Website Development Services
Hi, I am Jennifer Marketing Executive of IT Company Firm based in New Delhi, India. I have gone through your site and found that we can work together, we have 150+ designers,developers,professional content writers and SEO Masters in our company. We deliver quality services within timeframe with economical cost. We have expertise in Trend MLS ( IDX Search ), Out Trigger, BST, RCI Holiday Network, HotelBEDs, iphone / Android apps. We have experts for PHP /JSP / ASP .NET languages and following open source products :- * Joomla Customization, * Drupal CMS Customization, * Magento, * OS Commerce, * X-Cart, * Zen Cart Customization, * PHPBB, * Wordpress, * Codeigniter, * MVC, * Zend Framework, * Symfony etc.. Please add Mr. Raj ( Technical Head ) for live chat on: -Skype Id: raj30jan, Google talk: raj30jan, Yahoo: mailto:raj30...@ymail.com raj30...@ymail.com, MSN: mailto:raj30...@hotmail.com raj30...@hotmail.com. Email : mailto:raj30...@gmail.com raj30...@gmail.com , Mobile : +91-9312639156 Do let me know if you have any question and I would be happy to send in more details. I look forward to hearing from you soon. Jennifer disotell IT Company (Your Best Outsourcing Partner) Call : T. +91 93 126 39 156,+44 208 123 7861,+1 360 450 0557,Toll Free : +1 855 216 7791 Disclaimer: The CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act) establishes requirements for those who send commercial email, spells out penalties for spammers and companies whose products are advertised in spam if they violate the law, and gives consumers the right to ask mailers to stop spamming them. The above mail is in accordance to the Can Spam act of 2003: There are no deceptive subject lines and is a manual process through our efforts on World Wide Web. You can opt out by sending mail to jennifer.r...@gmail.com and we ensure you will not receive any such. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re-installing a system on a new LUN while system is up and running
Hello, I have an 7.4 system that I wish to update to 9.1 - It is a live mail server with couple of 100's persons on it. This system is deployed on an Intel modular which allows me to connect any LUN to this device. My idea was to create a new LUN and connect It to my system, then deploy the 9.1 version of the system on It, migrate the data on it and then reboot the system with everything updated, up and running… Is this feasible ? How do I have to proceed to do this ? How do I specify the target for the system to be deployed on the other pool of disks not on the live system ? When I reboot, how will I specify the new LUN as being the target system ? How do I recompile userland on the new system ? Is there a way to do that while running 7.4 (and specifying 9.1 binaries / architecture as target) ? Do you think this is the right solution to update my system with a minimum downtime or would your rather suggest the more classical way of doing things ? Thx. «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Your provider of OpenSource Appliances www.osnet.eu «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ PGP ID -- 0x1BA3C2FD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Virtual Box on FreeBSD Server
I use Virtualbox and FreeBSD 9, or 10 as the base OS and the windows 2003server, 2008 server, running in the virtualbox, My cpu is an AMD8120 8cores with 16GB of memory, the filesystem is in ZFS, I put 2Gb for each windows, and the system runs confortable with 20 users in each windows machine.. (total of 40 users) The boot (cold boot) for the 2003 server (32 bits) is about 10 seconds with an drive of 20GB and another of 400GB (in the virtualbox...) the NIC is configure with bridge, the FreeBSD gives address via dhcp server... both windows run with VboxHeadless and are both enable terminal servers Runs like a charm... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
jail(8) vimage epair bridge
Hello questions list
I am using jail(8) trying to get a functional vimage environment on my
9.1-RELEASE system. My PC only has a single real NIC facing the public
internet. My goal is to be able to have multiple vimage jails, each with
their own epairXa epairXb and bridgeX where the X is the jails JID
number all having their traffic passing through the single rl0 real
interface. The vnet.start script shown below handles this nicely.
The problem is after the first vimage jail is started the rl0 interface
gets marked as busy when the second vimage jail is started.
How do I get all vnet jails to pass through the real rl0 interface?
Thanks for you help
# /root cat /etc/jail.conf
vimage33 {
host.hostname = vimage33;
path= /usr/jails/vimage33;
mount.fstab = /usr/local/etc/fstab/vimage33;
exec.start = /bin/sh /etc/rc;
exec.stop = /bin/sh /etc/rc.shutdown;
exec.consolelog = /var/log/vimage33.console.log;
devfs_ruleset = 4;
allow.mount.devfs;
vnet;
exec.poststart=vnet.start vimage33 rl0;
exec.prestop=vnet.stop vimage33;
}
# /root cat /usr/local/bin/vnet.start
#!/bin/sh
jailname=$1
nicname=$2
jid=`jls -j ${jailname} jid`
if [ ${jid} -gt 100 ]; then
echo
echo The JID value is greater then 100.
echo You must shutdown the host and reboot
echo to zero out the JID counter and recover
echo the lost memory from stopping vimage jails.
echo
exit 2
fi
ifconfig bridge${jid} create /dev/null 2 /dev/null
ifconfig bridge${jid} 10.${jid}.0.1
ifconfig bridge${jid} up
ifconfig epair${jid} create /dev/null 2 /dev/null
ifconfig bridge${jid} addm ${nicname} addm epair${jid}a
ifconfig epair${jid}a up
ifconfig epair${jid}b vnet ${jid}
jexec ${jailname} ifconfig epair${jid}b 10.${jid}.0.2
jexec ${jailname} route add default 10.${jid}.0.1 /dev/null 2 /dev/null
jexec ${jailname} ifconfig lo0 127.0.0.1
# Display the hosts network view before starting any vnet jails
# /root ifconfig
rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu
options=2008VLAN_MTU,WOL_MAGIC
ether 00:0c:6e:09:8b:74
inet 10.0.10.5 netmask 0xfff8 broadcast 10.0.10.7
nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL
media: Ethernet autoselect (100baseTX full-duplex)
status: active
plip0: flags=8810POINTOPOINT,SIMPLEX,MULTICAST metric 0 mtu 1500
nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384
options=63RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
inet 127.0.0.1 netmask 0xff00
nd6 options=21PERFORMNUD,AUTO_LINKLOCAL
# Start the first vnet jail
# /root jail -f /etc/jail.conf -c vimage33
vimage33: created
bridge1: Ethernet address: 02:8f:94:84:0c:02
epair1a: Ethernet address: 02:c0:a4:00:0b:0a
epair1b: Ethernet address: 02:c0:a4:00:0c:0b
# /root jls
JID IP Address Hostname Path
1 - vimage33 /usr/jails/vimage33
# Lets display the hosts network after the first vnet jail has started
# /root ifconfig
rl0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0
options=2008VLAN_MTU,WOL_MAGIC
ether 00:0c:6e:09:8b:74
inet 10.0.10.5 netmask 0xfff8 broadcast 10.0.10.7
nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL
media: Ethernet autoselect (100baseTX full-duplex)
status: active
plip0: flags=8810POINTOPOINT,SIMPLEX,MULTICAST metric 0 mtu 1500
nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384
options=63RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
inet 127.0.0.1 netmask 0xff00
nd6 options=21PERFORMNUD,AUTO_LINKLOCAL
bridge1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu
ether 02:8f:94:84:0c:01
inet 10.1.0.1 netmask 0xff00 broadcast 10.255.255.255
nd6 options=21PERFORMNUD,AUTO_LINKLOCAL
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: epair1a flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP
ifmaxaddr 0 port 9 priority 128 path cost 14183
member: rl0 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP
ifmaxaddr 0 port 5 priority 128 path cost 20
epair1a: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST
options=8VLAN_MTU
ether 02:c0:a4:00:09:0a
inet6 fe80::c0:a4ff:fe00:90a%epair1a prefixlen 64 scopeid 0x9
nd6 options=21PERFORMNUD,AUTO_LINKLOCAL
media: Ethernet 10Gbase-T (10Gbase-T full-duplex)
Re: Home WiFi Router with pfSense or m0n0wall?
On Sun, Apr 21, 2013 at 9:52 AM, Michael Powell nightre...@hotmail.com wrote: Alejandro Imass wrote: Hi, I'm looking to replace the piece of crap 2wire WiFi router that gets crakced every other day for something with pfSense or m0n0wall Not sure what you mean by 'cracked' here. If you are meaning that someone is using aircrack-ng to break your Wifi authentication key a firewall won't do much to stop this. I use mac address authentication plus wpa2 psk and yet they are still able to connect so it seems that 2Wire's routers are an insecure piece of crap and they are full of holes and back-doors. Just google 2wire vulnerabilities or take a look at this video http://www.youtube.com/watch?v=yTtQGPdSIfM Look at how many ISPs world-wide use 2wire. Makes you wonder if ISPs use these crappy routers on purpose to get some more revenue from cap overruns. Cheers, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Home WiFi Router with pfSense or m0n0wall?
Alejandro Imass wrote: On Sun, Apr 21, 2013 at 9:52 AM, Michael Powell nightre...@hotmail.com wrote: Alejandro Imass wrote: Hi, I'm looking to replace the piece of crap 2wire WiFi router that gets crakced every other day for something with pfSense or m0n0wall Not sure what you mean by 'cracked' here. If you are meaning that someone is using aircrack-ng to break your Wifi authentication key a firewall won't do much to stop this. I use mac address authentication plus wpa2 psk and yet they are still able to connect so it seems that 2Wire's routers are an insecure piece of crap and they are full of holes and back-doors. Just google 2wire vulnerabilities or take a look at this video http://www.youtube.com/watch?v=yTtQGPdSIfM With Kismet able to place a wifi unit into monitor mode you can quickly get a list of everything in the vicinity, including all the MAC addresses of devices connecting the various access points. You can then clone your unit's MAC address to match one in the list. Even though I do use it, MAC access lists are very easy to get around and will only stop those who do not know how to do this. Even in passive mode, without using active attack to speed things up I can crack a WEP key in 45 minutes easily. Doing this passively doesn't expose you. The time it takes depends on how busy the access point is. An active attack can break WEP in 2-3 minutes, or less. I've seen it done between a minute and a minute and a half. Most consider the answer to use WPA2, which I do use too. Many think it is 'virtually' unbreakable, but this really is not true; it just takes longer. I've done WPA2 keys in as little as 2-3 hours before. Look at how many ISPs world-wide use 2wire. Makes you wonder if ISPs use these crappy routers on purpose to get some more revenue from cap overruns. Really these WEP/WPA2 protocols are not providing the level of protection that is truly necessary in this modern day. You can keep out script kiddies and people who don't have skill, but people who know what they are doing are only slowed down. The ISPs are seemingly more interested and concerned with protecting Big Media Content's DRM schemes. They have a monetary stake as they move in the direction of deals with 'Big Media', less so the incentive to do more for their retail Internet-access customer. And don't even me started on the advertising industry run-amok. :-) -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Home WiFi Router with pfSense or m0n0wall?
On Mon, Apr 22, 2013 at 2:25 PM, Michael Powell nightre...@hotmail.com wrote: Alejandro Imass wrote: On Sun, Apr 21, 2013 at 9:52 AM, Michael Powell nightre...@hotmail.com wrote: Alejandro Imass wrote: Hi, [...] Really these WEP/WPA2 protocols are not providing the level of protection that is truly necessary in this modern day. You can keep out script kiddies and people who don't have skill, but people who know what they are doing are only slowed down. Thanks for the detailed explanation! So, are there ways to run a secure WiFi network? It would seem that in my case I have neighbours that know what they're doing so should I just forget about WiFi go back to UTP? Thanks, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Home WiFi Router with pfSense or m0n0wall?
Alejandro Imass wrote: [...] Really these WEP/WPA2 protocols are not providing the level of protection that is truly necessary in this modern day. You can keep out script kiddies and people who don't have skill, but people who know what they are doing are only slowed down. Thanks for the detailed explanation! So, are there ways to run a secure WiFi network? It would seem that in my case I have neighbours that know what they're doing so should I just forget about WiFi go back to UTP? We use 802.1x auth on our switch (and other hardwares) ports at work and this utilizes a Radius server. At work we are mostly a $MS WinderZ shop, but with Enterprise grade access points (we have Aruba's), EAP, and Radius we can extend our network Kerberos out through the wifi realm. Without going into details ( way too much/many for the scope here) I basically have an almost completely locked network which just won't allow a device on it that it doesn't recognize. It is a pain, and not perfect either by any stretch. I have more problems with printers as a result than anything else. I do have to keep an open Internet access for visitors to use, but it is separated from our main network with no path between the two. :-) This does provide better security when compared to what consumers are running at home. It is much more complex and requires expensive equipment. And even still, a really high-grade Uber hacker might still find a way in. We hire pen-tester companies about once a year, and while they haven't found any glaring holes there are some grey areas that we wonder if a really motivated Uber hacker spent enough time on... I have entertained on and off the idea of getting a wifi card for my FreeBSD gateway/firewall box at home to see if I could come up with something more resembling something like we have at work. It probably wouldn't be as involved, but I do think (FreeBSD as a very _capable_ and flexible OS) something could be designed that would inherently be somewhat more secure than what I see in the basic ISP home router. I have Verizon's FIOS here with an Actiontec MI424WR-Rev 3 router and I think I could do better. The alternate provider here is Comcast which mostly seems to be using Motorola Surfboard routers, but the bottom line is I don't have any problem cracking any of them. This email is already getting a trifle long, so suffice to say if you really need the best security on a home ISP router the best you can do is turn off the radio and use Ethernet and UTP. This returns to the original focus of your question in that the firewall would be the point of contention and not the cracking of WEP/WPA2 auth keys. What I was wanting to point out to you originally is that changing the firewall is a separate issue from the cracking of Wifi auth keys. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Home WiFi Router with pfSense or m0n0wall?
On Mon, Apr 22, 2013 at 3:45 PM, Michael Powell nightre...@hotmail.com wrote: Alejandro Imass wrote: [...] Really these WEP/WPA2 protocols are not providing the level of protection that is truly necessary in this modern day. You can keep out script kiddies and people who don't have skill, but people who know what they are doing are only slowed down. Thanks for the detailed explanation! So, are there ways to run a secure WiFi network? It would seem that in my case I have neighbours that know what they're doing so should I just forget about WiFi go back to UTP? We use 802.1x auth on our switch (and other hardwares) ports at work and this utilizes a Radius server. At work we are mostly a $MS WinderZ shop, but with Enterprise grade access points (we have Aruba's), EAP, and Radius we [...] This email is already getting a trifle long, so suffice to say if you really need the best security on a home ISP router the best you can do is turn off the radio and use Ethernet and UTP. This returns to the original focus of your question in that the firewall would be the point of contention and not the cracking of WEP/WPA2 auth keys. What I was wanting to point out to you originally is that changing the firewall is a separate issue from the cracking of Wifi auth keys. I absolutely got that but I was assuming that a pre-packaged WiFi router with pfSense or m0n0wall would have a more secure wireless hardware and software as well. Now I see the problem is more complex and that the wireless part is vulnerable regardless. So if by cracking the wireless part they can spoof the mac addresses of authorized equipment, what other methods could a BSD-based firewall use to prevent the cracker from penetrating or using the network beyond the WiFi layer? From your response it seems very little or nothing really... Thanks again for your detailed answers! -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Home WiFi Router with pfSense or m0n0wall?
Alejandro Imass wrote: On Mon, Apr 22, 2013 at 3:45 PM, Michael Powell nightre...@hotmail.com wrote: Alejandro Imass wrote: [...] Really these WEP/WPA2 protocols are not providing the level of protection that is truly necessary in this modern day. You can keep out script kiddies and people who don't have skill, but people who know what they are doing are only slowed down. Thanks for the detailed explanation! So, are there ways to run a secure WiFi network? It would seem that in my case I have neighbours that know what they're doing so should I just forget about WiFi go back to UTP? We use 802.1x auth on our switch (and other hardwares) ports at work and this utilizes a Radius server. At work we are mostly a $MS WinderZ shop, but with Enterprise grade access points (we have Aruba's), EAP, and Radius we [...] This email is already getting a trifle long, so suffice to say if you really need the best security on a home ISP router the best you can do is turn off the radio and use Ethernet and UTP. This returns to the original focus of your question in that the firewall would be the point of contention and not the cracking of WEP/WPA2 auth keys. What I was wanting to point out to you originally is that changing the firewall is a separate issue from the cracking of Wifi auth keys. I absolutely got that but I was assuming that a pre-packaged WiFi router with pfSense or m0n0wall would have a more secure wireless hardware and software as well. Now I see the problem is more complex and that the wireless part is vulnerable regardless. So if by cracking the wireless part they can spoof the mac addresses of authorized equipment, what other methods could a BSD-based firewall use to prevent the cracker from penetrating or using the network beyond the WiFi layer? From your response it seems very little or nothing really... Yes - unfortunately this is about the state of things. Not a whole lot you're going to do to improve the consumer grade home router. There are some hardware specific firmware projects that I've never played with such as: http://www.dd-wrt.com/site/index The pre-packaged home equipment is relatively cheap when compared against the top of the line enterprise-grade commercial products. Most are some form of embedded Linux. For example, the MI424WR-Rev3 I have here is busybox ( http://www.busybox.net/ ). If you turn on remote management and telnet into it you get a busybox prompt! With a busybox shell and all busybox commands. The firewall many of these embedded Linux things are using is iptables2, the standard linux firewall package. What I was pondering is some form of L2TP tunnel, or some other form of IPSEC tunnel to form some kind of VPN like communication between the client and the wifi. Just never have begun to find the time to get anywhere with the idea. But basically it would resemble a VPN that only accepts connection from a tunnel endpoint client and not pass any traffic from any other client lacking this VPN-like endpoint. I think such a thing is very possible and have read some articles by people who have done very similar sounding things. Indeed, this is what SSL-VPN providers do via a subscription service so people surfing at open wifi coffee shops tunnel through the local open wifi and setup an encrypted VPN tunnel. Just not enough time in the day. I know it's do-able, just never have found the time to properly approach it. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
multipath to long ?
seems im having issues with an enclousure using multipath to drives. Any ideas? its FreeBSD 9.1 with 4 LSI controllers and 36 disks make_dev_physpath_alias: WARNING - Unable to alias multipath/SATA_LUN14 to enc@n5000ed572eeae5bd/type@0/slot@4/elmdesc@ArrayDevice03/multipath/SATA_LUN14 - path too long make_dev_physpath_alias: WARNING - Unable to alias multipath/SATA_LUN04 to enc@n5000ed572eeae5bd/type@0/slot@2/elmdesc@ArrayDevice01/multipath/SATA_LUN04 - path too long make_dev_physpath_alias: WARNING - Unable to alias multipath/SATA_LUN18 to enc@n5000ed572eea93bd/type@0/slot@4/elmdesc@ArrayDevice03/multipath/SATA_LUN18 - path too long make_dev_physpath_alias: WARNING - Unable to alias multipath/SATA_LUN15 to enc@n5000ed572a8548bd/type@0/slot@4/elmdesc@ArrayDevice03/multipath/SATA_LUN15 - path too long ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Home WiFi Router with pfSense or m0n0wall?
On Mon, 22 Apr 2013 14:25:30 -0400 Michael Powell wrote: Most consider the answer to use WPA2, which I do use too. Many think it is 'virtually' unbreakable, but this really is not true; it just takes longer. I've done WPA2 keys in as little as 2-3 hours before. Are you saying that any WPA2 key can be cracked or or you simply referring to weak keys? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
