it =was= ``remind''... .
the calendar layout of when and remind are similar enough that i messed up. i think it must have been remind rather than when. i want remind to exec a popup that shouts at me that it is time to sack out. or whatever. so far i'm trying to use -k[command in my ~/.reminder file, but don't have it down exactly. according to the makefile there is a tkremind [??]. that is next to investigate. i have 9 or 10+ fairly brutal months ahead of me and i usually realize that it is way past midnight just too late, :-) thanks for any pointers. i thought i had my old config files saved, but nope. gary -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix The 7.83a release of Jottings: http://jottings.thought.org/index.php http://journey.thought.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ssh under attack - sessions in accepted state hogging CPU
One thing I don't see mentioned a lot is port knocking. It's not perfect but it does have it's uses. Since it sounds like you have a lot of users that need to connect you might be able to adapt it to your situation. I haven't tried this specific port knocking sequence but you could setup a knock where if a user attempts to connect to port 22 say 3 times (most clients should auto retry) it then opens up port 22 to that ip and allows them to connect to sshd. This would depend on the type of brute force being done. A distributed botnet might only try an ip/port once or twice then move on. This would be pretty seemless to the end user except for an initial delay when connecting as their client retries the connection until the specific knock threshold has been hit. It's a middle ground to changing the port sshd is operating on. You can do this with firewall rules or http://www.freshports.org/security/knock/. A lot of SSH attacks are coming from large numbers of compromised hosts that make them very hard to stop with sshguard which is pretty annoying. On 8/9/2010 8:13 PM, Matt Emmerton wrote: Hi all, I'm in the middle of dealing with a SSH brute force attack that is relentless. I'm working on getting sshguard+ipfw in place to deal with it, but in the meantime, my box is getting pegged because sshd is accepting some connections which are getting stuck in [accepted] state and eating CPU. I know there's not much I can do about the brute force attacks, but will upgrading openssh avoid these stuck connections? root 39127 35.2 0.1 6724 3036 ?? Rs 11:10PM 0:37.91 sshd: [accepted] (sshd) root 39368 33.6 0.1 6724 3036 ?? Rs 11:10PM 0:22.99 sshd: [accepted] (sshd) root 39138 33.1 0.1 6724 3036 ?? Rs 11:10PM 0:41.94 sshd: [accepted] (sshd) root 39137 32.5 0.1 6724 3036 ?? Rs 11:10PM 0:36.56 sshd: [accepted] (sshd) root 39135 31.0 0.1 6724 3036 ?? Rs 11:10PM 0:35.09 sshd: [accepted] (sshd) root 39366 30.9 0.1 6724 3036 ?? Rs 11:10PM 0:23.01 sshd: [accepted] (sshd) root 39132 30.8 0.1 6724 3036 ?? Rs 11:10PM 0:35.21 sshd: [accepted] (sshd) root 39131 30.7 0.1 6724 3036 ?? Rs 11:10PM 0:38.07 sshd: [accepted] (sshd) root 39134 30.2 0.1 6724 3036 ?? Rs 11:10PM 0:40.96 sshd: [accepted] (sshd) root 39367 29.3 0.1 6724 3036 ?? Rs 11:10PM 0:22.08 sshd: [accepted] (sshd) PID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU COMMAND 39597 root 1 1030 6724K 3036K RUN 3 0:28 35.06% sshd 39599 root 1 1030 6724K 3036K RUN 0 0:26 34.96% sshd 39596 root 1 1030 6724K 3036K RUN 0 0:27 34.77% sshd 39579 root 1 1030 6724K 3036K CPU33 0:28 33.69% sshd 39592 root 1 1020 6724K 3036K RUN 2 0:27 32.18% sshd 39591 root 1 1020 6724K 3036K CPU22 0:27 31.88% sshd -- Matt Emmerton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ssh under attack - sessions in accepted state hogging CPU
Hi, Matt-- On Aug 9, 2010, at 8:13 PM, Matt Emmerton wrote: I'm in the middle of dealing with a SSH brute force attack that is relentless. I'm working on getting sshguard+ipfw in place to deal with it, but in the meantime, my box is getting pegged because sshd is accepting some connections which are getting stuck in [accepted] state and eating CPU. I know there's not much I can do about the brute force attacks, but will upgrading openssh avoid these stuck connections? If I wasn't allowed to require that in order to SSH to arbitrary internal machines one would need to do a VPN session, the second choice would be to install the openssh port with tcpwrappers support + denyhosts. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD equivalent of Microsoft DFS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 9 Aug 2010, Ed Flecko wrote: |Is there a FreeBSD equivalent to Microsoft DFS, i.e., software that |will replicate delta level file changes of network shares among |multiple servers in real time? | |Would that be rsync with just a frequently scheduled cron task? | Kqueue - most advanced and cool thing implemented as kernel mechanism of events processing. With that you could write your own file auditing system. +---+ ! CANMOS ISP Network! +---+ ! Best regards ! ! Igor V. Ruzanov, network operational staff! ! e-Mail: ig...@canmos.ru ! +---+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFMYPg2bt6QiUlK9twRAhfUAJ4j7dmbXPYaGKGy5G351PWKSMS1iACgxJCP lAoUhxv9xutJLS+extS+wBQ= =DHlr -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
USB pen drive not detected
Hi, I am running FreeBSD 8.1-STABLE amd64 and have got a strange problem when I try to attach and mount my 16 GB USB pen drive. # dmesg delivers something like ugen1.2: vendor 0x058f at usbus1 umass0: vendor 0x058f Spaceloop 16GB, class 0/0, rev 2.00/1.02, addr 2 on usbus1 (probe0:umass-sim0:0:0:0): INQUIRY. CDB: 12 0 0 0 24 0 (probe0:umass-sim0:0:0:0): CAM status: SCSI Status Error (probe0:umass-sim0:0:0:0): SCSI status: Check Condition (probe0:umass-sim0:0:0:0): SCSI sense: DATA PROTECT asc:6e,17 (Reserved ASC/ASCQ pair) (probe0:umass-sim0:0:0:0): AutoSense failed No /dev/da0s1 is created and of course it can not be mounted. On the other hand: when I attach the drive and reboot I get: # dmesg ugen1.2: vendor 0x058f at usbus1 umass0: vendor 0x058f Spaceloop 16GB, class 0/0, rev 2.00/1.02, addr 2 on usbus1 Root mount waiting for: usbus1 Trying to mount root from ufs:/dev/ad0s1a (probe0:umass-sim0:0:0:0): TEST UNIT READY. CDB: 0 0 0 0 0 0 (probe0:umass-sim0:0:0:0): CAM status: SCSI Status Error (probe0:umass-sim0:0:0:0): SCSI status: Check Condition (probe0:umass-sim0:0:0:0): SCSI sense: UNIT ATTENTION asc:28,0 (Not ready to ready change, medium may have changed) da0 at umass-sim0 bus 0 scbus3 target 0 lun 0 da0: Spaceloop 16GB 8.07 Removable Direct Access SCSI-2 device da0: 40.000MB/s transfers da0: 16086MB (32945152 512 byte sectors: 255H 63S/T 2050C) GEOM: da0: partition 1 does not start on a track boundary. GEOM: da0: partition 1 does not end on a track boundary. Now I can do # mount_msdosfs /dev/da0s1 /mnt and access the drive. What is going on here? How can I access my drive without rebooting? For a comparision: I have got an old USB pen drive (512 MB) which works without any trouble: # dmesg ugen0.3: USB at usbus0 umass0: USB Solid state disk, class 0/0, rev 1.10/1.00, addr 3 on usbus0 da0 at umass-sim0 bus 0 scbus3 target 0 lun 0 da0: QDI USBDisk 1.11 Removable Direct Access SCSI-2 device da0: 1.000MB/s transfers da0: 503MB (1031936 512 byte sectors: 64H 32S/T 503C) Sorry to say the 16 GB thing works smoothly with Debian, Fedora and even Windows :( Greetings Peter. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD equivalent of Microsoft DFS
On 09/08/2010 23:42, Ed Flecko wrote: Is there a FreeBSD equivalent to Microsoft DFS, i.e., software that will replicate delta level file changes of network shares among multiple servers in real time? It's not 'real time' but you can achieve something like this by using a combination of ZFS snapshots and ZFS send / receive. Would that be rsync with just a frequently scheduled cron task? Which works very well indeed in many situations. Someone else has already mentioned distributed filesystems line AFS -- another thing to contemplate is the new HAST capability in FreeBSD: http://wiki.freebsd.org/HAST It's conceptually similar to Linux DRBD, which in theory you can use under FreeBSD as well, but no idea how it performs. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
how to burn 8.1-RELEEASE CD
I am running a 7.2 machine and the main disk has gone bad (semi usable but I want to reinstall) after replacing the disk later want to upgrade it to 8.1-RELEASE and have downloaded disk 0 from the local FTP but am not sure how to burn it under 7.1... how do I do this? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
gmirror of zfs mirror
I'm convinced that ZFS mirroring is far better than gmirroring, but the latter uses much less memory (I think). My server has 3Gb and is solely used as server (web, files/nfs/samba, dns, mail). The data is serves does not change much, so I would think the data integrity checks of ZFS although useful do not serve a very high purpose. If a disk goes bad it can be replaced using gmirror and/or ZFS. Why would it be the preferred way to use ZFS over gmirror? I know ZFS (I come from opensolaris). I'm not that familiar with gmirror. Hence the doubts..;-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to burn 8.1-RELEEASE CD
On 10/08/2010 09:41, Aryeh M. Friedman wrote: I am running a 7.2 machine and the main disk has gone bad (semi usable but I want to reinstall) after replacing the disk later want to upgrade it to 8.1-RELEASE and have downloaded disk 0 from the local FTP but am not sure how to burn it under 7.1... how do I do this? It's described in the Handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-diff-media.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/creating-cds.html#BURNCD http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/creating-cds.html#CDRECORD Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
How to connect a jail to the web ?
Hello, I've just created my first FreeBSD jail in order to install a web server inside. But I don't know how to connect it to the web. When I try pinging a http website, it doesn't work. Of course, it works when I do it from outside the jail. Another problem, probably linked to the first one, I can't run rc within the jail, even as the jail's root. It says : permission denied. Here's how I built and started my jail. I had already run make buildworld when upgrading to 8.1 release : # mkdir /usr/prison # cd /usr/src # make installworld DESTDIR=/usr/prison # make distribution DESTDIR=/usr/prison # mount -t devfs devfs /usr/prison/dev # jail -c path=/usr/prison host.hostname=ServeurWeb ip4.addr=192.1.1.1 persist # jail /usr/prison ServeurWeb 192.1.1.1 csh I guess this must be a very basic question but please help me. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to connect a jail to the web ?
On 08/10/2010 13:01, Brice ERRANDONEA wrote: Hello, I've just created my first FreeBSD jail in order to install a web server inside. But I don't know how to connect it to the web. When I try pinging a http website, it doesn't work. Of course, it works when I do it from outside the jail. Another problem, probably linked to the first one, I can't run rc within the jail, even as the jail's root. It says : permission denied. Here's how I built and started my jail. I had already run make buildworld when upgrading to 8.1 release : # mkdir /usr/prison # cd /usr/src # make installworld DESTDIR=/usr/prison # make distribution DESTDIR=/usr/prison # mount -t devfs devfs /usr/prison/dev # jail -c path=/usr/prison host.hostname=ServeurWeb ip4.addr=192.1.1.1 persist # jail /usr/prison ServeurWeb 192.1.1.1 csh I guess this must be a very basic question but please help me. make sure NAT is enabled on the host.. I use PF for that with something like (/etc/pf.conf): ext_if=bce0 int_if=bce1 internal_net=192.168.0.0/24 nat on $ext_if from $internal_net to any - ($ext_if) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- No trees were killed in the creation of this message. However, many electrons were terribly inconvenienced. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
AHCI driver
I'm told it would be better to enable the AHCI driver form my SATA2 drives. It would make ZFS perform better on them. From the release notes I get: FreeBSD cam(3) http://www.FreeBSD.org/cgi/man.cgi?query=camsektion=3manpath=FreeBSD+8.1-RELEASE SCSI framework has been improved and a new kernel option |option ATA_CAM| has been added. This turns ata(4) http://www.FreeBSD.org/cgi/man.cgi?query=atasektion=4manpath=FreeBSD+8.1-RELEASE controller drivers into cam(4) http://www.FreeBSD.org/cgi/man.cgi?query=camsektion=4manpath=FreeBSD+8.1-RELEASE interface modules. When enabled, this option deprecates all ata(4) http://www.FreeBSD.org/cgi/man.cgi?query=atasektion=4manpath=FreeBSD+8.1-RELEASE peripheral drivers and interfaces such as ad and acd, and allows cam(4) http://www.FreeBSD.org/cgi/man.cgi?query=camsektion=4manpath=FreeBSD+8.1-RELEASE drivers ada, and cd and interfaces to be natively used instead. Note that this is not enabled by default in the GENERIC kernel. Is it really better to enable AHCI driver? Will I be able to GEOM label normal disks (like /dev/ad0) or do I need /dev/ada0 drives for that? Thanks for any help / advice on this matter. I'm building the server and want to do things right from the start. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to connect a jail to the web ?
On Tue, Aug 10, 2010 at 2:01 PM, Brice ERRANDONEA berrando...@yahoo.frwrote: Hello, I've just created my first FreeBSD jail in order to install a web server inside. But I don't know how to connect it to the web. When I try pinging a http website, it doesn't work. Of course, it works when I do it from outside the jail. Another problem, probably linked to the first one, I can't run rc within the jail, even as the jail's root. It says : permission denied. Here's how I built and started my jail. I had already run make buildworld when upgrading to 8.1 release : # mkdir /usr/prison # cd /usr/src # make installworld DESTDIR=/usr/prison # make distribution DESTDIR=/usr/prison # mount -t devfs devfs /usr/prison/dev # jail -c path=/usr/prison host.hostname=ServeurWeb ip4.addr=192.1.1.1 persist # jail /usr/prison ServeurWeb 192.1.1.1 csh I guess this must be a very basic question but please help me. Hello, To be able to ping from inside the jail you need raw sockets activated on the host. sysctl security.jail.allow_raw_sockets=1 For ease of configuration you could use ezjail - a jail administration framework written in shell or if you plan to use lots of jails (20+) you could try qjail which is also a jail administration framework. have a great day, v -- network warrior ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: USB pen drive not detected
Peter Ulrich Kruppa wrote: I am running FreeBSD 8.1-STABLE amd64 and have got a strange problem when I try to attach and mount my 16 GB USB pen drive. # dmesg delivers something like ugen1.2: vendor 0x058f at usbus1 umass0: vendor 0x058f Spaceloop 16GB, class 0/0, rev 2.00/1.02, addr 2 on usbus1 (probe0:umass-sim0:0:0:0): INQUIRY. CDB: 12 0 0 0 24 0 (probe0:umass-sim0:0:0:0): CAM status: SCSI Status Error (probe0:umass-sim0:0:0:0): SCSI status: Check Condition (probe0:umass-sim0:0:0:0): SCSI sense: DATA PROTECT asc:6e,17 (Reserved ASC/ASCQ pair) (probe0:umass-sim0:0:0:0): AutoSense failed No /dev/da0s1 is created and of course it can not be mounted. Do these commands help? # camcontrol reset 0 (wait a few seconds for the reset to complete) # camcontrol rescan 0 Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd Whatever happened to the days when hacking started at the cerebral cortex, and not at the keyboard? -- Sid on userfriendly.org by Illiad, 2007-06-20 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: FreeBSD equivalent of Microsoft DFS
for all: MS DFS = MS Distributed File system is NOT a FS it's a shared directory on a drive that is replicated via AD mechanism to 1 or more locatations If setup correctly DFS can have 2 or many more servers, and to replicate it only needs a partner server to replicate with. all other servers can be turned off .. its neither a ring or a star shaped network. (not 100% true but makes explaining a lot easier) In Freebsd that woud be a CIFS or NFS share that is synced over 1 or more sites (without bandwith control ) The only issue if you want to replicate this within Freebsd is how to setup the sync process for more then 3 hosts. And more specific if 1 file gets edited on to seperate servers and replicated to a 3rd server, what happens then? Of course such a write action when it happens is very very small chance. IF you want to use FreeBSD as a file server for a windows enviroment (with ZFS) you can do 2 things 1) use ZFS and make a ISCSI -disk (istgt port for now) and connect the ISCSI disk to a Virtual server with a windows server host 2) use ZFS + SAMBA, configure samba to use the AD information to give access (Single Sign On) The first one is the easiest fastest way however it will cost you performance compared with the second solution. The most difficult is to have samba connecting to a AD enviroment without any alterations on the windows machines/ad and kerberos. However SAMBA AD are reported to have a love hate relation ship working together, and can break Date: Mon, 9 Aug 2010 15:42:59 -0700 From: edfle...@gmail.com To: freebsd-questions@freebsd.org Subject: FreeBSD equivalent of Microsoft DFS Is there a FreeBSD equivalent to Microsoft DFS, i.e., software that will replicate delta level file changes of network shares among multiple servers in real time? Would that be rsync with just a frequently scheduled cron task? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: AHCI driver
Its better to enable, but AD4 can get renamed to ada0 but it's easy to fix (when reboot keep a 2nd computer handy to google the solution) you just need to edit the /etc/fstab to point to the newly named drives .. Date: Tue, 10 Aug 2010 13:36:11 +0200 From: d...@nagual.nl To: freebsd-questions@freebsd.org Subject: AHCI driver I'm told it would be better to enable the AHCI driver form my SATA2 drives. It would make ZFS perform better on them. From the release notes I get: FreeBSD cam(3) http://www.FreeBSD.org/cgi/man.cgi?query=camsektion=3manpath=FreeBSD+8.1-RELEASE SCSI framework has been improved and a new kernel option |option ATA_CAM| has been added. This turns ata(4) http://www.FreeBSD.org/cgi/man.cgi?query=atasektion=4manpath=FreeBSD+8.1-RELEASE controller drivers into cam(4) http://www.FreeBSD.org/cgi/man.cgi?query=camsektion=4manpath=FreeBSD+8.1-RELEASE interface modules. When enabled, this option deprecates all ata(4) http://www.FreeBSD.org/cgi/man.cgi?query=atasektion=4manpath=FreeBSD+8.1-RELEASE peripheral drivers and interfaces such as ad and acd, and allows cam(4) http://www.FreeBSD.org/cgi/man.cgi?query=camsektion=4manpath=FreeBSD+8.1-RELEASE drivers ada, and cd and interfaces to be natively used instead. Note that this is not enabled by default in the GENERIC kernel. Is it really better to enable AHCI driver? Will I be able to GEOM label normal disks (like /dev/ad0) or do I need /dev/ada0 drives for that? Thanks for any help / advice on this matter. I'm building the server and want to do things right from the start. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: AHCI driver
Is it really better to enable AHCI driver? Almost certainly, yes. If your BIOS and SATA controller use AHCI, and are recognized by the ahci(4), mvs(4), or siis(4) drivers (I think that these drivers are built as kernel modules by default in the recent versions of FreeBSD, and don't require the use of a custom kernel with the non-default ATA_CAM option -- all you have to do is load them at boot time, either manually or via loader.conf(5)), then you will be able to use features like NCQ and better power management with disk drives that support those features. This can give you substantial benefits. If your BIOS and/or SATA controller don't support AHCI, in order to use cam(4) you must build a custom kernel with the ATA_CAM option. In that case you may still see some benefits, but they won't be as dramatic as in the AHCI case. If I recall correctly, the only disadvantage to this option is that it prevents the use of ataraid(4) -- everything else has a (usually slightly better) counterpart with the option, and it is only a matter of configuring your system to use it and learning how to use the new management tools (like camcontrol(8)), rather than the old tools (like atacontrol(8)). And yes, if you use the new drivers or the ATA_CAM option, some of your disks will probably show up as /dev/adaX, rather than the old /dev/adX. So make sure that you adjust fstab(5) and device.hints(5) as necessary before rebooting. b. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: amd64
On Mon, Aug 09, 2010 at 08:58:49PM -0500, Depo Catcher wrote: On 8/9/2010 4:14 PM, Robert Huff wrote: Polytropon writes: I've installed FreeBSD-amd64. It runs very well. The packages I fetch are amd64 too, but what about the ports I compile myself? Are those amd64 too? Yes, as your compiler infrastructure and target platform is amd64, and so is the resulting binary code. How does it know your are on amd64? gcc auto detect of CPU? Because that is what you installed and booted. The chip doesn't matter - built by AMD or Intell. What matters is the type of chip. jerry ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to connect a jail to the web ?
On Tue, Aug 10, 2010 at 11:01:24AM +, Brice ERRANDONEA wrote: Hello, I've just created my first FreeBSD jail in order to install a web server inside. But I don't know how to connect it to the web. When I try pinging a http website, it doesn't work. Of course, it works when I do it from outside the jail. There are a couple of things you need to keep in mind. - The IP address you're using for a jail is usually an alias for an existing interface. I think this is done to make routing easier. My system is configured as a gateway, and I've aliased the IP adresses for my jails to the interaface of the internal trusted network. - You should really use the rc interface for starting jails; it's much easier. Another problem, probably linked to the first one, I can't run rc within the jail, even as the jail's root. It says : permission denied. See below. Here's how I built and started my jail. I had already run make buildworld when upgrading to 8.1 release : # mkdir /usr/prison # cd /usr/src # make installworld DESTDIR=/usr/prison # make distribution DESTDIR=/usr/prison Do not forget to create an empty /etc/fstab in your jail; # touch /usr/prison/etc/fstab You'll also need to create an appropriate /etc/rc.conf file in the jail. The following should be a starting point; devfs_system_ruleset=devfsrules_jail network_interfaces= sshd_enable=YES sendmail_enable=NO rpcbind_enable=NO # mount -t devfs devfs /usr/prison/dev # jail -c path=/usr/prison host.hostname=ServeurWeb ip4.addr=192.1.1.1 persist # jail /usr/prison ServeurWeb 192.1.1.1 csh You should use the full path name of the program you want to run. # jail /usr/prison ServeurWeb 192.1.1.1 /bin/csh If you want to start the rc system in the jail; # jail /usr/prison ServeurWeb 192.1.1.1 /bin/sh /etc/rc I've detailed my setpup on a webpage. Maybe it will be of use to you; http://www.xs4all.nl/~rsmith/unix/misc.xhtml#creatingavirtualserveronfreebsdwithajail8 Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpWoqNbcvquY.pgp Description: PGP signature
Re: AHCI driver
On Tue, Aug 10, 2010 at 02:37:42PM +0200, Victor Ophof wrote: Its better to enable, but AD4 can get renamed to ada0 I think you should change can to will. :-) but it's easy to fix you just need to edit the /etc/fstab to point to the newly named drives .. Do this _before_ rebooting! When I rebooted into single user mode to update my laptop running 8.0 to 8.1, I couldn't edit my /etc/fstab, because my / wat mounted read-only, and I could not get it to remount as read/write! I had to boot with the old kernel (/boot/kernel.old/kernel) to be able to mount root as read/write and fix etc/fstab! Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgppxe5vyMBFJ.pgp Description: PGP signature
Re: How to connect a jail to the web ?
On 8/10/2010 4:01 AM, Brice ERRANDONEA wrote: Hello, I've just created my first FreeBSD jail in order to install a web server inside. But I don't know how to connect it to the web. When I try pinging a http website, it doesn't work. Of course, it works when I do it from outside the jail. Another problem, probably linked to the first one, I can't run rc within the jail, even as the jail's root. It says : permission denied. Here's how I built and started my jail. I had already run make buildworld when upgrading to 8.1 release : # mkdir /usr/prison # cd /usr/src # make installworld DESTDIR=/usr/prison # make distribution DESTDIR=/usr/prison # mount -t devfs devfs /usr/prison/dev # jail -c path=/usr/prison host.hostname=ServeurWeb ip4.addr=192.1.1.1 persist # jail /usr/prison ServeurWeb 192.1.1.1 csh I guess this must be a very basic question but please help me. I would highly recommend ezjail for setting up jails. Although you should still read the handbook on jails so you understand the overall mechanics. Reading ezjails man page makes it very easy to setup and deploy new jails in the future. The only thing you need to do inside a jail setup with ezjail to connect to the web is put nameservers in /etc/resolv.conf For setting it up on your host system you can do something like this (there are a couple of ways you can do it, I've just found this to be the most portable). host rc.conf #Put jail on loopback device cloned_interfaces=lo1 ifconfig_lo1=inet 10.1.1.1 netmask 255.255.255.0 # Enable port forwarding and packet filtering gateway_enable=YES pf_enable=YES pf_rules=/etc/pf.conf # Jails ezjail_enable=YES host pf.conf, find your interface name via ifconfig #INTERFACES ext_if=em0 # nat from jails to your network cards ip nat on $ext_if from 10.1.1.0/24 to any - XXX.XXX.XXX.XXX Here are some resource I found helpful when I was setting up jails for the first time. Be aware some ezjail tutorials are really old and you should read the man page first as that is current. http://www2.budzien.com/wiki/Wiki.jsp?page=UsingEzJail http://wael.nasreddine.com/blog/jail-servers.html http://www.jeroen.se/articles/freebsd_jail_laptop_dhcp.php ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: zfs question
On 9/08/2010 2:52 AM, krad wrote: On 8 August 2010 16:51, Adam Vande Moreamvandem...@gmail.com wrote: On Sun, Aug 8, 2010 at 10:37 AM, Dick Hoogendijkd...@nagual.nl wrote: On 8-8-2010 14:27, Matthew Seaman wrote: Yes. It works very well. On amd64 you'll get a pretty reasonable setup out of the box (so to speak) which will work fine for most purposes. One other thing comes to mind. I want a very robus, fast rockl solid *server* It will be a file- email and webserver mostly. Instead of using two ZFS mirrors I could also go for gmirror (I'm not familiar with it, but it's been around for quite some time so it should be very stable). I don't get the data integrity that way, but my files would be safe, no? Also, using gmirror I could use normal BSD UFS filesystems and normal swap files devided across all disks? Or am I wrong, thinking this way. I'm not into fancy stuff; it has to be robust, fast and safe. You do not *need* amd64, however it would the best choice. I wouldn't even mess around with gmirror. It's great and I love it, but it has some serious drawback's compared to zfs mirroring. One is there is no integrity checking, and two is a full resyc is required on an unclean disconnect. http://wiki.freebsd.org/RootOnZFS/GPTZFSBoot/Mirror -- Adam Vande More you could add a gjournal layer in there as well for better data integratity. I think you can do softupdates + journal as well now although I have never used it If you're after a rock solid server, then to be brutally honest it is less important to decide what you run than it is to choose something that you know well. Since you have 4 years of Solaris/OpenSolaris experience recently, you are likely to know ZFS better than gmirror. So I ask you to ponder - at four o'clock in the morning, with mail down, web servers down and all the disks holding your files failing to mount - which file system or disk structure would you prefer to try to troubleshoot? Dave. -- David Rawling Principal Consultant PD Consulting And Security Mob: +61 412 135 513 Email: d...@pdconsec.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: zfs question
On 10-8-2010 16:00, David Rawling wrote: On 9/08/2010 2:52 AM, krad wrote: So I ask you to ponder - at four o'clock in the morning, with mail down, web servers down and all the disks holding your files failing to mount - which file system or disk structure would you prefer to try to troubleshoot? ZFS. No question about it. Thank you for this eye opener. ;-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
GEOM GPT table is corrupt. Recover?
I wanted to install ZFS on two 1Tb harddisks. I did a fdisk -I /dev/ad12 to begin with, but: GEOM: ad12: the primary GPT table is corrupt or invalid GEOM: ad12: using the secondary instead -- recovery strongly advised. OK, I want to follow up on this advice, but HOW? The corruption probably comes from the fact these disks were used fully as ZFS mirror under OpenSolaris with an EFI label. What's the best way to restore these disks to be fully used under FreeBSD (w/ ZFS). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ssh under attack - sessions in accepted state hogging CPU
On 8/9/2010 8:13 PM, Matt Emmerton wrote: Hi all, I'm in the middle of dealing with a SSH brute force attack that is relentless. I'm working on getting sshguard+ipfw in place to deal with it, but in the meantime, my box is getting pegged because sshd is accepting some connections which are getting stuck in [accepted] state and eating CPU. I know there's not much I can do about the brute force attacks, but will upgrading openssh avoid these stuck connections? root 39127 35.2 0.1 6724 3036 ?? Rs 11:10PM 0:37.91 sshd: [accepted] (sshd) root 39368 33.6 0.1 6724 3036 ?? Rs 11:10PM 0:22.99 sshd: [accepted] (sshd) root 39138 33.1 0.1 6724 3036 ?? Rs 11:10PM 0:41.94 sshd: [accepted] (sshd) root 39137 32.5 0.1 6724 3036 ?? Rs 11:10PM 0:36.56 sshd: [accepted] (sshd) root 39135 31.0 0.1 6724 3036 ?? Rs 11:10PM 0:35.09 sshd: [accepted] (sshd) root 39366 30.9 0.1 6724 3036 ?? Rs 11:10PM 0:23.01 sshd: [accepted] (sshd) root 39132 30.8 0.1 6724 3036 ?? Rs 11:10PM 0:35.21 sshd: [accepted] (sshd) root 39131 30.7 0.1 6724 3036 ?? Rs 11:10PM 0:38.07 sshd: [accepted] (sshd) root 39134 30.2 0.1 6724 3036 ?? Rs 11:10PM 0:40.96 sshd: [accepted] (sshd) root 39367 29.3 0.1 6724 3036 ?? Rs 11:10PM 0:22.08 sshd: [accepted] (sshd) PID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU COMMAND 39597 root 1 1030 6724K 3036K RUN 3 0:28 35.06% sshd 39599 root 1 1030 6724K 3036K RUN 0 0:26 34.96% sshd 39596 root 1 1030 6724K 3036K RUN 0 0:27 34.77% sshd 39579 root 1 1030 6724K 3036K CPU33 0:28 33.69% sshd 39592 root 1 1020 6724K 3036K RUN 2 0:27 32.18% sshd 39591 root 1 1020 6724K 3036K CPU22 0:27 31.88% sshd -- Matt Emmerton Hi. There is a cracking/DoS technique, that tries to exhaust a servers resources, by continualy issuing connect requests, in the hope that when the stack croaks in some way, it'll somehow drop it's guard, or go off air permanently. Have you upset anyone recently? Can you not move your services to non standard IP ports, moving away from the standard ports, where all the script kiddies bots hang out, or are your clients cast in concrete? I've got FTP, Web and SSH systems running on two sites, on very non standard ports, with next to no one trying to get in as a result, but maintaining full visibility to the clients that need them, and know where they are! All my standard ports (80, 21, 22 etc) show as non existant to the outside world, except on one site, where the mail server is continualy getting hammered, but the site's ISP say they cant forward mail to any other port. The users have no problems, so long as I correctly specify the port with the address to them, as in 'address:port' if I send them a link etc, or an example how to fill in a connection dialog. DJB. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: AHCI driver
On 08/10/10 14:13, Roland Smith wrote: On Tue, Aug 10, 2010 at 02:37:42PM +0200, Victor Ophof wrote: Its better to enable, but AD4 can get renamed to ada0 I think you should change can to will. :-) but it's easy to fix you just need to edit the /etc/fstab to point to the newly named drives .. Do this _before_ rebooting! When I rebooted into single user mode to update my laptop running 8.0 to 8.1, I couldn't edit my /etc/fstab, because my / wat mounted read-only, and I could not get it to remount as read/write! I had to boot with the old kernel (/boot/kernel.old/kernel) to be able to mount root as read/write and fix etc/fstab! If you're in single user mode mount -uw / will make / (and thus /etc/fstab) writable, although your choice of editors is restricted to /bin/ed and /rescue/{ex,vi}. Alternatively, before switching to the ahci driver, label all your partitions and mount them using their labels rather than device names. That way the change in device names won't matter. Just be careful of the gotcha with labelling the root partition. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: AHCI driver
On Tue, Aug 10, 2010 at 03:23:29PM +0100, Arthur Chance wrote: If you're in single user mode mount -uw / will make / (and thus /etc/fstab) writable, although your choice of editors is restricted to /bin/ed and /rescue/{ex,vi}. Of course I tried that, and it did _not_ work! I'm not sure why, but it was when running a 8.0-RELEASE userland on a 8.1-RELEASE kernel. (I was trying to run 'make installworld' after booting in single user mode during the upgrade process). After booting with the old 8.0 kernel it did work! Alternatively, before switching to the ahci driver, label all your partitions and mount them using their labels rather than device names. This is probably a better idea. But people should note the difference between using 'tunefs -L' and 'glabel label'! The latter uses the last section of the provider to store metadata, so in that case one should _only_ create a filesystem on the labeled device! That way the change in device names won't matter. Just be careful of the gotcha with labelling the root partition. What do you mean? Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpveuY6Uz3an.pgp Description: PGP signature
Re: ssh under attack - sessions in accepted state hogging CPU
In freebsd-questions Digest, Vol 323, Issue 3, Message: 35 On Mon, 9 Aug 2010 23:36:57 -0400 Matt Emmerton m...@gsicomp.on.ca wrote: I know there's not much I can do about the brute force attacks, but will upgrading openssh avoid these stuck connections? 1. switch over to using solely RSA keys In the works; I have too many users to convert :( 2. switch to a non-standard port This is not attractive, even though it would be effective. I tried this once already and my support volume skyrocketed so I had to switch back. Matt, I've seen later responses; portknocking, tcpwrappers + denyhosts etc. The latter works, well but keeping lists of $badguys updated is becoming more intensive all the time against botnets. If you're in a position to permit only connections from a table of IP addresses, maybe subnets, there's lots you can do to block connections from elsewhere before they get to sshd (or tcpwrappers), eg with ipfw: ipfw add $rule allow tcp from table(22) to me 22 in recv $ext_if setup ipfw add deny $logifdesired tcp from any to me 22 in recv $ext_if setup Add keep-state, or earlier allow established connections, to taste. For users with varying IPs you can have them do a (say) POP mail ckeck or anything requiring auth, tail its log either live or from a maybe 5 minute cronjob to add $goodguys table entries, simple scripting and it's not too onerous training roaming users to (eg) check mail before login. Adding `date +%s` as the value for added table entries, it's easy enough deleting dynamic entries after some period of time, by cron. If you can't limit connections to just $goodguys for logistic reasons you can at least use ipfw 'limit' rules to allow only say one or two ssh connections from one IP, which should help the open connections issue. You could also impose connection limits running sshd from inetd(8): [/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]] HTH, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ssh under attack - sessions in accepted state hogging CPU
On 10/08/2010 15:25, Dave wrote: On 8/9/2010 8:13 PM, Matt Emmerton wrote: Hi all, I'm in the middle of dealing with a SSH brute force attack that is relentless. I'm working on getting sshguard+ipfw in place to deal with it, but in the meantime, my box is getting pegged because sshd is accepting some connections which are getting stuck in [accepted] state and eating CPU. I know there's not much I can do about the brute force attacks, but will upgrading openssh avoid these stuck connections? root 39127 35.2 0.1 6724 3036 ?? Rs 11:10PM 0:37.91 sshd: [accepted] (sshd) root 39368 33.6 0.1 6724 3036 ?? Rs 11:10PM 0:22.99 sshd: [accepted] (sshd) root 39138 33.1 0.1 6724 3036 ?? Rs 11:10PM 0:41.94 sshd: [accepted] (sshd) root 39137 32.5 0.1 6724 3036 ?? Rs 11:10PM 0:36.56 sshd: [accepted] (sshd) root 39135 31.0 0.1 6724 3036 ?? Rs 11:10PM 0:35.09 sshd: [accepted] (sshd) root 39366 30.9 0.1 6724 3036 ?? Rs 11:10PM 0:23.01 sshd: [accepted] (sshd) root 39132 30.8 0.1 6724 3036 ?? Rs 11:10PM 0:35.21 sshd: [accepted] (sshd) root 39131 30.7 0.1 6724 3036 ?? Rs 11:10PM 0:38.07 sshd: [accepted] (sshd) root 39134 30.2 0.1 6724 3036 ?? Rs 11:10PM 0:40.96 sshd: [accepted] (sshd) root 39367 29.3 0.1 6724 3036 ?? Rs 11:10PM 0:22.08 sshd: [accepted] (sshd) PID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU COMMAND 39597 root 1 1030 6724K 3036K RUN 3 0:28 35.06% sshd 39599 root 1 1030 6724K 3036K RUN 0 0:26 34.96% sshd 39596 root 1 1030 6724K 3036K RUN 0 0:27 34.77% sshd 39579 root 1 1030 6724K 3036K CPU33 0:28 33.69% sshd 39592 root 1 1020 6724K 3036K RUN 2 0:27 32.18% sshd 39591 root 1 1020 6724K 3036K CPU22 0:27 31.88% sshd -- Matt Emmerton Hi. There is a cracking/DoS technique, that tries to exhaust a servers resources, by continualy issuing connect requests, in the hope that when the stack croaks in some way, it'll somehow drop it's guard, or go off air permanently. Have you upset anyone recently? Can you not move your services to non standard IP ports, moving away from the standard ports, where all the script kiddies bots hang out, or are your clients cast in concrete? I've got FTP, Web and SSH systems running on two sites, on very non standard ports, with next to no one trying to get in as a result, but maintaining full visibility to the clients that need them, and know where they are! All my standard ports (80, 21, 22 etc) show as non existant to the outside world, except on one site, where the mail server is continualy getting hammered, but the site's ISP say they cant forward mail to any other port. I'm in agreement with dave here, about ssh anyway moving ssh to a non std port makes a massive difference, do it now! Paul. -- - Paul Macdonald IFDNRG Ltd Web and video hosting - t: 0131 5548070 m: 07534206249 e: p...@ifdnrg.com w: http://www.ifdnrg.com - IFDNRG 40 Maritime Street Edinburgh EH6 6SA - ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: AHCI driver
On 08/10/10 15:52, Roland Smith wrote: On Tue, Aug 10, 2010 at 03:23:29PM +0100, Arthur Chance wrote: [snip] Alternatively, before switching to the ahci driver, label all your partitions and mount them using their labels rather than device names. This is probably a better idea. But people should note the difference between using 'tunefs -L' and 'glabel label'! The latter uses the last section of the provider to store metadata, so in that case one should _only_ create a filesystem on the labeled device! That way the change in device names won't matter. Just be careful of the gotcha with labelling the root partition. What do you mean? Unless you're working from a fixit CD/DVD, if you're labelling an existing UFS root partition you have to reboot to single user mode to use tunefs -L, and then have to reboot again to edit fstab to use the labelled device and then reboot a third time for the labelled mount to take effect. If you try to get clever, as I did, and omit the second reboot by using mount -uw / to make fstab editable you wipe out the partition label, and the final reboot fails miserably, telling you it can't find /dev/ufs/root (or whatever) to mount the root partition. The machine then goes into an cycle of rebooting and failing to find the root filesystem until you fix the problem. I haven't looked at the source closely, but I'd guess this is because when / is mounted r/o the kernel caches a copy of its superblock, tunefs -L modifies the superblock on disk, mount -uw / doesn't reread the disk superblock (it was read only, what could possibly have changed? :-) so the unlabelled superblock remains cached, and the next reboot writes the unlabelled cached superblock over the labelled disk superblock on shutdown. I was stupid enough to make this mistake twice a few months apart, so now instructions for labelling root partitions are part of my hard copy notes for when I may not have a machine working well enough to look at my online notes. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: USB pen drive not detected
On Tue, 10 Aug 2010, Oliver Fromme wrote: Peter Ulrich Kruppa wrote: I am running FreeBSD 8.1-STABLE amd64 and have got a strange problem when I try to attach and mount my 16 GB USB pen drive. # dmesg delivers something like ugen1.2: vendor 0x058f at usbus1 umass0: vendor 0x058f Spaceloop 16GB, class 0/0, rev 2.00/1.02, addr 2 on usbus1 (probe0:umass-sim0:0:0:0): INQUIRY. CDB: 12 0 0 0 24 0 (probe0:umass-sim0:0:0:0): CAM status: SCSI Status Error (probe0:umass-sim0:0:0:0): SCSI status: Check Condition (probe0:umass-sim0:0:0:0): SCSI sense: DATA PROTECT asc:6e,17 (Reserved ASC/ASCQ pair) (probe0:umass-sim0:0:0:0): AutoSense failed No /dev/da0s1 is created and of course it can not be mounted. Do these commands help? # camcontrol reset 0 (wait a few seconds for the reset to complete) # camcontrol rescan 0 No, I played around with camcontrol a bit and even tried reset all and rescan all, but the pen drive won't be detected - no that's not correct: it is detected somehow but no device in /dev is created. # dmesg now delivers ugen1.2: vendor 0x058f at usbus1 umass0: vendor 0x058f Spaceloop 16GB, class 0/0, rev 2.00/1.02, addr 2 on usbus1 (probe0:umass-sim0:0:0:0): AutoSense failed da0 at umass-sim0 bus 0 scbus3 target 0 lun 0 da0: Spaceloop 16GB 8.07 Removable Direct Access SCSI-2 device da0: 40.000MB/s transfers da0: 16086MB (32945152 512 byte sectors: 255H 63S/T 2050C) Regards Peter Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd Whatever happened to the days when hacking started at the cerebral cortex, and not at the keyboard? -- Sid on userfriendly.org by Illiad, 2007-06-20 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org | Peter Ulrich Kruppa | Wuppertal | Germany___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
problem mounting USB drive
Greetings! Please help with the following issue: I am trying to mount external USB Windows disk drive to my FreeBSD system. After connecting the drive, the following log entries are created: Aug 10 18:23:56 ott kernel: ugen2.2: Western Digital at usbus2 Aug 10 18:23:56 ott kernel: umass0: Western Digital External HDD, class 0/0, rev 2.00/2.40, addr 2 on usbus2 Aug 10 18:23:56 ott kernel: umass0: SCSI over Bulk-Only; quirks = 0x Aug 10 18:23:57 ott kernel: umass0:0:0:-1: Attached to scbus0 Aug 10 18:23:57 ott kernel: da0 at umass-sim0 bus 0 scbus0 target 0 lun 0 Aug 10 18:23:57 ott kernel: da0: WDC WD16 00BEVE-11UYT0 Fixed Direct Access SCSI-0 device Aug 10 18:23:57 ott kernel: da0: 40.000MB/s transfers Aug 10 18:23:57 ott kernel: da0: 152627MB (312581808 512 byte sectors: 255H 63S/T 19457C) Mounting the drive gives the following error: # mount -t msdosfs /dev/da0s1 /mnt/ mount_msdosfs: /dev/da0s1: Invalid argument In the /var/log/messages the following message appears: Aug 10 18:27:40 ott kernel: mountmsdosfs(): bad FAT32 filesystem The drive is OK and works fine with Windows. Also, USB flash thumb drives work fine, when used in the same manner with my FreeBSD. System version is 8.0-STABLE, but this is probably irrelevant here. best regards, Ott Köstner ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: GEOM GPT table is corrupt. Recover?
On 10-8-2010 16:59, Tim Baird wrote: dd if=/dev/zero of=/dev/ad1 bs=64k count=1 Then repartition with either fdisk of gpartdepending on disk size They are 1Tb sata2 disks and I want them fully used for ZFS. Do I need partions then? The EFI label in OpenSolaris just made the disks available for ZFS. How's that on FreeBSD? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: problem mounting USB drive
On 10/08/2010 17:32, Ott Köstner wrote: [...] In the /var/log/messages the following message appears: Aug 10 18:27:40 ott kernel: mountmsdosfs(): bad FAT32 filesystem The drive is OK and works fine with Windows. Also, USB flash thumb drives work fine, when used in the same manner with my FreeBSD. System version is 8.0-STABLE, but this is probably irrelevant here. The fact that the drive is working on Windows does not mean it's FAT32 formatted. It may as well be NTFS formatted (man mount_ntfs). Doublecheck you're running a FAT32 system: FreeBSD is saying you're not. Cheers, Antonio ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ssh under attack - sessions in accepted state hogging CPU
On 8/9/2010 8:13 PM, Matt Emmerton wrote: Hi all, I'm in the middle of dealing with a SSH brute force attack that is relentless. I'm working on getting sshguard+ipfw in place to deal with it, but in the meantime, my box is getting pegged because sshd is accepting some connections which are getting stuck in [accepted] state and eating CPU. I know there's not much I can do about the brute force attacks, but will upgrading openssh avoid these stuck connections? There is a cracking/DoS technique, that tries to exhaust a servers resources, by continualy issuing connect requests, in the hope that when the stack croaks in some way, it'll somehow drop it's guard, or go off air permanently. Have you upset anyone recently? Not that I know of - unless my wife counts :) Can you not move your services to non standard IP ports, moving away from the standard ports, where all the script kiddies bots hang out, or are your clients cast in concrete? Right now, they are cast in concrete. I want to move many of them to public keys, so maybe I will change the port at the same time too. I've got FTP, Web and SSH systems running on two sites, on very non standard ports, with next to no one trying to get in as a result, but maintaining full visibility to the clients that need them, and know where they are! All my standard ports (80, 21, 22 etc) show as non existant to the outside world, except on one site, where the mail server is continualy getting hammered, but the site's ISP say they cant forward mail to any other port. I have two servers on the same IP block, and one is getting brute-forced and the other is not. I guess it's just a matter of time before the botnets seek it out. The users have no problems, so long as I correctly specify the port with the address to them, as in 'address:port' if I send them a link etc, or an example how to fill in a connection dialog. I'm seriously going to consider this. -- Matt ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: firefox install problem
Hello Steve, I have not had any luck installing the package manually. The file is a tar.gz which pkg_add apparently can't handle. I did download firefox.tar.gz and unpacked it. Pkg_info says it is corrupt. Changes were apparently made to this package about two weeks ago and possibly something didn't happen correctly. Should this be reported to a different mail list or should a bug report be made? Or am I mistaken? If a package needed to be installed manually, how would pkg_add know to get all the dependencies remotely? Firefox has a huge list of dependencies which would be very difficult to deal with manually. Best regards, Fred Steven Susbauer wrote: On 08/09/10 22:17, Fred Boatwright wrote: Hello, I have installed FreeBSD-8.0 from the CD and have it running ok. I have installed several packages including thunderbird using pkg_add -r package_name. When I try to install firefox I get a file unavailable error. The web site shows firefox-3.6.8,1 is available (i386). What can I do to install firefox? You can manually download the package from a mirror and then install it with pkg_add (pkg_add firefox-3.6.8,1.tbz). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: problem mounting USB drive
Antonio Vieiro wrote: The fact that the drive is working on Windows does not mean it's FAT32 formatted. It may as well be NTFS formatted (man mount_ntfs). Doublecheck you're running a FAT32 system: FreeBSD is saying you're not. Thank You! Looks better now, but the volume is still unusable. # mount_ntfs /dev/da0s1 /mnt/ r...@ott / # mount -v|grep da0 /dev/da0s1 on /mnt (ntfs, local, fsid 71000800) # df -H|grep da0 /dev/da0s1 160G 26G134G16%/mnt ...but all commands result with an error like this... # ls -l /mnt/BACKUP ls: /mnt/BACKUP: Argument list too long :( Ott ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ssh under attack - sessions in accepted state hogging CPU
On 10/08/10 05.13, Matt Emmerton wrote: I'm in the middle of dealing with a SSH brute force attack that is relentless. I'm working on getting sshguard+ipfw in place to deal with it, but in the meantime, my box is getting pegged because sshd is accepting some connections which are getting stuck in [accepted] state and eating CPU. I know there's not much I can do about the brute force attacks, but will upgrading openssh avoid these stuck connections? If the attack you're experiencing is trying to exhaust system resources by opening a large number of connections, then you may want to toggle these options in sshd_config: ClientAliveInterval LoginGraceTime MaxAuthTries MaxSessions MaxStartups Check the man-page. Secondly, check your logs if this attack is from a limited range of IPs, if so, you might want to try block those ranges. If your users will only connect from your country, then blocking other countries in your firewall is very effective. BR, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: problem mounting USB drive
On Tue, Aug 10, 2010 at 11:37 AM, Ott Köstner o...@zzz.ee wrote: Antonio Vieiro wrote: The fact that the drive is working on Windows does not mean it's FAT32 formatted. It may as well be NTFS formatted (man mount_ntfs). Doublecheck you're running a FAT32 system: FreeBSD is saying you're not. Thank You! Looks better now, but the volume is still unusable. # mount_ntfs /dev/da0s1 /mnt/ r...@ott / # mount -v|grep da0 /dev/da0s1 on /mnt (ntfs, local, fsid 71000800) # df -H|grep da0 /dev/da0s1 160G 26G134G16%/mnt ...but all commands result with an error like this... # ls -l /mnt/BACKUP ls: /mnt/BACKUP: Argument list too long That generally means there are too many files to process via default shell memory settings. Something like: find /mnt/BACKUP should work in that case. -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: problem mounting USB drive
Adam Vande More wrote: On Tue, Aug 10, 2010 at 11:37 AM, Ott Köstner o...@zzz.ee wrote: # df -H|grep da0 /dev/da0s1 160G 26G134G16%/mnt ...but all commands result with an error like this... # ls -l /mnt/BACKUP ls: /mnt/BACKUP: Argument list too long That generally means there are too many files to process via default shell memory settings. Something like: find /mnt/BACKUP should work in that case. Yes, generally this means that there are too many files, but not in this case. Even find gives me: # find /mnt/BACKUP find: /mnt/BACKUP: Argument list too long or # ls -ld /mnt/BACKUP ls: /mnt/BACKUP: Argument list too long Some directories are not big at all. My question is, is is a FreeBSD problem here, or is there something wrong with the drive (or am I doing something wrong here)? For some reason my BSD does not want to eat that drive... ;) Ott ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: firefox install problem
Fred Boatwright wrote: Hello Steve, I have not had any luck installing the package manually. The file is a tar.gz which pkg_add apparently can't handle. I did download firefox.tar.gz and unpacked it. Pkg_info says it is corrupt. Changes were apparently made to this package about two weeks ago and possibly something didn't happen correctly. Should this be reported to a different mail list or should a bug report be made? Or am I mistaken? A tar.gz is a source code tarball meant to be compiled via the ports system. pkg_add installs precompiled and packaged binary packages. Package files will have a .tbz extension. pkg_add does not operate on source code tarballs. If a package needed to be installed manually, how would pkg_add know to get all the dependencies remotely? Firefox has a huge list of dependencies which would be very difficult to deal with manually. The dependency tracking is handled by the ports system, whether you are compiling with make make install or installing prebuilt packages. A prebuilt package is just the finished product from the ports build system which someone has already run. In order to keep everything up to date, the ports tree needs to be updated and kept current. Installing from the CD/DVD is all well and good, but the ports tree is already stale at this point. Many long-time FreeBSD'ers only install the OS and the ports tree from a CD/DVD. They then immediately update the ports tree before proceeding to install software. Many dependency related problems are traceable right back to an out of date ports tree. More info on this subject is available in the Handbook. Best regards, Fred Steven Susbauer wrote: On 08/09/10 22:17, Fred Boatwright wrote: Hello, I have installed FreeBSD-8.0 from the CD and have it running ok. I have installed several packages including thunderbird using pkg_add -r package_name. When I try to install firefox I get a file unavailable error. The web site shows firefox-3.6.8,1 is available (i386). What can I do to install firefox? You can manually download the package from a mirror and then install it with pkg_add (pkg_add firefox-3.6.8,1.tbz). ___ Notice the .tbz here. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ZFS practical application?
On Aug 9, 2010, at 3:40 PM, Ed Flecko wrote: Hi folks, I've been reading about the ZFS file system, and I'm having a hard time understanding maybe the most practical business application(s)? I think I understand a little bit about it (from a conceptual perspective) that it's a self-healing 128 bit filesystem, better data integrity checking, etc. I have a small business ( 50 end users) and I'm wondering perhaps some examples that you might think would be most applicable for a FreeBSD server(s) and the ZFS filesystem One of the things that seems like might be a detriment as well as an asset, is it's ability to expand as necessary, but then I'm wondering what prevents the filesystem from just running away? You can set a quota for each filesystem that it won't grow beyond. You can also set reservations to ensure a given filesystem will get a certain amount of space, even if other filesystems grow. With intelligent use of these features you don't have to worry much about runaway filesystems. ZFS is very handy for situations where you have a large storage pool that you want to split up for different users and applications. It's much more flexible than a rigid partitioning scheme; you can safely and quickly resize filesystems to best use the available space. I've also found the compression feature to be quite effective on filesystems that store data that compresses well. We have an NFS share that stores mainly text, and with the default lzjb compression I've seen 1.5:1 ratios with no detectable performance hit. (Reads actually got slightly *faster*, but that may have been a testing glitch.) gzip compression achieved much higher compression ratios but started to affect performance. I expect even better results when we eventually deploy ZFS deduplication. ZFS snapshots are handy for recovering deleted user files without having to restore from backup. NB: We're currently running OpenSolaris on our fileservers but I'm going to look into switching to FreeBSD now that ZFS on FreeBSD is a bit more mature. I've gotten kind of disenchanted with OpenSolaris's slow update cycle. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: problem mounting USB drive
On Tue, Aug 10, 2010 at 12:19 PM, Ott Köstner o...@zzz.ee wrote: Adam Vande More wrote: On Tue, Aug 10, 2010 at 11:37 AM, Ott Köstner o...@zzz.ee wrote: # df -H|grep da0 /dev/da0s1 160G 26G134G16%/mnt ...but all commands result with an error like this... # ls -l /mnt/BACKUP ls: /mnt/BACKUP: Argument list too long That generally means there are too many files to process via default shell memory settings. Something like: find /mnt/BACKUP should work in that case. Yes, generally this means that there are too many files, but not in this case. Even find gives me: # find /mnt/BACKUP find: /mnt/BACKUP: Argument list too long or # ls -ld /mnt/BACKUP ls: /mnt/BACKUP: Argument list too long Some directories are not big at all. My question is, is is a FreeBSD problem here, or is there something wrong with the drive (or am I doing something wrong here)? For some reason my BSD does not want to eat that drive... Apparently that's a known bug kern/136873 you can try sysutils/ntfsprogs to mount it. -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
MCA error
Hi, The last 3 days, I'm getting this message on my (i386 based, FreeBSD 8.1 PRERELEASE) system (frequency about 1 time per day): MCA: Bank 2, Status 0x9400417a MCA: Global Cap 0x0104, Status 0x MCA: Vendor AuthenticAMD, ID 0x680, APIC ID 0 MCA: CPU 0 COR GCACHE L2 EVICT error MCA: Address 0x5f4540 I have no clue what it means. Should I be worried? Thanks, Frank ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: problem mounting USB drive
Adam Vande More wrote: On Tue, Aug 10, 2010 at 12:19 PM, Ott Köstner o...@zzz.ee wrote: Adam Vande More wrote: On Tue, Aug 10, 2010 at 11:37 AM, Ott Köstner o...@zzz.ee wrote: # ls -ld /mnt/BACKUP ls: /mnt/BACKUP: Argument list too long Some directories are not big at all. My question is, is is a FreeBSD problem here, or is there something wrong with the drive (or am I doing something wrong here)? For some reason my BSD does not want to eat that drive... Apparently that's a known bug kern/136873 you can try sysutils/ntfsprogs to mount it. Thank You again, but even this does not seem to help in the first place. 1) Installed ntfsprogs-2.0.0_1 from ports. After that: # ntfsmount /dev/da0s1 /mnt/ fuse: failed to open fuse device: No such file or directory fuse_mount failed. Unmounting /dev/da0s1 (WD Passport) I can see the drive information: # ntfsinfo -m /dev/da0s1 Volume Information Name of device: /dev/da0s1 Device state: 3 Volume Name: WD Passport Volume State: 1 Volume Version: 3.1 Sector Size: 512 Cluster Size: 16384 Volume Size in Clusters: 9768020 [...snip...] 2) After that... # ntfsfix /dev/da0s1 Mounting volume... OK Processing of $MFT and $MFTMirr completed successfully. NTFS volume version is 3.1. NTFS partition /dev/da0s1 was processed successfully. 3) Trying to mount again: # ntfsmount /dev/da0s1 /mnt/ Volume is scheduled for check. Please boot into Windows TWICE, or use the 'force' option. NOTE: If you had not scheduled check and last time accessed this volume using ntfsmount and shutdown system properly, then init scripts in your distribution are broken. Please report to your distribution developers (NOT to us!) that init scripts kill ntfsmount or mount.ntfs-fuse during shutdown instead of proper umount. Mount failed. 4) UHH!!! greetings, Ott ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: problem mounting USB drive
or use the 'force' option ntfsmount -o force, or something like that then, it would mount normally (without forcing) btw, I didn't check, is ntfsprogs' mkntfs (or whatever the name) working now? Samuel Martín Moro {EPITECH.} tek4 CamTrace S.A.S (+033) 1 41 38 37 60 1 Allée de la Venelle 92150 Suresnes FRANCE Nobody wants to say how this works. Maybe nobody knows ... Xorg.conf(5) On Tue, Aug 10, 2010 at 8:13 PM, Ott Köstner o...@zzz.ee wrote: OK Processing of $MFT and $MFTMirr completed successfully. NTFS volume version is 3.1. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ffmpeg Bus error: 10 (core dumped)
Hi all, I just installed ffmpeg from ports (after a portsnap update). Running ffmpeg results in a core dump: # /usr/local/bin/ffmpeg -i myfile.flv output.flv FFmpeg version 0.6, Copyright (c) 2000-2010 the FFmpeg developers built on Aug 10 2010 14:46:32 with gcc 3.4.6 [FreeBSD] 20060305 configuration: --prefix=/usr/local --mandir=/usr/local/man --enable-shared --enable-gpl --enable-postproc --enable-avfilter --enable-avfilter-lavf --enable-pthreads --enable-x11grab --enable-memalign-hack --cc=cc --extra-cflags=-I/usr/local/include/vorbis -I/usr/local/include --extra-ldflags=-L/usr/local/lib --extra-libs=-pthread --disable-debug --disable-sse --disable-mmx --enable-libopencore-amrnb --enable-version3 --enable-libopencore-amrwb --enable-version3 --disable-libdirac --disable-libfaac --enable-libfaad --enable-libfaadbin --enable-libgsm --enable-libmp3lame --disable-libopenjpeg --disable-libschroedinger --disable-ffplay --disable-libspeex --enable-libtheora --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libxvid libavutil 50.15. 1 / 50.15. 1 libavcodec52.72. 2 / 52.72. 2 libavformat 52.64. 2 / 52.64. 2 libavdevice 52. 2. 0 / 52. 2. 0 libavfilter1.19. 0 / 1.19. 0 libswscale 0.11. 0 / 0.11. 0 libpostproc 51. 2. 0 / 51. 2. 0 Bus error: 10 (core dumped) Here's the backtrace: # gdb `which ffmpeg` ffmpeg.core [...etc, etc] This GDB was configured as i386-marcel-freebsd...(no debugging symbols found)... Core was generated by `ffmpeg'. Program terminated with signal 10, Bus error. Reading symbols from /usr/local/lib/libavdevice.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/libavdevice.so.1 [...etc, etc] Reading symbols from /libexec/ld-elf.so.1...(no debugging symbols found)...done. Loaded symbols for /libexec/ld-elf.so.1 #0 0x2812ea67 in ff_av_dup_packet () from /usr/local/lib/libavformat.so.1 [New LWP 100870] (gdb) bt #0 0x2812ea67 in ff_av_dup_packet () from /usr/local/lib/libavformat.so.1 Cannot access memory at address 0xbf94 Running FreeBSD 6.3-RELEASE. Any thoughts / suggestions? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: problem mounting USB drive
On Tue, Aug 10, 2010 at 1:13 PM, Ott Köstner o...@zzz.ee wrote: 2) After that... # ntfsfix /dev/da0s1 Mounting volume... OK Processing of $MFT and $MFTMirr completed successfully. NTFS volume version is 3.1. NTFS partition /dev/da0s1 was processed successfully. All ntfsfix does is mark it dirty so windows with check the fs next time it mounts it. I suggest you follow ntfsmount's suggestion. -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Bind9.7.1 Package
I wrote to the list about building a package out of a port of bind97 and am almost there. Matthew Seaman writes: # make package-recursive which I did after configuring and installing bind9.7.1P2. I then put all the tar balls the make created in to a directory that is put on to the new system along with the bind97 base tar ball and tried to install the package on to a brand new system with pkg_add. It acts as if I almost have it in that it does find all the tar archives but there is one last complaint which kills the whole install. I get a message about pkg-config-0.23_1 and can not seem to find anything to save from the port that contains that string or any part there of. There is obviously some other little file I need to save from somewhere, but I am not sure what to look for. Thanks. Martin McCormick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ZFS woes
FreeBSD-8.1/amd64 - I spend all evening trying to create a ZFS mirror on my two 1Tb sata2 drives formerly used under opensolaris (zfs22) I wiped out the firt mb; i used sysinstall to create a fbsd slice; wiped it out again; booted knoppix to create an EFI / GPT; booted into opensolaris and created a zpool (v14), but nothing, nothing did the trick. sometimes the GEOM GPT table (first / second) was bad; sometimes I saw other warnings; sometimes I *seemed* to be able to create a ZFS mirror and it *seemed* healthy. I even could write to it, but the moment I wanted to do a zpool scrub tank the system freezes or gave me warnings like ZFS: vdev failure, zpool=tank type=vdev.bad.label Whatever I did, I could not get rid of the errors and create a healthy zpool. It really drives me crazy, so if anyone can tell me HOW I can turn two drives into a state that I can use them for ZFS under FreeBSD, please tell me *in detail*. I love to have ZFS back (I'm really used to it on opensolaris), but it has to be safe. It cannot be that one zpool scrub halts my system. I must have done something wrong then. But what? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: AHCI driver
-Oorspronkelijk bericht- Van: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- questi...@freebsd.org] Namens Roland Smith Verzonden: dinsdag 10 augustus 2010 15:14 Aan: Victor Ophof CC: freebsd-questions@freebsd.org; d...@nagual.nl Onderwerp: Re: AHCI driver On Tue, Aug 10, 2010 at 02:37:42PM +0200, Victor Ophof wrote: Its better to enable, but AD4 can get renamed to ada0 I think you should change can to will. :-) but it's easy to fix you just need to edit the /etc/fstab to point to the newly named drives .. Do this _before_ rebooting! When I rebooted into single user mode to update my laptop running 8.0 to 8.1, I couldn't edit my /etc/fstab, because my / wat mounted read-only, and I could not get it to remount as read/write! I had to boot with the old kernel (/boot/kernel.old/kernel) to be able to mount root as read/write and fix etc/fstab! There is a trick on the web, Something with mount -u then mount -a .. but the next link sounds better :) http://www.wonkity.com/~wblock/docs/html/ahci.html Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ZFS woes 2
In addition to my former message, would a total cleaning of both harddrives be usefull? I.e. by running |dd if=/dev/zero of=/dev/ad12 or ||dd if=/dev/urandom of=/dev/ad12 | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: firefox install problem
On 10/08/2010 18:21:25, Michael Powell wrote: A tar.gz is a source code tarball meant to be compiled via the ports system. pkg_add installs precompiled and packaged binary packages. Package files will have a .tbz extension. pkg_add does not operate on source code tarballs. All pkgs have a .tbz suffix -- true, at least since about 6.0-RELEASE. Not everything with a .tbz suffix is a FreeBSD pkg though. .tbz is short for .tar.bz2, and there are plenty of source tarballs around distributed with a .tbz extension. .tgz is similar shorthand for .tar.gz. If you go and look, you can find a bunch of other compression programs applied to tar archives and used for distributing stuff. The best way to tell if what you're looking at is a FreeBSD package is to run pkg_info against it: pkg_info -a foo-1.0.0.tbz Of course, having downloaded the pkg from the packages directory tree on one of the FreeBSD FTP servers is a pretty big hint as well. As is finding it in /usr/ports/packages/All. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: MCA error
Frank fr...@deze.org wrote: The last 3 days, I'm getting this message on my (i386 based, FreeBSD 8.1 PRERELEASE) system (frequency about 1 time per day): MCA: Bank 2, Status 0x9400417a MCA: Global Cap 0x0104, Status 0x MCA: Vendor AuthenticAMD, ID 0x680, APIC ID 0 MCA: CPU 0 COR GCACHE L2 EVICT error MCA: Address 0x5f4540 I have no clue what it means. Should I be worried? Yes. MCA means Machine Check Architecture. It reports an error in the hardware, in this case in the L2 cache of the processor. The word COR means that the error was correctable (e.g. with ECC mechanisms), so it is not fatal yet. Do you overclock that processor? Did you check that the cooling is sufficient? I.e. check the fan, remove dust etc. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd Software gets slower faster than hardware gets faster. -- Niklaus Wirth ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: ZFS woes
-Original Message- From: Dick Hoogendijk [mailto:d...@nagual.nl] Sent: 10 August 2010 21:10 To: FreeBSD Questions Subject: ZFS woes FreeBSD-8.1/amd64 - I spend all evening trying to create a ZFS mirror on my two 1Tb sata2 drives formerly used under opensolaris (zfs22) I wiped out the firt mb; i used sysinstall to create a fbsd slice; wiped it out again; booted knoppix to create an EFI / GPT; booted into opensolaris and created a zpool (v14), but nothing, nothing did the trick. sometimes the GEOM GPT table (first / second) was bad; sometimes I saw other warnings; sometimes I *seemed* to be able to create a ZFS mirror and it *seemed* healthy. I even could write to it, but the moment I wanted to do a zpool scrub tank the system freezes or gave me warnings like ZFS: vdev failure, zpool=tank type=vdev.bad.label Whatever I did, I could not get rid of the errors and create a healthy zpool. It really drives me crazy, so if anyone can tell me HOW I can turn two drives into a state that I can use them for ZFS under FreeBSD, please tell me *in detail*. I love to have ZFS back (I'm really used to it on opensolaris), but it has to be safe. It cannot be that one zpool scrub halts my system. I must have done something wrong then. But what? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org I could be over simplifying what you are trying to do, but seen as you did not mention it what was wrong with Freebsd and zpool create tank mirror device1 device2 If you are getting warnings about the drives being part of a previous pool and you are not fussed about the data on the drives try using the manufactures diagnostics to do low level format then create your pool. Regards Graeme ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ftp login failing after upgrade to 8.1
I just upgraded to FreeBSD 8.1 and my regular user name seems to be disallowed for ftp. I checked and my name or group does not seem to show up in ftpusers. Any suggestions as to what might have happened? Thanks, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Bind9.7.1 Package
On 10/08/2010 21:05:35, Martin McCormick wrote: I get a message about pkg-config-0.23_1 and can not seem to find anything to save from the port that contains that string or any part there of. There is obviously some other little file I need to save from somewhere, but I am not sure what to look for. pkg-config was probably already installed on your build machine before you did 'make package-recursive' and since the ports won't reinstall exactly the same thing again, that would have prevented it being packaged. The fact that you have to (re)install a port before you can make a package from it is considered a fairly big flaw, and there are proposals under consideration to modify that behaviour -- OpenBSD's ports system is frequently cited as an example of how such things should work. The solution is probably to create a package directly from what's already installed: # pkg_create -b pkg-config-0.23_1 pkg-config is an indirect dependency for bind -- it's required by security/openssl and textproc/libxml2 either of which bind are optional dependencies for dns/bind97. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: ftp login failing after upgrade to 8.1
On Tue, Aug 10, 2010 at 2:07 PM, Mark Tinguely marktingu...@gmail.com wrote: Chris Maness wrote: I just upgraded to FreeBSD 8.1 and my regular user name seems to be disallowed for ftp. I checked and my name or group does not seem to show up in ftpusers. Any suggestions as to what might have happened? Thanks, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Do you use a shell that is no longer in /etc/shells? --Mark. Yes, I use bash. Should I add bash to the shells file? Thanks, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: firefox install problem
On 10/08/2010 21:47:57, Matthew Seaman wrote: On 10/08/2010 18:21:25, Michael Powell wrote: A tar.gz is a source code tarball meant to be compiled via the ports system. pkg_add installs precompiled and packaged binary packages. Package files will have a .tbz extension. pkg_add does not operate on source code tarballs. All pkgs have a .tbz suffix -- true, at least since about 6.0-RELEASE. Not everything with a .tbz suffix is a FreeBSD pkg though. .tbz is short for .tar.bz2, and there are plenty of source tarballs around distributed with a .tbz extension. .tgz is similar shorthand for .tar.gz. If you go and look, you can find a bunch of other compression programs applied to tar archives and used for distributing stuff. The best way to tell if what you're looking at is a FreeBSD package is to run pkg_info against it: pkg_info -a foo-1.0.0.tbz Ahem. pkg_info foo-1.0.0.tbz '-a' will, of course, show you information about all of the packages installed on the system, which is nice, but not much use in this case. Of course, having downloaded the pkg from the packages directory tree on one of the FreeBSD FTP servers is a pretty big hint as well. As is finding it in /usr/ports/packages/All. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: ftp login failing after upgrade to 8.1
On 10/08/2010 22:01:40, Chris Maness wrote: I just upgraded to FreeBSD 8.1 and my regular user name seems to be disallowed for ftp. I checked and my name or group does not seem to show up in ftpusers. Any suggestions as to what might have happened? /etc/ftpusers is actually the list of accounts that should be *denied* access via FTP. You don't want your UID in there if you want to use FTP. Make sure the login shell for your account is mentioned in /etc/shells. Failing that, curse FTP as an archaic and inherently insecure protocol completely unsuitable for today's internet, and switch to using sftp(8) instead -- which has the look and feel of FTP, but which runs tunnelled over SSH. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: ftp login failing after upgrade to 8.1
On Tue, Aug 10, 2010 at 2:07 PM, Mark Tinguely marktingu...@gmail.com wrote: Chris Maness wrote: I just upgraded to FreeBSD 8.1 and my regular user name seems to be disallowed for ftp. I checked and my name or group does not seem to show up in ftpusers. Any suggestions as to what might have happened? Thanks, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Do you use a shell that is no longer in /etc/shells? --Mark. Ok, I have it working now. The man page for ftpd should make that a little clearer than it does. There is another issue after logging in. The login works just fine, but when it tries to establish a connection for transfer or list the contents of a directory, I get a connection refused error. Regards, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: ZFS woes
Graeme Dargie wrote: -Original Message- From: Dick Hoogendijk [mailto:d...@nagual.nl] Sent: 10 August 2010 21:10 To: FreeBSD Questions Subject: ZFS woes FreeBSD-8.1/amd64 - I spend all evening trying to create a ZFS mirror on my two 1Tb sata2 drives formerly used under opensolaris (zfs22) I wiped out the firt mb; i used sysinstall to create a fbsd slice; wiped it out again; booted knoppix to create an EFI / GPT; booted into opensolaris and created a zpool (v14), but nothing, nothing did the trick. sometimes the GEOM GPT table (first / second) was bad; sometimes I saw other warnings; sometimes I *seemed* to be able to create a ZFS mirror and it *seemed* healthy. I even could write to it, but the moment I wanted to do a zpool scrub tank the system freezes or gave me warnings like ZFS: vdev failure, zpool=tank type=vdev.bad.label This 'vdev' reference nudges some dim recall of something like this discussed either on -current or -stable quite a while back. Didn't pay it any real attention because it didn't pertain to me, so I promptly forgot. Might search the lists fot 'vdev' and ZFS. Whatever I did, I could not get rid of the errors and create a healthy zpool. It really drives me crazy, so if anyone can tell me HOW I can turn two drives into a state that I can use them for ZFS under FreeBSD, please tell me *in detail*. I love to have ZFS back (I'm really used to it on opensolaris), but it has to be safe. It cannot be that one zpool scrub halts my system. I must have done something wrong then. But what? ___ [snip] I could be over simplifying what you are trying to do, but seen as you did not mention it what was wrong with Freebsd and zpool create tank mirror device1 device2 If you are getting warnings about the drives being part of a previous pool and you are not fussed about the data on the drives try using the manufactures diagnostics to do low level format then create your pool. Regards Graeme [snip] GEOM stores it's metadata in the last sector of the drive. So the old trick of wiping the MBR or just the front part of the drive may not be enough. You'd think once the partition table was gone this sector would no longer matter. The so-called low-level format for IDE/SATA drives isn't really a low level format like with a SCSI drive and controller. It just writes zeros from one end of the drive completely to the other. You can achieve the same results with dd. The GENERIC kernel options GEOM_PART_GPT and options GEOM_LABEL if still present may be tasting that metadata sector if it is still around on the drive. I also had another experience a while back. A drive died and the spare I pulled from the shelf had 6.2 on it. The 8 Release install would fail, something to do with either the partition table and/or labels from the earlier being invisible to the new and thus could not be written to. This is what I had to do to install 8: Boot a LiveFS CD, then at a root prompt do: sysctl kern.geom.debugflags=16 and: dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 where x equals your drive number. Probably should only do this before a fresh install and NOT on a system with data you want to keep. Doing a dd of zeros completely over all of the drive(s) will either make the problem go away, or confirm it to be something else, e.g., not caused by any residual data present on the drive. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: chflags(1) unaware utilties
On 9 August 2010 14:00, Alexander Best arun...@freebsd.org wrote: hi there, chflags(1) mentions that a few utilities including pax(1) aren't chflags aware yet. is there a list of all those utilties available somewhere? also: i don't quite understand why this is in the BUGS section of chflags(1) and not in the pax(1) manual itself [1]. this doesn't seem very logical, since the bug doesn't exist in chflags, but in pax not supporting chflags. so if someone decides to use pax and wants to know if there are any problem with it, there's no way for the average user to stumble upon the fact that chflags isn't supported in pax. in fact the pax(1) manual states that `pax -p e` will preserve everything. this is plain wrong! cheers. alex [1] http://www.freebsd.org/cgi/query-pr.cgi?pr=docs/135516 AFIK, pax is a POSIX thing, and as such working correctly or sanely would violate its posix nature. (POSIX is an anagram of Pox? Si!) Is cpio chflags-aware? -- -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ftp login failing after upgrade to 8.1
On Tue, Aug 10, 2010 at 2:19 PM, Mark Tinguely marktingu...@gmail.com wrote: Chris Maness wrote: On Tue, Aug 10, 2010 at 2:07 PM, Mark Tinguely marktingu...@gmail.com wrote: Chris Maness wrote: I just upgraded to FreeBSD 8.1 and my regular user name seems to be disallowed for ftp. I checked and my name or group does not seem to show up in ftpusers. Any suggestions as to what might have happened? Thanks, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Do you use a shell that is no longer in /etc/shells? --Mark. Yes, I use bash. Should I add bash to the shells file? Thanks, Chris Maness yes, the full path to bash. And /etc/shells is overwritten during upgrades. It is logging in now, but getting some strange connection refused when I try a file transfer or list the contents of a directory. Regards, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: chflags(1) unaware utilties
On Tue, Aug 10, 2010 at 05:22:47PM -0400, ill...@gmail.com wrote: On 9 August 2010 14:00, Alexander Best arun...@freebsd.org wrote: hi there, chflags(1) mentions that a few utilities including pax(1) aren't chflags aware yet. is there a list of all those utilties available somewhere? snip in fact the pax(1) manual states that `pax -p e` will preserve everything. this is plain wrong! AFIK, pax is a POSIX thing, and as such working correctly or sanely would violate its posix nature. (POSIX is an anagram of Pox? Si!) Is cpio chflags-aware? To the best of my knowledge the _only_ way to be sure you have backed up _all_ possible features (flags, extended attributes c) of a UFS filesystem is to use dump(8) restore(8). Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpaV8xQRT0xb.pgp Description: PGP signature
gmirror gm0
How can I totally remove a created gmirror (gm0) I know of the option gmirror forget gm0 but does that make the mirror disappear? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gmirror gm0
On 10 August 2010 17:33, Dick Hoogendijk d...@nagual.nl wrote: How can I totally remove a created gmirror (gm0) I know of the option gmirror forget gm0 but does that make the mirror disappear? # gmirror clear gm0 perhaps? http://www.freebsd.org/cgi/man.cgi?query=gmirrorsektion=8apropos=0manpath=FreeBSD+8.1-RELEASE or http://5z8.info/racist_xzg -- -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: chflags(1) unaware utilties
Roland Smith rsm...@xs4all.nl writes: On Tue, Aug 10, 2010 at 05:22:47PM -0400, ill...@gmail.com wrote: On 9 August 2010 14:00, Alexander Best arun...@freebsd.org wrote: hi there, chflags(1) mentions that a few utilities including pax(1) aren't chflags aware yet. is there a list of all those utilties available somewhere? snip in fact the pax(1) manual states that `pax -p e` will preserve everything. this is plain wrong! AFIK, pax is a POSIX thing, and as such working correctly or sanely would violate its posix nature. (POSIX is an anagram of Pox? Si!) Is cpio chflags-aware? To the best of my knowledge the _only_ way to be sure you have backed up _all_ possible features (flags, extended attributes c) of a UFS filesystem is to use dump(8) restore(8). Since when did the thread switch to UFS-specific tools? Unless I'm missing smth dump(8)/restore(8) don't work on ZFS. You can use bsdtar(1) in order to save/restore chflags, ACLs and extattrs in a FS-agnostic way. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: AHCI driver
On Tue, 10 Aug 2010, Victor Ophof wrote: There is a trick on the web, Something with mount -u then mount -a .. but the next link sounds better :) http://www.wonkity.com/~wblock/docs/html/ahci.html Hey, I'm famous! Arthur Chance's message finally explains how labeling the rootfs fails, or at least the label doesn't stick. http://docs.freebsd.org/cgi/getmsg.cgi?fetch=573595+0+current/freebsd-questions The AHCI doc above has been updated to reflect this, although I haven't tested it. Corrections welcome! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ZFS practical application?
Thanks David...I appreciate your input. :-) Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Spontaneous Reboots with Virtualbox Kernel Modules
I have had two spontaneous reboots since I have began using virtualbox. I have never had the issue before. I just upgraded to 8.1 yesterday, so I will see if it happens again. Has anyone else had crashes/reboots running these modules? Thanks, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: RE: ZFS woes
wiped out the firt mb; i used sysinstall to create a fbsd slice; wiped it out again; booted knoppix to create an EFI / GPT; booted into opensolaris and created a zpool (v14), but nothing, nothing did the trick. I was doing a vanilla fbsd install recently using a couple re-claimed 250GB IDE drives. The install completed without errors, but after reboot GEOM complained bitterly about the secondary GPT table on the boot drive being corrupted or invalid, and unrecoverable corrupted or invalid GPT tables on the 2nd drive. By trying something like above, I was able to get the system drive to rebuild the secondary GPT table, but nothing worked on the second drive. Google told me a targeted approach was technically possible (by calculating exactly where a specific drive stores its GPT metadata and zeroing just that bit), but also that the broader solution of zeroing out the entire drive would be faster for me than figuring out the calculation (about 18 hrs to zero the entire drive, at least it was mostly while sleeping): dd if=/dev/zero of=/dev/ad3 bs=64K (no idea if the block size is optimal or even relevant). Dale Scott ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: chflags(1) unaware utilties
On Wed, Aug 11, 2010 at 01:59:50AM +0400, Anonymous wrote: AFIK, pax is a POSIX thing, and as such working correctly or sanely would violate its posix nature. (POSIX is an anagram of Pox? Si!) Is cpio chflags-aware? To the best of my knowledge the _only_ way to be sure you have backed up _all_ possible features (flags, extended attributes c) of a UFS filesystem is to use dump(8) restore(8). Since when did the thread switch to UFS-specific tools? The point I was trying to make is that the way to make the most accurate backup is to use the tools native to the filesystem. To the best of my knowledge, only UFS and ZFS actually supports the flags used by chflags(2), and since I don't use ZFS, I used UFS as my example, which means dump/restore. For ZFS you could use 'zfs send' on a snapshot. Unless I'm missing smth dump(8)/restore(8) don't work on ZFS. You can use bsdtar(1) in order to save/restore chflags, ACLs and extattrs in a FS-agnostic way. Since bsdtar is based on libarchive, it has restrictions depending on the type of format you use. See libarchive-formats(5). If you are sure that your filesystem is not using any features that cannot be stored in the libarchive format of your choosing, then by all means, go ahead. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpStmKHpeKqO.pgp Description: PGP signature
Re: Spontaneous Reboots with Virtualbox Kernel Modules
On Tue, Aug 10, 2010 at 03:38:03PM -0700, Chris Maness wrote: I have had two spontaneous reboots since I have began using virtualbox. I have never had the issue before. I just upgraded to 8.1 yesterday, so I will see if it happens again. Has anyone else had crashes/reboots running these modules? Yes, I've experiencing several on 8.0-RELEASE amd64. Since I was mostly using it to play with other OSs, I de-installed virtualbox and haven't tried it since. For virtual FreeBSD servers, jail(8) turned out to be a much better alternative. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpcbHLl1P7mo.pgp Description: PGP signature
Re: Spontaneous Reboots with Virtualbox Kernel Modules
On Tue, Aug 10, 2010 at 4:08 PM, Roland Smith rsm...@xs4all.nl wrote: On Tue, Aug 10, 2010 at 03:38:03PM -0700, Chris Maness wrote: I have had two spontaneous reboots since I have began using virtualbox. I have never had the issue before. I just upgraded to 8.1 yesterday, so I will see if it happens again. Has anyone else had crashes/reboots running these modules? Yes, I've experiencing several on 8.0-RELEASE amd64. Since I was mostly using it to play with other OSs, I de-installed virtualbox and haven't tried it since. For virtual FreeBSD servers, jail(8) turned out to be a much better alternative. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) Has this behavior already been documented anywhere? Regards, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: problem mounting USB drive
Adam Vande More wrote: On Tue, Aug 10, 2010 at 1:13 PM, Ott Köstner o...@zzz.ee wrote: 2) After that... # ntfsfix /dev/da0s1 Mounting volume... OK Processing of $MFT and $MFTMirr completed successfully. NTFS volume version is 3.1. NTFS partition /dev/da0s1 was processed successfully. All ntfsfix does is mark it dirty so windows with check the fs next time it mounts it. I suggest you follow ntfsmount's suggestion. Try using /dev/da0 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to connect a jail to the web ?
Brice ERRANDONEA wrote: Hello, I've just created my first FreeBSD jail in order to install a web server inside. But I don't know how to connect it to the web. When I try pinging a http website, it doesn't work. Of course, it works when I do it from outside the jail. Another problem, probably linked to the first one, I can't run rc within the jail, even as the jail's root. It says : permission denied. Here's how I built and started my jail. I had already run make buildworld when upgrading to 8.1 release : # mkdir /usr/prison # cd /usr/src # make installworld DESTDIR=/usr/prison # make distribution DESTDIR=/usr/prison # mount -t devfs devfs /usr/prison/dev # jail -c path=/usr/prison host.hostname=ServeurWeb ip4.addr=192.1.1.1 persist # jail /usr/prison ServeurWeb 192.1.1.1 csh I guess this must be a very basic question but please help me. 1. ping is a security risk from within a jail and is disabled by design. (read jail(8) for details). No use using a jail if the first thing you do is re-enable ping in the jail. To test for public internet connection from within a jail use dig or whois commands. 2. Using the hosts firewall to drive traffic to a jail is a sign you have your jail incorrectly configured or do not understand how jails are intended to work. 3. Jail do not have a network stack of their own, so they cant have a firewall. The host's firewall and and network stack are in control. 4. There are 2 utilities for creating jails. Qjail the better documented of the 2, is designed for the novice which clearly you are. I strongly suggest you checkout http://sourceforge.net/projects/qjail ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to connect a jail to the web ?
Fbsd8 == Fbsd8 fb...@a1poweruser.com writes: Fbsd8 2. Using the hosts firewall to drive traffic to a jail is a sign Fbsd8 you have your jail incorrectly configured or do not understand Fbsd8 how jails are intended to work. OK, I'll bite. I thought this was the only way to do this. Can you elaborate? I'll even accept URL pointers to go read. :) -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 mer...@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to connect a jail to the web ?
On 8/10/2010 5:02 PM, Fbsd8 wrote: 1. ping is a security risk from within a jail and is disabled by design. (read jail(8) for details). No use using a jail if the first thing you do is re-enable ping in the jail. To test for public internet connection from within a jail use dig or whois commands. There is a vast difference between testing a network connection and leaving something in for live deployment. Tools like ping and traceroute are for network diagnostics. You can easily run into a situation where dig and whois don't work but ping/traceroute will in which case you quickly realize hostnames aren't resolving in a jail (or you can find out where exactly packets stopped at). Meanwhile the person using only dig and whois might be spinning their wheels trying to fix problems that aren't really problems. They might of created a jail and have everything setup except they forgot to create an /etc/resolv.conf in the jail. There is nothing wrong with allowing raw sockets to get up and running and then changing it back (the jail man page states to use caution with raw sockets not a blatant don't do it). 2. Using the hosts firewall to drive traffic to a jail is a sign you have your jail incorrectly configured or do not understand how jails are intended to work. If you have jails assigned to non routable ip's (i.e. 10.0.0.2, 10.0.0.3) how else would you redirect traffic coming in from your hosts ip:(http_port, dns_port, etc..) to the corresponding jail that handles it. I've read a bunch of stuff on jails and unless I missed something (which is totally possible) using a NAT that's part of a firewall seems like pretty standard fare. How else would you go about it? 3. Jail do not have a network stack of their own, so they cant have a firewall. The host's firewall and and network stack are in control. The documentation is rather sparse since it's so new and I personally haven't used it but FreeBSD 8 has VIMAGE (network stack virtualization). http://wiki.freebsd.org/Image/VNETSamples http://bsdbased.com/2009/12/06/freebsd-8-vimage-epair-howto http://wiki.polymorf.fr/index.php/Howto:FreeBSD_jail_vnet 4. There are 2 utilities for creating jails. Qjail the better documented of the 2, is designed for the novice which clearly you are. I strongly suggest you checkout http://sourceforge.net/projects/qjail You should probably preface this by saying you're the author of Qjail and have been actively promoting it in a few places including the fbsd forums. Nothing wrong with that I guess, but I still haven't been able to figure out how it's any different(better?) than ezjail(which has both an excellent website and man page). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to connect a jail to the web ?
Randal L. Schwartz wrote: Fbsd8 == Fbsd8 fb...@a1poweruser.com writes: Fbsd8 2. Using the hosts firewall to drive traffic to a jail is a sign Fbsd8 you have your jail incorrectly configured or do not understand Fbsd8 how jails are intended to work. OK, I'll bite. I thought this was the only way to do this. Can you elaborate? I'll even accept URL pointers to go read. :) ifconfig alias man 8 ifconfig ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to connect a jail to the web ?
Fbsd8 == Fbsd8 fb...@a1poweruser.com writes: Fbsd8 ifconfig alias Fbsd8 man 8 ifconfig Yup, and using that, I can give a private 10.x address to my jail. How do I get it to face the public without a firewall rule? -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 mer...@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to connect a jail to the web ?
Rocky Borg wrote: On 8/10/2010 5:02 PM, Fbsd8 wrote: 1. ping is a security risk from within a jail and is disabled by design. (read jail(8) for details). No use using a jail if the first thing you do is re-enable ping in the jail. To test for public internet connection from within a jail use dig or whois commands. There is a vast difference between testing a network connection and leaving something in for live deployment. Tools like ping and traceroute are for network diagnostics. You can easily run into a situation where dig and whois don't work but ping/traceroute will in which case you quickly realize hostnames aren't resolving in a jail (or you can find out where exactly packets stopped at). Meanwhile the person using only dig and whois might be spinning their wheels trying to fix problems that aren't really problems. They might of created a jail and have everything setup except they forgot to create an /etc/resolv.conf in the jail. There is nothing wrong with allowing raw sockets to get up and running and then changing it back (the jail man page states to use caution with raw sockets not a blatant don't do it). The key verbiage here is and then changing it back. Giving advice without also saying why its disabled or that you should disable it when completed testing is giving the op the wrong info. 2. Using the hosts firewall to drive traffic to a jail is a sign you have your jail incorrectly configured or do not understand how jails are intended to work. If you have jails assigned to non routable ip's (i.e. 10.0.0.2, 10.0.0.3) how else would you redirect traffic coming in from your hosts ip:(http_port, dns_port, etc..) to the corresponding jail that handles it. I've read a bunch of stuff on jails and unless I missed something (which is totally possible) using a NAT that's part of a firewall seems like pretty standard fare. How else would you go about it? man 8 ifconfig alias option 3. Jail do not have a network stack of their own, so they cant have a firewall. The host's firewall and and network stack are in control. The documentation is rather sparse since it's so new and I personally haven't used it but FreeBSD 8 has VIMAGE (network stack virtualization). http://wiki.freebsd.org/Image/VNETSamples http://bsdbased.com/2009/12/06/freebsd-8-vimage-epair-howto http://wiki.polymorf.fr/index.php/Howto:FreeBSD_jail_vnet This is pretty much experimental and nothing a sane person would think of using in production. Maybe in 9.0 the bugs will be worked out. Just have to wait and see. 4. There are 2 utilities for creating jails. Qjail the better documented of the 2, is designed for the novice which clearly you are. I strongly suggest you checkout http://sourceforge.net/projects/qjail You should probably preface this by saying you're the author of Qjail and have been actively promoting it in a few places including the fbsd forums. Nothing wrong with that I guess, but I still haven't been able to figure out how it's any different(better?) than ezjail(which has both an excellent website and man page). If you had really read both ezjail and qjail man pages you would not be making this statement. They are as different as night and day. Qjail is written for the novice with examples and includes many functions missing from ezjail. Like the auto alias function that has been part of the jail command since day one. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to connect a jail to the web ?
Randal L. Schwartz wrote: Fbsd8 == Fbsd8 fb...@a1poweruser.com writes: Fbsd8 ifconfig alias Fbsd8 man 8 ifconfig Yup, and using that, I can give a private 10.x address to my jail. How do I get it to face the public without a firewall rule? No. Your jail is assigned it's ip address when you create it. The alias gives the jail network access when you start the jail. Both ip address must match. Just assign the jail your public ip address when you create it. face the public is a very large subject, which the answer depends on your hardware configuration, registered domain names and static ip addresses. Using jails requires the host system administrator to be well trained in networks and how public and private networks function. Jail documentation is not going to teach you this. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to connect a jail to the web ?
Fbsd8 == Fbsd8 fb...@a1poweruser.com writes: Fbsd8 No. Your jail is assigned it's ip address when you create it. The Fbsd8 alias gives the jail network access when you start the jail. Both Fbsd8 ip address must match. Yup, and if that's a 10.x address, I'm not on the net. So I have to route to it somehow. Fbsd8 Just assign the jail your public ip address when you create it. I was under the impression that the address had to be distinct, in order to uniquely identify it. Are you saying that's not the case? If so, the docs on jails are unclear. Fbsd8 face the public is a very large subject, which the answer depends on your Fbsd8 hardware configuration, registered domain names and static ip Fbsd8 addresses. Yes, I'm hoping not to burn a second or third public address for my jail. Instead, I just want my jail to have a punch through (port 80, port 25, etc) from my one public address. Is there a trick to this without burning another public address? Or do I misunderstand (based on poor docs) how a jail attaches itself to an interface? Fbsd8 Using jails requires the host system administrator to be well Fbsd8 trained in networks and how public and private networks Fbsd8 function. Jail documentation is not going to teach you this. Now you're just being condescending. It's fairly likely, almost certain, that I've been dealing with IP traffic since before you could type. What I'm asking for is the specifics of Jails. I *know* how IP traffic works, and even what alias does. What I don't know is FreeBSD's particulars that make this either hard or easy. I *do* know about pf, having administered an OpenBSD box for a number of years. I'm just new to jails, and since you're the expert, you might have a little patience on that realm, please. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 mer...@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
vmstat -z
in a crash dump, I see in vmcore.txt.7, In a output of vmstat -z ITEM SIZE LIMIT USED FREE REQUESTS FAILURES 16 Bucket:152,0, 150,0, 150,0 32 Bucket:280,0, 165,3, 165,0 64 Bucket:536,0, 154,0, 154,3 128 Bucket: 1048,0, 1115,1, 1115, 1811 Failures '128 Bucket': 1811. What does this mean? the man page vmstat does not explain vey much .. man uma neither as to what 'failures can mean ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ZFS woes
On 11-8-2010 0:52, Dale Scott wrote: wiped out the firt mb; i used sysinstall to create a fbsd slice; wiped it out again; booted knoppix to create an EFI / GPT; booted into opensolaris and created a zpool (v14), but nothing, nothing did the trick. I was doing a vanilla fbsd install recently using a couple re-claimed 250GB IDE drives. The install completed without errors, but after reboot GEOM complained bitterly about the secondary GPT table on the boot drive being corrupted or invalid, and unrecoverable corrupted or invalid GPT tables on the 2nd drive. By trying something like above, I was able to get the system drive to rebuild the secondary GPT table, but nothing worked on the second drive. Google told me a targeted approach was technically possible (by calculating exactly where a specific drive stores its GPT metadata and zeroing just that bit), but also that the broader solution of zeroing out the entire drive would be faster for me than figuring out the calculation (about 18 hrs to zero the entire drive, at least it was mostly while sleeping): dd if=/dev/zero of=/dev/ad3 bs=64K (no idea if the block size is optimal or even relevant). I did not want to overwrite two drives with /dev/zero, so I created a mirror with gmirror yesterday, folowing the steps from the freebsd manual. After it was completed I just did: # gmirror stop gm0 # gmirror clear /dev/ad12 # gmirror clear /dev/ad14 # dd if=/dev/zero of=/dev/ad12 bs=1m count=1 # dd if=/dev/zero of=/dev/ad14 bs=1m count=1 # kldload zfs # zpool create store mirror ad12 ad14 ## Wrote some data to /store ## # zpool scrub store # zpool history store ## No More Errors !!! ## I guess creating the gmirror metadata / mirror and removing it cleared all data which caused me so much trouble. I happely removed the geom_mirror_load=YES with zfs_load=YES and have what I wanted: FreeBSD/zfs ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ZFS woes
On 11-8-2010 7:05, Dick Hoogendijk wrote: On 11-8-2010 0:52, Dale Scott wrote: [cut the former message..] I just found out that the process to repair offending disks with GEOM errors, bad labels etc.. can be repaired a lot quicker. # gmirror label -vb round-robin gm0 /dev/ad12 ## -- disk with vdev error # gmirror stop gm0 # gmirror clear /dev/ad12 # if=/dev/zero of=/dev/ad12 bs=1m count=1 ## -- removes all partition data This leaves me with a completely healthy disk that makes zfs happy ;) Repeat for all other faulthy disks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org