Re: Mother board compatibility and CF card usage as main storage device for small DNS server
On 09/30/10 14:54, Kaya Saman wrote: On 30/09/2010 17:54, Brent Bloxam wrote: Kaya Saman wrote: From what you mention it sounds like a bad idea as the system disk will have many R/W's going through it it seems as /tmp and Swap get written to all the time. You can skip swap altogether and use MFS (memory filesystem) like Brian mentioned for other high write partitions that don't need to be persistent (/tmp, /var/log). See the following article on the freebsd.org website about using solid state storage: http://www.freebsd.org/doc/en/articles/solid-state/article.html Keep in mind though that Brian's setup was for slave nameservers that would be caching from another master. If your nameserver is acting as master, you'll be storing your records on flash since you need persistent storage, but I don't imagine those files will be write intensive. Also, if you make /var/log MFS, you'll want to have an external syslog server set up ;) Thanks a lot so it should be ok then! :-) Yeah sounds like a good setup, and also a syslog server :- this is exactly what I need in order to check my IOS logs coming from my Cisco boxes. I had previously imagined it to be a simple tftpboot server but sounds like it's standalone. That's cool! I mean I really like having logwatch mailing me all necessary information anyway so that coupled with a syslog server should be pretty good :-) Nice ideas need to do some Google'ing now as I don't know what MFS is yet but I will :-D Cheers and best regards, Kaya I have been using a Soekris Net5501-70 box since June 2008 with a CF card running FreeBSD 7. This is being used for DNS, DHCP, NNTP, network firewall and a small asterisk server I have turned off writing messages to logs, and in June this year, I started using an MD for /var/db/dhcpd (as that was getting written to a fair amount) Im still on my original CF card, and as of yet, have not seen any problems (touch wood)... Its not the fastest box in the world, but it certainly does what I want it to do. Just takes a long time compiling a world and kernel Just another option for you... Paul ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: USB disk on CS5536 unstable
Le Thu, 30 Sep 2010 21:10:59 +0200, Anselm Strauss a écrit : > Maybe sending it to just the USB list was too specific ... > > On 09/30/10 00:08, Anselm Strauss wrote: > > I have an ALIX board that has an AMD Geode and the CS5536 companion > > chip with integrated USB on it. When I connect a USB disk I have > > observed various problems. For example when I run fsck_ufs on a 250 > > GB partition the process gets stuck in biord state and fsck reports > > unreadable sectors. When I do a dd over the whole disk and direct > > it to /dev/null it suddenly returns with no error, but having read > > only a small fraction of the disk. I tried it with two different > > disks and two different ALIX boards. I'm pretty sure the disks are > > okay since I tried them on other hardware. > > > > As far as I know there was some trouble with the chip regarding > > timeouts. Under load after some time the USB just stops responding. > > I have tried 8.0 and 8.1. Is there any known problem? How can I > > track this down? I use a Soekris Net5501 (amd Geode and cs5536 chip) too since FreeBSD 6.X and I did not notice any problem with an usb disk (myne is a 160 go disk). It is my home "all-in-one box" doing backup and NAS (some times I make a backup on a usb drive) I follow the Soekris mailing list and I do not remembered anymone complaining about usb disk problems too. Regards. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
router / firewall with PF and carp.
Hi, We are in the process to replace two Cisco Pix firewalls and one Cisco router with two servers running PF with carp. The network is large (it is an University) and all will depend on this two machines. We have made some tests with OpenBSD, PF and OpenBGPD and it looks to work (but we have to make a lot of more tests to validate this). I think that the support for an OpenBSD release is very small (only one year) and I'm suggesting to use FreeBSD instead (we can expect ~3/4 years of support if we follow a stable branch). I am an happy user of FreeBSD since some time - I mean that I know it is not perfect and there are some bugs! - but I dont have any experience running it as a router on a large network. So, are PF and carp expected to work fine on FreeBSD or are there some known problems? Do you think that OpenBSD suits better for this? Thanks, regards. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: USB disk on CS5536 unstable
On Thursday 30 September 2010 21:10:59 Anselm Strauss wrote: > Maybe sending it to just the USB list was too specific ... > > On 09/30/10 00:08, Anselm Strauss wrote: > > Hi > > > > I have an ALIX board that has an AMD Geode and the CS5536 companion chip > > with integrated USB on it. When I connect a USB disk I have observed > > various problems. For example when I run fsck_ufs on a 250 GB partition > > the process gets stuck in biord state and fsck reports unreadable > > sectors. When I do a dd over the whole disk and direct it to /dev/null > > it suddenly returns with no error, but having read only a small fraction > > of the disk. I tried it with two different disks and two different ALIX > > boards. I'm pretty sure the disks are okay since I tried them on other > > hardware. > > > > As far as I know there was some trouble with the chip regarding > > timeouts. Under load after some time the USB just stops responding. I > > have tried 8.0 and 8.1. Is there any known problem? How can I track this > > down? > > > > Anselm If you compile the kernel with USB_DEBUG, then there are some sysctls under hw.usb.ehci which you can tweak. Needs to be set before boot. --HPS ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: USB disk on CS5536 unstable
Maybe sending it to just the USB list was too specific ... On 09/30/10 00:08, Anselm Strauss wrote: > Hi > > I have an ALIX board that has an AMD Geode and the CS5536 companion chip > with integrated USB on it. When I connect a USB disk I have observed > various problems. For example when I run fsck_ufs on a 250 GB partition > the process gets stuck in biord state and fsck reports unreadable > sectors. When I do a dd over the whole disk and direct it to /dev/null > it suddenly returns with no error, but having read only a small fraction > of the disk. I tried it with two different disks and two different ALIX > boards. I'm pretty sure the disks are okay since I tried them on other > hardware. > > As far as I know there was some trouble with the chip regarding > timeouts. Under load after some time the USB just stops responding. I > have tried 8.0 and 8.1. Is there any known problem? How can I track this > down? > > Anselm ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: what is from [sic (wrong)] with this picture? -- Answer: It's Ubuntu, not FreeBSD
On Wed, Sep 29, 2010 at 05:14:25PM -0400, Jon Radel wrote: > On 9/29/10 4:24 PM, Gary Kline wrote: > > Yes! changing the line in main.cf lets things get thru to my > > server cleanly, thanks for the tip. I still don't understand > > what's wrong with my DNS files. Hopefully, other folk on-list > > will see what's messed up. > > Your domain registrar is having your dns delegated to 3 nameservers: > > thought.org.86400INNSns1.thought.org. > thought.org.86400INNSns1.silvertree.org. > thought.org.86400INNSns1.twisted4life.com. > ;; Received 142 bytes from 2001:500:48::1#53(b2.org.afilias-nst.org) > in 32 ms > > The last of the 3, ns1.twisted4life.com, is of the opinion that your > domain doesn't exist, given that it has no authoritative data and > refuses to do recursive lookups for the Internet at large. I would > suspect that this would result in the coming and going visibility > that others have reported. Basically, you don't exist a third of > the time. > > You need to make sure that all the nameservers you list with your > registrar are actually admitting to your existence and are getting > up-to-date data. I recall having this conversation with you before. > > -- If we did discuss this, it had nothing to do with the 3rd nameserver. twisted4life is something i added only a day or two ago; it was among the first googled. i haven't checked anything DNS-wise in the past day because of other things I Am trying to resolve. > > --Jon Radel > j...@radel.com > > -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix The 7.90a release of Jottings: http://jottings.thought.org/index.php http://journey.thought.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: pondering my DNS config....
On Wed, 29 Sep 2010, Gary Kline wrote: I spent hours yesterday checking around my named/DNS files. I thing the guy who rewrote how I _had_ things set up, messup. pinging ns1.thought.org is void. It is plato.thought.org that is my pfSense server that might better be my primary nameserver. (Still testing mail; waiting for a response from freebsd-test to show up on thought.org.) -- Gary Kline Seattle BSD Users' Group (seabug) | kl...@magnesium.net Thought Unlimited Org's Alternate Email Site http://www.magnesium.net/~kline To live is not a necessity; but to live honorably...is a necessity. -Kant The problem lies with the nameservers for thought.org. This is really not a thread that belongs on questions, if you are still having problems email me off list at doug at safeport.com and I will help you. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Upgrading autoconf
On Thu, Sep 30, 2010 at 06:50:22PM +0300, Odhiambo Washington wrote: > I am trying this out: > > #portupgrade -f 'autoconf*' 'automake*' Try upgrading the failing ports by hand. portupgrade tends to suppress full error output, making it difficult to ascertain exactly what's gone wrong. Alternatively, I would be tempted to just uninstall autoconf* and automake*, since they will get pulled in as dependencies whenever you come to build another port that requires them. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpR3Lo2vM9Gt.pgp Description: PGP signature
Upgrading autoconf
I am trying this out:
#portupgrade -f 'autoconf*' 'automake*'
and I end up with:
===> Building for autoconf-2.67
gmake all-recursive
gmake[1]: Entering directory
`/usr/ports/devel/autoconf267/work/autoconf-2.67'
Making all in bin
gmake[2]: Entering directory
`/usr/ports/devel/autoconf267/work/autoconf-2.67/bin'
rm -f autom4te autom4te.tmp
srcdir=''; \
test -f ./autom4te.in || srcdir=./; \
sed -e 's|@she...@]|/bin/sh|g' -e 's|@pe...@]|/usr/bin/perl|g' -e
's|@perl_flo...@]|yes|g' -e 's|@bind...@]|/usr/local/bin|g' -e 's|@pk
gdatad...@]|/usr/local/share/autoconf-2.67|g' -e 's|@pref...@]|/usr/local|g'
-e 's|@autoconf-na...@]|'`echo autoconf | sed 's&$&-2.67&'`'|g' -e '
s|@autoheader-na...@]|'`echo autoheader | sed 's&$&-2.67&'`'|g' -e
's|@autom4te-na...@]|'`echo autom4te | sed 's&$&-2.67&'`'|g' -e
's|@m...@]|/usr
/local/bin/gm4|g' -e 's|@m4_debugfi...@]|--error-output|g' -e
's|@m4_g...@]||g' -e 's|@a...@]|/usr/bin/awk|g' -e 's|@release_ye...@]|'`sed
's/^\(
[0-9][0-9][0-9][0-9]\).*/\1/;q' ../ChangeLog`'|g' -e 's|@versi...@]|2.67|g'
-e 's|@package_na...@]|GNU Autoconf|g' -e 's|@configure_inp...@]|Gene
rated from autom4te.in; do not edit by hand.|g'
${srcdir}autom4te.in>autom4te.tmp
chmod +x autom4te.tmp
chmod a-w autom4te.tmp
mv autom4te.tmp autom4te
cd ../lib && gmake autom4te.cfg
gmake[3]: Entering directory
`/usr/ports/devel/autoconf267/work/autoconf-2.67/lib'
rm -f autom4te.cfg autom4te.tmp
sed -e 's|@she...@]|/bin/sh|g' -e 's|@pe...@]|/usr/bin/perl|g' -e
's|@bind...@]|/usr/local/bin|g' -e
's|@pkgdatad...@]|/usr/local/share/autoconf-
2.67|g' -e 's|@pref...@]|/usr/local|g' -e 's|@autoconf-na...@]|'`echo
autoconf | sed 's&$&-2.67&'`'|g' -e 's|@autoheader-na...@]|'`echo autoheade
r | sed 's&$&-2.67&'`'|g' -e 's|@autom4te-na...@]|'`echo autom4te | sed
's&$&-2.67&'`'|g' -e 's|@m...@]|/usr/local/bin/gm4|g' -e 's|@a...@]|/usr/b
in/awk|g' -e 's|@versi...@]|2.67|g' -e 's|@package_na...@]|GNU Autoconf|g'
./autom4te.in >autom4te.tmp
chmod a-w autom4te.tmp
mv autom4te.tmp autom4te.cfg
gmake[3]: Leaving directory
`/usr/ports/devel/autoconf267/work/autoconf-2.67/lib'
cd ../lib/m4sugar && gmake version.m4
gmake[3]: Entering directory
`/usr/ports/devel/autoconf267/work/autoconf-2.67/lib/m4sugar'
:;{ \
echo '# This file is part of -*- Autoconf -*-.' && \
echo '# Version of Autoconf.' && \
echo '# Copyright (C) 1999, 2000, 2001, 2002, 2006, 2007, 2009' &&
\
echo '# Free Software Foundation, Inc.' && \
echo &&\
echo 'm4_define([m4_PACKAGE_NAME], [GNU Autoconf])' && \
echo 'm4_define([m4_PACKAGE_TARNAME], [autoconf])' && \
echo 'm4_define([m4_PACKAGE_VERSION], [2.67])' && \
echo 'm4_define([m4_PACKAGE_STRING],[GNU Autoconf 2.67])' && \
echo 'm4_define([m4_PACKAGE_BUGREPORT], [bug-autoc...@gnu.org])'
&& \
echo 'm4_define([m4_PACKAGE_URL], [
http://www.gnu.org/software/autoconf/])' && \
echo 'm4_define([m4_PACKAGE_YEAR], ['`sed
's/^\([0-9][0-9][0-9][0-9]\).*/\1/;q' ../../ChangeLog`'])'; \
} > version.m4-t
mv version.m4-t version.m4
gmake[3]: Leaving directory
`/usr/ports/devel/autoconf267/work/autoconf-2.67/lib/m4sugar'
autom4te_perllibdir='..'/lib AUTOM4TE_CFG='../lib/autom4te.cfg'
../bin/autom4te -B '..'/lib -B '..'/lib --language M4sh --cache '
' --melt ./autoconf.as -o autoconf.in
autoconf.as:1: /usr/local/bin/gm4: Warning: Excess arguments to built-in
`_m4_popdef' ignored
autom4te: /usr/local/bin/gm4 failed with exit status: 1
gmake[2]: *** [autoconf.in] Error 1
gmake[2]: Leaving directory
`/usr/ports/devel/autoconf267/work/autoconf-2.67/bin'
gmake[1]: *** [all-recursive] Error 1
gmake[1]: Leaving directory
`/usr/ports/devel/autoconf267/work/autoconf-2.67'
gmake: *** [all] Error 2
*** Error code 1
Stop in /usr/ports/devel/autoconf267.
** Command failed [exit code 1]: /usr/bin/script -qa
/tmp/portupgrade.11621.2 env UPGRADE_TOOL=portupgrade
UPGRADE_PORT=autoconf-2.62 UPGRADE_POR
T_VER=2.62 make
** Fix the problem and try again.
---> Skipping 'devel/automake19' (automake-1.9.6_3) because a requisite
package 'autoconf-2.62' (devel/autoconf267) failed (specify -k to force)
** Package 'automake' has been removed from ports tree.
---> Skipping 'devel/automake19' (automake-1.9.6) because it has already
been skipped
** Listing the failed packages (*:skipped / !:failed)
! devel/autoconf267 (autoconf-2.62) (unknown build error)
* devel/automake19 (automake-1.9.6_3)
* devel/automake19 (automake-1.9.6)
---> Packages processed: 2 done, 1 ignored, 2 skipped and 1 failed
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"If you have nothing good to say about someone, just shut up!."
-- Lucky Dube
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/fr
pgt driver for Intersil PRISM ISL3890 cardbus wireless?
I've this wireless cardbus card: no...@pci0:3:0:0: class=0x028000 card=0x1260 chip=0x38901260 rev=0x01 hdr=0x00 vendor = 'Intersil Americas Inc (Was: Harris Semiconductor)' device = 'PRISM GT 802.11g 54Mbps Wireless Controller (ISL3890)' class = network I can't seem to find a driver for it. This page http://www.openbsd.org/cgi-bin/man.cgi?query=pgt suggests that pgt driver supports it. It claims the driver was ported to OBSD from FBSD, os it probably existed at some point? Perhaps it was removed at some point. I can't trace it. Can anybody suggest another driver which might support this card? many thanks anton -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 331 5944 Fax: +44 (0)117 929 4423 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Mother board compatibility and CF card usage as main storage device for small DNS server
MFS == memory filesystem; aka ram-disk. The problem being that on reboot, MFS looses all its contents, therefore practices like storing the 'startup' state for a filesystem in an archive (tar file works well) and mounting/copying on startup works well. Conversely, if you need to modify that startup state you can just over-write the tarfile again. On Thu, Sep 30, 2010 at 10:54 AM, Kaya Saman wrote: > On 30/09/2010 17:54, Brent Bloxam wrote: > >> Kaya Saman wrote: >> >>> From what you mention it sounds like a bad idea as the system disk will >>> have many R/W's going through it it seems as /tmp and Swap get written to >>> all the time. >>> >>> >> You can skip swap altogether and use MFS (memory filesystem) like Brian >> mentioned for other high write partitions that don't need to be persistent >> (/tmp, /var/log). See the following article on the freebsd.org website >> about using solid state storage: >> http://www.freebsd.org/doc/en/articles/solid-state/article.html >> >> Keep in mind though that Brian's setup was for slave nameservers that >> would be caching from another master. If your nameserver is acting as >> master, you'll be storing your records on flash since you need persistent >> storage, but I don't imagine those files will be write intensive. >> >> Also, if you make /var/log MFS, you'll want to have an external syslog >> server set up ;) >> > > Thanks a lot so it should be ok then! :-) > > Yeah sounds like a good setup, and also a syslog server :- this is > exactly what I need in order to check my IOS logs coming from my Cisco > boxes. I had previously imagined it to be a simple tftpboot server but > sounds like it's standalone. > > That's cool! I mean I really like having logwatch mailing me all necessary > information anyway so that coupled with a syslog server should be pretty > good :-) > > Nice ideas need to do some Google'ing now as I don't know what MFS is yet > but I will :-D > > Cheers and best regards, > > > Kaya > > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscr...@freebsd.org" > -- Nathan Vidican nat...@vidican.com (519) 962-9987 (Canada) (313) 586-1982 (USA) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Mother board compatibility and CF card usage as main storage device for small DNS server
Kaya Saman wrote: From what you mention it sounds like a bad idea as the system disk will have many R/W's going through it it seems as /tmp and Swap get written to all the time. You can skip swap altogether and use MFS (memory filesystem) like Brian mentioned for other high write partitions that don't need to be persistent (/tmp, /var/log). See the following article on the freebsd.org website about using solid state storage: http://www.freebsd.org/doc/en/articles/solid-state/article.html Keep in mind though that Brian's setup was for slave nameservers that would be caching from another master. If your nameserver is acting as master, you'll be storing your records on flash since you need persistent storage, but I don't imagine those files will be write intensive. Also, if you make /var/log MFS, you'll want to have an external syslog server set up ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Mother board compatibility and CF card usage as main storage device for small DNS server
On 30/09/2010 17:54, Brent Bloxam wrote: Kaya Saman wrote: From what you mention it sounds like a bad idea as the system disk will have many R/W's going through it it seems as /tmp and Swap get written to all the time. You can skip swap altogether and use MFS (memory filesystem) like Brian mentioned for other high write partitions that don't need to be persistent (/tmp, /var/log). See the following article on the freebsd.org website about using solid state storage: http://www.freebsd.org/doc/en/articles/solid-state/article.html Keep in mind though that Brian's setup was for slave nameservers that would be caching from another master. If your nameserver is acting as master, you'll be storing your records on flash since you need persistent storage, but I don't imagine those files will be write intensive. Also, if you make /var/log MFS, you'll want to have an external syslog server set up ;) Thanks a lot so it should be ok then! :-) Yeah sounds like a good setup, and also a syslog server :- this is exactly what I need in order to check my IOS logs coming from my Cisco boxes. I had previously imagined it to be a simple tftpboot server but sounds like it's standalone. That's cool! I mean I really like having logwatch mailing me all necessary information anyway so that coupled with a syslog server should be pretty good :-) Nice ideas need to do some Google'ing now as I don't know what MFS is yet but I will :-D Cheers and best regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Mother board compatibility and CF card usage as main storage device for small DNS server
Thanks very much Brian: On 30/09/2010 17:02, Brian A. Seklecki (CFI NOC) wrote: On 9/30/2010 4:11 AM, Kaya Saman wrote: I mean for a DNS server (all be it a small one) is it wise to use compact flash as storage?? For our GSLB DNS Slaves, we boot embedded/low power (or even VMs these days) systems with CF images off of flash, keep a shadow copy of /etc around, and program all file systems with R/W activity (/var/chroot/named/cache, where all zone files are fetched from Master NS) on MFS partitions, eliminating almost all write operations to the CF card. No swap, and RD / (/var, etc.) and MFS /usr extracted from a tarball via modified rc(8). /shadow is mounted noatime. Are you saying that you custom compiled the kernel here?? I'm not that advanced with FreeBSD yet as I've only been using it for a few months even though I have other UNIX based experience. [...] Where it gets risky is if you just plain install a live functional FreeBSD on CF. A million inodes for /usr/src and CF is about as fast as an ESDI hard drive in an IBM XT. I was planning to go Standard Minimal Install then build Bind9 from ports and of course use SSH as login system and perhaps hack out the Serial port to give me some SPARC/POWER/Cisco style RS232c login. From what you mention it sounds like a bad idea as the system disk will have many R/W's going through it it seems as /tmp and Swap get written to all the time. I mean this would have been a cheaper alternative to buying an SSD drive or SAS 2.5" drive but now I'm a bit worried. ~BAS Regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Mother board compatibility and CF card usage as main storage device for small DNS server
On 9/30/2010 4:11 AM, Kaya Saman wrote: I mean for a DNS server (all be it a small one) is it wise to use compact flash as storage?? For our GSLB DNS Slaves, we boot embedded/low power (or even VMs these days) systems with CF images off of flash, keep a shadow copy of /etc around, and program all file systems with R/W activity (/var/chroot/named/cache, where all zone files are fetched from Master NS) on MFS partitions, eliminating almost all write operations to the CF card. No swap, and RD / (/var, etc.) and MFS /usr extracted from a tarball via modified rc(8). /shadow is mounted noatime. Minimal writes to flash. The systems boot in about 30 seconds. We actually run NetBSD, but we've done similar models on FreeBSD. No CF card failures reported in five (5) years. We use Transcend Industrial series. Where it gets risky is if you just plain install a live functional FreeBSD on CF. A million inodes for /usr/src and CF is about as fast as an ESDI hard drive in an IBM XT. ~BAS ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Cache Memory in top command
On 09/30/2010 01:37 PM, RW wrote: > On Thu, 30 Sep 2010 09:24:58 +0200 > Bas Smeelen wrote: > > > >> *Wired:* number of pages wired down, including cached file data pages >> > That refers to buffer pages (displayed as Buf), which are a subset of > the cached file data pages. > > The pages in the cache queue are not specifically cached file data > pages, they are clean pages from any source, including pages that have > been written to swap. Could this be a "bug" in the man page then? Because Wired en Buff are explicitly explained at the bottom of man (1) top DISCLAIMER: This e-mail is for the intended recipient(s) only. Access, disclosure, copying, distribution or reliance on any of it by anyone else is prohibited. If you have received it by mistake please let us know by reply and then delete it from your system. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Cache Memory in top command
On Thu, 30 Sep 2010 09:24:58 +0200 Bas Smeelen wrote: > *Wired:* number of pages wired down, including cached file data pages That refers to buffer pages (displayed as Buf), which are a subset of the cached file data pages. The pages in the cache queue are not specifically cached file data pages, they are clean pages from any source, including pages that have been written to swap. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
/usr/ports via NFS on several servers adn parralell portupgrade
Hello all! I found one problem using portupgrade on a number of servers, that has NFS mounter /usr/ports from one server. On one server portupgrade sometimes want to rebuild /usr/ports/INDEX-7.db. While it rebuilds, another portupgrade running on second server suddenly wants to rebuild INDEX-7.db. And both portupgrades fails with this message: ... /usr/ports/INDEX-7:17502:read: 0x2a75d37c, 1024: Stale NFS file handle -- Stale NFS file handle /usr/ports/INDEX-7:17503:read: 0x2a75d37c, 1024: Stale NFS file handle -- Stale NFS file handle /usr/ports/INDEX-7:17504:read: 0x2a75d37c, 1024: Stale NFS file handle -- Stale NFS file handle /usr/ports/INDEX-7:17505:read: 0x2a75d37c, 1024: Stale NFS file handle -- Stale NFS file handle /usr/ports/INDEX-7:17506:read: 0x2a75d37c, 1024: Stale NFS file handle -- Stale NFS file handle /usr/ports/INDEX-7:17507:read: 0x2a75d37c, 1024: Stale NFS file handle -- Stale NFS file handle /usr/ports/INDEX-7:17508:read: 0x2a75d37c, 1024: Stale NFS file handle -- Stale NFS file handle /usr/ports/INDEX-7:17509:read: 0x2a75d37c, 1024: Stale NFS file handle -- Stale NFS file handle .. How ti use portupgrade with /usr/ports right? I set WRKDIRPREFIX=/tmp/workdir in make.conf. May be I can do something else to allow several portupgrade processes on several servers that has mounted nfs from one server? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: IPFW firewall and TCP ports
On Thu, 30 Sep 2010, Ian Smith wrote: > countries are long gone. For some scientific (and policy) rationale of > the increasingly fragmented nature of new allocations down to /22 (ie 64 > IP addresses) have a look at http://www.potaroo.net/tools/ipv4/ Oops; a /22 allocation is of course 4 times a /24, ~1024 addresses. Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: IPFW firewall and TCP ports
In freebsd-questions Digest, Vol 330, Issue 5, Message: 1
On Wed, 29 Sep 2010 08:16:47 -0400 Carmel wrote:
> While perusing my Apache httpd-error.log, I noticed a large number of
> attempts to access my phpmyadmin directory, as well as a few less know
> others. Most of these probes originated from China. Since I have no
> legitimate business dealing with that region, I decided to create a
> table in my IPFW firewall to block them. This is an example:
>
> ## IPFW Firewall Rules
>
> # Set rules command prefix
> cmd="ipfw -q add"
>
> # public interface name of NIC facing the public Internet
> pif="nfe0"
>
> # Lets start by listing known bad IP addresses and blocking them. We
> # will put them into a table for easier handling.
>
> ipfw -q table 1 add 60.0.0.0/8
> ipfw -q table 1 add 61.0.0.0/8
Firstly, 60/8 and 61/8 include a lot more of the Asia Pacific region
than China, including _some_ of the blocks allocated to Australia, New
Zealand, Japan and many others. The days of associating /8 blocks with
countries are long gone. For some scientific (and policy) rationale of
the increasingly fragmented nature of new allocations down to /22 (ie 64
IP addresses) have a look at http://www.potaroo.net/tools/ipv4/
Secondly, there are _dozens_ more IP blocks including Chinese IP space.
Thirdly, the script posted below to deal specifically with the issue you
mention has caught lots of addresses in many other regions including
some based or hosted in the USA; the notion that denying China or Europe
or for that matter North America access will solve any problem is passe.
But if you do want to go down that path, and have any concern to limit
'collateral damage' from parts of the planet you've nothing particular
against, at least try to find accurate and complete data. This is not
so easy, and needs to be updated frequently as IP4 address space nears
exhaustion sometime before early 2012 (reference the link above).
For example, if you used http://www.blockacountry.com/ and selected
Australia, you'd see some 60.* and 61.* blocks mentioned above, but you
=won't= find 115.70/16 there, ie the address this mail comes from! This
was a problem when first allocated last year, mostly by people using out
of date IP blocklists that assumed we were in China .. see the problem?
But ignoring geopolitics or xenophobia and concentrating on technics ..
> $cmd set 1 deny log all from table\(1\) to any in via $pif
>
> The above is the first entry in my "rules" file. I know that IPFW is
> working since I have blocked other ports for other services and it has
> worked correctly.
>
> The problem is that these IPs are not being blocked. I continue to see
> them listed in the httpd-error.log. I have rebooted my machine and
> therefore am quite certain that these rules are being loaded.
A simple 'ipfw show' will likely show that rule not there, possibly a
preexisting 'flush' rule comes after it? Or, are your other rules all
in 'set 1'? Is 'set 1' your current set? The default is set 0. If you
are using multiple sets use ipfw(8)'s -S switch to show disabled rules.
> The problem is that I probably do not understand how to properly block
> an IP or range of IPs from accessing my web server correctly. I would
> really appreciate any assistance.
Modulo a probable flush or set issue, your syntax is right, and tables
are indeed the way to go; the larger the list, the faster tables work.
So here's my script for dealing with this specific issue; I got tired of
seeing over 150 requests from each IP of what is clearly a distributed
bot scanning for */scripts/setup.php and more lately *p=phpinfo(); This
usually blocks the offending IP before its second request. FWIW, the
latest IP logged and blocked was from a hosting company in the US :)
I run eg '# /path/to/botwatch 50 &' to start with the recent log lines.
'# kill /var/run/botwatch.pid' stops it and both of its bg processes.
cheers, Ian
#!/bin/sh
# botwatch smithi 23/7/10: pesky distribot seeking */scripts/setup.php
# v0.7 4/9/10 extend for p=phpinfo() so any others
watchlog=/usr/var/log/httpd-access.log # combined format:
eg='1.2.3.4 - - [22/Jul/2010:22:40:47 +1000] "GET /pma/scripts/setup.php'
table=1 # ipfw table denying any further access
sleep=10# max delay before killing pipeline blocking on 'tail -f'
name=`basename $0`
log=/var/log/${name}.log
pid=/var/run/${name}.pid
actions='GET POST HEAD'
ournets='127.0.0 192.168.7 aa.bb.cc xxx.yy.zzz' # our local IP net/s
blocklist='scripts/setup.php p=phpinfo();'
[ "$1" ] && lines=$1 && shift || lines=1
[ "$1" ] && echo "usage: $name [lines]" && exit 1
[ -s $pid ] && op=`cat $pid` && [ "`ps ax | grep -w $op | grep $name`" ] \
&& echo "`date` $name [$$] exit: [$op] still running" >>$log && exit 2
echo $$ >$pid
echo "`date` $name [$$]: begin lines=$lines" >>$log
tail -f -n$lines $watchlog | \
while read ip a b datime tz get url etc; do
[ "$url"
Mother board compatibility and CF card usage as main storage device for small DNS server
Hi, I'm planning on using FreeBSD 8.0 x64 RELEASE edition for a small primary/secondary DNS server setup. The system will run Bind9 and have some zone files and views for the few people I host for. I am considering using a dual Atom system board with 2GB RAM and for storage was thinking of going for 16GB compact flash card instead of a normal hard disk.. This is a bit radical for me as I have never used this kind of setup before so I'm not sure how suited it will be??? These are the system boards: http://www.commell.com.tw/product/SBC/LV-67E.HTM# or http://www.globalamericaninc.com/p2808245/2808245_-_Mini-ITX_Motherboard_with_the_choice_of_Embedded_Intel_Atom_D510,_D410_or_Fanless_N450_Processor/product_info.html I mean for a DNS server (all be it a small one) is it wise to use compact flash as storage?? Thanks and regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Cache Memory in top command
On 09/29/2010 07:36 PM, RW wrote: >>> Bas Smeelen wrote: >>> >>> *Cache:* number of clean pages caching data that are available for immediate reallocation http://www.freebsd.org/cgi/man.cgi?query=top&sektion=1 >>> > I don't see why it would be included in wired, and I'm pretty sure > that's wrong. > >From the man page: *Wired:* number of pages wired down, including cached file data pages > The cache queue is a stock of clean pages, it's sort of an intermediate > state between inactive and free. Most memory allocations can be > performed directly from the cache queue, which allows memory to hold > useful data right up to the moment it's reallocated, and it allows > FreeBSD to run with very little free (i.e. wasted) memory. > > Cache memory is topped-up with memory from the inactive queue in the > background. Likewise inactive memory is topped-up from active memory. > Since that's done on demand the values are virtually meaningless. > > Thanks for your detailed explanation DISCLAIMER: This e-mail is for the intended recipient(s) only. Access, disclosure, copying, distribution or reliance on any of it by anyone else is prohibited. If you have received it by mistake please let us know by reply and then delete it from your system. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
