Re: Where is 4.5, 4.6, etc. on the FTP sites ?
I am not here to go into a lengthy justification as to why I need the older ones (damn, I just knew the answers would all be but why would you not just upgrade) The point is, why are they not on the ftp sites anymore ? I suspect there is no good reason for it at all - just a totally arbitrary decision to remove things that didn't hurt anyone to keep around. I think i am going to go remove all the faucet handles in my bathrooms. Sound strange ? It is not any more of a pointless and arbitrary removal of functionality than what was removed from the ftp sites. On Thu, 18 Sep 2003, JacobRhoden wrote: On Thu, 18 Sep 2003 03:37 pm, Josh Brooks wrote: But on the outside chance that older versions (4.5, 4.6, 4.6.1) are _actually_ not on the ftp servers, can someone explain why, and where I can get them from ? You could just install 4.8-RELEASE, then use cvsup to 'downgrade' the source to any date you like, or any 4.x you like (: _ JacobRhoden - http://rhoden.id.au/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
version string scare with new patched ssh (newbie)
Hi, I have a 4.5-RELEASE system with the original, stock /usr/src/secure. I followed the SA directions, and they worked like a charm - I patched the source, all hunks succeeded, and install/restart worked fine. However, when I run: /usr/sbin/sshd -\? I see: sshd version OpenSSH_2.9 FreeBSD localisations 20011202 Is this correct ? Part of me thinks it is because I don't have a new sshd, just a patched version of the old 4.5-RELEASE one ... but I am not so sure. So can someone confirm that that version string is ok ? thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
sendmail SA only mentions 4.7 and above ... ?
Hi, What should I do to update sendmail on my 4.5, 4.6, and 4.6.1 systems ? Will the patch work properly there, or should I follow a different tact ? ALSO I seem to remember the last time we had a sendmail vulnerability, there were binaries available, and we could just do something like: install -s -o root -g smmsp -m 2555 sendmail-4.6-i386-crypto.bin /usr/libexec/sendmail/sendmail and then restart sendmail. Do those exist this time around ? If so, where are they ? If not, why not ? thanks! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where is 4.5, 4.6, etc. on the FTP sites ?
On Thu, 18 Sep 2003, Dan Nelson wrote: Do you have to pay for the space taken up by your faucet handles? Try www.freebsdmirrors.org for a list of sites that have the disk space to keep old releases. Thank you - this is much appreciated, and helped me greatly. However, what should I do with 4.6.1-RC2 ? It is not on any of the mirrors above, and I cannot tell /stand/sysinstall to go ahead and grab either 4.6 or 4.6.2 instead ... So, if 4.6.1-RC2 does not exist anywhere, is it possible to get sysinstall to connect and ask for a different version instead ? Would /usr/src from 4.6 be closer to 4.6.1-RC2, or would /usr/src from 4.6.2 be closer ? thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
version string scare with new patched ssh (newbie)
Hi, I have a 4.5-RELEASE system with the original, stock /usr/src/secure. I followed the SA directions, and they worked like a charm - I patched the source, all hunks succeeded, and install/restart worked fine. However, when I run: /usr/sbin/sshd -\? I see: sshd version OpenSSH_2.9 FreeBSD localisations 20011202 Is this correct ? Part of me thinks it is because I don't have a new sshd, just a patched version of the old 4.5-RELEASE one ... but I am not so sure. So can someone confirm that that version string is ok ? thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
sendmail SA only mentions 4.7 and above ... ?
Hi, What should I do to update sendmail on my 4.5, 4.6, and 4.6.1 systems ? Will the patch work properly there, or should I follow a different tact ? ALSO I seem to remember the last time we had a sendmail vulnerability, there were binaries available, and we could just do something like: install -s -o root -g smmsp -m 2555 sendmail-4.6-i386-crypto.bin /usr/libexec/sendmail/sendmail and then restart sendmail. Do those exist this time around ? If so, where are they ? If not, why not ? thanks! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Where is 4.5, 4.6, etc. on the FTP sites ?
Hello, I am using /stand/sysinstall to populate my /usr/src directory - I didn't do it when I originally installed, but I need to do it now - however, it is not on any of the ftp sites !!! Now, it is possible that this is a problem on my end - in fact, given that there is no reason at all in the world to remove those older versions (what, did you run out of disk space?), I must assume that the problem is on my end. It must be. But on the outside chance that older versions (4.5, 4.6, 4.6.1) are _actually_ not on the ftp servers, can someone explain why, and where I can get them from ? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How can I add /usr/src/secure to a system ?
Ok, my /usr/src is totally empty - nothing in there at all. I would like to follow these instructions from the latest openSSH FreeBSD-SA: # cd /usr/src # patch /path/to/sshd.patch # cd /usr/src/secure/lib/libssh # make depend make all install # cd /usr/src/secure/usr.sbin/sshd # make depend make all install # cd /usr/src/secure/usr.bin/ssh # make depend make all install So, presumably I need to add /usr/src/secure to the system. What is the easiest way to do this ? Can I use cvsup to just add that directory to /usr/src ? Also, after doing this, I am told to: Be sure to restart `sshd' after updating. # kill `cat /var/run/sshd.pid` # (. /etc/rc.conf ${sshd_program:-/usr/bin/sshd} ${sshd_flags}) Can anyone confirm that that will not lock me out ? Will my connection die and I have to reconnect ? thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
No /proc or procfs by default in 5.1-RELEASE ... why ?
Hello, As I am sure many have noticed, a default installation of 5.1-RELEASE will leave you with no procfs mounted at /proc, and no entry in /etc/fstab for a procfs. Is this by design ? Is it better to not run /proc on 5.x ? What are the consequences of running without a procfs on 5.x ? OR Was this just a bug/oversight in the 5.1-RELEASE, and in reality we should definitely be running a procfs and have an entry in /etc/fstab, etc. ? This is with the GENERIC kernel, but other kernels I build with PROCFS also do not result in a procfs existing either - I always have to manually mount it. Any commnts of any kind related to the design decision that may have been behind this - or any explanation of a kind as to why the 5.1-RELEASE has no procfs mounted or in fstab by default is much apprecaited! thanks! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Can I tell whether dump used -L or not ?
Hello, A new option in FreeBSD 5.x `dump` is the -L option for backing up a live filesystem ... Is there a way to examine/check a dump file to see if it was created using the -L or not ? ALSO, if I do use -L when creating a dump, do I need to restore it any differently, or can I restore it the same regardless of whether I used -L or not ? thanksyou! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: question regarding quotas
On Mon, 30 Jun 2003, Dan Nelson wrote: If you're adventurous, you could use growfs :) Reading the archives, it seems as if you would use growfs, but then run into performance problems because you did not defragment afterward (and there is no defrag utility for UFS). Something about the performance getting worse and worse as you filled up the grown FS, since the go get some free space algorithm would fail a lot more since the first half of the disk would be packed full, and the space you grew on would not be ? comments ? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: question regarding quotas
Hi Dan, On Sat, 28 Jun 2003, Dan Nelson wrote: Quotas are per-user, not per-directory. Any files those users create, anywhere in that filesystem, will contribute to their quota. Files created by other userids but placed in those directories will count against the other user's quota. Basically what happens with per-directory quotas is that the users learn not to put files in their homedir :) They end up finding someplace that they can write to outside their homedir and put files there instead. Thank you. Do per-directory quotas exist (in any fashion) in FreeBSD ? I am looking for a way to do per-directory, even if it is a hack of some kind... thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: question regarding quotas
Hello. On 29 Jun 2003, Lowell Gilbert wrote: Dan Nelson [EMAIL PROTECTED] writes: The only thing I can think of that might work: if you didn't mind a whole lot of filesystems, you could create a filesystem per directory you wanted to control. Then the filessytem size itself would be the quota. I'm not following this suggestion. Quotas are per-user, *per-filesystem*, as you said the first time. So it's not necessary to put each user's critical space on a different filesystem. In fact, what quotas do is protect users from each other on a given filesystem. What he is saying is, if I want to control the size of a directory, but there will be file creations in that directory from more than one user, I need to do something besides quotas, since quotas only count how much that user has created, NOT how much is in the directory total. So my question was, is there a way to control how big a directory can grow, regardless of who is putting what files in that directory. So far, his answer was that I could just make each directory its own filesystem, which would definitiely work, but I wondering if perhaps there is a more elegant way to do this ? Again, I am just trying to take an arbitrary directory, say: /export/data7/homes/jerry and place a configurable limit on how big that directory can get, without mounting it as its own filesystem... thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: question regarding quotas
Hi, On Mon, 30 Jun 2003, Sergey DoubleF Zaharchenko wrote: Josh Brooks wrote: So my question was, is there a way to control how big a directory can grow, regardless of who is putting what files in that directory. So you are going to make a directory N Mbytes large... Make a file N Mbytes large, vnconfig it, disklabel it, newfs it and mount to your directory. You should be solved then. Yes, I am familiar with this way of solving the problem, its just that I would like to try to avoid having all those partitions mounted (even if they are just vn-partitions) because then it is very hard to increase or decrease those quota sizes - you have to dump, dd a bigger file, re-vnconfig, then restore ... very time consuming. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
question regarding quotas
Hello! I have a group of 5 users that I want to set up quotas for - their home directories are: /export/data1/user1 /export/data1/user2 /export/data1/user3 /export/data1/user4 /export/data1/user5 And they will be given free reign to fill up those directories however they choose. At the same time, there will be a fair number of automated processes on the system that place files and directories and logs and other files into their home directories. So, as time goes by, not only will the users themselves fill up their dirs, but other processes on the system will fill up their dirs. These files and dirs that are created by these other processes will be owned by various usernames - bind, www, root - and have different groups set to them as well. My question is, will the extra files and dirs that get placed in their home dir by all these automated processes count towards their quota ? If not, is there a way to set up quotas so that _they do_ ? Basically I just want the quota to calculate how much is in their home dir and enforce based on that... comments are be appreciated ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
VESA modes inexplicably not available on Matrox p750 ?
There is a new matrox card (with triple head support) available - the Matrox Millenium p750. Forget the triple/dual head features - I have not even loaded X yet - I just want a reasonable test console mode to do console work in. Unlike many ATI Rage cards (especially in dell laptops ?) this card does indeed have full VESA support. So, my kernel includes: options VESA options SC_PIXEL_MODE options VGA_WIDTH90 but when I boot up, I see this in my dmesg: # dmesg | grep vesa module_register_init: MOD_LOAD (vesa, 0xc034e8a0, 0) error 6 So ... thatisnt good. And when I try to go into theVESA mode, : # vidcontrol -g 100x37 VESA_800x600 vidcontrol: cannot activate raster display: Operation not supported by device So, if I kldload vesa (grasping at the straw here): # kldload vesa module_register_init: MOD_LOAD (vesa, 0xc7fb5620, 0) error 6 # kldstat Id Refs AddressSize Name 14 0xc010 396560 kernel 21 0xc0497000 4a30cacpi.ko 31 0xc7fb2000 5000 vesa.ko So I get the error again, but it is loaded as a module. I try to go 800x600 again: vidcontrol: cannot activate raster display: Operation not supported by device So what is the problem ? I am ready to have 800x600 console support now, so this certainly isn't a problem to wait on. thanks all of you - and let me know if there are addditional data I can post to you about the problem. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
any IDE raid controllers with supported CLI in freeBSD ?
Hello, I am looking for a IDE raid card to use with FreeBSD. Presumably a few are supported, but I am looking specifically for a card that also has a command line interface that I can run in FreeBSD while the system is running. Sort of like aaccli for aacX scsi raid controllers in freeBSD. Do any exist ? Thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How do I set up a ssh tunnel between two FreeBSD systems ?
Hello, I have read the ssh man page and am not getting the results I think I should. some background: serverA is the client serverB is running sendmail on port 25 I want to telnet to serverA on port 34 and get a response from the sendmail daemon running on serverB. I tried this: ssh -L 34:serverB:25 [EMAIL PROTECTED] ^^^ seems to be what the man page instructs me to do ... But when I run that command, it asks me for a password, and I log into serverB just like any other time I ssh there to log in. So that's that - the above command line does nothing but log me into serverB. If I port scan serverA, nothing is running on port 34. So basically it's a total bust. I am running this ssh command on serverA as root. So what am i doing wrong ? Thanx! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Matrox Millenium p750 three-head in FreeBSD ?
Hello, I am considering buying a Matrox p750, that allows you to do triple-head video on your PC. How does freebsd work with these multi-head video products from matrox ? Does it work at all ? Any comments at all appreciated. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
lowest possible mhz speed for playing mpeg/dvd video ?
Hello, I am considering purchasing a toshiba libretto 110ct with a pentium 233 mhz MMX processor. Is this speed/processor fast enough to play mpeg video and DVD movies from my hard drive, assuming I have _no_ hardware acceleration at all ? I want to use this small notebook for watching movies on planes, etc. (among other things) and am wondering if the CPU is up to the task. Previously I had tried video on a 166 mhz MMX and was not successful. Any comments are appreciated - especially regarding how well it will work. Even if it _technically_ works on a 233 mmx, if the playback will be spotty and bad, it's still not worth much... thanks! To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: (send)mailing from jail-host to jail
First off, thank you for your help. Here is what I did: first, I edited /etc/mail/freebsd.mc and made it look like this: dnl Uncomment both of the following lines to listen on IPv6 as well as dnl DAEMON_OPTIONS(`Name=IPv4, Family=inet') dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6') FEATURE(no_default_msa) DAEMON_OPTIONS(`Name=IPv4, Addr=10.10.2.10, Family=inet') DAEMON_OPTIONS(`Name=IPv4, Addr=127.0.0.1, Family=inet') DAEMON_OPTIONS(`Name=MSA, Addr=10.10.2.10, Port=587, M=E') DAEMON_OPTIONS(`Name=MSA, Addr=127.0.0.1, Port=587, M=E') DAEMON_OPTIONS(`Name=IPv6, Addr=::1, Family=inet6') Then I did: cd /etc/mail make all make install And I verified that it went into sendmail.cf by looking at these lines that are now in sendmail.cf: # SMTP daemon options O DaemonPortOptions=Name=IPv4, Addr=10.10.2.10, Family=inet O DaemonPortOptions=Name=IPv4, Addr=127.0.0.1, Family=inet O DaemonPortOptions=Name=MSA, Addr=10.10.2.10, Port=587, M=E O DaemonPortOptions=Name=MSA, Addr=127.0.0.1, Port=587, M=E O DaemonPortOptions=Name=IPv6, Addr=::1, Family=inet6 Then I: /bin/sh /etc/rc.sendmail restart And there was no change in the behavior. When I send mail from the jail-host to the jail, I get a return mail saying MX record for jail points back to jail-host (which by the way, is patently WRONG - the mx record for jail resolves to X, and X is NOT jail-host...) Also, I noticed in /var/log/maillog that when sendmail starts, it does a reverse lookup on all the IPs on the system, and it fails on one of them - leaving me a: Mar 9 16:44:25 www sm-mta[10541]: gethostbyaddr(10.10.2.12) failed: 1 And this shows that sendmail is not doing what I tell it to in freebsd.mc- because if it was, it would NOT CARE AT ALL about that other IP on the system and whether or not it can reverse it, since as far as sendmail should be concerned, that IP does not exist. But, as you can see, it is continuing to care about other IPs on the box, such that it complains about an unrelated IP not being reversible, and continues to complain that the mx list for jail points back to jail-host (presumably because what jail _does_ resolve to is an IP it sees itself as owning...) So ... is there any way to get this to work ?The only way I can find is to unconfig the network interface for the IP of `jail` and then start sendmail, and then reconfig the jail IP. That works, but it is incredibly lame. thanks. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
(send)mailing from jail-host to jail
system A is a normal freeBSD system with two IP addresses. system B is a jail on system A, using the second IP. When I send mail from A to B, i get an error saying that the MX record points back to myself. Presumably this is because sendmail running on jail-host takes account of both ips when it starts, and thinks both iPs belong to it. So, how can I start sendmail on system A so that it only thinks of itself as encompassing the first IP ? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
loading ipfw module without default-deny
Hello, I want to: kldload ipfw.ko but I am not near the physical machine, and cannot type in an allow rule after loading the module - by default all traffic will be denied. How can I load the ipfw.ko module but not knock myself off the network ? My only thought was to put an `ipfw add` rule into a cron job to run one minute after I load the module, but that seems silly :) To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: sendmail 4.6 fixed binary on 4.5-RELEASE ?
Then why don't they have a section in the SA that deals with 4.5 ? On Tue, 4 Mar 2003, Toomas Aas wrote: Hi! But what if I use this binary replacement on a 4.5-RELEASE system ? Sendmail architecture on FreeBSD changed quite drastically between 4.5-RELEASE and 4.6-RELEASE (see /usr/src/UPDATING for details). I think that for this reason the binary update is not quite drop-in on 4.5, but I'm really no expert. -- Toomas Aas | [EMAIL PROTECTED] | http://www.raad.tartu.ee/~toomas/ * Why is it called tourist season if we can't shoot at them? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
sendmail 4.6 fixed binary on 4.5-RELEASE ?
Hello, I am using: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-crypto.bin.gz as a binary replacement for my sendmail binaries on my 4.6.x systems. It is working fine. But what if I use this binary replacement on a 4.5-RELEASE system ? Has anyone tested or tried this ? I would assume it would work because I notice many apps moving gracefully between 4.5 and 4.6, but I wonder if anyone has any official word - or even a prediction ? thanks! To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
how to kill a while loop...
Hi, I ran a command like: while `some command` ; do something ; done and I missed the PID output when I backgrounded it. Now I want to kill this while process, but I cannot find it anymore. I tried to ps auxw | grep while, and grep do and so on, but I cannot find the process to kill it. How can I do that ? thanks! To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
differentiating apache children from parents ?
Hello, Is there any way to tell, simply from /proc info and/or ps output if a certain httpd PID is a child or the parent ? If yes, is this method applicable on any OS (linux) ? thanks. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: differentiating apache children from parents ?
I want to kill apache children that exceed a certain memory size - but I want to make sure only to kill children. Is your method a workable way of doing that ? That is, I would test it and if it is +not+ 1 then I would be ok to kill it, since it is not the parent ? On Fri, 24 Jan 2003, Varshavchick Alexander wrote: you can look at the parent pid of the process in question wether it is 1 or not: ps xa -oppid -p _PID_ But depending on what you're trying to do afterwards (for example kill the process if you determine by some external script that there are too many apaches running and you're not satisfied with the native apache process maintanance mechanism), there can be better ways... Regards Alexander Varshavchick, Metrocom Joint Stock Company Phone: (812)118-3322, 118-3115(fax) On Fri, 24 Jan 2003, Josh Brooks wrote: Date: Fri, 24 Jan 2003 05:22:00 -0800 (PST) From: Josh Brooks [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: differentiating apache children from parents ? Hello, Is there any way to tell, simply from /proc info and/or ps output if a certain httpd PID is a child or the parent ? If yes, is this method applicable on any OS (linux) ? thanks. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
ipfw rule help needed
Hi, I am trying to create these two ipfw rules: deny all packets with an ack of zero deny all tcp packets with no MSS specified Can anyone show me the syntax to do that ? Also, comments on bad things that could happen if I put these in are appreciated. AFAIK, the only thing that can happen is that 1 in every 2^32 valid packets will be denied by the ack zero rule, and that the second rule will not affect anything except people using syn flood tools - since every valid tcp packet should have a MSS, right ? thanks. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: adding some new IPs from a different subnet
Actually that was already correct - it was a typo in bringing it over to email form. On the system itself it has the correct .255 mask. On Sat, 11 Jan 2003, Kevin Stevens wrote: On Saturday, Jan 11, 2003, at 14:15 US/Pacific, Josh Brooks wrote: Ok, I toggled net.link.ether.inet.log_arp_wrong_iface - I set it to zero ... and I am still getting those error messages ... Any thoughts ? Did you change thea 10. alias mask at Lowell suggested? KeS To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
adding some new IPs from a different subnet
Hi, I have a rc.conf that looks like: defaultrouter=10.10.10.1 ifconfig_fxp0=inet 10.10.10.2 netmask 255.255.255.0 ifconfig_fxp0_alias0=inet 10.10.10.3 netmask 255.255.255.0 Ok, easy enough - one interface, one default router, and two IPs on that subnet. BUT - as it happens, 10.10.10.1 is _also_ the default router for 192.168.0.0/24 ... it has the IP 192.168.0.1, but it also has the IP of 10.10.10.1 - it is the same default router, but with a few different subnets on it. So, I went and added one of the 192 addresses to my system: defaultrouter=10.10.10.1 ifconfig_fxp0=inet 10.10.10.2 netmask 255.255.255.0 ifconfig_fxp0_alias0=inet 10.10.10.3 netmask 255.255.255.0 ifconfig_fxp0_alias1=inet 192.168.0.2 netmask 255.255.255.0 And this works great - it works because 10.10.10.1 is also the default router for 192.168.0.0/24. BUT, even though the network works great and that IP and everything else is fine, I am getting my log files full of: /kernel: arplookup 192.168.0.1 failed: host is not on local network Note that the error is about the gateway - 192.168.0.1 is the IP on the gateway that this system uses. So, at the end of the day, everything works great, but the system doesn't like the config and is complaining in the logs. - What is the best way to make these log errors stop occurring ? I hate to be a pain, but not only do I need to know what to put in rc.conf, but I cannot reboot the system so I need to know what commands will implement it on the fly as well. many thanks! To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
NMBCLUSTERS over 4096 dangerous in any way ?
Hi, I have a firewall that is starting to get a little overworked. I currently have this line in my kernel config: options NMBCLUSTERS=4096 and I am starting to hit that limit: 276/4096/4096 mbuf clusters in use (current/peak/max) So, the obvious response is to increase that NMBCLUSTERS value. - However, in all the examples and discussion I have seen, I have never seen anyone discuss raising it above 4096. I have no indication that raising it to ... say ... 8192 would be dangerous/risky, but I think I should ask just to make sure. The system is a P3-600 with 256 megs physical ram, and 128 megs swap. This system has no other duties than firewalling. System is running 4.4-RELEASE. SO: 1. any comments on raising NMBCLUSTERS to 8192 ? any other values that need to be tuned to support that ? 2. what is the max I could safely raise NMBCLUSTERS to ? thanks! To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: NMBCLUSTERS over 4096 dangerous in any way ?
How much physical memory do you have on the system that you upped to 8192 ? I am trying to find out if there is some correlation between physical memory and what is safe to set NMBCLUSTERS to ... or is NMBCLUSTERS such a small part of physical memory that even if you set it to 128,000 you still wouldn't be eating into the physical memory of a ... 64 meg system for instance ? On Sat, 14 Dec 2002, Jack L. Stone wrote: At 02:36 PM 12.14.2002 -0800, Josh Brooks wrote: Hi, I have a firewall that is starting to get a little overworked. I currently have this line in my kernel config: options NMBCLUSTERS=4096 and I am starting to hit that limit: 276/4096/4096 mbuf clusters in use (current/peak/max) So, the obvious response is to increase that NMBCLUSTERS value. - However, in all the examples and discussion I have seen, I have never seen anyone discuss raising it above 4096. I have no indication that raising it to ... say ... 8192 would be dangerous/risky, but I think I should ask just to make sure. The system is a P3-600 with 256 megs physical ram, and 128 megs swap. This system has no other duties than firewalling. System is running 4.4-RELEASE. SO: 1. any comments on raising NMBCLUSTERS to 8192 ? any other values that need to be tuned to support that ? 2. what is the max I could safely raise NMBCLUSTERS to ? thanks! When I ran into overload problems using NFS, I had to bump up to 8192 and have not seen any problem since. The error message from the system just complained about the clusters and did not say anything more than recommend bumping. In my own research, I found 8192 commonly used, but the research was skimpy at that. Coincidentially, a message was just posted that says he is using 32768 Best regards, Jack L. Stone, Administrator SageOne Net http://www.sage-one.net [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: NMBCLUSTERS over 4096 dangerous in any way ?
Ok, understood - that answers my question and the one I just posted. So ... in 4.4 KVA space was, by default ... I forget ? So I guess my question has now morphed into: - if the machine is doing nothing but firewalling (so there are no other demands on KVM/KVA) how high can you set NMBCLUSTERS to before you start to get close to the default KVA in fbsd 4.4 ? (actually I think the default is the same in all 4.x, just the method of changing it is different) comments ? thanks! On Sat, 14 Dec 2002, Kris Kennaway wrote: On Sat, Dec 14, 2002 at 02:36:39PM -0800, Josh Brooks wrote: 1. any comments on raising NMBCLUSTERS to 8192 ? any other values that need to be tuned to support that ? 2. what is the max I could safely raise NMBCLUSTERS to ? Increasing NMBCLUSTERS will increase the use of kernel memory. This is okay as long as you have enough to support it :) You'll get panics if you set it too high. Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
how do I add this route without rebooting ?
Hi, Currently my rc.conf looks like this: ifconfig_fxp0=inet 198.78.1.1 netmask 255.255.255.248 ifconfig_fxp1=inet 10.10.10.192 netmask 255.255.255.224 ifconfig_fxp1_alias0=inet 10.10.20.0 netmask 255.255.255.0 static_routes=route1 route2 route_route1=10.10.10.193 198.78.1.1 route_route2=10.10.20.1 198.78.1.1 So far so good. Now I want to add a new network, and I have changed it so it now looks like this: ifconfig_fxp0=inet 198.78.1.1 netmask 255.255.255.248 ifconfig_fxp1=inet 10.10.10.192 netmask 255.255.255.224 ifconfig_fxp1_alias0=inet 10.10.20.0 netmask 255.255.255.0 ifconfig_fxp1_alias1=inet 10.20.30.0 netmask 255.255.255.0 static_routes=route1 route2 route3 route_route1=10.10.10.193 198.78.1.1 route_route2=10.10.20.1 198.78.1.1 route_route3=10.20.30.1 198.78.1.1 So i have added another alias, and another route. Now, here's the question - in the past when I have done this, I have just rebooted the machine and let these settings in rc.conf do everything. This time, however I cannot reboot - I need to stay up and running. So, I add the new IP with: ifconfig fxp1 alias 10.20.30.0 netmask 255.255.255.0 but what is the command to do what I have listed above for rc.conf for adding the third static route ? thanks! To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
NFS - what troubles to expect ?
Helol, I have used NFS on sun/solaris systems for many years, and the one big headache that comes to mind is how, if the server is down, and the client has an automount on boot, the client will hang forever (basically forever) trying to mount from the down NFS server. Does this behavior exist in the FreeBSD world ? What other related behavior can I expect if I have about 10 servers that are all _clients_ for an 11th NFS server, and that NFS server goes down ? Will the performance on the clients go down when the NFS server disappears ? Will they too, like solaris systems, hang forever on boot when the nfs server they automount is not present ? thanks! To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
port redirect with ipfw NOT NAT (not NAT)
Hello, I want to perform a very simple act: All traffic going to 10.10.10.10 port 50 should go to 10.10.10.10 port 5050 That's it. The trick is, I am _not_ interested in running NAT. This is not some cable modem or laptop splitting my DSL service - this is a rackmount firewall on a real network. So again, I do not have any interest in running NAT in any form. Not interested, thanks. But, I cannot seem to figure out what the ipfw rule is to perform this simple task. So the question is: What is the ipfw syntax to redirect all traffic from one port to another. Thanks! To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
making source code changes to a port ?
Hi folks, I have a piece of software that I want to install via the ports tree, but due to a specific custom behavior I want to add to it, I need to edit a few lines in one of the source files. Right now, I am doing the following: cd /usr/ports/category/package make install cd work/package-1.2.3/src (edit file) cd /usr/ports/category/package make deinstall make install and this works, but it is rather unelegant - can't there be a way to do this without install/deinstall/install ? that is, how can I get the port to download and unpack all the work into port/work directory but not actually install anything until I finish with the edits, ect? then after that I would go do the `make install`. Anyone ? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message