Re: Problem authenticating with sasl in jail

[Erik Norgaard]

Mel Flynn wrote:


Looking again on the logs:

Jun 17 23:39:17 jail imap[8412]: badlogin: jail.example.com [172.16.0.2]
plaintext cy...@example.com SASL(-13): user not found: checkpass failed

The user cyrus exists, I can login and get shell access, but there may
be something about the realm, that causes the user not to be found? But:


Any chance there's a minuserid in effect? dovecot doesn't allow logins from 
user id's <1000 by default. There may be a similar issue with Cyrus and sounds 
like something one would overlook.


No, the cyrus user has the same uid and passwd in both jail and on host.

It still is disturbing that no mechanisms are found. Are there maybe left 
overs in site_perl/5.8.9?


I recently (may) deinstalled all packages and upgraded everything, there 
are nothing perlish that should cause such problems:


I have checked using cyradm to connect from the host to host, host to 
jail, jail to host and jail to jail. In all cases, I can connect with 
the imap instance on the host, but not in the jail.


Or do you have restrictions that only allow plain 
logins when tls is in effect?


There are indeed:

allowplaintext: yes
allowplainwithouttls: no
sasl_mech_list: plain
sasl_minimum_layer: 128
sasl_pwcheck_method: saslauthd

However, this is the same configuration that I have on the host where 
everything works fine.


It appears to be something with the realm, really: I did a bad login on 
the working server just to see what goes on there (user games):


Jun 18 07:46:28  alpha imap[14244]: badlogin: 
jail.example.com [172.16.0.2] plaintext games SASL(-13): authentication 
failure: checkpass failed


And just for comparison, a successful login:

Jun 18 07:39:54  alpha imap[14127]: login: 
jail.example.com [172.16.0.2] cyrus plaintext User logged in


Both where I connect out from the jail to the host.

Note there is no realm specified contrary to the log entries found in 
the jail.


thanks again, Erik
--
Erik Nørgaard
Ph: +34.666334818/+34.915211157  http://www.locolomo.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

The worlds only editorial space for video content on sustainability

[IdeasForChange . TV]

Hi

Today we are launching our massive effort to create the world's only editorial 
place for content on sustainability. What you see on ideasforchange.tv is still 
just a teaser, a demo.

We know that the power and knowledge of the grassroots can be really powerful 
if put in good use. We know that the right information is out there; we know 
that videos are made of products, seminars, ideas, interviews, and meetings. We 
know that a lot of spaces, schools, organizations, people and companies do a 
lot of good work already. But we need to join forces. We need a place to meet, 
connect, engage and exist. We need to do it together. We need to join forces to 
create a more sustainable world. On so many levels like: economy, urbanity, 
ecology, peace, social issues and way of thinking.

We want to start by asking for your help. Your help to build our forces, your 
help to gather all information available and to tell your friends. We need your 
help with inputs, suggestions and we need you to tell us your needs on 
sustainability.  Basically we need your help to change the world.

Because that's exactly what we are aiming to do.

And that's why we are building this global team, webpage and project. To start 
connecting the dots. To become bigger, smarter, and so that our ideas on how to 
make a more sustainable world can become real. Soon! And this time its done for 
real.

So join our newsletter, send us your video material and inputs, engage yourself 
and expect the beta site to launch in august.

Visit the web site IdeasForChange.TV

/Daniel Daboczy
Global project manager




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Changing my login directory

[Steve Bertrand]

Steve Bertrand wrote:
> Glen Barber wrote:

>>> I'd like to make it so that '~' remains /home/steve, but when I log in,
>>> I would prefer to be dropped immediately into /home/steve/devel.
>>>
>>> csh is (always) my shell, and I'm on 7.2.
>>>
>>> Instead of writing a login script, I'm wondering if there's a more
>>> native approach to get what I'm after.
>>>
>> You can always add:
>> cd $HOME/devel/something
>>
>> to $HOME/.login
> 
> %echo "cd /home/steve/devel" >> /home/steve/.login
> %exit

I'd like to add for archive purposes, that with csh, adding the
following within the 'if' block in .cshrc will provide a prompt that
includes the current working directory, without the full path (which I
also wanted:

set prompt = "%c1 % "

Output:

~/devel % ll

total 16
drwxr-xr-x   7 steve  steve  512 Jun 17 13:06 EagleLedger
drwxr-xr-x   6 steve  steve  512 Jun 17 17:01 EagleSanity
drwxr-xr-x   7 steve  steve  512 Jun 17 16:00 EagleTransac
drwxr-xr-x   5 steve  steve  512 Jun 17 13:09 EagleUser
drwxr-xr-x   4 steve  steve  512 Jun 12 13:20 RadiusMgmt
drwxr-xr-x   2 steve  steve  512 Jun 17 12:48 dump
drwxr-xr-x  10 steve  steve  512 Jun 17 16:37 eagleaccounting
drwxr-xr-x   2 steve  steve  512 Jun 15 11:47 examples

~/devel % cd EagleTransac/
EagleTransac %

...that makes it a *lot* easier when I'm making changes[1].

Steve

[1]. Some may wonder why I don't have all Perl modules under one Eagle
umbrella. The only reason is because SVN stores rev numbers globally,
which throws off the package management system. I need to know which
version of which package is installed.

I've got ideas for writing something that aggregates the revs so I can
have all of ::these in one location, but during development, I need
version separation without having to fix version issues.

The nice thing is, is that all modules are Eagle::, so consolidating
won't be difficult later (ie won't affect APIs).





smime.p7s
Description: S/MIME Cryptographic Signature

Re: Changing my login directory

[Steve Bertrand]

Glen Barber wrote:
> Hi, Steve
> 
> On Wed, Jun 17, 2009 at 9:13 PM, Steve Bertrand wrote:
>> Hi everyone,
>>
>> I've got a couple of jails now that I use exclusively for Perl development.
>>
>> As soon as I log into the box via SSH, my first command is _always_ "cd
>> devel/something".
>>
>> I'd like to make it so that '~' remains /home/steve, but when I log in,
>> I would prefer to be dropped immediately into /home/steve/devel.
>>
>> csh is (always) my shell, and I'm on 7.2.
>>
>> Instead of writing a login script, I'm wondering if there's a more
>> native approach to get what I'm after.
>>
> 
> You can always add:
> cd $HOME/devel/something
> 
> to $HOME/.login

%echo "cd /home/steve/devel" >> /home/steve/.login
%exit

...re-connect via SSH:

Password:

%pwd
/home/steve/devel

Beautiful! That was exactly what I was after.

Thanks!

Steve


smime.p7s
Description: S/MIME Cryptographic Signature

Re: Changing my login directory

[Glen Barber]

Hi, Steve

On Wed, Jun 17, 2009 at 9:13 PM, Steve Bertrand wrote:
> Hi everyone,
>
> I've got a couple of jails now that I use exclusively for Perl development.
>
> As soon as I log into the box via SSH, my first command is _always_ "cd
> devel/something".
>
> I'd like to make it so that '~' remains /home/steve, but when I log in,
> I would prefer to be dropped immediately into /home/steve/devel.
>
> csh is (always) my shell, and I'm on 7.2.
>
> Instead of writing a login script, I'm wondering if there's a more
> native approach to get what I'm after.
>

You can always add:
cd $HOME/devel/something

to $HOME/.login


-- 
Glen Barber
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Changing my login directory

[Steve Bertrand]

Hi everyone,

I've got a couple of jails now that I use exclusively for Perl development.

As soon as I log into the box via SSH, my first command is _always_ "cd
devel/something".

I'd like to make it so that '~' remains /home/steve, but when I log in,
I would prefer to be dropped immediately into /home/steve/devel.

csh is (always) my shell, and I'm on 7.2.

Instead of writing a login script, I'm wondering if there's a more
native approach to get what I'm after.

Steve





smime.p7s
Description: S/MIME Cryptographic Signature

Re: Gateway load balance

[Tim Judd]

I've not yet had the luck with assigning more than one default gateway
in BSD, compared to Windows and my crash course with Linux (which my
opinion still stands as it was when I first used it).

See my thread I started earlier..
http://lists.freebsd.org/pipermail/freebsd-questions/2009-May/199653.html

The thread is broken because the replier wrote to me personally for
clarification, after which he sent his answer to the list.


I just recently tried the setfib way, and it still didn't work.  Was
getting errors but I can't recall them at the moment.  So a firewall's
"routing table" that's based on source/destination has to be
redirected.  I've seen the pf firewall do that.


OpenBSD's FAQ on pf (the creator of pf) is very good, consult it if
you have questions.
http://www.openbsd.org/faq/pf


On 6/17/09, Nikos Vassiliadis  wrote:
> Gary Gatten wrote:
>> I meant, the original source flows are nat'd to whatever outbound
>> interface ip they are RRLB to. That way any internal flow can use any isp
>> connection.  Most of my interesting routing, NAT, etc I do with Ci$co so
>> not all that up on BSD's options.
>
> Yes, works with ci$co, doesn't with FreeBSD ;)
>
> You cannot add more than one next hop for any given prefix.
> Well, you can achieve almost the same result, but only with
> the help of a packet filter which can bypass the routing table
> lookup and forward to the next hop of preference. But that's
> hardly the same with ECMP which many vendors support...
>
> Yet, that's about to change. There is ECMP support in 8.0:)
>
>
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Problem authenticating with sasl in jail

[Mel Flynn]

On Wednesday 17 June 2009 13:58:22 Erik Norgaard wrote:
> Mel Flynn wrote:
> > On Wednesday 17 June 2009 03:43:58 Erik Norgaard wrote:
> >> I am migrating my imap server to a jail, I got the jail up and
> >> cyrus-imapd starts. I have copied configuration files from the current
> >> server, cyrus.conf, imapd.conf and passwd and group files. saslauthd is
> >> running, yet when I try to login I get the error:
> >>
> >> IMAP Password:
> >>Login failed: generic failure at
> >> /usr/local/lib/perl5/site_perl/5.10.0/mach/Cyrus/IMAP/Admin.pm line 120
> >> cyradm: cannot authenticate to server with  as cyrus
> >
> > ^^
> > Looks like there's missing something there. Would should be at that spot
> > of the error message? Maybe a little context of line 120 in Admin.pm
> > would help, for us that use dovecot.
>
> The lines giving that error is in fact in Cyrus::IMAP::Shell.pm:
>
>  $cyradm->authenticate(-authz => $authz, -user => $auth,
>-mechanism => $mech, -password => $pw,
>-tlskey => $tlskey, -notls => $notls)
>or die "cyradm: cannot authenticate to server with $mech as
> $auth\n";
>
> $mech is not defined, hence the missing word. I have tried running the
> script specifying a mechanism giving the same error, though some
> currious difference:
>
> jail# cyradm --user cyrus --auth plain 172.16.0.2
> Password:
> IMAP Password:
>Login failed: authentication failure at
> /usr/local/lib/perl5/site_perl/5.10.0/mach/Cyrus/IMAP/Admin.pm line 120
> cyradm: cannot authenticate to server with plain as cyrus
> jail# cyradm --user cyrus --auth login 172.16.0.2
> IMAP Password:
>Login failed: authentication failure at
> /usr/local/lib/perl5/site_perl/5.10.0/mach/Cyrus/IMAP/Admin.pm line 120
> cyradm: cannot authenticate to server with login as cyrus
>
> Looking again on the logs:
>
> Jun 17 23:39:17 jail imap[8412]: badlogin: jail.example.com [172.16.0.2]
> plaintext cy...@example.com SASL(-13): user not found: checkpass failed
>
> The user cyrus exists, I can login and get shell access, but there may
> be something about the realm, that causes the user not to be found? But:

Any chance there's a minuserid in effect? dovecot doesn't allow logins from 
user id's <1000 by default. There may be a similar issue with Cyrus and sounds 
like something one would overlook.
It still is disturbing that no mechanisms are found. Are there maybe left 
overs in site_perl/5.8.9? Or do you have restrictions that only allow plain 
logins when tls is in effect?
-- 
Mel
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: In addition to -> 7.2 panic during installation : AP #1 (PHY# 1) failed !

[Chris Whitehouse]

Manish Jain wrote:
I forgot to mention that Windows installs and runs very smoothly on the 
system.


Windows system information reports :
System ManufacturerGigabyte Technology Co., Ltd.   
System ModelGA-MA78GM-US2H   


snip




The only thing that strikes me as odd is that right-clicking on My 
Computer reports the amount of RAM as 768 MB, while the diagnostics 
above states 1024 MB.


For the brief period of time the FreeBSD installer runs, it reports the 
amount of RAM as 768 MB too.




http://www.gigabyte.com.tw/Products/Motherboard/Products_Overview.aspx?ProductID=2995

has integrated graphics = shared memory.

You can probably change the amount of RAM allocated to the graphics card 
in the BIOS.


Chris
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Problem authenticating with sasl in jail

[Erik Norgaard]

Mel Flynn wrote:

On Wednesday 17 June 2009 03:43:58 Erik Norgaard wrote:


I am migrating my imap server to a jail, I got the jail up and
cyrus-imapd starts. I have copied configuration files from the current
server, cyrus.conf, imapd.conf and passwd and group files. saslauthd is
running, yet when I try to login I get the error:

IMAP Password:
   Login failed: generic failure at
/usr/local/lib/perl5/site_perl/5.10.0/mach/Cyrus/IMAP/Admin.pm line 120
cyradm: cannot authenticate to server with  as cyrus

^^
Looks like there's missing something there. Would should be at that spot of 
the error message? Maybe a little context of line 120 in Admin.pm would help, 
for us that use dovecot.




The lines giving that error is in fact in Cyrus::IMAP::Shell.pm:

$cyradm->authenticate(-authz => $authz, -user => $auth,
  -mechanism => $mech, -password => $pw,
  -tlskey => $tlskey, -notls => $notls)
  or die "cyradm: cannot authenticate to server with $mech as $auth\n";

$mech is not defined, hence the missing word. I have tried running the 
script specifying a mechanism giving the same error, though some 
currious difference:


jail# cyradm --user cyrus --auth plain 172.16.0.2
Password:
IMAP Password:
  Login failed: authentication failure at 
/usr/local/lib/perl5/site_perl/5.10.0/mach/Cyrus/IMAP/Admin.pm line 120

cyradm: cannot authenticate to server with plain as cyrus
jail# cyradm --user cyrus --auth login 172.16.0.2
IMAP Password:
  Login failed: authentication failure at 
/usr/local/lib/perl5/site_perl/5.10.0/mach/Cyrus/IMAP/Admin.pm line 120

cyradm: cannot authenticate to server with login as cyrus

Looking again on the logs:

Jun 17 23:39:17 jail imap[8412]: badlogin: jail.example.com [172.16.0.2] 
plaintext cy...@example.com SASL(-13): user not found: checkpass failed


The user cyrus exists, I can login and get shell access, but there may 
be something about the realm, that causes the user not to be found? But:


jail# /usr/local/sbin/testsaslauthd -u cyrus -p secret
0: OK "Success."
jail# /usr/local/sbin/testsaslauthd -u cyrus -r example.com -p secret
0: OK "Success."

Thanks, Erik
--
Erik Nørgaard
Ph: +34.666334818/+34.915211157  http://www.locolomo.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: In addition to -> 7.2 panic during installation : AP #1 (PHY# 1) failed !

[Wojciech Puchar]

The only thing that strikes me as odd is that right-clicking on My Computer 
reports the amount of RAM as 768 MB, while the diagnostics above states 1024 
MB.


For the brief period of time the FreeBSD installer runs, it reports the 
amount of RAM as 768 MB too.


Don't you have shared-memory GFX controller and allocated 256MB for it?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: In addition to -> 7.2 panic during installation : AP #1 (PHY# 1) failed !

[Manish Jain]

Gary Gatten wrote:

Hmmm, seems to me the easy solution then is to run Wind0ze  j/k...

-Original Message-
From: owner-freebsd-questi...@freebsd.org
[mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Manish Jain
Sent: Wednesday, June 17, 2009 4:21 PM
To: FreeBSD Mailing List
Subject: In addition to -> 7.2 panic during installation : AP #1 (PHY#
1) failed !

I forgot to mention that Windows installs and runs very smoothly on 
the system.


Windows system information reports :

System Manufacturer Gigabyte Technology Co., Ltd.   
System ModelGA-MA78GM-US2H  
System Type X86-based PC
Processor   x86 Family 16 Model 2 Stepping 3 AuthenticAMD ~2304 Mhz 
BIOS Version/Date   Award Software International, Inc. F2, 02-Jan-09



SMBIOS Version  2.4 
Total Physical Memory   1,024.00 MB 

[Conflicts/Sharing]

ResourceDevice  
I/O Port 0x-0x0CF7  PCI bus 
I/O Port 0x-0x0CF7  Direct memory access controller 

I/O Port 0x03C0-0x03DF  PCI standard PCI-to-PCI bridge  
I/O Port 0x03C0-0x03DF  ATI Radeon HD 3200 Graphics 

Memory Address 0x-0x0FFFMotherboard resources   
Memory Address 0x-0x0FFFSystem board

Memory Address 0xFDE0-0xFDFFPCI standard PCI-to-PCI bridge  
Memory Address 0xFDE0-0xFDFFATI Radeon HD 3200 Graphics 

IRQ 22  Standard Dual Channel PCI IDE Controller
IRQ 22  Texas Instruments OHCI Compliant IEEE 1394 Host

Controller  


IRQ 16  Standard OpenHCD USB Host Controller
IRQ 16  Standard OpenHCD USB Host Controller
IRQ 16  Microsoft UAA Bus Driver for High Definition Audio  

Memory Address 0xD000-0xDFFFPCI standard PCI-to-PCI bridge  
Memory Address 0xD000-0xDFFFATI Radeon HD 3200 Graphics 

IRQ 18  ATI Radeon HD 3200 Graphics 
IRQ 18  PCI standard PCI-to-PCI bridge  
IRQ 18  Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC 
IRQ 18  Standard OpenHCD USB Host Controller
IRQ 18  Standard OpenHCD USB Host Controller
IRQ 18  Standard OpenHCD USB Host Controller

IRQ 19  Microsoft UAA Bus Driver for High Definition Audio  
IRQ 19  Standard Enhanced PCI to USB Host Controller

Memory Address 0xA-0xB  PCI bus 
Memory Address 0xA-0xB  PCI standard PCI-to-PCI bridge  
Memory Address 0xA-0xB  ATI Radeon HD 3200 Graphics 

I/O Port 0x03B0-0x03BB  PCI standard PCI-to-PCI bridge  
I/O Port 0x03B0-0x03BB  ATI Radeon HD 3200 Graphics 


[DMA]

ResourceDevice  Status  
Channel 4   Direct memory access controller OK  

[Forced Hardware]

Device  PNP Device ID   

[I/O]

ResourceDevice  Status  
0x-0x0CF7   PCI bus OK  
0x-0x0CF7   Direct memory access controller OK  
0x0D00-0x   PCI bus OK  
0xE000-0xEFFF   PCI standard PCI-to-PCI bridge  OK  
0x03B0-0x03BB   PCI standard PCI-to-PCI bridge  OK  
0x03B0-0x03BB   ATI Radeon HD 3200 Graphics OK  
0x03C0-0x03DF   PCI standard PCI-to-PCI bridge  OK  
0x03C0-0x03DF   ATI Radeon HD 3200 Graphics OK  
0xEE00-0xEEFF   ATI Radeon HD 3200 Graphics OK  
0xD000-0xDFFF   PCI standard PCI-to-PCI bridge  OK  
0xDC00-0xDCFF   Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit

Ethernet NICOK  

0xFF00-0xFF07   Standard Dual Channel PCI IDE Controller

OK  

0xFE00-0xFE03   Standard Dual Channel PCI IDE Controller

OK  

0xFD00-0xFD07   Standard Dual Channel PCI IDE Controller

OK  

0xFC00-0xFC03   Standard Dual Channel PCI IDE Controller

OK  

0xFB00-0xFB0F   Standard Dual Channel PCI IDE Controller

OK  

0xFA00-0xFA0F   Standard Dual Channel PCI IDE Controller

OK  

0x01F0-0x01F7   Primary IDE Channel OK  
0x03F6-0x03F6   Primary IDE Channel OK  
0x0170-0x0177   Secondary IDE Channel   OK  
0x0376-0x0376   Secondary IDE Channel   OK  
0x0A79-0x0A79   ISAPNP Read Data Port   OK  
0x0279-0x0279   ISAPNP Read Data Port   OK  
0x0274-0x0277   ISAPNP Read Data Port   OK  
0x4100-0x411F   Motherboard resources   OK  
0x0228-0x022F   Motherboard resources   OK  
0x0238-0x023F   Motherboard resources   OK  
0x040B-0x040B   Motherboard resources   OK  
0x04D6-0x04D6   Motherboard resources   OK  
0x0C00-0x0C01   Motherboard resources   OK  
0x0C14-0x0C14   Motherboard resources   OK  
0x0C50-0x0C52   Motherboard resources   OK  
0x0C6C-0x0C6D   Motherboard resources   OK  
0x0C6F-0x0C6F   Motherbo

RE: In addition to -> 7.2 panic during installation : AP #1 (PHY# 1) failed !

[Gary Gatten]

Hmmm, seems to me the easy solution then is to run Wind0ze  j/k...

-Original Message-
From: owner-freebsd-questi...@freebsd.org
[mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Manish Jain
Sent: Wednesday, June 17, 2009 4:21 PM
To: FreeBSD Mailing List
Subject: In addition to -> 7.2 panic during installation : AP #1 (PHY#
1) failed !

I forgot to mention that Windows installs and runs very smoothly on 
the system.

Windows system information reports :
> System Manufacturer   Gigabyte Technology Co., Ltd.   
> System Model  GA-MA78GM-US2H  
> System Type   X86-based PC
> Processor x86 Family 16 Model 2 Stepping 3 AuthenticAMD ~2304 Mhz 
> BIOS Version/Date Award Software International, Inc. F2, 02-Jan-09

> SMBIOS Version2.4 
> Total Physical Memory 1,024.00 MB 
> 
> [Conflicts/Sharing]
> 
> Resource  Device  
> I/O Port 0x-0x0CF7PCI bus 
> I/O Port 0x-0x0CF7Direct memory access controller 
>   
> I/O Port 0x03C0-0x03DFPCI standard PCI-to-PCI bridge  
> I/O Port 0x03C0-0x03DFATI Radeon HD 3200 Graphics 
>   
> Memory Address 0x-0x0FFF  Motherboard resources   
> Memory Address 0x-0x0FFF  System board
>   
> Memory Address 0xFDE0-0xFDFF  PCI standard PCI-to-PCI bridge  
> Memory Address 0xFDE0-0xFDFF  ATI Radeon HD 3200 Graphics 
>   
> IRQ 22Standard Dual Channel PCI IDE Controller
> IRQ 22Texas Instruments OHCI Compliant IEEE 1394 Host
Controller  
>   
> IRQ 16Standard OpenHCD USB Host Controller
> IRQ 16Standard OpenHCD USB Host Controller
> IRQ 16Microsoft UAA Bus Driver for High Definition Audio  
>   
> Memory Address 0xD000-0xDFFF  PCI standard PCI-to-PCI bridge  
> Memory Address 0xD000-0xDFFF  ATI Radeon HD 3200 Graphics 
>   
> IRQ 18ATI Radeon HD 3200 Graphics 
> IRQ 18PCI standard PCI-to-PCI bridge  
> IRQ 18Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC 
> IRQ 18Standard OpenHCD USB Host Controller
> IRQ 18Standard OpenHCD USB Host Controller
> IRQ 18Standard OpenHCD USB Host Controller
>   
> IRQ 19Microsoft UAA Bus Driver for High Definition Audio  
> IRQ 19Standard Enhanced PCI to USB Host Controller
>   
> Memory Address 0xA-0xBPCI bus 
> Memory Address 0xA-0xBPCI standard PCI-to-PCI bridge  
> Memory Address 0xA-0xBATI Radeon HD 3200 Graphics 
>   
> I/O Port 0x03B0-0x03BBPCI standard PCI-to-PCI bridge  
> I/O Port 0x03B0-0x03BBATI Radeon HD 3200 Graphics 
>   
> 
> [DMA]
> 
> Resource  Device  Status  
> Channel 4 Direct memory access controller OK  
> 
> [Forced Hardware]
> 
> DevicePNP Device ID   
> 
> [I/O]
> 
> Resource  Device  Status  
> 0x-0x0CF7 PCI bus OK  
> 0x-0x0CF7 Direct memory access controller OK  
> 0x0D00-0x PCI bus OK  
> 0xE000-0xEFFF PCI standard PCI-to-PCI bridge  OK  
> 0x03B0-0x03BB PCI standard PCI-to-PCI bridge  OK  
> 0x03B0-0x03BB ATI Radeon HD 3200 Graphics OK  
> 0x03C0-0x03DF PCI standard PCI-to-PCI bridge  OK  
> 0x03C0-0x03DF ATI Radeon HD 3200 Graphics OK  
> 0xEE00-0xEEFF ATI Radeon HD 3200 Graphics OK  
> 0xD000-0xDFFF PCI standard PCI-to-PCI bridge  OK  
> 0xDC00-0xDCFF Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit
Ethernet NICOK  
> 0xFF00-0xFF07 Standard Dual Channel PCI IDE Controller
OK  
> 0xFE00-0xFE03 Standard Dual Channel PCI IDE Controller
OK  
> 0xFD00-0xFD07 Standard Dual Channel PCI IDE Controller
OK  
> 0xFC00-0xFC03 Standard Dual Channel PCI IDE Controller
OK  
> 0xFB00-0xFB0F Standard Dual Channel PCI IDE Controller
OK  
> 0xFA00-0xFA0F Standard Dual Channel PCI IDE Controller
OK  
> 0x01F0-0x01F7 Primary IDE Channel OK  
> 0x03F6-0x03F6 Primary IDE Channel OK  
> 0x0170-0x0177 Secondary IDE Channel   OK  
> 0x0376-0x0376 Secondary IDE Channel   OK  
> 0x0A79-0x0A79 ISAPNP Read Data Port   OK  
> 0x0279-0x0279 ISAPNP Read Data Port   OK  
> 0x0274-0x0277 ISAPNP Read Data Port   OK  
> 0x4100-0x411F Motherboard resources   OK  
> 0x0228-0x022F Motherboard resources   OK  
> 0x0238-0x023F Motherboard resources   OK  
> 0x040B-0x040B Motherboard resources   OK  
> 0x04D6-0x04D6 Motherboard resources   OK  
> 0x0C00-0x0C01 Motherboard resources   OK  
> 0x0C14-0x0C14 Moth

In addition to -> 7.2 panic during installation : AP #1 (PHY# 1) failed !

[Manish Jain]

I forgot to mention that Windows installs and runs very smoothly on 
the system.


Windows system information reports :

System Manufacturer Gigabyte Technology Co., Ltd.   
System ModelGA-MA78GM-US2H  
System Type X86-based PC
Processor   x86 Family 16 Model 2 Stepping 3 AuthenticAMD ~2304 Mhz 
BIOS Version/Date   Award Software International, Inc. F2, 02-Jan-09
SMBIOS Version  2.4 
Total Physical Memory   1,024.00 MB 

[Conflicts/Sharing]

ResourceDevice  
I/O Port 0x-0x0CF7  PCI bus 
I/O Port 0x-0x0CF7  Direct memory access controller 

I/O Port 0x03C0-0x03DF  PCI standard PCI-to-PCI bridge  
I/O Port 0x03C0-0x03DF  ATI Radeon HD 3200 Graphics 

Memory Address 0x-0x0FFFMotherboard resources   
Memory Address 0x-0x0FFFSystem board

Memory Address 0xFDE0-0xFDFFPCI standard PCI-to-PCI bridge  
Memory Address 0xFDE0-0xFDFFATI Radeon HD 3200 Graphics 

IRQ 22  Standard Dual Channel PCI IDE Controller
IRQ 22  Texas Instruments OHCI Compliant IEEE 1394 Host Controller  

IRQ 16  Standard OpenHCD USB Host Controller
IRQ 16  Standard OpenHCD USB Host Controller
IRQ 16  Microsoft UAA Bus Driver for High Definition Audio  

Memory Address 0xD000-0xDFFFPCI standard PCI-to-PCI bridge  
Memory Address 0xD000-0xDFFFATI Radeon HD 3200 Graphics 

IRQ 18  ATI Radeon HD 3200 Graphics 
IRQ 18  PCI standard PCI-to-PCI bridge  
IRQ 18  Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC 
IRQ 18  Standard OpenHCD USB Host Controller
IRQ 18  Standard OpenHCD USB Host Controller
IRQ 18  Standard OpenHCD USB Host Controller

IRQ 19  Microsoft UAA Bus Driver for High Definition Audio  
IRQ 19  Standard Enhanced PCI to USB Host Controller

Memory Address 0xA-0xB  PCI bus 
Memory Address 0xA-0xB  PCI standard PCI-to-PCI bridge  
Memory Address 0xA-0xB  ATI Radeon HD 3200 Graphics 

I/O Port 0x03B0-0x03BB  PCI standard PCI-to-PCI bridge  
I/O Port 0x03B0-0x03BB  ATI Radeon HD 3200 Graphics 


[DMA]

ResourceDevice  Status  
Channel 4   Direct memory access controller OK  

[Forced Hardware]

Device  PNP Device ID   

[I/O]

ResourceDevice  Status  
0x-0x0CF7   PCI bus OK  
0x-0x0CF7   Direct memory access controller OK  
0x0D00-0x   PCI bus OK  
0xE000-0xEFFF   PCI standard PCI-to-PCI bridge  OK  
0x03B0-0x03BB   PCI standard PCI-to-PCI bridge  OK  
0x03B0-0x03BB   ATI Radeon HD 3200 Graphics OK  
0x03C0-0x03DF   PCI standard PCI-to-PCI bridge  OK  
0x03C0-0x03DF   ATI Radeon HD 3200 Graphics OK  
0xEE00-0xEEFF   ATI Radeon HD 3200 Graphics OK  
0xD000-0xDFFF   PCI standard PCI-to-PCI bridge  OK  
0xDC00-0xDCFF   Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC 
OK  
0xFF00-0xFF07   Standard Dual Channel PCI IDE ControllerOK  
0xFE00-0xFE03   Standard Dual Channel PCI IDE ControllerOK  
0xFD00-0xFD07   Standard Dual Channel PCI IDE ControllerOK  
0xFC00-0xFC03   Standard Dual Channel PCI IDE ControllerOK  
0xFB00-0xFB0F   Standard Dual Channel PCI IDE ControllerOK  
0xFA00-0xFA0F   Standard Dual Channel PCI IDE ControllerOK  
0x01F0-0x01F7   Primary IDE Channel OK  
0x03F6-0x03F6   Primary IDE Channel OK  
0x0170-0x0177   Secondary IDE Channel   OK  
0x0376-0x0376   Secondary IDE Channel   OK  
0x0A79-0x0A79   ISAPNP Read Data Port   OK  
0x0279-0x0279   ISAPNP Read Data Port   OK  
0x0274-0x0277   ISAPNP Read Data Port   OK  
0x4100-0x411F   Motherboard resources   OK  
0x0228-0x022F   Motherboard resources   OK  
0x0238-0x023F   Motherboard resources   OK  
0x040B-0x040B   Motherboard resources   OK  
0x04D6-0x04D6   Motherboard resources   OK  
0x0C00-0x0C01   Motherboard resources   OK  
0x0C14-0x0C14   Motherboard resources   OK  
0x0C50-0x0C52   Motherboard resources   OK  
0x0C6C-0x0C6D   Motherboard resources   OK  
0x0C6F-0x0C6F   Motherboard resources   OK  
0x0CD0-0x0CD1   Motherboard resources   OK  
0x0CD2-0x0CD3   Motherboard resources   OK  
0x0CD4-0x0CDF   Motherboard resources   OK  
0x4000-0x40FE   Motherboard resources   OK  
0x4210-0x4217   Motherboard resources   OK  
0x0B00-0x0B0F   Motherboard resou

Re: sed help

[Giorgos Keramidas]

On Wed, 17 Jun 2009 10:55:28 -0700 (PDT), chloe K  wrote:
> Hi
> I have a file. list.txt (two columns)
>  
> column1    column2
> name    address
>  
> I need to put in the letter file letter.txt eg:
>  
> Dear: Chloe
> Address: CA
>  
> Can I use this
>  
> for i `cat list.txt` | sed 's/Chloe/$i.1; /CA/$i.2/g' $i.letter.txt

No that won't work.  sed does 'stream editing' to its own input file, so
you have to redirect each output for *every* loop iteration.  But I
don't think this is a good method of solving this problem, because you
only have one input file and one output file.

See what the following does, to give you can idea:

$ echo giorgos keram...@ceid.upatras.gr | sed -e 's/^\([^ ]*\)[ ]*\(.*\)$/\
Dear:\1\
Address: \2\
/'

NOTE: If you really want to work effectively with sed, please take a bit
of time to read the manpage of sed(1) and ed(1), paying careful to the
parts about: (1) regular expressions, (2) character classes, and (3) the
rules of character quoting.

It's also worth noting that you don't _have_ to use sed for this
specific problem, because there are other tools more suitable for
processing data in columns, i.e. awk(1):

$ echo giorgos keram...@ceid.upatras.gr | \
awk '{print "Dear:   ", $1; print "Address:", $2}'
Dear:giorgos
Address: keram...@ceid.upatras.gr

A single line of awk is vastly more readable than the equivalent sed
expression in this case.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: sed help

[Dan Nelson]

In the last episode (Jun 17), chloe K said:
> I have a file. list.txt (two columns)
>  
> column1    column2
> name    address
>  
> I need to put in the letter file letter.txt eg:
>  
> Dear: Chloe
> Address: CA
>  
> Can I use this 
>  
> for i `cat list.txt` | sed 's/Chloe/$i.1; /CA/$i.2/g' $i.letter.txt

Try:

cat list.txt | while read name address ; do
  sed -e "s/Chloe/$name/ ; s/CA/$address/" < letter.txt > letter.$name.txt
done

You need the "while read" part so that you loop once per line.  Your code
would have looped once per word in the input file.  You also need
double-quotes on your sed line because $variable expansion isn't done inside
single-quotes.  If your names have spaces in them, consider swapping the
name and address in your input file, since "read" splits on spaces and
assigns the remainder of the line to the last variable listed.


-- 
Dan Nelson
dnel...@allantgroup.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

7.2 panic during installation : AP #1 (PHY# 1) failed !

[Manish Jain]

Hi,

I got a brand new system today with an AMD quad-core Phenom 
processor and a Gigabyte board with a 780G chipset.


When I boot from the 7.2-Release-x86 DVD, I get the following 
welcome message (after some initial diagnostics) :


ACPI APIC Table: 
AP #1 (PHY# 1) failed !

After this, the system prompts for panic (y/n). Accepting y leads to 
 a bye-bye, and entering n leads to a "PHY# 2 failed" message and 
another panic prompt.


What is this supposed to mean ?

Thanks for any help.

--
Regards
Manish Jain
invalid.poin...@gmail.com
+91-96500-10329

Laast year I kudn't spell Software Engineer. Now I are won.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Updating linux-pango

[Mel Flynn]

On Wednesday 17 June 2009 11:53:59 Jerry wrote:

> That does not supply an answer.

And that was a lot of quoting for a post that only shows you are running in 
pedantic mode.
But let me clarify for the joyful moment that the next poor soul bitten by 
this issue searches the list archive:
- there is no available upgrade from upstream
- port maintainer does not have the time/resources to repack the rpm without 
the vulnerability
- if/when an rpm has been found that is not vulnerable, the port will be 
updated.
- the time frame for the above ranges from the near to the infinite future.
- users are encouraged to use their covert channels into the penguin world to 
inquire about fc4 compatible non-vulnerable rpm's for the pango software and 
relay this information to the hard working port maintainer if such has been 
located.

-- 
Mel
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Announcing: FreeBSD Custom XFCE ISO (take II)

[Randall Wood]

>
> First I want to say thank you. This is very welcome for my older slow
> laptop.
>

I'll second the thanks.  Believe it or not I've got a great laptop still up 
and running: a PIII running an earlier version of SuSE Linux (PIII, 128M RAM, 
555Mhz processor).  When I bought it in 2000 it was the state of the art.  
Now I find the internet forums choked with people complaining about 
their "old" Pentium Ms and IVs and similar.  Most people have no idea a 9 
year old laptop can do everything you want it to do.  I'll give the XFCE ISO 
a spin, since modern KDE or Gnome set ups tend to sink it.  

Thanks for the hard work!
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Problem authenticating with sasl in jail

[Mel Flynn]

On Wednesday 17 June 2009 03:43:58 Erik Norgaard wrote:

> I am migrating my imap server to a jail, I got the jail up and
> cyrus-imapd starts. I have copied configuration files from the current
> server, cyrus.conf, imapd.conf and passwd and group files. saslauthd is
> running, yet when I try to login I get the error:
>
> IMAP Password:
>Login failed: generic failure at
> /usr/local/lib/perl5/site_perl/5.10.0/mach/Cyrus/IMAP/Admin.pm line 120
> cyradm: cannot authenticate to server with  as cyrus
^^
Looks like there's missing something there. Would should be at that spot of 
the error message? Maybe a little context of line 120 in Admin.pm would help, 
for us that use dovecot.

-- 
Mel
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: startx does not work, startxfce4 does!

[Mel Flynn]

On Wednesday 17 June 2009 08:27:41 Leslie Jensen wrote:
> On a newly installed 7.2-RELEASE system with all ports upgraded and
> cvsup'ed I have a problem.
>
> Both root and user has
>
> .xsession linked to .xinitrc
>
> and contains
>
> #!/bin/sh

Remove the she-bang and make sure .xinitrc is in $HOME. If this still don't 
work, check /var/log/Xorg.0.log for anything (EE).
-- 
Mel
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Updating linux-pango

[Jerry]

On Wed, 17 Jun 2009 21:11:51 +0400
Boris Samorodov  wrote:

> Gerard  writes:
> 
> > Affected package: linux-pango-1.10.2_3
> > Type of problem: pango -- integer overflow.
> > Reference:
> > 
> >
> > This problem has existed for awhile now. Unless: 
> >
> > DISABLE_VULNERABILITIES=yes
> >
> > is used, linux-pango and any port that depends on it will refuse to
> > build. Is there any information on when this problem will be
> > resolved? I really do not like intentionally installing a program
> > with a potential security problem; however, in this case I have no
> > choice.
> 
> Usually a search at archieves of FreeBSD maillists may be helpful:
> http://lists.freebsd.org/pipermail/freebsd-questions/2009-June/200565.html
> 
> 
> WBR

That does not supply an answer.

-- 
Jerry
ges...@yahoo.com

What I want is all of the power and none of the responsibility.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

PF Routing to VPN Device

[Mike Sweetser - Adhost]

Hello,

We have a network with a VPN device sitting beside a PF server, both
connected to an internal network.  

PF Server: 10.1.4.1
VPN Device: 10.1.4.200

The VPNs are set up for 10.1.1.0/24 and 10.1.2.0/24, so any traffic to
these networks should be routed to 10.1.4.200.  We've set up routes on
the PF server as such.

We've set up the following rules: 

block in log
pass in on $int_if route-to 10.1.4.200 from 10.1.4.0/24 to { 10.1.1.0/24
10.1.2.0/24)

However, the block in log is catching the return traffic.  From pflog
when somebody on the VPN (10.1.2.105) tries to connect to 10.1.4.25 on
port 80:

00 rule 28/0(match): block in on bge1: 10.1.4.25.80 >
10.1.2.105.3558: [|tcp]

If we remove the block in log, the traffic works.

What are we missing?

Thanks,
Mike
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

[Nikos Vassiliadis]

Gary Gatten wrote:

I meant, the original source flows are nat'd to whatever outbound interface ip 
they are RRLB to. That way any internal flow can use any isp connection.  Most 
of my interesting routing, NAT, etc I do with Ci$co so not all that up on BSD's 
options.


Yes, works with ci$co, doesn't with FreeBSD ;)

You cannot add more than one next hop for any given prefix.
Well, you can achieve almost the same result, but only with
the help of a packet filter which can bypass the routing table
lookup and forward to the next hop of preference. But that's
hardly the same with ECMP which many vendors support...

Yet, that's about to change. There is ECMP support in 8.0:)


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Problem with jail connecting out

[Nikos Vassiliadis]

Erik Norgaard wrote:

Steve Bertrand wrote:

Erik Norgaard wrote:

Erik Norgaard wrote:


I have no problem connecting from the host to the jail, but the other
way around doesn't work.

Also, related, how do I configure multiple interfaces in a jail?

Second problem solved, starting jail with

  # jail /var/jail jail 127.0.0.2,172.16.0.2 /bin/sh /etc/rc

So, now I have:

vr1: flags=8943 metric 0
mtu 1500
options=2808
ether 00:40:63:ee:97:f1
inet 172.16.0.2 netmask 0x broadcast 172.16.0.2
media: Ethernet autoselect (100baseTX )
status: active
lo0: flags=8049 metric 0 mtu 16384
inet 127.0.0.2 netmask 0x

Now, I can connect out on vr1 to 172.16.0.1, but not on lo0 to
127.0.0.1. Any suggestions what might be wrong?


I don't think that it is a wise idea to be using the loopback address
space to route packets outside of the OS, and it is even possible that
some implementations forbid this behaviour (don't quote me on that).


I have read some recommendations not to use the loopback interface 
without any real explanation, I don't see why it shouldn't work with a 
different IP as for other interfaces - or a cloned loopback.


It's the 127/8 that is special, that is, it's treated specially by the
network stack and is dropped when coming from an interface other
than a loopback one. In general, packets that coming into/leave
the box that have a loopback source/destination address have nothing
special and can be used as any other address.


If you want a loopback to be a receive interface, you should clone off a
second one (lo1), and assign an IP address to it that was not designed
to be short circuited within the host, like this:

% grep lo10 /etc/rc.conf

cloned_interfaces="lo1 lo3 lo10 ...etc

# lo10 (IPv4 iBGP loopback, advertised by OSPF)
ifconfig_lo10="UP"
ifconfig_lo10="inet 172.16.104.8 netmask 255.255.255.255"


From RFC 1700:


  (g)   {127, }

 Internal host loopback address.  Should never appear outside
 a host.


It won't. It's intended to be stricly local on the internal loopback 
interface.


The idea is to use the loopback interface for connecting between the 
jail and the host while not exposing the jail to the exterior.


Basically, I'm trying to setup a jail for my imap server to migrate my 
mail from the existing server, a last resort clumsy way of upgrading the 
Berkeley DB. Then a script connecting to both services can create 
accounts, folders and copy the mail to the new service.


The idea is that this way I could do it transparently - well, that's the 
theory.


Your theory is correct, and it really works that way in -HEAD and 7.1R
that I have available. But, it's not working when the server is bound
specifically to 127.0.0.1 and not any address. Is your server bound
to any address?

I can connect from 127.2 to 127.1:
lab# sockstat -4l
USER COMMANDPID   FD PROTO  LOCAL ADDRESS FOREIGN ADDRESS
root sshd   1386  4  tcp4   *:22  *:*
Yet, the connection appears to be connected from 127.2 to 127.2

It doesn't work:
lab# sockstat -4l
USER COMMANDPID   FD PROTO  LOCAL ADDRESS FOREIGN ADDRESS
root sshd   1286  3  tcp4   127.0.0.1:22  *:*

Hm, just tested with another loopback address from the
172.16.0.0/16 net and it doesn't have the same problem.
Could try using something else other than 127.1?
That looks like a bug...

Nikos
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

sed help

[chloe K]

Hi 
 
 
I have a file. list.txt (two columns)
 
column1    column2
name    address
 
 
I need to put in the letter file letter.txt eg:
 
Dear: Chloe
Address: CA
 
Can I use this 
 
for i `cat list.txt` | sed 's/Chloe/$i.1; /CA/$i.2/g' $i.letter.txt
 
Thank you for your help



  __
The new Internet Explorer® 8 - Faster, safer, easier.  Optimized for Yahoo!  
Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

[Gary Gatten]

I meant, the original source flows are nat'd to whatever outbound interface ip 
they are RRLB to. That way any internal flow can use any isp connection.  Most 
of my interesting routing, NAT, etc I do with Ci$co so not all that up on BSD's 
options.

- Original Message -
From: owner-freebsd-questi...@freebsd.org 
To: Gary Gatten
Cc: freebsd-questions@freebsd.org ; 
raulbece...@unp.edu.ar 
Sent: Wed Jun 17 13:13:59 2009
Subject: Re: Gateway load balance

> Adding 2 more default routes with same weight to each dsl line won't work?

No, because you have to route things beginning from connection 1 subnet 
through connection 1, connection 2 subnet through connection 2 etc.

Your idea will result in routing all outgoing traffic randomly through 3 
lines. At least with polish telecom it will not work. If you have 
connection with say 12.34.56.72/29 subnet, you have to send packets from 
that subnet.

And that's proper behaviour, as it blocks spoofing.

>
> - Original Message -
> From: owner-freebsd-questi...@freebsd.org 
> 
> To: FreeBSD Users 
> Sent: Wed Jun 17 12:18:07 2009
> Subject: Gateway load balance
>
> Hi all
>
> First time posting.
>
> I am a long time Linux user (desktop and server) and started with
> FreeBSD a year ago.
> Thanks to the book Absolute FreeBSD 2nd Edition I learned a lot about
> the OS and how to configure different services I used in Linux (Slackware).
>
> My post is regarding something I couldn't find information on how to
> implement it. Here's the situation:
>
> I had a proxy server (Squid + Dansguardian) under Slackware on the LAN
> which, via 'ip route' I make it use 3 gateways connected each one to an
> ADSL line and balance the requests.
> Unfortunately my server crashed and I took the oportunity to install a
> new one under FreeBSD 7.0-RELEASE. Squid and Dansguardian are working
> fine. My problem is that I don't know how to make the server use the
> other 2 gateways I have left and balance the requests on all ADSL lines.
>
> 192.168.10.9/16  proxy
> 192.168.10.2/16  1st gateway (1 NIC to LAN - 2 NIC
> to ADSL modem)
> 192.168.30.100/16 2nd gateway
> 192.168.30.1/16  3rd gateway
>
> I found it could be done with PF (also read most of The Book of PF) but
> I am quite lost about how to do it.
>
> Any information would be greatly appreciated.
>
> Thanks in advance
>
> Raúl I. Becette
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
>
>
>
>
>
> 
> 
> 
> "This email is intended to be reviewed by only the intended recipient
> and may contain information that is privileged and/or confidential.
> If you are not the intended recipient, you are hereby notified that
> any review, use, dissemination, disclosure or copying of this email
> and its attachments, if any, is strictly prohibited.  If you have
> received this email in error, please immediately notify the sender by
> return email and delete this email from your system."
> 








"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

[Wojciech Puchar]

Adding 2 more default routes with same weight to each dsl line won't work?


No, because you have to route things beginning from connection 1 subnet 
through connection 1, connection 2 subnet through connection 2 etc.


Your idea will result in routing all outgoing traffic randomly through 3 
lines. At least with polish telecom it will not work. If you have 
connection with say 12.34.56.72/29 subnet, you have to send packets from 
that subnet.


And that's proper behaviour, as it blocks spoofing.



- Original Message -
From: owner-freebsd-questi...@freebsd.org 
To: FreeBSD Users 
Sent: Wed Jun 17 12:18:07 2009
Subject: Gateway load balance

Hi all

First time posting.

I am a long time Linux user (desktop and server) and started with
FreeBSD a year ago.
Thanks to the book Absolute FreeBSD 2nd Edition I learned a lot about
the OS and how to configure different services I used in Linux (Slackware).

My post is regarding something I couldn't find information on how to
implement it. Here's the situation:

I had a proxy server (Squid + Dansguardian) under Slackware on the LAN
which, via 'ip route' I make it use 3 gateways connected each one to an
ADSL line and balance the requests.
Unfortunately my server crashed and I took the oportunity to install a
new one under FreeBSD 7.0-RELEASE. Squid and Dansguardian are working
fine. My problem is that I don't know how to make the server use the
other 2 gateways I have left and balance the requests on all ADSL lines.

192.168.10.9/16  proxy
192.168.10.2/16  1st gateway (1 NIC to LAN - 2 NIC
to ADSL modem)
192.168.30.100/16 2nd gateway
192.168.30.1/16  3rd gateway

I found it could be done with PF (also read most of The Book of PF) but
I am quite lost about how to do it.

Any information would be greatly appreciated.

Thanks in advance

Raúl I. Becette
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"








"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited.  If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

[Wojciech Puchar]

I am a long time Linux user (desktop and server) and started with FreeBSD a 
year ago.
Thanks to the book Absolute FreeBSD 2nd Edition I learned a lot about the OS 
and how to configure different services I used in Linux (Slackware).


very rare case today - someone that read books FIRST :)))



I had a proxy server (Squid + Dansguardian) under Slackware on the LAN which, 
via 'ip route' I make it use 3 gateways connected each one to an ADSL line 
and balance the requests.
Unfortunately my server crashed and I took the oportunity to install a new 
one under FreeBSD 7.0-RELEASE. Squid and Dansguardian are working fine. My 
problem is that I don't know how to make the server use the other 2 gateways 
I have left and balance the requests on all ADSL lines.



use ipfw and fwd command.

for example with output section

add 1 fwd gw1_IP from DSL1_subnet to any via gw1_ethernet
add 10001 fwd gw2_IP from DSL2_subnet to any via gw2_ethernet
add 10002 fwd gw3_IP from DSL3_subnet to any via gw3_ethernet

please do treat above as an example of course.

Of course use right squid commands so it will select right source IP based 
on the rules you want, but as you already did id under linux i assume you 
have this practiced already.


i had 5+2 Polish Telecom links connected to one server - worked fine.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

[Gary Gatten]

PS: kudos for actually reading all that stuff!

- Original Message -
From: owner-freebsd-questi...@freebsd.org 
To: FreeBSD Users 
Sent: Wed Jun 17 12:18:07 2009
Subject: Gateway load balance

Hi all

First time posting.

I am a long time Linux user (desktop and server) and started with 
FreeBSD a year ago.
Thanks to the book Absolute FreeBSD 2nd Edition I learned a lot about 
the OS and how to configure different services I used in Linux (Slackware).

My post is regarding something I couldn't find information on how to 
implement it. Here's the situation:

I had a proxy server (Squid + Dansguardian) under Slackware on the LAN 
which, via 'ip route' I make it use 3 gateways connected each one to an 
ADSL line and balance the requests.
Unfortunately my server crashed and I took the oportunity to install a 
new one under FreeBSD 7.0-RELEASE. Squid and Dansguardian are working 
fine. My problem is that I don't know how to make the server use the 
other 2 gateways I have left and balance the requests on all ADSL lines.

192.168.10.9/16  proxy
192.168.10.2/16  1st gateway (1 NIC to LAN - 2 NIC 
to ADSL modem)
192.168.30.100/16 2nd gateway
192.168.30.1/16  3rd gateway

I found it could be done with PF (also read most of The Book of PF) but 
I am quite lost about how to do it.

Any information would be greatly appreciated.

Thanks in advance

Raúl I. Becette
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"








"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Gateway load balance

[Gary Gatten]

Adding 2 more default routes with same weight to each dsl line won't work?

- Original Message -
From: owner-freebsd-questi...@freebsd.org 
To: FreeBSD Users 
Sent: Wed Jun 17 12:18:07 2009
Subject: Gateway load balance

Hi all

First time posting.

I am a long time Linux user (desktop and server) and started with 
FreeBSD a year ago.
Thanks to the book Absolute FreeBSD 2nd Edition I learned a lot about 
the OS and how to configure different services I used in Linux (Slackware).

My post is regarding something I couldn't find information on how to 
implement it. Here's the situation:

I had a proxy server (Squid + Dansguardian) under Slackware on the LAN 
which, via 'ip route' I make it use 3 gateways connected each one to an 
ADSL line and balance the requests.
Unfortunately my server crashed and I took the oportunity to install a 
new one under FreeBSD 7.0-RELEASE. Squid and Dansguardian are working 
fine. My problem is that I don't know how to make the server use the 
other 2 gateways I have left and balance the requests on all ADSL lines.

192.168.10.9/16  proxy
192.168.10.2/16  1st gateway (1 NIC to LAN - 2 NIC 
to ADSL modem)
192.168.30.100/16 2nd gateway
192.168.30.1/16  3rd gateway

I found it could be done with PF (also read most of The Book of PF) but 
I am quite lost about how to do it.

Any information would be greatly appreciated.

Thanks in advance

Raúl I. Becette
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"








"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Gateway load balance

[Raul I. Becette]

Hi all

First time posting.

I am a long time Linux user (desktop and server) and started with 
FreeBSD a year ago.
Thanks to the book Absolute FreeBSD 2nd Edition I learned a lot about 
the OS and how to configure different services I used in Linux (Slackware).


My post is regarding something I couldn't find information on how to 
implement it. Here's the situation:


I had a proxy server (Squid + Dansguardian) under Slackware on the LAN 
which, via 'ip route' I make it use 3 gateways connected each one to an 
ADSL line and balance the requests.
Unfortunately my server crashed and I took the oportunity to install a 
new one under FreeBSD 7.0-RELEASE. Squid and Dansguardian are working 
fine. My problem is that I don't know how to make the server use the 
other 2 gateways I have left and balance the requests on all ADSL lines.


192.168.10.9/16  proxy
192.168.10.2/16  1st gateway (1 NIC to LAN - 2 NIC 
to ADSL modem)

192.168.30.100/16 2nd gateway
192.168.30.1/16  3rd gateway

I found it could be done with PF (also read most of The Book of PF) but 
I am quite lost about how to do it.


Any information would be greatly appreciated.

Thanks in advance

Raúl I. Becette
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Updating linux-pango

[Boris Samorodov]

Gerard  writes:

> Affected package: linux-pango-1.10.2_3
> Type of problem: pango -- integer overflow.
> Reference: 
> 
>
> This problem has existed for awhile now. Unless: 
>
>   DISABLE_VULNERABILITIES=yes
>
> is used, linux-pango and any port that depends on it will refuse to
> build. Is there any information on when this problem will be resolved?
> I really do not like intentionally installing a program with a
> potential security problem; however, in this case I have no choice.

Usually a search at archieves of FreeBSD maillists may be helpful:
http://lists.freebsd.org/pipermail/freebsd-questions/2009-June/200565.html


WBR
-- 
bsam
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: startx does not work, startxfce4 does!

[Glen Barber]

On Wed, Jun 17, 2009 at 12:27 PM, Leslie Jensen wrote:
> On a newly installed 7.2-RELEASE system with all ports upgraded and cvsup'ed
> I have a problem.
>
> Both root and user has
>
> .xsession linked to .xinitrc
>
> and contains
>
> #!/bin/sh
> exec /usr/local/bin/startxfce4
>
>
> If I execute startx as root TWM is started!
>
> If I execute startxfce4 as root XFCE4 is started
>
>
>
> If I execute startx as user I get a black screen that after some minutes
> returns to the prompt.
>
> If I execute startxfce4 as user XFCE4 is started
>
> I've checked the rights on startx and startxfce4 plus .xsession and .xinitrc
> and they are the same as I have on another 7.2 system that works.
>
> I could need some help to find the problem.
>

Hi, Leslie

Try this.

Create a file: $HOME/.xinitrc

containing: /usr/local/bin/startxfce4

Then give 'startx' another shot.


-- 
Glen Barber
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

startx does not work, startxfce4 does!

[Leslie Jensen]

On a newly installed 7.2-RELEASE system with all ports upgraded and 
cvsup'ed I have a problem.


Both root and user has

.xsession linked to .xinitrc

and contains

#!/bin/sh
exec /usr/local/bin/startxfce4


If I execute startx as root TWM is started!

If I execute startxfce4 as root XFCE4 is started



If I execute startx as user I get a black screen that after some minutes 
returns to the prompt.


If I execute startxfce4 as user XFCE4 is started

I've checked the rights on startx and startxfce4 plus .xsession and 
.xinitrc and they are the same as I have on another 7.2 system that works.


I could need some help to find the problem.

Thanks

Leslie

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: bannerfiltering

[Chris]

On Jun 17, 2009, at 7:54 AM, Dave wrote:


Hello,
I've got a freebsd 7.2 machine that i need to use for banner
filtering, addzapping and filtering out all the junk that comes  
along with
adds windows viruses trojans things like that before they can get to  
my
internal clients. Previously i used squid and dansguardian but found  
that
slowed things down to a crawl and at times was to restrictive at  
times not
restrictive enough. I've also tried squidguard but that didn't meet  
my needs

either, it didn't seem to be being maintained.



I'm using snort_inline with FreeBSD 7.0, IPFW, and IF_BRIDGE. Massive  
traffic
running through it and no performance issues. Dropping sessions is  
effortless
but there are more complex ways to filter and pass which sounds like  
what
you would want to do. I've not experimented with that. There isn't a  
lot of
documentation on set up and what there is states that it doesn't work.  
That's
out of date because it does, quite well really. The docs out there for  
snort_inline
and non-bridged configurations are still useful. I don't have a link  
but found

them with googling.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org 
"




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: bannerfiltering

[Brent Bloxam]

Dave wrote:

Hello,
I've got a freebsd 7.2 machine that i need to use for banner
filtering, addzapping and filtering out all the junk that comes along with
adds windows viruses trojans things like that before they can get to my
internal clients. Previously i used squid and dansguardian but found that
slowed things down to a crawl and at times was to restrictive at times not
restrictive enough. I've also tried squidguard but that didn't meet my needs
either, it didn't seem to be being maintained.
In the interim i was looking for a hosts file i can use on servers
and clients to redirect requests to add sites to nowhere. 
Any solutions appreciated.

Thanks.
Dave.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


http://someonewhocares.org/hosts/ should suffice.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Files in /var/ftp/etc directory.

[Daniel Bye]

On Wed, Jun 17, 2009 at 10:22:14AM -0400, Carmel NY wrote:
> This is probably a dumb question; however, since I don't know the
> answer I figured I might as well ask.
> 
> On a new installation of FreeBSD-7.2, I opted to set up an anonymous
> FTP server. I just noticed that there are three files in the '/etc'
> directory.
> 
> 1) ftpmold
> 2) group
> 3) pwd.db

They are to enable group and uid lookups when a logged in client issues,
for example, an ls command. Without them, clients will only see the 
numeric user and group ids. And is it really pwd.db? I would expect passwd, 
but I haven't run an anonymous ftp server for about a decade now... In 
either case, both files must be readable by everyone, or lookups would 
fail. Compare the files of the same name in your system's /etc - both 
have rw-r--r-- permissions, for the same reason - to commands invoked
by ordinary users to perform user name and group name lookups.

> 
> I know what the first one is, but what are the other two for? They are
> visible and down loadable to any visitor who accesses the site. Is this
> normal or is this something I should be concerned about? Can I just
> delete the two files I am unsure of?

-- 
Daniel Bye
 _
  ASCII ribbon campaign ( )
 - against HTML, vCards and  X
- proprietary attachments in e-mail / \


pgpL56oa36ich.pgp
Description: PGP signature

Re: Announcing: FreeBSD Custom XFCE ISO (take II)

[Manolis Kiagias]

Giorgos Keramidas wrote:
> On Wed, 17 Jun 2009 16:37:44 +0300, Manolis Kiagias  wrote:
>   
>> Sure. I am making a list of what people would like to see included,
>> and will add most of them in the next iteration. Small utilities like
>> this are not a problem.
>> 
>
> Until someone jumps in and asks for Emacs, I guess :grin:
>
> Good job with the ISO images, Manoli :-)
>
>   
Hehe, thanks.

Emacs and Vim should both be included actually.  I wouldn't like my ISOs
to burst up in flames ;)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Announcing: FreeBSD Custom XFCE ISO (take II)

[Giorgos Keramidas]

On Wed, 17 Jun 2009 16:37:44 +0300, Manolis Kiagias  wrote:
> Sure. I am making a list of what people would like to see included,
> and will add most of them in the next iteration. Small utilities like
> this are not a problem.

Until someone jumps in and asks for Emacs, I guess :grin:

Good job with the ISO images, Manoli :-)

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

bannerfiltering

[Dave]

Hello,
I've got a freebsd 7.2 machine that i need to use for banner
filtering, addzapping and filtering out all the junk that comes along with
adds windows viruses trojans things like that before they can get to my
internal clients. Previously i used squid and dansguardian but found that
slowed things down to a crawl and at times was to restrictive at times not
restrictive enough. I've also tried squidguard but that didn't meet my needs
either, it didn't seem to be being maintained.
In the interim i was looking for a hosts file i can use on servers
and clients to redirect requests to add sites to nowhere. 
Any solutions appreciated.
Thanks.
Dave.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: freebsd "toaster"

[Chris Rees]

2009/6/17 Alex Stangl :
> On Wed, Jun 17, 2009 at 11:17:32AM +0100, Chris Rees wrote:
>> Just curiosity, what's wrong with source upgrading? Isn't it miles
>> easier than reinstalling?
>
> Probably nothing. I haven't done it before, so there's the usual
> apprehension dealing with the unknown. I originally thought that since I
> just use a generic kernel, a binary upgrade should be quickest, easiest,
> and safest. Freebsd.org was touting the freebsd-update script, so that
> seemed the obvious way to go.
>
> I guess I'll clean up the mess left by freebsd-update and try the route
> of upgrading via source. But then I am left wondering why the
> freebsd.org site continues to recommend using freebsd-update which is
> seemingly broken and unsupported, while people on the mailing list
> recommend source upgrades instead.
>
> Thanks,
>
> Alex
>

As I see it, binary updates are fantastic for incremental patches (for
security etc), but for anything other than small patches or point
releases (eg 7.1-7.2) I'd use source. Just my opinion, but it's served
me fine.

Basically, a source update is guaranteed and THE supported method, but
freebsd-update is just so damn convenient!

Chris

-- 
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in a mailing list?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Problem with jail connecting out

[Erik Norgaard]

Steve Bertrand wrote:

Erik Norgaard wrote:

Erik Norgaard wrote:


I have no problem connecting from the host to the jail, but the other
way around doesn't work.

Also, related, how do I configure multiple interfaces in a jail?

Second problem solved, starting jail with

  # jail /var/jail jail 127.0.0.2,172.16.0.2 /bin/sh /etc/rc

So, now I have:

vr1: flags=8943 metric 0
mtu 1500
options=2808
ether 00:40:63:ee:97:f1
inet 172.16.0.2 netmask 0x broadcast 172.16.0.2
media: Ethernet autoselect (100baseTX )
status: active
lo0: flags=8049 metric 0 mtu 16384
inet 127.0.0.2 netmask 0x

Now, I can connect out on vr1 to 172.16.0.1, but not on lo0 to
127.0.0.1. Any suggestions what might be wrong?


I don't think that it is a wise idea to be using the loopback address
space to route packets outside of the OS, and it is even possible that
some implementations forbid this behaviour (don't quote me on that).


I have read some recommendations not to use the loopback interface 
without any real explanation, I don't see why it shouldn't work with a 
different IP as for other interfaces - or a cloned loopback.



If you want a loopback to be a receive interface, you should clone off a
second one (lo1), and assign an IP address to it that was not designed
to be short circuited within the host, like this:

% grep lo10 /etc/rc.conf

cloned_interfaces="lo1 lo3 lo10 ...etc

# lo10 (IPv4 iBGP loopback, advertised by OSPF)
ifconfig_lo10="UP"
ifconfig_lo10="inet 172.16.104.8 netmask 255.255.255.255"


From RFC 1700:


  (g)   {127, }

 Internal host loopback address.  Should never appear outside
 a host.


It won't. It's intended to be stricly local on the internal loopback 
interface.


The idea is to use the loopback interface for connecting between the 
jail and the host while not exposing the jail to the exterior.


Basically, I'm trying to setup a jail for my imap server to migrate my 
mail from the existing server, a last resort clumsy way of upgrading the 
Berkeley DB. Then a script connecting to both services can create 
accounts, folders and copy the mail to the new service.


The idea is that this way I could do it transparently - well, that's the 
theory.


BR, Erik.

--
Erik Nørgaard
Ph: +34.666334818/+34.915211157  http://www.locolomo.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Files in /var/ftp/etc directory.

[Carmel NY]

This is probably a dumb question; however, since I don't know the
answer I figured I might as well ask.

On a new installation of FreeBSD-7.2, I opted to set up an anonymous
FTP server. I just noticed that there are three files in the '/etc'
directory.

1) ftpmold
2) group
3) pwd.db

I know what the first one is, but what are the other two for? They are
visible and down loadable to any visitor who accesses the site. Is this
normal or is this something I should be concerned about? Can I just
delete the two files I am unsure of?

Thanks!

-- 
Carmel
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Announcing: FreeBSD Custom XFCE ISO (take II)

[Andrew Gould]

On Wed, Jun 17, 2009 at 8:44 AM, Robert wrote:
> On Wed, 17 Jun 2009 16:37:44 +0300
>
> First I want to say thank you. This is very welcome for my older slow
> laptop.
>
> That said. Have you considered Claws-Mail?
>
> Robert
>

Claws-Mail is good.  It can also use the address book in jpilot, which
might be a good option for a lightweight PIM.

Andrew
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Announcing: FreeBSD Custom XFCE ISO (take II)

[Robert]

On Wed, 17 Jun 2009 16:37:44 +0300
Manolis Kiagias  wrote:

> Andrew Gould wrote:
> > 2009/6/16 Manolis Kiagias :
> >
> >
> > List of main packages
> > ==
> >
> > This is a comprehensive list of packages included in the ISO:
> >
> > abiword, archivers (zip, unzip, rar, unrar) bash, bluefish,
> > cdrtools, dvd+rw-tools, evince, firefox3, gimp, gnash, gnumeric,
> > gnupg, inkscape, mercurial, pkg_rmleaves, portaudit, portupgrade,
> > rdesktop, rtorrent, ristretto, samba, scribus, sudo, thunderbird,
> > tilda, wget, xfburn,  xfce4 + plugins,  xorg, zim.
> >
> 
> > Would you consider adding unix2dos?
> 
> > Thanks
> 
> > Andrew
> >
> 
> 
> Sure. I am making a list of what people would like to see included,
> and will add most of them in the next iteration. Small utilities like
> this are not a problem.
> 

First I want to say thank you. This is very welcome for my older slow
laptop. 

That said. Have you considered Claws-Mail?

Robert
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Announcing: FreeBSD Custom XFCE ISO (take II)

[Manolis Kiagias]

Robert wrote:
> On Wed, 17 Jun 2009 16:37:44 +0300
> Manolis Kiagias  wrote:
>
>   
>> Andrew Gould wrote:
>> 
>>> 2009/6/16 Manolis Kiagias :
>>>
>>>
>>> List of main packages
>>> ==
>>>
>>> This is a comprehensive list of packages included in the ISO:
>>>
>>> abiword, archivers (zip, unzip, rar, unrar) bash, bluefish,
>>> cdrtools, dvd+rw-tools, evince, firefox3, gimp, gnash, gnumeric,
>>> gnupg, inkscape, mercurial, pkg_rmleaves, portaudit, portupgrade,
>>> rdesktop, rtorrent, ristretto, samba, scribus, sudo, thunderbird,
>>> tilda, wget, xfburn,  xfce4 + plugins,  xorg, zim.
>>>
>>>   
>>> Would you consider adding unix2dos?
>>>   
>>> Thanks
>>>   
>>> Andrew
>>>
>>>   
>> Sure. I am making a list of what people would like to see included,
>> and will add most of them in the next iteration. Small utilities like
>> this are not a problem.
>>
>> 
>
> First I want to say thank you. This is very welcome for my older slow
> laptop. 
>
> That said. Have you considered Claws-Mail?
>
> Robert
>
>   
Will consider this too, thanks!
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Announcing: FreeBSD Custom XFCE ISO (take II)

[Neal Hogan]

On Wed, Jun 17, 2009 at 8:37 AM, Manolis Kiagias wrote:
> Andrew Gould wrote:
>> 2009/6/16 Manolis Kiagias :
>>
>>
>> List of main packages
>> ==
>>
>> This is a comprehensive list of packages included in the ISO:
>>
>> abiword, archivers (zip, unzip, rar, unrar) bash, bluefish, cdrtools,
>> dvd+rw-tools, evince, firefox3, gimp, gnash, gnumeric, gnupg,
>> inkscape, mercurial, pkg_rmleaves, portaudit, portupgrade,  rdesktop,
>> rtorrent, ristretto, samba, scribus, sudo, thunderbird, tilda, wget,
>> xfburn,  xfce4 + plugins,  xorg, zim.
>>
>
>> Would you consider adding unix2dos?
>
>> Thanks
>
>> Andrew
>>
>
>
> Sure. I am making a list of what people would like to see included, and
> will add most of them in the next iteration. Small utilities like this
> are not a problem.

I'm curious (and it may help quell some suggestions) what your
criteria is for adding things. So far, it seems that your adding all
suggestions.

BTW - I like this project and have been thinking of doing something
similar with oBSD.

> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Announcing: FreeBSD Custom XFCE ISO (take II)

[Manolis Kiagias]

Andrew Gould wrote:
> 2009/6/16 Manolis Kiagias :
>
>
> List of main packages
> ==
>
> This is a comprehensive list of packages included in the ISO:
>
> abiword, archivers (zip, unzip, rar, unrar) bash, bluefish, cdrtools,
> dvd+rw-tools, evince, firefox3, gimp, gnash, gnumeric, gnupg,
> inkscape, mercurial, pkg_rmleaves, portaudit, portupgrade,  rdesktop,
> rtorrent, ristretto, samba, scribus, sudo, thunderbird, tilda, wget,
> xfburn,  xfce4 + plugins,  xorg, zim.
>

> Would you consider adding unix2dos?

> Thanks

> Andrew
>


Sure. I am making a list of what people would like to see included, and
will add most of them in the next iteration. Small utilities like this
are not a problem.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Very slow disk speed / mpt0: LSILogic SAS/SATA Adapter

[Matej Šerc]

Hi,

thank you very much for a very detailed answer. This machine is in
co-location in a specialized data center which provides totally controlled
environment (temperature, power etc.) and after being their partner for
about 5 years now not a single power outage occured. Of course the data is
backed-up regularily.

One more question: where can I see if we are using background fsck? I
occassionally run it to check for inconsistencies (as a forground - is this
OK?).

I suppose I can turn this write-caching on then.

Thank you,
Matej
On Wed, Jun 17, 2009 at 2:48 PM, Erik Trulsson wrote:

> On Wed, Jun 17, 2009 at 01:35:52PM +0200, Matej ?erc wrote:
> > Hi,
> >
> > we have a HP ProLiant server with RAID 0/1 controller onboard. It is
> > detected as mpt0 (I have attached a part of dmesg output at the end of
> the
> > mail). As reported by some already (
> >
> http://www.mail-archive.com/freebsd-performa...@freebsd.org/msg02446.html
> ),
> > we are also getting extremely slow write speeds. I read somewhere that
> there
> > are some improvements which could solve the situation in 7.2 (our system
> has
> > 7.1 installed and I am currently unable to turn it off and it will stay
> so
> > for at least 3 months).
> >
> > There are some information that setting hw.mpt.enable_sata_wc=1 solves
> the
> > write speed (it actually does as I tested!), but I would like to know
> more
> > about how danger that option is. We are using softupdates and now have
> this
> > hw.mpt.enable_sata_wc=0, after reading that it might be very dangerous
> when
> > using sata_wc=1.
>
> Not very dangerous at all, as long as you are not using background fsck.
> The problem with write caching on standard IDE/SATA drives is that they
> report that a write operation is finished even if it has only reached the
> disk's cache.  This means that some of the guarantees that softupdates is
> supposed to provide regarding which order data is written to the disk,
> cannot be fulfilled.
>
> This essentially means that if you lose power to the machine unexpectedly
> you might have some filesystem inconsistencies afterward that you would not
> have had without the disks' cache being enabled. (A normal reset would not
> cause this problem since the disks would still retain the contents of their
> caches.)
>
> If you are using background fsck this could be a big problem, since for
> background fsck to work properly the only inconsistencies on the filesystem
> must be that some blocks are marked as in use when they actually are not.
> (That is one of the guarantees that softupdates is supposed to provide, but
> may not be able to provide due to the behaviour of the disks' cache.)  If
> you do have other inconsistencies on the filesystem the whole system may
> throw a kernel panic when it encounters one of them.
> (A normal foreground fsck would fix all such inconsistencies before the
> system starts running for real.)
>
> It is also the case that if your system is really busy writing to the disks
> (with write caching enabled) and you lose power at exactly the wrong time
> you could potentially lose a lot of data from the filesystem, since any
> given write could theoretically get delayed indefinitely before it hits the
> disk's platters.  (If the write that gets delayed is the creation of a
> directory in which lots of writes happen later you could lose all of them.)
> If you have write caching disabled you will not lose more than the last 30
> seconds or so of updates.
>
>
> Using an UPS is one obvious way of drastically reducing the number of times
> the machine loses power unexpectedly, and if it is so important that this
> server is not taken down I assume you already have an UPS, in which case
> enabling the write caching is essentially riskfree.
>
>
> >
> > I am really looking forward to getting more information about this, it is
> > actually driving me nuts. We have a number of other servers and there are
> no
> > problems with RAID controllers at all. And as I said, I cannot actually
> turn
> > of this machine and bring it back to reinstall new OS.
> >
> > Thank you very much for your comments and thoughts,
> > Matej
> >
> >
> > The server model is ML110G5.
> >
> > mpt0:  port 0xd000-0xd0ff mem
> > 0xfcefc000-0xfcef,0xfcee-0xfcee irq 16 at device 0.0 on pci5
> > mpt0: [ITHREAD]
> > mpt0: MPI Version=1.5.16.0
> > mpt0: Capabilities: ( RAID-0 RAID-1E RAID-1 )
> > mpt0: 1 Active Volume (2 Max)
> > mpt0: 3 Hidden Drive Members (10 Max)
>
>
>
> --
> 
> Erik Trulsson
> ertr1...@student.uu.se
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Problem with jail connecting out

[Steve Bertrand]

Erik Norgaard wrote:
> Erik Norgaard wrote:
> 
>> I have no problem connecting from the host to the jail, but the other
>> way around doesn't work.
>>
>> Also, related, how do I configure multiple interfaces in a jail?
> 
> Second problem solved, starting jail with
> 
>   # jail /var/jail jail 127.0.0.2,172.16.0.2 /bin/sh /etc/rc
> 
> So, now I have:
> 
> vr1: flags=8943 metric 0
> mtu 1500
> options=2808
> ether 00:40:63:ee:97:f1
> inet 172.16.0.2 netmask 0x broadcast 172.16.0.2
> media: Ethernet autoselect (100baseTX )
> status: active
> lo0: flags=8049 metric 0 mtu 16384
> inet 127.0.0.2 netmask 0x
> 
> Now, I can connect out on vr1 to 172.16.0.1, but not on lo0 to
> 127.0.0.1. Any suggestions what might be wrong?

I don't think that it is a wise idea to be using the loopback address
space to route packets outside of the OS, and it is even possible that
some implementations forbid this behaviour (don't quote me on that).

You could probably break the default behaviour by modifying your routing
table, but I would advise strongly against doing that.

If you want a loopback to be a receive interface, you should clone off a
second one (lo1), and assign an IP address to it that was not designed
to be short circuited within the host, like this:

% grep lo10 /etc/rc.conf

cloned_interfaces="lo1 lo3 lo10 ...etc

# lo10 (IPv4 iBGP loopback, advertised by OSPF)
ifconfig_lo10="UP"
ifconfig_lo10="inet 172.16.104.8 netmask 255.255.255.255"

--

>From RFC 1700:

  (g)   {127, }

 Internal host loopback address.  Should never appear outside
 a host.

Steve


smime.p7s
Description: S/MIME Cryptographic Signature

Re: freebsd "toaster"

[Alex Stangl]

On Wed, Jun 17, 2009 at 11:17:32AM +0100, Chris Rees wrote:
> Just curiosity, what's wrong with source upgrading? Isn't it miles
> easier than reinstalling?

Probably nothing. I haven't done it before, so there's the usual
apprehension dealing with the unknown. I originally thought that since I
just use a generic kernel, a binary upgrade should be quickest, easiest,
and safest. Freebsd.org was touting the freebsd-update script, so that
seemed the obvious way to go.

I guess I'll clean up the mess left by freebsd-update and try the route
of upgrading via source. But then I am left wondering why the
freebsd.org site continues to recommend using freebsd-update which is
seemingly broken and unsupported, while people on the mailing list
recommend source upgrades instead.

Thanks,

Alex
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Very slow disk speed / mpt0: LSILogic SAS/SATA Adapter

[Erik Trulsson]

On Wed, Jun 17, 2009 at 01:35:52PM +0200, Matej ?erc wrote:
> Hi,
> 
> we have a HP ProLiant server with RAID 0/1 controller onboard. It is
> detected as mpt0 (I have attached a part of dmesg output at the end of the
> mail). As reported by some already (
> http://www.mail-archive.com/freebsd-performa...@freebsd.org/msg02446.html),
> we are also getting extremely slow write speeds. I read somewhere that there
> are some improvements which could solve the situation in 7.2 (our system has
> 7.1 installed and I am currently unable to turn it off and it will stay so
> for at least 3 months).
> 
> There are some information that setting hw.mpt.enable_sata_wc=1 solves the
> write speed (it actually does as I tested!), but I would like to know more
> about how danger that option is. We are using softupdates and now have this
> hw.mpt.enable_sata_wc=0, after reading that it might be very dangerous when
> using sata_wc=1.

Not very dangerous at all, as long as you are not using background fsck.
The problem with write caching on standard IDE/SATA drives is that they
report that a write operation is finished even if it has only reached the
disk's cache.  This means that some of the guarantees that softupdates is
supposed to provide regarding which order data is written to the disk,
cannot be fulfilled.

This essentially means that if you lose power to the machine unexpectedly
you might have some filesystem inconsistencies afterward that you would not
have had without the disks' cache being enabled. (A normal reset would not
cause this problem since the disks would still retain the contents of their
caches.)

If you are using background fsck this could be a big problem, since for
background fsck to work properly the only inconsistencies on the filesystem
must be that some blocks are marked as in use when they actually are not.
(That is one of the guarantees that softupdates is supposed to provide, but
may not be able to provide due to the behaviour of the disks' cache.)  If
you do have other inconsistencies on the filesystem the whole system may
throw a kernel panic when it encounters one of them.
(A normal foreground fsck would fix all such inconsistencies before the
system starts running for real.)

It is also the case that if your system is really busy writing to the disks
(with write caching enabled) and you lose power at exactly the wrong time
you could potentially lose a lot of data from the filesystem, since any
given write could theoretically get delayed indefinitely before it hits the
disk's platters.  (If the write that gets delayed is the creation of a
directory in which lots of writes happen later you could lose all of them.)
If you have write caching disabled you will not lose more than the last 30
seconds or so of updates.


Using an UPS is one obvious way of drastically reducing the number of times
the machine loses power unexpectedly, and if it is so important that this
server is not taken down I assume you already have an UPS, in which case
enabling the write caching is essentially riskfree.


> 
> I am really looking forward to getting more information about this, it is
> actually driving me nuts. We have a number of other servers and there are no
> problems with RAID controllers at all. And as I said, I cannot actually turn
> of this machine and bring it back to reinstall new OS.
> 
> Thank you very much for your comments and thoughts,
> Matej
> 
> 
> The server model is ML110G5.
> 
> mpt0:  port 0xd000-0xd0ff mem
> 0xfcefc000-0xfcef,0xfcee-0xfcee irq 16 at device 0.0 on pci5
> mpt0: [ITHREAD]
> mpt0: MPI Version=1.5.16.0
> mpt0: Capabilities: ( RAID-0 RAID-1E RAID-1 )
> mpt0: 1 Active Volume (2 Max)
> mpt0: 3 Hidden Drive Members (10 Max)



-- 

Erik Trulsson
ertr1...@student.uu.se
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Announcing: FreeBSD Custom XFCE ISO (take II)

[Andrew Gould]

2009/6/16 Manolis Kiagias :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hey all,



>
> List of main packages
> ==
>
> This is a comprehensive list of packages included in the ISO:
>
> abiword, archivers (zip, unzip, rar, unrar) bash, bluefish, cdrtools,
> dvd+rw-tools, evince, firefox3, gimp, gnash, gnumeric, gnupg,
> inkscape, mercurial, pkg_rmleaves, portaudit, portupgrade,  rdesktop,
> rtorrent, ristretto, samba, scribus, sudo, thunderbird, tilda, wget,
> xfburn,  xfce4 + plugins,  xorg, zim.
>
> Several other packages are included as dependencies of the above top
> level ones. The total list of packages is 496.  There are no conflicts
> between them, you may even install all of them during the initial
> setup or afterwards.
>
> I will start preparing a server ISO (CD sized) soon. I also welcome
> all ideas on what to include/exclude in later versions of this DVD.
> It has been suggested to include openoffice packages as abiword /
> gnumeric don't cut it for many people. This will increase the size of
> the download, although hopefully not dramatically as most dependencies
> are probably already included. I am all open to ideas, so please email
> me your suggestions and comments.
>
> Thanks,
> Manolis Kiagias
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.9 (FreeBSD)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAko3OA4ACgkQZ/MxGm4PtJRuvgCfYcOTk2whTnOekRqrBMJYjWZ3
> tOcAnRF2Y1E14T/zFGOMBJk+v46tz2AN
> =VfqE
> -END PGP SIGNATURE-

Would you consider adding unix2dos?

Thanks

Andrew
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Very slow disk speed / mpt0: LSILogic SAS/SATA Adapter

[Matej Šerc]

Hi,

we have a HP ProLiant server with RAID 0/1 controller onboard. It is
detected as mpt0 (I have attached a part of dmesg output at the end of the
mail). As reported by some already (
http://www.mail-archive.com/freebsd-performa...@freebsd.org/msg02446.html),
we are also getting extremely slow write speeds. I read somewhere that there
are some improvements which could solve the situation in 7.2 (our system has
7.1 installed and I am currently unable to turn it off and it will stay so
for at least 3 months).

There are some information that setting hw.mpt.enable_sata_wc=1 solves the
write speed (it actually does as I tested!), but I would like to know more
about how danger that option is. We are using softupdates and now have this
hw.mpt.enable_sata_wc=0, after reading that it might be very dangerous when
using sata_wc=1.

I am really looking forward to getting more information about this, it is
actually driving me nuts. We have a number of other servers and there are no
problems with RAID controllers at all. And as I said, I cannot actually turn
of this machine and bring it back to reinstall new OS.

Thank you very much for your comments and thoughts,
Matej


The server model is ML110G5.

mpt0:  port 0xd000-0xd0ff mem
0xfcefc000-0xfcef,0xfcee-0xfcee irq 16 at device 0.0 on pci5
mpt0: [ITHREAD]
mpt0: MPI Version=1.5.16.0
mpt0: Capabilities: ( RAID-0 RAID-1E RAID-1 )
mpt0: 1 Active Volume (2 Max)
mpt0: 3 Hidden Drive Members (10 Max)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Problem authenticating with sasl in jail

[Erik Norgaard]

Hi:

I am migrating my imap server to a jail, I got the jail up and 
cyrus-imapd starts. I have copied configuration files from the current 
server, cyrus.conf, imapd.conf and passwd and group files. saslauthd is 
running, yet when I try to login I get the error:


IMAP Password:
  Login failed: generic failure at 
/usr/local/lib/perl5/site_perl/5.10.0/mach/Cyrus/IMAP/Admin.pm line 120

cyradm: cannot authenticate to server with  as cyrus

in /var/log/messages

Jun 17 13:40:04 jail perl: No worthy mechs found

in imap log file:

Jun 17 13:40:07 jail imap[2280]: badlogin: jail.example.com [172.16.0.2] 
plaintext cy...@example.com SASL(-1): generic failure: checkpass failed


jails hostname is jail (maybe not the best choice). I'm using FBSD 7.2 
for both host and jail system, jail installed with packages:


cyrus-imapd-2.3.14_1
cyrus-sasl-2.1.23
cyrus-sasl-saslauthd-2.1.23

Thanks, Erik

--
Erik Nørgaard
Ph: +34.666334818/+34.915211157  http://www.locolomo.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Updating linux-pango

[Gerard]

Affected package: linux-pango-1.10.2_3
Type of problem: pango -- integer overflow.
Reference: 


This problem has existed for awhile now. Unless: 

DISABLE_VULNERABILITIES=yes

is used, linux-pango and any port that depends on it will refuse to
build. Is there any information on when this problem will be resolved?
I really do not like intentionally installing a program with a
potential security problem; however, in this case I have no choice.

-- 
Jerry
ges...@yahoo.com

Vote early and vote often.

Al Capone's slogan for Big Bill Thompson's anti-reform campaign for
Mayor of Chicago, 1926.  Big Bill won.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: freebsd "toaster"

[Chris Rees]

2009/6/17 Alex Stangl :
> On Tue, Jun 16, 2009 at 07:04:47PM -0700, SA wrote:
>> This article by Colin Percival 
>> http://www.daemonology.net/freebsd-update/binup.html discusses using 
>> freebsd-update as a "toaster" for updating an entire FreeBSD based 
>> distribution, instead of just the base system like freebsd-update normally 
>> does. Does anyone know where there might be more information on this topic?
>
> Not long ago I tried using freebsd-update to update from 6.0-RELEASE to 
> 7.2-RELEASE,
> based upon instructions on Percival's blog,
> http://www.daemonology.net/blog/2007-11-11-freebsd-major-version-upgrade.html
>
> It blew away the contents of /boot/kernel. Multiple emails to Percival
> went unanswered, and when I later asked about it on this list, the only
> response was a suggestion to upgrade via source. (Thanks for the
> suggestion, by the way -- I think I'll rather do that to stay up to date
> once I get caught up.)
>
> Based upon my experience and the apparent lack of current support, I
> would not recommend using these tools for binary updates, especially in
> an automated fashion. If I get some spare time and inclination, I may
> try to diagnose what went wrong with the freebsd-update script, but more
> likely will end up doing a clean install of 7.2-RELEASE from ISO onto
> a new drive, and migrate everything over.
>
> Alex

Just curiosity, what's wrong with source upgrading? Isn't it miles
easier than reinstalling?

Chris



-- 
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in a mailing list?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: OpenSSL Base vs. OpenSSL Port?

[b. f.]

On 6/17/09, b. f.  wrote:
> On 6/17/09, b. f.  wrote:
>
>> Put WITH_OPENSSL_PORT=yes in your build environment -- /etc/make.conf is
>> a
>> good
>> way -- and then rebuild all ports that depend on openssl.  There are
>> many different
>> ways to do this -- you could use:
>>
>> pkgdb -L && portupgrade -fur openssl-*
>>
>> (The first command may not be necessary, but I find that the
>> dependencies of some
>> ports on openssl are sometimes missing from the pkgdb, and need to be
>> added.)
>>
>> or
>>
>> portmaster -t -r openssl-*
>>
>
> I should mention that if you are switching from using the base openssl to
> using
> the openssl from the port, and you intend to use portupgrade, then you
> will definitely
> need to to run pkgdb -L && pkgdb -F before running portupgrade,
> because otherwise
> no ports will be listed as being dependent upon the openssl port.
>
> I'm not sure if portmaster will do this properly, as it uses the
> existing /var/db/pkg in
> many cases, which will not contain the correct dependency information.
> You may need to
> get a list of ports that USE_OPENSSL, and then update those ports and
> the ports that
> depend upon them.  For example, you could first install the openssl
> port, and then use:
>
> pkg_info -aoq | xargs -I % make -C /usr/ports/% -V USE_OPENSSL -V
> PKGNAME | sed -n '/[yY][eE][sS]/{n;p;}' | xargs portmaster -t -r
>
> or something like that.
>
> b.
>

Argh. Sorry about the last (non-)message.  I meant to say:

Or rather, since (portmaster -r only accepts a single port as an
argument -- _sigh_ ) :

pkg_info -aoq | xargs -I % make -C /usr/ports/% -V USE_OPENSSL -V
PKGNAME | sed -n '/[yY][eE][sS]/{n;p;}' | xargs portmaster -f

which is thorough, but overkill. I'd stick with portupgrade or manual
'make deinstall clean install && make clean' for this task.

b.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: OpenSSL Base vs. OpenSSL Port?

[b. f.]

On 6/17/09, b. f.  wrote:
> On 6/17/09, b. f.  wrote:
>
>> Put WITH_OPENSSL_PORT=yes in your build environment -- /etc/make.conf is
>> a
>> good
>> way -- and then rebuild all ports that depend on openssl.  There are
>> many different
>> ways to do this -- you could use:
>>
>> pkgdb -L && portupgrade -fur openssl-*
>>
>> (The first command may not be necessary, but I find that the
>> dependencies of some
>> ports on openssl are sometimes missing from the pkgdb, and need to be
>> added.)
>>
>> or
>>
>> portmaster -t -r openssl-*
>>
>
> I should mention that if you are switching from using the base openssl to
> using
> the openssl from the port, and you intend to use portupgrade, then you
> will definitely
> need to to run pkgdb -L && pkgdb -F before running portupgrade,
> because otherwise
> no ports will be listed as being dependent upon the openssl port.
>
> I'm not sure if portmaster will do this properly, as it uses the
> existing /var/db/pkg in
> many cases, which will not contain the correct dependency information.
> You may need to
> get a list of ports that USE_OPENSSL, and then update those ports and
> the ports that
> depend upon them.  For example, you could first install the openssl
> port, and then use:
>
> pkg_info -aoq | xargs -I % make -C /usr/ports/% -V USE_OPENSSL -V
> PKGNAME | sed -n '/[yY][eE][sS]/{n;p;}' | xargs portmaster -t -r
>
> or something like that.
>
> b.
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Problem with jail connecting out

[Erik Norgaard]

Erik Norgaard wrote:

I have no problem connecting from the host to the jail, but the other 
way around doesn't work.


Also, related, how do I configure multiple interfaces in a jail?


Second problem solved, starting jail with

  # jail /var/jail jail 127.0.0.2,172.16.0.2 /bin/sh /etc/rc

So, now I have:

vr1: flags=8943 metric 0 
mtu 1500

options=2808
ether 00:40:63:ee:97:f1
inet 172.16.0.2 netmask 0x broadcast 172.16.0.2
media: Ethernet autoselect (100baseTX )
status: active
lo0: flags=8049 metric 0 mtu 16384
inet 127.0.0.2 netmask 0x

Now, I can connect out on vr1 to 172.16.0.1, but not on lo0 to 
127.0.0.1. Any suggestions what might be wrong?


Btw, this jail and host system is FBSD 7.2-STABLE.

Thanks, Erik

--
Erik Nørgaard
Ph: +34.666334818/+34.915211157  http://www.locolomo.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: OpenSSL Base vs. OpenSSL Port?

[b. f.]

On 6/17/09, b. f.  wrote:

> Put WITH_OPENSSL_PORT=yes in your build environment -- /etc/make.conf is a
> good
> way -- and then rebuild all ports that depend on openssl.  There are
> many different
> ways to do this -- you could use:
>
> pkgdb -L && portupgrade -fur openssl-*
>
> (The first command may not be necessary, but I find that the
> dependencies of some
> ports on openssl are sometimes missing from the pkgdb, and need to be
> added.)
>
> or
>
> portmaster -t -r openssl-*
>

I should mention that if you are switching from using the base openssl to using
the openssl from the port, and you intend to use portupgrade, then you
will definitely
need to to run pkgdb -L && pkgdb -F before running portupgrade,
because otherwise
no ports will be listed as being dependent upon the openssl port.

I'm not sure if portmaster will do this properly, as it uses the
existing /var/db/pkg in
many cases, which will not contain the correct dependency information.
You may need to
get a list of ports that USE_OPENSSL, and then update those ports and
the ports that
depend upon them.  For example, you could first install the openssl
port, and then use:

pkg_info -aoq | xargs -I % make -C /usr/ports/% -V USE_OPENSSL -V
PKGNAME | sed -n '/[yY][eE][sS]/{n;p;}' | xargs portmaster -t -r

or something like that.

b.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: OpenSSL Base vs. OpenSSL Port?

[b. f.]

>I had been running 6.2 with openssl base for quite a while. Then I
>attempted to implement the dkim-filter port which required using openssl
>to generate keys.  That's when I noticed that openssl is broken on my
>machine.  See this example:

># openssl genrsa -out rsa.private 1024
>Error configuring OpenSSL
>28086:error:260AB089:engine routines:ENGINE_ctrl_cmd_string:invalid cmd
>name:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_ctrl.c:318:
>28086:error:0E07406D:configuration file
>routines:CONF_modules_load:module initialization
>error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto
>/conf/conf_mod.c:234:module=engines,
>value=openssl_engines, retcode=-1

>So I thought rebuilding world might fix it and while I was at it, I
>upgraded to 6.4 but still have the same problem.

I'm not familiar with this problem.  If you have the a supported version of 6.X
installed, and you've read the documentation, and are convinced that the error
is due to some problem with the openssl in base, then you should submit a PR:

http://www.freebsd.org/support/bugreports.html


>Next I tried installing openssl from ports.  This openssl seems to work:

># /usr/local/bin/openssl genrsa -out rsa.private 1024
>Generating RSA private key, 1024 bit long modulus
>..++
>..++
>e is 65537 (0x10001)

>But now I am unclear as to what state my system is in.  What is the
>preferred method for using openssl from ports vs. using openssl base.  I
>don't really care which I use but want to avoid trouble with multiple
>versions of openssl and/or ports compiled against the wrong version.
>I've been Googling all day but can not find a clear guide.

No need to waste time googling -- just go straight to the code, the
port makefiles
on your system that actually _do_ the work -- in this case
/usr/ports/Mk/bsd.openssl.mk
(or substitute the value of PORTSDIR for /usr/ports if you've got your
Ports tree in some
nondefault location). There you will see some comments and the actual code
governing the use of the variables.

>Specifically, what should I have in my /etc/make.conf and what
>portupgrade command should I use to ensure things are build against the
>correct openssl?  I've seen things like OPENSSL_OVERWRITE_BASE=yes,
>NO_OPENSSL=yes, WITH_OPENSSL_PORT=yes, WITH_OPENSSL_BETA=yes, and
>portupgrade -rf openssl but remain confused.

Put WITH_OPENSSL_PORT=yes in your build environment -- /etc/make.conf is a good
way -- and then rebuild all ports that depend on openssl.  There are
many different
ways to do this -- you could use:

pkgdb -L && portupgrade -fur openssl-*

(The first command may not be necessary, but I find that the
dependencies of some
ports on openssl are sometimes missing from the pkgdb, and need to be added.)

or

portmaster -t -r openssl-*

for example.  Note that this will only ensure that ports that correctly use
USE_OPENSSL are linked to the proper version of openssl -- some ports may
not have been constructed properly, and may still end up being linked
to the base
openssl.  You can check if there are any such ports by using ldd(1) or
the sysutils/libchk
port.


b.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Announcing: FreeBSD Custom XFCE ISO (take II) - Openoffice packages

[Manolis Kiagias]

Chris Whitehouse wrote:
>
>
> I would vote for including openoffice, it takes much longer to compile
> than to download, or maybe make the package and any dependencies that
> are not already included available as a separate tarball.
>

I've implemented this neat idea, the tarball is here:

http://freebsd.dev-urandom.com/iso/i386/xfce-desktop/openoffice.tar.gz

Instructions:

http://freebsd.dev-urandom.com/iso/i386/xfce-desktop/README.openoffice

As a matter of fact, I noticed only the main openoffice package is
needed - every other run dependency is already present in the XFCE iso.
The few other packages in the tarball are build dependencies.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"