How do I get packages with tgz files
Hi I am working with a machine with FreeBSD 4.2.8 version. I am not allowed to change the version on the machine. I want to install some packages - in particular the KDE package on the machine pkg_add ftp://pub/FreeBSD/ports/packages/kde/kdeversion.tbz results in pkg_add responding that it does not understand tgz files. It may be that pkg_add for FreeBSD 4.2.8 is old. How do I get tgz files then. I tried using ports (i.e. make install clean in /usr/ports/X11/kde). However, compilation consistently fails while building qt. So that option is also ruled out. Is there any other way to install kde (if tgz files are not available) Thanks for any responses Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re[2]: how to enable altq to use with ipfw
Thanks! And pf how it's enabled? I think need some device in /dev This is created when compiling kernel with these options or need to compile and options for pf? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Re[2]: how to enable altq to use with ipfw
If you're using IPFW, there's no reason to enable PF. But here's the code to enable in your kernel config: # pf support device pf device pflog device pfsync Here's the handbook page on PF and ALTQ: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html On 8/24/05, vladone [EMAIL PROTECTED] wrote: Thanks! And pf how it's enabled? I think need some device in /dev This is created when compiling kernel with these options or need to compile and options for pf? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pci-x soundcard
On 8/23/05, Nikolas Britton [EMAIL PROTECTED] wrote: On 8/23/05, Jeff Domeyer [EMAIL PROTECTED] wrote: For the fun of it I was going through google to see if anyone found a pci-x soundcard. I came across this message you wrote: http://lists.freebsd.org/pipermail/freebsd-questions/2005-August/095106. html I'm just wondering if you confirmed that the soundcard available here: http://www.newegg.com/Product/Product.asp?Item=N82E16829102177 will actually work in a pci-x slot. When we called creative's tech support they said all of their live cards were pci-x compatible. Well, that's not hard to say, but the board manufacturers never make the appropriate key so that it would fit in a pci-x slot. So it would work... if it actually even fitted. Yes it's keyed correctly for the PCI-X bus but It turns out that Creative changed the chipset to Audigy LS and it's not %100 compatible with EMU10k1/3, I have major doubts that FreeBSD supports this chipset: http://groups.google.com/groups?hl=enq=group%3A*.freebsd.*+%22Audigy+LS%22qt_s=Search Talk to hal because he did buy one. He posted a message saying that he was having trouble with it. I answered it telling him to put snd_driver_load=YES into loader.conf but he never replied back to say if it worked or not. I just compiled a list, based on the photos, of sound cards, on newegg.com, that are keyed for PCI-X and PCI 32-bit / 66Mhz buses, I make no guaranties!!: CREATIVE Sound Blaster Live! 24-bit 30SB04100 $29 -- Audigy LS Chipset!!! AUDIOTRAK Maya 5.1 MK II Sound Card $38 CREATIVE Sound Blaster Audigy 2 Value SB0400 $45 CREATIVE Sound Blaster Audigy 2 Value SB0400 $62 CREATIVE Sound Blaster Audigy2 ZS SB0350 $71 M-AUDIO 9900-40906-00 $72 AUDIOTRAK Prodigy 7.1LT $85 M-AUDIO 9900-40765-00 $89 M-AUDIO 9900-40901-00 $90 CREATIVE Sound Blaster Audigy2 ZS 70SB03500 $93 CREATIVE Sound Blaster Audigy2 ZS GAMER Limited Edition 70SB03513 $121 CREATIVE Sound Blaster Audigy2 ZS GAMER Limited Edition 70SB03517 $121 M-AUDIO 9900-40757-00 $139 CREATIVE Sound Blaster Audigy2 ZS Platinum 70SB03503 $176 M-AUDIO 9900-40768-00 High-Definition 4-in/4-out $179 M-AUDIO 9900-40752-00 $199 CREATIVE Sound Blaster Audigy2 ZS Platinum Pro 70SB03600 $212 AUDIOTRAK Maya 1010 $225 CREATIVE Sound Blaster Audigy 4 Pro $277 This should help. It should be complete but their are like 50 PCI standards so not sure, if it looks weird use a fixed width font: PCI: 32-bit / 33Mhz / 132MB / 5Volt (Standard PCI Slot): ## ##---# ## 32-bit / 33Mhz / 132MB / 3.3V and 32-bit / 66Mhz / 264MB / 3.3V: ## #--#-# ## PCI-X: 64-bit / 33Mhz / 264MB / 5V: ## ##---#---# ## 64-bit / 66Mhz / 528MB / 3.3V and 64-bit / 100Mhz / 800MB / 3.3V and 64-bit / 133Mhz / 1064MB / 3.3V and 64-bit / 266Mhz / 2128MB / 3.3V and 64-bit / 533Mhz / 4264MB / 3.3V: ## #--#-#---# ## Summary: * Key is on the right side for 5V slots. * Key is on the left side for 3.3V slots, 66Mhz or higher PCI slots are always 3.3V. * A PCI card that's double notched on both sides is compatible with 5V and 3.3V slots. * Look for double notched PCI cards for maximum compatibility. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
oversized httpd process?
Hi, I saw many posts from google regarding to this question, but there were no definite answers.. some say, it's mod_ssl, some say it's mod_perl, some say it is mm. But my case, it just doesn't make much sence to me at all. Here are the 2 test machines that I have, both have the exact same configuration A is a lot more powerful than B machine A, p4 3.0 2GB Mem machine B, p2 450Mhz 128MB Mem Both have mod_php, mod_ssl, and no traffic has been sent. Looking at the httpd sizes, I start to wonder ... How come Machine B only uses around 15Mb per httpd, while machine A takes 155Mb, and while they have exactly the same software, same configuration. Can somebody please tell me why this is happening? What did I do wrong? machine A: last pid: 9085; load averages: 0.00, 0.00, 0.00 up 0+05:52:01 00:13:28 33 processes: 1 running, 32 sleeping CPU states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle Mem: 48M Active, 84M Inact, 92M Wired, 8K Cache, 112M Buf, 1779M Free Swap: 4071M Total, 4071M Free PID USERNAME PRI NICE SIZERES STATE C TIME WCPUCPU COMMAND 440 root 960 155M 17412K select 0 0:02 0.00% 0.00% httpd 9078 www 960 155M 17412K select 0 0:00 0.00% 0.00% httpd 9079 www 200 155M 17412K lockf 0 0:00 0.00% 0.00% httpd 9080 www 200 155M 17412K lockf 0 0:00 0.00% 0.00% httpd 9081 www 200 155M 17412K lockf 0 0:00 0.00% 0.00% httpd 9082 www 200 155M 17412K lockf 1 0:00 0.00% 0.00% httpd machine B: last pid: 19765; load averages: 0.00, 0.00, 0.00 up 80+00:30:59 00:15:25 32 processes: 1 running, 31 sleeping CPU states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle Mem: 19M Active, 46M Inact, 30M Wired, 5100K Cache, 22M Buf, 17M Free Swap: 231M Total, 21M Used, 210M Free, 9% Inuse PID USERNAME PRI NICE SIZERES STATETIME WCPUCPU COMMAND 50855 www 200 16348K12K lockf0:00 0.00% 0.00% httpd 50856 www 200 16280K12K lockf0:00 0.00% 0.00% httpd 50854 www 200 15272K12K lockf0:01 0.00% 0.00% httpd 50853 www 200 14972K12K lockf0:01 0.00% 0.00% httpd 50852 www 200 12480K12K lockf0:00 0.00% 0.00% httpd 50858 www 200 12352K12K lockf0:00 0.00% 0.00% httpd 50857 www 960 12352K12K select 0:00 0.00% 0.00% httpd 50851 root 960 12336K 1560K select 0:59 0.00% 0.00% httpd ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Trouble accessing da-devices on Supermicro X6DH8-G2
Hi guys (and girls?), I have an interesting yet frustating problem trying to get FreeBSD to access a logical drive/lun's on a raid array. Let me describe the system first. The server has a Supermicro X6DH8-G2 mainboard. This thing has an on-board Adaptec AIC-7902 controller (ahd) which we are not using. Other cards installed, on a riser, are a LSILogic MegaRAID SCSI 320-1 and a Qlogic 2300 fibre channel adapter. The Qlogic has a raid array attached which shows up during post and syncs nicely at 2 Gb. The logical volumes created with the Megaraid can be accessed just fine, even though they don't show up with camcontrol. The lun's on the raid array simply don't show up anywhere. However when I go into the QL menu upon boot I can 'see' the lun's so that indicates there is no problem with the hardware and/or link. I've tried everything from changing irq's (didn't work, the two mentioned cards keep sharing the same no matter what I do with device.hints etc.), different FreeBSD versions, to taking the Megaraid out of the system. No dice. I cannot help but think there is something about this mainboard that messes up the CAM subsystem (the volumes on the Lsilogic show up as amrd* so I guess that thing does it's own magic and doesn't need CAM?). I don't mind if FreeBSD cannot work with this combination of hardware but I'd like to be sure that that's the problem. Any pointers/suggestions are welcome :) Do let me know what additional info could be useful here. For now I've put up dmesg and pciconf output here: http://home.caiw.nl/~pviersel/freebsd/ . The system is currently running 5.4 STABLE/amd64 with a generic kernel. The only change in the kernel is that I've taken out the ahd driver. Please cc me if you reply (I use the digest version of the mailinglist). Thanks, Patrick. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: creating ISO for bootable CD
Bsderss wrote: Hi, I downloaded rtems source in the FreeBSD OS. Can anyone please tell me how to create a CD bootable ISO file of rtems in the FreeBSD OS? Look at: http://www.sfc.wide.ad.jp/~watari/FreeBSD/boot.html I found it helpful, although mkisofs options have changed some since the webpage was written but you just have to check the manpage and you'll see how to do it. Regards, /Ragnar ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Security warning with sshd
Pat Maddox [EMAIL PROTECTED] wrote: Hey guys, thanks for the help so far. I'm going to post this to the freebsd-pf list to see if anyone has any ideas...but I'm using PF, and here's the config. Hopefully you can take a look and see what the problem may be. As I said earlier, I'm not positive why I'm getting those errors, but I believe it's because my SSH connection is getting cut off whenever I enable the firewall. I've also been looking for a way to not be cut off (since it's very annoying), and it seems like figuring out and correcting these errors will also fix the second problem. You have to enable the firewall before you use ssh. A stateful firewall can't know about connections which get setup before the firewall is started. Since the firewall starts with a clean state, it has to assume that no connection is valid and blocks every already established traffic. So the behavior you see is what you requested from the system by starting the firewall after starting a ssh session. There's no need to be scared, it's not a security flaw, but you have to change your expectations. Bye, Alexander. -- http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 Don't you feel more like you do now than you did when you came in? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fonts Question...
On Tue, 23 Aug 2005 04:05:02 -0500 (GMT-05:00) Eric Murphy [EMAIL PROTECTED] wrote: When installing X fonts whats the best way to do this say I found a font I really like thats manily for windows ...the file is called XCELI.TTF So I figured I could go to /usr/X11R6/lib/X11/fonts/TTF and place the file there..then open ip xfontsel and have at it.. This didnt work...so my question is.. how do you install custem X fonts and can you use windows fonts? you're using xorg ? you have a ~/.fonts directory ? if not, create it and copy fonts you want to use in there, and you should be able to use them right away ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fonts Question...
Eric Murphy [EMAIL PROTECTED] wrote: When installing X fonts whats the best way to do this say I found a font I really like thats manily for windows ...the file is called XCELI.TTF So I figured I could go to /usr/X11R6/lib/X11/fonts/TTF and place the file there..then open ip xfontsel and have at it.. This didnt work...so my question is.. how do you install custem X fonts and can you use windows fonts? You need to run fc-config and restart your x-windows after adding a font. It should be available after restart. Beech -- --- Beech Rintoul - System Administrator - [EMAIL PROTECTED] /\ ASCII Ribbon Campaign | NorthWind Communications \ / - NO HTML/RTF in e-mail | 201 East 9th Avenue Ste.310 X - NO Word docs in e-mail | Anchorage, AK 99501 / \ --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsdb -Uu duplicate entry warnings
Kris Kennaway wrote: On Tue, Aug 23, 2005 at 08:07:13AM -0400, bob self wrote: I've been told that these messages are not a problem. But I do think that they are warnings. How can I get rid of these warnings? You don't, they're not a problem. If you really don't want to see them, I recommend closing your eyes while running the command :-). Warning: Duplicate INDEX entry: freeciv-gtk2-2.0.2 Warning: Duplicate INDEX entry: mod_frontpage2-5.0.2.2635 Warning: Duplicate INDEX entry: mod_jk2-apache2-2.0.4 Warning: Duplicate INDEX entry: mod_rpaf-ap2-0.5 I get these after running 'portsdb -Uu I've searched the archives but haven't found the solution. For (t)csh: alias portsdb 'portsdb \!:* | egrep -v Warning: Duplicate INDEX' (that's then ' at the end) For (ba)sh I think it's: alias portsdb='portsdb $@ 21 | egrep -v Warning: Duplicate INDEX' This is the power of Unix. Use it. --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
creating filesystem images
I have an OS running on a 128Mg CF and i want to tranfsfer this image to a another, actually 5 or more, 512Mg CF cards, each with two partitions one 128 and one 392. dump and restore seem to be able to accomplish this. Is that a good method, is dd better? i realize not entirely freebsd, but will be doing all the work on a 5.4 machine back to googlewould appreciate any pointers anyone may have Thanks jeff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Routing problem?
Ok, here´s the deal I have my Freebsd 4.10 gateway/nat/firewall on my network. On my LAN i have couple WIN machines and a Linux Redhat machine working ok to outside and other machine´s with IP 192.168.255.252 eth0 I have one software running on Redhat Machine that uses SLIP and i have configured sl0 with 192.168.255.252 P-t-P 192.168.0.6 The 192.168.0.6 is the IP of that Software Ok with these configurations i can connect from my Linuxbox locally to the software with 192.168.0.6 But the 192.168.0.6 Does´nt appear to be available for other computers on my LAN So i checked out some manuals and used command: ARP -Ds 192.168.0.6 sl0 pub and 92.168.0.6 came visible to other computers on my LAN. So now i thought that all i have to do is to put on my BSDBOX natd.confto redirect all requests from 23 and 81 to 192.168.0.6 right? and allow of course ports from Firewall (My software with the SLIP has entrance via HTTP and TELNET) Well nobody can´t still connect to my Linux software from outside?From my LAN it´works ok. I tried also adding allow ip from any to 192.168.0.6 via ep0 and that worked for a while (now anybody from outside can connect to my software) It works only for couple hours and the no response? I´cant understand how the allow ip from any to 192.168.0.6 can help. Well if anyone has understood what i´m trying to do here and wants to send couple hints i would be glad. :-) Thanks for your reply. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Illegal access attempt - FreeBSD 5.4 Release - please advise
On 8/24/05, ro ro [EMAIL PROTECTED] wrote: Hi All, I was browsing through my log files and noticed that someone (or many people) is trying to gain illegal access to my server (see snippet from log files below). The below log file clearly indicates someone trying to hackaway at my personal server. I performed the following steps: nmap -v 210.0.142.153 and noticed that this person/institution had port 80 and 21 open. I visited their website and it appears to be someone from hongkong. http://www.chkpcc.edu.hk/ HERE IS THEIR CONTACT INFORMATION AS IT APPEARS ON THEIR WEBSITE - Confucian Ho Kwok Pui Chun College 孔 教 學 院 何 郭 佩 珍 中 學 Address 地址: Fu Shin Est., Taipo, N.T., HKSAR 香港新界大埔富善村 Tel 電話: 852-2666-5926 Fax 傳真: 852-2660-7988 E-mail 電郵: [EMAIL PROTECTED] - When I saw the logs for the first time. I took the following steps: 1) AllowUsers in sshd contained only users that I wanted to have access to my ssh 2) Created a decent rulest within ipfw that permitted incoming access to only two ports ssh and http I took the issue of creating a good firewall quite lightly and now I regret that decision.. now I have learnt... Can someone provide me with guidance on this issue and advise me on next steps to take action against such losers. Thanks RV Aug 23 08:19:03 free sshd[22519]: Illegal user lp from 210.0.142.153 Aug 23 08:19:06 free sshd[22521]: Illegal user admin from 210.0.142.153 Aug 23 08:19:08 free sshd[22523]: Illegal user admin from 210.0.142.153 Aug 23 08:19:10 free sshd[22525]: Illegal user admin from 210.0.142.153 Aug 23 08:19:12 free sshd[22527]: Illegal user admin from 210.0.142.153 Aug 23 08:19:15 free sshd[22529]: Illegal user admin from 210.0.142.153 Aug 23 08:19:17 free sshd[22531]: Illegal user admin from 210.0.142.153 Aug 23 08:19:19 free sshd[22533]: Illegal user admin from 210.0.142.153 Aug 23 08:19:22 free sshd[22535]: User root not allowed because not listed in AllowUsers Aug 23 08:19:24 free sshd[22537]: User root not allowed because not listed in AllowUsers Aug 23 08:19:27 free sshd[22539]: User root not allowed because not listed in AllowUsers Aug 23 08:19:29 free sshd[22541]: User root not allowed because not listed in AllowUsers Aug 23 08:19:33 free sshd[22543]: User root not allowed because not listed in AllowUsers Aug 23 08:19:35 free sshd[22545]: User root not allowed because not listed in AllowUsers Aug 23 08:19:37 free sshd[22547]: Illegal user apache from 210.0.142.153 Aug 23 08:19:40 free sshd[22549]: Illegal user dan from 210.0.142.153 Aug 23 08:19:42 free sshd[22551]: Illegal user electra from 210.0.142.153 Aug 23 08:19:44 free sshd[22553]: Illegal user student from 210.0.142.153 Aug 23 08:19:47 free sshd[22555]: Illegal user school from 210.0.142.153 Aug 23 08:19:49 free sshd[22557]: User mysql not allowed because not listed in AllowUsers Aug 11 20:16:10 free sshd[21585]: Illegal user test from 210.245.197.16 Aug 11 20:16:12 free sshd[21587]: Illegal user guest from 210.245.197.16 Aug 11 20:16:14 free sshd[21589]: Illegal user admin from 210.245.197.16 Aug 11 20:16:16 free sshd[21591]: Illegal user admin from 210.245.197.16 Aug 11 20:16:23 free sshd[21593]: Illegal user user from 210.245.197.16 Aug 11 20:16:32 free sshd[21601]: Illegal user test from 210.245.197.16 Aug 14 03:39:21 free sshd[32377]: Illegal user 1 from 61.145.222.10 Aug 14 03:39:26 free sshd[32379]: Illegal user a from 61.145.222.10 Aug 14 03:39:31 free sshd[32381]: Illegal user a from 61.145.222.10 Aug 14 03:39:38 free sshd[32383]: Illegal user abuse from 61.145.222.10 Aug 14 10:47:49 free sshd[33623]: Illegal user admin from 64.222.146.197 Aug 14 10:47:51 free sshd[33625]: Illegal user administrator from 64.222.146.197 Aug 14 10:47:52 free sshd[33627]: Illegal user jack from 64.222.146.197 Aug 14 10:47:53 free sshd[33629]: Illegal user marvin from 64.222.146.197 Aug 14 10:47:58 free sshd[33631]: Illegal user andres from 64.222.146.197 Aug 14 10:47:59 free sshd[33633]: Illegal user barbara from 64.222.146.197 Aug 14 10:48:01 free sshd[33635]: Illegal user adine from 64.222.146.197 Aug 14 10:48:02 free sshd[33637]: Illegal user test from 64.222.146.197 Aug 14 10:48:04 free sshd[33639]: Illegal user guest from 64.222.146.197 Aug 14 10:48:07 free sshd[33641]: Illegal user db from 64.222.146.197 Aug 23 08:18:40 free sshd[22499]: Illegal user demo from 210.0.142.153 Aug 23 08:18:43 free sshd[22501]: Illegal user postgres from 210.0.142.153 Aug 23 08:18:45 free sshd[22503]: Illegal user postmaster from 210.0.142.153 Aug 23 08:18:47 free sshd[22505]: Illegal user postgres from 210.0.142.153 Aug 23 08:18:49 free sshd[22507]: Illegal user postgres from 210.0.142.153 Aug 23 08:18:52 free sshd[22509]: Illegal user ftp from 210.0.142.153 Aug 23
Re: dump(8), incremental backups, Tower of Hanoi sequence, don't get it
On Tue, Aug 23, 2005 at 11:35:35AM -0700, Philip Hallstrom wrote: 2) If all you have to deal with are static files and a not-super-giant-filesystem, use rsync. rsync -avz --delete once a night will mirror your data between drives or between machines without any trouble. The only disadvantage is there is no file retention if you want to restore a corrupt / deleted file after the fact. Actually there is... sort of... The trick is to use the --backup and --backup-dir options: -b, --backup With this option, preexisting destination files are renamed as each file is transferred or deleted. You can control where the backup file goes and what (if any) suffix gets appended using the --backup-dir and --suffix options. --backup-dir=DIR In combination with the --backup option, this tells rsync to store all backups in the specified directory. This is very use- ful for incremental backups. You can additionally specify a backup suffix using the --suffix option (otherwise the files backed up in the specified directory will keep their original filenames). Another useful rsync option is --link-dest: --link-dest=DIR This option behaves like --copy-dest, but unchanged files are hard linked from DIR to the destination directory. The files must be identical in all preserved attributes (e.g. permissions, possibly ownership) in order for the files to be linked together. I use this to rsync each backup into a new directory on the backup volume, named for the date of the backup. The result is a directory for each backup run, apparently containing every file from the source tree - but most of them are just hard links to some previous backup. This saves a *lot* of disk space as you only ever copy files that have changed since the last backup. You also have the complete file tree for each backup, so it's trivial to restore the version of a file that existed on any particular date. Cheers, Scott -- === Scott Mitchell | PGP Key ID | Eagles may soar, but weasels Cambridge, England | 0x54B171B9 | don't get sucked into jet engines scott at fishballoon.org | 0xAA775B8B | -- Anon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Illegal access attempt - FreeBSD 5.4 Release - please advise
Also, most if not all of the blocks below are Asia netblocks that I have had more then 3 attempts to gain access to my servers. 220.0.0.0/8 202.0.0.0/7 134.208.0.0/16 218.0.0.0/8 210.0.0.0/7 221.0.0.0/8 219.0.0.0/8 195.116.0.0/16 59.0.0.0/8 195.133.91.0/24 222.0.0.0/8 Not always a good idea. A lot of Australian users have been having issues because of people doing this. More info here: http://forums.whirlpool.net.au/forum-replies.cfm?t=324246#r2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Illegal access attempt - FreeBSD 5.4 Release - please advise
On 8/24/05, Michael Dale [EMAIL PROTECTED] wrote: Also, most if not all of the blocks below are Asia netblocks that I have had more then 3 attempts to gain access to my servers. 220.0.0.0/8 202.0.0.0/7 134.208.0.0/16 218.0.0.0/8 210.0.0.0/7 221.0.0.0/8 219.0.0.0/8 195.116.0.0/16 59.0.0.0/8 195.133.91.0/24 222.0.0.0/8 Not always a good idea. A lot of Australian users have been having issues because of people doing this. More info here: http://forums.whirlpool.net.au/forum-replies.cfm?t=324246#r2 You are right, its not a good idea, but when they attempt access I email the logs and and a nice email (NOT a 3 page complaint followed by demands and treat of legal recourse (I work at a large ISP so I know)) I get no where, those ISP's are leave me no other choice. I should also state that I remove the netblocks from my blackhole list about every 3 months, but the same blocks always end up back on the list. -Erik- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Window manager to use with touch panel
Hi everyone I recently got hold of a computer built into a 15 flatscreen monitor. I want to use this to control lights and other things around the appartment and I need a window manager that runs on FreeBSD and works well with touch screens. A user interface with large buttons and a simple menu would do the trick but I don't know of any. Since it's a Cyrix 300MHz processor and only 64MB of Ram I want a light weight window manager. Any suggestions? Regards Per ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How do I get packages with tgz files
On 24/08/2005, at 4:10 PM, Bharma wrote: Hi I am working with a machine with FreeBSD 4.2.8 version. I am not allowed to change the version on the machine. I want to install some packages - in particular the KDE package on the machine pkg_add ftp://pub/FreeBSD/ports/packages/kde/kdeversion.tbz results in pkg_add responding that it does not understand tgz files. It may be that pkg_add for FreeBSD 4.2.8 is old. How do I get tgz files then. Well 4.2 is pretty old now.. But tgz files are the same as .tar.gz, it is just an abbreviation of it, it means the file has been tar'd then gzipped.. You can extract it with tar using the -z option or run gunzip on it first.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
HP Proliant DL320
I just got a Proliant DL320 put on my desk to configure for a tcpdump monitoring project. The cooling fans run at full speed and as loud as can be. I see that there is hpapm or cpqhealth programs for Windows, and looks like Red Hat and Suse, that will watch the temperature and turn down the fans to needed levels. Is there anything to control these things for FreeBSD? I installed 5-4 from DVD and will be updating via source today. Man, it's fast compared to the old stuff I'm used to. Paul. -- __ Paul T. Root /_ \ 1977 MGB / /|| \\ ||\/ || _ | || || || \ ||__// \__/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Script help using cut
- Original Message - From: antenneX [EMAIL PROTECTED] To: Giorgos Keramidas [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Tuesday, August 23, 2005 8:35 PM Subject: Re: Script help using cut - Original Message - From: Giorgos Keramidas [EMAIL PROTECTED] To: antenneX [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Tuesday, August 23, 2005 8:16 PM Subject: Re: Script help using cut On 2005-08-23 20:02, antenneX [EMAIL PROTECTED] wrote: Been trying to complete a script that I can use to grep spam emails from the maillog, then trim it to just the plain email address. Trying to use cut in the script but it's not doing what I want yet. Here is what the earlier lines have the lines down to so far: (envelope-from [EMAIL PROTECTED]) -- no quotes ...and I want this clean trimmed result after trim using cut or anything else that works to trim/cut: [EMAIL PROTECTED] --- no underlines of course That's a TAB space at beginning of the line. The envelope lines are in a tmp file in colum format (one line below the other). (envelope-from [EMAIL PROTECTED]) (envelope-from [EMAIL PROTECTED]) (envelope-from [EMAIL PROTECTED]) All ideas appreciated Does it have to be cut(1)? $ awk '{print $2}' tmpfile | sed -e 's/)[[:space:]]*$//' | sort | uniq Just woke up this morning and realized I needed to chop off more -- everything except the domain. So, instead of [EMAIL PROTECTED] I need the result badguy.com How could the above awk line be expanded to chop off the username@ portion as well? Sorry, must have been really tired. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Script help using cut
On 2005-08-24 07:58, antenneX [EMAIL PROTECTED] wrote: antenneX [EMAIL PROTECTED] wrote: Giorgos Keramidas [EMAIL PROTECTED] wrote: (envelope-from [EMAIL PROTECTED]) (envelope-from [EMAIL PROTECTED]) (envelope-from [EMAIL PROTECTED]) All ideas appreciated $ awk '{print $2}' tmpfile | sed -e 's/)[[:space:]]*$//' | sort | uniq Just woke up this morning and realized I needed to chop off more -- everything except the domain. So, instead of [EMAIL PROTECTED] I need the result badguy.com How could the above awk line be expanded to chop off the username@ portion as well? sed(1) can do more than one substitutions in one line: sed -e 's/)[[:space:]]*$//' -e 's/^.*@//' or you can use as complex regular expressions as necessary to cut specific parts of the line: sed -e 's/[EMAIL PROTECTED]([^)]*\))[[:space:]]*$/\1/' ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cvsup multiple RELENGs?
Hi, Situation - I have a machine that I use to build the base system for others. I'd like to be able to have multiple copies of /usr/src for different releases - in particular, RELENG_5_3 and RELENG_5_4. Rather than just changing my RELENG in the supfile and blowing away the tree each time I thought I could maintain multiple source trees. One trivial way that came to mind would be to copy /usr/src to /usr/RELENG_5_3 and /usr/RELENG_5_4 and replace /usr/src with a symlink that points to the one I'm using at the time - I don't know if this makes perfect sense, it's just an idea :) Or should I be doing this properly and checking out a complete CVS tree? thanks, -- Joel Hatton -- Security Analyst| Hotline: +61 7 3365 4417 AusCERT - Australia's national CERT | Fax: +61 7 3365 7031 The University of Queensland| WWW: www.auscert.org.au Qld 4072 Australia | Email: [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Illegal access attempt - FreeBSD 5.4 Release - please advise
i usually run a swatch script to monitor ssh login attempts and deny them via ipfw - most of them are addresses from people running linux trying to bruteforce there way in - the list can get pretty long. also whats most funny is that alot of those people try windows server exploits on me damn script kiddies -Ben Pat Maddox wrote: It's not that big of a deal...they didn't get in or anything. If you've got a server that's always connected to the internet, you'll see people trying to break in all the time. The more popular your server, the more frequent the attempts. This is just someone trying to log in via SSH - so as long as you have good passwords on all your accounts, and disable remote root login, you're fine. You may consider denying access after X failed login attempts. On 8/23/05, ro ro [EMAIL PROTECTED] wrote: Hi All, I was browsing through my log files and noticed that someone (or many people) is trying to gain illegal access to my server (see snippet from log files below). The below log file clearly indicates someone trying to hackaway at my personal server. I performed the following steps: nmap -v 210.0.142.153 and noticed that this person/institution had port 80 and 21 open. I visited their website and it appears to be someone from hongkong. http://www.chkpcc.edu.hk/ HERE IS THEIR CONTACT INFORMATION AS IT APPEARS ON THEIR WEBSITE - Confucian Ho Kwok Pui Chun College ? ? ? ? ? ? ? ? ? ? Address ??: Fu Shin Est., Taipo, N.T., HKSAR ? Tel ??: 852-2666-5926 Fax ??: 852-2660-7988 E-mail ??: [EMAIL PROTECTED] - When I saw the logs for the first time. I took the following steps: 1) AllowUsers in sshd contained only users that I wanted to have access to my ssh 2) Created a decent rulest within ipfw that permitted incoming access to only two ports ssh and http I took the issue of creating a good firewall quite lightly and now I regret that decision.. now I have learnt... Can someone provide me with guidance on this issue and advise me on next steps to take action against such losers. Thanks RV Aug 23 08:19:03 free sshd[22519]: Illegal user lp from 210.0.142.153 Aug 23 08:19:06 free sshd[22521]: Illegal user admin from 210.0.142.153 Aug 23 08:19:08 free sshd[22523]: Illegal user admin from 210.0.142.153 Aug 23 08:19:10 free sshd[22525]: Illegal user admin from 210.0.142.153 Aug 23 08:19:12 free sshd[22527]: Illegal user admin from 210.0.142.153 Aug 23 08:19:15 free sshd[22529]: Illegal user admin from 210.0.142.153 Aug 23 08:19:17 free sshd[22531]: Illegal user admin from 210.0.142.153 Aug 23 08:19:19 free sshd[22533]: Illegal user admin from 210.0.142.153 Aug 23 08:19:22 free sshd[22535]: User root not allowed because not listed in AllowUsers Aug 23 08:19:24 free sshd[22537]: User root not allowed because not listed in AllowUsers Aug 23 08:19:27 free sshd[22539]: User root not allowed because not listed in AllowUsers Aug 23 08:19:29 free sshd[22541]: User root not allowed because not listed in AllowUsers Aug 23 08:19:33 free sshd[22543]: User root not allowed because not listed in AllowUsers Aug 23 08:19:35 free sshd[22545]: User root not allowed because not listed in AllowUsers Aug 23 08:19:37 free sshd[22547]: Illegal user apache from 210.0.142.153 Aug 23 08:19:40 free sshd[22549]: Illegal user dan from 210.0.142.153 Aug 23 08:19:42 free sshd[22551]: Illegal user electra from 210.0.142.153 Aug 23 08:19:44 free sshd[22553]: Illegal user student from 210.0.142.153 Aug 23 08:19:47 free sshd[22555]: Illegal user school from 210.0.142.153 Aug 23 08:19:49 free sshd[22557]: User mysql not allowed because not listed in AllowUsers Aug 11 20:16:10 free sshd[21585]: Illegal user test from 210.245.197.16 Aug 11 20:16:12 free sshd[21587]: Illegal user guest from 210.245.197.16 Aug 11 20:16:14 free sshd[21589]: Illegal user admin from 210.245.197.16 Aug 11 20:16:16 free sshd[21591]: Illegal user admin from 210.245.197.16 Aug 11 20:16:23 free sshd[21593]: Illegal user user from 210.245.197.16 Aug 11 20:16:32 free sshd[21601]: Illegal user test from 210.245.197.16 Aug 14 03:39:21 free sshd[32377]: Illegal user 1 from 61.145.222.10 Aug 14 03:39:26 free sshd[32379]: Illegal user a from 61.145.222.10 Aug 14 03:39:31 free sshd[32381]: Illegal user a from 61.145.222.10 Aug 14 03:39:38 free sshd[32383]: Illegal user abuse from 61.145.222.10 Aug 14 10:47:49 free sshd[33623]: Illegal user admin from 64.222.146.197 Aug 14 10:47:51 free sshd[33625]: Illegal user administrator from 64.222.146.197 Aug 14 10:47:52 free sshd[33627]: Illegal user jack from 64.222.146.197 Aug 14 10:47:53 free sshd[33629]: Illegal user marvin from 64.222.146.197 Aug 14 10:47:58 free sshd[33631]: Illegal user andres from 64.222.146.197 Aug 14 10:47:59 free sshd[33633]: Illegal user barbara from 64.222.146.197 Aug 14 10:48:01 free sshd[33635]: Illegal user adine from 64.222.146.197
Re: cvsup multiple RELENGs?
Joel Hatton wrote: Hi, Situation - I have a machine that I use to build the base system for others. I'd like to be able to have multiple copies of /usr/src for different releases - in particular, RELENG_5_3 and RELENG_5_4. Rather than just changing my RELENG in the supfile and blowing away the tree each time I thought I could maintain multiple source trees. One trivial way that came to mind would be to copy /usr/src to /usr/RELENG_5_3 and /usr/RELENG_5_4 and replace /usr/src with a symlink that points to the one I'm using at the time - I don't know if this makes perfect sense, it's just an idea :) May be it's better to make different supfiles for different RELENGs and change the *default prefix to the directory you want /src to be downloaded? Or should I be doing this properly and checking out a complete CVS tree? thanks, -- Joel Hatton -- Security Analyst| Hotline: +61 7 3365 4417 AusCERT - Australia's national CERT | Fax: +61 7 3365 7031 The University of Queensland| WWW: www.auscert.org.au Qld 4072 Australia | Email: [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Question
John C. Bogard wrote: Root PW lost, need to access FBSD and am unable to now See my posting on the subject here: http://freebsd.amazingdev.com/blog/archives/99.html Also, search my site for other root password gotchas. -- Jonathan Arnold (mailto:[EMAIL PROTECTED]) Daemon Dancing in the Dark, a FreeBSD weblog: http://freebsd.amazingdev.com/blog/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cvsup multiple RELENGs?
Joel Hatton wrote: Hi, Situation - I have a machine that I use to build the base system for others. I'd like to be able to have multiple copies of /usr/src for different releases - in particular, RELENG_5_3 and RELENG_5_4. Rather than just changing my RELENG in the supfile and blowing away the tree each time I thought I could maintain multiple source trees. One trivial way that came to mind would be to copy /usr/src to /usr/RELENG_5_3 and /usr/RELENG_5_4 and replace /usr/src with a symlink that points to the one I'm using at the time - I don't know if this makes perfect sense, it's just an idea :) from my supfile src-all tag=RELENG_5_4 prefix=/usr/releases/RELENG_5_4 and you can repeat that line for each release you want to follow. wouldn't suprise me if /usr/src isn't actually hardcoded into the build and it'll work with the src tree somewhere else, though i've always soft linked from /usr/src. otherwise, i'm not sure how wise it is to build different releases with a different base system and different kernel. might want to take a look at /usr/src/release. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: identd and pf question
On 2005-08-23 22:31, Matt Rechkemmer [EMAIL PROTECTED] wrote: After banging my head for awhile, and trying other daemons (oidentd, pidentd), I tried disabling pf with pfctl -d. Voila, clients can connect. I re-enabled pf with pfctl -e and things are broken again. Show us your pf.conf file, please. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
pax question
Hi people i want do backup of my home directory (some days ago i had a terrible accident with my hdd and i don't have backups of my files :-( ) now i am using or trying to use pax.this is what i did. in the crontab i put this 0 6 1 * * rootpax -wzf /160GB/backups/$filename /home/osmany/ where filename is the date of the backup and 50 23 * * * rootpax -T -wzf /160GB/backups/$filename /home/osmany/ where filename is the date of the backup plus delta word. all this work perfect. hmm this work without problem but i want to know if there are a better way to do my backups. i'm not sure that this was perfect ... Some help please Thanks Osmany ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: oversized httpd process?
In the last episode (Aug 24), Lei Sun said: I saw many posts from google regarding to this question, but there were no definite answers.. some say, it's mod_ssl, some say it's mod_perl, some say it is mm. But my case, it just doesn't make much sence to me at all. Here are the 2 test machines that I have, both have the exact same configuration A is a lot more powerful than B machine A, p4 3.0 2GB Mem machine B, p2 450Mhz 128MB Mem Both have mod_php, mod_ssl, and no traffic has been sent. Looking at the httpd sizes, I start to wonder ... How come Machine B only uses around 15Mb per httpd, while machine A takes 155Mb, and while they have exactly the same software, same configuration. Try running lsof on both processes. Since SIZE is 155M but RES is a lot smaller, there may be a large file being mmapped by one system and not the other. machine A: PID USERNAME PRI NICE SIZERES STATE C TIME WCPUCPU COMMAND 440 root 960 155M 17412K select 0 0:02 0.00% 0.00% httpd machine B: PID USERNAME PRI NICE SIZERES STATETIME WCPUCPU COMMAND 50855 www 200 16348K12K lockf0:00 0.00% 0.00% httpd -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pppoed using mpd - dirrect connect between LAN clients
Ovidiu Ene [EMAIL PROTECTED] writes: Hello guys I've setup a pppoe server using mpd and i've activated proxy arp in pppoed. The problem is that all traffic between LAN users is going via pppoed NIC. I do not want that, i want that LAN users to have traffic direct, like using fixed IPs. it is possible? how? Can you draw a picture of the configuration? I don't follow your description, and others may be having the same problem. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Still problems with ntop?
Matt Virus [EMAIL PROTECTED] writes: I see bug reports and broken port notifications. I get an error when compiling from source cannot find -lmyrrd I have rrdtool installed, i even uninstalled it and reverted to the older version and still no dice. *shrug* anybody got anything? The port (from cvs yesterday) builds and runs for me... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Making several custom boot configurations?
sd [EMAIL PROTECTED] writes: I'm trying to make several different configurated systems on one FreeBSD box: different kernel parameters for each configuration, different hostname, startup scripts, network configurations, etc. Can it be done by adding some custom points to boot manager menu or altering existent ones? Yes, it could be done. That's why the boot manager menu is built from a real programming language. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
OT
Hi, There is a little offtopic, but, everything should be the same like in FreeBSD. First of all, I'm sorry for such stupid question. I know, that I need few details, but I can't figure out what are they. I'm plaing with Intel(r) PRO/Wireless2200BG wifi card and it's configuration. I have found different descriptions for the /etc/dhclient.conf file. I have read iwi manual. There are different options (or maybe only different same option names). I'm newbie in a wifi networks. But in the other system, machine with windows and netstumbller I found these wifi networks settings: SSID: sessionid Network Authentification: Open Data Encryption: Wep Network key: 1011121311 (0x1011121311) There sessionid is changed only for anonimity purposes. I need to use dhcp. Now I'm trying to use such /etc/dhclient.conf configuration: initial-interval 1; send host-name thinkpad; request subnet-mask, broadcast-address, routers, domain-name, domain-name-servers, host-name; interface iwi0 { media ssid sessionid wepkey 0x1011121311; } And when I try to use: #dhclient iwi0 I get following errors: Trying medium ssid sessionid wepkey 0x1011121311 1 DHCPDISCOVER on iwi0 to 255.255.255.255 port 67 interval 2 send_packet: Network is down I get this in a cycle with different intervals ( 255.255.255.255 port 67 interval 2, 255.255.255.255 port 67 interval 3, 255.255.255.255 port 67 interval 7). What are the differences between wepkey and nwkey mentioned in iwi driver developer page (http://damien.bergamini.free.fr/ipw/ipw-openbsd.html). And in the same page there are good description, but only for static configurations. So if I 've understood everything correctly, I need to use /etc/dhclient.conf file for configuration. But I stuck there. Please, give me any advice or a link. Thanks for your patient, and sorry for me english. Regards, -- Slack is GOOD. BSD is better. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: creating filesystem images
jdyke [EMAIL PROTECTED] writes: I have an OS running on a 128Mg CF and i want to tranfsfer this image to a another, actually 5 or more, 512Mg CF cards, each with two partitions one 128 and one 392. dump and restore seem to be able to accomplish this. Is that a good method, is dd better? Dump and restore is the obvious way to do it. dd can do it too, but will be slower, as well as easier to shoot yourself in the foot with. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
semi-OT: non-Latin fonts under Emacs
Would someone who is successfully seeing/using non-Latin (Cyrillic, Arabic, et al.) fonts under Emacs/Xemacs please contact me _off-list _? Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: semi-OT: non-Latin fonts under Emacs
On 2005-08-24 11:11, Robert Huff [EMAIL PROTECTED] wrote: Would someone who is successfully seeing/using non-Latin (Cyrillic, Arabic, et al.) fonts under Emacs/Xemacs please contact me _off-list_? I am using Greek (ISO8859-7) fonts on both the FreeBSD console and within xterm in X11. Does that count? If yes, I have no problem posting the details to you or to the list (I'd prefer the latter, in case someone wants to find the description in the archives). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How do I get packages with tgz files
Am sorry for the typos. The problem is actually this. The KDE packages available right now are tbz files. However, pkg_add on FreeBSD 4.2.8 understands only tgz files. I earlier wrote that I was trying to install tgz files though I meant that I was trying to install tbz files. So the question is how to I get tgz files? The different ways that I have thought of a) Download tbz - convert it into tgz and let pkg_add download it from a local ftp location. The problem is that what happens if pkg_add wants to download dependencies also (or is kde-version.tgz the complete package and is the only file to be downloaded) b) build from ports - qt compilation is failing c) upgrade pkg_add only to understand tbz files. This is a better solution except I don't know how to upgrade pkg_add only (and if it is possible with FreeBSD 4.2.8 kernel) --- Jerahmy Pocott [EMAIL PROTECTED] wrote: On 24/08/2005, at 4:10 PM, Bharma wrote: Hi I am working with a machine with FreeBSD 4.2.8 version. I am not allowed to change the version on the machine. I want to install some packages - in particular the KDE package on the machine pkg_add ftp://pub/FreeBSD/ports/packages/kde/kdeversion.tbz results in pkg_add responding that it does not understand tgz files. It may be that pkg_add for FreeBSD 4.2.8 is old. How do I get tgz files then. Well 4.2 is pretty old now.. But tgz files are the same as .tar.gz, it is just an abbreviation of it, it means the file has been tar'd then gzipped.. You can extract it with tar using the -z option or run gunzip on it first.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Illegal access attempt - FreeBSD 5.4 Release - please advise
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Dale Sent: Wednesday, August 24, 2005 4:40 AM To: Hornet Cc: ro ro; freebsd-questions@freebsd.org Subject: Re: Illegal access attempt - FreeBSD 5.4 Release - please advise Also, most if not all of the blocks below are Asia netblocks that I have had more then 3 attempts to gain access to my servers. 220.0.0.0/8 202.0.0.0/7 134.208.0.0/16 218.0.0.0/8 210.0.0.0/7 221.0.0.0/8 219.0.0.0/8 195.116.0.0/16 59.0.0.0/8 195.133.91.0/24 222.0.0.0/8 Not always a good idea. A lot of Australian users have been having issues because of people doing this. More info here: http://forums.whirlpool.net.au/forum-replies.cfm?t=324246#r2 Such automated blocking is becoming common in the better Intrusion Detection Systems, which talk to their associated firewalls. If you are creating what is effectively a simple IDS, here are a couple thoughts: First, blocking reserved areas of the IP space seems a little different than fighting malicious hackers and spammers, but in either case, see (ii) below. Second, if someone legitimate is being blocked, they'll probably call you. You can put an earlier rule in the firewall to let them in. If you are running an ecommerce site, you might not want to block half the world; invest in a more powerful firewall/IDS combination. See (iii) below. Third, if you are automating the creation of your blocks (a good idea) then you could also do the following: (i) create blocks as narrow as possible given the attacks. First block the IP address, then if several nearby addresses attack, block that subnet, etc. (ii) allow the blocks to time-out after a while (as many IDS blocks do). If (i) turns them back on, then increase the length of the time-out. (iii) review your blocks every now and then either by reviewing your firewall logs or by having your (perl?) program check if (ii) turns off a block only to have (i) turn it on again of if it never cycles. BTW, our firewall blocks so many attacks per minute that its multi-colored console display is better than a soap opera! -gayn ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: creating filesystem images
On Wed, Aug 24, 2005 at 11:00:52AM -0400, Lowell Gilbert wrote: jdyke [EMAIL PROTECTED] writes: I have an OS running on a 128Mg CF and i want to tranfsfer this image to a another, actually 5 or more, 512Mg CF cards, each with two partitions one 128 and one 392. dump and restore seem to be able to accomplish this. Is that a good method, is dd better? Dump and restore is the obvious way to do it. dd can do it too, but will be slower, as well as easier to shoot yourself in the foot with. The advantage of dump/restore is that only the necessary data is written. With dd all the unused blocks on the media are also written, including the filesystem, which will probably work on the larger card. I've always found it best to newfs a CF rather than bulk copy with dd. Had about 20 256MB CF cards purchased in one lot and found several years ago that not all were exactly the same block count in size. Running newfs separately on each solved that problem. Previously dd was used as a bulk duplicator. Tar or pax are not bad choices in addition to dump/restore. -- David Kelly N4HHE, [EMAIL PROTECTED] Whom computers would destroy, they must first drive mad. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Illegal access attempt - FreeBSD 5.4 Release - please advise
On Tue, 23 Aug 2005 21:22:34 -0700 (PDT) ro ro [EMAIL PROTECTED] wrote: I took the issue of creating a good firewall quite lightly and now I regret that decision.. now I have learnt... Can someone provide me with guidance on this issue and advise me on next steps to take action against such losers. [...] Aug 23 08:19:03 free sshd[22519]: Illegal user lp from 210.0.142.153 You could restrict access to sshd on your system to trusted IPs only using /etc/hosts.allow. It's very effective and simple for your specific situation. man 5 hosts_access is a good start. -- Adi Pircalabu (PGP Key ID 0x04329F5E) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: scanner for fbsd $50-$200
dick hoogendijk wrote: Than I looked at SANE-cvs (the latest). There also most modern cheap scanners you see in store today don't seem to be supported. EpsonPerfection 2480/2580/3170 or CanoScan4200F or the cheaper HPScanJets. The EpsonPerfection 2480 works (FreeBSD 6.0), I bought it one month ago, it won't be found as uscanner0 but as some generic usb device, but I have a patch that I still haven't got arround submitting. However, this is not critical - you can still get it to work without the patch. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Script help using cut
- Original Message - From: Giorgos Keramidas [EMAIL PROTECTED] To: antenneX [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Wednesday, August 24, 2005 8:04 AM Subject: Re: Script help using cut On 2005-08-24 07:58, antenneX [EMAIL PROTECTED] wrote: antenneX [EMAIL PROTECTED] wrote: Giorgos Keramidas [EMAIL PROTECTED] wrote: (envelope-from [EMAIL PROTECTED]) (envelope-from [EMAIL PROTECTED]) (envelope-from [EMAIL PROTECTED]) All ideas appreciated $ awk '{print $2}' tmpfile | sed -e 's/)[[:space:]]*$//' | sort | uniq Just woke up this morning and realized I needed to chop off more -- everything except the domain. So, instead of [EMAIL PROTECTED] I need the result badguy.com How could the above awk line be expanded to chop off the username@ portion as well? sed(1) can do more than one substitutions in one line: sed -e 's/)[[:space:]]*$//' -e 's/^.*@//' or you can use as complex regular expressions as necessary to cut specific parts of the line: sed -e 's/[EMAIL PROTECTED]([^)]*\))[[:space:]]*$/\1/' In fact, my very next script line uses sed(1) to add the TAB and the RHS to the sendmail access file: sed 's/$/ REJECT/g' tmpfile /etc/mail/access I'll bet my line could be incorporated with yours. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Script help using cut
On 2005-08-24 11:41, antenneX [EMAIL PROTECTED] wrote: Giorgos Keramidas [EMAIL PROTECTED] wrote: sed -e 's/)[[:space:]]*$//' -e 's/^.*@//' or you can use as complex regular expressions as necessary to cut specific parts of the line: sed -e 's/[EMAIL PROTECTED]([^)]*\))[[:space:]]*$/\1/' In fact, my very next script line uses sed(1) to add the TAB and the RHS to the sendmail access file: sed 's/$/ REJECT/g' tmpfile /etc/mail/access I'll bet my line could be incorporated with yours. Sure. It's probably also a good idea to use mv(1) with a temporary file residing under /etc/mail too, to make sure the update to the access map is as close to being an ``atomic operation'' as possible: % accesstmp=`mktemp /etc/mail/access.tmp.XX` % if [ -z ${accesstmp} ]; then % exit 1 % fi % % ( cat /etc/mail/access ; % awk '{whatever else here}' tmpfile | \ % sed -e 's/[EMAIL PROTECTED]([^)]*\))[[:space:]]*$/\1REJECT/' ) ${accesstmp} % if [ $? -ne 0 ]; then % exit 1 % fi % mv ${accesstmp} /etc/mail/access % cd /etc/mail make access.db ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: oversized httpd process?
Now that I think about it, I did install the eaccelerator for php, and configured it to take 128Mb for eaccelerator.shm_size. It also appears that when I reboot the machine A without pointing my browser to it once, the httpd processes are quite small. BUT... Even with the 2 php application that I installed (phpmyadmin, mediawiki), I don't think there should be that much caching going on. Since if I add the total size of the 2 application together, they won't even hit 20MB. In other words, my understanding would be: even if eaccelerator wants to cache them all, eaccelerator wouldn't be able to find that much stuff to cache, and it would always be less than 20MB. Am I expecting the right thing? On 8/24/05, Dan Nelson [EMAIL PROTECTED] wrote: In the last episode (Aug 24), Lei Sun said: I saw many posts from google regarding to this question, but there were no definite answers.. some say, it's mod_ssl, some say it's mod_perl, some say it is mm. But my case, it just doesn't make much sence to me at all. Here are the 2 test machines that I have, both have the exact same configuration A is a lot more powerful than B machine A, p4 3.0 2GB Mem machine B, p2 450Mhz 128MB Mem Both have mod_php, mod_ssl, and no traffic has been sent. Looking at the httpd sizes, I start to wonder ... How come Machine B only uses around 15Mb per httpd, while machine A takes 155Mb, and while they have exactly the same software, same configuration. Try running lsof on both processes. Since SIZE is 155M but RES is a lot smaller, there may be a large file being mmapped by one system and not the other. machine A: PID USERNAME PRI NICE SIZERES STATE C TIME WCPUCPU COMMAND 440 root 960 155M 17412K select 0 0:02 0.00% 0.00% httpd machine B: PID USERNAME PRI NICE SIZERES STATETIME WCPUCPU COMMAND 50855 www 200 16348K12K lockf0:00 0.00% 0.00% httpd -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: oversized httpd process?
In the last episode (Aug 24), Lei Sun said: Now that I think about it, I did install the eaccelerator for php, and configured it to take 128Mb for eaccelerator.shm_size. It also appears that when I reboot the machine A without pointing my browser to it once, the httpd processes are quite small. BUT... Even with the 2 php application that I installed (phpmyadmin, mediawiki), I don't think there should be that much caching going on. Since if I add the total size of the 2 application together, they won't even hit 20MB. In other words, my understanding would be: even if eaccelerator wants to cache them all, eaccelerator wouldn't be able to find that much stuff to cache, and it would always be less than 20MB. Apparently eaccellerator mmaps the entire shm segment whether it is currently using it or not. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cvsup multiple RELENGs?
At 06:15 AM 8/24/2005, Joel Hatton wrote: Hi, Situation - I have a machine that I use to build the base system for others. I'd like to be able to have multiple copies of /usr/src for different releases - in particular, RELENG_5_3 and RELENG_5_4. Rather than just changing my RELENG in the supfile and blowing away the tree each time I thought I could maintain multiple source trees. One trivial way that came to mind would be to copy /usr/src to /usr/RELENG_5_3 and /usr/RELENG_5_4 and replace /usr/src with a symlink that points to the one I'm using at the time - I don't know if this makes perfect sense, it's just an idea :) Or should I be doing this properly and checking out a complete CVS tree? man development It gives pretty specific details on doing the sort of thing that you want. -Glenn thanks, -- Joel Hatton -- Security Analyst| Hotline: +61 7 3365 4417 AusCERT - Australia's national CERT | Fax: +61 7 3365 7031 The University of Queensland| WWW: www.auscert.org.au Qld 4072 Australia | Email: [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: HP Proliant DL320
Paul T. Root wrote: [ ... ] I see that there is hpapm or cpqhealth programs for Windows, and looks like Red Hat and Suse, that will watch the temperature and turn down the fans to needed levels. Is there anything to control these things for FreeBSD? What happens if you install Linux emulation and try running those programs? You might want to ping HP's tech support about this, too. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Routing?
Patrick Lindholm wrote: [ ... ] But the 192.168.0.6 Does´nt appear to be available for other computers on my LAN So i checked out some manuals and used command: ARP -Ds 192.168.0.6 sl0 pub and 92.168.0.6 came visible to other computers on my LAN. So now i thought that all i have to do is to put on my BSDBOX natd.confto redirect all requests from 23 and 81 to 192.168.0.6 right? and allow of course ports from Firewall (My software with the SLIP has entrance via HTTP and TELNET) Well nobody can´t still connect to my Linux software from outside? From my LAN it´works ok. [ ... ] The first problem was a result of trying to use ARP to a machine not on the local subnet, which the SLIP connection is not. If you're going to use that, you either need to proxy arp for the box, or set up routing on both sides so that the 192.168.255.x and 129.168.0.y subnets know about each other. Second, for NAT port forwarding to work, the Linux box has to route replies back via a path that goes to the FreeBSD box running NATD. In other words, the default route of the Linux box may have to point back via the FreeBSD box. There are other wordarounds available, such as using SSH portforwarding, netcat (nc), or the TIS FWTK plug-gw to proxy the connections to your internal net to avoid changing the routing, but you're getting into some complex networking... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pci-x soundcard
On Aug 23, 2005, at 8:58 PM, Nikolas Britton wrote: Talk to hal because he did buy one. He posted a message saying that he was having trouble with it. I answered it telling him to put snd_driver_load=YES into loader.conf but he never replied back to say if it worked or not. Sorry for the delayed reply. In /boot/loader.conf snd_driver_load=YES didn't help. Here is a rehash of the other things I have tried from an earlier post: I am running FreeBSD 5.4. I am using the card in a SuperMicro X5DP8-G2 motherboard PCI-X slot. From the snd_emu10k1(4) man page: In the kernel configuration file: devicesound devicesnd_emu10k1 From the sound(4) man page: In the /boot/device.hints file: hint.pcm.0.at=isa hint.pcm.0.irq=5 hint.pcm.0.drq=1 hint.pcm.0.flags=0x0 In the /boot/loader.conf file: snd_emu10k1_load=YES I have tried all the above alone and in various combinations. cat /dev/sndstat reports no installed devices. Does anyone know how to make this thing work with FreeBSD 5.4? hal ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Zyxel Prestige ADSL
Hello i have Zyxel Prestige 623R-T1 ADSL modem There is no NAT or other DHCP services running on the modem. Access via http address 192.168.1.1 When i plug it into my Windows machine everything works. Well i want to of course use my Freebsd machine wich is my NATD / Firewall box for my LAN. I do not want to use the ADSL modem for NAT. With another ADSL modem (it´s rental and now i want my own Zyxel to work) everything works ok. My outer ethernet card get´s its IP from ISP. But with zyxel no. INET 0.0.0.0 ?When i plug Zyxel to Windows everything works. I do not understand? Thanks in advance. Patrick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: creating filesystem images
David Kelly [EMAIL PROTECTED] writes: The advantage of dump/restore is that only the necessary data is written. With dd all the unused blocks on the media are also written, including the filesystem, which will probably work on the larger card. If you don't mind educating me further for no particular need... I've long known about the UNIX concept of everything being a string of bytes, but came to the conclusion early in my Linux days that disks couldn't be used as a filesystem after a dd unless their cylinders were the same size (or maybe it was just tracks). Has this all gone away with FreeBSD's removal of block devices and/or with LBA disks? Can I get always (excepting un-related problems) get usable filesystems after dd if=/dev/ad1 of=/dev/ad1 bs=almost anythingb? As a separate issue, some boot stuff can get messed up, right? Or do partition tables use LBA now too? Seems like they'd have to, but I don't remember reading about it anywhere. Tar or pax are not bad choices in addition to dump/restore. bsdtar yes, but pax and gtar (tar in 4.x?) don't handle file flags, if OP needs those. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Internationalization, gnome and gnucash
Hi, I have installed gnucash and as long as I stay with english everything looks fine. When I start gnucash like this: env LC_ALL=nl_NL gnucash I get funny characters: e-accent becomes e , so the quotes are before the e! When I do the same with, e.g., gedit e-accent in the menus is just what it should be, quotes on top of the e. Anyone a clue why this happens? BTW, it also happens with french or german language. Maarten ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Zyxel Prestige ADSL
http://us.zyxel.com/support/productSupport.php?supportpath=p623r_a1 Sounds like the Zyxel is in router mode? Derrill Patrick Lindholm wrote: Hello i have Zyxel Prestige 623R-T1 ADSL modem There is no NAT or other DHCP services running on the modem. Access via http address 192.168.1.1 When i plug it into my Windows machine everything works. Well i want to of course use my Freebsd machine wich is my NATD / Firewall box for my LAN. I do not want to use the ADSL modem for NAT. With another ADSL modem (it´s rental and now i want my own Zyxel to work) everything works ok. My outer ethernet card get´s its IP from ISP. But with zyxel no. INET 0.0.0.0 ?When i plug Zyxel to Windows everything works. I do not understand? Thanks in advance. Patrick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re[2]: mime contents thru ipfw
U are funny (sorry). Use Freebsd for firewall and microsoft for proxy? If u want an easy solution with microsoft try Windows2003 server (that have route and NAT options) and Sygate at firewall. Or any version of Windows with winroute for nat/proxy. I recommend u oldies versions like 4.x for winroute. (this work with little network, not production situations) My advice is to install squid on freebsd machine. Is easy, is included in ports and can find tons of documentation. U dont need two computers for that (gateway+proxy). If i dont understand corect, please explain more clear what u want to do! (including an scheme if u can). is not very clear what is your gateway and where is your proxy. With ipfw, not need to take off the computer from network. Make an simple script and flush rules when u dont want ipfw. For example script example /etc/ipfw.sh: #!/bin/sh cmd=ipfw -q pif=rl0 #public interface lif=fxp0 #private interface $cmd flush $cmd add 100 allow ip from any to any in via $pif . u can run script with: #sh ipfw.sh and if want to flush rules #ipfw flush ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Will this actually work?
No, it uses layer 2 communication at that point. On the 6 FreeBSD stations I have, you are apparently right. It looks like a way to exploit a system without access to the ports. I'm not sure why the kernel intercepts the data that way (you didn't even use a NOP sled.) -Josh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
problem sendmail with msgidruleset.m4 : *** ERROR: FEATURE() should be before MAILER()
I'm trying to set up sendmail with the msgidruleset.m4 so that all inbound and outbound emails from the server are copied to an archiving account. i'm following the directions listed at: http://www.usenix.org/publications/login/1999-10/features/archiving.html or http://www.geocities.com/sbmilbur/sendmail/email_archiving.html i get all the way to the new sendmail.cf creation using: m4 ../m4/cf.m4 /etc/mail/freebsd.mc sendmail.cf and it responds with an error: *** ERROR: FEATURE() should be before MAILER() when i put the line: FEATURE(msgidruleset) before the MAILER() line, it errors out with: *** MAILER(smtp) must appear before copymail mailer') I see that error's created from msgidruleset.m4 and so i assume it has to appear after smtp for it to work and i cant just comment it out How do i get things to work, allowing me to put feature() after mailer(). here's a copy of my freebsd.mc file: divert(-1) # # This is a generic configuration file for FreeBSD 5.X and later systems. # If you want to customize it, copy it to a name appropriate for your # environment and do the modifications there. # # The best documentation for this .mc file is: # /usr/share/sendmail/cf/README or # /usr/src/contrib/sendmail/cf/README # divert(0) VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.29 2003/12/24 21:15:09 gshapiro Exp $') OSTYPE(freebsd5) DOMAIN(generic) FEATURE(access_db, `hash -o -TTMPF /etc/mail/access') FEATURE(blacklist_recipients) FEATURE(local_lmtp) FEATURE(mailertable, `hash -o /etc/mail/mailertable') FEATURE(virtusertable, `hash -o /etc/mail/virtusertable') dnl Uncomment to allow relaying based on your MX records. dnl NOTE: This can allow sites to use your server as a backup MX without dnl your permission. dnl FEATURE(relay_based_on_MX) dnl DNS based black hole lists dnl dnl DNS based black hole lists come and go on a regular basis dnl so this file will not serve as a database of the available servers. dnl For that, visit dnl http://directory.google.com/Top/Computers/Internet/Abuse/Spam/Blacklists/ dnl Uncomment to activate Realtime Blackhole List dnl information available at http://www.mail-abuse.com/ dnl NOTE: This is a subscription service as of July 31, 2001 dnl FEATURE(dnsbl) dnl Alternatively, you can provide your own server and rejection message: dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', `550 Mail from ${client_addr} rejected, see http://mail-abuse.org/cgi-bin/lookup?; ${client_addr}') dnl Dialup users should uncomment and define this appropriately dnl define(`SMART_HOST', `your.isp.mail.server') dnl Uncomment the first line to change the location of the default dnl /etc/mail/local-host-names and comment out the second line. dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw') define(`confCW_FILE', `-o /etc/mail/local-host-names') dnl Enable for both IPv4 and IPv6 (optional) DAEMON_OPTIONS(`Name=IPv4, Family=inet') DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') define(`confBIND_OPTS', `WorkAroundBroken') define(`confNO_RCPT_ACTION', `add-to-undisclosed') define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') MAILER(smtp) MAILER(local) FEATURE(msgidruleset) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Illegal access attempt - FreeBSD 5.4 Release - please advise
On 8/24/05, ro ro [EMAIL PROTECTED] wrote: Hi All, I was browsing through my log files and noticed that someone (or many people) is trying to gain illegal access to my server (see snippet from log files below). The below log file clearly indicates someone trying to hackaway at my personal server. I performed the following steps: nmap -v 210.0.142.153 I recommend that you not make a habit of this. It will eventually result in a complaint to your ISP that you were attacking the system you scanned. Use dig to get a clue about who owns the network that is attacking you: $ dig -x 210.0.142.153 [...] ;; QUESTION SECTION: ;153.142.0.210.in-addr.arpa.IN PTR ;; AUTHORITY SECTION: 142.0.210.in-addr.arpa. 10800 IN SOA bbdns1.on-nets.com. dns.on-nets.com. 200109270110800 3600 604800 86400 There is no PTR info, but the attack is coming from a network controlled by on-nets.com (the SOA). Sending a complaint to them might be effective. You can use whois to try to figure out where to mail the complaint, but it is easier to use abuse.net (http://www.abuse.net) to send a complaint: you email the complaint to abuse.net, and they forward it to the correct address, so you don't have to spend a lot of time figuring out where to send it. [...] When I saw the logs for the first time. I took the following steps: 1) AllowUsers in sshd contained only users that I wanted to have access to my ssh 2) Created a decent rulest within ipfw that permitted incoming access to only two ports ssh and http I took the issue of creating a good firewall quite lightly and now I regret that decision.. now I have learnt... Can someone provide me with guidance on this issue and advise me on next steps to take action against such losers. Get used to it. Seriously. The log you show appears to be an automated attack. You can expect a steady stream of them, mostly from worms (which I think is the case here), viruses, and zombie networks. Keep your system updated (use freebsd-update and portaudit), use appropriate firewall rules, and you shouldn't have a problem. [...] Aug 11 20:16:10 free sshd[21585]: Illegal user test from 210.245.197.16 Aug 11 20:16:12 free sshd[21587]: Illegal user guest from 210.245.197.16 Aug 11 20:16:14 free sshd[21589]: Illegal user admin from 210.245.197.16 Aug 11 20:16:16 free sshd[21591]: Illegal user admin from 210.245.197.16 Aug 11 20:16:23 free sshd[21593]: Illegal user user from 210.245.197.16 Aug 11 20:16:32 free sshd[21601]: Illegal user test from 210.245.197.16 [...] This particular attack is using a much smaller set of userIDs than some. I had one last night that was hitting hundreds of them. I sent a complaint to the ISP (via abuse.net), and about ten minutes later it quit. I don't know if it was because of the complaint, or if it just ran out of names to try, but it was gratifying just the same. - Bob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: creating filesystem images
On Wed, Aug 24, 2005 at 10:47:06AM -0700, Gary W. Swearingen wrote: David Kelly [EMAIL PROTECTED] writes: The advantage of dump/restore is that only the necessary data is written. With dd all the unused blocks on the media are also written, including the filesystem, which will probably work on the larger card. If you don't mind educating me further for no particular need... I've long known about the UNIX concept of everything being a string of bytes, but came to the conclusion early in my Linux days that disks couldn't be used as a filesystem after a dd unless their cylinders were the same size (or maybe it was just tracks). Has this all gone away with FreeBSD's removal of block devices and/or with LBA disks? When I last did any significant amount of FreeBSD-on-CF, FreeBSD was at 4.6 and I think the CF card hooked in on the SCSI drivers. In any case, back then I had no problems block copying a 32MB CF onto a 256MB CF, boot blocks, partition table, and everything so long as one didn't mind losing everything over 32MB. What I did have problems with is a few 256MB CF's in a lot which were externally identical to the others but a handful of blocks shorter. Thats when I nuked the dd procedure I had inherited and replaced with a script which started with newfs. Newfs was smart enough to detect the size and do the right thing. Yes, tar and/or pax are not able to copy/restore the special BSD flags which dump/restore does. I think I used mtree to beat my final CF image into the desired shape, permissions, owner/group, and BSD flags. -- David Kelly N4HHE, [EMAIL PROTECTED] Whom computers would destroy, they must first drive mad. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dump(8), incremental backups, Tower of Hanoi sequence, don't get it
On Wed, Aug 24, 2005 at 12:32:38PM +0100, Scott Mitchell wrote: Another useful rsync option is --link-dest: --link-dest=DIR This option behaves like --copy-dest, but unchanged files are hard linked from DIR to the destination directory. The files must be identical in all preserved attributes (e.g. permissions, possibly ownership) in order for the files to be linked together. I use this to rsync each backup into a new directory on the backup volume, named for the date of the backup. The result is a directory for each backup run, apparently containing every file from the source tree - but most of them are just hard links to some previous backup. This saves a *lot* of disk space as you only ever copy files that have changed since the last backup. You also have the complete file tree for each backup, so it's trivial to restore the version of a file that existed on any particular date. All this great discussion got me researchinng. I haven't tried this out but it looks like rsnapshot integrates a lot of features like this into a single configurable, cronable script. It is in ports as well. A lot of systems make use of cp -al ... well, for us FreeBSD people that means gcp from coreutils. rsnapshot looks like a lightweight, OS/FS-portable method of building rotating filesystem-wide snapshots via hardlinks, but can be made to operate on limited sets of directories, etc. It can create local snaphots of remote directories, but not, apparently, remote copies of local directories. One trick I gleaned from http://burd.info/gary/2003/03/snapshot-backup-using-rsync-and-ssh.html is to invoke rsync with --rsync-path which points to a script which performs maintenence functions and then passes off to rsync proper, so you could probably set up a client-triggered rsnapshot configuration if you were, say, doing backups of a Windows laptop client. :) -danny -- http://dannyman.toldme.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: limits puzzle - different limits on similar machines
On Tue, Aug 23, 2005 at 06:52:28PM -0600, Chad Leigh -- Shire.Net LLC wrote: On Aug 23, 2005, at 5:56 PM, Danny Howard wrote: # bump max datasize options MAXDSIZ=(1024*1024*1024) options MAXSSIZ=(1024*1024*1024) options DFLDSIZ=(1024*1024*1024) Might this not be it? unlimited is really limited by the kernel sys params Chad, Ayup, though I swear yesterday I was getting unlimited values for root across the board, and only seeing limits for users. But now I always see the same limits for root. So ... yeah, its the kernel. We can't tune the kernel limits through sysctl, eh? :) -danny -- http://dannyman.toldme.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where to FreeBSD Boot Manager?
On 8/22/05, Jerahmy Pocott [EMAIL PROTECTED] wrote: On 22/08/2005, at 11:22 AM, Garrett Cooper wrote: Yes, XP does have a boot manager, and I suppose I should have listed some available options when I originally replied to the email. Just thought that someone was making a split decision during an install and needed quick help. [...] As to 3s Con, I'm not entirely sure you have to install the bootloader.. I think you can install a standard bootstrap, then using dd copy it and have the NT loader use it to boot the system, removing the two layers of boot manager.. I did this before with NT, but it was a while ago and I don't really remember the exact steps you need to take, but there is probably something about it you can google.. The XP loader is configured just as the NT loader. Instructions for using it in both single-disk and two-disk dual-boot configurations are at http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/disks.html#NT-BOOTLOADER The instructions require that you install the FreeBSD boot manager if you are using the NT boot manager for a two-disk boot, but I think that you can overwrite it with the standard MBR after you have everything configured. Or perhaps I misunderstand: I've never used the NT loader to do a 2-disk configuration with FreeBSD. In any case, for a two disk configuration it is easier to just use the FreeBSD boot manager and not mess with the NT/XP boot manager. Of course using the FreeBSD manager is the much easier and simpler option, just some people seem to like the NT one better.. The NT boot manager is prettier, but for a two-disk system, setting it up is probably more trouble than it is worth. I believe the NT boot manager always defaults to the same system, while the FreeBSD boot manager defaults to the system most recently used. That might affect your choice. - Bob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: anonymous ssh forwarding
Hello, On Thu, Aug 25, 2005 at 12:35:24AM +0300, Toomas Laasik wrote: Hello, I have the following situation. Our company has a ssh server where users can connect from only specified static ip addresses. Like I have at home an ip address 1.2.3.4 and ssh server accepts connections only from it. Now I wan't to get access to that ssh server from places where I don't have static ip. I already have at home a freebsd server running with simple configutation. Is it possible to make some kind of tunnel or something so I could connect to my home freebsd machine that connects to ssh server so that ssh server 'thinks' that I'm connecting from home? Thank you in advance. Sorry for bad English Toomas Why don't you ssh into your home pc with static ip from your pc with dynamic ip and then ssh from your home machine into your server? Jonathan - ITV - Sinu lemmiksaated internetis! http://www.itv.ee ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- | /\ ASCII Ribbon | Jonathan Glaschke - Lorenz-Görtz-Straße 71, | \ / Campaign Against | 41238 Mönchengladbach, Tel: 02166-265876 | XHTML In Mail | Mobil: 0162-3390789, ICQ: 231021883 | / \ And News | http://jonathan-glaschke.de/ pgpwqFlf1dcwH.pgp Description: PGP signature
anonymous ssh forwarding
Hello, I have the following situation. Our company has a ssh server where users can connect from only specified static ip addresses. Like I have at home an ip address 1.2.3.4 and ssh server accepts connections only from it. Now I wan't to get access to that ssh server from places where I don't have static ip. I already have at home a freebsd server running with simple configutation. Is it possible to make some kind of tunnel or something so I could connect to my home freebsd machine that connects to ssh server so that ssh server 'thinks' that I'm connecting from home? Thank you in advance. Sorry for bad English Toomas - ITV - Sinu lemmiksaated internetis! http://www.itv.ee ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: anonymous ssh forwarding
Hello, On Thu, Aug 25, 2005 at 12:35:24AM +0300, Toomas Laasik wrote: Hello, I have the following situation. Our company has a ssh server where users can connect from only specified static ip addresses. Like I have at home an ip address 1.2.3.4 and ssh server accepts connections only from it. Now I wan't to get access to that ssh server from places where I don't have static ip. I already have at home a freebsd server running with simple configutation. Is it possible to make some kind of tunnel or something so I could connect to my home freebsd machine that connects to ssh server so that ssh server 'thinks' that I'm connecting from home? Thank you in advance. Sorry for bad English Toomas Why don't you ssh into your home pc with static ip from your pc with dynamic ip and then ssh from your home machine into your server? Using just ssh is no a problem. The machine with dynamic IP has WinXP and Putty on it. Setting remote command in Putty to ssh [EMAIL PROTECTED] eliminates even the need to type it in in putty ssh console... Anyway the problem comes when I want to use FileZilla to make SFTP connection over SSH2 connection through home computer. I've tried Putty's tunneling, but the other end of that tunnel is still my home computer even tho my home computer is connected to www server with ssh. So my approach is to find out how can I set something up on my home freebsd machine so that connecting to some port on it, it connects to www server ssh port. Toomas Jonathan - ITV - Sinu lemmiksaated internetis! http://www.itv.ee =20 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] rg --=20 | / ASCII Ribbon | Jonathan Glaschke - Lorenz-G=F6rtz-Stra=DFe 71, | / Campaign Against | 41238 M=F6nchengladbach, Tel: 02166-265876 | XHTML In Mail | Mobil: 0162-3390789, ICQ: 231021883 | / And News | http://jonathan-glaschke.de/ - ITV - Sinu lemmiksaated internetis! http://www.itv.ee ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re[2]: anonymous ssh forwarding
Hello, On Thu, Aug 25, 2005 at 12:35:24AM +0300, Toomas Laasik wrote: Hello, I have the following situation. Our company has a ssh server where users can connect from only specified static ip addresses. Like I have at home an ip address 1.2.3.4 and ssh server accepts connections only from it. Now I wan't to get access to that ssh server from places where I don't have static ip. I already have at home a freebsd server running with simple configutation. Is it possible to make some kind of tunnel or something so I could connect to my home freebsd machine that connects to ssh server so that ssh server 'thinks' that I'm connecting from home? Thank you in advance. Sorry for bad English Toomas Why don't you ssh into your home pc with static ip from your pc with dynamic ip and then ssh from your home machine into your server? Using just ssh is no a problem. The machine with dynamic IP has WinXP and Putty on it. Setting remote command in Putty to ssh [EMAIL PROTECTED] eliminates even the need to type it in in putty ssh console... Anyway the problem comes when I want to use FileZilla to make SFTP connection over SSH2 connection through home computer. I've tried Putty's tunneling, but the other end of that tunnel is still my home computer even tho my home computer is connected to www server with ssh. So my approach is to find out how can I set something up on my home freebsd machine so that connecting to some port on it, it connects to www server ssh port. Toomas - You could build up a VPN (OpenVPN comes to my mind) between your home and your roaming machine, set your home BSD machine up to act as a NAT gateway from the VPN to the World and then make a route on your roaming machine to the effect of using your home machine as the gateway for connecting to your office IP. I would guess that some combination of port forwarding (done in the Firewall) and NAT could also allow you to achieve your goal. But I like VPN solutions. Hexren ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How do I get packages with tgz files
On Wed, Aug 24, 2005 at 08:32:36AM -0700, Bharma wrote: Am sorry for the typos. The problem is actually this. The KDE packages available right now are tbz files. However, pkg_add on FreeBSD 4.2.8 understands only tgz files. I earlier wrote that I was trying to install tgz files though I meant that I was trying to install tbz files. So the question is how to I get tgz files? 1) You're looking in the wrong place if you're seeing .tbz packages, because 4.x still uses .tgz packages. but 2) There is no such thing as FreeBSD 4.2.8. Perhaps you mean 4.2 or 4.8. Either way, you'll need to look in the correct location on the FTP sites for these packages (e.g. packages-4.8-release/), but since both releases are quite old you might have trouble still finding them on the mirror sites. Check http://mirrorlist.freebsd.org/ Kris pgpi7AJdyDLiL.pgp Description: PGP signature
FreeBSD on old laptop, installer panic
I'm giving FreeBSD a go on my laptop, but I'm running into problems straight off the 5.4-STABLE installer. At first it would hang without an error. After I disabled power management in the bios I got a bit further - now it crashes with a panic: - pcib0: intel 82443BX (440 BX) host to PCI bridge pcibus 0 on motherboard pir0: PCI Interrupt Routing Table: 8 Entries on motherboard pci0: PCI bus on pcib0 Fatal trap 12: page fault while in kernel mode fault virtual address = 0xeb871 fault code = supervisor read, page not present instruction pointer = 0x8 :0xc00eb757 stack pointer = 0x10 :0xc1020a0 frame pointer = 0x10 :0xc1020a0 code segment = base 0x0, limit 0xf, type 0x1b = DPL 0, pres 1, def32 1, IOPL = 0 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 0 trap number=12 panic: page fault Some googling with the fault virtual address turned up a few pages, but none in english and seemingly none coming to a solution. lspci -v in linux gives me - :00:01.0 PCI bridge: Intel Corp. 440BX/ZX/DX - 82443BX/ZX/DX AGP bridge (rev 03) (prog-if 00 [Normal decode]) Flags: bus master, 66MHz, medium devsel, latency 0 Bus: primary=00, secondary=01, subordinate=01, sec-latency=0 I/O behind bridge: 8000-9fff Memory behind bridge: d800-dfff Prefetchable memory behind bridge: d000-d7ff - Any ideas? Usually my *NIX give me panics /after/ I get through installing them : p -Zac ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where to FreeBSD Boot Manager?
Oops, this is the very link that I was looking for. Thanks a lot! Soo-Hyun On 8/24/05, Bob Johnson [EMAIL PROTECTED] wrote: On 8/22/05, Jerahmy Pocott [EMAIL PROTECTED] wrote: On 22/08/2005, at 11:22 AM, Garrett Cooper wrote: Yes, XP does have a boot manager, and I suppose I should have listed some available options when I originally replied to the email. Just thought that someone was making a split decision during an install and needed quick help. [...] As to 3s Con, I'm not entirely sure you have to install the bootloader.. I think you can install a standard bootstrap, then using dd copy it and have the NT loader use it to boot the system, removing the two layers of boot manager.. I did this before with NT, but it was a while ago and I don't really remember the exact steps you need to take, but there is probably something about it you can google.. The XP loader is configured just as the NT loader. Instructions for using it in both single-disk and two-disk dual-boot configurations are at http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/disks.html#NT-BOOTLOADER The instructions require that you install the FreeBSD boot manager if you are using the NT boot manager for a two-disk boot, but I think that you can overwrite it with the standard MBR after you have everything configured. Or perhaps I misunderstand: I've never used the NT loader to do a 2-disk configuration with FreeBSD. In any case, for a two disk configuration it is easier to just use the FreeBSD boot manager and not mess with the NT/XP boot manager. Of course using the FreeBSD manager is the much easier and simpler option, just some people seem to like the NT one better.. The NT boot manager is prettier, but for a two-disk system, setting it up is probably more trouble than it is worth. I believe the NT boot manager always defaults to the same system, while the FreeBSD boot manager defaults to the system most recently used. That might affect your choice. - Bob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to use linux .so in freebsd application
I guess I found the answer to my question (thanks Google Groups!): On Fri, May 27, 2005 at 03:10:13PM -0700, Simeon Nifos wrote: Hallo everybody, 1:) Suppose I have a Linux Library library.so.=20 And I want to link it with my main.c compiled in FreeBSD. How can I achieve that? You can't. You may not need to though. What are you really trying to achieve? :) Kris and that's you can't use a linux library from a freebsd program :( C On 8/22/05, Chicky ShnoodleSoup [EMAIL PROTECTED] wrote: Hi, Thanks to the linux binary compatibility ( http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/linuxemu-lbc-install.html ), I am able to run a linux application using the linux dynamic library on a freebsd machine. Now I am trying to get a freebsd application (same application but compiled on freebsd) using the linux .so (don't have the source to compile it on freebsd) running on freebsd. Is that possible? if yes, how to do it? How to tell the compiler to use freebsd libraries for the application and the linux ones for the linux .so? Thanks, C ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Script help using cut
- Original Message - From: Giorgos Keramidas [EMAIL PROTECTED] To: antenneX [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Wednesday, August 24, 2005 11:52 AM Subject: Re: Script help using cut On 2005-08-24 11:41, antenneX [EMAIL PROTECTED] wrote: Giorgos Keramidas [EMAIL PROTECTED] wrote: sed -e 's/)[[:space:]]*$//' -e 's/^.*@//' or you can use as complex regular expressions as necessary to cut specific parts of the line: sed -e 's/[EMAIL PROTECTED]([^)]*\))[[:space:]]*$/\1/' In fact, my very next script line uses sed(1) to add the TAB and the RHS to the sendmail access file: sed 's/$/ REJECT/g' tmpfile /etc/mail/access I'll bet my line could be incorporated with yours. Sure. It's probably also a good idea to use mv(1) with a temporary file residing under /etc/mail too, to make sure the update to the access map is as close to being an ``atomic operation'' as possible: % accesstmp=`mktemp /etc/mail/access.tmp.XX` % if [ -z ${accesstmp} ]; then % exit 1 % fi % % ( cat /etc/mail/access ; % awk '{whatever else here}' tmpfile | \ % sed -e 's/[EMAIL PROTECTED]([^)]*\))[[:space:]]*$/\1 REJECT/' ) ${accesstmp} % if [ $? -ne 0 ]; then % exit 1 % fi % mv ${accesstmp} /etc/mail/access % cd /etc/mail make access.db Giorgos, that's pretty snazzy compared to my crude script. Will now work on weaving it all together. Eliminates a bit more manual effort. I like it appreciate the extra help! Best regards, Jack L. Stone ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Booting FreeBSD over network or serial links?
Hi, I have two PCs, one with linux installed and another one is a old PC. I would like use my linux pc to make modifications to freebsd code base and then test it on my old PC. After compiling freebsd image on my linux pc, how do I boot this image on my old PC ? Is there a cost effective way of doing this without using floppies or CDs which is time consuming ? Can I run some special image on my old PC to let it fetch the newly compiled image everytime ?? Does anyone have this kind of setup ? Can I setup a console server for cheap and acheive this ? Please share your thoughts on this. Thanks, Sarath ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: limits puzzle - different limits on similar machines
Danny Howard wrote: On Tue, Aug 23, 2005 at 06:52:28PM -0600, Chad Leigh -- Shire.Net LLC wrote: On Aug 23, 2005, at 5:56 PM, Danny Howard wrote: # bump max datasize options MAXDSIZ=(1024*1024*1024) options MAXSSIZ=(1024*1024*1024) options DFLDSIZ=(1024*1024*1024) Might this not be it? unlimited is really limited by the kernel sys params [ ... ] We can't tune the kernel limits through sysctl, eh? :) No, but see /boot/default/loader.conf, you can tune it there without having to rebuild the kernel... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Performance Issues with AMD64 3000+, 1.5GB RAM, FreeBSD 5.4-RELEASE
Hi everyone. Last night I finally worked out some issues with my AMD64 machine and got it up and operational. It's an AMD64 3000+ with 1.5GB RAM, and five 7200RPM hard drives (total of 720 gigs) running FreeBSD 5.4-RELEASE (amd64). When doing testing and initial install/configuration of this machine (compiling apps and such) I didn't notice this too much, but now that I'm actually using it this is starting to be noticeable. The issue I'm having is that every minute or two, I will hear some stuttering in any audio/video playback (will see the video freeze if video), and my mouse will freeze for a few seconds as well while this happens. It seems to happen more frequently if I have something doing disk I/O, such as downloads running, untarring files, or torrents. Right now, I have the following applications open: Xorg Xfce X-Chat Mozilla Firefox (Only about 10 tabs, as opposed to my normal 40-50 tabs) Terminal XMMS Mozilla Thunderbird rtorrent I initially noticed it on this machine when untarring a 20MB tar.bz2 file, and I figured with it untarring that a little audio stuttering would be expected. Then today, I started noticing it when doing normal things. All I'm doing now is just light browsing with XMMS and X-Chat open, and maybe one download going. While my AMD64 was out of commission, I was using an Athlon XP 2000+ with 1GB of RAM and an old slower hard drive. It ran FreeBSD 5.4-RELEASE as well. I noticed the same stutters in audio/video playback and freezing of the mouse there, although it was much more frequent. Here is a top output from just now: last pid: 59025; load averages: 0.07, 0.08, 0.12 59 processes: 1 running, 58 sleeping CPU states: 4.3% user, 0.0% nice, 2.3% system, 1.6% interrupt, 91.8% idle Mem: 841M Active, 245M Inact, 194M Wired, 72M Cache, 162M Buf, 2300K Free Swap: 3045M Total, 96K Used, 3045M Free So basically I'm wondering if there are any OS optimizations or anything I am missing to reduce this? I'm not sure why on this type of hardware with not even using half of what I normally would have open (at least Firefox tabs wise) it would cause so many hiccups like this. Thanks in advance for any opinions or suggestions. -Mark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Illegal access attempt - FreeBSD 5.4 Release - please advise
How can I easily auto deny after x failed attempts? Is this an sshd setting? I could find it. Is there something in ports that will firewall off somebody who is brute forcing? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pat Maddox Sent: Tuesday, August 23, 2005 9:27 PM To: FreeBSD Questions Subject: Re: Illegal access attempt - FreeBSD 5.4 Release - please advise It's not that big of a deal...they didn't get in or anything. If you've got a server that's always connected to the internet, you'll see people trying to break in all the time. The more popular your server, the more frequent the attempts. This is just someone trying to log in via SSH - so as long as you have good passwords on all your accounts, and disable remote root login, you're fine. You may consider denying access after X failed login attempts. On 8/23/05, ro ro [EMAIL PROTECTED] wrote: Hi All, I was browsing through my log files and noticed that someone (or many people) is trying to gain illegal access to my server (see snippet from log files below). The below log file clearly indicates someone trying to hackaway at my personal server. I performed the following steps: nmap -v 210.0.142.153 and noticed that this person/institution had port 80 and 21 open. I visited their website and it appears to be someone from hongkong. http://www.chkpcc.edu.hk/ HERE IS THEIR CONTACT INFORMATION AS IT APPEARS ON THEIR WEBSITE - Confucian Ho Kwok Pui Chun College 孔 教 學 院 何 郭 佩 珍 中 學 Address 地址: Fu Shin Est., Taipo, N.T., HKSAR 香港新界大埔富善村 Tel 電話: 852-2666-5926 Fax 傳真: 852-2660-7988 E-mail 電郵: [EMAIL PROTECTED] - When I saw the logs for the first time. I took the following steps: 1) AllowUsers in sshd contained only users that I wanted to have access to my ssh 2) Created a decent rulest within ipfw that permitted incoming access to only two ports ssh and http I took the issue of creating a good firewall quite lightly and now I regret that decision.. now I have learnt... Can someone provide me with guidance on this issue and advise me on next steps to take action against such losers. Thanks RV Aug 23 08:19:03 free sshd[22519]: Illegal user lp from 210.0.142.153 Aug 23 08:19:06 free sshd[22521]: Illegal user admin from 210.0.142.153 Aug 23 08:19:08 free sshd[22523]: Illegal user admin from 210.0.142.153 Aug 23 08:19:10 free sshd[22525]: Illegal user admin from 210.0.142.153 Aug 23 08:19:12 free sshd[22527]: Illegal user admin from 210.0.142.153 Aug 23 08:19:15 free sshd[22529]: Illegal user admin from 210.0.142.153 Aug 23 08:19:17 free sshd[22531]: Illegal user admin from 210.0.142.153 Aug 23 08:19:19 free sshd[22533]: Illegal user admin from 210.0.142.153 Aug 23 08:19:22 free sshd[22535]: User root not allowed because not listed in AllowUsers Aug 23 08:19:24 free sshd[22537]: User root not allowed because not listed in AllowUsers Aug 23 08:19:27 free sshd[22539]: User root not allowed because not listed in AllowUsers Aug 23 08:19:29 free sshd[22541]: User root not allowed because not listed in AllowUsers Aug 23 08:19:33 free sshd[22543]: User root not allowed because not listed in AllowUsers Aug 23 08:19:35 free sshd[22545]: User root not allowed because not listed in AllowUsers Aug 23 08:19:37 free sshd[22547]: Illegal user apache from 210.0.142.153 Aug 23 08:19:40 free sshd[22549]: Illegal user dan from 210.0.142.153 Aug 23 08:19:42 free sshd[22551]: Illegal user electra from 210.0.142.153 Aug 23 08:19:44 free sshd[22553]: Illegal user student from 210.0.142.153 Aug 23 08:19:47 free sshd[22555]: Illegal user school from 210.0.142.153 Aug 23 08:19:49 free sshd[22557]: User mysql not allowed because not listed in AllowUsers Aug 11 20:16:10 free sshd[21585]: Illegal user test from 210.245.197.16 Aug 11 20:16:12 free sshd[21587]: Illegal user guest from 210.245.197.16 Aug 11 20:16:14 free sshd[21589]: Illegal user admin from 210.245.197.16 Aug 11 20:16:16 free sshd[21591]: Illegal user admin from 210.245.197.16 Aug 11 20:16:23 free sshd[21593]: Illegal user user from 210.245.197.16 Aug 11 20:16:32 free sshd[21601]: Illegal user test from 210.245.197.16 Aug 14 03:39:21 free sshd[32377]: Illegal user 1 from 61.145.222.10 Aug 14 03:39:26 free sshd[32379]: Illegal user a from 61.145.222.10 Aug 14 03:39:31 free sshd[32381]: Illegal user a from 61.145.222.10 Aug 14 03:39:38 free sshd[32383]: Illegal user abuse from 61.145.222.10 Aug 14 10:47:49 free sshd[33623]: Illegal user admin from 64.222.146.197 Aug 14 10:47:51 free sshd[33625]: Illegal user administrator from 64.222.146.197 Aug 14 10:47:52 free sshd[33627]: Illegal user jack from 64.222.146.197 Aug 14 10:47:53 free sshd[33629]: Illegal user marvin from 64.222.146.197 Aug 14 10:47:58 free sshd[33631]:
Re: Performance Issues with AMD64 3000+, 1.5GB RAM, FreeBSD 5.4-RELEASE
On Wed, 24 Aug 2005, Mark Kane wrote: Hi everyone. Last night I finally worked out some issues with my AMD64 machine and got it up and operational. It's an AMD64 3000+ with 1.5GB RAM, and five 7200RPM hard drives (total of 720 gigs) running FreeBSD 5.4-RELEASE (amd64). When doing testing and initial install/configuration of this machine (compiling apps and such) I didn't notice this too much, but now that I'm actually using it this is starting to be noticeable. The issue I'm having is that every minute or two, I will hear some stuttering in any audio/video playback (will see the video freeze if video), and my mouse will freeze for a few seconds as well while this happens. It seems to happen more frequently if I have something doing disk I/O, such as downloads running, untarring files, or torrents. Right now, I have the following applications open: Xorg Xfce X-Chat Mozilla Firefox (Only about 10 tabs, as opposed to my normal 40-50 tabs) Terminal XMMS Mozilla Thunderbird rtorrent I initially noticed it on this machine when untarring a 20MB tar.bz2 file, and I figured with it untarring that a little audio stuttering would be expected. Then today, I started noticing it when doing normal things. All I'm doing now is just light browsing with XMMS and X-Chat open, and maybe one download going. While my AMD64 was out of commission, I was using an Athlon XP 2000+ with 1GB of RAM and an old slower hard drive. It ran FreeBSD 5.4-RELEASE as well. I noticed the same stutters in audio/video playback and freezing of the mouse there, although it was much more frequent. Here is a top output from just now: last pid: 59025; load averages: 0.07, 0.08, 0.12 59 processes: 1 running, 58 sleeping CPU states: 4.3% user, 0.0% nice, 2.3% system, 1.6% interrupt, 91.8% idle Mem: 841M Active, 245M Inact, 194M Wired, 72M Cache, 162M Buf, 2300K Free Swap: 3045M Total, 96K Used, 3045M Free So basically I'm wondering if there are any OS optimizations or anything I am missing to reduce this? I'm not sure why on this type of hardware with not even using half of what I normally would have open (at least Firefox tabs wise) it would cause so many hiccups like this. Thanks in advance for any opinions or suggestions. -Mark Mark, I to am having similar problems with SATA drives, to the point where the audio coming from XMMS sounds just TRIPPING! One thing that helped me was to INSURE that the dma for the hw.ata.atapi_dma and hw.ata.ata_dma where both set to 1. Also, staying STABLE for me has been advantageous. T. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Corrupt entries in /var/log/messages?
Occasionally I get entries like this in my log. It looks like more than one process is logging at the same time. Shouldn't syslogd be thread/SMP/concurrency safe from this kind of thing? Aug 24 05:29:44 sakura kernel: 66ppiidd 119942486 9( (hthttptdpd)),, uiudi d 808:0 :e xeixtietde do no ns isginganla l In an unrelated note, I'm getting a few *** POKED TIMER *** messages in the syslog from named, anyone know what this is? I found a few questions about in the archive, but no answers (telling somebody to search the archive isn't any good when that's the only answer found) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Performance Issues with AMD64 3000+, 1.5GB RAM, FreeBSD 5.4-RELEASE
TRODAT wrote: Mark, I to am having similar problems with SATA drives, to the point where the audio coming from XMMS sounds just TRIPPING! Well while all my drives are PATA, I should mention that I'm not even trying to play mp3s/Ogg files from any of my five drives most of the time. I run a group of Internet radio stations so most times I am listening to them. It's not the server skipping, it's for sure some kind of few second freeze of the mouse/display and the sound stutters at the same time. It's also not just audio in XMMS. I could be watching a video clip in VLC or mplayer and have some of the same results. The picture would freeze for a moment and the audio would stutter for a few seconds, then resume normal playback...and that's even with NOTHING else running but X, Xfce, and VLC. I can manually make it worse. As I said before, if I untar an archive like Mozilla or something it gets almost unlistenable and the mouse is constantly freezing as I move it around. One thing that helped me was to INSURE that the dma for the hw.ata.atapi_dma and hw.ata.ata_dma where both set to 1. DMA is for sure enabled on all the hard drives, but the optical drive remains in PIO mode. I haven't attempted to play anything from that yet, however. Also, staying STABLE for me has been advantageous. I have not tried STABLE yet, but if it would help this and wouldn't introduce any new problems I would be happy to give it a try. -Mark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Performance Issues with AMD64 3000+, 1.5GB RAM, FreeBSD 5.4-RELEASE
Daniel Marsh wrote: Could you post your dmesg to the list? I have had a similar problem with SATA hard drives on an Intel PNSLK 945 chipset motherboard with a Pentium D 3ghz. The SATA drives simply would not recognize as DMA, only PIO, in the BIOS there was a setting for ATA/IDE Mode, the options were Enhanced or Legacy (defaulted to Enhanced), once set to Legacy all disk drives are now working in UDMA 5 mode. Even though you have stated your drives are PATA, it could be a related issue. Did you check the sysctl variables listed above, what are their values? You say you have 5 disk drives, have you got an add-on IDE card for the extra hard drives (most mobo's I've seen only have one IDE port and 4 SATA ports these days) or does the mobo have onboard RAID controllers which you aren't using for RAID (could lead to driver incompatibilites for those controllers)? Thank you Daniel Thanks for the response, dmesg is included below. Before getting this system up and running, I had two weeks of hell getting DMA to properly work with this series of motherboards. They have some controller issues or something, because more than one drive cannot reside on the same cable or there are UDMA ICRC READ and WRITE errors. I know it's not this particular board because this is the second brand new board of the same model (Giga-Byte K8NS Pro) I've had with similar DMA problems. I had a thread going here about that also. The end solution to that was to have each drive on it's own dedicated channel, and I have a Promise ATA card in here in addition to the motherboard's 4 channels (2 IDE + 2 RAID which function as IDE). I don't think it is due to this particular problem with the controllers though since I used that other 5.4 machine for a month and a half and it did the exact same things. hw.ata.atapi_dma: 0 hw.ata.ata_dma: 1 - FreeBSD 5.4-RELEASE #1: Fri Aug 19 10:07:40 CDT 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/AMD643000 ACPI APIC Table: Nvidia AWRDACPI Timecounter i8254 frequency 1193182 Hz quality 0 CPU: AMD Athlon(tm) 64 Processor 3000+ (2009.79-MHz K8-class CPU) Origin = AuthenticAMD Id = 0xfc0 Stepping = 0 Features=0x78bfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2 AMD Features=0xe0500800SYSCALL,NX,MMX+,LM,3DNow+,3DNow real memory = 1610547200 (1535 MB) avail memory = 1542995968 (1471 MB) ioapic0 Version 1.1 irqs 0-23 on motherboard acpi0: Nvidia AWRDACPI on motherboard acpi0: Power Button (fixed) Timecounter ACPI-fast frequency 3579545 Hz quality 1000 acpi_timer0: 24-bit timer at 3.579545MHz port 0x1008-0x100b on acpi0 cpu0: ACPI CPU on acpi0 acpi_button0: Power Button on acpi0 pcib0: ACPI Host-PCI bridge port 0xcf0-0xcf3,0xcf8-0xcff on acpi0 pci0: ACPI PCI bus on pcib0 isab0: PCI-ISA bridge at device 1.0 on pci0 isa0: ISA bus on isab0 pci0: serial bus, SMBus at device 1.1 (no driver attached) ohci0: OHCI (generic) USB controller mem 0xfc002000-0xfc002fff irq 22 at device 2.0 on pci0 usb0: OHCI version 1.0, legacy support usb0: OHCI (generic) USB controller on ohci0 usb0: USB revision 1.0 uhub0: nVidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered ohci1: OHCI (generic) USB controller mem 0xfc003000-0xfc003fff irq 21 at device 2.1 on pci0 usb1: OHCI version 1.0, legacy support usb1: OHCI (generic) USB controller on ohci1 usb1: USB revision 1.0 uhub1: nVidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 4 ports with 4 removable, self powered pci0: serial bus, USB at device 2.2 (no driver attached) atapci0: nVidia nForce3 Pro UDMA133 controller port 0xf000-0xf00f,0x376,0x170-0x177,0x3f6,0x1f0-0x1f7 at device 8.0 on pci0 ata0: channel #0 on atapci0 ata1: channel #1 on atapci0 atapci1: GENERIC ATA controller port 0xe400-0xe40f,0xb70-0xb73,0x970-0x977,0xbf0-0xbf3,0x9f0-0x9f7 irq 22 at device 10.0 on pci0 ata2: channel #0 on atapci1 ata3: channel #1 on atapci1 pcib1: ACPI PCI-PCI bridge at device 11.0 on pci0 pci1: ACPI PCI bus on pcib1 pci1: display, VGA at device 0.0 (no driver attached) pcib2: ACPI PCI-PCI bridge at device 14.0 on pci0 pci2: ACPI PCI bus on pcib2 atapci2: Promise PDC20269 UDMA133 controller port 0x9000-0x900f,0x8c00-0x8c03,0x8800-0x8807,0x8400-0x8403,0x8000-0x8007 mem 0xfb00-0xfb003fff irq 19 at device 7.0 on pci2 ata4: channel #0 on atapci2 ata5: channel #1 on atapci2 pcm0: Creative Audigy 2 (EMU10K2) port 0x9400-0x943f irq 17 at device 9.0 on pci2 pcm0: SigmaTel STAC9721/23 AC97 Codec fwohci0: 1394 Open Host Controller Interface mem 0xfb004000-0xfb007fff,0xfb011000-0xfb0117ff irq 18 at device 9.2 on pci2 fwohci0: OHCI version 1.10 (ROM=0) fwohci0: No. of Isochronous channels is 4. fwohci0: EUI64 00:02:3c:00:91:01:6c:20 fwohci0: Phy 1394a available S400, 2 ports. fwohci0: Link S400, max_rec 2048 bytes. firewire0: IEEE1394(FireWire) bus on fwohci0 fwe0: Ethernet over
Re: Booting FreeBSD over network or serial links?
At 05:54 PM 8/24/2005, Sarath Kamisetty wrote: Hi, I have two PCs, one with linux installed and another one is a old PC. I would like use my linux pc to make modifications to freebsd code base and then test it on my old PC. After compiling freebsd image on my linux pc, how do I boot this image on my old PC ? Is there a cost effective way of doing this without using floppies or CDs which is time consuming ? Can I run some special image on my old PC to let it fetch the newly compiled image everytime ?? Does anyone have this kind of setup ? Can I setup a console server for cheap and acheive this ? Please share your thoughts on this. If you have an intel NIC which supports PXE, you can boot the machine from a kernel that's on another machine and shared by NFS or tftp. Take a look at the man page for pxeboot(8), as well as the development(7) man page for some good info. -Glenn Thanks, Sarath ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]