Re: 9.1 - 9.2 upgrade
On 8 October 2013, at 16:40, Polytropon free...@edvax.de wrote: On Tue, 8 Oct 2013 11:20:40 -0700, Doug Hardie wrote: I tried downloading the src with: svn co https://svn0.us-west.FreeBSD.org/base/releng/9.2 /mnt/usr/src I didn't get Release 9.2. The first entry in UPDATING is: 20130705: hastctl(8)'s `status' command output changed to terse one-liner format. Scripts using this should switch to `list' command or be rewritten. There is an entry earlier for Release 9.1. but no entry for Release 9.2. You could try downloading and extracting the src distribution: ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/9.2-RELEASE/src.txz Before I saw this I built from the src obtained via svn. The system now boots. I still have no idea what was preventing it from booting. It was something between displaying the Beastie menu and waiting for user input. There had to be at least 2 issues as the messages changed after the first attempt to rebuild the system. I tried to chase down the boot code for the first error message and it appears to be generated when there is a problem with a directory. I couldn't find any further diagnostic info to identify the directory. I have not yet tried to chase down the second set of messages in the source. The system now says its 9.2. UPDATING still looks the same. Interestingly enough, on another system that I updated earlier to 9.2 via freebsd-update, UPDATING there is identical to the one on this system. There is no 9.2 entry. Also of note is that most of the ports/packages are still present. However SASL2 vanished without a trace. Its easily replaced, but why is certainly interesting. I have no ideas at this point. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 9.1 - 9.2 upgrade
On 5 October 2013, at 05:08, Polytropon free...@edvax.de wrote: On Fri, 4 Oct 2013 21:49:18 -0700, Doug Hardie wrote: On 4 October 2013, at 20:03, Polytropon free...@edvax.de wrote: On Fri, 4 Oct 2013 19:42:15 -0700, Doug Hardie wrote: On 4 October 2013, at 19:08, Polytropon free...@edvax.de wrote: On Fri, 4 Oct 2013 18:58:52 -0700, Doug Hardie wrote: The exact sequence was: Step 1: freebsd-update from 9.1 to 9.2 Have you verified in /etc/freebsd-update.conf that src is definitely part of what should be updated? System is not bootable - can't verify anything… Does the system (or better, its enclosure, software-wise) allow booting a rescue system or an emergency media, such as a FreeBSD v9 live system? Yes - but there is no one there who can successfully be told how to run it. Not even inserting a USB stick (with the FreeBSD memstick data) or a CD? We have serious communications issues - they want to use back slashes and have no idea what a slash is. Maybe that is the result of many years of administration on Windows PCs. :-) Even if you tell them which key to use, they know better and use a back slash cause thats what Windoze uses. Uh... knowing better would disqualify them as maintainers of a server installation. The inability to learn (or even to read and follow instructions) is a dangerous thing. The disk should be in the mail to me now. I will be able to work with it when it arrives. Okay, that's also a possible alternative. To be honest, that's the first time I hear about this procedure. But doable. The file /etc/freebsd-update.conf should contain the line Components src world kernel if you want to make sure the source is properly updated, along with the world and kernel (GENERIC). As indicated before, I don't think all the source got updated. The kernel showed 9.2 after recompilation. However UPDATING was not updated. Thats as much as I could check before. I assume that this could be possible by inconsistently updated sources. It would be a good start to remove /usr/src and download the sources of the correct version via SVN _or_ freebsd-update again. Before the next installation attempt, /usr/obj should be removed as well, just to be sure. Step 5: reboot Attention: Into single-user mode. Not possible since the system is located over 100 miles away. Everything has to be done via remote console. Does this mean SSH only or do you have a _real_ console transmission by which you can access the system _prior_ to the OS providing the SSH access? I'm mentioning this because the traditional approach requires (few) steps done in the single-user mode where no SSH connectivity is provided in the normal way… I have a telnet box that has serial connections to the console ports. That approach has been used without any issues since FreeBSD 2.5. I do disable all ports during the process via an reduced rc.conf file. A serial console should also work, but even though I've been using serial consoles (and _real_ serial terminals), one thing I'm not sure about: Is it possible to interrupt (!) the boot process at an early stage to get to the loader prompt and boot into single user mode from there? Ok boot -s If not, do you have the beastie menu (or whatever it is called today) enabled to go to SUM to perform the make installworld step? Anyway, if you can install everything is required with the disk at home, and then send it back to that datacenter (according to your characterization, the quotes are deserved), that should solve the problems and make sure everything works as intended. The Thick Plottens… I received the drives and installed them on a working system. The failed system is structured with a single partition for the system and another for swap. For some unknown reason, the BIOS got left configured to boot the extra disk if its powered up. That turns out to be handy. I can boot a working system with the corrupt drive powered off. Booting from the corrupt drive yields the normal hardware info followed by the Beastie image and immediately by a multitude of lines (repeated many times): Consoles: internal video/keyboard serial port BIOS drive C: is disk0 BIOS drive D: is disk1 BIOS 639kB/1037824kB available memory FreeBSD/x86 bootstrap loader, Revision 1.1 (d...@zool.lafn.org, Thu Oct 3 04:23:13 PDT 2013) Can't work out which disk we are booting from. Guessed BIOS device 0x not found by probes, defaulting to disk0: I was able to capture these by using a serial console connected to another computer. The lines only appear on the serial console once. They scroll by on the real console many time - all too fast to read anything. Then after a few seconds of that, the screen goes black, and the system reboots. The cycle then repeats… Pressing any key does nothing. I even filled the keyboard buffer with spaces
Re: 9.1 - 9.2 upgrade
On 8 October 2013, at 06:22, dweimer dwei...@dweimer.net wrote: On 10/08/2013 4:27 am, Doug Hardie wrote: On 5 October 2013, at 05:08, Polytropon free...@edvax.de wrote: On Fri, 4 Oct 2013 21:49:18 -0700, Doug Hardie wrote: On 4 October 2013, at 20:03, Polytropon free...@edvax.de wrote: On Fri, 4 Oct 2013 19:42:15 -0700, Doug Hardie wrote: On 4 October 2013, at 19:08, Polytropon free...@edvax.de wrote: On Fri, 4 Oct 2013 18:58:52 -0700, Doug Hardie wrote: The exact sequence was: Step 1: freebsd-update from 9.1 to 9.2 Have you verified in /etc/freebsd-update.conf that src is definitely part of what should be updated? System is not bootable - can't verify anything… Does the system (or better, its enclosure, software-wise) allow booting a rescue system or an emergency media, such as a FreeBSD v9 live system? Yes - but there is no one there who can successfully be told how to run it. Not even inserting a USB stick (with the FreeBSD memstick data) or a CD? We have serious communications issues - they want to use back slashes and have no idea what a slash is. Maybe that is the result of many years of administration on Windows PCs. :-) Even if you tell them which key to use, they know better and use a back slash cause thats what Windoze uses. Uh... knowing better would disqualify them as maintainers of a server installation. The inability to learn (or even to read and follow instructions) is a dangerous thing. The disk should be in the mail to me now. I will be able to work with it when it arrives. Okay, that's also a possible alternative. To be honest, that's the first time I hear about this procedure. But doable. The file /etc/freebsd-update.conf should contain the line Components src world kernel if you want to make sure the source is properly updated, along with the world and kernel (GENERIC). As indicated before, I don't think all the source got updated. The kernel showed 9.2 after recompilation. However UPDATING was not updated. Thats as much as I could check before. I assume that this could be possible by inconsistently updated sources. It would be a good start to remove /usr/src and download the sources of the correct version via SVN _or_ freebsd-update again. Before the next installation attempt, /usr/obj should be removed as well, just to be sure. Step 5: reboot Attention: Into single-user mode. Not possible since the system is located over 100 miles away. Everything has to be done via remote console. Does this mean SSH only or do you have a _real_ console transmission by which you can access the system _prior_ to the OS providing the SSH access? I'm mentioning this because the traditional approach requires (few) steps done in the single-user mode where no SSH connectivity is provided in the normal way… I have a telnet box that has serial connections to the console ports. That approach has been used without any issues since FreeBSD 2.5. I do disable all ports during the process via an reduced rc.conf file. A serial console should also work, but even though I've been using serial consoles (and _real_ serial terminals), one thing I'm not sure about: Is it possible to interrupt (!) the boot process at an early stage to get to the loader prompt and boot into single user mode from there? Ok boot -s If not, do you have the beastie menu (or whatever it is called today) enabled to go to SUM to perform the make installworld step? Anyway, if you can install everything is required with the disk at home, and then send it back to that datacenter (according to your characterization, the quotes are deserved), that should solve the problems and make sure everything works as intended. The Thick Plottens… I received the drives and installed them on a working system. The failed system is structured with a single partition for the system and another for swap. For some unknown reason, the BIOS got left configured to boot the extra disk if its powered up. That turns out to be handy. I can boot a working system with the corrupt drive powered off. Booting from the corrupt drive yields the normal hardware info followed by the Beastie image and immediately by a multitude of lines (repeated many times): Consoles: internal video/keyboard serial port BIOS drive C: is disk0 BIOS drive D: is disk1 BIOS 639kB/1037824kB available memory FreeBSD/x86 bootstrap loader, Revision 1.1 (d...@zool.lafn.org, Thu Oct 3 04:23:13 PDT 2013) Can't work out which disk we are booting from. Guessed BIOS device 0x not found by probes, defaulting to disk0: I was able to capture these by using a serial console connected to another computer. The lines only appear on the serial console once. They scroll by on the real console many time - all too fast to read anything. Then after a few seconds of that, the screen goes black, and the system reboots. The cycle then repeats… Pressing any key does nothing. I even filled
Re: 9.1 - 9.2 upgrade
On 4 October 2013, at 09:22, dweimer dwei...@dweimer.net wrote: On 10/04/2013 1:36 am, Doug Hardie wrote: On 3 October 2013, at 11:48, Doug Hardie bc...@lafn.org wrote: On 3 October 2013, at 10:49, Doug Hardie bc...@lafn.org wrote: I just did an upgrade using freebsd-update to 9.2. This system uses a custom kernel so I am rebuilding everything after the update completed. However, I noticed that /usr/src/UPDATING has not been updated. The first entry still says: 9.1-RELEASE. Is this correct? Well, it just got worse - The last reboot now fails: I am using a remote console and it shows: -- Press a key on the console to reboot -- Rebooting... Consoles: internal video/keyboard serial port BIOS drive A: is disk0 BIOS drive C: is disk1 BIOS 639kB/2087360kB available memory FreeBSD/x86 bootstrap loader, Revision 1.1 (d...@zool.lafn.org, Thu Oct 3 04:23:13 PDT 2013) Can't work out which disk we are booting from. Guessed BIOS device 0x not found by probes, defaulting to disk0: panic: free: guard1 fail @ 0x7f481ed0 from /usr/src/sys/boot/i386/loader/../../common/module.c:1004 -- Press a key on the console to reboot -- I can enter a string as it doesn't try to reboot again till the return is entered. I've tried b disk1, but it still only tries disk0. The system rebooted fine after the reboot after make kernel. Mergemaster didn't seem to affect anything dealing with boot. Don't know what make delete-old does but the descriptions lead me to not believe it could cause this. This system is on the other side of LA from me so its a major trip timewise. Any ideas how this can be recovered remotely? Booting off the live CD didn't find anything obviously wrong. I replaced the kernel with the old one and still the same error. I am having the drive mailed to me and will work with it here. However, it appears a new install is going to be required. The old sysinstall had the capability to skip over the formatting of the disk by just entering quit. It would then just replace the system components and leave everything else alone. I don't see any obvious way to do the same thing with bsdinstall. Is there a way to do that. I don't want to have to completely rebuild the drive, but just replace the system. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Just want to clarify the steps that started this if I read everything right: Step 1: freebsd-update from 9.1 to 9.2 Step 2: compile from source ? Was this world, or just the custom kernel?? Step 3: make delete-old Step 4: mergemaster Step 5: reboot oops, something went wrong.. If my suspicions are correct, the source was still 9.1 patch 7, but the system was running 9.2 from the binary update. This may have caused the make delete-old to delete things it shouldn't have The very first thing I would do is bring the disk up in another system and make a backup copy of the data. I have never tried this process, I am basically just taking the steps I use for updating a zfs system using boot environments, and applying them in order to build a new kernel and world to an alternate directory, as a method of recovering the system. The next step I would take is to then mount the file systems in an alternate location, /mnt for example make MAKEOBJDIRPREFIX /mnt/usr/obj make DESTDIR /mnt cd /mnt/usr/src rm -r * .svn rm -r /usr/obj/* svn co https://svn0.us-west.freebsd.org/base/releng/9.2 make buildwolrd make buildkernel make installkernel make installworld make -DBATCH_DELETE_OLD_FILES delete-old make -DBATCH_DELETE_OLD_FILES delete-old-libs mergemaster -Ui /mnt/usr/src -D /mnt With some luck the file system will now contain a boot-able FreeBSD install, that will still have all the settings in place, except it will be the generic kernel. You should then just be able to build and install the custom kernel, from the booted system as you normally would. The exact sequence was: Step 1: freebsd-update from 9.1 to 9.2 Step 2: make buildworld Step 3: make build_kernel KERNCONF=LAFN Step 4: make install_kernel KERNCONF=LAFN Step 5: reboot Step 6: mergemaster -p Step 7: make installworld Step 8: mergemaster -i Step 9: make delete-old Step 10: reboot oops, something went wrong.. After step 5, uname -a still showed 9.2 but now it listed the kernel I built rather than generic. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 9.1 - 9.2 upgrade
On 4 October 2013, at 19:08, Polytropon free...@edvax.de wrote: On Fri, 4 Oct 2013 18:58:52 -0700, Doug Hardie wrote: The exact sequence was: Step 1: freebsd-update from 9.1 to 9.2 Have you verified in /etc/freebsd-update.conf that src is definitely part of what should be updated? System is not bootable - can't verify anything… Step 2: make buildworld Step 3: make build_kernel KERNCONF=LAFN Step 4: make install_kernel KERNCONF=LAFN I assume the correct targets buildkernel and installkernel have been used. ;-) Yes Step 5: reboot Attention: Into single-user mode. Not possible since the system is located over 100 miles away. Everything has to be done via remote console. Step 6: mergemaster -p Step 7: make installworld Step 8: mergemaster -i Step 9: make delete-old Step 10: reboot Into multi-user mode again. oops, something went wrong.. After step 5, uname -a still showed 9.2 but now it listed the kernel I built rather than generic. Again, verify your configuration. Compare your steps with the comment header of /usr/src/Makefile which illustrates the exact procedure; from a (dated) 8-STABLE installation: 1. `cd /usr/src' (or to the directory containing your source tree). 2. `make buildworld' 3. `make buildkernel KERNCONF=YOUR_KERNEL_HERE' (default is GENERIC). 4. `make installkernel KERNCONF=YOUR_KERNEL_HERE' (default is GENERIC). [steps 3. 4. can be combined by using the kernel target] 5. `reboot'(in single user mode: boot -s from the loader prompt). 6. `mergemaster -p' 7. `make installworld' 8. `make delete-old' 9. `mergemaster'(you may wish to use -i, along with -U or -F). 10. `reboot' 11. `make delete-old-libs' (in case no 3rd party program uses them anymore) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 9.1 - 9.2 upgrade
On 4 October 2013, at 20:03, Polytropon free...@edvax.de wrote: On Fri, 4 Oct 2013 19:42:15 -0700, Doug Hardie wrote: On 4 October 2013, at 19:08, Polytropon free...@edvax.de wrote: On Fri, 4 Oct 2013 18:58:52 -0700, Doug Hardie wrote: The exact sequence was: Step 1: freebsd-update from 9.1 to 9.2 Have you verified in /etc/freebsd-update.conf that src is definitely part of what should be updated? System is not bootable - can't verify anything… Does the system (or better, its enclosure, software-wise) allow booting a rescue system or an emergency media, such as a FreeBSD v9 live system? Yes - but there is no one there who can successfully be told how to run it. We have serious communications issues - they want to use back slashes and have no idea what a slash is. Even if you tell them which key to use, they know better and use a back slash cause thats what Windoze uses. The disk should be in the mail to me now. I will be able to work with it when it arrives. The file /etc/freebsd-update.conf should contain the line Components src world kernel if you want to make sure the source is properly updated, along with the world and kernel (GENERIC). As indicated before, I don't think all the source got updated. The kernel showed 9.2 after recompilation. However UPDATING was not updated. Thats as much as I could check before. Step 5: reboot Attention: Into single-user mode. Not possible since the system is located over 100 miles away. Everything has to be done via remote console. Does this mean SSH only or do you have a _real_ console transmission by which you can access the system _prior_ to the OS providing the SSH access? I'm mentioning this because the traditional approach requires (few) steps done in the single-user mode where no SSH connectivity is provided in the normal way… I have a telnet box that has serial connections to the console ports. That approach has been used without any issues since FreeBSD 2.5. I do disable all ports during the process via an reduced rc.conf file. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
9.1 - 9.2 upgrade
I just did an upgrade using freebsd-update to 9.2. This system uses a custom kernel so I am rebuilding everything after the update completed. However, I noticed that /usr/src/UPDATING has not been updated. The first entry still says: 9.1-RELEASE. Is this correct? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 9.1 - 9.2 upgrade
On 3 October 2013, at 10:49, Doug Hardie bc...@lafn.org wrote: I just did an upgrade using freebsd-update to 9.2. This system uses a custom kernel so I am rebuilding everything after the update completed. However, I noticed that /usr/src/UPDATING has not been updated. The first entry still says: 9.1-RELEASE. Is this correct? Well, it just got worse - The last reboot now fails: I am using a remote console and it shows: -- Press a key on the console to reboot -- Rebooting... Consoles: internal video/keyboard serial port BIOS drive A: is disk0 BIOS drive C: is disk1 BIOS 639kB/2087360kB available memory FreeBSD/x86 bootstrap loader, Revision 1.1 (d...@zool.lafn.org, Thu Oct 3 04:23:13 PDT 2013) Can't work out which disk we are booting from. Guessed BIOS device 0x not found by probes, defaulting to disk0: panic: free: guard1 fail @ 0x7f481ed0 from /usr/src/sys/boot/i386/loader/../../common/module.c:1004 -- Press a key on the console to reboot -- I can enter a string as it doesn't try to reboot again till the return is entered. I've tried b disk1, but it still only tries disk0. The system rebooted fine after the reboot after make kernel. Mergemaster didn't seem to affect anything dealing with boot. Don't know what make delete-old does but the descriptions lead me to not believe it could cause this. This system is on the other side of LA from me so its a major trip timewise. Any ideas how this can be recovered remotely? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 9.1 - 9.2 upgrade
On 3 October 2013, at 11:58, dweimer dwei...@dweimer.net wrote: On 10/03/2013 1:48 pm, Doug Hardie wrote: On 3 October 2013, at 10:49, Doug Hardie bc...@lafn.org wrote: I just did an upgrade using freebsd-update to 9.2. This system uses a custom kernel so I am rebuilding everything after the update completed. However, I noticed that /usr/src/UPDATING has not been updated. The first entry still says: 9.1-RELEASE. Is this correct? Well, it just got worse - The last reboot now fails: I am using a remote console and it shows: -- Press a key on the console to reboot -- Rebooting... Consoles: internal video/keyboard serial port BIOS drive A: is disk0 BIOS drive C: is disk1 BIOS 639kB/2087360kB available memory FreeBSD/x86 bootstrap loader, Revision 1.1 (d...@zool.lafn.org, Thu Oct 3 04:23:13 PDT 2013) Can't work out which disk we are booting from. Guessed BIOS device 0x not found by probes, defaulting to disk0: panic: free: guard1 fail @ 0x7f481ed0 from /usr/src/sys/boot/i386/loader/../../common/module.c:1004 -- Press a key on the console to reboot -- I can enter a string as it doesn't try to reboot again till the return is entered. I've tried b disk1, but it still only tries disk0. The system rebooted fine after the reboot after make kernel. Mergemaster didn't seem to affect anything dealing with boot. Don't know what make delete-old does but the descriptions lead me to not believe it could cause this. This system is on the other side of LA from me so its a major trip timewise. Any ideas how this can be recovered remotely? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org I wonder if your source update didn't correctly download, mine starts with: Updating Information for FreeBSD current users ...[snip]... Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. 20130705: hastctl(8)'s `status' command output changed to terse one-liner format. Scripts using this should switch to `list' command or be rewritten. 20130618: Fix a bug that allowed a tracing process (e.g. gdb) to write ...[snip]... 20121218: With the addition of auditdistd(8), a new auditdistd user is now depended on during installworld. mergemaster -p can be used to add the user prior to installworld, as documented in the handbook. 20121205: 9.1-RELEASE. ...[snip]... I haven't a clue how to fix your non booting system short of booting off a FreeBSD disc, going to live CD, mounting the filesystems in a temp location and doing a buildworld/kernel over again with correct source tree. I have been using freebsd-update for quite awhile now and this is the first time it has failed. However, I am not convinced the kernel is bad. It never gets to the point of trying to load the kernel. Something has failed in the bootstrap process itself and I have not figured out what is the right thing to enter at that prompt. Being on-site is not a viable alternative… ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Throughput test with iperf...
On 28 September 2013, at 23:38, takCoder tak.offic...@gmail.com wrote: hi again.. would any of you please at least explain it to me what may cause iperf server ending up with Segmentation fault (core dumped) message right at the beginning of setting second connection in my bi-directional throughput test, using -r flag?? i used these commands on client and server on two freebsd machines which are connected straight with one cat5e cable: iperf -s -i 1 iperf -c X.Y.Z.T -t 60 -r just getting more confused.. :( Are you using iperf or iperf2. Iperf has a few problems. Iperf2 is more stable. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Throughput test with iperf...
On 29 September 2013, at 01:20, takCoder tak.offic...@gmail.com wrote: thanks for your reply.. :) i think it's iperf.. i installed /usr/ports/benchmarks/iperf port. where can i find iperf2? my machines are both FreeBsds but i can't find iperf2 in my ports collection.. Bad memory - its iperf3. There is no port at this time. You find it at: http://code.google.com/p/iperf/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Finding exactly which commands, and in which order, rc is running at startup
On 22 August 2013, at 13:07, Paul Hoffman phoff...@proper.com wrote: Greetings again. After doing a freebsd-update, my system is starting up differently than it was before. I want to figure out why before I come here and say it's broken. Is there a way to say show me all of the commands you are running during startup? It would be grand if I could say tell me what you would do next time (dry run), but what did you do last time is OK too. You can add: rc_debug=YES to /etc/rc.conf and that might give you what you need. According to the man page it will produces copious output to the terminal and syslog(3) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: dig
On 21 August 2013, at 18:14, Colin House co...@restecp.com wrote: On 22/08/2013 9:34 AM, Doug Hardie wrote: There appears to be a problem with dig and the +trace option in 9.2. I believe its also in 9.1. The command: dig freebsd.org +trace Only yields a dumb response. No useful information is provided. Running the same command on FreeBSD 7.2 yields a complete trace with lots of useful information. Have you tested against another NS? I ran into a similar problem when setting up unbound as a local recursor recently on a 9.1-STABLE (r251985) box. dig +trace domain would return (next to) nothing. dig +trace domain @8.8.8.8 worked as expected. I found it was the access-control configuration of unbound. Changing my access-control: ::1 allow to access-control: ::1 allow_snoop restored the +trace functionality. I'm not sure how this translates with bind.. Perhaps the defaults have changed between the versions that you're running (if you're running the base versions on 7.2 and 9.1) or your recursive server isn't allowing it on 9.2? Fwiw, in unbound, allow allows recursive lookups, allow_snoop allows both recursive and non-recursive lookups. After a bunch of testing, I have determined that the problem is the routers. If I use my local DNS servers or remote ones, then it works on all three systems. Three different routers block it somehow. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: dig
On 21 August 2013, at 17:02, Doug Hardie bc...@lafn.org wrote: On 21 August 2013, at 16:46, Frank Leonhardt fra...@fjl.co.uk wrote: On 22/08/2013 00:34, Doug Hardie wrote: There appears to be a problem with dig and the +trace option in 9.2. I believe its also in 9.1. The command: dig freebsd.org +trace Only yields a dumb response. No useful information is provided. Running the same command on FreeBSD 7.2 yields a complete trace with lots of useful information. ___ Works for me on 9.0 and 9.1 (and 8.2, 7.1, 7.0) Is there something wrong with your local bind configuration? Regards, Frank. No. The 7.2 config is identical to the 9.1 and there is no bind running on the 9.2. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 9.2
On 15 August 2013, at 06:37, ajtiM lum...@gmail.com wrote: How will be ATI supported in FreeBSD 9.2, please? I like bluetooth mouse. Is it supported? I try Linux Mint and it works perfect. I am downloading live CD for NetBSD (jibbed) and I will see how is works but I like to install FreeBSD (not double boot, just FreeBSD). See: http://docs.freebsd.org/cgi/mid.cgi?28915479-B712-4ED0-A041-B75F2F59FECA Thats not a complete answer as I don't use any of the user interface stuff. However, it will give a starting point for you. I have updated my two newest minis to run 9.2 (latest candidate). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: rsync on Mac OSX
On 12 July 2013, at 10:49, Chris Maness ch...@chrismaness.com wrote: On Tue, Jul 2, 2013 at 3:11 PM, Chris Maness ch...@chrismaness.com wrote: Since you are going to wait anyway, why don't you try peeking at some of the file checksums while this is running? MacOS X comes with a shasum utility which implements SHA-256 checksums, so you should be able to look at a few random samples of these files, e.g. by running on the source disk: shasum -a 256 source_directory/file/path/to/some/file.ext shasum -a 256 copied_directory/file/path/to/some/file.ext If these are the same, then the applications look elsewhere, e.g. in the 'hidden' .DS_Store stuff some MacOS directories contain. But if the checksums are different, well, then there's your problem. Checksums are the same. All other files still work however the HUGE rendered Final Cut Pro output, so I guess it is something in .DS_Store. Last time I just gave up and recopied everything by a simple cut and paste and that solved the problem. I made a small change on the project today, and I don't want to have to copy the WHOLE thing again just for a small delta. I already synced the directories, but the new rendered files are still un-openable in any application even though the checksums match. Really weird. However, the project will still open and work on FCP. Just the 12Gb rendered movie files will not play on anything even FCP. If I delete .DS_Store will the system regenerate it with the appropriate file associations? I know this is a little off topic, but Mac OSX is based on BSD. You guys are also the smartest around :D Rsync on the Mac only opens and copies the data forks. It does not copy the resource forks. There are still a few applications that use resource forks. Likewise the checksum apps work on the data forks only. There is a utility that is a modified rsync that does handle resource forks. I no longer remember what its name is. Its been a number of years since I last used it. I normally rsync from FreeBSD systems to Mac systems. I use Minis as off-site backups. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Boot Loader Issue
I had to convert a system from GPT to MBR. All went fine till I tried to reboot the system. It gets to mountroot and dies trying to mount from ufs:/dev/ada0p2. That won't work. If I enter ufs:/dev/ada0s1a then the system boots fine and runs. I need to alter mountroot so it tries the right partition/slice. How do I do that? I couldn't find anything in the handbook on that. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Boot Loader Issue
On 23 June 2013, at 20:39, Warren Block wbl...@wonkity.com wrote: On Sun, 23 Jun 2013, Doug Hardie wrote: I had to convert a system from GPT to MBR. All went fine till I tried to reboot the system. It gets to mountroot and dies trying to mount from ufs:/dev/ada0p2. That won't work. The loader should be getting that information from /etc/fstab. Have the entries there been changed? That was the problem. The system used GPT before and I can't believe I forgot to update fstab. That was a really dumb mistake. Thanks very much. If I enter ufs:/dev/ada0s1a then the system boots fine and runs. I need to alter mountroot so it tries the right partition/slice. How do I do that? I couldn't find anything in the handbook on that. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/boot-blocks.html has some information. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: System Calls that do DNS
On 3 June 2013, at 22:21, Doug Hardie bc...@lafn.org wrote: On 3 June 2013, at 20:39, staticsafe m...@staticsafe.ca wrote: On Mon, Jun 03, 2013 at 07:57:07PM -0700, Doug Hardie wrote: I have an unusual situation. A program is doing a DNS lookup and often the IP address has no reverse DNS entries. As a result the program hangs for several timeouts. The call is not being made directly in its code, but is occurring in a system call. There are no specific calls to DNS, its something else doing it. I have been trying to track down which system call is doing it, but without success so far. I have tried syslog calls around each of the system calls I thought might be the culprit, but my guessing is not very good. How can I identify the system call that is calling DNS? If I can find it, I hopefully can find another way to do whatever it does that does not involve a reverse DNS lookup. Use truss: http://www.freebsd.org/cgi/man.cgi?query=truss The truss utility traces the system calls called by the specified process or program. -- staticsafe O ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post - http://goo.gl/YrmAb Don't CC me! I'm subscribed to whatever list I just posted on. Unfortunately truss does not show anything more than ktrace. I know what is going out on the internet connection. Its a plain old reverse DNS request. The question is what library module (probably not a system call now that I think about it) is making that request. Interestingly enough, adding the IP address with a dummy name in /etc/hosts causes the reverse request to succeed and there are no time delays. So whatever module it is, is not using bind. Bind doesn't check the hosts files as far as I can tell. ___ After considering all the advice I received, the method I found that worked was to start the process and when it entered the reverse DNS timeout, quickly find the process ID and do a gdb on that process. Then a where command showed the entire stack which included all the module calls. I had to rebuild the process with debugging first. The IPv6 API when getting the client information will also do a reverse DNS lookup unless you specifically tell it not to do so. Changing that eliminated the lookup and the timeouts. Thanks to all. -- Doug ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can sasl/sendmail Report IP Of Failed Access?
On 4 June 2013, at 08:47, Tim Daneliuk tun...@tundraware.com wrote: I am seeing login dictionary attacks on a FreeBSD mail server being reported. Is there a way to determine the IPs that are doing this so they can be blocked at the firewall? auth.log only notes the attempted user name, not the IP of origin. -- I wrote some code to find the appropriate maillog entries which do include the IP addresses. It automagically adds the IP addresses to the pf blackhole table if certain criteria is met. The criteria is changeable. If you would like a copy, let me know. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: System Calls that do DNS
On 4 June 2013, at 22:19, Enno Davids e...@metva.com wrote: See if whois can tell you who owns the block the IP is in. That may give you some insight into what is asking for the reverse. Its ATT. Its probably at least a state's worth of DSL addresses. I am physically at one of them for a couple more days. After that I have no way to test this. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
System Calls that do DNS
I have an unusual situation. A program is doing a DNS lookup and often the IP address has no reverse DNS entries. As a result the program hangs for several timeouts. The call is not being made directly in its code, but is occurring in a system call. There are no specific calls to DNS, its something else doing it. I have been trying to track down which system call is doing it, but without success so far. I have tried syslog calls around each of the system calls I thought might be the culprit, but my guessing is not very good. How can I identify the system call that is calling DNS? If I can find it, I hopefully can find another way to do whatever it does that does not involve a reverse DNS lookup. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: System Calls that do DNS
On 3 June 2013, at 20:39, staticsafe m...@staticsafe.ca wrote: On Mon, Jun 03, 2013 at 07:57:07PM -0700, Doug Hardie wrote: I have an unusual situation. A program is doing a DNS lookup and often the IP address has no reverse DNS entries. As a result the program hangs for several timeouts. The call is not being made directly in its code, but is occurring in a system call. There are no specific calls to DNS, its something else doing it. I have been trying to track down which system call is doing it, but without success so far. I have tried syslog calls around each of the system calls I thought might be the culprit, but my guessing is not very good. How can I identify the system call that is calling DNS? If I can find it, I hopefully can find another way to do whatever it does that does not involve a reverse DNS lookup. Use truss: http://www.freebsd.org/cgi/man.cgi?query=truss The truss utility traces the system calls called by the specified process or program. -- staticsafe O ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post - http://goo.gl/YrmAb Don't CC me! I'm subscribed to whatever list I just posted on. Unfortunately truss does not show anything more than ktrace. I know what is going out on the internet connection. Its a plain old reverse DNS request. The question is what library module (probably not a system call now that I think about it) is making that request. Interestingly enough, adding the IP address with a dummy name in /etc/hosts causes the reverse request to succeed and there are no time delays. So whatever module it is, is not using bind. Bind doesn't check the hosts files as far as I can tell. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gpart
On 31 March 2013, at 18:28, Grant Peel gp...@thenetnow.com wrote: Hi all, I am in the midst of setting up the framework for new servers using FreeBSD 9.1. I used the bsdinstall and Manual`` option when setting up the disk geometry using GPT - graphical setup. The idea will be to eventually dump the 4 file systems, (/, /usr /var and /home) and restore them on other servers when the time comes. I am reading everything there is about GPT at this point as I have never used it before. It seems gpart is the tool to use. I have done several test runs setting the drive geometry using this as a guide: http://www.wonkity.com/~wblock/docs/html/disksetup.html Which worked well. But as yet I do not have dumps to test with. I was wondering in anyone sees any issues creating the drive geometry using this method, with the intent of restoring dumped filesystems to to, including the root filesystem. I am yet to use 9.1 to do so, so any tips would be appreciated. I just finished doing exactly that. Worked fine. I installed 9.1 on a drive and it had boot problems. Apparently the drive was previously a part of a raid and graid would get involved during boot and wait and wait and wait. To get rid of that, I formatted another drive using gpart and then used dump-restore to move the data from the first drive to the second. The new drive is now the master drive for the system. The original drive has been returned to a spare drive pool. The new drive boots fine and just works. I did a complete zero of the drive before starting the partitioning though as I have no way of knowing if that drive was previously in a raid array. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Client Authentication
On 24 March 2013, at 01:03, CeDeROM cede...@tlen.pl wrote: Why don't you just use PKI for authentication (you can generate your own certificates)? You can easily upload keys/certificated to client machines (PC, Android, Apple, ...). That should work :-) Thats exactly what I have been testing. Its easy in concept, but there are issues in the details. Once the certificate is loaded in a Mac and the password entered, its available for anyone to use thereafter. You actually have to remove the certificate from the keychain to disable it. Not a great approach for shared computers. Most users will not know how to remove it properly. I don't know about PCs yet though. In addition there are possible issues with mail clients. I have not tried them yet. It all depends if they can handle p12 format certificates. Pem format certificates must have the private key in plain format which renders them completely insecure. Then there still is the issue about Safari (at least) not handling the no certificate case properly. -- Doug ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Client Authentication
On 23 March 2013, at 22:59, Mehmet Erol Sanliturk m.e.sanlit...@gmail.com wrote: The following steps may be another idea : Assume that you supply to your users a small login program prepared for them specifically ( since you are using SSH ) : Compile that program for each user with a special identifier for him/her and ship this program to your user and require that the login will be performed by this program . This program will send a very long code to your system with user password which is only known to you and to your user . Since external users will not know this code , they will not be able to login into their accounts by using only password . This will also easily identify fake login trials : It is very obvious that to estimate a very long code will require a large number of tries : If code fails , it means that login trial is from a fake user . If password fails , it may be allowed a fixed number of trials ( The banks are allowing only TWO failed passwords , on third , a new attempt can be made after 24 hours , in Turkey ) . This program may also additionally send computer signature to your system which is previously send to you on subscription computed by a program prepared by you . If the user changes / or uses a different computer , he/she should supply a signature of the computer . Here , important point is that , always you should verify that you are communicating the real user , not a faked user in behalf of the real user . For the stolen program/codes , prepare a new program and ship to the user . Thats an interesting approach but becomes difficult to use when traveling as you have no idea what computer you will be able to use today until you get to it. Then you might have only a few minutes access to it before moving on. Another idea may be the following : Assume the user computer is NOT captured by a criminal bandit . On subscription , send to the user a square bar code printed on a card like credit card having a very long code specifically prepared for the user . On login , the user will show this card to the camera of the computer and will be transmitted to your system . In your system , it will be decoded , and it will be used to identify the user with his/her password . If this application is used , it may not be necessary to send the users a special login program prepared for each of them . This idea shows a lot of promise. I have to figure out how to tie it into mail, web etc. There is libqrencode for creating the QR images. I am downloading it now. -- Doug ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Client Authentication
On 24 March 2013, at 01:10, Waitman Gobble gobble...@gmail.com wrote: You might consider disabling external smtp auth service and using ssh tunnel to server to connect to mail. Also provide web based convenience service. I am not convinced that a ssh tunnel is going to be easy for my users. We do provide a web based mail client, but I wouldn't describe it as convenient. I find it a pain in the neck, but so many users requested it that we provide it. It is password authenticated but so slow it will never be attacked with password guessing. It might be interesting to encrypt mail to the user's cloud service that operates in a gpg zone. I think this operation could be mostly transparent to the user, so kids and granpamas can use it without concern. This one I don't understand. Can you provide pointers to this type of service? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Client Authentication
On 24 March 2013, at 01:22, Polytropon free...@edvax.de wrote: Wouldn't there be a possibility to combine key _and_ password? The key shouldn't have to be removed, but it should only work with a password (which again is kept individual to each user). The process has to be made more uncomfortable to be secure, i. e., the password should _not_ be stored, instead it _has_ to be entered every time the secure connection is to be used. If a different user gets his hands on a running session (in terms of user-separation or profiles on a particular machine), he won't be able to do anything with mail as he does not know the password, and the password will not be automatically provided for the sake of being less complicated. I don't know your particular end user machine settings, so this is just a broad suggestion. Many things in this idea depend on what software the client systems use, and how this software actually deals with security-related settings and procedures. The p12 format certificate includes the key and both are encrypted. This seems like the best distribution format. From what I have read most browsers can handle this distribution format since it is used in smart cards. However, on Safari, at least, when you import the certificate you have to enter the encryption key for the certificate and key. Then those are stored in the keychain (without any additional reference to that encryption key). They than can be used by anyone on that machine. It kind of defeats all the effort for security up to that point. DoD addresses this issue by somehow making the certificate not be imported into the keychain, but retained on the smart card only. Pulling the card from the reader eliminates any future use of it. Thats what I would like to achieve. -- Doug ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Client Authentication
I am not sure this is the best place to ask this, but I didn't see any other maillists that seemed more appropriate. Basically, my outgoing mail server is being systematically attacked to try passwords looking for one that works. When they do find one, we get inundated by spam sent through that account throughout the world. The situation is such that most of our users are older and their computer is a hand-me-down so they can talk to their grandchildren. Passwords are a great inconvenience for them and create numerous problems with remembering them even when they are simple. Unfortunately, most of them are quite easy to guess. Telling users to use more appropriate passwords is a complete waste of my time. Its never going to make any changes as they probably would not remember any other password (or where they wrote down the password). This situation requires a technical solution. I have been investigating the use of client authentication through SSL. DoD uses this approach by having the certificates on an ID card and a card reader on each computer. We don't have the money to use that approach no could we every get our users to spring for that. I was hoping to figure out a way to put the certificate on a flash drive or CD that the user would carry. The approach we use has to also work for iPads, smart phones etc that do not have an interface for a card reader. At this time, I have successfully configured a test for openssl client authentication using a client certificate. There are a few issues remaining. DoD uses a p12 format for their certificates. Many browsers support that format. It encrypts the certificate and private key so they are not easily obtained from the smart card. Openssl's s_client uses pem certificates and the key has to be included in the certificate file. While that is easily transported on CD or flash drive, the private key is in the clear on the device. Thats not really viable. S_client works properly without a certificate when the certificate check in the server is set to not fail if a certificate is not provided. This is needed because we will never get all our users to use this approach at home. They will still want to use passwords. Since the certificate request is made before the connection information is available, there is no easy way to request it only when needed. I have only been able to test with the Safari browser and it does not handle the no certificate case properly. I believe it is dropping the connection when the user does not select a certificate. I still have to test the other browsers. There is an interesting aspect of openssl that the certificate it uses for normal SSL authentication is not used for client authentication. There are another completely different set of calls that have to be made to set the certificate/key for use in validating the client certificates. Much of this is only documented in existing code. With Safari you have to import the client's certificate into the keychain. Then it works fine. Unfortunately, it doesn't go away when you are done with it. Unlike the smart card which, when removed, removes the certificate, the Safari certificate can continue to be used by anyone afterwards. Hence, its not all that useful for authentication. One approach I have heard about, but not investigated yet is to place the keychain on the removable device. That would make it go away. However, that approach would not work with any other browser or mail program. Any ideas/suggestions on this will be appreciated. Thanks, -- Doug ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Using bsdinstall to create MBR
I am trying to use bsdinstall to create a MBR partitioned disk. I can set the partition type to MBR fine. However, when trying to add in slices I can't figure out what to enter for the parameters. Everything I have tried gives an error message. I wanted one for / and one for swap. How do I create the two slices? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using bsdinstall to create MBR
On 12 March 2013, at 18:50, Warren Block wbl...@wonkity.com wrote: On Tue, 12 Mar 2013, Doug Hardie wrote: I am trying to use bsdinstall to create a MBR partitioned disk. I can set the partition type to MBR fine. However, when trying to add in slices I can't figure out what to enter for the parameters. Everything I have tried gives an error message. I wanted one for / and one for swap. How do I create the two slices? http://forums.freebsd.org/showpost.php?p=149210postcount=13 Thank you . That shows the correct procedure. I never would have guessed that. It works just fine. This needs to be included in the handbook. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: What is your favorite board for a micro system?
On 8 March 2013, at 15:53, Erik Nørgaard norga...@locolomo.org wrote: Hi! What is your favorite mini/micro/nano/pico-itx platform for home projects? I currently run a home server on an Intel mini-itx board but was looking around for something fun to play with with the following specs: - mini-itx or smaller, low profile - fanless - low power 12V external PSU - 1 LAN, preferably 2 - 2 USB2/3 - Flash bootable, but with option for hdd boot - GPIO would be fun - hdmi out would be nice I have tried VIA boards but found they were flacky... Any suggestion regarding ARM vs Intel based? Look at the Mac Mini. Only has one LAN though. It does have a fan but I have never had it come on. Runs 9.1 (amd or i386) although booting is currently a challenge. I am working on that. It does require 120 VAC though. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Fat Fingered An 'rm -rf' of Important Files
On 28 February 2013, at 01:02, Polytropon free...@edvax.de wrote: On Wed, 27 Feb 2013 21:08:58 -0600, Joseph A. Nagy, Jr wrote: Okay, I know I should pay more attention to what I'm doing, and having separate partitions isn't an excuse for regular backups. If we can skip the finger wagging on that part I'd appreciate it. I've experienced similar and different moments of unintended successful rm, so I won't mention missing backups. ;-) Is there any way to retrieve any of them? Yes, but it's not easy. Prepare to go on a journey though file system documentation, trial error. Obviously we're talking about a USB stick, so no TB amount of data has to be processed. First of all: Do _not_ alter the USB stick in any way. No matter what you do, it can always get worse. I've not wrote any data to either partition since the accidental deletion. Very good. You can first make a copy of the file system (the whole stick) and use that: It will be faster to access and if you do something wrong, the original data (which we can assume is still there) won't be affected: # dd if=/dev/da0 of=stick.dd Now let me introduce you to the list of helpful programs in case you've done something ultimately stupid which I have already repeated several times on this mailing list. I'm sure you can find some program that will help you. See my individual notes regarding your specific situation. I will refactor text from a previous message. A worst-case tool to recover data (not file names, but file content) is testdisk; in ports: sysutils/testdisk. It's also on some diagnostics and recovery CDs like UBCD. You can also try this: # fetch -rR device Also recoverdisk could be useful. The ports collection contains further programs that might be worth investigating; just in case they haven't been mentioned yet: ddrescue dd_rescue - use this to make an image of the stick! magicrescue testdisk- restores content recoverjpeg foremost photorec Then also ffs2recov scan_ffs should be mentioned. And finally, the cure to everything is found in The Sleuth Kit (in ports: tsk): fls dls ils autopsy Keep in mind: Read the manpages before using the programs. It's very important to do so. You need to know what you're dealing with, or you'll probably fail. There is no magical tetroplyrodon to click ^Z and get everything back. :-) Proprietary (and expensive) tools like R-Studio or UFS Explorer can still be considered worth a try. Their trial versions are for free. UFS Explorer even works using wine (I've tried it). Note: I've dealt with a comparable problem some months ago when a Windows PC has repaired a FAT file system on a USB stick, with the excellent result of all data being gone. I could restore everything except the original file names (which I wrote a script to conclude them from file metadata and content). So it should be possible. I see this issue way too often. The above information should be put in the Handbook. It would be nice to have it fleshed out more, but if nothing else, the above would be helpful to others who run into similar issues. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Unusual TCP/IP Packet Size
Monitoring a tcpdump between two systems, a FreeBSD 9.1 system has the following interface: msk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=c011bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,VLAN_HWTSO,LINKSTATE ether 00:11:2f:2a:c7:03 inet 10.0.1.199 netmask 0xff00 broadcast 10.0.1.255 inet6 fe80::211:2fff:fe2a:c703%msk0 prefixlen 64 scopeid 0x1 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: Ethernet autoselect (100baseTX full-duplex,flowcontrol,rxpause,txpause) status: active It sent the following packet: (data content abbreviated) 02:14:42.081617 IP 10.0.1.199.443 10.0.1.2.61258: Flags [P.], seq 930:4876, ack 846, win 1040, options [nop,nop,TS val 401838072 ecr 920110183], length 3946 0x: 4500 0f9e ea89 4000 4006 2a08 0a00 01c7 E.@.@.*. 0x0010: 0a00 0102 01bb ef4a ece1 680b ae37 1bbc ...J..h..7.. 0x0020: 8018 0410 3407 0101 080a 17f3 8ff8 4...……. The indicated packet length is 3946 and the load of data shown is that size. The MTU on both interfaces is 1500. The receiving system received 3 packets. There is a router and switch between them. One of them fragmented that packet. This is part of a SSL/TLS exchange and one side or the other is hanging on this and just dropping the connection. I suspect the packet size is the issue. ssldump complains about the packet too and stops monitoring. Could this possibly be related to the hardware checksums? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Booting Problem
On 29 January 2013, at 20:25, d...@safeport.com wrote: On Tue, 29 Jan 2013, Doug Hardie wrote: On 29 January 2013, at 07:18, Mario Lobo wrote: On Mon, 28 Jan 2013 15:16:14 -0800 Doug Hardie bc...@lafn.org wrote: I have a relatively old machine that I am trying to boot 9.1 on. The bios will not boot from USB stick. I am using an external CD drive. It starts the boot process fine and gets to the Bootstrap loader message with revision 1.1. Then it puts out the machine, date, time the CD was created and starts the spinner. It spins around about 2 times and stops. The system continues to read from the drive for another couple minutes. Then everything stops. Nothing more happens. The CD is good. I can boot it just fine using the same external drive on another machine. While I could remove the drive and temporarily mount in in the working machine and build it there, I would like to find a way to successfully boot from CD. This will become a remote machine and taking it apart later is not a viable option. What is the system you are using? What external devices does it have built-in support for? In the absence of any data - how about trying an external hard drive? 9.1 release - Generic. Basically the disk1. Don't have an extra external drive. Why not remove the hard drive, use another system to put FreeBSD on the drive, and put it back. From that point on you should be able to use the network to upgrade. I have done that before and it does work. However, with the various changes to the system, the root partition I had previously built that way for 8.2 is just not large enough for 9.1. Also, I wanted to go to a single partition (the 9.1 default). Probably freebsd-update will take me through major releases after this, but I was hoping for a better solution so I could avoid having to transport the machine a long way twice to be able to update it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Booting Problem
On 30 January 2013, at 05:16, Fbsd8 wrote: Doug Hardie wrote: On 29 January 2013, at 07:18, Mario Lobo wrote: On Mon, 28 Jan 2013 15:16:14 -0800 Doug Hardie bc...@lafn.org wrote: I have a relatively old machine that I am trying to boot 9.1 on. The bios will not boot from USB stick. I am using an external CD drive. It starts the boot process fine and gets to the Bootstrap loader message with revision 1.1. Then it puts out the machine, date, time the CD was created and starts the spinner. It spins around about 2 times and stops. The system continues to read from the drive for another couple minutes. Then everything stops. Nothing more happens. The CD is good. I can boot it just fine using the same external drive on another machine. While I could remove the drive and temporarily mount in in the working machine and build it there, I would like to find a way to successfully boot from CD. This will become a remote machine and taking it apart later is not a viable option. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Can you boot a different OS (Win, Ububtu, gparted, etc ...) from the same drive on the same machine? Not so far. The drive works fine on other systems. You said in your orginal post The bios will not boot from USB stick. I see no reason why you would think your PC would BOOT from any USB attached devices. Since you have another PC that does boot off of usb cd drive, swap hard drives and use that pc to load FreeBSD to the hard drive. This method will work for you. Yes that works now. But starting this weekend it will be about 100 miles away. That no longer will be practical. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Booting Problem
On 29 January 2013, at 07:18, Mario Lobo wrote: On Mon, 28 Jan 2013 15:16:14 -0800 Doug Hardie bc...@lafn.org wrote: I have a relatively old machine that I am trying to boot 9.1 on. The bios will not boot from USB stick. I am using an external CD drive. It starts the boot process fine and gets to the Bootstrap loader message with revision 1.1. Then it puts out the machine, date, time the CD was created and starts the spinner. It spins around about 2 times and stops. The system continues to read from the drive for another couple minutes. Then everything stops. Nothing more happens. The CD is good. I can boot it just fine using the same external drive on another machine. While I could remove the drive and temporarily mount in in the working machine and build it there, I would like to find a way to successfully boot from CD. This will become a remote machine and taking it apart later is not a viable option. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Can you boot a different OS (Win, Ububtu, gparted, etc ...) from the same drive on the same machine? Not so far. The drive works fine on other systems. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Booting Problem
I have a relatively old machine that I am trying to boot 9.1 on. The bios will not boot from USB stick. I am using an external CD drive. It starts the boot process fine and gets to the Bootstrap loader message with revision 1.1. Then it puts out the machine, date, time the CD was created and starts the spinner. It spins around about 2 times and stops. The system continues to read from the drive for another couple minutes. Then everything stops. Nothing more happens. The CD is good. I can boot it just fine using the same external drive on another machine. While I could remove the drive and temporarily mount in in the working machine and build it there, I would like to find a way to successfully boot from CD. This will become a remote machine and taking it apart later is not a viable option. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
SOLVED: Problem upgrading to 9.1-Release
I found the problem. Somehow /usr/obj was not successfully exported and hence was completely empty. There must have been some error message in that process that I missed. Anyway, correcting that problem so that /usr/obj was available fixed the problem. On 4 January 2013, at 15:38, Doug Hardie wrote: I have upgraded my development system to 9.1 without any problems. This system maintains kernel source and I build a new kernel with a couple extra options there. The other systems mount /usr/src and /usr/obj from it and do the install. The first one to be upgraded had no problem with make installkernel. Rebooted and ran mergemaster -p just fine. However make installworld dies within a couple seconds with the following error: install -o root -g wheel -m 444 libc_pic.a /usr/lib gencat be_BY.UTF-8.cat /usr/src/lib/libc/nls/be_BY.UTF-8.msg gencat: No such file or directory *** [be_BY.UTF-8.cat] Error code 1 /usr/bin/gencat exists. However, ktrace of the make shows: 3347 make CALL execve(0xbfbfd1c8,0x28c35f14,0x28421180) 3347 make NAMI /usr/obj/usr/src/tmp/legacy/usr/sbin/gencat 3347 make RET execve -1 errno 2 No such file or directory 3347 make CALL execve(0xbfbfd1c8,0x28c35f14,0x28421180) 3347 make NAMI /usr/obj/usr/src/tmp/legacy/usr/bin/gencat 3347 make RET execve -1 errno 2 No such file or directory 3347 make CALL execve(0xbfbfd1c8,0x28c35f14,0x28421180) 3347 make NAMI /usr/obj/usr/src/tmp/legacy/usr/games/gencat 3347 make RET execve -1 errno 2 No such file or directory 3347 make CALL execve(0xbfbfd1c8,0x28c35f14,0x28421180) 3347 make NAMI /usr/obj/usr/src/tmp/usr/sbin/gencat 3347 make RET execve -1 errno 2 No such file or directory 3347 make CALL execve(0xbfbfd1c8,0x28c35f14,0x28421180) 3347 make NAMI /usr/obj/usr/src/tmp/usr/bin/gencat 3347 make RET execve -1 errno 2 No such file or directory 3347 make CALL execve(0xbfbfd1c8,0x28c35f14,0x28421180) 3347 make NAMI /usr/obj/usr/src/tmp/usr/games/gencat 3347 make RET execve -1 errno 2 No such file or directory 3347 make CALL execve(0xbfbfd1c8,0x28c35f14,0x28421180) 3347 make NAMI /tmp/install.CuIzLuBX/gencat 3347 make RET execve -1 errno 2 No such file or directory 3347 make CALL write(0x2,0x28c48c00,0x6) 3347 make GIO fd 2 wrote 6 bytes gencat Obviously its not in any of those places. How can I fix this? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Problem upgrading to 9.1-Release
I have upgraded my development system to 9.1 without any problems. This system maintains kernel source and I build a new kernel with a couple extra options there. The other systems mount /usr/src and /usr/obj from it and do the install. The first one to be upgraded had no problem with make installkernel. Rebooted and ran mergemaster -p just fine. However make installworld dies within a couple seconds with the following error: install -o root -g wheel -m 444 libc_pic.a /usr/lib gencat be_BY.UTF-8.cat /usr/src/lib/libc/nls/be_BY.UTF-8.msg gencat: No such file or directory *** [be_BY.UTF-8.cat] Error code 1 /usr/bin/gencat exists. However, ktrace of the make shows: 3347 make CALL execve(0xbfbfd1c8,0x28c35f14,0x28421180) 3347 make NAMI /usr/obj/usr/src/tmp/legacy/usr/sbin/gencat 3347 make RET execve -1 errno 2 No such file or directory 3347 make CALL execve(0xbfbfd1c8,0x28c35f14,0x28421180) 3347 make NAMI /usr/obj/usr/src/tmp/legacy/usr/bin/gencat 3347 make RET execve -1 errno 2 No such file or directory 3347 make CALL execve(0xbfbfd1c8,0x28c35f14,0x28421180) 3347 make NAMI /usr/obj/usr/src/tmp/legacy/usr/games/gencat 3347 make RET execve -1 errno 2 No such file or directory 3347 make CALL execve(0xbfbfd1c8,0x28c35f14,0x28421180) 3347 make NAMI /usr/obj/usr/src/tmp/usr/sbin/gencat 3347 make RET execve -1 errno 2 No such file or directory 3347 make CALL execve(0xbfbfd1c8,0x28c35f14,0x28421180) 3347 make NAMI /usr/obj/usr/src/tmp/usr/bin/gencat 3347 make RET execve -1 errno 2 No such file or directory 3347 make CALL execve(0xbfbfd1c8,0x28c35f14,0x28421180) 3347 make NAMI /usr/obj/usr/src/tmp/usr/games/gencat 3347 make RET execve -1 errno 2 No such file or directory 3347 make CALL execve(0xbfbfd1c8,0x28c35f14,0x28421180) 3347 make NAMI /tmp/install.CuIzLuBX/gencat 3347 make RET execve -1 errno 2 No such file or directory 3347 make CALL write(0x2,0x28c48c00,0x6) 3347 make GIO fd 2 wrote 6 bytes gencat Obviously its not in any of those places. How can I fix this? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: I Guess I Don't Understand NFS As Well As I Thought
On 24 November 2012, at 12:32, Tim Daneliuk wrote: Can someone kindly explain what is going on here: Machine A: FreeBSD - was running 8, just upgraded to 9.1-PRE (I don't recall seeing the behavior described below in V8, but then, I don't think I ever tried it). Machine B: Linux Mint Desktop - Machine A acts as an NFS server for Machine B. - Machine A exports a particular directory like this: /usr/foo -maproot=myid -network ... - /usr/foo/bar is owned by root on Machine A and has files therein owned as root:root with permissions of 600. - If I access /usr/foo/bar/file1 from Machine B, I cannot read it but - and this is the part I don't get - I CAN *rename* it. What's going on? Since /foo/bar/ is owned by root and everything in it is 600 root:root, I would not expect a remote access to allow things like renaming. Clearly I am missing something here, but I don't get it. What are the permissions on the directory /usr/foo/bar? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: I Guess I Don't Understand NFS As Well As I Thought
On 24 November 2012, at 14:37, Tim Daneliuk wrote: On 11/24/2012 03:25 PM, Doug Hardie wrote: On 24 November 2012, at 12:32, Tim Daneliuk wrote: Can someone kindly explain what is going on here: Machine A: FreeBSD - was running 8, just upgraded to 9.1-PRE (I don't recall seeing the behavior described below in V8, but then, I don't think I ever tried it). Machine B: Linux Mint Desktop - Machine A acts as an NFS server for Machine B. - Machine A exports a particular directory like this: /usr/foo -maproot=myid -network ... - /usr/foo/bar is owned by root on Machine A and has files therein owned as root:root with permissions of 600. - If I access /usr/foo/bar/file1 from Machine B, I cannot read it but - and this is the part I don't get - I CAN *rename* it. What's going on? Since /foo/bar/ is owned by root and everything in it is 600 root:root, I would not expect a remote access to allow things like renaming. Clearly I am missing something here, but I don't get it. What are the permissions on the directory /usr/foo/bar? 775 Let me correct something. The files in that directory are owned by root:wheel (not root:root - I got my *nixes confused), but they definitely have 600 perms. On Machine A, user 'myid' is IN the wheel group but I still don't see how he's getting permission to rename the file.\ Renaming a file does not change the file itself. It updates the directory. Any user in group wheel has the authority to write to the directory (e.g., change a file's name). The directory permissions are rwx for group wheel. You can either try a user on machine B who is not in group wheel or change the directory permissions to 755 on /usr/foo/bar. Then it would work as you expect. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is FreeBSD 9 Production Ready?
On 24 November 2012, at 16:36, Tim Daneliuk wrote: On 11/24/2012 05:58 PM, Erich Dollansky wrote: Hi, On Sat, 24 Nov 2012 10:38:35 -0600 Tim Daneliuk tun...@tundraware.com wrote: I am currently running FBSD 8.3-STABLE on a production server that provides http, dns, smtp, and so on for a small domain. This is not a high arrival rate environment but it does need to be rock solid (which FBSD 4-8 have been). why would you like to break a running system? That's exactly what I don't want to do. I am contemplating moving to the FBSD 9 family. Is this branch ready I would stay with 8.x until the end of its support and move only then to a new branch. It could be then 9.x or 10.y. I would then - but only then - prefer the 10.y branch. I retired my 7.4 only because of lightning strike this spring. Robustness is my main goal here. Any change which brings only the risk is avoided. I used to take this approach. However, I discovered the pain of fixing a configuration that jumped several major releases was way higher than tracking them each as they became stable. I did the 9.1-PRE upgrade today and - once the new system was compiled and ready to be installed - had only very minor conversion issues. In my case, the most painful part of conversion is the mail infrastructure. The server in question is the domain's mail server and it has a LOT of moving parts with custom configurations: sendmail, greylisting, mailscanner, spam assassin, mailman, SASL ... That is pretty much always what breaks. Doing smaller leaps tends to make this more tractable to control. I am in a similar situation. Reliability is more important than anything else. I run similar mail configurations on one server, although I use different machines for incoming and outgoing mail. Jumps across versions have been more difficult. I have kept records of the steps I used for each upgrade and theose help me prepare for the next one. I am in the middle of jumping from 7.2 to 9.1. One machine is completely converted and working just fine. I had reliability problems with 9.0. It kept rebooting or crashing every few days. I am on 9.1-RC2 at the moment and its been up and working for 34 days now. I will upgrade it to 9.1 when its released. This one had to be upgraded early because it was new hardware. The old machine completely died. I have another server also running 9.1-RC2 but it is not moved into production yet. It is primarily a news server and has a large news cache that has to be moved. I am waiting for 9.1 for that. On some of my test machines I have found that 9.1 is the first release to support the built-in wireless NICs. The service command is really helpful. I frequently can't remember which service is in etc and which in /usr/local/etc. The largest problem I encountered in the upgrade was the disk structure. My disks were setup when using FreeBSD 3.5/3.7. As a result, the root partition is way too small today. I was able to shoe horn 7.2 in by deleting the kernel symbol files while they were being installed. 9.0/9.1 just didn't fit at all. Restructuring the disks is a time consuming job and fairly error prone in getting everything back that is needed to run production. There is also the issue that the default formatting uses SU+J which is not compatible with dump live filesystems. Now I am going to have to find the time to bring the systems down to remove journaling with no one on-site who has a clue what they are doing. I currently have 9.1-RCx running on 5 systems and have not had any stability issues with it. One system is in production but the others are lightly used. One of them is a 200 MHz machine with either 32 Meg or 64 Meg memory. It seems to be faster then when it ran 8.2 but I haven't actually done any measurements. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: WARNING: FreeBSD 9.0-RELEASE is approaching its End-of-Life date.
On 15 November 2012, at 14:46, Matthias Petermann wrote: Hi, On Thu, 15 Nov 2012 14:35:52 -0800 Michael Sierchio ku...@tenebras.com wrote: http://www.freebsd.org/security/ Scroll down about halfway. 9.0 is a regular release, EOL is January 31, 2013. Alternate releases are extended releases, so 9.1 will have a 2 year support span. Thanks for the clearification. One technical thing: is it possible, to upgrade from FreeBSD 9.0 to 9.1 with the freebsd-update utility? Yes. I have done that from 9.0 to 9.1-RC1 and later RC2. It takes longer than you would like, but works just fine. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: WARNING: FreeBSD 9.0-RELEASE is approaching its End-of-Life date.
On 15 November 2012, at 17:04, Randal L. Schwartz wrote: Andreas == Andreas Rudisch cyb.@gmx.net writes: Andreas On Thu, 15 Nov 2012 23:46:53 +0100 Andreas Matthias Petermann matth...@d2ux.net wrote: Thanks for the clearification. One technical thing: is it possible, to upgrade from FreeBSD 9.0 to 9.1 with the freebsd-update utility? Andreas Yes, it is. Can I go from 8.3 directly to 9.1, or should I stop over at 9.0 first? For me that was not possible. My disks were partitioned and labeled when FreeBSD 4.7 was new. The size of the root partition was now too small for 9.0. I had to do a complete install and reformat of the drives to get to 9.0. My root partition was a bit small for 7.x as I had to delete the symbol files to make it fit. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 9.1 and SU+J
On 4 November 2012, at 07:04, Bas Smeelen wrote: On 11/04/2012 03:00 PM, Bas Smeelen wrote: On 11/04/2012 02:11 PM, RW wrote: On Sun, 04 Nov 2012 11:44:28 +0100 Bas Smeelen wrote: On 11/03/2012 07:30 PM, Herbert J. Skuhra wrote: On 03.11.2012 13:48, Doug Hardie wrote: I didn't notice that journaling is on by default and now dump is failing. The only way I can see to disable journaling requires that the file system be dismounted, or read-only. This is a remote machine and journaling is on root. Is there any other way that would not require me to make a long trip out to the site? I guess I was a little off here, it actually worked for / also See further below for the whole story This was all done remote with ssh $ mount /dev/da0p2 on / (ufs, local, soft-updates) devfs on /dev (devfs, local, multilabel) /dev/da0p3 on /tmp (ufs, local, soft-updates) /dev/da0p4 on /var (ufs, local, soft-updates) /dev/da0p5 on /usr (ufs, local, soft-updates) $ su Password: root@osebart:/usr/home/Freebee # rm /.sujournal root@osebart:/usr/home/Freebee # rm /var/.sujournal root@osebart:/usr/home/Freebee # rm /tmp/.sujournal root@osebart:/usr/home/Freebee # rm /usr/.sujournal root@osebart:/usr/home/Freebee # uname -a FreeBSD osebart.ose.nl 9.1-RC2 FreeBSD 9.1-RC2 #0 r241106: Mon Oct 1 18:26:44 UTC 2012 r...@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 I can't get that to work on i386. Here is /etc/rc.d/fsck: fi echo Ready for tunefs /sbin/tunefs -j disable /dev/da0p2 } load_rc_config $name run_rc_command $1 reboot computer and here is the output from messages: Nov 4 14:07:19 Router kernel: Ready for tunefs Nov 4 14:07:19 Router kernel: Clearing journal flags from inode 4 Nov 4 14:07:19 Router kernel: tunefs: soft updates journaling cleared but soft updates still set. Nov 4 14:07:19 Router kernel: tunefs: remove .sujournal to reclaim space Nov 4 14:07:19 Router kernel: Mounting local file systems:. and the output from mount: Router# mount /dev/da0p2 on / (ufs, local, journaled soft-updates) devfs on /dev (devfs, local, multilabel) Journaled is still on after 2 reboots. Router# uname -a FreeBSD Router 9.1-RC2 FreeBSD 9.1-RC2 #0 r241133: Tue Oct 2 17:11:45 UTC 2012 r...@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 -- Doug ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
send-pr Submission Times
I sent a PR using send-pr earlier today. However, after having sent it and received a line that said it was submitted, I realized I didn't include my email address. Somehow I completely overlooked that. I have been waiting for it to show up in the on-line indexes, but it hasn't so far. How long does that process normally take? I am wondering if it was just dropped because of the lack of the email address. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
SATA Controllers
Looking through the list of SATA Controllers available at Best Buy, I don't find any of them listed on the 9.0 hardware page. I need a couple cheap ones (for non-production systems). Does anyone have recommendations? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
freebsd-update
I am using freebsd-update to update a system running a generic kernel. I ran into an interesting situation where after it has downloaded the updates it enters a configuration phase where it shows updated config files with the old and new. You can hit return to enter vi and clean up the file. After that you get to a selection of files where you only get the question does this look reasonable? Your options are Y or N. Y makes the changes and N just terminates the entire update forcing you to start over again from the beginning. Why can't you correct issues with those config files? Why bother to even ask if there is only one possible response (Y)?___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to speed up port make??
On 25 July 2012, at 23:04, Ryan Noll wrote: Hello, On Jul 25, 2012 7:34 PM, Chad Perrin per...@apotheon.com wrote: You kids have got it easy. I used to have to compile by hand with a pair of tweezers, bar copper wire, a magnifying glass, and a potato with two pieces of metal stuck in it as a power source. Ha-ha... Ah those were the days..., but does anyone remember the old way of building the kernel in the 2.2.8 days? I was just getting started doing the basic system setup/admin things in those days. Back then (1998 or so) I did not have access to broadband, so I did not even update the sources back then, but I knew that it was a good idea to remove devices from the GENERIC kernel that I did not have--thanks to the book by Greg Lehey. (Even though the version of The Complete FreeBSD I bought is so out of date I cannot bring myself to throw it away--it was my guide back in those days.) Does anyone else remember The Complete FreeBSD? Its sitting in my bookshelf. Its pretty worn out though. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPv6 getaddrinfo(3C)
On 12 July 2012, at 07:24, Matthias Apitz wrote:
Hello,
I'm playing around with IPv6 code on a FreeBSD 9 system and can't get
getaddrinfo(3C) to do what it should do as stated in its man page:
accept an IPv6 and IPv4 IP addr, it only works with the IPv6 form:
$ ./a.out ::1
host: ::1
read: SSH-2.0-OpenSSH_5.6p1 FreeBSD-2010
$ ./a.out 127.0.0.1
host: 127.0.0.1
ssh: getaddrinfo failed code 8: hostname nor servname provided, or not known
$ telnet 127.0.0.1 22
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.6p1 FreeBSD-2010
the used C-code is attached below; what I'm doing wrong in the code?
Thanks
matthias
/* IPv6 client code using getaddrinfo */
#include stdlib.h
#include sys/types.h
#include sys/socket.h
#include netinet/in.h
#include stdio.h
#include netdb.h
#include string.h
main(argc, argv) /* client side */
int argc;
char *argv[];
{
struct addrinfo req, *ans;
int code, s, n;
char buf[1024];
memset(req, 0, sizeof(req));
req.ai_flags = AI_ADDRCONFIG|AI_NUMERICHOST;
req.ai_family = AF_INET6; /* Same as AF_INET6. */
req.ai_socktype = SOCK_STREAM;
/* */
/* Use default protocol (in this case tcp) */
/* */
req.ai_protocol = 0;
printf(host: %s\n, argv[1]);
if ((code = getaddrinfo(argv[1], ssh, req, ans)) != 0) {
fprintf(stderr, ssh: getaddrinfo failed code %d: %s\n, code,
gai_strerror(code));
exit(1);
}
/* */
/* ans must contain at least one addrinfo, use */
/* the first. */
/* */
s = socket(ans-ai_family, ans-ai_socktype, ans-ai_protocol);
if (s 0) {
perror(ssh: socket);
exit(3);
}
/* Connect does the bind for us */
if (connect(s, ans-ai_addr, ans-ai_addrlen) 0) {
perror(ssh: connect);
exit(5);
}
n = read(s, buf, 1024);
printf (read: %s, buf);
/* */
/* Free answers after use */
/* */
freeaddrinfo(ans);
exit(0);
}
I won't claim to be an expert on this, but I have used getaddrinfo successfully
in servers. The only thing I see that might be an issue is the use of zero for
ai_protocol. The comment in the man page implies that value is for servers and
not clients. I suspect you have to set the specific protocol you want. You
haven't included AI_PASSIVE so I suspect its expecting you to use the address
to contact a server.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 9.0 hang
On 2 July 2012, at 22:59, Wojciech Puchar wrote: I have no ATM interfaces so it shouldn't be loading to my way of thinking. so check while this module is loading at all, no matter if it's unsuccessull. FreeBSD is not random place like windows, everything must have a reason. True it must, but I have no idea why if_en would try to be loaded or even how to figure that out. There is nothing in the logs. My understanding is that you would have to have an interface that requires the en driver. pciconf doesn't show any. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 9.0 hang
On 2 July 2012, at 08:50, Wojciech Puchar wrote: link_eif symbol atm_event undefined KLD if_en.ko: depends on utopia - not available or version mismatch. Those were the last 2 lines on the console before the hang. There is nothing at all in messages about this. I suspect the system was not totally hung, just the etnernet interfaces (2 different ones) as I could still ping both interfaces successfully. However, no attempt to access any service worked. I haven't found anything relevant on those through Google. if_en.ko os present as is utopia.ko. I don't understand why the kernel would try to load if_en as I don't have any of those devices. There are em0 and dc0 ethernet interfaces. This is almost a generic kernel. The config file contains: Was that line printed just before hangup? Do you actually tried to load ATM interface driver. If no - check why it loads at all. I have no ATM interfaces so it shouldn't be loading to my way of thinking. Check what is last in your logfile. Nothing. Check if any addon drivers you use (fuse.ko, vboxdrv.ko) was compiled with the same kernel sources that you compiled kernel. kldstat -v shows: 21 0xc5b36000 4000 fdescfs.ko (/boot/kernel/fdescfs.ko) Contains modules: Id Name 493 fdescfs 31 0xc5c8f000 3000 pflog.ko (/boot/kernel/pflog.ko) Contains modules: Id Name 495 pflog 41 0xc5c92000 34000pf.ko (/boot/kernel/pf.ko) Contains modules: Id Name 494 pf if_en is not listed as compiled into the kernel. The kernel and userland were built shortly after an install from memstick image using the procedure in UPDATING: To rebuild everything and install it on the current system. --- # Note: sometimes if you are running current you gotta do more than # is listed here if you are upgrading from a really old current. make sure you have good level 0 dumps make buildworld make kernel KERNCONF=YOUR_KERNEL_HERE [1] reboot in single user [3] mergemaster -p [5] make installworld mergemaster -i [4] make delete-old [6] reboot After that the ports and application software were installed. Basically the only services that run on this system are nagios and mrtg. It is used only as a monitoring system for my production server and for testing new software. It has only been used for monitoring since the upgrade. I can't do any development work till I get the production servers upgraded from 8.2 to 9.0. If this doesn't help then recompile your kernel with makeoptions DEBUG=-O0 -g optionsINCLUDE_CONFIG_FILE optionsDEADLKRES optionsKDB optionsDDB optionsINVARIANTS optionsINVARIANT_SUPPORT optionsWITNESS optionsWITNESS_SKIPSPIN optionsDIAGNOSTIC make sure that dump device is active dumpon=/dev/dumpdevicename and reboot with that kernel. At next crash you will get full dump with all symbols and all data where it crashes. When this repeats I will do that. Thanks for the help. -- Doug ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD 9.0 hang
I have a 9.0 p3 system that is in production for about a week and it just plain hung this morning. The console had the last two messages as: link_eif symbol atm_event undefined KLD if_en.ko: depends on utopia - not available or version mismatch. I haven't found anything relevant on those through Google. if_en.ko os present as is utopia.ko. I don't understand why the kernel would try to load if_en as I don't have any of those devices. There are em0 and dc0 ethernet interfaces. This is almost a generic kernel. The config file contains: include GENERIC ident LAFN nocpu i486_CPU nocpu i586_CPU options QUOTA #device atapicam options ALTQ# Enable ALTQ. options ALTQ_CBQ# Build the ``Class Based Queuing'' discipline. options ALTQ_NOPCC # Required for SMP build I couldn't find any relevant log messages that would indicate why this module was trying to be loaded. However, even so, I would think it should load ok. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Problem with freebsd-update
I tried to update an amd64 FreeBSD 9.0 p0 system via freebsd-update tonight. It fetched everything fine. However, the install just hung after about 10 minutes. The 2 sh processes are basically doing nothing. Not consuming any processor time and not doing any I/O. I killed it and tried another install. Same thing. Tried a rollback. Same thing. The system still runs mostly. Top takes about 5 minutes before it produces any output. It shows basically nothing running. I really don't want to reinstall again as the system has a lot of files customized including many ports. Is there any way to recover this? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Problem with spamlogd
I am using spamd on several systems and started encountering a problem awhile
ago with FreeBSD 7.2 servers, but let it go since I am in the process of
upgrading the servers. However, I now am encountering the same issue on
FreeBSD 9.0 with spamlogd. It never reads pflog0. pflogd reads the entries
just fine. I set up syslog to log all the spamlogd messages and when spamlogd
is started it gives:
spamlogd: Listening on pflog0 for all interfaces.
lsof shows that it is connected to bpf0 as is pflogd. However, pflogd shows an
offset into the file that appears to be the end of the file. spamlogd shows an
offset of 0. It is periodically reading the file as shown by ktrace but always
getting back a 0 size return. spamd itself is working just fine. However, the
expiration times are not being updated so white entries are timed out way too
often. spamlogd used to update them. The rc.conf entries are:
obspamd_enable=YES
obspamd_flags=-G 2:1:1728
obspamd_setup_flags=
obspamd_grey=YES
obspamlogd_enable=YES
obspamlogd_flags=-W 1728
These were established a few years ago and worked up till short while ago. I
don't recall any changes I made to anything, but…
Looking through the spamlogd source it appears to be building a filter for the
pcap routines with:
ip and port 25 and action pass and tcp[13]0x12=0x2
Using that filter on pflog yields no output. I believe the pass item requires
there to be some logging of the pass actions and those are not appearing in the
pflog or in the pfctl counts for those rules. I suspect that is the problem.
The pf.conf is: (mail server is on this machine)
ext_if=em0
table blackhole persist file /etc/blackhole
table spamd persist
table spamd-white persist
table spamd-white-local persist file /etc/mail/whitelist
no rdr on { lo0, lo1 } from any to any
no rdr on { lo0, lo1 } from any to any
MAILHOSTS = {zool.lafn.org 10.0.1.10}
rdr pass log on $ext_if inet proto tcp from spamd-white-local to port smtp -
127.0.0.1 port smtp
rdr pass log on $ext_if inet proto tcp from spamd-white to port smtp -
127.0.0.1 port smtp
rdr pass log on $ext_if inet proto tcp to $MAILHOSTS port smtp - 127.0.0.1
port spamd
pass in on lo0
pass in log on $ext_if inet proto tcp to 127.0.0.1 port smtp
pass out log on $ext_if inet proto tcp from 127.0.0.1 to any port smtp
block in quick log on $ext_if from blackhole to any
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problem with spamlogd
On 17 June 2012, at 06:29, Matthew Seaman wrote:
On 17/06/2012 11:45, Doug Hardie wrote:
I am using spamd on several systems and started encountering a problem
awhile ago with FreeBSD 7.2 servers, but let it go since I am in the process
of upgrading the servers. However, I now am encountering the same issue on
FreeBSD 9.0 with spamlogd. It never reads pflog0. pflogd reads the entries
just fine. I set up syslog to log all the spamlogd messages and when
spamlogd is started it gives:
spamlogd: Listening on pflog0 for all interfaces.
lsof shows that it is connected to bpf0 as is pflogd. However, pflogd shows
an offset into the file that appears to be the end of the file. spamlogd
shows an offset of 0. It is periodically reading the file as shown by
ktrace but always getting back a 0 size return. spamd itself is working
just fine. However, the expiration times are not being updated so white
entries are timed out way too often. spamlogd used to update them. The
rc.conf entries are:
obspamd_enable=YES
obspamd_flags=-G 2:1:1728
obspamd_setup_flags=
obspamd_grey=YES
obspamlogd_enable=YES
obspamlogd_flags=-W 1728
These were established a few years ago and worked up till short while ago.
I don't recall any changes I made to anything, but…
Looking through the spamlogd source it appears to be building a filter for
the pcap routines with:
ip and port 25 and action pass and tcp[13]0x12=0x2
Using that filter on pflog yields no output. I believe the pass item
requires there to be some logging of the pass actions and those are not
appearing in the pflog or in the pfctl counts for those rules. I suspect
that is the problem. The pf.conf is: (mail server is on this machine)
ext_if=em0
table blackhole persist file /etc/blackhole
table spamd persist
table spamd-white persist
table spamd-white-local persist file /etc/mail/whitelist
no rdr on { lo0, lo1 } from any to any
no rdr on { lo0, lo1 } from any to any
MAILHOSTS = {zool.lafn.org 10.0.1.10}
rdr pass log on $ext_if inet proto tcp from spamd-white-local to port smtp
- 127.0.0.1 port smtp
rdr pass log on $ext_if inet proto tcp from spamd-white to port smtp -
127.0.0.1 port smtp
rdr pass log on $ext_if inet proto tcp to $MAILHOSTS port smtp - 127.0.0.1
port spamd
pass in on lo0
pass in log on $ext_if inet proto tcp to 127.0.0.1 port smtp
pass out log on $ext_if inet proto tcp from 127.0.0.1 to any port smtp
block in quick log on $ext_if from blackhole to any
You seem to be logging all the SMTP traffic that passes through pf in
any direction. Which doesn't make a lot of sense to me -- obspamlogd
will see the logged SMTP packets, assume that's valid traffic and add
the hosts to the whitelist. Even if that's the incoming SYN packet from
some dubious mailer trying to inject you full of spam.
Right now, I would like spamlogd to be a bit confused ;-) However, its not
seeing any of the logging. It never receives any input from pflog0. From the
filter, the pass action indicates it won't look at any of the rdr logging
(which is in the log) but is waiting for the pass rules to log something. The
tcp[13]0x12=0x2 item is the TCP SYN flag so it should be able to separate out
what it wants from the log. However, the pass rules are never being used and
hence they never generate any log entries. pfctl -vvsr shows all zeros for
both of those rules.
I understand that the pass rules are applied after the rdr rules but apparently
I am getting the matching criteria wrong. At this point switching them to a
separate log stream won't help since it would never get anything logged to it.
You should only log the SYN packets going out of your upstream (egress)
interface for obspamlogd -- that way it immediately whitelists anyone
you send email to, so they can reply without delay due to greylisting.
A good way of doing that is to log SMTP traffic to a separate log
device. eg:
pass log (to pflog1) on $ext_if proto tcp \
from any to any port smtp\
flags S/SA keep state
then in /etc/rc.conf, tell obspamlogd to use pflog1:
obspamlogd_enable=YES
obspamlogd_flags=-i em0
obspamlogd_pflog_if=pflog1
That way you can keep pflog0 for doing the normal packet logging that is
usual with pf -- typically, logging anything that gets dropped by the
firewall -- without getting obspamlogd confused.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matt...@infracaninophile.co.uk Kent, CT11 9PW
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problem with spamlogd
After many hundreds of tests, I have uncovered something that I never found in
any of the pf documents or man pages. If an incoming packet is processed by an
rdr rule, it will always be logged as rdr with the rdr rule number. The pass
action is never logged, even if the rdr rule does not include log and the pass
rule does.
As a result, since spamlogd is specifically looking for a pass action, it will
never see those log entries. Hence, you must ensure that the packets which do
get sent to the mailserver (real one) never are processed by a rdr rule. I
ended up having to use no rdr rules for those to get the logging done such that
spamlogd would find them:
no rdr inet proto tcp from spamd-white-local to any port smtp
no rdr inet proto tcp from spamd-white to any port smtp
rdr pass on $ext_if inet proto tcp to $MAILHOSTS port smtp - 127.0.0.1 port spa
md
pass in log on $ext_if inet proto tcp to $MAILHOSTS port smtp
This setup works on FreeBSD 7.2 and 9.0. I couldn't find any other that
actually worked including those in the various pf books, man pages, and other
writings on pf.
On 17 June 2012, at 09:40, Doug Hardie wrote:
On 17 June 2012, at 06:29, Matthew Seaman wrote:
On 17/06/2012 11:45, Doug Hardie wrote:
I am using spamd on several systems and started encountering a problem
awhile ago with FreeBSD 7.2 servers, but let it go since I am in the
process of upgrading the servers. However, I now am encountering the same
issue on FreeBSD 9.0 with spamlogd. It never reads pflog0. pflogd reads
the entries just fine. I set up syslog to log all the spamlogd messages
and when spamlogd is started it gives:
spamlogd: Listening on pflog0 for all interfaces.
lsof shows that it is connected to bpf0 as is pflogd. However, pflogd
shows an offset into the file that appears to be the end of the file.
spamlogd shows an offset of 0. It is periodically reading the file as
shown by ktrace but always getting back a 0 size return. spamd itself is
working just fine. However, the expiration times are not being updated so
white entries are timed out way too often. spamlogd used to update them.
The rc.conf entries are:
obspamd_enable=YES
obspamd_flags=-G 2:1:1728
obspamd_setup_flags=
obspamd_grey=YES
obspamlogd_enable=YES
obspamlogd_flags=-W 1728
These were established a few years ago and worked up till short while ago.
I don't recall any changes I made to anything, but…
Looking through the spamlogd source it appears to be building a filter for
the pcap routines with:
ip and port 25 and action pass and tcp[13]0x12=0x2
Using that filter on pflog yields no output. I believe the pass item
requires there to be some logging of the pass actions and those are not
appearing in the pflog or in the pfctl counts for those rules. I suspect
that is the problem. The pf.conf is: (mail server is on this machine)
ext_if=em0
table blackhole persist file /etc/blackhole
table spamd persist
table spamd-white persist
table spamd-white-local persist file /etc/mail/whitelist
no rdr on { lo0, lo1 } from any to any
no rdr on { lo0, lo1 } from any to any
MAILHOSTS = {zool.lafn.org 10.0.1.10}
rdr pass log on $ext_if inet proto tcp from spamd-white-local to port
smtp - 127.0.0.1 port smtp
rdr pass log on $ext_if inet proto tcp from spamd-white to port smtp -
127.0.0.1 port smtp
rdr pass log on $ext_if inet proto tcp to $MAILHOSTS port smtp - 127.0.0.1
port spamd
pass in on lo0
pass in log on $ext_if inet proto tcp to 127.0.0.1 port smtp
pass out log on $ext_if inet proto tcp from 127.0.0.1 to any port smtp
block in quick log on $ext_if from blackhole to any
You seem to be logging all the SMTP traffic that passes through pf in
any direction. Which doesn't make a lot of sense to me -- obspamlogd
will see the logged SMTP packets, assume that's valid traffic and add
the hosts to the whitelist. Even if that's the incoming SYN packet from
some dubious mailer trying to inject you full of spam.
Right now, I would like spamlogd to be a bit confused ;-) However, its not
seeing any of the logging. It never receives any input from pflog0. From
the filter, the pass action indicates it won't look at any of the rdr logging
(which is in the log) but is waiting for the pass rules to log something.
The tcp[13]0x12=0x2 item is the TCP SYN flag so it should be able to
separate out what it wants from the log. However, the pass rules are never
being used and hence they never generate any log entries. pfctl -vvsr shows
all zeros for both of those rules.
I understand that the pass rules are applied after the rdr rules but
apparently I am getting the matching criteria wrong. At this point switching
them to a separate log stream won't help since it would never get anything
logged to it.
You should only log the SYN packets going out of your upstream (egress)
interface for obspamlogd
Version Selection
I have a number of servers that I am about to upgrade to FreeBSD 9.0. The processors all have the ability to run i386 or amd64. The machines all have 2 GB memory which is more than adequate for their intended use. Some of these are replacing very old equipment that is being retired and did not have the ability to run amd64 so everything has been i386 till now. The question is what are the advantages or disadvantages of switching to amd64? I have tested all the various applications on amd64 and they work fine. Is there going to be any benefit down the road in a few years to being on amd64? If so, now would be the time to switch. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: find date of last boot
On 7 June 2012, at 16:33, Polytropon wrote: On Thu, 07 Jun 2012 19:15:25 -0400, Fbsd8 wrote: dmesg command does not show date of last boot. Are there some other commands to find date of last boot? Check the lines in /var/log/messages. Unless you're not experiencing a newsyslog message (new log file started), the kernel: Copyright (c) 1992-2011 The FreeBSD Project. string (first line of typical dmesg, check for your particular OS version!) indicates when the system was booted. But note that the date format is not the common sortable kind of `date +%d.%m.%Y`. Another idea (as already mentioned) is to subtract `uptime` from current `date`. :- Check the timestamp on /var/run/dmesg.boot That is only written to when the system boots.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Remote System Builds
On 26 March 2012, at 11:20, Martin McCormick wrote: Is there yet any way to remotely rebuild a FreeBSD system? I have two FreeBSD systems on two remote campuses that presently run FreeBSD6.3. They need to be running FreeBSD9.0 and I don't really care how I get there as long as it can be done over the network. If we were physically there, I would put a CDROM in and blow them away since it is such a large jump. I can have staff members there install CDROM's that were remastered to use the serial console, but I am hoping that maybe we are moving past this sort of logistics. I just tried to unpack the 9.0 image using tar which has worked in the past to let one modify loader.conf but I got a bunch of errors this time about files that couldn't be created so maybe this is not the recommended headless installation technique any longer. I am going to be facing the same issue in a few months. My experiences with the serial console are that it is great for correcting small issues, trying to use it for initial configuration is not going to be real easy. I would like to be able to build a custom CD for that specific machine that doesn't need any operator input. They just install it and boot the machine. It would need to format the disk and do the complete installation (base and uniquely configured ports etc.). Is that possible?___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Dynamic Libraries
I have encountered something that I do not understand. Everything works fine. Basically I have a bunch of user modules (low level) that are built into a dynamic library. If I write top level code that calls modules in that library, everything works just fine on i386 and AMD64. However, the application involved has another library of modules. Some of them call modules in the low level library. The top level code call modules in both libraries. Often when it calls a module in the mid level library, that module calls several modules in the low level library. All this works just fine on i386. However, when I compile everything on AMD64 I get an error message that says the lower level library needs to be compiled with fPIC. If I add that to the Makefile for the lower level library and rebuild everything, it all works again. I don't understand why the fPIC is required for AMD64. Also, how do I tell if the lower level library is being dynamically linked at run time, or being directly incorporated into the mid level library or top level application? Since both of these libraries are quite large, and they are in use by a number of top level applications, I want just one copy to exist in physical memory.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Dynamic Libraries
On 7 March 2012, at 01:40, Volodymyr Kostyrko wrote: Doug Hardie wrote: I have encountered something that I do not understand. Everything works fine. Basically I have a bunch of user modules (low level) that are built into a dynamic library. If I write top level code that calls modules in that library, everything works just fine on i386 and AMD64. However, the application involved has another library of modules. Some of them call modules in the low level library. The top level code call modules in both libraries. Often when it calls a module in the mid level library, that module calls several modules in the low level library. All this works just fine on i386. However, when I compile everything on AMD64 I get an error message that says the lower level library needs to be compiled with fPIC. If I add that to the Makefile for the lower level library and rebuild everything, it all works again. I don't understand why the fPIC is required for AMD64. Also, how do I tell if the lower level library is being dynamically linked at run time, or being directly incorporated into the mid level library or top level application? Since both of these libraries are quite large, and they are in use by a number of top level applications, I want just one copy to exist in physical memory. This sounds exactly like compiling with clang through ccache. There are issues with clang and ccache cooperation. Actually the one you may hit is libtool detecting implicit fPIC requirement when running clang through ccache. The Makefile specifies GCC and its FreeBSD 8.0. I don't believe clang was in that soon, but I may be wrong. How can I check that? Where is clang? I have installed 9.0 on another system but haven't had time to try that out yet. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /usr/home vs /home
On 20 February 2012, at 22:20, Chip Camden wrote: I believe the 5MB removable were RL01. They also had a 10MB removable RL02, which we used for software distribution. We resold them to our customers at $170 each. yes, this sound familiar. The RL02 came later. I think that tapes were much more common for software distribution those days. I still remember the responsiveness of RSX-11 even compared to FreeBSD under all circumstances. Real time is real time. Erich Oh man -- we wrote process control software in Fortran-77 on RSX-11M to automate our software distribution processes. That was the best! DECNET to communicate between systems. RSX-11D was slicker than greased lightning. Used it for a number of systems. The first 30 pages of the kernel source were the documentation. The description of every table and the values for every field. What each module did was documented at the top of the module. I made numerous improvements to the kernel most of which were adopted by DEC. However, it was nowhere near a fully featured OS. It was quite bare bones. Great for real-time requirements. There was a guaranteed maximum time that interrupts were disabled and it was very small. We interfaced a number of instruments to it and none of them ever saw any delays. Most of them automatically fed data to the computer. There was no triggering of that. The instruments just pushed the data. The RK05 had one removable platter in a plastic housing. It used a voice coil movement mechanism that had to be aligned every week or you would lose your data. It didn't hold much and was quite slow. We used those at first but the system couldn't quite meet its performance requirements. I still have one of those platters on my wall at home. Departure present from the unit. That particular platter had a head crash so the remaining oxide had to be sanded off to sanitize it. The timing side is out with lettering on it now. We used 4 RK05s in one rack and each was mounted as a separate disk. The controller was single threaded so you couldn't get any performance improvement with creative disk assignments. We switched to 5 platter drives RP04s which were extremely reliable and didn't need frequent maintenance. They also ran much faster than the RK05s and held more than 10 times the data. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: One or Four?
On Feb 17, 2012, at 2:05 PM, Robison, Dave wrote: We'd like a show of hands to see if folks prefer the old style default with 4 partitions and swap, or the newer iteration with 1 partition and swap. I only run servers and set them up with /, /usr, and swap. Other partitions are placed on other disks with typically one partition per disk. I link /var and /tmp into /usr. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: One or Four?
On 17 February 2012, at 23:21, Robert Bonomi wrote: From owner-freebsd-questi...@freebsd.org Fri Feb 17 19:56:00 2012 From: Doug Hardie bc...@lafn.org Date: Fri, 17 Feb 2012 17:50:44 -0800 To: FreeBSD Mailing List freebsd-questions@freebsd.org Subject: Re: One or Four? On Feb 17, 2012, at 2:05 PM, Robison, Dave wrote: We'd like a show of hands to see if folks prefer the old style default with 4 partitions and swap, or the newer iteration with 1 partition and swap. I only run servers and set them up with /, /usr, and swap. Other partitions are placed on other disks with typically one partition per disk. I link /var and /tmp into /usr. That last is a *BAD*IDEA*(tm). There _are_ programs that assume that /var/tmp and /usr/tme are *different* places -- and will attempt to create 'distinct' files _with_the_same_name_ in the two diretories. I am sure you can find programs that presume anything you want. I have never seen one that does that. If I did find one, it would be easy to correct that misguided thinking. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Probable Hardware Failure
I have a pretty old desktop that has been around quite awhile. It has started periodic crashes. No log messages. However, the core status files all show double fault. I am confident this is a hardware issue, but is there any easy way to determine if its power or memory related? Those are the primary candidates although memory is also possible. We really need to replace the entire unit, but that might be a bit more salable if I can present convincing evidence of the cause of the problem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Probable Hardware Failure
On 14 January 2012, at 18:11, _ wrote: Memory is a rather broad term. If by memory you mean RAM, you could replace your current RAM with another chip, supposing you have one around. An interesting read on Double Fault is: http://en.wikipedia.org/wiki/Double_fault According to it, that would rather point to a software than a hardware related problem. On Sun, Jan 15, 2012 at 1:12 AM, Doug Hardie bc...@lafn.org wrote: I have a pretty old desktop that has been around quite awhile. It has started periodic crashes. No log messages. However, the core status files all show double fault. I am confident this is a hardware issue, but is there any easy way to determine if its power or memory related? Those are the primary candidates although memory is also possible. We really need to replace the entire unit, but that might be a bit more salable if I can present convincing evidence of the cause of the problem. I doubt if its a direct software fault. The system is running 7.2 and has been running that for several years without any problems. Nothing has been changed on it. However, a memory fault could easily end up in the kernel thus making it look like a software problem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freeradius on freebsd
On 30 November 2011, at 15:13, Outback Dingo wrote: On Wed, Nov 30, 2011 at 4:57 PM, Jim Pazarena fqu...@paz.bz wrote: I am having issues with freeradius being told system passwords are incorrect by freebsd, where I know they are not wrong. I think it relates to freeradius submitting crypt passwords while freebsd defaults to MD5. Has anyone encountered this issue on FreeBSD? Seems the freeradius newsgroup doesn't have any freebsd active participants. Could someone suggest how to coax freeradius to submit MD5 encrypted passwords to the system? in short your probably better off putting a db on the backend of freeradius instead of using system accounts, itll be alot easier that way and can be managed separate from the systems accounts I have been using freeradius with FBSD for years with the system passwords. Works just fine. Saves you a lot of hassle and extra work in some cases. Freeradius just passes along what it receives to the authentication mechanism. Any encryption is done at the NAS. You may want to run with -X and save all the output. That will show where the problem is occurring. Even if you go with a database you have to get the encryption in the database the same as what the NAS is doing. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Hardware booting problem
I encountered a situation today that I do not understand. This is a very old i386 PC that does not have a usable CD drive. The existing drive uses a very funky SCSI connector that I have nothing for. The system disk is SCSI and there was one additional PATA drive used for additional storage. The PATA drive failed. It won't even stick around in /dev for more than a couple minutes after boot and there are lots of messages about bad sectors. The data is completely backed up and the that drive is over 5 years old. I removed the old drive and installed a new one. System will not boot. It hangs in the BIOS. Never gets around to installing the SCSI BIOS. My first guess was there was no boot sector on the SCSI drive. That seems unusual since my other systems boot off the SCSI drives just fine. This one used to also before I added the PATA drive. However, if I put the dead drive back in along with the new one, then it boots. This also implies that the boot sector was only on the PATA drive. But the PATA drive is for all intents and purposes dead. So how is it booting? Is there any way to look into the SCSI drive and see if there is a boot sector there? This is more a curiosity item as there are additional failures starting to occur in that computer. We are going to replace it. Its around 10 years old. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is there way to get filename for specific LBA?
On 31 August 2011, at 20:50, Carl Johnson wrote: per...@pluto.rain.com writes: Robert Bonomi bon...@mail.r-bonomi.com wrote: Aug 31 05:13:24 da kernel: ad6: WARNING - READ_DMA UDMA ICRC error (retrying request) LBA=107491647 ... I looked at bsdlabel a it's partition f, /home. But what is the file name? There's *no* easy way to find out. You'll have to grovel through all the filesystem metadata, and the layers of index blocks for every file until you find the 'rgiht' one. This is what icheck -B was for, but icheck(8) no longer exists and that particular bit of functionality does not seem to be provided in fsck(8). One current userland utility (other than fsck) which does know how to grovel through the metadata and index blocks is dump(8), but you'd have to hack on it to report which inode was using a particular block. It looks like the best bet would be fsdb, assuming that it is a UFS file system. That does have a 'findblk' command to find a file containing a block, but you would need to calculate the block offset in the filesystem first. It doesn't look like it would be easy, as was said earlier. I created a utility some years ago that did that for UFS. I believe it works for UFS2 but haven't verified it. If you want to try it, send me a note and I'll ship you the code direct. -- Doug___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: DNS and file system messed up...
On 7 July 2011, at 22:58, Gary Kline wrote: Jul 7 10:16:33 ethic named[54366]: none:0: open: /etc/named.conf: file not found Jul 7 10:17:56 ethic named[54371]: starting BIND 9.3.6-P1 -c /var/named/etc/namedb/named.conf The first one that fails is looking for /etc/named.conf. The second one shows its in /var/named/etc/named/named.conf Those are different locations. I suspect you have named_flags setup in rc.conf pointing to /etc/namedb/named.conf rather than the right location. Its also possible that its not set in rc.conf but defaults in either the rc script or /etc/rc.d/named. On my system it appears to default in /etc/rc.d/named.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Sending a Fax
One of my clients needs to send a lot of faxes. He has a Brother 8680DN which will fax. Any ideas how to send a file to it and get it to send a fax? I am not finding anything beyond printing for that unit via Google.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sending a Fax
On 5 May 2011, at 22:19, Matthias Apitz wrote: El día Thursday, May 05, 2011 a las 07:21:29PM -0700, Doug Hardie escribió: One of my clients needs to send a lot of faxes. He has a Brother 8680DN which will fax. Any ideas how to send a file to it and get it to send a fax? I am not finding anything beyond printing for that unit via Google.___ Check out HylaFAX in the ports; don't know if your modem is supported; Thanks. As best as I can tell the Brother unit has a modem built it, but the only interface to it is via ethernet. I suspect it takes a PDF and then sends that, much like printing.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help with Booting
On 22 April 2011, at 23:46, Erich Dollansky wrote: Hi, On Saturday 23 April 2011 12:57:32 Doug Hardie wrote: On 22 April 2011, at 21:28, Erich Dollansky wrote: It looks to me that not even the loader loads. Is this true? I am not sure. The last message is the timestamp from the original distribution build. Then is a line with just the '/' character that should spin a bit. It doesn't. By playing around a bit I got it a bit farther. I took one of the raid disks and mounted it in a different system. I did an install on it but without changing the label other than to use all the disk. Then I put it back in the production system and booted. It appears to retain the RAID characteristics, but all I get is a '-' at the top left of the screen. I then plugged in the memstick image and booted from that. Right after the last DOS window I pressed F10 which took me to a FreeBSD boot line with the default pointing to ad0. I used 0:ad(4,a)/boot/loader and it went on to the same point as before, but then a bit farther. I now see: this is all to weird for me. Could you install a disk not using the raid hardware? It would then exclude the motherboard as the cause. Erich No. That didn't work either. I had been using the machine on amd64 but I had to install with the drive on another system. I couldn't get it to boot of CD or memstick. However, the memstick I used then was dead today so I bought a new one hoping that was the problem. Unfortunately this stick is good, but it still won't boot off it. Loading /boot/defaults/loader.conf /boot/kernel/kernel text=0x8ffac1 | The '|' normally spins a couple of times and moves on to the next section. However, its hung there now. On Saturday 23 April 2011 05:38:41 Doug Hardie wrote: I have an AMD based system that is driving me nuts. I am trying to install 8.2 on it but can't get past the first boot. I had a system up and running on it before, but I had to remove a drive and do the install on another computer. That worked, but now I need to use the built in RAID hardware. As best as I can tell I am going to have to install on the the actual hardware. Motherboard is an Arima NM46X. The machine appears to be about 6 years old. I have tried to boot the install disk, the live filesystem disk, and the memstick image for FreeBSD 7.0 through 8.2. All of them do exactly the same thing: Bootstart starts. BTX loader lists the drives and memory FreeBSD bootstrap loader version 1.1 starts. I get the build date and then a new line with just a '/' on it. It never begins to spin. No additional I/O occurs with the boot device. The memstick and CDs are good. They boot just fine on another computer, just not this one. I have had to work around CD issues in the past, but I thought the memstick would work if the BIOS would recognize it and boot from it. It recognizes it and tries to boot. I need some ideas here as the RAID is essential for this application. Thanks, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help with Booting
On 23 April 2011, at 02:20, Erich Dollansky wrote: Hi, I only can tell what I do when a machine does not boot from the installation media: I plug the disk into another machine, install the generic kernel, edit /etc and put it back. If this does not work, it will be hard. That works, but then I end up without having RAID activated. I am trying to get the hardware RAID working. Erich On Saturday 23 April 2011 14:25:13 Doug Hardie wrote: On 22 April 2011, at 23:46, Erich Dollansky wrote: Hi, On Saturday 23 April 2011 12:57:32 Doug Hardie wrote: On 22 April 2011, at 21:28, Erich Dollansky wrote: It looks to me that not even the loader loads. Is this true? I am not sure. The last message is the timestamp from the original distribution build. Then is a line with just the '/' character that should spin a bit. It doesn't. By playing around a bit I got it a bit farther. I took one of the raid disks and mounted it in a different system. I did an install on it but without changing the label other than to use all the disk. Then I put it back in the production system and booted. It appears to retain the RAID characteristics, but all I get is a '-' at the top left of the screen. I then plugged in the memstick image and booted from that. Right after the last DOS window I pressed F10 which took me to a FreeBSD boot line with the default pointing to ad0. I used 0:ad(4,a)/boot/loader and it went on to the same point as before, but then a bit farther. I now see: this is all to weird for me. Could you install a disk not using the raid hardware? It would then exclude the motherboard as the cause. Erich No. That didn't work either. I had been using the machine on amd64 but I had to install with the drive on another system. I couldn't get it to boot of CD or memstick. However, the memstick I used then was dead today so I bought a new one hoping that was the problem. Unfortunately this stick is good, but it still won't boot off it. Loading /boot/defaults/loader.conf /boot/kernel/kernel text=0x8ffac1 | The '|' normally spins a couple of times and moves on to the next section. However, its hung there now. On Saturday 23 April 2011 05:38:41 Doug Hardie wrote: I have an AMD based system that is driving me nuts. I am trying to install 8.2 on it but can't get past the first boot. I had a system up and running on it before, but I had to remove a drive and do the install on another computer. That worked, but now I need to use the built in RAID hardware. As best as I can tell I am going to have to install on the the actual hardware. Motherboard is an Arima NM46X. The machine appears to be about 6 years old. I have tried to boot the install disk, the live filesystem disk, and the memstick image for FreeBSD 7.0 through 8.2. All of them do exactly the same thing: Bootstart starts. BTX loader lists the drives and memory FreeBSD bootstrap loader version 1.1 starts. I get the build date and then a new line with just a '/' on it. It never begins to spin. No additional I/O occurs with the boot device. The memstick and CDs are good. They boot just fine on another computer, just not this one. I have had to work around CD issues in the past, but I thought the memstick would work if the BIOS would recognize it and boot from it. It recognizes it and tries to boot. I need some ideas here as the RAID is essential for this application. Thanks, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help with Booting
On 23 April 2011, at 03:04, Erich Dollansky wrote: Hi, On Saturday 23 April 2011 16:30:39 Doug Hardie wrote: On 23 April 2011, at 02:20, Erich Dollansky wrote: I only can tell what I do when a machine does not boot from the installation media: I plug the disk into another machine, install the generic kernel, edit /etc and put it back. If this does not work, it will be hard. That works, but then I end up without having RAID activated. I am trying to get the hardware RAID working. but your system runs then. Isn't it possible then to build a custom kernel which supports the specific RAID hardware on this machine and install the new kernel there. Oh, could it be that the loader is not able to start from the RAID hardware? Is it possible that even a custom kernel will need an extra boot medium to start with? Thats what I was hoping to be able to do. However, I can't get it to boot without the RAID either. I have tried numerous tests of formatting the drives on the RAID, then moving them to another system and installing the software. They still won't boot. The RAID appears to be using a very unusual bootstrap. I get the message OS not found continuously on the screen regardless of how I build the system. Somehow I am going to need to be able to boot from CD or memstick to get this working. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help with Booting
On 23 April 2011, at 12:45, Michael L. Squires wrote: I haven't seen a verbose dmesg output booting from a non-RAID hard drive. I have 7.4-STABLE working on several multi-CPU Opteron systems, but they are all Tyan motherboards. Are Rioworks/Arima still in business? I believe so. Their web page is there, but mostly in Chinese. Rather than use the on-board controllers I've just bought some of the LSI 300-8X PCI-X RAID controllers which are cheap and work very well with SATA 2 drives (and FreeBSD). The Adaptec 2610 series are even cheaper, but they are only SATA 1. These boxes have no additional room for expansion cards. They have 4 apparently hot-swappable drives in the front.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Help with Booting
I have an AMD based system that is driving me nuts. I am trying to install 8.2 on it but can't get past the first boot. I had a system up and running on it before, but I had to remove a drive and do the install on another computer. That worked, but now I need to use the built in RAID hardware. As best as I can tell I am going to have to install on the the actual hardware. Motherboard is an Arima NM46X. The machine appears to be about 6 years old. I have tried to boot the install disk, the live filesystem disk, and the memstick image for FreeBSD 7.0 through 8.2. All of them do exactly the same thing: Bootstart starts. BTX loader lists the drives and memory FreeBSD bootstrap loader version 1.1 starts. I get the build date and then a new line with just a '/' on it. It never begins to spin. No additional I/O occurs with the boot device. The memstick and CDs are good. They boot just fine on another computer, just not this one. I have had to work around CD issues in the past, but I thought the memstick would work if the BIOS would recognize it and boot from it. It recognizes it and tries to boot. I need some ideas here as the RAID is essential for this application. Thanks, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help with Booting
On 22 April 2011, at 16:37, Michael Ross wrote: Am 23.04.2011, 00:38 Uhr, schrieb Doug Hardie bc...@lafn.org: I have an AMD based system that is driving me nuts. I am trying to install 8.2 on it but can't get past the first boot. I had a system up and running on it before, but I had to remove a drive and do the install on another computer. That worked, but now I need to use the built in RAID hardware. As best as I can tell I am going to have to install on the the actual hardware. Motherboard is an Arima NM46X. The machine appears to be about 6 years old. I have tried to boot the install disk, the live filesystem disk, and the memstick image for FreeBSD 7.0 through 8.2. All of them do exactly the same thing: Bootstart starts. BTX loader lists the drives and memory FreeBSD bootstrap loader version 1.1 starts. I get the build date and then a new line with just a '/' on it. It never begins to spin. No additional I/O occurs with the boot device. The memstick and CDs are good. They boot just fine on another computer, just not this one. I have had to work around CD issues in the past, but I thought the memstick would work if the BIOS would recognize it and boot from it. It recognizes it and tries to boot. I need some ideas here as the RAID is essential for this application. Thanks, Architecture mismatch, trying to boot a amd64 on an i386 machine? That machine runs amd64 just fine. I have to build the disk on another computer. This one will not boot any of the CDs from 6.0 and on. I have only tried the 8.2 memstick version. All of the CDs and memstick boot just fine on a different computer. I suspect its something with the BIOS but no ideas where to even start looking.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help with Booting
On 22 April 2011, at 21:28, Erich Dollansky wrote: Hi, does the loader start? It looks to me that not even the loader loads. Is this true? Erich I am not sure. The last message is the timestamp from the original distribution build. Then is a line with just the '/' character that should spin a bit. It doesn't. By playing around a bit I got it a bit farther. I took one of the raid disks and mounted it in a different system. I did an install on it but without changing the label other than to use all the disk. Then I put it back in the production system and booted. It appears to retain the RAID characteristics, but all I get is a '-' at the top left of the screen. I then plugged in the memstick image and booted from that. Right after the last DOS window I pressed F10 which took me to a FreeBSD boot line with the default pointing to ad0. I used 0:ad(4,a)/boot/loader and it went on to the same point as before, but then a bit farther. I now see: Loading /boot/defaults/loader.conf /boot/kernel/kernel text=0x8ffac1 | The '|' normally spins a couple of times and moves on to the next section. However, its hung there now. On Saturday 23 April 2011 05:38:41 Doug Hardie wrote: I have an AMD based system that is driving me nuts. I am trying to install 8.2 on it but can't get past the first boot. I had a system up and running on it before, but I had to remove a drive and do the install on another computer. That worked, but now I need to use the built in RAID hardware. As best as I can tell I am going to have to install on the the actual hardware. Motherboard is an Arima NM46X. The machine appears to be about 6 years old. I have tried to boot the install disk, the live filesystem disk, and the memstick image for FreeBSD 7.0 through 8.2. All of them do exactly the same thing: Bootstart starts. BTX loader lists the drives and memory FreeBSD bootstrap loader version 1.1 starts. I get the build date and then a new line with just a '/' on it. It never begins to spin. No additional I/O occurs with the boot device. The memstick and CDs are good. They boot just fine on another computer, just not this one. I have had to work around CD issues in the past, but I thought the memstick would work if the BIOS would recognize it and boot from it. It recognizes it and tries to boot. I need some ideas here as the RAID is essential for this application. Thanks, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Server not booting
I have been tasked with bringing up a new server. It appears to be fairly old equipment though. I do know it was previously used. Its a Arima NM46X with dual AMD Opteron processors. The unit appears to be working since it has some form of Linux installed on the disks and that boots and seems to run. However, I have tried booting from CD 8.2 and 8.0. using Disk 1 and Repair disks (AMD64 and i386). They all die just after the first stage loader. I get the system version line and then the spinner stops dead. The CD is an external USB unit and its left running. The motherboard doesn't recognize a USB stick for booting unfortunately. The motherboard manual is dated 2006 so I think its just too old for that. Any ideas on how this can be corrected?___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Purchased Binaries
I have a client who has purchased some software. I don't know anything much about it yet other than it claims to run on Debian and CentOS. I suspect its binaries. I will have access to things like the developer, name etc. on Monday. However, thats when he needs to know if I can make it run on FreeBSD. I am not convinced I want to run production software on the Linux compatibility suite. No good reason other than it sounds like its adding a lot more opportunities for breakage. This has to be an always up application. I have virtually no knowledge of CentOS other than it was installed on one server when I got it. Any chance those binaries might work on FreeBSD? I am planning on starting with FreeBSD 8.2 since its just out and working fine on one of my servers, but could use an earlier version if required to make this stuff run. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Purchased Binaries
On 4 March 2011, at 14:45, Charlie Kester wrote: On Fri 04 Mar 2011 at 13:24:32 PST Doug Hardie wrote: I have a client who has purchased some software. I don't know anything much about it yet other than it claims to run on Debian and CentOS. I suspect its binaries. I will have access to things like the developer, name etc. on Monday. However, thats when he needs to know if I can make it run on FreeBSD. Are you bidding against a Linux guy for this job? No. I have the job. That doesn't sound like a reasonable demand. Does he want your final answer on Monday, or do you think you can buy some time for further investigation He is under the gun and needs to get this working last week. if you tell him about FreeBSD's support for the Linux ABI, etc.? He is pretty much non-technical and will go with any solution I believe will work. Maybe bring in a FreeBSD laptop and do a demo where you install some Linux binary from the web and show him that it runs? (Be sure to practice the demo beforehand!) I still wouldn't give him an ironclad guarantee that the software he bought will run too, but perhaps the demo will raise his confidence level enough to give you a chance to find out. Pretty much I will have the real software on Monday and will need to get it up and going very quickly. I want to use FreeBSD because all the other parts of what he needs I already have running on various FreeBSD servers. Also, I very much like the FreeBSD approach (like to pf) of don't break things that previously worked without workarounds so that production systems are not killed. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Routing Question
On 27 August 2010, at 05:07, Patrick Lamaiziere wrote: Le Thu, 26 Aug 2010 18:17:19 -0700, Doug Hardie bc...@lafn.org a écrit : PF's route_to will return the packets to the proper router, but I have not been able to figure out which ones those would be. The source IP address can be any on either network and its highly likely that we will see packets from the same source network on both at the same time. The only distinction I see in the input packets between the two paths is the MAC address of the router. I don't see any way in pf or the system to use that to affect the return path though. the filter option reply-to looks to be what you need. It works by keeping the state of a connection (see pf.conf(5)). That works great on the output if you can figure out which packets to use it on. The only way I can see to separate the traffic is using the router MAC address. I don't find anything in pf that will look at that.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Routing Question
I have several servers with one ethernet interface. Currently it is connected via a WAN to the internet. We are in the midst of switching to a different provider. I would like to be able to operate with both temporarily until all the users/services get switched. The new circuit is in and working. I would like somehow to configure the system (I have pf in use) to be able to detect the packets that come from a specific router and route the return packets back through it. The other network would be the default. PF's route_to will return the packets to the proper router, but I have not been able to figure out which ones those would be. The source IP address can be any on either network and its highly likely that we will see packets from the same source network on both at the same time. The only distinction I see in the input packets between the two paths is the MAC address of the router. I don't see any way in pf or the system to use that to affect the return path though.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Question on Swapping
I have a question about what I am seeing on several servers. These are 4 core machines with more than the needed memory. Load is never above .5 and memory usually shows over half free. I have never seen it even close to the limit (including buffers). Basically these are lightly used servers. However, top often shows after a few weeks of uptime that some of the unused gettys are swapped out. I didn't really expect this as lack of memory is not an issue. Is there something in FreeBSD 7 and 8 that causes a process thats idle for very log times to get swapped out? I haven't seen anything like that in the various documentation files, but it sure looks like thats the case.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Question on Swapping
On 1 August 2010, at 03:42, RW wrote: On Sun, 1 Aug 2010 01:12:27 -0700 Doug Hardie bc...@lafn.org wrote: I have a question about what I am seeing on several servers. These are 4 core machines with more than the needed memory. Load is never above .5 and memory usually shows over half free. I have never seen it even close to the limit (including buffers). Basically these are lightly used servers. However, top often shows after a few weeks of uptime that some of the unused gettys are swapped out. Do you have vm.swap_idle_enabled? No it is set to 0. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Verifying a DVD
I am periodically backing up a bunch of files to DVD. I use mkisofs to create the original image and growisofs to write it to a real DVD. However, at that point I want to verify that the write was successful. I tried using dd to read back in the DVD to a file. Its interesting that the bs parameter must be at least 2048 or dd complains about a parameter error. However, the big issues is that the original image file is shorter than the read file. The difference is 10240 bytes. This difference is the same for bs 2048, 10240, or 102400. It appears that dd is adding one last block. Is there a way to prevent this or remove that block?___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Verifying a DVD
On 23 May 2010, at 15:31, Manolis Kiagias wrote: On 24/05/2010 1:23 π.μ., Doug Hardie wrote: I am periodically backing up a bunch of files to DVD. I use mkisofs to create the original image and growisofs to write it to a real DVD. However, at that point I want to verify that the write was successful. I tried using dd to read back in the DVD to a file. Its interesting that the bs parameter must be at least 2048 or dd complains about a parameter error. However, the big issues is that the original image file is shorter than the read file. The difference is 10240 bytes. This difference is the same for bs 2048, 10240, or 102400. It appears that dd is adding one last block. Is there a way to prevent this or remove that block? Use the count= parameter in dd to read the exact count of blocks in the DVD. Use isoinfo to obtain this information from the media itself. Have a look at the instructions here: http://www.troubleshooters.com/linux/coasterless.htm Thanks. That works great. I did discover that appending 10240 zeros to the end of the original iso file also works. However, I am not convinced that it will always be that value. The approach above should be more reliable.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
atapicam issues
I have 2 systems running 8.0 installed from the same CD. One of them shows 2 PASS devices as expected and camcontrol devlist shows the appropriate devices. They work as expected. The other does not show any PASS devices and camcontrol devlist shows nothing. Doing a kldload atapicam installs the PASS devices and then camcontrol works properly. Why would that system require atapicam to be manually added? That module was not loaded on the working system. I installed it there first by accident but it had no detrimental effect. I don't find any reference to atapi or atapicam in the various rc files.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: atapicam issues
On 22 May 2010, at 20:47, Adam Vande More wrote: On Sat, May 22, 2010 at 10:20 PM, Doug Hardie bc...@lafn.org wrote: I have 2 systems running 8.0 installed from the same CD. One of them shows 2 PASS devices as expected and camcontrol devlist shows the appropriate devices. They work as expected. The other does not show any PASS devices and camcontrol devlist shows nothing. Doing a kldload atapicam installs the PASS devices and then camcontrol works properly. Why would that system require atapicam to be manually added? That module was not loaded on the working system. I installed it there first by accident but it had no detrimental effect. I don't find any reference to atapi or atapicam in the various rc files.___ atapicam is loaded from /boot/loader.conf as most hardware kernel mods are. AFAIK, something would have needed to changed on your working system the behavior you report. Perhaps you followed the handbook's instructions about cd burning long ago and forgot you edited the config? http://www.freebsd.org/doc/en/books/handbook/creating-cds.html Both machines were installed from the same CD over old Windows systems. They were installed within a few days of each other. loader.conf only has console=comconsole. Reading through the handbook page above it indicates that atapicam needs to be loaded in /boot/loader.conf. I'll add that to both machines. Makes me wonder why the one worked. kldstat showed it was not loaded.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: atapicam issues
On 22 May 2010, at 21:05, Adam Vande More wrote: On Sat, May 22, 2010 at 11:01 PM, Doug Hardie bc...@lafn.org wrote: Both machines were installed from the same CD over old Windows systems. They were installed within a few days of each other. loader.conf only has console=comconsole. Reading through the handbook page above it indicates that atapicam needs to be loaded in /boot/loader.conf. I'll add that to both machines. Makes me wonder why the one worked. kldstat showed it was not loaded. Well I assumed the hardware is identical but is it a scsi optical drive in the one worked? Hardware is fairly identical but not completely. Drives are both IDE. There are no SCSI cards on either machine. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Tripwire 1.2
Has anyone successfully got Tripwire 1.2 to work on FreeBSD 8? It compiles fine, but it trips on every file. It decides that the atime has changed. The report shows the observed and expected times are far different. Often off by 10s of years from what the file actually shows. Even more interesting is that it trips on every file in /bin where the config file consists of only: /binR-2 That should not even be checking the atime - but it does. It does work fine on FreeBSD 7.2. I have not been able to figure out why it would do this on 8.0.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Auto update
On 10 April 2010, at 23:14, Jos Chrispijn wrote: Can someone tell me if there is a way of generating an email on the moment that someone logs in to my FreeBSD server? The mail part (phpmail) will be easy; I don't know yet how to trigger and pass parameter to this script or redirect info to a file (that I then send by email). Thanks. A cheesy way to do that is to use a popen (tail -f /var/log/auth.log, r) and then read that. It will give you every login regardless of ssh, telnet etc. You could then generate the emails from that. I have no idea just how resource intensive this might be. You would also have to ensure it got started by rc during boot.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
getpwnam
I encountered a situation where sendmail was opening up what appeared to be
listening on random UDP ports. In the process of tracking this down I
discovered that the culprit is getpwnam. A ktrace of the following simple
program show whats happening:
#include stdio.h
#include stdlib.h
#include string.h
#include sys/types.h
#include pwd.h
int main (int argc, char *argv[])
{
struct passwd *pe;
pe = getpwnam (xxx);
}
Note, xxx is a valid user id in that system.
The ktrace output is way too large to include here, but below is the
interesting portion. Note that it creates a socket with address of 0.0.0.0:932
and then sends data to it. Somehow it gets a response although I can find
nothing other than this program using that port. I would think that it would
use a unix socket rather than UDP to access local NIS information. The
unknown address family error is also puzzling. I have traced this into
_nsdispatch but it gets a bit convoluted at that point with all the caching.
What is this doing?
87443 test CALL socket(PF_INET,SOCK_DGRAM,IPPROTO_UDP)
87443 test RET socket 4
87443 test CALL getsockname(0x4,0xbfbfe16c,0xbfbfe1f0)
87443 test STRU struct sockaddr { AF_INET, 0.0.0.0:0 }
87443 test RET getsockname 0
87443 test CALL getsockopt(0x4,0,0x13,0xbfbfe1f8,0xbfbfe1ec)
87443 test RET getsockopt 0
87443 test CALL setsockopt(0x4,0,0x13,0xbfbfe1f4,0x4)
87443 test RET setsockopt 0
87443 test CALL bind(0x4,0xbfbfe16c,0x10)
87443 test STRU struct sockaddr { AF_INET, 0.0.0.0:0 }
87443 test RET bind 0
87443 test CALL getsockname(0x4,0xbfbfe144,0xbfbfe1c8)
87443 test STRU struct sockaddr { AF_INET, 0.0.0.0:932 }
87443 test RET getsockname 0
87443 test CALL getsockopt(0x4,SOL_SOCKET,SO_TYPE,0xbfbfe1c4,0xbfbfe1c8)
87443 test RET getsockopt 0
87443 test CALL getrlimit(RLIMIT_NOFILE,0xbfbfe0f4)
87443 test RET getrlimit 0
87443 test CALL getsockname(0x4,0xbfbfe074,0xbfbfe0f8)
87443 test STRU struct sockaddr { AF_INET, 0.0.0.0:932 }
87443 test RET getsockname 0
87443 test CALL getsockopt(0x4,SOL_SOCKET,SO_TYPE,0xbfbfe0f4,0xbfbfe0f8)
87443 test RET getsockopt 0
87443 test CALL gettimeofday(0xbfbfe1c0,0)
87443 test RET gettimeofday 0
87443 test CALL getpid
87443 test RET getpid 87443/0x15593
87443 test CALL ioctl(0x4,FIONBIO,0xbfbfe1c8)
87443 test RET ioctl 0
87443 test CALL fcntl(0x4,F_SETFD,FD_CLOEXEC)
87443 test RET fcntl 0
87443 test CALL bind(0x4,0xbfbfe700,0x10)
87443 test STRU struct sockaddr { AF_UNSPEC, unknown address family }
87443 test RET bind -1 errno 22 Invalid argument
87443 test CALL getsockname(0x4,0xbfbfe700,0xbfbfe740)
87443 test STRU struct sockaddr { AF_INET, 0.0.0.0:932 }
87443 test RET getsockname 0
87443 test CALL gettimeofday(0xbfbfe740,0)
87443 test RET gettimeofday 0
87443 test CALL kqueue
87443 test RET kqueue 5
87443 test CALL sendto(0x4,0x282359f4,0x48,0,0x28235008,0x10)
87443 test GIO fd 4 wrote 72 bytes
0x 4b8e 2491 0002 0001 86a4 |K.$.|
0x0010 0002 000a ||
0x0020 0004 7465 7374 |test|
0x0030 0014 6d61 7374 6572 2e70 6173 7377 |master.passw|
0x0040 642e 6279 6e61 6d65 |d.byname|
87443 test RET sendto 72/0x48
87443 test CALL kevent(0x5,0x282350dc,0x1,0xbfbfe6fc,0x1,0xbfbfe730)
87443 test GIO fd 5 wrote 20 bytes
0x 0400 0100 ||
0x0010 ||
87443 test GIO fd 5 read 20 bytes
0x 0400 2000 | ...|
0x0010 ||
87443 test RET kevent 1
87443 test CALL recvfrom(0x4,0x282350f4,0x900,0,0,0)
87443 test GIO fd 4 read 32 bytes
0x 4b8e 2491 0001 |K.$.|
0x0010 0001 4a3f f709 |J?..|
87443 test STRU struct sockaddr { AF_INET, 206.117.18.7:876 }
87443 test RET recvfrom 32/0x20
87443 test CALL close(0x5)
87443 test RET close 0
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pf rules
On 23 January 2010, at 04:18, Erik Norgaard wrote:
Doug Hardie wrote:
This is quite interesting. I can't figure out the rules on my system.
Maybe try to simplify, clean up and structure your rules :)
Here is the pf.conf file with all comments removed:
table blackhole persist file /etc/blackhole
table spamd persist
table spamd-white persist
table spamd-white-local persist file /etc/mail/whitelist
MAILHOSTS = {zool.lafn.org}
no rdr on { lo0, lo1 } from any to any
no rdr inet proto tcp from spamd-white-local to any port smtp
no rdr inet proto tcp from spamd-white to any port smtp
rdr pass log inet proto tcp from any to any port smtp - 127.0.0.1 port spamd
pass in log inet proto tcp to $MAILHOSTS port smtp keep state
pass in log on sis0 reply-to (sis0 192.168.25.1) proto tcp from any to any
port 75 keep state
block in quick log on $ext_if from blackhole to any
1. pf allows short cuts, but these also makes it more difficult to debug. I'd
separate NAT from filtering,
Ok. I guess you want some white space between them? Here it is with the white
space and comments:
ext_if=dc0
table blackhole persist file /etc/blackhole
table spamd persist
table spamd-white persist
table spamd-white-local persist file /etc/mail/whitelist
MAILHOSTS = {zool.lafn.org}
# NAT/RDR Rules
no rdr on { lo0, lo1 } from any to any
no rdr inet proto tcp from spamd-white-local to any port smtp
no rdr inet proto tcp from spamd-white to any port smtp
rdr pass log inet proto tcp from any to any port smtp - 127.0.0.1 port spamd
# Filter Rules
pass in log inet proto tcp to $MAILHOSTS port smtp keep state
pass in log on sis0 reply-to (sis0 192.168.25.1) proto tcp from any to any port
75 keep state
block in quick log on $ext_if from blackhole to any
Other than the comments I don't see the difference.
that is never use rdr pass even though pf allows it. You also need to
understand when rdr takes place to write your filtering rules.
That would be really helpful if that information were available somewhere it
could be found. I have not been able to find that anywhere.
2. you can deploy one of two policies: Default block with a whitelist or
default pass with a black list. Mixing these is a bad idea.
3. $ext_if = dc0?
I added that back in above. Somehow it got deleted with the comments.
4. rdr needs an interface, I'm surprised that pf will parse the above, and
have no idea what it does with it. pfctl -sn should show you the nat rules.
zool# pfctl -sn
No ALTQ support in kernel
ALTQ related functions disabled
no rdr on lo0 all
no rdr on lo1 all
no rdr inet proto tcp from spamd-white-local to any port = smtp
no rdr inet proto tcp from spamd-white to any port = smtp
rdr pass log inet proto tcp from any to any port = smtp - 127.0.0.1 port 8025
It seems to understand it just fine and it works properly. See man spamd:
The following pf.conf(5) example is suggested:
table spamd-white persist
rdr pass inet proto tcp from !spamd-white to any \
port smtp - 127.0.0.1 port spamd
5. Organize your rules as scetched in last mail, grouping rules for each
interface, it really helps locating where things go wrong.
Other than the whitespace and comments they are.
I have log statements and catch all rules to ensure that if these are
triggered there is something in my ruleset I haven't taken into account. I
avoid using any except in default rules.
Note: the blackhole file is empty as is the whitelist file. There is an
entry for 216.54.240.150 in spamd database. This is a test system.
Here is the output of tcpdump where I have only taken one entry for each
rule. I have listed the rule number at the front of each line:
Rule 0: 14:01:27.133320 rule 0/0(match): pass in on dc0:
216.54.240.150.55782 206.117.18.7.25: S 2501333595:2501333595(0) win 65535
mss 1460,nop,nop,sackOK
Rule 1: 02:26:44.755650 rule 1/0(match): pass in on sis0:
71.109.144.133.40864 192.168.25.7.75: S 3941268770:3941268770(0) win 65535
mss 1460,nop,wscale 3,nop,nop,timestamp[|tcp]
Rule 2: 10:44:45.037918 rule 2/0(match): block in on dc0:
71.109.162.173.39529 206.117.18.7.75: . ack 145 win 65535
nop,nop,timestamp 705571170 1951648775
Rule 4: 13:51:16.022700 rule 4/0(match): rdr in on dc0:
216.54.240.150.49821 127.0.0.1.8025: S 2371633783:2371633783(0) win 65535
mss 1460,nop,nop,sackOK
I found no entries for rule 3. There is virtually no traffic on this system
other than from me.
As I look at pf.conf and tie the rules to the entries I get (rule number at
beginning of line):
no rdr on { lo0, lo1 } from any to any
no rdr inet proto tcp from spamd-white-local to any port smtp
0 - no rdr inet proto tcp from spamd-white to any port smtp
4 - rdr pass log inet proto tcp from any to any port smtp - 127.0.0.1 port
spamd
pass in log inet proto tcp to $MAILHOSTS port smtp keep state
1 - pass in log on sis0 reply-to (sis0 192.168.25.1) proto tcp
Re: Migration planning - old system to new
On 23 January 2010, at 22:42, John wrote:
On Sun, Jan 24, 2010 at 10:55:14AM +0800, Erich Dollansky wrote:
Hi,
On 24 January 2010 am 01:08:27 John wrote:
doing this on a new machine! And I don't need any migration
storage, because, well, gosh - it's tcp, people! ;) I just
did the first transfer of home, and it went swell:
how did you handle the strange group IDs?
Have not done that yet. My current best plan (which I'm not really
crazy about, but haven't come up with anything better) is to do
121 find /home -uid ... -exec chown {} + and 37
find /home -gid ... -exec chgrp {} + commands. This is also called
Let's modify every inode in the filesystem. Twice. Oh, well, the
ctimes are blown up by the migration anyway (as they really should be).
I have to be careful, if there are any IDs that are used on both
systems, but with different associations, to do the change in
the right order (sigh). I could try to get really fancy and just
find the distinct combinations of uid:gid and do only one
chown uid:gid for each file, but, getting it done will be more
important than being pretty at some point.
You might check out tar. At one time it had the option to use user and group
names and not ids. Hence the ids could change between the 2 systems. It seems
like it was on FreeBSD 3 or 4 that I last did that.
I just tried it with FreeBSD 7.2 creating a tar file. Digging through the file
it shows the ascii names for owner and group - not uid/gid. I un-tar'd it on a
Mac and sure enough it used the names and the uids are quite different for the
two systems.___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pf rules
On 22 January 2010, at 01:45, Erik Norgaard wrote: To debug pf rules: - always add direction to the rule, pass or block, add interface to all rules except default policy, keep state on all pass rules - group your rules per direction, then per interface - add log to all rules and watch pflog to see which rule blocks or passes traffic. - use keyword quick for any decisive rule - check the parsing of your ruleset, pfctl -sr then come back and ask for help. Where do you find the rule information in the pflog output from tcpdump? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pf rules
On 22 January 2010, at 03:14, Erik Norgaard wrote: Doug Hardie wrote: On 22 January 2010, at 01:45, Erik Norgaard wrote: To debug pf rules: - always add direction to the rule, pass or block, add interface to all rules except default policy, keep state on all pass rules - group your rules per direction, then per interface - add log to all rules and watch pflog to see which rule blocks or passes traffic. - use keyword quick for any decisive rule - check the parsing of your ruleset, pfctl -sr then come back and ask for help. Where do you find the rule information in the pflog output from tcpdump? a snip: alpha# tcpdump -n -e -i pflog0 tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes 11:55:20.910140 rule 81/0(match): block in on vr1: 172.16.1.127.52444 172.16.0.1.23: tcp 44 [bad hdr length 0 - too short, 20] rule 81 blocks. Now, problem is that your rules may be more compact, you'll find the rule with pfctl -sr. Now admittedly, I got: pass in quick on vr1 inet proto udp from 172.16.0.0/23 to local_ip port = secret_service keep state ofcourse, that rule didn't block. But two lines down I found: block return in log quick on vr1 inet from 172.16.0.0/23 to local_ip This makes sence, so why the offset 2? The first line of the output from pfctl -sr is scrub all fragment reassemble that shouldn't count as a rule. And then, if pflog starts counting with 0 while vi counts from 1 that explains it. Yet another reason to check the rules as parsed using pfctl -sr. Anyway, not trying to cut corners is the first step, then add log so you can see whats going on, use quick to avoid some packet fall through and being matched by a different rule than intended, organizes your rules so you can easily separate things out. My rules are grouped together like this: # default policy block all block in log general condition pass in quick some packets keep state block in log quick general condition block out log general condition pass out quick some packets keep state block out log quick general condition # Default policy catch all should never apply block log all the conditions for the pass rules should match those of the first block and then be more specific, say, only apply to one port. Doing so, the pf rule parser will optimize the ruleset. Even if I know that a given rule can only match packets on the vr0 interface, I explicitly state the interface. It makes it clear what's going on. Once the ruleset is debugged and working you can remove the log statements. Thanks. That is really helpful. The key is that the rule information is in the link layer. I never guessed that. Now I see it just fine. This approach sure beats monitoring the statistics and the input and trying to correlate them. That was the approach I was using. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
