Re: host-based ssh authentication (no password) not working ... help needed
On Sun, Oct 10, 2004 at 02:14:32PM -0700, Joe Schmoe wrote: --- Matthew Seaman [EMAIL PROTECTED] wrote: For ssh(1) to work using key based auth, all of the files in ~user/.ssh on the server must have the correct permissions, and the host public keys for the server should be known to the client machine, and vice versa. No no ... I was talking about _host_ keys, not user keys - no user home directories should be involved at all. I am simply sharing host keys so that all users on CLIENT can login to SERVER with no passwords ... am I missing something here ? Errr... That's not recommended, but it should be possible. They are your systems, and you can do whatever you want with them. The procedure I gave about using sshd with all the debug flags turned on should still be helpful for debugging the setup. You'll also need HostbasedAuthentication yes but you should have #RhostsRSAAuthentication no because you don't want to be using SSH1 if you can avoid it. Plus you maybe want: IgnoreRhosts yes IgnoreUserKnowHosts yes in your /etc/ssh/sshd_config on the server. I think my problem is that I gave the public _host_ key of the CLIENT to the SERVER, but really I should give the public _host_ key of the SERVER to the CLIENt ... is that my problem ? Yes, you will need to populate /etc/ssh/ssh_known_hosts on both client and server. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpnwUAQAPYsA.pgp Description: PGP signature
Passive ports with FTPD daemon?
Hi, Is it possible to specify passive ports using the FTPD daemon supplied with Freebsd? Thanks -- robg [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Adding network IP to hosts.deny
Hi! I have a lot of login attempts from various networks and IP addresses on my FBSD 4.10 server. I have read the man pages for hosts.deny but do not understand how to add networks and IP addresses to it. Let's say I want to block the network address 192.168.100.0 and/or the IP address 192.168.135.77. What I understand is when using hosts.deny, I stopping them totally from using any networking services, right? Would it be better to let the built-in firewall (/etc/rc.firewall) to stopping them? I have the firewall activated and have changed the port for example SSH to a higher one. Could someone please provide me with some examples on either using hosts.deny or the default firewall? A big thanks in advance, Best Regards Pelle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS issue
I may be misunderstanding what you are saying here, but master.passwd on the slave servers should never get updated with NIS information. That line that goes at the end tells the authentication process to look to NIS for further information...same goes with the line that goes in the group file. To test that NIS is working correctly, try using ypcat on a client/slave server to see if it can pull the maps from the primary server. If that doesn't work, I may be able to shed some other light on your problem. (as usual, just include any error messages) ypcat 'works' in the sense that it displays information, but the information it displays is old, and not synchronous with the master server. This is only the case for master.passwd, however. ypcat passwd shows the correct information (thus things that use passwd rather than master.passwd; ie finger work fine). Because of this, there really is no error message to include. Hope that is more specific, and I appreciate your assistance. (sorry, Brian if you get this twice. I didn't realize there was no Reply-to to redirect my message to the list) Regards, Bill ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: MBR not overwritable with dd?
Am Montag, 11. Oktober 2004 04:37 schrieb Jerry McAllister: I tried to null out the MBR with the BETA7 fixit CD with the follwoing=20 command: dd if=3D/dev/zero of=3D/dev/ad0 count=3D16 After that fdsik still showed me a valid partition tabel! How? Does GEOM map the beginning of the raw device? Was it getting it from the in-memory informatino? After a lowlevel format fdisk still showed me a partition in slice 1 with id 165. So fdisk is misbehaving here. A hexdump of the first 512 Bytes validated that fdisk is wrong. Another question is why does sysinstall complain about wrong geometry? It claims the CHS values, but why? I heard that it's the fault of other OSes becaus they're writing wrong info onto the disk. But this disk has nothing but NULLs on it and sysinstall is presenting CHS values, also fdisk reads CHS Values from in-core labels. Can anybody entlighten me what in-core labels are? Then there's another error in sysinstall but I'll post that on current (when creating two slices, the partition table ends up in having two active entries) Thanks, -Harry jerry Thank you in advance, ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] pgpQlP37pstJk.pgp Description: PGP signature
Re: NIS issue
Be hot on typo. My case : % sudo tail -1 /etc/ma*d +: % sudo tail -1 /etc/ma*d|wc -c 11 % Sorry, this was a typo in my email, not the master.passwd. There are 9 colons in the actual file. (Again apologies if you get this multiple times .. it's late and I did not notice the lack of a Reply-to address) Bill ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Kernel modules the 5.2.1-p9 to 5.3b7 migration?
On Sunday 10 October 2004 01:35 pm, Alan Gerber [EMAIL PROTECTED] wrote: Joshua Tinnin wrote: On Sunday 10 October 2004 12:47 pm, Alan Gerber [EMAIL PROTECTED] wrote: I recently decided to update my 5.2.1-p9 system to the latest beta to check out the improvements in ACPI code on my Dell Latitude D600 laptop. So I updated sources and went through the usual [build|install][world|kernel] procedure as described in the handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworl d.h tml Did you rebuild your ports? If you haven't done this, you probably should, as GCC has been updated. While you're at it you might want to remove the mapping in libmap.conf and rebuild for the new library versions in BETA7. I'm not sure if that will solve your ACPI problems, but it has to be done anyway. Yes. I have rebuilt each of my installed ports, so in theory the libmap.conf mappings should be unnecessary. The problem still persists after removing the mappings, so it doesn't look like that has an affect on the problem either way. OK, well I doubted that was it, but just wanted to check. Have you tried booting without ACPI, such as: hint.acpi.0.disabled=1 in /boot/device.hints? I realize this defeats the purpose of your updating, but it might be worth seeing if it works without it. - jt ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Protecting SSH from brute force attacks
On Sun, Oct 10, 2004 at 04:45:26PM -0400, Matt Juszczak wrote: Isn't it hard (and sort of more insecure) to use the keys? Why that? Start an agent together with your login session, have it load the key(s) (after you've entered the holy passphrase(s), of course) and you're set to go. Simply 'ssh foo' and you're logged in. For instance, anyone who gets access to your home dir would be able to get the keys for all your servers True, but that's why they're protected by a passphrase (which is symmetric encryption, i.e. you can change it without having to tell your servers about it). I'm just kind of confused on how the keys could be much more secure than passwords. Well, a password works from everywhere and can be brute-forced. Or someone might get to know it via others means, hacking one of your target hosts for example (the password is sent over the wire when you log in!). If someone compromises a target host and you use public keys, the attacker only gains your public key. Which he can have. ;) OTOH your point is valid, of course. But when someone is in control of your machine, he might intercept your password anyway... - D. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Age of Empires on FreeBSD --- Possible?
Wll, maybe if development on wine for FBSD would have stopped things would have been different. In my office we have linux and FreeBSD workstations. I run FreeBSD but my friends have linux. Because of that they can play about anything using winex (Broodwar, Counterstrike, Rise of Nations etc) and i cant join because wine on FreeBSD doesnt work too well. Radu On Sun, 10 Oct 2004, David Jenkins wrote: On Sat, 9 Oct 2004 23:17:50 -0700, Joshua Tinnin [EMAIL PROTECTED] wrote: On Friday 08 October 2004 02:20 pm, Hugo Silva [EMAIL PROTECTED] wrote: Hey, I really need to get Age of Empires II - The Conquerors Expansion working on my (only workstation) FreeBSD box. I don't have windows anymore and I'll not switch back to be able to play, but I'd like to know if it is possible at all to run the game on BSD. Perhaps winex ? I heard it is compiling OK now with several patches.. Well, this probably isn't the answer you wanted to hear, but personally I still keep a Windows partition for this explicit reason (games and sound production). There are some games which run fine on some sort of emulator, but I'd rather not have to deal with a whole bunch of extra stuff to do something I can achieve more easily and with better results by using the intended OS. I don't like Windows, but some of the best games will only run on it. It's sort of a pain to reboot just to play Medieval: Total War, for instance, but once the game is over I can reboot into fbsd and have my workstation back, which I sort of like better than having a one-size-fits-all setup. In fact, I'll probably end up building a separate box with a Win installation just for gaming and sound, so I can concentrate on the hardware that will work best for a workstation and some servers using FreeBSD. - jt I tend to agree with this view - i.e. use the right tool for the right job. ``Usually'' this means using Windows for games ... Just my $0.02. Hope this helps. David ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: vinum swap no longer working.
On 2004.10.11 10:43:02 +0930, Greg 'groggy' Lehey wrote: [Format recovered--see http://www.lemis.com/email/email-format.html] Overlong lines. On Sunday, 10 October 2004 at 19:23:24 +0200, Mark Frasa wrote: Hello, After installing FreeBSD 5.2.1, because 4.10 and even 5.1 did not reconized mij SATA controller, i CVS-upped and upgraded to 5.2.1-p11 RELEASE After that I configured Vinum to mirror (RAID 1) 2 80G Maxtor SATA disks. The error i am getting is: swapon /dev/vinum/swap swapon: /dev/vinum/swap: Operation not supported by device I have taken notice of this message: - [missing attribution to Greg Lehey] On Sunday, 28 December 2003 at 20:00:04 -0800, Micheas Herman wrote: This may belong on current, I upgraded to 5.2 from 5.1 and my kernel (GENERIC) now refuses to use /dev/vinum/swap as my swap device. # swapon /dev/vinum/swap swapon: /dev/vinum/swap: Operation not supported by device # Is this a 5.2 bug or do I have vinum incorrectly configured? This is a 5.2 bug. It was last mentioned here a day or two ago, and I'm currently chasing it. Since this is a message from the 28th of December 2003 , can anyone tell me when this issue will be solved? Otherwise i have to consider buying PATA disks which allows me to run 4.10 again. Vinum is being rewritten; the new one is called gvinum or geom_vinum. It handles swap, and it should be in 5.3. Greg -- When replying to this message, please copy the original recipients. If you don't, I may ignore the reply or reply to the original recipients. For more information, see http://www.lemis.com/questions.html See complete headers for address and phone numbers. Does the vinum in FreeBSD 4.10 has the same problem? If not i might consider to buy PATA disks and run software raid because i rather use 4.10 then 5.3. Mark. pgpYpk9Kau1vE.pgp Description: PGP signature
[no subject]
Susbscribe [EMAIL PROTECTED] -- Jamie Heckford Network Manager Trident Microsystems Ltd. t: +44(0)1737-780790 f: +44(0)1737-771908 w: http://www.tridentmicrosystems.co.uk/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adding network IP to hosts.deny
The firewall would be definitely a better bet than host.deny. If you are using ipfw you can simply add a couple of deny rules like: ipfw add 100 deny all from 192.168.100.0/24 to me in Regards S. On Mon, 11 Oct 2004 08:46:40 +0200, Pelle Andersson [EMAIL PROTECTED] wrote: Hi! I have a lot of login attempts from various networks and IP addresses on my FBSD 4.10 server. I have read the man pages for hosts.deny but do not understand how to add networks and IP addresses to it. Let's say I want to block the network address 192.168.100.0 and/or the IP address 192.168.135.77. What I understand is when using hosts.deny, I stopping them totally from using any networking services, right? Would it be better to let the built-in firewall (/etc/rc.firewall) to stopping them? I have the firewall activated and have changed the port for example SSH to a higher one. Could someone please provide me with some examples on either using hosts.deny or the default firewall? A big thanks in advance, Best Regards Pelle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Subhro Sankha Kar School of Information Technology Block AQ-13/1 Sector V ZIP 700091 India ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Mixing fBSD 4 and 5 - NFS ACL's
Hi, I need to use the new ACL feature on one of our servers. However the data doesn't reside on the server that its being served from it is mounted via NFS. Im guessing I will need to install fBSD5 on the two servers I want to use ACL on, but will the other fBSD4 servers still be able to use NFS ok (they don't need to use ACL)?? Guess the question is can fBSD4 machines use fBSD5 NFS servers ok, and also, how stable is / does ACL even work between to fBSD5 machines using NFS? Ta, -- Jamie Heckford Network Manager Trident Microsystems Ltd. t: +44(0)1737-780790 f: +44(0)1737-771908 w: http://www.tridentmicrosystems.co.uk/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adding network IP to hosts.deny
Thanks for your reply! Does it matter where in the script I put this/these line/lines? Must it be before or after any other rule? Thanks The firewall would be definitely a better bet than host.deny. If you are using ipfw you can simply add a couple of deny rules like: ipfw add 100 deny all from 192.168.100.0/24 to me in Regards S. On Mon, 11 Oct 2004 08:46:40 +0200, Pelle Andersson [EMAIL PROTECTED] wrote: Hi! I have a lot of login attempts from various networks and IP addresses on my FBSD 4.10 server. I have read the man pages for hosts.deny but do not understand how to add networks and IP addresses to it. Let's say I want to block the network address 192.168.100.0 and/or the IP address 192.168.135.77. What I understand is when using hosts.deny, I stopping them totally from using any networking services, right? Would it be better to let the built-in firewall (/etc/rc.firewall) to stopping them? I have the firewall activated and have changed the port for example SSH to a higher one. Could someone please provide me with some examples on either using hosts.deny or the default firewall? A big thanks in advance, Best Regards Pelle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Subhro Sankha Kar School of Information Technology Block AQ-13/1 Sector V ZIP 700091 India ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adding network IP to hosts.deny
Hello Subhro, Monday, October 11, 2004, 11:32:13 AM, you wrote: The firewall would be definitely a better bet than host.deny. If you are using ipfw you can simply add a couple of deny rules like: ipfw add 100 deny all from 192.168.100.0/24 to me in Regards S. On Mon, 11 Oct 2004 08:46:40 +0200, Pelle Andersson [EMAIL PROTECTED] wrote: Hi! I have a lot of login attempts from various networks and IP addresses on my FBSD 4.10 server. I have read the man pages for hosts.deny but do not understand how to add networks and IP addresses to it. Let's say I want to block the network address 192.168.100.0 and/or the IP address 192.168.135.77. What I understand is when using hosts.deny, I stopping them totally from using any networking services, right? Would it be better to let the built-in firewall (/etc/rc.firewall) to stopping them? I have the firewall activated and have changed the port for example SSH to a higher one. Could someone please provide me with some examples on either using hosts.deny or the default firewall? you should try hosts.allow alrady. for example: sshd : 192.168.135.77 : deny A big thanks in advance, Best Regards Pelle -- Best regards +--==/\/\==--+ | DanGer [EMAIL PROTECTED] | | [EMAIL PROTECTED] ICQ261701668 | | http://danger.homeunix.org | +--==\/\/==--+ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adding network IP to hosts.deny
Pelle Andersson wrote: Hi! I have a lot of login attempts from various networks and IP addresses on my FBSD 4.10 server. I have read the man pages for hosts.deny but do not understand how to add networks and IP addresses to it. Let's say I want to block the network address 192.168.100.0 and/or the IP address 192.168.135.77. As far as I understood, the use of /etc/hosts.deny is (going to be?) depreciated. Instead use deny rules in /etc/hosts.allow. For example: ALL : 192.168.100.0 192.168.135.77 : deny This does: for all services that actually using the /etc/hosts.allow, it will deny all access by these two IP numbers. However, notice that there are services that do not use the hosts.allow, and those won't be affected. So if you want a full proof block of these IP numbers, you better make a firewall rule to deny their access. Rob. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mixing fBSD 4 and 5 - NFS ACL's
On Mon, Oct 11, 2004 at 10:45:07AM +0100, Jamie Heckford wrote: I need to use the new ACL feature on one of our servers. However the data doesn't reside on the server that its being served from it is mounted via NFS. Im guessing I will need to install fBSD5 on the two servers I want to use ACL on, but will the other fBSD4 servers still be able to use NFS ok (they don't need to use ACL)?? Guess the question is can fBSD4 machines use fBSD5 NFS servers ok, and also, how stable is / does ACL even work between to fBSD5 machines using NFS? See http://lists.freebsd.org/pipermail/freebsd-current/2004-October/039747.html under the 'Desired Features for 5.3-RELEASE' section: | | || Currently, MAC | | | || protections are | | | || enforced only on | | | || locally originated | | | || file system | | | || operations (VOPs), | | | || and not on RPCs | | | || generated via the| | | || NFS server. | | MAC support for | || Improvements in NFS | | NFS Server | Not done| Robert Watson | server credential| | | || handling are | | | || required to correct | | | || this problem, as | | | || well as the | | | || introduction of new | | | || entry points to | | | || properly label NFS | | | || credentials and | | | || perform enforcement | | | || properly.| So the only possibility for ACL support over NFS is going to be a 5.x release, but seeing as it hasn't been included yet, probably not 5.3-RELEASE. One possible route around that would be to use GEOM Gate -- that's a system rather like iSCSI or Linux's DRDB, where the server exports a disk device, rather than a filesystem. This is a standard part of 5.x now, and will be in 5.3-RELEASE, but it's still very new, so test carefully before putting it onto important servers. See: http://lists.freebsd.org/pipermail/freebsd-current/2004-May/026768.html http://www.freebsd.org/cgi/man.cgi?query=ggatecapropos=0sektion=0manpath=FreeBSD+6.0-currentformat=html http://www.freebsd.org/cgi/man.cgi?query=ggatedapropos=0sektion=0manpath=FreeBSD+6.0-currentformat=html http://www.freebsd.org/cgi/man.cgi?query=ggatelapropos=0sektion=0manpath=FreeBSD+6.0-currentformat=html A FreeBSD 4.x machine should quite happily use a 5.x machine as a NFS server. FreeBSD 4.x has no support for GEOM Gate though. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpiV1fPzfD4M.pgp Description: PGP signature
Re: Adding network IP to hosts.deny
Pelle Andersson wrote:
Hi!
I have a lot of login attempts from various networks and IP addresses
on my FBSD 4.10 server. I have read the man pages for hosts.deny but
do not understand how to add networks and IP addresses to it.
Let's say I want to block the network address 192.168.100.0 and/or
the IP address 192.168.135.77.
What I understand is when using hosts.deny, I stopping them totally
from using any networking services, right?
Would it be better to let the built-in firewall (/etc/rc.firewall)
to stopping them? I have the firewall activated and have changed
the port for example SSH to a higher one.
Could someone please provide me with some examples on either using
hosts.deny or the default firewall?
A big thanks in advance,
Best Regards Pelle
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
I use /etc/rc.ipfw...
${fwcmd} add 300 deny IP from 24.19.0.105 to any
${fwcmd} add 301 deny IP from 24.79.68.179 to any
${fwcmd} add 400 deny IP from 61.100.180.125 to any
${fwcmd} add 401 deny IP from 61.206.125.28 to any
${fwcmd} add 402 deny IP from 61.211.239.236 to any
${fwcmd} add 500 deny IP from 63.144.19.6 to any
${fwcmd} add 501 deny IP from 64.246.20.123 to any
${fwcmd} add 502 deny IP from 66.223.46.129 to any
${fwcmd} add 503 deny IP from 67.81.127.99 to any
${fwcmd} add 600 deny IP from 81.223.99.90 to any
${fwcmd} add 700 deny IP from 140.112.124.123 to any
${fwcmd} add 701 deny IP from 159.226.2.161 to any
${fwcmd} add 702 deny IP from 163.25.65.3 to any
${fwcmd} add 703 deny IP from 193.145.87.3 to any
${fwcmd} add 800 deny IP from 202.57.191.179 to any
${fwcmd} add 801 deny IP from 202.226.185.150 to any
${fwcmd} add 810 deny IP from 203.71.62.9 to any
${fwcmd} add 113 deny IP from 203.98.166.25 to any
${fwcmd} add 812 deny IP from 203.115.96.151 to any
${fwcmd} add 813 deny IP from 203.169.248.5 to any
${fwcmd} add 814 deny IP from 203.186.157.37 to any
${fwcmd} add 830 deny IP from 205.209.141.50 to any
${fwcmd} add 870 deny IP from 209.88.93.138 to any
${fwcmd} add 871 deny IP from 209.172.103.235 to any
${fwcmd} add 880 deny IP from 210.204.129.11 to any
${fwcmd} add 890 deny IP from 211.60.219.250 to any
${fwcmd} add 891 deny IP from 211.221.246.28 to any
${fwcmd} add 892 deny IP from 211.251.71.2 to any
${fwcmd} add 893 deny IP from 211.252.9.126 to any
${fwcmd} add 940 deny IP from 216.29.112.126 to any
${fwcmd} add 950 deny IP from 217.172.182.148 to any
${fwcmd} add 960 deny IP from 218.21.129.105 to any
${fwcmd} add 961 deny IP from 218.49.183.17 to any
${fwcmd} add 962 deny IP from 218.102.19.78 to any
${fwcmd} add 963 deny IP from 218.237.66.152 to any
${fwcmd} add 970 deny IP from 220.64.223.249 to any
${fwcmd} add 971 deny IP from 220.73.215.151 to any
${fwcmd} add 980 deny IP from 221.3.131.80 to any
${fwcmd} add 981 deny IP from 221.12.11.118 to any
${fwcmd} add 982 deny IP from 222.56.118.124 to any
Is th list I have so far... I haven't added any (I'm sure I received
more attempts) since Friday... above this part, I have the rest of my
firewall script..
Hopethis helps,
Michael
--
Michael D. Whities
[EMAIL PROTECTED]
http://www.one-arm.com
--
There are four colors of hats to watch for:
Black, White, Grey, and Red.
The meanings are:
Cracker, Hacker, Guru, and Victim.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Iconv transleteration
Does iconv(1) suppots transleteration and detranslitiration? (I interested in KOI8-R/US-ASCII) Best regards, Tarc ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: route vmnet1 host server
On 11 Oct Christian Hiris wrote: The easiest solution is to assign a free ip-address of your localnet (192.168.11.nnn) to your win-guest. Try to avoid a setup of two subnets on one physical NIC. As /dev/vmnet1 acts as bridge it's ip-address isn't relevant. There is only the requirement that it's ip-address should not conflict with any already 'in-use' ip-address on your network. The above information says it all, I guess. I was confused, because the vmware3 ports speaks of no support for bridging. This must be some other kind of bridging ;-) As you tell me, this is a normal story and I don't expect to have difficulties with it. My next question is irrelevant too, I guess. If I give my vm-winbox a 'normal' local IP there is no need for the freebsd machine to act as gateway (away with it from rc.conf) and I also don't need ipnat. The normal firewall rules will do. If I'm wrong I like to hear it. That's why I'll leave the quetion intact. -did I get the ipnat rules correct? If you decide to use a ip-address in your localnet ip-range, just duplicate the host-specfic rules and change the host-ip(192.168.11.22) to your win-guest-ip (192.168.11.nnn) in theese rules. You maybe want to do some extra-blocking of unwanted win-specific traffic. I only use ipfw, so I'm not the one that can answer your ipnat question in detail. -- dick -- http://www.nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.10 ++ Debian GNU/Linux (Woody) + Nai tiruvantel ar vayuvantel i Valar tielyanna nu vilya ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adding network IP to hosts.deny
uidzero wrote:
Pelle Andersson wrote:
Hi!
I have a lot of login attempts from various networks and IP addresses
on my FBSD 4.10 server. I have read the man pages for hosts.deny but
do not understand how to add networks and IP addresses to it.
I use /etc/rc.ipfw...
${fwcmd} add 300 deny IP from 24.19.0.105 to any
${fwcmd} add 301 deny IP from 24.79.68.179 to any
${fwcmd} add 400 deny IP from 61.100.180.125 to any
${fwcmd} add 401 deny IP from 61.206.125.28 to any
${fwcmd} add 402 deny IP from 61.211.239.236 to any
${fwcmd} add 500 deny IP from 63.144.19.6 to any
${fwcmd} add 501 deny IP from 64.246.20.123 to any
${fwcmd} add 502 deny IP from 66.223.46.129 to any
${fwcmd} add 503 deny IP from 67.81.127.99 to any
${fwcmd} add 600 deny IP from 81.223.99.90 to any
${fwcmd} add 700 deny IP from 140.112.124.123 to any
${fwcmd} add 701 deny IP from 159.226.2.161 to any
${fwcmd} add 702 deny IP from 163.25.65.3 to any
${fwcmd} add 703 deny IP from 193.145.87.3 to any
${fwcmd} add 800 deny IP from 202.57.191.179 to any
${fwcmd} add 801 deny IP from 202.226.185.150 to any
${fwcmd} add 810 deny IP from 203.71.62.9 to any
${fwcmd} add 113 deny IP from 203.98.166.25 to any
${fwcmd} add 812 deny IP from 203.115.96.151 to any
${fwcmd} add 813 deny IP from 203.169.248.5 to any
${fwcmd} add 814 deny IP from 203.186.157.37 to any
${fwcmd} add 830 deny IP from 205.209.141.50 to any
${fwcmd} add 870 deny IP from 209.88.93.138 to any
${fwcmd} add 871 deny IP from 209.172.103.235 to any
${fwcmd} add 880 deny IP from 210.204.129.11 to any
${fwcmd} add 890 deny IP from 211.60.219.250 to any
${fwcmd} add 891 deny IP from 211.221.246.28 to any
${fwcmd} add 892 deny IP from 211.251.71.2 to any
${fwcmd} add 893 deny IP from 211.252.9.126 to any
${fwcmd} add 940 deny IP from 216.29.112.126 to any
${fwcmd} add 950 deny IP from 217.172.182.148 to any
${fwcmd} add 960 deny IP from 218.21.129.105 to any
${fwcmd} add 961 deny IP from 218.49.183.17 to any
${fwcmd} add 962 deny IP from 218.102.19.78 to any
${fwcmd} add 963 deny IP from 218.237.66.152 to any
${fwcmd} add 970 deny IP from 220.64.223.249 to any
${fwcmd} add 971 deny IP from 220.73.215.151 to any
${fwcmd} add 980 deny IP from 221.3.131.80 to any
${fwcmd} add 981 deny IP from 221.12.11.118 to any
${fwcmd} add 982 deny IP from 222.56.118.124 to any
I have attacks by similar IP numbers. However, I discovered
that these IP numbers are used only once to attack my PC.
Next attack will be from a different IP number. So adding the
IP numbers to your list each time after an attack, will make
your deny-list longer and longer, but won't make it more effective,
since it doesn't protect you against the attackers next attempts.
Unless, of course, someone is attacking again and again from the
same IP number; but that is not what I observe.
Rob.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Mixing fBSD 4 and 5 - NFS ACL's
Thanks Matt, I'll have a look at GEOM gate but will most likely have to wait for the NFS support. If anyone needs any help testing the NFS Server work I'll be more than happy. Jamie -Original Message- From: Matthew Seaman [mailto:[EMAIL PROTECTED] Sent: 11 October 2004 11:10 To: Jamie Heckford Cc: [EMAIL PROTECTED] Subject: Re: Mixing fBSD 4 and 5 - NFS ACL's On Mon, Oct 11, 2004 at 10:45:07AM +0100, Jamie Heckford wrote: I need to use the new ACL feature on one of our servers. However the data doesn't reside on the server that its being served from it is mounted via NFS. Im guessing I will need to install fBSD5 on the two servers I want to use ACL on, but will the other fBSD4 servers still be able to use NFS ok (they don't need to use ACL)?? Guess the question is can fBSD4 machines use fBSD5 NFS servers ok, and also, how stable is / does ACL even work between to fBSD5 machines using NFS? See http://lists.freebsd.org/pipermail/freebsd-current/2004-October/039747.h tml under the 'Desired Features for 5.3-RELEASE' section: | | || Currently, MAC | | | || protections are | | | || enforced only on | | | || locally originated | | | || file system | | | || operations (VOPs), | | | || and not on RPCs | | | || generated via the | | | || NFS server. | | MAC support for | || Improvements in NFS | | NFS Server | Not done| Robert Watson | server credential | | | || handling are | | | || required to correct | | | || this problem, as | | | || well as the | | | || introduction of new | | | || entry points to | | | || properly label NFS | | | || credentials and | | | || perform enforcement | | | || properly. | So the only possibility for ACL support over NFS is going to be a 5.x release, but seeing as it hasn't been included yet, probably not 5.3-RELEASE. One possible route around that would be to use GEOM Gate -- that's a system rather like iSCSI or Linux's DRDB, where the server exports a disk device, rather than a filesystem. This is a standard part of 5.x now, and will be in 5.3-RELEASE, but it's still very new, so test carefully before putting it onto important servers. See: http://lists.freebsd.org/pipermail/freebsd-current/2004-May/026768.html http://www.freebsd.org/cgi/man.cgi?query=ggatecapropos=0sektion=0manp ath=FreeBSD+6.0-currentformat=html http://www.freebsd.org/cgi/man.cgi?query=ggatedapropos=0sektion=0manp ath=FreeBSD+6.0-currentformat=html http://www.freebsd.org/cgi/man.cgi?query=ggatelapropos=0sektion=0manp ath=FreeBSD+6.0-currentformat=html A FreeBSD 4.x machine should quite happily use a 5.x machine as a NFS server. FreeBSD 4.x has no support for GEOM Gate though. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adding network IP to hosts.deny
Rob wrote:
uidzero wrote:
Pelle Andersson wrote:
Hi!
I have a lot of login attempts from various networks and IP addresses
on my FBSD 4.10 server. I have read the man pages for hosts.deny but
do not understand how to add networks and IP addresses to it.
I use /etc/rc.ipfw...
${fwcmd} add 300 deny IP from 24.19.0.105 to any
${fwcmd} add 301 deny IP from 24.79.68.179 to any
${fwcmd} add 400 deny IP from 61.100.180.125 to any
${fwcmd} add 401 deny IP from 61.206.125.28 to any
${fwcmd} add 402 deny IP from 61.211.239.236 to any
${fwcmd} add 500 deny IP from 63.144.19.6 to any
${fwcmd} add 501 deny IP from 64.246.20.123 to any
${fwcmd} add 502 deny IP from 66.223.46.129 to any
${fwcmd} add 503 deny IP from 67.81.127.99 to any
${fwcmd} add 600 deny IP from 81.223.99.90 to any
${fwcmd} add 700 deny IP from 140.112.124.123 to any
${fwcmd} add 701 deny IP from 159.226.2.161 to any
${fwcmd} add 702 deny IP from 163.25.65.3 to any
${fwcmd} add 703 deny IP from 193.145.87.3 to any
${fwcmd} add 800 deny IP from 202.57.191.179 to any
${fwcmd} add 801 deny IP from 202.226.185.150 to any
${fwcmd} add 810 deny IP from 203.71.62.9 to any
${fwcmd} add 113 deny IP from 203.98.166.25 to any
${fwcmd} add 812 deny IP from 203.115.96.151 to any
${fwcmd} add 813 deny IP from 203.169.248.5 to any
${fwcmd} add 814 deny IP from 203.186.157.37 to any
${fwcmd} add 830 deny IP from 205.209.141.50 to any
${fwcmd} add 870 deny IP from 209.88.93.138 to any
${fwcmd} add 871 deny IP from 209.172.103.235 to any
${fwcmd} add 880 deny IP from 210.204.129.11 to any
${fwcmd} add 890 deny IP from 211.60.219.250 to any
${fwcmd} add 891 deny IP from 211.221.246.28 to any
${fwcmd} add 892 deny IP from 211.251.71.2 to any
${fwcmd} add 893 deny IP from 211.252.9.126 to any
${fwcmd} add 940 deny IP from 216.29.112.126 to any
${fwcmd} add 950 deny IP from 217.172.182.148 to any
${fwcmd} add 960 deny IP from 218.21.129.105 to any
${fwcmd} add 961 deny IP from 218.49.183.17 to any
${fwcmd} add 962 deny IP from 218.102.19.78 to any
${fwcmd} add 963 deny IP from 218.237.66.152 to any
${fwcmd} add 970 deny IP from 220.64.223.249 to any
${fwcmd} add 971 deny IP from 220.73.215.151 to any
${fwcmd} add 980 deny IP from 221.3.131.80 to any
${fwcmd} add 981 deny IP from 221.12.11.118 to any
${fwcmd} add 982 deny IP from 222.56.118.124 to any
I have attacks by similar IP numbers. However, I discovered
that these IP numbers are used only once to attack my PC.
Next attack will be from a different IP number. So adding the
IP numbers to your list each time after an attack, will make
your deny-list longer and longer, but won't make it more effective,
since it doesn't protect you against the attackers next attempts.
Unless, of course, someone is attacking again and again from the
same IP number; but that is not what I observe.
Rob.
Actually, quite a few has attempted several times from the same IPs. I
figure if it gets to big, I'll just block the whole class. What do I
care if a whole country can't access my lil webserver? :)
Thanks for the comment.
Michael
--
Michael D. Whities
[EMAIL PROTECTED]
http://www.one-arm.com
--
There are four colors of hats to watch for:
Black, White, Grey, and Red.
The meanings are:
Cracker, Hacker, Guru, and Victim.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
How to make the boot menu just like I want?
Dear FreeBSD Team: This is Frederick. Is there any table to list the partition number(subtype) or sysid? I have two hard disks. The first one install windows, and the second one install freebsd. I first install windows, then install freebsd. I use boot manager to manage my boot. The menu shows: F1: DOS F5: Drive 1 I want the menu to show like: F1: Windows F5 Drive 1 I did something. I changed the subtype in the fdisk, 6, 7, 12, 13, 14... but I can't make my menu just like I want. So please help me to find the partition number(subtype), or tell me how to do that to make the change. Please reply me to the following mail address: [EMAIL PROTECTED] Thanks for your help! Frederick. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Kernel modules the 5.2.1-p9 to 5.3b7 migration?
Joshua Tinnin wrote: On Sunday 10 October 2004 01:35 pm, Alan Gerber [EMAIL PROTECTED] wrote: Joshua Tinnin wrote: On Sunday 10 October 2004 12:47 pm, Alan Gerber [EMAIL PROTECTED] wrote: I recently decided to update my 5.2.1-p9 system to the latest beta to check out the improvements in ACPI code on my Dell Latitude D600 laptop. So I updated sources and went through the usual [build|install][world|kernel] procedure as described in the handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworl d.h tml Did you rebuild your ports? If you haven't done this, you probably should, as GCC has been updated. While you're at it you might want to remove the mapping in libmap.conf and rebuild for the new library versions in BETA7. I'm not sure if that will solve your ACPI problems, but it has to be done anyway. Yes. I have rebuilt each of my installed ports, so in theory the libmap.conf mappings should be unnecessary. The problem still persists after removing the mappings, so it doesn't look like that has an affect on the problem either way. OK, well I doubted that was it, but just wanted to check. Have you tried booting without ACPI, such as: hint.acpi.0.disabled=1 in /boot/device.hints? I realize this defeats the purpose of your updating, but it might be worth seeing if it works without it. - jt ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Yes. APM takes over in this case, and the box is usable. However, it does the same thing without booting with ACPI disabled - it merely prints out the error message noted above and goes on its merry way - there is nothing preventing me from using the system whatsoever. -- Alan Gerber ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adding network IP to hosts.deny
Thanks all for you replys!
Yes the IP addresses is changing all the time. The pages I serve
are for one country only (.se) so I think I can block whole nets
without any problem. If the pages where International there would
be a problem I think.
2 new questions.
1. Is it possible to block a whole network with IPFW?
Like this for example:
---
${fwcmd} add 961 deny IP from 192.168.100.0/24 to any
---
2. Do I also need to raise the number 961 by one in the above line for
each
new rule-line I add?
In the meantime, I need/want/must to learn IPFW =)
Thank again,
Best regards
Rob wrote:
uidzero wrote:
Pelle Andersson wrote:
Hi!
I have a lot of login attempts from various networks and IP
addresses on my FBSD 4.10 server. I have read the man pages for
hosts.deny but do not understand how to add networks and IP
addresses to it.
I use /etc/rc.ipfw...
${fwcmd} add 300 deny IP from 24.19.0.105 to any ${fwcmd} add 301
deny IP from 24.79.68.179 to any ${fwcmd} add 400 deny IP from
61.100.180.125 to any ${fwcmd} add 401 deny IP from 61.206.125.28
to
any ${fwcmd} add 402 deny IP from 61.211.239.236 to any ${fwcmd}
add
500 deny IP from 63.144.19.6 to any ${fwcmd} add 501 deny IP from
64.246.20.123 to any ${fwcmd} add 502 deny IP from 66.223.46.129 to
any ${fwcmd} add 503 deny IP from 67.81.127.99 to any ${fwcmd} add
600 deny IP from 81.223.99.90 to any ${fwcmd} add 700 deny IP from
140.112.124.123 to any ${fwcmd} add 701 deny IP from 159.226.2.161
to
any ${fwcmd} add 702 deny IP from 163.25.65.3 to any ${fwcmd} add
703
deny IP from 193.145.87.3 to any ${fwcmd} add 800 deny IP from
202.57.191.179 to any ${fwcmd} add 801 deny IP from 202.226.185.150
to any ${fwcmd} add 810 deny IP from 203.71.62.9 to any ${fwcmd}
add
113 deny IP from 203.98.166.25 to any ${fwcmd} add 812 deny IP from
203.115.96.151 to any ${fwcmd} add 813 deny IP from 203.169.248.5
to
any ${fwcmd} add 814 deny IP from 203.186.157.37 to any ${fwcmd}
add
830 deny IP from 205.209.141.50 to any ${fwcmd} add 870 deny IP
from
209.88.93.138 to any ${fwcmd} add 871 deny IP from 209.172.103.235
to
any ${fwcmd} add 880 deny IP from 210.204.129.11 to any ${fwcmd}
add
890 deny IP from 211.60.219.250 to any ${fwcmd} add 891 deny IP
from
211.221.246.28 to any ${fwcmd} add 892 deny IP from 211.251.71.2 to
any ${fwcmd} add 893 deny IP from 211.252.9.126 to any ${fwcmd} add
940 deny IP from 216.29.112.126 to any ${fwcmd} add 950 deny IP
from
217.172.182.148 to any ${fwcmd} add 960 deny IP from 218.21.129.105
to any ${fwcmd} add 961 deny IP from 218.49.183.17 to any ${fwcmd}
add 962 deny IP from 218.102.19.78 to any ${fwcmd} add 963 deny IP
from 218.237.66.152 to any ${fwcmd} add 970 deny IP from
220.64.223.249 to any ${fwcmd} add 971 deny IP from 220.73.215.151
to
any ${fwcmd} add 980 deny IP from 221.3.131.80 to any ${fwcmd} add
981 deny IP from 221.12.11.118 to any ${fwcmd} add 982 deny IP from
222.56.118.124 to any
I have attacks by similar IP numbers. However, I discovered that
these
IP numbers are used only once to attack my PC.
Next attack will be from a different IP number. So adding the IP
numbers to your list each time after an attack, will make your
deny-list longer and longer, but won't make it more effective, since
it doesn't protect you against the attackers next attempts.
Unless, of course, someone is attacking again and again from the
same
IP number; but that is not what I observe.
Rob.
Actually, quite a few has attempted several times from the same IPs. I
figure if it gets to big, I'll just block the whole class. What do I
care if a whole country can't access my lil webserver? :)
Thanks for the comment.
Michael
--
Michael D. Whities
[EMAIL PROTECTED]
http://www.one-arm.com
--
There are four colors of hats to watch for:
Black, White, Grey, and Red.
The meanings are:
Cracker, Hacker, Guru, and Victim.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: How to make the boot menu just like I want?
-Original Message- From: Frederick [mailto:[EMAIL PROTECTED] Sent: Monday, October 11, 2004 12:34 PM To: FreeBSD-questions Subject: How to make the boot menu just like I want? Dear FreeBSD Team: This is Frederick. Is there any table to list the partition number(subtype) or sysid? I have two hard disks. The first one install windows, and the second one install freebsd. I first install windows, then install freebsd. I use boot manager to manage my boot. The menu shows: F1: DOS F5: Drive 1 I want the menu to show like: F1: Windows F5 Drive 1 The FreeBSD bootloader doesn't have this capability as far as I am aware of. Your best best is to use the Windows boot loader, install grub, lilo or some other boot manager that has user configurable options for just this thing. I did something. I changed the subtype in the fdisk, 6, 7, 12, 13, 14... but I can't make my menu just like I want. So please help me to find the partition number(subtype), or tell me how to do that to make the change. Please reply me to the following mail address: [EMAIL PROTECTED] Thanks for your help! Frederick. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to make the boot menu just like I want?
Am Montag, 11. Oktober 2004 13:03 schrieb [EMAIL PROTECTED]: [...] I want the menu to show like: F1: Windows F5 Drive 1 The FreeBSD bootloader doesn't have this capability as far as I am aware of. Your best best is to use the Windows boot loader, install grub, lilo or some other boot manager that has user configurable options for just this thing. I can highly recommend gag! (http://gag.sourceforge.net/) -Harry I did something. I changed the subtype in the fdisk, 6, 7, 12, 13, 14... but I can't make my menu just like I want. So please help me to find the partition number(subtype), or tell me how to do that to make the change. Please reply me to the following mail address: [EMAIL PROTECTED] Thanks for your help! Frederick. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] pgpagrAfcPcFJ.pgp Description: PGP signature
Re: Adding network IP to hosts.deny
- Forwarded message from Mark Frasa [EMAIL PROTECTED] -
From: Mark Frasa [EMAIL PROTECTED]
Subject: Re: Adding network IP to hosts.deny
To: Pelle Andersson [EMAIL PROTECTED]
Reply-To: Mark Frasa [EMAIL PROTECTED]
Date: Mon, 11 Oct 2004 13:05:04 +0200
User-Agent: Mutt/1.5.6i
Message-ID: [EMAIL PROTECTED]
On 2004.10.11 12:53:20 +0200, Pelle Andersson wrote:
Thanks all for you replys!
Yes the IP addresses is changing all the time. The pages I serve
are for one country only (.se) so I think I can block whole nets
without any problem. If the pages where International there would
be a problem I think.
2 new questions.
1. Is it possible to block a whole network with IPFW?
Like this for example:
---
${fwcmd} add 961 deny IP from 192.168.100.0/24 to any
---
2. Do I also need to raise the number 961 by one in the above line for
each
new rule-line I add?
In the meantime, I need/want/must to learn IPFW =)
Thank again,
Best regards
Rob wrote:
uidzero wrote:
Pelle Andersson wrote:
Hi!
I have a lot of login attempts from various networks and IP
addresses on my FBSD 4.10 server. I have read the man pages for
hosts.deny but do not understand how to add networks and IP
addresses to it.
I use /etc/rc.ipfw...
${fwcmd} add 300 deny IP from 24.19.0.105 to any ${fwcmd} add 301
deny IP from 24.79.68.179 to any ${fwcmd} add 400 deny IP from
61.100.180.125 to any ${fwcmd} add 401 deny IP from 61.206.125.28
to
any ${fwcmd} add 402 deny IP from 61.211.239.236 to any ${fwcmd}
add
500 deny IP from 63.144.19.6 to any ${fwcmd} add 501 deny IP from
64.246.20.123 to any ${fwcmd} add 502 deny IP from 66.223.46.129 to
any ${fwcmd} add 503 deny IP from 67.81.127.99 to any ${fwcmd} add
600 deny IP from 81.223.99.90 to any ${fwcmd} add 700 deny IP from
140.112.124.123 to any ${fwcmd} add 701 deny IP from 159.226.2.161
to
any ${fwcmd} add 702 deny IP from 163.25.65.3 to any ${fwcmd} add
703
deny IP from 193.145.87.3 to any ${fwcmd} add 800 deny IP from
202.57.191.179 to any ${fwcmd} add 801 deny IP from 202.226.185.150
to any ${fwcmd} add 810 deny IP from 203.71.62.9 to any ${fwcmd}
add
113 deny IP from 203.98.166.25 to any ${fwcmd} add 812 deny IP from
203.115.96.151 to any ${fwcmd} add 813 deny IP from 203.169.248.5
to
any ${fwcmd} add 814 deny IP from 203.186.157.37 to any ${fwcmd}
add
830 deny IP from 205.209.141.50 to any ${fwcmd} add 870 deny IP
from
209.88.93.138 to any ${fwcmd} add 871 deny IP from 209.172.103.235
to
any ${fwcmd} add 880 deny IP from 210.204.129.11 to any ${fwcmd}
add
890 deny IP from 211.60.219.250 to any ${fwcmd} add 891 deny IP
from
211.221.246.28 to any ${fwcmd} add 892 deny IP from 211.251.71.2 to
any ${fwcmd} add 893 deny IP from 211.252.9.126 to any ${fwcmd} add
940 deny IP from 216.29.112.126 to any ${fwcmd} add 950 deny IP
from
217.172.182.148 to any ${fwcmd} add 960 deny IP from 218.21.129.105
to any ${fwcmd} add 961 deny IP from 218.49.183.17 to any ${fwcmd}
add 962 deny IP from 218.102.19.78 to any ${fwcmd} add 963 deny IP
from 218.237.66.152 to any ${fwcmd} add 970 deny IP from
220.64.223.249 to any ${fwcmd} add 971 deny IP from 220.73.215.151
to
any ${fwcmd} add 980 deny IP from 221.3.131.80 to any ${fwcmd} add
981 deny IP from 221.12.11.118 to any ${fwcmd} add 982 deny IP from
222.56.118.124 to any
I have attacks by similar IP numbers. However, I discovered that
these
IP numbers are used only once to attack my PC.
Next attack will be from a different IP number. So adding the IP
numbers to your list each time after an attack, will make your
deny-list longer and longer, but won't make it more effective, since
it doesn't protect you against the attackers next attempts.
Unless, of course, someone is attacking again and again from the
same
IP number; but that is not what I observe.
Rob.
Actually, quite a few has attempted several times from the same IPs. I
figure if it gets to big, I'll just block the whole class. What do I
care if a whole country can't access my lil webserver? :)
Thanks for the comment.
Michael
--
Michael D. Whities
[EMAIL PROTECTED]
http://www.one-arm.com
--
There are four colors of hats to watch for:
Black, White, Grey, and Red.
The meanings are:
Cracker, Hacker, Guru, and Victim.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Hi,
Q1 Yes, you can add like /24 behind the ip-address to specify a range.
Q2 The best thing is to raise the number for each rule, when you later
MPD and ADSL pptp line problems
Hello, We 're using FreeBSD-4.10 with mpd-3.18 to connect to our ISP through a Alcatel speed touch home ISDN-ethernet modem. From time to time the connection becomes verry slow and ping -f shows packet losses up to 90 %. To recover form the losses, power cycling the modem OR stopping restarting mpd OR waiting for minutes to hours solves the packet losses. Any ideas what might cause this? And how to solve this? The Alcatel Modem firmware is up-to-date. There is absolute no problem between de modem and the FreeBSD-box. Any help/suggestions would be appreciated. Thanks. Arjan ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adding network IP to hosts.deny
uidzero wrote:
Rob wrote:
uidzero wrote:
Pelle Andersson wrote:
Hi!
I have a lot of login attempts from various networks and IP addresses
on my FBSD 4.10 server. I have read the man pages for hosts.deny but
do not understand how to add networks and IP addresses to it.
I use /etc/rc.ipfw...
${fwcmd} add 300 deny IP from 24.19.0.105 to any
${fwcmd} add 301 deny IP from 24.79.68.179 to any
${fwcmd} add 400 deny IP from 61.100.180.125 to any
${fwcmd} add 401 deny IP from 61.206.125.28 to any
[...snip...]
${fwcmd} add 971 deny IP from 220.73.215.151 to any
${fwcmd} add 980 deny IP from 221.3.131.80 to any
${fwcmd} add 981 deny IP from 221.12.11.118 to any
${fwcmd} add 982 deny IP from 222.56.118.124 to any
I have attacks by similar IP numbers. However, I discovered
that these IP numbers are used only once to attack my PC.
Next attack will be from a different IP number. So adding the
IP numbers to your list each time after an attack, will make
your deny-list longer and longer, but won't make it more effective,
since it doesn't protect you against the attackers next attempts.
Unless, of course, someone is attacking again and again from the
same IP number; but that is not what I observe.
Rob.
Actually, quite a few has attempted several times from the same IPs. I
figure if it gets to big, I'll just block the whole class. What do I
care if a whole country can't access my lil webserver? :)
Have you bothered to monitor your rules with ipfw -dt show, or by adding
a 'log' to your rules? That would give you a clue as to how effective
your deny rules are.
Rob.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: vinum swap no longer working.
On Monday, 11 October 2004 at 11:26:13 +0200, Mark Frasa wrote: On 2004.10.11 10:43:02 +0930, Greg 'groggy' Lehey wrote: [missing attribution to Greg Lehey] On Sunday, 28 December 2003 at 20:00:04 -0800, Micheas Herman wrote: This may belong on current, I upgraded to 5.2 from 5.1 and my kernel (GENERIC) now refuses to use /dev/vinum/swap as my swap device. # swapon /dev/vinum/swap swapon: /dev/vinum/swap: Operation not supported by device # Is this a 5.2 bug or do I have vinum incorrectly configured? This is a 5.2 bug. It was last mentioned here a day or two ago, and I'm currently chasing it. Since this is a message from the 28th of December 2003 , can anyone tell me when this issue will be solved? Otherwise i have to consider buying PATA disks which allows me to run 4.10 again. Vinum is being rewritten; the new one is called gvinum or geom_vinum. It handles swap, and it should be in 5.3. Does the vinum in FreeBSD 4.10 has the same problem? No. Greg -- When replying to this message, please copy the original recipients. If you don't, I may ignore the reply or reply to the original recipients. For more information, see http://www.lemis.com/questions.html See complete headers for address and phone numbers. pgpQBI7f8A4vi.pgp Description: PGP signature
TIMEOUT - WRITE_DMA and smart questions
[ please reply only on questions@ if this is not appropriate for current@ ] Hi, While doing nothing special the system start printing TIMEOUT - WRITE_DMA erros and eventually after an atacontrol mode 0 PIO4 PIO4 hanged completely at 04:20. After restart I've got a few TIMEOUT .. but no hung, however the machine is idle. SMART was enabled as seen bellow, but smartd wasn't running (stupid, huh :-/ ). Obvious question: is the hdd dying ? Second question, as I'm not familiar with SMART: how much can one trust SMART reports ? Third question: could you suggest some settings for smartd ? I'm, asking this because I don't fully understand the man pages for smartctl and smartd; a link explaining more about smart would also be appreciated. System details: Local system status (last daily mail): 3:01AM up 2 days, 11:56, 2 users, load averages: 1.04, 1.07, 0.95 % uname -a FreeBSD it.buh.cameradicommercio.ro 5.3-BETA7 FreeBSD 5.3-BETA7 #3: Mon Oct 4 21:57:25 EEST 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/IT53_d i386 Oct 11 04:06:51 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=186210020 Oct 11 04:07:02 it kernel: ata0: reiniting channel .. Oct 11 04:07:02 it kernel: ata0: reset tp1 mask=03 ostat0=d0 ostat1=d0 Oct 11 04:07:02 it kernel: ad0: stat=0xd0 err=0xd0 lsb=0xd0 msb=0xd0 Oct 11 04:07:02 it last message repeated 95 times Oct 11 04:07:02 it kernel: ad0: stat=0x50 err=0x01 lsb=0x00 msb=0x00 Oct 11 04:07:02 it kernel: ata0-slave: stat=0x00 err=0x01 lsb=0x00 msb=0x00 Oct 11 04:07:02 it kernel: ata0: reset tp2 stat0=50 stat1=00 devices=0x1ATA_MASTER Oct 11 04:07:02 it kernel: ata0: resetting done .. Oct 11 04:07:02 it kernel: ad0: pio=0x0c wdma=0x22 udma=0x45 cable=80pin Oct 11 04:07:02 it kernel: ad0: setting PIO4 on VIA 8235 chip Oct 11 04:07:02 it kernel: ad0: setting UDMA100 on VIA 8235 chip Oct 11 04:07:02 it kernel: ata0: device config done .. Oct 11 04:07:16 it kernel: (probe0:ata0:0:0:0): error 22 Oct 11 04:07:16 it kernel: (probe0:ata0:0:0:0): Unretryable Error Oct 11 04:07:16 it kernel: (probe1:ata0:0:1:0): error 22 Oct 11 04:07:16 it kernel: (probe1:ata0:0:1:0): Unretryable Error . # grep LBA /var/log/messages Oct 11 04:06:51 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=186210020 Oct 11 04:07:52 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=165839908 Oct 11 04:08:48 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=165849220 Oct 11 04:09:12 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=165851556 Oct 11 04:09:32 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=165859748 Oct 11 04:10:44 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=6343103 Oct 11 04:11:23 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=186210916 Oct 11 04:11:36 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=186211044 Oct 11 04:11:58 it kernel: acd0: FAILURE - ATA_IDENTIFY status=51READY,DSC,ERROR error=4ABORTED LBA=0 Oct 11 04:13:21 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=309294340 Oct 11 04:14:00 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=175421156 Oct 11 04:14:24 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (1 retry left) LBA=175421156 Oct 11 04:15:04 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=175421796 Oct 11 04:15:48 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=130261540 Oct 11 04:16:10 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=175421892 Oct 11 04:16:53 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=173918724 Oct 11 04:18:50 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=309924420 Oct 11 04:19:14 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=4920283 Oct 11 04:40:00 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=4918975 Oct 11 04:40:56 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=6067199 Oct 11 10:46:52 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=6343103 # grep sw /var/log/messages Oct 11 04:14:24 it kernel: swap_pager: indefinite wait buffer: device: ad0s1e, blkno: 14841, size: 4096 Oct 11 04:14:24 it kernel: swap_pager: indefinite wait buffer: device: ad0s3d, blkno: 14381, size: 4096 Oct 11 04:16:53 it kernel: swap_pager: indefinite wait buffer: device: ad0s3d, blkno: 60732, size: 4096 Oct 11 04:16:53 it kernel: swap_pager: indefinite wait buffer: device: ad0s3d, blkno: 33481, size: 4096 Oct 11 04:16:53 it kernel: swap_pager: indefinite wait buffer: device: ad0s3d, blkno: 33488, size: 4096 The disk is: # atacontrol cap 0 0 ATA channel 0, Master, device ad0: Protocol ATA/ATAPI revision 6 device model WDC WD1600JB-00EVA0 serial number WD-WCAEK1298992 firmware revision 15.05R15 cylinders 16383 heads 16
cvsupd configuration ? unknown collection src-all
I decided to give cvsupd a try to make my upgrading a bit more efficient and bandwidth friendly. I read the manual page chose a local server [local3], cvsup-ed, updated the repository, built world, kernel, etc. All with no problems. I started cvsupd on the machine with the following options: cvsupd -b /usr/local/etc/cvsup -c sup -s sup -C 3 I went to one of the machines that I wanted to update and started cvsup and got Server message: unknow collection src-all and all others and a message that said it was skipping the colections, ended by a message that stated that it had finished successfully. It actually updated nothing. I've used cvsup as a client for years with no problem. From the manual page it seemed very straight forward and simple but somehow I've managed to screw it up. Any suggestions would be appreciated. Thanks, ed P.D. I'm running current. I've got the same configuration for cvs-supfile on both machines except for the server that I changed for freebsd to local3. Both machined were update from freebsd yesterday with no problem. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: MPD and ADSL pptp line problems
I had a problem once with a certain provider using MPD for VPN over ADSL connections, have you tried experimenting with the MTU on your adapter? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Arjan Knepper Sent: 11 October 2004 10:31 To: [EMAIL PROTECTED] Subject: MPD and ADSL pptp line problems Hello, We 're using FreeBSD-4.10 with mpd-3.18 to connect to our ISP through a Alcatel speed touch home ISDN-ethernet modem. From time to time the connection becomes verry slow and ping -f shows packet losses up to 90 %. To recover form the losses, power cycling the modem OR stopping restarting mpd OR waiting for minutes to hours solves the packet losses. Any ideas what might cause this? And how to solve this? The Alcatel Modem firmware is up-to-date. There is absolute no problem between de modem and the FreeBSD-box. Any help/suggestions would be appreciated. Thanks. Arjan ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
MPD and ADSL pptp line problems
Hello, We 're using FreeBSD-4.10 with mpd-3.18 to connect to our ISP through a Alcatel speed touch home ISDN-ethernet modem. From time to time the connection becomes verry slow and ping -f shows packet losses up to 90 %. To recover form the losses, power cycling the modem OR stopping restarting mpd OR waiting for minutes to hours solves the packet losses. Any ideas what might cause this? And how to solve this? The Alcatel Modem firmware is up-to-date. There is absolute no problem between de modem and the FreeBSD-box. Any help/suggestions would be appreciated. Thanks. Arjan ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS issue
Interesting...something that pops into my mind is something obvious since it was stated in the handbook, but needs to be said anyway...when you add stuff to the master.passwd file, do you re-make the database? Also, if you follow the directions in the handbook, they suggest you make a different master.passwd file in /var/yp to store the accounts that go into nisI re-wrote the make file section for passwd.* and told it to look to /etc/passwd where the UID is greater then 1000and it works great for me...if you'd like a copy of the entries in the Makefile, I'll send them to you. It sounds like that's what's going on (and I've had endless students make this mistake in class as well...it's a common one). --Brian On Sun, 10 Oct 2004 21:44:18 -1000, William Bierman [EMAIL PROTECTED] wrote: Be hot on typo. My case : % sudo tail -1 /etc/ma*d +: % sudo tail -1 /etc/ma*d|wc -c 11 % Sorry, this was a typo in my email, not the master.passwd. There are 9 colons in the actual file. (Again apologies if you get this multiple times .. it's late and I did not notice the lack of a Reply-to address) Bill ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to make the boot menu just like I want?
[Frederick, 2004-10-11] This is Frederick. Is there any table to list the partition number(subtype) or sysid? I have two hard disks. The first one install windows, and the second one install freebsd. I first install windows, then install freebsd. I use boot manager to manage my boot. : So please help me to find the partition number(subtype), or tell me how to do that to make the change. The FreeBSD boot manager is a very small program that lives entirely within the bootsector of the disk. It is therefore only one sector in size, or 512 bytes. To change the boot menu, you would have to reqrite this program. The source code is in: /usr/src/sys/boot/i386/boot0/boot0.S Note, however, that this program is allready exactly 512 bytes when compiled, so for every byte you put in, you need to take another one out. On my laptop I've recompiled the boot0 program to display Diag for the Dell diagnostic service partition, XP in place of DOS, and FreeBSD for my FreeBSD partition. To get room for the Diag selecttion, I had to remove Linux from the list. I think I've lost my patches, but the boot sector code has been living happily and undisturbed on the boot sector through alot of system updates. Please be careful when replacing the boot sector. Your system may become unbootable, and you would have to resort to boot disks to get it back. Cheers, Svein Halvor ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: TIMEOUT - WRITE_DMA and smart questions
Ion-Mihai, For more information on smartmontools (smartctl,smartd), check out the Source Forge site, http://smartmontools.sourceforge.net If you have specific questions, you can email the support list (link on the page above). Ed On Mon, 2004-10-11 at 07:09, Ion-Mihai Tetcu wrote: [ please reply only on questions@ if this is not appropriate for current@ ] Hi, While doing nothing special the system start printing TIMEOUT - WRITE_DMA erros and eventually after an atacontrol mode 0 PIO4 PIO4 hanged completely at 04:20. After restart I've got a few TIMEOUT .. but no hung, however the machine is idle. SMART was enabled as seen bellow, but smartd wasn't running (stupid, huh :-/ ). Obvious question: is the hdd dying ? Second question, as I'm not familiar with SMART: how much can one trust SMART reports ? Third question: could you suggest some settings for smartd ? I'm, asking this because I don't fully understand the man pages for smartctl and smartd; a link explaining more about smart would also be appreciated. System details: Local system status (last daily mail): 3:01AM up 2 days, 11:56, 2 users, load averages: 1.04, 1.07, 0.95 % uname -a FreeBSD it.buh.cameradicommercio.ro 5.3-BETA7 FreeBSD 5.3-BETA7 #3: Mon Oct 4 21:57:25 EEST 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/IT53_d i386 Oct 11 04:06:51 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=186210020 Oct 11 04:07:02 it kernel: ata0: reiniting channel .. Oct 11 04:07:02 it kernel: ata0: reset tp1 mask=03 ostat0=d0 ostat1=d0 Oct 11 04:07:02 it kernel: ad0: stat=0xd0 err=0xd0 lsb=0xd0 msb=0xd0 Oct 11 04:07:02 it last message repeated 95 times Oct 11 04:07:02 it kernel: ad0: stat=0x50 err=0x01 lsb=0x00 msb=0x00 Oct 11 04:07:02 it kernel: ata0-slave: stat=0x00 err=0x01 lsb=0x00 msb=0x00 Oct 11 04:07:02 it kernel: ata0: reset tp2 stat0=50 stat1=00 devices=0x1ATA_MASTER Oct 11 04:07:02 it kernel: ata0: resetting done .. Oct 11 04:07:02 it kernel: ad0: pio=0x0c wdma=0x22 udma=0x45 cable=80pin Oct 11 04:07:02 it kernel: ad0: setting PIO4 on VIA 8235 chip Oct 11 04:07:02 it kernel: ad0: setting UDMA100 on VIA 8235 chip Oct 11 04:07:02 it kernel: ata0: device config done .. Oct 11 04:07:16 it kernel: (probe0:ata0:0:0:0): error 22 Oct 11 04:07:16 it kernel: (probe0:ata0:0:0:0): Unretryable Error Oct 11 04:07:16 it kernel: (probe1:ata0:0:1:0): error 22 Oct 11 04:07:16 it kernel: (probe1:ata0:0:1:0): Unretryable Error . # grep LBA /var/log/messages Oct 11 04:06:51 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=186210020 Oct 11 04:07:52 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=165839908 Oct 11 04:08:48 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=165849220 Oct 11 04:09:12 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=165851556 Oct 11 04:09:32 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=165859748 Oct 11 04:10:44 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=6343103 Oct 11 04:11:23 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=186210916 Oct 11 04:11:36 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=186211044 Oct 11 04:11:58 it kernel: acd0: FAILURE - ATA_IDENTIFY status=51READY,DSC,ERROR error=4ABORTED LBA=0 Oct 11 04:13:21 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=309294340 Oct 11 04:14:00 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=175421156 Oct 11 04:14:24 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (1 retry left) LBA=175421156 Oct 11 04:15:04 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=175421796 Oct 11 04:15:48 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=130261540 Oct 11 04:16:10 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=175421892 Oct 11 04:16:53 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=173918724 Oct 11 04:18:50 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=309924420 Oct 11 04:19:14 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=4920283 Oct 11 04:40:00 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=4918975 Oct 11 04:40:56 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=6067199 Oct 11 10:46:52 it kernel: ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=6343103 # grep sw /var/log/messages Oct 11 04:14:24 it kernel: swap_pager: indefinite wait buffer: device: ad0s1e, blkno: 14841, size: 4096 Oct 11 04:14:24 it kernel: swap_pager: indefinite wait buffer: device: ad0s3d, blkno: 14381, size: 4096 Oct 11 04:16:53 it kernel: swap_pager: indefinite wait buffer: device: ad0s3d, blkno: 60732, size: 4096 Oct 11 04:16:53 it kernel: swap_pager: indefinite wait buffer: device: ad0s3d, blkno: 33481, size: 4096 Oct
Re: Adding network IP to hosts.deny
Rob wrote:
uidzero wrote:
Rob wrote:
uidzero wrote:
Pelle Andersson wrote:
Hi!
I have a lot of login attempts from various networks and IP addresses
on my FBSD 4.10 server. I have read the man pages for hosts.deny but
do not understand how to add networks and IP addresses to it.
I use /etc/rc.ipfw...
${fwcmd} add 300 deny IP from 24.19.0.105 to any
${fwcmd} add 301 deny IP from 24.79.68.179 to any
${fwcmd} add 400 deny IP from 61.100.180.125 to any
${fwcmd} add 401 deny IP from 61.206.125.28 to any
[...snip...]
${fwcmd} add 971 deny IP from 220.73.215.151 to any
${fwcmd} add 980 deny IP from 221.3.131.80 to any
${fwcmd} add 981 deny IP from 221.12.11.118 to any
${fwcmd} add 982 deny IP from 222.56.118.124 to any
I have attacks by similar IP numbers. However, I discovered
that these IP numbers are used only once to attack my PC.
Next attack will be from a different IP number. So adding the
IP numbers to your list each time after an attack, will make
your deny-list longer and longer, but won't make it more effective,
since it doesn't protect you against the attackers next attempts.
Unless, of course, someone is attacking again and again from the
same IP number; but that is not what I observe.
Rob.
Actually, quite a few has attempted several times from the same IPs.
I figure if it gets to big, I'll just block the whole class. What do
I care if a whole country can't access my lil webserver? :)
Have you bothered to monitor your rules with ipfw -dt show, or by adding
a 'log' to your rules? That would give you a clue as to how effective
your deny rules are.
Rob.
I've added a few friends static IPs and they weren't able to get any of
the services my system runs. So,noy only is ssh blocked, everything is
blocked.
Michael
--
Michael D. Whities
[EMAIL PROTECTED]
http://www.one-arm.com
--
There are four colors of hats to watch for:
Black, White, Grey, and Red.
The meanings are:
Cracker, Hacker, Guru, and Victim.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: TIMEOUT - WRITE_DMA and smart questions
On Mon, 11 Oct 2004 08:19:07 -0400 Eduard Martinescu [EMAIL PROTECTED] wrote: Ion-Mihai, For more information on smartmontools (smartctl,smartd), check out the Source Forge site, http://smartmontools.sourceforge.net If you have specific questions, you can email the support list (link on the page above). Thanks, I've saw that page (and your name there, thank for your work), but it doesn't contain much more info compered with the man pages. I'm reading the LinuxJournal article now. I think I've panicked a little bit ;) but it seems I have lot of bad-luck with ata disks. -- IOnut Unregistered ;) FreeBSD user ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
l2tpd on 5.2.1
hello there, on a 5.2.1 fBSD i installed l2tpd from ports (ports were cvsuped a hour ago). The compilation process went without errors, i edited the conf file to suit my needs but when i tried to run the daemon i get this error : This binary does not support kernel L2TP. google didn't help much Anyone ??? Cristi --- This message and its contents have been scanned and certified for transmission as being free from malicious code by eTrust Antivirus. This message may contain confidential, privileged or other legally protected information. It is intended for the addressee(s) only. If you are not the addressee, or someone the addressee authorized to receive this message, you are prohibited from copying, distributing or otherwise using it. Please notify the sender and return it.Thank you. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Trouble rebuilding sendmail
I just upgrade src with cvsup and want to rebuild sendmail. For some reason it stops and I would very much like some help from you about what I can do now. System: FreeBSD server 4.8-RC FreeBSD 4.8-RC #0: Sat Mar 15 17:08:42 CET 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/OCTOPUS i386 Old sendmail: 8.12.8 (the one running now) Also running: Spamd Spamass-milter Saslauthd Here's my problem (see bottom for error): /Andreas server# make clean rm -f sm_os.h sendmail alias.o arpadate.o bf.o collect.o conf.o control.o convtime.o daemon.o deliver.o domain.o envelope.o err.o headers.o macro.o main.o map.o mci.o milter.o mime.o parseaddr.o queue.o ratectrl.o readcf.o recipient.o savemail.o sasl.o sfsasl.o shmticklib.o sm_resolve.o srvrsmtp.o stab.o stats.o sysexits.o timers.o tls.o trace.o udb.o usersmtp.o util.o version.o mailq.1.gz newaliases.1.gz aliases.5.gz sendmail.8.gz mailq.1.cat.gz newaliases.1.cat.gz aliases.5.cat.gz sendmail.8.cat.gz octopus# make depend ln -sf /usr/src/usr.sbin/sendmail/../../contrib/sendmail/include/sm/os/sm_os_freebsd.h sm_os.h octopus# make cc -O -pipe -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DMILTER -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include -DSASL=2 -D_FFR_SMTP_SSL-c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/alias.c cc -O -pipe -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DMILTER -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include -DSASL=2 -D_FFR_SMTP_SSL-c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/arpadate.c cc -O -pipe -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DMILTER -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include -DSASL=2 -D_FFR_SMTP_SSL-c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/bf.c cc -O -pipe -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DMILTER -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include -DSASL=2 -D_FFR_SMTP_SSL-c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/collect.c cc -O -pipe -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DMILTER -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include -DSASL=2 -D_FFR_SMTP_SSL-c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/conf.c cc -O -pipe -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DMILTER -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include -DSASL=2 -D_FFR_SMTP_SSL-c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/control.c cc -O -pipe -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DMILTER -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include -DSASL=2 -D_FFR_SMTP_SSL-c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/convtime.c cc -O -pipe -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DMILTER -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include -DSASL=2 -D_FFR_SMTP_SSL-c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/daemon.c cc -O -pipe -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DMILTER -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include -DSASL=2 -D_FFR_SMTP_SSL-c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/deliver.c cc -O -pipe -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DMILTER -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include -DSASL=2 -D_FFR_SMTP_SSL-c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/domain.c cc -O -pipe -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DMILTER -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include -DSASL=2 -D_FFR_SMTP_SSL-c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/envelope.c cc -O -pipe -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src
Re: Can't compile wine port
Yes. I am runing 5.2.1 FreeBSD 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #2 I comment USE_GCC 3.14 and type make and get another errors. But again type make clean ; make and all was fine. Thanks. On Sat, Oct 09, 2004 at 11:08:29AM -0400, Lowell Gilbert wrote: It looks like you're running 5.2.1. Are you using the ports that came with that release, or something more current? If you are in fact running FreeBSD 5.2.1, you should be able to edit the file /usr/ports/emulators/wine/Makefile and remove the USE_GCC line. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RAID 1 in HP NetServer LC 2000
Ok.. vinum then.. but i have error when applied this vinum.conf drive drive1 device /dev/da0s1e drive drive2 device /dev/da1s1e volume usr setupstate plex org concat sd length 13887091s drive drive1 plex org concat sd length 13887091s drive drive2 volume var setupstate plex org concat sd length 0 drive drive1 plex org concat sd length 0 drive drive2 mail# vinum vinum - create -f /etc/vinum.conf 2: drive drive2 device /dev/da1s1e /*** 2 : Invalid argument*/ 1 drives: D drive1State: up Device /dev/da0s1e Avail: 0/16488 MB (0%) D drive2State: referenced Device /dev/da1s1e Avail: 0/0 MB 2 volumes: V usr State: up Plexes: 2 Size: 6780 MB V var State: up Plexes: 2 Size: 9707 MB 4 plexes: P usr.p0 C State: up Subdisks: 1 Size: 6780 MB P usr.p1 C State: up Subdisks: 1 Size: 6780 MB P var.p0 C State: up Subdisks: 1 Size: 9707 MB P var.p1 C State: up Subdisks: 1 Size: 0 B 4 subdisks: S usr.p0.s0 State: up PO:0 B Size: 6780 MB S usr.p1.s0 State: up PO:0 B Size: 6780 MB S var.p0.s0 State: up PO:0 B Size: 9707 MB S var.p1.s0 State: up PO:0 B Size: 0 B which argumen is invalid ? i use 4.10 .. please help me... regards reza Am Freitag, 8. Oktober 2004 15:47 schrieb Muhammad Reza: Dear All, Howto setup RAID 1 in HP NetServer LC 2000 ? I have 2 Seagate HDD that want to be mirror 1:1, Can i do that from Symbios software or tool from my FreeBSD 4.10 ? With 4.10 you have the choice of vinum and ccd, in 5.3 you also have gmirror for RAID1. See the man pages for details, ccd is quiet easy, vinum is a bit more complex but more flexible too. -Harry regards reza ---snip--- sym0: 896 port 0x2000-0x20ff mem 0xfd00-0xfd001fff,0xfd002000-0xfd0023ff irq 11 at device 6.0 on pci3 sym0: Symbios NVRAM, ID 7, Fast-40, LVD, parity checking sym0: open drain IRQ line driver, using on-chip SRAM sym0: using LOAD/STORE-based firmware. sym0: handling phase mismatch from SCRIPTS. sym1: 896 port 0x2400-0x24ff mem 0xfd004000-0xfd005fff,0xfd002400-0xfd0027ff irq 5 at device 6.1 on pci3 sym1: Symbios NVRAM, ID 7, Fast-40, LVD, parity checking sym1: open drain IRQ line driver, using on-chip SRAM sym1: using LOAD/STORE-based firmware. sym1: handling phase mismatch from SCRIPTS. ---snap--- .. .. --snip-- da0 at sym1 bus 0 target 0 lun 0 da0: SEAGATE ST318405LW 5063 Fixed Direct Access SCSI-3 device da0: 80.000MB/s transfers (40.000MHz, offset 31, 16bit), Tagged Queueing Enabled da0: 17501MB (35843670 512 byte sectors: 255H 63S/T 2231C) da1 at sym1 bus 0 target 1 lun 0 da1: SEAGATE ST318405LW 5063 Fixed Direct Access SCSI-3 device da1: 80.000MB/s transfers (40.000MHz, offset 31, 16bit), Tagged Queueing Enabled da1: 17501MB (35843670 512 byte sectors: 255H 63S/T 2231C) ---snap--- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Trouble rebuilding sendmail
Andreas Widerøe Andersen wrote: I just upgrade src with cvsup and want to rebuild sendmail. For some reason it stops and I would very much like some help from you about what I can do now. System: FreeBSD server 4.8-RC FreeBSD 4.8-RC #0: Sat Mar 15 17:08:42 CET 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/OCTOPUS i386 Old sendmail: 8.12.8 (the one running now) Also running: Spamd Spamass-milter Saslauthd Here's my problem (see bottom for error): Maybe a little stupid, but do you have sendmail installed from ports also? Or, do you use gcc base or ports? -- cso ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Trouble rebuilding sendmail
At 15:11 11.10.2004, Christer Solskogen wrote: Andreas Widerøe Andersen wrote: I just upgrade src with cvsup and want to rebuild sendmail. For some reason it stops and I would very much like some help from you about what I can do now. System: FreeBSD server 4.8-RC FreeBSD 4.8-RC #0: Sat Mar 15 17:08:42 CET 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/OCTOPUS i386 Old sendmail: 8.12.8 (the one running now) Also running: Spamd Spamass-milter Saslauthd Here's my problem (see bottom for error): Maybe a little stupid, but do you have sendmail installed from ports also? Or, do you use gcc base or ports? No, it was installed together with FreeBSD. However, I just fixed the problem. I rebuilt the kernel and did a make build/install world. Now everything works and my sendmail is latest version. Thanks! Andreas --- Andreas Wideroe Andersen [EMAIL PROTECTED] Mobile: (+47) 90 92 61 21 http://www.filmshooting.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD Release Question
In a message dated 10/9/04 6:25:49 PM Eastern Daylight Time, [EMAIL PROTECTED] writes: 1. By Sep 2005, do you think 5.x performance will be optimized and be comparable to today's 4.x stable versions ? 5.3 is supposed to be stable, and it's expected to be on part with 4.x performance, and it's supposed to release before the end of the month. From what I've seen and heard, it looks like all that is going to happen. 2. By Sep 2005, do you think 5.x will be as stable as today's 4.x released versions ? Yes. I hope you're not betting your business on these questions, because the reality is that 1) they're not very good questions and 2) the people who are answering them can't really know the answers. stable requires time, and since 5.2.1 and 5.3 are substantially different, I can't see how one can predict the level of stability a year from now. You also didnt mention what your project is, so how can you expect anyone to comment on performance or stability? If you're developing a CD duplicator the answer is likely much different than if you are developing a networking product. If you can, do it on 4.x and move it to 5.x when you determine that it meets your needs. Don't bet the farm on the hopes and expectations of others. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Wiki on FreeBSD
On Sat, Oct 09, 2004 at 01:38:56PM -0400, Alan Curtis wrote: I am looking for an easy to install wiki that an apache/perl/php/whatever novice like me can install without getting a migrane. Any suggestions? I use MediaWiki on http://freebsdwiki.org/ FreeBSD-specific instructions are here: http://meta.wikimedia.org/wiki/Running_MediaWiki_on_FreeBSD Almost all the requirements, including Apache, PHP and MySQL, work fine from ports. pgpK50Ba6Esjx.pgp Description: PGP signature
Re: Wiki on FreeBSD
Andy Smith said the following on 10/11/2004 10:29 AM: On Sat, Oct 09, 2004 at 01:38:56PM -0400, Alan Curtis wrote: I am looking for an easy to install wiki that an apache/perl/php/whatever novice like me can install without getting a migrane. Any suggestions? I use MediaWiki on http://freebsdwiki.org/ FreeBSD-specific instructions are here: http://meta.wikimedia.org/wiki/Running_MediaWiki_on_FreeBSD Almost all the requirements, including Apache, PHP and MySQL, work fine from ports. www/twiki is also pretty nice, and customizable without causing you migraines... http://www.twiki.org/ is the main devel site... Best, G. -- They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. ~Benjamin Franklin, Historical Review of Pennsylvania, 1759 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: route vmnet1 host server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 11 October 2004 12:27, dick hoogendijk wrote: The above information says it all, I guess. I was confused, because the vmware3 ports speaks of no support for bridging. This must be some other kind of bridging ;-) As you tell me, this is a normal story and I don't expect to have difficulties with it. There was a thread some days ago on the questions and emulation mailing-list about vmware3 setup. My next question is irrelevant too, I guess. If I give my vm-winbox a 'normal' local IP there is no need for the freebsd machine to act as gateway (away with it from rc.conf) and I also don't need ipnat. The normal firewall rules will do. Yup, you don't need to set gateway_enable=YES in your rc.conf same with ipnat, you don't need it. There is one important thing when you start vmware and set up your virtual machine: In the Ethernet Adapters configuration dialog select Connection Type: -- Custom Vmnet:-- /dev/vmnet1 - -- Christian Hiris [EMAIL PROTECTED] | OpenPGP KeyID 0x3BCA53BE OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBapq409WjGjvKU74RAhQfAJ9JZ20tg77jyrugYIK0X6tMUHWx2wCeO0Xb sYoIXJW8wQNFwQZOvFDiAZA= =qwVi -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: route vmnet1 host server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 11 October 2004 16:37, Christian Hiris wrote: On Monday 11 October 2004 12:27, dick hoogendijk wrote: The above information says it all, I guess. I was confused, because the vmware3 ports speaks of no support for bridging. This must be some other kind of bridging ;-) As you tell me, this is a normal story and I don't expect to have difficulties with it. Yup, you don't need to set gateway_enable=YES in your rc.conf same with ipnat, you don't need it. There is one important thing when you start vmware and set up your virtual machine: In the Ethernet Adapters configuration dialog select Connection Type: -- Custom Vmnet:-- /dev/vmnet1 What you read about unsupported bridging is related to this. The vmware3 port supports bridging, but you can't use the 'Connection Type Bridged' in the virtual machine setup. However, bridging is supported via 'Connection Type Custom' and 'Vmnet /dev/vmnet1'. This is maybe a little confusing, if you are new to VMware on FreeBSD. - -- Christian Hiris [EMAIL PROTECTED] | OpenPGP KeyID 0x3BCA53BE OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBaqCT09WjGjvKU74RAv5QAJ989h9mdPUS+Q7pm4JVyl9ZQrwVJACfejiu davJVxTq/1jv96agSHN4xxQ= =yOPP -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
portupgrade problem
Hi all, Got a port upgrade problem here, ruby is dumping core during a portsdb -uU (and thus any time it tries to update the portsdb. only noticed it today but i did upgrade ruby recently so i tried following the emergency recovery part in /usr/port/UPDATING and did pkg_delete portupgrade-\* pkg_delete -r ruby-\* then cd /usr/ports/sysutils/portupgrade make install clean but no joy, i still get the same error -cut portupgrade error test-- [EMAIL PROTECTED] [/root/cvsup-files] [13:59] #portsdb -uU Updating the ports index ... Generating INDEX.tmp - please wait..test: : unexpected operator Warning: Duplicate INDEX entry: freeciv-gtk2-1.14.1 Warning: Duplicate INDEX entry: mod_jk2-apache2-2.0.2 Warning: Duplicate INDEX entry: mod_rpaf-ap2-0.5 Done. done [Updating the portsdb format:bdb1_btree in /usr/ports ... - 11732 port entries found .1000.2000.3000.4000.5000.6000.7000.8000/usr/local/lib/ruby/site_ruby/1.8/portsdb.rb:587: [BUG] Bus Error ruby 1.8.2 (2004-07-29) [i386-freebsd5] Abort (core dumped) --end of port upgrade error text-- uname -a FreeBSD lobster.unsane.co.uk 5.2.1-RELEASE-p9 FreeBSD 5.2.1-RELEASE-p9 #2: Fri Sep 17 21:45:48 BST 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/UNSANE i386 (14:40:05 ~) 0 $ ruby -v ruby 1.8.2 (2004-07-29) [i386-freebsd5] any suggestions welcome Vince ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Sony PCVA-15XTAP2 monitor
Hello, Someone's offered me one of these monitors, a Sony PCVA-15XTAP2. I really don't know anything about it, except that it's widescreen and has a non-standard connector of some sort - power and signal through the same cable, apparently (I haven't actually seen it yet). Does anyone know anything about making it work (will I be able to run it with an adapter from my current generic agp card?) and specifically making it work with Xorg? Searching on the Sony site comes up with nothing, and I've googled around and found pretty much the same there. Thanks a lot, Ben ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sony PCVA-15XTAP2 monitor
Ben Paley wrote: Someone's offered me one of these monitors, a Sony PCVA-15XTAP2. I really don't know anything about it, except that it's widescreen and has a non-standard connector of some sort - power and signal through the same cable, apparently (I haven't actually seen it yet). Does anyone know anything about making it work (will I be able to run it with an adapter from my current generic agp card?) and specifically making it work with Xorg? The only thing I could find is a Japanese reference to the monitor where they appear to cut the connector off, although chances are that it's a proprietory DVI connector/adaptor. My Japanese is non-existant, but it might be a place to start. For one thing they appear to have the pinout chart, so who knows... http://niga.sytes.net/at/vaio_dvi.html James ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How can I turn off hard disk if there's no IO for serveral minutes?
___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to NOT load AGP?
Hi, I'm suffering from this problem On 5.2.1-RELEASE-p4, everything is fine. I CVSUP to 5.2.1-RELEASE-p11, and things lock up HARD for me. I'm using the SAME kernel config file both times. I've put the NvAGP in, no difference. I've recompiled and reinstalled the nvidia driver, nothing. Is there a way to specifically CVSUP by -pXX release, and I'll just go one by one until it stops working to figure out what the change might be. Thanks, Tuc/TTSG Internet Services, Inc. My 5.2.1-RELEASE-p4 didn't support it without patching, I'll have to check but I don't think I used it in the end. Does your XF86Config contain the following entries in 'Section Device': Driver nvidia Option NvAGP 1 I'm pretty sure this (the 'Option NvAGP 1') is what did it in the end for me. If it doesn't appear to work, don't forget to verify which config X is using by checking your XFree86.0.log or :0.log for the line: (==) Using config file: /etc/X11/XF86Config ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: FreeBSD Release Question
While TM4525's points are valid even FreeBSD 5.2.1 is pretty stable (insert sual disclaimer about using non -stable version here) and I use it over 4 in many circumstances. FreeBSD 5 will rapidly become the standard and if you are targeting your application for introduction in late 2005 at a minimum I would plan on shipping it with FreeBSD 5 so considering the changes in FreeBSD 5 in your design/programming stage would be very valuable. I have been testing FreeBSD 5 since 5 was first released and more than likely will be rolling most my boxes to 5.3 a few weeks after it is released. Of course you should evaluate both 4 and 5 to see if they meet your needs in a test environment. IMHO FreeBSD 5.3 is far beyond the hopes of others and is poised to be quite good especially by your release time. , Jason -Original Message- From: [EMAIL PROTECTED] [mailto:owner-freebsd- [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, October 11, 2004 8:21 AM To: [EMAIL PROTECTED] Subject: Re: FreeBSD Release Question In a message dated 10/9/04 6:25:49 PM Eastern Daylight Time, [EMAIL PROTECTED] writes: 1. By Sep 2005, do you think 5.x performance will be optimized and be comparable to today's 4.x stable versions ? 5.3 is supposed to be stable, and it's expected to be on part with 4.x performance, and it's supposed to release before the end of the month. From what I've seen and heard, it looks like all that is going to happen. 2. By Sep 2005, do you think 5.x will be as stable as today's 4.x released versions ? Yes. I hope you're not betting your business on these questions, because the reality is that 1) they're not very good questions and 2) the people who are answering them can't really know the answers. stable requires time, and since 5.2.1 and 5.3 are substantially different, I can't see how one can predict the level of stability a year from now. You also didnt mention what your project is, so how can you expect anyone to comment on performance or stability? If you're developing a CD duplicator the answer is likely much different than if you are developing a networking product. If you can, do it on 4.x and move it to 5.x when you determine that it meets your needs. Don't bet the farm on the hopes and expectations of others. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portupgrade problem
On Mon, Oct 11, 2004 at 04:05:17PM +0100, Vince Hoffman wrote: Hi all, Got a port upgrade problem here, ruby is dumping core during a portsdb -uU (and thus any time it tries to update the portsdb. only noticed it today but i did upgrade ruby recently so i tried following the emergency recovery part in /usr/port/UPDATING and did pkg_delete portupgrade-\* pkg_delete -r ruby-\* then cd /usr/ports/sysutils/portupgrade make install clean but no joy, i still get the same error -cut portupgrade error test-- [EMAIL PROTECTED] [/root/cvsup-files] [13:59] #portsdb -uU Updating the ports index ... Generating INDEX.tmp - please wait..test: : unexpected operator Warning: Duplicate INDEX entry: freeciv-gtk2-1.14.1 Warning: Duplicate INDEX entry: mod_jk2-apache2-2.0.2 Warning: Duplicate INDEX entry: mod_rpaf-ap2-0.5 Done. done [Updating the portsdb format:bdb1_btree in /usr/ports ... - 11732 port entries found .1000.2000.3000.4000.5000.6000.7000.8000/usr/local/lib/ruby/site_ruby/1.8/portsdb.rb:587: [BUG] Bus Error ruby 1.8.2 (2004-07-29) [i386-freebsd5] Abort (core dumped) --end of port upgrade error text-- uname -a FreeBSD lobster.unsane.co.uk 5.2.1-RELEASE-p9 FreeBSD 5.2.1-RELEASE-p9 #2: Fri Sep 17 21:45:48 BST 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/UNSANE i386 (14:40:05 ~) 0 $ ruby -v ruby 1.8.2 (2004-07-29) [i386-freebsd5] any suggestions welcome Gawd. Not this *again*. Did you try searhing the web at all? http://freebsd.rambler.ru/srch?words=%5BBUG%5D+Bus+Error+%3E+ruby+1.8.2+%282004-07-29%29+%5Bi386-freebsd5%5D+solutionset=freebsd Anyhow, a work-around is to: % setenv PORTS_DBDRIVER=bdb1_hash and then do all your portupgrade stuff as usual. The problem is with the bdb1_btree functions in the base system. A fix has been committed to HEAD, RELENG_4 and RELENG_5. It won't be applied to RELENG_5_2, so either you're going to have to extract the patch yourself and apply it manually, or you can upgrade to one of the 5.3-BETAs. http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/db/btree/bt_split.c.diff?r1=1.5r2=1.7 Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpSRzLsCzIuN.pgp Description: PGP signature
FreeBSD Developer
Hi there, I'm going to develop software for the FreeBSD project. How do I get listed on the official FreeBSD page as developer and is it possible to get a mail alias like [EMAIL PROTECTED] Thanks, Manuel ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portupgrade problem
On Mon, 11 Oct 2004, Matthew Seaman wrote: On Mon, Oct 11, 2004 at 04:05:17PM +0100, Vince Hoffman wrote: Hi all, Got a port upgrade problem here, ruby is dumping core during a portsdb -uU (and thus any time it tries to update the portsdb. SNIP lots of info any suggestions welcome Gawd. Not this *again*. Did you try searhing the web at all? http://freebsd.rambler.ru/srch?words=%5BBUG%5D+Bus+Error+%3E+ruby+1.8.2+%282004-07-29%29+%5Bi386-freebsd5%5D+solutionset=freebsd Doh no, since i try and read as much of -questions and -current I thought I would have caught it on the lists ;) Thanks for the help (again) Vince Anyhow, a work-around is to: % setenv PORTS_DBDRIVER=bdb1_hash and then do all your portupgrade stuff as usual. The problem is with the bdb1_btree functions in the base system. A fix has been committed to HEAD, RELENG_4 and RELENG_5. It won't be applied to RELENG_5_2, so either you're going to have to extract the patch yourself and apply it manually, or you can upgrade to one of the 5.3-BETAs. http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/db/btree/bt_split.c.diff?r1=1.5r2=1.7 Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Tecra M1/5.2.1 Suspend problem
Folks, I upgraded to 5.2.1 (from 4.9) a few weeks ago. When I suspend and then resume, the screen is blank. At first I thought the system was hanging, but it turns out that the system is still alive but the screen is blank. I assumed that XFree/kde was the culprit, but it happens even if I boot to the console prompt and do not start X. My only work around now is to reboot (which pretty much defeats the purpose of suspending). I searched the lists and found some similar problems and a recommendation to use apm instead of acpi. No change. Detailed information is attached, including a dmesg made after resume while the screen was blank. Note that I use the ipw driver for my internal wireless card. The version is ipw-freedbsd-1.2.1. You'll also see that I now have both apm and apci loaded. As far as I can tell this does not make things any better or worse. For what its worth, I run apache2, mysqld, and postfix. Any help would be appreciated. A fix. Some way to jolt the console/video driver after resuming (I've tried 'stty sane' and jumping between the pseudo consoles). dayton Attachments: Here is uname -a: FreeBSD hurt.theclones.net 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb 23 20:45:55 GMT 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 Here is kldstat: Id Refs AddressSize Name 1 11 0xc040 5e16d8 kernel 21 0xc09e2000 91b0 if_ipw.ko 31 0xc09ec000 5944 apm.ko 41 0xc09f2000 51ac8acpi.ko 51 0xc4b0f000 19000linux.ko Here is dmesg before suspend: Copyright (c) 1992-2004 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.2.1-RELEASE #0: Mon Feb 23 20:45:55 GMT 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC Preloaded elf kernel /boot/kernel.GENERIC/kernel at 0xc0a45000. Preloaded elf module /boot/kernel.GENERIC/if_ipw.ko at 0xc0a452ec. Preloaded elf module /boot/kernel.GENERIC/apm.ko at 0xc0a453a0. Preloaded elf module /boot/kernel.GENERIC/acpi.ko at 0xc0a45450. Timecounter i8254 frequency 1193182 Hz quality 0 CPU: Intel(R) Pentium(R) M processor 1400MHz (1396.50-MHz 686-class CPU) Origin = GenuineIntel Id = 0x695 Stepping = 5 Features=0xa7e9f9bfFPU,VME,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,TM,PBE real memory = 536674304 (511 MB) avail memory = 511635456 (487 MB) Pentium Pro MTRR support enabled npx0: [FAST] npx0: math processor on motherboard npx0: INT 16 interface acpi0: TOSHIB 750 on motherboard pcibios: BIOS version 2.10 Using $PIR table, 8 entries at 0xc00f01a0 acpi0: Power Button (fixed) Timecounter ACPI-fast frequency 3579545 Hz quality 1000 acpi_timer0: 24-bit timer at 3.579545MHz port 0xd808-0xd80b on acpi0 acpi_cpu0: CPU on acpi0 acpi_tz0: Thermal Zone on acpi0 pcib0: ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0 pci0: ACPI PCI bus on pcib0 pcib0: slot 29 INTA is routed to irq 11 pcib0: slot 29 INTB is routed to irq 11 pcib0: slot 29 INTC is routed to irq 11 pcib0: slot 29 INTD is routed to irq 11 pcib0: slot 31 INTA is routed to irq 11 pcib0: slot 31 INTB is routed to irq 11 pcib0: slot 31 INTB is routed to irq 11 agp0: Intel 82855 host to AGP bridge mem 0xc000-0xcfff at device 0.0 on pci0 pcib1: ACPI PCI-PCI bridge at device 1.0 on pci0 pci1: ACPI PCI bus on pcib1 pcib1: slot 0 INTA is routed to irq 11 pci1: display, VGA at device 0.0 (no driver attached) uhci0: Intel 82801DB (ICH4) USB controller USB-A port 0xefe0-0xefff irq 11 at device 29.0 on pci0 usb0: Intel 82801DB (ICH4) USB controller USB-A on uhci0 usb0: USB revision 1.0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1: Intel 82801DB (ICH4) USB controller USB-B port 0xef80-0xef9f irq 11 at device 29.1 on pci0 usb1: Intel 82801DB (ICH4) USB controller USB-B on uhci1 usb1: USB revision 1.0 uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2: Intel 82801DB (ICH4) USB controller USB-C port 0xef60-0xef7f irq 11 at device 29.2 on pci0 usb2: Intel 82801DB (ICH4) USB controller USB-C on uhci2 usb2: USB revision 1.0 uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered pci0: serial bus, USB at device 29.7 (no driver attached) pcib2: ACPI PCI-PCI bridge at device 30.0 on pci0 pci2: ACPI PCI bus on pcib2 pcib2: slot 7 INTA is routed to irq 11 pcib2: slot 10 INTA is routed to irq 11 pcib2: slot 13 INTA is routed to irq 11 fwohci0: Texas Instruments TSB43AB22/A mem 0xdfdf8000-0xdfdfbfff,0xdfdff800-0xdfdf irq 11 at device 7.0 on pci2 fwohci0: OHCI version 1.10 (ROM=1) fwohci0: No. of Isochronous channel is 4. fwohci0: EUI64 00:00:39:00:00:3b:cf:6a fwohci0: Phy 1394a available S400, 2 ports. fwohci0: Link S400, max_rec 2048 bytes. firewire0: IEEE1394(FireWire) bus
Re: FreeBSD Developer
[EMAIL PROTECTED] wrote: Hi there, I'm going to develop software for the FreeBSD project. How do I get listed on the official FreeBSD page as developer and is it possible to get a mail alias like [EMAIL PROTECTED] Thanks, Manuel Well, you become one. See the Developer's Handbook, at the website, for a few clues. Also, it might be in the FAQ. It is something of a FAQ. I think the canonical reply *might* be: submit PR's with patches that fix bugs and implement desired features, coded in the Right Way(tm), and sooner or later someone will notice. Then you will be eternally punished with the desired commit bit and the you@ address Kevin Kinsey PS Your ?? was not mail-related; I have removed postmaster from the recipient list, as they are most likely concerned with other issues. Good luck in your quest ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD Developer
On Oct 11, 2004, at 1:04 PM, [EMAIL PROTECTED] wrote: How do I get listed on the official FreeBSD page as developer and is it possible to get a mail alias like [EMAIL PROTECTED] Submit enough useful changes (via send-pr) that someone decides to offer you a commit bit. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH and one time passwords
Gene Bomgardner [EMAIL PROTECTED] writes: I've implemented S/Key on my 5.2.1 system. It works well with telnet, but ssh just bypasses the whole thing and accepts the Unix password. How can I get ssh to recognize and use S/Key auth? I don't see any entry in sshd_config nor in the handbook. I don't have a 5.x system available, but I'd think you would need to tell pam (via pam.conf(5)?) about requiring it... ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD Developer
At 7:04 PM +0200 10/11/04, [EMAIL PROTECTED] wrote: Hi there, I'm going to develop software for the FreeBSD project. How do I get listed on the official FreeBSD page as developer and is it possible to get a mail alias like [EMAIL PROTECTED] I am not sure what kind of development you are expecting to do. Are you developing some separate product of your own which will run on FreeBSD? Or do you hope to make changes to the project itself? In the first case, you might be able to be listed under the web pages for Vendors (software) on www.FreeBSD.org. I suspect it will depend on what kind of software you develop. Generally you do not get an email account for that. In the second case, you write up changes, and send them in as PR's. Once you start doing enough of these, some FreeBSD committer will notice and will see about mentoring you as a new committer to the project. It can sometimes be tricky to get the attention of some developer, depending on what parts of the system you want ot work on. If you get to be a committer, then you would get an account on FreeBSD.org. In both cases, we'd want to see some *working* product or some written-and-working patches. So, you have to write the code first, and then worry about getting listed as a developer (or as a committer) after we see the result. -- Garance Alistair Drosehn= [EMAIL PROTECTED] Senior Systems Programmer or [EMAIL PROTECTED] Rensselaer Polytechnic Instituteor [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Need help with IPFW rule
Norm Vilmer [EMAIL PROTECTED] writes: I get this message (below) on the console of my FreeBSD 4.10 firewall: Connection attempt to TCP my public ip:20388 from 61.151.248.42:80 flags 0x12 It appears that this is getting through the firewall and is logged to the console because log_in_vain is 1. Question: What IPFW rule would block this without interfering with normal http traffic on port 80 (I have Apache running on the box and nat'd machines on the inside interface that access the Internet)? In most peoples' configurations, this would be getting blocked by a default block-all rule. The users' connection out on port 80 would be accepted by a rule that is specific to the outgoing direction, and incoming packets on those connections would be accepted by either keeping state or by letting in only non-SYN packets. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org:8088/~lowell/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
(OT) Emacs vs Xemacs
I know this is not BSD specific, but I just wanted to get your opinions. I was wondering what might affect my decision which to use, other than licensing and (IIRC) the fancier font handling of Xemacs. jm -- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NIS issue
Interesting...something that pops into my mind is something obvious since it was stated in the handbook, but needs to be said anyway...when you add stuff to the master.passwd file, do you re-make the database? Also, if you follow the directions in the handbook, they suggest you make a different master.passwd file in /var/yp to store the accounts that go into nisI re-wrote the make file section for passwd.* and told it to look to /etc/passwd where the UID is greater then 1000and it works great for me...if you'd like a copy of the entries in the Makefile, I'll send them to you. It sounds like that's what's going on (and I've had endless students make this mistake in class as well...it's a common one). Yes, I have re-made the database multiple times, and I have copied my master.passwd to /var/yp beforehand every time I did it. You make an interesting suggestion, however. Is there something magical about the number 1000 as it pertains to UIDs? All of my users have UIDs above this number. The very odd thing about this issue is the information that the server is giving out is not on the master anywhere that I can find. /var/yp/cluster/master.passwd.* (cluster is my NIS domain) seems to contain the current and correct information. I even attempted a find / -exec grep (on test -r files only) for this information, and came up with nothing. Thanks again for your assistance! Bill ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
portupgrade (pkgdb) question
pkgdb -F is asking me a question I don't understand. What should I do here? === [EMAIL PROTECTED] /root/supfiles 24 - # pkgdb -F --- Checking the package registry database Stale origin: 'devel/autoconf257': perhaps moved or obsoleted. - The port 'devel/autoconf257' was removed on 2004-07-01 because: autotools cleanup - Hint: autoconf-2.57_1 is required by the following package(s): kdevelop-3.0.3 kde-3.2.2 automake-1.7.5_1 - Hint: checking for overwritten files... - No files installed by autoconf-2.57_1 have been overwritten by other packages. Deinstall autoconf-2.57_1 ? [no] This is a fresh installation of 4.10-REL immediately following a cvsup. Thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH and one time passwords
On Mon, 11 Oct 2004, Lowell Gilbert wrote: Gene Bomgardner [EMAIL PROTECTED] writes: I've implemented S/Key on my 5.2.1 system. It works well with telnet, but ssh just bypasses the whole thing and accepts the Unix password. How can I get ssh to recognize and use S/Key auth? I don't see any entry in sshd_config nor in the handbook. I don't have a 5.x system available, but I'd think you would need to tell pam (via pam.conf(5)?) about requiring it... In 5.x the file that needs changing is /etc/pam.d/sshd ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
portupgrade (pkgdb) question (2nd try)
(dang webmail thing mangled my message. Sorry. Trying again) pkgdb -F is asking me a question I don't understand. What should I do here? === [EMAIL PROTECTED] /root/supfiles 24 - # pkgdb -F --- Checking the package registry database Stale origin: 'devel/autoconf257': perhaps moved or obsoleted. - The port 'devel/autoconf257' was removed on 2004-07-01 because: autotools cleanup - Hint: autoconf-2.57_1 is required by the following package(s): kdevelop-3.0.3 kde-3.2.2 automake-1.7.5_1 - Hint: checking for overwritten files... - No files installed by autoconf-2.57_1 have been overwritten by other packages. Deinstall autoconf-2.57_1 ? [no] This is a fresh installation of 4.10-REL immediately following a cvsup. Thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: route vmnet1 host server
On 11 Oct Christian Hiris wrote: In the Ethernet Adapters configuration dialog select Connection Type: -- Custom Vmnet:-- /dev/vmnet1 In your next message you explain about the support for ¨bridge¨ on freebsd. However, I don´t have vmware3 setup like this. I chose HostOnly and all is working perfectly now. Only needed to change the local IP of the virtual machine. Is there an advantage on Connection Type -- Custom over the Connection Type -- HostOnly ?? As said, the latter workt flawlessly. -- dick -- http://www.nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.10 ++ Debian GNU/Linux (Woody) + Nai tiruvantel ar vayuvantel i Valar tielyanna nu vilya ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Two FreeBSD questoins!
Hi! When will 5.3 Final approx. be released? (i can't wait :P) And which version of KDE will be included in 5.3? Thanks, (sorry for my english) -- Outgoing mail is certified Virus Free. Checked by AVG Anti-Virus (http://www.grisoft.com). Version: 7.0.269 / Virus Database: 264.10.2 - Release Date: 08-10-2004 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portupgrade (pkgdb) question (2nd try)
On Mon, Oct 11, 2004 at 02:52:57PM -0400, Bobb Shires wrote: (dang webmail thing mangled my message. Sorry. Trying again) pkgdb -F is asking me a question I don't understand. What should I do here? === [EMAIL PROTECTED] /root/supfiles 24 - # pkgdb -F --- Checking the package registry database Stale origin: 'devel/autoconf257': perhaps moved or obsoleted. - The port 'devel/autoconf257' was removed on 2004-07-01 because: autotools cleanup - Hint: autoconf-2.57_1 is required by the following package(s): kdevelop-3.0.3 kde-3.2.2 automake-1.7.5_1 - Hint: checking for overwritten files... - No files installed by autoconf-2.57_1 have been overwritten by other packages. Deinstall autoconf-2.57_1 ? [no] This is a fresh installation of 4.10-REL immediately following a cvsup. Thanks. Did you cvsup the latest ports? Or is this the ports tree as supplied on the 4.10-RELEASE installation media? I guess the former, because the latter should at least be self consistent. You need to either build or download a recent /usr/ports/INDEX to go with that -- the INDEX file committed to the ports tree is not updated very often nowadays. To build an index: # cd /usr/ports # make index and then wait for 15-20 minutes. Otherwise you can download a recently built index file by: # make fetchindex Then rerun pkgdb(1) --- tell it not to deinstall autoconf this time round. Then do portupgrade as usual. Once you've updated your system all of the pkgs that now depend on it should have been replaced by updated versions depending on a different version of autoconf. Although updating that kde package will take quite a bit of compiling. You can then deinstall autoconf-2.57_1 safely. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpTHWvzT1DHY.pgp Description: PGP signature
Re: upgrading to 5.3-Beta7 problem
Benzi Mizrahi [EMAIL PROTECTED] writes: Hi, I am in a middle of upgrading to Beta7 (from 5.3-beta5) I builtworld builtkernel did installkernel rebooted as single user did mergemaster. Now I am having a working 5.3-beta7. I did make installworld and it stopped in a middle, I am still have a working system, but I don't know what is wrong here. Here 's what I got: make installworld mkdir -p /tmp/install.D1b05ztC for prog in [ awk cap_mkdb cat chflags chmod chown date echo egrep find grep ln make mkdir mtree mv pwd_mkdb rm sed sh sysctl test true uname wc zic; do cp`which $prog` /tmp/install.D1b05ztC; done cd /usr/src; MAKEOBJDIRPREFIX=/usr/obj MACHINE_ARCH=i386 MACHINE=i386 CPUTYPE= GROFF_BIN_PATH=/usr/obj/usr/src/i386/legacy/usr/bin GROFF_FONT_PATH=/usr/obj/usr/src/i386/legacy/usr/share/groff_font GROFF_TMAC_PATH=/usr/obj/usr/src/i386/legacy/usr/share/tmac PATH=/usr/obj/usr/src/i386/legacy/usr/sbin:/usr/obj/usr/src/i386/legacy/usr/bin:/usr/obj/usr/src/i386/legacy/usr/games:/usr/obj/usr/src/i386/usr/sbin:/usr/obj/usr/src/i386/usr/bin:/usr/obj/usr/src/i386/usr/games:/tmp/install.D1b05ztC make -f Makefile.inc1 reinstall env: not found /usr/src/Makefile.inc1, line 94: warning: env -i PATH=/usr/obj/usr/src/i386/legacy/usr/sbin:/usr/obj/usr/src/i386/legacy/usr/bin:/usr/obj/usr/src/i386/legacy/usr/games:/usr/obj/usr/src/i386/usr/sbin:/usr/obj/usr/src/i386/usr/bin:/usr/obj/usr/src/i386/usr/games:/tmp/install.D1b05ztC MAKEFLAGS= -m /usr/src/share/mkmake -f /dev/null -V MAKEOBJDIRPREFIX dummy returned non-zero status -- Making hierarchy -- cd /usr/src; make -f Makefile.inc1 hierarchy env: not found /usr/src/Makefile.inc1, line 94: warning: env -i PATH=/usr/obj/usr/src/i386/legacy/usr/sbin:/usr/obj/usr/src/i386/legacy/usr/bin:/usr/obj/usr/src/i386/legacy/usr/games:/usr/obj/usr/src/i386/usr/sbin:/usr/obj/usr/src/i386/usr/bin:/usr/obj/usr/src/i386/usr/games:/tmp/install.D1b05ztC MAKEFLAGS= -m /usr/src/share/mkmake -f /dev/null -V MAKEOBJDIRPREFIX dummy returned non-zero status cd /usr/src/etc;make distrib-dirs mtree -eU -f /usr/src/etc/mtree/BSD.root.dist -p / mtree -eU -f /usr/src/etc/mtree/BSD.var.dist -p /var mtree -eU -f /usr/src/etc/mtree/BSD.usr.dist -p /usr mtree -eU -f /usr/src/etc/mtree/BSD.include.dist -p /usr/include mtree -deU -f /usr/src/etc/mtree/BIND.chroot.dist -p /var/named ln -fhs /var/named/etc/namedb /etc/namedb mtree -deU -f /usr/src/etc/mtree/BSD.sendmail.dist -p / cd /; rm -f /sys; ln -s usr/src/sys sys cd /usr/share/man/en.ISO8859-1; ln -sf ../man* . cd /usr/share/man; set - `grep ^[a-zA-Z] /usr/src/etc/man.alias`; while [ $# -gt 0 ] ; do rm -rf $1; ln -s $2 $1; shift; shift; done cd /usr/share/openssl/man; set - `grep ^[a-zA-Z] /usr/src/etc/man.alias`; while [ $# -gt 0 ] ; do rm -rf $1; ln -s $2 $1; shift; shift; done cd /usr/share/openssl/man/en.ISO8859-1; ln -sf ../man* . cd /usr/share/nls; set - `grep ^[a-zA-Z] /usr/src/etc/nls.alias`; while [ $# -gt 0 ] ; do rm -rf $1; ln -s $2 $1; shift; shift; done shift: can't shift that many *** Error code 2 This is usually some kind of weird environment problem. I haven't seen it myself, but I suspect that if you try the installworld again from the console (not in X), it will work. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Two FreeBSD questoins!
On Mon, Oct 11, 2004 at 09:33:32PM +0200, Elmer Skjødt Henriksen wrote: When will 5.3 Final approx. be released? (i can't wait :P) Real Soon Now. Actually it was scheduled for Oct 17th, but I think the schedules slipped a bit. And which version of KDE will be included in 5.3? % cd x11/kde3 % make -V PKGNAME kde-3.3.0 The ports tree has been frozen for a while now, so the current versions of everything in the tree are what will be supplied with the release, unless some security or build-breaking bug is discovered and fixed between now and then. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpsdFggxhU0L.pgp Description: PGP signature
Please Help
Befor I ask you for help, I will like to thank you for the effort you guys are puting in helping new bsd users. I installed bsd 4.8 on a dell pc and i installed samba 2.2.8a configured it and tested it. Everything work out fine, when I implemented it, I got message telling me on one machine semaphore timed out, and on another machine that it could not domain. [2004/10/06 15:31:03, 0] smbd/server.c:main(791) smbd version 2.2.8 started. Copyright Andrew Tridgell and the Samba Team 1992-2002 [2004/10/06 15:31:03, 0] printing/print_cups.c:cups_printer_fn(107) Unable to connect to CUPS server localhost - Connection refused [2004/10/06 15:52:14, 0] smbd/server.c:main(791) smbd version 2.2.8 started. Copyright Andrew Tridgell and the Samba Team 1992-2002 [2004/10/06 15:52:14, 0] printing/print_cups.c:cups_printer_fn(107) Unable to connect to CUPS server localhost - Connection refused [2004/10/06 16:02:08, 0] smbd/server.c:main(791) smbd version 2.2.8 started. Copyright Andrew Tridgell and the Samba Team 1992-2002 [2004/10/06 16:02:08, 0] printing/print_cups.c:cups_printer_fn(107) Unable to connect to CUPS server localhost - Connection refused [2004/10/06 16:05:05, 0] lib/util_sock.c:get_socket_addr(1012) getpeername failed. Error was Socket is not connected [2004/10/06 16:05:05, 0] lib/util_sock.c:write_socket_data(499) write_socket_data: write failure. Error = Broken pipe [2004/10/06 16:05:05, 0] lib/util_sock.c:write_socket(524) write_socket: Error writing 4 bytes to socket 12: ERRNO = Broken pipe [2004/10/06 16:05:05, 0] lib/util_sock.c:send_smb(704) Error writing 4 bytes to client. -1. (Broken pipe) [2004/10/06 16:05:10, 0] lib/util_sock.c:get_socket_addr(1012) getpeername failed. Error was Socket is not connected [2004/10/06 16:05:10, 0] lib/util_sock.c:write_socket_data(499) write_socket_data: write failure. Error = Broken pipe [2004/10/06 16:05:10, 0] lib/util_sock.c:write_socket(524) write_socket: Error writing 4 bytes to socket 12: ERRNO = Broken pipe [2004/10/06 16:05:10, 0] lib/util_sock.c:send_smb(704) Error writing 4 bytes to client. -1. (Broken pipe) [2004/10/06 16:06:32, 0] lib/util_sock.c:get_socket_addr(1012) getpeername failed. Error was Socket is not connected [2004/10/06 16:06:32, 0] lib/util_sock.c:write_socket_data(499) write_socket_data: write failure. Error = Broken pipe [2004/10/06 16:06:32, 0] lib/util_sock.c:write_socket(524) write_socket: Error writing 4 bytes to socket 12: ERRNO = Broken pipe [2004/10/06 16:06:32, 0] lib/util_sock.c:send_smb(704) Error writing 4 bytes to client. -1. (Broken pipe) [2004/10/06 16:06:32, 0] lib/util_sock.c:get_socket_addr(1012) getpeername failed. Error was Socket is not connected [2004/10/06 16:06:32, 0] lib/util_sock.c:write_socket_data(499) write_socket_data: write failure. Error = Broken pipe [2004/10/06 16:06:32, 0] lib/util_sock.c:write_socket(524) write_socket: Error writing 4 bytes to socket 12: ERRNO = Broken pipe [2004/10/06 16:06:32, 0] lib/util_sock.c:send_smb(704) Error writing 4 bytes to client. -1. (Broken pipe) ; ; $Id: smb.conf,v 1.2 2004/5/25 16:26:04 root Exp root $ ; This file was modified by Acarranza on 5/25/2004 ; This file was modified by Acarranza on 5/25/2004 ; For assistance please contact Nubian Directions ; at 845.452.8574 ; [global] ; Basic Settings netbios name = FileServer workgroup = mountgullian server string = %h server ( Samba %v ) %a case sensitive = no time server = yes restrict anonymous = no client code page = 850 announce as = NT Server announce version = 6.0 max protocol = NT1 fstype = FAT32 fstype = NTFS ; fstype = Samba admin users = clane,acarranza domain admin group = @wheel ; IP and speed settings max smbd processes = 0 ; max xmit = 8192 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 ; read size = 8192 ; WINS settings wins support = yes name resolve order = wins bcast host lmhosts max ttl = 360 max wins ttl = 360 min wins ttl = 180 ; Forced things... force directory mode = 0750 force directory security mode = 0750 force create mode = 0750 force security mode = 0750 ; Printing printing = bsd show add printer wizard = no ; FreeBSD specific lock directory = /var/lock ; Domain controlling and master browser domain logons = yes os level = 64 preferred master = yes domain master = auto local master = yes ; network security settings ; hosts deny = ALL bind interfaces only = yes interfaces = 192.168.0.150 hosts allow = localhost 192.168.0. # interfaces = 172.16.1.1 # hosts allow = localhost 172.16.1. ; default security settings security = user security mask = 0750
Re: latex2html problems (fwd)
Thanks for answering Parv. I have a Phedora Core 2 system where latex2html works fine. It uses netpbm-9.24 not netpbm-10.24 as FreeBSD does. So... forced FreeBSD to uninstall netpbm-10.24, and then downloaded and compiled netpbm-9.24. It is a little tricky because netpbm does not supports FreeBSD, so I took openbsd option and changed the Makefile.config to fulfill FreeBSD requirements. Once it was installed, latex2html worked fine. Now, I do not know what to think. Either, latex2html is trying to use options that do not work with netpbm-10.24, or netpbm-10.24 does not work properly. g it seems that latex2html requieres an option. if I include the option: -notransparent html2ltex works fine with netpbm-10.24. nevertheless, it displays the formulae with gray background. They look horrible. I think this deserves a report. Thanks for your help. Eduardo. Eduardo. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (OT) Emacs vs Xemacs
Jonathon McKitrick [EMAIL PROTECTED] writes: I know this is not BSD specific, but I just wanted to get your opinions. I was wondering what might affect my decision which to use, other than licensing and (IIRC) the fancier font handling of Xemacs. Both are licensed under the GPL, and the font handling is not significantly different these days. The eXtended features that give Xemacs its name are only of interest to people who program emacs heavily in LISP. In other words, it's unlikely to matter to you. Try them both and pick whichever you like. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Error in portupgrading -rR mldonkey
Hello, I found a solution for your ... and also my problem with mldonkey on http://jhernandez.gpltarragona.org/blog/archives/2004_07.html but this is for gentoo-linux. Therefore I thought, it is possibly better to write a description of how I could solve it for the 5.2.1-RELEASE-p7. 1. deinstall mldonkey 2. cvsup the ports graphics, x11-toolkits and net 3. make deinstall the port graphics/ocaml-lablgl and install it again .oO(maybe reinstall is the same ... but this is how I have done it :) ) 4. make deinstall the port x11-toolkits/ocaml-lablgtk and install it again 5. install mldonkey 6. go on portupgrading ... and it should work fine I hope I could help you. Bye Micha. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
'blacklisting' an IP-address after several loginfailures?
I'm under attack! I have pages up and down with failed login attempts, usually they are trying to hack the root account (which simply can't be used to get in by SSH) but they are also trying to access the system with various usernames (bruth force). Is it easy to load a package that simply adds a deny entry for each IP that has failed to login for X amounts of tries? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 'blacklisting' an IP-address after several loginfailures?
Joachim Dagerot [EMAIL PROTECTED] writes: I'm under attack! I have pages up and down with failed login attempts, usually they are trying to hack the root account (which simply can't be used to get in by SSH) but they are also trying to access the system with various usernames (bruth force). Is it easy to load a package that simply adds a deny entry for each IP that has failed to login for X amounts of tries? See the MaxStartups option for configuring sshd. This is somewhat similar to what you were describing, but without the downside of giving an attacker the ability to lock some victim out of access to your machine. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: route vmnet1 host server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 11 October 2004 21:04, dick hoogendijk wrote: On 11 Oct Christian Hiris wrote: In the Ethernet Adapters configuration dialog select Connection Type: -- Custom Vmnet:-- /dev/vmnet1 In your next message you explain about the support for ¨bridge¨ on freebsd. However, I don´t have vmware3 setup like this. I chose HostOnly and all is working perfectly now. Only needed to change the local IP of the virtual machine. Is there an advantage on Connection Type -- Custom over the Connection Type -- HostOnly ?? As said, the latter workt flawlessly. AFAIK the interface type hostonly is hardwired to /dev/vmnet1. As long as you connect only one virtual machine this should work fine, too. If you want connect multiple virt. machines to your network, bridged mode + Custom + /dev/vmnetN setup is the easier way to go. The doc MultipleInstances.FreeBSD decribes bridged/non-bridged vmware setups in detail. If you connect only one virtual machine, i see no advantage/disadvantage. I had some troubles w/ hostonly setup in the past. That's the reason why I prefer to advice use of the custom interface type. But - there was a large improvement on the vmnet code during the last months, so things might work fine for both interface types. - -- Christian Hiris [EMAIL PROTECTED] | OpenPGP KeyID 0x3BCA53BE OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBawRL09WjGjvKU74RAoglAJ4z9uICoYu1bcN7ik6xeqZXizGg2gCfbSQF J8A8DRGXfGXGcTpsbMnt0kA= =TKgi -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD Release Question
On Mon, 11 Oct 2004 10:20:40 EDT [EMAIL PROTECTED] wrote: In a message dated 10/9/04 6:25:49 PM Eastern Daylight Time, [EMAIL PROTECTED] writes: 1. By Sep 2005, do you think 5.x performance will be optimized and be comparable to today's 4.x stable versions ? 5.3 is supposed to be stable, and it's expected to be on part with 4.x performance, and it's supposed to release before the end of the month. From what I've seen and heard, it looks like all that is going to happen. 2. By Sep 2005, do you think 5.x will be as stable as today's 4.x released versions ? Yes. I hope you're not betting your business on these questions, because the reality is that 1) they're not very good questions and 2) the people who are answering them can't really know the answers. stable requires time, and since 5.2.1 and 5.3 are substantially different, I can't see how one can predict the level of stability a year from now. Following this logic any thing can be claimed to not be stable. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
new member
new member -- __ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NameVirtualHost nat
Hi, i want some apache NameVirtualHost behind a Paketfilter based on ipf, placed in two subnets. This router has two Cards one in the private net, one in the public. So far i just forward port 80 and 443 into my private net 192.168.2.0, but every request ends up on apaches rootlevel, NameVirtualHost directive is useless. So, how to forward http(s):// requests through the Paketfilter matching the right VirtualHost? Maybe i've thought in a wrong direction, so far. Just some little hints should be enough. Greetings Lars H. Beuse ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
sysctl kern.securelevel=2
Hello Alll I was wondering what is the best kern.securelevel to run on a machine that provides general internet services, Web, FTP and Email. I don't want this so tight I cannot use the machine and I have also read in some post that having the secure level set to high can stop a fsck. I am running 4.8 stable with ipfw and current kern.securelevel at 0. After reading the man page I am thinking that I can safely at level 2 but I am not sure because of this line in the man page plus disks may not be opened for writing (except by mount(2)) whether mounted or not What exactly does this mean? Any help would be appreciated. Thanks Chris ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
dummynet
Can someone tell me about a good way to troubleshoot pipes/queues or
point me in the rigtt direction. I'm trying to restrict outgoing ftp
traffic and create some pipes for VOIP. dummynet and pipe rules load
fine ( and are in the kernel ) but seem to have no effect. I did read
the manual pages 20 times over. I tried adding pipes before doing
config bw on them, but that didn't make any difference.
thanx a lot in advance.
something like this :
# APPLIES TO INCOMING PACKETS (DOWNLOADS)
${fwcmd} pipe 1 config bw 1300Kbit/s
${fwcmd} pipe 3 config bw 100Kbit/s
${fwcmd} queue 1 config weight 5 pipe 1
${fwcmd} add queue 1 ip from any to 192.168.1.4
${fwcmd} queue 2 config weight 5 pipe 1
${fwcmd} add queue 2 ip from any to 192.168.1.3
${fwcmd} queue 3 config weight 10 pipe 3
${fwcmd} add queue 3 udp from any to 192.168.1.2
# APPLIES TO OUTGOING PACKETS (UPLOADS)
${fwcmd} pipe 2 config bw 1000Kbit/s
${fwcmd} pipe 4 config bw 100Kbit/s
${fwcmd} queue 4 config weight 5 pipe 2
${fwcmd} add queue 4 ip from 192.168.1.4 to any
${fwcmd} queue 5 config weight 5 pipe 2
${fwcmd} add queue 5 ip from 192.168.1.3 to any
${fwcmd} queue 6 config weight 10 pipe 4
${fwcmd} add queue 6 udp from 192.168.1.2 to any
THIS IS FOR OUTGOING FTP
${fwcmd} add pipe 7 tcp from 216.254.116.226 21 to any out via
${oif}
${fwcmd} pipe 7 config bw 3Kbit/s
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dummynet
This is what I have on one of my subnet IP's. Did it this way to keep
my kids from sucking up all the upstream from p2p clients and webcam
with their friends. There may be a better way to do it and I'm almost
sure there is, but this seems to do what I need it to do. Hope it
helps.
inwr2 = subnet IP/24 Example - 172.16.0.0/24
iif2 = inside interface nic Example - ed0
if [ -n ${natd_interface} ]; then
${fwcmd} add 50 divert natd all from any to any via
${natd_interface}
${fwcmd} add 150 skipto 2 ip from any to any bridged
${fwcmd} add 151 pipe 1 { tcp or udp } from ${inwr2} to any 80-65000
via ${iif2}
${fwcmd} pipe 1 config mask src-ip 0x00ff bw 128Kbit/s queue
20Kbytes
${fwcmd} add 152 pipe 2 all from ${inwr2} to any out via ${iif2}
${fwcmd} pipe 2 config mask src-ip 0x00ff bw 768Kbit/s queue
20Kbytes
${fwcmd} add 153 pipe 3 all from any to ${inwr2} in via ${iif2}
${fwcmd} pipe 3 config mask dst-ip 0x00ff bw 1280Kbit/s queue
20Kbytes
#ipfw show
00151 112861 101818182 pipe 1 { tcp or udp } from 172.16.0.0/24 to
any dst-port 80-65000 via ed0
0015241312 pipe 2 ip from 172.16.0.0/24 to
any out via ed0
00153 62 10299pipe 3 ip from any to
172.16.0.0/24 in via ed0
On Mon, 2004-10-11 at 20:47, synrat wrote:
Can someone tell me about a good way to troubleshoot pipes/queues or
point me in the rigtt direction. I'm trying to restrict outgoing ftp
traffic and create some pipes for VOIP. dummynet and pipe rules load
fine ( and are in the kernel ) but seem to have no effect. I did read
the manual pages 20 times over. I tried adding pipes before doing
config bw on them, but that didn't make any difference.
thanx a lot in advance.
something like this :
# APPLIES TO INCOMING PACKETS (DOWNLOADS)
${fwcmd} pipe 1 config bw 1300Kbit/s
${fwcmd} pipe 3 config bw 100Kbit/s
${fwcmd} queue 1 config weight 5 pipe 1
${fwcmd} add queue 1 ip from any to 192.168.1.4
${fwcmd} queue 2 config weight 5 pipe 1
${fwcmd} add queue 2 ip from any to 192.168.1.3
${fwcmd} queue 3 config weight 10 pipe 3
${fwcmd} add queue 3 udp from any to 192.168.1.2
# APPLIES TO OUTGOING PACKETS (UPLOADS)
${fwcmd} pipe 2 config bw 1000Kbit/s
${fwcmd} pipe 4 config bw 100Kbit/s
${fwcmd} queue 4 config weight 5 pipe 2
${fwcmd} add queue 4 ip from 192.168.1.4 to any
${fwcmd} queue 5 config weight 5 pipe 2
${fwcmd} add queue 5 ip from 192.168.1.3 to any
${fwcmd} queue 6 config weight 10 pipe 4
${fwcmd} add queue 6 udp from 192.168.1.2 to any
THIS IS FOR OUTGOING FTP
${fwcmd} add pipe 7 tcp from 216.254.116.226 21 to any out via
${oif}
${fwcmd} pipe 7 config bw 3Kbit/s
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
--
NetAdmin for the FoxChat.Net IRC Network.
The FoxSurfer Group
signature.asc
Description: This is a digitally signed message part
Re: panic: ufs_dirbad
I found the problem, and I think it might be hardware related. In order for the OS to install properly, I replaced the 80 wire cable with a 40 wire cable. Once the install was completed, I replaced the 80 wire cable and all is well. If anyone would like more information, please let me know. Jay Jay Hall wrote: Today, I have tried to install FBSD 4.10 on a Gateway 920 Server (Celeron 2.4 GHz, 128 MB RAM, 60 GB Maxtor DiamondMax Plus 9 HDD, two Intel Pro 10/100/1000 NICs). In order to make the server work correctly, I have to boot with hw.hasbrokenint12=1. After setting up the drive (fdisk and disklabel), the install begins just as it should. Shortly after creating the Emergency Holographic Shell, when the installation process starts to copy files, I receive a message stating, panic: ufs_dirbad bad dir syncing disks ... I have tried mutiple CDs downloaded from multiple sources with the same results. When this happens I am unable to use the shell created on VTY 4. I am able to install FreeBSD 4.8 without any problems on this system. Any suggestions would be greatly appreciated. Thanks in advance for your assistance. Jay ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RAID 1 in HP NetServer LC 2000
On Monday, 11 October 2004 at 5:55:24 +0700, Muhammad Reza wrote: Ok.. vinum then.. but i have error when applied this vinum.conf drive drive1 device /dev/da0s1e drive drive2 device /dev/da1s1e volume usr setupstate plex org concat sd length 13887091s drive drive1 plex org concat sd length 13887091s drive drive2 volume var setupstate plex org concat sd length 0 drive drive1 plex org concat sd length 0 drive drive2 mail# vinum vinum - create -f /etc/vinum.conf 2: drive drive2 device /dev/da1s1e /*** 2 : Invalid argument*/ 1 drives: D drive1State: up Device /dev/da0s1e Avail: 0/16488 MB (0%) D drive2State: referenced Device /dev/da1s1e Avail: 0/0 MB 2 volumes: V usr State: up Plexes: 2 Size: 6780 MB V var State: up Plexes: 2 Size: 9707 MB 4 plexes: P usr.p0 C State: up Subdisks: 1 Size: 6780 MB P usr.p1 C State: up Subdisks: 1 Size: 6780 MB P var.p0 C State: up Subdisks: 1 Size: 9707 MB P var.p1 C State: up Subdisks: 1 Size: 0 B 4 subdisks: S usr.p0.s0 State: up PO:0 B Size: 6780 MB S usr.p1.s0 State: up PO:0 B Size: 6780 MB S var.p0.s0 State: up PO:0 B Size: 9707 MB S var.p1.s0 State: up PO:0 B Size: 0 B which argumen is invalid ? i use 4.10 .. please help me... Take a look at the man page or http://www.vinumvm.org/vinum/how-to-debug.html. Greg -- When replying to this message, please copy the original recipients. If you don't, I may ignore the reply or reply to the original recipients. For more information, see http://www.lemis.com/questions.html See complete headers for address and phone numbers. pgptACcaXyNWh.pgp Description: PGP signature
Re: NIS issue (now resolved!)
Interesting...something that pops into my mind is something obvious since it was stated in the handbook, but needs to be said anyway...when you add stuff to the master.passwd file, do you re-make the database? Also, if you follow the directions in the handbook, they suggest you make a different master.passwd file in /var/yp to store the accounts that go into nisI re-wrote the make file section for passwd.* and told it to look to /etc/passwd where the UID is greater then 1000and it works great for me...if you'd like a copy of the entries in the Makefile, I'll send them to you. It sounds like that's what's going on (and I've had endless students make this mistake in class as well...it's a common one). I solved the problem! It turns out there were other machines on the network which somehow or another turned themselves into slave servers, and were propogating the old information. I did rm -rf /var/yp/cluster on all of them, and rebooted them all, and now it works. Thanks for your assistance, Brian! Bill ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (OT) Emacs vs Xemacs
On Mon, Oct 11, 2004 at 05:26:54PM -0400, Lowell Gilbert wrote: : Jonathon McKitrick [EMAIL PROTECTED] writes: : : I know this is not BSD specific, but I just wanted to get your opinions. I : was wondering what might affect my decision which to use, other than : licensing and (IIRC) the fancier font handling of Xemacs. : : Both are licensed under the GPL, and the font handling is not : significantly different these days. The eXtended features : that give Xemacs its name are only of interest to people who : program emacs heavily in LISP. : : In other words, it's unlikely to matter to you. Try them both : and pick whichever you like. No big difference in performance (the LISP engine) or memory usage? I'm running on an older, smaller laptop. Xemacs has been fine, but since I am starting over, I thought I'd check out my options. jm -- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
X.org release 6.8.1
Hi i builded the Xorg 6.8.1 for FreeBSD but is necessary add some changes, because of Freetype2 and Xft i build the entire source, what i must do generate an patch ?? and submit ?? or just wait ?? just for curious the source is ready for build except if you have freetype2 installed the change is really small only need ad the twio lines in some header files: #include ft2build.h #include FT_FREETYPE_H just this mainly inside of programs/ -- Thanks Regards Luís Vitório Cargnini Computer Science Bachelor OpenCores Member www.opencores.org EuropeSwPatentFree http://EuropeSwPatentFree.hispalinux.es pgp7qQTOKPe7S.pgp Description: PGP signature
Cisco Aironet AIR-PCM352
I love FreeBSD and I'm trying really hard to move over to it from Windows completely. There are three main issues, all of them having to do with the Internet, and two of which have to do with FreeBSD itself. 1) My pcm352 keeps dropping packets when I try to ping. I can't tell why. It doesn't drop packets in Windows. Anyone? 2) My card is finnicky. I can boot with the card in and pccardd will detect it but then... I don't know. It will start /etc/pccard_ether and that will run dhclient but I seem to get nothing. If I kill dhclient, remove the card, and re-insert it, it's fine. Sometimes, if I comment out the dhclient call in rc.network, it's fine without touching it. This is my workaround for now, that and removing/reinserting. Anyone have any ideas? Thanks. PS -- Please CC me your replies, as I'm not subscribed to this list. Thank you ever so much. Josh Ockert ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD 5.2.1 and CD9660_ROOT bootable cdroms
Hello, I just upgraded from FreeBSD 4.10 and installed FreBSD 5.2.1. I am trying to recreate the bootable cdrom I used to have only with 5.2.1 and am having little luck. I used to use vnconfig so I replaced with mdconfig, I used to use disklable and replaced with bsdlabel. The old instructions I used were here - http://home.earthlink.net/~joseph-ja/FreeBSD_cdrom.html I replaced using gzip with kgzip. I have gotton the cd to actually boot and then it says decompressing kernel, the kernel gets decompressed and then it just stops. On one line it has /kernel.kgz text=0x165d data=0xec386=0x10506 syms=[0x4+0x460+0x4+0x1f3] The next line has \ And it just sits there and does nothing. It just stops. Do I need to replace CD9660_ROOT with something else in the kernel or somewhere else ( boot -C is used now)? Do I need to tell the kernel something else? My old 4.10 cd still boots fine, but its a little out of date. I have looked at cdroot and it looks like it is still designed for 4.x series. I dont want to use Fresbie, because I don't need all that on my router / firewall. I also don't see any reason to use picobsd, when I can get 4.10 working. Any ideas? Thanks, Joe ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
how to redirect multiple ports in ipnat.conf ?
Hello, I am using FreeBSD 4.9. 1. Using NATD I previously using natd. In my natd.conf there was a line like this : redirect_port tcp 192.168.0.2:2000-3000 2000-3000 2. Using IPNAT Recently I switched to ipnat. So I am using ipnat now. But how do I make a replacement a line like above in ipnat.conf ? Thanks before, My Regards, -Galon Aerosmith- ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: X.org release 6.8.1
On Mon, 11 Oct 2004 13:28:51 -0200 Luís Vitório Cargnini [EMAIL PROTECTED] wrote: Hi i builded the Xorg 6.8.1 for FreeBSD but is necessary add some changes, because of Freetype2 and Xft i build the entire source, what i must do generate an patch ?? and submit ?? or just wait ?? just for curious the source is ready for build except if you have freetype2 installed the change is really small only need ad the twio lines in some header files: #include ft2build.h #include FT_FREETYPE_H just this mainly inside of programs/ Check out the porters handbook and look into a pr. Also the x11 mailing list would most likely be more useful in this area. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sysctl kern.securelevel=2
On Mon, 11 Oct 2004 20:03:32 -0400 Chris Collins [EMAIL PROTECTED] wrote: Hello Alll I was wondering what is the best kern.securelevel to run on a machine that provides general internet services, Web, FTP and Email. I don't want this so tight I cannot use the machine and I have also read in some post that having the secure level set to high can stop a fsck. I am running 4.8 stable with ipfw and current kern.securelevel at 0. After reading the man page I am thinking that I can safely at level 2 but I am not sure because of this line in the man page plus disks may not be opened for writing (except by mount(2)) whether mounted or not What exactly does this mean? Any help would be appreciated. in case you haven't already tried it, you may find 'man securelevel' helpful. Thanks Chris ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
