Arnold wrote:
> Anish Mistry wrote:
> >On Tuesday 17 October 2006 23:22, Jonathan Arnold wrote:
> >>Anish Mistry wrote:
> >>>On Tuesday 17 October 2006 16:29, Jonathan Arnold wrote:
> Has anyone had any luck using pilot-link to sync JPilot to a
> Palm device via the USB? I'm trying to sync my Handspring Visor
> and it just doesn't seem to be noticing it. I have the following
> in my /dev/usbd.conf file:
> >>>First you shouldn't be using usbd.conf.  You should be using
> >>>devd.conf and devfs.rules.
> >>>
> >>>Disable usbd.
> >>>
> >>>Add to devd.conf:
> >>>attach 0 {
> >>>device-name "ugen[0-9]+";
> >>>match "vendor" "0x082d";
> >>>match "product" "0x0100";
> >>>match "release" "0x0100";
> >>>action "/usr/local/sbin/pilot-sync-ugen.sh $device-name";
> >>>};
> >>>
> >>>Setup devfs.rules if you have yet to do it:
> >>>http://am-productions.biz/docs/devfs.rules.php
> >>>
> >>>Add your user to the operator group or change the mode to 0666
> >>>below. Add to devfs.rules:
> >>>add path 'ugen*' group operator
> >>>add path 'ugen*' mode 0660
> >>>
> >>>In /usr/local/sbin/pilot-sync-ugen.sh:
> >>>#!/bin/sh
> >>>#
> >>>JPILOT=/usr/X11R6/bin/jpilot-sync
> >>>JPILOT_USER=your_username_here
> >>>export JPILOT_HOME=/home/$JPILOT_USER
> >>>PILOTPORT=usb:/dev/$1
> >>>COMMAND=`echo $JPILOT -p $PILOTPORT -b`
> >>># run command ie. (sync)
> >>>/usr/bin/su $JPILOT_USER -c "$COMMAND"
> >>Thanks, this seems to work a little better.  Now, when I hit the
> >>Hot Sync button on the cradle, I get the feedback that there's a
> >>connection and it says "Identifying user" on the Visor, but it just
> >>hangs there and eventually gives up. If I comment out the action
> >>and try it from the commandline, pilot-xfer says " Listening for
> >>incoming connection on usb:/dev/ugen0... ". It seems to me that
> >>both are waiting for the other to initiate something. ugen0 doesn't
> >>get created until I hit the HotSync button, but the pilot-link
> >>stuff seems to be waiting for that to happen again?
> >You'll need to install the user:
> ># install pilot-link username
> >COMMAND=`echo /usr/local/bin/install-user -p $PILOTPORT -u 
> >$JPILOT_USER -i 1001`
> 
> I thought it might be something like this, so I played quite a bit last
> night trying to get this command to work, but still no joy in mudville.
> I replaced the jpilot-sync COMMAND line with the install-user one, but it
> still does the same thing. I press the hot sync button, I get the 
> confirmation
> that a connection was made from the Visor, but both ends just sit there at
> that point.
> 
> I feel like I'm ever so close and am just missing one tweak to push it
> over into usability.
> 
> BTW, what is the 'uvisor' driver for? Should I be trying to use this one
> instead of the 'ugen', which is the generic interface?
> 
> -- 
> Jonathan Arnold (mailto:[EMAIL PROTECTED])
> Daemon Dancing in the Dark, a FreeBSD weblog:
> http://freebsd.amazingdev.com/blog/
> 
> UNIX is user-friendly. It's just a bit picky about who its friends are.

Here's what works for me on my FreeBSD 6.1 (x86) laptop and 
OpenBSD 3.9 (x86) workstation:

To use pilot-xfer to sync your Palm device

1. Connect cradle to system via USB port
2. Press the sync button 
3. Execute "sudo pilot-xfer -p /dev/ttyU0 -s " where PalmDir
  is the location of your Palm data.
4. Files are transferred from the Palm device

To use jpilot to sync your Palm device:

1. Execute "sudo jpilot"
2. Select the File->Preferences menu
3. Select the Settings tab
4. Change the serial port setting to /dev/ttyU0
5. Press the hotsync button on your cradle (or use the HotSync app.)
6. Press the sync button in J-Pilot
7. Palm device is synced

I find that I have better luck pressing sync on my device before running 
pilot-xfer or using J-Pilot's sync feature.  If you do it the other way
around and aren't quick enough, the /dev/ttyU0 device won't be available
and the application won't retry opening it.

I know I shouldn't be running the apps as root, but I haven't bothered
to configure /etc/devd.conf and /etc/devfs.rules on my laptop.

-Damian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Uucp mail coming in

[Gerard Seibert]

On Wednesday October 18, 2006 at 11:27:27 (AM) Dale Johnston wrote:


> I keep getting messages from spammers adddressed to [EMAIL PROTECTED]  Uucp
> has been eliminated from my /etc/mail/aliases, why are these still coming
> thru?  I've even tried aliasing uucp to bit-bucket. they still come thru

Did you run 'newaliases' after making the change?

-- 
Gerard

"It is not the OS's job to stop you from shooting your foot. If you so
choose to do so, then it is OS's job to deliver Mr. Bullet to Mr Foot in
the most efficient way it knows."
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

smbfs & rsync

[Vahan Yerkanian]

Greetings,

On one of my machines running 6.1-RELEASE rsync over a smbfs share is 
failing with the following error:


building file list ... rsync: readdir("/ipa1/tmimage/2001"): Bad file 
descriptor (9)

done
IO error encountered -- skipping file deletion

sent 246047 bytes  received 20 bytes  492134.00 bytes/sec
total size is 3876995600  speedup is 15755.85
rsync error: some files could not be transferred (code 23) at 
main.c(892) [sender=2.6.8]


where /ipa1 is a smbfs share.

I've googled and found this [1] particular article that pinpoints a 
simple coding mistake, anyone knows if this is going to be fixed in 
6.2-RELEASE? /usr/sbin/mount_smbfs is the binary affected,


[1] http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/78953

Anyone?

Best regards,
Vahan

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Segfaulting perl

[David King]

For the archives:

I eventually found  and . It looks like  
a bug in p5-Crypt-SSLeay, and it not properly calling some OpenSSL  
routines, which causes perl to segfault. In fetchyahoo 2.10.6, it is  
on line 1435 of 2117, which reads:

$main_page = $ua->request($request);

$ua is a LWP::UserAgent object, and what's happening is that the  
request is redirecting to an SSL page, so even if you have SSL turned  
off it will end up making an SSL request.


I fixed it (very temporarily) by removing p5-Crypt-SSLeay (pkg_delete  
-f p5-Crypt-SSLeay). The UserAgent object sees that it can't do SSL  
without that package and follows the redirects but without SSL.


So obviously there is the drawback that SSL won't work, and also I  
have other packages that rely on that perl module (notably gnucash)  
that won't work with it not installed. That bug was filed with Debian  
a year ago (Bug#334938, Oct 20, 2005 ).



On 15 Oct 2006, at 13:10, David King wrote:

Just to make sure that no bad library dependancies were at work, I  
did a 'make buildworld installworld', and a 'portupgrade -frR  
fetchyahoo perl openssl', to no avail (and with the same backtrace  
generated by gdb as below).


Any ideas?

On 10 Oct 2006, at 11:05, David King wrote:

When trying to run fetchyahoo (from ports), perl dumps core. It  
appears to be dumping core in OpenSSL. I've tried recompiling/ 
reinstalling all ports related to fetchyahoo, perl, and openssl.  
This happens whether or not I enable SSL in fetchyahoo's  
configuration.


It gets as far as:

~% fetchyahoo
Logging in insecurely via plaintext as username on Tue Oct 10  
09:49:20 2006

zsh: segmentation fault (core dumped)  fetchyahoo

Perl and OpenSSL have been compiled with:

~% egrep -i '^(COPT|CFLAG)' /etc/make.conf
CFLAGS+=-O -pipe -mtune=i686 -g
COPTFLAGS=-O -pipe -mtune=i686 -g

Here's the output of GDB and a backtrace

Core was generated by `perl5.8.8'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/local/lib/perl5/5.8.8/mach/CORE/ 
libperl.so...done.

Loaded symbols for /usr/local/lib/perl5/5.8.8/mach/CORE/libperl.so
Reading symbols from /lib/libm.so.4...done.
Loaded symbols for /lib/libm.so.4
Reading symbols from /lib/libcrypt.so.3...done.
Loaded symbols for /lib/libcrypt.so.3
Reading symbols from /lib/libutil.so.5...done.
Loaded symbols for /lib/libutil.so.5
Reading symbols from /usr/lib/libpthread.so.2...done.
Loaded symbols for /usr/lib/libpthread.so.2
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /usr/local/lib/perl5/5.8.8/mach/auto/IO/ 
IO.so...done.

Loaded symbols for /usr/local/lib/perl5/5.8.8/mach/auto/IO/IO.so
Reading symbols from /usr/local/lib/perl5/5.8.8/mach/auto/Fcntl/ 
Fcntl.so...done.
Loaded symbols for /usr/local/lib/perl5/5.8.8/mach/auto/Fcntl/ 
Fcntl.so
Reading symbols from /usr/local/lib/perl5/site_perl/5.8.8/mach/ 
auto/MIME/Base64/Base64.so...done.
Loaded symbols for /usr/local/lib/perl5/site_perl/5.8.8/mach/auto/ 
MIME/Base64/Base64.so
Reading symbols from /usr/local/lib/perl5/5.8.8/mach/auto/Time/ 
HiRes/HiRes.so...done.
Loaded symbols for /usr/local/lib/perl5/5.8.8/mach/auto/Time/HiRes/ 
HiRes.so
Reading symbols from /usr/local/lib/perl5/5.8.8/mach/auto/Socket/ 
Socket.so...done.
Loaded symbols for /usr/local/lib/perl5/5.8.8/mach/auto/Socket/ 
Socket.so
Reading symbols from /usr/local/lib/perl5/5.8.8/mach/auto/Sys/ 
Hostname/Hostname.so...done.
Loaded symbols for /usr/local/lib/perl5/5.8.8/mach/auto/Sys/ 
Hostname/Hostname.so
Reading symbols from /usr/local/lib/perl5/site_perl/5.8.8/mach/ 
auto/Compress/Zlib/Zlib.so...done.
Loaded symbols for /usr/local/lib/perl5/site_perl/5.8.8/mach/auto/ 
Compress/Zlib/Zlib.so

Reading symbols from /lib/libz.so.3...done.
Loaded symbols for /lib/libz.so.3
Reading symbols from /usr/local/lib/perl5/site_perl/5.8.8/mach/ 
auto/HTML/Parser/Parser.so...done.
Loaded symbols for /usr/local/lib/perl5/site_perl/5.8.8/mach/auto/ 
HTML/Parser/Parser.so
Reading symbols from /usr/local/lib/perl5/site_perl/5.8.8/mach/ 
auto/Crypt/SSLeay/SSLeay.so...done.
Loaded symbols for /usr/local/lib/perl5/site_perl/5.8.8/mach/auto/ 
Crypt/SSLeay/SSLeay.so

Reading symbols from /usr/local/lib/libssl.so.5...done.
Loaded symbols for /usr/local/lib/libssl.so.5
Reading symbols from /usr/local/lib/libcrypto.so.5...done.
Loaded symbols for /usr/local/lib/libcrypto.so.5
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0  0x2839d420 in SSL_CTX_ctrl () from /usr/local/lib/libssl.so.5
[New LWP 100179]
(gdb) bt
#0  0x2839d420 in SSL_CTX_ctrl () from /usr/local/lib/libssl.so.5
#1  0x01c0 in ?? ()
#2  0x000d in ?? ()
#3  0x28325000 in ?? ()
#4  0x in ?? ()
#5  0x283683b4 in __JCR_

Re: Problems with USB Palm sync

[Damian Wiest]

On Tue, Oct 17, 2006 at 06:03:07PM -0400, Jonathan Arnold wrote:
> (hope this isn't a double post:-(
> 
> Damian Wiest wrote:
> >On Tue, Oct 17, 2006 at 04:29:49PM -0400, Jonathan Arnold wrote:
> >>Has anyone had any luck using pilot-link to sync JPilot to a Palm
> >>device via the USB? I'm trying to sync my Handspring Visor and it just
> >>doesn't seem to be noticing it. I have the following in my
> >>/dev/usbd.conf file:
> >>
> >>device "Handspring Visor"
> >>devname "ugen[0-9]+"
> >>vendor  0x082d
> >>product 0x0100
> >>release 0x0100
> >>attach "chmod 0666 /dev/ugen*"
> >>
> >>as per the code that was in there for the coldsync.  When I press the
> >>sync button on the cradle, these devices show up:
> >>
> >>crw-rw-rw-  1 root  operator0, 181 Oct 17 13:45 /dev/ugen0
> >>crw-rw-rw-  1 root  operator0, 182 Oct 17 13:45 /dev/ugen0.1
> >>crw-rw-rw-  1 root  operator0, 183 Oct 17 13:45 /dev/ugen0.2
> >>
> >>And the following shows up in my dmesg:
> >>
> >>ugen0: Handspring Inc Handspring Visor, rev 1.00/1.00, addr 5
> >>ugen0: at uhub6 port 4 (addr 5) disconnected
> >>All threads purged from ugen0.2
> >>All threads purged from ugen0.1
> >>All threads purged from ugen0
> >>ugen0: detached
> >>
> >>But the pilot-link command fails immediately:
> >>
> >>$ pilot-xfer -p /dev/ugen0 -l
> >>   Unable to bind to port: /dev/ugen0
> >>   Please use --help for more information
> >>
> >>Any ideas? I've googled all over the place, but I only see similiar
> >>questions. And the FreeBSD.README on the pilot-link web site seems to
> >>be misleading at best.
> >

[snip]

> >I've had success syncing my Palm OS based phone (SPH-i500 FWIW) to my
> >laptop using jpilot with a USB connection.
> 
> Glad to hear someone has had success. What FreeBSD are you using? I'm
> using 6.1 (via PC-BSD 1.2).

6.0 for i386 IIRC.

[snip]

> -- 
> Jonathan Arnold (mailto:[EMAIL PROTECTED])
> Daemon Dancing in the Dark, a FreeBSD weblog:
> http://freebsd.amazingdev.com/blog/
> 
> UNIX is user-friendly. It's just a bit picky about who its friends are.

I was actually hunting for my cradle just last night to resync my phone.
If I can find it tonight, I'll post my procedure.

-Damian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

php5 port

[Nian]

Hello

I tryed to install your php5-5.1.6_2 recently. It works fine but when
I run php --version the version is 5.1.2?

matilda# php --version
PHP 5.1.2 (cli) (built: Mar 16 2006 03:15:52)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies


Thanks in advance!

/Nian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Small Redundant web/mail setup

[Martin Hepworth]

Have a look at how Cambridge University (UK) have setup their email.

Does alot of this sort of stuff and they've got lots of docs online as to
how they did it..

--
Martin

On 10/18/06, Ian Lord <[EMAIL PROTECTED]> wrote:


Hi,

I need to setup a high-availability setup for mail/web setup

I was thinking about the following setup:

4 servers total:

Data Servers:
 1 Server holding all the websites data and mail messages. It
would serve these files via nfs to the application servers.
 It would also run mysql

 A second server Also sharing it's content via nfs,
replicating it's data though rsync each ?? minutes. The mysql would
run as a slave of theprimary

Application Servers:
 Both servers would be running apache, php, sendmail and
posfix and would serve content from the share nfs drive.

1- Is this a viable solution, I mean by that, Is it Like this big ISP
are set up ?

2- Is there a better way to replicate data than RSYNC (without going
to san of expensive hardware) ? If not, is there a hotsync feature (I
mean by that as soon as server A modify something, server B knows and
replicate)?

I would appreciate if you could give me feedbacks, suggestions, or if
you see any problem that might happen with this kind of setup.

Thanks a lot


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "
[EMAIL PROTECTED]"


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: KDE Control Center

[Jonathan Chen]

On Wed, Oct 18, 2006 at 01:26:29PM -0400, Jonathan Arnold wrote:
> Rem P Roberti wrote:
> >When I bring up the Control Center in KDE the left column is now blank, 
> >and I have no options for changing preferences.  Anyone know what 
> >happened there?  Everything else seems to be functioning fine.
> 
> Same with me, only worse - my KDE menu in general  got messed up and lots
> of things got moved to the "Lost & Found" item!  I think it had to do with
> a kdelib upgrade or something.
> 
> But I'm still looking for a way to restore my menu and my control center.

If I recall correctly, it's to do with one of the files in
/usr/local/share/desktop-directories. Make sure they all start with
"kde-", or possibly copy the entries from a working system.

Hope this helps.
-- 
Jonathan Chen <[EMAIL PROTECTED]>
--
"If you wish your merit to be known, acknowledge that of other people"
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Samba 3.0.23c

[Timothy Radigan]

I've been fighting with recompiling Samba 3 for some time now.  I keep
getting undefined references to Kerberos libraries during build.  I am
trying to build it with ADS support and I have tried it with the base
version of Kerberos that comes with FreeBSD, as well as with the
security/krb5 port and I am unable to get it to compile.

Anyone have any ideas?

Here is the output from the build:

<- Start of Output ->

[EMAIL PROTECTED] make
===>  Building for samba-3.0.23c_2,1
Using FLAGS =  -O2 -fno-strict-aliasing -pipe -D_SAMBA_BUILD_
-I/usr/ports/net/samba3/work/samba-3.0.23c/source/iniparser/src -Iinclude
-I/usr/ports/net/samba3/work/samba-3.0.23c/source/include
-I/usr/ports/net/samba3/work/samba-3.0.23c/source/tdb  -I. -DHAVE_CONFIG_H
-I/usr/local/include -DLDAP_DEPRECATED
-I/usr/ports/net/samba3/work/samba-3.0.23c/source -D_SAMBA_BUILD_
  LIBS = -lcrypt -liconv
  LDSHFLAGS = -shared  -L/usr/local/lib
  LDFLAGS = -L/usr/local/lib
  PIE_CFLAGS = -fPIE
  PIE_LDFLAGS = -pie
Linking bin/smbd
libsmb/clikrb5.o(.text+0x1060): In function
`smb_krb5_get_keyinfo_from_ap_req':
: undefined reference to `krb5_decode_ap_req'
libsmb/clikrb5.o(.text+0x13d1): In function
`smb_krb5_principal_compare_any_realm':
: undefined reference to `krb5_principal_compare_any_realm'
libsmb/clikrb5.o(.text+0x179a): In function `smb_krb5_free_error':
: undefined reference to `krb5_free_error_contents'
libads/kerberos_keytab.o(.text+0x1cc): In function `smb_krb5_kt_add_entry':
: undefined reference to `krb5_kt_compare'
/usr/lib/libgssapi.so: undefined reference to `krb5_rd_cred2'
/usr/lib/libgssapi.so: undefined reference to `krb5_crypto_destroy'
/usr/lib/libgssapi.so: undefined reference to `krb5_ret_address'
/usr/lib/libgssapi.so: undefined reference to `krb5_ret_data'
/usr/lib/libgssapi.so: undefined reference to `krb5_ret_keyblock'
/usr/lib/libgssapi.so: undefined reference to
`krb5_auth_con_setremotesubkey'
/usr/lib/libgssapi.so: undefined reference to `krb5_data_free'
/usr/lib/libgssapi.so: undefined reference to `krb5_config_get_strings'
/usr/lib/libgssapi.so: undefined reference to `krb5_auth_con_setlocalsubkey'
/usr/lib/libgssapi.so: undefined reference to
`krb5_auth_con_generatelocalsubkey'
/usr/lib/libgssapi.so: undefined reference to `krb5_sockaddr2address'
/usr/lib/libgssapi.so: undefined reference to `krb5_cc_get_ops'
/usr/lib/libgssapi.so: undefined reference to `krb5_get_default_principal'
/usr/lib/libgssapi.so: undefined reference to `krb5_cc_copy_cache'
/usr/lib/libasn1.so: undefined reference to `init_error_table'
/usr/lib/libgssapi.so: undefined reference to `krb5_auth_con_setkey'
/usr/lib/libgssapi.so: undefined reference to `krb5_get_forwarded_creds'
/usr/lib/libgssapi.so: undefined reference to `krb5_get_err_text'
/usr/lib/libgssapi.so: undefined reference to `krb5_ret_int32'
/usr/lib/libgssapi.so: undefined reference to `krb5_h_addr2sockaddr'
/usr/lib/libgssapi.so: undefined reference to `krb5_build_authenticator'
/usr/lib/libgssapi.so: undefined reference to `krb5_build_ap_req'
/usr/lib/libgssapi.so: undefined reference to `krb5_auth_getremoteseqnumber'
/usr/lib/libgssapi.so: undefined reference to `krb5_data_zero'
/usr/lib/libgssapi.so: undefined reference to `krb5_storage_free'
/usr/lib/libgssapi.so: undefined reference to `krb5_config_free_strings'
/usr/lib/libgssapi.so: undefined reference to `krb5_create_checksum'
/usr/lib/libgssapi.so: undefined reference to `krb5_generate_random_block'
/usr/lib/libgssapi.so: undefined reference to `krb5_crypto_init'
/usr/lib/libgssapi.so: undefined reference to `krb5_enctype_to_keytype'
/usr/lib/libgssapi.so: undefined reference to `krb5_free_creds_contents'
/usr/lib/libgssapi.so: undefined reference to `krb5_storage_from_mem'
/usr/lib/libgssapi.so: undefined reference to `krb5_store_address'
/usr/lib/libgssapi.so: undefined reference to `krb5_decrypt_ivec'
/usr/lib/libasn1.so: undefined reference to `initialize_error_table_r'
/usr/lib/libgssapi.so: undefined reference to `krb5_store_int16'
/usr/lib/libgssapi.so: undefined reference to `krb5_ret_int16'
/usr/lib/libgssapi.so: undefined reference to `krb5_get_error_string'
/usr/lib/libgssapi.so: undefined reference to `krb5_principal_match'
/usr/lib/libgssapi.so: undefined reference to
`krb5_auth_con_setlocalseqnumber'
/usr/lib/libgssapi.so: undefined reference to `krb5_storage_to_data'
/usr/lib/libgssapi.so: undefined reference to `krb5_store_int32'
/usr/lib/libgssapi.so: undefined reference to `krb5_encrypt_ivec'
/usr/lib/libgssapi.so: undefined reference to `krb5_storage_emem'
/usr/lib/libgssapi.so: undefined reference to `krb5_store_data'
/usr/lib/libgssapi.so: undefined reference to
`krb5_auth_con_setremoteseqnumber'
/usr/lib/libgssapi.so: undefined reference to `krb5_principal_get_realm'
/usr/lib/libgssapi.so: undefined reference to `krb5_set_error_string'
/usr/lib/libgssapi.so: undefined reference to `krb5_make_principal'
/usr/lib/libgssapi.so: undefined reference to `krb5_s

ipfilter / ipnat & /usr/sbin/ppp ?

[Nathan Vidican]

using:


ppp -ddial -nat 

How does the "-nat" flag implement nat for PPPoE ? Using ipfw/natd, 
ipnat/ipfilter, and is it hard-coded or can it be optionally changed?

Can I use rules created for/through ipfilter/ipnat, or should I simply 
disable NAT translation on the ppp interface and enable it through ipnat on 
it's own? 

--
Nathan Vidican
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: kick off a post boot job

[Bill Moran]

In response to Robin Becker <[EMAIL PROTECTED]>:

> I have a number of servers which don't have console access, but I would like 
> to 
> have apache started automatically if the server is rebooted. However, it 
> seems 
> that if https is used then I need to type in a secret at boot time (on the 
> console).
> 
> Is there a way to start processes up automatically after the boot is finished?
> 
> I could imagine asking another, trusted, server to supply the magic string 
> using 
> scp or some other secure transport and then using the decoded result to start 
> up 
> apache.

You could just store your cert and key unencrypted.

There are other ways as well.  Apache supports plugins for this purpose,
but that question would be better answered on one of the Apache mailing
lists.

-- 
Bill Moran
Collaborative Fusion Inc.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: kick off a post boot job

[Chuck Swiger]

On Oct 18, 2006, at 10:10 AM, Robin Becker wrote:
I have a number of servers which don't have console access, but I  
would like to have apache started automatically if the server is  
rebooted. However, it seems that if https is used then I need to  
type in a secret at boot time (on the console).


Is there a way to start processes up automatically after the boot  
is finished?


Sure.  Cron or at will do so, for example.  But you're not going to  
truly resolve the actual problem of needing human input for a  
passphrase by having some other machine do something automatically.


I could imagine asking another, trusted, server to supply the magic  
string using scp or some other secure transport and then using the  
decoded result to start up apache.


The "magic string" is normally called the SSH private key, ~/.ssh/ 
id_rsa or ~/.ssh/id_dsa.  :-)


I suppose you could use SSH from some remote trusted server to do an  
"apachectl startssl" and then feed it the passphrase, but then you've  
ended up putting the passphrase in cleartext on the trusted host, and  
you need to permit the trusted host to login to the webserver without  
needing human intervention via SSH keypairs, so you're just moving  
the problem from one place to another.


If you've got 24-7 sysadmin availability, then keeping your x.509  
certs passphrase-protected might well make sense-- if a machine is  
rebooted, a sysadmin needs to login and start apache by hand.   
Otherwise, most people leave the x.509 certs unsecured with a  
passphrase so that the webserver can be setup to start itself upon a  
reboot without manual intervention.


--
-Chuck

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Gnome 2.16 and Xorg 7.x

[Michael Johnson]

On 10/18/06, Pavel Porubov <[EMAIL PROTECTED]> wrote:

Please add Gnome 2.16 and Xorg 7.x to the next FreeBSD 6.2. After about
a month there will be Gnome 2.18 and you want to to add to FreeBSD 6.2
just Gnome 2.14. Thanks.



Well.. just because you asked so nice we will put GNOME 2.16 in
FreeBSD 6.2.

Michael



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: KDE Control Center

[Jonathan Arnold]

Rem P Roberti wrote:
When I bring up the Control Center in KDE the left column is now blank, 
and I have no options for changing preferences.  Anyone know what 
happened there?  Everything else seems to be functioning fine.


Same with me, only worse - my KDE menu in general  got messed up and lots
of things got moved to the "Lost & Found" item!  I think it had to do with
a kdelib upgrade or something.

But I'm still looking for a way to restore my menu and my control center.

--
Jonathan Arnold (mailto:[EMAIL PROTECTED])
Daemon Dancing in the Dark, a FreeBSD weblog:
http://freebsd.amazingdev.com/blog/

UNIX is user-friendly. It's just a bit picky about who its friends are.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Gnome 2.16 and Xorg 7.x

[Pavel Porubov]

Please add Gnome 2.16 and Xorg 7.x to the next FreeBSD 6.2. After about
a month there will be Gnome 2.18 and you want to to add to FreeBSD 6.2
just Gnome 2.14. Thanks.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

kick off a post boot job

[Robin Becker]

I have a number of servers which don't have console access, but I would like to 
have apache started automatically if the server is rebooted. However, it seems 
that if https is used then I need to type in a secret at boot time (on the console).


Is there a way to start processes up automatically after the boot is finished?

I could imagine asking another, trusted, server to supply the magic string using 
scp or some other secure transport and then using the decoded result to start up 
apache.

--
Robin Becker
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ntpd not adjusting the clock?

[Chuck Swiger]

On Oct 17, 2006, at 10:51 PM, Matthew Seaman wrote:

This misconfiguration will also cause your ntpd to generate excessive
numbers of queries, rather than syncing up and reducing the NTP  
polling

interval from minpoll to maxpoll. [1]

Remove that line and restart ntpd.


That means that anyone can connect to your NTP daemon and poll it  
for time

service or use ntpdc to muck around with your configuration.


Setting up ntp.keys would let you control config changes via  
encryption and pre-shared secrets, if you care, or you can use ntp- 
genkeys to set up PKI using symmetric crypto.  Unless you publish  
your IP address, it is unlikely that random requests, or even random  
people using ntpdc to poke at your ntpd, are going to be a  
significant concern.


(Oh, if someone deliberately wants to mess with your network, leaving  
NTPd's security completely unconfigured isn't a good idea, but  
neither is it going to be a significant problem; once NTPd has  
sync'ed the clocks, it will only skew the system time gradually no  
matter what a malicious intruder might try to change.  The max skew  
permitted is less than one minute per day using -x or "tinker step 0".)



It's better to use at minimum:

restrict default nopeer nomodify
restrict localhost

(the 'restrict localhost' line actually removes all limitations on  
access

from localhost.  Ain't ntp.conf syntax wonderful.)

Ideally, you'ld be able to use 'restrict default ignore' then apply

   restrict 2.pl.pool.ntp.org nopeer nomodify
   server 2.pl.pool.ntp.org prefer

for each server you configure.  That works well if you specify  
individual
servers by name.  Unfortunately the way NTP pool mechanism works  
makes that

approach unworkable.


You could actually use the pool via the combination of restrict and  
server entries, as NTPd will try to resolve the hostname once and  
then apply the security restrictions specified to whatever IP comes  
back from the pool.


However, specifying "nopeer" against all hosts, including the servers  
you are trying to sync against, may not be a great idea.  NTPd is  
perfectly capable of figuring out the stratum of the timeservers as  
the communicate for itself, unless you fudge it or otherwise prevent  
it from doing so.  Unless you are running a stratum-1 timeserver and  
know for certain that your GPS or other external timereference is  
more reliable than any network peer might be, using nopeer prevents  
NTPd from gaining a sanity check from the other timeservers it talks  
with...


--
-Chuck

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Uucp mail coming in

[Dale Johnston]

Let's try this again. got the last message back after 5 days

I keep getting messages from spammers adddressed to [EMAIL PROTECTED]  Uucp
has been eliminated from my /etc/mail/aliases, why are these still coming
thru?  I've even try aliasing uucp to bit-bucket. they still come thru

Thanks
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Uucp mail coming in

[Dale Johnston]

I keep getting messages from spammers adddressed to [EMAIL PROTECTED]  Uucp
has been eliminated from my /etc/mail/aliases, why are these still coming
thru?  I've even tried aliasing uucp to bit-bucket. they still come thru

Thanks
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Broken partition table

[Kyrre Nygård]

Hello!

My partition table is messed up. I have a 150 gigabyte S-ATA hard drive, with a 
single NTFS partition running Windows XP. I've been running gpart /dev/ad0 for 
the last 14 hours now and it's not saying anything. I just want to get my data 
back. I don't care if I have to reinstall everything.

How it all came about is a long story. I ran a second hard disk drive, with 
FreeBSD, and GRUB so it could do my dual booting. But I needed the space, so I 
formatted it to NTFS from Windows XP. That's it really, after that, it wouldn't 
boot. Couldn't load NTLDR.

That's when I tried a lot of different things. boot0cfg, fixmbr and fixboot. I 
even managed changing its system ID type to FAT using fdisk -- I wasn't 
thinking clearly -- I was in deep shock. I have also tried gpart from Knoppix, 
but all its guesses came out as zero. I've also tried running gpart from 
Insert, another Linux distribution, but it totally freaked out about some I/O 
stuff. Linux uses SCSI drivers for S-ATA though. 

Is my only choice now to keep running gpart, even if it will run forever?

All suggestions welcome, please!

Best regards,
Kyrre


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing with external interface doesn't work after a while

[Erik Norgaard]

Martin Turgeon wrote:

The NAT rules are already written that way:

nat on $wan_if tag LAN_WAN_NAT tagged LAN_WAN -> ($wan_if)
nat on $wan_if tag WLS_WAN_NAT tagged WLS_WAN -> ($wan_if)
nat on $wan_if tag AP_WAN_NAT tagged AP_WAN -> ($wan_if)
nat on $wan_if tag VPN_WAN_NAT tagged VPN_WAN -> ($wan_if)


How are your tags created? If somewhere in the nat/tag/filtering process 
 you've missed the dynamic update of the external ip it may fail there...


Cheers, Erik
--
Ph: +34.666334818  web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing with external interface doesn't work after a while

[Erik Norgaard]

Martin Turgeon wrote:


I've been reading the mailing list for a while, but it's my first post. I'm
not sure what is causing the problem so I'm posting to multiple lists. I'm
running FreeBSD 6.1 on a Celeron 2.8GHz with 512Mo of RAM. It looks likes
after a while (a couple of weeks) the routing isn't working anymore, but
only with the external interface (the one connected to my cable modem from
Videotron in Montreal). The box is acting as the gateway of the network with
PF, OpenVPN 2.0.5-1 and ISC-DHCPd 3.0.3-1 running. The problem also occurred
on FreeBSD 6.0 on another box.


OK, this can take a long time to solve if the problem reoccurs after 
some weeks - can you reproduce at a faster rate?



The routing table looks ok.

The external interface is still receiving ARP requests but nothing is going
out from my internal network.


OK, so your internal network can't get out. But can you get out from the 
gateway? I mean, try login to the gateway and ping the default gateway. 
Do you get replies? do you see packets going out when sniffing?



Here's what I tried with no result:

I tried to flush the states with pfctl -Fs
I tried to reload the NAT with pfctl -N

The solution was to renew the address of the external interface with
dhclient fxp0.

I looked back at the routing table after the dhclient fxp0 and nothing
changed except the address of the default gateway because my IP address
changed of subnetwork.


While the gateway is working take dump output of ifconfig and "route get 
default" into a file. When it stops working do it again. Repeat after 
you have restored the connection.


Did any thing change from it worked till it stopped working?

Cheers, Erik
--
Ph: +34.666334818  web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: can burn cd's, can't read once burnt

[Paul Schmehl]

--On Thursday, October 19, 2006 00:17:33 +1000 Timothy Smith 
<[EMAIL PROTECTED]> wrote:



i have an odd issue with 6.0 that i've been trying to solve for ages and
nobody seems to know how to answer.

1. i can mount any cd's or dvd's THAT I DIDN'T BURN. makes no difference
what media is used.

2. i burn a dvd like so

growisofs -dvd-compat -Z /dev/cd0=bailes.iso


Are you sure this shouldn't be
growisofs -dvd-compat -Z /dev/acd0=bailes.iso ?

Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Newbie: PCI modem grief

[giannidoe]

I've got 3 MultiTech PCI modems (MT5634ZPX-PCI) which are detected  
correctly at boot, I can issue commands and query them with minicom  
however any attempt at dialling results in NO DIALTONE even though  
the line is working. I think it's something to do with shared  
interrupts as if I take out 2 modems and place the remaining one in a  
certain PCI slot it works fine.


dmesg reports similar message for each:
sio0: configured irq 19 not in bitmap of probed irqs 0
sio0: port may not be enabled
(full text below)

I have searched around and seems that disabling PnP OS in the BIOS  
may help, trouble is my Dell PowerEdge 400SC has no option for  
turning off PnP OS.


I'd really appreciate some suggestions.
Thanks
Gianni




Copyright (c) 1992-2006 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights  
reserved.

FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 6.2-PRERELEASE #2: Mon Oct 16 06:47:01 CEST 2006
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/APOC
ACPI APIC Table: 
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Celeron(R) CPU 2.40GHz (2394.02-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0xf29  Stepping = 9
   
Features=0xbfebfbff,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>

  Features2=0x4400>
real memory  = 133644288 (127 MB)
avail memory = 121196544 (115 MB)
ioapic0: Changing APIC ID to 1
ioapic0  irqs 0-23 on motherboard
kbd1 at kbdmux0
acpi0:  on motherboard
acpi0: Power Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
cpu0:  on acpi0
acpi_button0:  on acpi0
pcib0:  port 0xcf8-0xcff on acpi0
pci0:  on pcib0
agp0:  mem 0xf000-0xf7ff at  
device 0.0 on pci0

pcib1:  at device 1.0 on pci0
pci1:  on pcib1
pci0:  at device 29.0 (no driver attached)
pci0:  at device 29.1 (no driver attached)
pci0:  at device 29.2 (no driver attached)
pci0:  at device 29.3 (no driver attached)
pci0:  at device 29.7 (no driver attached)
pcib2:  at device 30.0 on pci0
pci2:  on pcib2
pci2:  at device 0.0 (no driver attached)
sio0: configured irq 22 not in bitmap of probed irqs 0
sio0: port may not be enabled
sio0:  port 0xd800-0xd8ff, 
0xd900-0xd9ff,0xd5a8-0xd5af mem 0xfe9ded00-0xfe9dedff irq 22 at  
device 1.0 on pci2

sio0: moving to sio4
sio4: type 16550A
sio0: configured irq 17 not in bitmap of probed irqs 0
sio0: port may not be enabled
can't re-use a leaf (%desc)!
can't re-use a leaf (%driver)!
can't re-use a leaf (%location)!
can't re-use a leaf (%pnpinfo)!
can't re-use a leaf (%parent)!
sio0:  port 0xda00-0xdaff, 
0xdc00-0xdcff,0xd5b0-0xd5b7 mem 0xfe9dee00-0xfe9deeff irq 17 at  
device 2.0 on pci2

sio0: moving to sio5
sio5: type 16550A
sio0: configured irq 19 not in bitmap of probed irqs 0
sio0: port may not be enabled
can't re-use a leaf (%desc)!
can't re-use a leaf (%driver)!
can't re-use a leaf (%location)!
can't re-use a leaf (%pnpinfo)!
can't re-use a leaf (%parent)!
sio0:  port 0xdd00-0xddff, 
0xde00-0xdeff,0xd5b8-0xd5bf mem 0xfe9def00-0xfe9defff irq 19 at  
device 3.0 on pci2

sio0: moving to sio6
sio6: type 16550A
em0:  port  
0xd5c0-0xd5ff mem 0xfe9e-0xfe9f irq 18 at device 12.0 on pci2

em0: Ethernet address: 00:0c:f1:9d:5b:fa
em0: [FAST]
isab0:  at device 31.0 on pci0
isa0:  on isab0
atapci0:  port  
0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf mem  
0xfebffc00-0xfebf irq 18 at device 31.1 on p

ci0
ata0:  on atapci0
ata1:  on atapci0
atapci1:  port  
0xfe00-0xfe07,0xfe10-0xfe13,0xfe20-0xfe27,0xfe30-0xfe33,0xfea0-0xfeaf  
irq 18 at device 31.2 on pci0

ata2:  on atapci1
ata3:  on atapci1
pci0:  at device 31.3 (no driver attached)
pci0:  at device 31.5 (no driver attached)
fdc0:  port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on  
acpi0

fdc0: [FAST]
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
atkbdc0:  port 0x60,0x64 irq 1 on acpi0
atkbd0:  irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
psm0:  irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: model Generic PS/2 mouse, device ID 0
can't re-use a leaf (%desc)!
can't re-use a leaf (%driver)!
can't re-use a leaf (%location)!
can't re-use a leaf (%pnpinfo)!
can't re-use a leaf (%parent)!
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10  
on acpi0

sio0: type 16550A
sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0
sio1: type 16550A
ppc0:  port 0x378-0x37f,0x778-0x77f irq 7  
on acpi0

ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
ppc0: FIFO with 16/16/8 bytes threshold
ppbus0:  on ppc0
plip0:  on ppbus0
lpt0:  on ppbus0
lpt0: Interrupt-driven port
ppi0:  on ppbus0
pmtimer0 on isa0
orm0:  at iomem 0xc-0xc7fff,0xc8000-0xc97ff, 
0xc9800-0xd5fff,0xd6000-0xd7fff on isa0

sc0:  at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0:  at port 0x3c0-0x3df iomem 0xa-0xb on  
isa0

Timecounter "TSC" freque

Re: Small Redundant web/mail setup

[Robert Joosten]

Hi,

> 1- Is this a viable solution, I mean by that, Is it Like this big ISP 
> are set up ?

Not quite likely, but it's possible ofcourse.

> 2- Is there a better way to replicate data than RSYNC (without going 
> to san of expensive hardware) ? If not, is there a hotsync feature (I 
> mean by that as soon as server A modify something, server B knows and 
> replicate)?

IMO there's no better solution than rsync, besides somewhat more hardware 
/ not that I'm aware of no.

You could also build one fileserver able to serve nfs, store mail in 
maildir format and put 2 boxes online running mail/http daemons. Return 
one server get loadbalancer instead and put that online. That would be 
more my idea of having high-availability. Ofcourse you could also put a 
layer 3 switch in front of it instead of a loadballancer. Make sure the 
hardware of the fileserver is at least able to do raid 1 and has a 
dual powersupply. That will help the keep the thing up.

Hth,
Robert
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Installing and upgrading ports

[Robert Huff]

Jonathan Arnold writes:

>  So there are three competing technologies - portupgrade,
>  portmaster, and portmanage. And I'm not even sure what any of
>  them offer over the simple 'make install clean' method.

Simple make/make install will take care of upstream
dependencies; portupgrade (and probably the others) will also take
care of downstream ports.
This is particaularly useful in cases like the recent bump of
GNOME components.


Robert Huff
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Routing with external interface doesn't work after a while

[Martin Turgeon]

The NAT rules are already written that way:

nat on $wan_if tag LAN_WAN_NAT tagged LAN_WAN -> ($wan_if)
nat on $wan_if tag WLS_WAN_NAT tagged WLS_WAN -> ($wan_if)
nat on $wan_if tag AP_WAN_NAT tagged AP_WAN -> ($wan_if)
nat on $wan_if tag VPN_WAN_NAT tagged VPN_WAN -> ($wan_if)

Thanks anyway

Martin

-Message d'origine-
De : Erik Norgaard [mailto:[EMAIL PROTECTED] 
Envoyé : 18 octobre 2006 10:30
À : Martin Turgeon
Cc : freebsd-pf@freebsd.org; [EMAIL PROTECTED];
freebsd-questions@freebsd.org
Objet : Re: Routing with external interface doesn't work after a while

Martin Turgeon wrote:

> I've been reading the mailing list for a while, but it's my first post.
I'm
> not sure what is causing the problem so I'm posting to multiple lists. I'm
> running FreeBSD 6.1 on a Celeron 2.8GHz with 512Mo of RAM. It looks likes
> after a while (a couple of weeks) the routing isn't working anymore, but
> only with the external interface (the one connected to my cable modem from
> Videotron in Montreal). The box is acting as the gateway of the network
with
> PF, OpenVPN 2.0.5-1 and ISC-DHCPd 3.0.3-1 running. The problem also
occurred
> on FreeBSD 6.0 on another box.

Is your external ip configured with dhcp? I would guess this is because 
your ip on the external interface changes. Your NAT rules will still go 
to the old ip and hence nowhere. If reloading your pf ruleset solves the 
problem, then this is a strong indication.

There is some trick to handle that, IIRC something like this would do:

ext_if=fxp0 # external interface
nat on $ext_if from   to ! -> ($ext_if)

The () means that pf will lookup the ip on that interface, and update 
dynamically when the ip changes.

Well, that's how I remember it, I couldn't find where I've seen it, but 
there is a trick like this.

Cheers, Erik
-- 
Ph: +34.666334818  web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ipfw vs. ipf on a freebsd router

[Giorgos Keramidas]

On 2006-10-18 15:10, John Levine <[EMAIL PROTECTED]> wrote:
> I'm putting together a freebsd router to sit between my LAN and a T1.
> The current router (still running BSD/OS) uses BSDI's ipfw, but that
> died when BSDI did.  It's about as simple a routing job as one could
> ask, a T1 with a static address to a LAN with a static /24.
> 
> I have a whole bunch of packet filtering rules on the current router
> to keep out nasty stuff based partly on port numbers but also a couple
> of hundred IP ranges from the SBL and elsewhere.  I have enough IP
> addresses that I do not need to NAT.
> 
> What are the relative merits of freebsd's ipf and ipfw?  It looks like
> either can do the filtering I need to do.  Any reason to choose one
> over the other?

For what it's worth, IPFW is also available on FreeBSD.

I don't know how different the BSDi version of IPFW was, but it may be
easier to use FreeBSD's IPFW -- at least at first.

If reducing the pain of a transition from BSD/OS to FreeBSD is a worthy
goal, I would recommend IPFW :)

> While I'm at it, should I turn on netgraph or just use the regular
> network stuff?

Not necessarily.  Do you really need it?

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing with external interface doesn't work after a while

[Joe]

Erik Norgaard wrote:

There is some trick to handle that, IIRC something like this would do:

ext_if=fxp0 # external interface
nat on $ext_if from   to ! -> ($ext_if)

The () means that pf will lookup the ip on that interface, and update 
dynamically when the ip changes.



That is correct.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: LDAP home directories

[Atom Powers]

On 10/18/06, Erik Norgaard <[EMAIL PROTECTED]> wrote:

Chandler, Jay wrote:
> Does anyone have a way to do home directory mapping through LDAP?  We've
> got user directories mounted via NFS to /usr/users and would like to be
> able to type in "cd ~ted" and go to Ted's home directory, perhaps in
> /usr/users/students/ted.

nss_ldap allows you to map an LDAP parameter to a system parameter.
There is nss_ldap in ports, but also this summer's Summer Of Code a
project was aimed at creating a FreeBSD native nss_ldap.

pam_ldap is needed if you want to use ldap for authentication.



Expanding on what Erik said, pam_ldap and nss_ldap will use the
posixAccount schema, or the attributes your define in your ldap.conf.

So if you already have a way to generate a list of user->home
directory mappings you can import that into your OpenLDAP directory
as, probably, the homeDirectory attribute.

There are plenty of how-to docos out there, take a look. The hardest
part is setting up the directory and improting your data, after that
it tends to "just work".

--
--
Perfection is just a word I use occasionally with mustard.
--Atom Powers--
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ipfw vs. ipf on a freebsd router

[Joe]

John Levine wrote:

I'm putting together a freebsd router to sit between my LAN and a T1.
The current router (still running BSD/OS) uses BSDI's ipfw, but that
died when BSDI did.  It's about as simple a routing job as one could
ask, a T1 with a static address to a LAN with a static /24.

I have a whole bunch of packet filtering rules on the current router
to keep out nasty stuff based partly on port numbers but also a couple
of hundred IP ranges from the SBL and elsewhere.  I have enough IP
addresses that I do not need to NAT.

What are the relative merits of freebsd's ipf and ipfw?  It looks like
either can do the filtering I need to do.  Any reason to choose one
over the other?


Take a look at PF. It was developed by OpenBSD and ported to FreeBSD.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

ipfw vs. ipf on a freebsd router

[John Levine]

I'm putting together a freebsd router to sit between my LAN and a T1.
The current router (still running BSD/OS) uses BSDI's ipfw, but that
died when BSDI did.  It's about as simple a routing job as one could
ask, a T1 with a static address to a LAN with a static /24.

I have a whole bunch of packet filtering rules on the current router
to keep out nasty stuff based partly on port numbers but also a couple
of hundred IP ranges from the SBL and elsewhere.  I have enough IP
addresses that I do not need to NAT.

What are the relative merits of freebsd's ipf and ipfw?  It looks like
either can do the filtering I need to do.  Any reason to choose one
over the other?

While I'm at it, should I turn on netgraph or just use the regular
network stuff?

R's,
John




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Small Redundant web/mail setup

[Andrea Venturoli]

Ian Lord wrote:

Hi,

I need to setup a high-availability setup for mail/web setup
...
1 Server holding all the websites data and mail messages. It 
would serve these files via nfs to the application servers.

It would also run mysql

A second server Also sharing it's content via nfs, replicating 
it's data though rsync each ?? minutes. The mysql would run as a slave 
of theprimary


Application Servers:
Both servers would be running apache, php, sendmail and posfix 
and would serve content from the share nfs drive.


1- Is this a viable solution, I mean by that, Is it Like this big ISP 
are set up ?


I don't know any of the answers for sure, but I'd bet they are both 'no'.



2- Is there a better way to replicate data than RSYNC (without going to 
san of expensive hardware) ? If not, is there a hotsync feature (I mean 
by that as soon as server A modify something, server B knows and 
replicate)?


I guess so.
First of all, I don't really understand the need to have four server, 
unless there is some point which you didn't tell us.
Apart from that, I guess it would be a lot better to try and sync at the 
application level.
MySQL should support this and I bet you can find something alike on the 
 IMAP side (cyrus has that support, but I don't know how stable that is).
That leaves you with file system replication only for web sites, but 
that should be ok as long as it's mostly read-only data.


 bye
av.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Your message to testbed awaits moderator approval

[testbed-bounces]

Your mail to 'testbed' with the subject

Qln

Is being held until the list moderator can review it for approval.

The reason it is being held:

Post by non-member to a members-only list

Either the message will get posted to the list, or you will receive
notification of the moderator's decision.  If you would like to cancel
this posting, please visit the following URL:


http://www.wwtld.org/ml/confirm/testbed/217b637477336cce622bd3b80e40c874b2677dba

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: selective NAT/gateway

[Ivan Levchenko]

I did the exact same thing using pf on freebsd:

I added all the allowed ip addresses to a table 
then in the nat rule:
nat on $ext_if from  to any -> $ext_if

(you can put the last $ext_if in parentheses if you use dchp for your
external address)

On 10/18/06, Nathan Vidican <[EMAIL PROTECTED]> wrote:

Got a bit of an interesting question, wondering how others out there might
have dealt with this:

we have a single machine acting as router/firewall/nat gateway via DSL. It
routes a small (/29) subnet of static IP's to our servers, and routes
between internal (non-public) subnets. Internet traffic is then routed via
NAT translation over the PPPoE link. We then use a proxy server to cache
most of our web traffic. Works well, and has been for several years now but,
we need to be able to deny traffic through the NAT gateway based on IP
addresses or ranges. Given the following example:


Internet -> DSL+Subnet -> FreeBSD router + NAT/PPPoE ->
192.168.0.1 + 192.168.1.1 + 192.168.2.1 + 192.168.3.1
(each of these private subnets is a physically different network, connected
via an independant ethernet interface - multiport intel 'fxp' cards)


Internal machines -> 192.168.0.100 - 192.168.0.200
Select Internal machines -> 192.168.0.10 - 192.168.0.50

Want to allow 192.168.0.10 through 192.168.0.50 full use of the gateway
(enabling internet access via NAT), but deny machines in the 192.168.0.100 -
192.168.0.200 range from using NAT - yet still allow them to use 'regular'
routes, (given the example below, want to allow 192.168.0.X to connect
to/from 192.168.3.X for instance).

So the long-question shortened, is how do I deny NAT traffic for specific IP
addresses, without blocking those addresses from routing through 'normal'
routes to other subnets. Essentially, I need an IPFW rule to block traffic
from 192.168.0.X through via NAT, or don't I ?

Any ideas/comments/suggestions greatly appreciated, (note the above is an
example, not actual addresses).


--
Nathan Vidican
[EMAIL PROTECTED]

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"




--
Best Regards,

Ivan Levchenko
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Installing and upgrading ports

[Jonathan Arnold]

Eric wrote:
i find portmaster > all. give it a whirl. No dependencies, its actively 
maintained, etc.


Oh, yeah, I'd forgotten about that one.  So there are three competing
technologies - portupgrade, portmaster, and portmanage. And I'm not
even sure what any of them offer over the simple 'make install clean'
method. Doesn't the make method also take care of dependencies? All of
them have a raft of options, most of which make me dizzy:-)  I've been
using portmanage, but only because the syntax is real easy.

--
Jonathan Arnold (mailto:[EMAIL PROTECTED])
Daemon Dancing in the Dark, a FreeBSD weblog:
http://freebsd.amazingdev.com/blog/

UNIX is user-friendly. It's just a bit picky about who its friends are.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: PCI wireless adapter card

[Bob M.]

On Wed, 2006-10-18 at 01:28 -0600, Tyler Thompson wrote:
> i need a driver for a Wireless-G PCI adapter card with SpeedBooster,  
> the model number is WMP54GS. and instructions on installing the  
> driver.  I am new to BSD.  I am running Desktop BSD 1.0 AMD 64. 

There isn't a native FreeBSD driver, so you'll have to convert the
windows driver using ndisgen.  It's an interactive script that walks you
through the process, pretty straightforward.

Check the handbook:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/config-network-setup.html

see the man page as well: man ndisgen

You'll need the .inf and .sys files from wmp54gs.   

Bob


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: pfstat error

[Fabian Keil]

Stas Khromoy <[EMAIL PROTECTED]> wrote:

> after upgrading to FreeBSD 6.1
> pfstat runs with the following error
> 
> pfstat: ioctl(DIOCGETSTATUS): Operation not supported by device

Did you _not_ use the port?

You will get the error message you quoted on FreeBSD,
if you don't apply /usr/ports/sysutils/pfstat/files/patch-pf.c.

Fabian
-- 
http://www.fabiankeil.de/


signature.asc
Description: PGP signature

Re: File system full

[Giorgos Keramidas]

On 2006-10-18 14:34, Matthew Seaman <[EMAIL PROTECTED]> wrote:
> Giorgos Keramidas wrote:
> > The file `alias.log' is not rotated by `newsyslog.conf', so maybe we
> > should add it there?  Then we can let `newsyslog' signal `natd' by:
> >
> > %%%
> > diff -r 4474abb9619a etc/newsyslog.conf
> > --- a/etc/newsyslog.confFri Oct 13 17:34:54 2006 +0300
> > +++ b/etc/newsyslog.confWed Oct 18 15:54:52 2006 +0300
> > @@ -18,6 +18,7 @@
> >  #
> >  # logfilename  [owner:group]mode count size when  flags 
> > [/pid_file] [sig_num]
> >  /var/log/all.log   600  7 *@T00  J
> > +/var/log/alias.log 600  7 100  * JC
> > /var/run/natd.pid
> >  /var/log/amd.log   644  7 100  * J
> >  /var/log/auth.log  600  7 100  * JC
> >  /var/log/console.log   600  5 100  * J
> > %%%
> >
> > Can you please add this line to your newsyslog.conf file and let it run
> > for a while to see if it prevents the `alias.log' file of `natd' to fill
> > your /var/log filesystem?
> >
> > I don't use `natd', so I can't test this myself for a long enough
> > period.
>
> natd doesn't do the close and re-open all filehandles thing on receipt
> of SIGHUP which pretty much makes it unsuitable for use with newsyslog.
> (SIGHUP is caught by natd, but the only thing it does is cause natd to
> update its idea of what the IP address is on the nat'ed interface.)
>
> There doesn't seem to be any signal that you can send natd with the
> usual 'reread all config files and re-open all file descriptors'
> effect that most daemons understand.

That's probably a bug, then, I guess.  The fact that natd can keep a
file open for an arbitrary amount of time and keep appending to it,
until either natd dies or the file fills up an entire partition is not
really a good idea :(

I'll open a PR for this, and see if the people more knowledgeable with
natd's internals can help with the SIGHUP-triggered actions of natd.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Routing with external interface doesn't work after a while

[Erik Norgaard]

Martin Turgeon wrote:


I've been reading the mailing list for a while, but it's my first post. I'm
not sure what is causing the problem so I'm posting to multiple lists. I'm
running FreeBSD 6.1 on a Celeron 2.8GHz with 512Mo of RAM. It looks likes
after a while (a couple of weeks) the routing isn't working anymore, but
only with the external interface (the one connected to my cable modem from
Videotron in Montreal). The box is acting as the gateway of the network with
PF, OpenVPN 2.0.5-1 and ISC-DHCPd 3.0.3-1 running. The problem also occurred
on FreeBSD 6.0 on another box.


Is your external ip configured with dhcp? I would guess this is because 
your ip on the external interface changes. Your NAT rules will still go 
to the old ip and hence nowhere. If reloading your pf ruleset solves the 
problem, then this is a strong indication.


There is some trick to handle that, IIRC something like this would do:

ext_if=fxp0 # external interface
nat on $ext_if from   to ! -> ($ext_if)

The () means that pf will lookup the ip on that interface, and update 
dynamically when the ip changes.


Well, that's how I remember it, I couldn't find where I've seen it, but 
there is a trick like this.


Cheers, Erik
--
Ph: +34.666334818  web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

pfstat error

[Stas Khromoy]

hey folks

after upgrading to FreeBSD 6.1
pfstat runs with the following error

pfstat: ioctl(DIOCGETSTATUS): Operation not supported by device


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

selective NAT/gateway

[Nathan Vidican]

Got a bit of an interesting question, wondering how others out there might 
have dealt with this:

we have a single machine acting as router/firewall/nat gateway via DSL. It 
routes a small (/29) subnet of static IP's to our servers, and routes 
between internal (non-public) subnets. Internet traffic is then routed via 
NAT translation over the PPPoE link. We then use a proxy server to cache 
most of our web traffic. Works well, and has been for several years now but, 
we need to be able to deny traffic through the NAT gateway based on IP 
addresses or ranges. Given the following example:


Internet -> DSL+Subnet -> FreeBSD router + NAT/PPPoE -> 
192.168.0.1 + 192.168.1.1 + 192.168.2.1 + 192.168.3.1
(each of these private subnets is a physically different network, connected 
via an independant ethernet interface - multiport intel 'fxp' cards)


Internal machines -> 192.168.0.100 - 192.168.0.200
Select Internal machines -> 192.168.0.10 - 192.168.0.50

Want to allow 192.168.0.10 through 192.168.0.50 full use of the gateway 
(enabling internet access via NAT), but deny machines in the 192.168.0.100 - 
192.168.0.200 range from using NAT - yet still allow them to use 'regular' 
routes, (given the example below, want to allow 192.168.0.X to connect 
to/from 192.168.3.X for instance).

So the long-question shortened, is how do I deny NAT traffic for specific IP 
addresses, without blocking those addresses from routing through 'normal' 
routes to other subnets. Essentially, I need an IPFW rule to block traffic 
from 192.168.0.X through via NAT, or don't I ?

Any ideas/comments/suggestions greatly appreciated, (note the above is an 
example, not actual addresses).


--
Nathan Vidican
[EMAIL PROTECTED]

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

ACL: Default and other problems

[Nico -telmich- Schottelius]

Hello!

I experiemented with the ACls under fbsd 5.3 and got some problems
with how freebsd calculates the permissions. I followed the
instructions on [0].

My aim is to install default ACLs, so a group of users
(with possible broken umask) can work together on git-repositories.

The idea is that the default ACL will provide ACL-based rwx access
for the group 'git' (minus real permissions / mask makes rw or rwx
for files, rwx for directories).

I've mostly problems with default ACLs and the new permissions.

I put two test-scripts to [1], plus their output (*.output) and
the questions I've to the results (*.question) on a website.

Any pointers on what I did wrong or in depth FreeBSD-ACL documentation
are appreciated.

Sincerly

Nico


[0]: http://ezine.daemonnews.org/200310/acl.html
[1]: http://home.schottelius.org/~nico/freebsd/acl/


signature.asc
Description: Digital signature

can burn cd's, can't read once burnt

[Timothy Smith]

i have an odd issue with 6.0 that i've been trying to solve for ages and 
nobody seems to know how to answer.


1. i can mount any cd's or dvd's THAT I DIDN'T BURN. makes no difference 
what media is used.


2. i burn a dvd like so

growisofs -dvd-compat -Z /dev/cd0=bailes.iso

outputs some info like this...

1608941568/1616412672 (99.5%) @3.9x, remaining 0:03 RBU 22.3%
builtin_dd: 789264*2KB out @ average 1.4x1385KBps
/dev/pass0: flushing cache
:-[ SYNCHRONOUS FLUSH CACHE failed with SK=3h/ASC=A0h/ACQ=80h]: 
Input/output error


and i find i have a dvd i can't mount on my machine, but under say 
windows i CAN mount it. the same thing applies to cdr's, although i 
don't get any error messages.


so i know my drive works, but it appears freebsd does not. as you can 
see by my dmesg below i have  cam loaded and working, i've also tried 
turning off dma in loader.conf with no success.


acd0: DVDR  at ata1-master PIO4
ad10: 190782MB  at ata5-master PIO4
Trying to mount root from ufs:/dev/ad10s1a
cd0 at ata1 bus 0 target 0 lun 0
cd0:  Removable CD-ROM SCSI-0 device
cd0: 16.000MB/s transfers
cd0: Attempt to query device size failed: NOT READY, Medium not present
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: File system full

[Robert Huff]

Matthew Seaman writes:

>  There doesn't seem to be any signal that you can send natd with the
>  usual 'reread all config files and re-open all file descriptors'
>  effect that most daemons understand.

The next obvious questions are "would that be desirable
behavior?" and "how hard would it be to implement?".


Robert Huff
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Small Redundant web/mail setup

[Svein Halvor Halvorsen]

Ian Lord wrote:
> 2- Is there a better way to replicate data than RSYNC (without going to
> san of expensive hardware) ? If not, is there a hotsync feature (I mean
> by that as soon as server A modify something, server B knows and
> replicate)?

I've never tried the following setup myself, but you should look into
the possibility of using geom ggated/ggatec and gmirror in combination.
Basically ggated/ggatec will export the raw block device over the net,
so that another computer may use it in a geom stack.

You
could have the second computer export it's disk device, and let the
first one use it in a mirror (raid) setup. Since ggated on the the
second computer would claim the device, I think you could only mount it
read-only, but it would be synced live, I think.

Note that I don't know these tools from experience, only from what I've
picked up here and there. You would have to read up the specifics yourself.


Svein Halvor



signature.asc
Description: OpenPGP digital signature

Routing with external interface doesn't work after a while

[Martin Turgeon]

Hi everyone,

 

I've been reading the mailing list for a while, but it's my first post. I'm
not sure what is causing the problem so I'm posting to multiple lists. I'm
running FreeBSD 6.1 on a Celeron 2.8GHz with 512Mo of RAM. It looks likes
after a while (a couple of weeks) the routing isn't working anymore, but
only with the external interface (the one connected to my cable modem from
Videotron in Montreal). The box is acting as the gateway of the network with
PF, OpenVPN 2.0.5-1 and ISC-DHCPd 3.0.3-1 running. The problem also occurred
on FreeBSD 6.0 on another box.

 

The routing table looks ok.

The external interface is still receiving ARP requests but nothing is going
out from my internal network.

When I run tcpdump on my internal interface I can see the request to the DNS
server of my ISP but running tcpdump on the external interface isn't showing
anything related to that. It's like if the packet disappeared.

Tcpdump on pflog0 isn't showing any good traffic that is being blocked

 

Here's what I tried with no result:

 

I tried to flush the states with pfctl -Fs

I tried to reload the NAT with pfctl -N

 

The solution was to renew the address of the external interface with
dhclient fxp0.

 

I looked back at the routing table after the dhclient fxp0 and nothing
changed except the address of the default gateway because my IP address
changed of subnetwork.

 

I don't think it's related to the ISP because I'm not seeing any packet
going out of the external interface.

 

Here is a little more detail about the box:

 

Uname -a:

FreeBSD gateway.bureau.own 6.1-RELEASE-p5 FreeBSD 6.1-RELEASE-p5 #2: Fri Sep
15 14:59:44 EDT 2006
[EMAIL PROTECTED]:/usr/src/sys/i386/compile/OPTIK  i386

 

The external interface is a Intel 10/100 onboard an Asus motherboard with
fxp driver

 

Thanks for your help

 

Martin

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: File system full

[Matthew Seaman]

Giorgos Keramidas wrote:
> On 2006-10-18 07:13, Paul Murphy <[EMAIL PROTECTED]> wrote:
>> Giorgos Keramidas wrote:
>>> On 2006-10-18 07:53, "Office of CEO- rithy4u.NET" <[EMAIL PROTECTED]> wrote:
 Dear All,
 My firewall server was running out of space on / partition I
 have try to reboot/fsck and delete all unneccessary files
 inside / but I still get 12 MB of free space with total 495 MB
 worth of that partition. Any ideas?
>>> First of all, try to track down where all the space has gone, by
>>> using `df' and `du' with the -x option.  For example, you can get
>>> a good idea of which places in your root filesystem are the top-10
>>> users of space with:
>>>
>>> # cd /
>>> # du -xm . | sort -nr | head -10
>>>
>>> If this doesn't show up a lot of stuff, then there's probably a
>>> rogue process which has opened a file and then removed it, so
>>> it's not directly visible by traversing the tree with `du', but
>>> you can still look for it with:
>>>
>>> # fstat -f / | sort -k +8
>>>
>>> After you get this sort of information, we can make more informed
>>> suggestions about the best way to move forward :)
>> I have been trying to track down a similar problem! Using the above
>> method I think I have found 'natd' to be the culprit. Should 'natd'
>> receive a signal when 'alias.log' rolls over? Restarting 'natd' seems
>> to have releases some megabytes.
> 
> Nice catch, Paul!
> 
> The `alias.log' file is supposed to be in `/var/log', but I guess if you
> use a single root filesystem for everything, this can end up filling the
> root filesystem.
> 
> The file `alias.log' is not rotated by `newsyslog.conf', so maybe we
> should add it there?  Then we can let `newsyslog' signal `natd' by:
> 
> %%%
> diff -r 4474abb9619a etc/newsyslog.conf
> --- a/etc/newsyslog.conf  Fri Oct 13 17:34:54 2006 +0300
> +++ b/etc/newsyslog.conf  Wed Oct 18 15:54:52 2006 +0300
> @@ -18,6 +18,7 @@
>  #
>  # logfilename  [owner:group]mode count size when  flags 
> [/pid_file] [sig_num]
>  /var/log/all.log 600  7 *@T00  J
> +/var/log/alias.log   600  7 100  * JC
> /var/run/natd.pid
>  /var/log/amd.log 644  7 100  * J
>  /var/log/auth.log600  7 100  * JC
>  /var/log/console.log 600  5 100  * J
> %%%
> 
> Can you please add this line to your newsyslog.conf file and let it run
> for a while to see if it prevents the `alias.log' file of `natd' to fill
> your /var/log filesystem?
> 
> I don't use `natd', so I can't test this myself for a long enough
> period.

natd doesn't do the close and re-open all filehandles thing on receipt
of SIGHUP which pretty much makes it unsuitable for use with newsyslog.
(SIGHUP is caught by natd, but the only thing it does is cause natd to
update its idea of what the IP address is on the nat'ed interface.)

There doesn't seem to be any signal that you can send natd with the
usual 'reread all config files and re-open all file descriptors'
effect that most daemons understand.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   Flat 3
  7 Priory Courtyard
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
  Kent, CT11 9PW, UK



signature.asc
Description: OpenPGP digital signature

Re: Sendmail with SpamAssassin and ClamAV

[Martin Tsanov]

--- Mikael Nyström <[EMAIL PROTECTED]> wrote:

> 
> Do a cd /etc/mail and run make install, to install
> myhost.cf as
> sendmail.cf, since sendmail uses sendmail.cf.
> Restart sendmail and
> clamav_milter.
> 

Thanks

> //Micke
> 
> Martin Tsanov wrote:
> 
> >> Do I need to edit sendmail.cf as well?
> 
> ___
> freebsd-questions@freebsd.org mailing list
>
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: File system full

[Giorgos Keramidas]

On 2006-10-18 07:13, Paul Murphy <[EMAIL PROTECTED]> wrote:
>Giorgos Keramidas wrote:
>>On 2006-10-18 07:53, "Office of CEO- rithy4u.NET" <[EMAIL PROTECTED]> wrote:
>>> Dear All,
>>> My firewall server was running out of space on / partition I
>>> have try to reboot/fsck and delete all unneccessary files
>>> inside / but I still get 12 MB of free space with total 495 MB
>>> worth of that partition. Any ideas?
>>
>> First of all, try to track down where all the space has gone, by
>> using `df' and `du' with the -x option.  For example, you can get
>> a good idea of which places in your root filesystem are the top-10
>> users of space with:
>>
>> # cd /
>> # du -xm . | sort -nr | head -10
>>
>> If this doesn't show up a lot of stuff, then there's probably a
>> rogue process which has opened a file and then removed it, so
>> it's not directly visible by traversing the tree with `du', but
>> you can still look for it with:
>>
>> # fstat -f / | sort -k +8
>>
>> After you get this sort of information, we can make more informed
>> suggestions about the best way to move forward :)
>
> I have been trying to track down a similar problem! Using the above
> method I think I have found 'natd' to be the culprit. Should 'natd'
> receive a signal when 'alias.log' rolls over? Restarting 'natd' seems
> to have releases some megabytes.

Nice catch, Paul!

The `alias.log' file is supposed to be in `/var/log', but I guess if you
use a single root filesystem for everything, this can end up filling the
root filesystem.

The file `alias.log' is not rotated by `newsyslog.conf', so maybe we
should add it there?  Then we can let `newsyslog' signal `natd' by:

%%%
diff -r 4474abb9619a etc/newsyslog.conf
--- a/etc/newsyslog.confFri Oct 13 17:34:54 2006 +0300
+++ b/etc/newsyslog.confWed Oct 18 15:54:52 2006 +0300
@@ -18,6 +18,7 @@
 #
 # logfilename  [owner:group]mode count size when  flags 
[/pid_file] [sig_num]
 /var/log/all.log   600  7 *@T00  J
+/var/log/alias.log 600  7 100  * JC
/var/run/natd.pid
 /var/log/amd.log   644  7 100  * J
 /var/log/auth.log  600  7 100  * JC
 /var/log/console.log   600  5 100  * J
%%%

Can you please add this line to your newsyslog.conf file and let it run
for a while to see if it prevents the `alias.log' file of `natd' to fill
your /var/log filesystem?

I don't use `natd', so I can't test this myself for a long enough
period.

Regards,
Giorgos

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Problems with USB Palm sync

[Jonathan Arnold]

Anish Mistry wrote:

On Tuesday 17 October 2006 23:22, Jonathan Arnold wrote:

Anish Mistry wrote:

On Tuesday 17 October 2006 16:29, Jonathan Arnold wrote:

Has anyone had any luck using pilot-link to sync JPilot to a
Palm device via the USB? I'm trying to sync my Handspring Visor
and it just doesn't seem to be noticing it. I have the following
in my /dev/usbd.conf file:

First you shouldn't be using usbd.conf.  You should be using
devd.conf and devfs.rules.

Disable usbd.

Add to devd.conf:
attach 0 {
device-name "ugen[0-9]+";
match "vendor" "0x082d";
match "product" "0x0100";
match "release" "0x0100";
action "/usr/local/sbin/pilot-sync-ugen.sh $device-name";
};

Setup devfs.rules if you have yet to do it:
http://am-productions.biz/docs/devfs.rules.php

Add your user to the operator group or change the mode to 0666
below. Add to devfs.rules:
add path 'ugen*' group operator
add path 'ugen*' mode 0660

In /usr/local/sbin/pilot-sync-ugen.sh:
#!/bin/sh
#
JPILOT=/usr/X11R6/bin/jpilot-sync
JPILOT_USER=your_username_here
export JPILOT_HOME=/home/$JPILOT_USER
PILOTPORT=usb:/dev/$1
COMMAND=`echo $JPILOT -p $PILOTPORT -b`
# run command ie. (sync)
/usr/bin/su $JPILOT_USER -c "$COMMAND"

Thanks, this seems to work a little better.  Now, when I hit the
Hot Sync button on the cradle, I get the feedback that there's a
connection and it says "Identifying user" on the Visor, but it just
hangs there and eventually gives up. If I comment out the action
and try it from the commandline, pilot-xfer says " Listening for
incoming connection on usb:/dev/ugen0... ". It seems to me that
both are waiting for the other to initiate something. ugen0 doesn't
get created until I hit the HotSync button, but the pilot-link
stuff seems to be waiting for that to happen again?

You'll need to install the user:
# install pilot-link username
COMMAND=`echo /usr/local/bin/install-user -p $PILOTPORT -u 
$JPILOT_USER -i 1001`


I thought it might be something like this, so I played quite a bit last
night trying to get this command to work, but still no joy in mudville.
I replaced the jpilot-sync COMMAND line with the install-user one, but it
still does the same thing. I press the hot sync button, I get the confirmation
that a connection was made from the Visor, but both ends just sit there at
that point.

I feel like I'm ever so close and am just missing one tweak to push it
over into usability.

BTW, what is the 'uvisor' driver for? Should I be trying to use this one
instead of the 'ugen', which is the generic interface?

--
Jonathan Arnold (mailto:[EMAIL PROTECTED])
Daemon Dancing in the Dark, a FreeBSD weblog:
http://freebsd.amazingdev.com/blog/

UNIX is user-friendly. It's just a bit picky about who its friends are.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: What's so compelling about FreeBSD?

[Garrett Cooper]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Simon Gao wrote:
> Robert Huff wrote:
>> Jeff Mohler writes:
>>
>>   
>>>  > > Linux supports more devices than FreeBSD, especially new devices.
>>>  
>>>  Linux clearly supports many more bugs than FreeBSD as well.
>>> 
>>  "Linux is closer to the bleeding edge; always remember that
>> blood will usually be yours."
>>
>>
>>  Robert Huff
>
> With Gentoo, installing and upgrading to the most up-to-date packages is
> a choice up to end users. Gentoo is all about choice. One can definitely
> choose to use packages a few years behind.
> 
> Simon

Found out some cool make targets by chance..

- From /usr/src/Makefile:

# universe- *Really* build *everything* (buildworld and
#   all kernels on all architectures).
# buildworld  - Rebuild *everything*, including glue to help do
#   upgrades.
# installworld- Install everything built by "buildworld".
# world   - buildworld + installworld.
# buildkernel - Rebuild the kernel and the kernel-modules.
# installkernel   - Install the kernel and the kernel-modules.
# installkernel.debug
# reinstallkernel - Reinstall the kernel and the kernel-modules.
# reinstallkernel.debug
# kernel  - buildkernel + installkernel.
# update  - Convenient way to update your source tree (cvs).
# check-old   - Print a list of old files/directories in the system.
# delete-old  - Delete obsolete files and directories interactively.
# delete-old-libs - Delete obsolete libraries interactively.
#
# This makefile is simple by design. The FreeBSD make automatically reads
# the /usr/share/mk/sys.mk unless the -m argument is specified on the
# command line. By keeping this makefile simple, it doesn't matter too
# much how different the installed mk files are from those in the source
# tree. This makefile executes a child make process, forcing it to use
# the mk files from the source tree which are supposed to DTRT.
#
# The user-driven targets (as listed above) are implemented in
Makefile.inc1.
#
# If you want to build your system from source be sure that /usr/obj has
# at least 400MB of diskspace available.
#
# For individuals wanting to build from the sources currently on their
# system, the simple instructions are:
#
# 1.  `cd /usr/src'  (or to the directory containing your source tree).
# 2.  `make world'
#
# For individuals wanting to upgrade their sources (even if only a
# delta of a few days):
#
#  1.  `cd /usr/src'   (or to the directory containing your source
tree).
#  2.  `make buildworld'
#  3.  `make buildkernel KERNCONF=YOUR_KERNEL_HERE' (default is
GENERIC).
#  4.  `make installkernel KERNCONF=YOUR_KERNEL_HERE'   (default is
GENERIC).
#  5.  `reboot'(in single user mode: boot -s from the loader
prompt).
#  6.  `mergemaster -p'
#  7.  `make installworld'
#  8.  `make delete-old'
#  9.  `mergemaster'
# 10.  `reboot'
# 11.  `make delete-old-libs' (in case no 3rd party program uses them
anymore)

So, this helps a bit when updating your system. Didn't realize that the
delete-old and delete-old-libs make targets existed, nor kernel..

- -Garrett
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFNiFR6CkrZkzMC68RAgROAJ9HFYZiWxU1/BvLc/u9gwu2TOkHDQCcC8WM
bMNx1Y+xKfIXwpsZiOR9908=
=ESy8
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Small Redundant web/mail setup

[Ian Lord]

Hi,

I need to setup a high-availability setup for mail/web setup

I was thinking about the following setup:

4 servers total:

Data Servers:
1 Server holding all the websites data and mail messages. It 
would serve these files via nfs to the application servers.

It would also run mysql

A second server Also sharing it's content via nfs, 
replicating it's data though rsync each ?? minutes. The mysql would 
run as a slave of theprimary


Application Servers:
Both servers would be running apache, php, sendmail and 
posfix and would serve content from the share nfs drive.


1- Is this a viable solution, I mean by that, Is it Like this big ISP 
are set up ?


2- Is there a better way to replicate data than RSYNC (without going 
to san of expensive hardware) ? If not, is there a hotsync feature (I 
mean by that as soon as server A modify something, server B knows and 
replicate)?


I would appreciate if you could give me feedbacks, suggestions, or if 
you see any problem that might happen with this kind of setup.


Thanks a lot


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: File system full

[Robert Huff]

Paul Murphy writes:

>I have been trying to track down a similar problem! Using the 
>  above method I think I have found 'natd' to be the culprit.
>  Should 'natd' receive a signal when 'alias.log' rolls over? 
>  Restarting 'natd' seems to have releases some megabytes.

That's not actually clear from the man page.


Robert Huff
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Problem updating mplayer

[RW]

On Tuesday 17 October 2006 14:32, Filippo Moretti wrote:
> When I tried portupgrade mplayer it failed with the following message
> ==>   mplayer-0.99.8_5 depends on file:
> /usr/local/lib/win32/win32-codecs-3.1.0.p8_1,1 - not found
> ===>Verifying reinstall for
> /usr/local/lib/win32/win32-codecs-3.1.0.p8_1,1 in
> /usr/ports/multimedia/win32-codecs
> ===>  win32-codecs-3.1.0.p8_1,1 is forbidden: Remote code execution:
> http://vuxml.FreeBSD.org/24f6b1eb-43d5-11db-81e1-000e0c2e438a.html.
> *** Error code 1
> What can be done to solve this problem?

The problem is with the quicktime codecs. Go to the port directory, do a 
make config  and deselect quicktime.

For future reference, having a quick look at the Makefile will often point you 
in the right direction. In this case:

.if defined(WITH_QUICKTIME)
FORBIDDEN=  Remote code execution: 
http://vuxml.FreeBSD.org/24f6b1eb-43d5-11db-81e1-000e0c2e438a.html
ADDITIONAL_CODECS_DISTFILES+=   qt63dlls-20050115.tar.bz2 \
qtextras-20041107.tar.bz2
PLIST_SUB+= QUICKTIME=""
.else
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Problem with Portsnap Update

[RW]

On Tuesday 17 October 2006 11:56, Gerard Seibert wrote:
> I encountered this immediately after running 'portsnap' this moring:
>
> /usr/sbin/pkg_version -vIL=
>
> py25-tkinter-2.5_1  >   succeeds index (index has 2.4.3_1)
> python-2.5  <   needs updating (index has 2.4.3,1)
> python24-2.4.3_2<   needs updating (index has 2.4.3_3)
> python25-2.5
>
>
> 'python-2.5' does not even appear to exist in the ports tree.
> 'py25-tkinter-2.5_1' also seems to have a problem. Is there something
> wrong with this mornings portsnap update?

The lang/python port was updated to python 2.5 and then reverted to 2.4 after 
compatability problems were found.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Sendmail with SpamAssassin and ClamAV

[Mikael Nyström]

Do a cd /etc/mail and run make install, to install myhost.cf as
sendmail.cf, since sendmail uses sendmail.cf. Restart sendmail and
clamav_milter.

//Micke

Martin Tsanov wrote:

>> Do I need to edit sendmail.cf as well?

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

desktop application for cataloging books, DVD, ...

[Matthias Apitz]

Hi,

I need a small desktop application for cataloging my books and DVD at
home in FreeBSD. I tried to port mcatalog from the ports in 6.0R,
which is old and marked as broken; I've fetched the sources from the
master side, which has version 0.2 already, but this does not configure
on my 6.0R depending on newer gtk stuff, the 0.1 is broken in
the Makefiles and sources aswell;

So, is there any other small cataloging application for FreeBSD?
Thx
matthias
-- 
Matthias Apitz
Manager Technical Support - OCLC PICA GmbH
Gruenwalder Weg 28g - 82041 Oberhaching - Germany
t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
e <[EMAIL PROTECTED]> - w http://www.oclcpica.org/ http://guru.UnixLand.de/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Upgrading in the same RELENG without shutdown ?

[RW]

On Monday 16 October 2006 21:56, bsd wrote:
>  From what I have read so far I guess I'll stick to the 'classic'
> procedure and boot in single user to do the merging things.

I never bother with mergemaster if it's just a point release. These usually 
just involve small patches. No-one is going to change file formats or binary 
compatability on a point release.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Flash Plugin not working

[RW]

On Monday 16 October 2006 06:37, Subhro wrote:
> Hello,
>
> I am running FreeBSD 6.2-PRERELEASE on i386 hardware. I have installed
> linux-firefox and linux-flashplugin from the ports collection. The
> same is iterated by pkg_info.
>
> [EMAIL PROTECTED] ~]$ pkg_info | grep flash
> linux-flashplugin-7.0r68 Adobe Flash Player NPAPI Plugin
> [EMAIL PROTECTED] ~]$ linux-firefox
> [EMAIL PROTECTED] ~]$ pkg_info | grep firefox
> firefox-1.5.0.7,1   Web browser based on the browser portion of Mozilla
> linux-firefox-1.5.0.7 Web browser based on the browser portion of Mozilla
>
> However when I am trying to open any sites from linux-firefox, the
> embedded flash applications are not displayed. Also the 
browser/usr/local/bin/firefox
> complains about missing plugin.

I notice that you have both versions of Firefox. That's OK, but you can only 
run one at a time. If you have a native Firefox process running and you try 
to open  linux-firefox, it just causes the original process to open a new 
window. I'm wondering if that's what's happened here.

What I have at the moment is native Firefox and linux-opera. I found that 
linux-firefox had unclear fonts - possibly they weren't properly 
anti-aliased. There were also some problems with linux-firefox not being able 
to browse to external applications. Opera is better under linux emulation, in 
my experience, and can use the flash-plugin.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: File system full

[Paul Murphy]

Giorgos Keramidas wrote:

On 2006-10-18 07:53, "Office of CEO- rithy4u.NET" <[EMAIL PROTECTED]> wrote:

Dear All,
My firewall server was running out of space on / partition I
have try to reboot/fsck and delete all unneccessary files
inside / but I still get 12 MB of free space with total 495 MB
worth of that partition. Any ideas?


First of all, try to track down where all the space has gone, by
using `df' and `du' with the -x option.  For example, you can get
a good idea of which places in your root filesystem are the top-10
users of space with:

# cd /
# du -xm . | sort -nr | head -10

If this doesn't show up a lot of stuff, then there's probably a
rogue process which has opened a file and then removed it, so
it's not directly visible by traversing the tree with `du', but
you can still look for it with:

# fstat -f / | sort -k +8

After you get this sort of information, we can make more informed
suggestions about the best way to move forward :)

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"




 I have been trying to track down a similar problem! Using the 
above method I think I have found 'natd' to be the culprit. Should 
'natd' receive a signal when 'alias.log' rolls over? Restarting 
'natd' seems to have releases some megabytes.



---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0642-0, 17/10/2006
Tested on: 18/10/2006 7:13:37 AM
avast! - copyright (c) 1988-2006 ALWIL Software.
http://www.avast.com



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Flash Plugin not working

[RW]

On Tuesday 17 October 2006 14:06, Bob M. wrote:

> I think it was Chris Hobbs who was nice enough to translate to english:
>
> http://altbit.org/pseudorandom/unixlike_translation.txt
>

These instructions are for the native Firefox, you don't need to do any of 
this for linux-firefox.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ntpd not adjusting the clock?

[Alex Zbyslaw]

Matthew Seaman wrote:


That means that anyone can connect to your NTP daemon and poll it for time
service or use ntpdc to muck around with your configuration.  It's better
to use at minimum:

   restrict default nopeer nomodify
   restrict localhost
 

You *can* block that kind of unwanted external access with a firewall, 
though it can get tricky with NAT in the equation.


--Alex




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ntpd not adjusting the clock?

[Zbigniew Szalbot]

Hello,

On Wed, 18 Oct 2006, Matthew Seaman wrote:


restrict default ignore
driftfile /var/db/ntp.drift



That means that anyone can connect to your NTP daemon and poll it for time
service or use ntpdc to muck around with your configuration.  It's better
to use at minimum:

   restrict default nopeer nomodify
   restrict localhost


I did that - thank you. That was my purpose in using restrict but I must 
have misunderstood the handbook in that respect. Anyway, I restarted ntpd 
and as of now the 40 second differance is down to about 10 seconds so 
it is working. Thank you very much!



--
Zbigniew Szalbot
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: PCI wireless adapter card

[Bachilo Dmitry]

В сообщении от Среда 18 октября 2006 14:28 Tyler Thompson написал(a):
> i need a driver for a Wireless-G PCI adapter card with SpeedBooster,
> the model number is WMP54GS. and instructions on installing the
> driver.  I am new to BSD.  I am running Desktop BSD 1.0 AMD 64.
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
simply use ndisgen, but I'm not shure if it works on AMD64.
ndisgen is a script that allows you to convert Windows NDIS drivers intu 
FreeBSD's ones.
-- 

С уважением, Бачило Дмитрий
Руководитель отдела системной интеграции
ООО "Компания СоЛинк"
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: LDAP home directories

[Erik Norgaard]

Chandler, Jay wrote:

Does anyone have a way to do home directory mapping through LDAP?  We've
got user directories mounted via NFS to /usr/users and would like to be
able to type in "cd ~ted" and go to Ted's home directory, perhaps in
/usr/users/students/ted.


nss_ldap allows you to map an LDAP parameter to a system parameter. 
There is nss_ldap in ports, but also this summer's Summer Of Code a 
project was aimed at creating a FreeBSD native nss_ldap.


pam_ldap is needed if you want to use ldap for authentication.

Cheers, Erik
--
Ph: +34.666334818  web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

PCI wireless adapter card

[Tyler Thompson]

i need a driver for a Wireless-G PCI adapter card with SpeedBooster,  
the model number is WMP54GS. and instructions on installing the  
driver.  I am new to BSD.  I am running Desktop BSD 1.0 AMD 64. 
___

freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"