too late to change to security branch?
I have servers running 6.1 and 6.2. I use freebsd-update in cron jobs to install binary security update to the base system, and use cvsup/portupgrade in cron jobs to install port updates. By default, cvsup uses CURRENT branch. I am tired of some updates breaking something unnecessarily, and am thinking of changing to SECURITY branch in cvsup. Is that possible? Some of my ports are already locally compiled with customized options. If that's impossible, can I wait until the release of 6.3, upgrading to it, and then switch to SECURITY branch in cvsup? If those are entirely impossible, can I switch to STABLE branch? I'm confused by this system, please let me know if anything I do doesn't make sense. Best, Bill ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Research About FreeSBD
Hello Danilo, Thursday, September 27, 2007, 8:12:59 AM, you wrote: > Good Night ! > I am working on an Open Source Project and specifically I am researching > about Freebsd as a Company. I would like to know more about your current > market position , financial performance , etc. > Can I find this information in your web page or may be contact somebody > in your Organization ? Although FreeBSD is not a company, you will find some financial information and some other things about the project at http://www.freebsdfoundation.org/. -- Best regards, Danielmailto:[EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Research About FreeSBD
Good Night ! I am working on an Open Source Project and specifically I am researching about Freebsd as a Company. I would like to know more about your current market position , financial performance , etc. Can I find this information in your web page or may be contact somebody in your Organization ? Kind Regards, Danilo B. Sanchez M. MBA Candidate '08 F.W. Olin Graduate School of Business Babson College [EMAIL PROTECTED] Phone: 781-879-2445 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Dumb IPFW Question
On Wed, 26 Sep 2007 20:46:29 +0100 Chris Yocum <[EMAIL PROTECTED]> wrote: > Just to explain a bit, I have installed a FreeBSD 6.2 system on a > machine to act as a natd router. I turned on the firewall and set the > firewall rule script to the one from the handbook > (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html) > (Example Ruleset #2 at the bottom). Despite lots of useful tips, especially regarding stateful rules, there are a number of problems with some of the information on that page, and I wouldn't rely on it as a substitute for a thorough study of ipfw(8). At the risk of being called on to submit a PR and diff, be particularly wary of the sections in which the word 'mandatory' appears, and perhaps compare those rulesets with those in /etc/rc.firewall. But anyway .. > After some investigation when I could not get www, I discovered > that somehow port 53 is blocked even when I explicitly open it. This > happens when I uncomment the rule "# Reject & Log all unauthorized out > going connections to the public Internet > $cmd 450 deny log all from any to any out via $pif". So essentially, > when I use that line, I loose my DNS and my www will not work anymore. I see Chuck already caught your use of 'setup' with udp, which was the immediate problem. In fact, the ruleset #2 you used as basis has a rule for TCP port 53 (needed if you need to transfer zone/s with an outside DNS server) but had entirely omitted UDP 53 (though the earlier examples included it), which it seems you must have already noticed. > Otherwise, it all works great and I could not be happier. Thank > you in advance for any help that you may be able to provide. I am > sure that it is some small blunder on my part. One thing lacking in that ruleset is stopping of _outbound_ spoofing of RFC 1918 etc addresses; refer to the 'simple' section of rc.firewall, particularly the placement of anti-spoofing rules wrt NATD diversion. > # Dup these lines if your ISP has more than one DNS server Or use an address list in one rule, like addr1,addr2,addr3 > # Get the IP addresses from /etc/resolv.conf file > $cmd 023 $skip udp from any to 53 out via $pif setup keep-state > $cmd 024 $skip udp from any to 53 out via $pif setup keep-state > $cmd 025 $skip udp from any to 53 out via $pif setup keep-state As you've found, dropping 'setup' will make these work. > # Allow out ping > $cmd 080 $skip icmp from any to any out via $pif keep-state I'm not sure if this is sufficient to allow icmptypes needed by TCP for MTU discovery? but I allow these types specifically and not statefully. > # Deny all Netbios service. 137=name, 138=datagram, 139=session > # Netbios is MS/Windows sharing services. > # Block MS/Windows hosts2 name server requests 81 > $cmd 320 deny tcp from any to any 137 in via $pif > $cmd 321 deny tcp from any to any 138 in via $pif > $cmd 322 deny tcp from any to any 139 in via $pif > $cmd 323 deny tcp from any to any 81 in via $pif I've noticed other people just copying these rules from this example, but 137 and 138 are on UDP, not TCP, while 139 is a TCP service. Still, unless you wanted to count these individually, the 'deny everything not specifically allowed' rule will catch these anyhow. And if you've got windows boxes NAT'd on the inside you should block these going OUT too. eg for TCP: #% first take out the VAST bulk of TCP bogons / background noise: crap="135,139,445,1433,2967,2968,4899,5900" crap="${crap},8000,8080,3128" ${fwadd} deny log $afew tcp from any to any ${crap} in via ${ext_if} setup # Reject&Log all other setup of incoming connections from the outside ${fwadd} deny log $lots tcp from any to any in via ${ext_if} setup and for UDP: #% first cut out most of the heavy duty noise (incl broken insiders) junk="137,138,1433,1434" junk="${junk},3544" # XP home calls home? MS ipV6 'Toredo' ${fwadd} deny udp from any to any ${junk} via ${ext_if} > #allow in information from the ISP's DNS > $cmd 361 allow udp from 53 to any in via $pif keep-state > $cmd 362 allow udp from 53 to any in via $pif keep-state These are not useful, since you're using outbound UDP keep-state on 53. If you're running a public DNS server, you'd need to allow inbound DNS in from anyone, not (just) your ISP. HTH, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Dual Opterons don't see all memory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sep 26, 2007, at 10:35 PM, Matthew Seaman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Erich Dollansky wrote: Paul Schmehl wrote: --On September 26, 2007 9:06:57 PM -0700 Eric Osterweil <[EMAIL PROTECTED]> wrote: On Sep 26, 2007, at 8:57 PM, Erich Dollansky wrote: Eric Osterweil wrote: Ahh... To do this, do I just specify the CPUTYPE in the /etc/ make.conf as: CPUTYPE=amd64 ? No. Add options SMP to GENERIC or use the SMP conf file that's already there (and includes GENERIC). Then recompile the kernel per the handbook. he still has to set the CPU type also in this config file to amd64. If the OP has installed FreeBSD i386 then changing the CPU type in /etc/make.conf won't magically get him FreeBSD amd64 --- it will just get him FreeBSD i386 optimized for AMD processors running in 32bit mode. As far as I know, there is no simple way to start with a 32-bit system and the FreeBSD sources and recompile and reinstall everything into a 64-bit system. (Although the opposite direction is apparently possible on 7-CURRENT, but it's a guru-only level of difficulty.) The best and most effective answer here is to start by downloading an amd64 installation CD and redo the whole thing from scratch. Cheers, Matthew Ahh... gotcha. I guess it's good that I asked before I loaded the machine up and invested a lot of time in it. I can nuke it if that's what has to be done. Thanks, Eric -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFG+0UIK/tq6CJjZQIRAuwwAJ9X0MIlij9g+O6TNvflq1dOAE+GMwCeJDpL PVjv3wiYxhbrj01FcPqwzDw= =ySXY -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Dual Opterons don't see all memory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Erich Dollansky wrote: > Paul Schmehl wrote: >> --On September 26, 2007 9:06:57 PM -0700 Eric Osterweil >> <[EMAIL PROTECTED]> wrote: >> >>> On Sep 26, 2007, at 8:57 PM, Erich Dollansky wrote: >>> Eric Osterweil wrote: > make use of it's 6GB of memory, and FreeBSD can only see about 4GB > of it. > Can anyone help me figure out how to make use of the missing GB? > FreeBSD 6.2-RELEASE #0: Fri Jan 12 11:05:30 UTC 2007 this looks like a 32 bit binary to me. You either need a 64 bit binary or you need to enable PAE. Just build a custom kernel for 64 bits. >>> >>> Ahh... To do this, do I just specify the CPUTYPE in the /etc/make.conf >>> as: >>> CPUTYPE=amd64 >>> ? >>> >> No. Add options SMP to GENERIC or use the SMP conf file that's >> already there (and includes GENERIC). Then recompile the kernel per >> the handbook. >> > he still has to set the CPU type also in this config file to amd64. If the OP has installed FreeBSD i386 then changing the CPU type in /etc/make.conf won't magically get him FreeBSD amd64 --- it will just get him FreeBSD i386 optimized for AMD processors running in 32bit mode. As far as I know, there is no simple way to start with a 32-bit system and the FreeBSD sources and recompile and reinstall everything into a 64-bit system. (Although the opposite direction is apparently possible on 7-CURRENT, but it's a guru-only level of difficulty.) The best and most effective answer here is to start by downloading an amd64 installation CD and redo the whole thing from scratch. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG+0E58Mjk52CukIwRCETCAKCMup1KJEH3jZNewCNG0Faz2IqiLACdGvpc ObU/d7KOx+4qvJ3IY/QcsTY= =1mOs -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
what cpu type to use for a intel duo e6850 (i386 or amd64)
Currently I have done a build/installworld build/install/kernel using a i386 CPUTYPE (w/ SMP and APIC set in the kernel (I am using the default sys/i386/conf/GENERIC) do I need to change this to amd64 for a intel duo e6850? (I have had several seemingly unrelated problems that no one seems to be able to reproduce)... btw it is a P35 chipset ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Dual Opterons don't see all memory
Hi, Paul Schmehl wrote: --On September 26, 2007 9:06:57 PM -0700 Eric Osterweil <[EMAIL PROTECTED]> wrote: On Sep 26, 2007, at 8:57 PM, Erich Dollansky wrote: Eric Osterweil wrote: make use of it's 6GB of memory, and FreeBSD can only see about 4GB of it. Can anyone help me figure out how to make use of the missing GB? FreeBSD 6.2-RELEASE #0: Fri Jan 12 11:05:30 UTC 2007 this looks like a 32 bit binary to me. You either need a 64 bit binary or you need to enable PAE. Just build a custom kernel for 64 bits. Ahh... To do this, do I just specify the CPUTYPE in the /etc/make.conf as: CPUTYPE=amd64 ? No. Add options SMP to GENERIC or use the SMP conf file that's already there (and includes GENERIC). Then recompile the kernel per the handbook. he still has to set the CPU type also in this config file to amd64. Erich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
FreeBSD Tomcat
Hi All, A web and database developer requested me to build atomcat server. Is there any good integrated doco on FreeBSD andTomcat? All I get when I googled it is old docs on JDK 1.3(e.g. http://www.osnews.com/story.php/3558/Deploying-Apache-Tomcat-on-FreeBSD/)and http://www.pl.freebsd.org/doc/en_US.ISO8859-1/articles/java-tomcat/article.html Many of the docs pointed out the need to switch onLinux emulation option in the kernel (Docs using FreeBSD 4.10). Is it stillnecessary to do this or is it now handled by KLDload? Attached is pkg_info output. I tried installingeverything from ports collection. Any missing software? I am now reading on Apache Tomcat connector. Is itstill necessary to install it? Kind regards, Yance - Catch up on fall's hot new shows on Yahoo! TV. Watch previews, get listings, and more!apache-2.2.6_1 Version 2.2 of Apache web server with prefork MPM. apache-ant-1.7.0_1 Java- and XML-based build tool, conceptually similar to mak autoconf-2.13.000227_6 Automatically configure source code on many Un*x platforms autoconf-2.59_3 Automatically configure source code on many Un*x platforms autoconf-2.61_2 Automatically configure source code on many Un*x platforms autoconf-wrapper-20070404 Wrapper script for GNU autoconf automake-1.4.6_4GNU Standards-compliant Makefile generator (1.4) automake-wrapper-20070404 Wrapper script for GNU automake bash-3.1.10_1 The GNU Project's Bourne Again SHell expat-2.0.0_1 XML 1.0 parser written in C gettext-0.14.5_2GNU gettext package gmake-3.80_2GNU version of 'make' utility help2man-1.36.4_1 Automatically generating simple manual pages from program o jakarta-tomcat-5.0.30_6 Open-source Java web server by Apache, 5.0.x branch javavmwrapper-2.3 Wrapper script for various Java Virtual Machines libiconv-1.9.2_2A character set conversion library libtool-1.5.22_4Generic shared library support script linux-expat-1.95.8 Linux/i386 binary port of Expat XML-parsing library linux-fontconfig-2.2.3_7 Linux/i386 binary of Fontconfig linux-sun-jdk-1.5.0.12,2 Sun Java Development Kit 1.5 for Linux linux-xorg-libs-6.8.2_5 Xorg libraries, linux binaries linux_base-fc-4_10 Base set of packages needed in Linux mode (for i386/amd64) m4-1.4.9GNU m4 p5-gettext-1.05_1 Message handling functions perl-5.8.8 Practical Extraction and Report Language popt-1.7_4 A getopt(3) like library with a number of enhancements, fro rpm-3.0.6_13The Red Hat Package Manager wget-1.10.2 Retrieve files from the Net via HTTP and FTP ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Dual Opterons don't see all memory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sep 26, 2007, at 9:20 PM, Paul Schmehl wrote: --On September 26, 2007 9:06:57 PM -0700 Eric Osterweil <[EMAIL PROTECTED]> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sep 26, 2007, at 8:57 PM, Erich Dollansky wrote: Hi, Eric Osterweil wrote: make use of it's 6GB of memory, and FreeBSD can only see about 4GB of it. Can anyone help me figure out how to make use of the missing GB? FreeBSD 6.2-RELEASE #0: Fri Jan 12 11:05:30 UTC 2007 this looks like a 32 bit binary to me. You either need a 64 bit binary or you need to enable PAE. Just build a custom kernel for 64 bits. Ahh... To do this, do I just specify the CPUTYPE in the /etc/ make.conf as: CPUTYPE=amd64 ? No. Add options SMP to GENERIC or use the SMP conf file that's already there (and includes GENERIC). Then recompile the kernel per the handbook. That was the first thing I did. This is the kernel that's failing to see the memory. :-/ Is there anything else I might need to do too? Eric -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFG+zAzK/tq6CJjZQIRAi7/AKCNt/t1rDreSpku/RzhZBi4EK+pcQCfUHdU IZk9CxLq9BlLb0IUWUBkuN8= =Vobp -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Dual Opterons don't see all memory
--On September 26, 2007 9:06:57 PM -0700 Eric Osterweil <[EMAIL PROTECTED]> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sep 26, 2007, at 8:57 PM, Erich Dollansky wrote: Hi, Eric Osterweil wrote: make use of it's 6GB of memory, and FreeBSD can only see about 4GB of it. Can anyone help me figure out how to make use of the missing GB? FreeBSD 6.2-RELEASE #0: Fri Jan 12 11:05:30 UTC 2007 this looks like a 32 bit binary to me. You either need a 64 bit binary or you need to enable PAE. Just build a custom kernel for 64 bits. Ahh... To do this, do I just specify the CPUTYPE in the /etc/make.conf as: CPUTYPE=amd64 ? No. Add options SMP to GENERIC or use the SMP conf file that's already there (and includes GENERIC). Then recompile the kernel per the handbook. Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Re: Dual Opterons don't see all memory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sep 26, 2007, at 8:57 PM, Erich Dollansky wrote: Hi, Eric Osterweil wrote: make use of it's 6GB of memory, and FreeBSD can only see about 4GB of it. Can anyone help me figure out how to make use of the missing GB? FreeBSD 6.2-RELEASE #0: Fri Jan 12 11:05:30 UTC 2007 this looks like a 32 bit binary to me. You either need a 64 bit binary or you need to enable PAE. Just build a custom kernel for 64 bits. Ahh... To do this, do I just specify the CPUTYPE in the /etc/ make.conf as: CPUTYPE=amd64 ? Thanks a lot for the quick response! Eric -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFG+yxhK/tq6CJjZQIRAjpiAKCInEOQtDgn4o6yU1T/8gyaeCqFPQCfdJK5 6q5BBIEz+Kqq3O8nB3LmDFE= =hU8Z -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Dual Opterons don't see all memory
I have the same problem on a intel duo x6850 what options/flags do I need to set in /usr/src/Makefile and/or /usr/src/sys/i386/conf/GENERIC to make it compile 64 bit not 32? --Aryeh PS I think some of the nvidia issues I have posted might be due to this On 9/27/07, Erich Dollansky <[EMAIL PROTECTED]> wrote: > Hi, > > > Eric Osterweil wrote: > > > make use of it's 6GB of memory, and FreeBSD can only see about 4GB of it. > > > > Can anyone help me figure out how to make use of the missing GB? > > > > FreeBSD 6.2-RELEASE #0: Fri Jan 12 11:05:30 UTC 2007 > > this looks like a 32 bit binary to me. > > You either need a 64 bit binary or you need to enable PAE. > > Just build a custom kernel for 64 bits. > > > real memory = 4227792896 (4031 MB) > > avail memory = 4139991040 (3948 MB) > > Erich > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Dual Opterons don't see all memory
Hi, Eric Osterweil wrote: make use of it's 6GB of memory, and FreeBSD can only see about 4GB of it. Can anyone help me figure out how to make use of the missing GB? FreeBSD 6.2-RELEASE #0: Fri Jan 12 11:05:30 UTC 2007 this looks like a 32 bit binary to me. You either need a 64 bit binary or you need to enable PAE. Just build a custom kernel for 64 bits. real memory = 4227792896 (4031 MB) avail memory = 4139991040 (3948 MB) Erich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Dual Opterons don't see all memory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey everyone, I've recently taken ownership of a server (dual Opterons) in my research group. Whereas it was previously running linux, it is now running FreeBSD. Everything seems to be going great, except linux was able to make use of it's 6GB of memory, and FreeBSD can only see about 4GB of it. Can anyone help me figure out how to make use of the missing GB? I'm happy to copy and paste any information I can to see if anyone can help, but for starters, here's the head of dmesg: # dmesg | head -40 Copyright (c) 1992-2007 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 6.2-RELEASE #0: Fri Jan 12 11:05:30 UTC 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/SMP Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: AMD Opteron(tm) Processor 246 (1992.65-MHz 686-class CPU) Origin = "AuthenticAMD" Id = 0xf5a Stepping = 10 Features=0x78bfbffMCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2> AMD Features=0xe0500800 real memory = 4227792896 (4031 MB) avail memory = 4139991040 (3948 MB) ACPI APIC Table: FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 MADT: Forcing active-low polarity and level trigger for SCI ioapic0 irqs 0-23 on motherboard ioapic1 irqs 24-27 on motherboard ioapic2 irqs 28-31 on motherboard kbd1 at kbdmux0 ath_hal: 0.9.17.2 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413) acpi0: on motherboard acpi0: Power Button (fixed) Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x5008-0x500b on acpi0 cpu0: on acpi0 acpi_throttle0: on cpu0 cpu1: on acpi0 pcib0: port 0xcf8-0xcff on acpi0 pci0: on pcib0 pcib1: at device 6.0 on pci0 pci3: on pcib1 ohci0: mem 0xfeafc000-0xfeafcfff irq 19 at device 0.0 on pci3 ohci0: [GIANT-LOCKED] usb0: OHCI version 1.0, legacy support usb0: on ohci0 usb0: USB revision 1.0 uhub0: AMD OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 Eric -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFG+yIEK/tq6CJjZQIRAheHAJ4peCDmRvoyqlWvdfaC0ED31uZHeACfUoWp hMzExpJUMw+sp+qu5LWogSI= =xavJ -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Backup Solution
On Thu, Sep 27, 2007 at 10:40:52AM +1000, Terry Sposato wrote: > I will be very grateful for suggestions or ways people have tackled this > kind of problem in a production environment. I'd use a separate machine with a set of cheap SATA disks and connect my tape drives to this machine. Then I would mirror the data from the virtual machines to this backup server with rsync and write them to tape. This would be a quick solution and has worked well for me in the past. If you need more features and have some spare time you should have a look at amanda or bacula. http://www.amanda.org/ http://www.bacula.org/ Uwe ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Keyboard without Scroll Lock
> No, it's your way of saying STFU let invalid.org deal with it. > Example.com is set-up for this. Use that if you must. My apologies... I did some homework after your post and realized that is a valid domain name (though apparently inactive.) I won't use it. My STFU was self-referential. I didn't mean to cause insult or inconvenience to anyone; just trying to avoid it myself. > RFC2606 defines some domains that are reserved for use in examples and the Cool, Thanks Erik! That's what I was trying to do. [update] The reserved domains seem to all get rejected or held, so I'll just try gmail. -Rob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
beta nvidia driver xorg 7.3 is out
ftp://download.nvidia.com/freebsd/71.86.01/NVIDIA-FreeBSD-x86-71.86.01.tar.gz It still officially lists itself as being 5-STABLE compatible but commenting out the #ifdefs in the effected files will get around this... I tried it *DID NOT* resolve any of my issues but I at least no longer get a ABI mismatch I think we may want to start a small temp clearing house list for nvidia issues. BTW the other driver that was released to day seems to not compile at all on 7-current. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
PF & NAT, how to forward GRE?
Hello list, I've got a box serving as a router between a wired and wireless network, as well as providing NAT services for a WAN link to the two aforementioned systems. I'd like to forward all incoming GRE traffic on the WAN link to a system on the wired network. Could anyone advise how? I thought the PF manual was perhaps a bit vague about forwarding specific protocols (or for that matter, if it's even possible)... Cheers, Paul. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Backup Solution
Hello everyone, I am relatively new to the FreeBSD game and have a bit of a problem which I am not sure how to tackle. I recently build a server running VMWare ESX Server 3 which will eventually run 6-7 small production VM's. These Virtual Machines obviously have the need for backups and it poses quite a problem for me unless I connect 6-7 external tape drives and give each VM it's own tape device. I have looked into a few solutions using VM products (consolidated backup) but it can only be done if you utilise a SAN. The server is running RAID 5 with around 700GB of space. Each VM may take up to 50GB and backups might be around 15-20GB per VM. The machine itself has an internal LTO3 tape drive, has anyone come across this kind of situation before, and if so what would be a good way to backup each VM? It is easy enough to backup the image files from the host machine but I need file level backups within each VM also. I will be very grateful for suggestions or ways people have tackled this kind of problem in a production environment. Thanks. Regards, Terry http://www.sucked-in.com Have you been sucked in? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Any advice for a Partition Plan for a multi-jailed Server?
On Wednesday 26 September 2007 23:40:26 Aliya Harbouri wrote: > I did not know I COULD split swap. Hum. How does the system > use/allocate each across the split ... Ok, ok. That's what Googling's > for :-) Actually, swapon(8) tells a lot ;) > > > > Unless you're a packrat where logs are concerned, > > I'm not, really. I probably SHOULD be. > > > you can probably do with: > > > /var 10G (on disk 1) > > > And use: > > > /var/db 100G - this will house MySQL primarily > > > /var/spool 10-50G - any queues, most notably mail, disable softupdates. > > > Adjust size to match your mail payload. > > > /var/mail - "rest" - possibly disable softupdates. > > Good thoughts. Need to better understand why I care about softupdates > one way or the other, though. Generally, a mailserver doesn't benefit from softupdates, because it will wait for "committed to disk" signal from OS, to prevent mail from being lost. Over time you will also get a good idea of what kind of mail you're dealing with and tunefs(8) might be beneficial. It's one major reason I dislike "/data" mountpoints containing all different kinds of services. Over time budget and usage have a way of conflicting and you'll be happy to get any extra performance outof your machines. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: http://dev.mysql.com/qualitycontribution.html
Philip M. Gollucci wrote: Hi All, I noticed that 'Debian user community' was listed here. Maybe we should start funneling all the mysql related stuff to a single FreeBSD managed user? ale@ maintains the ports, so he's the obvious one. Kris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: courier-imap
On Wednesday 26 September 2007 18:22:09 Bill Banks wrote: > When I try to login , in my maillog it saids no such file. How do I tell > it to use /etc/passwd > Which file is missing? I recently installed Courier-Imap on FreeBSD and some file was missing but I don't recall which one. Make sure /usr/local/etc/authlib/authdaemonrc has a line that looks like this authmodulelist="authuserdb authpam authmysql" You should have at least authuserdb and authpam listed. Also do 'touch /usr/local/etc/courier-imap/shared/index' because Courier will complain if the file is missing, though it will still work. I have to do that in Debian as well because the "index" file is missing. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Any advice for a Partition Plan for a multi-jailed Server?
Hi guys! Some great ideas & advice. Thanks a lot :-) > > /boot *needs* to be on /. A loader looks for [bootdisk][bootslice] > > [a]/boot/loader. Ok, gotcha. > > Since you have 2 physical drives, you may want to do 8G on each drive. In > > the > > rare case it's needed, your system is in trouble and being able to swap on > > using 2 drives will be a plus. Sigh. I did not know I COULD split swap. Hum. How does the system use/allocate each across the split ... Ok, ok. That's what Googling's for :-) > > Unless you're a packrat where logs are concerned, I'm not, really. I probably SHOULD be. > you can probably do with: > > /var 10G (on disk 1) > > And use: > > /var/db 100G - this will house MySQL primarily > > /var/spool 10-50G - any queues, most notably mail, disable softupdates. > > Adjust > > size to match your mail payload. > > /var/mail - "rest" - possibly disable softupdates. Good thoughts. Need to better understand why I care about softupdates one way or the other, though. > > I'm generally a fan of separating trees that can grow out of proportion over > > time, so that you can dump(8) the partition and restore(8) it on a new drive > > without too much worry. Your mileage may vary. Sounds like good advice. > > Also have a look at hier(7) manpage, it's quite informative about the > > default > > filesystem layout BSD uses. Missed that. :-( Very useful, though! > Um, from what I've understood, it's going to be a jail server, those > defaults would > be all well and good for a normal server, but in this case we want a big > /data. and moderate /jails. > > Here are my recommendations: [] This all sounds good. > This should be just fine, and you can have your disks in RAID 1. > As for performance, RAID 1 doubles read speed. I nvere really thought of RAID 1 as a performance improvement, R or W, but more fault-tolerance. I should read up some more. > PS) I take you know how to use NullFS and the like? I'm currenly at "can". Working on getting to "know";-) Thanks all! Ali ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Any advice for a Partition Plan for a multi-jailed Server?
On Wed, Sep 26, 2007 at 02:02:09PM -0700, Aliya Harbouri wrote: > > > drive 2: > > > / 2GB > > A bit big, but fine > > I though so, but with drives this big & cheap ... :-) > > > > /boot 2GB > > Nope, FreeBSD doesn't need / want a /boot > > I didn't realize :-/ > > Just to be sure, you DO mean it doesn't want a separate > slice/partition, right? Because, I'm looking at a "/boot" directory Yes, you should not put /boot in a separate filesystem. It should be in root. You have a lot for stuff like /usr, but really, how much you need in any file system depends on how you will use it. Try it and gain some experience with the setup and go from there. You can change it the next time you do a major upgrade. jerry > ... > > > > /tmp2GB > > Fine > > OK. > > > > /swap 16GBMachine has 8GB RAM, so swap = 2X RAM > > A bit of overkill, but what the hell, you have the space > > I've had 2X RAM drummed into me for ages. Not the way of things in FreeBSD? > > > > /usr50GB > > What exactly do you plan on running on the host? > > Normally, not a whole lot. I'll have a full Development environment > there, of course. cron, sshd, snmpd (haven't figured out yet if I need > that in EACH jail yet), etc -- "small stuff" mainly. Eventually some > VPN service via an an encryption card, but that's later. > > If I'm forced to do so, maybe KDE4 for rare/occassional use. Prefer not to > ... > > > > /jails 178GB > > Fine... > > > > > > > drive 2: > > > /var100GB > > Huh? Refer to /usr above. > > My guess @ /var sizing came as a result of, > > http://barryp.org/blog/entries/ezjail_ports/ > > "To keep both jailed and non-jailed systems from trying to put any > port-building working-directories or downloaded distribution files in > /usr/ports, the /etc/make.conf files (both the "real" one and the ones > inside jails) should contain something like: > > WRKDIRPREFIX= /var/ports > DISTDIR=/var/ports/distfiles > PACKAGES= /var/ports/packages" > > And having multiple ports copies ... But, now, as I'm re-reading that, > I think I got it backwards. This'll PREVENT having multiple, wasteful > copies. > > I think. > > > > /data 100GB MailStore, DBs, www source files, etc. > > Fine again... > > > /home 20GB > > Fine again.. > > > > > > > > I'll betcha some of that's silly or wasteful. > > You'd be correct there :) > > Give a girl a break! I must've missed the really-easy-and-clear > documentation on the whole thing! > > At least I asked first ;-p > > > I'm sure you could fit everything on one disk... Jails are really small, > > it's > > just your data that takes up space. If you could get everything in 250GB > > (which i think you could easily) RAID 1 might be a nice thing to have > > Now that's an interesting thought. My Mobo has 1 SATA-2 port (3 > devices), and 2 SATA-1 ports (1 device each). And it does support > SATA RAID 0/1. > > I'm NOT AT ALL sure what running RAID on 2 drives on a single SATA-2 > port does for performance, but it IS an interesting option. Tanks! > > > HTH > > It does :-) > > Thanks a lot! > > Ali > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Any advice for a Partition Plan for a multi-jailed Server?
On 9/26/07, Mel <[EMAIL PROTECTED]> wrote: > On Wednesday 26 September 2007 22:20:11 Aliya Harbouri wrote: > > Hi! > > > > I'm setting up a jailed server. I'm hoping to eventually use > > sysutils/ezjail to deaden the pain a bit! > > > > First step, have to get the disks partitioned! They're unpacked, at least > > ;-) > > > > I've read lots of comments like, > > > > "You should never setup your FreeBSD systems the way Linux or other > > *nix's set them up." > > > > So, I'm looking for some Wisdom on how best to partition for the usage > > I'm planning. > > > > The server's goal state is 4 jails, plus the non-jailed host: > > > > jail-1: DNS services {Bind9 & RBLDNSD} > > jail-2: WebServer{Apache 22x + PHP5 + Perl 588 + MySQL 50x} > > jail-3: mail server {Exim 468 + Spamassassin + ClamAV, etc.} > > jail-4: an analysis/monitoring toolkit {Snort, Nagios, Nessus, etc.} > > > > I've got two identical 250 GB SATA2 drives available for this box. > > > > Although I have not yet grokked the whole "What's in a jail's dirs?" > > issue, my initial stab at 'slices' is ~: > > > > drive 2: > > / 2GB > > /boot 2GB > > /boot *needs* to be on /. A loader looks for [bootdisk][bootslice] > [a]/boot/loader. > > > /tmp2GB > > /swap 16GBMachine has 8GB RAM, so swap = 2X RAM > > Since you have 2 physical drives, you may want to do 8G on each drive. In the > rare case it's needed, your system is in trouble and being able to swap on > using 2 drives will be a plus. > > > /usr50GB > > /jails 178GB > > > > drive 2: > > /var100GB > > /data 100GB MailStore, DBs, www source files, etc. > > Unless you're a packrat where logs are concerned, you can probably do with: > /var 10G (on disk 1) > And use: > /var/db 100G - this will house MySQL primarily > /var/spool 10-50G - any queues, most notably mail, disable softupdates. Adjust > size to match your mail payload. > /var/mail - "rest" - possibly disable softupdates. > > Allthough, I think MySQL will generally use less space then a mail storage, > but this all depends on your users. > > > /home 20GB > > By default, the WWW root on bsd for apache is /usr/local/www and generally on > servers like this, home can be done with 2G or less. *Unless* you plan on > providing /~username/ service, then home might be on the light side. > > I'm generally a fan of separating trees that can grow out of proportion over > time, so that you can dump(8) the partition and restore(8) it on a new drive > without too much worry. Your mileage may vary. > > Also have a look at hier(7) manpage, it's quite informative about the default > filesystem layout BSD uses. > -- Um, from what I've understood, it's going to be a jail server, those defaults would be all well and good for a normal server, but in this case we want a big /data. and moderate /jails. Here are my recommendations: / -> Small, painfully so. 512MB /var -> Nothing should really go in here if you are using Jails. Including EZjail, that should be somewhere under /usr... 2GB /tmp -> Not to big really, remember everything goes in a Jail... 2GB --> Symlink /var/tmp to here /usr -> Again, and now i sound like a broken record. However, since ports can get quite big be a little more generous... 15GB /jails -> Doesn't really need to be too big, the max I say one jail could reach is 10GB without data, which falls under /data... 50GB /home -> Should be medium sized... 20GB /data -> I have no clue what your requirements will be, so 100GB should cover everything a few times over... Rest of disk... ~170GB This should be just fine, and you can have your disks in RAID 1. As for performance, RAID 1 doubles read speed. Cheers Federico PS) I take you know how to use NullFS and the like? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Software Lojack
On Wed, 26 Sep 2007 12:34:15 -0400 Jerry McAllister <[EMAIL PROTECTED]> wrote: > On Tue, Sep 25, 2007 at 06:12:56PM +0200, Roland Smith wrote: > > > I know all about various precautions to be taken. > > I also know I could write something. I just wanted > to know if something like that is already written. You could run fetch from a crontab entry, and log the downloads. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: anyone have a favorite laptop?
Asus is the best for me, in my case Asus A6JC ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Stress testing/burning in HDD's
On Wednesday 26 September 2007 15:59:25 Don O'Neil wrote: > I have an array that has a drive that keeps timing out/failing... So I need > to replace it. However, I want to stress test/burn in a replacement disk > first. > > What is the best way to do this? > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" it will surely get plenty of burn-in as it replicates the array. for a server's disk, i dont think there is any way, or technical reason to "ease it into service". just swap it in. its either gonna run right away, or be DOA out of the box. (well, thats my experience, at least). cheers, -- Jonathan Horne http://dfwlpiki.dfwlp.org [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: anyone have a favorite laptop?
On 9/25/07, Bill Campbell <[EMAIL PROTECTED]> wrote: > I used Thinkpads for about 10 years with various Linux systems. > My last one was a Thinkpad 600 which I used continuously from > August 1999 through March 2007 when I got a Mac Powerbook (now if > only I could run OS X on a Thinkpad :-). > > We have used a fair variety of Thinkpads with our auction > software for the last 10 years or so with excellent results. Fortunately you were using Linux. For some Thinkpads, IBM arbitrarily picked a system ID for their suspend-to-disk partition that was the same as FreeBSD UFS (165). The result was you could not boot the Thinkpad after you installed FreeBSD, until IBM changed the sysid and you updated your BIOS. I ran into this about six years ago when I got a hand-me-down Thinkpad. Info at http://www.unixguide.net/freebsd/faq/03.10.shtml. This was a problem for some new Thinkpads at least as late as 2002. Moral: the ability to run Linux does not imply the ability to run FreeBSD. - Bob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Any advice for a Partition Plan for a multi-jailed Server?
On Wednesday 26 September 2007 22:20:11 Aliya Harbouri wrote: > Hi! > > I'm setting up a jailed server. I'm hoping to eventually use > sysutils/ezjail to deaden the pain a bit! > > First step, have to get the disks partitioned! They're unpacked, at least > ;-) > > I've read lots of comments like, > > "You should never setup your FreeBSD systems the way Linux or other > *nix's set them up." > > So, I'm looking for some Wisdom on how best to partition for the usage > I'm planning. > > The server's goal state is 4 jails, plus the non-jailed host: > > jail-1: DNS services {Bind9 & RBLDNSD} > jail-2: WebServer{Apache 22x + PHP5 + Perl 588 + MySQL 50x} > jail-3: mail server {Exim 468 + Spamassassin + ClamAV, etc.} > jail-4: an analysis/monitoring toolkit {Snort, Nagios, Nessus, etc.} > > I've got two identical 250 GB SATA2 drives available for this box. > > Although I have not yet grokked the whole "What's in a jail's dirs?" > issue, my initial stab at 'slices' is ~: > > drive 2: > / 2GB > /boot 2GB /boot *needs* to be on /. A loader looks for [bootdisk][bootslice] [a]/boot/loader. > /tmp2GB > /swap 16GBMachine has 8GB RAM, so swap = 2X RAM Since you have 2 physical drives, you may want to do 8G on each drive. In the rare case it's needed, your system is in trouble and being able to swap on using 2 drives will be a plus. > /usr50GB > /jails 178GB > > drive 2: > /var100GB > /data 100GB MailStore, DBs, www source files, etc. Unless you're a packrat where logs are concerned, you can probably do with: /var 10G (on disk 1) And use: /var/db 100G - this will house MySQL primarily /var/spool 10-50G - any queues, most notably mail, disable softupdates. Adjust size to match your mail payload. /var/mail - "rest" - possibly disable softupdates. Allthough, I think MySQL will generally use less space then a mail storage, but this all depends on your users. > /home 20GB By default, the WWW root on bsd for apache is /usr/local/www and generally on servers like this, home can be done with 2G or less. *Unless* you plan on providing /~username/ service, then home might be on the light side. I'm generally a fan of separating trees that can grow out of proportion over time, so that you can dump(8) the partition and restore(8) it on a new drive without too much worry. Your mileage may vary. Also have a look at hier(7) manpage, it's quite informative about the default filesystem layout BSD uses. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Any advice for a Partition Plan for a multi-jailed Server?
> > drive 2: > > / 2GB > A bit big, but fine I though so, but with drives this big & cheap ... :-) > > /boot 2GB > Nope, FreeBSD doesn't need / want a /boot I didn't realize :-/ Just to be sure, you DO mean it doesn't want a separate slice/partition, right? Because, I'm looking at a "/boot" directory ... > > /tmp2GB > Fine OK. > > /swap 16GBMachine has 8GB RAM, so swap = 2X RAM > A bit of overkill, but what the hell, you have the space I've had 2X RAM drummed into me for ages. Not the way of things in FreeBSD? > > /usr50GB > What exactly do you plan on running on the host? Normally, not a whole lot. I'll have a full Development environment there, of course. cron, sshd, snmpd (haven't figured out yet if I need that in EACH jail yet), etc -- "small stuff" mainly. Eventually some VPN service via an an encryption card, but that's later. If I'm forced to do so, maybe KDE4 for rare/occassional use. Prefer not to ... > > /jails 178GB > Fine... > > > > drive 2: > > /var100GB > Huh? Refer to /usr above. My guess @ /var sizing came as a result of, http://barryp.org/blog/entries/ezjail_ports/ "To keep both jailed and non-jailed systems from trying to put any port-building working-directories or downloaded distribution files in /usr/ports, the /etc/make.conf files (both the "real" one and the ones inside jails) should contain something like: WRKDIRPREFIX= /var/ports DISTDIR=/var/ports/distfiles PACKAGES= /var/ports/packages" And having multiple ports copies ... But, now, as I'm re-reading that, I think I got it backwards. This'll PREVENT having multiple, wasteful copies. I think. > > /data 100GB MailStore, DBs, www source files, etc. > Fine again... > > /home 20GB > Fine again.. > > > > > I'll betcha some of that's silly or wasteful. > You'd be correct there :) Give a girl a break! I must've missed the really-easy-and-clear documentation on the whole thing! At least I asked first ;-p > I'm sure you could fit everything on one disk... Jails are really small, it's > just your data that takes up space. If you could get everything in 250GB > (which i think you could easily) RAID 1 might be a nice thing to have Now that's an interesting thought. My Mobo has 1 SATA-2 port (3 devices), and 2 SATA-1 ports (1 device each). And it does support SATA RAID 0/1. I'm NOT AT ALL sure what running RAID on 2 drives on a single SATA-2 port does for performance, but it IS an interesting option. Tanks! > HTH It does :-) Thanks a lot! Ali ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Stress testing/burning in HDD's
I have an array that has a drive that keeps timing out/failing... So I need to replace it. However, I want to stress test/burn in a replacement disk first. What is the best way to do this? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Any advice for a Partition Plan for a multi-jailed Server?
On Wednesday 26 September 2007 15:33:12 Federico Lorenzi wrote: > On 9/26/07, Aliya Harbouri <[EMAIL PROTECTED]> wrote: > > Hi! > > > > I'm setting up a jailed server. I'm hoping to eventually use > > sysutils/ezjail to deaden the pain a bit! > > I gave that a shot once, but I found manual jail configuration to be > better. > > > First step, have to get the disks partitioned! They're unpacked, at least > > ;-) > > > > I've read lots of comments like, > > > > "You should never setup your FreeBSD systems the way Linux or other > > *nix's set them up." > > You shouldn't ^-^ > > > So, I'm looking for some Wisdom on how best to partition for the usage > > I'm planning. > > > > The server's goal state is 4 jails, plus the non-jailed host: > > > > jail-1: DNS services {Bind9 & RBLDNSD} > > jail-2: WebServer{Apache 22x + PHP5 + Perl 588 + MySQL 50x} > > jail-3: mail server {Exim 468 + Spamassassin + ClamAV, etc.} > > jail-4: an analysis/monitoring toolkit {Snort, Nagios, Nessus, etc.} > > > > I've got two identical 250 GB SATA2 drives available for this box. > > > > Although I have not yet grokked the whole "What's in a jail's dirs?" > > issue, my initial stab at 'slices' is ~: > > > > drive 2: > > / 2GB > > A bit big, but fine > > > /boot 2GB > > Nope, FreeBSD doesn't need / want a /boot > > > /tmp2GB > > Fine > > > /swap 16GBMachine has 8GB RAM, so swap = 2X RAM > > A bit of overkill, but what the hell, you have the space > > > /usr50GB > > What exactly do you plan on running on the host? > > > /jails 178GB > > Fine... > > > drive 2: > > /var100GB > > Huh? Refer to /usr above. > > > /data 100GB MailStore, DBs, www source files, etc. > > Fine again... > > > /home 20GB > > Fine again.. > > > I'll betcha some of that's silly or wasteful. > > You'd be correct there :) > > I'm sure you could fit everything on one disk... Jails are really small, > it's just your data that takes up space. If you could get everything in > 250GB (which i think you could easily) RAID 1 might be a nice thing to have > > HTH > > Federico > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" youll do just as fine to hit 'A-S-Q" during the partitioning portion, and taking the defaults. FreeBSD installer will take the best options, and put all the remaining space as /usr. i just put my jails under /usr/jails. keep the host as simple as possible, as building multiple jails will just multiply your complexity quickly enough. i would also agree with Frederico... do a RAID1 with your (2) 250GB drives. cheers, -- Jonathan Horne http://dfwlpiki.dfwlp.org [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Dumb IPFW Question
Hi, Yep, it was a blunder by me. Thank you very much! Chris On 9/26/07, Chuck Swiger <[EMAIL PROTECTED]> wrote: > On Sep 26, 2007, at 12:46 PM, Chris Yocum wrote: > [ ... ] > > I also get "Sep 26 20:09:17 routy kernel: ipfw: 450 Deny UDP > router outside IP>:53 :53 out via sis0" in my > > /var/log/security file. I have appended the ipfw rules below so you > > can see all the changes that I made from the original. > > The setup keyword should only be used with TCP packets; trying to use > it with UDP traffic will cause your pass-through rules (#23-25) to > not match the traffic you want them to match... > > -- > -Chuck > > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Any advice for a Partition Plan for a multi-jailed Server?
On 9/26/07, Aliya Harbouri <[EMAIL PROTECTED]> wrote: > Hi! > > I'm setting up a jailed server. I'm hoping to eventually use > sysutils/ezjail to deaden the pain a bit! I gave that a shot once, but I found manual jail configuration to be better. > > First step, have to get the disks partitioned! They're unpacked, at least ;-) > > I've read lots of comments like, > > "You should never setup your FreeBSD systems the way Linux or other > *nix's set them up." You shouldn't ^-^ > So, I'm looking for some Wisdom on how best to partition for the usage > I'm planning. > > The server's goal state is 4 jails, plus the non-jailed host: > > jail-1: DNS services {Bind9 & RBLDNSD} > jail-2: WebServer{Apache 22x + PHP5 + Perl 588 + MySQL 50x} > jail-3: mail server {Exim 468 + Spamassassin + ClamAV, etc.} > jail-4: an analysis/monitoring toolkit {Snort, Nagios, Nessus, etc.} > > I've got two identical 250 GB SATA2 drives available for this box. > > Although I have not yet grokked the whole "What's in a jail's dirs?" > issue, my initial stab at 'slices' is ~: > > drive 2: > / 2GB A bit big, but fine > /boot 2GB Nope, FreeBSD doesn't need / want a /boot > /tmp2GB Fine > /swap 16GBMachine has 8GB RAM, so swap = 2X RAM A bit of overkill, but what the hell, you have the space > /usr50GB What exactly do you plan on running on the host? > /jails 178GB Fine... > drive 2: > /var100GB Huh? Refer to /usr above. > /data 100GB MailStore, DBs, www source files, etc. Fine again... > /home 20GB Fine again.. > > I'll betcha some of that's silly or wasteful. You'd be correct there :) I'm sure you could fit everything on one disk... Jails are really small, it's just your data that takes up space. If you could get everything in 250GB (which i think you could easily) RAID 1 might be a nice thing to have HTH Federico ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Dumb IPFW Question
On Sep 26, 2007, at 12:46 PM, Chris Yocum wrote: [ ... ] I also get "Sep 26 20:09:17 routy kernel: ipfw: 450 Deny UDP :53 :53 out via sis0" in my /var/log/security file. I have appended the ipfw rules below so you can see all the changes that I made from the original. The setup keyword should only be used with TCP packets; trying to use it with UDP traffic will cause your pass-through rules (#23-25) to not match the traffic you want them to match... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Keyboard without Scroll Lock
On Wed, 26 Sep 2007, Bill Campbell wrote: I think that the Scroll Lock key simply toggles this, sending alternate ctrl-s, ctrl-q to stop and start traffic. In a system console, Ctrl-S and -Q work as usual, but Scroll Lock lets you scroll through console history. man syscons | less +/Back\ Scrolling -Warren Block * Rapid City, South Dakota USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Any advice for a Partition Plan for a multi-jailed Server?
Hi! I'm setting up a jailed server. I'm hoping to eventually use sysutils/ezjail to deaden the pain a bit! First step, have to get the disks partitioned! They're unpacked, at least ;-) I've read lots of comments like, "You should never setup your FreeBSD systems the way Linux or other *nix's set them up." So, I'm looking for some Wisdom on how best to partition for the usage I'm planning. The server's goal state is 4 jails, plus the non-jailed host: jail-1: DNS services {Bind9 & RBLDNSD} jail-2: WebServer{Apache 22x + PHP5 + Perl 588 + MySQL 50x} jail-3: mail server {Exim 468 + Spamassassin + ClamAV, etc.} jail-4: an analysis/monitoring toolkit {Snort, Nagios, Nessus, etc.} I've got two identical 250 GB SATA2 drives available for this box. Although I have not yet grokked the whole "What's in a jail's dirs?" issue, my initial stab at 'slices' is ~: drive 2: / 2GB /boot 2GB /tmp2GB /swap 16GBMachine has 8GB RAM, so swap = 2X RAM /usr50GB /jails 178GB drive 2: /var100GB /data 100GB MailStore, DBs, www source files, etc. /home 20GB I'll betcha some of that's silly or wasteful. Any insighful comments or better advice on this ^^ would make me a happy gal :-) Thanks a lot! Ali ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Dumb IPFW Question
Hi Everyone, Just to explain a bit, I have installed a FreeBSD 6.2 system on a machine to act as a natd router. I turned on the firewall and set the firewall rule script to the one from the handbook (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html) (Example Ruleset #2 at the bottom). After some investigation when I could not get www, I discovered that somehow port 53 is blocked even when I explicitly open it. This happens when I uncomment the rule "# Reject & Log all unauthorized out going connections to the public Internet $cmd 450 deny log all from any to any out via $pif". So essentially, when I use that line, I loose my DNS and my www will not work anymore. I also get "Sep 26 20:09:17 routy kernel: ipfw: 450 Deny UDP :53 :53 out via sis0" in my /var/log/security file. I have appended the ipfw rules below so you can see all the changes that I made from the original. Otherwise, it all works great and I could not be happier. Thank you in advance for any help that you may be able to provide. I am sure that it is some small blunder on my part. Thanks!, Chris #!/bin/sh cmd="ipfw -q add" skip="skipto 800" pif="sis0" # public interface name of NIC # facing the public Internet # # No restrictions on Inside LAN Interface for private network # Change xl0 to your LAN NIC interface name # $cmd 005 allow all from any to any via xl0 # # No restrictions on Loopback Interface # $cmd 010 allow all from any to any via lo0 # # check if packet is inbound and nat address if it is # $cmd 014 divert natd ip from any to any in via $pif # # Allow the packet through if it has previous been added to the # the "dynamic" rules table by a allow keep-state statement. # $cmd 015 check-state # # Interface facing Public Internet (Outbound Section) # Interrogate session start requests originating from behind the # firewall on the private network or from this gateway server # destine for the public Internet. # # Allow out access to my ISP's Domain name server. # x.x.x.x must be the IP address of your ISP's DNS # Dup these lines if your ISP has more than one DNS server # Get the IP addresses from /etc/resolv.conf file $cmd 023 $skip udp from any to 53 out via $pif setup keep-state $cmd 024 $skip udp from any to 53 out via $pif setup keep-state $cmd 025 $skip udp from any to 53 out via $pif setup keep-state # Allow out access to my ISP's DHCP server for cable/DSL configurations. $cmd 030 $skip udp from any to 67 out via $pif keep-state # Allow out non-secure standard www function $cmd 040 $skip tcp from any to any 80 out via $pif setup keep-state # Allow out secure www function https over TLS SSL $cmd 050 $skip tcp from any to any 443 out via $pif setup keep-state # Allow out send & get email function $cmd 060 $skip tcp from any to any 25 out via $pif setup keep-state $cmd 061 $skip tcp from any to any 110 out via $pif setup keep-state #for some reason this is the university's IMAP setting $cmd 062 $skip tcp from any to any 993 out via $pif setup keep-state # Allow out FreeBSD (make install & CVSUP) functions # Basically give user root "GOD" privileges. $cmd 070 $skip tcp from me to any out via $pif setup keep-state uid root # Allow out ping $cmd 080 $skip icmp from any to any out via $pif keep-state # Allow out Time $cmd 090 $skip tcp from any to any 37 out via $pif setup keep-state # Allow out nntp news (i.e. news groups) $cmd 100 $skip tcp from any to any 119 out via $pif setup keep-state # Allow out secure FTP, Telnet, and SCP # This function is using SSH (secure shell) $cmd 110 $skip tcp from any to any 22 out via $pif setup keep-state # Allow out whois $cmd 120 $skip tcp from any to any 43 out via $pif setup keep-state # Allow ntp time server $cmd 130 $skip udp from any to any 123 out via $pif keep-state # allow out VPN $cmd 140 $skip tcp from any to any 1723 out via $pif keep-state # # Interface facing Public Internet (Inbound Section) # Interrogate packets originating from the public Internet # destine for this gateway server or the private network. # # Deny all inbound traffic from non-routable reserved address spaces $cmd 300 deny all from 192.168.0.0/16 to any in via $pif #RFC 191
Re: Dell Servers and FreeBSD
Thanks to everyone who has replied so far. This is very good information to know! Tim Philip M. Gollucci wrote: Eric Crist wrote: On Sep 26, 2007, at 1:01 PMSep 26, 2007, Philip M. Gollucci wrote: Martin McCormick wrote: [snip] real memory = 9395240960 (8960 MB) avail memory = 8291303424 (7907 MB) FreeBSD/SMP: Multiprocessor System Detected: 8 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 cpu2 (AP): APIC ID: 2 cpu3 (AP): APIC ID: 3 cpu4 (AP): APIC ID: 4 cpu5 (AP): APIC ID: 5 cpu6 (AP): APIC ID: 6 Philip, Why are only 6 CPU's shown, Because I did a 'head -25 .. ' there are correctly 8 listed and in use sorry for the confusion. I'm actually not sure why real memory is 9GB -- The box is an 8GB box so the avail is correct. and also correctly reported in 'top' and other things. and why is 1GB of memory not available for use? - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Keyboard without Scroll Lock
On Wed, Sep 26, 2007 at 03:24:24PM -0400, Rob wrote: > Duane Hill wrote: >> On Wed, 26 Sep 2007 at 14:44 -0400, [EMAIL PROTECTED] confabulated: >>> -Rob [don't cc me; I'm subscribed and the reply addy is bogus] >> Not to take this off topic, so you own invalid.org? > > Uhh, no. Seems like I've seen it for years in examples, documentation and > whatnot. So I was thinking it was like a domain equivalent of a RFC1918 > address. Guess that's not the case? That is not the case. invalid.org is a real domain whose owner is probably not happy about getting extra spam. > Is there such a thing? I could use > .aol.com -- I certainly don't have any qualms about annoying them ;) RFC2606 defines some domains that are reserved for use in examples and the like and which will not be assigned to anybody. The domains in question are the following: .test .example .invalid .localhost example.com example.org example.net > > I just want to participate on the list semi-anonymously and not get spammed > to hell. And NO I DON'T WANT TO START THAT DISCUSSION again -- everyone > spoke their piece several times over; this is just my way of STFU and deal > with it. > > -Rob [don't cc me; I'm subscribed and the reply addy is bogus] -- Erik Trulsson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Keyboard without Scroll Lock
On Wednesday 26 September 2007 21:24:24 Rob wrote: > Duane Hill wrote: > > On Wed, 26 Sep 2007 at 14:44 -0400, [EMAIL PROTECTED] confabulated: > >> -Rob [don't cc me; I'm subscribed and the reply addy is bogus] > > > > Not to take this off topic, so you own invalid.org? > > Uhh, no. Seems like I've seen it for years in examples, documentation and > whatnot. So I was thinking it was like a domain equivalent of a RFC1918 > address. Guess that's not the case? Is there such a thing? I could use > .aol.com -- I certainly don't have any qualms about annoying them ;) > > I just want to participate on the list semi-anonymously and not get spammed > to hell. And NO I DON'T WANT TO START THAT DISCUSSION again -- everyone > spoke their piece several times over; this is just my way of STFU and deal > with it. No, it's your way of saying STFU let invalid.org deal with it. Example.com is set-up for this. Use that if you must. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Keyboard without Scroll Lock
On Wed, Sep 26, 2007, Harry Matthiesen Jensen wrote: >On Wed, Sep 26, 2007 at 11:22:39AM -0700, Bill Campbell wrote: >> > >> >just for info, if you happens to buy a keyboard without the Scroll Lock >> >key, as I did (Logitech EX110), and are missing this function in consoles, >> >I found a solution with re-configuring the keymap (I'm probably not the >> >> A far simpler way is to use xoff/xon, ctrl-s stops things, and >> ctrl-q restarts. > >Is there a set-up I need to perform before it works, because simply >pressing "Ctrl+Q"/"Ctrl+S" does not give me anything. You will only see the effect of these if the system is sending data to the screen. Try typing ``cat /etc/termcap'', the pressing ctrl-s to stop the flow, and ctrl-q to restart it. This is basic serial software flow control, used by terminals to slow down traffic from the system to allow the terminal to catch up with the traffic. This protocal dates back to the days of slow teletypes which ran at speeds around 110baud (10 characters per second). I think that the Scroll Lock key simply toggles this, sending alternate ctrl-s, ctrl-q to stop and start traffic. Scrolling back through the stream is a function of the underlying system, and has nothing to do with the flow of data. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way FAX:(206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 During times of universal deceit, telling the truth becomes a revolutionary act. --George Orwell ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Keyboard without Scroll Lock
Duane Hill wrote: On Wed, 26 Sep 2007 at 14:44 -0400, [EMAIL PROTECTED] confabulated: -Rob [don't cc me; I'm subscribed and the reply addy is bogus] Not to take this off topic, so you own invalid.org? Uhh, no. Seems like I've seen it for years in examples, documentation and whatnot. So I was thinking it was like a domain equivalent of a RFC1918 address. Guess that's not the case? Is there such a thing? I could use .aol.com -- I certainly don't have any qualms about annoying them ;) I just want to participate on the list semi-anonymously and not get spammed to hell. And NO I DON'T WANT TO START THAT DISCUSSION again -- everyone spoke their piece several times over; this is just my way of STFU and deal with it. -Rob [don't cc me; I'm subscribed and the reply addy is bogus] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Keyboard without Scroll Lock
On Wed, Sep 26, 2007 at 02:44:43PM -0400, Rob wrote: >>> just for info, if you happens to buy a keyboard without the Scroll Lock >>> key, as I did (Logitech EX110), and are missing this function in >>> consoles, >> A far simpler way is to use xoff/xon, ctrl-s stops things, and >> ctrl-q restarts. > > another key sequence for that? the normally useless "scroll lock" will let > you page back several screenfulls. ...exactly, and that is what I need it for, when I'm on the text console 8-) -- Mvh/Brgds Harry FreeBSD mugin.localhost 7.0-CURRENT #8: i386 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: troubles with ftp access via browser
On Sep 26, 2007, at 1:27 PMSep 26, 2007, Walter wrote: Hi, I've placed some files on a FBSD 6.2 server using the standard ftpd to access them. The content in question is a video clip, but could be anything that I wanted to share with people unknown. I can access the file list with a browser on my internal network - I do this to check that my links are good. But I (or anyone else) can't access these files externally with a browser, but I can access them with ftp itself. Even if I force a 'ftp' (for anon access) login via the browser URL, it stalls. I thought this had worked at one time... (Trembles with uneasy expectation) Here's the URL: ftp://72.40.22.156/incoming/ for anyone who wants to look at it. On a side note, I see lots of rejected log-in attempts in the logs from sites trying to do ftp access with "Administrator". Is there an easy way to allow that? TIA. It appears to me that you've got some firewall issues, perhaps. Passive FTP connections are failing. You'll need to setup a port range for ftpd to utilize for passive FTP, and allow those connections through your firewall. HTH - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Multiple Instances of OpenVPN
On 9/26/07, Marcos Vinicius Buzo <[EMAIL PROTECTED]> wrote: > Good afternoon. > I would like to know how could I run multiple instances of openvpn > with one startup script for each config file. > I'm running one instance with the /usr/local/etc/rc.d/openvpn script > and another with the command openvpn --config configfile. Read the rc script that controls openvpn (/usr/local/etc/rc.d/openvpn). It has information about running multiple tunnels. DS ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Dell Servers and FreeBSD
Thanks! I plan on using RAID 5 Philip M. Gollucci wrote: Tim Kellers wrote: Does anyone have any recommendations or experience with any of the newer Dell servers (2900, 2950 for example) and FreeBSD 6.2 in a production environment? Hi, I've got 860, 1435, 1600, 1950, 2950 all running 6.2-relelase-p7 with custom kernels. Watch out though the RAID-1 write speed on w/ FreeBSD is known to be pathetically the worst thing ever with this raid card: SAS 5IR internal RAID adapter, PCI-Express Read speed seems fine though. mpt0: [GIANT-LOCKED] mpt0: MPI Version=1.5.12.0 da0 at mpt0 bus 0 target 0 lun 0 da0: Fixed Direct Access SCSI-5 device da0: 300.000MB/s transfers, Tagged Queueing Enabled da0: 237464MB (486326272 512 byte sectors: 255H 63S/T 30272C) My other RAID cards doing RAID0, RAID5, and RAID1+0 are all stellar. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Keyboard without Scroll Lock
On Wed, 26 Sep 2007 at 14:44 -0400, [EMAIL PROTECTED] confabulated: -Rob [don't cc me; I'm subscribed and the reply addy is bogus] Not to take this off topic, so you own invalid.org? -- _|_ (_| | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Keyboard without Scroll Lock
Bill Campbell wrote: just for info, if you happens to buy a keyboard without the Scroll Lock key, as I did (Logitech EX110), and are missing this function in consoles, A far simpler way is to use xoff/xon, ctrl-s stops things, and ctrl-q restarts. Yeah, but that won't retrieve the stuff that already vanished; or is there another key sequence for that? the normally useless "scroll lock" will let you page back several screenfulls. -Rob [don't cc me; I'm subscribed and the reply addy is bogus] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
troubles with ftp access via browser
Hi, I've placed some files on a FBSD 6.2 server using the standard ftpd to access them. The content in question is a video clip, but could be anything that I wanted to share with people unknown. I can access the file list with a browser on my internal network - I do this to check that my links are good. But I (or anyone else) can't access these files externally with a browser, but I can access them with ftp itself. Even if I force a 'ftp' (for anon access) login via the browser URL, it stalls. I thought this had worked at one time... (Trembles with uneasy expectation) Here's the URL: ftp://72.40.22.156/incoming/ for anyone who wants to look at it. On a side note, I see lots of rejected log-in attempts in the logs from sites trying to do ftp access with "Administrator". Is there an easy way to allow that? TIA. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Keyboard without Scroll Lock
On Wed, Sep 26, 2007 at 11:22:39AM -0700, Bill Campbell wrote: > > > >just for info, if you happens to buy a keyboard without the Scroll Lock > >key, as I did (Logitech EX110), and are missing this function in consoles, > >I found a solution with re-configuring the keymap (I'm probably not the > > A far simpler way is to use xoff/xon, ctrl-s stops things, and > ctrl-q restarts. Is there a set-up I need to perform before it works, because simply pressing "Ctrl+Q"/"Ctrl+S" does not give me anything. -- Mvh/Brgds Harry FreeBSD mugin.localhost 7.0-CURRENT #8: i386 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: http://dev.mysql.com/qualitycontribution.html
On 9/26/07, Philip M. Gollucci <[EMAIL PROTECTED]> wrote: > Hi All, I noticed that 'Debian user community' was listed here. > > Maybe we should start funneling all the mysql related stuff to a single > FreeBSD managed user? > > > -- > > Philip M. Gollucci ([EMAIL PROTECTED]) c:323.219.4708 o:703.749.9295x206 > Senior System Admin - Riderway, Inc. > http://riderway.com / http://ridecharge.com > 1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF > > Work like you don't need the money, > love like you'll never get hurt, > and dance like nobody's watching. Very interesting :) -- Regards, -Abdullah Ibn Hamad Al-Marri Arab Portal http://www.WeArab.Net/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: courier-imap
When I try to login , in my maillog it saids no such file. How do I tell it to use /etc/passwd Rakhesh Sasidharan wrote: Bill Banks wrote: i think that it not validating the username & passwd Have you started courier-authdaemond in /usr/local/etc/rc.d? Added users to UserDB or whatever auth method you are using? I have some notes on installing Courier IMAP here: http://rakhesh.net/mail/courier-imap. That gives you the steps I followed while installing Courier IMAP on my home machine. HTH, - Rakhesh http://rakhesh.net/ -- --- Bill Banks 508-829-2005 Wachusett Programming Ourweb http://www.ourweb.net http://www.ourwebtemplates.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Keyboard without Scroll Lock
On Wed, Sep 26, 2007, Harry Matthiesen Jensen wrote: >Hi, > >I don't know where to post this, except from this list, so maybe someone >will add it to a FAQ ;-). > >just for info, if you happens to buy a keyboard without the Scroll Lock >key, as I did (Logitech EX110), and are missing this function in consoles, >I found a solution with re-configuring the keymap (I'm probably not the >first, but did not find a short solution on the web). A far simpler way is to use xoff/xon, ctrl-s stops things, and ctrl-q restarts. ... Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way FAX:(206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 It is practically impossible to teach good programming style to students that have had prior exposure to BASIC: as potential programmers they are mentally mutilated beyond hope of regeneration. -- Dijkstra ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Dell Servers and FreeBSD
Eric Crist wrote: > On Sep 26, 2007, at 1:01 PMSep 26, 2007, Philip M. Gollucci wrote: > >> Martin McCormick wrote: > > [snip] > >> real memory = 9395240960 (8960 MB) >> avail memory = 8291303424 (7907 MB) >> FreeBSD/SMP: Multiprocessor System Detected: 8 CPUs >> cpu0 (BSP): APIC ID: 0 >> cpu1 (AP): APIC ID: 1 >> cpu2 (AP): APIC ID: 2 >> cpu3 (AP): APIC ID: 3 >> cpu4 (AP): APIC ID: 4 >> cpu5 (AP): APIC ID: 5 >> cpu6 (AP): APIC ID: 6 > > Philip, > > Why are only 6 CPU's shown, Because I did a 'head -25 .. ' there are correctly 8 listed and in use sorry for the confusion. I'm actually not sure why real memory is 9GB -- The box is an 8GB box so the avail is correct. and also correctly reported in 'top' and other things. and why is 1GB of memory not available > for use? > - > Eric F Crist > Secure Computing Networks > -- Philip M. Gollucci ([EMAIL PROTECTED]) c:323.219.4708 o:703.749.9295x206 Senior System Admin - Riderway, Inc. http://riderway.com / http://ridecharge.com 1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Dell Servers and FreeBSD
On Sep 26, 2007, at 1:01 PMSep 26, 2007, Philip M. Gollucci wrote: Martin McCormick wrote: [snip] real memory = 9395240960 (8960 MB) avail memory = 8291303424 (7907 MB) FreeBSD/SMP: Multiprocessor System Detected: 8 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 cpu2 (AP): APIC ID: 2 cpu3 (AP): APIC ID: 3 cpu4 (AP): APIC ID: 4 cpu5 (AP): APIC ID: 5 cpu6 (AP): APIC ID: 6 Philip, Why are only 6 CPU's shown, and why is 1GB of memory not available for use? - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Dell Servers and FreeBSD
Martin McCormick wrote: one of the boot messages we see is > that all memory above 4 gigs is ignored or something to that > effect. > real memory = 3489300480 (3327 MB) > avail memory = 3414794240 (3256 MB) Thats not freebsd and if its its because you are using i386 and not amd64 >From a 1950 head -25 /var/run/dmesg.boot Copyright (c) 1992-2007 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 6.2-RELEASE-p7 #0: Fri Jan 12 08:43:30 UTC 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/SMP ACPI APIC Table: Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz (1595.93-MHz K8-class CPU) Origin = "GenuineIntel" Id = 0x6f7 Stepping = 7 Features=0xbfebfbff Features2=0x4e33d,CX16,,,> AMD Features=0x20100800 AMD Features2=0x1 Cores per package: 4 real memory = 9395240960 (8960 MB) avail memory = 8291303424 (7907 MB) FreeBSD/SMP: Multiprocessor System Detected: 8 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 cpu2 (AP): APIC ID: 2 cpu3 (AP): APIC ID: 3 cpu4 (AP): APIC ID: 4 cpu5 (AP): APIC ID: 5 cpu6 (AP): APIC ID: 6 -- Philip M. Gollucci ([EMAIL PROTECTED]) c:323.219.4708 o:703.749.9295x206 Senior System Admin - Riderway, Inc. http://riderway.com / http://ridecharge.com 1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Dell Servers and FreeBSD
Tim Kellers wrote: > Does anyone have any recommendations or experience with any of the newer > Dell servers (2900, 2950 for example) and FreeBSD 6.2 in a production > environment? Hi, I've got 860, 1435, 1600, 1950, 2950 all running 6.2-relelase-p7 with custom kernels. Watch out though the RAID-1 write speed on w/ FreeBSD is known to be pathetically the worst thing ever with this raid card: SAS 5IR internal RAID adapter, PCI-Express Read speed seems fine though. mpt0: [GIANT-LOCKED] mpt0: MPI Version=1.5.12.0 da0 at mpt0 bus 0 target 0 lun 0 da0: Fixed Direct Access SCSI-5 device da0: 300.000MB/s transfers, Tagged Queueing Enabled da0: 237464MB (486326272 512 byte sectors: 255H 63S/T 30272C) My other RAID cards doing RAID0, RAID5, and RAID1+0 are all stellar. -- Philip M. Gollucci ([EMAIL PROTECTED]) c:323.219.4708 o:703.749.9295x206 Senior System Admin - Riderway, Inc. http://riderway.com / http://ridecharge.com 1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Multiple Instances of OpenVPN
Good afternoon. I would like to know how could I run multiple instances of openvpn with one startup script for each config file. I'm running one instance with the /usr/local/etc/rc.d/openvpn script and another with the command openvpn --config configfile. Thanks in advance. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Dell Servers and FreeBSD
On Wed, Sep 26, 2007 at 12:18:49PM -0400, Tim Kellers wrote: > Does anyone have any recommendations or experience with any of the newer > Dell servers (2900, 2950 for example) and FreeBSD 6.2 in a production > environment? > > My old Dell 2400 hardware is quickly expiring and I need to replace it > with something that will support FreeBSD 6.2 and have enough horsepower > to host a substantial (50 or so) number of concurrent Moodle logins. > The database (pgsql) is already on another server so I won't be chewing > up server resources by hosting a database, too. I have put FreeBSD (6.2 I think) on 2950-s. It worked fine. The only problem was some confusion about the raid driver identifier. I needed to do some rummaging through dmesg and it was not at first obvious as it was a little unnoticed line amidst lots of others that looked more likely. But, I found it and had no problems after that. Unfortunately I had to give those machines up to another project and can't look and see what it was now. jerry > > Tim > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Software Lojack
--On Wednesday, September 26, 2007 12:34:15 -0400 Jerry McAllister <[EMAIL PROTECTED]> wrote: On Tue, Sep 25, 2007 at 06:12:56PM +0200, Roland Smith wrote: I know all about various precautions to be taken. I also know I could write something. I just wanted to know if something like that is already written. Dell offers this in a hardware solution. I'm sure they're buying it from someone, so you might be able to find out who. Doesn't matter if the thieves wipe the drive. The device phones home anyway. (Bet it only works in Windows, though, but it might spark an idea or two.) -- Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Keyboard without Scroll Lock
Hi, I don't know where to post this, except from this list, so maybe someone will add it to a FAQ ;-). just for info, if you happens to buy a keyboard without the Scroll Lock key, as I did (Logitech EX110), and are missing this function in consoles, I found a solution with re-configuring the keymap (I'm probably not the first, but did not find a short solution on the web). As root: Dump the keyboard map to a file kbdcontrol -d >mykeys Change the file so "Ctrl+NumLock" will set "Scroll Lock". Find line with scancode "base" 069, or where "nlock" fills the entire line. Edit column 3 from "nlock" to "slock" The line now looks like: "069 nlock nlock slock nlock nlock nlock nlock nlock O" Edit /etc/rc.conf: keymap="/home/xxx/mykeys" #where the file is Reboot, and now "Ctrl+NumLock" will toggle the Scroll Lock bit. Before you reboot it is possible to try if it works. As root, issue the command: kbdcontrol -l mykeys -- Mvh/Brgds Harry FreeBSD mugin.localhost 7.0-CURRENT #8: i386 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Dell Servers and FreeBSD
Tim Kellers writes: > Does anyone have any recommendations or experience with any of the newer > Dell servers (2900, 2950 for example) and FreeBSD 6.2 in a production > environment? We recently installed Dell 2950's for DNS and DHCP server applications. They work great but some of their horsepower never gets used. one of the boot messages we see is that all memory above 4 gigs is ignored or something to that effect. Here is part of a dmesg capture. FreeBSD 6.2-RELEASE-p2 #0: Tue Mar 13 15:09:34 CDT 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/- ACPI APIC Table: Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Xeon(R) CPU5160 @ 3.00GHz (2992.51-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x6f6 Stepping = 6 Features=0xbfebfbff Features2=0x4e3bd,CX16,,,> AMD Features=0x2010 AMD Features2=0x1 Cores per package: 2 real memory = 3489300480 (3327 MB) avail memory = 3414794240 (3256 MB) ioapic0: Changing APIC ID to 2 ioapic1: Changing APIC ID to 3 ioapic1: WARNING: intbase 64 != expected base 24 ioapic0 irqs 0-23 on motherboard ioapic1 irqs 64-87 on motherboard kbd1 at kbdmux0 ath_hal: 0.9.17.2 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413) acpi0: on motherboard acpi0: Power Button (fixed) Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0 cpu0: on acpi0 pcib0: port 0xcf8-0xcff on acpi0 pci0: on pcib0 pcib1: at device 2.0 on pci0 pci6: on pcib1 pcib2: at device 0.0 on pci6 pci7: on pcib2 pcib3: at device 0.0 on pci7 pci8: on pcib3 pcib4: at device 0.0 on pci8 pci9: on pcib4 bce0: mem 0xf400-0xf5ff irq 16 at device 0.0 on pci9 bce0: ASIC ID 0x57081010; Revision (B1); PCI-X 64-bit 133MHz miibus0: on bce0 brgphy0: on miibus0 brgphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseTX, 1000baseTX-FDX, auto bce0: Ethernet address: 00:19:b9:af:94:b4 pcib5: at device 1.0 on pci7 pci10: on pcib5 pcib6: at device 0.3 on pci6 pci11: on pcib6 pcib7: at device 3.0 on pci0 pci1: on pcib7 pcib8: at device 0.0 on pci1 pci2: on pcib8 mfi0: mem 0xd80f-0xd80f,0xfc4e-0xfc4f irq 78 at device 14.0 on pci2 mfi0: 1513 (242761804s/0x0020/0) - Shutdown command received from host mfi0: 1514 (4278190080s/0x0020/0) - PCI 0x041028 0x0415 0x041028 0x041f03: Firmware initialization started (PCI ID 0015/1028/1f03/1028) mfi0: 1515 (4278190080s/0x0020/0) - Type 18: Firmware version 1.00.02-0157 mfi0: 1516 (4278190097s/0x0008/0) - Battery Present mfi0: 1517 (4278190115s/0x0004/0) - PD 08(e1/s255) event: Enclosure (SES) discovered on PD 08(e1/s255) mfi0: 1518 (4278190115s/0x0002/0) - PD 08(e1/s255) event: Inserted: PD 08(e1/s255) mfi0: 1519 (4278190115s/0x0002/0) - Type 29: Inserted: PD 08(e1/s255) Info: enclPd=08, scsiType=d, portMap=00, sasAddr=500180b052f14500, mfi0: 1520 (4278190115s/0x0002/0) - PD 00(e1/s0) event: Inserted: PD 00(e1/s0) mfi0: 1521 (4278190115s/0x0002/0) - Type 29: Inserted: PD 00(e1/s0) Info: enclPd=08, scsiType=0, portMap=01, sasAddr=1221, mfi0: 1522 (4278190115s/0x0002/0) - PD 01(e1/s1) event: Inserted: PD 01(e1/s1) mfi0: 1523 (4278190115s/0x0002/0) - Type 29: Inserted: PD 01(e1/s1) Info: enclPd=08, scsiType=0, portMap=02, sasAddr=12210100, mfi0: 1524 (242772342s/0x0020/0) - Adapter ticks 242772342 elapsed 36s: Time established as 09/10/07 20:45:42; (36 seconds since power on) pcib9: at device 0.2 on pci1 pci3: on pcib9 pcib10: at device 4.0 on pci0 pci12: on pcib10 pcib11: at device 5.0 on pci0 pci13: on pcib11 pcib12: at device 6.0 on pci0 pci14: on pcib12 pcib13: at device 7.0 on pci0 pci15: on pcib13 pcib14: at device 28.0 on pci0 pci4: on pcib14 pcib15: at device 0.0 on pci4 pci5: on pcib15 bce1: mem 0xf800-0xf9ff irq 16 at device 0.0 on pci5 bce1: ASIC ID 0x57081010; Revision (B1); PCI-X 64-bit 133MHz miibus1: on bce1 brgphy1: on miibus1 brgphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseTX, 1000baseTX-FDX, auto bce1: Ethernet address: 00:19:b9:af:94:b2 uhci0: port 0xdce0-0xdcff irq 21 at device 29.0 on pci0 uhci0: [GIANT-LOCKED] usb0: on uhci0 usb0: USB revision 1.0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1: port 0xdcc0-0xdcdf irq 20 at device 29.1 on pci0 uhci1: [GIANT-LOCKED] usb1: on uhci1 usb1: USB revision 1.0 uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2: port 0xdca0-0xdcbf irq 21 at device 29.2 on pci0 uhci2: [GIANT-LOCKED] usb2: on uhci2 usb2: USB revision 1.0 uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0: mem 0xfc600400-0xfc6007ff irq 21 at device 29.7 on pci0 ehci0: [GIANT-LOCKED] usb3: EHCI version 1.0 usb3: companion controllers, 2 ports each: usb0 usb1 usb2 u
Re: Dell Servers and FreeBSD
On 9/26/07, Tim Kellers <[EMAIL PROTECTED]> wrote: > Does anyone have any recommendations or experience with any of the newer > Dell servers (2900, 2950 for example) and FreeBSD 6.2 in a production > environment? > > My old Dell 2400 hardware is quickly expiring and I need to replace it > with something that will support FreeBSD 6.2 and have enough horsepower > to host a substantial (50 or so) number of concurrent Moodle logins. > The database (pgsql) is already on another server so I won't be chewing > up server resources by hosting a database, too. We have many many 2950, 1950, 860, etc servers running FreeBSD. 6.2 without issue. Many of which are in a fairly taxing environment (webmail cluster with 25k users), as well as other purposes. I've only run across one issue, and it was on an earlier one. This was related more to the raid controller than anything, and required some 'camcontrol' setting to be changed: http://lists.freebsd.org/pipermail/freebsd-stable/2007-February/033071.html However, I wouldnt worry about that unless you have a problem. --falz ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Dell Servers and FreeBSD
Does anyone have any recommendations or experience with any of the newer Dell servers (2900, 2950 for example) and FreeBSD 6.2 in a production environment? My old Dell 2400 hardware is quickly expiring and I need to replace it with something that will support FreeBSD 6.2 and have enough horsepower to host a substantial (50 or so) number of concurrent Moodle logins. The database (pgsql) is already on another server so I won't be chewing up server resources by hosting a database, too. Tim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Software Lojack
On Tue, Sep 25, 2007 at 06:12:56PM +0200, Roland Smith wrote: I know all about various precautions to be taken. I also know I could write something. I just wanted to know if something like that is already written. jerry > On Mon, Sep 24, 2007 at 06:33:30PM -0400, Jerry wrote: > > Hi All, > > > > I am wondering if there is already written (in the ports) some utility > > that would either periodically and/or on boot up, take note of if the > > machine is connected to the net and if so, send some information to a > > configured address giving some basic information such as date/time > > and the network address where it is connected. > > You could write a shell-script that does this and run it as a cron(8) job. > > > The intent would be to put this in laptops/notebooks belonging to an > > organization/business to track where they were, especially if they > > were stolen. I know, if they got in to the hands of professional > > theft ring, the first thing they would do is wipe them, but it could > > help track them otherwise. > > Since most windows users wouldn't have a clue what to do with a FreeBSD > machine, I think _every_ laptop would be wiped. > > To secure your laptops and mitigate the consequences of theft there are > several things you can do; > - Encrypt the /home partitions. This will not prevent theft but will > reduce the chance of your data falling into the wrong hands. > - Make frequent backups to prevent data loss. > - Glue engraved labels to the machine, e.g. to the lid where it can't be > removed without damaging the LCD screen. This might make the machine > less desirable to a stolen goods dealer. > > Roland > -- > R.F.Smith http://www.xs4all.nl/~rsmith/ > [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] > pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
http://dev.mysql.com/qualitycontribution.html
Hi All, I noticed that 'Debian user community' was listed here. Maybe we should start funneling all the mysql related stuff to a single FreeBSD managed user? -- Philip M. Gollucci ([EMAIL PROTECTED]) c:323.219.4708 o:703.749.9295x206 Senior System Admin - Riderway, Inc. http://riderway.com / http://ridecharge.com 1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Capturing data on the serial port
On Sep 26, 2007, at 10:42 AM, [EMAIL PROTECTED] wrote: I have a need to temporarily capture data from our phone system via the serial port on one of my FreeBSD servers. What would be the best way to do this? I've done this with Minicom set up to log to a file. /usr/ports/comms/minicom --Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf redirect question
On Wednesday 26 September 2007 17:42, Jonathan Horne wrote: > On Wednesday 26 September 2007 08:10:18 Nikos Vassiliadis wrote: > > Please CC me when replying to me, since I will > > see your replies in no time. Otherwise your reply > > might not be seen, since it ends up in another > > directory in my maildir. > > > > On Wednesday 26 September 2007 15:18, Jonathan Horne wrote: > > > On Wednesday 26 September 2007 02:28:48 Nikos Vassiliadis wrote: > > > > No, don't use the IP on your server. Why you should do such a > > > > thing? > > > > > > why not? i did specify that the old server is decommissioning and > > > would be permenantly downed. > > > > Because the IP you will use on the host running FreeBSD and PF has > > nothing to do with FreeBSD and PF. If you do this, you understand > > that packets will be processed locally by FreeBSD's TCP/IP stack > > and not forwarded to the new server, right? > > > > You only want PF to alter the address from old server to new server > > as I said previously. Not accept the packet as if destined for > > localhost! > > > > > > You just have to make sure that packets ($old_server <-> $world) > > > > are routed through your $pf box. I guess that's the case for you. > > > > pf will just translate the destination address from $old_server > > > > to $new_server. > > > > > > yes, any client or server would be able to route across the wan to > > > the new ip at the other end. > > > > Something like this: > > client-aclient-b > > > > ( internet cloud ) > > > > (pf)(new-server) > > > > > > (old-server) > > > > > > BUT, which is this service you are talking about? Cause that's not > > > > feasible with everything. > > > > > > ultimately, i want to route some Mcafee ePolicy clients to use > > > another server. > > > > Yes, I know nothing about it. Is redirecting TCP port 8080 enough? > > > > [snip] > > > > > was my syntax in my example incorrect? > > > > Yes, try removing the interface, just to be more general, > > until you figure it out. Something like: > > rdr inet proto tcp from any to x.x.x.x port = ssh -> y.y.y.y port 22 > > > > And use "pfctl -vsnat" to check the state of the rdr command, like > > this: [ Evaluations: 3434 Packets: 14Bytes: 840 > > States: 0 ] > > > > Be sure that every host involved is reachable from the pf box. > > > > Nikos > > well, the example you sent me worked... but just for a moment. as soon > as i changed it (and restarted pf, its not worked since. if im going to > get this to work, this is actually more of the diagram im working with > here: > > (pf) --- (old server) -- client-a > > (SITE-A) (vpn-client-b) > > (internet-cloud) (SITE-B) --- (new server) > > (SITE-C) > > (client-c) > No, you can't with such topology. Let's examine client-c: 1) client-c sends request to old-server 2) pf translates the destination from old-server to new-server 3) packet arrives to new-server 4) new-server replies to client-c, not going through pf this time though 5) client-c gets a reply from new-server. Remember, it tried to connect to old-server, not to new-server. So, change of plans... You have to use a TCP redirector, (net/redir) comes in mind. Install redir, have redir listen to a port on your lo0 and proxy this to old-server:port e.g. redir --laddr=127.0.0.1 --lport=45876 --caddr=old-server --cport=80 then use pf and rdr to redirect the old-server:port to 127.1:45876 pseudo-pf.conf: rdr inet proto tcp from any to x.x.x.x port = 80 -> 127.0.0.1 45876 That's all. > where you see SITE-x, consider that the appropricate clusters of > routers, vpn-endpoints/concentrators. client-a, old server, and pf are > same-lan, other objects are all across a wan at different subnets, but > all can reach all. ^ That's more of a problem in your situation. Hopefully not for long. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Capturing data on the serial port
I have a need to temporarily capture data from our phone system via the serial port on one of my FreeBSD servers. What would be the best way to do this? Thanks, Jay ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: 6.2 Headless Installs Don't Seem to Work.
Jonathan McKeown writes: > (tar now does this, I believe), add the line > > console="comconsole" > > to boot/loader.conf in the directory which is the root of the CD, and then > make a new ISO and burn a new serial install CD. When I do tar vxf 6.2-RELEASE-i386-disc1.iso It mostly works as expected except for the following strange error message observed while extracting: x INSTALL.HTM x INSTALL.TXT x README.HTM x README.TXT x RELNOTES.HTM x stand x sys tar: Ignoring out-of-order file x RELNOTES.TXT x .cshrc x root/.cshrc There is only that one error and I wonder, A. What did I miss? B. Is there a way to work around this? As always, thanks. Martin McCormick WB5AGZ Stillwater, OK Systems Engineer OSU Information Technology Department Network Operations Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: anyone have a favorite laptop?
On Tue, Sep 25, 2007 at 09:24:55PM -0400, Bob Johnson wrote: I have installed FreeBSd on IBM/Lenova and Dell with little problem. But, I wonder if anyone here has had any dealings with a nice little notebook from a Japanese company called 'Kojinsha'. I saw them the last time I was in Japan, of course, running MS-something. They are very compact, but still with a typable keyboard unlike some other compact notebooks and a very sharp looking display. I am hoping I can find them sold with an English Language setup in the USA. (I have seen an European (British?) English Language version. So, has anyone seen these or better yet, tried one? jerry > I've been happy with FBSD on Dell Inspirons, although the newest I've > used it on is an 8600 (it's what I'm using now). Some things have been > problems (e.g. on the 7500 the sound input never had a driver, on the > 8600 it took a while to find a driver that would make a working NDIS > driver for the wireless). > > In general, if you get something new on the market you are far more > likely to have trouble getting it working. In that regard in > particular, I've had better luck with nVidia rather than ATI video > (nVidia publishes FreeBSD drivers). > > - Bob > > On 9/25/07, Bill Campbell <[EMAIL PROTECTED]> wrote: > > On Mon, Sep 24, 2007, Arend P. van der Veen wrote: > > >We have used Thinkpads for a long time. I am currently using a T60. > > >Never had any problems. > > > > I used Thinkpads for about 10 years with various Linux systems. > > My last one was a Thinkpad 600 which I used continuously from > > August 1999 through March 2007 when I got a Mac Powerbook (now if > > only I could run OS X on a Thinkpad :-). > > > > We have used a fair variety of Thinkpads with our auction > > software for the last 10 years or so with excellent results. > > > > Bill > > -- > > INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC > > URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way > > FAX:(206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 > > > > Liberty don't work as good in practice as it does in speeches. > > Will Rogers > > ___ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Bandwidth filter with ipfw don't work
"Edgardo Nuevo" <[EMAIL PROTECTED]> writes: > Hi > I have Freebsd 6,2 with 2 cards of network, vr1 (10.0.1.10 with access > to Internet), vr0 (192.168.1.1 internal network), I have configured > ipfw + dummynet, when I configure a PC with 192.168.1.x does not work, > but I put an IP type 10.0.1.x its works, what's error? Can't tell from that. Have you checked ipfw counters to see which rules are dropping the packets (if any)? Have you tried with no drop rules at all? Do you have a route for the 192.168.1.x subnet on the router? > ### firewall.rules ### > -f flush > add 0012 skipto 20 all from any to any not layer2 in via vr0 > # Define MAC's users > add 0013 skipto 20 all from any to any { MAC 00:1b:24:3b:4f:xx any or > MAC any 00:1b:24:3b:4f:xx } layer2 > add 0014 skipto 20 all from any to any { MAC 00:1b:24:25:yy:69 any or > MAC any 00:1b:24:25:yy:69 } layer2 > > #Deny MACs not defined > add 0019 deny log logamount 100 ip from any to any MAC any any layer2 via vr0 > > # Enable NAT > add 0020 divert natd all from any to any via vr1 > > # Define pipe per MAC's > add pipe 1 ip from any to any MAC 00:1b:24:3b:4f:xx any in via vr0 > add pipe 2 ip from any to any MAC any 00:1b:24:3b:4f:xx in via vr0 > > add pipe 3 ip from any to any MAC 00:1b:24:25:yy:69 any > add pipe 4 ip from any to any MAC any 00:1b:24:25:yy:69 > > # Define bandwith per pipe > pipe 1 config bw 50Kbit/s > pipe 2 config bw 50Kbit/s > > pipe 3 config bw 6Kbit/s > pipe 4 config bw 6Kbit/s > > add 0500 allow all from any to any > ### > > ### sysctl.conf ### > net.link.ether.bridge.enable=1 > net.link.ether.bridge_cfg=vr1:1,vr0:2 > net.link.ether.bridge_ipfw=1 > net.ip.dummynet.debug=1 > net.inet.ip.fw.enable=1 > net.link.ether.ipfw=1 > ### > > Thanks > > Dark Night Rider > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: IPFW + NATD FORWARDING
"mr. phreak" <[EMAIL PROTECTED]> writes: > Hi, I am having trouble with my IPFW+NATD forwarding. I know a lot of > people have > and I've googled my ass off. Still I can't get it right. I'm trying to > forward port 1213 in/out for dc++ usage. > > this is my setup: > > __WAN router (192.168.1.1) > | > | > (FreeBSD gateway/fw NIC1:ath0 (public) NIC2:rl0 (LAN) ) > | > |__ > LAN (10.10.10.0/24) > > I use stateful rules and I'd like to forward port 1213 both ways using > natd. I know NATD should take care of this as long as i allow port > 1213 in/out from the firewall. I've tried this at almost every > position in the ipfw.rules and now i ask where i should put it?? i.e > it's not there right now. > > I've tried: > > $cmd [num] allow all from any to any 1213 (at various positions in > ipfw.rules) still doesn't work. > > $cmd [num] divert natd all from any to any 1213. > > Can someone help me? Your firewall configuration is rather unconventional, but the basic idea makes sense. What isn't clear is how you want to use this "dc++" program within your infrastructure. Because you are using dynamic rules, I assume that you want the connections to always originate inside your network. If that is the case, you shouldn't need any special configuration to natd (because every connection will be learned from the initial packet). If that's not the case, you will need to pick one internal machine to receive the connections coming in from outside. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Enlighten me nt Please
Would it be easy, or maybe "not too difficult" to setup Enlightenment with FreeBSD which I am determined to get back into soon? Even possibly use the Elive approach, or is that a specific Linux executable? use ports ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: SSH login banner?
I really appreciate the time and effort you took to answer my questionThank you for a clear and concise answer! --Joe > Date: Wed, 26 Sep 2007 09:12:35 -0500> From: [EMAIL PROTECTED]> To: [EMAIL > PROTECTED]> CC: freebsd-questions@freebsd.org> Subject: Re: SSH login > banner?> > On Wed, 26 Sep 2007 09:15:38 -0400> <[EMAIL PROTECTED]> wrote:> > > > I need to apply an SSH user agreement policy so users agrees to the> > AUP > _before_ they login. Everything I read puts the police on the> > screen after > login. Any ideas? --Joe> > Have a look under /etc/sshd/> > There is an sshd > conf file. Open it, look for Banner.> I created a /etc/welcome.msg and put > that location within the conf> file.> > Restart sshd and viola.> > Now, wasnt > this easier then someone telling you to have a look at some> man page?!> > -- > > Best regards,> Chris> Registerd Linux user number 448639 _ Discover the new Windows Vista http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf redirect question
On Wednesday 26 September 2007 08:10:18 Nikos Vassiliadis wrote: > Please CC me when replying to me, since I will > see your replies in no time. Otherwise your reply > might not be seen, since it ends up in another > directory in my maildir. > > On Wednesday 26 September 2007 15:18, Jonathan Horne wrote: > > On Wednesday 26 September 2007 02:28:48 Nikos Vassiliadis wrote: > > > No, don't use the IP on your server. Why you should do such a thing? > > > > why not? i did specify that the old server is decommissioning and would > > be permenantly downed. > > Because the IP you will use on the host running FreeBSD and PF has > nothing to do with FreeBSD and PF. If you do this, you understand > that packets will be processed locally by FreeBSD's TCP/IP stack > and not forwarded to the new server, right? > > You only want PF to alter the address from old server to new server > as I said previously. Not accept the packet as if destined for localhost! > > > > You just have to make sure that packets ($old_server <-> $world) > > > are routed through your $pf box. I guess that's the case for you. > > > pf will just translate the destination address from $old_server > > > to $new_server. > > > > yes, any client or server would be able to route across the wan to the > > new ip at the other end. > > Something like this: > client-aclient-b > > ( internet cloud ) > > (pf)(new-server) > > > (old-server) > > > > BUT, which is this service you are talking about? Cause that's not > > > feasible with everything. > > > > ultimately, i want to route some Mcafee ePolicy clients to use another > > server. > > Yes, I know nothing about it. Is redirecting TCP port 8080 enough? > > [snip] > > > was my syntax in my example incorrect? > > Yes, try removing the interface, just to be more general, > until you figure it out. Something like: > rdr inet proto tcp from any to x.x.x.x port = ssh -> y.y.y.y port 22 > > And use "pfctl -vsnat" to check the state of the rdr command, like this: > [ Evaluations: 3434 Packets: 14Bytes: 840 States: 0 >] > > Be sure that every host involved is reachable from the pf box. > > Nikos well, the example you sent me worked... but just for a moment. as soon as i changed it (and restarted pf, its not worked since. if im going to get this to work, this is actually more of the diagram im working with here: (pf) --- (old server) -- client-a | (SITE-A) (vpn-client-b) | (internet-cloud) (SITE-B) --- (new server) | (SITE-C) | (client-c) where you see SITE-x, consider that the appropricate clusters of routers, vpn-endpoints/concentrators. client-a, old server, and pf are same-lan, other objects are all across a wan at different subnets, but all can reach all. (client-b's vpn concentrator is located in the SITE-A routers). so, if it worked one time and then stopped after a change... where could i be going wrong now? after a change like that, do arp or routing tables need to be flushed (and if so, at both the pf, and possibly test subject (but maybe not the recieving end of the rdr... i cant see how the receiver would care) man, if i can get this to work reliably, this is going to save a ton of time and trouble! thanks, -- Jonathan Horne http://dfwlpiki.dfwlp.org [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Can't boot new disk unless it's on the 2nd IDE channel
Should have included this the first time: When the disk is on the first channel, the BIOS reports and "invalid partition table" then the boot loader runs anyway until I end up at a "mountroot>" prompt. Whatever I try to enter at the prompt I'm told the disk doesn't exist. It doesn't matter which disk my fstab mount points say. If I have the disk on the second channel it boots just fine regardless of whether there's a disk on the first channel or not. ..jgm Joe in MPLS wrote: Several months ago I bought a bigger (IDE) disk and set about the task of moving a FreeBSD 6.1 STABLE #0 system to teh new disk. I did the fdisk, boot0cfg and bsdlabel stuff and dumps piped to restores to get all the bytes moved. I thought all was well so I got lazy and never removed the old disk. After doing an update this week via make buildworld etc, I realized that the box was still booting from the old small drive and loading an old kernel before mounting everything mentioned in /etc/fstab. I used fdisk to make the 1st slice of teh new disk active, edited fstab to change all the ad2s1x entries to ad0s1x, disconnected the first drive and moved the new drive to the first IDE channel. No joy. I used bsdlabel -e to change my "/" partition from ad2s1d to ad2s1a (sysinstall disklabel would not let me assign "a" to a partition on the second disk). Still no joy and worse, it wouldn't boot even with the first disk in place. I managed to get it booting with both drives installed again, but now it wants my fstab entries to be "ad2a", "ad2e" etc. It doesn't like the "ad2s1x" stuff in there any more. Then for the heck of it, I disconnected the first drive, left the new drive on the second channel and it booted just fine! here's fdisk output: [EMAIL PROTECTED] ~]# fdisk *** Working on device /dev/ad2 *** parameters extracted from in-core disklabel are: cylinders=119705 heads=16 sectors/track=255 (4080 blks/cyl) Figures below won't work with BIOS for partitions not in cyl 1 parameters to be used for BIOS calculations are: cylinders=119705 heads=16 sectors/track=255 (4080 blks/cyl) Media sector size is 512 Warning: BIOS sector numbering starts with sector 1 Information from DOS bootblock is: The data for partition 1 is: The data for partition 2 is: The data for partition 3 is: The data for partition 4 is: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 0, size 5 (24 Meg), flag 80 (active) beg: cyl 0/ head 0/ sector 1; end: cyl 1023/ head 254/ sector 63 I don't know why part #4 is active when I marked #1 active earlier tonight... and the disk is way bigger than 24 MB as shown by df -h: [EMAIL PROTECTED] ~]# df -h FilesystemSizeUsed Avail Capacity Mounted on /dev/ad2a 1.9G191M1.6G10%/ devfs 1.0K1.0K 0B 100%/dev /dev/ad2e 1.9G2.4M1.8G 0%/tmp /dev/ad2g 176G7.8G154G 5%/usr /dev/ad2f 44G558M 40G 1%/var devfs 1.0K1.0K 0B 100%/var/named/dev and here's bsdlabel: [EMAIL PROTECTED] ~]# bsdlabel ad2 # /dev/ad2: 8 partitions: #size offsetfstype [fsize bsize bps/cpg] a: 419430404.2BSD 2048 16384 28552 b: 4194304 4194304 swap c: 4883971680unused0 0 # "raw" part, don't edit e: 4194304 83886084.2BSD 2048 16384 28552 f: 94371840 125829124.2BSD 2048 16384 28552 g: 381442416 1069547524.2BSD 2048 16384 28552 How do I make this "ad0" instead of "ad2"? TIA ...jgm ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Enlighten me nt Please
NOTICE: All information in and attached to the e-mail(s) below may be proprietary, confidential, privileged and otherwise protected from improper or erroneous disclosure. If you are not the sender's intended recipient, you are not authorized to intercept, read, print, retain, copy, forward, or disseminate this message. If you have erroneously received this communication, please notify the sender immediately by phone (704-758-1000) or by e-mail and destroy all copies of this message (electronic, paper, or otherwise). Thank you. I first started using FreeBSD with the 4.5 release, and for the record I still think your documentation (manual included with the release) is the best I have seen. However, since that release (and several ago) I have been experimenting with numerous Linux's and have been favorably impressed with several different distros, especially Elive... So, my question is: Would it be easy, or maybe "not too difficult" to setup Enlightenment with FreeBSD which I am determined to get back into soon? Even possibly use the Elive approach, or is that a specific Linux executable? Thank you, Edward Hensley [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
qmail+wu-imap+squirrelmail
I'm trying to setup qmail with squirrelmail thus wu-imap on Freebsd 6.2 . imap is not authenticating the user and I dont know why. Try: telnet 216.236.255.45 143 a1 login test 0 and see what I'm talking about. -- --- Bill Banks 508-829-2005 Wachusett Programming Ourweb http://www.ourweb.net http://www.ourwebtemplates.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: SSH login banner?
On Wed, 26 Sep 2007 09:15:38 -0400 <[EMAIL PROTECTED]> wrote: > I need to apply an SSH user agreement policy so users agrees to the > AUP _before_ they login. Everything I read puts the police on the > screen after login. Any ideas? --Joe Have a look under /etc/sshd/ There is an sshd conf file. Open it, look for Banner. I created a /etc/welcome.msg and put that location within the conf file. Restart sshd and viola. Now, wasnt this easier then someone telling you to have a look at some man page?! -- Best regards, Chris Registerd Linux user number 448639 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
sbcl/lisp question
Hi, while playing with SBCL and the editor slime, I found that slime needs some ("fast loadable") files in /usr/local/lib/sbcl/.. (with .fasl suffix) to be set executable. Was this forgotten by the port authors or is there some tricky LISP way to do it automatically (i.e. is it a bug or a feature)? This is on FreeBSD 7.0 amd64. Greetings, Uli. Peter Ulrich Kruppa Wuppertal Germany ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Confusion on SSH and PAM
On Wednesday 26 September 2007 11:02:26 Rakhesh Sasidharan wrote: > CyberLeo Kitsana wrote: > > Rakhesh Sasidharan wrote: > >> Any ideas or nudges in the right direction as to why this is happening? > >> Looks like I've understood the interaction between SSH and PAM wrong > >> here, so would appreciate some enlightenment. > > > > According to my understanding of the SSH protocol, you're continually > > asked because an authentication failure is not a fatal error. > > > > When authenticating an SSH session, a list of mutually supported methods > > is compiled (public-key, challenge-response, S/Key, > > keyboard-interactive, plaintext) and the client cycles through the list > > based on what it thinks is most likely to work. > > > > It's perfectly acceptable for a client to attempt password > > authentication before public-key, or even interleave them. All the > > server can do is say yay or nay to an attempt with a restricted method, > > because it cannot know if the next attempt may utilize an allowed method. > > > > After the requisite three or five failed attempts (depending on the > > server config), it may send a general failure code (too many failed > > attempts) and disconnect the client at it's discretion. > > Here's another oddity I encountered today. > > If "PermitRootLogin" is set to "forced-commands-only", my understanding is > the SSHD will permit root logins if a command to be executed is given. But > that doesn't seem to be the case in practice! I have keys setup for root > to login, but instead of letting me in with those keys, SSHD ignores them, > passes me to PAM for password prompting (three times) and the denies me > out! Very strange. > > I even setup a "Match User" clause for root and specified a command to > run. Still, SSHD refuses to let me in with/ without key and for a specific > command. PermitRootLogin without-password won't allow what you want to do? To use it, you have to set up a passphrase (public key). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: SSH login banner?
On Wed, Sep 26, 2007 at 09:15:38AM -0400, [EMAIL PROTECTED] wrote: > I need to apply an SSH user agreement policy so users agrees to the AUP > _before_ they login. Everything I read puts the police on the screen > after login. Any ideas? --Joe The sshd_config(5) manpage documents the following option: Banner In some jurisdictions, sending a warning message before authenti- cation may be relevant for getting legal protection. The con- tents of the specified file are sent to the remote user before authentication is allowed. This option is only available for protocol version 2. By default, no banner is displayed. Sounds like exactly what you want. -- Erik Trulsson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
SSH login banner?
I need to apply an SSH user agreement policy so users agrees to the AUP _before_ they login. Everything I read puts the police on the screen after login. Any ideas? --Joe _ News, entertainment and everything you care about at Live.com. Get it now! http://www.live.com/getstarted.aspx___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf redirect question
Please CC me when replying to me, since I will see your replies in no time. Otherwise your reply might not be seen, since it ends up in another directory in my maildir. On Wednesday 26 September 2007 15:18, Jonathan Horne wrote: > On Wednesday 26 September 2007 02:28:48 Nikos Vassiliadis wrote: > > No, don't use the IP on your server. Why you should do such a thing? > > why not? i did specify that the old server is decommissioning and would > be permenantly downed. > Because the IP you will use on the host running FreeBSD and PF has nothing to do with FreeBSD and PF. If you do this, you understand that packets will be processed locally by FreeBSD's TCP/IP stack and not forwarded to the new server, right? You only want PF to alter the address from old server to new server as I said previously. Not accept the packet as if destined for localhost! > > You just have to make sure that packets ($old_server <-> $world) > > are routed through your $pf box. I guess that's the case for you. > > pf will just translate the destination address from $old_server > > to $new_server. > > yes, any client or server would be able to route across the wan to the > new ip at the other end. Something like this: client-aclient-b || ( internet cloud ) | (pf)(new-server) | | (old-server) > > BUT, which is this service you are talking about? Cause that's not > > feasible with everything. > > ultimately, i want to route some Mcafee ePolicy clients to use another > server. Yes, I know nothing about it. Is redirecting TCP port 8080 enough? [snip] > was my syntax in my example incorrect? Yes, try removing the interface, just to be more general, until you figure it out. Something like: rdr inet proto tcp from any to x.x.x.x port = ssh -> y.y.y.y port 22 And use "pfctl -vsnat" to check the state of the rdr command, like this: [ Evaluations: 3434 Packets: 14Bytes: 840 States: 0 ] Be sure that every host involved is reachable from the pf box. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: xfce-4.4.1_1 strange behavior with Launch Desktop Icons.
I try reinstalling Thunar and see if that would fix the problem. I still experiencing the same problem, those two icons would not launch propery, I am pasting my .xsession-errors. /usr/local/etc/gdm/PreSession/Default: Registering your session with wtmp and utmp /usr/local/etc/gdm/PreSession/Default: running: /usr/local/bin/sessreg -a -w /var/log/wtmp -u /var/run/utmp -x "/var/gdm/:0.Xservers" -h "" -l ":0" "lgrullon" /usr/local/etc/gdm/Xsession: Beginning session setup... To see the last 10 lines of a long file, use "tail filename". To see the first 10 lines, use "head filename". -- Dru <[EMAIL PROTECTED]> /usr/local/etc/gdm/Xsession: Setup done, will execute: /usr/bin/ssh-agent -- /usr/local/etc/gdm/Sessions/XFce4 /usr/local/bin/startxfce4: X server already running on display :0 xscreensaver: not found ** Message: This build doesn't include support for XF86Misc extension ** Message: Querying Xkb extension ** Message: Xkb extension found ** Message: Querying Xkb extension ** Message: Xkb extension found ** (xfce-mcs-manager:44045): CRITICAL **: find_master: assertion `mixer_handle != -1' failed ** (xfce-mcs-manager:44045): WARNING **: oss: No master volume (xfdesktop:44048): thunar-vfs-WARNING **: Failed to connect to the HAL daemon: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory ** (xfce4-session:44042): WARNING **: xfsm-shutdown-helper.c:94: Failed to connect to the system message bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory ** Message: xfsm-shutdown-helper.c:215: HAL not available or does not permit to shutdown/reboot the computer, trying sudo fallback instead. Any light to this weird issue would be appreciated. I hope is not a software bug. Lisandro BTW. Thank you for your response Norberto. > Date: Wed, 26 Sep 2007 11:07:20 +1000 > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > CC: freebsd-questions@freebsd.org > Subject: Re: xfce-4.4.1_1 strange behavior with Launch Desktop Icons. > > On Tue, 25 Sep 2007 13:26:04 -0400 > Lisandro Grullon <[EMAIL PROTECTED]> wrote: > > > Dear FBSD users, > > I am running FBSD 6.2R with most of my ports upgrade to the latest. I just > > finish doing a upgrade of Xorg 7.2 to 7.3 because I was having an issue > > with my keyboard and mouse using 7.2. In any case the reason I am posting > > this is because after the upgrade, I launch xfce4 using startx and all went > > ok, yet when I am in my desktop and I try assessing the "home" or > > "filesystem" icons, they just appear to blink and never get launched, is > > any of you having this issue, I am not sure if this is a software bug that > > xfce4 is having. If any experience this, please elaborate. Lisandro > > > Hi Lisandro, > have you got Thunar installed? those icons launch your file manager, which by > default is the Thunar file manager. I am not sure if there is a way to > replace it for other. > > You may want to check ~/.xsession-errors to see if there are any errors being > issued by xfdesktop or Thunar itself. > > B > _ > {Beto|Norberto|Numard} Meijome > > A "No" uttered from deepest conviction is better and greater than a > "Yes" merely uttered to please, or what is worse, to avoid trouble. >Mahatma Ghandi > > I speak for myself, not my employer. Contents may be hot. Slippery when wet. > Reading disclaimers makes you go blind. Writing them is worse. You have been > Warned. > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" _ Discover the new Windows Vista http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf redirect question
On Wednesday 26 September 2007 02:28:48 Nikos Vassiliadis wrote: > No, don't use the IP on your server. Why you should do such a thing? > why not? i did specify that the old server is decommissioning and would be permenantly downed. > You just have to make sure that packets ($old_server <-> $world) > are routed through your $pf box. I guess that's the case for you. > pf will just translate the destination address from $old_server > to $new_server. > yes, any client or server would be able to route across the wan to the new ip at the other end. > BUT, which is this service you are talking about? Cause that's not > feasible with everything. > > Nikos ultimately, i want to route some Mcafee ePolicy clients to use another server. weve installed our new agent on all our machines, but i still have a handful of clients that are "roamers" who are checking in via the vpn concentrator, which i cannot physically get to their machines to perform their upgrade. if i can re-route their check-in server to our new server (and yes, the inbound vpn also uses all the same routes to other sites as our internal core switches), that would a) not knock those roaming clients off antivirus updates, b) i could also use the same trick to upgrade our server farm, and c) our new york office is lagging way behind on their client upgrades, and this would help them out as well (by directing anyone remaining over to the new server, which is in chicago). so far, i was trying it out, by trying to redirect port 80 on my laptop, to a monitoring service on the server at 10.22.192.131:8080, but it would just die if i tried to telnet to my laptops port 80 (from some other machine, not the laptop or test server). was my syntax in my example incorrect? thanks, -- Jonathan Horne http://dfwlpiki.dfwlp.org [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Confusion on SSH and PAM
CyberLeo Kitsana wrote: Rakhesh Sasidharan wrote: Any ideas or nudges in the right direction as to why this is happening? Looks like I've understood the interaction between SSH and PAM wrong here, so would appreciate some enlightenment. According to my understanding of the SSH protocol, you're continually asked because an authentication failure is not a fatal error. When authenticating an SSH session, a list of mutually supported methods is compiled (public-key, challenge-response, S/Key, keyboard-interactive, plaintext) and the client cycles through the list based on what it thinks is most likely to work. It's perfectly acceptable for a client to attempt password authentication before public-key, or even interleave them. All the server can do is say yay or nay to an attempt with a restricted method, because it cannot know if the next attempt may utilize an allowed method. After the requisite three or five failed attempts (depending on the server config), it may send a general failure code (too many failed attempts) and disconnect the client at it's discretion. Here's another oddity I encountered today. If "PermitRootLogin" is set to "forced-commands-only", my understanding is the SSHD will permit root logins if a command to be executed is given. But that doesn't seem to be the case in practice! I have keys setup for root to login, but instead of letting me in with those keys, SSHD ignores them, passes me to PAM for password prompting (three times) and the denies me out! Very strange. I even setup a "Match User" clause for root and specified a command to run. Still, SSHD refuses to let me in with/ without key and for a specific command. Regards, - Rakhesh http://rakhesh.net/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: xfce-4.4.1_1 strange behavior with Launch Desktop Icons.
On Wed, Sep 26, 2007 at 11:07:20AM +1000, Norberto Meijome wrote: > On Tue, 25 Sep 2007 13:26:04 -0400 > Lisandro Grullon <[EMAIL PROTECTED]> wrote: > > > Dear FBSD users, > > I am running FBSD 6.2R with most of my ports upgrade to the latest. I just > > finish doing a upgrade of Xorg 7.2 to 7.3 because I was having an issue > > with my keyboard and mouse using 7.2. In any case the reason I am posting > > this is because after the upgrade, I launch xfce4 using startx and all went > > ok, yet when I am in my desktop and I try assessing the "home" or > > "filesystem" icons, they just appear to blink and never get launched, is > > any of you having this issue, I am not sure if this is a software bug that > > xfce4 is having. If any experience this, please elaborate. Lisandro > > > Hi Lisandro, > have you got Thunar installed? those icons launch your file manager, which by > default is the Thunar file manager. I am not sure if there is a way to > replace it for other. > > You may want to check ~/.xsession-errors to see if there are any errors being > issued by xfdesktop or Thunar itself. > Hi. I also got into "trouble" after upgrade 7.2 -> 7.3: Starting xfce took a very long time. I find the following in my .xsession-errors: ** (xfdesktop:43005): WARNING **: org.xfce.Trash.QueryTrash failed: The name org.xfce.FileManager was not provided by any .service files ... ** (xfce4-menu-plugin:43029): CRITICAL **: Unable to get keyboard/mouse grab. ** (xfce4-menu-plugin:43029): CRITICAL **: Unable to get keyboard/mouse grab. ** (xfce4-menu-plugin:43029): CRITICAL **: Unable to get keyboard/mouse grab. ** (xfce4-menu-plugin:43029): CRITICAL **: Unable to get keyboard/mouse grab. I thought, this is because I can't run hald (crashes the machine instantly) and Thunar complains about not finding hald (saw this, when I startet xfce via startx on console I think; I can't find it now in the logs - so not the exact message, sorry). Maybe, this information can help you (and me ;) with xfce Ciao, Karsten -- Karsten Rothemund <[EMAIL PROTECTED]> /"\ PGP-Key: 0x7019CAA5 \ / Fingerprint: E752 C759 B9B2 2057 E42F \ ASCII Ribbon Campaign 50EE 47AC A7CE 7019 CAA5 / \ Against HTML Mail and News pgpMc7ENlPPyl.pgp Description: PGP signature
Re: Is your Thunderbird OK?
On Tue, 2007-09-25 at 17:47 +0200, Christian Baer wrote: > On Wed, 26 Sep 2007 00:41:53 +0900 Byung-Hee HWANG wrote: > > > Yeah I also like text based MUAs such as mutt or pine. Sometimes I get > > HTML messages from my co-workers who use webmail. I must read those HTML > > messages for my work, study. That's why I need windows-like MUAs, not > > text based MUAs. Is there any other best MUA? I _really_ feel thirsty > > for best MUA.. anytime.. > > If you can live without the pretty pictures, you can configure Mutt to use > an external browser like lynx or links to display HTML. > > Otherwise, you could give Claws a closer look. ^ After I read your replying mail, I investigated the Claws. I am considering for moving from this Evolution to the Claws. But still Thunderbird will remain as the best MUA to me. Thank you so much! Byung-Hee ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Is your Thunderbird OK?
On Tue, 2007-09-25 at 17:47 +0200, Christian Baer wrote: > On Wed, 26 Sep 2007 00:41:53 +0900 Byung-Hee HWANG wrote: > > > Yeah I also like text based MUAs such as mutt or pine. Sometimes I get > > HTML messages from my co-workers who use webmail. I must read those HTML > > messages for my work, study. That's why I need windows-like MUAs, not > > text based MUAs. Is there any other best MUA? I _really_ feel thirsty > > for best MUA.. anytime.. > > If you can live without the pretty pictures, you can configure Mutt to use > an external browser like lynx or links to display HTML. > > Otherwise, you could give Claws a closer look. ^ After I read your replying mail, I investigated the Claws. I am considering for moving from this Evolution to the Claws. But still Thunderbird will remain as the best MUA to me. Thank you so much! Byung-Hee ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf redirect question
On Wednesday 26 September 2007 04:48, Jonathan Horne wrote: > > > i was wondering if it feasable to down the server, take its IP and > > > stick it on our FreeBSD server, and then use pf with rdr statements > > > to redirect any traffic from stragglers to the service on the other > > > new server? No, don't use the IP on your server. Why you should do such a thing? You just have to make sure that packets ($old_server <-> $world) are routed through your $pf box. I guess that's the case for you. pf will just translate the destination address from $old_server to $new_server. BUT, which is this service you are talking about? Cause that's not feasible with everything. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Sharing application jail and host?
Le 26/09/2007 à 08:47:05+0800, Aminuddin a écrit > Hi freebsd gurus, > I'm playing with jail setup and wanted to provide a virtual server to my > external remote users to login by ssh and run a couple of applications. > > Do I need to install the application using the ports in the jail itself or > can I just install the application in the host environment? Is there any > methods to enable sharing of the application across the jail and host? > Yes it's possible, but if you just begin use jail and if you don't have disk space problem it's better simple to install all applications in each jail. But if don't want to do this this is what you can do : Make on reference jail (don't let user have access) only for reference for example you can install this in /jail/REF After that you create a new jail in /jail/new-jail with in root dir total 15 drwxr-xr-x 18 root wheel 512 Jan 15 2007 REF lrwxr-xr-x 1 root wheel 7 Dec 19 2006 bin -> REF/bin lrwxr-xr-x 1 root wheel 8 Dec 19 2006 boot -> REF/boot dr-xr-xr-x 4 root wheel 512 Mar 12 2007 dev drwxr-xr-x 18 root wheel 2048 Feb 1 2007 etc drwxr-xr-x 19 root wheel 1024 Dec 19 2006 etc-local lrwxr-xr-x 1 root wheel 7 Dec 19 2006 lib -> REF/lib lrwxr-xr-x 1 root wheel11 Dec 19 2006 libexec -> REF/libexec dr-xr-xr-x 1 root wheel 0 Sep 26 09:24 proc drwxr-xr-x 4 root wheel 512 Jul 5 21:56 root lrwxr-xr-x 1 root wheel 8 Dec 19 2006 sbin -> REF/sbin drwxr-xr-x 3 root wheel 512 Dec 18 2006 share drwxrwxrwt 6 root wheel 512 Sep 26 03:01 tmp lrwxr-xr-x 1 root wheel 7 Dec 19 2006 usr -> REF/usr drwxr-xr-x 22 root wheel 512 Mar 12 2007 var the /jail/new-jail/usr/local/etc is a link to /etc-local After that you mount in nullfs the /jail/REF in /jail/new-jail/REF by using /jail/REF /jail/new-jail/REF nullfs rw 0 0 in your fstab. When you finish you can install the application only in your REF jail and automaticaly is install in all your jail. The «danger» with this method is when you in the new-jail-21 (for example) after some time you forget you using nullfs and you erase something useless for new-jail-21 but absolutly need by new-jail-19Because in a jail you cannot see it's using nullfs. Regards. -- Albert SHIH Observatoire de Paris Meudon SIO batiment 15 Téléphone : 01 45 07 76 26 Heure local/Local time: Mer 26 sep 2007 09:20:27 CEST ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"