RE: Panic/reboot - a little help.
Here is the standard causes. I all most all cases this is a hardware problem. Motherboard is overheating because of years of accumulated dust. Open box and use small paint brush to blow away dust on motherboard chips. Remove heat sink on CPU and clean out chocking dust and reinstall. Power supply's just go bad over time resulting in lower operating voltages to motherboard and hard drive. Hard drive will not spin as fast which causes the r/w heads not to fly above platter with out touching the surface. Hard disk starts going bad because of this and will need replacement along with the power supply. Power supply has cooling fan which can become plugged with dust. Cleaning out dust in power supply may result in output voltage to return to normal. Hard drive central bearing wears out over time and causes the platters to wobble allowing the r/w heads to rub on surface of platters causing surface damage and loss of data. What you may be experiencing is end-of-life of your PC. Back up your user data now or it may be gone for every. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Laurence Sanford Sent: Sunday, April 09, 2006 8:57 AM To: [EMAIL PROTECTED] Subject: Panic/reboot - a little help. My desktop box, which has run very stable for a couple years now using which ever version of FreeBSD I've been running at the time, has developed a sudden and alarming need to panic. I have two vmcore files at this point, but I'm unsure how much actual help they'll be in figuring out what's happening because I don't have debugging compiled into the kernel (never needed it before!) nor do I actually know exactly how to gather any information from them if they *can* still be of use. I can tell you this has happened twice now in the past 5 hours. Once I was asleep, and once I was reading my email. I'm going to include what I can here, any suggestions or ideas what's happening will be a great help. [EMAIL PROTECTED](~)$ dmesg Copyright (c) 1992-2005 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.0-STABLE #2: Sat Jan 14 12:03:12 CST 2006 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/Colossus Timecounter i8254 frequency 1193182 Hz quality 0 CPU: AMD Athlon(tm) MP 2000+ (1666.74-MHz 686-class CPU) Origin = AuthenticAMD Id = 0x662 Stepping = 2 Features=0x383fbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR, PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE AMD Features=0xc0480800SYSCALL,MP,MMX+,3DNow+,3DNow real memory = 536346624 (511 MB) avail memory = 515342336 (491 MB) MPTable: TYAN PAULANER FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs cpu0 (BSP): APIC ID: 1 cpu1 (AP): APIC ID: 0 ioapic0: Assuming intbase of 0 ioapic0 Version 1.1 irqs 0-23 on motherboard npx0: [FAST] npx0: math processor on motherboard npx0: INT 16 interface cpu0 on motherboard cpu1 on motherboard pcib0: Host to PCI bridge pcibus 0 on motherboard pci0: PCI bus on pcib0 agp0: AMD 762 host to AGP bridge port 0x1010-0x1013 mem 0xf800-0xfbff,0xf4c0-0xf4c00fff at device 0.0 on pci0 pcib1: MPTable PCI-PCI bridge at device 1.0 on pci0 pci1: PCI bus on pcib1 pci1: display, VGA at device 5.0 (no driver attached) isab0: PCI-ISA bridge at device 7.0 on pci0 isa0: ISA bus on isab0 atapci0: AMD 768 UDMA100 controller port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf000-0xf00f at device 7.1 on pci0 ata0: ATA channel 0 on atapci0 ata1: ATA channel 1 on atapci0 pci0: bridge at device 7.3 (no driver attached) pcib2: MPTable PCI-PCI bridge at device 16.0 on pci0 pci2: PCI bus on pcib2 ohci0: OHCI (generic) USB controller mem 0xf490-0xf4900fff irq 19 at device 0.0 on pci2 ohci0: [GIANT-LOCKED] usb0: OHCI version 1.0, legacy support usb0: SMM does not respond, resetting usb0: OHCI (generic) USB controller on ohci0 usb0: USB revision 1.0 uhub0: AMD OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered xl0: 3Com 3c905C-TX Fast Etherlink XL port 0x2000-0x207f mem 0xf4901000-0xf490107f irq 19 at device 8.0 on pci2 miibus0: MII bus on xl0 ukphy0: Generic IEEE 802.3u media interface on miibus0 ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto xl0: Ethernet address: 00:e0:81:24:e7:bb pmtimer0 on isa0 orm0: ISA Option ROMs at iomem 0xc-0xc7fff,0xc8000-0xc87ff,0xe-0xe3fff on isa0 atkbdc0: Keyboard controller (i8042) at port 0x60,0x64 on isa0 atkbd0: AT Keyboard irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] psm0: PS/2 Mouse irq 12 on atkbdc0 psm0: [GIANT-LOCKED] psm0: model IntelliMouse Explorer, device ID 4 ppc0: Parallel port at port 0x378-0x37f irq 7 on isa0 ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode ppc0: FIFO with 16/16/9 bytes threshold ppbus0: Parallel port bus on ppc0 ppbus0: IEEE1284 device found /NIBBLE/ECP Probing for PnP devices on ppbus0: ppbus0: HEWLETT-PACKARD DESKJET 810C MLC,PCL,PML
RE: promiscuous mode enabled
If you run tcpdump it turns on promiscuous mode when it starts and turns it off when you stop it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thiago Esteves de Oliveira Sent: Sunday, April 09, 2006 10:35 AM To: freebsd-questions@freebsd.org Subject: fxp: promiscuous mode enabled Hi, I have a problem with my ethernet adapter (fxp)... When a run 'dmesg', look: fxp: promiscuous mode enabled fxp: promiscuous mode disabled fxp: promiscuous mode enabled fxp: promiscuous mode disabled I didn't find it in fxp's manual... What's it ... -- Thiago Esteves de Oliveira ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: web server attack (solution warning)
I received this reply from another list. Going back to the very beginning of your first post - those web requests you listed as seeing are a bit troublesome. They all seem to be probes against your web server to verify if you can be used as an open proxy server. The first two requests are from SOCKS proxy checkers, the 3rd is an HTTP CONNECT check to see if your server will connect to an SMTP host (for use by SPAMMERS) and the last is a request to a normal website. The probes themselves are not what worries me, as these happen all the time. What worries me are the status codes returned by your web server - 200 OK. This normally means that your server processed these requests successfully. Are you using mod_security to return bogus HTTP Response Codes??? I sure hope so, otherwise you need to disable the mod_proxy module ASAP. I checked my Apache httpd.conf file. The FreeBSD port of the Apache13 activates a lot of standard dso modules and one of then is the proxy module. I had thought those dso modules had to have a directive coded for it before it became active. I see now that is not true. I commented out the load for the proxy module in my httpd.conf file. Since many people install the apache port for apache 13 and 2 all these people have servers that are open for abuse and do not know it. The proxy dso module should not be included in the apache port. Apache port user be ware. Make sure you don't have mod_proxy enabled in Apache ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Apache refusing to listen 81
I don't know where you got Listen *:80 Listen *:81 from. My working system uses Listen 8080 just fine. In the FreeBSD port of apache the http.conf file has the Listen statement in a few different places. You want the one closes to the beginning of the file. On 4/9/06, Daniel A. [EMAIL PROTECTED] wrote: On 4/8/06, Adam McCarthy [EMAIL PROTECTED] wrote: I am trying to tell Apache2 to listen on port 81 with Listen *:81 Even if I comment out Listen:80 it still listens on 80. After starting Apache, telnet 127.0.0.1 81 fails with Connection Refused. My listen is Listen *:80 Listen *:81 I have no firewall on the machine. No errors in httpd-error.log. Thanks in advanced for any inconvience. -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Numerous ftp timeouts - why?
I had this same problem when I was on dial up line. Once I got cable ISP internet connection the problem never happened again. Those ftp sites are busy and dial up connections degrade performance for the other concurrent users logged onto the ftp site and so dial up users get timed out and dropped. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael D. Norwick Sent: Sunday, April 09, 2006 2:59 PM To: freebsd-questions@freebsd.org Subject: Numerous ftp timeouts - why? New to FreeBSD not new to *nix. Have the docs/handbook/faq, etc. Using freebsd 6.0 RELEASE on Compaq Proliant 2500R. Why when trying to install various apps from ports do the ftp sessions frequently timeout? If I manually fetch packages from sites the download goes ok, but this means I have to copy files to /usr/ports/distfiles manually. did 'man fetch' but still no clue as to why this happens. Thank You, Michael ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
help with tcpdump cmd syntax
I tried tcpdump -i rl0 src host 218.166.163.180 -w /usr/tcpdump.data tcpdump -i rl0 host 218.166.163.180 -w /usr/tcpdump.data tcpdump -i rl0 src ip 218.166.163.180 -w /usr/tcpdump.data but got syntax error msg with no hint of what was wrong If I remove the -w stuff it works. Meaning it prints to the screen. But I want to write to file Can you help me out here on the syntax error? One other thing. When does tcpdump get access to the packet? My firewall has a block log rule for that ip address. Does tcpdump see the packet before ipfilter ipnat does? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: freebsd 6.0 personal firewall
You need to read the firewall section of the freebsd handbook. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls. html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of ilyana ramlan Sent: Thursday, April 06, 2006 11:58 PM To: freebsd-questions@FreeBSD.org Subject: freebsd 6.0 personal firewall Hello, I have few questions: 1) How do i block websites by typing their url name (eg. www.yahoo.com) using built in freebsd 6.0 firewall? 2) Do i have to configure the hosts.allow file to block websites and must i know their IP address to block websites? Can i block them by their URL names? Thank you. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: firewall
You need to read the firewall section of the freebsd handbook. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls. html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of ilyana ramlan Sent: Friday, April 07, 2006 12:04 AM To: freebsd-questions@FreeBSD.org Subject: firewall hello, i have another question, Do i have to install IPTable before configuring hosts.allow file? thanks __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: web server attack
mod_security is in the ports collection -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Robert Huff Sent: Friday, April 07, 2006 3:11 PM To: [EMAIL PROTECTED] ORG Subject: Re: web server attack Frank Laszlo writes: Does anyone know what this is and what I can do to stop it besides adding the ip address to my firewall block rules? I suppose that someone is trying to exploit mod_proxy to connect to an SMTP server (that's the CONNECT 4.79.181.15:25 part), or at least get HTTP replies back. Setup mod_security to block that type of request. Any chance you can capture some packets and send a link? I'd like to take a look at it. Running apache-2.2, I don't seem to have _security among the modules. Do I need to change my config (and rebuild), or does it perhaps go by another name in this version? Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Which Laptop for FreeBSD
This question was just covered in great detail last 2 weeks. Check the archives for subject What laptop do you recommend? Secondly, you should first search the archives for answers to your questions before posting to this list. http://freebsd.rambler.ru/ us this url to search archives. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David Schulz Sent: Thursday, April 06, 2006 10:36 AM To: freebsd-questions@freebsd.org Subject: Which Laptop for FreeBSD Hello all, i would like to buy a new Laptop in the very near future, and of course it has to run my favourite OS. I have never searched for a Laptop, and now that i did i am overwhelmed with the confusing variety of different Brands and Models. One of the big Questions i am having is; Should i look for a 64 bit Laptop or better not? I am just not sure wheter or not 64bit will come trough this year on Laptops, and how well is it (and will it be) supported by FreeBSD. I know that there are some Internet Sites which try to maintain some data about linux / unix on laptops, but i found them to be quite outdated. I am looking for a Workstation replacement kind of Laptop, and it must have a DVI out for my Monitor. I kind of would like to go with 64bit, since its supposedly the future, if this isnt quite the time for 64bit Laptops yet, please someone educate me. If there is anyone out there, that can recommend a new Laptop (Price is not an issue) that runs FreeBSD nicely, please let me know, i would most appreciate it. Thanks and best regards, David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
web server attack
Posted this at 11am and now its 5:30pm and still have not seen this post return from the list mailer. So posting it again. In my httpd-access.log I have started receiving a lot of these. Looks like some kind of attack to me. This first showed up in my log on April fools day 4/1/06 and get 4 per hour since then. The IP address changes every time I add it to firewall rules to block. Does anyone know what this is and what I can do to stop it besides adding the ip address to my firewall block rules? 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:25 -0400] \x04\x01 200 0 - - 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:45 -0400] \x05\x01 200 0 - - 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:45 -0400] CONNECT 4.79.181.15:25 HTTP/1.1 200 7014 - - 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:46 -0400] GET http://www.ebay.com/ HTTP/1.1 200 7014 - Mozilla/4.0 (compatible; MSIE 5.00; Windows 98) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Award BIOS Upgrade Fees - Slightly Offtopic
For that kind of money you can get a bios replacement chip from unicore. www.unicore.com Which probably is better and contains more functions that the mfg would provide. I have never had to pay the mfg for a bios burnable upgrade. Who is the motherboard mfg? I would like to know so I don't buy their motherboards in the future. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thompson, Jimi Sent: Wednesday, April 05, 2006 10:50 AM To: freebsd-questions@freebsd.org Subject: Award BIOS Upgrade Fees - Slightly Offtopic I just encountered what I consider to be a totally outrageous problem. I've got a system with a BIOS issue. The motherboard maker has decided to use Award's BIOS and they want a minimum of $39.95 to email me the BIOS update that I need to fix the system. I thought I post here, even though it's a bit off topic to see if any of you have encountered anything similar and to see what you've done to resolve the issue. The system in question is loaded with FreeBSD. TIA, Jimi Thompson, CISSP ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
software recommendation
I am looking for am application that will simulate a browser and allow me to program responses to filling in forms from the internet application the browser is accessing. I have read about this type of thing before and even seen it mentioned on this list but at the time I had no interest in it. I don't even know what this type of function is called so I can not do a successful web search or ports search. I tried the words scraping, session capture, and browser session simulation all with no luck. Does anyone know what this is called or the port name if there is one? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ipnat syntax error?
You can use this format of the ipnat map command map dc0 10.0.10.1/29 - 20.20.20.5-20.20.20.7 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Erik Norgaard Sent: Monday, April 03, 2006 7:45 AM To: Juergen Heberling Cc: freebsd-questions@freebsd.org Subject: Re: ipnat syntax error? Juergen Heberling wrote: Due to historical reasons I can not just take a /29 or /30 block out of the middle of the cidr I will ultimately use -- this FreeBSD server will implement a firewall on an existing connection replacing an old Cisco router that only NAT'd. So I will see if things can work with just one map with portmaps. Please note that the - for the range syntax is documented in several places, not just the FreeBSD handbook and should probably be fixed. check out packet filter as an alternative, you can map any pool of addresses as you like: http://openbsd.org/faq/pf/nat.html You can use a list or a table to specify what src addresses are mapped to what dst addresses. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ipf and amule
You need to add keep state to the inbound rules for amule ports. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of jorge alonso Sent: Saturday, April 01, 2006 11:40 PM To: [EMAIL PROTECTED] Subject: ipf and amule i'm running amule in the box running the ipf. I can't get highid when connecting to servers (i cant even connect to servers due to the lowid thingy i suppose). If i remove the line: block in on vr0 all amule connects without any problems. What i'am doing wrong ? i have the folowwing rules: pass in quick on lo0 all pass out quick on lo0 all # ISP domain name server pass out quick on vr0 proto tcp from any to any port = 53 flags S keep state pass out quick on vr0 proto udp from any to any port = 53 keep state pass out quick on vr0 proto icmp from any to any icmp-type 8 keep state pass out quick on vr0 proto tcp from any to any port = 80 flags S keep state pass out quick on vr0 proto tcp from any to any port = 443 flags S keep state # amule pass in quick on vr0 proto tcp from any to any port = 4662 pass in quick on vr0 proto udp from any to any port = 4665 pass in quick on vr0 proto udp from any to any port = 4672 block in on vr0 all #block out on vr0 all # ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: disable listen on ports
You need to activate one of the 3 different built in FreeBSD firewalls. It well explained in the firewall section of the FreeBSD handbook. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Niklaus Sent: Sunday, April 02, 2006 10:47 AM To: [EMAIL PROTECTED] Subject: disable listen on ports Hi, How do i disable users on a system to run their own http proxy. I don't want to allow users who have login accounts on my system to listen to any port . How do i do that. Regards Nik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: cvs over SSH using nonstandard port
change it in /etc/services -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Troy Sent: Saturday, April 01, 2006 9:00 AM To: freebsd-questions@freebsd.org Subject: cvs over SSH using nonstandard port Recently I changed the port that SSH was listening on to a non-standard port. I access my cvs repository using SSH but need to point it to the non-standard port. In my .cshrc file I have these settings which work fine when SSH is using port 22. setenv CVSROOT :ext:[EMAIL PROTECTED]:/foo/bar/cvsroot setenv CVS_RSH ssh I tried to add :ext:[EMAIL PROTECTED]:xxx:/foot/far/cvsroot where the xxx was the nonstandard port but it didn't seem to like it. How do I get my cvsclients to use this nonstandard port? -Troy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: repeated ssh login attempts/failure/break-in attempts from kiddy script
What you are seeing is ssh doing it's job like its designed to do. This is not anything you have to worry about. If you don't want to see these messages in your auth.log then change syslog.conf to only send critical messages to the log. There are a few different ports in the FreeBSD ports collection which address this problem by adding deny ip address rules to your firewall. The denyhosts port is the most popular. But this is just make busy work as it does not really provide any greater security than ssh is providing it's self. The facts of life is script kiddies and robots roll through ranges of ip address looking for open ssh ports and then mount a attack. There is nothing you can do about this except change the port number ssh uses to some high port number. With only 4 remote ssh users far better to change the port number ssh uses and just have your remote ssh users add the port number to use in their ssh client. Here is document to explain how to do that in detail. http://elibrary.fultus.com/technical/index.jsp?topic=/com.fultus.doc s.software/books/ssh_how-to/cover.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Nathan Vidican Sent: Friday, March 31, 2006 8:43 AM To: [EMAIL PROTECTED] Subject: repeated ssh login attempts/failure/break-in attempts from kiddy script Noted recently in auth.log, a string of connection attempts repeated/failed over and over from one host - looks like a script someone's running, tries all kinds of various usernames, etc... attempts like 100-200 logins, fails and goes away. Few hours go by, and another such attempt, from a different IP comes in. If I'm here and just happen to notice them - simple ipfw add deny... does the trick, but is there not a way to limit the login attempts for a certain period of time? ie: after 4 failed attempts from IP _BLANK_ in less than _BLANK_ minutes, deny all attempts and drop connection from said IP... possible? Any suggestions/ideas? Thus far, no one has managed to login (there are only three accounts which even have a shell or can login via ssh... but still not the point). I'd just like to get rid of the problem and save my auth.log file for perhaps something more useful ;) -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate Tool Ltd. http://www.wmptl.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: sshd BREAKIN ?
What you are seeing is ssh doing it's job like its designed to do. This is not anything you have to worry about. If you don't want to see these messages in your auth.log then change syslog.conf to only send critical messages to the log. There are a few different ports in the FreeBSD ports collection which address this problem by adding deny ip address rules to your firewall. The denyhosts port is the most popular. But this is just make busy work as it does not really provide any greater security than ssh is providing it's self. The facts of life is script kiddies and robots roll through ranges of ip address looking for open ssh ports and then mount a attack. There is nothing you can do about this except change the port number ssh uses to some high port number. Here is document to explain how to do that in detail. http://elibrary.fultus.com/technical/index.jsp?topic=/com.fultus.doc s.software/books/ssh_how-to/cover.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tang Ho Yim Sent: Thursday, March 30, 2006 10:49 PM To: freebsd-questions@freebsd.org Subject: sshd BREAKIN ? I got a error messages from /var/log/auth.log which is about sshd.. .sshd : reverse mapping checking getaddrinfo for core-01.148.rdcw.com failed - POSSIBLE BREAKIN ATTEMPT ! all my sshd_config is default setting except I have change to PasswordAuthentication NO , PermitEmptyPasswords NO , and ChallengeResponseAuthentication NO Is that I am being hack ? last command show who is login before but it seem ok What should I do ? Thanks ! - Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ipfw secure setup for ssh bruteforcers
The facts of life is script kiddies and robots roll through ranges of ip address looking for open ssh ports and then mount a attack. There is nothing you can do about this except change the port number ssh uses to some high port number so they do not find you. Here is document to explain how to do that in detail. http://elibrary.fultus.com/technical/index.jsp?topic=/com.fultus.doc s.software/books/ssh_how-to/cover.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of nawcom Sent: Tuesday, March 28, 2006 2:12 PM To: freebsd-questions@freebsd.org Subject: ipfw secure setup for ssh bruteforcers I have a pretty good setup with ipfw, and theres always dickheads constantly trying to get in - mostly through old microsoft and ssh1/2 exploits with certain usernames and passwords. I pretty much add their ip to a protected ban list (after 5 tries) which bans them from the entire server. From any professionals, what is the most effective technique that i should use to take care of these kiddies other than a complete ban? Is my technique good or is it oversecure? An admin said that doing this can be bad, especially when the kiddy is connected to a large network like a company or university; I may block other people who aren't guilty of the act. (which makes sense) I use the up do date ssh so any exploits are either patched up or will be patched when they're discovered, so holes in the program shouldn't be in issue. any replies would be wonderful, Thanks, Ben -- They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. --- Benjamin Franklin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ssh session hangs when term is flooded with text.
There is a patch to OpenSSH to fix the buffer size problem caused by the different operating systems OpenSSH runs on. When the host and remote are different operating systems the send/receive buffer sizes do not match and this causes drastic slow down. Like in using Winscp client connecting to a FreeBSD box or Linux box. ports/security/hpn-ssh/ contains the patch code to fix this problem in sshd/ssh. Check out the patches home page at http://www.psc.edu/networking/projects/hpn-ssh/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Nikolas Britton Sent: Thursday, March 30, 2006 9:49 AM To: freebsd general questions Subject: ssh session hangs when term is flooded with text. When I log into any FreeBSD box through the VPN (IPsec site-to-site) my ssh session will eventually hang when a large amount of text/data is displayed, for example compiler output, running top, running links or lynx, etc. Obviously this is a networking problem but I'm not sure where to start. -- BSD Podcasts @ http://bsdtalk.blogspot.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
DHCPD config
I use dhcp client to get the info needed from my ISP at boot time. I also run dhcpd for issuing ip address to my LAN. In the dhcpd.conf file I have option statement for the ISP's dns ip address like this: option domain-name-servers xx.168.xxx.6, xx.168.xxx.7; the xx are just for this post. How can I change this so dhcpd will automatically use the dns ip address the dhcp client gets so when the ISP changes the ip address of the dns to use the change will also effect dhcpd? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Can FreeBSD safely use a (un-booted from) drive that is invisible to the BIOS?
You have 2 problems here. bios not seeing the HD and the old FBSD HD geometry WARNING. For the FBSD HD geometry WARNING you can just let FBSD use what ever it thinks it should be. This is not a problem. Your bios problem is most likely a hardware config thing. If the 2 HDs are on the same ribbon are the HD jumpers set correctly, (master/slave for right nipple on the ribbon or both cs for cable select) Do you have a ata type cdrom drive on the ribbon? Same thing about jumpers here to. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Danny MacMillan Sent: Friday, March 31, 2006 3:06 PM To: freebsd-questions@freebsd.org Subject: Can FreeBSD safely use a (un-booted from) drive that is invisible to the BIOS? Hi, I have a machine with the following two drives (as listed in dmesg): ad0: 12427MB Maxtor 91303D6 GAS54A12 at ata0-master UDMA33 ad2: 76319MB Maxtor 6L080P0 BAJ41G10 at ata1-master UDMA33 ad0 is the boot drive. It is recognized by the BIOS, obviously, and has been in the machine for some years. ad2 is a new drive I just added to the machine yesterday. It is not visible to the BIOS at all. If anyone can posit a reason it would not be visible to the BIOS, I would like to know the answer. The BIOS supports LBA and ad0 is more than 8GB so it wouldn't appear to be the 8GB limit, and the next limit I am aware of is comfortably larger than 76GB. At any rate ... it is not visible to the BIOS, but it is visible to FreeBSD. Since I'm not booting from the drive, I think it shouldn't matter ... but when I use Fdisk from sysinstall I get the following familiar error message: |WARNING: A geometry of 155061/16/63 for ad2 is incorrect. Using ¦ ¦a more likely geometry. If this geometry is incorrect or you ¦ ¦are unsure as to whether or not it's correct, please consult ¦ ¦the Hardware Guide in the Documentation submenu or use the ¦ ¦(G)eometry command to change it now. ¦ ¦ ¦ ¦Remember: you need to enter whatever your BIOS thinks the ¦ ¦geometry is! For IDE, it's what you were told in the BIOS ¦ ¦setup. For SCSI, it's the translation mode your controller is ¦ ¦using. Do NOT use a ``physical geometry''. | Since I don't actually know what the BIOS thinks the geometry is, I got cold feet and decided to ask the list. I don't =think= it should matter, since the BIOS shouldn't ever touch the disk, at least as far as my understanding goes. I do have one concern. This drive was purchased more or less to act as an emergency backup of the drive that's already in there. If ad0 ever fails, ad2 drive will have to be put in a new machine whose BIOS recognizes it in order to boot. If I accept the mystery geometry for the drive today, will I later face a problem where the BIOS disagrees and the drive will be unbootable? Thank you for your kind attention. -- Danny MacMillan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: DHCPD config
Let me see if I understand you correctly. Your saying that dhcp client has no built in way to communicate to dhcpd the dns ip address it receives at boot time or during the normal lease update process? That your suggesting the work around is to customize the dhclient-script code at the point where it determines the /etc/resolv.conf file gets deleted and re-written with the new dns ip address info, by adding code to parse into the dhcpd.conf file replacing the option line for dns ip addresses with the new ip address? Well I looked at that script code and it's way above my ability to write script code at that level. The other suggestion of adding my own LAN DNS server is over kill because my LAN just has 2 pc's on it and the only purpose of the LAN is to share a single dynamic IP address from my ISP. There must be a lot of other people in the same boat as I am who have all ready customized the dhclient-script or more properly the /etc/dhclient-exit-hooks file to edit the dhcpd.conf file with the correct DNS ip address. Do you know of any web sites that contain dhcp scripts? *** Kris Anderson [EMAIL PROTECTED] writes: I think the answer you are looking for lies in dhclient-script. I noticed it futzes with resolv.conf. If you happen to notice resolv.conf changing (You can test this about by making a backup of resolv.conf, erasing its contents and then rebooting the machine, just for the sake of everything running properly and seeing if the contents of resolv.conf get repopulated with your ISPs DNS settings) then you can create a script to grab the elements needed from the ISP and drop them in to a file for dhcpd to read and then SIGTERM dhcpd and restart it. Basically, have dhclient-script rewrite the dhcpd.conf. Running your own nameserver and pointing the internal DHCP clients to it is another option, but slightly less resistant to failures. Doing both will get you the best of both worlds. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ATA Drive Issues
Hay I am ran ata HD on 5.4 and now on 6.0 with out any problems. Your problems may be caused by your HD starting to go bad. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Wil Hatfield Sent: Friday, March 31, 2006 5:46 PM To: freebsd-questions@freebsd.org Subject: RE: ATA Drive Issues I was afraid Soren was going to be mentioned. Well shouldn't the FreeBSD 5.4 release information state that it isn't recommended for machines with ATA drives? I really have no way of downgrading to 5.3 without losing a couple hundred customers over it. But with all these filesystem freezes I guess I will eventually lose them anyways. Without the acknowledgement of the bugs and proper bug tracking I doubt that these issues are going to get fixed in 5.5 or 6.1 either. It seems the ATA issues are being ignored. How can a release make it this far down the branch without fixing the good old ATA drive issues first? Cheers, -- Wil Hatfield -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Anish Mistry Sent: Friday, March 31, 2006 2:29 PM To: freebsd-questions@freebsd.org Cc: Wil Hatfield - HyperConX Subject: Re: ATA Drive Issues On Friday 31 March 2006 17:08, Wil Hatfield - HyperConX wrote: What is the problem with 5.4 and ATA drives? I am running the latest release of FreeBSD 5.4-RELEASE-p11. I have two basic ATA drives, no raids and no scsi anything. Every now and then under a bit of load the harddrive freezes with either a kernel panic or a Write_DMA error. I have to reboot the machine and run fsck -y to recover. Sometimes I have to run it twice. From my understanding ATA in 5.4 is slightly broken since Soren hasn't actually touched that code. The last time he touched the 5.x branch was for 5.3. I had a weird issue with a 5.3-5.4 upgrade a while back. My tape drive disappeared :(. I didn't have time to investigate, so I just backed down to 5.3, which works fine while I work up a schedule to migrate to 6.X. -- Anish Mistry ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Can FreeBSD safely use a (un-booted from) drive that is invisible to the BIOS?
sounds like you have hd jumpered as master on second ata controler but have HD on wrong ribbon nipple to match master jumper. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Danny MacMillan Sent: Friday, March 31, 2006 5:37 PM To: Bob Johnson Cc: Danny MacMillan; [EMAIL PROTECTED]; freebsd-questions@freebsd.org Subject: Re: Can FreeBSD safely use a (un-booted from) drive that is invisible to the BIOS? On Fri, Mar 31, 2006 at 03:48:57PM -0500, Bob Johnson wrote: On 3/31/06, Danny MacMillan [EMAIL PROTECTED] wrote: [,,,] ad0 is the boot drive. It is recognized by the BIOS, obviously, and has been in the machine for some years. ad2 is a new drive I just added to the machine yesterday. It is not visible to the BIOS at all. If anyone can posit a reason it would not be visible to the BIOS, I would like to know the answer. The BIOS supports LBA and ad0 is more than 8GB so it wouldn't appear to be the 8GB limit, and the next limit I am aware of is comfortably larger than 76GB. If ad2 were operating as the slave drive without a master on that controller, that could explain it, but that doesn't seem to be what's happening here. ad2 is the only device on the second controller and it is definitely jumpered as master. I also get the same behaviour when the second drive is attached as a slave on the first controller (e.g. as ad1). Interestingly, attaching an ATAPI CD-ROM drive as slave on the first controller works. Are you sure you don't have the second drive disabled in the BIOS somehow? Positive. It's an old BIOS, the options are limited, but it is set to Auto (choices Auto, User, and None). I had a thought and changed the addressing mode from Auto to LBA but it made no difference. The only difference between selecting Auto and None in the BIOS is that when the setting is Auto, the machine hangs at the following and will not boot: Secondary Master: Detecting [Press F4 to skip] At this point, the machine is completely stuck -- pressing F4 does nothing, neither does pressing ctrlaltdel if I recall correctly. I have to power cycle it to get it to do anything. Now that I'm going through this thought process, I have some vague recollection that I used to have a second disk in there, but I had to remove it because it stopped working for some reason -- it exhibited the same hang when detecting the second drive. At the time it didn't occur to me to disable the drive in the BIOS to get the machine to boot and just let FreeBSD access the drive directly. Of course, it doesn't speak favourably to the reliability of the hardware. [...] Since I don't actually know what the BIOS thinks the geometry is, I got cold feet and decided to ask the list. I don't =think= it should matter, since the BIOS shouldn't ever touch the disk, at least as far as my understanding goes. FreeBSD uses BIOS routines to start the boot process, then uses its own idea of what's on the disk. So, as far as I know, you will only have a problem if they are different enough to either cause the boot process to fail, or on a dual boot system, to cause Windows to think the partitions are in different places than does FreeBSD, or if your BIOS is picky about the partition table. A few years ago I started ignoring that message and it's worked for me. I just let sysinstall do what it wants (I believe I started that practice when a bug in sysinstall gave me no choice). I *think* that with modern block addressed, i/o buffered disks, on which the physical geometry is an illusion anyway, the only real problem you can run into is different ideas of the total size of the disk, i.e. where the last usable block is. One geometry might give you a few megabytes more than another geometry, but the difference is at the end of the disk. That isn't going to have any effect on booting (assuming the BIOS is willing to start the boot process), and not likely to even be a problem when dual booting. I generally ignore the warning, too. My only concern this time is that in a case where the drive is visible to the BIOS, at least if I get it spectacularly wrong I will find out right away. Also the question of whether different BIOSes will assign the same geometry to the drive. I do have one concern. This drive was purchased more or less to act as an emergency backup of the drive that's already in there. If ad0 ever fails, ad2 drive will have to be put in a new machine whose BIOS recognizes it in order to boot. If I accept the mystery geometry for the drive today, will I later face a problem where the BIOS disagrees and the drive will be unbootable? If my understanding is correct, it is unlikely to cause a problem, but it might. The BIOS routines will still be able to read the first few sectors to start the boot process. If your BIOS is so picky that it notices that the partition table claims to use bytes beyond what it thinks is the end of
RE: Is ALTQ part of 6.0 base system
Reading the pf firewall man pages says to use ALTQ with PF a custom kernel has to be complied with the ALTQ options included. This seems to indicate that ALTQ is only available when used with the pf firewall. ALTQ used to be available as a port so it could be used stand-a-lone. Can ALTQ support be compiled into a custom kernel and be used stand-a-lone? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, March 29, 2006 11:54 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] ORG Subject: Re: Is ALTQ part of 6.0 base system On 3/29/06, fbsd_user [EMAIL PROTECTED] wrote: Back in 5.2 development when OpenBSD pf was being included in the base system there was talk that ALTQ for bandwidth management was also being worked on to become part of the base system. What is the status of ALTQ is it a port or in the base system now? Kernel. grep ALTQ /usr/src/sys/conf/NOTES man 9 altq -- -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Is ALTQ part of 6.0 base system
Then if what you say is true, there would be man pages in the base system for using ALTQ stand-a-lone and there are none. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Thursday, March 30, 2006 10:29 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] ORG Subject: Re: Is ALTQ part of 6.0 base system Can ALTQ support be compiled into a custom kernel and be used stand-a-lone? They can be used in anything which is compiled to use them, yes. -- -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: FBSD 6.0 ipfilter nat redirect not working.
in quick on rl0 proto tcp/udp from any to any port = 139 block in quick on rl0 proto tcp/udp from any to any port = 81 # Block all ftp attempts to login so count will show in daily cron rpt block in quick on rl0 proto tcp/udp from any to any port = 21 # Block all SSH attempts to login so count will show in daily cron rpt block in quick on rl0 proto tcp/udp from any to any port = 22 # Block all telnet attempts to login so count will show in daily cron rpt block in quick on rl0 proto tcp/udp from any to any port = 23 # Block all www attempts so count will show in daily cron rpt block in quick on rl0 proto tcp/udp from any to any port = 80 # Block all secure www attempts so count will show in daily cron rpt block in quick on rl0 proto tcp from any to any port = 443 # Block all smtp email server attempts so count will show in daily cron rpt block in quick on rl0 proto tcp from any to any port = 25 # block range of Trojan udp ports 1021 thru 1039 # so count will show in daily cron rpt block in quick on rl0 proto udp from any to any port 1020 1040 # block Trojan scan port block in quick on rl0 proto tcp from any port = 6000 to any # Allow traffic in from ISP's DHCP server. pass in quick on rl0 proto udp from xx.173.0.1 port = 67 to any keep state pass in quick on rl0 proto udp from xx.39.64.1 port = 67 to any keep state # Allow traffic in from ISP's DNS server. pass in quick on rl0 proto udp from xx.168.240.5 port = 53 to any keep state pass in quick on rl0 proto udp from xx.168.240.2 port = 53 to any keep state # Allow in testing www function because I have apache server on lan pass in log quick on rl0 proto tcp from any to any port = 6188 flags S keep state pass in log quick on rl0 proto tcp from any to 10.0.10.4 port = 80 flags S keep state # Block all upd traffic block in log quick on rl0 proto udp all #block in quick on rl0 proto udp all # Block and log only first occurrence of all remaining traffic # coming into the firewall. # This rule enforces the block all by default logic. #block in quick on rl0 all block in log quick on rl0 all -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Erik Norgaard Sent: Wednesday, March 29, 2006 2:54 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] ORG Subject: Re: FBSD 6.0 ipfilter nat redirect not working. fbsd_user wrote: # /root ipnat -l List of active MAP/Redirect filters: map rl0 10.0.10.0/29 - 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 0.0.0.0/0 - 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 10.0.10.0/29 - 0.0.0.0/32 rdr rl0 0.0.0.0/0 port 6188 - 10.0.10.4 port 80 tcp List of active sessions: RDR 10.0.10.4 80- - 79.69.59.49 6188 [65.45.227.95 2698] MAP 10.0.10.6 1857 - - 79.69.59.49 1857 [216.155.193.144 5050] Nothing happens. No ipf.log records on gateway box and no ipf.log records on the LAN web server box. There is firewall rule to log pass from any to 10.0.10.4 port = 80 keep state And any packet that does not match a firewall rule get logged and dropped. Please post your filter ruleset also. Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Floppy
try this mount -t msdos /dev/fd0 /mnt or mount_msdosfs /dev/fd0 /mnt if that dont work replace your floppy drive as it's bad. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Aguiar Magalhaes Sent: Wednesday, March 29, 2006 7:34 AM To: freebsd-questions@freebsd.org Subject: Floppy Hi list, #mount -t msdos /dev/fd0 /mnt/floppy ins´t working on the machine using free 6.0 The /mnt/floppy exists but /dev doesn´t have the fd0 file. It has the fd directory and the files 0,1 and 2 PS: #mount -t msdos /dev/fd/0 /mnt/floppy doesn´t work How can I do it ?? Thanks, Aguiar ___ Yahoo! doce lar. Faça do Yahoo! sua homepage. http://br.yahoo.com/homepageset.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: IP Filter problems on 4.11-STABLE
Your firewall rules are pretty much useless. Your default is to pass everything that does not match a rule. So other than those block rules everything is allowed out and in. This means your slowness problem has nothing to do with your firewall. Read the handbook for ipfilter sample rule set if you want a meaningful firewall. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of B H Sent: Wednesday, March 29, 2006 4:06 AM To: [EMAIL PROTECTED] ORG Subject: IP Filter problems on 4.11-STABLE Hello! I've upgrade a machine about a week ago from 4.10-p19 i belive it was. Now IPFilter does not work or is VERY slow, ssh, web and mail timesout. NAT is working like it should. # dmesg | grep 'IP Filter' IP Filter: v3.4.35 initialized. Default = pass all, Logging = enabled ipf.rules looks like this: # Let clients behind the firewall send out to the internet, and replies to # come back in by keeping state. pass out quick on fxp0 proto tcp all keep state pass out quick on fxp0 proto udp all keep state pass out quick on fxp0 proto icmp all keep state # Since nothing should be coming from these address ranges, block them block in log quick on fxp0 from 82.182.0.0/16 to any block in quick on fxp0 from 192.168.0.0/16 to any block in quick on fxp0 from 172.16.0.0/12 to any block in quick on fxp0 from 10.0.0.0/8 to any block in quick on fxp0 from 127.0.0.0/8 to any block in quick on fxp0 from 192.0.2.0/24 to any block in log quick on fxp0 from any to 10.0.0.0/32 block in log quick on fxp0 from any to 10.0.0.255/32 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: slow scp transfer
There is a patch to OpenSSH to fix the buffer size problem caused by the different operating systems OpenSSH runs on. When the host and remote are different operating systems the send/receive buffer sizes do not match and this causes drastic slow down. Like in using gentoo client connecting to a FreeBSD box or Linux box. ports/security/hpn-ssh/ contains the patch code to fix this problem in sshd/ssh. Check out the patches home page at http://www.psc.edu/networking/projects/hpn-ssh/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Miguel Sent: Wednesday, March 29, 2006 4:43 PM To: freebsd-questions@freebsd.org Subject: slow scp transfer Hi, i have freebsd 6.0 in a dl380 g3, im copying a 3.0G file from one server (with gentoo) to the freebsd server using scp, the transfer rate is terrible slow, check out this napstats# scp [EMAIL PROTECTED]:NAPSTATS_TRANSFER/stopacct_borrar stopacct_borrar stopacct_borrar26% 802MB 423.2KB/s 1:30:57 ETA this are my interfaces: napstats# ifconfig -a bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=1aTXCSUM,VLAN_MTU,VLAN_HWTAGGING inet6 fe80::213:72ff:fe0c:9065%bge0 prefixlen 64 scopeid 0x1 inet 192.168.10.49 netmask 0xf000 broadcast 192.168.15.255 ether 00:13:72:0c:90:65 media: Ethernet autoselect (100baseTX full-duplex) status: active tl0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 ether 00:08:c7:56:ce:3e media: Ethernet autoselect (100baseTX full-duplex) status: active lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff00 i dont have any errors: napstats# netstat -i NameMtu Network Address Ipkts IerrsOpkts Oerrs Coll bge0 1500 Link#1 00:13:72:0c:90:65 1574833 0 994478 0 0 bge0 1500 fe80:1::213:7 fe80:1::213:72ff:0 -4 - - bge0 1500 192.168.0/20 192.168.10.49 1335972 - 991596 - - tl0* 1500 Link#2 00:08:c7:56:ce:3e0 00 0 0 lo0 16384 Link#3 12620 012620 0 0 lo0 16384 localhost ::1 12476 -12476 - - lo0 16384 fe80:3::1 fe80:3::10 -0 - - lo0 16384 your-net localhost 144 - 144 - - what can be wrong? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Is ALTQ part of 6.0 base system
Back in 5.2 development when OpenBSD pf was being included in the base system there was talk that ALTQ for bandwidth management was also being worked on to become part of the base system. What is the status of ALTQ is it a port or in the base system now? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FBSD 6.0 ipfilter nat redirect not working.
Been running ipfilter long time. Now with FBSD 6.0 having no joy at getting redirect to web server on LAN to work. This is first time trying this. rl0 is NIC facing the public internet. 10.0.10.4 is the LAN ip address of the web server. Have friend uses http://79.69.59.49:6188/index.htm to target me. The ip address is fake for this posting. # /root ipnat -l List of active MAP/Redirect filters: map rl0 10.0.10.0/29 - 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 0.0.0.0/0 - 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 10.0.10.0/29 - 0.0.0.0/32 rdr rl0 0.0.0.0/0 port 6188 - 10.0.10.4 port 80 tcp List of active sessions: RDR 10.0.10.4 80- - 79.69.59.49 6188 [65.45.227.95 2698] MAP 10.0.10.6 1857 - - 79.69.59.49 1857 [216.155.193.144 5050] Nothing happens. No ipf.log records on gateway box and no ipf.log records on the LAN web server box. There is firewall rule to log pass from any to 10.0.10.4 port = 80 keep state And any packet that does not match a firewall rule get logged and dropped. Gateway box has these sysctl nobs set net.inet.ip.forwarding=1 net.inet.ip.sourceroute=0 net.ip.accept_sourceroute=0 From the active session list, it looks like the rdr command was executed but no packet showed up at the firewall. My question is, does any one have ipfilter nat redirect working on Freebsd 6.0 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: what does this message means
It means a attacker who has camouflaged his real identity found your ssh port open and was trying to gain access, but ssh's security did its job and denied access just like it's designed to do. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Imran Imtiaz Sent: Sunday, March 26, 2006 11:29 PM To: freebsd-questions@freebsd.org Subject: what does this message means I got the following in my daily security check logs. what does it mean? Mar 26 14:27:17 darkstar sshd[90821]: reverse mapping checking getaddrinfo for genesis-27-156-16-del.genesipr.com failed - POSSIBLE BREAKIN ATTEMPT! Mar 26 14:27:22 darkstar sshd[90823]: reverse mapping checking getaddrinfo for genesis-27-156-16-del.genesipr.com failed - POSSIBLE BREAKIN ATTEMPT! Mar 26 14:27:26 darkstar sshd[90825]: reverse mapping checking getaddrinfo for genesis-27-156-16-del.genesipr.com failed - POSSIBLE BREAKIN ATTEMPT! Mar 26 14:27:30 darkstar sshd[90827]: reverse mapping checking getaddrinfo for genesis-27-156-16-del.genesipr.com failed - POSSIBLE BREAKIN ATTEMPT! Mar 26 14:27:35 darkstar sshd[90836]: reverse mapping checking getaddrinfo for genesis-27-156-16-del.genesipr.com failed - POSSIBLE BREAKIN ATTEMPT! regards, Imran ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Tightening up ssh
The fact of life is there is no way to stop ssh logon attacks as long as you have port 22 open to the public internet. You all ready see ssh doing its job correctly by not allowing unauthorized logons. Review the questions archives, this subject has been beat to death the last 3 weeks. There are some port application that read the hosts.allow log and auto creates firewall rules to block that attacking ip address. But this is just busy work as it does not stop the packets hitting your front door or really add any additional security over what native ssh is providing you. A more popular method is to change the port number ssh uses and just have your remote ssh users use that port number when they remote logon to ssh. Now the mass majority of script kiddies robots attackers will find port 22 closed and lose interest in you. Only an dedicated attacker who has it out for just you, and knows your ip address all ready would make the special effort to scan all the high order port numbers looking for a ssh response. Read the end of this doc for more details on how to change ssh's port number. Direct link to Example of Host SSH Win SSH Clients is http://elibrary.fultus.com/technical/index.jsp?topic=/com.fultus.doc s.software/books/ssh_how-to/cover.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Graham North Sent: Sunday, March 26, 2006 2:52 PM To: [EMAIL PROTECTED]; questions freebsd Subject: Tightening up ssh Hi Mark: You recently wrote: Users are encouraged to create single-purpose users with ssh keys and very narrowly defined sudo privileges instead of using root for automated tasks. Does this mean that there is a way to run ssh, but only allow certain users to use it. My default seems to have been that if someone has a username and password they can access ssh (except root as PermitRootLogin no is the default). The ssh port seems to be the most heavily attacked one on my machine and so I recently took to blocking port 22. My preference would be to enable it to only one user and give them an obscure username and strong password. Root is not currently allowed access by default in the setup. Is this the approach that you alluded to above? Can you point me to some information or provide some tips. Thanks, Graham/ -- Kindness can be infectious - try it. Graham North Vancouver, BC www.soleado.ca ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
sendmail feature options.
Tried to add sendmail feature option nodns and received error during make. Where can I find list of all the allowable feature options. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: sendmail dns lookups
After trying to activate the sendmail nodsn feature in FreeBSD 6.0 I get a make error. It seems that this feature is no longer available. The README file talks about some hosts switch file which does not exist. So back to original question which is now modified to say, How do you tell sendmail in FreeBSD 6.0 not to do dns lookups? -Original Message- From: Giorgos Keramidas [mailto:[EMAIL PROTECTED] Sent: Monday, March 20, 2006 11:10 PM To: fbsd_user Cc: [EMAIL PROTECTED] Subject: Re: sendmail dns lookups On 2006-03-20 23:02, fbsd_user [EMAIL PROTECTED] wrote: How do you tell sendmail not to do dns lookups? You may be interested at the description of FEATURE(`nodns') in the file `/usr/share/sendmail/cf/README'. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: USR 56k Internal WinModem
Internal modems are manufactured for two target markets, MS/Windows and every thing else. Winmodems are cheep because the hardware controller function is handled by the software you have to install into windows. This hardware controller function is contained in a chip on the modem circuit board. Winmodems are missing this chip and have a replacement chip that directs the modem to use driver software running in the windows system to perform the controller function. The most common replacement chip is manufactured by Lucent. There are many versions of this Lucent chip each version needing a different software driver version. Up until version 4.4, FBSD did not have any solution to using Winmodems, but with the release of 4.4 the ports collection contains the Linux Winmodem 'ltmdm' driver which was ported to FBSD. This port is very poorly documented, only works with a limited number of Lucent chip version, and is unreliable. Your whole internet connection is managed by your modem and trying to shoe horn a modem specially manufactured for the MS/Windows operating system into FBSD is not the way to achieve a satisfactory dialup connection. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dmitry Pisklov Sent: Friday, March 24, 2006 5:59 AM To: freebsd-questions@freebsd.org Subject: USR 56k Internal WinModem How can I set up (if I can do it at all :)) my US Robotics winmodem? I use FreeBSD 6.0 stable. Here's what says pciconf: [EMAIL PROTECTED]:2:0: class=0x078000 card=0x008112b9 chip=0x100612b9 rev=0x00 hdr=0x00 vendor = '3COM Corp, Modem Division (Formerly US Robotics)' device = 'USR 56k Internal WinModem' class= simple comms I've found no drivers for it... Best regards, Dmitry Pisklov Developer StarSoft Development Labs ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: business of BSDmall
BSD mall is separate company. This questions list has nothing to do with it. Version 4.9 is very old. The current version is 6.0. That may be strong indicator that bsdmall is no longer current. You can download an .iso file and burn it to your own blank cd, and use that to install from. Instruction are in the handbook at www.freebsd.org. Instruction for getting the .iso file and burning the cd using ms/windows are in the install guide at www.a1poweruser.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of antonio zacca Sent: Thursday, March 23, 2006 9:05 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: business of BSDmall Hello I am a consummer from JP and have shopping a CD for FreeBSD4.9 on BSDmall where linked from this site. I am sure to remember date of order is end of FEB so Its been almost all a month but nothing to reach me from BSDmall. I sent e-mail to them twice for checking of shipping for my order but even no answer. now what I want to ask here is BSDmall is working or not? if they are working with no torable why they ignore me? credit card company already have charged for this shopping. I know It takes approx ten to couple of weeks for trancportation from US to JP coz I have often shoped from Oversee particuler from US alots. if someone have time and get my hand for me please thanks for any reply PS: my name is Yoshiya Imai I have no infomation of order coz BSDmall never have sent any e-mail to me __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Google Talk and NAT issue ?
Just what do you mean by punching a hole in the firewall without the firewalls knowledge? The firewall is designed to stop just such a thing. Please explain your Statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Andrew Pantyukhin Sent: Wednesday, March 22, 2006 8:35 AM To: Norberto Meijome Cc: Yuan Jue; freebsd-questions@freebsd.org Subject: Re: Google Talk and NAT issue ? On 3/22/06, Norberto Meijome [EMAIL PROTECTED] wrote: On Mon, 13 Mar 2006 20:54:14 +0800 Yuan Jue [EMAIL PROTECTED] wrote: What kind of new technology Google use to overcome a NAT issue? Hi there, no idea if you figured this out yet. I dont use (any version of ) google talk (skype works just great :) ), so these are only suggestions. Windows version may be using uPNP to open up your firewall. ...or punching holes in stateful firewalls. I think that's what skype does. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Google Talk and NAT issue ?
Thanks for the links to the details. From my reading of the details at the google link my firewall is secure as long as the skype client software is not installed on any of the LAN pcs behind my firewall. I added deny rules for the ip address where the skype client can be downloaded from so employees can not install it. Does anyone know if there are any other client software products that use this same technique. I will add their download ip address to my firewall rules also. Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Andrew Pantyukhin Sent: Wednesday, March 22, 2006 10:42 AM To: [EMAIL PROTECTED] Cc: Yuan Jue; Norberto Meijome; freebsd-questions@freebsd.org Subject: Re: Google Talk and NAT issue ? On 3/22/06, fbsd_user [EMAIL PROTECTED] wrote: Just what do you mean by punching a hole in the firewall without the firewalls knowledge? The firewall is designed to stop just such a thing. Please explain your Statement. http://www.google.com/search?q=skype+nat+traversal http://www.mocaedu.com/mt/archives/000140.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: sendmail dns lookups
Yes this is what I want, but the instructions to install are for native sendmail and not the FreeBSD way. What is the FreeBSD way of activating the nodsn feature? -Original Message- From: Giorgos Keramidas [mailto:[EMAIL PROTECTED] Sent: Monday, March 20, 2006 11:10 PM To: fbsd_user Cc: [EMAIL PROTECTED] Subject: Re: sendmail dns lookups On 2006-03-20 23:02, fbsd_user [EMAIL PROTECTED] wrote: How do you tell sendmail not to do dns lookups? You may be interested at the description of FEATURE(`nodns') in the file `/usr/share/sendmail/cf/README'. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: sendmail dns lookups
These are the steps is followed 1) cd /etc/mail 2) type make 3) edit /etc/mail/hostname.mc 4) locate line containing features 5) Inserted this line FEATURE(`nodns') 6) save file and exit 7) in /etc/mail type, make, make install, and make restart Is this the correct procedure? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dan Busarow Sent: Tuesday, March 21, 2006 11:23 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: sendmail dns lookups On Tuesday, March 21, 2006, at 08:50 AM, fbsd_user wrote: Yes this is what I want, but the instructions to install are for native sendmail and not the FreeBSD way. What is the FreeBSD way of activating the nodsn feature? cd to /etc/mail vi your .mc file. It will be named fqdn.of.the.server.mc add the FEATURE line run make Dan -Original Message- From: Giorgos Keramidas [mailto:[EMAIL PROTECTED] Sent: Monday, March 20, 2006 11:10 PM To: fbsd_user Cc: [EMAIL PROTECTED] Subject: Re: sendmail dns lookups On 2006-03-20 23:02, fbsd_user [EMAIL PROTECTED] wrote: How do you tell sendmail not to do dns lookups? You may be interested at the description of FEATURE(`nodns') in the file `/usr/share/sendmail/cf/README'. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfilter nat redirect
I have a web server on my private lan that I want to be accessible from the public internet. dc0 is the interface facing the public internet I added this rdr rule after the map rules at the end of my nat file. rdr dc0 0/0 port 80 - 10.0.10.4 port 8080 also tried this rule rdr dc0 0.0.0.0/0 port 80 - 10.0.10.4 port 8080 My understanding of the documentation says the above rdr rule means, check all packets inbound on interface dc0, and no matter what the sending ip address of the packet may be, if the port number of the destination ip address of that packet matches port 80, then re-write the packet's destination ip address and port to 10.0.10.4 port 8080 and create the internal nat table to handle the translation of the outbound packets coming from 10.0.10.4. Then hand the re-written packet to the firewall to be processed against the firewall rules. My ipfilter firewall rules would need a pass rule like this pass in log quick on dc0 proto tcp from any to 10.0.10.4 port = 8080 flags S keep state to create the by-directional packet session. Problem is I cant get this to work. I see nothing in the log for the pass rule. Anybody have any idea what I am doing wrong or if my understanding of the re-direct process is in error. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: dual bge nics slow transfer - no transfer
This was posted a few weeks back. net.inet.tcp.inflight.enable If I set this value to 0, my bandwitdh problems are resolved. Give this a try and post back if it solved your problem. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mark Busby Sent: Monday, March 20, 2006 12:55 PM To: freebsd-questions@freebsd.org Subject: dual bge nics slow transfer - no transfer I have a tyan k8wd with dual bge nics but they are painfully slow on transfer rates. Is there something I need to put in the hints file to fix this?? Thanks! dmesg output Copyright (c) 1992-2005 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.0-RELEASE #1: Tue Mar 14 05:43:23 CST 2006 [EMAIL PROTECTED]:/usr/src/sys/amd64/compile/QUAD Timecounter i8254 frequency 1193182 Hz quality 0 CPU: Dual Core AMD Opteron(tm) Processor 270 (1989.05-MHz K8-class CPU) Origin = AuthenticAMD Id = 0x20f12 Stepping = 2 Features=0x178bfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR ,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SS Features2=0x1SSE3 AMD Features=0xe2500800SYSCALL,NX,MMX+,b25,LM,3DNow+,3DNow Hyperthreading: 2 logical CPUs real memory = 4227792896 (4031 MB) avail memory = 4083822592 (3894 MB) ACPI APIC Table: A M I OEMAPIC FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 cpu2 (AP): APIC ID: 2 cpu3 (AP): APIC ID: 3 MADT: Forcing active-low polarity and level trigger for SCI ioapic0 Version 1.1 irqs 0-23 on motherboard ioapic1 Version 1.1 irqs 24-27 on motherboard ioapic2 Version 1.1 irqs 28-31 on motherboard acpi0: A M I OEMRSDT on motherboard acpi0: Power Button (fixed) pci_link0: ACPI PCI Link LNKA irq 5 on acpi0 pci_link1: ACPI PCI Link LNKB irq 9 on acpi0 pci_link2: ACPI PCI Link LNKC irq 11 on acpi0 pci_link3: ACPI PCI Link LNKD irq 10 on acpi0 Timecounter ACPI-safe frequency 3579545 Hz quality 1000 acpi_timer0: 24-bit timer at 3.579545MHz port 0x1008-0x100b on acpi0 cpu0: ACPI CPU on acpi0 acpi_throttle0: ACPI CPU Throttling on cpu0 cpu1: ACPI CPU on acpi0 cpu2: ACPI CPU on acpi0 cpu3: ACPI CPU on acpi0 pcib0: ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0 pci0: ACPI PCI bus on pcib0 pcib1: ACPI PCI-PCI bridge at device 6.0 on pci0 pci3: ACPI PCI bus on pcib1 ohci0: OHCI (generic) USB controller mem 0xfeafc000-0xfeafcfff irq 19 at device 0.0 on pci3 ohci0: [GIANT-LOCKED] usb0: OHCI version 1.0, legacy support usb0: SMM does not respond, resetting usb0: OHCI (generic) USB controller on ohci0 usb0: USB revision 1.0 uhub0: AMD OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered ohci1: OHCI (generic) USB controller mem 0xfeafd000-0xfeafdfff irq 19 at device 0.1 on pci3 ohci1: [GIANT-LOCKED] usb1: OHCI version 1.0, legacy support usb1: SMM does not respond, resetting usb1: OHCI (generic) USB controller on ohci1 usb1: USB revision 1.0 uhub1: AMD OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 3 ports with 3 removable, self powered atapci0: SiI 3114 SATA150 controller port 0xbc00-0xbc07,0xb880-0xb883,0xb800-0xb807,0xac00-0xac03,0xa880-0xa88 f ata2: ATA channel 0 on atapci0 ata3: ATA channel 1 on atapci0 ata4: ATA channel 2 on atapci0 ata5: ATA channel 3 on atapci0 pci3: display, VGA at device 6.0 (no driver attached) fxp0: Intel 82551 Pro/100 Ethernet port 0xa800-0xa83f mem 0xfeafb000-0xfeafbfff,0xfeaa-0xfeab irq 18 at miibus0: MII bus on fxp0 inphy0: i82555 10/100 media interface on miibus0 inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto fxp0: Ethernet address: 00:e0:81:41:62:0d isab0: PCI-ISA bridge at device 7.0 on pci0 isa0: ISA bus on isab0 atapci1: AMD 8111 UDMA133 controller port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf at device 7.1 on pc ata0: ATA channel 0 on atapci1 ata1: ATA channel 1 on atapci1 pci0: serial bus, SMBus at device 7.2 (no driver attached) pci0: bridge at device 7.3 (no driver attached) pcib2: ACPI PCI-PCI bridge at device 10.0 on pci0 pci2: ACPI PCI bus on pcib2 bge0: Broadcom BCM5704C Dual Gigabit Ethernet, ASIC rev. 0x2003 mem 0xfc80-0xfc80,0xfc8f-0xfc8f miibus1: MII bus on bge0 brgphy0: BCM5704 10/100/1000baseTX PHY on miibus1 brgphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseTX, 1000baseTX-FDX, auto bge0: Ethernet address: 00:e0:81:41:62:4c bge1: Broadcom BCM5704C Dual Gigabit Ethernet, ASIC rev. 0x2003 mem 0xfc83-0xfc83,0xfc82-0xfc82 miibus2: MII bus on bge1 brgphy1: BCM5704 10/100/1000baseTX PHY on miibus2 brgphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseTX, 1000baseTX-FDX, auto bge1: Ethernet address: 00:e0:81:41:62:4d pci0: base peripheral, interrupt controller at device 10.1 (no driver attached) pcib3: ACPI PCI-PCI bridge at device 11.0 on pci0 pci1: ACPI PCI bus on pcib3 pci0: base peripheral, interrupt controller at device
sendmail dns lookups
How do you tell sendmail not to do dns lookups? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Monitoring e-mails by TCP
Why not just configure your email clients to use your commercial mail server instead of your FBSD email server. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rodrigo G. Tavares de Souza Sent: Saturday, March 18, 2006 8:40 AM To: freebsd-questions@freebsd.org Subject: Monitoring e-mails by TCP Hi, I'm very newbie on freeBSD. I have already installed the Firewall(ipfw) + NAT, Squid + Sarg and Apache Http Server, and is working pretty well! :-) Now I have a need, and I don't know if I can do it with a BSD solution! My e-mail server is outside of my network, is a comercial mail server. But, my e-mail trafic pass through a BSD server, the one I've mentioned before. So, what do I need to do? I need to make a copy of all received and delivered e-mail through my network! Is this possible? Is there a sofware (free or not), or a firewall configuration to do it? I think it would be a kind of TCP monitor on ports 25 and 110, like some antivirus that scan e-mail trafic looking for virus! Any help is welcome! Best regard for all. Rodrigo Souza Sao Paulo - Brazil ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Building a virgin.
Install apache first before mysql and php. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Grant Peel Sent: Saturday, March 18, 2006 11:17 AM To: freebsd-questions@freebsd.org Subject: Building a virgin. Hi all, As some of you know I have been expierncing random freezing of a PE 1850. Since there is no real answer (lots of opinions), I have decided to build a new server for my client. I have a PE 750 that has been running a year now as a devel server. All that was needed was to upgrade the HD to 74GB per the original quote. That was done this weekend. FreeBSD 5.4 has been installed and the ports collection CVSUpded this morning. The kernel has been rebuilt to allow QUOTAs, and a basic ipfw firewall setup. I have loaded a number of servers in the past, with success, all of them based around PHP APache, MySQL Exim and vm-pop3d. All that having been said, I wanted to pick some brains of y'all regarding how you would handle loading all the new software on the server. The goal here is to have a functional webserver, with Apache, MySQL, PHP(with bells and whistles) , PERL, vm-pop3d, Exim(MTA), Spamassassin, Webmin, Usermin, ipa (for bandwidth accounting), Webalizer It will be used my my client to lots of virtual hosting. However, I am the only one with shell access. Here is what I intend to do ... suggestions, criticisms welcome. (i.e. doing something backwards, missing some critical steps etc). The first few lines are the ones I ussually trip over ... geting PHP and apache to work right together, and getting the correct PHP extensions istalled. Also, I like using Apache 2.x so I can have one deamon with http and https in one deamon. If anyone has a slicker flow of installation, I would really like to hear about it! installing database/MySQL server (4.1.18_1) installing database/MySQL client (4.1.18) install lang/PHP4 (4.4.1_1) install (use config) lang/php-extensions install apache install Exim install vm-pop3d install p5-spamassassin install webalizer install and customize Webmin install and costomize usermin install and configure various scripts for backups, log rotation, mrtg (system load) etc etc. -Grant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Trouble searching mailing list archives
I use this http://freebsd.rambler.ru/ lags 15 min behind what is posting to the list *** The archive at gmane seems quite useful and it's searchable here: http://search.gmane.org/?query=email=group=gmane.os.freebsd.questi onssort=relevanceDEFAULTOP=andxP=compat5.xFILTERS=Gos.freebsd.qu estions---A It's fast too. (Sorry about the long URL). - ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: System Still Freezing
System freezes are all most always (94% of the time) hardware problems. Power supply overheating, power supply voltage output falling to low, dust on motherboard causing overheating, or first signs of hard drive failure. Running mfg diagnostic will not identify these types of problems until they become close to total failure. If you want to eliminate 6.0 as cause install 4.11. That's before all the current major changes were applied. But my money is on hardware starting to fail. If I was you, I would make an backup to different hard drive of any data I did not want to lose. The warning signs are staring you straight in the face. I had this happen to me and was so frustrated over it. Once I replaced the hard drive FreeBSD was installed on the freeze ups stopped. I still am using that HD in the same box for backup storage with out any problems since. Go figure. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Grant Peel Sent: Thursday, March 16, 2006 9:04 AM To: freebsd-questions@freebsd.org Subject: System Still Freezing Hi all, Another chapter in the life (and death), of my Dell PE 1850. As you may be aware, I have a PE 1850 that has started to intermitantly freeze (this all started Feb 23rd). SOmetimes, it will run for 2 days, then freeze, sometimes it can run as long as 5 days. All logs and everything turned up to near debug, show nothing. The system just stops dead, and again, a physical suyvey of the server reveals nothing. All lights still working and blinking, no excessive heat not beeps etc etc. A week ago, I ran every 32 bit Dell diagnostic I could on it ... for 4 hours straight and not 1 error found. I also ran memetst86 for 3 hours and no errors found. Here are some particulars: FreeBSD 6.0 RELEASE Dell PowerEdge 1850 -Intel 3.0 GHz Duel Core. -512 MB DDR RAn -74 GB SCSI Seagate Cheetah 10k. - 2 Onboard Intel Pro1000 (1 GB) NICS (Both connected to my switch, 1 LAN and 1 WAN.). - 1 Built in (Dedicated Riser) DRAC 4/I card. - NO RAID, No Extra VIdeo or sound. No keyboard plugged in, no monitor. SHould I consider diableing APIC and Hyperthreading? Does anything know if these two would be causing all the issues I have in the kernel? I have been reading alot about interupt storms lately. How can I tell if this is whats happeneing here? Thanks again all, -GRant Kernel boot file (dmesg.boot): root on s1# more dmesg.boot dmesg.boot: No such file or directory root on s1# pwd /usr/src/sys/i386/conf root on s1# cd /var/run root on s1# more dmesg.boot Copyright (c) 1992-2005 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.0-RELEASE #2: Fri Mar 10 15:39:52 EST 2006 [EMAIL PROTECTED]:/usr/src/sys/i386/compile/DS9 MPTable: DELL PE 016C Timecounter i8254 frequency 1193182 Hz quality 0 CPU: Intel(R) Xeon(TM) CPU 3.00GHz (2992.71-MHz 686-class CPU) Origin = GenuineIntel Id = 0xf43 Stepping = 3 Features=0xbfebfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR ,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SS E2,SS,HTT,TM,PBE Features2=0x641dSSE3,RSVD2,MON,DS_CPL,CNTX-ID,CX16,b14 AMD Features=0x2010NX,LM Hyperthreading: 2 logical CPUs real memory = 536608768 (511 MB) avail memory = 515788800 (491 MB) ioapic0: Changing APIC ID to 2 ioapic0: Assuming intbase of 0 ioapic1: Changing APIC ID to 3 ioapic1: Assuming intbase of 24 ioapic2: Changing APIC ID to 4 ioapic2: Assuming intbase of 48 ioapic0 Version 2.0 irqs 0-23 on motherboard ioapic1 Version 2.0 irqs 24-47 on motherboard ioapic2 Version 2.0 irqs 48-71 on motherboard npx0: [FAST] npx0: math processor on motherboard npx0: INT 16 interface cpu0 on motherboard pcib0: MPTable Host-PCI bridge pcibus 0 on motherboard pci0: PCI bus on pcib0 pcib1: PCI-PCI bridge at device 2.0 on pci0 pci1: PCI bus on pcib1 pcib2: MPTable PCI-PCI bridge at device 0.0 on pci1 pci2: PCI bus on pcib2 mpt0: LSILogic 1030 Ultra4 Adapter port 0xec00-0xecff mem 0xdfdf-0xdfdf,0xdfde-0xdfde irq 26 at device 5.0 o n pci2 mpt0: [GIANT-LOCKED] mpt0: MPI Version=1.2.12.0 mpt0: Unhandled Event Notify Frame. Event 0xa. pcib3: MPTable PCI-PCI bridge at device 0.2 on pci1 pci3: PCI bus on pcib3 pcib4: PCI-PCI bridge at device 4.0 on pci0 pci4: PCI bus on pcib4 pcib5: PCI-PCI bridge at device 5.0 on pci0 pci5: PCI bus on pcib5 pcib6: MPTable PCI-PCI bridge at device 0.0 on pci5 pci6: PCI bus on pcib6 em0: Intel(R) PRO/1000 Network Connection, Version - 2.1.7 port 0xdcc0-0xdcff mem 0xdfae-0xdfaf irq 48 at device 7.0 on pci6 em0: Ethernet address: 00:14:22:1c:d5:7e em0: Speed:N/A Duplex:N/A pcib7: MPTable PCI-PCI bridge at device 0.2 on pci5 pci7: PCI bus on pcib7 em1: Intel(R) PRO/1000 Network Connection, Version - 2.1.7 port 0xccc0-0xccff mem 0xdf8e-0xdf8f irq 49 at device 8.0 on pci7 em1: Ethernet address: 00:14:22:1c:d5:7f em1: Speed:N/A
RE: downloading version 6 freebsd
The ftp sites will suspend the download if the transmission speed falls to low. It all most never works with a dial up connection. Try native FTP pgm to download instead of firefox. Problem is definitely at your end. Trying using a internet cafe pc to download the iso file and burn it to cd. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of T Dodds Sent: Thursday, March 16, 2006 7:29 AM To: freebsd-questions@FreeBSD.org Subject: downloading version 6 freebsd When I try to download Disk 1 of the iso’s for freebsd from various sites using Firefox,…the download always stops at 21,9MB Is their something wrong with your servers or the iso I am trying to download. I have tried it on ftp sites from Ireland, Germany, Norway, USA -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.2.4/282 - Release Date: 15-3-2006 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Using 'incorrect' HD geometry.
Write failure on transfer! (wrote 77187 bytes of 1425408 bytes) When I got this error message during install it mean the hard drive had a bad spot on it. This had nothing to do with the hd geometry used. Bet your hd is udma 33. Think this is a bug in fbsd since 4.11 where this problem did not occur. I think since 5.x the udma 33 ata driver does not handle the bad track pointer to the reassigned track. Or all the hd alt tracks have been used up all ready. What I did was to allocate an very small unused partition that included that area and then allocated the remainder of the hd to the slice I installed fbsd in. My suggestion is this is first sign your hd is going bad, replace now, and backup your data to other hd. good luck. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Murphy Sent: Thursday, March 16, 2006 10:28 AM To: freebsd-questions@freebsd.org Subject: Re: Using 'incorrect' HD geometry. Thanks Lila, your success encouraged me to try and you were quite right that your win partition is pretty safe with freebsd fdisk. Unfortunately the install failed saying: Write failure on transfer! (wrote 77187 bytes of 1425408 bytes) And loads of errors like the following were shown on the Alt F2 screen: /stand/cpio: invalid header: checksum error /stand/cpio: warning: skipped 723757 bytes of junk /stand/cpio: : No such file or directory /stand/cpio: invalid header: checksum error /stand/cpio: warning: skipped 4096 bytes of junk /stand/cpio: : No such file or directory [...] acd0: FAILURE - READ_BIG HARDWARE ERROR asc=0x08 ascq=0x03 error=0 I tried leaving the partitions (within the ad0s2 slice) as they were first. Then I tried 'Auto defaults for all' and lastly some partition sizes of my own. I even tried installing 5.3 which only managed to write -1 bytes. Which is odd because it must have worked before. Presumably I would need to change the drive geometry in fdisk to the figures which the BIOS indicates. Any one know the implications of doing so for the non bsd slices? Thanks again. -- John. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Constant ssh errors - sign of security issue?
Try using Putty or Winscp3 as your xp ssh client. I use both and know they work with out any problems. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Doug Lee Sent: Wednesday, March 15, 2006 9:16 PM To: freebsd-questions@freebsd.org Subject: Constant ssh errors - sign of security issue? I run two FreeBSD 4.10 systems and access them via ssh2 from a Windows XP machine running Cygwin ssh, connecting via EVDO link. I get a whole lot of three things: 1. Spontaneous read from remote host ... terminated; connection reset by peer. Mind, this is normal on an actual connection failure (timeout), but this one can happen while I'm actively typing something through the connection, and with no other evidence that my Internet connection (at either end) is failing.. 2. On reconnect attempt, a message saying the connection was immediately closed by the remote (FreeBSD) side. 3. Less often and frequently on my next connection attempt after #2, a software connection abort message. The normal sequences are (4 being successful relink) 1-4, 1-2-4, and 1-2-3-4. I think 1-2-4 and 1-4 are about equally common and 1-2-3-4 is comparatively rare. Being unfamiliar with how all of these can happen while my actual Internet connection (and other TCP connections for example) seems fine, I am wondering if any of this could represent a security issue--packet snooping/redirection/man-in-the-middle attacks, etc. Thanks in advance for any input. Please Cc me. -- Doug Lee [EMAIL PROTECTED] SSB + BART Group [EMAIL PROTECTED] http://www.bartsite.com Believe, when you are most unhappy, that there is something for you to do in the world. So long as you can sweeten another's pain, life is not in vain. --Helen Keller ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: SSHD Help?
Here is a write up you may fine interesting. http://elibrary.fultus.com/technical/index.jsp?topic=/com.fultus.doc s.software/books/ssh_how-to/cover.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Huy Ton That Sent: Monday, March 13, 2006 4:39 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: SSHD Help? I think somethings wrong because even when I log on root locally on the box I get permission denied. This is the correct password because I am logging in as root when the machine boots up. I'm aware of the issues as logging in as root but it's just a machine I am using to break over and over again for learning purposes. On 3/13/06, John Cruz [EMAIL PROTECTED] wrote: SSHD will not allow you to log in as root (for security reasons). There may be a way to change it, but I don't reccomend it. Configure a user account to be able to use the su command or install sudo, then log in remotely as a user then su or sudo for administrative tasks. Huy Ton That wrote: I am sure I am lacking the technical knowledge to get this running but. I setup (more like started) the sshd daemon. Now I have this system setup at home and am just using it for experimenting. When I try to SSH into it, it queries me for my user name, in which case I am logging in as root. I key in roots password (is this password the same as the main root password?) and it returns permission denied, please try again. I'm guessing I am not asking the right questions but I was under the assumption that the password would be the same as root or whatever user I'm trying to login? Any tutorials? I'm going crazy :(. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Problem Installing FreeBSD 6.0, asking for help
I believe you are saying that 5.2 is currently installed on the hard drive and you want to do a fresh install from scratch of 6.0. You have to change the pc bios setup to boot from the cd drive instead of from the hard drive. The pc will then boot from the 6.0 cd and install 6.0 destroying the 5.2 system on the hard drive along with any user data you had. After 6.0 is installed you have to change the bios back to booting from the hard drive. Be sure you have a backup of any user data on the 5.2 system you want saved. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Saturday, March 11, 2006 5:44 PM To: [EMAIL PROTECTED] Subject: Problem Installing FreeBSD 6.0, asking for help Hello, may I ask you for help with the following Problem: When I try to install FreeBsd6.0, there is the following error during the boot process (because the system is not able to boot from CD, I have to boot from floppy) occurs: ahc0: probe1:ahc0:0:1:0: SCB 6: immediate reset Flags 0x620 ahc0: probe1:ahc0:0:1:0: No longer in timeout, status=25b ahc0: Issued channel A bus reset, SCBs 6 aborted. ... ... ... There are variants of the messages with different SCB, flags and status. As a result, the install program does not find any disk. FreeBSD5.2 is running and dmesg produces the following output: Copyright (c) 1992-2004 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.2.1-RELEASE #0: Mon Feb 23 20:45:55 GMT 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC Preloaded elf kernel /boot/kernel/kernel at 0xc0a35000. Preloaded elf module /boot/kernel/acpi.ko at 0xc0a351f4. Timecounter i8254 frequency 1193182 Hz quality 0 CPU: Intel Pentium III (797.97-MHz 686-class CPU) Origin = GenuineIntel Id = 0x686 Stepping = 6 Features=0x383f9ffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,M CA,CMOV,PAT,PSE36,MMX,FXSR,SSE real memory = 268369920 (255 MB) avail memory = 251047936 (239 MB) Pentium Pro MTRR support enabled npx0: [FAST] npx0: math processor on motherboard npx0: INT 16 interface acpi0: GBTAWRDACPI on motherboard pcibios: BIOS version 2.10 Using $PIR table, 6 entries at 0xc00fdee0 acpi0: Power Button (fixed) Timecounter ACPI-fast frequency 3579545 Hz quality 1000 acpi_timer0: 24-bit timer at 3.579545MHz port 0x4008-0x400b on acpi0 acpi_cpu0: CPU on acpi0 acpi_button0: Power Button on acpi0 acpi_button1: Sleep Button on acpi0 pcib0: ACPI Host-PCI bridge port 0x5000-0x500f,0x4080-0x40ff,0x4000-0x407f,0xcf8-0xcff on acpi0 pci0: ACPI PCI bus on pcib0 pcib0: slot 9 INTA is routed to irq 10 pcib0: slot 10 INTA is routed to irq 12 pcib0: slot 11 INTA is routed to irq 5 agp0: VIA 82C691 (Apollo Pro) host to PCI bridge mem 0xd800-0xdbff at device 0.0 on pci0 pcib1: PCI-PCI bridge at device 1.0 on pci0 pci1: PCI bus on pcib1 pcib0: slot 1 INTA is routed to irq 11 pcib1: slot 0 INTA is routed to irq 11 pci1: display, VGA at device 0.0 (no driver attached) isab0: PCI-ISA bridge at device 7.0 on pci0 isa0: ISA bus on isab0 atapci0: VIA 82C596B UDMA66 controller port 0xd000-0xd00f at device 7.1 on pci0 ata0: at 0x1f0 irq 14 on atapci0 ata0: [MPSAFE] ata1: at 0x170 irq 15 on atapci0 ata1: [MPSAFE] pci0: bridge, HOST-PCI at device 7.3 (no driver attached) rl0: RealTek 8139 10/100BaseTX port 0xd800-0xd8ff mem 0xe3001000-0xe30010ff irq 10 at device 9.0 on pci0 rl0: Ethernet address: 00:40:33:ab:df:66 miibus0: MII bus on rl0 rlphy0: RealTek internal media interface on miibus0 rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto pci0: multimedia, audio at device 10.0 (no driver attached) ahc0: Adaptec 2940 SCSI adapter port 0xe000-0xe0ff mem 0xe300-0xe3000fff irq 5 at device 11.0 on pci0 aic7870: Single Channel A, SCSI Id=7, 16/253 SCBs fdc0: Enhanced floppy controller (i82077, NE72065 or clone) port 0x3f7,0x3f2-0x3f5 irq 6 drq 2 on acpi0 fdc0: FIFO enabled, 8 bytes threshold fd0: 1440-KB 3.5 drive on fdc0 drive 0 sio0 port 0x3f8-0x3ff irq 4 on acpi0 sio0: type 16550A sio1 port 0x2f8-0x2ff irq 3 on acpi0 sio1: type 16550A ppc0 port 0x378-0x37f irq 7 on acpi0 ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode ppbus0: Parallel port bus on ppc0 plip0: PLIP network interface on ppbus0 lpt0: Printer on ppbus0 lpt0: Interrupt-driven port ppi0: Parallel I/O on ppbus0 atkbdc0: Keyboard controller (i8042) port 0x64,0x60 irq 1 on acpi0 atkbd0: AT Keyboard flags 0x1 irq 1 on atkbdc0 kbd0 at atkbd0 orm0: Option ROMs at iomem 0xc8000-0xca7ff,0xc-0xc7fff on isa0 pmtimer0 on isa0 sc0: System console at flags 0x100 on isa0 sc0: VGA 16 virtual consoles, flags=0x300 vga0: Generic ISA VGA at port 0x3c0-0x3df iomem 0xa-0xb on isa0 Timecounter TSC frequency 797967629 Hz quality 800 Timecounters tick every 10.000 msec Waiting 15 seconds for SCSI devices to settle acpi_cpu: throttling enabled, 2 steps (100% to 50.0%), currently 100.0%
RE: Installing FreeBSD 6.0 on IBM BladeCenter HS20
I see you both have Bladecenters. Have you had any luck with getting FreeBSD to install on it yet. What is the status of your efforts. Been offered contract to do this for client, but need to know if it can be done before I accept the job. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: coming back up after power failure (UPS)
Date: Thu, 9 Mar 2006 01:37:21 +0200 From: Ion-Mihai Tetcu [EMAIL PROTECTED] Subject: Re: coming back up after power failure (UPS) To: Peter [EMAIL PROTECTED] Cc: freebsd-questions freebsd-questions@freebsd.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=US-ASCII On Wed, 8 Mar 2006 16:39:02 -0500 (EST) Peter [EMAIL PROTECTED] wrote: On an updated 5.4 box I am using Network UPS Tools (NUT) with an APC Smart-UPS. All is going very well but I cannot bring my box back up after simulating a power failure. At the end of the shutdown the screen shows: Press any key to reboot Obviously this is not the desired outcome. How can I get my system to go down completely? Beyond this I understand there may be some BIOS adjustments to be made. You should set up your UPS (via NUT) to kill power when you reach this stage (and batteries are exhausted), and to restore power to the computer when the line power is back again. And set you BIOS to always on or last state or what ever you BIOS is calling it. I can't say how to achieve this with NUT or if it's possible, but I'm sure that sysutils/apcupsd can do it since I use (and maintain) that port. What happens if: 1) power fails 2) NUT detects this and halts the machine 3) power returns before batteries are exhausted Will the machine sit forever waiting for someone to Press any key to reboot ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of James Long Sent: Thursday, March 09, 2006 12:46 PM To: freebsd-questions@freebsd.org; Ion-Mihai Tetcu; Peter Subject: Re: coming back up after power failure (UPS) Pre Y2K PC's had mechanical power on button which stayed in the on position no matter what was happening with the line power. Those pcs are what UPS units were first designed for, so after the UPS does normal shutdown at power loss, pc will reboot when power comes back on. Newer PC's now have motherboard power control which goes to the power off position on losing line power. Some of these pc's have bios setting to deactivate this function so after line power loss the pc will reboot on power return. This is common on motherboards marketed for servers. Motherboards marketed for home desktop pcs may not have this bios option. You could open the box and cut the 2 wires leading from the power on button and connect then together so the motherboard always thinks the power on button is depressed. (do this at your own risk) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: AND COBOL
I have used this in the past. It's Cobol script for building web sites that r/w to flat files and mysql database. Works much Like php in the way it interfaces with native html code. Their website is built using it as a demo of how fast it runs. Can download version with mysql for testing. http://www.cobolscript.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Gabriel Sent: Tuesday, March 07, 2006 4:57 PM To: freebsd-questions@FreeBSD.org Subject: AND COBOL HI, I WOULD LIKE TO KNOW IF RMCOBOL RUNS IN FREEBSD, THANKS. GABRIEL ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: New logo, new look
So a little red ball with 2 little pointed ears is the new logo. It sucks big time. When you have a contest and none of the entrees are any good you do not have to pick any of then, you could have just closed the contest with no winner. I am sadden that the new logo is so plain. Being pressured by the holy rollers over beastie looking like the devil is no reason to choose such a poor replacement or for that matter even considering to change the logo in the first place. There is no way I will use the new logo, People will be laughing at it and say What the Hell is that red ball. I am really disappointed. The contest should be run again and if nothing better comes along then stay with beastie. And this time post the contest to all the different FreeBSD lists, just not to the announcement list. I read the contest announcement just now from the below link and don't agree with any of the reasons stated there for a new logo. All the stated reasons could have been address just by doing new art work using beastie. Check here to see new logo and then post your thoughts. http://logo-contest.freebsd.org/result/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Powered-by FreeBSD icon using new logo
Since there in now a new logo for FreeBSD, what about the people who have the powered by old logo icon on their website home pages? Will the old logo still be valid? Are powered by icon using the new logo available someplace for download. Do we need to get written permission to use it? Where can I see this new logo at? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Is gd library in the ports collection.
I have reviewed the ports list for a port called gd and could not tell from the names if any were the gd library talked about here. http://www.boutell.com/gd/ Can any one point me to the correct port name if its really in the ports collection. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: shared irqs and freebsd
I had problem with my 2 NIC stepping on each other's IRQs. I fixed the problem by doing two things. I went into the bios setup and disabled sio1 and sio2 to release their irqs and also turned off the bios plug-n-play option. My motherboard also had an option for type of operating system was to run, I selected non-windows option. Then I moved the NIC cards around in different slots on the mother board until the boot bios summary screen showed me each NIC had its own IRQ. Worked for me. Good luck. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of gahn Sent: Tuesday, February 28, 2006 11:29 AM To: freebsd general questions Subject: shared irqs and freebsd Hi: How goes FreeBSD deal with shared irqs? Looks like FreeBSD could only work with two nic's (the same exact type). I am running 5.4 and trying to install three or four cards (the same exact type) in one machine. Thanks __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Help with PHP eregi alnum if statement
I am trying to test the login id entered from a form.
Checking that the contents are upper or lower case alpha or numeric
0-9
plus the special characters - dash and # pound sign
Code:
if(eregi(([[:alnum:]\#\-]+), $loginid))
{ print(loginid is alnum); } else { print(loginid is not
alnum); }
I get the message loginid is alnum no matter what I enter to test.
What is wrong with the statement syntax that it dont work
correctly?
Thanks for your help
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: FreeBSD 5.x or 6.0 on IBM Blade
This question has been asked on this list a few times in the past. Check the list archives for the thread details. But what it all boils down to if I remember correctly is this. IBM is know for doing things to lock their customers into using only IBM equipment and software. The Qlogic board that IBM sells with their blade center blades is a special mfg board just for them. This board has been customized to only work on the blade running IBM's version of Unix. The reported work around is to add a IDE HD and install FreeBSD to the IDE drive and use the scsi qlogic drives for raid data only. The other is not to purchase the Qlogic board with your blade and use some other standard generic scsi board. There was some talk that disabling the plug--n-play bios option had some effect also. If you get it working please post what your solution is so other readers of this list can find the solution in the archives later. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Axel S. Gruner Sent: Monday, February 27, 2006 5:31 AM To: freebsd-questions@freebsd.org Subject: FreeBSD 5.x or 6.0 on IBM Blade Hi, i tried to install FreeBSD 5.4 and 6.0 (x86 and amd64) on an IBM Blade Center (Intel based). USB keyboard works, ACPI does not (but i do not care about that one), but the bootprocess takes about 5-10 minutes. We hava a Qlogic 2312 which is supported by the isp driver. But, well, not really supported? After detecting the QLogic, it takes several minutes to boot into sysinstall. And, after that, sysinstall does not find any disk. So installation ends here. We do not have a SCSI HD in the Blades, just in the SAN. So booting from there is a must have. So, anyone out there running FreeBSD (or NetBSD/OpenBSD) on an Intel Blade Center? Thnaks in advance. asg # DISCLAIMER # # # # Der Inhalt dieser E-Mail ist vertraulich. Falls Sie nicht der # # angegebene Empfaenger sind oder falls diese Email irrtuemlich an Sie # # addressiert wurde, verstaendigen Sie bitte den Absender sofort und # # loeschen Sie die Email umgehend. Das unerlaubte Kopieren sowie die # # unbefugte Uebermittlung sind nicht gestattet. # # Die Sicherheit von Uebermittlungen per Email kann nicht garantiert # # werden. Falls Sie eine Bestaetigung wuenschen, fordern Sie bitte den # # Inhalt der Email als Hardcopy an. # # # # # # The contents of this e-mail are confidential. # # If you are not the named addressee you should not disseminate, # # distribute or copy this e-mail. Please notify the sender immediately # # if you have received this e-mail by mistake and delete this e-mail # # from your system. Finally, the recipient should check this email and # # any attachments for the presence of viruses. The company accepts no # # liability for any damage caused by any virus transmitted by this # # email. # # # # SuedFactoring GmbH, Heilbronner Strasse 86, 70191 Stuttgart # ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: FreeBSD 5.x or 6.0 on IBM Blade
Sir: Let me inform you that posting to the FreeBSD question list will result in your post becoming public domain material. The List is cloned to many different public news groups and some private servers that provide free public search functions of the questions list. Your disclaimer that the contents of your e-mail are confidential has no meaning when you post to any public forum. There is nothing that can be done to withdraw your post after the fact. * end msg *** Hi, i tried to install FreeBSD 5.4 and 6.0 (x86 and amd64) on an IBM Blade Center (Intel based). USB keyboard works, ACPI does not (but i do not care about that one), but the bootprocess takes about 5-10 minutes. We hava a Qlogic 2312 which is supported by the isp driver. But, well, not really supported? After detecting the QLogic, it takes several minutes to boot into sysinstall. And, after that, sysinstall does not find any disk. So installation ends here. We do not have a SCSI HD in the Blades, just in the SAN. So booting from there is a must have. So, anyone out there running FreeBSD (or NetBSD/OpenBSD) on an Intel Blade Center? Thnaks in advance. asg # DISCLAIMER # # # # Der Inhalt dieser E-Mail ist vertraulich. Falls Sie nicht der # # angegebene Empfaenger sind oder falls diese Email irrtuemlich an Sie # # addressiert wurde, verstaendigen Sie bitte den Absender sofort und # # loeschen Sie die Email umgehend. Das unerlaubte Kopieren sowie die # # unbefugte Uebermittlung sind nicht gestattet. # # Die Sicherheit von Uebermittlungen per Email kann nicht garantiert # # werden. Falls Sie eine Bestaetigung wuenschen, fordern Sie bitte den # # Inhalt der Email als Hardcopy an. # # # # # # The contents of this e-mail are confidential. # # If you are not the named addressee you should not disseminate, # # distribute or copy this e-mail. Please notify the sender immediately # # if you have received this e-mail by mistake and delete this e-mail # # from your system. Finally, the recipient should check this email and # # any attachments for the presence of viruses. The company accepts no # # liability for any damage caused by any virus transmitted by this # # email. # # # # SuedFactoring GmbH, Heilbronner Strasse 86, 70191 Stuttgart # ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Help with IP Filter 4.1.8
Since you say the same ipf rules work on your 5.3 system and you are trying to run them on 6.1-PRERELEASE, I would say the problem is 6.1-PRERELEASE. Prereleases versions and RC version are not intended for public use. They are version for people who know how to debug kernel code and help the developers test new version. It does not look like you know how to debug kernel code or you would not be asking this question. You should be using 6.0 as that's the current production version. If you still have this problem on 6.0 then repost your question. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Roman Serbski Sent: Sunday, February 26, 2006 10:16 AM To: freebsd-questions@freebsd.org Subject: Help with IP Filter 4.1.8 Hi all, I am having a problem with ipf after recent upgrade to 6.1-PRERELEASE. Any help would be greatly appreciated. ipf: IP Filter: v4.1.8 (416) Kernel: IP Filter: v4.1.8 Running: yes Log Flags: 0 = none set Default: pass all, Logging: available Active list: 0 Feature mask: 0xa I am trying to allow outgoing dns requests from my server to DNS server of ISP. Here is my ruleset: ipfstat -oh 0 pass out quick on lo0 from any to any 0 pass out quick on xl0 proto tcp from any to any port = domain flags S/FSRPAU keep state 1 pass out quick on xl0 proto udp from any to any port = domain keep state 0 block out log quick on xl0 all ipfstat -ih 0 pass in quick on lo0 from any to any 0 block in quick on xl0 all I tried `host www.google.com` and the connection was timed out, although there was a hit on a rule allowing 53/udp. The interesting thing is that there is another server running 5.3-STABLE with ipf v3.4.35 (336) and it has the same ruleset and everything is working just fine. Thank you for your time. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: winmodem driver
Modems are manufactured for two target markets, MS/Windows and every thing else. Winmodems are cheep because the hardware controller function is handled by the software you have to install into windows. This hardware controller function is contained in a chip on the modem circuit board. Winmodems are missing this chip and have a replacement chip that directs the modem to use driver software running in the windows system to perform the controller function. The most common replacement chip is manufactured by Lucent. There are many versions of this Lucent chip each version needing a different software driver version. Up until version 4.4, FBSD did not have any solution to using Winmodems, but with the release of 4.4 the ports collection contains the Linux Winmodem 'ltmdm' driver which was ported to FBSD. This port is very poorly documented, only works with a limited number of Lucent chip version. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of kalin mintchev Sent: Saturday, February 25, 2006 6:21 AM To: freebsd-questions@freebsd.org Subject: winmodem driver hi all... is there a win modem driver in 6.0 that can be used with the build-in modem on ibm thinkpads? thanks... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Asus P5MT-M and FreeBSD 6.0
Sounds like a bug to me. Submit a problem report on it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ben House Sent: Saturday, February 18, 2006 2:13 AM To: freebsd-questions@freebsd.org Subject: Asus P5MT-M and FreeBSD 6.0 I am attempting to install 6.0 Stable on an Asus P5MT-M motherboard (Intel ICH7R), which contains onboard SATA RAID bios (LSI MegaRAID). Standard sysinstall in call cases. I am noticing several inconsistencies: 1) When SATA is in Enhanced mode, no drives are detected. 5.4 detects both drives just fine 2) When SATA is in RAID mode, no drives are detected, 5.4 yields the same results. 3) When SATA is in Compatible mode, *one* drive is detected, AND a raid volume is also detected (but in degraded status). 5.4 detects these just fine. Ideally, installing 6.0 (or even 5.4) using the RAID function would be preferred. Any suggestions? Ben House Unified Network Services Inc. (519)624-9405 Ext. 33 [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Bandwidth Problems with Freebsd 5.x
Your testing is way to general to make the blanket statement that something is wrong with FreeBSD. You say you did a transfer between boxes but give no details how you did it or what operating system is on the sending and receiving boxes. Did you use FTP or ssh? Ssh has know buffer size problems between un-like operating system a each end that cause massive slowness. Check the list archives for the last 5 days for subject High Performance SSH/SCP - HPN-SSH to get the thread. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of ptitoliv Sent: Sunday, February 19, 2006 12:55 PM To: Mathieu CHATEAU; freebsd-questions@freebsd.org Subject: Re: Bandwidth Problems with Freebsd 5.x Mathieu CHATEAU a écrit : try this: ping -c 1000 -s 1500 IP_TO_PING wait for the 1000 ping to go trough. You should not have more than 0,5% of loss (is the servers aren't overload). If it's more or equal than 0,5%, it comes from the network (cables or switches fault). Each host would be in 100 full (via autoselect to be sure the conf is ok on the switch). I made the tests on the two boxes = 0 % packet loss. I man an other interesting test. I try to transfert between the BSD Box and a server located at home behind my 1MB/s ADSL Line. Here are the results : FreeBSD box = Workstation at home : 300 kB/s Debian box on the same network = Workstation at home : 950 kB/s. This test confirms cleraly that there is a problem with the BSD, I guess. Could it be a bug from the VR driver ? Regards, Ptitoliv ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Is it hack? How to prevent!
What this means is you have no firewall blocking the port numbers those services use. Or you really do have mysql, and SSH installed and people are trying to remotely login and your box is doing its job of denying the unauthorized login attempt. But my money is on the firewall. You have none or it's rules are not correct. Read the firewall section of the FreeBSD handbook and use the ipfilter example rule set. As an after though, 4.8 is an unsupported system and 6.0 is the current production version. Time to upgrade by installing from scratch 6.0. Give the Install Guide at www.a1poweruser.com a look. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of The Happy Sent: Saturday, February 25, 2006 10:46 AM To: freebsd-questions@freebsd.org Subject: Is it hack? How to prevent! Hello everyone, I'm on freebsd 4.8R acting as a webserver and email server, I keep getting In my /var/log/messages a strange 3 type of messages, 1) mysqld[8541]: error: /etc/hosts.allow, line 212: twist option in resident process last message repeated 73 times 2) inetd[50977]: warning: /etc/hosts.allow, line 25: host name/address mismatch: 208.34.235.251 != mail.nrms.org 3) sshd[40712]: warning: /etc/hosts.allow, line 25: can't verify hostname: getaddrinfo(na-163- 219.na.avantel.net.mx, AF_INET) failed (I keep getting differnt host everytime) about messages 2 and 3 i think its some hacks attempts How i can preven this type of access? unmatched IPs? what about messages number 1? what doest mean is it hack attempt? My logs are full of these messages, please help Note line 25 in /etc/hosts.allow is ALL : .temma.net : deny and has nothing to do with these logs its just the first rule in the file. Thank you in advance. Marwan _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: pf binat problem
This question was just covered on this list during the last 7 days.
Search the questions archives at http://freebsd.rambler.ru/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Leon Botes
Sent: Saturday, February 25, 2006 5:15 AM
To: freebsd-questions@freebsd.org
Subject: pf binat problem
# network diagram
#__
# | | dsl1_if---dsl1_rt
# | |
# pri_net---pri_if| freebsd | dsl2_if---dsl2_rt
# |pf|
# dmz_srv---dmz_if| firewall | dig_ifdig_rt
# | |
# (internal nets) |__| (external nets)
Default Gateway is dig_rt.
When a connection arrives on one of the dsl_if's it is redirected to
the
correct port on the dms_srv, traced via tcpdump.
The dmz_srv responds but tries to send its reply out the default
gateway
instead of via the interface the connection arrived on.
The dmz server is actually a LVS cluster masqueraded.
All connections coming in via the dig_if get redirected and work fine.
How can i tell pf to return connections out the same interface they
arrived on and not use the default route out dig_if?
dsl1_if = rl3
dsl1_rt = 172.16.3.1
dsl1_ip = 172.16.3.2
dsl2_if = rl1
dsl2_rt = 172.16.4.1
dsl2_ip = 172.16.4.2
dmz_if = rl0
dmz_srv = 172.16.2.4
dmz_if_ip = 172.16.2.3
pri_if = rl2
pri_ip = 192.168.254.1
binat on $dig_if from $dmz_srv to any - $dig_ip
binat on $dsl1_if from $dmz_srv to any - $dsl1_ip
binat on $dsl2_if from $dmz_srv to any - $dsl2_ip
nat on $dig_if from pri_net to any - $dig_ip
nat on $dsl1_if from pri_net to any - $dsl1_ip
nat on $dsl2_if from pri_net to any - $dsl2_ip
rdr on $dsl1_if inet proto tcp from any to $dsl1_ip port { 25, 80,
110 }
- $dmz_srv
rdr on $dsl2_if inet proto tcp from any to $dsl2_ip port { 25, 80,
110 }
- $dmz_srv
Thanks
Leon
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: changeing the port of the ftp server
You would edit /etc/services to change the standard port numbers FTP uses. Say change port 20 21 to 35520 35521. You also must realize that your public internet users who want to access your FTP server must also change their FTP port numbers to the same ones you used in /etc/services before that can gain access to your FTP server. This method is one way to hide your FTP server from attack because you would only tell your trusted remote users what the new port numbers are. All public attackers would be using the standard port 20 21 to attack you. If you want your public remote users to access your FTP server without having to know the new port number, then this is no solution for you. Now I have not heard of any ISP blocking ports 20/21 before, so I am thinking maybe your firewall is blocking those port number. What test did you run to verify your ISP is blocking those ports? Does your ISP usage agreement say those ports are blocked? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of ross Sent: Wednesday, February 22, 2006 11:59 PM To: freebsd-questions@freebsd.org Subject: changeing the port of the ftp server I can't for the life of me figure out how to change the port of my ftp server. My (crummy) ISP blocks port 21 and I would like to change the default port of the ftp server in order to give access to the outside world. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Looking for a mentor on php/mysql
I am trying to teach my self php/mysql/html programming.
I have done native static html web sites before.
Running FreeBSD 6.0 with apache13, php, and mysql all installed and
working.
Have read a few php books and searched the web for code snippets.
Have been on some of the php forum sites, but responses are not forth
coming.
Looking for a mentor to guide me with puting all the pieces together.
I have a working panel for registering a user that writes to a flat
text file.
Need guidance in changing this to use mysql. Would email you direct
outside of the questions list.
html
head
meta http-equiv=Content-Language content=en-us
titlelearning PHP /title
/head
body
h1 ALIGN=centernbsp;/h1
h1 ALIGN=centerfont size=6nbsp;Membership
Registration/font/h1
font FACE=Courier New SIZE=2pnbsp;/p
pEnter your info below./font/p
pnbsp;/p
form method=POST action=?php echo($PHP_SELF); php?
input type=hidden name=action value=addbr
pAccount IDnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;
nbsp;nbsp;
input type=text name=id size=20/p
pAccount Passwordnbsp;nbsp;
input type=text name=pw size=20/p
pFirst
Namenbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;
nbsp;nbsp;
input type=text name=first-name size=20/p
pLast
Namenbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;
nbsp;nbsp;
input type=text name=last-name size=20/p
pAddress
Linenbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;
input type=text name=address size=20/p
pCitynbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nb
sp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;
nbsp;nbsp;
input type=text name=city size=20/p
pStatenbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;n
bsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; nbsp;nbsp;nbsp;
input type=text name=state size=20/p
pZipnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbs
p;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;
nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;
input type=text name=zip size=20/p
pnbsp;/p
pnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;
nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;
input type=submit value=Submit name=B1input type=reset
value=Reset name=B2/p
/form
pnbsp;/p
?php
$file_directory = $_SERVER[DOCUMENT_ROOT];
$user_ip = $_SERVER[REMOTE_ADDR];
$error = 'Could not open the file! Verify permissions path are
correct.';
if($_POST['action'] == add)
{
if($filehandle = fopen($file_directory/members.php, a))
{
flock($filehandle, 2); // lock file
fputs($filehandle,
$_POST['id'].:.$_POST['pw'].:.$_SERVER['REMOTE_ADDR'].:.$_POST['
first-name'].:.$_POST['last-name'].:.$_POST['address'].:.$_POST[
'city'].:.$_POST['state'].:.$_POST['zip'].\n);
flock($filehandle, 3); // unlock file
fclose($filehandle);
print(Successfully added .$_POST['id']. to the file);
}
else
{
echo($error);
}
}
php?
/body/html
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Newbie Alert : pkg_add and packages Q (do not want to compile)
do pkg_info look in the output for xterm. it will contain its complete name if its name in the list output is xterm-203 then pkg_delete xterm-203 this will remove it then pkg_add -rv xterm should fetch the package from the ports collection and install it. There is a better explanation of the ports collection in the install guide at www.a1poweruser.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ow Mun Heng Sent: Wednesday, February 22, 2006 8:58 PM To: freebsd-questions@freebsd.org Subject: Newbie Alert : pkg_add and packages Q (do not want to compile) Hi, I've googled. I've read the handbook, I've read Absolute BSD and still I can't understand FreeBSD Ports/Packages esp when it comes to upgrading via packages. I'm from a Linux (gentoo linux) background so I'm not a rough diamond. Problem statement. FreeBSD-Release-6 Install from minimal cd (and packages added via FTP) i've done cvsup (cvsup -L2 -h cvsup.tw.freebsd.org /usr/share/examples/ports-supfile) pkg_version -v states that I have a few packages which can be upgraded. eg: xterm-203 needs updating (port has 206_1) $pkg_add -vr xterm pkg_add: unable to fetch 'ftp://ftp.tw.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/xte rm.tbz' by URL $pkg_add -vr x11/xterm pkg_add: unable to fetch ftp://ftp.tw.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/x11/ xterm.tbz' by URL ftp into it, it's listed via with it's suffix. (google found that for some odd reason, pkg_add doesn't add the suffix) $pkg_add -vr x11/xterm-206_1 pkg_add: package 'xterm-206_1' or its older version already installed So.. How do I install it? $pkg_delete xterm-203 pkg_delete: package 'xterm-203' is required by these other packages xorg-clients-6.8.2 So.. That can't be done. What can I do to upgrade my packages? I've even tried sysinstall but that only lists xterm-203 as the package to install. (I suspect this is because its packagesite is packages-6-release) $export | grep -i pack declare -x PACKAGESITE=ftp://ftp.tw.freebsd.org/pub/FreeBSD/ports/i386/packages- 6-stable/ In gentoo, it's a simple emerge xterm and all will be done automatically. (Granted, this is compile from source and not from binary packages, which I know can do cd /usr/ports/x11/xterm make install clean, but since FreeBSD has binary packages, I rather use that) Thanks -- Ow Mun Heng Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM 98% Microsoft(tm) Free!! Neuromancer 09:42:35 up 1 day, 11:17, 5 users, load average: 0.60, 0.46, 0.95 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Newbie Alert : pkg_add and packages Q (do not want to compile)
I am also a user of the packages. Each new release of FreeBSD has a ftp package directory that matches the release. That is where the pkg_add -r command goes to get your packages. The 4.11 release would have the words '4.11-release' in the directory name. Time passes and we now have 5.4 and 6.0 releases, each one defaulting to its matching directory location. Lets say you are on 4.11 and want to upgrade your packages to the most current version which are in the '6.0-release' directory location or the current directory location which is a work in process. First you have to change the default location the pkg_add -r looks on your 4.11 system. As said in previous replies, you can specify the complete path location to the '6.0-release' location as part of the pkg_add command, or change the default location as documented in the install guide, or use the sysinstall to change the default release name. Since many of the standard dependants are used by many packages you can not just starting doing pkg_adds using the new default directory location. You have to wipe out your complete inventory of installed packages and reinstall all of them again. This way the dependants will be auto installed as needed by the parent packages. What I do is I have a script containing all the pkg_add -vr pkkgname commands for the packages I have installed. The first line in it is pkg_delete * which will delete all installed packages and ports. I can upgrade my complete environment in 35 minutes by running a single script. I hope this helps you. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ow Mun Heng Sent: Wednesday, February 22, 2006 10:09 PM To: freebsd-questions@freebsd.org Subject: RE: Newbie Alert : pkg_add and packages Q (do not want to compile) On Wed, 2006-02-22 at 21:37 -0500, fbsd_user wrote: do pkg_info look in the output for xterm. it will contain its complete name if its name in the list output is xterm-203 then I did that. pkg_delete xterm-203 this will remove it It says dependencies on xorg-clients. Another poster said to use -f (force) but I don't like that. This usually means there are underlying deps which can cause errors. eg: changed libraries libXXX.so.Y then pkg_add -rv xterm should fetch the package from the ports collection and install it. There is a better explanation of the ports collection in the install guide at www.a1poweruser.com I read that already. That's how I knew to use the _exact_name with the version suffix. And besides, it only mentions how to add a new package and not upgrade an existing package. The problem with the deps is just un-nerving. I just want to update to the latest *binary* package and not do a source compile. These are just small packages, what happens when I want to upgrade to the latest gnome version? I rather get packages than compile. Thanks -- Ow Mun Heng Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM 98% Microsoft(tm) Free!! Neuromancer 10:59:16 up 1 day, 12:34, 4 users, load average: 1.33, 1.62, 1.54 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Configuring multiple interface card in one box
What the previous replies have been trying to tell you, is you have configured the ip address incorrectly for your Nic cards. The requirement is each Nic interface must be assigned it's own sub net. fxp0 with ip address 192.168.10.1 xl0 with ip address 192.168.20.1 vx0 with ip address 192.168.30.1 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Hèrvé Simplice van der Eijk Sent: Tuesday, February 21, 2006 3:24 PM To: freebsd-questions@freebsd.org Subject: Configuring multiple interface card in one box hallo sir, I have the privilge to use freebsd 5.4 release I have 3 network interface card installed in my box fxp0 with ip address 192.168.0.1 ether mac address: 00:90:27:ce:c3:00 xl0 with ip address 192.168.0.2 ether mac address: 00:10:4b:8c:9b:73 vx0 with ip address 192.168.0.3 ether mac address: 00:20:af:f7:5f:83 and default router is 192.168.0.10 Problem: pop up message feb 21 17:43:53 sun kernel: arp 192.168.0.10 is on fxp0 but got reply from 46:04:ed:10:08:33 on xl0 feb 21 17:44:58 sun kernel: arp 192.168.0.10 is on fxp0 but got reply from 46:04:ed:10:08:33 on vx0 please can somebody tell me what's going on and how I can fix it thank you in advanced. _ Nieuw op MSN Messenger 7.5: Dynamische achtergronden http://www1.imagine-msn.com/Messenger/Audio.aspx ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: WinSCP mega-slowness
There is a patch to OpenSSH to fix the buffer size problem caused be the different operating systems OpenSSH runs on. When the host and remote are different operating systems the send/receive buffer sizes do not match and this causes drastic slow down. Like in using Winscp client connecting to a FreeBSD box or Linux box. ports/security/hpn-ssh/ contains the patch code to fix this problem in sshd/ssh. Check out the patches home page at http://www.psc.edu/networking/projects/hpn-ssh/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Martin Hepworth Sent: Monday, February 20, 2006 2:16 PM Cc: freebsd-questions@freebsd.org Subject: Re: WinSCP mega-slowness Hate to do a me too, but I gotta agree. I did the same file transfer using cygwin's scp and winscp and cygwin was about 10x faster. On 2/20/06, Xn Nooby [EMAIL PROTECTED] wrote: For about a year I have noticed that whenever my Windows boxes talk to my Unix boxes, they communicate at about 1/10 normal speed. I copy lots (300GB) of large files back and forth between machines as I try different OS's, and I always see this. Specifically, if I copy from FreeBSD to FreeBSD, files transfer at 11 megs per second. Between FreeBSD and Linux, at about 8 megs per second. Between FreeBSD and Windows, about 1 megabyte per second. This is on identical hardware. I've told other people about this, and they usually say I must be doing something wrong, but recently a friend of mine upgraded a Windows box to SP2, and now they are getting this same slowness. When I copy from Windows to WIndows (XP or W2k), I get 11 megs per second. My machines are two P4's with gigabit NICs, and I'm using WinSCP and (somtimes) pscp.exe on WIndows to talk to sshd on FreeBSD. It's always a shock when I have to copy my data to WIndows, and it takes 30 hours instead of 3. Does anyone else ever see this slowness when copying files between FreeBSD and Windows? Is Windows maybe capping the transfer speed when it talks to Unix? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: certificates
Check the questions archives. There was a post from a east coast college (NJ) that has a internet education program for FreeBSD certificate. The director posted some facts about his program. That's all I can remember of it. The http://www.bsdcertification.org/ just completed incorporating in Oct 2005. The don't have a certificate program yet. They are just looking for donations to fund the development of the their certificate program. Maybe in 5 years they may have something. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Per olof Ljungmark Sent: Saturday, February 18, 2006 5:27 PM To: vitor Cc: [EMAIL PROTECTED] Subject: Re: certificates vitor wrote: it would like to know if emits certification for a professional FreeBSD or if vocês they homologate entities for emission of certificates? perhaps http://www.bsdcertification.org/ is what you are looking for? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
midnight commander and ssh sftp
The midnight commander, command line GUI can access remote FTP by entering this command, cd ftp://user:[EMAIL PROTECTED] in midnight commander's command line. I really like this function, but for security reasons I have to use SSH to remote login to my ftp server. Using client SSH I am forced to use ftp native line commands. I would really like to use midnight commander's GUI panel with sftp in SSH. Entering cd ssh url into midnight commander's command line just generates an error. Is there some way to be able to use midnight commander through a SSH tunnel? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Help with strange web server problem
The Path MTU problem was fixed 2 years ago. You are beating a dead horse going down that path. My money is on your firewall rules. Debugging problems like this is a process of elimination. First thing is to remove your ipfw firewall from the system. If you complied ipfw into your kernel then recompile to remove it totally. Then test to see if problem is still happening. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jerry Bell Sent: Tuesday, February 14, 2006 6:04 AM To: Ted Mittelstaedt Cc: freebsd-questions@freebsd.org Subject: Re: Help with strange web server problem What's the best way to go about verifying and fixing that? I have several other BSD servers on the same subnet in that colo that aren't having the problem. Many thanks for your help! Jerry Ted Mittelstaedt wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Charles Swiger Sent: Monday, February 13, 2006 11:41 AM To: Jerry Bell Cc: freebsd-questions@freebsd.org Subject: Re: Help with strange web server problem On Feb 13, 2006, at 7:58 AM, Jerry Bell wrote: It's hit or miss, but the first time someone visits the web site, they get a server not found page. On hitting refresh, they get the page - no problems. If I wait a while and try again, I get the same problem. Path MTU problem? That would be my vote also. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Cant login to FTP server.
Daniel You did not say where you were running ftp from. like from LAN box to gateway server or from gateway box to public internet remote ftp site or from public internet remote user to your gateway ftp server. I am guessing its from gateway box to public internet remote ftp site. Your nat rules need to look like this example. You are missing the second rule. map dc0 10.0.10.0/29 - 0/32 proxy port 21 ftp/tcp map dc0 0.0.0.0/0 - 0/32 proxy port 21 ftp/tcp map dc0 10.0.10.0/29 - 0/32 The first rule handles all FTP traffic for the private LAN. The second rule handles all FTP traffic from the gateway. The third rule handles all non-FTP traffic for the private LAN. All the non-FTP gateway traffic is using the public IP address by default so there is no ipnat rule needed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daniel A. Sent: Tuesday, February 14, 2006 7:42 AM To: [EMAIL PROTECTED] Subject: Cant login to FTP server. Hi, I have some FTP login problems. I run FreeBSD 6.0-RELEASE, and I have ipf and ipnat enabled. ___SNIP___ Status: Connecting to dienub.org ... Status: Connected with dienub.org. Waiting for welcome message... Response: 220 m00h.dienub.org FTP server (Version 6.00LS) ready. Command:USER ** Response: 331 Password required for alive. Command:PASS ** Response: 230 User alive logged in. Command:FEAT Response: 500 FEAT: command not understood. Command:SYST Response: 215 UNIX Type: L8 Version: BSD-199506 Status: Connected Status: Retrieving directory listing... Command:PWD Response: 257 /usr/home/alive is current directory. Command:TYPE A Response: 200 Type set to A. Command:PASV Response: 227 Entering Passive Mode (87,49,144,133,237,45) Command:LIST Error: Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error: Could not retrieve directory listing Command:TYPE A ___SNIP___ /etc/ipf.rules: ___SNIP___ # Let clients behind the firewall send out to the internet, and replies to # come back in by keeping state. pass out quick on rl0 proto tcp all keep state pass out quick on rl0 proto udp all keep state pass out quick on rl0 proto icmp all keep state # Since nothing should be coming from these address ranges, block them block in quick on rl0 from 192.168.0.0/16 to any block in quick on rl0 from 172.16.0.0/12 to any block in quick on rl0 from 10.0.0.0/8 to any block in quick on rl0 from 127.0.0.0/8 to any block in quick on rl0 from 192.0.2.0/24 to any # Let's let people access the services running behind this system # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port 3 5 flags S keep state #PASV FTP pass in quick on rl0 proto tcp from any to any port = 21 #FTP pass in quick on rl0 proto tcp from any to any port = 22 #SSH pass in quick on rl0 proto tcp from any to any port = 80 #WWW pass in quick on rl0 proto tcp from any to any port = 113 #oidentd # Steam Dedicated Server #pass in quick on rl0 proto udp from any to any port = 1200 # Friends network #pass in quick on rl0 proto udp from any to any port 26999 27016 # Gameport #pass in quick on rl0 proto udp from any to any port = 27020 #pass in quick on rl0 proto tcp from any to any port 27029 27040 #pass in quick on rl0 proto tcp from any to any port = 27015 # SRCDS Rcon # Block everything else block in quick on rl0 all ___SNIP___ /etc/ipnat.rules ___SNIP___ map rl0 192.168.0.0/16 - 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 192.168.0.0/16 - 0.0.0.0/32 portmap tcp/udp 1025:65000 map rl0 192.168.0.0/16 - 0.0.0.0/32 ___SNIP___ Might the problem be anywhere else besides my ipf and ipnat configs? Could it be the remote client that's the problem? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Cant login to FTP server.
There taken right from the ipfilter section of the handbook. Maybe you should read that section in the handbook. Post the complete contents of your ipf rules and nat rules for review -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daniel A. Sent: Tuesday, February 14, 2006 8:59 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Cant login to FTP server. Hi, the server is connected directly to the wild, and I'm connecting from a remote non-local host. Are you sure that those are ipf rules? They look a lot like ipnat rules. On 2/14/06, fbsd_user [EMAIL PROTECTED] wrote: Daniel You did not say where you were running ftp from. like from LAN box to gateway server or from gateway box to public internet remote ftp site or from public internet remote user to your gateway ftp server. I am guessing its from gateway box to public internet remote ftp site. Your nat rules need to look like this example. You are missing the second rule. map dc0 10.0.10.0/29 - 0/32 proxy port 21 ftp/tcp map dc0 0.0.0.0/0 - 0/32 proxy port 21 ftp/tcp map dc0 10.0.10.0/29 - 0/32 The first rule handles all FTP traffic for the private LAN. The second rule handles all FTP traffic from the gateway. The third rule handles all non-FTP traffic for the private LAN. All the non-FTP gateway traffic is using the public IP address by default so there is no ipnat rule needed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daniel A. Sent: Tuesday, February 14, 2006 7:42 AM To: [EMAIL PROTECTED] Subject: Cant login to FTP server. Hi, I have some FTP login problems. I run FreeBSD 6.0-RELEASE, and I have ipf and ipnat enabled. ___SNIP___ Status: Connecting to dienub.org ... Status: Connected with dienub.org. Waiting for welcome message... Response: 220 m00h.dienub.org FTP server (Version 6.00LS) ready. Command:USER ** Response: 331 Password required for alive. Command:PASS ** Response: 230 User alive logged in. Command:FEAT Response: 500 FEAT: command not understood. Command:SYST Response: 215 UNIX Type: L8 Version: BSD-199506 Status: Connected Status: Retrieving directory listing... Command:PWD Response: 257 /usr/home/alive is current directory. Command:TYPE A Response: 200 Type set to A. Command:PASV Response: 227 Entering Passive Mode (87,49,144,133,237,45) Command:LIST Error: Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error: Could not retrieve directory listing Command:TYPE A ___SNIP___ /etc/ipf.rules: ___SNIP___ # Let clients behind the firewall send out to the internet, and replies to # come back in by keeping state. pass out quick on rl0 proto tcp all keep state pass out quick on rl0 proto udp all keep state pass out quick on rl0 proto icmp all keep state # Since nothing should be coming from these address ranges, block them block in quick on rl0 from 192.168.0.0/16 to any block in quick on rl0 from 172.16.0.0/12 to any block in quick on rl0 from 10.0.0.0/8 to any block in quick on rl0 from 127.0.0.0/8 to any block in quick on rl0 from 192.0.2.0/24 to any # Let's let people access the services running behind this system # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port 3 5 flags S keep state #PASV FTP pass in quick on rl0 proto tcp from any to any port = 21 #FTP pass in quick on rl0 proto tcp from any to any port = 22 #SSH pass in quick on rl0 proto tcp from any to any port = 80 #WWW pass in quick on rl0 proto tcp from any to any port = 113 #oidentd # Steam Dedicated Server #pass in quick on rl0 proto udp from any to any port = 1200 # Friends network #pass in quick on rl0 proto udp from any to any port 26999 27016 # Gameport #pass in quick on rl0 proto udp from any to any port = 27020 #pass in quick on rl0 proto tcp from any to any port 27029 27040 #pass in quick on rl0 proto tcp from any to any port = 27015 # SRCDS Rcon # Block everything else block in quick on rl0 all ___SNIP___ /etc/ipnat.rules ___SNIP___ map rl0 192.168.0.0/16 - 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 192.168.0.0/16 - 0.0.0.0/32 portmap tcp/udp 1025:65000 map rl0 192.168.0.0/16 - 0.0.0.0/32 ___SNIP___ Might the problem be anywhere else besides my ipf and ipnat configs? Could it be the remote client that's the problem? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL
RE: Setting Up A Home Network ...
yes xp pro can run as gateway with lan behind it -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of albi Sent: Tuesday, February 14, 2006 8:56 AM To: Kumar Cc: freebsd-questions@freebsd.org Subject: Re: Setting Up A Home Network ... On Tue, 14 Feb 2006 21:48:33 +0800 Kumar [EMAIL PROTECTED] wrote: Is it possible to set up internet connection, between a XP Pro box, and a FreeBSD-current box, without the use of a router, I have got two ethernet cards on the box running XP Pro, and one ethernet card on the box running FreeBSD-current, and a cross over cable. Is it theoretically possible ? if you put 2 nics in the FreeBSD-box with the cross-cable it's possible yes, follow the firewall-instructions : http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls. html if you want to keep the 2 nics in the ms-windows-machine, i would suggest to ask in a ms-windows-forum/list etc. -- grtjs, albi gpg-key: lynx -dump http://scii.nl/~albi/gpg.asc | gpg --import ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: IP Routing Question
You are not correct in that last statement. ipfilter does not have to be compiled into kernel to work. You should read the handbook ipfilter firewall section where it clearly states that is not necessary and tells you how to do it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Goran Gajic Sent: Tuesday, February 14, 2006 9:44 AM To: [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Subject: Re: IP Routing Question Hi, You can try using ipf filter to impose source-policy routing: cat ipf.example pass in quick on em1 to em1:192.168.1.2 from 10.1.0.0/16 to a.b.c.d/32 ^d ipf -f ipf.example This way you will re-route all packets coming from source 10.1/16 to destination a.b.c.d to go to address 192.168.1.2 not to a.b.c.d Note that you have to rebuild your kernel in order to have options IPFILTER enabled. Regards, gg. I'm trying to set up the routing table to force requests to certain IP addresses to use a particular ethernet card. I've used the route command in a number of ways, but still can't come up with how to force to use em1 instead of em0, with the right gateway. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: IPFILTER rule error
First of all you really need to read the ipfilter section of the FreeBSD handbook. The correct solution is exampled in the handbook. You do not need to compile ipfilter in to the kernel to work. From your rules I see no need for that head/group stuff so remove it. I see rl0 being assigned to private ip address which means that Nic is facing your LAN which is behind your gateway box. That ip address range is not routable on the public internet. You have something mess up big time. Your firewall rules is suppose to be on the Nic facing the public internet. You nat the public ip address to you private LAN ip address. The reason you have no log records is because your firewall rules have syntax error and are never loaded. Only rules with log keyword will generate log records. Only use rules with quick option. Do not mix quick and non quick rules. You need pass in rules for you ISP's dns and dhcp servers to access your box. Explain in detail your network layout. Do you have LAN? How are you connected to the public internet? Again I strongly recommend you read the ipfilter section of the handbook your answers are there. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Maxim Vetrov Sent: Tuesday, February 14, 2006 7:57 PM To: freebsd-questions@FreeBSD.org Subject: Re: IPFILTER rule error Hi, Sorry, I really do not want you to guess! Here is what you asked: kernel conf: --- ... optionsIPFILTER optionsIPFILTER_LOG #optionsIPFILTER_DEFAULT_BLOCK #optionsIPSTEALTH ... --- rc.conf: --- ... ifconfig_rl0=inet 10.0.1.1 netmask 255.255.255.248 ... ipnat_enable=YES ipfilter_enable=YES ipmon_enable=YES ... --- services: --- ... sunrpc 111/tcprpcbind #SUN Remote Procedure Call sunrpc 111/udprpcbind #SUN Remote Procedure Call ... --- ipf.rules: --- block in log on rl0 all head 20 block out log on rl0 all head 25 pass in quick on rl0 \ proto tcp/udp from any to any port = sunrpc keep state group 20 pass in quick on rl0 \ proto tcp/udp from any to any port = 717 keep state group 20 pass out quick on rl0 \ proto udp from any to any port = 111 keep state group 20 Steps to load the rules: ipf -Fa ipf -f /etc/ipf.rules 1:ioctl (add/insert rule): No such process And there is one more problem - despite that I have packet logging enabled by default (-Ds) through syslogd, log is empty! syslog.conf: ... security.* /var/log/security ... That file exists and have root rw permissions. If this help: after I'd moved to 6.0 from 5.4 (backup-format-install-restore), this config stopped to work. I know that I'm doing something wrong but what exactly? Regards, Muxas ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: best approach to clone a disk?
I use the Norton ghost program. You have to first install ghost on a window box and then create a ms/dos bootable floppy with ghost on it. Them boot your FreeBSD box with that floppy and ghost image the hard drive with mbr to cdrom or dvd. You can then boot the target box with that same floppy and restore the cdrom/dvd even if the hd is bigger than the source one. Using 2003 version of ghost I first zero out all the free space on FreeBSD so ghost will compress it in the backup image which makes ghost run faster on bkup and restore. dd if=/dev/zero of=/filler bs=1m ; rm /filler dd if=/dev/zero of=/tmp/filler bs=1m ; rm /tmp/filler dd if=/dev/zero of=/usr/filler bs=1m ; rm /usr/filler dd if=/dev/zero of=/var/filler bs=1m ; rm /var/filler Of course this is a hands on method. You have to have physical access to the source and target pc's to do this. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joe Auty Sent: Tuesday, February 14, 2006 11:49 AM To: freebsd-questions@freebsd.org Subject: best approach to clone a disk? Okay, In taking the advice of an earlier poster in suggesting that the instructions located here: http://www.unixcities.com/howto/ Are rather old, allow me to make my question a little broader in scope: What is the best way to clone a disk in FreeBSD? Do you have any step- by-step instructions? The instructions I used above (even replacing the restore -r flag with a -x) produced a core dump. Can I use DD on two disks of different size? Do you recommend Ghost for Unix? Any other suggestions or recommendations should the dump command just not work for me? Thanks in advance! --- Joe Auty NetMusician: web publishing software for musicians http://www.netmusician.org [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: best approach to clone a disk?
Cloning a complete HD mbr and all to second HD in same FreeBSD box is a snap using ghost. That's the way I make additional FreeBSD workstation pc'a. I take the HD from the target and plug it into the FreeBSD box, then boot ghost from floppy, do ghost hd to hd copy, remove cloned HD and put it into target box and boot it up and it runs just like the original. This is not the Freebsd way. But its quick and can also be used for my window boxs on my LAN. You get double the bang for your buck. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joe Auty Sent: Tuesday, February 14, 2006 12:26 PM To: Alec Berryman Cc: freebsd-questions@freebsd.org Subject: Re: best approach to clone a disk? On Feb 14, 2006, at 12:07 PM, Alec Berryman wrote: Joe Auty on 2006-02-14 11:49:05 -0500: What is the best way to clone a disk in FreeBSD? [...] Can I use DD on two disks of different size? Do you recommend Ghost for Unix? g4u is a very nice wrapper for dd. I've had great success with it for identically-sized disks; there shouldn't be a problem if the target disk is larger than the source disk, because you can edit the partitions around and then growfs. Don't overlook tar, though - it doesn't care about disk sizes as long as you have enough free space, doesn't care about partitions, and is simpler in many cases. If you boot up to the fixit image from an install CD you can partition and newfs to however you like and then untar. Hmmm... Could you tell me more about how the fixit images work? I've never had to do that... basically, I just need something that will allow me to boot up into single user mode. I've been using the source disk in single user mode, and doing a mount -u / to make sure that it is mounted read only. Before I go this route, I'm thinking it might be wise to give dump another try from a working boot CD. What is the best way to create myself a boot CD that I can use to boot up in single user mode? As far as your tar idea, the idea seems great, although I'm not sure whether I have enough space to store both the tarball and the space needed to extract the tarball to. We are talking over a 100 gig here. Thanks for your advice! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Why myserver be locked ?
I would stop over riding all those sysctl knobs and see what happens when using the defaults. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Halid Faith Sent: Tuesday, February 14, 2006 1:45 PM To: Erik Norgaard Cc: freebsd-questions@freebsd.org Subject: Re: Why myserver be locked ? Hello On the machine, qmail , pop3,smtp,imap,http,htps,openssl,secureimap,securepop3 and clamav-antivirus run. Do these services cause be locked the machine ? Also my sysctl.conf is below; kern.ipc.maxsockbuf=2097152 kern.ipc.somaxconn=8192 kern.maxfiles=24656 kern.maxfilesperproc=22190 kern.ipc.nmbclusters=51200 net.inet.tcp.rfc1323=1 net.inet.tcp.sendspace=65535 net.inet.tcp.recvspace=65535 net.inet.udp.recvspace=65535 net.inet.udp.maxdgram=65535 net.local.stream.recvspace=65535 net.local.stream.sendspace=65535 net.inet.icmp.bmcastecho=0 net.inet.icmp.maskrepl=0 net.inet.ip.accept_sourceroute=0 net.inet.ip.sourceroute=0 net.inet.icmp.drop_redirect=1 net.inet.tcp.delayed_ack=0 net.inet.ip.forwarding=1 Do above sysctl settings cause be locked the machine ? - Original Message - From: Erik Norgaard [EMAIL PROTECTED] To: Halid Faith [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Tuesday, February 14, 2006 7:29 PM Subject: Re: Why myserver be locked ? Halid Faith wrote: Hello I have a Dell1600SC server. The server has 4 CPU and 2 Gbyte Ram. I had been using it based Redhat9 till a month ago. The server was working without problem. After that, I installed FreeBSD6 Release on it. The server started to run be locked. When it is locked, it becomes as freeze.I am not able to do anything on it. I don't believe in any hardware error. I have to push the reset button to reboot it. When I rebooted by the reset button, the machine has not given me any error message in dmesg and /var/log/messages. When the machine rebooted, it works normaly with all of it's services. What should I do ? Can you reproduce the problem? Have you made any observations up till the system freezes up? Check logfiles for error messages, you may set loglevel up so all debugging is also logged. If you don't find any error messages in the log files then try to disable ALL services and see if it runs stable. Enable one service at the time and let it run for a while to check that the system is still stable. First enable services included in base like syslog, ssh and named. Then go on to enable other services. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Cant login to FTP server.
Daniel change this # Allow everything on local net pass in on sis0 all pass out on sis0 all to this # Allow everything on local net pass in quick on sis0 all pass out quick on sis0 all change this pass out quick on rl0 proto tcp all keep state to pass out quick on rl0 proto tcp all flags S keep state change this # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port = 21 #FTP pass in quick on rl0 proto tcp from any to any port = 22 #SSH pass in quick on rl0 proto tcp from any to any port = 80 #WWW pass in quick on rl0 proto tcp from any to any port = 113 #oidentd to this # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port = 21 flags S keep state #FTP pass in quick on rl0 proto tcp from any to any port = 22 flags S keep state #SSH pass in quick on rl0 proto tcp from any to any port = 80 flags S keep state #WWW pass in quick on rl0 proto tcp from any to any port = 113 flags S keep state #oidentd Next you say that remote users on the public internet can not ftp into your gateway firewall/ftp box. The way your firewall is configured only passive ftp can pass through. Your public internet remote user has to tell his ftp login request to use passive mode. To allow active native ftp from remote users add this # To allow remote active ftp data channel pass in quick on rl0 proto tcp from any to any port = 20 flags S keep state Your local LAN users can use either passive or active ftp because you have no restrictions as shown by there rules. # Allow everything on local net pass in on sis0 all pass out on sis0 all Here's an very important security point about ftp. FTP passes the login id/pw and data in the clear and it can be captured by a sniffer any place between the remote and host site. Once the valid login id/pw is captured the attacker can gain access to your box as authorized user and then start trying to gain root access after which your box is compromised. Think very hard about allowing native ftp access to you box, it's a very big security risk. You should not be making native ftp available to public login unless you are running a anonymous ftp server within a jail. You should use SSH's sftp which first creates a tunnel between remote and host and then encrypts the login id/pw and the complete data stream. Check the archives for the last few days for thread about seting up ssh. There is a complete step by step how to posted in the thread. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daniel A. Sent: Tuesday, February 14, 2006 5:37 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Cant login to FTP server. Hi, I've been looking at the FreeBSD handbook's section about ipnat and ipf for a few hours now, but I cannot seem to make this work. Outgoing FTP'ing works just fine. In fact, I have absolutely no problems making outgoing FTP connections from my workstation (Which is behind my server) Also, I have absolutely no problem with making connections to my server from inside my LAN. The problem is when someone tries to connect to my servers FTP server. It just doesnt work! In addition to the rules and log I pasted below, here are my tweaked rulesets: /etc/ipf.rules: ___IPF___ # Let clients behind the firewall send out to the internet, and replies to # come back in by keeping state. pass out quick on rl0 proto tcp all keep state pass out quick on rl0 proto udp all keep state pass out quick on rl0 proto icmp all keep state # Allow everything on local net pass in on sis0 all pass out on sis0 all # loopback stuff pass in quick on lo0 all pass out quick on lo0 all # Since nothing should be coming from these address ranges, block them block in quick on rl0 from 192.168.0.0/16 to any block in quick on rl0 from 172.16.0.0/12 to any block in quick on rl0 from 127.0.0.0/8 to any block in quick on rl0 from 10.0.0.0/8 to any block in quick on rl0 from 169.254.0.0/16 to any block in quick on rl0 from 192.0.2.0/24 to any block in quick on rl0 from 204.152.64.0/23 to any block in quick on rl0 from 224.0.0.0/3 to any # Let's let people access the services running behind this system # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port = 21 #FTP pass in quick on rl0 proto tcp from any to any port = 22 #SSH pass in quick on rl0 proto tcp from any to any port = 80 #WWW pass in quick on rl0 proto tcp from any to any port = 113 #oidentd # Steam Dedicated Server (Commented out... the Steam Dedicated Server blows) #pass in quick on rl0 proto udp from any to any port = 1200 # Friends network #pass in quick on rl0 proto udp from any to any port 26999 27016 # Gameport #pass in quick on rl0 proto udp from any to any port = 27020 #pass in quick on rl0 proto tcp from any to any port 27029 27040 #pass in quick on rl0 proto tcp from any to any port =
RE: A problem with the pppd
First of all you are trying to use kernel ppp. This was completely rewritten because it was so hard to configure and debug and it now called User ppp. d (IE: kernel ppp) was kept around for backwards compatibility. For all practical purposes its dead and just waiting to be removed. You will get better help here if you change to user ppp. The install guide at www.a1poweruser.com has a step by step instructions for seting up user ppp callback function. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of a Sent: Sunday, February 12, 2006 7:02 AM To: freebsd-questions@freebsd.org Subject: A problem with the pppd Help me, please, with the pppd. The problem is the next. I want to connect to Internet Service Provide (ISP) with a callback. I use the pppd and the chat with the next scripts, which are inessential now: # pppd script /dev/cuad1 115200 debug defaultroute crtscts noipdefault connect /usr/bin/chat -v -f /etc/ppp/peers/login.chat.script.prostointernet.callback callback 4504257 passive domain prostointer.net persist holdoff 300 # chat script login.chat.script.prostointernet.callback # It is one line really ABORT BUSY ABORT 'NO CARRIER' AT OK ATS0=1 OK ATDP5945050 TIMEOUT 300 CONNECT TIMEOUT 30 sername:-\\r-sername: login TIMEOUT 30 sword: password hostname: 0.0.0.0 The first step goes well: my side connects with the ISP and authentication is done successfully. After authentication and querying a callback, pppd hangs up the line. But then pppd exits. The ISP calls me back after some time. But there is no pppd already, and nobody is waiting for the incoming call. (Without callback I have no problem.) What do I wrong? mailto:[EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: incorrect logins
This last week the subject of failed ssh logins was covered in 2 different threads and was answered in full. Please check the archives for your answers before asking the same question over again. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Playnet Sent: Saturday, February 11, 2006 11:39 PM To: FreeBSD Mailing List Subject: incorrect logins Hello FreeBSD, I see many records as Feb 10 21:08:55 sstand sshd[84600]: Failed password for root from 61.218.130.20 port 46356 ssh2 How can i block these IP, who try root as login? Have any soft in ports? -- Best regards, Playnet mailto:[EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: I need help to install
There is a laptop question list which you should post at. I think its called mobile. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Moises Castellanos Sent: Saturday, February 11, 2006 7:00 PM To: freebsd-questions@freebsd.org Subject: I need help to install Hi. I want to install FreeBSD in my toshiba satellite A80-117 laptop, but when im in the first menu when i choose the option default, start to loading the kernel and the computer hang up, with the option of no ACPI too. The laptop has: Celeron M 1.4Ghz 256MB of RAM 40GB of Hard Drive. Atheros wireless Realtek LAN 10/100 ATI 9002 graphic card. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: help on network card
Is the card found in the boot process? There should be some messages in the boot log if the card is found. Maybe the driver for your card is not part of the base install system. You may have to compile the kernel to include support for your card. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jose Jesus Ortega Sent: Saturday, February 11, 2006 7:31 PM To: [EMAIL PROTECTED] Subject: help on network card I have a Linksys Wireless-B network adapter. Its model No.WPC11. I can't make it work on freeBSD. I tried the ndis molecule like it says on the Handbook. It turned on but I can't make it go online. Using ifconfig -a won't see it. Any way to make it work? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: installation of FreeBSD 6.0
(Some data deleted) What happens is that I first get a message ?Building the boot loader arguments? on one line, and shortly afterwards the message ?Relocating the loader and the BTX? on another line. After a delay of about 11 minutes, a third line appears containing the message ?Starting the BTX loader?. I let the system run for about an hour and a half but no more messages appeared, nor did the computer indicate that the installation had completed. The only thing in my machine that I think could be ?not working? with the installation program is my BIOS . Here is all the information I have about my BIOS . It names itself as ?Energy Star Ally? written by Award Software Inc. and that it is an ?Award Modular BIOS? with ?Award Plug Play BIOS extension v1.0A?. Its ID is v4.6OPGMA (the character between the 6 the P is a vertical ellipse with a dot at its center, it is either zero or oh ). How did you install it? (Two floppy disks / CD) Did you get to the install screen? (sysinstall) I tried to install from a CDROM set (of 2). I never did get to the install screen. I tried simply booting the first CDROM and it gave out those three lines. Similarly when I booted into my current system (4.3), mounted the first CDROM , and then typed /cdrom/stand/sysinstall. Where did you get your install cd from?? If you burned a downloaded iso file, did you run md5 to verify the checksum so you know its good? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: sshd / ssh setup
For the archives. Example of configuring OpenSSH Environment description: In this example we have a FreeBSD system which we will call the host. We have an Remote FreeBSD system which is located some where on the public internet, we will call this the FBSD-client. We also have an Remote MS/windows system which is located some where on the public internet, we will call this the Win-client. OpenSSH has a few different security levels when it comes to how the ssh login is handled. This example details the encrypted host/client key with passphrase method. This method gives the maximum protection possible utilizing ssh. Host setup steps. 1. Edit /etc/rc.conf and add this statement sshd_enable=YES Make sure your firewall allows port 22 in from the public internet. Reboot your system to activate sshd and login as root. If this is your first time booting with sshd you will have to create the host keys. sshd will show you this on the first sshd boot only. Type a full screen full of random junk to unblock it and remember to finish with enter. This will timeout in 300 seconds, but waiting for the timeout without typing junk may make the entropy source deliver predictable output. Just hit enter for fast+insecure startup. kern.random.sys.seeded: 1 - 0 qkcir83,2jsn40pl722jjbqok this is the example junk entered Generating public/private rsa1 key pair. Your identification has been saved in /etc/ssh/ssh_host_key. Your public key has been saved in /etc/ssh/ssh_host_key.pub. The key fingerprint is: ed:5d:97:dc:49:98:36:66:fc [EMAIL PROTECTED] Generating public/private dsa key pair. Your identification has been saved in /etc/ssh/ssh_host_dsa_key. Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub. The key fingerprint is: 67:e7:90:04:0e:27:2e:d2:97:6a [EMAIL PROTECTED] Generating public/private rsa key pair. Your identification has been saved in /etc/ssh/ssh_host_rsa_key. Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub. The key fingerprint is: 96:db:50:5c:9e:69:88:26:28:54 root@ domainname 2. If you do a ps ax command you will see sshd as one of the running tasks. 3. Using adduser or pw command create a normal user account. For this example we will use bob as the host user account name. 4. Hit alt/f2 at same time to open second session and login using bob. 5. Run this command ssh-keygen -t rsa Just hit enter to take default location and file name No need to enter a pass phrase for the host user here, just hit enter 2 times This is what you will see Generating public/private rsa key pair. Enter file in which to save the key (/bob/.ssh/id_rsa): Created directory '/bob/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /bob/.ssh/id_rsa. Your public key has been saved in /bob/.ssh/id_rsa.pub. The key fingerprint is: e7:e6:8f:d3:b1:b4:08:27:09:d2 [EMAIL PROTECTED] 6. If you want to ssh login as Host root, you have to run step 5 above while logged in as root on the host. Also edit /etc/ssh/sshd_config and change this statement #PermitRootLogin notoPermitRootLogin yes Then killall HUP sshd to make sshd task reread its sshd_config file. FBSD-client setup steps. 1. Using adduser or pw command create a normal user account. For this example we will use remotetom as the user account name. 2. Login using remotetom. 3. Run this command ssh-keygen -t rsa Just hit enter to take default location and file name At the Enter a passphrase prompt [enter one and write it down, because it will be needed for ssh login to the host]. This is what you will see Generating public/private rsa key pair. Enter file in which to save the key (/remotetom/.ssh/id_rsa): Created directory '/remotetom/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /remotetom/.ssh/id_rsa. Your public key has been saved in /remotetom/.ssh/id_rsa.pub. The key fingerprint is: e7:e6:8f:d3:b1:b4:08:27:09:56:de:d2 [EMAIL PROTECTED] 4. The Public key file you just created /remotetom/.ssh/id_rsa.pub has to be sent to the Host system. On the host system rename it to authorized_keys2 and put it into the home directory of the user setup earlier. In this case ~/bob/.ssh/authorized_keys2. 5. To ssh to the host enter this ssh hostname or ssh host-ip-address The first time you ssh to the Host you will get these messages. Answer yes if you are sure this first connection is with
RE: fine grained firewall?
I believe IPFW has uid option on rules as in 070 deny tcp from me to any out via $pif setup keep-state uid bob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of andrew clarke Sent: Thursday, February 09, 2006 3:49 AM To: freebsd-questions@freebsd.org Subject: fine grained firewall? Is it possible to configure the FreeBSD firewall to block ports on a per-user or per-executable basis? eg. - Block /usr/local/bin/irc from connecting to TCP port 6667 - Block user 'johnsmith' from connecting to TCP port 21 etc. Thanks. Regards Andrew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: is upgrading from 4.x to 6.x possible?
To take advantage of the new file system ufs2 which became part of FreeBSD in 5.0 you need to install from scratch. You are so far behind that its far better to start over again after saving your user data. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mikhail Teterin Sent: Wednesday, February 08, 2006 4:10 PM To: freebsd-questions@freebsd.org Subject: is upgrading from 4.x to 6.x possible? Is there a procedure for upgrading 4.x to 6.x? Simply doing `buildworld' does not work -- even make can not be rebuilt without the stdint.h, for example. Thanks for advice. Yours, -mi ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
sshd / ssh setup
Have user who is logging in to USA site from Asian public internet cafes using his personal windows/xp notebook. Trying to setup the USA server and his windows/xp notebook to use SSH. Added sshd_enable=YES to USA site server rc.conf and rebooted system. During boot process, followed sshd instruction and built the root user keys. Have read the handbook but have no clue as how to proceed. The handbook covers all the many different ssh config options, but does not say how to really use it. Need procedures to 1. setup users on FreeBSD target sshd server. 2. setup users on FreeBSD remote box to ssh to sshd server. 3. setup users on windows/xp remote box to ssh to sshd server. Is this documented any where? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: sshd / ssh setup
fbsd_user wrote: Have user who is logging in to USA site from Asian public internet cafes using his personal windows/xp notebook. Trying to setup the USA server and his windows/xp notebook to use SSH. Added sshd_enable=YES to USA site server rc.conf and rebooted system. During boot process, followed sshd instruction and built the root user keys. Have read the handbook but have no clue as how to proceed. The handbook covers all the many different ssh config options, but does not say how to really use it. There are a lot of options here, but here's how I do it. Not necessarily the best way, but it works for me. Need procedures to 1. setup users on FreeBSD target sshd server. Create a regular login for each outside user using adduser. Make sure port 22tcp is open inbound. Login as that user and run: ssh-keygen -t rsa I don't have many users so I disable ChallengeResponse authentication and require users to submit keys. To do that, edit /etc/ssh/sshd_config and set: ChallengeResponse no I also set: Protocol 2 2. setup users on FreeBSD remote box to ssh to sshd server. Have them run the same ssh-keygen -t rsa Tell them to send you ~/.ssh/id_rsa.pub Concatenate that to the ~/.ssh/authorized_keys2 files in their home directory on your server. Make sure the key ends up on a new line in authorized_keys2. If there wasn't a newline at the end of the file previously, it will end up concatenating it to the end of whatever keys are already there. If that happens, just go in with a text editor and break the line. The user should then be able to ssh into your box. 3. setup users on windows/xp remote box to ssh to sshd server. Install Putty http://www.chiark.greenend.org.uk/~sgtatham/putty/ Run puttygen and generate an SSH2 RSA key (select this at the bottom of the dialog box). Tell them to save the public and private keys, and then to copy the contents of the Public key for pasting.. field at the top of the screen, paste it into a file in notepad, and email it to you. Concatenate that to the end of their ~/.ssh/authorized_keys2 file as you did for your freebsd users. If they're going to be logging in often, tell them to run pageant to cache the private key. Then they can run putty and connect to your server. Again, you might not want to do it this way if you don't want to mess around with having users send you keys, but it's a lot more secure. Pretty soon you'll be be getting a 100 or more hits a day from crackers trying to log into your system. They'll never get anywhere if you're using key based authentication. -- Ken Stevenson Allen-Myland Inc. *** -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ken Stevenson Sent: Wednesday, February 08, 2006 6:02 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] ORG Subject: Re: sshd / ssh setup Ken Thanks that helps a lot. Only thing missing is what is ssh login syntax to login from the remote FreeBSD pc? Can I also remotely login as root on sshd server system? I guess the setup instructions are with the putty pgm for ssh access from windows/xp ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
