Re: who building sucessed zhcon under current
suken woo wrote: I wanna to buid it ,but always get failed. thanks any information. best regards === Building for zh-zhcon-0.2_4 gmake all-recursive gmake[1]: Entering directory `/usr/ports/chinese/zhcon/work/zhcon-0.2' Making all in src gmake[2]: Entering directory `/usr/ports/chinese/zhcon/work/zhcon-0.2/src' Making all in display gmake[3]: Entering directory `/usr/ports/chinese/zhcon/work/zhcon-0.2/src/displa y' gmake[3]: Nothing to be done for `all'. gmake[3]: Leaving directory `/usr/ports/chinese/zhcon/work/zhcon-0.2/src/display ' gmake[3]: Entering directory `/usr/ports/chinese/zhcon/work/zhcon-0.2/src' c++ -O2 -DNDEBUG -funsigned-char -Wall -Wl,-rpath=/usr/lib/unicon -o zhcon -L /usr/lib/unicon basefont.o big52gbdecoder.o big5decoder.o configfile.o console. o gb2big5decoder.o gbdecoder.o gbkdecoder.o graphdev.o hzdecoder.o jisdecoder.o kscmdecoder.o main.o window.o winime.o zhcon.o overspotclient.o nativeinputserve r.o inputclient.o inputmanager.o inputserver.o candilist.o uniconinputserver.o c onfigserver.o nativebarclient.o display/libdisplay.a -lutil -lc -lintl -L/usr/l ib/unicon -L/usr/local/lib overspotclient.o: In function `OverSpotClient::Update()': overspotclient.o(.text+0x536): undefined reference to `InputServer::IsFullChar() ' overspotclient.o(.text+0x57e): undefined reference to `InputServer::IsFullComma( )' overspotclient.o: In function `OverSpotClient::AdjustWinPos(int, int, int, int)' : overspotclient.o(.text+0xa74): undefined reference to `Window::ColsOvered()' overspotclient.o(.text+0xa7e): undefined reference to `Window::RowsOvered()' inputmanager.o: In function `InputManager::ProcessInputKey(char)': inputmanager.o(.text+0xbf9): undefined reference to `InputServer::IsFullChar()' inputmanager.o(.text+0xc30): undefined reference to `InputServer::IsFullComma()' nativebarclient.o: In function `NativeBarClient::Update()': nativebarclient.o(.text+0x6fb): undefined reference to `InputServer::IsFullChar( )' nativebarclient.o(.text+0x73e): undefined reference to `InputServer::IsFullComma ()' gmake[3]: *** [zhcon] Error 1 gmake[3]: Leaving directory `/usr/ports/chinese/zhcon/work/zhcon-0.2/src' gmake[2]: *** [all-recursive] Error 1 gmake[2]: Leaving directory `/usr/ports/chinese/zhcon/work/zhcon-0.2/src' gmake[1]: *** [all-recursive] Error 1 gmake[1]: Leaving directory `/usr/ports/chinese/zhcon/work/zhcon-0.2' gmake: *** [all-recursive-am] Error 2 *** Error code 2 Stop in /usr/ports/chinese/zhcon. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Mount logical DOS partition
On Fri, 11 Oct 2002, Ivan Fomitchev wrote: Hello all, Could anyone tell me, how should I mount DOS logical partition on FreeBSD? It is located in the beginning of the the extended partition, which is the second on my HDD. I can't remember exactly, but I think logical partitions use the letters e, f, g . Try something like mount_msdos /dev/ad0s2e /mnt Hope that helps. Uli. -- Best regards, Ivan mailto:[EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message *---* *Peter Ulrich Kruppa* * - Wuppertal - * * Germany * *---* To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
4.7 mergemaster deleted fews keyfiles.
upgrade to 4.7 but get the zero byte files if merge new file to original files.the mergemaster likely does not merge file but clear the orig file. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
re: ipfw rules
I am able to use cvsup with our firewall. The problem is when actually trying to install the software using the make command since the make command tries to fetch the source tarball from a remote server using ftp. If you have a proxy server running, try putting FETCH_ENV variable into /etc/make.conf (see /etc/defaults/make.conf for example) -- Toomas Aas | [EMAIL PROTECTED] | http://www.raad.tartu.ee/~toomas/ * If it wasn't for C, we'd be using BASI, PASAL and OBOL! To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
squid case - help
greetings ... i had a freebsd 4.6 running squid 2.0.4 proxy server i want to limit all local connection to internet only through this proxy is there any setting so web, ftp, irc, etc cannot connect without using this proxy thanks ... __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: ATAPI CDRW compatibility
On Thu, Oct 10, 2002 at 08:57:42PM -0700, Mark Miller wrote: I remember awhile back reading the list of burncd-supported ATAPI CDRW drives, and at the time it was a short list. I'm now thinking of moving up to a faster drive, and according to Section 4.6 of http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/hardware.html FreeBSD supports any ATAPI-compatible IDE CD-R or CD-RW drive. Is this in fact correct? Yes, the keyword is ATAPI-compatible. If the drive is ATAPI-compatible then it will work, because burning CDs uses the ATAPI command set. Kris msg04837/pgp0.pgp Description: PGP signature
Re: SSH/FTP Access
Jason Morgan wrote: On Wed, Oct 09, 2002 at 11:28:16PM -0500, [EMAIL PROTECTED] wrote: Just wondering is there a way to limit SSH access (when adding a user or period) so that user can only use SSH to access or effect their home directory? With ssh2 you can use chroot to limit access to other dirs. In your config: ChRootUsers user1,user2,user3 you can also restric groups the same way: ChRootGroups group1,group2,group3 Just don't forget to hardlink any system files into their directories so they can actually use their accounts. Note: I've never done this myself and I just pulled the 'how-to' from O'Reilly's SSH book. This is a great resource, and I recommend you get a copy. Just occassionally, the kind souls on freebsd-users come up with real gems of information. Thank you, I've been looking for a solution like this for weeks! James To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Athlon XP motherboards that work well with FreeBSD
# [EMAIL PROTECTED] / 2002-10-10 15:43:36 -0700: I've been having trouble with my a7a-133. I had trouble with XFree86, and with a tv card. I'd like to know some motherboards that work well with FreeBSD? Someone didn't have the same troubles with soltek SL-75DRV2 http://www1.soltek.com.tw/English/product/75drv2.htm looks like the solteks are fine. you might want to take DRV4 or DRV5. I've bought asus card because my hp pavillion had a asus card with a via chipset. I read after that they don't document their boards so that open source developers can support all the features easily. Whats a more open motherboard brand? Are Via chipsets the best supported? The card I'm having trouble with has a acer chipset. i also wanted to buy asus when i was going for a new box, but during the research i found out that people were having trouble getting X up with some of the asus boards. X was essential since i was upgrading my desktop, so i went with abit KR7A (the no-raid version, VIA KT266A chipset), and i'm really happy with it. btw, there was a Athlon XP mobo test in the august issue of the czech Chip magazine, and they got the best numbers from a DFI AD76 RAID mobo. VIA KT333 chipset, Promise 20276, onboard sound (Realtek RTL8100). if i was buying a new mobo i would go for this one. (i have no experience with DFI mobos. maybe someone could chime in?) -- begin 666 nonexistent.vbs FreeBSD 4.7-RC 10:26AM up 23 days, 17:41, 21 users, load averages: 0.25, 0.22, 0.16 end To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
mount ext2
Hi, I finally managed to get mount my ext2 partitons from my old linux install. However I'm having trouble mounting on rw If I run mount -t ext2fs /dev/ad1s4 /mnt/home I get Oct 11 08:59:12 duocity /kernel: WARNING: R/W mount of #ad/0x4000a denied due to unsupported optional features Mount ro works but what does this mean? I did use to use ext3 but I thought that was just ext2+stuff Rgds Rus -- http://www.fsck.me.uk - My blog http://shells.fsck.me.uk - Hosting how you want it. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: mount ext2
# [EMAIL PROTECTED] / 2002-10-11 10:05:06 +0100: Hi, I finally managed to get mount my ext2 partitons from my old linux install. However I'm having trouble mounting on rw If I run mount -t ext2fs /dev/ad1s4 /mnt/home I get Oct 11 08:59:12 duocity /kernel: WARNING: R/W mount of #ad/0x4000a denied due to unsupported optional features Mount ro works but what does this mean? I did use to use ext3 but I thought that was just ext2+stuff looks like stuff = unsupported optional features -- begin 666 nonexistent.vbs FreeBSD 4.7-RC 11:17AM up 23 days, 18:31, 3 users, load averages: 0.14, 0.20, 0.17 end To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
ÐéÄâÖ÷»ú130Ôª/300M¿Õ¼ä£¬Ö÷»úÍйÜ5800/Äê/̨¡¡¡¡ÏÈÊÔÓ᡺󸶿î Time:11:06:45
www.centuryweb.net¹ú¼ÊÍøÂç-ÏÈÊÔÓ᡺󸶿î ÍøÂçʵÃû×¢²á ¹úÄÚÐéÄâÖ÷»ú×âÓü۸ñ £º 1. 130Ôª£½1Äê¹ú¼ÊÓòÃû£«300mb£«10¸öemail 2. 180Ôª£½1Äê¹ú¼ÊÓòÃû£«200mb£«10¸öemail(Ö§³Öcgi.asp) 3. 280Ôª£½1Äê¹ú¼ÊÓòÃû£«300mb£«20¸öemail(Ö§³Öcgi.asp)£» 4. 450Ôª£½1Äê¹ú¼ÊÓòÃû£«500mb£«30¸öemail(Ö§³Öcgi.asp)£» 5. 250Ôª£½2Äê¹ú¼ÊÓòÃû£«300mb£«10¸öemail 6. 340Ôª£½1Äê¹ú¼ÊÓòÃû£«200mb£«10¸öemail(Ö§³Öcgi.asp) 7. 500Ôª£½2Äê¹ú¼ÊÓòÃû£«300mb£«20¸öemail(Ö§³Öasp¡¢php)£» 8. 800Ôª£½2Äê¹ú¼ÊÓòÃû£«500mb£«30¸öemail(Ö§³Öasp¡¢php) ΪÁ˱£»¤ÄúµÄÓòÃûȨÀû£¬ÎÒ¹«Ë¾ÏÖ°ìÀíÓÉÃÀ¹úeNom¹«Ë¾ÊÚȨ°ä·¢µÄ¹ú¼ÊÓòÃûÖ¤Ê飬֤Êé·ÑÓÃΪ60Ôª/¸ö£¨Áí¸¶£©¡£ ¡¡---·þÎñÆ÷Ö÷»úÍйܣ¬×âÓñ¨¼Û ¨ ·þÎñÆ÷»ú·¿Ö±½ÓÁ¬½ÓÓÚChinaNet¹Ç¸ÉÍø¸ß¶È£¬½ÓÈ뷽ʽ£º100M LAN¹²Ïí ¡ô ·þÎñÆ÷Ö÷»úÍйܣº ¸ß¶È ¹úÄÚ±¨¼Û ¡¡1U¡¢2U¡¢4U¼°×é×°¡¡£¤ 5800Ôª/Äê ¡ô ·þÎñÆ÷Ö÷»ú×âÓÃ(Ö÷»ú×âÓÃÆÚºÒ¼Äêºó£¬Ö÷»ú¹é×âÓÃÈËËùÓÃ) ¸ß¶È¡¡¹úÄÚ±¨¼Û 1U ¡¡£¤ 11000Ôª/Äê 2U ¡¡£¤ 17000Ôª/Äê ¨ ·þÎñÆ÷ÅäÖ㺠¡¡CPU P4 1.6GÄÚ´æ 512M DDR Ó²ÅÌ 40GHD *Ãâ·ÑÌṩ»ú¼Ü¡¢Ãâ·ÑÌṩ1¸öIPµØÖ·¡¢Ìṩ7*24СʱµÄÍøÂç¼à¿Ø¡¢ Ö÷»úϵͳ¼à²â·þÎñ £¬Ó²¼þ¿É°´¿Í»§ÒªÇóÁíÐÐÅäÖà Ö÷Ì⣺ÐéÄâÖ÷»ú130Ôª/300M¿Õ¼ä£¬Ö÷»úÍйÜ5800/Äê/̨ÏÈÊÔÓ᡺󸶿î ÏêÇ飺www.centuryweb.net »Ø¸´ÐÅÏ䣺[EMAIL PROTECTED] ±¾ÓʼþÖ»·¢Ò»´Î£¬ÈçÓдòÈÅÍòÍûº£º£¡ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
cvsup SIGBUSted
# cd /usr/src # make update ... Updating collection ports-x11/cvs *** Signal 10 # rm -r /usr/ports/* # rm /usr/ports/.cvsignore # make update ... Parsing supfile /usr/local/etc/cvsup/supfiles/ports-supfile Connecting to cvsup.cz.FreeBSD.org Connected to cvsup.cz.FreeBSD.org Server software version: SNAP_16_1f Negotiating file attribute support Exchanging collection information Establishing multiplexed-mode data connection Running *** Signal 10 I don't think this is a HW prob since this box is otherwise doing *very* fine (in fact, I don't think I've been happier with my HW before). FreeBSD freepuppy.bellavista.cz 4.7-RC FreeBSD 4.7-RC #0: Tue Sep 17 11:15:58 CEST 2002 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/FREEPUPPY2_3 i386 -- begin 666 nonexistent.vbs FreeBSD 4.7-RC 11:22AM up 23 days, 18:37, 3 users, load averages: 0.02, 0.10, 0.13 end To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Mount logical DOS partition
Hi Ivan, Could anyone tell me, how should I mount DOS logical partition on FreeBSD? It is located in the beginning of the the extended partition, which is the second on my HDD. I have in my /etc/fstab: /dev/ad2s5 /win/temp msdos rw 0 0 Yours should probably read ad0s5 instead. My extended partition is #4 on my hdd however, so it could be ad0s3, too. To be sure do a verbose boot (i.e. interrupt your boot process and type boot -v then). This will list all slices and partitions found on your disks. Ciao Siegbert To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Athlon XP motherboards that work well with FreeBSD
On Thu, 10 Oct 2002, W. D. wrote: Date: Thu, 10 Oct 2002 22:31:16 -0500 From: W. D. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Athlon XP motherboards that work well with FreeBSD At 17:43 10/10/2002, Corey Holcomb-Hockin, wrote: I've been having trouble with my a7a-133. I had trouble with XFree86, and with a tv card. I'd like to know some motherboards that work well with FreeBSD? Does anyone know what motherboards will work with an AMD chip(s) in a 1U rack mount server case? Start Here to Find It Fast!© - http://www.US-Webmasters.com/best-start-page/ Have you found a HowTo on rolling your own rackmount? I'd love to see it. I've been considering one of these for my house: http://eracks.com/eRacks/products/config?sku=PREMIUM JB # John Bleichert # http://vonbek.dhs.org/latest.jpg To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: How to create another account with root privileges ?
On Thu, 10 Oct 2002, Pranav A. Desai wrote: Hi all! Thanks a lot to all those who replied. I will try to convince them to use sudo, as most of you have mentioned that it is a better option than changing /etc/passwd. If it doesnt work with them then I will use the second option of changing passwd. No, the second option is to give them the root password and tell them to log as a normal user and then su(8) to root. The last option is to give them accounts with full root privs. Really, I think that is a less desirable option than just giving them their own root account. They can create one anyway with the su ability and they can log in as main root rather than su-ing which is what they are likely to do and mess around with stuff you have in that account like your .cshrc or .profile and files in root's home directory. Maybe better yet, star(*) out the main root password and make yourself as well as those extra admins use their own root accounts. You're less likely to get in trouble. jerry Fer Thanks once again. -Pranav *** Pranav A. Desai Home :- (937) 294 1381 *** On Thu, 10 Oct 2002, Jerry McAllister wrote: Hi! I have been asked to create admin accounts for a machine such that all of them can access that machine as root but with different username and password. First, see if you can get by with a web based system admin tool such as webmin. Or check out sudo or some other similar utility that allows you to grant specific tasks to non-root accounts. These can allow you to delegate most useful admin tasks to a non-root user - things such as creating or deleting accounts, cleaning out piles of spam that is clogging mailboxes, etc. If that won't satisfy the powers that be, then it is not difficult to create whatever additional root accounts that you need. Just use vipw and make additional entries with UID or 0 and GID of 0. Probably the easiest way is to copy the toor line and then edit the username, shell and home directory. We have several machines with extra root accounts. Our practice is to create usernames for those that start with uppercase R as in Rjoe being a root account for joe, Rfred for user fred, etc. Also we create separate home directories for those extra root accounts in the /root directory (eg /root/Rjoe and /root/Rfred). Some cautions: Make sure that /root directory is never moved to any other file system outside of / This is because you want it to be readable for a single user boot. Make sure the shell you specify is one that will be available for a single user boot. Generally, make sure there is a copy in /bin. When you set the password you _always_ have to specify the username, as in passwd Rjoe because, even if you are already logged in as that other root user (Rjoe), if you do not specify the username, it will change root-s password and not Rjoe-s. This is because root has the same UID as Rjoe and comes first in the file. You can't fix this by just moving root later in the passwd file because then you will just have Rfred changing Rjoe-s password if Rjoe comes before Rfred in the file and Rfred forgets to put his own username on the passwd command. So, just put any new Rroot ids after root and toor and make sure everyone uses the idname when changing passwords. Finally, be very paranoid about giving out root accounts to people. Even best intentioned people make disastrous skrewups which can take up to weeks to recover from. Some things are just better put off until you get back from vacation (what vacation?) rather than giving root to someone and coming back to find everything trashed. We joke about the rm -rf * done in the root directory, but I have seen it done - by accident. Each time the person was absolutely sure he was in his own directory. (And not just in UNIX systems; though the command syntax was different, the result was the same in those other systems) So, have fun, jerry Thanks -pranav *** Pranav A. Desai Home :- (937) 294 1381 *** On 9 Oct 2002, Kirk Strauser wrote: At 2002-10-09T17:36:02Z, Pranav A. Desai [EMAIL PROTECTED] writes: How can I create a user account that can function like a root account with the same prilieges ? I need to create three such account. Is it possible ? Short answer: you probably don't really want to do this. What problem are you needing to solve by having multiple root accounts? -- Kirk
Re: how to kill nfs-blocked process
On Fri, Oct 11, 2002 at 09:39:38AM -0400, Bill Moran wrote: cool46 cool46 wrote: thanks for your reply,but it is not work for me.i tried to mount nfs with options -i,-R,but the problem is as before.The details of my test is as follows: my nfs server(IP:10.0.0.1) is a RedHat 7.3 with kernel of 2.4.19 version,my nfs client(IP:10.0.0.2) is freebsd 4.5 10.0.0.2: mount_nfs -i -R 1 10.0.0.1:/home /usr/home cp a_big_file /usr/home in the course of doing this,i disabled network between these two machine by using iptables in 10.0.0.1 /sbin/iptables -I INPUT -p udp -s 10.0.0.2 -j DROP so the process 'cp' in 10.0.0.2 is blocked,I can't kill or interrupt it in any way.According to mount_nfs's manual ,it should failed and return in a few minutes because i set -R equal to 1,but the fact is not. Could you help me? thanks agains.i'm a chinese and glad to make friends with you. That should be the solution. I'm not an NFS expert so you may want to consult with some others as well. (I've put this email back on the mailing list) Are you using hard mounts ? Try using soft mounts and see it that helps. Ceri -- you can't see when light's so strong you can't see when light is gone To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
real old UNIX (i386) hardware
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! can you drop me a pointer, where I get information, if any BSD would be able to ru on really ancient UNIX hardwware like: Acer Altos 1000 (today running SCO 3.21) Acer Altos 700, 900, 7000, 9000, ... the last Acer Altos server hardware (1) runs very fine. But how about the ancient ones ? mfG J. Sauer - -- Jürgen Sauer - AutomatiX GmbH, +49-4209-4699, [EMAIL PROTECTED] ** ** Das Linux Systemhaus - Service - Support - Server - Lösungen ** http://www.automatix.de to Mail me: remove: -not-for-spawm- ** -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj2m2Y4ACgkQW7UKI9EqarG1ewCgrz/eLYF9B5oJUC+N3wdzGSiV DXQAoK6vVwcYuM50OQ7rM/mUBSRsmySi =WHG6 -END PGP SIGNATURE- To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: ucom + usb + palm = insanity
Larry Rosenman wrote: On Fri, 2002-10-11 at 08:31, Eric Anderson wrote: FreeBSD 4.7-RELEASE is nice.. I'm so close, yet so far. Has anyone messed with the ucom stuff yet? Does anyone know the correct way to use it? I thought I'd just slap some stuff in my kernel: device uplcom device uvscom device uvisor device ucom0 at ugen? port ? remove the at ugen? port ? and then add the Palm to usbd.conf. Ok, rebuilding kernel now. What am I supposed to add to the usbd.conf? Do you have an example? We still have issues with pilot-link, but David Desrossier(sp?) is working on them. David has a USB motherboard/Processor I supplied to work on these issues. I'm assuming here you have a M5xx Palm. Actually, no, I have a Sony Clie.. But as far as any other tool is concerned, they see it as a Palm. Does he need more USB mobo's and procs? Does he need help testing? I'm willing to do my fair share. Thanks for the hints! Eric -- -- Eric Anderson Systems Administrator Centaur Technology Skydiving - safer than the stock market. -- To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: ucom + usb + palm = insanity
On Fri, 2002-10-11 at 08:31, Eric Anderson wrote: FreeBSD 4.7-RELEASE is nice.. I'm so close, yet so far. Has anyone messed with the ucom stuff yet? Does anyone know the correct way to use it? I thought I'd just slap some stuff in my kernel: device uplcom device uvscom device uvisor device ucom0 at ugen? port ? remove the at ugen? port ? and then add the Palm to usbd.conf. We still have issues with pilot-link, but David Desrossier(sp?) is working on them. David has a USB motherboard/Processor I supplied to work on these issues. I'm assuming here you have a M5xx Palm. LER build it, install it, and I'd be happy. No luck. Here's what I get when I hit the sync button: Oct 11 08:29:13 electron /kernel: ucom0: Palm, Inc. Palm Handheld, rev 1.00/1.00, addr 2 Oct 11 08:29:13 electron /kernel: ucom0: Palm, Inc. Palm Handheld, rev 1.00/1.00, addr 2 Oct 11 08:29:13 electron /kernel: ucom0: init failed, STALLED Oct 11 08:29:13 electron /kernel: device_probe_and_attach: ucom0 attach returned 6 Oct 11 08:29:13 electron /kernel: ugen0: Palm, Inc. Palm Handheld, rev 1.00/1.00, addr 2 I couldn't find any docs on it, so once I get this figured out, you can imagine what I'll be writing up. Eric -- -- Eric AndersonSystems Administrator Centaur Technology Skydiving - safer than the stock market. -- To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
IPFW2 on 4.7-RELEASE
Hi, Has anyone got IPFW2 working on 4.7-RELEASE? I've been using IPFW/natd successfully since 4.2 but my attempts to do the same with IPFW2 have failed. I added IPFW2=true to /etc/make.conf and options IPFW2 to my kernel config then rebuilt libalias, ipfw and my kernel. At boot I get the message output that natd has started but the boot process then stops at the point where it previously output Firewall Logging=YES to the console. My buildworld/installworld/mergemaster/MAKEDEV/buildkernel/installkernel etc. all executed without problems and things work as before using IPFW. Does anyone have any ideas or suggestions as to what's happening here? Regards, Neil Darlow M.Sc. -- Hardware/Software Design Consultants http://www.darlow.co.uk/ ICQ: 135505456 E-Mail, Jabber, MSNM: see following GPG identity 1024D/531F9048 1999-09-11 Neil Darlow [EMAIL PROTECTED] Key fingerprint = 359D B8FF 6273 6C32 BEAA 43F9 E579 E24A 531F 9048 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
How UNIX was built?
Hi There, Is there some doc with Unix architecture/design? Is there some doc comparing BSD-UNIX with Windows Server? Thanks in advance Ricardo Dimov [EMAIL PROTECTED] fone: +55 (19) 3287 4718 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
IPsec AH tunneling from Windows/Linux clients to FreeBSD server
Hi, I need to setup FreeBSD IPSec servers to accept IPSec connections from BSD, Windows and Linux clients. AH is required on the line ESP would be nice to have. PPTP should not be used. The clients and the server are _not_ on the same subnet, i.e. traffic must be routed. To make things a bit more complicated, the clients need to authenticate themselves with X.509 certificates against the server. The clients are not known in advance and may have dynamic IP addresses. However, their certificate will be registered. Is this possible? As far as my research and browsing through various documentation and howtos goes, I've came to the following conclusion. Please verify if my assumptions are correct and/or provide addiotional hints. - ESP knows tunnel and transport mode. W2K is not able to do the real tunnel mode, but requires PPTP for this, but transport mode should work fine. - But, since clients and IPSec gateway (server) is not on the same subnet, I guess it requires a tunnel? Is this correct? - For AH, there is a tunnel mode but there seems to be an old (or outdated) mode. Does Windows support this? Which one would work? - Racoon seems to be able to negotiate any AH/ESP policy with various encryption/hashing algorithms. But some combinations may not work. Are these known? - If I need tunneling, how can the tunnels be set up dynamically? I guess there are pieces of software around called tunnelbroker (mainly for IPv6/IPv4 tunnels?), could such a service be used? Here is what I tried first, to get things started at all: I followed the detailed instructions on: http://www.daemonnews.org/200101/ipsec-howto.html This seems to setup a IPsec ESP connection in transport mode between a W2K client and a FreeBSD server with KAME/racoon. From Racoon's debug output, the key negotiation failed due to: [..] 2002-10-11 16:04:54: DEBUG: isakmp.c:218:isakmp_handler(): === 2002-10-11 16:04:54: DEBUG: isakmp.c:219:isakmp_handler(): 60 bytes message received from 10.0.1.1[500] 2002-10-11 16:04:54: DEBUG: plog.c:193:plogdump(): 6a0d27c6 e59016ae 32b789d3 43e5bec8 05100201 003c 95e30fad 7b60d5cb 6425d731 c76cfa32 56c4eabb 7b2bd6e3 27f3619f e783d9dc 2002-10-11 16:04:54: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin. 04:54.152226 10.0.1.1:500 - 10.0.2.1:500: isakmp 1.0 msgid cookie 6a0d27c6e59016ae-32b789d343e5bec8: phase 1 ? ident[E]: [|id] 2002-10-11 16:04:54: DEBUG: isakmp.c:396:isakmp_main(): malformed cookie received or the spi expired. [..] I'm not sure where to locate the nature of the problem of this very simple setup, which is still far from my requirements (this uses also a 'pre-shared-key' instead of certs). Any more references or hints greatly appreciated. Best regards, Daniel -- IRCnet: Mr-Spock - Cool people don't move, they just hang around. - Daniel Lang * [EMAIL PROTECTED] * ++49 89 289 18532 * http://www.leo.org/~dl/ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
a diff kernel MAKE failed
make install has now failed, claiming permission denied, i found the solution to that to be setting the kern_secure_level=n being currently higher than 1 i reset the kerne secure level to =0 in the rc.conf file, and upon reboot, noticed that the very last line upon reboot, it had a line that told me kern_secure_level 0 reset to kern_secure_level='1' and as a result the make install still would not work, what in the world reset the kern level to 1 again when it is in the .conf file as 0? Don To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: At wits end with tekram
Stephen Hovey [EMAIL PROTECTED] writes: I have a 390u2w that randomly crashes a heavy load server - it has a mix of scsi-2 on 1 bus, and 1 large lvd on the other. I put in the driver from the tekram site, and it helped (the default ncr0 crashed quick and often).. but it still crashes. I disabled tagged queueing - no difference. So Im about done with it. Anyone else using this tekram card that would have any tips? Failing this - is adaptec 29160 cards supported under fbsd 3.2? Have you tried the sym(4) driver? It might not be in 3.2, though, so an upgrade might be in the cards. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: How UNIX was built?
http://www.aw.com/catalog/academic/product/1,4096,0201549794,00.html? type=PRE Cheers, Kevin Kinsey DaleCo, S.P. - Original Message - From: Ricardo Dimov [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 11, 2002 9:44 AM Subject: How UNIX was built? Hi There, Is there some doc with Unix architecture/design? Is there some doc comparing BSD-UNIX with Windows Server? Thanks in advance Ricardo Dimov [EMAIL PROTECTED] fone: +55 (19) 3287 4718 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: At wits end with tekram
Have you tried the sym(4) driver? It might not be in 3.2, though, so an upgrade might be in the cards. Its not in 3.2 :( To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
FreeBSD IT help needed, Corona CA
Sorry if this is not the correct list, but I didn't know where else to post this. Our company needs an IT person with FreeBSD, networking and Windows XP experience for a part time position in Corona, CA area. Email me if interested. Jim Durham To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
2-Sélection des sites packaging vous concernant(pour ajout à vos favoris) .
Comme suite à l'analyse de vos besoins en PACKAGING , et en PLV , vous trouverez la plupart des réponses à vos questions sur les sites suivants , sélectionnés par les principaux moteurs de recherche : - www.boutaux.com : site de présentation packaging - très convivial - avec photos et mini-CV des interlocuteurs en mesure de répondre à vos demandes . - www.boutaux.fr : site technique - indispensable - avec toutes les spécifications , en ligne , pour concevoir un nouveau packaging . - www.boutaux.net : site de télé-commerce - extremement utile - avec toute une gamme de packaging standard , accessible en ligne . - www.eph-thermoformage.com : site - complémentaire - de présentation d'emballages thermoformés (blisters , cales , plateaux etc.) - www.lpp-polymer.com: le seul site qui diffuse , en ligne , des informations sur les materiaux et materiels, pour les finitions imprimees , entre autres ...( fonctionne comme un véritable portail) . Convaincus que ces informations vous feront gagner un temps precieux, bonne réception et n' hésitez pas à nous consulter de nouveau. Le webmaster To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Athlon XP motherboards that work well with FreeBSD
On Thu, 10 Oct 2002, Corey Holcomb-Hockin wrote: I've been having trouble with my a7a-133. I had trouble with XFree86, and with a tv card. I'd like to know some motherboards that work well with FreeBSD? Someone didn't have the same troubles with soltek SL-75DRV2 http://www1.soltek.com.tw/English/product/75drv2.htm I've bought asus card because my hp pavillion had a asus card with a via chipset. I read after that they don't document their boards so that open source developers can support all the features easily. Whats a more open motherboard brand? Are Via chipsets the best supported? The card I'm having trouble with has a acer chipset. The A-Open AK77Pro runs very nicel with 4.6.2. I'm using vinum in Raid 1 on it and it's greased lightning. A friend who owns an ISP is using it all over his plant also. -Jim To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Stand-alone or combo web server/gateway
I recently setup two FreeBSD machines. One a dual-homed gateway running natd and ipfw of course, the other a web server running apache2. The dual-homed gateway is hooked up to an ADSL Internet connection, and the web server sits behind the gateway machine, and has all port 80 traffic forwarded to it through natd. Both machines are Pentium II's 350/400-MHz with 64MB RAM. Now that it's all together, I'm questioning this setup. I realize now, I could have used just one machine to do everything, especially considering my Internet connection. I'm guessing the latency added by having the web server behind the gateway is insignificant, and of no significance to anyone pulling data from the web server down the 640Kbps pipeline! -- correct? Is there any major security, or other advantages to Keeping these machines separate? The one thing I thought of was that if the web server was down, the two other computers (Yup, only two!) that access the Internet through the gateway machine, can still get on the Internet! Any suggestions? Was this setup overkill (at least I didn't go for a GB backbone with an ADSL connection :) To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: how to kill nfs-blocked process
In the last episode (Oct 11), Roman Neuhauser said: -R Set the mount retry count to the specified value. The default is a retry count of zero, which means to keep retrying forever. There is a 60 second delay between each attempt. this is probably what you're missing. works for me. -s A soft mount, which implies that file system calls will fail after Retry round trip timeout intervals. I never noticed this, but this feels wrong :) What's the difference between no options and just -s, then? Or the difference between -R10 and -R10 -s ? It seems like -s is a no-op. -- Dan Nelson [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
dsp busy error
When I try and use the sound port, I get this error; /dev/dsp: Device busy audio: Device busy I could restart the machine, but I wondered how I would go about fixing this without restarting the machine. ~ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: dsp busy error
David Banning wrote: When I try and use the sound port, I get this error; /dev/dsp: Device busy audio: Device busy I could restart the machine, but I wondered how I would go about fixing this without restarting the machine. I had this problem under 4.6.2, never did find a way to fix it other than restart. Upgrade to STABLE, it should go away. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
CDROM boot time fsck
Hello - I happened to reboot my server last night without a disk in one of the cdrom drives. It caused the startup process to halt, dropping me to a shell prompt as it tried to fsck the volume. Wasn't happy proceeding until I fed the drive a disk. In my environment this is A Bad Thing; there may be a disk in there or not, I need the freaking server to come up and start running regardless. I checked my fstab, and the cdroms are listed thusly: /dev/acd0c /cdrom cd9660 ro,auto 0 0 /dev/acd1c /cdrom1 cd9660 ro,auto 0 0 Looking at the man page, the last column indicates the fsck type, and 0 is supposed to mean that the device doesn't need to be checked during startup. Am I doing something wrong, or is something broken? 4.6.2-STABLE, BTW. KeS To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: CDROM boot time fsck
Hello - I happened to reboot my server last night without a disk in one of the cdrom drives. It caused the startup process to halt, dropping me to a shell prompt as it tried to fsck the volume. Wasn't happy proceeding until I fed the drive a disk. In my environment this is A Bad Thing; there may be a disk in there or not, I need the freaking server to come up and start running regardless. I checked my fstab, and the cdroms are listed thusly: /dev/acd0c /cdrom cd9660 ro,auto 0 0 /dev/acd1c /cdrom1 cd9660 ro,auto 0 0 Looking at the man page, the last column indicates the fsck type, and 0 is supposed to mean that the device doesn't need to be checked during startup. Am I doing something wrong, or is something broken? 4.6.2-STABLE, BTW. I think you also want to make it 'noauto' rather than 'auto'. With the auto, you are telling it to try and mount the device and since there is no disk in, it can't. jerry KeS To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: CDROM boot time fsck
On Fri, 11 Oct 2002, Jerry McAllister wrote: I happened to reboot my server last night without a disk in one of the cdrom drives. It caused the startup process to halt, dropping me to a shell prompt as it tried to fsck the volume. Wasn't happy proceeding until I fed the drive a disk. In my environment this is A Bad Thing; there may be a disk in there or not, I need the freaking server to come up and start running regardless. I checked my fstab, and the cdroms are listed thusly: /dev/acd0c /cdrom cd9660 ro,auto 0 0 /dev/acd1c /cdrom1 cd9660 ro,auto 0 0 Looking at the man page, the last column indicates the fsck type, and 0 is supposed to mean that the device doesn't need to be checked during startup. Am I doing something wrong, or is something broken? 4.6.2-STABLE, BTW. I think you also want to make it 'noauto' rather than 'auto'. With the auto, you are telling it to try and mount the device and since there is no disk in, it can't. Hmm. I thought of that, but realistically wouldn't you WANT your cdroms to be automount for just that reason - they're removable media, for pete's sake. I'm coming from a Solaris background, where this is handled completely differently. I guess I'm looking for the best practice method. KeS To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Jakarta-tomcat4
Where can I get help installing Jakarta-tomcat4? Everything installs fine, but I get an elf binary error when I try to start the daemon. Any help would be appriciated. -tom To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: How UNIX was built?
At Fri, 11 Oct 2002 it looks like Ricardo Dimov composed: Hi There, Is there some doc with Unix architecture/design? Is there some doc comparing BSD-UNIX with Windows Server? Well, I'm sorry I can't provide you with that answer but until then the following image is quite reflective of the life of Unix. http://forwardslashunix.com/history.jpg -- |---Word-Wrap-At-72-Please---| Bill Schoolcraft PO Box 210076 -o) San Francisco CA 94121 /\ UNIX, A Way Of Life._\_v http://forwardslashunix.com/raw To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: How UNIX was built?
You could also take a look at the first chapter of the The Design of the Unix Operating System by Bach. This chapter has a pretty decent section on the history of Unix. Weston On Friday 11 October 2002 02:44 pm, Ricardo Dimov wrote: Hi There, Is there some doc with Unix architecture/design? Is there some doc comparing BSD-UNIX with Windows Server? Thanks in advance Ricardo Dimov [EMAIL PROTECTED] fone: +55 (19) 3287 4718 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: fxp, xl, rl device timeouts
I am receiving several: fxp0: device timeout xl0: watchdog timeout rl0: watchdog timeout man fxp, man rl...Problem with the network connection, cable. Do you have any other machines on the same network having similar problems? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: CDROM boot time fsck
On Fri, 11 Oct 2002, Cliff Sarginson wrote: /dev/acd0c /cdrom cd9660 ro,auto 0 0 /dev/acd1c /cdrom1 cd9660 ro,auto 0 0 Looking at the man page, the last column indicates the fsck type, and 0 is supposed to mean that the device doesn't need to be checked during startup. Am I doing something wrong, or is something broken? 4.6.2-STABLE, BTW. I think you also want to make it 'noauto' rather than 'auto'. With the auto, you are telling it to try and mount the device and since there is no disk in, it can't. Hmm. I thought of that, but realistically wouldn't you WANT your cdroms to be automount for just that reason - they're removable media, for pete's sake. I'm coming from a Solaris background, where this is handled completely differently. No,no. Automount makes no sense at all, it means you have to have a CD in there, also what if you are using a CD without a filesystem on it ? E.g. one you have dd'ed something to. Ok, then. Thanks very much for the help, guys! KeS To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: dsp busy error
At Fri, 11 Oct 2002 it looks like Chris Snyder composed: David Banning wrote: When I try and use the sound port, I get this error; /dev/dsp: Device busy audio: Device busy I could restart the machine, but I wondered how I would go about fixing this without restarting the machine. I had this problem under 4.6.2, never did find a way to fix it other than restart. Upgrade to STABLE, it should go away. I can only speak from experience here but in using mpg123 with a directory full of *.mp3 files I had to do a script that first killed artsd then ran my mpg123 script. While *inside* the music directory with a list of the mp3 files inside the text file called playlist.lst I run a script called go and all works well. I run this out of command line. #!/bin/sh # for i in `ps -auxw|grep artsd|grep -v grep|awk '{print $2}'`; do kill -9 $i; done mpg123 -v -v -Z -@ playlist.lst -- |---Word-Wrap-At-72-Please---| Bill Schoolcraft PO Box 210076 -o) San Francisco CA 94121 /\ UNIX, A Way Of Life._\_v http://forwardslashunix.com/raw To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: CDROM boot time fsck
On Fri, 11 Oct 2002, Cliff Sarginson wrote: /dev/acd0c /cdrom cd9660 ro,auto 0 0 /dev/acd1c /cdrom1 cd9660 ro,auto 0 0 Looking at the man page, the last column indicates the fsck type, and 0 is supposed to mean that the device doesn't need to be checked during startup. Am I doing something wrong, or is something broken? 4.6.2-STABLE, BTW. I think you also want to make it 'noauto' rather than 'auto'. With the auto, you are telling it to try and mount the device and since there is no disk in, it can't. Hmm. I thought of that, but realistically wouldn't you WANT your cdroms to be automount for just that reason - they're removable media, for pete's sake. I'm coming from a Solaris background, where this is handled completely differently. No,no. Automount makes no sense at all, it means you have to have a CD in there, also what if you are using a CD without a filesystem on it ? E.g. one you have dd'ed something to. Ok, then. Thanks very much for the help, guys! CDs aren't necessarily mounted to use. Only if they have a file system are they mounted. Otherwise they are read directly in some fashion (depending on what they are, data file, music, etc). If you have auto there, it means that it will try and mount a file system from that device to whatever mount point you specify whenever a mount -a is done. Since there is often not a Cd with a file system on it in the drive you don't want it to be auto. You or your script or whatever you are using needs to do the mount specifically when you know a Cd with file system is there. It doesn't mean quite the same thing as autostart when you plug in a CD. I seem to remember some sort of similar distinction made in Solaris too though it has been quite a while and they like to have all these GUI things in Solaris to prevent you from knowing what is going on so it may not look like it any more. jerry KeS To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: a diff kernel MAKE failed
Don [EMAIL PROTECTED] writes: make install has now failed, claiming permission denied, i found the solution to that to be setting the kern_secure_level=n being currently higher than 1 i reset the kerne secure level to =0 in the rc.conf file, and upon reboot, noticed that the very last line upon reboot, it had a line that told me kern_secure_level 0 reset to kern_secure_level='1' and as a result the make install still would not work, what in the world reset the kern level to 1 again when it is in the .conf file as 0? init(8). See the man page, but the short answer is that you'll need to set securelevel to -1 to keep init from kicking it up to 1. Or you could remove the schg flag in single-user mode. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: PCMCIA NETWORK CARD
I have installed FREEBSD 4.5 on toshiba satellite 4100 and would like to know what type PCMCIA network will work with it http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/x2918.html To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Data transmission
Hi all I have question about data transmission speed in the network card When each request coming from outside, the data transmission speed in the network is recorded just 64K Can I increase this speed? and how can I do it? Thank you very much for your help ___ Do You Yahoo!? Get your free @yahoo.com.hk address at http://mail.english.yahoo.com.hk To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Athlon XP motherboards that work well with FreeBSD
At 08:18 10/11/2002, John Bleichert, wrote: On Thu, 10 Oct 2002, W. D. wrote: Does anyone know what motherboards will work with an AMD chip(s) in a 1U rack mount server case? Have you found a HowTo on rolling your own rackmount? I'd love to see it. I've been considering one of these for my house: http://eracks.com/eRacks/products/config?sku=PREMIUM Nice! Here are some monsters that would be nice to have if they worked with FreeBSD: http://www.ApPro.com/1124.html http://www.DualAthlonServers.com/103multiview/ Start Here to Find It Fast!© - http://www.US-Webmasters.com/best-start-page/ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
IPsec Tunneling (VPN) from WIN2K (client) to FreeBSD (Server)
Subject: IPsec Tunneling (VPN) from WIN2K (client) to FreeBSD (Server) Hello all, I hope you can understand how desperate I am to figure out what to do. I need to enable tunnels from my laptop running Windows 2000 Pro to my FreeBSD 4.6. I have a Cable Modem link to the Internet and for my firewall and NAT router I use a D-Link 707 Residencial Router capable of allowing VPN using IPsec 'only'. -- VPN Sever Gateway | | ------| | 192.168.0.3 192.168.0.1 --- Internet | ------| | FreeBSD 4.6 xxx.xxx.xxx.xxx | | -- -IPsec Enabled IPsec: | -Running Racoon-ESP mode| -Setkey-In Tunnel Mode (DUH!) | -OpenSSL Certificates -DES encryption | -psk.txt -ESP mode with no encapsulation | -VPN Sever: PoPToPt-no Integrity| -Pre-Shared keys | | | | Client | - | 192.168.0.226 ---| - Windows 2000 Pro -IPsec enabled -Certificate Install As this diagram explains I'm running FreeBSD 4.6 with PoPToP, Racoon for sharing keys and IPsec enabled in the Kernel. The gateway/NAT router allows IPsec VPN with DES encryption in ESP mode with no encapsulation, no Integrity, in Tunnel mode and using a pre-shared key. I don't know what no Integrity means neither why ESP cannot encapsulate. Please, help me in anyway you can. Point me to any webpages you think will help me. THIS IS WHAT I HAVE DONE SO FAR: - PoPToP works. In its bare bones without IPsec policies and racoon's deamon turned off I can connect 'directly' to the server from within the LAN. - Racoon has been installed. - I have searched the Internet and followed various HOWTO's but none of the are based on the scheme I'm using. Usually they involve two FreeBSD machines, a Windows 2000 Server, etc. - I have read the FreeBSD Handbook Section on IPsec, setkey man pages and racoon man pages. - Tried several times to set the security policies in both machines and connect but the results are worse everytime. - A set of certificates have been made and installed. I followed a guide that made me create OpenSSL certificates and installed them, but I can't quite figure out when they come into play. My major problem has been setting up the Security Policies in both Machines. I think that's the step that's causing me all this trouble. The most confusing thing to me is why there is no way of editing the security policies in the Gateway. Please, excuse my ignorance and I appreciate all the help I can recieve. MrWebby ---BeginMessage--- Hello all, I hope you can understand how desperate I am to figure out what to do. I need to enable tunnels from my laptop running Windows 2000 Pro to my FreeBSD 4.6. I have a Cable Modem link to the Internet and for my firewall and NAT router I use a D-Link 707 Residencial Router capable of allowing VPN using IPsec 'only'. -- VPN Sever Gateway | | ------| | 192.168.0.3 192.168.0.1 --- Internet | ------| | FreeBSD 4.6 xxx.xxx.xxx.xxx | | -- -IPsec Enabled IPsec: | -Running Racoon-ESP mode| -Setkey-In Tunnel Mode (DUH!) | -OpenSSL Certificates -DES encryption | -psk.txt -ESP mode with no encapsulation | -VPN Sever: PoPToPt-no Integrity| -Pre-Shared keys | | | | Client |
Re: Re: Athlon XP motherboards that work well with FreeBSD
-Original Message- From: Jim Durham [EMAIL PROTECTED] To: Corey Holcomb-Hockin [EMAIL PROTECTED] Date: Fri, 11 Oct 2002 16:04:33 + (GMT) Subject: Re: Athlon XP motherboards that work well with FreeBSD On Thu, 10 Oct 2002, Corey Holcomb-Hockin wrote: I've been having trouble with my a7a-133. I had trouble with XFree86, and with a tv card. I'd like to know some motherboards that work well with FreeBSD? Someone didn't have the same troubles with soltek SL-75DRV2 http://www1.soltek.com.tw/English/product/75drv2.htm I've bought asus card because my hp pavillion had a asus card with a via chipset. I read after that they don't document their boards so that open source developers can support all the features easily. Whats a more open motherboard brand? Are Via chipsets the best supported? The card I'm having trouble with has a acer chipset. The A-Open AK77Pro runs very nicel with 4.6.2. I'm using vinum in Raid 1 on it and it's greased lightning. A friend who owns an ISP is using it all over his plant also. -Jim ** I noticed someone else in this thread replying that his A7A-133 worked OK. I have an ASUS A7V333 that works very nicely. Have you considered that it may just be XFree or video card problems and not the motherboard? Specifically, what problems are you having? Jud To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Stand-alone or combo web server/gateway
This might be a theme seen on freebsd-security. The layered onion approach is preached as classic and important, i.e., they have to get root on the gateway first, and then they still shouldn't have the ability to break into the webserver, at least not yet, although they'd have a good platform. There'd be a lot of quid pro quos, though --- no similar passwords, no rhosts, etc., etc., etc. I think your setup sounds OK. An added advantage might be this: pass all port 80 traffic to the webserver, but keep apache (or whatever) available on the gateway...then, if you need to go down (say, during installworld in single-user) or when you're installing the latest and most secure webserver on the www box, you could just have a basic page on the gw that says we'll be back in a few... and tell natd to keep the #80 packets right there for the time being. I might save up some pennies (heh!) for another RAM chip or two, though, if you figure to get lots of traffic (probably you don't, on DSL, but who knowz?) Cheers, Kevin Kinsey DaleCo, S.P. - Original Message - From: James Earl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 11, 2002 11:23 AM Subject: Stand-alone or combo web server/gateway I recently setup two FreeBSD machines. One a dual-homed gateway running natd and ipfw of course, the other a web server running apache2. The dual-homed gateway is hooked up to an ADSL Internet connection, and the web server sits behind the gateway machine, and has all port 80 traffic forwarded to it through natd. Both machines are Pentium II's 350/400-MHz with 64MB RAM. Now that it's all together, I'm questioning this setup. I realize now, I could have used just one machine to do everything, especially considering my Internet connection. I'm guessing the latency added by having the web server behind the gateway is insignificant, and of no significance to anyone pulling data from the web server down the 640Kbps pipeline! -- correct? Is there any major security, or other advantages to Keeping these machines separate? The one thing I thought of was that if the web server was down, the two other computers (Yup, only two!) that access the Internet through the gateway machine, can still get on the Internet! Any suggestions? Was this setup overkill (at least I didn't go for a GB backbone with an ADSL connection :) To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: IPsec Tunneling (VPN) from WIN2K (client) to FreeBSD (Server)
On Fri, 11 Oct 2002, MrWebby wrote: I need to enable tunnels from my laptop running Windows 2000 Pro to my FreeBSD 4.6. I have a Cable Modem link to the Internet and for my firewall and NAT router I use a D-Link 707 Residencial Router capable of allowing VPN using IPsec 'only'. -- VPN Sever Gateway | | ------| | 192.168.0.3 192.168.0.1 --- Internet | ------| | FreeBSD 4.6 xxx.xxx.xxx.xxx | | -- -IPsec Enabled IPsec: | -Running Racoon-ESP mode| -Setkey-In Tunnel Mode (DUH!) | -OpenSSL Certificates -DES encryption | -psk.txt -ESP mode with no encapsulation | -VPN Sever: PoPToPt-no Integrity| -Pre-Shared keys | | | | Client | - | 192.168.0.226 ---| - Windows 2000 Pro -IPsec enabled -Certificate Install The D-Link Router (gateway in the diagram) is performing NAT, correct? Is your laptop (Client) behind NAT as well? Your diagram does not make this entirely clear. However, assuming the above two questions are true, then that is your problem right there. IPSec will not work behind NAT, since the packets are altered by the NAT gateway. Make sense? In such a scenario, the gateway itself should become your IPSec server. The same goes for your client, assuming it is behind a NAT gateway as well. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Problems getting an ICH soundcard working under 4.7
I have a friend installing FreeBSD for the first time on his HP Pavilion 7800 with integrated ICH soundcard. The card is supported by the snd_ich module, however, it fails to detect the card at boot. dmesg reports the card as: chip1: Intel 82801AA (ICH) AC'97 Audio Controller port 0x1300-0x133f,0x1200-0x12ff irq 0 at device 31.5 on pci0 Note the irq 0. I've done everything I can to enable the soundcard and disable plug'n'play in the BIOS. Nothing works. I have a feeling that's why the card isn't detected. Here is the pciconf info: chip1@pci0:31:5:class=0x040100 card=0x56438086 chip=0x24158086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' device = '82801AA 8xx Chipset AC'97 Audio Controller' class= multimedia subclass = audio Anyone have any ideas? Thanks. Joe -- PGP Key : http://www.marcuscom.com/pgp.asc To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: NFS rules for ipfw
Straining for clues here. Maybe needs to be keep-state rules? We should probably RTFM and/or do a little other research on what ports NFS is using, and how it's using them, etc. Have you done any packet sniffing on your LAN to see what's happening when the FW is blocking NFS? Cheers, Kevin Kinsey DaleCo, S.P. - Original Message - From: Mark [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 11, 2002 3:09 PM Subject: NFS rules for ipfw Hello! I've got a little server here that is acting as a nat/router and firewall to connect our home to the internet. i would, in addition, like to run NFS on this machine so that computers on the internal network can share disks from it . (Yes, I realize this is sub-optimal and an NFS server should theoretically be a separate machine, but there are cost and space issues here ...) The problem is, I have a simple firewall up and running on this machine that prevents the internal machines from connecting to the server via NFS. (I've already verified changing the firewall to open allows NFS client access). My Question is: Is there a set of rules I can add to the server to allow NFS clients from the LOCAL network only, but still prevent NFS requests from the outside net? I've tried things like: ${fwcmd} add pass udp from ${inet}:${imask} to ${iip} 2049 ${fwcmd} add pass tcp from ${inet}:${imask} to ${iip} 2049 and similar rules for port 369 (RPC2) and 111 (Sun RPC), but without any luck -- client machines always give RPC Timed Out messages on mounts or any other request. Any suggestions? Thanks, Mark. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message