Re: Diskless PXEboot crashes at kernel loading.
Hi all, I can't emphasise enough how useful running a TCPDUMP on the server in question is to find out what subtle thing it is that I missed. Generally speaking a quick-crash like that is a file not being found like the modules directory or something silly like that. If you dump the NFS traffic you will probably see the client asking for a file handle for file X and getting denied by the server. If you're not familiar w/ TCPDUMP, here are some handy commands: # Avoid SSH and dump everything to the screen... tcpdump -s 1500 -X udp # Write it to a file so you can open it in ethereal later... tcpdump -s 1500 -X -w nfs.dump udp # Read in the dump file and read it through less, should you not want to us # ethereal after the last step. :) tcpdump -X -r nfs.dump |less Note that if you have a slow or missing DNS entry, give these calls a -n to just get the data and not worry about the ND entries. Hope this helps! PXE boots are never kind. :) Sam Baskinger Software Engineer Lumeta - Securing the Network in the Face of Change Lumeta Corporation And the crash happens. Note that the crash occurs for whatever option 1 to 6 I choose from the FreeBSD boot menu. Does someone understand the crash messages? Not that I understand those messages but some time ago I've had a similar case. It took me some hours to realise that I try to load amd64 kernel to i386 diskless station... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw limit src-addr woes
Andre Santos wrote: On 2/18/07, admin [EMAIL PROTECTED] wrote: Hi, I'm trying to use ipfw's limit clause to limit the number of connections a single IP can have at the same time in a transparent web-proxy environment: 00350 skipto 401 tcp from x.x.x.x/x,y.y.y.y/y,z.z.z.z/z to any dst-port 80 in via if0 setup limit src-addr 10 00401 fwd local.ip.ad.dr,8080 tcp from x.x.x.x/x to any dst-port 80 ... the rest fwd... as I understand the manpage, when the current number of connectiions is below 10, the action skipto is performed, else, the packet is dropped and the search terminates. But... the problem is that the src-addr limit is not enforced as some clients somehow open a huge number (3-5 times the prescribed value) of www-connections to some single address Out There, forcing you to bump up certain sysctl variables (such as kern.ipc.nmbclusters, kern.ipc.maxsockets, etc.) to mitigate the DOS effects. What might be going on? Is ipfw broken, or am I misusing it? OS: FreeBSD 6.2 The following command worked here (6.2-RC1). Only one connection was allowed to 1.2.3.4. # ipfw add 1 allow tcp from any to 1.2.3.4 22 out via rl1 limit dst-addr 1 Use the command ipfw -d show to see what connections are matching your dynamic rules. # ipfw -d show | fgrep x.x.x.x | wc -l 20 $ netstat -na|fgrep x.x.x.x|fgrep ESTABLISHED|wc -l 113 Why is it that only 20 connections have been accounted for by ipfw's dynamic rules but there are actually 113 active connections from that IP at the moment? The limit src-addr is 75. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Internet Explorer on FreeBSD
Peter, Oliver wrote: On Sat, Feb 17, 2007 at 09:35:30AM +0200, Apatewna wrote: ... There is also www.win4bsd.com, although a commercial application and still at its infancy (v1.1) it works quite well. ... it is only a nicer frontend to qemu, isn't it ? Yes it is and it uses kqemu also. They have wrapped the whole package nicely and they offer a 15-day full working trial for those interested. I have yet to perform a test to determine which option is the best (qemu or win4bsd). My friend google might know better. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Duplicate emails on freebsd-questions
As far as I can tell, the problem with duplicate emails resides on how the list software is setup. I am a member of another list where each email sent out by the list software is stripped of all CCs and ReplyTOs. There is only a ReplyTo address in the form of [EMAIL PROTECTED]. Now, whenever a subscriber wants to send a new email to the list, all he has to do is add [EMAIL PROTECTED] as a recipient (as usual on all lists). Whenever he wants to reply to some email he received from the list he just uses the Reply command in his email program. The way it is done on this list is confusing when it comes to reply to mail I received from the list. Almost always I have to use the Reply to all command and strip all irrelevant addresses (CCs TOs and ReplyTOs) leaving just the freebsd-questions@freebsd.org as a recipient To. Sometimes in a hurry I forget to delete the aforementioned recipients and the mail appears to be sent multiple times to the subscribers involved. Some other times I recieve email directly, skipping the list, because the other fellow just used the Reply button. I have never run a mailing list before so that I can strictly suggest proper action, but this is the way I believe thing are running at the moment and it ought to be improved by our suggestions. - RTFM and STFW before anything bad happens - Thanasis Rizoulis Electronic Computing Systems Engineer Larissa, Greece FreeBSD/PCBSD user ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to play MPEG2-TS
On Sun, Feb 18, 2007 at 11:14:26AM +0100, Erik Norgaard wrote: Hi: How do I play mpeg2 transport stream video? I have tried with vlc, ffplay and mplayer and all dumps. The video shows fine on Windows with mplayer, what libraries or options do I need to set to enable mpeg2-ts on FreeBSD? Weird cause the default vlc plays fine all TS, as example it's used in France to play TS streams from ADSL TVs. But vlc crashed, for me, when I treid to play files with a filename using non-iso8859-1 chars and spaces. For mplayer with the following config it works fine: % make showconfig === The following configuration options are available for mplayer-0.99.10_3: DEBUG=off Include debug symbols in mplayer's binary files RTCPU=on Let mplayer dynamically check for CPU features OCFLAGS=on Use optimized compiler flags MENCODER=on Support encoding of multimedia files IPV6=on Include inet6 network support X11=on Enable X11 support for mplayer's video output GUI=on Enable GTK2 graphical user interface with X11 SDL=off Enable SDL video output VIDIX=on Enable VIDIX video output on supported archs NVIDIA=off Enable experimental nvidia xvmc driver SKINS=on Force dependency on mplayer-skins FREETYPE=on Use freetype for OSD fonts (TrueType!) RTC=off Add support for kernel real time clock timing ARTS=off Enable KDE sound system support ESOUND=off Enable GNOME esound support JACK=off Enable JackIt audio server support POLYP=off Enable polyp sound server support NAS=off (default) Enable NAS sound server support OPENAL=off Enable OpenAL sound support LIBUNGIF=on Enable gif support AALIB=off Enable aalib support LIBCACA=off Enable libcaca support SVGALIB=off Enable svgalib support LIBDV=off Enable libdv support MAD=on Enable mad MPEG audio engine support TWOLAME=on Enable twolame MPEG audio codec support DTS=on Enable DTS audio codec support LIBMPCDEC=off Enable libmpcdec support FAAC=on Enable FAAC audio codec support LADSPA=off Enable LADSPA plugin support SPEEX=on Enable speex audio codec support TREMOR=off Use built-in tremor instead of libvorbis XMMS=off Enable XMMS plugin support THEORA=on Enable ogg theora video support WIN32=on Enable win32 codec set on the IA32 arch X264=on Enable x264 (H.264) video codec support XANIM=off Enable xanim DLL support XVID=on Enable XVID video codec support REALPLAYER=on Enable real player plugin LIVEMEDIA=on Enable LIVE555 streaming support SMB=off (default) Enable Samba input support FRIBIDI=off Enable FriBiDi support LIRC=off Enable lirc support LIBCDIO=off Enable libcdio support CDPARANOIA=off Enable cdparanoia support LIBLZO=off Enable external liblzo library === Use 'make config' to modify these settings -- Marc pgpP9y4tTfpVN.pgp Description: PGP signature
Re: Duplicate emails on freebsd-questions
Apatewna wrote: As far as I can tell, the problem with duplicate emails resides on how the list software is setup. I am a member of another list where each email sent out by the list software is stripped of all CCs and ReplyTOs. There is only a ReplyTo address in the form of [EMAIL PROTECTED]. Now, whenever a subscriber wants to send a new email to the list, all he has to do is add [EMAIL PROTECTED] as a recipient (as usual on all lists). Whenever he wants to reply to some email he received from the list he just uses the Reply command in his email program. The way it is done on this list is confusing when it comes to reply to mail I received from the list. Almost always I have to use the Reply to all command and strip all irrelevant addresses (CCs TOs and ReplyTOs) leaving just the freebsd-questions@freebsd.org as a recipient To. Sometimes in a hurry I forget to delete the aforementioned recipients and the mail appears to be sent multiple times to the subscribers involved. Some other times I recieve email directly, skipping the list, because the other fellow just used the Reply button. I have never run a mailing list before so that I can strictly suggest proper action, but this is the way I believe thing are running at the moment and it ought to be improved by our suggestions. - RTFM and STFW before anything bad happens - Thanasis Rizoulis Electronic Computing Systems Engineer Larissa, Greece FreeBSD/PCBSD user ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I think it isn't that bad, it's easy for filtering e-mail so you can let your mail client hilight the threads in which you have replied. Just my 2 cents, -- -Frank Staals ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Duplicate emails on freebsd-questions
On 2007-02-19 11:53, Apatewna [EMAIL PROTECTED] wrote: As far as I can tell, the problem with duplicate emails resides on how the list software is setup. No, you are wrong about this. The duplicate emails Greg Lehey was talking about were repeated re-posts of the same message. I am a member of another list where each email sent out by the list software is stripped of all CCs and ReplyTOs. There is only a ReplyTo address in the form of [EMAIL PROTECTED]. There is a very good reason why it is customary in this mailing list to copy the sender when replying. We don't accept email messages only from subscribers. This means that some people may post a question without even being subscribed to the list. By Reply-To: header hacks, like the one you are describing, the original poster may never see your reply. This particular Reply-To: trick has been proposed in the past too, and its use has been discussed to death many times. Please refer to the archives for more reasons why it is bad for this mailing list. I have never run a mailing list before so that I can strictly suggest proper action, but this is the way I believe thing are running at the moment and it ought to be improved by our suggestions. I don't think there's something wrong with the current setup :-( - Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
snp(4) and incomplete lines
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've wrote a test program for snp(4), yes - watch exists, but I'm more interested in using it with line oriented apps - and noticed that incomplete lines don't seem to be printed. Here is the code: http://tspivey.freeshell.org/snp.tar.gz Is this a bug in my code, or a bug in snp? An example of this is the following: I launch snp and point it at one of my many copies of ed, switch to that screen and start typing something. It fails to show up on the snp screen until I hit enter in ed. Any help on this would be appreciated. - - Tyler -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFF2YEKTsjaYASMWKQRAqRVAKCVsSjxKJXE7a4fbRKugChn7ZM3VACfQm18 raL84SX/wG8L+boNusBl2GM= =9MKL -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Duplicate emails on freebsd-questions
Frank Staals wrote: Apatewna wrote: As far as I can tell, the problem with duplicate emails resides on how the list software is setup. I am a member of another list where each email sent out by the list software is stripped of all CCs and ReplyTOs. There is only a ReplyTo address in the form of [EMAIL PROTECTED]. Now, whenever a subscriber wants to send a new email to the list, all he has to do is add [EMAIL PROTECTED] as a recipient (as usual on all lists). Whenever he wants to reply to some email he received from the list he just uses the Reply command in his email program. The way it is done on this list is confusing when it comes to reply to mail I received from the list. Almost always I have to use the Reply to all command and strip all irrelevant addresses (CCs TOs and ReplyTOs) leaving just the freebsd-questions@freebsd.org as a recipient To. Sometimes in a hurry I forget to delete the aforementioned recipients and the mail appears to be sent multiple times to the subscribers involved. Some other times I recieve email directly, skipping the list, because the other fellow just used the Reply button. I have never run a mailing list before so that I can strictly suggest proper action, but this is the way I believe thing are running at the moment and it ought to be improved by our suggestions. - RTFM and STFW before anything bad happens - Thanasis Rizoulis Electronic Computing Systems Engineer Larissa, Greece FreeBSD/PCBSD user ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I think it isn't that bad, it's easy for filtering e-mail so you can let your mail client hilight the threads in which you have replied. Just my 2 cents, This is done by your mail client using the In-Reply-To field. For more info check http://cr.yp.to/immhf/thread.html My original mail had : Message-ID: [EMAIL PROTECTED] and you reply to my email had: Message-ID: [EMAIL PROTECTED] References: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] so in a threded mail client (Thunderbird) this appears as a threaded reply to my message. This also explains why some people who start a new topic by replying to an already recieved email, get flamed by users who use threaded email clients :) - RTFM and STFW before anything bad happens - Thanasis Rizoulis Electronic Computing Systems Engineer Larissa, Greece FreeBSD/PCBSD user ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw limit src-addr woes
On Mon, 19 Feb 2007, admin wrote: Andre Santos wrote: On 2/18/07, admin [EMAIL PROTECTED] wrote: Hi, I'm trying to use ipfw's limit clause to limit the number of connections a single IP can have at the same time in a transparent web-proxy environment: 00350 skipto 401 tcp from x.x.x.x/x,y.y.y.y/y,z.z.z.z/z to any dst-port 80 in via if0 setup limit src-addr 10 00401 fwd local.ip.ad.dr,8080 tcp from x.x.x.x/x to any dst-port 80 ... the rest fwd... as I understand the manpage, when the current number of connectiions is below 10, the action skipto is performed, else, the packet is dropped and the search terminates. But... No, a packet is not dropped on a condition that fails a skipto test. skipto number Skip all subsequent rules numbered less than number. The search continues with the first rule numbered number or higher. You'll need a specific allow or deny rule; skipto does neither, it just branches to 401 if the condition is matched, otherwise proceeds to the next rule, which is also 401. This runs rule 401 and on, either way. the problem is that the src-addr limit is not enforced as some clients somehow open a huge number (3-5 times the prescribed value) of www-connections to some single address Out There, forcing you to bump up certain sysctl variables (such as kern.ipc.nmbclusters, kern.ipc.maxsockets, etc.) to mitigate the DOS effects. What might be going on? Is ipfw broken, or am I misusing it? You've misread skipto, is all. As it stands, the counts will show how many packets passed the test, but all packets proceed to the next rule. I'd rephrase rules to use skipto only for branching on condition, or !condition, past specific allow and/or deny rules to deal with this. OS: FreeBSD 6.2 The following command worked here (6.2-RC1). Only one connection was allowed to 1.2.3.4. # ipfw add 1 allow tcp from any to 1.2.3.4 22 out via rl1 limit dst-addr 1 Use the command ipfw -d show to see what connections are matching your dynamic rules. # ipfw -d show | fgrep x.x.x.x | wc -l 20 $ netstat -na|fgrep x.x.x.x|fgrep ESTABLISHED|wc -l 113 Why is it that only 20 connections have been accounted for by ipfw's dynamic rules but there are actually 113 active connections from that IP at the moment? The limit src-addr is 75. See above. Sorry I didn't notice this when you first posted it. I've not yet used limit src-addr myself, but use skipto a lot :) Cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How Do I Surf To My Server?
Hi; I have a production server that I've crashed a few times by working on it directly and making mistakes. As a result, I've finally built a mock server on my home PC on a separate hard drive with nothing but FBSD. I also have a laptop. All are connected by DHCP to a satellite dish. My question is, how can I surf my laptop to pull up Web pages generated from the home-based FBSD machine? What kind of networking is necessary? How do I call it up? Can this be handled through DHCP, or do I need to use BIND? Or something else? What good resources are out there for studying this? The FBSD manual wasn't much help, unfortunately. Conversely, I could surf to the FBSD machine from the FBSD machine. But I built this mock server like my workhorse...no mouse, no X, no browser. Would I have to rebuild it to incorporate those? Or just build stuff from ports? Finally, which solution is easiest...surfing from the laptop or from the FBSD machine? TIA, Drew Looking for earth-friendly autos? Browse Top Cars by Green Rating at Yahoo! Autos' Green Center. http://autos.yahoo.com/green_center/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can I Mount A Windoze Drive?
Here is the dialogue: # mount_ntfs /dev/ad0s1 /mnt/win #mount_ntfs: /mnt No such file or directory Drew - Original Message From: Martin Tournoij [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Cc: [EMAIL PROTECTED] Sent: Sunday, February 18, 2007 3:51:25 PM Subject: Re: Can I Mount A Windoze Drive? On Sun 18 Feb 2007 07:02, Drew Jenkins wrote: For some reason, I can no longer mount the Windoze drive! The first time I mounted it, I didn't even change the fstab! I just issued the command: mount_ntfs /dev/ad0s1 /mnt/win and it mounted! I copied off everything I thought I needed. But when I tried to go back in, that didn't work. So I added the line suggested below to /etc/fstab and I still can't mount it! Rebooting doesn't help. What am I missing? TIA, Drew - Original Message From: Martin Tournoij [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Cc: [EMAIL PROTECTED] Sent: Saturday, February 17, 2007 3:10:22 AM Subject: Re: Can I Mount A Windoze Drive? On Sat 17 Feb 2007 13:02, Drew Jenkins wrote: Newbie question here. I just want to make sure I don't screw anything up. I have two hard drives in my box...one for Windoze, one for FBSD. Can I mount the former from FBSD and copy over files? Do I navigate it just like a FBSD disk...cd, cp, etc? TIA, Drew FreeBSD comes with a readonly ntfs driver. Assuming your windows partition is ad0s1 mount_ntfs /dev/ad0s1 /mnt/win fstab entry: /dev/ad0s1 /mnt/win ntfs ro,noauto 0 0 You can then copy stuff, for example: cp /mnt/win/Documents\ and\ Settings/carpetsmoker/Desktop ~/ If you want read support, you might want to try ntfsprogs (sysutils/ntfsprogs), which has some basic (EXPERIMENTAL!) read support. Does mount give some kind error? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] 8:00? 8:25? 8:40? Find a flick in no time with the Yahoo! Search movie showtime shortcut. http://tools.search.yahoo.com/shortcuts/#news ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
CUPS printing problem
My apologies to the list. Originally I sent 2 log files, as separate attachments to a previous email and somehow they got put into the body of the message and were really long. I am sorry for wasting every-ones bandwidth and time. Below is the original message with some pertinent log info. Again, I apologize for the poor etiquette. Original message: I am having a problem printing from CUPS. I did a fresh install on 6.2 release and cups-1.2.7. I am trying to configure for an HP1022. The install was successful, and I can manage the printer from the web interface. But, when I try to print a test page, the light on the printer starts flashing but nothing gets printed. The printer admin page shows the following: Description: HP1022 Location: office Make and Model: HP LaserJet Series PCL 4/5 CUPS v1.2 Printer State: idle, accepting jobs, published. Device URI: socket://10.0.1.222:9100 ID Name User Size Pages State Control State HP1022-1 Test Page root 18k Unknown stopped So, it appears that after I send the job the printer goes into Stopped state. I checked the logs, and there is something I don't understand. It says: cupsdAuthorize: No authentication data provided What does this mean? Where do you set authentication? Is this the cause of the problem, or a symptom of something else? Do I need to authorize specific users, if so where and how do you do it? I am running gnome 2.16. Below is a short excerpt from error_log: [19/Feb/2007:14:32:28 +0200] cupsdNetIFUpdate: sk0 = 10.0.1.175... D [19/Feb/2007:14:32:28 +0200] cupsdNetIFUpdate: lo0 = fe80:3::1... D [19/Feb/2007:14:32:28 +0200] cupsdNetIFUpdate: lo0 = localhost... D [19/Feb/2007:14:32:28 +0200] cupsdNetIFUpdate: lo0 = localhost... D [19/Feb/2007:14:32:54 +0200] cupsdCloseClient: 8 D [19/Feb/2007:14:33:24 +0200] cupsdAcceptClient: 8 from 10.0.1.175:631 (IPv4) D [19/Feb/2007:14:33:24 +0200] cupsdReadClient: 8 GET /admin/?op=delete-printer[EMAIL PROTECTED] HTTP/1.1 D [19/Feb/2007:14:33:24 +0200] cupsdReadClient: 8 Browser asked for language en-us.utf-8... D [19/Feb/2007:14:33:24 +0200] cupsdAuthorize: No authentication data provided. D [19/Feb/2007:14:33:24 +0200] cupsdSendError: 8 code=403 (Forbidden) D [19/Feb/2007:14:33:24 +0200] cupsdCloseClient: 8 D [19/Feb/2007:14:33:24 +0200] cupsdAcceptClient: 8 from 10.0.1.175:631 (IPv4) D [19/Feb/2007:14:33:24 +0200] cupsdReadClient: 8 GET /cups.css HTTP/1.1 D [19/Feb/2007:14:33:24 +0200] cupsdReadClient: 8 Browser asked for language en-us.utf-8... D [19/Feb/2007:14:33:24 +0200] cupsdAuthorize: No authentication data provided. D [19/Feb/2007:14:33:24 +0200] write_file: 8 file=9 D [19/Feb/2007:14:33:32 +0200] cupsdNetIFUpdate: sk0 = 10.0.1.175... D [19/Feb/2007:14:33:32 +0200] cupsdNetIFUpdate: lo0 = fe80:3::1... D [19/Feb/2007:14:33:32 +0200] cupsdNetIFUpdate: lo0 = localhost... D [19/Feb/2007:14:33:32 +0200] cupsdNetIFUpdate: lo0 = localhost... D [19/Feb/2007:14:34:24 +0200] cupsdCloseClient: 8 D [19/Feb/2007:14:34:34 +0200] cupsdNetIFUpdate: sk0 = 10.0.1.175... D [19/Feb/2007:14:34:34 +0200] cupsdNetIFUpdate: lo0 = fe80:3::1... D [19/Feb/2007:14:34:34 +0200] cupsdNetIFUpdate: lo0 = localhost... D [19/Feb/2007:14:34:34 +0200] cupsdNetIFUpdate: lo0 = localhost... D [19/Feb/2007:14:35:36 +0200] cupsdNetIFUpdate: sk0 = 10.0.1.175... D [19/Feb/2007:14:35:36 +0200] cupsdNetIFUpdate: lo0 = fe80:3::1... D [19/Feb/2007:14:35:36 +0200] cupsdNetIFUpdate: lo0 = localhost... D [19/Feb/2007:14:35:36 +0200] cupsdNetIFUpdate: lo0 = localhost... D [19/Feb/2007:14:36:38 +0200] cupsdNetIFUpdate: sk0 = 10.0.1.175... D [19/Feb/2007:14:36:38 +0200] cupsdNetIFUpdate: lo0 = fe80:3::1... D [19/Feb/2007:14:36:38 +0200] cupsdNetIFUpdate: lo0 = localhost... D [19/Feb/2007:14:36:38 +0200] cupsdNetIFUpdate: lo0 = localhost... D [19/Feb/2007:14:37:40 +0200] cupsdNetIFUpdate: sk0 = 10.0.1.175... D [19/Feb/2007:14:37:40 +0200] cupsdNetIFUpdate: lo0 = fe80:3::1... D [19/Feb/2007:14:37:40 +0200] cupsdNetIFUpdate: lo0 = localhost... D [19/Feb/2007:14:37:40 +0200] cupsdNetIFUpdate: lo0 = localhost... D [19/Feb/2007:14:38:42 +0200] cupsdNetIFUpdate: sk0 = 10.0.1.175... D [19/Feb/2007:14:38:42 +0200] cupsdNetIFUpdate: lo0 = fe80:3::1... D [19/Feb/2007:14:38:42 +0200] cupsdNetIFUpdate: lo0 = localhost... D [19/Feb/2007:14:38:42 +0200] cupsdNetIFUpdate: lo0 = localhost... D [19/Feb/2007:14:38:50 +0200] cupsdAcceptClient: 8 from 10.0.1.169:631 (IPv4) D [19/Feb/2007:14:38:51 +0200] cupsdReadClient: 8 GET /printers/[EMAIL PROTECTED] HTTP/1.1 D [19/Feb/2007:14:38:51 +0200] cupsdAuthorize: No authentication data provided. D [19/Feb/2007:14:38:51 +0200] cupsdSendError: 8 code=404 (Not Found) D [19/Feb/2007:14:38:51 +0200] cupsdCloseClient: 8 D [19/Feb/2007:14:38:51 +0200] cupsdAcceptClient: 8 from 10.0.1.169:631 (IPv4) D [19/Feb/2007:14:38:51 +0200] cupsdReadClient: 8 GET /printers/[EMAIL PROTECTED] HTTP/1.1 D [19/Feb/2007:14:38:51 +0200] cupsdAuthorize: No authentication
Update and install new packages immediate after installation
Hi folks, FreeBSD-6.2-amd64 Just finished installing the captioned OS which is now working. There is no major desktop running on the OS, such as KDE/Gnome/Xfce, as well as some other necessary applications. I'll erase the OS soon to make another installation with new partitions arrangement. On the 2nd round I'll also make the same installation. Please advise after installation completed how to read on CVS on the website to fetch fresh ports and src tree that I need installing further packages and updating the system. Also how to read about its package management and how to startup. I expect first to update the system before doing any further installations and/or customizations. Pointers would be appreciated. TIA B.R. satimis -- View this message in context: http://www.nabble.com/Update-and-install-new-packages-immediate-after-installation-tf3252717.html#a9041910 Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How Do I Surf To My Server?
Drew Jenkins wrote: Hi; I have a production server that I've crashed a few times by working on it directly and making mistakes. As a result, I've finally built a mock server on my home PC on a separate hard drive with nothing but FBSD. I also have a laptop. All are connected by DHCP to a satellite dish. My question is, how can I surf my laptop to pull up Web pages generated from the home-based FBSD machine? What kind of networking is necessary? How do I call it up? Can this be handled through DHCP, or do I need to use BIND? Or something else? What good resources are out there for studying this? The FBSD manual wasn't much help, unfortunately. Conversely, I could surf to the FBSD machine from the FBSD machine. But I built this mock server like my workhorse...no mouse, no X, no browser. Would I have to rebuild it to incorporate those? Or just build stuff from ports? Finally, which solution is easiest...surfing from the laptop or from the FBSD machine? TIA, Drew First off - if you intend on doing this from the outside world - you really need to understand the whole networking thing. THAT, is beyond the scope of this list. If however, you browse from within your own home network, all you need is the IP address of the server (assuming that server has apache or some other httpd) and your done. Servers should NEVER be ip'ed dynamically. Servers should ALWAYS be static unless of course, you are running some form of DNS internally. Again, if your intent is to access from outside your network - then the above is mute and you need to educate yourself with the whole networking thing. That in itself, will NEVER be covered on the FBSD site. The FBSD site assumes that you have a clue to the networking basics. -- Best regards, Chris Nothing is ever accomplished by a reasonable man. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Compiler Flags for SPARC64
Hello everybody out there! Please excuse my posting this question again on this list, but the last post on the freebsd-sparc64 didn't help much. There isn't really much traffic on that list. Assuming that gcc when run on sparc64 produces v7 code (for sun4/4c) by default, I went about trying to improve that as v7 code is known to be a fair bit slower as v9 (sun4u) code. The improvement can be as much as 100% for some apps like OpenSSL or OpenSSH. I went about trying some Compiler flags. -mcpu=ultrasparc and -mcpu=v9 both came into mind. However this lead to several problems of programs not compiling anymore. Most notably was the failure of 'make buildworld'. When gcc is told to produce v9 code, it doesn't produce 64bit code (you have to set -m64 for that), it just uses a few additional commands the CPU knows, which should make the resulting code faster but no longer compatible with older CPUs (non-UltraSPARC). This means that there shouldn't be any problem with pointers that are now strange to the code. But even if I explicitly set the -m32 flag, I still can't make the world. I discussed this in a German newsgroup, where someone told me that the CPU is set to v9 by default on FreeBSD, as it only supports SPARC64 and not SPARC32. Although this assumption makes sense, I couldn't find any evidence to back it up. While some compiler flags are set by default on some platforms for optimization for that particular CPU, there doesn't seem to be anything set for sparc64. Additionaly, if the mcpu were really set to ultrasparc or v9, then setting it again shouldn't cause buildworld to stop with the error I don't know what platform this is. Has anyone got any ideas on how to go on with this? Regards Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How Do I Surf To My Server?
20- Original Message From: Chris [EMAIL PROTECTED] To: Drew Jenkins [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Monday, February 19, 2007 9:09:16 AM Subject: Re: How Do I Surf To My Server? If however, you browse from within your own home network, all you need is the IP address of the server (assuming that server has apache or some other httpd) and your done. Right, all at home. I have Pound configured (like on my workhorse), not apache. But how do I determine the IP address of the server? I've never set that up before. What file do I edit? Servers should NEVER be ip'ed dynamically. Servers should ALWAYS be static unless of course, you are running some form of DNS internally. All I need is something like this: 123.456.78.90:8080/example_site so I can look at said site. Again, if your intent is to access from outside your network - then the above is mute and you need to educate yourself with the whole networking thing. I'm glad I can once more dodge that bullet ;) Drew Never miss an email again! Yahoo! Toolbar alerts you the instant new Mail arrives. http://tools.search.yahoo.com/toolbar/features/mail/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: nfs, mountd, /etc/exports: grant access to several networks
[EMAIL PROTECTED] wrote: is it possible to allow hosts of different networks to mount an NFS export? Sure. I tried already the following statements in /etc/exports without success: -network net1/mask net2/mask -network net1/mask -network net2/mask Just list them on separate lines, e.g. /foo/bar -network net1 -mask mask1 /foo/bar -network net2 -mask mask2 Also see the examples in the exports(5) manual page. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart Any opinions expressed in this message are personal to the author and may not necessarily reflect the opinions of secnetix GmbH Co KG in any way. FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd ... there are two ways of constructing a software design: One way is to make it so simple that there are _obviously_ no deficiencies and the other way is to make it so complicated that there are no _obvious_ deficiencies.-- C.A.R. Hoare, ACM Turing Award Lecture, 1980 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Operation not permitted when mounting floppy or cdrom
lysergius2001 [EMAIL PROTECTED] wrote: FreeBSD 6.2. Recently installed will not permit user mount of floppy disk, cdrom, or usb. Works fine as root. Checked devfs.conf, devfs.rules, fstab, /dev. Nothing seems to make a difference. For ordinary users to be able to mount file systems, three conditions have to be met: -1- sysctl vfs.usermount=1 -2- The user must have read+write access to the device to be mounted. Usually you will solve that via group permissions, e.g. create a group for people who are allowed to mount a certain device, then put those people into that group (via /etc/group), and change the permission modes of the device so that the group can read+write it. -3- The user must own the mount point. Note that read+ write access is not sufficient here, and group rights don't matter -- the user must be the owner of the mount point. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart Any opinions expressed in this message are personal to the author and may not necessarily reflect the opinions of secnetix GmbH Co KG in any way. FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd C is quirky, flawed, and an enormous success. -- Dennis M. Ritchie. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How Do I Surf To My Server?
Drew Jenkins wrote: 20- Original Message From: Chris [EMAIL PROTECTED] To: Drew Jenkins [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Monday, February 19, 2007 9:09:16 AM Subject: Re: How Do I Surf To My Server? If however, you browse from within your own home network, all you need is the IP address of the server (assuming that server has apache or some other httpd) and your done. Right, all at home. I have Pound configured (like on my workhorse), not apache. But how do I determine the IP address of the server? I've never set that up before. What file do I edit? That depends on determine. If you mean, determine as in, discover, then ifconfig should work. To *set* the IP address, edit /etc/rc.conf (adding the correct arguments to ifconfig there) and reboot the server, or issue the correct arguments to ifconfig in real time (but you'll have to do it every time you reboot). Perhaps we'll be a tough schoolmaster here; see ifconfig(1)'s man page for more info ;-) Servers should NEVER be ip'ed dynamically. Servers should ALWAYS be static unless of course, you are running some form of DNS internally. All I need is something like this: 123.456.78.90:8080/example_site so I can look at said site. Again, if your intent is to access from outside your network - then the above is mute and you need to educate yourself with the whole networking thing. I'm glad I can once more dodge that bullet ;) Drew Will this help? $ ifconfig vr0 vr0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet6 fe80::20a:e6ff:fee5:3760%vr0 prefixlen 64 scopeid 0x2 inet 192.168.0.1 netmask 0xff00 broadcast 192.168.0.255 ether 00:0a:e6:e5:37:60 media: Ethernet autoselect (100baseTX full-duplex) status: active And on a Windows Laptop: C:\ more c:\windows\system32\drivers\etc\hosts # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost 192.168.0.1 webmail.daleco.biz So, I can browse webmail.daleco.biz, located on a FreeBSD server on my LAN, from a Windows laptop; the server is running on the FreeBSD box's vr0 interface (IP address 192.168.0.1), and the hosts file on the Winbox is telling it that webmail.daleco.biz is at that address. That's DNS, circa 1981. No charge ;-) Kevin Kinsey DaleCo, S.P. -- I never vote for anyone. I always vote against. -- W.C. Fields ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
xDSL n Dial up connection ??? help
-- --- | ISP 1 | | ISP 2 | -- --- || (DHCP) || (DHCP) || - - Dial up -- | | | | -- xDSL - - \ / | router | | | I have some problem here, about how to setting freebsd router which have two link like topology above. i want the router have automatically detected if xDSL link has down n swicth the link to dial up automatically. even so was the reverse if link xDSL has up n dial up is disconnect automatically.. thnx ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can I Mount A Windoze Drive?
Drew Jenkins wrote: For some reason, I can no longer mount the Windoze drive! The first time I mounted it, I didn't even change the fstab! I just issued the command: mount_ntfs /dev/ad0s1 /mnt/win and it mounted! I copied off everything I thought I needed. But when I tried to go back in, that didn't work. So I added the line suggested below to /etc/fstab and I still can't mount it! Rebooting doesn't help. What am I missing? TIA, Drew Here is the dialogue: # mount_ntfs /dev/ad0s1 /mnt/win #mount_ntfs: /mnt No such file or directory Drew Does /mnt truly not exist? `ls -l / | grep mnt`, perhaps? What about /dev/ad0s1? KDK -- Faith is under the left nipple. -- Martin Luther ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How Do I Surf To My Server?
Drew Jenkins wrote: Hi; I have a production server that I've crashed a few times by working on it directly and making mistakes. As a result, I've finally built a mock server on my home PC on a separate hard drive with nothing but FBSD. I also have a laptop. All are connected by DHCP to a satellite dish. My question is, how can I surf my laptop to pull up Web pages generated from the home-based FBSD machine? What kind of networking is necessary? How do I call it up? Can this be handled through DHCP, or do I need to use BIND? Or something else? What good resources are out there for studying this? The FBSD manual wasn't much help, unfortunately. Conversely, I could surf to the FBSD machine from the FBSD machine. But I built this mock server like my workhorse...no mouse, no X, no browser. Would I have to rebuild it to incorporate those? Or just build stuff from ports? Finally, which solution is easiest...surfing from the laptop or from the FBSD machine? Assuming that you have Apache (or whatever) started and running, and that both computers are on the LAN (usually in the 192.168.xxx.xxx range) you should be able to access your internal website by typing in the private IP address of the server, into your browser, for example: http://192.168.1.11/ -- -wittig http://www.robertwittig.com/ . http://robertwittig.net/ . http://robertwittig.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Internet Explorer on FreeBSD
Bill Moran wrote: Kevin Downey [EMAIL PROTECTED] wrote: I do a bit of web dev stuff so it would be nice to be able to see the page in IE. A website I use for work uses ActiveX. I hate dual booting. What is the best(easiest) way to run ie on freebsd? In addition to everything else that's been suggested, give qemu a try. It's rather slow, but I use it often for an app we need that only runs on widows. qemu is nice and kqemu is also now open source. You could give Win4BSD a shot...it is $50.00 but I use if for all things Windows at work. -Tom ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Asking for help on first installation
Hi FreeBSD folks, I'm a UNIX user for some time but now I'm trying to install my first FreeBSD system over the internet. I got along with the HW and pre-installation issues easily, the disk space is allocated, I know what to install. But I can't connect for download. I'd like to ask for your help. On this handbook page http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-media.html I arrive at figure Figure 2-27. Set Network Configuration for ed0. See page http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-post.html I don't know what to put in host, domain, IPv4 gateway and domain server. My ISP is German Telekom. I'm using a CompuShack gateway/4-port switch Connecting to my 3-COMs RJ45 jack My computer is 192.168.0.4 The local gateway is 192.168.0.1 The subnet mask is 255.255.255.0 The gateway's internet address changes as it is assigned when connecting. Who's host name has to be used ? I'm logging into Telekom as [EMAIL PROTECTED] . Is t-online.de the required domain ? The installation probes IP numbers like 217.237.151.142 for the name server. Is that what's needed ? I would very much appreciate your help. I also won't need more help :-) Regards, Manfred ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Internet Explorer on FreeBSD
What is the status of getting Xen on FreeBSD? It's a shame that an emulator is required to run Windows on the same architecture. Does Qemu virtualized on x86 hardware? On Feb 19, 2007, at 9:06 AM, Tom Grove wrote: Bill Moran wrote: Kevin Downey [EMAIL PROTECTED] wrote: I do a bit of web dev stuff so it would be nice to be able to see the page in IE. A website I use for work uses ActiveX. I hate dual booting. What is the best(easiest) way to run ie on freebsd? In addition to everything else that's been suggested, give qemu a try. It's rather slow, but I use it often for an app we need that only runs on widows. qemu is nice and kqemu is also now open source. You could give Win4BSD a shot...it is $50.00 but I use if for all things Windows at work. -Tom ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Asking for help on first installation
In general you will do better to do a new install from a bootable CD. But here is what you need to know: host is whatever you want your server's host name to be. This doesn't really matter as you will be on a private LAN. domain again this doesn't matter as you will be on a private LAN IPv4 gateway your routers IP address, 192.168.0.1 domain server your ISP Name server for DNS name resolution. -Derek At 07:48 AM 2/19/2007, Manfred Frey wrote: Hi FreeBSD folks, I'm a UNIX user for some time but now I'm trying to install my first FreeBSD system over the internet. I got along with the HW and pre-installation issues easily, the disk space is allocated, I know what to install. But I can't connect for download. I'd like to ask for your help. On this handbook page http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-media.html I arrive at figure Figure 2-27. Set Network Configuration for ed0. See page http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-post.html I don't know what to put in host, domain, IPv4 gateway and domain server. My ISP is German Telekom. I'm using a CompuShack gateway/4-port switch Connecting to my 3-COMs RJ45 jack My computer is 192.168.0.4 The local gateway is 192.168.0.1 The subnet mask is 255.255.255.0 The gateway's internet address changes as it is assigned when connecting. Who's host name has to be used ? I'm logging into Telekom as [EMAIL PROTECTED] . Is t-online.de the required domain ? The installation probes IP numbers like 217.237.151.142 for the name server. Is that what's needed ? I would very much appreciate your help. I also won't need more help :-) Regards, Manfred ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw limit src-addr woes
Ian Smith wrote:
On Mon, 19 Feb 2007, admin wrote:
Andre Santos wrote:
On 2/18/07, admin [EMAIL PROTECTED] wrote:
Hi, I'm trying to use ipfw's limit clause to limit the number of
connections a single IP can have at the same time in a transparent
web-proxy environment:
00350 skipto 401 tcp from x.x.x.x/x,y.y.y.y/y,z.z.z.z/z to any dst-port
80 in via if0 setup limit src-addr 10
00401 fwd local.ip.ad.dr,8080 tcp from x.x.x.x/x to any dst-port 80
... the rest fwd...
as I understand the manpage, when the current number of connectiions is
below 10, the action skipto is performed, else, the packet is dropped
and the search terminates. But...
No, a packet is not dropped on a condition that fails a skipto test.
The manpage doesn't make this point clear.
limit {src-addr | src-port | dst-addr | dst-port} N
The firewall will only allow N connections with the same
set of parameters as specified in the rule.
To limit the number of connections a user can open you can use the
following type of rules:
ipfw add allow tcp from my-net/24 to any setup limit src-addr 10
ipfw add allow tcp from any to me setup limit src-addr 4
I'm assuming the packet gets silently dropped when the limit is
overloaded but gets acted upon otherwise due to the stateful limit
behaviour (keep-state in disguise). Just do a skipto when there's a
state entry and that's it. And that's why the counter grows for
established connections too, even though there's a setup modifier.
skipto is a nice thing as it allows you to AND rules ;-)
Besides, that's what my humble testing came up with - connections over
the limit DO get dropped... if done nicely.
As for the problem, it seems to me that all this noise is because of
different timeouts in ipfw and TCP layer/whatever. The dynamic state
entry for a connection expires while netstat -na still show the
connection as ESTABLISHED, or, worse, the state entry is still there but
the corresponding connection is in some half-closed state (FIN_WAIT_2,
CLOSE_WAIT, LAST_ACK). The first case allows many more connections than
limit, while the second case won't let many good clients connect due
to their buggy browsers not closing connections and letting the count
build up. Could this be it?
skipto number
Skip all subsequent rules numbered less than number. The search
continues with the first rule numbered number or higher.
You'll need a specific allow or deny rule; skipto does neither, it just
branches to 401 if the condition is matched, otherwise proceeds to the
next rule, which is also 401. This runs rule 401 and on, either way.
the problem is that the src-addr limit is not enforced as some clients
somehow open a huge number (3-5 times the prescribed value) of
www-connections to some single address Out There, forcing you to bump up
certain sysctl variables (such as kern.ipc.nmbclusters,
kern.ipc.maxsockets, etc.) to mitigate the DOS effects. What might be
going on? Is ipfw broken, or am I misusing it?
You've misread skipto, is all. As it stands, the counts will show how
many packets passed the test, but all packets proceed to the next rule.
I'd rephrase rules to use skipto only for branching on condition, or
!condition, past specific allow and/or deny rules to deal with this.
OS: FreeBSD 6.2
The following command worked here (6.2-RC1). Only one connection was
allowed to 1.2.3.4.
# ipfw add 1 allow tcp from any to 1.2.3.4 22 out via rl1 limit dst-addr 1
Use the command ipfw -d show to see what connections are matching
your dynamic rules.
# ipfw -d show | fgrep x.x.x.x | wc -l
20
$ netstat -na|fgrep x.x.x.x|fgrep ESTABLISHED|wc -l
113
Why is it that only 20 connections have been accounted for by ipfw's
dynamic rules but there are actually 113 active connections from that IP
at the moment? The limit src-addr is 75.
See above. Sorry I didn't notice this when you first posted it. I've
not yet used limit src-addr myself, but use skipto a lot :)
Cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw limit src-addr woes
On Mon, 19 Feb 2007, admin wrote:
Ian Smith wrote:
On Mon, 19 Feb 2007, admin wrote:
Andre Santos wrote:
On 2/18/07, admin [EMAIL PROTECTED] wrote:
Hi, I'm trying to use ipfw's limit clause to limit the number of
connections a single IP can have at the same time in a transparent
web-proxy environment:
00350 skipto 401 tcp from x.x.x.x/x,y.y.y.y/y,z.z.z.z/z to any
dst-port
80 in via if0 setup limit src-addr 10
00401 fwd local.ip.ad.dr,8080 tcp from x.x.x.x/x to any dst-port 80
... the rest fwd...
as I understand the manpage, when the current number of connectiions
is
below 10, the action skipto is performed, else, the packet is
dropped
and the search terminates. But...
No, a packet is not dropped on a condition that fails a skipto test.
The manpage doesn't make this point clear.
You pretty much have to read it all .. several times .. a year. One of
the things you note is that each rule is tested until a packet is either
allowed or denied by a rule, even until '65535 deny ip from any to any'.
limit {src-addr | src-port | dst-addr | dst-port} N
The firewall will only allow N connections with the same
set of parameters as specified in the rule.
Yes, for this rule. It still needs to be applied to an allow or deny
(or forward, divert etc, anything that terminates the search).
To limit the number of connections a user can open you can use the
following type of rules:
ipfw add allow tcp from my-net/24 to any setup limit src-addr 10
ipfw add allow tcp from any to me setup limit src-addr 4
Yes. Notice that these are allow rules, so the search terminates when
successfully matched. It is assumed you'll later have rule/s denying
what you've not allowed. True, this is not stated with every example.
I'm assuming the packet gets silently dropped when the limit is
overloaded but gets acted upon otherwise due to the stateful limit
behaviour (keep-state in disguise). Just do a skipto when there's a
state entry and that's it. And that's why the counter grows for
established connections too, even though there's a setup modifier.
Can't tell without seeing your whole ruleset, but now that you know that
the skipto rule has NOT dropped the setup packets that don't match that
rule (including those exceeding the src-addr limit), I suspect you'll
find another rule has allowed them, on some other condition, later on.
skipto is a nice thing as it allows you to AND rules ;-)
or to OR, NAND or NOR :) Reminds one that a ruleset is procedural.
Besides, that's what my humble testing came up with - connections over
the limit DO get dropped... if done nicely.
As for the problem, it seems to me that all this noise is because of
different timeouts in ipfw and TCP layer/whatever. The dynamic state
entry for a connection expires while netstat -na still show the
connection as ESTABLISHED, or, worse, the state entry is still there but
the corresponding connection is in some half-closed state (FIN_WAIT_2,
CLOSE_WAIT, LAST_ACK). The first case allows many more connections than
limit, while the second case won't let many good clients connect due
to their buggy browsers not closing connections and letting the count
build up. Could this be it?
I don't believe so. They can only have been established in the first
place if the setup packet has been, somewhere in your ruleset, allowed.
Here it seems they're allowed (at least the ones from x.x.x.x/x) by the
fwd at 401 which has no 'setup' constraint, and will fwd both setup AND
established packets from x.x.x.x/x .. other rules, y and z, presumably.
Replaying .. trying not to do quite so much in one rule, but given you
can't just 'allow' here, since you want to run your fwd rules later:
00350 skipto 401 tcp from x.x.x.x/x,y.y.y.y/y,z.z.z.z/z to any dst-port \
80 in via if0 setup limit src-addr 10
00350 skipto 370 tcp from ${thatmob} to any dst-port 80 in via if0
00360 skipto 401 ip from any to any # bit clunky, but !(all that)
00370 skipto 401 tcp from any to any setup limit src-addr 10 # goodies
00380 deny tcp from any to any # else baddies
00401 fwd local.ip.ad.dr,8080 tcp from x.x.x.x/x to any dst-port 80
... the rest fwd...
FWIW: not only have I never used limit src-addr, but neither forward
with keep-state rules, so I could be talking ${hit} .. caveat bloggor.
Cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can I Mount A Windoze Drive?
- Original Message From: Kevin Kinsey [EMAIL PROTECTED] To: Drew Jenkins [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Monday, February 19, 2007 9:59:52 AM Subject: Re: Can I Mount A Windoze Drive? Does /mnt truly not exist? `ls -l / | grep mnt`, perhaps? Yep, exists. Here again is my line in /etc/fstab: /dev/ad0s1/mnt/winntfsrw00 What about /dev/ad0s1? # ls /dev/ad0s1 # ad0s1 TIA, Drew It's here! Your new message! Get new email alerts with the free Yahoo! Toolbar. http://tools.search.yahoo.com/toolbar/features/mail/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Asking for help on first installation
Hi FreeBSD folks, I'm a UNIX user for some time but now I'm trying to install my first FreeBSD system over the internet. I got along with the HW and pre-installation issues easily, the disk space is allocated, I know what to install. But I can't connect for download. I'd like to ask for your help. On this handbook page http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-media.html I arrive at figure Figure 2-27. Set Network Configuration for ed0. See page http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-post.html I don't know what to put in host, domain, IPv4 gateway and domain server. My ISP is German Telekom. I'm using a CompuShack gateway/4-port switch Connecting to my 3-COMs RJ45 jack My computer is 192.168.0.4 The local gateway is 192.168.0.1 The subnet mask is 255.255.255.0 The gateway's internet address changes as it is assigned when connecting. Who's host name has to be used ? I'm logging into Telekom as [EMAIL PROTECTED] . Is t-online.de the required domain ? The installation probes IP numbers like 217.237.151.142 for the name server. Is that what's needed ? I would very much appreciate your help. I also won't need more help :-) Regards, Manfred ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Hi! Since you're using FreeBSD at home, in a private network you dont need to follow any rules regarding the settings. That means that you're free to pick a hostname of your choice. e.g. homecomputer. Since you're also not part of any domain you may pick that one also. Like homenetwork. The gateway is obviously 192.168.0.1. As nameserver you pick whichever German Telekom assigned. 217.237.151.142 is your own IP at the time and clearly not your nameserver. As Telekom customer you could just use 194.25.2.129 for example. Ok, in the little network interface window you use your local ip and netmask. so ipv4: 192.168.0.4 netmask 255.255.255.0. HTH, Benjamin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How Do I Surf To My Server?
20- Original Message From: Kevin Kinsey [EMAIL PROTECTED] To: Drew Jenkins [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Monday, February 19, 2007 9:54:28 AM Subject: Re: How Do I Surf To My Server? Will this help? $ ifconfig vr0 snip And on a Windows Laptop: C:\ more c:\windows\system32\drivers\etc\hosts snip Yes, that is a start. I added the domain mercury.com (a site I never visit) and pointed it to 192.168.1.255, the IP address given from the above. I also updated pound to use that address, and was able to get the pound daemon running. However, I cannot surf to either mercury.com or the IP address. When I run this command: nmap localhost I discover that no Web ports are open: neither 80, nor 8080 (Zope), whose daemon is running. nmap 192.168.1.255 doesn't return any ports, stating it seems the host is down. nmap 192.168.1.130 the other address returned from your ifconfig command, gives the same ports as above. Please advise. TIA, Drew Expecting? Get great news right away with email Auto-Check. Try the Yahoo! Mail Beta. http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Backup using dump and restore from dvd - restore cd loaded to ram ?drive?
[EMAIL PROTECTED] wrote: [...] The restore method will then require to boot from a bootable CD. The rescue CD system should load itself into RAM drive, so that I can dismount it and replace it with the CD/DVDs with the backup files. The rescue CD should provide basic commands and programs like mount*, newfs, bsdlabel, fdisk, vi, restore, gzip, ... I have tried the installation CD with FreeBSD 6.2, but its holographic shell does not have the commands needed and the FixIt shell depends on the CD. Building such a bootable CD is possible (I've done it), but it's not easy. Bascially you have to do it similar to the FreeBSD install CD. I suggest you have a look at it. What you have to do is prepare a kernel for the CD which has the MD_ROOT option, so it can use an mfs image as the root file system. The create such an image and put it onto the cd. On the FreeBSD install CD it is located in /boot/mfsroot.gz (you can uncompress it and then mount it via mdconfig). Actually you should be able to make a bigger mfsroot image and add the tools that you need. However, be aware that the image will eat up physical RAM, so don't be too wasteful. A simpler solution for your restore problem would be to simply use a standard FreeBSD installation CD, then make a minimal installation on your hard disk so you have all the tools that you need, then restore your actual backups. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart Any opinions expressed in this message are personal to the author and may not necessarily reflect the opinions of secnetix GmbH Co KG in any way. FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd C++ is to C as Lung Cancer is to Lung. -- Thomas Funke ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Asking for help on first installation
On Feb 19, 2007, at 2:48 PM, Manfred Frey wrote: Hi FreeBSD folks, I'm a UNIX user for some time but now I'm trying to install my first FreeBSD system over the internet. I got along with the HW and pre-installation issues easily, the disk space is allocated, I know what to install. But I can't connect for download. I'd like to ask for your help. On this handbook page http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install- media.html I arrive at figure Figure 2-27. Set Network Configuration for ed0. See page http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install- post.html I don't know what to put in host, domain, IPv4 gateway and domain server. My ISP is German Telekom. I'm using a CompuShack gateway/4-port switch Connecting to my 3-COMs RJ45 jack My computer is 192.168.0.4 The local gateway is 192.168.0.1 The subnet mask is 255.255.255.0 The gateway's internet address changes as it is assigned when connecting. Who's host name has to be used ? I'm logging into Telekom as [EMAIL PROTECTED] . Is t- online.de the required domain ? The installation probes IP numbers like 217.237.151.142 for the name server. Is that what's needed ? Probably trying to use DHCP to discover all these settings would be the easiest way, for the router/gateway will give you all the needed info. -- Guido http://www.rottnic.nl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Backup using dump and restore from dvd - restore cd loaded to ram ?drive?
On Monday 19 February 2007 10:29, Oliver Fromme wrote: [EMAIL PROTECTED] wrote: [...] The restore method will then require to boot from a bootable CD. The rescue CD system should load itself into RAM drive, so that I can dismount it and replace it with the CD/DVDs with the backup files. The rescue CD should provide basic commands and programs like mount*, newfs, bsdlabel, fdisk, vi, restore, gzip, ... I have tried the installation CD with FreeBSD 6.2, but its holographic shell does not have the commands needed and the FixIt shell depends on the CD. Building such a bootable CD is possible (I've done it), but it's not easy. Bascially you have to do it similar to the FreeBSD install CD. I suggest you have a look at it. What you have to do is prepare a kernel for the CD which has the MD_ROOT option, so it can use an mfs image as the root file system. The create such an image and put it onto the cd. On the FreeBSD install CD it is located in /boot/mfsroot.gz (you can uncompress it and then mount it via mdconfig). Actually you should be able to make a bigger mfsroot image and add the tools that you need. However, be aware that the image will eat up physical RAM, so don't be too wasteful. A simpler solution for your restore problem would be to simply use a standard FreeBSD installation CD, then make a minimal installation on your hard disk so you have all the tools that you need, then restore your actual backups. There's a ready-made FreeBSD bootable CD called Frenzy that has an option to load itself into memory. I'd suggest getting the lite (smaller) version so the memory requirements aren't so great. Check it out: http://frenzy.org.ua/eng/ I've used it to do DVD operations under a real OS on a computer that wasn't running one (namely my wife's laptop). Works like a treat. I believe FreeSBIE is planning on adding such a feature as well but I don't think they have it yet. JN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can I Mount A Windoze Drive?
On Mon, Feb 19, 2007 at 04:50:57AM -0800, Drew Jenkins wrote: Here is the dialogue: # mount_ntfs /dev/ad0s1 /mnt/win #mount_ntfs: /mnt No such file or directory Drew I haven't followed all of this, but do you have a directoty named /mnt/win For my dual booted machine, I create a directory: /mydos mkdir /mydos and mount it there. Mine is FAT32 on this machine because I want to both read and write it (I converted the ntfs to FAT32 with the Partition Magic utility).Then I put the following in my /etc/fstab /dev/ad0s2 /mydosmsdosfs rw0 0 and then when I want it mounted, I just do: mount /mydos and it works just fine. That seems the easiest way to keep it. But, your error message looks like it is complaining of just what it says: there is either not a /mnt or not a /mnt/win So, if that is true, make sure those directories - or whichever one[s] you choose to use exist before try the mount. I suppose that could also be a permissions problem or even a security level issue if you have mucked with that. jerry - Original Message From: Martin Tournoij [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Cc: [EMAIL PROTECTED] Sent: Sunday, February 18, 2007 3:51:25 PM Subject: Re: Can I Mount A Windoze Drive? On Sun 18 Feb 2007 07:02, Drew Jenkins wrote: For some reason, I can no longer mount the Windoze drive! The first time I mounted it, I didn't even change the fstab! I just issued the command: mount_ntfs /dev/ad0s1 /mnt/win and it mounted! I copied off everything I thought I needed. But when I tried to go back in, that didn't work. So I added the line suggested below to /etc/fstab and I still can't mount it! Rebooting doesn't help. What am I missing? TIA, Drew - Original Message From: Martin Tournoij [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Cc: [EMAIL PROTECTED] Sent: Saturday, February 17, 2007 3:10:22 AM Subject: Re: Can I Mount A Windoze Drive? On Sat 17 Feb 2007 13:02, Drew Jenkins wrote: Newbie question here. I just want to make sure I don't screw anything up. I have two hard drives in my box...one for Windoze, one for FBSD. Can I mount the former from FBSD and copy over files? Do I navigate it just like a FBSD disk...cd, cp, etc? TIA, Drew FreeBSD comes with a readonly ntfs driver. Assuming your windows partition is ad0s1 mount_ntfs /dev/ad0s1 /mnt/win fstab entry: /dev/ad0s1 /mnt/win ntfs ro,noauto 0 0 You can then copy stuff, for example: cp /mnt/win/Documents\ and\ Settings/carpetsmoker/Desktop ~/ If you want read support, you might want to try ntfsprogs (sysutils/ntfsprogs), which has some basic (EXPERIMENTAL!) read support. Does mount give some kind error? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] 8:00? 8:25? 8:40? Find a flick in no time with the Yahoo! Search movie showtime shortcut. http://tools.search.yahoo.com/shortcuts/#news ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Panic and Dump
- Original Message From: Lowell Gilbert [EMAIL PROTECTED] To: Drew Jenkins [EMAIL PROTECTED] Sent: Monday, February 19, 2007 12:00:54 PM Subject: Re: Panic and Dump The filesystem clearly needs a good fsck. Remember that it can't be mounted read-write to do so; usually you'll want to boot in single-user mode to do it. Thanks, but I didn't hear back from anyone on this until you, I hadn't built much on the server, so I just rebuilt ;) Drew Don't get soaked. Take a quick peak at the forecast with the Yahoo! Search weather shortcut. http://tools.search.yahoo.com/shortcuts/#loc_weather ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can I Mount A Windoze Drive?
- Original Message From: Jerry McAllister [EMAIL PROTECTED] To: Drew Jenkins [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Monday, February 19, 2007 12:04:29 PM Subject: Re: Can I Mount A Windoze Drive? Great! What worked here for me was: mkdir -p /mnt/win and then mount_ntfs /dev/ad0s1 /mnt/win and *now* I can mount the Windoze drive. The piece of the formula that was missing (probably my oversight) was to mkdir, which you brought to my attention. Thanks! Drew Expecting? Get great news right away with email Auto-Check. Try the Yahoo! Mail Beta. http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Update and install new packages immediate after installation
satimis [EMAIL PROTECTED] writes: Please advise after installation completed how to read on CVS on the website to fetch fresh ports and src tree that I need installing further packages and updating the system. Also how to read about its package management and how to startup. I expect first to update the system before doing any further installations and/or customizations. Pointers would be appreciated. There are sections on these topics in the FreeBSD Handbook. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html Specifically, installing new ports has its own section http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports.html and for getting updates (generally through cvsup rather than directly accessing cvs remotely), see the section on the cutting edge: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cutting-edge.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Duplicate emails on freebsd-questions
[mailed and posted and cc'ed to grog] On Feb 19, 2007, at 4:54 AM, Giorgos Keramidas wrote: There is a very good reason why it is customary in this mailing list to copy the sender when replying. We don't accept email messages only from subscribers. This means that some people may post a question without even being subscribed to the list. By Reply-To: header hacks, like the one you are describing, the original poster may never see your reply. Thank you for that explanation. It might be a good idea to add this to point 6 of section 8 of http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd- questions/index.html I was initially surprised by the conventions used on this list, but am growing more accustomed to them and trying to comply, even thought it isn't what I do for most of the lists I'm on. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Duplicate emails on freebsd-questions
In response to Jeffrey Goldberg [EMAIL PROTECTED]: [mailed and posted and cc'ed to grog] On Feb 19, 2007, at 4:54 AM, Giorgos Keramidas wrote: There is a very good reason why it is customary in this mailing list to copy the sender when replying. We don't accept email messages only from subscribers. This means that some people may post a question without even being subscribed to the list. By Reply-To: header hacks, like the one you are describing, the original poster may never see your reply. Thank you for that explanation. It might be a good idea to add this to point 6 of section 8 of http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd- questions/index.html I was initially surprised by the conventions used on this list, but am growing more accustomed to them and trying to comply, even thought it isn't what I do for most of the lists I'm on. Odd. I find it reasonably common. The PostgreSQL lists have it as a convention as well. Must be a BSD license thing. -- Bill Moran Collaborative Fusion Inc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
