Re: Problem compiling lsof
Can you also make sure that the installed world and kernel matches the source tree? Thanks, Larry Rosenman lsof maintainer Charlie Kester corky1...@comcast.net wrote: On Mon 24 May 2010 at 18:54:11 PDT Lowell Gilbert wrote: Arthur Barlow arthurbar...@gmail.com writes: Sorry about the false start. Fat fingers. I'm trying to compile the lsof program in FreeBSD 8.0 on an i686 machine. There is a error referencing dlsof.h and it looks like there is an ugly hack in the header file. Any suggestions, besides playing with the code? As of a few minutes ago, it built just fine on my i386 build system with the latest ports. If you want help diagnosing your issue, you will need to be much more specific about what happens on your particular system, so we can figure out how it differs from a normal system. Since we're talking about building a port, you should also involve its maintainer. I've cc'ed him with this reply. I just tried building lsof myself, on a 686-class 8.0-STABLE machine, and had the same successful result as Lowell. Can you give us a copy of the build output, beginning with the cc command line that immediately precedes the failure? -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
kernel build fails - .depend, line 27905: Need an operator
Dear list, This probably is obvious but I don't seem to be able to figure out where I should look in order to learn why I can't compile the bloomin' kernel, pse see below. Every time I update my KERNCONF, I try to remember to keep a copy of GENERIC so I can diff against the updated one. This diff shows no change hence I believe my KERNCONF is in order. Which I did not expect since the running kernel is not that old: FreeBSD 8.0-STABLE #17: Thu May 6 10:21:19 UTC 2010 I also read that config(8) was updated so I finally tried to remake world hoping that that's where it comes from but (well in agreement with my expectations that /usr/src should be self-contained :)) without avail. Any enlightenment appreciated... Thanks all, All the best, Peter. --- P.S.: Is it still worthwhile to report lock order reversals on 8-STABLE? --- [r...@netserv /usr/src]# ( DISPLAY= cvsup -Pm ~/etc/cvsup.netserv.src-all cd /usr/src/ make kernel KERNCONF=NETSERV ) Connected to cvsup4.de.FreeBSD.org Updating collection src-all/cvs Finished successfully -- Kernel build for NETSERV started on Tue May 25 14:35:46 UTC 2010 -- === NETSERV mkdir -p /usr/obj/usr/Src-RELENG_8/sys -- stage 1: configuring the kernel -- cd /usr/Src-RELENG_8/sys/i386/conf; PATH=/usr/obj/usr/Src-RELENG_8/tmp/legacy/usr/sbin:/usr/obj/usr/Src-RELENG_8/tmp/legacy/usr/bin:/usr/obj/usr/Src-RELENG_8/tmp/legacy/usr/games:/usr/obj/usr/Src-RELENG_8/tmp/usr/sbin:/usr/obj/usr/Src-RELENG_8/tmp/usr/bin:/usr/obj/usr/Src-RELENG_8/tmp/usr/games:/sbin:/bin:/usr/sbin:/usr/bin config -d /usr/obj/usr/Src-RELENG_8/sys/NETSERV /usr/Src-RELENG_8/sys/i386/conf/NETSERV Kernel build directory is /usr/obj/usr/Src-RELENG_8/sys/NETSERV Don't forget to do ``make cleandepend make depend'' -- stage 2.1: cleaning up the object tree -- cd /usr/obj/usr/Src-RELENG_8/sys/NETSERV; MAKEOBJDIRPREFIX=/usr/obj MACHINE_ARCH=i386 MACHINE=i386 CPUTYPE= GROFF_BIN_PATH=/usr/obj/usr/Src-RELENG_8/tmp/legacy/usr/bin GROFF_FONT_PATH=/usr/obj/usr/Src-RELENG_8/tmp/legacy/usr/share/groff_font GROFF_TMAC_PATH=/usr/obj/usr/Src-RELENG_8/tmp/legacy/usr/share/tmac _SHLIBDIRPREFIX=/usr/obj/usr/Src-RELENG_8/tmp VERSION=FreeBSD 8.0-STABLE i386 800505 INSTALL=sh /usr/Src-RELENG_8/tools/install.sh PATH=/usr/obj/usr/Src-RELENG_8/tmp/legacy/usr/sbin:/usr/obj/usr/Src-RELENG_8/tmp/legacy/usr/bin:/usr/obj/usr/Src-RELENG_8/tmp/legacy/usr/games:/usr/obj/usr/Src-RELENG_8/tmp/usr/sbin:/usr/obj/usr/Src-RELENG_8/tmp/usr/bin:/usr/obj/usr/Src-RELENG_8/tmp/usr/games:/sbin:/bin:/usr/sbin:/usr/bin NO_CTF=1 make KERNEL=kernel cleandir .depend, line 27905: Need an operator make: fatal errors encountered -- cannot continue *** Error code 1 Stop in /usr/Src-RELENG_8. *** Error code 1 Stop in /usr/Src-RELENG_8. -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: kernel build fails - .depend, line 27905: Need an operator
On Tue, May 25, 2010 at 11:00 AM, Peter Cornelius p...@gmx.net wrote: Dear list, This probably is obvious but I don't seem to be able to figure out where I should look in order to learn why I can't compile the bloomin' kernel, pse see below. Every time I update my KERNCONF, I try to remember to keep a copy of GENERIC so I can diff against the updated one. This diff shows no change hence I believe my KERNCONF is in order. Which I did not expect since the running kernel is not that old: FreeBSD 8.0-STABLE #17: Thu May 6 10:21:19 UTC 2010 I also read that config(8) was updated so I finally tried to remake world hoping that that's where it comes from but (well in agreement with my expectations that /usr/src should be self-contained :)) without avail. Any enlightenment appreciated... Thanks all, All the best, Peter. --- P.S.: Is it still worthwhile to report lock order reversals on 8-STABLE? --- [r...@netserv /usr/src]# ( DISPLAY= cvsup -Pm ~/etc/cvsup.netserv.src-all cd /usr/src/ make kernel KERNCONF=NETSERV ) Connected to cvsup4.de.FreeBSD.org Updating collection src-all/cvs Finished successfully -- Kernel build for NETSERV started on Tue May 25 14:35:46 UTC 2010 -- === NETSERV mkdir -p /usr/obj/usr/Src-RELENG_8/sys -- stage 1: configuring the kernel -- cd /usr/Src-RELENG_8/sys/i386/conf; PATH=/usr/obj/usr/Src-RELENG_8/tmp/legacy/usr/sbin:/usr/obj/usr/Src-RELENG_8/tmp/legacy/usr/bin:/usr/obj/usr/Src-RELENG_8/tmp/legacy/usr/games:/usr/obj/usr/Src-RELENG_8/tmp/usr/sbin:/usr/obj/usr/Src-RELENG_8/tmp/usr/bin:/usr/obj/usr/Src-RELENG_8/tmp/usr/games:/sbin:/bin:/usr/sbin:/usr/bin config -d /usr/obj/usr/Src-RELENG_8/sys/NETSERV /usr/Src-RELENG_8/sys/i386/conf/NETSERV Kernel build directory is /usr/obj/usr/Src-RELENG_8/sys/NETSERV Don't forget to do ``make cleandepend make depend'' -- stage 2.1: cleaning up the object tree -- cd /usr/obj/usr/Src-RELENG_8/sys/NETSERV; MAKEOBJDIRPREFIX=/usr/obj MACHINE_ARCH=i386 MACHINE=i386 CPUTYPE= GROFF_BIN_PATH=/usr/obj/usr/Src-RELENG_8/tmp/legacy/usr/bin GROFF_FONT_PATH=/usr/obj/usr/Src-RELENG_8/tmp/legacy/usr/share/groff_font GROFF_TMAC_PATH=/usr/obj/usr/Src-RELENG_8/tmp/legacy/usr/share/tmac _SHLIBDIRPREFIX=/usr/obj/usr/Src-RELENG_8/tmp VERSION=FreeBSD 8.0-STABLE i386 800505 INSTALL=sh /usr/Src-RELENG_8/tools/install.sh PATH=/usr/obj/usr/Src-RELENG_8/tmp/legacy/usr/sbin:/usr/obj/usr/Src-RELENG_8/tmp/legacy/usr/bin:/usr/obj/usr/Src-RELENG_8/tmp/legacy/usr/games:/usr/obj/usr/Src-RELENG_8/tmp/usr/sbin:/usr/obj/usr/Src-RELENG_8/tmp/usr/bin:/usr/obj/usr/Src-RELENG_8/tmp/usr/games:/sbin:/bin:/usr/sbin:/usr/bin NO_CTF=1 make KERNEL=kernel cleandir .depend, line 27905: Need an operator make: fatal errors encountered -- cannot continue *** Error code 1 Stop in /usr/Src-RELENG_8. *** Error code 1 Stop in /usr/Src-RELENG_8. -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org do the makebuildworld first. -- Jorge Andrés Medina Oliva. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: kernel build fails - .depend, line 27905: Need an operator
Estimado Jorge, do the makebuildworld first. That's odd - I even *installed* world without any issue? Will try now anyways, though. Life's a mystery. Gracias por apoyar, Saludos cordiales, Peter. -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ipv6 network traffic monitoring -- searching a working probe software
Hi, currently I'm monitoring the network traffic with ng_netflow and nfdump/nfsen is used to collect, display and analyze the network traffic. I'm reviewing the tools to monitor ipv6. ng_netflow doesn't support ipv6 (is there a schedule to implement the needed protocol version 9?). I tried it with softflowd, seeing there is a constant offset of 4294959.134 in the duration and the nfsen filtering (in/out if x) doesn't work at all. YAF flows aren't recognized by nfsen. Any suggestions how to monitor ipv6 traffic? Thanks Reinhard ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Help With MPD as pptp client
I'm trying to use mpd5 as a client to connect to a VPN server at work which has a routeable class B IP address. It's a Cisco 3000 and Windows machines connect using the built-in Microsoft dialup networking client. I can successfully connect with mpd5 and after manually manipulating the routing tables, I can connect to machines through the vpn. But I can't understand how to configure mpd5 so that manual route intervention is not required. Here is my mpd.conf which is based from the sample included with the port. I have used aaa.bbb.x.x to represent my employer's IP addresses. # $Id: mpd.conf.sample,v 1.46 2009/04/29 11:04:17 amotin Exp $ # # startup: # configure mpd users set user foo bar admin set user foo1 bar1 # configure the console set console self 127.0.0.1 5005 set console open # configure the web server set web self 0.0.0.0 5006 set web open # # Default configuration is dialup default: load pptp_client pptp_client: # # PPTP client: only outgoing calls, auto reconnect, # ipcp-negotiated address, one-sided authentication, # default route points on ISP's end # create bundle static B1 # set iface route default set iface idle 0 set iface route aaa.bbb.0.0/16 set ipcp ranges 0.0.0.0/0 0.0.0.0/0 create link static L1 pptp set link action bundle B1 set auth authname ** set auth password ** set link max-redial 0 set link mtu 1460 set link keep-alive 20 75 set pptp peer aaa.bbb.18.10 set pptp disable windowing open Here is my route table after starting mpd5: vm# netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default192.168.1.2UGS 9 3097494em0 127.0.0.1 link#6 UH 056291lo0 aaa.bbb.0.0/16 aaa.bbb.18.10 UGS 00ng0 aaa.bbb.18.10 link#8 UH 02ng0 aaa.bbb.206.150link#8 UHS 00lo0 192.168.1.0/24 link#2 U 2 12822383em0 I need my route table to look like this (or something equivalent): vm# netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default192.168.1.2UGS12 3099541em0 127.0.0.1 link#6 UH 056299lo0 aaa.bbb.0.0/16 aaa.bbb.18.10 UGS 0 12ng0 aaa.bbb.18.10 192.168.1.2UGHS3 77em0 aaa.bbb.206.150link#8 UHS 00lo0 192.168.1.0/24 link#2 U 1 12822495em0 You'll see the main difference is that I have to route aaa.bbb.18.10 out the default gateway of my LAN. What do I need to change or add in my mpd.conf to get the desired routing table? Thanks, Drew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
freeBSD nullfs together nfs and silly rename
Hi, when you try to do the following inside a nullfs mounted directory, where the nullfs origin is itself mounted with nfs you get an error: # foo # tail -f foo # rm -f foo tail: foo: Stale NFS file handle # fg This is really a problem when running services inside jails and using NFS as storage. As of [2] it looks like this problem is known for a while. On a normal NFS mount this does not happen as silly renaming [1] works there. As freeBSD is getting towards NFSv4 perhaps this would be a solution but i actually would'nt want to use these in production. Is there a fix or anything ? [1] http://nfs.sourceforge.net/#faq_d2 [2] http://ftp.freebsd.org/pub/FreeBSD/development/FreeBSD-CVS/src/sys/nfsclient/nfsnode.h,v rev:1.32.2.1 pgpkbYYlcaFv0.pgp Description: PGP signature
Re: Problem compiling lsof
Message: 29 Date: Mon, 24 May 2010 22:14:52 -0700 From: Charlie Kester corky1...@comcast.net Subject: Re: Problem compiling lsof To: freebsd-questions@freebsd.org Message-ID: 20100525051452.gi...@comcast.net Content-Type: text/plain; charset=us-ascii; format=flowed On Mon 24 May 2010 at 21:55:01 PDT Charlie Kester wrote: The Configure script grep's for vm_memattr_t in ${LSOF_INCLUDE}/sys/conf.h and sets HAS_VM_MEMATTR_T if the grep succeeds. The build failure tells us that your /usr/src/sys/conf.h uses vm_memattr_t, so it seems the Configure is testing some other copy of conf.h -- because LSOF_INCLUDE is set to something other than /usr/src? Oops, some typos here. /usr/src should be /usr/src/sys throughout, and conf.h is in /usr/src/sys/sys. Makes no difference to the line of thought, however. If grep vm_memattr_t /usr/include/sys/conf.h comes back empty, we need to look at how you built your system. Charlie, I did this and sure enough vm_memattr_t is defined as a parameter in a typedef as follows: typedef int d_mmap2_t (struc cdev *dev, vm_offset_t offset, vm_paddr_t *paddr, int nprot, vm_memattr_t *memattr); ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problem compiling lsof
On Tue 25 May 2010 at 11:17:36 PDT Arthur Barlow wrote: I did this and sure enough vm_memattr_t is defined as a parameter in a typedef as follows: typedef int d_mmap2_t (struc cdev *dev, vm_offset_t offset, vm_paddr_t *paddr, int nprot, vm_memattr_t *memattr); So the question is, why didn't the grep in the Configure script find this line? Your cc commandline defines symbols (e.g. HAS_NO_SI_UDEV) which are only set in the same section of the Configure script, based on a grep of the same conf.h file. So we can be pretty sure we haven't skipped over the test for vm_memattr_t. You don't perhaps have LSOF_INCLUDE defined in your environment? If so, is it set to something other than /usr/include? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
help with vpn pptp setting static routes.
A friend has asked me to help him configure pptp such that when a client connects several additional static routes are added on the client side WITHOUT requiring special scripts on the client side. Is this possible? Example: client connects, default route is unchanged 2 extra routes are added on client to go over the pptp link. Any suggestions would be helpful. Note: he does not want to use openvpn or anything other than pptp for client compatibility reasons. thank you, -- - Alfred Perlstein .- AMA, VMOA #5191, 03 vmax, 92 gs500, 85 ch250, 07 zx10 .- FreeBSD committer ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help With MPD as pptp client
On 5/25/2010 11:59 AM, Mark wrote: --- On Tue, 5/25/10, Drew Tomlinsond...@mykitchentable.net wrote: From: Drew Tomlinsond...@mykitchentable.net Subject: Help With MPD as pptp client To: freebsd-questions@freebsd.org Date: Tuesday, May 25, 2010, 1:02 PM I'm trying to use mpd5 as a client to connect to a VPN server at work which has a routeable class B IP address. It's a Cisco 3000 and Windows machines connect using the built-in Microsoft dialup networking client. I can successfully connect with mpd5 and after manually manipulating the routing tables, I can connect to machines through the vpn. But I can't understand how to configure mpd5 so that manual route intervention is not required. Here is my mpd.conf which is based from the sample included with the port. I have used aaa.bbb.x.x to represent my employer's IP addresses. # $Id: mpd.conf.sample,v 1.46 2009/04/29 11:04:17 amotin Exp $ # # startup: # configure mpd users set user foo bar admin set user foo1 bar1 # configure the console set console self 127.0.0.1 5005 set console open # configure the web server set web self 0.0.0.0 5006 set web open # # Default configuration is dialup default: load pptp_client pptp_client: # # PPTP client: only outgoing calls, auto reconnect, # ipcp-negotiated address, one-sided authentication, # default route points on ISP's end # create bundle static B1 # set iface route default set iface idle 0 set iface route aaa.bbb.0.0/16 set ipcp ranges 0.0.0.0/0 0.0.0.0/0 create link static L1 pptp set link action bundle B1 set auth authname ** set auth password ** set link max-redial 0 set link mtu 1460 set link keep-alive 20 75 set pptp peer aaa.bbb.18.10 set pptp disable windowing open Here is my route table after starting mpd5: vm# netstat -rn Routing tables Internet: DestinationGateway FlagsRefs Use Netif Expire default 192.168.1.2UGS 9 3097494em0 127.0.0.1 link#6 UH 056291 lo0 aaa.bbb.0.0/16 aaa.bbb.18.10 UGS 00 ng0 aaa.bbb.18.10 link#8 UH 02 ng0 aaa.bbb.206.150link#8 UHS 00 lo0 192.168.1.0/24 link#2 U 2 12822383em0 I need my route table to look like this (or something equivalent): vm# netstat -rn Routing tables Internet: DestinationGateway FlagsRefs Use Netif Expire default 192.168.1.2UGS 12 3099541em0 127.0.0.1 link#6 UH 056299 lo0 aaa.bbb.0.0/16 aaa.bbb.18.10 UGS 0 12 ng0 aaa.bbb.18.10 192.168.1.2 UGHS3 77em0 aaa.bbb.206.150link#8 UHS 00 lo0 192.168.1.0/24 link#2 U 1 12822495em0 You'll see the main difference is that I have to route aaa.bbb.18.10 out the default gateway of my LAN. What do I need to change or add in my mpd.conf to get the desired routing table? Thanks, Drew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Comment out set iface route aaa.bbb.0.0/16 and see if it works. I use mpd without this setting, it routes it to the default without a setting. HTH Yeah, thanks for your reply but that line creates this entry: aaa.bbb.0.0/16 aaa.bbb.18.10 which I do need. Basically I somehow need to say route all aaa.bbb.0.0/16 except aaa.bbb.18.10. I don't know how to accomplish this. The good news is that after my manual fixes, the tunnel works. Cheers, Drew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: kernel build fails - .depend, line 27905: Need an operator
Re. do the makebuildworld first. That's odd - I even *installed* world without any issue? Will try now anyways, though. Life's a mystery. Nope, no change. Any other ideas? Thanks, Peter. -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: kernel build fails - .depend, line 27905: Need an operator
Peter Cornelius p...@gmx.net writes: Re. do the makebuildworld first. That's odd - I even *installed* world without any issue? You installed world without a new kernel? That would be a good way to make unnecessary trouble for yourself. Will try now anyways, though. Life's a mystery. Nope, no change. Any other ideas? Can you build GENERIC? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
BSDStats: Status Report
News: Its been almost three weeks since we fixed a bug with the stats collector that was causing alot of reportings to get lumped under 'Panama', and our numbers are back up (or above) where they were before we effectively re-set the statistics. At the suggestion of one person, we have setup an internal mailing list that can be used for bug reports / future developments, so that we do not have to deal with a whole bunch of different mailing lists. To subscribe, please send an email to: general-subscr...@bsdstats.org In order to reduce the potential for spam, this is a closed list ... you have to be subscribed to post to it ... === Status: As of this posting, we are getting reports in from all the *BSD variants: PCBSD 4 872 FreeBSD1 627 DesktopBSD 154 NetBSD43 OpenBSD 15 DragonflyBSD 14 MidnightBSD3 MirBSD 3 Country wise, we are seeing reports from 102 countries, with the top 10 countries currently being: United States 1 421 (popular: PCBSD) Russian Federation 648 (popular: PCBSD) Germany 459 (popular: PCBSD) Panama 451 (popular: FreeBSD) Australia328 (popular: FreeBSD) Ukraine 307 (popular: PCBSD) Japan232 (popular: PCBSD) United Kingdom 190 (popular: PCBSD) Italy174 (popular: PCBSD) France 169 (popular: PCBSD) For more information on the project, please visit http://www.bsdstats.org The sites includes basic instructions for installing / running on the various *BSDs ... If you have any problems, please let me know ... Marc G. FournierHub.Org Hosting Solutions S.A. scra...@hub.org http://www.hub.org Yahoo:yscrappySkype: hub.orgICQ:7615664MSN:scra...@hub.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
chroot scp only network storage?
I want to provide some users with secure network attached storage over SCP. The intent is to provide people with a similar thing to, e.g. rsync.net but inside of our network only. Security is obviously a priority so I would like each user to be chrooted into their allocated directory and allow them only to execute a small set of commands. I have come across scponly before. Is this the best way of achieving this with FreeBSD or is there some other better way? Thanks in advance, Matt. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: chroot scp only network storage?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25/05/2010 22:29:57, Matthew Law wrote: I want to provide some users with secure network attached storage over SCP. The intent is to provide people with a similar thing to, e.g. rsync.net but inside of our network only. Security is obviously a priority so I would like each user to be chrooted into their allocated directory and allow them only to execute a small set of commands. Checkout the security/openssh-portable port which has options to enable chroot'ing. You should be able to configure the account to only be able to use scp(1) or sftp(1) by editing sshd_config or by using forced commands in the user authorized_keys files. I have come across scponly before. Is this the best way of achieving this with FreeBSD or is there some other better way? Another alternative is WebDAV. Run it over HTTPS for security, and use the standard Apache authn/authz controls to give each user access to only their own area. In principle your users can mount their WebDAV areas as networked filesystems on their desktops. In practice, this works fine with MacOS X, is horribly buggy under Windows, needs quite a lot of effort to make work on Linux, and I don't think it's actually available at all on FreeBSD. However, commandline clients like cadaver will work fine on anything Unixy. Cheers Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkv8ScYACgkQ8Mjk52CukIyLRQCginYWfMA2AJKnxZs9rvXlg7qf CnUAnj668eKglbUe8RIfp8actDj13gYe =jATZ -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: chroot scp only network storage?
Hello, Try /usr/ports/shells/scponly . Look up the features, this way you can assign the restrictive scponly shell to the users: http://sublimation.org/scponly/wiki/index.php/Main_Page Best Regards: Balázs Mátéffy On 26 May 2010 00:05, Matthew Seaman m.sea...@infracaninophile.co.ukwrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25/05/2010 22:29:57, Matthew Law wrote: I want to provide some users with secure network attached storage over SCP. The intent is to provide people with a similar thing to, e.g. rsync.net but inside of our network only. Security is obviously a priority so I would like each user to be chrooted into their allocated directory and allow them only to execute a small set of commands. Checkout the security/openssh-portable port which has options to enable chroot'ing. You should be able to configure the account to only be able to use scp(1) or sftp(1) by editing sshd_config or by using forced commands in the user authorized_keys files. I have come across scponly before. Is this the best way of achieving this with FreeBSD or is there some other better way? Another alternative is WebDAV. Run it over HTTPS for security, and use the standard Apache authn/authz controls to give each user access to only their own area. In principle your users can mount their WebDAV areas as networked filesystems on their desktops. In practice, this works fine with MacOS X, is horribly buggy under Windows, needs quite a lot of effort to make work on Linux, and I don't think it's actually available at all on FreeBSD. However, commandline clients like cadaver will work fine on anything Unixy. Cheers Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkv8ScYACgkQ8Mjk52CukIyLRQCginYWfMA2AJKnxZs9rvXlg7qf CnUAnj668eKglbUe8RIfp8actDj13gYe =jATZ -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
named - Is It Possible to Forward Requests for One Domain to Another Server?
In my home network, I have named running to resolve machines on my LAN. It is also configured to forward requests to my ISP for all other queries. On another machine in my LAN, I used mpd to create a vpn connection to my work and set appropriate routes so that any machine on my LAN can access any machine at my work over the vpn (using mpd's nat function). This works when accessing via the IP address. Now I'm trying to get DNS resolution for machines at work. Is there some way I can tell named to request DNS info for my work domain from my work's DNS server available over the vpn? Does this make sense? Thanks, Drew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
jails and one dynamic ip address
I get one dynamic ip address from my ISP. This is what I specify on the jail for public network access. When the ip address changes on me I have to manually change the ip address associated with the jail. Is there some method I can code so jail will all ways have public network access? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: jails and one dynamic ip address
Hi, Sure there can be a better solution (I think :)): Use an rfc1918 private address range for your Jail, and use nat, to forward your external interface IP to the private address of the jail. This can be done in ipnat, PF, or the other natting, packet filtering tools. Hope I understood your question :). Regards, Balázs M. On 26 May 2010 01:36, Fbsd1 fb...@a1poweruser.com wrote: I get one dynamic ip address from my ISP. This is what I specify on the jail for public network access. When the ip address changes on me I have to manually change the ip address associated with the jail. Is there some method I can code so jail will all ways have public network access? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: named - Is It Possible to Forward Requests for One Domain to Another Server?
On Tue, May 25, 2010 at 04:30:04PM -0700, Drew Tomlinson wrote: Hi Drew, In my home network, I have named running to resolve machines on my LAN. It is also configured to forward requests to my ISP for all other queries. On another machine in my LAN, I used mpd to create a vpn connection to my work and set appropriate routes so that any machine on my LAN can access any machine at my work over the vpn (using mpd's nat function). This works when accessing via the IP address. Now I'm trying to get DNS resolution for machines at work. Is there some way I can tell named to request DNS info for my work domain from my work's DNS server available over the vpn? Does this make sense? Yes, it makes sense. What you're looking for is a forward type zone in named.conf, like zone foobar.com { type forward; forward only; forwarders { ip_of_work_dns_server; }; }; I'm not sure if I got the syntax 100% right. Also consider that this might interfere with the setup of the VPN, if you're using DNS names in the configuration, as named will not be able to resolve hosts in foobar.com without being able to reach ip_of_work_dns_server. Regards Thomas -- * Freelance Linux BSD Systemengineer // IT Consultant * -=- Homepage: http://www.bsd-solutions-duesseldorf.de -=- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
NanoBSD weird startup messages
Hello, I'm facing the following funky excepts when booting NanoBSD on console: files: not found I'm running on Alix1d - details are on http://pastebin.com/WY7hu0fL I did truss and found that devd and some binaries are seeking for a binary called files in /usr/sbin/, /usr/games and /root/sbin. By default there is no such binary and I'm wondering where did this get from. Any clues are welcome. Best regards, Dimitar ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: jails and one dynamic ip address
I get one dynamic ip address from my ISP. This is what I specify on the jail for public network access. When the ip address changes on me I have to manually change the ip address associated with the jail. Is there some method I can code so jail will all ways have public network access? Hi, Sure there can be a better solution (I think :)): Use an rfc1918 private address range for your Jail, and use nat, to forward your external interface IP to the private address of the jail. This can be done in ipnat, PF, or the other natting, packet filtering tools. Hope I understood your question :). Regards, Balázs M. The jails are on the host with LAN behind it and with ipf firewall which allows out anything coming from LAN private ip address. I was not able to get this to work until I discovered the jail needed a copy of the hosts /etc/resolv.conf. Now it works without any special tweaks, and the dymanic ip address changing causes no problems. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Wireless cards
Greetings... uname -a FreeBSD whisperer.chthonixia.net 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #0: Sat May 15 11:47:55 EDT 2010 r...@whisperer.chthonixia.net:/usr/obj/usr/src/sys/WHISPERER amd64 My Netgear WG311T, with an Atheros chipset, seems to be at its end. The box is about thirty feet from the WAP, almost directly in line through an open door: --- 192.168.1.1 ping statistics --- 27 packets transmitted, 21 packets received, 22.2% packet loss round-trip min/avg/max/stddev = 1.811/9.526/35.551/8.051 ms I see this: dmesg | grep wlan0: link state changed to | wc 9 54 296 Where up or down follows to for a box with this uptime: up 2:04 Over several days, this can occur hundreds of times; and often, ifconfig shows this: DS/1 Mbps or similar; then it will bounce back to OFDM; bounce around between OFDM bandwidths: then eventually fall to DS. This is suboptimal. So: what are people using these days? The WG311T is old. I've had no luck looking for a modern card using an Atheros chip. I don't care who makes it; whether it's Atheros or not; nor if it is PCI or PCI-X. I just want it to work. Thanks for any recommendations; and best regards, Joe ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: threads and malloc/free on freebsd 8.0
On Sat, May 22, 2010 at 1:56 AM, Dan Nelson dnel...@allantgroup.com wrote: In the last episode (May 22), Anoop Kumar Narayanan said: I think glibc uses asynchronous free, as in it doesn't free the memory immediately. So even though the memory is free'd its still part of the process's address space but present in the free pool and so it doesn't crash. FreeBSD doesn't use glibc, so that doesn't apply here :) :) Oh yeah, BSD has its own libc -- Dan Nelson dnel...@allantgroup.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: named - Is It Possible to Forward Requests for One Domain to Another Server?
On 5/25/2010 4:58 PM, Thomas Keusch wrote: On Tue, May 25, 2010 at 04:30:04PM -0700, Drew Tomlinson wrote: Hi Drew, In my home network, I have named running to resolve machines on my LAN. It is also configured to forward requests to my ISP for all other queries. On another machine in my LAN, I used mpd to create a vpn connection to my work and set appropriate routes so that any machine on my LAN can access any machine at my work over the vpn (using mpd's nat function). This works when accessing via the IP address. Now I'm trying to get DNS resolution for machines at work. Is there some way I can tell named to request DNS info for my work domain from my work's DNS server available over the vpn? Does this make sense? Yes, it makes sense. What you're looking for is a forward type zone in named.conf, like zone foobar.com { type forward; forward only; forwarders { ip_of_work_dns_server; }; }; I'm not sure if I got the syntax 100% right. Also consider that this might interfere with the setup of the VPN, if you're using DNS names in the configuration, as named will not be able to resolve hosts in foobar.com without being able to reach ip_of_work_dns_server. Hi Thomas, Thank you for your reply. That was what I needed. Cheers, Drew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NanoBSD weird startup messages
In the last episode (May 26), Dimitar Vassilev said: Hello, I'm facing the following funky excepts when booting NanoBSD on console: files: not found I'm running on Alix1d - details are on http://pastebin.com/WY7hu0fL I did truss and found that devd and some binaries are seeking for a binary called files in /usr/sbin/, /usr/games and /root/sbin. By default there is no such binary and I'm wondering where did this get from. Did you maybe word-wrap a comment line in /etc/rc.conf so that files was the first word on a new line? If that's not it, try setting RC_DEBUG=YES in /etc/rc.conf and see if you can pinpoint which startup script is causing you problems. -- Dan Nelson dnel...@allantgroup.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org