pkgdb -F - fetching INDEX-5.bz2 every time
Hi, I've got a rather interesting/anoying problem wrt. running pkgdb -F after cvsup-ping my ports-tree: pkgdb fetches INDEX-5.bz2 on every run! (for a sample output see below) Moreover in my /usr/ports I only have INDEX-5 and INDEX.db, but no INDEX file. In addition pkgdb complains about a missing origin of jdk-1.4.2p7. I suspect that this might be a leftover of a recent build of Openoffice-1.1.4 which requires jdk-1.4.2p7 in order to build. So here are my questions: 1) How can I fix the problem with pkgdb -F fetching INDEX-5.bz2 on every run? 2) Why don't I have INDEX and INDEX.db on my machine, but only INDEX-5 and INDEX.db? 3) How can I fix the Missing origin-problem wrt. jdk-1.4.2p7. Thanks much in advance for any clue, -ewald -- Cut here -- # pkgdb -F --- Checking the package registry database Missing origin: jdk-1.4.2p7 INDEX-5.bz2 100% of 619 kB 123 kBps done [Updating the portsdb format:bdb1_btree in /usr/ports ... - 12466 port entries found .1000.2000.3000.4000.5000.6000.7000.8000.9000.1.11000.12000 . done] Skip this for now? [yes] y To skip it without asking in future, please list it in HOLD_PKGS. # ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsdb -Uu - Stop.
On Mon, Feb 28, 2005 at 01:35:28PM -0500, Lowell Gilbert wrote: # portsdb -Uu Updating the ports index ... Generating INDEX.tmp - please wait..apsfilter-7.2.6 : /usr/ports/print/acroread5 non-existent -- dependency list incomplete === print/apsfilter failed *** Error code 1 1 error The current version of the apsfilter port should be looking at /usr/ports/print/acroread instead of .../acroread5. ... The makefile you have in /usr/ports/print/apsfilter is at least a week or two out of date, so double-check against the problems in this message. Hi, Thanks much for the hint! I waited for a day, cvsup-ed the ports-tree again, then re-build apsfilter - and the problem is gone :-). Best regards, -ewald ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Question about cvsup
On Tue, Mar 01, 2005 at 10:15:05PM -0500, Madhusudan Singh wrote: Hi I am new to FreeBSD and trying to use CVSup after someone suggested it to me on comp.unix.misc.bsd.freebsd. My supfile : *default tag=. *default host=cvsup.FreeBSD.org *default prefix=/usr *default base=/var/db *default release=cvs delete use-rel-suffix compress ports-all release=cvs Hi, I usually do it this way: 1) copy /usr/share/examples/cvsup/ports-supfile to /root 2) Edit /root/ports-supfile so that it points to your preferred CVSup-site; the only thing you need to change is the *default host entry. 3) run cvsup: cvsup -g -L 2 /root/ports-supfile 4) pkgdb -F 5) portsdb -Uu At this point you've synced your ports tree and all databases. Now you can go and install your ports. Dru Lavigne has written an excellent article on this you can find at http://www.onlamp.com/pub/a/bsd/2003/08/28/FreeBSD_Basics.html It basically covers everything I described above including keeping your ports-tree up2date including all up/down dependencies. HTH, -ewald ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw not working any more after upgrade to 5.3
On Sun, 30 Jan 2005 01:28:08 +0100 Roberto Nunnari [EMAIL PROTECTED] wrote: I just upgraded my FreeBSD box to 5.3-RELEASE-p5 from 5.2.1-RELEASE-p9 and now I can no longer use ipfw to fwd from one port to another: # ipfw add fwd 192.168.1.5,8180 tcp from any to 192.168.1.5 80 ipfw: getsockopt(IP_FW_ADD): Invalid argument What's wrong? try this: # ipfw add fwd 192.168.1.5 8180 tcp from any to 192.168.1.5 80 imho the problem is , let me know if this is the error. Bye ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: where is autoconf
On 2005-03-02 23:15, Stefan Seefeld [EMAIL PROTECTED] wrote: Kris Kennaway wrote: Someone whose attribution has been trimmed, wrote: Well, I was looking for 'autoconf' in these files but didn't find it. And indeed, even though I have 'autoconf-2.59_2' installed, all I have is 'autoconf259', but not 'autoconf'. This is necessary because the autoconf developers don't understand why backwards compatibility is important for their tools (new versions like 2.59 cannot be used to build old applications that were written for e.g. 2.13, nor can multiple versions of autoconf be easily installed concurrently). I'm aware of these (very unfortunate) incompatibilities, though I had expected the problem to be dealt with differently (for example by setting a symbolic link to the currently active version). Unfortunately, this won't help. There is not a single executable, or a simple set of files that one can symlink and have autoconf magically just work(TM). You can use the gnu-autoconf and related ports, which installs into /usr/local/gnu-autotools so they do not poison the build environment of other ports. YOu might have to play games with PATH or other variables to get your application to find them. Ok, thanks for the explanation. I usually use a similar trick to synchronize the versions of autoconf, automake, libtool on Linux, Solaris and BSD. I manually install the tools with --prefix=/opt/gnu and prepend /opt/gnu/bin:/opt/gnu/sbin to my PATH whenever I need to use these. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: reload rc.conf without rebooting
On 2005-03-02 22:33, Ben Munat [EMAIL PROTECTED] wrote: How does one cause rc.conf to be reread without rebooting? Under linux I would generally do source somefile.conf. But if I do source rc.conf, I'm told that all my settings are not commands. Generally, you don't. For details, see the explanation of the FAQ: http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/admin.html#REREAD-RC ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Question about cvsup
Ewald Jenisch wrote: I usually do it this way: 1) copy /usr/share/examples/cvsup/ports-supfile to /root 2) Edit /root/ports-supfile so that it points to your preferred CVSup-site; the only thing you need to change is the *default host entry. 3) run cvsup: cvsup -g -L 2 /root/ports-supfile Instead of 1), 2) and 3), you can do all in one command: # cvsup -h another.cvsup.host \ /usr/share/examples/cvsup/ports-supfile The advantage is that if the ports-supfile itself is updated, you'll use the updated version next time, without any need for copying and re-editing the file. Rob. __ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
SCSI problem on a IBM xSeries x206
Hello, I've a problem with a IBM xSeries x206 server. This server is equipped with an Adaptec AIC7901 Ultra320 SCSI RAID card, and the two SCSI disks are configured as RAID1 in the bios card. I've installed FreeBSD 5.3, but the system go on to see the two SCSI disks (sd0 and sd1); not the logical RAID1 unit. If I launch the command pciconf -lv the output is the following: [EMAIL PROTECTED]:4:0: class=0x010400 card=0x005f9005 chip=0x808f9005 rev=0x10 hdr=0x00 vendor = 'Adaptec Inc' device = 'AIC-7901 Ultra320 HostRAID Controller' class= mass storage subclass = RAID And, from the dmesg: ahd0: Adaptec AIC7901 Ultra320 SCSI adapter port 0x3000-0x30ff,0x3400-0x34ff mem 0xd020-0xd0201fff irq 2 7 at device 4.0 on pci3 Thanks, -- Marco pizzi. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Averatec 3200 Laptop Wireless?
Anyone got an AVERATEC 3200 Series laptop with the built-in wireless working? On Windows it says 802.11g MiniPC Wireless Network Adapter, manufacturer and driver provided by 802.11 Wireless. --- ?!?!?!?!? I can't find the driver for my wireless connection. Please help. __ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
[repost] ip.forwarding with pf
No one replied to this and I thought it was easy for someone on this list to help me? I am going to run pf and setup FBSD as a router (3 NICs). And I see there are some options: net.inet.ip.fastforwarding or net.inet.ip.forwarding Can someone tell me which is appropriate when FreeBSD 5.4-PRE is used as a router running pf with built in NAT ? And what is the difference on these 2 options? -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
kmail similar
I've just compiled kde-lite in FreeBSD 5.3 but cannot find kmail, ksirc, knode the likes. What ports packages are they in? Ciao Vittorio ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
upgrade using sysinstall not finding BSD version
I recently did a sligfht stuff up in my commands and del 3/4 of my .usr/bin dir and when using sysinstall to do a base system re-install (upgrade) when going to any of the FTP servers it refuses to find my BSD version of 5.3-Stable ... any particular reason why this is ? -- Yours Sincerely Shinjii http://www.shinji.nq.nu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: kmail similar
On Thu, 3 Mar 2005 13:31:49 +, Vittorio [EMAIL PROTECTED] wrote: I've just compiled kde-lite in FreeBSD 5.3 but cannot find kmail, ksirc, knode the likes. What ports packages are they in? Ciao Vittorio, kmail and knode are in kdepim ksirc is in kdenetwork which other apps do you need? Ciao Vittorio Saluti, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Pietro Piter Cerutti [EMAIL PROTECTED] [EMAIL PROTECTED] Beansidhe - SwiSS Death / Thrash Metal www.beansidhe.ch Windows: Where do you want to go today? Linux: Where do you want to go tomorrow? FreeBSD: Are you guys coming or what? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Averatec 3200 Laptop Wireless?
On Thu, 3 Mar 2005 04:10:32 -0800 (PST), Scorpion [EMAIL PROTECTED] wrote: Anyone got an AVERATEC 3200 Series laptop with the built-in wireless working? I don't have that kind of hardware, but On Windows it says 802.11g MiniPC Wireless Network Adapter I can't find the driver for my wireless connection. The ath(4) device driver supports 802.11a and 802.11g. If your card is based on an Atheros chipset, you may be able to use this driver. see the Handbook, chapter Wireless Networking: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-wireless.html You have to get the Windows drivers and compile the ndis(4) mini port driver wrapper module. Please help. Hope this helps, -- Pietro Piter Cerutti [EMAIL PROTECTED] [EMAIL PROTECTED] Beansidhe - SwiSS Death / Thrash Metal www.beansidhe.ch Windows: Where do you want to go today? Linux: Where do you want to go tomorrow? FreeBSD: Are you guys coming or what? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
DNS newbie question
Where do I have to specify the ip of the dns server ? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS newbie question
Claudiu Bichir wrote: Where do I have to specify the ip of the dns server ? Add a line like: nameserver 4.2.2.1 ...to /etc/resolv.conf. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Sharing directories with jails
How dangerous is it to share the ports directory with jails on the system? I am using the jails to give other access to a freebsd system. You can assume they are untrusted (hence the jail ;)). Is it enough just to: ln -s /usr/ports /usr/jail/ajail/usr/ports Thanks Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS newbie question
On 2005-03-03 05:40, Claudiu Bichir [EMAIL PROTECTED] wrote: Where do I have to specify the ip of the dns server ? In your `/etc/resolv.conf' file. See the manpage of resolv.conf for what is the proper thing to put there. In general, 1 or 2 lines should be enough: search example.net nameserver 1.2.3.4 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Renaming root account
On Thu, 3 Mar 2005 10:22:05 +0100, Wouter [EMAIL PROTECTED] wrote: Renaming root is generally a bad idea, what you could do, however, is set a password on(thus enabling) the toor account and set root's shell to /sbin/nologin Sorry for interfering with this discussion. I would like to know what are the advantages of using toor against using the normal root account. They have the same UID, then they actually are the same account, aren't they? Thenk you very much Wouter -- Pietro Piter Cerutti [EMAIL PROTECTED] [EMAIL PROTECTED] Beansidhe - SwiSS Death / Thrash Metal www.beansidhe.ch Windows: Where do you want to go today? Linux: Where do you want to go tomorrow? FreeBSD: Are you guys coming or what? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Renaming root account
On 2005-03-03 13:53, Pietro Cerutti [EMAIL PROTECTED] wrote: On Thu, 3 Mar 2005 10:22:05 +0100, Wouter [EMAIL PROTECTED] wrote: Renaming root is generally a bad idea, what you could do, however, is set a password on(thus enabling) the toor account and set root's shell to /sbin/nologin Sorry for interfering with this discussion. I would like to know what are the advantages of using toor against using the normal root account. They have the same UID, then they actually are the same account, aren't they? In my opinion, absolutely none at all. People should never change the default shell of root from /bin/csh and toor is just a hack to please those who are too bored to type: % exec bash ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Cups+Ghostscript invalidfileaccess???
Hello! I tried to setup my new Brother laser printer to my 5.3 FreeBSD. But I can't printout anything. For example I press the Print test page-Button in the web interface. In the job list the state abort is shown. In /var/log/cups/error_log I found these lines: D [03/Mar/2005:14:28:57 +0100] [Job 5] GNU Ghostscript 7.07 (2003-05-17) D [03/Mar/2005:14:28:57 +0100] [Job 5] Copyright (C) 2003 artofcode LLC, Benicia, CA. All rights reserved. D [03/Mar/2005:14:28:57 +0100] [Job 5] This software comes with NO WARRANTY: see the file PUBLIC for details. D [03/Mar/2005:14:29:09 +0100] [Job 5] Loading NimbusSanL-Bold font from /usr/local/share/ghostscript/fonts/n019004l.pf b... 2287356 883780 1702808 405324 0 done. D [03/Mar/2005:14:29:09 +0100] [Job 5] Loading NimbusSanL-Regu font from /usr/local/share/ghostscript/fonts/n019003l.pf b... 2384404 974247 1702808 409299 0 done. D [03/Mar/2005:14:29:09 +0100] [Job 5] Loading NimbusRomNo9L-Regu font from /usr/local/share/ghostscript/fonts/n021003l .pfb... 2541740 1083022 1702808 354413 0 done. D [03/Mar/2005:14:29:10 +0100] [Job 5] D [03/Mar/2005:14:29:10 +0100] [Job 5] Closing renderer D [03/Mar/2005:14:29:11 +0100] [Job 5] Loading NimbusSanL-BoldItal font from /usr/local/share/ghostscript/fonts/n019024 l.pfb... 2638788 1182608 1722904 372380 0 done. D [03/Mar/2005:14:29:11 +0100] [Job 5] Error: /invalidfileaccess in --.outputpage-- D [03/Mar/2005:14:29:11 +0100] [Job 5] Operand stack: D [03/Mar/2005:14:29:11 +0100] [Job 5] 397.553 317.66 292.08 771.46 292.08 56.725 48.68 1 true D [03/Mar/2005:14:29:11 +0100] [Job 5] Execution stack: D [03/Mar/2005:14:29:11 +0100] [Job 5] %interp_exit .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- --nostringval-- --nostringval-- false 1 %stopped_push 1 3 %oparray _pop 1 3 %oparray_pop 1 3 %oparray_pop 1 3 %oparray_pop .runexec2 --nostringval-- --nostringval -- --nostringval-- 2 %stopped_push --nostringval-- 7 3 %oparray_pop --nostringval-- --nostringval-- --nostringval-- --nostringval-- D [03/Mar/2005:14:29:11 +0100] [Job 5] Dictionary stack: D [03/Mar/2005:14:29:11 +0100] [Job 5] --dict:1062/1123(ro)(G)-- --dict:1/20(G)-- --dict:100/200(L)-- D [03/Mar/2005:14:29:11 +0100] [Job 5] Current allocation mode is local D [03/Mar/2005:14:29:11 +0100] [Job 5] Last OS error: 45 D [03/Mar/2005:14:29:11 +0100] [Job 5] GNU Ghostscript 7.07: Unrecoverable error, exit code 1 D [03/Mar/2005:14:29:15 +0100] [Job 5] renderer return value: 1 D [03/Mar/2005:14:29:15 +0100] [Job 5] renderer received signal: 1 D [03/Mar/2005:14:29:15 +0100] [Job 5] tail process done writing data to STDOUT Can somebody tell me how to fix it? Bye Luis __ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: restore
Next, why did you try and mount /dev/ad0s1a and then newfs /dev/ad0s1a That should not work at all. You don't newfs a mounted partition. Gee, I didn't know that. It wasn't clear when I read the handbook or man pages. May give me something new to try-- That is probably your main problem. Doing the newfs on the unmounted partition worked the way I expected it to. Once more, thanks to all. Good that it now works. It is often some minor seeming thing that looms large when it is not right. jerry -LenZ- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [repost] ip.forwarding with pf
On Thu, 03 Mar 2005 06:30:52 -0600, J.D. Bronson [EMAIL PROTECTED] wrote: No one replied to this and I thought it was easy for someone on this list to help me? I am going to run pf and setup FBSD as a router (3 NICs). And I see there are some options: net.inet.ip.fastforwarding or net.inet.ip.forwarding Can someone tell me which is appropriate when FreeBSD 5.4-PRE is used as a router running pf with built in NAT ? And what is the difference on these 2 options? -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Are you entirely sure you want to do it using PF? Has PF even been fully implemented into the 5.x series? I recently setup an FBSD router with 3 external NICs and 1 internal, using NAT and open ipfw rules for now, until I learn a bit more about ipfw. -- -Tomas Quintero ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [repost] ip.forwarding with pf
At 09:15 AM 03/03/2005, Tomas Quintero wrote: Are you entirely sure you want to do it using PF? Has PF even been fully implemented into the 5.x series? I recently setup an FBSD router with 3 external NICs and 1 internal, using NAT and open ipfw rules for now, until I learn a bit more about ipfw. -- -Tomas Quintero Yes...pf can be a loadable module or compiled into the kernel. I am seeking more information on the if.forwarding options though... -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [repost] ip.forwarding with pf
On Thu, 03 Mar 2005 06:30:52 -0600, J.D. Bronson [EMAIL PROTECTED] wrote: No one replied to this and I thought it was easy for someone on this list to help me? I am going to run pf and setup FBSD as a router (3 NICs). And I see there are some options: net.inet.ip.fastforwarding or net.inet.ip.forwarding Can someone tell me which is appropriate when FreeBSD 5.4-PRE is used as a router running pf with built in NAT ? And what is the difference on these 2 options? -- I don't know the difference, but here is a report of WinXP clients having problems with net.inet.ip.fastforwarding: http://www.freebsdforums.org/forums/showthread.php?s=threadid=29094 =Adriaan= ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Averatec 3200 Laptop Wireless?
Scorpion [EMAIL PROTECTED] writes: Anyone got an AVERATEC 3200 Series laptop with the built-in wireless working? Is it based on the Centrino chips ? If so, you can simply try to play with Intel firmware and install if_pw drivers. -- Xavier Maillard Membre LoLiCA Post-scriptum La Poste Ce message est confidentiel. Sous réserve de tout accord conclu par écrit entre vous et La Poste, son contenu ne représente en aucun cas un engagement de la part de La Poste. Toute publication, utilisation ou diffusion, même partielle, doit être autorisée préalablement. Si vous n'êtes pas destinataire de ce message, merci d'en avertir immédiatement l'expéditeur. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SCSI problem on a IBM xSeries x206
In the last episode (Mar 03), Marco Pizzi said: I've a problem with a IBM xSeries x206 server. This server is equipped with an Adaptec AIC7901 Ultra320 SCSI RAID card, and the two SCSI disks are configured as RAID1 in the bios card. I've installed FreeBSD 5.3, but the system go on to see the two SCSI disks (sd0 and sd1); not the logical RAID1 unit. If I launch the command pciconf -lv the output is the following: [EMAIL PROTECTED]:4:0: class=0x010400 card=0x005f9005 chip=0x808f9005 rev=0x10 hdr=0x00 vendor = 'Adaptec Inc' device = 'AIC-7901 Ultra320 HostRAID Controller' HostRAID is software-based RAID, similar to the software ATA RAID managed by the ataraid driver and the atacontrol command. An enterprising coder could probably modify geom_mirror to recognize whatever disk metadata that HostRAID stores. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sharing directories with jails
How dangerous is it to share the ports directory with jails on the system? I am using the jails to give other access to a freebsd system. You can assume they are untrusted (hence the jail ;)). Is it enough just to: ln -s /usr/ports /usr/jail/ajail/usr/ports That won't work. The jail does a chroot (along with other things) when it starts up so the link inside the jail will wind up pointing to itself. The only way I've been able to figure out how to do something like that is by running an NFS server outside the jail and then run an NFS client inside the jail to get access to the disk space outside the jail via NFS. I actually have a separate jail for the NFS server and export everything read-only. Now, I'm sure you've thought of this but I'm going to say it for anyone reading the archives. You do know that giving the jailed processes access to anything outside the jail will reduce the security advantages of having a jail in the first place? Besides, why would you provide a jailed process with access to development tools? You are just making it much easier for anyone with access to the jail to build/install software to help them break out of the jail. Thanks Chris -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD NFS client and Netware 6.5 NFS server]
To answer your question: An NFS trace on the novell server shows the web server executing GETATTR and READ commands when a file is served after it has been updated. If you 'touch' one of the files, the client executes GETATTR and SETATTR... and then the first time it is served it executes LOOKUP, READ, and GETATTR commands (after the first time it is served by the web server the client just executes GETATTR and READ). We were told to mount the exported volume with the NOAC option to tell the client not to cache file attributes. However, we do not see this option implemented on FreeBSD (we even tried it thinking it may be undocumented or still hanging around and ended up getting an error message). After seeing this, we tried setting ACREGMIN, ACREGMAX, ACDIRMIN, and ACDIRMAX to 0 thinking that timeouts of 0 would essentionally turn the cache off... but it didn't solve the problem. Is there some other setting that just turns the cache off completely? -shawn --On Wednesday, March 02, 2005 9:03 PM -0500 Bob Johnson [EMAIL PROTECTED] wrote: Here's a reply to my query. sysctl's are kernel values that you can tune with the sysctl command. sysctl vfs.nfs.access_cache_timeout would show you the value of that sysctl, while sysctl vfs.nfs.access_cache_timeout=2 would change the value to 2 (assuming it is writable, which this one is). To see all sysctl's with nfs in the name, do sysctl -a | grep nfs so the question he asks is whether a server trace shows any activity when the webserver is fetching a recently changed file, or is it working entirely from its own cache? Any reply to this should go to the sender and to [EMAIL PROTECTED] to get the reply back on the list. - Bob Original Message Subject: Re: FreeBSD NFS client and Netware 6.5 NFS server Date: Wed, 2 Mar 2005 17:55:24 -0600 From: Dan Nelson [EMAIL PROTECTED] To: Bob Johnson [EMAIL PROTECTED] CC: freebsd-questions@freebsd.org References: [EMAIL PROTECTED] In the last episode (Mar 02), Bob Johnson said: Message below is about a FreeBSD server I maintain. The FreeBSD server is our web server. We use NFS to talk to a Netware file server where most of our users' web pages are stored. FreeBSD is 5.3, and was working ok with Netware 5.1 (and still is with other Netware servers). One of the servers was recently upgraded to Netware 6.5 and NFS is no longer playing nice between the two. When something on the Netware side updates a file by copying it into place (e.g. using FTP [don't complain] to upload a file), the FreeBSD client doesn't find out that the file contents have changed until it does something to the file (e.g. touch or chmod). Thus, when one of our users updates their web page with something like Dreamweaver, the web server doesn't find out about it (perhaps it eventually finds out, but it takes more than the several minutes we waited). It sounds sort of like the vfs.nfs.access_cache_timeout sysctl isn't being honored on the FreeBSD side. The kernel defaults to 60 seconds, but if you have nfs_client_enable=YES in rc.conf, /etc/rc.d/nfsclient sets it to 2. If you dump the NFS traffic as your web server fetches one of these recently-updated files, do you see it doing an ACCESS/GETATTR on the target files at all? =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn C. Lander 340A Weil Hall, POBox 116550 Coordinator Computer ApplicationsGainesville, FL 32611-6550 Management Information Systems (MIS) PH: (352) 392-9217 College of Engineering FAX: (352) 392-7063 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ndis problem
hi all me again. i have a problem with ndis in freebsd 5.3 i do sony# cd /usr/src/sys/modules/if_ndis/ sony# make clean rm -f /usr/src/sys/modules/if_ndis/export_syms if_ndis.ko if_ndis.kld if_ndis.o if_ndis_pci.o if_ndis_pccard.o @ machine symb.tmp tmp.o opt_bdg.h bus_if.h device_if.h card_if.h pci_if.h pccarddevs.h sony# ndiscvt -i /usr/win/CVS/rt2500usb.inf -s /usr/win/CVS/rt2500usb.sys -o ndis_driver_data.h sony# make make install sony# make load /sbin/kldload -v /usr/src/sys/modules/if_ndis/if_ndis.ko kldload: can't load /usr/src/sys/modules/if_ndis/if_ndis.ko: No such file or directory *** Error code 1 Stop in /usr/src/sys/modules/if_ndis. the file if_ndis.ko exist but i dont know why the message say not found. maybe a problem with windows drivers? any boby can help me. this drivers work under fedora with ndiswrapper. but in freebsd mmm i dont know what happend. thanks a lot.. -- Pablo Allietti LACNIC -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Kernel problems on 5.3.
Hi Jacob,
You should try to CVSup your FreeBSD machines to get the latest code.
Read section A.5 of the FreeBSD Handbook. Here's the link:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html
I can't say this will fix your current problem, but for sure it can only
be good, at least from a security stand point.
You can proceed to do so via ssh.
What you want to do is this:
a) Create the file /root/cvs-supfile which contains the following:
sudo vi /root/cvs-supfile
# cvs-supfile
#
# $Id: cvs-supfile,v 1.7 2005/03/03 15:53:56 drobilla Exp drobilla $
#
# Check /usr/share/examples/cvsup/cvs-supfile for
# more information.
#
# David Robillard, December 9th, 2004
# Host from which files are fetched.
#
# *default host=cvsup.ca.freebsd.org
*default host=cvsup4.freebsd.org
# *default host=cvsup.ch.freebsd.org
# Directory where CVSup stores info about it's work.
# Will never grow beyond ~1MB and creates ${base}/sup.
# NOTE: The `refuse' file is thus: /var/db/cvsup/sup/refuse
#
*default base=/var/db/cvsup
# Directory where to place the downloaded files.
#
*default prefix=/usr
# Which version of FreeBSD do we want?
# Check http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvs-tags.html
#
# BROKEN?! *default tag=RELENG_5
*default tag=RELENG_5_3
# Defaults. Don't need to change this.
#
*default release=cvs delete use-rel-suffix compress
# What do we want to download?
#
src-all
# EOF
c) Create the cvsup directory.
sudo mkdir -p /var/db/cvsup/sup
d) Now copy the refuse file to your cvsup directory.
sudo cp /usr/share/examples/cvsup/refuse /var/db/cvsup/sup
e) Setup your environment. You should set this up in your
favorite shell's rc file. This here is for sh(1) and bash(1).
[EMAIL PROTECTED]:/home/ncvs
export CVSROOT
f) Proceed with cvsup. Note, the first time you run things,
you will be prompted to accept the RSA signature of the
server you connect to.
sudo cvsup -g -L 2 /root/cvs-supfile
g) When the download finishes, rebuild the world and the kernel.
Note, you have a custom built kernel, so you must change KERNCONF=GENERIC
to KERNCONF=YOUR_KERNEL_CONFIG_FILE_NAME
cd /usr/src
sudo make -j2 buildworld
sudo make -j2 buildkernel KERNCONF=GENERIC
sudo make installkernel KERNCONF=GENERIC
sudo mergemaster -p
sudo make installworld
sudo mergemaster
h) Finally, reboot the machine.
Once your machines come back online, run `uname -r` and you will notice
that the current release level of the operating system has changed. For
example, my servers have changed from 5.3-RELEASE to 5.3-RELEASE-p5.
Cheers,
David
--
David Robillard
UNIX systems administrator
[EMAIL PROTECTED]
Notarius (TSIN) Inc.
465, rue St-Jean, suite 200
Montreal, Quebec, H2Y 2R6
Tel. : +1 514 966 0122
Fax. : +1 514 281 1226
http://www.notarius.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
apachectl startssl at boot time ?
Hi, I can start apache with SSL ok from the command line apachectl startssl I've now put the following into /etc/rc.conf hoping that it will start at boot time. apache_enable=YES apache_flags=startssl This starts Apache on boot time but not with SSL Any ideas where I'm going wrong ? It seems like startssl is being passed as an argument to httpd rather than apachectl. David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: apachectl startssl at boot time ?
Hi, I can start apache with SSL ok from the command line apachectl startssl I've now put the following into /etc/rc.conf hoping that it will start at boot time. apache_enable=YES apache_flags=startssl Try apache_flags=-DSSL instead. This starts Apache on boot time but not with SSL It seems like startssl is being passed as an argument to httpd rather than apachectl. You are right, the startup scripts call httpd directly. If you look at the apachectl script you will see that the 'startssl' command does the following: startssl|sslstart|start-SSL) if [ $RUNNING -eq 1 ]; then echo $0 $ARG: httpd (pid $PID) already running continue fi if $HTTPD -DSSL; then echo $0 $ARG: httpd started So, if you do what I said above, your web server will start up with ssl support. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: apachectl startssl at boot time ?
On Thu, 3 Mar 2005 11:48:24 -0500 (EST) Ean Kingston [EMAIL PROTECTED] wrote: Hi, I can start apache with SSL ok from the command line apachectl startssl I've now put the following into /etc/rc.conf hoping that it will start at boot time. apache_enable=YES apache_flags=startssl Try apache_flags=-DSSL Works a treat thanks ;-) instead. This starts Apache on boot time but not with SSL It seems like startssl is being passed as an argument to httpd rather than apachectl. You are right, the startup scripts call httpd directly. If you look at the apachectl script you will see that the 'startssl' command does the following: startssl|sslstart|start-SSL) if [ $RUNNING -eq 1 ]; then echo $0 $ARG: httpd (pid $PID) already running continue fi if $HTTPD -DSSL; then echo $0 $ARG: httpd started So, if you do what I said above, your web server will start up with ssl support. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ndis problem
On 3 Mar 2005, at 17:19, Pablo Allietti wrote: hi all me again. i have a problem with ndis in freebsd 5.3 i do sony# cd /usr/src/sys/modules/if_ndis/ sony# make clean rm -f /usr/src/sys/modules/if_ndis/export_syms if_ndis.ko if_ndis.kld if_ndis.o if_ndis_pci.o if_ndis_pccard.o @ machine symb.tmp tmp.o opt_bdg.h bus_if.h device_if.h card_if.h pci_if.h pccarddevs.h sony# ndiscvt -i /usr/win/CVS/rt2500usb.inf -s /usr/win/CVS/rt2500usb.sys -o ndis_driver_data.h sony# make make install sony# make load /sbin/kldload -v /usr/src/sys/modules/if_ndis/if_ndis.ko kldload: can't load /usr/src/sys/modules/if_ndis/if_ndis.ko: No such file or directory *** Error code 1 Stop in /usr/src/sys/modules/if_ndis. the file if_ndis.ko exist but i dont know why the message say not found. maybe a problem with windows drivers? any boby can help me. this drivers work under fedora with ndiswrapper. but in freebsd mmm i dont know what happend. thanks a lot.. -- Pablo Allietti LACNIC -- Have you tried just running kldload if_ndis manually? Also, did you make sure to build and load /usr/src/sys/modules/ndis first? -- - Adam McMaster [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD NFS client and Netware 6.5 NFS server]
In the last episode (Mar 03), Shawn C Lander said:
An NFS trace on the novell server shows the web server executing
GETATTR and READ commands when a file is served after it has been
updated.
If it's doing a GETATTR and a READ, then it should be pulling the right
file data, I think. Can you get the contents of the READ reply, and
see whether the Netware box is sending old or new file contents?
If you 'touch' one of the files, the client executes GETATTR and
SETATTR... and then the first time it is served it executes LOOKUP,
READ, and GETATTR commands (after the first time it is served by the
web server the client just executes GETATTR and READ).
I wonder if it's the lookup result (i.e. name-filehandle mapping)
that's being incorrectly cached, instead of the attributes (i.e.
filehandle timestamp etc). If the webpage upload creates a new file
instead of updating the existing one, the FreeBSD client may be caching
the filehandle from the previous lookup call and fetching the old file
(which Netware still has a copy of because of the NWFS/NSS salvage
system). If this were the case, though, I would expect to see your
Solaris box do LOOKUPs occasionally to verify that its cached
filehandle is still good.
We were told to mount the exported volume with the NOAC option to
tell the client not to cache file attributes. However, we do not see
this option implemented on FreeBSD (we even tried it thinking it may
be undocumented or still hanging around and ended up getting an error
message). After seeing this, we tried setting ACREGMIN, ACREGMAX,
ACDIRMIN, and ACDIRMAX to 0 thinking that timeouts of 0 would
essentionally turn the cache off... but it didn't solve the problem.
Is there some other setting that just turns the cache off completely?
That should have done it, I think. Looking around
/sys/nfsclient/nfs_subs.c I see there is an NFS_ACDEBUG kernel option
you could enable which creates a vfs.nfs.acdebug flag. If you set it
to 3, the kernel should print out some timing info every time it
fetches an attribute from its cache. I don't know the relationship
between vfs.nfs.access_cache_timeout and the ag{reg,dir}{min,max}
mount_nfs flags.
Original Message
Subject: Re: FreeBSD NFS client and Netware 6.5 NFS server
Date: Wed, 2 Mar 2005 17:55:24 -0600
From: Dan Nelson [EMAIL PROTECTED]
To: Bob Johnson [EMAIL PROTECTED]
CC: freebsd-questions@freebsd.org
References: [EMAIL PROTECTED]
In the last episode (Mar 02), Bob Johnson said:
Message below is about a FreeBSD server I maintain. The FreeBSD
server is our web server. We use NFS to talk to a Netware file
server where most of our users' web pages are stored. FreeBSD is
5.3, and was working ok with Netware 5.1 (and still is with other
Netware servers). One of the servers was recently upgraded to
Netware 6.5 and NFS is no longer playing nice between the two.
When something on the Netware side updates a file by copying it into
place (e.g. using FTP [don't complain] to upload a file), the FreeBSD
client doesn't find out that the file contents have changed until it
does something to the file (e.g. touch or chmod). Thus, when one of
our users updates their web page with something like Dreamweaver, the
web server doesn't find out about it (perhaps it eventually finds
out, but it takes more than the several minutes we waited).
It sounds sort of like the vfs.nfs.access_cache_timeout sysctl isn't
being honored on the FreeBSD side. The kernel defaults to 60 seconds,
but if you have nfs_client_enable=YES in rc.conf, /etc/rc.d/nfsclient
sets it to 2. If you dump the NFS traffic as your web server fetches
one of these recently-updated files, do you see it doing an
ACCESS/GETATTR on the target files at all?
--
Dan Nelson
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: kmail similar
Alle 13:11, giovedì 3 marzo 2005, Pietro Cerutti ha scritto: On Thu, 3 Mar 2005 13:31:49 +, Vittorio [EMAIL PROTECTED] wrote: I've just compiled kde-lite in FreeBSD 5.3 but cannot find kmail, ksirc, knode the likes. What ports packages are they in? Ciao Vittorio, kmail and knode are in kdepim ksirc is in kdenetwork which other apps do you need? Where can I find kppp? Ciao Vittorio ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [repost] ip.forwarding with pf
On 2005-03-03 10:15, Tomas Quintero [EMAIL PROTECTED] wrote: On Thu, 03 Mar 2005 06:30:52 -0600, J.D. Bronson [EMAIL PROTECTED] wrote: No one replied to this and I thought it was easy for someone on this list to help me? I am going to run pf and setup FBSD as a router (3 NICs). And I see there are some options: net.inet.ip.fastforwarding or net.inet.ip.forwarding Can someone tell me which is appropriate when FreeBSD 5.4-PRE is used as a router running pf with built in NAT ? Are you entirely sure you want to do it using PF? Has PF even been fully implemented into the 5.x series? Yes. The 5.3-RELEASE version was the first official release of FreeBSD that included PF as part of the base system. As far as the original question, regarding PF and forwarding, the answer is AFAIK, that it should work. I haven't used PF's network address translation until now, but I don't see why it wouldn't work. Packet forwarding is, unless I'm mistaken, a prerequisite for any gateway. The fact that the gateway also translates addresses is not obligatory but just a characteristics of the local network topology (i.e. availability of public addresses). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sharing directories with jails
Ean Kingston wrote: How dangerous is it to share the ports directory with jails on the system? I am using the jails to give other access to a freebsd system. You can assume they are untrusted (hence the jail ;)). Is it enough just to: ln -s /usr/ports /usr/jail/ajail/usr/ports That won't work. The jail does a chroot (along with other things) when it starts up so the link inside the jail will wind up pointing to itself. Doh! :) The only way I've been able to figure out how to do something like that is by running an NFS server outside the jail and then run an NFS client inside the jail to get access to the disk space outside the jail via NFS. I actually have a separate jail for the NFS server and export everything read-only. Interesting idea. Now, I'm sure you've thought of this but I'm going to say it for anyone reading the archives. You do know that giving the jailed processes access to anything outside the jail will reduce the security advantages of having a jail in the first place? Well I wasn't sure about this...hence the question. Besides, why would you provide a jailed process with access to development tools? You are just making it much easier for anyone with access to the jail to build/install software to help them break out of the jail. Thanks Chris Ok perhaps I should clarify what my intentions are a little more. I am planning on providing a FreeBSD jail for any member of a geek society I am a member of. When I say they are untrusted, I mean that I won't be giving them full root access to my server but I trust them enough not to do anything malicious inside a jail. It is just like a fun place they can play and not have to worry to much about breaking things. How easy is it exactly to break out of a jail if you have access to development tools? Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: kmail similar
Where can I find kppp? kdenetwork Ciao Vittorio Ciao! -- Pietro Piter Cerutti [EMAIL PROTECTED] [EMAIL PROTECTED] Beansidhe - SwiSS Death / Thrash Metal www.beansidhe.ch Windows: Where do you want to go today? Linux: Where do you want to go tomorrow? FreeBSD: Are you guys coming or what? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [repost] ip.forwarding with pf
Giorgos Keramidas wrote: On 2005-03-03 10:15, Tomas Quintero [EMAIL PROTECTED] wrote: On Thu, 03 Mar 2005 06:30:52 -0600, J.D. Bronson [EMAIL PROTECTED] wrote: No one replied to this and I thought it was easy for someone on this list to help me? I am going to run pf and setup FBSD as a router (3 NICs). And I see there are some options: net.inet.ip.fastforwarding or net.inet.ip.forwarding Can someone tell me which is appropriate when FreeBSD 5.4-PRE is used as a router running pf with built in NAT ? Are you entirely sure you want to do it using PF? Has PF even been fully implemented into the 5.x series? Yes. The 5.3-RELEASE version was the first official release of FreeBSD that included PF as part of the base system. As far as the original question, regarding PF and forwarding, the answer is AFAIK, that it should work. I haven't used PF's network address translation until now, but I don't see why it wouldn't work. Packet forwarding is, unless I'm mistaken, a prerequisite for any gateway. The fact that the gateway also translates addresses is not obligatory but just a characteristics of the local network topology (i.e. availability of public addresses). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Hmm I found this: http://mailman.twdx.net/pipermail/occaid/2003-October/000250.html Google for freebsd net.inet.ip.fastforwarding. Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sharing directories with jails
On Thursday 03 March 2005 12:42 pm, Chris Hodgins wrote: Ean Kingston wrote: How dangerous is it to share the ports directory with jails on the system? I am using the jails to give other access to a freebsd system. You can assume they are untrusted (hence the jail ;)). Is it enough just to: ln -s /usr/ports /usr/jail/ajail/usr/ports That won't work. The jail does a chroot (along with other things) when it starts up so the link inside the jail will wind up pointing to itself. Doh! :) The only way I've been able to figure out how to do something like that is by running an NFS server outside the jail and then run an NFS client inside the jail to get access to the disk space outside the jail via NFS. I actually have a separate jail for the NFS server and export everything read-only. Interesting idea. Now, I'm sure you've thought of this but I'm going to say it for anyone reading the archives. You do know that giving the jailed processes access to anything outside the jail will reduce the security advantages of having a jail in the first place? Well I wasn't sure about this...hence the question. Besides, why would you provide a jailed process with access to development tools? You are just making it much easier for anyone with access to the jail to build/install software to help them break out of the jail. Thanks Chris Ok perhaps I should clarify what my intentions are a little more. I am planning on providing a FreeBSD jail for any member of a geek society I am a member of. When I say they are untrusted, I mean that I won't be giving them full root access to my server but I trust them enough not to do anything malicious inside a jail. It is just like a fun place they can play and not have to worry to much about breaking things. How easy is it exactly to break out of a jail if you have access to development tools? http://www.securiteam.com/unixfocus/5WP031535U.html If you use securelevels you can a sigificantly improve security. -- Anish Mistry pgpUtMcUCdSKW.pgp Description: PGP signature
Audio latency
Hi, My sound works and when I use mplayer or xmms I don't experience any (noticable!) audio latency. In applications like doomlegacy and quakeforge I do. I think this might be the problem: http://lists.freebsd.org/mailman/htdig/freebsd-questions/2004-August/055314.html Though I don't understand much about the solution... Some useful info: I'm using FreeBSD5.3-STABLE. Card: nForce2 onboard sound. And I compiled my kernel with device sound. And I load the snd_ich.ko module. The output of `dmesg | grep pcm` : pcm0: nVidia nForce2 port 0xd400-0xd47f,0xd000-0xd0ff mem 0xe708-0xe7080fff irq 21 at device 6.0 on pci0 pcm0: [GIANT-LOCKED] pcm0: Avance Logic ALC650 AC97 Codec The output of `cat /dev/sndstat` : FreeBSD Audio Driver (newpcm) Installed devices: pcm0: nVidia nForce2 at io 0xd000, 0xd400 irq 21 bufsz 16384 kld snd_ich (1p/1r/0v channels duplex default) The output of `sysctl -a | grep pcm` : hw.snd.pcm0.buffersize: 16384 hw.snd.pcm0.vchans: 0 hw.snd.pcm0.ac97rate: 48000 dev.pcm.0.%desc: nVidia nForce2 dev.pcm.0.%driver: pcm dev.pcm.0.%location: slot=6 function=0 handle=\_SB_.PCI0.MACI dev.pcm.0.%pnpinfo: vendor=0x10de device=0x006a subvendor=0x1695 subdevice=0x100 0 class=0x040100 dev.pcm.0.%parent: pci0 The output of `sysctl -a | grep snd`: hw.snd.targetirqrate: 128 hw.snd.report_soft_formats: 1 hw.snd.verbose: 1 hw.snd.unit: 0 hw.snd.maxautovchans: 0 hw.snd.pcm0.buffersize: 16384 hw.snd.pcm0.vchans: 0 hw.snd.pcm0.ac97rate: 48000 My questions are: What could be causing this latency, and what can I do to fix this? Regards, Jorma ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: apachectl startssl at boot time ?
On Thu, Mar 03, 2005 at 05:58:42PM +, David Larkin wrote: Hi, I can start apache with SSL ok from the command line apachectl startssl I've now put the following into /etc/rc.conf hoping that it will start at boot time. apache_enable=YES apache_flags=startssl This starts Apache on boot time but not with SSL Any ideas where I'm going wrong ? Have a look in /usr/local/etc/rc.d/apache.sh for hints on the possible stuff you can put into /etc/rc.conf. To start SSL, you need to put the following line into rc.conf: apache2ssl_enable=YES Cheers. -- Jonathan Chen [EMAIL PROTECTED] -- The Internet: an empirical test of the idea that a million monkeys banging on a million keyboards can produce Shakespeare ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Using META and DEL keys in console
On Tue, 1 Mar 2005 23:11:18 -0600 (CST) Lars Eighner [EMAIL PROTECTED] wrote: On Tue, 1 Mar 2005, Alejandro Pulver wrote: Hello, I have a PS/2 PC-101 keyboard. I would like to use my META (ALT in my keyboard) key instead of ESC in console mode. META works fine in an xterm. I also would like to use DEL and others. The console keymaps are in /usr/share/syscons/keymaps. You can edit whichever keymap you are using with a flat ascii editor. To get a key to send the familiar ^?, enter del in the keymap. Not all applications, however, will do the expected thing with this, and you will have to consult the documentation for the individual applications to see whether they can be configured to do what you expect from a delete key. For backspace, bs, for meta, meta, esc for escape. Note that you can set the left and right Alt keys to different things, and that keypad Del/. key can be different from the Delete key. You almost certainly do not want to mess with terminfo. If you use the the bash shell, you can see what a key is currently sending by entering C-vkeystroke at the command prompt. I read something in the manual pages of terminfo(5), gettytab(5), etc. I tried the following options: :km:smm:dc: But I am having these thoubles: 1) My ALT key did not work and the DEL key acts as BACKSPACE (C-h), but I would like to use it as C-d. C-d is eot in the console keymap if you would rather have that than the ^? which is del. 2) Some strange thing happens with Emacs in console mode: when I press DEL, it is interpreted (literally) as C-h, and C-h is used as BACKSPACE. And C-d acts as DEL. Switching to the emacs keymap might help you. 3) Also DEL does not do anything in xterm. Make changes to xterm mappings in your .Xdefaults file, such as: !! xterm keymappings *XTerm*VT100.translations: #override \n\ KeyKP_Delete: string(0x7f) \n\ Naturally, you can make these strings whatever you want. Is there a more descriptive documentation of the terminal capabilities listed in terminfo(5)? Yes, you can google for many books worth of material, but it is not particularly germane to what you want to do if you are running a PC with a PC keyboard, and not trying to connect some ancient dumb terminal. Is there a standard configuration for PS/2 PC-101 keyboards? Unfortunately there are a lot of them. Does xterm use a different configuration from console terminals? Yes. X applications are meant to run on X, and X is meant to run on a variety of machines. Any relationship between xterm and the machine's native terminal is purely coincidental. (In particular, xterm is meant to be out of the box compatible with the very old VT100 standard - which never was native to any PC operating system.) You can get xterm and the console keyboard to behave mostly the same way - and get that way to be what you want - by editing .Xdefaults and the syscons keymap you are using (probably both). But that doesn't mean that every application will behave as you think it should. -- Lars Eighner [EMAIL PROTECTED] http://www.io.com/~eighner/index.html 8800 N IH35 APT 1191 AUSTIN TX 78753-5266 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Thank you for your reply. Where is the (complete) list of scancodes and which keys produce them? If there is not, as I think, how can I know what scancode is produced by each key in my keyboard (a program, maybe)? Thanks and Best Regards, Ale ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Question about cvsup
Thanks for a very helpful response. I have another query. As a matter of practice, is it a good idea to upgrade ports immediately after a kernel compile ? I do not expect that the ports depend directly on the kernel (for most changes in kernel), though I could well be wrong (for instance cdrecord on linux had major problems after the 2.6.9 kernel came out). On Thursday 03 March 2005 04:24, Ewald Jenisch wrote: On Tue, Mar 01, 2005 at 10:15:05PM -0500, Madhusudan Singh wrote: Hi I am new to FreeBSD and trying to use CVSup after someone suggested it to me on comp.unix.misc.bsd.freebsd. My supfile : *default tag=. *default host=cvsup.FreeBSD.org *default prefix=/usr *default base=/var/db *default release=cvs delete use-rel-suffix compress ports-all release=cvs Hi, I usually do it this way: 1) copy /usr/share/examples/cvsup/ports-supfile to /root 2) Edit /root/ports-supfile so that it points to your preferred CVSup-site; the only thing you need to change is the *default host entry. 3) run cvsup: cvsup -g -L 2 /root/ports-supfile 4) pkgdb -F 5) portsdb -Uu At this point you've synced your ports tree and all databases. Now you can go and install your ports. Dru Lavigne has written an excellent article on this you can find at http://www.onlamp.com/pub/a/bsd/2003/08/28/FreeBSD_Basics.html It basically covers everything I described above including keeping your ports-tree up2date including all up/down dependencies. HTH, -ewald ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [repost] ip.forwarding with pf
At 12:13 PM 03/03/2005, Chris Hodgins wrote: Hmm I found this: http://mailman.twdx.net/pipermail/occaid/2003-October/000250.html Google for freebsd net.inet.ip.fastforwarding. Chris Hey guys...all of this seems really coolbut is it appropriate for one to use 'fast forwarding' when using pf/nat ? It -seems- to me that if one wants to use pf and/or nat that 'fast forwarding is not applicable nor desired. OTOH, if it IS desirable, I certainly want to use it. thanks- -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [repost] ip.forwarding with pf
On 2005-03-03 18:13, Chris Hodgins [EMAIL PROTECTED] wrote: Giorgos Keramidas wrote: On 2005-03-03 10:15, Tomas Quintero [EMAIL PROTECTED] wrote: On Thu, 03 Mar 2005 06:30:52 -0600, J.D. Bronson [EMAIL PROTECTED] wrote: No one replied to this and I thought it was easy for someone on this list to help me? I am going to run pf and setup FBSD as a router (3 NICs). And I see there are some options: net.inet.ip.fastforwarding or net.inet.ip.forwarding Can someone tell me which is appropriate when FreeBSD 5.4-PRE is used as a router running pf with built in NAT ? As far as the original question, regarding PF and forwarding, the answer is AFAIK, that it should work. I haven't used PF's network address translation until now, but I don't see why it wouldn't work. Packet forwarding is, unless I'm mistaken, a prerequisite for any gateway. The fact that the gateway also translates addresses is not obligatory but just a characteristics of the local network topology (i.e. availability of public addresses). Hmm I found this: http://mailman.twdx.net/pipermail/occaid/2003-October/000250.html Google for freebsd net.inet.ip.fastforwarding. Teh source is always a better source of documentation :) If you look at /usr/src/sys/netinet/ip_fastfwd.c, the comments near the top say the following: * * Firewalling is fully supported including divert, ipfw fwd and ipfilter * ipnat and address rewrite. * Reading the body of the ip_fastforward() function is also very helpful. It contains both hooks for ALTQ and PFIL processing of the incoming packets, so the answer to the original question is that yes, address rewriting and bandwidth shaping work with fast forwarding too. - Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Frontpage Extension Question
Greetings, I have apache-fp installed on my machine. Sometime ago, I setup a website with frontpage extensions. Well my domain name changed and I added another website. on my existing website with FP extensions, what do I need to do since my domainname changed ? Also, how to I add fp extensions to the new website ? thanks, Darryl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfw lost its mind?
I maintain a small hobby website running on FreeBSD 4.9 SECURITY. I'm
paranoid about security and religious about updates (kernel and ports).
Recently, the server began to exhibit odd behavior that looked for all the
world like name resolution issues.
I had recently updated bind to 9.0.3_1, so I assumed that was the likely
culprit and I began to troubleshoot. Bind was acting flaky, so I
deinstalled it and install 8.4 instead. It still complained about the
socket file (which is what 9.0.3_1 did) so I decided to dump bind and
installed djbdns instead. (Best thing I ever did. Response is much
better.)
However, the sluggishness problem continued. Last night I drove back over
to the server and, after checking some things, I discovered some very
strange behavior from ipfw.
Even though my script has been working fine for over three years, I found
that when I added a rule to allow all (ipfw add 1 allow ip from any to
any) the server immediately began to process traffic normally.
Keep in mind, before I made this change, you could still access the
website. It was just slower than molasses. Ssh and mail sessions timed
out and were unusable.
So, I removed rule 1 and created a new one like this:
ipfw add 00050 allow ip from {my workstation at work) to any.
I then ssh'd to my workstation and attempted to ssh back to the server. No
go. Yet ipfw show shows an increased packet count on the counter for that
rule. So, it's seeing the packets, but they're being delayed somehow.
Why the allow ip from any to any works, but allow ip from my workstation to
any doesn't is a complete mystery to me.
To make a long story short, I disabled the firewall and everything is
running normally.
My question is, has anyone else seen recent strange behavior from ipfw? Or
has anyone seen this *kind* of behavior from ipfw and knows what the cause
is?
Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [repost] ip.forwarding with pf
On 2005-03-03 12:28, J.D. Bronson [EMAIL PROTECTED] wrote: At 12:13 PM 03/03/2005, Chris Hodgins wrote: Hmm I found this: http://mailman.twdx.net/pipermail/occaid/2003-October/000250.html Google for freebsd net.inet.ip.fastforwarding. Hey guys...all of this seems really coolbut is it appropriate for one to use 'fast forwarding' when using pf/nat ? It -seems- to me that if one wants to use pf and/or nat that 'fast forwarding is not applicable nor desired. OTOH, if it IS desirable, I certainly want to use it. Yes and no. When fast forwarding is enabled, the network packets are processed synchronously, as they arrive, at the link layer (i.e. Ethernet driver). This lets the ethernet driver process the packets as close as possible to the original interrupt that pulls them off the driver's input queue, which is arguably faster than waiting for an asynchronous netisr (network interrupt service) routine to grab them later. This is faster for some operations, but it also breaks others. For instance, I think IPSEC doesn't work with fast forwarding. IP option processing is not done in the fast forwarding code. Multicast or broadcast don't work either. So, there are tradeoffs for the increased speed in packet processing. But they are not related to PF or NAT. At least, not directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw lost its mind?
Paul Schmehl wrote:
[ ... ]
So, I removed rule 1 and created a new one like this:
ipfw add 00050 allow ip from {my workstation at work) to any.
I then ssh'd to my workstation and attempted to ssh back to the server.
No go. Yet ipfw show shows an increased packet count on the counter for
that rule. So, it's seeing the packets, but they're being delayed somehow.
Why the allow ip from any to any works, but allow ip from my workstation
to any doesn't is a complete mystery to me.
TCP connections are bidirectional, therefore you need to add rules which allow
traffic from all back to your workstation, or else use keep-state and
check-state to use dynamic rules
--
-Chuck
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw lost its mind?
--On Thursday, March 03, 2005 01:48:16 PM -0500 Chuck Swiger
[EMAIL PROTECTED] wrote:
TCP connections are bidirectional, therefore you need to add rules which
allow traffic from all back to your workstation, or else use keep-state
and check-state to use dynamic rules
The firewall script already had a rule for that:
allow ip from {server} to any
The problem wasn't that the firewall was *stopping* legitimate packets. It
was just *slowing them down* like crazy. Very weird.
Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ndis problem
On Thu, Mar 03, 2005 at 05:04:00PM +, Adam McMaster wrote: yep adam the problem is that . my ndis cont support USB. now i do a cvsup and download new ndis but now if_ndis no compile. can you help me_ this is the error sony# make Warning: Object directory not changed from original /usr/src/sys/modules/if_ndis cc -O -pipe -D_KERNEL -DKLD_MODULE -nostdinc -I- -I. -I@ -I@/contrib/altq -I@/../include -finline-limit=8000 -fno-common -mno-align-long-strings -mpreferred-stack-boundary=2 -ffreestanding -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -std=c99 -c /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:429: warning: type defaults to `int' in declaration of `ndis_create_sysctls' /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:429: warning: parameter names (without types) in function declaration /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:429: warning: redundant redeclaration of 'ndis_create_sysctls' @/compat/ndis/ndis_var.h:1537: warning: previous declaration of 'ndis_create_sysctls' was here /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:429: warning: data definition has no type or storage class /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:433: error: syntax error before if /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:96: warning: 'ndis_txeof' used but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:98: warning: 'ndis_rxeof' used but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:100: warning: 'ndis_linksts' used but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:101: warning: 'ndis_linksts_done' used but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:110: warning: 'ndis_intr' declared `static' but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:111: warning: 'ndis_intrtask' declared `static' but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:112: warning: 'ndis_tick' declared `static' but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:113: warning: 'ndis_ticktask' declared `static' but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:114: warning: 'ndis_start' declared `static' but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:115: warning: 'ndis_starttask' declared `static' but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:116: warning: 'ndis_ioctl' declared `static' but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:117: warning: 'ndis_wi_ioctl_get' declared `static' but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:118: warning: 'ndis_wi_ioctl_set' declared `static' but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:119: warning: 'ndis_80211_ioctl_get' declared `static' but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:120: warning: 'ndis_80211_ioctl_set' declared `static' but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:121: warning: 'ndis_init' declared `static' but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:122: warning: 'ndis_stop' declared `static' but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:123: warning: 'ndis_watchdog' declared `static' but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:124: warning: 'ndis_ifmedia_upd' declared `static' but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:125: warning: 'ndis_ifmedia_sts' declared `static' but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:126: warning: 'ndis_get_assoc' declared `static' but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:270: warning: 'ndis_set_offload' defined but not used /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:129: warning: 'ndis_getstate_80211' declared `static' but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:130: warning: 'ndis_setstate_80211' declared `static' but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:131: warning: 'ndis_media_status' declared `static' but never defined /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:196: warning: 'ndis_setmulti' defined but not used /usr/src/sys/modules/if_ndis/../../dev/if_ndis/if_ndis.c:135: warning: 'ndis_map_sclist' declared `static' but never defined On 3 Mar 2005, at 17:19, Pablo Allietti wrote: hi all me again. i have a problem with ndis in freebsd 5.3 i do sony# cd /usr/src/sys/modules/if_ndis/ sony# make clean rm -f /usr/src/sys/modules/if_ndis/export_syms if_ndis.ko if_ndis.kld if_ndis.o if_ndis_pci.o if_ndis_pccard.o @ machine symb.tmp tmp.o
RE: ipfw lost its mind?
Do you block UDP?
I am asking this because, I *used* do a block on all UDP except the DNS port
and had exactly the same problem.
Regards
S.
Indian Institute of Information Technology
Subhro Sankha Kar
Block AQ-13/1, Sector V
Salt Lake City
PIN 700091
India
-Original Message-
From: [EMAIL PROTECTED] [mailto:owner-freebsd-
[EMAIL PROTECTED] On Behalf Of Paul Schmehl
Sent: Friday, March 04, 2005 1:09
To: FreeBSD questions
Subject: Re: ipfw lost its mind?
--On Thursday, March 03, 2005 01:48:16 PM -0500 Chuck Swiger
[EMAIL PROTECTED] wrote:
TCP connections are bidirectional, therefore you need to add rules which
allow traffic from all back to your workstation, or else use keep-state
and check-state to use dynamic rules
The firewall script already had a rule for that:
allow ip from {server} to any
The problem wasn't that the firewall was *stopping* legitimate packets.
It
was just *slowing them down* like crazy. Very weird.
Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-
[EMAIL PROTECTED]
smime.p7s
Description: S/MIME cryptographic signature
dumb network question
Ok. I admit it. I cant figure what I am missing. I have 2 NICs in this machine. NIC 1 is a LAN NIC and static IP. - that I can figure out. NIC 2 needs to be DHCP (from cable modem). and I want the default router to be the DHCP cable modem gateway IP (passed from dhclient). What do I need to setup in /etc/rc.conf to make this happen? Thanks and sorry for the dumb question. -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dumb network question
ifconfig_nic2=DHCP man rc.conf -CM On Thu, 03 Mar 2005 14:05:07 -0600, J.D. Bronson [EMAIL PROTECTED] wrote: Ok. I admit it. I cant figure what I am missing. I have 2 NICs in this machine. NIC 1 is a LAN NIC and static IP. - that I can figure out. NIC 2 needs to be DHCP (from cable modem). and I want the default router to be the DHCP cable modem gateway IP (passed from dhclient). What do I need to setup in /etc/rc.conf to make this happen? Thanks and sorry for the dumb question. -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dumb network question
hostname=my.hostname.whatever ifconfig_NIC1=inet a.b.c.d netmask 255.255.255.0 ifconfig_NIC2=DHCP gateway_enable=YES replace NIC1 and NIC2 with the interface names.. and of course.. a.b.c.d with the internal IP address.. be sure theres no gateway defined for the internal interface.. and if you need help setting up a firewall/router, be sure and check out : http://www.section6.net/help.php Hope this helps T - Original Message - From: J.D. Bronson [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Sent: Thursday, March 03, 2005 12:05 PM Subject: dumb network question Ok. I admit it. I cant figure what I am missing. I have 2 NICs in this machine. NIC 1 is a LAN NIC and static IP. - that I can figure out. NIC 2 needs to be DHCP (from cable modem). and I want the default router to be the DHCP cable modem gateway IP (passed from dhclient). What do I need to setup in /etc/rc.conf to make this happen? Thanks and sorry for the dumb question. -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ipfw lost its mind?
--On Friday, March 04, 2005 01:21:11 AM +0530 Subhro [EMAIL PROTECTED]
wrote:
Do you block UDP?
First question would be - which direction?
I allow udp *to* port 53. I allow *ip* outgoing, so any response to a dns
request would be answered.
I am asking this because, I *used* do a block on all UDP except the DNS
port and had exactly the same problem.
Very odd. I'll give that a try.
Even though it doesn't make sense to me. If my *first* rule is allow ip
from x.x.x.x/32 to {server} and I also have a rule that says allow ip
from {server} to any, then I can't imagine why a restriction on udp would
interfere with that since ip includes both tcp and udp.
Besides the firewall has been working flawlessly for three years *with*
that restriction. Makes me think that *something* in the firewall code
changed recently and got installed when I ran freebsd-update.
Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ipfw lost its mind?
-Original Message-
From: [EMAIL PROTECTED] [mailto:owner-freebsd-
[EMAIL PROTECTED] On Behalf Of Paul Schmehl
Sent: Friday, March 04, 2005 1:51
To: 'FreeBSD questions'
Subject: RE: ipfw lost its mind?
--On Friday, March 04, 2005 01:21:11 AM +0530 Subhro
[EMAIL PROTECTED]
wrote:
Do you block UDP?
First question would be - which direction?
Incoming.
I allow udp *to* port 53. I allow *ip* outgoing, so any response to a dns
request would be answered.
Not relevant, as far as my knowledge goes.
Even though it doesn't make sense to me. If my *first* rule is allow ip
from x.x.x.x/32 to {server} and I also have a rule that says allow ip
from {server} to any, then I can't imagine why a restriction on udp would
interfere with that since ip includes both tcp and udp.
That's a point. If this is the case, i.e. you are using ip then tcp/udp
makes no difference. Did you lately do any builds or partial builds of the
source tree?
Indian Institute of Information Technology
Subhro Sankha Kar
Block AQ-13/1, Sector V
Salt Lake City
PIN 700091
India
smime.p7s
Description: S/MIME cryptographic signature
Re: Does 802.11b use a lot of resources?
On Wed, Mar 02, 2005 at 08:32:55AM -0800, Christopher Kelley wrote: Loren M. Lang wrote: On Wed, Mar 02, 2005 at 01:26:45AM -0500, Bob Johnson wrote: On Friday 25 February 2005 12:06 am, Christopher Kelley wrote: Have I tried too hard to squeeze usability out of an old computer? I have a Pentium-166 that has been a faithful router firewall (FreeBSD 5.3 and pf) for a couple years now. It has no trouble with the 3 to 4 Mbps I get from my broadband connection, at least not with ethernet. I wanted wireless, so I could use my laptop around the house. I dutifully read the section in the manual about setting up FreeBSD as an access point. I'm using a Netgear MA311 802.11b card (Prism 2.5 chipset). And it does work, except it's very slow. Now I know that I can only expect about 50% of the rated speed with wireless, but I figured even if I got only 4Mbps, I'd be fine. But I get less than 1Mbps. I've updated the firmware, added a signal booster and hi-gain antenna, and I have excellent signal strength throughout my house. So my question is, is there more overhead with wireless than with ethernet? TOP doesn't seem to show that I'm taxing it too hard, idle never goes below about 70% with polling enabled (Hz=1000), and never below about 80% with polling disabled. Am I expecting too much out of an old Pentium-166? My experience is that: 1) 50% throughput is probably the best you should expect. I generally plan on 3-4 Mbps for an 11 Mbps 802.11b card. 2) Using 128-bit encryption (WEP) will significantly slow down some (many?) cards. The WEP processing is done on the card (I think), and they simply don't have hefty processors. If you use 128-bit WEP, try 64-bit WEP and see if that speeds things up. 64 bit WEP is adequate to keep out casual snoopers, and 128 bit is not adequate to keep out a serious attacker, so the difference in security may not be as important as some believe. 64-bit WEP is also known as 40-bit, and similarly for 128-bit WEP. Actually, what I recommend for home you, if you have the time, is IPSEC. Much more secure than WEP and it's all done on the main cpu so it should slow the wifi down as much. There's a good article on freebsddiary.org I believe. I found the article on freebsddiary, and I admit I only skimmed it, but I have a mix of FreeBSD and Windows (XP) on my wireless network, and for now I'd like to keep it as simple as possible. I just wanted to mention that I have IPSEC running with several Win2k computers and it works great. The configuration is relatively simple, the main problem was a couple of tweaks I needed to give to racoon, but the windows side was even easier. It's still more complicated than WEP, but it's more secure and may provide faster data transfer. Christopher ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: CEE1 AAE2 F66C 59B5 34CA C415 6D35 E847 0118 A3D2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Frontpage Extension Question
Darryl Hoar writes: Greetings, I have apache-fp installed on my machine. Sometime ago, I setup a website with frontpage extensions. Well my domain name changed and I added another website. on my existing website with FP extensions, what do I need to do since my domainname changed ? Also, how to I add fp extensions to the new website ? I believe you can make all necessary changes via the Web interface if you've already installed FP extensions previously. See http://www.microsoft.com/resources/documentation/sts/2001/all/proddocs/en-us/admindoc/owsd02.mspx Don't forget that FrontPage extensions can dramatically diminish the security of your server and can considerably complicate its operation. I always recommend against FrontPage on production servers open to the Net. -- Anthony ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Sources vs. ports
Hi Since some of the ports I need are broken, I am thinking of installing those parts from source. However, is there a way to let the local ports hierarchy know that a certain package has been installed, albeit by other means ? Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Installation instructions for Firefox somewhere?
On Wed, Mar 02, 2005 at 03:27:09AM -0800, Ted Mittelstaedt wrote: snip Also one other thing that is important - if you don't get an answer within a week or so, ask again, politely. How do I ask after the second post with no reply? On bended knee? Just keep asking periodically. Or, you could e-mail the developer of the SCSI device driver directly, it's not hard to read the source and see who it is, and their e-mail addresses are on the FreeBSD website. Actually, I've found lately that a good irc chatroom can help with some problems that ppl may just ignore on a mailing list. I've been hanging out in #freebsd and #netbsd on irc.freenode.net. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: CEE1 AAE2 F66C 59B5 34CA C415 6D35 E847 0118 A3D2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Received mail timestamp is off by 7 hours
On Wed, Mar 02, 2005 at 03:11:19AM -0800, Ted Mittelstaedt wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Loren M. Lang Sent: Wednesday, March 02, 2005 2:29 AM To: Ian Smith Cc: Loren M. Lang; Pat Maddox; freebsd-questions@freebsd.org Subject: Re: Received mail timestamp is off by 7 hours little bit less reliable using local to UTC unless you are not affected by any daylight savings changes like Arizona in the US or, I'm sure, many other places around the world. There's no excuse for a mailserver to not be synced to a NTP source. I agree, I run ntp on every single computer I own, but I was talking in general. But for a server, I'd expect them to use UTC anyways. The only advantage I see to local time is support for other oses or reading the time in the bios, neither of which will probably be a big deal on a server. And for desktop users, they may not bother running ntp or even be on a network. Ted -- I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: CEE1 AAE2 F66C 59B5 34CA C415 6D35 E847 0118 A3D2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Received mail timestamp is off by 7 hours
On Wed, Mar 02, 2005 at 01:00:15PM -0800, Luke wrote: There's no excuse for a mailserver to not be synced to a NTP source. I'd extend that to apply to any server. Practically all the things a server does are dependent in some way on the correct time. I have three excuses: 1) NTP is difficult to configure. I've done it, but it wasn't trivial. ntpdate once at boot. 2) Finding an NTP server willing to accept traffic from the public isn't easy either. For me it involved a scavenger hunt through out-of-date websites and a lot of failed attempts. http://www.nist.gov/ 3) If your clock tends to run noticably fast or slow, constant NTP corrections tend to do more harm than good, at least in my experience. It got to where I couldn't even run a buildworld because NTP kept tinkering with the clock in the middle of the process. Same as 1) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: CEE1 AAE2 F66C 59B5 34CA C415 6D35 E847 0118 A3D2 pgp3yOu0GrZHj.pgp Description: PGP signature
smbclient + tar
Hi all. I use smbclient in conjunction with tar /usr/local/bin/smbclient -d0 //$winpc/$share \ $password -Tc $backupdir/$backupfile $windir to back up work from my Windows PC. I noticed that tar skipped files. If anyone used it, how reliable is it? Also if there are any suggestions to backup stuff from Windows to FreeBSD, they are welcome. Thanks in advance Michael ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
IP aliases and forcing outbound IP
I have a FreeBSD 4.11 box whose ethernet card has several IP address. inet 10.0.1.254 netmask 0xff00 broadcast 10.0.1.255 inet 10.0.1.111 netmask 0x broadcast 10.0.1.111 Is there a way I can cause outbound connections to certain hosts to be from 10.0.1.111 instead of the default 10.0.1.254? I used to be able to do this fairly easy in Linux because each alias is actually a separate ethernet device (eg. eth0:0, eth0:1, etc.), but I haven't figured out how to do this in FreeBSD. Patrick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: tab completion
On Wed, Mar 02, 2005 at 06:50:55AM +0200, abu khaled wrote: I'm not sure if this helps but you can at least try. login as non-root (user) run this command: chsh -s /bin/tcsh you well be prompted for you non-root password logout and login again as non-root and see if it works you can su to root and use use the same command to change the root shell.(sh is recommended for root) For root, they recommend only /sbin/sh as something may break, but there is an account called toor. It is basically another name for root and you can change toor's shell to anything. Also, some ppl recommend using su -m I believe when suing to root and you keep the same shell I think. And then their's sudo in which you will almost never even need to send time as root. I hope it works!!! On Tue, 01 Mar 2005 20:24:13 -0800, Ben Munat [EMAIL PROTECTED] wrote: I used vipw to set my regular user's shell to tcsh. /etc/passwd shows it correct now but I still appear to be getting sh as my shell. If I run tcsh, I then get the tab completion. But how do I get the terminal to put me in tcsh automatically? Ben Jonathan Chen wrote: On Tue, Mar 01, 2005 at 09:28:02AM -0800, Ben Munat wrote: None of those commands worked... However, I've also found that echo $SHELL in my regular user's terminal says /bin/sh, while as root it says /bin/csh. If you're using /bin/sh, then of course none of the given commands will work as they are for tcsh. Both root and the non-root user's shells are listed in /etc/passwd as /bin/tcsh, so where else would the shell get set? Can I just set all terminals and all users (i.e. me) to have the same shell with the same capabilities? I suspect that /etc/passwd has gotten out of sync with master.passwd. Don't edit /etc/passwd. Use vipw(1) and make your changes within there. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: CEE1 AAE2 F66C 59B5 34CA C415 6D35 E847 0118 A3D2 pgpbuwSaBkGE2.pgp Description: PGP signature
Re: ipfw or pf
On Wed, Mar 02, 2005 at 12:57:06PM +0100, Albert Shih wrote: Le 02/03/2005 ? 09:03:23+0100, Stevan Tiefert a ?crit On Tue, 1 Mar 2005, Albert Shih wrote: The both packef filters are maintained! pf is ported from OpenBSD and ipfw is from FreeBSD. GreatI can continu to use ipfw;-)) Whenever two programs two syntaxes... Well it's not de syntaxes, I always use packet filter system (sometime on hardware like Foundry/Cisco) where the rule is : First match first use. And the pf use entire rules is very strange for me (I known I can use ?quick? butwell it's not the philosophy I think). I like first match better too, but I think pf is sufficiently better that I just use it with quick over ipfw. Lots of thanks for your answer. Regards. -- Albert SHIH Universite de Paris 7 (Denis DIDEROT) U.F.R. de Mathematiques. 7 i?me ?tage, plateau D, bureau 10 Heure local/Local time: Wed Mar 2 12:54:22 CET 2005 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: CEE1 AAE2 F66C 59B5 34CA C415 6D35 E847 0118 A3D2 pgpiBXaBTrSo9.pgp Description: PGP signature
Re: Sources vs. ports
On Thu, 3 Mar 2005 15:47:02 -0500, Madhusudan Singh [EMAIL PROTECTED]wrote: Hi Since some of the ports I need are broken, I am thinking of installing those parts from source. However, is there a way to let the local ports hierarchy know that a certain package has been installed, albeit by other means ? The handbook answer.. broken ports: fix-it, gripe or find our package from a local mirror... http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports-broken.html .. or build your own package w/ pkg_create http://www.freebsd.org/cgi/man.cgi?query=pkg_createsektion=1apropos=0manpath=FreeBSD+5.3-RELEASE+and+Ports what ports you are trying to build? - jw ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Vinum raid5 problems......
Hi all: I have a FBSD 5.2.1 box running vinum. 7 *160gb drives in a raid5 array. The array has been problematic recently, but never anything too serious. Always recoverable by a rebuild or something of that nature. Two days ago, the box froze up. I brought it back online to see that one subdisk was down. I started it and it regenerated overnight without error. Today, i go to check the box over, a listing of vinum subdisks plexes looks exactly as it should. when I try to mount the raid5 partition, i get a message about being unmounted improperly and an fsck starts. It says it recalculated the superblock, completes, and mounts the raid5 partition. df -h shows the partition size correct, but the used and freespace are completely wrong. If I try to do fsck_ufs /dev/vinum/raid5, i get an errorcannot allocate xx bytes for inphead. If I try to read from the partition, i cause a kernel panic. I can post specific errors and logs and such later, i'm away from the box right now --- anybody have any thoughts ? -- Matt Virus (veer-iss) http://www.mattvirus.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
sudo su
Hi folks, I have to questions: 1) I can I tell sudo to ask for a password everytime it's invoked? 2) how can it be that, after updating root and toor passwords, sudo asks for the old root password? Thank you! -- Pietro Piter Cerutti [EMAIL PROTECTED] [EMAIL PROTECTED] Beansidhe - SwiSS Death / Thrash Metal www.beansidhe.ch Windows: Where do you want to go today? Linux: Where do you want to go tomorrow? FreeBSD: Are you guys coming or what? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: driver recompiler or translator for evdo and hsdpa
bob wireless internet evdo wifi hotspot guy [EMAIL PROTECTED] writes: Lemme start by admitting i am NOT a programmer... and the APPLE OS is the most i know about unix.. that said (go easy on me :o) is it possible to make a translation program that takes drivers and just ports them over to other OS's? i have many EVDO and HSDPA products comming out and want a quick way to make them freebsd or linux compatible... Not in general, but see http://www.freebsd.org/cgi/man.cgi?query=ndissektion=4manpath=FreeBSD+5.3-RELEASE+and+Ports and http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-wireless.html#AEN37825 You also may find a volunteer willing to write a driver in return for a donation of the card in question. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Using META and DEL keys in console
On Thu, 3 Mar 2005, Alejandro Pulver wrote: Where is the (complete) list of scancodes and which keys produce them? If there is not, as I think, how can I know what scancode is produced by each key in my keyboard (a program, maybe)? As a practical matter, for the console keyboard I generally work backwards from a known keymap (one of the distribution keymaps), and cut and try. man 5 kbdmap lists all the values you can assign to key combinations (note the 5 - otherwise you are likely to get man 1 kbdmap by default). Notice that you can use kbdmap or kbdcontrol to load a keymap to experiment with and you do not have to reboot to see what happens. I find this works very well with American PC keyboards where there are only a handful of keys that are in doubt, even with fairly esoteric models, like butterflies with two keypads. The distribution maps, after all, were not put together by crazy people, so the unshifted values of most of the keys are pretty logical. Oh, hell, this is so easy, here is the run down from the us.unix keymap: # scan # code base Deduced key associatied with scan code (i.e. not tested, YMMV) # -- 000 nop 001 '`'` 002 '1'keyboard (top row) 1 003 '2'keyboard (top row) 2 004 '3'keyboard (top row) 3 005 '4'keyboard (top row) 4 006 '5'keyboard (top row) 5 007 '6'keyboard (top row) 6 008 '7'keyboard (top row) 7 009 '8'keyboard (top row) 6 010 '9'keyboard (top row) 9 011 '0'keyboard (top row) 0 012 '-'keyboard (top row) - 013 '='keyboard (top row) = 014 deltop row backspace key 015 ht tab 016 'q'q - I trust you can figure out the letter keys 017 'w' 018 'e' 019 'r' 020 't' 021 'y' 022 'u' 023 'i' 024 'o' 025 'p' 026 '[' 027 ']' 028 cr keyboard Enter 029 clock Caps Lock 030 'a' 031 's' 032 'd' 033 'f' 034 'g' 035 'h' 036 'j' 037 'k' 038 'l' 039 ';' 040 ''' 041 escUpper left escape key 042 lshift left shift 043 '\'backslash/bar key (wherever it is) 044 'z' 045 'x' 046 'c' 047 'v' 048 'b' 049 'n' 050 'm' 051 ',' 052 '.'keyboard . (next to comma) 053 '/'keyboard / (unshifted ?) 054 rshift right shift 055 '*'keypad * 056 lalt left alt 057 ' 'space bar 058 lctrl left ctrl 059 fkey01 F1 060 fkey02 F2 061 fkey03 F3 062 fkey04 F4 063 fkey05 F5 064 fkey06 F6 065 fkey07 F7 066 fkey08 F8 067 fkey09 F9 068 fkey10 F10 069 nlock Num Lock 070 slock Scroll Lock 071 fkey49 '7' keypad 7 072 fkey50 '8' keypad 8 073 fkey51 '9' keypad 9 074 fkey52 '-' keypad - 075 fkey53 '4' keypad 4 076 fkey54 '5' keypad 5 077 fkey55 '6' keypad 6 078 fkey56 '+' keypad + 079 fkey57 '1' keypad 1 080 fkey58 '2' keypad 2 081 fkey59 '3' keypad 3 082 fkey60 '0' keypad 0 083 bs '.' keypad . 084 nop 085 nop 086 nop 087 fkey11 F11 088 fkey12 F12 089 cr keypad enter 090 rctrl right control 091 '/'keypad / 092 nscr pscr Prt Screen (?) 093 ralt right alt 094 fkey49 non-keypad Home 095 fkey50 non-keypad up arrow 096 fkey51 non-keypad Page Up 097 fkey53 non-keypad left arrow 098 fkey55 non-keypad right arrow 099 fkey57 non-keypad End 100 fkey58 non-keypad down arrow 101 fkey59 non-keypad Page Down 102 fkey60 non-keypad Insert 103 bs non-keypad Delete 104 slock saver Pause (?) 105 fkey62 one of the windoz keys (104 keyboards) 106 fkey63 the other windoz key (104 keyboards) 107 fkey64 menu key (104 keyboards) 108 nop I might have the Pause and PrtScrn keys mixed up as I haven't actually tested this. Note: some scan codes are not associated with any keys on a PC keyboard and you do not have on a 101 keyboard the Windoz menu keys. Also, many Internet buttons which are now common on the cheapest replacement keyboards don't do anything at all. What is called the scancode in FreeBSD console keymaps is not, evidently, the same thing as the very deep BIOS scan codes which you can (must) work with in some other operating systems. I think this is a good thing for PC users, but it may be otherwise for those with very obscure hardware. For the X keyboard there is the xkeycaps program (which is in the ports if not the base X package you are using), which can show the layout and keynumbers/keynames for most brands of PC keyboards and some usually sufficient generics. Notice, however that the X keynumbers are *not* always the same as what are called the scancodes in the console keymaps (although there are often sufficient similarities to mislead you into thinking they will be the same). Mapping the X keyboard and mapping the
Are quotas possbile on md filesystems?
Is it possible to use quotas on file-backed md filesystems on 5.3? I was guessing that a line in fstab like: md /home mfs rw,-F/vnodes/home,nosuid,nodev,noexec,userquota 2 0 would work but it's not. Can I get a working example? /\/\ \/\/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sudo su
--On Thursday, March 03, 2005 09:39:01 PM + Pietro Cerutti [EMAIL PROTECTED] wrote: Hi folks, I have to questions: 1) I can I tell sudo to ask for a password everytime it's invoked? Sure. Use visudo to edit /etc/sudoers and set: rootALL = (ALL) ALL wheel ALL = (ALL) ALL If NOPASSWD is in there, take it out. man (5) sudoers 2) how can it be that, after updating root and toor passwords, sudo asks for the old root password? Sudo doesn't ask for *root*'s password. It asks for *your* password. If you knew root's password, you wouldn't need to use sudo. You could use su. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
expat portupgrade dies
On a 5.3 system when I try to portupgrade some ports the portupgrade dies on expat: --- Upgrading 'expat-1.95.6_1' to 'expat-1.95.8' (textproc/expat2) --- Building '/usr/ports/textproc/expat2' === Cleaning for libtool-1.3.5_2 === Cleaning for expat-1.95.8 === Vulnerability check disabled, database not found === Extracting for expat-1.95.8 Checksum OK for expat-1.95.8.tar.gz. === Patching for expat-1.95.8 === Applying FreeBSD patches for expat-1.95.8 1 out of 2 hunks failed--saving rejects to lib/expat.h.rej Patch patch-expat.h failed to apply cleanly. Patch(es) patch-configure applied cleanly. *** Error code 1 Stop in /usr/ports/textproc/expat2. I've tried doing a pkg_delete on the old expat, same effect. Is there a standard way to continue from this fail other than patching by hand? -- Randy([EMAIL PROTECTED]) 715-726-2832 * The Penguin Cometh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: expat portupgrade dies
On Thursday 03 March 2005 01:59 pm, Randy Schultz wrote: On a 5.3 system when I try to portupgrade some ports the portupgrade dies on expat: --- Upgrading 'expat-1.95.6_1' to 'expat-1.95.8' (textproc/expat2) --- Building '/usr/ports/textproc/expat2' === Cleaning for libtool-1.3.5_2 === Cleaning for expat-1.95.8 === Vulnerability check disabled, database not found === Extracting for expat-1.95.8 Checksum OK for expat-1.95.8.tar.gz. === Patching for expat-1.95.8 === Applying FreeBSD patches for expat-1.95.8 1 out of 2 hunks failed--saving rejects to lib/expat.h.rej Patch patch-expat.h failed to apply cleanly. Patch(es) patch-configure applied cleanly. *** Error code 1 Stop in /usr/ports/textproc/expat2. I've tried doing a pkg_delete on the old expat, same effect. Is there a standard way to continue from this fail other than patching by hand? Make sure you first run make clean to get rid of old patched files, then run make patch. If the patches still fail to apply then notify the portmaintainer, if the patches apply then just continue with a normal make install clean. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: expat portupgrade dies
--On Thursday, March 03, 2005 03:59:00 PM -0600 Randy Schultz [EMAIL PROTECTED] wrote: On a 5.3 system when I try to portupgrade some ports the portupgrade dies on expat: I've tried doing a pkg_delete on the old expat, same effect. Is there a standard way to continue from this fail other than patching by hand? Try running make distclean in the expat2 ports directory. Then run make install and see if it installs independently of portupgrade. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RELENG_5_3 to RELENG_5 make installworld fails
Hello World, Just got 5.3-RELEASE installed yesterday on this system and was cvsup'ing to 5-STABLE today. Used the following process, based on /usr/src/UPDATING (as well as the countless times I've done this before), and got the error below during 'installworld'. I did this same update (from 5.3-RELEASE to 5.4-PRERELEASE) a week ago and it worked fine, however I also noticed that mergemaster -p wanted a few user accounts setup prior to installworld, related to pf/pfauth - that no longer seems to be a requirement so I'm concerned I missed a step or made some other bonehead move that I'm not aware of. cvsup'ed w/ the following basic values in supfile (no, this is not the entirety of the file) *default host=cvsup17.FreeBSD.org *default base=/var/db *default prefix=/usr *default release=cvs tag=RELENG_5 *default delete use-rel-suffix # cd /usr/src # make buildworld # make buildkernel KERNCONF=GENERIC # mergemaster -p # make installkernel KERNCONF=GENERIC # make installworld At this point - it gets started and then dies here: snip -- Installing everything -- cd /usr/src; make -f Makefile.inc1 install === share/info === include creating osreldate.h from newvers.sh touch: not found *** Error code 127 Stop in /usr/src/include. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. /snip I've check through the archives - not exhaustively - and found a few references to the touch: not found error - but nothing which led me toward getting this fixed. Ideas? Perhaps a better place to ask? At this point - I've got the kernel installed and can't get world installed - I could cvsup back to -RELEASE and get back to a safe state, but I'd rather get this little wrinkle worked out. Thanks, Aaron ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sharing directories with jails
On Thursday 03 March 2005 12:42 pm, Chris Hodgins wrote: [cut original question and answer] Ok perhaps I should clarify what my intentions are a little more. I am planning on providing a FreeBSD jail for any member of a geek society I am a member of. When I say they are untrusted, I mean that I won't be giving them full root access to my server but I trust them enough not to do anything malicious inside a jail. It is just like a fun place they can play and not have to worry to much about breaking things. How easy is it exactly to break out of a jail if you have access to development tools? http://www.securiteam.com/unixfocus/5WP031535U.html How current is this? The article appears to be dated 2001. Are there still buffer-overflow issues with /proc? If you use securelevels you can a sigificantly improve security. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dumb network question
At 02:10 PM 3/3/2005, Thomas Foster wrote: hostname=my.hostname.whatever ifconfig_NIC1=inet a.b.c.d netmask 255.255.255.0 ifconfig_NIC2=DHCP gateway_enable=YES replace NIC1 and NIC2 with the interface names.. and of course.. a.b.c.d with the internal IP address.. be sure theres no gateway defined for the internal interface.. and if you need help setting up a firewall/router, be sure and check out : http://www.section6.net/help.php Hope this helps T Yea...this is great. One last question guys... for the nic that I have using for PPP...do I need anything special? (like in OpenBSD I have to toss 'up' in hostname.fxp0 for example) or does it -just- work. thanks! -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RELENG_5_3 to RELENG_5 make installworld fails
On Thursday 03 March 2005 02:21 pm, Aaron Nichols wrote: Hello World, Just got 5.3-RELEASE installed yesterday on this system and was cvsup'ing to 5-STABLE today. Used the following process, based on /usr/src/UPDATING (as well as the countless times I've done this before), and got the error below during 'installworld'. I did this same update (from 5.3-RELEASE to 5.4-PRERELEASE) a week ago and it worked fine, however I also noticed that mergemaster -p wanted a few user accounts setup prior to installworld, related to pf/pfauth - that no longer seems to be a requirement so I'm concerned I missed a step or made some other bonehead move that I'm not aware of. You missed a step. Your system clock is off and that makes the installworld try to use touch. Set your system clock and you may have to remake your world but it should install. Kent cvsup'ed w/ the following basic values in supfile (no, this is not the entirety of the file) *default host=cvsup17.FreeBSD.org *default base=/var/db *default prefix=/usr *default release=cvs tag=RELENG_5 *default delete use-rel-suffix # cd /usr/src # make buildworld # make buildkernel KERNCONF=GENERIC # mergemaster -p # make installkernel KERNCONF=GENERIC # make installworld At this point - it gets started and then dies here: snip -- Installing everything -- cd /usr/src; make -f Makefile.inc1 install === share/info === include creating osreldate.h from newvers.sh touch: not found *** Error code 127 Stop in /usr/src/include. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. /snip I've check through the archives - not exhaustively - and found a few references to the touch: not found error - but nothing which led me toward getting this fixed. Ideas? Perhaps a better place to ask? At this point - I've got the kernel installed and can't get world installed - I could cvsup back to -RELEASE and get back to a safe state, but I'd rather get this little wrinkle worked out. Thanks, Aaron ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Kent Stewart Richland, WA http://users.owt.com/kstewart/index.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sudo su
On Thu, 03 Mar 2005 15:56:26 -0600, Paul Schmehl [EMAIL PROTECTED] wrote: Sure. Use visudo to edit /etc/sudoers and set: rootALL = (ALL) ALL wheel ALL = (ALL) ALL If NOPASSWD is in there, take it out. There isn't any NOPASSWD, but if I give the password the first time, sudo doesn't ask for it anymore in the next 5 min or so... Sudo doesn't ask for *root*'s password. It asks for *your* password. If you knew root's password, you wouldn't need to use sudo. You could use su. I think I really misunderstood the purpose of sudo. I thought that it was used to automatically login as root, give a command, and log back out to user who invoked the command. So what's the purpose of asking for the password of the actually logged in user? Thank you -- Pietro Piter Cerutti [EMAIL PROTECTED] [EMAIL PROTECTED] Beansidhe - SwiSS Death / Thrash Metal www.beansidhe.ch Windows: Where do you want to go today? Linux: Where do you want to go tomorrow? FreeBSD: Are you guys coming or what? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sudo su
On Thu, 3 Mar 2005 22:47:09 + Pietro Cerutti [EMAIL PROTECTED] wrote: There isn't any NOPASSWD, but if I give the password the first time, sudo doesn't ask for it anymore in the next 5 min or so... see : man sudoers the timestamp_timeout section I think I really misunderstood the purpose of sudo. I thought that it was used to automatically login as root, give a command, and log back out to user who invoked the command. more or less, yes So what's the purpose of asking for the password of the actually logged in user? with sudo you can allow normal users to do certain things without the need for sharing the root-password here are some examples : http://www.courtesan.com/sudo/man/sudoers.html#examples ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
/boot like linux!
Hello, I'm a FreeBSD 5.3 user as well as a Gentoo Linux user. In Gentoo linux, you only have to create 3 partitions: /boot swap / In FreeBSD, you seem to have to create many more: / swap /usr /var /tmp In particular, it seems that /boot MUST be on the same partition as /. This stinks, as now you have to create separate partitions for /usr and /var, which wastes space. I tried to make /boot it's own partition, and I succeeded, to a certain extent. I actually made /boot/boot, because the FreeBSD 5.3 boot manager wants to look under the /boot directory for loader. If /boot is it's own partition, then you need a /boot/boot/loader. Anyway, that worked. The kernel boots now, but it prompts me at the beginning of the rc process for the root device. I give it: ufs:ad1s1d Which is my / partition, and it boots successfully. Is it possible to automate this process so that the loader knows to use ad1s1d as my root device? Thanks! -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sharing directories with jails
On Thursday 03 March 2005 05:23 pm, Ean Kingston wrote: On Thursday 03 March 2005 12:42 pm, Chris Hodgins wrote: [cut original question and answer] Ok perhaps I should clarify what my intentions are a little more. I am planning on providing a FreeBSD jail for any member of a geek society I am a member of. When I say they are untrusted, I mean that I won't be giving them full root access to my server but I trust them enough not to do anything malicious inside a jail. It is just like a fun place they can play and not have to worry to much about breaking things. How easy is it exactly to break out of a jail if you have access to development tools? http://www.securiteam.com/unixfocus/5WP031535U.html How current is this? The article appears to be dated 2001. Are there still buffer-overflow issues with /proc? 5.3 and later no longer need proc and it's not mounted by default. If you use securelevels you can a sigificantly improve security. -- Anish Mistry pgpQ4cZxqoqqA.pgp Description: PGP signature
Re: /boot like linux!
Jesse Guardiani wrote: Hello, I'm a FreeBSD 5.3 user as well as a Gentoo Linux user. In Gentoo linux, you only have to create 3 partitions: /boot swap / In FreeBSD, you seem to have to create many more: / swap /usr /var /tmp In particular, it seems that /boot MUST be on the same partition as /. This stinks, as now you have to create separate partitions for /usr and /var, which wastes space. I tried to make /boot it's own partition, and I succeeded, to a certain extent. I actually made /boot/boot, because the FreeBSD 5.3 boot manager wants to look under the /boot directory for loader. If /boot is it's own partition, then you need a /boot/boot/loader. Anyway, that worked. The kernel boots now, but it prompts me at the beginning of the rc process for the root device. I give it: ufs:ad1s1d Which is my / partition, and it boots successfully. Is it possible to automate this process so that the loader knows to use ad1s1d as my root device? Thanks! I'm not sure I understand the problem. If you don't want to create more partitions, then don't. You can make an 80gb (or 300gb, or whatever) drive into two partitions - a swap partition (2gig) and a / partition (78 gig) and install FreeBSD just fine. It's *best* to make more partitions (esp for /var) so that if something goes out of control logging, or you just neglect your logs, it doesn't go and fill up your only (ie / ) partition. Like most *nix OS's, it can be as simple or as complicated as you want it to be. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RELENG_5_3 to RELENG_5 make installworld fails
On Thu, 3 Mar 2005 14:39:16 -0800, Kent Stewart [EMAIL PROTECTED] wrote: You missed a step. Your system clock is off and that makes the installworld try to use touch. Set your system clock and you may have to remake your world but it should install. Kent Infact it was off - can you give me some detail as to why that matters? Not that I doubt that having my system clock set to a date 8 months prior to the date of files in cvs might cause a problem - but I'm curious about the details. If you can even point me at a URL and I'll read for myself - I'm just curious. If that was the problem (buildworld happenning as I type) then thank you and my apologies for the oversight. New system, didn't bother to make sure the BIOS date was right and ntp wasn't yet setup. Thanks, Aaron ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /boot like linux!
Jesse Guardiani wrote: snip snip Anyway, that worked. The kernel boots now, but it prompts me at the beginning of the rc process for the root device. I give it: ufs:ad1s1d Which is my / partition, and it boots successfully. Is it possible to automate this process so that the loader knows to use ad1s1d as my root device? Thanks! Please note that I'm a fellow newb, and don't take this as if it were from an authoritative source (other than whoever I'm quoting...) from boot(8): Make note of the fact that /boot.config is read only from the `a' parti- tion. As a result, slices which are missing an `a' parition require user intervention during the boot process. Kevin Kinsey P.S. It might be better to go back and set things up correctly. As someone just said, you can do it with just / and swap, if you don't feel the need to have seperate partitions for /var, /usr, /tmp, whatever. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /boot like linux!
On Thursday 03 March 2005 5:41 pm, you wrote: Jesse Guardiani wrote: Hello, I'm a FreeBSD 5.3 user as well as a Gentoo Linux user. In Gentoo linux, you only have to create 3 partitions: /boot swap / In FreeBSD, you seem to have to create many more: / swap /usr /var /tmp In particular, it seems that /boot MUST be on the same partition as /. This stinks, as now you have to create separate partitions for /usr and /var, which wastes space. I tried to make /boot it's own partition, and I succeeded, to a certain extent. I actually made /boot/boot, because the FreeBSD 5.3 boot manager wants to look under the /boot directory for loader. If /boot is it's own partition, then you need a /boot/boot/loader. Anyway, that worked. The kernel boots now, but it prompts me at the beginning of the rc process for the root device. I give it: ufs:ad1s1d Which is my / partition, and it boots successfully. Is it possible to automate this process so that the loader knows to use ad1s1d as my root device? Thanks! I'm not sure I understand the problem. If you don't want to create more partitions, then don't. You can make an 80gb (or 300gb, or whatever) drive into two partitions - a swap partition (2gig) and a / partition (78 gig) and install FreeBSD just fine. Doesn't the boot partition have to NOT have soft updates though? I created the setup you described about a year ago with 5.2.1, and I had serious problems if the system ever hard rebooted after a power failure. Single user manual fsck's and all that. It's *best* to make more partitions (esp for /var) so that if something goes out of control logging, or you just neglect your logs, it doesn't go and fill up your only (ie / ) partition. Like most *nix OS's, it can be as simple or as complicated as you want it to be. I want / + /boot. It's that simple. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ppp + syslog
how do I get ppp to log to syslog when as the machine boots up...ppp starts and connects before syslogd starts!? I have my ppp and pf config working fine...but I would like to see what happens as it boots to /var/log/ppp.log if I kill ppp and start it manually it does log fine. Thanks! -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sudo su
--On Thursday, March 03, 2005 10:47:09 PM + Pietro Cerutti [EMAIL PROTECTED] wrote: There isn't any NOPASSWD, but if I give the password the first time, sudo doesn't ask for it anymore in the next 5 min or so... Answered by another poster - look at the timeout section of the man page. I think I really misunderstood the purpose of sudo. I thought that it was used to automatically login as root, give a command, and log back out to user who invoked the command. So what's the purpose of asking for the password of the actually logged in user? With sudo you get *logging* of every command the person using sudo runs. You don't get that if they use su (except for root's .history file.) The purpose of sudo is to allow normal users to issue *certain* commands with root privileges *and* to track what they do for accountability purposes. (Who deleted /usr? (*)(@#(@!!!) The timeout is to facilitate the use of the command without having to constantly type your password. Imagine having to type your password every time you issue a command. It would get irritating real quick. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /boot like linux!
Kevin Kinsey wrote: Jesse Guardiani wrote: snip snip Anyway, that worked. The kernel boots now, but it prompts me at the beginning of the rc process for the root device. I give it: ufs:ad1s1d Which is my / partition, and it boots successfully. Is it possible to automate this process so that the loader knows to use ad1s1d as my root device? Thanks! Please note that I'm a fellow newb, and don't take this as if it were from an authoritative source (other than whoever I'm quoting...) from boot(8): Make note of the fact that /boot.config is read only from the `a' parti- tion. As a result, slices which are missing an `a' parition require user intervention during the boot process. I am under the impression that boot.config is optional. It doesn't exist on either of my 5.3 systems. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sharing directories with jails
Am Donnerstag, 3. März 2005 17:04 schrieb Ean Kingston: How dangerous is it to share the ports directory with jails on the system? I am using the jails to give other access to a freebsd system. You can assume they are untrusted (hence the jail ;)). Is it enough just to: ln -s /usr/ports /usr/jail/ajail/usr/ports That won't work. The jail does a chroot (along with other things) when it starts up so the link inside the jail will wind up pointing to itself. The only way I've been able to figure out how to do something like that is by running an NFS server outside the jail and then run an NFS client You can also use nullfs (man (8) mount_nullfs). It's slow and not certified to be bugfree but I never had any problems and especially for centralized ports very useful. -Harry pgp5UusRj7wtv.pgp Description: PGP signature
FreeBSD 4.11-RELEASE SACK
Greetings, I've installed the standard FreeBSD 4.11-RELEASE and have realized that the sysctl option for enabling SACK in TCP is not available (net.inet.tcp.do_sack). Additionally, the tcp_sack.c file is not in the /usr/src/sys/netinet so I'm guessing this indicates that I need a patch. Hoping to be able to use SACK in FreeBSD 4.11-RELEASE, I wanted to ask : 1) Is my guess correct (Do I need a patch)? Or is my kernel configuration file missing an option? 2) Assuming I need a patch, what patch is generally recommended for using SACK under TCP in FreeBSD 4.11-RELEASE? Any help would be most appreciated. Thanks, ken ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
_init and dynamically loaded libraries
I'm having some trouble getting _init() to run when I use dlopen() to load a library. I get this: one.o: In function `_init': /usr/home/jcm/exp/modules/libone/one.c:7: multiple definition of `_init' /usr/lib/crti.o(.init+0x0): first defined here With other signatures, _init() never gets called. What is the correct procedure to use here? jm -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Documentation Error?
On Tue, Mar 01, 2005 at 11:19:07AM -0500, Jerry McAllister wrote: [EMAIL PROTECTED] wrote: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/confi gtuning-v irtual-hosts.html states that adding a virtual address is done in rc.conf like this: ifconfig_fxp0=inet 10.1.1.1 netmask 255.255.255.0 ifconfig_fxp0_alias0=inet 10.1.1.2 netmask 255.255.255.255 Shouldn't it be this instead? ifconfig_fxp0=inet 10.1.1.1 netmask 255.255.255.0 ifconfig_fxp0_alias0=alias 10.1.1.2 netmask 255.255.255.255 No. The actual command to make one is: ifconfig fxp0 inet 10.1.1.2 netmask 255.255.255.255 alias So you do need to pass the inet to ifconfig. The _alias0 makes the script pass the trailing alias H, So what is happening when no 'inet' is in the string? It seems to work fine.Is something still not right and just waiting to explode?We have lots of servers configured that way. Looking at ifconfig(8), I believe it's purely optional, ifconfig can reconize what address type your giving it. It's more useful when using ifconfig to display information. I've done it both ways and if your servers work now, I doubt they'll blow up later. It is probably something that was required in the past. jerry Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: CEE1 AAE2 F66C 59B5 34CA C415 6D35 E847 0118 A3D2 pgpYQNExwthl0.pgp Description: PGP signature
Re: /boot like linux!
Jesse Guardiani wrote: On Thursday 03 March 2005 5:41 pm, [someone] wrote: I'm not sure I understand the problem. If you don't want to create more partitions, then don't. You can make an 80gb (or 300gb, or whatever) drive into two partitions - a swap partition (2gig) and a / partition (78 gig) and install FreeBSD just fine. Doesn't the boot partition have to NOT have soft updates though? No, I don't think so. I created the setup you described about a year ago with 5.2.1, and I had serious problems if the system ever hard rebooted after a power failure. Single user manual fsck's and all that. That configuration should not make serious fs corruption more likely, it just makes it more likely to happen on the / partition (!). In general, the FreeBSD filesystem is highly tolerant of things like power failures, and should be even better when softupdates is turned on. But it can fail, and 5.2.1 was NOT considered a production release, so that could have also played a role in your problems. I don't remember if softupdates had problems on 5.2.1 or not. It's *best* to make more partitions (esp for /var) so that if something goes out of control logging, or you just neglect your logs, it doesn't go and fill up your only (ie / ) partition. Like most *nix OS's, it can be as simple or as complicated as you want it to be. I want / + /boot. It's that simple. What are you really trying to accomplish? You want to run softupdates on / ? I believe it is perfectly acceptable to use softupdates on the root partition these days. The Handbook recommends turning on softupdates for all filesystems. See http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-disk.html I'm pretty sure my test system at home has only / and swap (because it has a small hard drive), and uses softupdates on /. I'll check when I get home. If you have some other reason for separating /boot from /, explain your actual goal, and perhaps we can help. - Bob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
