How much disk space is required when installing FreeBSD 4.7R?
I am installing a FreeBSD distribution for the first time. My current system runs Windows 98 from a single partition 4GB hard drive. I intend to make my system dual boot Windows and FreeBSD. I have shrunk the existing partition to around 3GB using Partition Magic and left just over 1GB for FreeBSD. The documentation suggests that around 100MB is sufficient for a minimal installation with more required if you want other utilities like a graphical interface. I have experimented with various sizes when partitioning the FreeBSD slice. I started by using the Auto defaults which allocated 128MB for the / file system, over 400MB for swap space (based on my 256MB real memory?!), some other large allocations for the /var, and /tmp file systems, leaving only just over 80MB for /usr. I have also tried manually allocating 150MB for root, 50MB for swap, 100MB for /var, 100MB for /tmp and the remaining 600MB for /usr. I tried installing various canned distributions using these different space allocations. I started with 'All' files and worked my way down to 'minimal' installation. The source of the distributions was a CD-ROM burned from a downloaded copy of disc1.iso. Every attempt started by 'Extracting bin into / directory' and then gave the error message... Write failed on transfer! (wrote -1 bytes of 240640 bytes) /kernel : pid 254 (cpio), uid 0 on /usr : file system full. Only the 'minimal' distribution completed, though it did report some file system full messages, but at least it allowed me to boot FreeBSD 4.7R. Every other attempt to install a larger distribution failed. I want to install at least an 'average user' distribution including X Windows. I would like to understand the following points... Is 1GB of disk space enough to install FreeBSD? If so, what type of canned distribution should fit in 1GB of disk space? How should the slice be partitioned into file systems and swap space given that I will be running in single user mode? Apologies for the length of this mail but I was advised to give as much context as possible when posting messages. Thanks in advance for any advice which will help me get a clean installation. I would like to understand the following points... What flavour of the canned distributions should I be able to fit into 1GB of disk space? Is 1GB eno _ Use MSN Messenger to send music and pics to your friends http://messenger.msn.co.uk To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
PCMCIA controller/card problem
Hello, All! I've got a problem with configuring PCMCIA on my laptop (Toshiba Tecra700CT, very old model). The FreeBSD kernel detects PCMCIA controller successfully. pccardd starts, and even detects card insertion/removal, but says that no card in database for (null)/(null). So, it seems to be unable to retrieve card manufacturer and model from PCMCIA controller. This occurs on both 4.7-STABLE and 5.0-RELEASE. Both controller and card are working OK under Windoze. So, this is definitely not a hardware problem. Thanks in advance. -- regards, Akifyev Sergey [EMAIL PROTECTED] JSC Gascom http://www.gascom.ru PGP key available from: ftp://ftp.gascom.ru/pub/PGP-keys/asa.txt signature.asc Description: This is a digitally signed message part
X server for Windows
Hi, I need to connect to my FreeBSD box from a Windows PC using some kind of X server for Windows. I was wondering if someone could be so kind and give me a few recommendations? I only need a simple server, no print or stuff - just the plain (vnc-like) thing. Thanks! /Andreas --- Andreas Widerøe Andersen [EMAIL PROTECTED] Pragma AS http://www.pragma.no To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: X server for Windows
Friday, January 31, 2003, 3:55:02 AM, you wrote: AWA Hi, AWA I need to connect to my FreeBSD box from a Windows PC using some kind of X AWA server for Windows. I was wondering if someone could be so kind and give me AWA a few recommendations? AWA I only need a simple server, no print or stuff - just the plain (vnc-like) AWA thing. AWA Thanks! AWA /Andreas AWA --- AWA Andreas Widerøe Andersen [EMAIL PROTECTED] AWA Pragma AS X-Win32 by Starnet is the nicest win32 X Server I've seen, but you have to buy it after the trial's up. If you're into hacking around at things a bit there's an X Server that'll run on cygwin (free) too. This is what I use. IIRC there's a VNCserver in ports somewhere too -- Benmailto:[EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Problem getting opera to work
I've recently installed the latest version of opera from ports and can't get it to start. Have used a couple of older versions of opera without problems. Starting with an unmodified opera installation, and no .netscape or .opera directories, running opera brings up the license window. When I agree to the license, opera dies with: INTERNAL ERROR on Browser End: Could not load libjavaplugin_oji.so: linking error=Cannot open /home/peter/.netscape/java/lib/libjavaplugin_oji.so System error?:: No such file or directory The only libjavaplugin_oji.so I can find is /usr/local/jdk1.3.1/jre/plugin/i386/ns600/libjavaplugin_oji.so and when I link it to /home/peter/.netscape/java/lib/libjavaplugin_oji.so the error message changes to: INTERNAL ERROR on Browser End: Could not load libjavaplugin_oji.so: linking error=/home/peter/.netscape/java/lib/libjavaplugin_oji.so: Undefined symbol PR_NewMonitor I had (an admittedly older version of) jdk1.3.1 loaded previously. Any suggestions on how I can get this to work? Peter To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: security settings - kerberos or ssh?
On Thu, Jan 30, 2003 at 04:09:21PM -0800, chip wiegand wrote: I am going to set up a new machine with fbsd4.7R for web use - apache, mysql, php, phpmyadmin. I will be co-locating this box at my isp's office. I would like to make sure this is as secure as possible and still be able to have direct access to upload files and maintain, pull off log files, etc. I was reading the handbook chapter on security and am not sure if I should use kerberos, which I know nothing about, or ssh. I was a little confused about the setup of kerberos in the kerberos chapter. My feeling is that ssh(1) would probably serve you better in your situation, and that Kerberos is probably overkill. ssh(1) is a standard part of a FreeBSD system and needs no extra make.conf options to enable. You can use it as a drop in replacement for rsh(1) and rcp(1) without any pre-amble, although setting up identity keys (ssh-keygen(1)) and the use of ssh-agent(1) will improve the whole experience. You'll find rsync(1) (ports net/rsync) to be a very handy tool for uploading and managing web site content, and rsync runs by default over ssh(1) on FreeBSD nowadays. Kerberos, on the other hand, seems to be designed to secure large, multi-computer sites like Universities. If you want an introduction to Kerberizing a site, take a look at: http://www.ornl.gov/~jar/HowToKerb.html although you can pretty much ignore the instructions on compiling Kerberos, as it's bundled with FreeBSD already (needs a buildworld to enable though). Kerberos and ssh aren't mutually exclusive either --- ssh can use kerberos tickets to authenticate logins, and ssh provides the ability to tunnel X sessions securely, which Kerberos lacks. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: ssh ipfw
On Thu, Jan 30, 2003 at 10:06:45PM -0500, Pete C wrote: any quick pointers for how to go about setting up ssh though ipfw on a gateway/router running nat to one of the internal machines ? (FreeBSD on both the router and internal machine) Let me guess. You've set up natd(8) on your gateway machine to forward port 22 to your internal machine --- something like: natd -redirect_port tcp internalhost:22 22 and when you connect from an external site to port 22 on the gateway, ssh rejects the connection complaining that some impostor is trying to pose as your intended target machine? Supplying this level of detail will get you much more effective answers than hinting vaguely about your problems. Two thoughts: i) If you want ssh access to your site to be redirected from the gateway to an internal machine as shown above, then you should realise that you can't mix that with direct ssh access to the gateway machine. You need to ensure that the same host key is presented to the client each time it attempts to connect to the same server name / IP number. You should set up the host keys in ~/.known_hosts or /etc/ssh/ssh_known_hosts accordingly. ii) You might find this rather useful: http://www.oreilly.com/catalog/sshtdg/chapter/ch11.html Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: ssh ipfw
Ooops. On Fri, Jan 31, 2003 at 10:51:36AM +, Matthew Seaman wrote: You should set up the host keys in ~/.known_hosts or ~/.ssh/known_hosts /etc/ssh/ssh_known_hosts accordingly. Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Problem getting opera to work
On Fri, 31 Jan 2003 20:31:00 +1100, Peter Jeremy [EMAIL PROTECTED] wrote: I've recently installed the latest version of opera from ports and can't get it to start. Have used a couple of older versions of opera without problems. Starting with an unmodified opera installation, and no .netscape or .opera directories, running opera brings up the license window. When I agree to the license, opera dies with: INTERNAL ERROR on Browser End: Could not load libjavaplugin_oji.so: linking error=Cannot open /home/peter/.netscape/java/lib/libjavaplugin_oji.so System error?:: No such file or directory The only libjavaplugin_oji.so I can find is /usr/local/jdk1.3.1/jre/plugin/i386/ns600/libjavaplugin_oji.so and when I link it to /home/peter/.netscape/java/lib/libjavaplugin_oji.so the error message changes to: INTERNAL ERROR on Browser End: Could not load libjavaplugin_oji.so: linking error=/home/peter/.netscape/java/lib/libjavaplugin_oji.so: Undefined symbol PR_NewMonitor I had (an admittedly older version of) jdk1.3.1 loaded previously. Any suggestions on how I can get this to work? - Deinstall the port. - Download the (static Qt) Linux .tgz from Opera.com, tar -xzvf in a convenient directory, and follow the instructions. Native version from ports seems to choke on Java and plugins, while the Linux port hadn't been updated since August the last time I looked. Jud To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: cannot fit anything on tape, bailing out ....
planner: FATAL cannot fit anything on tape, bailing out The directory I want to backup has 59GB. The tape has native 100GB and compressed estimated 200GB capacity. What is the length parameter in your tapetype? -- Toomas Aas | [EMAIL PROTECTED] | http://www.raad.tartu.ee/~toomas/ * If it wasn't for C, we'd be using BASI, PASAL and OBOL! To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: X server for Windows
Ben Williams schrieb: Friday, January 31, 2003, 3:55:02 AM, you wrote: AWA Hi, AWA I need to connect to my FreeBSD box from a Windows PC using some kind of X AWA server for Windows. I was wondering if someone could be so kind and give me AWA a few recommendations? AWA I only need a simple server, no print or stuff - just the plain (vnc-like) AWA thing. AWA Thanks! AWA /Andreas X-Win32 by Starnet is the nicest win32 X Server I've seen, but you have to buy it after the trial's up. If you're into hacking around at things a bit there's an X Server that'll run on cygwin (free) too. This is what I use. Could you elaborate on Cygwin, please? Is there a tutorial on setup available (for X-Server, not Cygwin)? I remember i tried this long time ago, but couldn't manage to run it. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: X server for Windows
On Fri, 2003-01-31 at 04:14, Ben Williams wrote: Friday, January 31, 2003, 3:55:02 AM, you wrote: X-Win32 by Starnet is the nicest win32 X Server I've seen, but you have to buy it after the trial's up. As a regular user of Xwin32, it's incredibly buggy and unstable compared to eXceed from Hummingbird. Adam To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
please comment on my nat/ipfw rules (resent)
hi all i have my test machine set up as a gateway box, with ipfw/natd configured on it, set up to filter/redirect packets bound for a client on my internal network. external ip of my internal client is aliased to the outside nic of the gateway box gateway machine's kernel has been recompiled with: options IPFIREWALL options IPDIVERT options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE gateway's /etc/rc.conf looks like defaultrouter=129.x.x.1 hostname=hostname.com ifconfig_xl0=inet 129.x.x.1 netmask 255.255.255.0 #aliasing internal client's ip to the outside nic of gateway box ifconfig_xl0_alias0=inet 129.x.1.20 netmask 255.0.0.0 #inside nic of gateway box ifconfig_xl1=inet 10.0.0.1 netmask 255.0.0.0 gateway_enable=YES firewall_enable=YES #firewall_script=/etc/rc.firewall firewall_type=/etc/ipfw.rules natd_enable=YES #natd interface is outside nic natd_interface=xl0 #natd flags redirect any traffic bound for ip of www3 to internal ip of www3 natd_flags=-redirect_address 10.0.0.2 129.x.x.20 kern_securelevel_enable=NO . internal client's /etc/rc.conf looks like second machine's /etc/rc.conf: defaultrouter=10.0.0.1 ifconfig_xl0=inet 10.0.0.2 netmask 255.0.0.0 looks like this setup is working. the internal client is a basic webserver/ftp server. i am able to ftp to it, ssh to it, view webpages that it serves up, etc. with it hooked up to the internal nic of the gateway box. i am now trying to come up with a good set of firewall rules on the gateway box to filter out all unnecessary traffic to my internal network. the following is my /etc/ipfw.rules on the gateway box. -snip-- # firewall_type=/etc/ipfw.rules # enquirer ipfw.rules # NAT add 00100 divert 8668 ip from any to any via xl0 # loopback add 00210 allow ip from any to any via lo0 add 00220 deny ip from any to 127.0.0.0/8 add 00230 deny ip from 127.0.0.0/8 to any #allow tcp in for nfs shares #add 00301 allow tcp from 129.x.x.x to any in via xl0 #add 00302 allow tcp from 129.x.x.x to any in via xl0 #allow tcp in for ftp,ssh, smtp, httpd add 00303 allow tcp from any to any in 21,22,25,80,1 via xl0 #deny rest of incoming tcp add 00309 deny log tcp from any to any in established #from man 8 ipfw: allow only outbound tcp connections i've created add 00310 allow tcp from any to any out via xl0 #allow udp in for gateway for DNS add 00300 allow udp from 10.0.0.0/24 to 129.105.49.1 53 via xl0 #allow udp in for nfs shares #add 00401 allow udp from 129.x.x.x to any in recv xl0 #add 00402 allow udp from 129.x.x.x to any in recv xl0 #allow all udp out from machine add 00404 allow udp from any to any out via xl0 #allow some icmp types (codes not supported) ##allow path-mtu in both directions add 00500 allow icmp from any to any icmptypes 3 ##allow source quench in and out add 00501 allow icmp from any to any icmptypes 4 ##allow me to ping out and receive response back add 00502 allow icmp from any to any icmptypes 8 out add 00503 allow icmp from any to any icmptypes 0 in ##allow me to run traceroute add 00504 allow icmp from any to any icmptypes 11 in add 00600 deny log ip from any to any #--- end ipfw.rules ---# -snip-- any comments on how i could improve this set of ipfw rules to better secure my internal client would be appreciated. thanks again redmond msg17337/pgp0.pgp Description: PGP signature
Re: X server for Windows
Subject: Re: X server for Windows On Fri, 2003-01-31 at 04:14, Ben Williams wrote: Friday, January 31, 2003, 3:55:02 AM, you wrote: X-Win32 by Starnet is the nicest win32 X Server I've seen, but you have to buy it after the trial's up. As a regular user of Xwin32, it's incredibly buggy and unstable compared to eXceed from Hummingbird. Adam - Original Message - I can wholeheartedly recommend Hummingbird - Exceed. Have used it in a training environment also at home work, finding it most excellent ;-) Chris Phillips (furrie) intY has scanned this email for all known viruses (www.inty.com) To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Hospedagem profissional de domínios e sites
Esta mensagem está sendo enviada em resposta ao cadastro do seu e-mail em sites associados. _ HOSPEDAGEM PROFISSIONAL DE DOMÍNIOS E SITES Servidores com plataformas: Windows - Unix A VirtualServ oferece o mais completo plano de hospedagem profissional do mercado. Todas as possibilidades disponíveis hoje na WEB num só plano. O melhor servidor, a melhor conexão, o melhor suporte e recursos ilimitados. Nosso serviço é top de linha entre os melhores servidores e temos como objetivo a sua satisfação e confiança. Visite-nos: http://virtualserv.com _ PAINEL DE CONTROLE - CPANEL O painel de controle oferecido pela VirtualServ simplifica todos os comandos Unix em uma interface gráfica intuitiva e fácil de usar, agilizando a manutenção de sua conta. Disponibilizamos essa ferramenta para todos os clientes. _ LOJA VIRTUAL GRÁTIS Adquirindo o plano de hospedagem profissional da VirtualServ, você ganha uma Loja virtual Grátis totalmente automatizada e com e-commerce*. Você pode oferecer qualquer produto ou serviço que quiser com divulgação permanente na internet. Você também pode modificá-la de acordo com suas necessidades. Na loja, você pode receber pelos seus produtos ou serviços através de depósito bancário, boleto ou cartão de crédito. _ Plano profissional de hospedagem com recursos ilimitados VirtualServ Valor Mensal - R$ 21,00 Taxa única de Setup - R$: 15,00 Espaço em Disco 100 MB (ampliável) Transferência Mensal 2 GB Contas de E-mail POP3 personalizadas com anti-vírus - ilimitadas Subdomínios - ilimitados Redirecionamento de domínios - ilimitados Contas de FTP individuais - ilimitadas Bancos de Dados MY SQL 3.45 - ilimitados Painel de Controle CPANEL - Sim Diretório CGI-BIN - Sim Estatísticas Completas - Sim Loja Virtual GRÁTIS - Sim ASP e tarefas CRON - Sim Suporte Técnico - Sim Software para e-commerce - Sim Divulgação permanente na internet - Sim ___ Não perca tempo, entre hoje mesmo para a VirtualServ e obtenha o serviço mais completo do mercado ! Visite nosso site: http://www.virtualserv.com Suporte online: [EMAIL PROTECTED] - Fones: (11)6567-3684 ou (11)9443-4276 - h/c - ICQ-141826334 __ Esta mensagem será enviada apenas esta vez. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Verizon DSL+PPPoE
I remember seeing this posted about a year ago, but I couldn't google it one my business server, I run Verizon DSL and PPPoE. I setup it up like with the example they used on Freebsddairy. the problem I ran into, after about 1 week is that the connection just died. everything is lit up, no log entries in the ppp.log. the only solution was a 'killall ppp' and restarting in about a minute later, and everything is fine... however, after i did that, I noticed my IP changed. whereas i've closed the connection b4 and reopened it and got the same IP. Does this have something to do with ppp not accepting a renewed DHCP IP address? is there anyway to fix this, except to used cron to kill it everynight? please CC me, thanx --- doug reynolds | the maverick | [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Verizon DSL+PPPoE
I remember seeing this posted about a year ago, but I couldn't google it one my business server, I run Verizon DSL and PPPoE. I setup it up like with the example they used on Freebsddairy. the problem I ran into, after about 1 week is that the connection just died. everything is lit up, no log entries in the ppp.log. the only solution was a 'killall ppp' and restarting in about a minute later, and everything is fine... however, after i did that, I noticed my IP changed. whereas i've closed the connection b4 and reopened it and got the same IP. Does this have something to do with ppp not accepting a renewed DHCP IP address? PPP doesn't use DHCP; you're confusing two technologies. Whether or not you get the same IP after dropping your connection depends entirely upon your provider. Some providers will keep recently-dropped IPs around for some period of time so that you can get the same IP back when you reconnect, but others won't. In most cases, PPPoE service with dynamic IPs are not designed for hosting servers (which is the only case where you'd need a static IP). If this is allowable by your AUP, I'd look into using a commercial DNS service that can let you auto-update your IPs when they change. My personal choice is ZoneEdit (http://www.zoneedit.com). -- Matt Emmerton To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Êîììåð÷åñêîìó äèðåêòîðó
 öåëÿõ ðàçðàáîòêè îïòèìàëüíîãî ó÷åáíîãî êóðñà, ñîòðóäíèêè íàøåé êîìïàíèè ïðîâåëè îïðîñ êîììåð÷åñêèõ äèðåêòîðîâ, êîòîðûé ïîçâîëèë âûÿâèòü îáùèå äëÿ âñåõ ðóêîâîäèòåëåé, çàíèìàþùèõ ýòó äîëæíîñòü, ôóíêöèè è îáÿçàííîñòè. Èìåííî äëÿ ðåøåíèÿ êîíêðåòíûõ çàäà÷, ñòîÿùèõ ïåðåä êàæäûì êîììåð÷åñêèì äèðåêòîðîì, ìû ñîáðàëè ïðèêëàäíûå òåõíîëîãèè è èíñòðóìåíòû, îáúåäèíèâ èõ â ïðîãðàììó íåäåëüíîãî ñïåöèàëèçèðîâàííîãî ñåìèíàðà-ïðàêòèêóìà: ÏÐÀÊÒÈ×ÅÑÊÈÉ ÊÓÐÑ ÄËß ÊÎÌÌÅÐ×ÅÑÊÎÃÎ ÄÈÐÅÊÒÎÐÀ 10 - 16 ôåâðàëÿ 2003 ãîäà  ïðîãðàììå êóðñà: * îïòèìèçàöèÿ ñáûòîâîé äåÿòåëüíîñòè è ñáûòîâîé ñòðóêòóðû êîìïàíèè * ñòðàòåãè÷åñêîå ïëàíèðîâàíèå ïðîäàæ * ñïîñîáû çàõâàòà íîâûõ ðûíêîâ è âåäåíèÿ ìàðêåòèíãîâûõ âîéí * óïðàâëåí÷åñêèé ó÷åò è áþäæåòíîå ïëàíèðîâàíèå â äåÿòåëüíîñòè êîììåð÷åñêîãî äèðåêòîðà * öåíîîáðàçîâàíèå è ìåòîäû ñíèæåíèÿ ñåáåñòîèìîñòè * îïòèìèçàöèÿ âíóòðåííåãî äîêóìåíòîîáîðîòà * âçàèìîîòíîøåíèÿìè ñ ïîòðåáèòåëÿìè * óïðàâëåíèå òîâàðíûìè çàïàñàìè è ñêëàäñêàÿ ëîãèñòèêà * ôîðìèðîâàíèå äèñòðèáüþòîðñêîé è äèëåðñêîé ñåòè * óïðàâëåíèå ïåðñîíàëîì * ðàçðàáîòêà ñèñòåì ñòèìóëèðîâàíèÿ ñîòðóäíèêîâ îòäåëîâ ìàðêåòèíãà è ñáûòà Äàííûé êóðñ íîñèò èñêëþ÷èòåëüíî ïðàêòè÷åñêóþ íàïðàâëåííîñòü.  ïðîöåññà îáó÷åíèÿ ó÷àñòíèêè ïîëó÷àò êîíêðåòíûå ñïîñîáû, òåõíîëîãèè è ìåòîäèêè îïòèìèçàöèè êîììåð÷åñêîé äåÿòåëüíîñòè. Ïîìèìî ìåòîäè÷åñêîãî ïîñîáèÿ äëÿ ðàáîòû íà ñåìèíàðå ó÷àñòíèêè ïîëó÷àò: * Àëüáîì ìàòåðèàëîâ ïî òåìàì, íå âêëþ÷åííûì â ïðîãðàììó êóðñà, íî ïîëåçíûì äëÿ ðàáîòû íà CD-äèñêå * Íàáîð êíèã Áèáëèîòåêà êîììåð÷åñêîãî äèðåêòîðà, ñîñòàâëåííûé ïî ðåêîìåíäàöèÿì àâòîðîâ êóðñà. ×òîáû ïîëó÷èòü ïîäðîáíóþ èíôîðìàöèþ èëè ïðîãðàììó êóðñà, ïîçâîíèòå ïî òåë. (095) 155-02-45 Ñ óâàæåíèåì è íàäåæäîé íà âçàèìîâûãîäíîå ñîòðóäíè÷åñòâî, Îðãàíèçàòîðû. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
JDK, Tomcat, + argh!
Hi, I have been trying to build and install the www/jakarta-tomcat41 package. As you may know, you must download the file jdk1_2_2-src.tar.gz from Sun only. The only problem is, they don't seem to have it on their site. All of the documentation I have read indicates that I need to NOT download the linux, but the alternatives are Solaris, Solaris SPARC, and Windows. Surely it's not one of those?! I did manage to find a copy of the jdk1_2_2-src.tar.gz on a server in Taiwan, but the checksums don't match and naturally it raises lots of warning flags in my mind. This is making me crazy! Can anyone tell me where I can get a trusted copy of this silly file from? Thanks, Rich. | Rich Fox | [EMAIL PROTECTED] | 86 Nobska Road | Woods Hole, MA 02543 | MA 508 548 4358 | VA 703 201 6050 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
arplookup 0.0.0.0
hope one of youse can help with this... i am suddenly and inexplicably getting the message: www /kernel: arpresolve: can't allocate llinfo for 0.0.0.0rt www /kernel: arplookup 0.0.0.0 failed: host is not on local network nothing seems affected, that is to say that everything works as advertised. do i need to add default to my arp tables? running 4.7, apache2, ipfw/natd, as gateway to 3 internal networked nodes. what other info do i need to share? thank you! stephen d. kingrea To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Limiting memory usage of a certain process.
Hi all, I've got the following problem with my FBSD-4.7-STABLE-box: It is running a mldonkey-2.02-client under a dedicated user. This process eats up all memory. Thus the system starts swapping. This is in general not a big problem but it slows down the whole machine, which is also running several other services. My question now is how to limit the mldonkey-precess' memory usage. I've got 64 MB of core and the CPU is a Pentium 166, so not to fast at all, but sufficient for everything else. top tells me that under normal load, without the mldonkey, about about five MB of core are free. mldonkey needs about 20 MB which are resistant and overall size (as top says) gets up to 70 MB, thus about 80 MB of swap space get used, nearly zero under normal load. top also says that about 30 MB of core are wired all the time. I'd like to know, what this means and wheather it makes sense to decrease this (and if, how), so that more space is left in RAM. I tried to limit core-use of mldonkey by putting it into a seperate login group with a lowered maxmemorysize but that had no effect. I also niced it up, but that has no effect on swap usage, of course. So, is there any possibility to speed up the machine except putting in more physical RAM? Help appreciated. Florian To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: suggested reinstall of KDE when original was from CD-Rom
On Thu, Jan 30, 2003 at 10:22:32PM -0500, Lowell Gilbert wrote: BSD Baby [EMAIL PROTECTED] writes: In this case, does make deinstall work? Or is there a better way? pkg_delete(1) I want to install the new KDE 3.1 from ports in its place. Any advice appreciated. Even better, portupgrade to take care of both parts at once. Jim Trigg -- Jim Trigg, Lord High Everything Else O- /\ \ / ASCII RIBBON CAMPAIGN Hostmaster, Huie Kin family websiteXHELP CURE HTML MAIL Verger, All Saints Church - Sharon Chapel / \ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: CD installation problem
Mike Meyer wrote: In [EMAIL PROTECTED], David Larkin [EMAIL PROTECTED] typed: I was wondering if any subscibers to this list recognise the following problem. I just purchased 2 identical machines and I am looking to install 4.7 from CD. [...] It then formats the hard disk ok, but reports acd0: TEST_UNIT_READY command timeout - resetting ata1: resetting devices .. done ( The message repeats itself many times.) finally it gives up and gives error message Error mounting /dev/acd0c on dist Input/Output Error(5) Any ideas why it should boot from CD, but not then recognise it ? I'm taking a shot in the dark, but is the CD on the secondary controller as a slave, and there's no master on that controller? That configuration causes problems for FreeBSD. I'm not sure it would cause the timeouts you are seeing, but it does cause FreeBSD to fail to recognize drives. Wasn't that , but thanks for the tip ;-) Changed CDROM now all ok. mike -- Mike Meyer [EMAIL PROTECTED] http://www.mired.org/consulting.html Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: CD installation problem
Just for the record ... I wasn't able to persuade FreeBSD to recognise the drive, but changing the CDROM drive to another model fixed the problem. All ok now. I was wondering if any subscibers to this list recognise the following problem. I just purchased 2 identical machines and I am looking to install 4.7 from CD. Both machines exhibit exactly the same behavior, so I'm pretty sure it is not defective hardware. The machine boots from CD successfully and when I skip kernel config it runs through apparently recognising my variious devices until it comes to the CDROM. It then reports acd0 MODE_SENSE_BIG command timeout - resetting ata1: resetting .. done ( The message repeats itself many times.) I then start standard install, specify hard disk partitions and ask to install from CDROM It then formats the hard disk ok, but reports acd0: TEST_UNIT_READY command timeout - resetting ata1: resetting devices .. done ( The message repeats itself many times.) finally it gives up and gives error message Error mounting /dev/acd0c on dist Input/Output Error(5) Any ideas why it should boot from CD, but not then recognise it ? It is a generic High Speed CDROM DRIVE, E-IDE/ATAPI interface 52x speed. I've now launched an ftp-install, which is progressing slowly but I'd much prefer to start again from CD Thanks in advance To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Áåñïëàòíî çâîíèòå ïî Ìîáèëüíîìó
BESPLATNIE ZVONKI PO MOBILKE: www.freesot.front.ru/index.html Ñêîëüêî Âû ïëàòèòå çà ìîáèëüíûé òåëåôîí êàæäûé ìåñÿö? $30 äîëëàðîâ? $50? $80? Áîëüøå? Ýòî óæàñíî! Âî âñåì öèâèëèçîâàííîì ìèðå ëþäè ïëàòÿò íå áîëåå $20 çà áåçëèìèòíûé òàðèô è íå çíàþò ïðîáëåì. Õîòèòå ãîâîðèòü ïî ìîáèëüíîìó áåñïëàòíî, òîãäà Âàì ñþäà: www.freesot.front.ru/index.html best regards Kostian. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: suggested reinstall of KDE when original was from CD-Rom
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday 31 January 2003 15:26, Jim Trigg wrote: On Thu, Jan 30, 2003 at 10:22:32PM -0500, Lowell Gilbert wrote: BSD Baby [EMAIL PROTECTED] writes: In this case, does make deinstall work? Or is there a better way? pkg_delete(1) I want to install the new KDE 3.1 from ports in its place. Any advice appreciated. Even better, portupgrade to take care of both parts at once. Unfortunately, neither portupgrade nor a plain make nor a pkg_add work terribly well with a KDE metaport upgrade across version numbers (3.0.x - 3.0.x seems to be ok, 2.2 - 3.0, and 3.0 - 3.1, is not proving too successful for most people). Some of us would very much like the kde metaport to die an unseemly death, however, it *is* a convenient way to install a functional set of KDE packages, so it's unlikely to happen soon. In any case, if you have individual KDE packages installed, portupgrade will more than happily upgrade them. If you have the metaport installed, you likely need to deinstall and reinstall, or for masochists, portupgrade -Rrf will probably work, but will rebuild a whole lot more than just KDE. Regards, - -- Lauri Watts KDE Documentation: http://i18n.kde.org/doc/ KDE on FreeBSD: http://freebsd.kde.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+OpYT/gUyA7PWnacRAqgmAJ4nOCarI6K2x4A9EZFHEctzOQUdkACeOBT1 maIT440wkowaDIQjGJDoUy4= =T2Hu -END PGP SIGNATURE- To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: JDK, Tomcat, + argh!
Rich Fox [EMAIL PROTECTED] writes: Hi, I have been trying to build and install the www/jakarta-tomcat41 package. As you may know, you must download the file jdk1_2_2-src.tar.gz from Sun only. The only problem is, they don't seem to have it on their site. All of the documentation I have read indicates that I need to NOT download the linux, but the alternatives are Solaris, Solaris SPARC, and Windows. Surely it's not one of those?! I did manage to find a copy of the jdk1_2_2-src.tar.gz on a server in Taiwan, but the checksums don't match and naturally it raises lots of warning flags in my mind. This is making me crazy! Can anyone tell me where I can get a trusted copy of this silly file from? http://wwws.sun.com/software/java2/download.html It's the second Download link listed for 1.2.2. The checksums match too :) You could also install jdk 1.3.1 (/usr/ports/java/jdk13) instead of 1.2.2, then install tomcat. -- Robin Damm [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
PPtP Client to MPD to boxes behind NATD are very slow ??
After connecting via VPN I can get decent throughput from the MPD host but very poor speed from anything past it. I have tried adjusting the iface mtu to as low as 1350 with the same results. Problems are on downloading files from the hosts to the client. I have: MPD version 3.10 4.5-RELEASE as a Gateway/NATD/Firewall using IPFW. IPFW is set to OPEN. A separte public IP is redirected to a 4.7 RELEASE box on the inside. Client(s) tested with have been Windows 2000 SP2 and SP3 from 2 different ADSL Lines. client-1.2.3.4 MPD/NATD 172.16.105.80--172.16.105.66 / 5.6.7.8 Redirected from 1.2.3.4 Tests using Penguinet SCP and a 1.9 MB ZIP file. Baseline Download the file from the public IP's 1.2.3.4 - client 180 kBs 5.6.7.8 - client 180 kBs Now test via the PPtP. 172.16.105.80 - client 84 kBs 172.16.105.66 - client 35 kBs I have another FreeBSD box on the inside and get the same results when SCPing via the tunnel. The configs and a log. mpd.conf default: load pptp pptp: new -i ng0 pptp pptp set iface disable on-demand set iface enable proxy-arp set iface idle 1800 set iface mtu 1350 set bundle enable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 10 60 # set link mtu 1460 set ipcp yes vjcomp set ipcp ranges 172.16.105.80/32 172.16.105.75/32 set ipcp dns 172.16.105.67 set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless set bundle enable crypt-reqd # mpd.links # pptp: set link type pptp set pptp self 1.2.3.4 set pptp enable incoming set pptp disable originate # And a log of a session. Multi-link PPP for FreeBSD, by Archie L. Cobbs. Based on iij-ppp, by Toshiharu OHNO. mpd: pid 169, version 3.10 ([EMAIL PROTECTED]:36 29-Jan-2003) [pptp] ppp node is mpd169-pptp mpd: local IP address for PPTP is 1.2.3.4 [pptp] using interface ng0 [pptp:pptp] mpd: PPTP connection from a.b.c.d:17670 pptp0: attached to connection with a.b.c.d:17670 [pptp] IFACE: Open event [pptp] IPCP: Open event [pptp] IPCP: state change Initial -- Starting [pptp] IPCP: LayerStart [pptp] IPCP: Open event [pptp] bundle: OPEN event in state CLOSED [pptp] opening link pptp... [pptp] link: OPEN event [pptp] LCP: Open event [pptp] LCP: state change Initial -- Starting [pptp] LCP: LayerStart [pptp] device: OPEN event in state DOWN [pptp] attaching to peer's outgoing call [pptp] device is now in state OPENING [pptp] device: UP event in state OPENING [pptp] device is now in state UP [pptp] link: UP event [pptp] link: origination is remote [pptp] LCP: Up event [pptp] LCP: state change Starting -- Req-Sent [pptp] LCP: phase shift DEAD -- ESTABLISH [pptp] LCP: SendConfigReq #1 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM 23d72d4b AUTHPROTO CHAP MSOFTv2 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 02 b3 a1 52 12 pptp0-0: ignoring SetLinkInfo [pptp] LCP: rec'd Configure Request #0 link 0 (Req-Sent) MAGICNUM 163850eb PROTOCOMP ACFCOMP CALLBACK Not supported MP MRRU 1614 ENDPOINTDISC [LOCAL] 50 76 8d a8 cd ea 4b 1f 9b 45 e2 43 ea 8b 68 14 00 00 00 01 [pptp] LCP: SendConfigRej #0 CALLBACK [pptp] LCP: rec'd Configure Reject #1 link 0 (Req-Sent) MP SHORTSEQ [pptp] LCP: SendConfigReq #2 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM 23d72d4b AUTHPROTO CHAP MSOFTv2 MP MRRU 1600 ENDPOINTDISC [802.1] 00 02 b3 a1 52 12 [pptp] LCP: rec'd Configure Request #1 link 0 (Req-Sent) MAGICNUM 163850eb PROTOCOMP ACFCOMP MP MRRU 1614 ENDPOINTDISC [LOCAL] 50 76 8d a8 cd ea 4b 1f 9b 45 e2 43 ea 8b 68 14 00 00 00 01 [pptp] LCP: SendConfigNak #1 MP MRRU 1600 [pptp] LCP: rec'd Configure Ack #2 link 0 (Req-Sent) ACFCOMP PROTOCOMP MRU 1500 MAGICNUM 23d72d4b AUTHPROTO CHAP MSOFTv2 MP MRRU 1600 ENDPOINTDISC [802.1] 00 02 b3 a1 52 12 [pptp] LCP: state change Req-Sent -- Ack-Rcvd [pptp] LCP: rec'd Configure Request #2 link 0 (Ack-Rcvd) MAGICNUM 163850eb PROTOCOMP ACFCOMP MP MRRU 1600 ENDPOINTDISC [LOCAL] 50 76 8d a8 cd ea 4b 1f 9b 45 e2 43 ea 8b 68 14 00 00 00 01 [pptp] LCP: SendConfigAck #2 MAGICNUM 163850eb PROTOCOMP ACFCOMP MP MRRU 1600 ENDPOINTDISC [LOCAL] 50 76 8d a8 cd ea 4b 1f 9b 45 e2 43 ea 8b 68 14 00 00 00 01 [pptp] LCP: state change Ack-Rcvd -- Opened [pptp] LCP: phase shift ESTABLISH -- AUTHENTICATE [pptp] LCP: auth: peer wants nothing, I want CHAP [pptp] CHAP: sending CHALLENGE [pptp] LCP: LayerUp [pptp] LCP: rec'd Ident #3 link 0 (Opened) MESG: MSRASV5.00 [pptp] LCP: rec'd Ident #4 link 0 (Opened) MESG: MSRAS-1-MET5326 [pptp] CHAP: rec'd RESPONSE #1 Name: john Peer name: john Response is valid [pptp] CHAP: sending SUCCESS [pptp] LCP: authorization successful
Re: Limiting memory usage of a certain process.
Hi, On Fri, Jan 31, 2003 at 03:26:25PM +0100, Florian Lorenzen typed: Hi all, I've got the following problem with my FBSD-4.7-STABLE-box: It is running a mldonkey-2.02-client under a dedicated user. This process eats up all memory. Thus the system starts swapping. This is in general not a big problem but it slows down the whole machine, which is also running several other services. My question now is how to limit the mldonkey-precess' memory usage. I've got 64 MB of core and the CPU is a Pentium 166, so not to fast at all, but sufficient for everything else. top tells me that under normal load, without the mldonkey, about about five MB of core are free. mldonkey needs about 20 MB which are resistant and overall size (as top says) gets up to 70 MB, thus about 80 MB of swap space get used, nearly zero under normal load. top also says that about 30 MB of core are wired all the time. I'd like to know, what this means and wheather it makes sense to decrease this (and if, how), so that more space is left in RAM. I tried to limit core-use of mldonkey by putting it into a seperate login group with a lowered maxmemorysize but that had no effect. I also niced it up, but that has no effect on swap usage, of course. When you put it in a separate login class (you do mean class, not group, do you?) did you run the command cap_mkdb login.conf? So, is there any possibility to speed up the machine except putting in more physical RAM? Help appreciated. Florian To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: PPtP Client to MPD to boxes behind NATD are very slow ??
[EMAIL PROTECTED] wrote: After connecting via VPN I can get decent throughput from the MPD host but very poor speed from anything past it. What do you mean by this? We use MPD off and on, and (honestly) it is just slow. I've got some tricks on how to speed it up, but it's slow no matter what. I have tried adjusting the iface mtu to as low as 1350 with the same results. I've never seen the MTU change improve it much. Problems are on downloading files from the hosts to the client. I have: MPD version 3.10 4.5-RELEASE as a Gateway/NATD/Firewall using IPFW. IPFW is set to OPEN. You don't state your hardware. Keep in mind that MPD is encryption and encryption is processor intensive. Faster CPU should give faster performance. A separte public IP is redirected to a 4.7 RELEASE box on the inside. Client(s) tested with have been Windows 2000 SP2 and SP3 from 2 different ADSL Lines. client-1.2.3.4 MPD/NATD 172.16.105.80--172.16.105.66 / 5.6.7.8 Redirected from 1.2.3.4 Tests using Penguinet SCP and a 1.9 MB ZIP file. Baseline Download the file from the public IP's 1.2.3.4 - client 180 kBs 5.6.7.8 - client 180 kBs Now test via the PPtP. 172.16.105.80 - client 84 kBs 172.16.105.66 - client 35 kBs This is about what I normally expect from it (unfortunately). I'm assuming that you didn't SCP on the second test as well, since that would be encrypting the data twice, and at least one obvious cause of your slowdown. The configs and a log. mpd.conf default: load pptp pptp: new -i ng0 pptp pptp set iface disable on-demand set iface enable proxy-arp set iface idle 1800 set iface mtu 1350 set bundle enable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 10 60 # set link mtu 1460 set ipcp yes vjcomp set ipcp ranges 172.16.105.80/32 172.16.105.75/32 set ipcp dns 172.16.105.67 set bundle enable compression If you're using ADSL speed connections, you'll probably find that compression slows down your performance some (as it spends more time compressing the data than it would sending it uncompressed) Any suggestions are greatly appreciated as I have a bunch people who want access from warm comfy home, and if I give them access this way they will all moan about it being to slow :) I know. I have the same problem. I've been meaning to try out an ssh-based VPN (ssh should be able to do this, right?) but we've had much better success with a VPN based on vtun in the ports. Unfortunately, you'll need a a FreeBSD or Linux machine at each end of the connection, but vtund, with compression encryption enabled was actually faster than the raw connection in our performance tests. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Áåñïëàòíûå çâîíêè ñ ìîáèëû
BESPLATNIE ZVONKI PO MOBILKE: www.freesot.front.ru/index.html Ñêîëüêî Âû ïëàòèòå çà ìîáèëüíûé òåëåôîí êàæäûé ìåñÿö? $30 äîëëàðîâ? $50? $80? Áîëüøå? Ýòî óæàñíî! Âî âñåì öèâèëèçîâàííîì ìèðå ëþäè ïëàòÿò íå áîëåå $20 çà áåçëèìèòíûé òàðèô è íå çíàþò ïðîáëåì. Õîòèòå ãîâîðèòü ïî ìîáèëüíîìó áåñïëàòíî, òîãäà Âàì ñþäà: www.freesot.front.ru/index.html best regards Kostian. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Limiting memory usage of a certain process.
Yep, I mean login class and I ran cap_mkdb afterwards. Any other hints? Florian I tried to limit core-use of mldonkey by putting it into a seperate login group with a lowered maxmemorysize but that had no effect. I also niced it up, but that has no effect on swap usage, of course. When you put it in a separate login class (you do mean class, not group, do you?) did you run the command cap_mkdb login.conf? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
IPFW2 setup
OK, I've read the man page for IPFW a couple times and I am still having difficulty setting up a working firewall. The firewall acts as a gateway to my inside network as well as a web server and mail server. I also need ssh connectivity from inside and out. Also, one odd thing is that I have a Zyxel Prestige 643 acting as an additional router between me and my DSL connection (I couldn't figure out how to get the router in pure bridging mode). It comes in handy, though, as it has a 4-port switch built in and can also act a firewall and does the PPPoE easy enough. NICs: xl0 as 192.168.1.101 (to Zyxel and outside) dc0 as 10.0.0.1 (inside) Current IPFW config: - # Basics add 00010 pass all from any to any via lo0 add 00020 deny all from any to 127.0.0.0/8 add 00030 deny ip from 127.0.0.0/8 to any add 00040 deny ip from any to any frag # Spoofing Check add 00050 deny all from 10.0.0.0/8 to any in via xl0 add 00060 deny all from 172.16.0.0/12 to any in via xl0 add 00080 allow all from 192.168.1.1 to any in via xl0 add 00085 deny all from 192.168.0.0/16 to any in via xl0 # Divert add 00100 divert natd all from any to any via xl0 # Allowances add 00200 allow all from any to any in via dc0 # Check state of dynamic rules add 00220 check-state # UDP add 00300 allow udp from any to any out setup add 00310 deny udp from any to any established add 00320 allow udp from any to any 53 in via xl0 setup keep-state # TCP add 00400 allow tcp from any to any out setup keep-state add 00410 deny tcp from any to any established add 00420 allow tcp from any to any 22,25,80 in setup keep-state add 32000 allow all from any to any Could anyone offer some advice? Regards, Jason To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: How to set-up two 'defaultrouter' IPs?
Much appreciated. : ) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kevin Stevens Sent: January 29, 2003 3:55 PM To: Lowell Gilbert Cc: [EMAIL PROTECTED] Subject: Re: How to set-up two 'defaultrouter' IPs? On Wed, 29 Jan 2003, Lowell Gilbert wrote: Does that make sense? Sure. What you want isn't two default routers, because at any given time there's only one way you want to route this traffic. What you really want is to change default router when the outside world sees one as down. A little tricky, because the system itself might not see main network as problematic, even though the rest of the Internet does. Not multiple default routers, but multiple default routes, in this case two, with different metrics to control failover. This is easy to do on some systems (Cisco and Solaris), not so on others. Don't know about FreeBSD, but I'll take a look later if the question hasn't been answered already. KeS To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
FW: A question about umask, groups and classes
** re-post ** Hi there, What I'm trying to accomplish is - to have a group of users called 'developers' - read/write access to all files created by any member of that group by each member of that group. I believe in the past I've accomplished this via a umask of 002, but I don't recall where I put that to have it automatically assigned to all users in a certain group? Also, I've stumbled on the whole login.conf stuff, which seems to speak to 'classes' of users? I've never used user classes, is this a better way to set this? Preferably, I don't want to have to set the GUID on every folder the group is jointly working on. I'd rather have all files group readable/writeable by default. Are there any reasons not to do this? Many thanks in advance, phillip. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Apache-ssl
I compiled apache-ssl safely on my computer. No error came up! When I try to start it: /usr/local/sbin/httpsdctl start The following error comes up: /usr/local/sbin/httpsdctl restart: httpsd could not be started What should I do? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Áåñïëàòíûå çâîíêè ñ ìîáèëüíîãî.
BESPLATNIE ZVONKI PO MOBILKE: www.freesot.front.ru/index.html Ñêîëüêî Âû ïëàòèòå çà ìîáèëüíûé òåëåôîí êàæäûé ìåñÿö? $30 äîëëàðîâ? $50? $80? Áîëüøå? Ýòî óæàñíî! Âî âñåì öèâèëèçîâàííîì ìèðå ëþäè ïëàòÿò íå áîëåå $20 çà áåçëèìèòíûé òàðèô è íå çíàþò ïðîáëåì. Õîòèòå ãîâîðèòü ïî ìîáèëüíîìó áåñïëàòíî, òîãäà Âàì ñþäà: www.freesot.front.ru/index.html best regards Kostian. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: FW: A question about umask, groups and classes
Hi, I believe in my adventures, this successfully worked by placing the umask command in /etc/login.conf... default:\ :copyright=/etc/COPYRIGHT:\ :welcome=/etc/motd:\ [snip] :priority=0:\ :ignoretime@:\ :umask=002: Rich. | Rich Fox | [EMAIL PROTECTED] | 86 Nobska Road | Woods Hole, MA 02543 | MA 508 548 4358 | VA 703 201 6050 On Fri, 31 Jan 2003, Phillip Smith (mailing list) wrote: ** re-post ** Hi there, What I'm trying to accomplish is - to have a group of users called 'developers' - read/write access to all files created by any member of that group by each member of that group. I believe in the past I've accomplished this via a umask of 002, but I don't recall where I put that to have it automatically assigned to all users in a certain group? Also, I've stumbled on the whole login.conf stuff, which seems to speak to 'classes' of users? I've never used user classes, is this a better way to set this? Preferably, I don't want to have to set the GUID on every folder the group is jointly working on. I'd rather have all files group readable/writeable by default. Are there any reasons not to do this? Many thanks in advance, phillip. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: IPFW2 setup
Kernel firewall settings: options IPFW2 options IPFIREWALL #Firewall options IPFIREWALL_VERBOSE #print info about dropped packets options IPFIREWALL_VERBOSE_LIMIT=10 #limit verbosity options IPV6FIREWALL options IPV6FIREWALL_VERBOSE options IPV6FIREWALL_VERBOSE_LIMIT=10 options IPDIVERT#Divert sockets options IPSTEALTH #support stealth forwarding options ICMP_BANDLIM#Rate limit bad replies options ACCEPT_FILTER_DATA options ACCEPT_FILTER_HTTP I can't reach the web from the inside, nor can I ssh to my server. Everything seems to be getting hung up on rules 310 and 410. I, of course, want to do away with 32000. In order to get through, I have temporarily added an 'allow all from any to any' at 210. I'll start logging the denys and see what happens. -jason On Fri, Jan 31, 2003 at 11:56:02AM -0500, Steve Bertrand wrote: What part is not working? Can you nat through? Perhaps you could add some logging to see which packets are failing and why. Do you have the following in the kernel? optionsIPFIREWALL optionsIPFIREWALL_VERBOSE optionsIPDIVERT Let us know. Steve Jason Morgan wrote: OK, I've read the man page for IPFW a couple times and I am still having difficulty setting up a working firewall. The firewall acts as a gateway to my inside network as well as a web server and mail server. I also need ssh connectivity from inside and out. Also, one odd thing is that I have a Zyxel Prestige 643 acting as an additional router between me and my DSL connection (I couldn't figure out how to get the router in pure bridging mode). It comes in handy, though, as it has a 4-port switch built in and can also act a firewall and does the PPPoE easy enough. NICs: xl0 as 192.168.1.101 (to Zyxel and outside) dc0 as 10.0.0.1 (inside) Current IPFW config: - # Basics add 00010 pass all from any to any via lo0 add 00020 deny all from any to 127.0.0.0/8 add 00030 deny ip from 127.0.0.0/8 to any add 00040 deny ip from any to any frag # Spoofing Check add 00050 deny all from 10.0.0.0/8 to any in via xl0 add 00060 deny all from 172.16.0.0/12 to any in via xl0 add 00080 allow all from 192.168.1.1 to any in via xl0 add 00085 deny all from 192.168.0.0/16 to any in via xl0 # Divert add 00100 divert natd all from any to any via xl0 # Allowances add 00200 allow all from any to any in via dc0 # Check state of dynamic rules add 00220 check-state # UDP add 00300 allow udp from any to any out setup add 00310 deny udp from any to any established add 00320 allow udp from any to any 53 in via xl0 setup keep-state # TCP add 00400 allow tcp from any to any out setup keep-state add 00410 deny tcp from any to any established add 00420 allow tcp from any to any 22,25,80 in setup keep-state add 32000 allow all from any to any Could anyone offer some advice? Regards, Jason To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: PPtP Client to MPD to boxes behind NATD are very slow ??
On Fri, 31 Jan 2003 09:00:07 -0800 (PST), Bill Moran wrote: [EMAIL PROTECTED] wrote: After connecting via VPN I can get decent throughput from the MPD host but very poor speed from anything past it. What do you mean by this? We use MPD off and on, and (honestly) it is just slow. I've got some tricks on how to speed it up, but it's slow no matter what. From other posts I knew MPD would be slow but what concerns me is that it is how much slower it is beyond the mpd host itself, see test results below. I have tried adjusting the iface mtu to as low as 1350 with the same results. I've never seen the MTU change improve it much. Problems are on downloading files from the hosts to the client. I have: MPD version 3.10 4.5-RELEASE as a Gateway/NATD/Firewall using IPFW. IPFW is set to OPEN. You don't state your hardware. Keep in mind that MPD is encryption and encryption is processor intensive. Faster CPU should give faster performance. Hardware: CPU: Pentium 4 (1495.16-MHz 686-class CPU) real memory = 1073180672 (1048028K bytes) The box is dedicated to NAT and now trying MPD - it's a very bored box ;) The box at 5.6.7.8 is a new install and has the same specs. Network cards are public Intel Server fxp0 and onboard 3com xl0. 5 mbs fibre to our ISP. A separte public IP is redirected to a 4.7 RELEASE box on the inside. Client(s) tested with have been Windows 2000 SP2 and SP3 from 2 different ADSL Lines. client-1.2.3.4 MPD/NATD 172.16.105.80--172.16.105.66 / 5.6.7.8 Redirected from 1.2.3.4 Tests using Penguinet SCP and a 1.9 MB ZIP file. Baseline Download the file from the public IP's 1.2.3.4 - client 180 kBs 5.6.7.8 - client 180 kBs Now test via the PPtP. 172.16.105.80 - client 84 kBs 172.16.105.66 - client 35 kBs This is about what I normally expect from it (unfortunately). I'm assuming that you didn't SCP on the second test as well, since that would be encrypting the data twice, and at least one obvious cause of your slowdown. Actually I used SCP on the second test so as not to skew things, in normal operations we won't be. My concern is test to 172.16.105.66. What would make it perform worse than to 172.16.105.80 ? In my mind they should be same, like the public IP tests. The configs and a log. mpd.conf default: load pptp pptp: new -i ng0 pptp pptp set iface disable on-demand set iface enable proxy-arp set iface idle 1800 set iface mtu 1350 set bundle enable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 10 60 # set link mtu 1460 set ipcp yes vjcomp set ipcp ranges 172.16.105.80/32 172.16.105.75/32 set ipcp dns 172.16.105.67 set bundle enable compression If you're using ADSL speed connections, you'll probably find that compression slows down your performance some (as it spends more time compressing the data than it would sending it uncompressed) I thought so too and have tried compression off as well. Actually I notice that the 'Network Connection status on the W2K client says Compression=no. It also shows Transmit Errors=0 Receive Errors=xx - increments at a slow rate when connected. Any suggestions are greatly appreciated as I have a bunch people who want access from warm comfy home, and if I give them access this way they will all moan about it being to slow :) I know. I have the same problem. Hmmm most of them currently use PCAnywhere via modem to come in, this could be a step up :) but I'd like to figure it out. I've been meaning to try out an ssh-based VPN (ssh should be able to do this, right?) but we've had much better success with a VPN based on vtun in the ports. Unfortunately, you'll need a a FreeBSD or Linux machine at each end of the connection, but vtund, with compression encryption enabled was actually faster than the raw connection in our performance tests. Agreed, vtund works very well and I wish I could give each programmer and Web Wizard a box but can't, some are road warriors too. -- Bill Moran Potential Technologies a href=http://mail.canada.com/jump/http://www.potentialtech.com;http://www.potentialtech.com/a __ Get your FREE personalized e-mail at http://www.canada.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Apache-ssl
On Fri, 31 Jan 2003, [ISO-8859-2] Gannater Jnos wrote: I compiled apache-ssl safely on my computer. No error came up! When I try to start it: /usr/local/sbin/httpsdctl start The following error comes up: /usr/local/sbin/httpsdctl restart: httpsd could not be started What should I do? try httpsdctl configtest, if its ok then check the error log for more information. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re[2]: appending files on smbfs
Dear/Beste Patrick, Thursday, January 30, 2003, 11:16:09 PM, you wrote: has anyone every had problems with appending existing files on volumes mounted by smbfs or shlight? $ echo sdsad hey $ echo sdsad hey cannot create hey: Permission denied You should look at permission on the windows machine if the system has NTFS. *** From Patrick oh wait, thought you were swedish. No, i'm Dutch. I meant that I looked at that. You have to log in to the filesystem with a name that works before it will let yo on. notice how I can create the file, but canat append to it. NTFS hasn't got the same security system as UFS. Just because you can logon to a filesystem doesn't mean you have any rights. Just because you can write a file doesn't mean you can append. On NTFS one can allow per person or per group to list, view, read, create or modify (append) a file. And that for multiple users and multiple groups. -- Best regards/Met vriendelijke groet, Alex P.S. Please don't top-post. It makes it hard to read, especially for others. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Apache 2.x conf with SSL startup problem
Dear/Beste users,
I am a FreeBSD and Apache 2.x with SSL user. The webserver works when
started by hand (apachectl start-ssl), but it causes the machine to
hang during a boot. You still can logon to it from another machine.
I didn't get a certification from a CA but created one by hand. During
the creation i was asked for a password. Apache asks for this
password when it starts up. It doesn't print a request message on the
screen and I don't always have physical access to the machine so i
need to get the password to it some other way. I looked at the docs
from apache about apachectl but could not find a way to do that.
The machine runs FreeBSD 4.7-RELEASE-p2 #0 compiled at Sun Dec 22
00:29:05 CET 2002 and is a i386.
Server version: Apache/2.0.44
Server built: Jan 25 2003 14:12:28
From pstree:
\-+- 7 root sh /etc/rc autoboot
\-+- 00180 root sh /etc/rc autoboot
\-+- 00181 root /bin/sh /usr/local/etc/rc.d/apache2.sh start
\-+- 00182 root /bin/sh /usr/local/sbin/apachectl startssl
\--- 00184 root /usr/local/sbin/httpd -k start -DSSL
Apache2 startup script
unix1# cat /usr/local/etc/rc.d/apache2.sh
#!/bin/sh
PREFIX=/usr/local
case $1 in
start)
[ ssl = ssl -a -f $PREFIX/etc/apache2/ssl.crt/server.crt ] SSL=ssl
[ -x ${PREFIX}/sbin/apachectl ] ${PREFIX}/sbin/apachectl start${SSL}
/dev/null echo -n ' apache2'
;;
stop)
[ -r /var/run/httpd.pid ] ${PREFIX}/sbin/apachectl stop /dev/null
echo -n ' apache2'
;;
*)
echo Usage: `basename $0` {start|stop} 2
;;
esac
exit 0
--
Best regards/Met vriendelijke groet,
Alex
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
Analog Modum
Dear freebsd-questions, I'm looking for a analog modem. I didn't see any in the hardware lists. Can you please tell me which ones will work on FreeBSD? -- Best regards, Alex To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
XFree86 configuration
I just installed 4.7 on a new machine and all seems well except the XFree86 is only working on the default VGA mode. Configuring X is a complete nightmare, am I missing something ? I haven't a clue what sync rates my monitor has and have no manual for it., also I intend moving the server to a new office where it will be attached to a different monitor. I've tried selecting various options from the various menus but all that happens is my screen blinks and I have to reboot and try again with the same result. Apart from the fact it doesn't work, does it generate an error log somewhere so I can try and work out the problem ? Is there no standard config which would allow something better than VGA. I don't need to squeeze the last drop of performance out of the monitor/graphics card, just get something useable up and running. I've been installing using FreeBSD for about 6 years now and have never gained any confidence in installing X, it either works or it doesn't. This must put off loads of potential users , particularly those such as myself who don't know (or much care) about what chipsets stuff they have. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
restricting user's directory listing and changing
Greetings. Basically, I have this group of users, that I give SSH/SFTP access, but I don't want them to be able to see the complete file hierarchy and ``cd'' to them. I just want a user to be able to access the user's home, and that's it. I looked up some docs on the shell(tcsh) and sshd, but didn't find anything apppropriate. Has anyone wanted to do this before? I was thinking, or maybe I could redirect that group of users to use a different version of the command ``cd'' and ``ls'' so that it will only work within their home directories. Thought of jail too, but jail only jails processes, and these guys aren't really running processes, just file access. Any ideas? Thanks in advance. __ Jay Sern Liew To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: XFree86 configuration
On Fri, 31 Jan 2003 17:35:14 + David Larkin [EMAIL PROTECTED] wrote: I just installed 4.7 on a new machine and all seems well except the XFree86 is only working on the default VGA mode. What previous step did you make, or what have you done here? Did you type: startx Configuring X is a complete nightmare, am I missing something ? I haven't a clue what sync rates my monitor has and have no manual for it., Have a look here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/x11.html also I intend moving the server to a new office where it will be attached to a different monitor. I've tried selecting various options from the various menus but all that happens is my screen blinks and I have to reboot and try again with the same result. BE AWARE THAT A BAD CONFIGURED XF86Config CAN KILL YOUR MONITOR!! Apart from the fact it doesn't work, does it generate an error log somewhere so I can try and work out the problem ? Yes, /var/log/XFree86.0.log Is there no standard config which would allow something better than VGA. I don't need to squeeze the last drop of performance out of the monitor/graphics card, just get something useable up and running. 1) You will need to know what Montior Model it is! Find out the exact modell and look at google for the specifications of your monitor, you will need the Horizontal and Vertical refresh rates! 2) You will also need information about your graphic adapter (or if your are lucky XFfree86 -configure) will auto-detect the chip I've been installing using FreeBSD for about 6 years now and have never gained any confidence in installing X, it either works or it doesn't. This must put off loads of potential users , particularly those such as myself who don't know (or much care) about what chipsets stuff they have. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: PPtP Client to MPD to boxes behind NATD are very slow ??
[could you wrap lines around 72 chars or so, please] [EMAIL PROTECTED] wrote: On Fri, 31 Jan 2003 09:00:07 -0800 (PST), Bill Moran wrote: [EMAIL PROTECTED] wrote: After connecting via VPN I can get decent throughput from the MPD host but very poor speed from anything past it. What do you mean by this? We use MPD off and on, and (honestly) it is just slow. I've got some tricks on how to speed it up, but it's slow no matter what. From other posts I knew MPD would be slow but what concerns me is that it is how much slower it is beyond the mpd host itself, see test results below. I'm not sure I understand your test results. Are you saying PPTP client -- MPD machine --- other host ? If so, is other host on the Internet, or on your local network? We've seen that trying to route through the MPD machine to the internet is terribly slow, but haven't noticed any problems with routing to the local network. Did you check the box on the MS side to say use gateway on remote network? You don't state your hardware. Keep in mind that MPD is encryption and encryption is processor intensive. Faster CPU should give faster performance. Hardware: CPU: Pentium 4 (1495.16-MHz 686-class CPU) real memory = 1073180672 (1048028K bytes) The box is dedicated to NAT and now trying MPD - it's a very bored box ;) The box at 5.6.7.8 is a new install and has the same specs. Network cards are public Intel Server fxp0 and onboard 3com xl0. 5 mbs fibre to our ISP. I don't think that's an issue, then. A separte public IP is redirected to a 4.7 RELEASE box on the inside. Client(s) tested with have been Windows 2000 SP2 and SP3 from 2 different ADSL Lines. client-1.2.3.4 MPD/NATD 172.16.105.80--172.16.105.66 / 5.6.7.8 Redirected from 1.2.3.4 Tests using Penguinet SCP and a 1.9 MB ZIP file. Baseline Download the file from the public IP's 1.2.3.4 - client 180 kBs 5.6.7.8 - client 180 kBs Now test via the PPtP. 172.16.105.80 - client 84 kBs 172.16.105.66 - client 35 kBs I see now. We haven't tested this extensively. We've only seen it when routing into the VPN, just to go back out on the Internet (which seemed a silly thing to do). Actually I used SCP on the second test so as not to skew things, in normal operations we won't be. My concern is test to 172.16.105.66. What would make it perform worse than to 172.16.105.80 ? In my mind they should be same, like the public IP tests. Apparently, something in MPD isn't working as efficiently as it should. It also shows Transmit Errors=0 Receive Errors=xx - increments at a slow rate when connected. Ok, now this is something. We need to find out the nature of the errors and fix it. I'm very interested in getting this working better for the same reason that you are. I'm going to set up a test network here and see what I can figure out. I'll keep in touch with you on my findings if you agree to do the same. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
mrouted configuration question
I have mrouted running on freebsd 4.7. I am routing between two private networks: 10.100.100.x - mrouted - 192.168.3.x and I can see the multicast traffic on the client side (192.168.3.x) but the switch that connects the client side network with the router is getting flooded with the multicast traffic. My understanding was that if no machines had joined a multicast group on the subnet, no multicast traffic would get past mrouted, and if one client has joined a multicast group, then the router would forward the appropriate packets to that client (and only that client!) When I looked through the mrouted man page, i didn't see any options that would fix this. googling for information on mrouted returned alot of nothing. How can I configure mrouted to only forward multicast packets to clients that join a multicast group? any help on this would be very much appreciated! regards, -bob __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: please comment on my nat/ipfw rules (resent)
1. Your firewall rules are not working at all, except for the natd redirect option. This is caused by the kernel compile time option IPFIREWALL_DEFAULT_TO_ACCEPT.This option tell your firewall that any packet that does not match a rule is allowed to pass on through the firewall. Comment out that option in your kernel options source and recompile your kernel to take the default of default-to-deny and your current rules set will stop functioning. 2. You are using the simplest of the rule types 'state-less'. Using this type of rules you have to not only have a rule to allow the packet out you also have to have a rule to allow the packet in. See rules 220 230 of your posted rule set to see how it should be done. 3. There are 3 classes of rules, each class has separate packet interrogation abilities. Each proceeding class has greater packet interrogation abilities than the previous one. These are stateless, simple stateful, and advanced stateful. The advanced stateful rule class is the only class having technically advanced interrogation abilities capable of defending against the flood of different attack methods currently employed by perpetrators. Stateless and Simple Stateful IPFW firewall rules are inadequate to protect the users system in today's internet environment and leaves the user unknowingly believing they are protected when in reality they are not. 4. The advanced stateful rule option keep-state works as documented only when used in a rule set that does not use the divert rule. Simply stated the IPFW advanced stateful rule option keep-state does not function correctly when used in a IPFW firewall that also is using the IPFW built in NATD function. For the most complete keep-state protection the other FIREWALL solution (IPFILTER) that comes with FBSD should be used. Just checkout the IPFW list archives and you will see this subject discussed in detail with out any solution forthcoming. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Redmond Militante Sent: Friday, January 31, 2003 8:18 AM To: [EMAIL PROTECTED] Subject: please comment on my nat/ipfw rules (resent) hi all i have my test machine set up as a gateway box, with ipfw/natd configured on it, set up to filter/redirect packets bound for a client on my internal network. external ip of my internal client is aliased to the outside nic of the gateway box gateway machine's kernel has been recompiled with: options IPFIREWALL options IPDIVERT options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE gateway's /etc/rc.conf looks like defaultrouter=129.x.x.1 hostname=hostname.com ifconfig_xl0=inet 129.x.x.1 netmask 255.255.255.0 #aliasing internal client's ip to the outside nic of gateway box ifconfig_xl0_alias0=inet 129.x.1.20 netmask 255.0.0.0 #inside nic of gateway box ifconfig_xl1=inet 10.0.0.1 netmask 255.0.0.0 gateway_enable=YES firewall_enable=YES #firewall_script=/etc/rc.firewall firewall_type=/etc/ipfw.rules natd_enable=YES #natd interface is outside nic natd_interface=xl0 #natd flags redirect any traffic bound for ip of www3 to internal ip of www3 natd_flags=-redirect_address 10.0.0.2 129.x.x.20 kern_securelevel_enable=NO . internal client's /etc/rc.conf looks like second machine's /etc/rc.conf: defaultrouter=10.0.0.1 ifconfig_xl0=inet 10.0.0.2 netmask 255.0.0.0 looks like this setup is working. the internal client is a basic webserver/ftp server. i am able to ftp to it, ssh to it, view webpages that it serves up, etc. with it hooked up to the internal nic of the gateway box. i am now trying to come up with a good set of firewall rules on the gateway box to filter out all unnecessary traffic to my internal network. the following is my /etc/ipfw.rules on the gateway box. -snip-- # firewall_type=/etc/ipfw.rules # enquirer ipfw.rules # NAT add 00100 divert 8668 ip from any to any via xl0 # loopback add 00210 allow ip from any to any via lo0 add 00220 deny ip from any to 127.0.0.0/8 add 00230 deny ip from 127.0.0.0/8 to any #allow tcp in for nfs shares #add 00301 allow tcp from 129.x.x.x to any in via xl0 #add 00302 allow tcp from 129.x.x.x to any in via xl0 #allow tcp in for ftp,ssh, smtp, httpd add 00303 allow tcp from any to any in 21,22,25,80,1 via xl0 #deny rest of incoming tcp add 00309 deny log tcp from any to any in established #from man 8 ipfw: allow only outbound tcp connections i've created add 00310 allow tcp from any to any out via xl0 #allow udp in for gateway for DNS add 00300 allow udp from 10.0.0.0/24 to 129.105.49.1 53 via xl0 #allow udp in for nfs shares #add 00401 allow udp from 129.x.x.x to any in recv xl0 #add 00402 allow udp from 129.x.x.x to any in recv xl0 #allow all udp out from machine add 00404 allow udp from any to any out via xl0 #allow some icmp types (codes not supported)
Installation Problems
Hi. I'm trying to install release 5.0 on an i386 system with a P100 processor with native windows 95 on the hard disk. I have 16mb ram and a 1.2GB IDE Wester Digital Caviar. Because the computer does not support CD booting and I have not been able to find a way to change boot order in the bios, I created boot disks as described in the install.txt. The kernel and the mfsroot load fine, but when it boots the kernel it freezes on the line Mounting root from ufs:dev/md0/stand/sysinstall running as init on vty0. It is detecting my cd-rom drive, which is a secondary slave. Any help would be appreciated. Thanks. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Syslog Configuration Question
Hello All: I am trying to set up a few facilities to receive syslog info from various network devices. In all cases, not only do the arriving packets get logged to the logfile configured, but they also get logged to /var/log/messages. I would like messages to be used only for system-related issues. I have included the relevant snippets from my syslog.conf file. Could someone please help me figure out what I'm doing wrong? Thanks, Mike *.err;kern.debug;auth.notice;mail.crit /dev/console *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages security.* /var/log/security auth.info;authpriv.info /var/log/auth.log mail.info /var/log/maillog lpr.info/var/log/lpd-errs cron.* /var/log/cron local5.*/var/log/switches.log local6.*/var/log/pix.log local7.*/var/log/routers.log -- Michael K. Smith NoaNet 206.219.7116 (work) 206.579.8360 (cell) [EMAIL PROTECTED] http://www.noanet.net To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Analog Modum
On Fri, 2003-01-31 at 12:31, Alex wrote: Dear freebsd-questions, I'm looking for a analog modem. I didn't see any in the hardware lists. Can you please tell me which ones will work on FreeBSD? Any external hardware modem (The serial kind), or any internal hardware modem (Usually ISA PNP types, if you can specify a com port via jumpers, it's hardware) will work just fine with FreeBSD. As a bonus, they also tend to have much better throughput than software modems. Adam To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Syslog Configuration Question
On Fri, Jan 31, 2003 at 10:15:25AM -0800, Michael K. Smith wrote: Hello All: I am trying to set up a few facilities to receive syslog info from various network devices. In all cases, not only do the arriving packets get logged to the logfile configured, but they also get logged to /var/log/messages. I would like messages to be used only for system-related issues. I have included the relevant snippets from my syslog.conf file. Could someone please help me figure out what I'm doing wrong? Thanks, Mike *.err;kern.debug;auth.notice;mail.crit /dev/console *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages security.* /var/log/security auth.info;authpriv.info /var/log/auth.log mail.info /var/log/maillog lpr.info/var/log/lpd-errs cron.* /var/log/cron local5.*/var/log/switches.log local6.*/var/log/pix.log local7.*/var/log/routers.log -- Michael K. Smith NoaNet 206.219.7116 (work) 206.579.8360 (cell) [EMAIL PROTECTED]http://www.noanet.net Two things. 1) Did you remember to restart the syslogd when you changed syslog.conf? Try a `killall -HUP syslogd`. 2) What level are the local(n) facilities logging at? Right now your setup will log anything with a NOTICE level to messages. Nathan -- GPG Public Key ID: 0x4250A04C gpg --keyserver pgp.mit.edu --recv-keys 4250A04C http://63.105.21.156/gpg_nkinkade_4250A04C.asc msg17379/pgp0.pgp Description: PGP signature
Re: can I upgrade 4.4 to 4.7 via cvsup
Sergey, Are you referring to files such as those updated by mergemaster? If so, that might help Hal out. The link (English) to that page in the FreeBSD Handbook is http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/ makeworld.html. Regards, On Tuesday, January 28, 2003, at 06:44 PM, Sergey V. Golitzyn wrote: yes, its possible, but after make world/ make kernel you will need to update some file in /etc directory, examples you can found in /usr/src/etc/ Sergey V. Golitzyn (Russia) On Wednesday 29 January 2003 02:32, Hal Lynch wrote: Is it possible/advisable to upgrade my 4.4 system to 4.7 either stepwise or in one jump. If so is there a blurb somewhere giving details?. hal To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Barry C. Hawkins Systems Consultant All Things Computed 404-795-9147 voice/fax [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Syslog Configuration Question
Add this local5.none; local6.none; local7.none /var/log/messages -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael K. Smith Sent: Friday, January 31, 2003 1:15 PM To: questions list Subject: Syslog Configuration Question Hello All: I am trying to set up a few facilities to receive syslog info from various network devices. In all cases, not only do the arriving packets get logged to the logfile configured, but they also get logged to /var/log/messages. I would like messages to be used only for system-related issues. I have included the relevant snippets from my syslog.conf file. Could someone please help me figure out what I'm doing wrong? Thanks, Mike *.err;kern.debug;auth.notice;mail.crit /dev/console *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages security.* /var/log/security auth.info;authpriv.info /var/log/auth.log mail.info /var/log/maillog lpr.info/var/log/lpd-errs cron.* /var/log/cron local5.* /var/log/switches.log local6.*/var/log/pix.log local7.*/var/log/routers.log -- Michael K. Smith NoaNet 206.219.7116 (work) 206.579.8360 (cell) [EMAIL PROTECTED] http://www.noanet.net To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Syslog Configuration Question
Add this local5.none;local6.none;local7.none /var/log/messages No spaces between works -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael K. Smith Sent: Friday, January 31, 2003 1:15 PM To: questions list Subject: Syslog Configuration Question Hello All: I am trying to set up a few facilities to receive syslog info from various network devices. In all cases, not only do the arriving packets get logged to the logfile configured, but they also get logged to /var/log/messages. I would like messages to be used only for system-related issues. I have included the relevant snippets from my syslog.conf file. Could someone please help me figure out what I'm doing wrong? Thanks, Mike *.err;kern.debug;auth.notice;mail.crit /dev/console *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages security.* /var/log/security auth.info;authpriv.info /var/log/auth.log mail.info /var/log/maillog lpr.info/var/log/lpd-errs cron.* /var/log/cron local5.* /var/log/switches.log local6.*/var/log/pix.log local7.*/var/log/routers.log -- Michael K. Smith NoaNet 206.219.7116 (work) 206.579.8360 (cell) [EMAIL PROTECTED] http://www.noanet.net To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: copy a cd
I think your problem is this statement you made 'i don't think it is working' What do you mean by this?. The command you used copied the image.iso file to the cd. If you tried to boot from it of course it won't boot. To be able to boot you have to uncompress to ISO file into an FBSD directory tree format and the dd command does not do that. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Doug Poland Sent: Thursday, January 30, 2003 4:29 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: copy a cd Brian Henning said: i am trying to copy a data cd with dd if=/dev/acd0c of=/home/image.iso bs=2048 i don't think it is working... i don't have the error message, but the cd doesn't work when i burn it. can i somehow find out for sure if bs=2048 is correct ? is there any other info i need about the cd before i can copy it? http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/creating-c ds.html -- Regards, Doug To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: ssh ipfw
Do a man on natd and look at port redirection... To do it in rc.conf you should add to the natd_flag= line... -redirect_port tcp_or_udp address_of_target_machine:port_on_target_machine incoming_port_on_the_router here is a example here... -redirect_port tcp 192.168.0.2:22 6822 -redirect_port udp 192.168.0.2:22 6822 what this will do is redirect all tcp/udp packets coming in on port 6822 to 192.168.0.2:22 On Thu, 30 Jan 2003 22:06:45 -0500 Pete C [EMAIL PROTECTED] wrote: any quick pointers for how to go about setting up ssh though ipfw on a gateway/router running nat to one of the internal machines ? (FreeBSD on both the router and internal machine) after a quick search of the available resourses (Google/BSD, mail archives, etc) I'm thinking it should be easier that this ? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
swapinfo shows 0 0 Nan% and no device
Hello, I have created a file swap0 in /usr/local/swapfiles I then ran vnconfig -e /dev/vn0b /usr/local/swapfiles/swap0 swap When I look at the output from swapinfo It shows Device 1K-blocks UsedAvail Capacity Type 000 Nan% Interleaved Any ideas on why this is? I'm using Freebsd 4.7 Thanks, Joe __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re[2]: X server for Windows
Friday, January 31, 2003, 8:08:00 AM, you wrote: PG Ben Williams schrieb: Friday, January 31, 2003, 3:55:02 AM, you wrote: AWA Hi, AWA I need to connect to my FreeBSD box from a Windows PC using some kind of X AWA server for Windows. I was wondering if someone could be so kind and give me AWA a few recommendations? AWA I only need a simple server, no print or stuff - just the plain (vnc-like) AWA thing. AWA Thanks! AWA /Andreas X-Win32 by Starnet is the nicest win32 X Server I've seen, but you have to buy it after the trial's up. If you're into hacking around at things a bit there's an X Server that'll run on cygwin (free) too. This is what I use. PG Could you elaborate on Cygwin, please? Is there a tutorial on setup PG available (for X-Server, not Cygwin)? I remember i tried this long time PG ago, but couldn't manage to run it. Don't have time to look up my exact steps right now, but I believe all I needed to do was install the X stuff listed in the cygwin setup.exe I modified my startxwin.bat script to call wmaker as the window manager too cause IMO the default wm that comes with it (twm I think) sucks very much badly. The biggest issue I've had with using a cygwin X server is that it maintains a seperate clipboard so copy/paste between win32 and the X server involves an intermediate file. -- Benmailto:[EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: PPtP Client to MPD to boxes behind NATD are very slow ??
On Fri, 31 Jan 2003 10:23:37 -0800 (PST), Bill Moran wrote: [could you wrap lines around 72 chars or so, please] Sorry about that. After connecting via VPN I can get decent throughput from the MPD host but very poor speed from anything past it. What do you mean by this? We use MPD off and on, and (honestly) it is just slow. From other posts I knew MPD would be slow but what concerns me is that it is how much slower it is beyond the mpd host itself, see test results below. I'm not sure I understand your test results. Are you saying PPTP client -- MPD machine --- other host ? If so, is other host on the Internet, or on your local network? Other host is on the local network behind the MPD box and transfers files at a slower rate over the PPtP connection than a transfer from the MPD box. I also have the 'other host' aliased to a public IP address so thats how I got the baseline from it. We've seen that trying to route through the MPD machine to the internet is terribly slow, but haven't noticed any problems with routing to the local network. Did you check the box on the MS side to say use gateway on remote network? Nope. A separte public IP is redirected to a 4.7 RELEASE box on the inside. Client(s) tested with have been Windows 2000 SP2 and SP3 from 2 different ADSL Lines. client-1.2.3.4 MPD/NATD 172.16.105.80--172.16.105.66 / 5.6.7.8 Redirected from 1.2.3.4 Tests using Penguinet SCP and a 1.9 MB ZIP file. Baseline Download the file from the public IP's 1.2.3.4 - client 180 kBs 5.6.7.8 - client 180 kBs Now test via the PPtP. 172.16.105.80 aka. 1.2.3.4 - client 84 kBs 172.16.105.66 aka. 5.6.7.8 - client 35 kBs These are the results that don't make sense. I see now. We haven't tested this extensively. We've only seen it when routing into the VPN, just to go back out on the Internet (which seemed a silly thing to do). NO I'm not trying to go back out onto the Internet but could if you wanted to make sure your remote workers were safe behind your firewall - but thats a policy/procedure discussion and not for this one :) Actually I used SCP on the second test so as not to skew things, in normal operations we won't be. My concern is test to 172.16.105.66. What would make it perform worse than to 172.16.105.80 ? In my mind they should be same, like the public IP tests. Apparently, something in MPD isn't working as efficiently as it should. It also shows Transmit Errors=0 Receive Errors=xx - increments at a slow rate when connected. Ok, now this is something. We need to find out the nature of the errors and fix it. I'm very interested in getting this working better for the same reason that you are. I'm going to set up a test network here and see what I can figure out. I'll keep in touch with you on my findings if you agree to do the same. Certainly, I wonder if Archie Cobbs is out there today :) Here's a recap, File downloads to the remote client are much slower from a box(es) on the same network as the MPD server/Gateway than from the MPD server itself. MPD server is also running Natd and IPFW in OPEN mode for this testing. Have adjusted the MTU down to as low as 1350 with no difference in performance. ng0 does display an MTU of 1350 when the tunnel is up. Have tried with compression on/off - no change. On the W2K Network status I see a steady increase on 'Receive Errors' when the PPtP is up. Transmit errors=0 Could it be something to do with NATd ? Since I'm already behind on this by 4 days I think I'll do up a test network without NAT and see. If someone can read a tcpdump I can do one of those too. Let me know from which box and what options. Thanks, John. __ Get your FREE personalized e-mail at http://www.canada.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Syslog Configuration Question
On Friday, January 31, 2003, at 10:35 AM, JoeB wrote: Add this local5.none;local6.none;local7.none /var/log/messages No spaces between works Thanks for the info above. Are there any important system messages that will be caught by this? I wouldn't want to miss something because I had stopped logging to messages for those facilities. Thanks, Mike To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
WebSSL
I would like to set up ssl for my webserver. Altohught I want to use my non-secure webserve as well. How can I do this? Is it better to install Apche 2.0 then 1.3? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
growfs / fbsd 4.7
I finally succeded in adding a new drive to my concat volume (by attaching it as a subdisk) but when I try to use 'growfs it says: growfs: wtfs: write error: 160809993: Undefined error: 0 'growfs -N xxx' gives no errors. What is preventing me from growing my file system? Any help would be very appreciated. _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: restricting user's directory listing and changing
Jay Sern Liew wrote: Greetings. Basically, I have this group of users, that I give SSH/SFTP access, but I don't want them to be able to see the complete file hierarchy and ``cd'' to them. I just want a user to be able to access the user's home, and that's it Look at the docs on the chroot command, this is what you want (I think) I'm not 100% sure how to make sshd do a chroot when you log in, but I'd be real surprised if it's terribly difficult to do. Has anyone wanted to do this before? Absolutely, this is very common. I was thinking, or maybe I could redirect that group of users to use a different version of the command ``cd'' and ``ls'' so that it will only work within their home directories. You could, but that's probably a more difficult solution. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: cvsup problem with premature EOF from server
yew chin [EMAIL PROTECTED] writes: --- Lowell Gilbert [EMAIL PROTECTED] wrote: yew chin [EMAIL PROTECTED] writes: Connected to cvsup14.freebsd.org Server software version: SNAP_16_1e If I recall correctly, that's an out-of-date version of the server software. I don't see why it would cause this particular symptom, but perhaps you should try a different server and see if the problem occurs there too. Thanks for helping me. I already try to cvsup for at least 6 different server. But I still have the same problem. Is that maybe i have an out of date cvsup client? An out-of-date cvsup client definitely won't work; the last update was due to a security problem. At least, I *think* that's how I remember it. I may not have had enough coffee today... To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
eterm key bindings
I'm using enlightenment and eterm as shell console I want my del key to act like del (not like backspace) and home/end as home/end - now when I press one oh those I get a ~ symbol where and what should I modify ? thanks, petre ps - and somewhat offtopic :) - after I built the kernel (the very first time on a bsd machine - though I've recompiled hundreds of linux kernels) - I get the following error kgb# /usr/libexec/locate.updatedb sort: -: write error: Broken pipe what might be the cause ? -- 9:18PM up 42 mins, 3 users, load averages: 0.26, 0.14, 0.14 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: sysinstall suddenly quitting
Randy Schultz [EMAIL PROTECTED] writes: Hey all, I've got a 4.6 system that I'm trying to get to 4.7. I've dropped on the sysinstall from 4.7(per the docs). I run it as /stand/sysinstall installUpgrade. When I get to the Choose Installation Media screen I go into Options to change the Release Name. Regardless of what I do on this screen, in fact even if I do nothing at all, when I press 'Q' to quit sysinstall exits, dropping right to the commandline. On the screen it says chflags'ing old binaries - please wait. There doesn't seem to be anything about this in docs or list/newsgroup archives and I've tried a number of different things - making sure I'm root, perms on chflags, getting chflags from the 4.7 dist, even different term types and keyboards (hey - maybe there was some weird key bounce going on ;). I'm guessing PEBCAK but am not sure where to look. This shouldn't matter, but what happens if you actually boot from the install floppies instead? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: PPtP Client to MPD to boxes behind NATD are very slow ??
[EMAIL PROTECTED] wrote: If someone can read a tcpdump I can do one of those too. Let me know from which box and what options. I would be interested to see a tcpdump such as tcpdump -i ng0 file.txt done on the MPD machine while you're transferring a small file. You'll probably want to send me this off-list, as it may get big. I may want to see other dumps as well, but I may also be able to get them off my own test setup (once it's ready). -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: restricting user's directory listing and changing
On Fri, Jan 31, 2003 at 02:19:09PM -0500, Bill Moran wrote: Jay Sern Liew wrote: Greetings. Basically, I have this group of users, that I give SSH/SFTP access, but I don't want them to be able to see the complete file hierarchy and ``cd'' to them. I just want a user to be able to access the user's home, and that's it Look at the docs on the chroot command, this is what you want (I think) I'm not 100% sure how to make sshd do a chroot when you log in, but I'd be real surprised if it's terribly difficult to do. Has anyone wanted to do this before? Absolutely, this is very common. I was thinking, or maybe I could redirect that group of users to use a different version of the command ``cd'' and ``ls'' so that it will only work within their home directories. You could, but that's probably a more difficult solution. WIth cd it's effectively impossible to write a replacement for it. It's builtin into the shell, any program/script that does a cd cannot affect the current directory that is the parent of that script. -- Regards Cliff Sarginson The Netherlands [ This mail has been checked as virus-free ] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: restricting user's directory listing and changing
You may want to check the restricted bash. http://www.gnu.org/manual/bash-2.05a/html_node/bashref_75.html On Fri, 31 Jan 2003, Jay Sern Liew wrote: Greetings. Basically, I have this group of users, that I give SSH/SFTP access, but I don't want them to be able to see the complete file hierarchy and ``cd'' to them. I just want a user to be able to access the user's home, and that's it. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Installation Problem
Hi. I'm trying to install release 5.0 on an i386 system with a P100 processor with native windows 95 on the hard disk. I have 16mb ram and a 1.2GB IDE Wester Digital Caviar. Because the computer does not support CD booting and I have not been able to find a way to change boot order in the bios, I created boot disks as described in the install.txt. The kernel and the mfsroot load fine, but when it boots the kernel it freezes on the line Mounting root from ufs:dev/md0/stand/sysinstall running as init on vty0. It is detecting my cd-rom drive, which is a secondary slave. Any help would be appreciated. Thanks. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Ooops.
On 2003-01-31 13:56, [EMAIL PROTECTED] wrote: Quoting Lowell Gilbert [EMAIL PROTECTED]: [EMAIL PROTECTED] writes: Can you explain what you think is a problem? Well - it's happened to two uf us in the past month! In both cases the operator was copying files from one drive to another and wished to delete files from the second drive on which the copy resided. In both cases rm -rf removed both copy AND source! :-( You should keep a log of the commands (if possible) when things like this happen. It was probably caused by trying to `rm -fr .*' which will match all the .dotfiles in the current directory, but will also match `..', the hard link to the parent directory. This is a very easy way to delete recursively everything on the current installation when it happens in /home or /usr or other filesystems directly mounted under /, the root filesystem. Unfortunately, rm -rf home removed home from the source /usr directory as well! :-( I presume that this was due to /home being a symlink to /usr/home, and somehow that link remained, so that -r referred to everything below the symlink as well as to the directory I was trying to remove. Whatever the explanation, IMHO rm -r should NOT do this by default. As far as I know, it doesn't. You should show use a minimal set of commands that reproduces the bug. This will help anyone with a bit of C knowledge to track it down in the rm(1) source and fix it. - Giorgos To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Ooops.
Giorgos Keramidas wrote: Unfortunately, rm -rf home removed home from the source /usr directory as well! :-( I presume that this was due to /home being a symlink to /usr/home, and somehow that link remained, so that -r referred to everything below the symlink as well as to the directory I was trying to remove. Whatever the explanation, IMHO rm -r should NOT do this by default. As far as I know, it doesn't. You should show use a minimal set of commands that reproduces the bug. This will help anyone with a bit of C knowledge to track it down in the rm(1) source and fix it. I've been quietly following this thread since it started and ... I can't reproduce this behaviour. I've created and deleted I don't know how many test directories and symlinks and I can't get it to do what you're claiming it did. He's absolutely correct. Without the _exact_ command that you used, it's going to be very hard to figure out what went wrong. Are you using a shell that keeps a command history (i.e. bash)? If so, can you get us the exact command that you issued? -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: please comment on my nat/ipfw rules (resent)
hi you've sold me :) do you have any good online tutorials to recommend for setting up a gateway/firewall/natd machine using ipfilter/ipnat? thanks redmond 1. Your firewall rules are not working at all, except for the natd redirect option. This is caused by the kernel compile time option IPFIREWALL_DEFAULT_TO_ACCEPT.This option tell your firewall that any packet that does not match a rule is allowed to pass on through the firewall. Comment out that option in your kernel options source and recompile your kernel to take the default of default-to-deny and your current rules set will stop functioning. 2. You are using the simplest of the rule types 'state-less'. Using this type of rules you have to not only have a rule to allow the packet out you also have to have a rule to allow the packet in. See rules 220 230 of your posted rule set to see how it should be done. 3. There are 3 classes of rules, each class has separate packet interrogation abilities. Each proceeding class has greater packet interrogation abilities than the previous one. These are stateless, simple stateful, and advanced stateful. The advanced stateful rule class is the only class having technically advanced interrogation abilities capable of defending against the flood of different attack methods currently employed by perpetrators. Stateless and Simple Stateful IPFW firewall rules are inadequate to protect the users system in today's internet environment and leaves the user unknowingly believing they are protected when in reality they are not. 4. The advanced stateful rule option keep-state works as documented only when used in a rule set that does not use the divert rule. Simply stated the IPFW advanced stateful rule option keep-state does not function correctly when used in a IPFW firewall that also is using the IPFW built in NATD function. For the most complete keep-state protection the other FIREWALL solution (IPFILTER) that comes with FBSD should be used. Just checkout the IPFW list archives and you will see this subject discussed in detail with out any solution forthcoming. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Redmond Militante Sent: Friday, January 31, 2003 8:18 AM To: [EMAIL PROTECTED] Subject: please comment on my nat/ipfw rules (resent) hi all i have my test machine set up as a gateway box, with ipfw/natd configured on it, set up to filter/redirect packets bound for a client on my internal network. external ip of my internal client is aliased to the outside nic of the gateway box gateway machine's kernel has been recompiled with: options IPFIREWALL options IPDIVERT options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE gateway's /etc/rc.conf looks like defaultrouter=129.x.x.1 hostname=hostname.com ifconfig_xl0=inet 129.x.x.1 netmask 255.255.255.0 #aliasing internal client's ip to the outside nic of gateway box ifconfig_xl0_alias0=inet 129.x.1.20 netmask 255.0.0.0 #inside nic of gateway box ifconfig_xl1=inet 10.0.0.1 netmask 255.0.0.0 gateway_enable=YES firewall_enable=YES #firewall_script=/etc/rc.firewall firewall_type=/etc/ipfw.rules natd_enable=YES #natd interface is outside nic natd_interface=xl0 #natd flags redirect any traffic bound for ip of www3 to internal ip of www3 natd_flags=-redirect_address 10.0.0.2 129.x.x.20 kern_securelevel_enable=NO . internal client's /etc/rc.conf looks like second machine's /etc/rc.conf: defaultrouter=10.0.0.1 ifconfig_xl0=inet 10.0.0.2 netmask 255.0.0.0 looks like this setup is working. the internal client is a basic webserver/ftp server. i am able to ftp to it, ssh to it, view webpages that it serves up, etc. with it hooked up to the internal nic of the gateway box. i am now trying to come up with a good set of firewall rules on the gateway box to filter out all unnecessary traffic to my internal network. the following is my /etc/ipfw.rules on the gateway box. -snip-- # firewall_type=/etc/ipfw.rules # enquirer ipfw.rules # NAT add 00100 divert 8668 ip from any to any via xl0 # loopback add 00210 allow ip from any to any via lo0 add 00220 deny ip from any to 127.0.0.0/8 add 00230 deny ip from 127.0.0.0/8 to any #allow tcp in for nfs shares #add 00301 allow tcp from 129.x.x.x to any in via xl0 #add 00302 allow tcp from 129.x.x.x to any in via xl0 #allow tcp in for ftp,ssh, smtp, httpd add 00303 allow tcp from any to any in 21,22,25,80,1 via xl0 #deny rest of incoming tcp add 00309 deny log tcp from any to any in established #from man 8 ipfw: allow only outbound tcp connections i've created add 00310 allow tcp from any to any out via xl0 #allow udp in for gateway for DNS add 00300 allow udp from 10.0.0.0/24 to
INSTALL.TXT for sparc installation missing instructions?
hey all, I was checking out the INSTALL.TXT for instructions on making floppies to boot a sparc box and I found out that the Floppy Disk Image Instructions is missing or something? cheers, Ed. -- Edmond Baroud UNIX Systems Admin mailto:[EMAIL PROTECTED] Fingerprint 140F 5FD5 3FDD 45D9 226D 9602 8C3D EAFB 4E19 BEF9 UNIX is very user friendly, it's just picky about who its friends are. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
SoftUpdate woes
Maybe someone can straighten me out on something - from what I have read, it seems like softupdates are supposed to accomplish many of the same things as filesystem journaling. However, in my experience with them, they seem almost to be accomplishing the opposite objective. Two or three times my system has locked up hard (while I was trying to hot-swap my modular bay - it didn't work. Scratch that idea.), and I had to do a hard reset. Each time, I have lost the latest data I was working on. (I haven't been successful yet in disabling soft updates - my system is all one big root filesystem - so I don't know how it behaves without them). Incidentally, before my switch to FreeBSD, I was running Linux (2.4 kernel) with an ext3 journaling filesystem, and anytime I had to do a hard reset, I never lost a byte of data AFAIK. What can I do? Would turning off softupdates (if I can figure out how - I tried dropping into single-user mode and doing a tunefs -n disable, but it seems like it had no effect, even after a reboot) help? Or is there something else I can do to my filesystem to have some more protection? For the time being I'm running 4-STABLE (if there's something in 5 that helps with this, go ahead and let me know - I'm planning to upgrade over spring break in March). Thanks, Michael To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Samba and XP?
Good Day, I am currently seeking advice in regard to allowing an XP Home Edition machine to have access to a FreeBSD mount. I've looked over Samba, and not only have I seen references to XP's inability to join a 'domain based-network', but also don't really like the idea of installing Samba as it's a rather large package (relatively speaking) for what it simply does. My only other alternative, if I am correct, is trying to obtain an NFS client for the XP machine and simply serve NFS mounts on the FBSD host. The downside to this is the cost of the NFS clients for the XP machine. :) Are there any other alternatives available here? If not, which of the above two 'solutions' would be best? I only have one BSD machine and one XP machine, and I'd like to allow read/write access to a FBSD mount from the XP machine. Any help or suggestions would be appreciated. - John To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Syslog Configuration Question
By your question I see you think you are to replace to /var/log/messages line with this one. You are not to remove the original line but add this line following the original line. If I remember correctly this second line is like a continuation. If this does not work then read man syslog.conf for info on continuing a line. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael K. Smith Sent: Friday, January 31, 2003 2:19 PM To: [EMAIL PROTECTED] Cc: questions list Subject: Re: Syslog Configuration Question On Friday, January 31, 2003, at 10:35 AM, JoeB wrote: Add this local5.none;local6.none;local7.none /var/log/messages No spaces between works Thanks for the info above. Are there any important system messages that will be caught by this? I wouldn't want to miss something because I had stopped logging to messages for those facilities. Thanks, Mike To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Samba and XP?
You could go upside-down and use the FreeBSD machine mounting a XP-share. You say that you're using XPhome so ActiveDirectroy or any other Domain-Controlling issues shouldn't play a role. I think mount_smbfs is your friend. Best regards, -Harry [EMAIL PROTECTED] wrote: Good Day, I am currently seeking advice in regard to allowing an XP Home Edition machine to have access to a FreeBSD mount. I've looked over Samba, and not only have I seen references to XP's inability to join a 'domain based-network', but also don't really like the idea of installing Samba as it's a rather large package (relatively speaking) for what it simply does. My only other alternative, if I am correct, is trying to obtain an NFS client for the XP machine and simply serve NFS mounts on the FBSD host. The downside to this is the cost of the NFS clients for the XP machine. :) Are there any other alternatives available here? If not, which of the above two 'solutions' would be best? I only have one BSD machine and one XP machine, and I'd like to allow read/write access to a FBSD mount from the XP machine. Any help or suggestions would be appreciated. - John To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: cvsup problem with premature EOF from server
--- Lowell Gilbert [EMAIL PROTECTED] wrote: yew chin [EMAIL PROTECTED] writes: --- Lowell Gilbert [EMAIL PROTECTED] wrote: yew chin [EMAIL PROTECTED] writes: Connected to cvsup14.freebsd.org Server software version: SNAP_16_1e If I recall correctly, that's an out-of-date version of the server software. I don't see why it would cause this particular symptom, but perhaps you should try a different server and see if the problem occurs there too. Thanks for helping me. I already try to cvsup for at least 6 different server. But I still have the same problem. Is that maybe i have an out of date cvsup client? An out-of-date cvsup client definitely won't work; the last update was due to a security problem. At least, I *think* that's how I remember it. I may not have had enough coffee today... I also think that the security update might be the problem, so i just try different cvsup and i found 1 cvsup server with version 1f. But i still get the same error message after i try cvsup. Connected to cvsup11.freebsd.org Server software version: SNAP_16_1f -(1f version) __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
tcpdump irregularity
using 4.7 on a gateway designated machine (ipfw/natd) serving 3 wstations. www#tcpdump -i dc0 ###in fact, any interface tcpdump: (no devices found) /dev/bpf0: Device not configured now, i read somewhere that kernel must be compiled with option PACKETFILTER, however; workstation running 4.7 with generic kernel runs tcpdump perfectly. /dev/bpf0 permissions are correct. i am logged as root any clues on this? thanks stephen d. kingrea To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Samba and XP?
John Wilson wrote: Good Day, I am currently seeking advice in regard to allowing an XP Home Edition machine to have access to a FreeBSD mount. I've looked over Samba, and not only have I seen references to XP's inability to join a 'domain based-network', There's an XP machine right behind me that talks to our Samba server just fine. Just don't configure Samba to be a domain server. And, it does work just fine under domain systems as well. Samba just doesn't do active directory yet. but also don't really like the idea of installing Samba as it's a rather large package (relatively speaking) for what it simply does. Well, I didn't think it was a terribly big package, but that's my opinion. My only other alternative, if I am correct, is trying to obtain an NFS client for the XP machine and simply serve NFS mounts on the FBSD host. The downside to this is the cost of the NFS clients for the XP machine. :) I don't recommend this. Aside from the cost, I've never found one that worked worth a damn. Are there any other alternatives available here? If not, which of the above two 'solutions' would be best? I only have one BSD machine and one XP machine, and I'd like to allow read/write access to a FBSD mount from the XP machine. I think you'll be just fine with Samba. Just make sure you're properly firewalled off (you should be with Windows anyway) -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: please comment on my nat/ipfw rules (resent)
Here is my IPFILTER environment config. I have also included some other hard to find kernel internal knobs to add tighter packet security. http://www.obfuscation.org/ipf/ http://www.obfuscation.org/ipf/ipf-howto.html /etc/rc.conf # Activate IPFILTER IPNAT function auto start at boot time ipfilter_enable=YES# Start ipfilter firewall ipfilter_flags=# turn off flags ipfilter_rules=/etc/ipf.rules # rules definition file for ipfilter ipnat_enable=YES # Start ipnat function ipnat_rules=/etc/ipnat.rules # rules definition file for ipnat ipmon_enable=YES # Start ip monitor log ipmon_flags=-Ds# D = start as daemon # s = log to syslog # v = log tcp window, ack, seq fields # n = map ip port to names # Extra kernel tcp/ip stack packet security options log_in_vain=YES # NO is default. YES enables logging of # connection attempts to ports that have no # listening socket on them. Puts msg on console icmp_drop_redirect=YES# YES will cause the kernel to ignore # ICMP REDIRECT packets. icmp_log_redirect=YES# YES will cause the kernel to log ignored # ICMP REDIRECT packets. #tcp_drop_synfin=YES # YES will cause the kernel to ignore TCP # frames that have both the SYN and FIN flags # set. Only available if the kernel was built # with the TCP_DROP_SYNFIN option. # change to NO if webserver behind firewall. tcp_restrict_rst=YES # YES will cause the kernel to refrain from # emitting TCP RST frames in response to # invalid TCP packets (e.g., frames destined # for closed ports). This option is only # available if the kernel was built with the # TCP_RESTRICT_RST option. syslogd_flags=-ss # Don't use network sockets so portscan # will not find (security tip) portmap_enable=NO # Don't allow nfs portmapper (security tip) /etc/ipnat.rules # Provide NAT services for LAN users. # NAT my private LAN ip address to what every my dynamic ISP address is. map rl0 10.0.10.0/29 - 0/32 # Provide NAT services for user ppp Dial in tun0 connections. map rl0 10.0.0.0/29 - 0/32 # Provide special NAT services for Active FTP from LAN users. map rl0 0/0 - 0/32 proxy port 21 ftp/tcp /etc/ipf.rules # usage notes: # 1. rule line numbers in rule file are not used in #ipfstat -ion listing of active rules # 2. keep state is applied on private ip address before being #handed off to nat function. # 3. /etc/rc.conf file has ipfilter options to tell ipfmon what #info to log. -a rule with log option + nat convert + keep state # # # Generic for all interfaces # # @010 block in log quick all with opt lsrr @011 block in log quick all with opt ssrr @012 block in log quick all with ipopts @013 block in log quick all with short @014 block in log quick all with frag # # Outside Interface to Public internet (Outbound Section) # Interrogate packets originating from behind the firewall, private net. # destine for the public internet. # # Allow out access to my ISP's Domain name server. @100 pass out quick on rl0 proto tcp from any to 24.50.201.66 port = 53 flags S keep state @101 pass out quick on rl0 proto udp from any to 24.50.201.66 port = 53 keep state @102 pass out quick on rl0 proto tcp from any to 24.50.201.67 port = 53 flags S keep state @103 pass out quick on rl0 proto udp from any to 24.50.201.67 port = 53 keep state @104 pass out quick on rl0 proto tcp from any to 24.50.201.69 port = 53 flags S keep state @105 pass out quick on rl0 proto udp from any to 24.50.201.69 port = 53 keep state # Allow out access to my ISP's DHCP server. @106 pass out quick on rl0 proto udp from any to 24.50.201.66 port = 67 keep state # Allow out non-secure standard www function @110 pass out quick on rl0 proto tcp from any to any port = 80 flags S keep state # Allow out secure www function https over TLS SSL @115 pass out quick on rl0 proto tcp from any to any port = 443 flags S keep state # Allow out send get email function @130 pass out quick on rl0 proto tcp from any to any port = 110 flags S keep state @131 pass out quick on rl0 proto tcp from any to any port = 25 flags S keep state # Allow out Time @140 pass out quick on rl0 proto tcp from
Re: restricting user's directory listing and changing
Stephane Lee [EMAIL PROTECTED] writes: You may want to check the restricted bash. http://www.gnu.org/manual/bash-2.05a/html_node/bashref_75.html Just be careful; restricted shells aren't really intended for security. They're more for situations where you want to avoid shooting yourself in the foot. For real security, you need something more like chroot(8) or jail(8). On Fri, 31 Jan 2003, Jay Sern Liew wrote: Greetings. Basically, I have this group of users, that I give SSH/SFTP access, but I don't want them to be able to see the complete file hierarchy and ``cd'' to them. I just want a user to be able to access the user's home, and that's it. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Samba and XP?
If you don't want to install samba, find a windows ftp client that is easy to use... seems I've seen some that pretend to be hard drives on your desktop... can't remember the name, but the friend that had it seemed to like it. -philip On Fri, 31 Jan 2003, John Wilson wrote: Good Day, I am currently seeking advice in regard to allowing an XP Home Edition machine to have access to a FreeBSD mount. I've looked over Samba, and not only have I seen references to XP's inability to join a 'domain based-network', but also don't really like the idea of installing Samba as it's a rather large package (relatively speaking) for what it simply does. My only other alternative, if I am correct, is trying to obtain an NFS client for the XP machine and simply serve NFS mounts on the FBSD host. The downside to this is the cost of the NFS clients for the XP machine. :) Are there any other alternatives available here? If not, which of the above two 'solutions' would be best? I only have one BSD machine and one XP machine, and I'd like to allow read/write access to a FBSD mount from the XP machine. Any help or suggestions would be appreciated. - John To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Full-Screen display with VMware?
When I try to go into fullscreen display in VMware my whole screen turns to all kinds of wierd colors and then I come up with a core dump for vmware. I'm using FreeBSD 4.7, what could be causing this? Dave To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Full-Screen display with VMware?
On Fri, 2003-01-31 at 18:24, David Loszewski wrote: When I try to go into fullscreen display in VMware my whole screen turns to all kinds of wierd colors and then I come up with a core dump for vmware. I'm using FreeBSD 4.7, what could be causing this? From the README.FreeBSD that comes with VMWare: Features currently unsupported - Fullscreen text mode - Mounting vmware virtual drive - Parallel ports were never tested. However, to support bidirectional transfers, we will need a FreeBSD version of the vmppuser driver. And from the Hints.FreeBSD that comes with VMWare: - Full screen text mode does not work. Don't ever do it! - Full screen graphics mode will work, but you have to be careful e.g. when running a DOS prompt on MS Windows. Hitting Alt+Enter will crash VMware before you can say Chuck! Joe Dave To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- PGP Key : http://www.marcuscom.com/pgp.asc signature.asc Description: This is a digitally signed message part
Re: tcpdump irregularity
On 2003-01-31 16:44, Stephen D. Kingrea [EMAIL PROTECTED] wrote: using 4.7 on a gateway designated machine (ipfw/natd) serving 3 wstations. www#tcpdump -i dc0 ###in fact, any interface tcpdump: (no devices found) /dev/bpf0: Device not configured Check that you have the following in your kernel config: $ grep -i bpf /usr/src/sys/i386/conf/GENERIC # The `bpf' device enables the Berkeley Packet Filter. device bpf # Berkeley packet filter $ Then make sure you have proper device nodes created in /dev by running (further down in your post you mentioned that you *do* have a /dev/bpf0 node, so this part is already done on your setup). # cd /dev # sh MAKEDEV bpf0 bpf1 [...] now, i read somewhere that kernel must be compiled with option PACKETFILTER, however; workstation running 4.7 with generic kernel runs tcpdump perfectly. There is no PACKETFILTER kernel option afaik. When you want to know what options are available and how to enable them for your kernel you should consult the files GENERIC and LINT in /usr/src/sys/i386/conf. - Giorgos To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
A twisted home network
There's plenty of information on how to install two network cards (done that), how to enable a FreeBSD box to run as a gateway, do NAT, DHCP, etc. However, I'm having a mental block with how the cards should be configured. Here's how I want my network setup- CABLE MODEM- D-link DI-701 Residential Gateway- FreeBSD NIC dc0 - FreeBSD NIC ep1 - hub - other computers... I'd like to leave the D-Link in place, since it has a built-in firewall and I'm not ready to start testing out my rules for ipfw. The D-Link assigns IP addresses Dynamically, or I can specify them statically. By default, the D-link has an IP address of 192.168.0.1 and the IP pool goes up from there. Where I get confused is how configure my network cards. Do I need a new IP prefix for the inner network? If the FreeBSD is a gateway, technically each NIC is connected to a different subnet, right? The card that will connect to the hub will need a Static IP address, since nothing is there to give an IP address. Does each NIC know of the other, or are the routing tables separate? This seems like a simple problem, but I've been scouring the handbook, freebsd diary, and the man pages, but I can't find any good examples. Thanks a bunch! Thaddeus To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: A twisted home network
Thaddeus Quintin wrote: There's plenty of information on how to install two network cards (done that), how to enable a FreeBSD box to run as a gateway, do NAT, DHCP, etc. However, I'm having a mental block with how the cards should be configured. Here's how I want my network setup- CABLE MODEM- D-link DI-701 Residential Gateway- FreeBSD NIC dc0 - FreeBSD NIC ep1 - hub - other computers... I'd like to leave the D-Link in place, since it has a built-in firewall and I'm not ready to start testing out my rules for ipfw. The D-Link assigns IP addresses Dynamically, or I can specify them statically. By default, the D-link has an IP address of 192.168.0.1 and the IP pool goes up from there. Where I get confused is how configure my network cards. Do I need a new IP prefix for the inner network? If the FreeBSD is a gateway, technically each NIC is connected to a different subnet, right? The card that will connect to the hub will need a Static IP address, since nothing is there to give an IP address. Does each NIC know of the other, or are the routing tables separate? This seems like a simple problem, but I've been scouring the handbook, freebsd diary, and the man pages, but I can't find any good examples. The reason that you're not seeing examples, is because the FreeBSD box is not needed in your setup. You could eliminate it altogether. I'm assuming your want to use it as a gateway so you can learn and eventually get rid of the d-link, so here's the easiest way. The physical layout you describe above is OK (as to what connects to what) Set up the dlink to be 192.168.0.1 and the dc0 card on the FreeBSD box to be 192.168.0.2 Disable DHCP on the dlink for the time being. Configure the ep1 nic on FreeBSD to be 172.16.0.1 ... be sure to enable forwarding on the FreeBSD box (gateway_enable=yes in rc.conf) The default gateway on the FreeBSD machine should be 192.168.0.1 Give the rest of your computers 172.16.0.* addresses with 172.16.0.1 as their gateway. Everything should work. When you're ready to remove the dlink, you'll change dc0 to get its IP from DHCP (from your ISP) and enable nat on the FreeBSD box. Then remove the dlink and plug the FreeBSD box directly into the cable modem. Be sure to adjust any firewall rules to match the changes in IP address. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: A twisted home network
Hi,
let's see here... (You should probably wait to get at least two responses
since I am not feeling real confident about my description here... if they
jive you're alright...)
INET }--{ DLINK Thingie }--{ FBSD BOX }--{ Internal net
Basically, the Dlink is going to get it's outside IP from whatever, be it
DHCP, etc.
The Inside will also have an IP address which I believe you said will be
192.168.0.1, right?
Okay, now the freebsd box...
Set the DLINK NIC (the NIC connecting to the DLINK box) to be
192.168.0.n where n is not the same as the DLINK.
Set the default gateway for the DLINK NIC to be the DLINK Inside address.
(Mine is using DHCP so I don't have a default_gateway setting in my
rc.conf but if I remember from my DSL dialup days, you do set it)
Set the inside NIC to be something different, say 10.0.0.1
set gateway_enable to YES (which I think you already did)
for natd, set the natd_interface to be the DLINK NIC.
(On mine I conveniently have the external nic is xl1 and the inside is xl0
so mine looks like this:
gateway_enable=YES
ifconfig_xl0=inet 192.168.1.18 netmask 255.255.255.0
ifconfig_xl1=DHCP
[snip]
natd_enable=YES
natd_interface=xl1
natd_flags=-l -f /etc/natd.conf
Now set all of your internal boxes to something matching the 10.0.0.n
phrase where n is not the same as the inside NIC on your FreeBSD box.
Okay, I think I can summarize this coherently...
On the FreeBSD box, the two NICs sort of know about each other.
You configure them independently, and slightly differently.
On the NIC that goes to the outside, you set the default gateway
explicitly. In the Inside NIC, you tell natd essentially what the default
gateway is and natd handles the packets.
(My natd.conf contains redirect directives mostly, I don't think it's
usually necessary.)
Rich.
| Rich Fox
| [EMAIL PROTECTED]
| 86 Nobska Road
| Woods Hole, MA 02543
| MA 508 548 4358
| VA 703 201 6050
On Fri, 31 Jan 2003, Thaddeus Quintin wrote:
There's plenty of information on how to install two network cards (done
that), how to enable a FreeBSD box to run as a gateway, do NAT, DHCP, etc.
However, I'm having a mental block with how the cards should be configured.
Here's how I want my network setup-
CABLE MODEM- D-link DI-701 Residential Gateway-
FreeBSD NIC dc0 - FreeBSD NIC ep1 - hub - other computers...
I'd like to leave the D-Link in place, since it has a built-in firewall and
I'm not ready to start testing out my rules for ipfw. The D-Link assigns
IP addresses Dynamically, or I can specify them statically. By default,
the D-link has an IP address of 192.168.0.1 and the IP pool goes up from
there.
Where I get confused is how configure my network cards. Do I need a new IP
prefix for the inner network? If the FreeBSD is a gateway, technically
each NIC is connected to a different subnet, right? The card that will
connect to the hub will need a Static IP address, since nothing is there to
give an IP address. Does each NIC know of the other, or are the routing
tables separate?
This seems like a simple problem, but I've been scouring the handbook,
freebsd diary, and the man pages, but I can't find any good examples.
Thanks a bunch!
Thaddeus
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
Re: Fixit instructions
In [EMAIL PROTECTED], [EMAIL PROTECTED] typed: Quoting Mike Meyer [EMAIL PROTECTED]: Maybe what's needed is an Essential BSD commands handbook entry, that covers the lists the commands available in Fixit mode that are actually useful for fixing a broken system? Yes, that's exactly what I was asking for, in essense. Care to write it? :-) I'm thinking about it. mike -- Mike Meyer [EMAIL PROTECTED] http://www.mired.org/consulting.html Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
How to get best results from FreeBSD-questions
How to get the best results from FreeBSD questions. === Last update 28 January 2002, $Id: Howto-ask-questions,v 1.3 2003/01/28 00:26:41 grog Exp $ This is a regular posting to the FreeBSD questions mailing list. If you got it in answer to a message you sent, it means that the sender thinks that at least one of the following things was wrong with your message: - You left out a subject line, or the subject line was not appropriate. - You formatted it in such a way that it was difficult to read. - You asked more than one unrelated question in one message. - You sent out a message with an incorrect date, time or time zone. - You sent out the same message more than once. - You sent an 'unsubscribe' message to FreeBSD-questions. If you have done any of these things, there is a good chance that you will get more than one copy of this message from different people. Read on, and your next message will be more successful. This document is also available on the web at http://www.lemis.com/questions.html. = Contents: I:Introduction II: How to unsubscribe from FreeBSD-questions III: Should I ask -questions or -hackers? IV: How to submit a question to FreeBSD-questions V:How to answer a question to FreeBSD-questions I: Introduction === This is a regular posting aimed to help both those seeking advice from FreeBSD-questions (the newcomers), and also those who answer the questions (the hackers). Note that the term hacker has nothing to do with breaking into other people's computers. The correct term for the latter activity is cracker, but the popular press hasn't found out yet. The FreeBSD hackers disapprove strongly of cracking security, and have nothing to do with it. In the past, there has been some friction which stems from the different viewpoints of the two groups. The newcomers accused the hackers of being arrogant, stuck-up, and unhelpful, while the hackers accused the newcomers of being stupid, unable to read plain English, and expecting everything to be handed to them on a silver platter. Of course, there's an element of truth in both these claims, but for the most part these viewpoints come from a sense of frustration. In this document, I'd like to do something to relieve this frustration and help everybody get better results from FreeBSD-questions. In the following section, I recommend how to submit a question; after that, we'll look at how to answer one. II: How to unsubscribe from FreeBSD-questions == When you subscribed to FreeBSD-questions, you got a welcome message from [EMAIL PROTECTED] In this message, amongst other things, it told you how to unsubscribe. Here's a typical message: Welcome to the freebsd-questions mailing list! If you ever want to remove yourself from this mailing list, you can send mail to [EMAIL PROTECTED] with the following command in the body of your email message: unsubscribe freebsd-questions Greg Lehey [EMAIL PROTECTED] Here's the general information for the list you've subscribed to, in case you don't already have it: FREEBSD-QUESTIONS User questions This is the mailing list for questions about FreeBSD. You should not send how to questions to the technical lists unless you consider the question to be pretty technical. Normally, unsubscribing is even simpler than the message suggests: you don't need to specify your mail ID unless it is different from the one which you specified when you subscribed. If Majordomo replies and tells you (incorrectly) that you're not on the list, this may mean one of two things: 1. You have changed your mail ID since you subscribed. That's where keeping the original message from majordomo comes in handy. For example, the sample message above shows my mail ID as [EMAIL PROTECTED] Since then, I have changed it to [EMAIL PROTECTED] If I were to try to remove [EMAIL PROTECTED] from the list, it would fail: I would have to specify the name with which I joined. 2. You're subscribed to a mailing list which is subscribed to FreeBSD-questions. If that's the case, you'll have to figure out which one it is and get your name taken off that one. If you're not sure which one it might be, check the headers of the messages you receive from freebsd-questions: maybe there's a clue there. If you've done all this, and you still can't figure out what's going on, send a message to [EMAIL PROTECTED], and he will sort things out for you. Don't send a message to FreeBSD-questions: they can't help you. III: Should I ask -questions, -newbies or -hackers? === Two mailing lists handle general questions about FreeBSD, FreeBSD-questions and FreeBSD-hackers. In
The Complete FreeBSD, second edition: errata and addenda
Errata and addenda for the Complete FreeBSD, second edition Last revision: 21 June 1999 The trouble with books is that you can't update them the way you can a web page or any other online documentation. The result is that most leading edge computer books are out of date almost before they are printed. Unfortunately, ``The Complete FreeBSD'', published by Walnut Creek, is no exception. In- evitably, a number of bugs and changes have surfaced. The following is a list of modifications which go beyond simple typos. They relate to the second edition, formatted on 16 December 1997. If you have this book, please check this list. If you have the first edition of 19 July 1996, please check ftp://ftp.lemis.com/pub/cfbsd/errata-1. This same file is also available via the web link http://www.lemis.com/. This list is available in four forms: o A PostScript version, suitable for printingout,at ftp://ftp.lemis.com/pub/cfbsd/errata-2.ps. See page 222 of the book to find out how to print out PostScript. If at all possible, please take this document: it's closest to the original text. Be careful selecting this file with a web browser: it is often impossible to reload the document, and you may see a previously cached version. o An enhanced ASCII version at ftp://ftp.lemis.com/pub/cfbsd/errata-2.txt. When viewed with more or less, this version will show some highlighting and underlining. It's not suitable for direct viewing. o An ASCII-only version at ftp://ftp.lemis.com/pub/cfbsd/errata-2.ascii. This version is posted every week to the FreeBSD-questions mailing list. Only take this version if you have real problems with PostScript: I can't be sure that the lack of different fonts won't confuse the meaning. o A web version at http://www.lemis.com/errata-2.html. All these modifications have been applied to the ongoing source text of the book, so if you buy a later edition, they will be in it as well. If you find a Page 1 The Complete FreeBSD bug or a suspected bug in the book, please contact me at [EMAIL PROTECTED] General changes ___ o In a number of places, I suggest the use of the following command to find process information: $ ps aux | grep foo Unfortunately, ps is sensitive to the column width of the terminal emulator upon which it is working. This command usually works fine on a relatively wide xterm, but if you're running on an 80-column terminal, it may truncate exactly the information you're looking for, so you end up with no output. You can fix that with the w option: $ ps waux | grep foo Thanks to Sue Blake [EMAIL PROTECTED] for this information Location of the sample files On the 2.2.5 CD-ROM only, the location of the sample files does not match the specifications in the book (/book on the first CD-ROM). The 2.2.5 CD-ROM came out before the book, and it contains the files on the third (repository) CD-ROM as a single gzipped tar file /xperimnt/cfbsd/cfbsd.tar.gz. It contains the following files: drwxr-xr-x jkh/jkh 0 Oct 17 13:01 1997 cfbsd/ drwxr-xr-x jkh/jkh 0 Oct 17 13:01 1997 cfbsd/mutt/ -rw-r--r-- jkh/jkh 352 Oct 15 15:21 1997 cfbsd/mutt/.mail_aliases -rw-r--r-- jkh/jkh9394 Oct 15 15:22 1997 cfbsd/mutt/.muttrc drwxr-xr-x jkh/jkh 0 Oct 17 14:02 1997 cfbsd/scripts/ -rw-r--r-- jkh/jkh 18281 Oct 16 16:52 1997 cfbsd/scripts/.fvwm2rc -rwxr-xr-x jkh/jkh1392 Oct 17 12:54 1997 cfbsd/scripts/install-desktop -rw-r--r-- jkh/jkh 296 Oct 17 12:35 1997 cfbsd/scripts/.xinitrc -rwxr-xr-x jkh/jkh 622 Oct 17 13:51 1997 cfbsd/scripts/install-rcfiles -rw-r--r-- jkh/jkh1133 Oct 17 13:00 1997 cfbsd/scripts/Uutry -rw-r--r-- jkh/jkh1028 Oct 17 14:02 1997 cfbsd/scripts/README drwxr-xr-x jkh/jkh 0 Oct 18 19:32 1997 cfbsd/docs/ -rw-r--r-- jkh/jkh 199111 Oct 16 14:29 1997 cfbsd/docs/packages.txt Page 2 Errata and addenda for the Complete FreeBSD, second edition -rw-r--r-- jkh/jkh 189333 Oct 16 14:28 1997 cfbsd/docs/packages-by-category.txt -rw-r--r-- jkh/jkh 188108 Oct 16 14:29 1997 cfbsd/docs/packages.ps -rw-r--r-- jkh/jkh 226439 Oct 16 14:27 1997 cfbsd/docs/packages-by-category.ps -rw-r--r-- jkh/jkh 788 Oct 16 15:01 1997 cfbsd/README -rw-r--r-- jkh/jkh 248 Oct 17 11:52 1997 cfbsd/errata To extract one of these files, say cfbsd/docs/packages.txt, and assuming you have the CD-ROM mounted as /cdrom, enter: # cd /usr/share/doc # tar xvzf /cdrom/xperimnt/cfbsd/cfbsd.tar.gz cfbsd/docs/packages.txt See page 209 for more information on using tar. These files are an early version of what is described in the book. I'll put up some updated
The Complete FreeBSD, third edition: errata and addenda
Errata and addenda for the Complete FreeBSD, third edition Last revision: 2 August 1999 The trouble with books is that you can't update them the way you can a web page or any other online documentation. The result is that most leading edge computer books are out of date almost before they are printed. Unfortunately, ``The Complete FreeBSD'', published by Walnut Creek, is no exception. In- evitably, a number of bugs and changes have surfaced. The following is a list of modifications which go beyond simple typos. They relate to the third edition, formatted on 17 May 1999. You'll find this information on page iv (the page before the beginning of the Table of Contents). See the end of this document for instructions on how to find the errata for an older version. You can get the current document in four forms: o A PostScript version, suitable for printingout,at ftp://ftp.lemis.com/pub/cfbsd/errata-3.ps. See page 302 of the third edition to find out how to print out PostScript. If at all possible, please take this document: it's closest to the original text. Be careful selecting this file with a web browser: it is often impossible to reload the document, and you may see a previously cached version. o An enhanced ASCII version at ftp://ftp.lemis.com/pub/cfbsd/errata-3.txt. When viewed with more or less, this version will show some highlighting and underlining. It's not suitable for direct viewing. o An ASCII-only version at ftp://ftp.lemis.com/pub/cfbsd/errata-3.ascii. This version is posted every week to the FreeBSD-questions mailing list. Only take this version if you have real problems with PostScript: I can't be sure that the lack of different fonts won't confuse the meaning. o A web version at http://www.lemis.com/errata-3.html. All these modifications have been applied to the ongoing source text of the book, so if you buy a later edition, they will be in it as well. If you find a Page 1 The Complete FreeBSD bug or a suspected bug in the book, please contact me at [EMAIL PROTECTED] Page ii ___ The instructions on page ii (opposite the title page) tell you to look at ftp://ftp.lemis.com/pub/cfbsd/errata-2 for the errata list. That's wrong. Look at this list. Pages 190 and 191 _ The description is not very clear about which text appears when booting from floppy for initial install, and which appears when booting normally. The procedure is very similar, but there are some differences. Add the following text after the heading Boot messages: You'll boot your system in at least two different ways: initially you'll boot from floppy or CD-ROM in order to install the system. Later, after the system is installed, you'll boot from hard disk. The procedure is almost identical, so we'll look at both versions in the following examples. Replace the text from the middle of page 191 with: If you're booting from 1.44 MB floppies, you will then see: Please insert MFS root floppy and press enter: When you insert the MFS root floppy and press Enter, you see more twirling batons, then the UserConfig screen appears. UserConfig: Modifying the boot configuration After the kernel has been loaded, the following screen will appear if you are installing the system, or if you have requested it with the -c option to the boot loader: Page 206 The bottom two lines on this page should be in bold constant font, indicating that this is input for your /etc/rc.config file Page 2 Errata and addenda for the Complete FreeBSD, third edition nfs_client_enable=YES # This host is an NFS client (or NO). nfs_server_enable=YES # This host is an NFS server (or NO). Page 265 The example on the second half of the page refers to the old SCSI driver. The scsi program is no longer available in FreeBSD 3.x. Instead, use the camcontrol program. Replace the text with:. Modern disks make provisions for recovering from such errors by allocating an alternate sector for the data. IDE drives do this automatically, but with SCSI drives you have the option of enabling or disabling reallocation. Usually it is turned on when you buy them, but occasionally it is not. When installing a new disk, you should check that the parameters ARRE (Auto Read Reallocation Enable) and AWRE (Auto Write Reallocation Enable) are turned on. For example, to check and set the values for disk da1, you would enter: # camcontrol modepage da1 -m 1 -e -P 3 # scsi -f /dev/rda1c -m 1 -e -P 3 This command will start up your favourite editor (either the one specified in the EDITOR environment variable, or vi by default) with the
filesystem snapshots causes system to hang
Hello! I am new to BSD and am asking for some help. When I try to get a snapshot mounted (mount -u -o snapshot /foo/bar /foo) the disk churns for a few minutes and then stops. After the disks stop churning, the system hangs. By hanging, I mean: frozen ssh sessions, frozen local console, completely locked out, etc. The computer does respond to a Ping, however. Additionally, I am using a JetStor IDE-SCSI RAID array so BSD is detecting the array as a single SCSI device. I'm not sure if this is the problem, but I thought the info may be helpful! I've tried the snapshots without the RAID device and it works fine on regular IDE devices. Alan To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Resizing partions
I've got a laptop that I originaly partioned inot a windoze, and FreeBSD partiton. I'm going to upgrade this unit this weekend, and I wnat to concatenate the 2 partions. Is there a way to do this? (Yes, it's the m$ parition I'm nuking). -- They that would give up essential liberty for temporary safety deserve neither liberty nor safety. -- Benjamin Franklin To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Sendmail directory ownership changed
Hello, A few days ago I started getting errors in my syslog saying that sendmail couldn't write to the mail directories, on inspection of the permissions, I discovered that all the mail directories had been changed to be owned by my personal UID and GID Can someone tell me what the proper permissions should be on the mail directories used by sendmail for it's queue? I've tried searching for the info and haven't been able to find it Joey Teel To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
