Re: Reinstall without reformat
The brutal and brute-force approach can work - better if you boot from a USB stick, of course. You can untar base.tzx and kernel.tzx in your /, with filesystems mounted. As Polytropon says, do a backup of what you'll want afterwards. This approach will leave a lot of cruft (old versions of shared libraries, etc.), but will certainly work. Grab the distribution from (in this case, the example is for 9.2, i386) ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/i386/9.2-RELEASE ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
On Fri, Sep 27, 2013 at 4:11 PM, Frank Leonhardt fra...@fjl.co.uk wrote: On 27/09/2013 23:08, Terje Elde wrote: On 28. sep. 2013, at 00:03, Frank Leonhardt fra...@fjl.co.uk wrote: If I understand the way it works correctly, the resolver pulls a list of the NS and hard-sets the port number for each to 53 (via a manifest constant) . See libc/resolv/res_init.c. All you need to do(!) is change this to a value of your choice and recompile libc Sorry, but this is startin to look a lot like a complicated solution to a problem that isn't really there... It was more of an explanation as to /why/ it's not easy to do what asked in the original reasonable-sounding question. Beg to differ. The question isn't reasonable. There's no point in having a dns recursive resolver listening on a port other than the one that clients will contact it on. Far better to have the authoritative server listen on 127.53.0.1 and use the routable address for the cache, which can forward requests for the authoritative server when appropriate. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD stuck during the boot process.
On Tue, Sep 17, 2013 at 9:47 AM, atar atar.yo...@gmail.com wrote: Polytropon free...@edvax.de wrote: On Tue, 17 Sep 2013 12:15:58 +0300, Atar wrote: When I try to boot FreeBSD from a USB stick, it stuck during the boot process. But if I boot it in safe mode, it succeeds to boot. Yes, you remember correctly, safe mode disable the ACPI support automatically. The problem may also be that USB devices take a long time to settle. I suggest these in your /boot/loader.conf hint.acpi.0.disabled=1 kern.cam.boot_delay=1 kern.cam.scsi_delay=2000 The CAM boot delay is needed for USB booting on some of my machines, esp. Soekris boxes. 10 seconds is safe. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Disappointing dependency introduced in 9.1 (from 8-STABLE)
Because I build a lot of embedded devices with serial consoles, I was in the habit of hacking /boot/loader by commenting out a line in a Makefile that enables terminal emulation /sys/boot/i386/libi386/Makefile: #CFLAGS+= -DTERM_EMU and then in /sys/boot doing a make clean make unfortunately, with 9.X, this breaks the compile. It seems a dependency was introduced which requires the videoconsole code. I find this extremely irritating. Of course, there's nothing to stop me (at the moment) from compiling loader under 8-STABLE and installing it on 9.1 machines, but... Is there a better way now to stop the cursor from scribbling illegibly across the screen? - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Network startup with age Ethernet device
On Wed, Sep 4, 2013 at 8:49 AM, Lowell Gilbert freebsd-questions-lo...@be-well.ilk.org wrote: Have you tried using netwait? I think that would involve putting enable_netwait in rc.conf, and netwait_enable=YES would be it. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipfw gateway rerouting
# my kernel has # options ROUTETABLES=16 GATEWAY_0=10.3.255.0 GATEWAY_1=10.3.255.1 setfib 0 route add default $GATEWAY_0 setfib 1 route add default $GATEWAY_1 ipfw table 1 add $NET_0 0 ipfw table 1 add $NET_1 0 ipfw table 1 add $NET_2 1 ipfw table 1 add $NET_3 0 ipfw add 00500 setfib tablearg ip from any to any in lookup src-ip 1 rule 500 will cause traffic from NET_2 to go out a different gateway (if it's not destined for a local net - presumably other rules will handle those cases) # man setfib # man ipfw (see the section on the setfib action) On Sun, Aug 18, 2013 at 3:15 PM, Jos Chrispijn ker...@webrz.net wrote: Can someone please hint me to to good explanatory site that explains how to reroute a network server to different/non standard network gateway(s) with ipfw? thanks, Jos Chrispijn __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.org freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Theft in the Clouds
Amazon EC2 certainly offers Dedicated Instances, in which the hardware is dedicated to a single customer. On Thu, Jul 25, 2013 at 1:15 PM, Jerry je...@seibercom.net wrote: Not really a FreeBSD issue, but I did find this article rather fascinating. http://www.technologyreview.com/news/506976/how-to-steal-data-from-your-neighbor-in-the-cloud/ This is really about side-channel attacks against crypto - not general data snooping. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gpart: table 'da0' is corrupt; operation not permitted
On Tue, Jul 16, 2013 at 1:44 PM, aurfalien aurfal...@gmail.com wrote: Upon doing; gpart destroy da0 I get; gpart: Device busy crude but effective: DISK=da0 offset=`diskinfo $DISK | awk '{ print $4 - 131072 }'` dd if=/dev/zero of=/dev/$DISK bs=64k count=1 dd if=/dev/zero of=/dev/$DISK bs=64k seek=$offset gpart create -s gpt ${DISK} ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: auth.notice on syslog server
On Mon, Jun 24, 2013 at 5:35 AM, SWENNEN Rudi rudi.swen...@onprvp.fgov.be wrote: Hello FreeBSD-list, I have the following two freebsd systems/servers: a server and a client. The syslog of the client is send to the server. I was wondering why the auth.notice entry on my server is generating a syslog entry (/dev/console) when I change to root on the client: Jun 24 12:01:38 SERVER kernel: Jun 24 12:00:32 CLIENT su: rudi to root on /dev/ttyv0 Is there a way to limit the auth-facility not to log via syslog if the entry in generated from a remote system? Yes, on the host that sends the logs. E.g., auth.*,authpriv.*: /var/log/auth console.*,cron.*,daemon.*,kern.*,mail.*,ntp.*,security.*,syslog.*,user.*,local.*: @loghost ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Boot Loader Issue
On Sun, Jun 23, 2013 at 4:12 PM, Polytropon free...@edvax.de wrote: On Sun, 23 Jun 2013 15:47:53 -0700, Doug Hardie wrote: I need to alter mountroot so it tries the right partition/slice. How do I do that? I couldn't find anything in the handbook on that. You need to install the GPT boot code, e. g. # gpart add -t freebsd-boot -l gpboot -b 40 -s 512K ad0 Why the offset? Why 512k? # gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 ad0 I think it's simpler to make an entry in /boot/loader.conf: vfs.root.mountfrom=ufs:/dev/ada0s1a ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD slice/partiton setup question
On Tue, Jun 18, 2013 at 10:44 AM, Istvan Gabor suseuse...@lajt.hu wrote: ... How can I do this in FreeBSD? Can I have slices with only one partition occupying the whole slice? Can I do something like the following: /dev/ad0s1a / /dev/ad0s2e /home /dev/ad0s3e /usr/local /dev/ad0s5b swap /dev/ad0s6e /home/user1 /dev/ad0s7e /home/user2 etc. where the partitions (a, e, b) occupy the whole slice where they reside on? Why bother with partitions if you're going to use the whole slice? Why bother with slices if you won't run out of partitions? - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Re: FreeBSD slice/partiton setup question
You can simply newfs the device itself, without a volume label, slice, or partition. That's the normal thing to do with malloc devices, or additional disks. If the disk doesn't require a boot loader, isn't the root device, etc. that may be the best thing to do. Your caution about EXT* is spot-in - adequate tools exist for EXT2FS, but it's still problematic. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD maximum password length
I know this may seem off-the-wall to some, but I pasted a hashed password for a user under 9.1 into the /etc/passwd entry for that user on an 8.3 machine, and auth continues to work properly. That's nice. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Bourne shell if syntax
On Mon, Jun 10, 2013 at 12:16 PM, Tim Daneliuk tun...@tundraware.com wrote: That wasn't really my point. I use sentinels because in the face of an empty string this: if [ $PTR = ] Actually evaluates to: if [ = ] Which throws an error. Right. Many scripts seem to assume that sh is bash, and that's certainly not the case here. if [ x$BLAH = x ]; then is the most reliable and portable way of determining if it's a string of zero length. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: swap partition leads to instability?
On Sun, May 26, 2013 at 6:17 PM, Adam Vande More amvandem...@gmail.comwrote: Normal dynamic wear leveling on a modern SSD will be better than imposing an FS- backed swap for 4GB partion occupying a small fraction of total drive space. Quite so. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: BSD sleep
On Tue, May 28, 2013 at 4:45 PM, Joshua Isom jri...@gmail.com wrote: You think it's trivial until you read this: http://infiniteundo.com/post/**25326999628/falsehoods-** programmers-believe-about-timehttp://infiniteundo.com/post/25326999628/falsehoods-programmers-believe-about-time Some days have 86400 seconds, some have 86401. There is a provision for two leap seconds to be applied at once, but that hasn't ever happened. Still, a truly correct clock, set to UTC, might someday read 23:59:59 23:59:60 23:59:61 00:00:00 How many seconds did that hour have? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: swap partition leads to instability?
The Intel SLC mSATA drives I use in embedded devices don't support TRIM, but - it doesn't seem to matter. Actually, I'm confident that just using bare partitions for swap is fine, and I haven't had any of the trouble I witnessed with MLC devices. The difference is that the size is limited to under 32GB. - M On Sun, May 26, 2013 at 4:32 PM, Warren Block wbl...@wonkity.com wrote: On Sun, 26 May 2013, Polytropon wrote: On Sun, 26 May 2013 16:09:06 +0700, Erich Dollansky wrote: Hi, On Sun, 26 May 2013 01:58:32 -0700 (PDT) M. V. bored_to_deat...@yahoo.com wrote: I have a 24/7 network server/gateway with FreeBSD-8.2 on a SSD drive. it's partitioned as normal (/ , /tmp, /var , /usr and swap) for a long time now. But recently I heard from a FreeBSD expert that I shouldn't have swap partition for my server, and having swap partition could make my server unstable. this was so strange for me, and I searched a lot but couldn't find a reason for this claim. because it is a false claim. I never ever have had any system with working hard, that gave a problem because of the swap space. I think the problem here is that he's using a SSD. As soon as the swap partition is being in heavy use, which means it receives many writes, this may lead to the SSD wearing out, decreasing its lifetime. Another problem with SSDs is that they can have difficulty with wear leveling. This is even worse with swap because there is no way to use TRIM to tell the SSD about blocks that have been freed. The workaround is a swapfile on UFS with TRIM enabled. It works fine, and even better when you update the rc scripts for shutdown. Here's an article on setup: http://www.wonkity.com/~**wblock/docs/html/ssd.htmlhttp://www.wonkity.com/~wblock/docs/html/ssd.html And here is the PR with a patch: http://www.freebsd.org/cgi/**query-pr.cgi?pr=bin/168544http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/168544 __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.org freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Case sensitive usernames and sendmail - mystic voodoo
On Sun, May 26, 2013 at 6:17 PM, Polytropon free...@edvax.de wrote: On Sun, 26 May 2013 18:44:41 -0600, Modulok wrote: I know usernames are case-sensitive, I thought emails were too. If I remember e-mail basics correctly: No. They're not. For example, f...@example.com, f...@example.com and f...@example.com and all upper/lowercase variations are the same as f...@example.com. You remember incorrectly ;-) The local part of an address (before the @ sign) is case-sensitive (with the exception of postmas...@example.com) Everything to the right of the @ is indeed case insensitive, but everything to the left might be case sensitive, depending on local policy. This means you must preserve the case of everything to the left of the @ sign. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: setup journaling for root partition
On Wed, May 22, 2013 at 10:53 PM, s m sam.gh1...@gmail.com wrote: thanks Michael for your quick reply:) yes, i can boot from usb freebsd flash and use fixit mode. i have root, var, tmp, usr and swap on my system. i create an extra swap partition to use it as journal provider for root partition. in fixit mode, first i run two below command in order to abel load gjournal: ln -s /dist/lib /lib ls -s /dist/boot/kernel /boot/modules then gjournal load and after that: gjournal label -f ad3s1a ad3s1g (ad3s1a is root partition and ad3s1g is swap partition for journal provider) but this error is shown: gjournal cannot clear metadata on ad3s1a: operation not permitted what is wrong here??? i really don't know how to fix it: Try using -v to get more verbose output. I am at a loss here, too. Perhaps you can try gjournal load dd if=/dev/zero of=/dev/ad3s1g bs=1m gjournal clear -v ad3s1a gjournal label -vf ad3s1a ad3s1g and see what it says, if anything. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: file corruption solution (soft-update or ZFS)
On Thu, May 23, 2013 at 5:33 AM, Warren Block wbl...@wonkity.com wrote: .. One thing mentioned earlier is that ZFS wants lots of memory. 4G-8G minimum, some might say as much as the server will hold. Not necessarily so - deduplication places great demands on memory, but that can be satisfied with dedicated cache devices (on SSD for performance and safety reasons). Without dedup, the requirements are more modest. Softupdates guarantee metadata consistency, but do nothing to address data integrity. ZFS has copy-on-write semantics (which solve a problem that even hardware RAID can't), and end-to-end checksums to detect/prevent data corruption (large drives will have uncorrectable bit errors over their lifetime). - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: setup journaling for root partition
On Wed, May 22, 2013 at 10:27 PM, s m sam.gh1...@gmail.com wrote: thanks Michael, but in all documentation about journaling, tunefs is used as below: tunefs -J enable ad3s1X.journal. ad3s1X.journal is created by gjournal command: gjournal label ad3s1a ad3s1g that assign ad3s1g as journal provider for ad3s1a and create ad3s1a.journal which contains ad3s1a as data provider and ad3s1g as journal provider. my problem is, i can not run gjournal command for root partition in fixit mode nor single user mode. you mean, i should just use tunefs command on ad3s1X (root partition)? if yes, then where journal provider for root partition is located? in root partition? Ah, sorry - lack of careful reading on my part. Can you boot from installation media and use the fixit mode? This still won't work if the last sector of the partition is in use by the filesystem You'll need a spare partition of some size to be the journal provider, as in the example. The very best approach is to create a gjournal and then newfs. How is your disk organized? One big root partition with everything on it? - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: setup journaling for root partition
On Mon, May 20, 2013 at 10:59 PM, s m sam.gh1...@gmail.com wrote: hello everybody i want to setup a journal partition for my root partition. but i do not know how to do that. in FreeBSD handbook, it is done in single user mode, unmount the desired partition and assign the journal partition to it. i test this procedure and it is done for /usr partition but for root partition, it can not be unmount in single user mode. See the man page on gjournal To configure journaling on the UFS file system using gjournal, one should first create a gjournal provider using the gjournal utility, then run newfs(8) or tunefs(8) on it with the -J flag which instructs UFS to coop- erate with the gjournal provider below. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: setup journaling for root partition
AFAIK Softupdates journaling still breaks snapshot functionality - which makes it unusable for me. I wouldn't assume that the O.P. doesn't want we he's asking for. - M On Tue, May 21, 2013 at 7:42 AM, Arthur Chance free...@qeng-ho.org wrote: On 05/21/13 12:43, saeedeh motlagh wrote: thanks Julien, but i think it's not true. man page for newfs seys that journaling is done via gjournal and in freebsd handbook it says do journaling with gjournal for UFS file system. you mean i should create a partition and just enable journaling for it with -J flag? i think my problem is, my gjournal can not act correctly in fixit mode because i can load it in single user mode and every thing is ok but in fixit mode, i can not load it and all commands return errors. please help me to make a journal for my root:((( Look more carefully at the newfs man page. Option -J (upper case) is gjournal type journalling, option -j (lower case) is native UFS soft update journalling. It's the latter one you want. This is on RELEASE-9.1 though. What version are you on? -- In the dungeons of Mordor, Sauron bred Orcs with LOLcats to create a new race of servants. Called Uruk-Oh-Hai in the Black Speech, they were cruel and delighted in torturing spelling and grammar. _Lord of the Rings 2.0, the Web Edition_ __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.org freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: setup journaling for root partition
On Tue, May 21, 2013 at 8:20 AM, Warren Block wbl...@wonkity.com wrote: On Tue, 21 May 2013, Arthur Chance wrote: On 05/21/13 15:46, Michael Sierchio wrote: AFAIK Softupdates journaling still breaks snapshot functionality - which makes it unusable for me. I wouldn't assume that the O.P. doesn't want we he's asking for. Good point, I'd forgotten that problem as I don't use UFS snapshots. I can imagine it would be a killer for some people. It is, especially if you use dump/restore. Or tarsnap (which is what we use for backups here), or... there are many use cases for snapshots. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: setup journaling for root partition
On Tue, May 21, 2013 at 10:14 PM, s m sam.gh1...@gmail.com wrote: thanks guys for your attentions. i want to setup journaling in FreeBSD 8.2. i compare soft-update and journaling and choose journaling (it is more suitable for my goals). i want to enable journaling for all my partitions. i can do it for all partitions except root in single user mode. i can not do it for root because i can not unmount root in single user mode. No, but you don't need to. In single user mode, root is mounted read-only. You can run tunefs on the root fs device. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: enter single user mode from boot menu
On Sun, Apr 28, 2013 at 4:04 PM, Polytropon free...@edvax.de wrote: After the BTX loader has started, keep hammering the space bar. :-) At some point, you'll see the Ok _ prompt. This is where you enter the command boot -s to go into single-user mode. The kernel will load as you would expect, but no further action (rc.d startup) will be taken. Instead you have to confirm the shell (/bin/sh by default) by pressing enter at the When prompted Enter full pathname of shell or RETURN for /bin/sh: prompt; and then you're left at the # _ prompt, which means you're in single user mode. Type exit to start into multi-user mode as usual. In single user mode, the root filesystem will be the only one mounted, and it will be mounted read-only. If you need to make changes (Correcting a fat-fingered edit to /etc/fstab, for example), you'll need to mount root rw. mount -u -o rw / is the minimal command to do that. You might also find it easier to mount /tmp and /var if they're separate filesystems... YMMV, etc. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: EC2 Instances Future
I still follow Colin's original pattern of using a minimal Linux grub boot EBS device (1GB), ext2fs, with the root partition being on another (ufs2) EBS device. This works very well, with a couple of caveats - - Install e2fsprogs (pkg or port) - you will need it, on occasion when modifying the boot device (after mounting rw). - Kernel upgrades are tricky, so be careful - Edit /etc/freebsd-update.conf intelligently to prevent unintended consequences Apart from that, I have been running i386 and amd64 instances this way, both 8.3 and 9.1, without difficulty (apart from some Xen clock weirdness in 8.3). No Windoze Tax. ;-) - M On Wed, Apr 10, 2013 at 10:05 AM, jflowers jflow...@ezo.net wrote: Is there anything likely to be available in the future (3 months to a year) to avoid the Windows tax on FreeBSD instances for the smaller (t1.micro, m1.small, m1.medium) types? I understand the problem but don't find anything much online about a possible solution. Probably because I don't understand as much as I think. Thanks. -- Jim Flowers jflow...@ezo.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problems with IPFW causing failed DNS and FTP sessions
Okay, what's your DNS setup? Are you running a recursive cache that contacts the root servers directly? Using your ISP's servers? Etc. As a mitigation step, I tried pointing my caches to 8.8.8.8 and 8.8.4.4. - but it turns out that Google is intentionally blocking (returning NX responses to) many netblocks right now because they contain hosts known to be part of the botnet in the DDOS DNS amplification attack. I'm mirroring the root zone everywhere I have a cache, and it's helping. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problems with IPFW causing failed DNS and FTP sessions
It would be really helpful if you'd post the ruleset. At first glance, your stateful rules seem rather wrong, unless there's a check-state above. Also, in and out aren't discriminating enough - every packet is seen by the ruleset more than once. You should think in terms of interfaces, direction, etc. Are you doing NAT? Stateful rules with NAT are indeed possible, but subtle. Your problem has nothing to do with server load, and probably everything to do with not-terribly-well-conceived ruleset. Please post yours here. - M On Sun, Mar 31, 2013 at 8:34 PM, Don O'Neil li...@lizardhill.com wrote: Hi everyone. recently my server started having issues with DNS and FTP sessions either not resolving or timing out. I've tracked the issue down to IPFW. if I issue a 'sysctl net.inet.ip.fw.enable=0' then my issues go away. I have the basic rules like this for dns; 01160 allow udp from any to any dst-port 53 in keep-state 01161 allow tcp from any to any dst-port 53 in keep-state 01162 allow udp from any to any dst-port 53 out keep-state 01163 allow tcp from any to any dst-port 53 out keep-state When I try an nslookup sometimes they fail, sometimes they get through, even if I change my DNS server to google, my ISP, or even OpenDNS. the firewall seems to be causing the issue. I have about 65 rules in all. Any ideas what could be causing this? My server load is low, usually hovering around .2 How can I look at the actual amount of traffic that the IPFW module is processing and track down potential performance issues? My server isn't pushing much data, only around 4-5 Mbps sustained. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problems with IPFW causing failed DNS and FTP sessions
I'll give you a more cogent reply tomorrow - if you use keep-state rules, you want to be a little more specific - for tcp, you want allow tcp from X to Y setup keep-state - i.e. you start the stateful rule on packets that have the SYN flag set. There are some other oddities here - I'm guessing that the firewall rules are there to protect this box itself... in which case your stateful rules really need only to consider outbound traffic, and to allow replies. Let me know if that assumption is erroneous. More later. Time for - M On Sun, Mar 31, 2013 at 9:33 PM, Don O'Neil li...@lizardhill.com wrote: Thanks for the response... here's my full rullset: # ipfw list 00100 check-state 00101 allow tcp from any to any established 00102 allow ip from any to any out keep-state 00103 allow icmp from any to any 00201 allow ip from any to any via lo0 00202 allow ip from any to 127.0.0.0/8 00203 allow ip from 127.0.0.0/8 to any 00204 deny tcp from any to any frag 00301 deny log logamount 50 ip from any to any ipoptions rr 00302 deny log logamount 50 ip from any to any ipoptions ts 00303 deny log logamount 50 ip from any to any ipoptions lsrr 00304 deny log logamount 50 ip from any to any ipoptions ssrr 00305 deny log logamount 50 tcp from any to any tcpflags syn,fin 00306 deny log logamount 50 tcp from any to any tcpflags syn,rst 01110 allow tcp from any to any dst-port 20 in 0 allow tcp from any to any dst-port 20 out 01112 allow tcp from any to any dst-port 21 in 01113 allow tcp from any to any dst-port 21 out 01114 allow tcp from any to any dst-port 990 in 01115 allow tcp from any to any dst-port 990 out 01116 allow udp from any to any dst-port 990 in 01117 allow udp from any to any dst-port 990 out 01118 allow tcp from any to any dst-port 989 in 01119 allow tcp from any to any dst-port 989 out 01120 allow udp from any to any dst-port 989 in 01121 allow udp from any to any dst-port 989 out 01122 allow tcp from any to any dst-port 1024-65000 keep-state 01125 allow tcp from any to any dst-port 22 in 01126 allow tcp from any to any dst-port 22 out 01130 allow tcp from any to any dst-port 25 in 01131 allow tcp from any to any dst-port 25 out 01132 allow tcp from any to any dst-port 587 in 01133 allow tcp from any to any dst-port 587 out 01134 allow tcp from any to any dst-port 2525 in 01135 allow tcp from any to any dst-port 2525 out 01140 allow tcp from any to any dst-port 110 in 01141 allow tcp from any to any dst-port 110 out 01142 allow tcp from any to any dst-port 995 in 01143 allow tcp from any to any dst-port 995 out 01144 allow tcp from any to any dst-port 2110 in 01145 allow tcp from any to any dst-port 2110 out 01150 allow tcp from any to any dst-port 143 in 01151 allow tcp from any to any dst-port 143 out 01152 allow tcp from any to any dst-port 993 in 01153 allow tcp from any to any dst-port 993 out 01160 allow udp from any to any dst-port 53 in keep-state 01161 allow tcp from any to any dst-port 53 in keep-state 01162 allow udp from any to any dst-port 53 out keep-state 01163 allow tcp from any to any dst-port 53 out keep-state 01170 allow tcp from any to any dst-port 80 in 01171 allow tcp from any to any dst-port 80 out 01172 allow tcp from any to any dst-port 443 in 01172 allow tcp from any to any dst-port 443 out 01180 allow tcp from any to any dst-port in 01181 allow tcp from any to any dst-port out 65535 deny ip from any to any I've tried these rules; 01160 allow udp from any to any dst-port 53 in 01161 allow tcp from any to any dst-port 53 in 01162 allow udp from any to any dst-port 53 out 01163 allow tcp from any to any dst-port 53 out Without the keep-state option, and the problem is still persisting... The weird thing is that I've run these rules for a number of years without any issues until just recently. I've checked my interface stats to make sure there aren't a bunch of fragmented packets or errors, and there aren't. I'm not running NAT, it's a publically accessible IP address. -Original Message- From: Michael Sierchio [mailto:ku...@tenebras.com] Sent: Sunday, March 31, 2013 8:58 PM To: Don O'Neil Cc: freebsd-questions@freebsd.org Subject: Re: Problems with IPFW causing failed DNS and FTP sessions It would be really helpful if you'd post the ruleset. At first glance, your stateful rules seem rather wrong, unless there's a check-state above. Also, in and out aren't discriminating enough - every packet is seen by the ruleset more than once. You should think in terms of interfaces, direction, etc. Are you doing NAT? Stateful rules with NAT are indeed possible, but subtle. Your problem has nothing to do with server load, and probably everything to do with not-terribly-well-conceived ruleset. Please post yours here. - M On Sun, Mar 31, 2013 at 8:34 PM, Don O'Neil li...@lizardhill.com wrote: Hi everyone. recently my server started having issues with DNS and FTP
Re: Problems with IPFW causing failed DNS and FTP sessions
On Sun, Mar 31, 2013 at 9:39 PM, Michael Powell nightre...@hotmail.com wrote: I'm probably not smart enough to be able to help directly with your problem but I'd like to add that there is a snowballing DNS Amplification ddos attack against SpamHaus going on which is spilling over Yes, this is very much true. The ICANN servers are dropping packets like mad, and many of the .com servers as well. I am mirroring the root zone locally to mitigate. It works to forward DNS to Google's servers (8.8.8.8, 8.8.4.4.) EXCEPT - they are blocking some net blocks (issuing spurious negative responses) because of large numbers of nets with hosts in the botnet participating in the attack. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problems with IPFW causing failed DNS and FTP sessions
net.inet.ip.fw.dyn_short_lifetime ? net.inet.ip.fw.dyn_udp_lifetime ? You might want to increase these, given the current state of things... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is fdisk broken?
On Fri, Mar 22, 2013 at 7:33 AM, mla_str...@att.net wrote: Can fdisk be made happy again? (At least for a few more years?) The short answer is: no. Fdisk comes from a world where even 1G drives were not yet on the horizon. Use gpart. The long answer is readily available in the forums - google is your friend. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How To Get App To Start At Boot?
On Tue, Mar 19, 2013 at 2:13 PM, Drew Tomlinson d...@mykitchentable.net wrote: I installed Splunk which is not part of the ports tree. It's a proprietary app that I downloaded and installed on it's own. I start it with '/usr/local/splunk/bin/splunk start'. It should also be stopped with '/usr/local/splunk/bin/splunk stop'. In an attempt to automate it, I created this symlink in /usr/local/etc/rc.d: Not the way to do it at all. ;-) (assuming /opt/splunk*/bin is in your path) # splunk enable boot-start This installs the script below as /etc/rc.d/splunk. You then merely need to put splunk_enable=YES in /etc/rc.conf Questions like this are better answered by searching the splunk FAQs, etc. Lots of good info there. #!/bin/sh # PROVIDE: splunkd # REQUIRE: LOGIN # KEYWORD: shutdown # /etc/rc.d/splunk # init script for Splunk. # generated by 'splunk enable boot-start'. . /etc/rc.subr name=splunk extra_commands=status rcvar=`set_rcvar` eval ${rcvar}=\${${rcvar}:-'NO'} splunk_start() { ${splunk_home:-/opt/splunkforwarder}/bin/splunk start --no-prompt --answer-yes $@ } start_cmd=splunk_start splunk_stop() { ${splunk_home:-/opt/splunkforwarder}/bin/splunk stop $@ } stop_cmd=splunk_stop splunk_restart() { ${splunk_home:-/opt/splunkforwarder}/bin/splunk restart $@ } restart_cmd=splunk_restart splunk_status() { ${splunk_home:-/opt/splunkforwarder}/bin/splunk status $@ } status_cmd=splunk_status load_rc_config $name run_rc_command $@ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN vm cant connect to other VM's
Are you pushing routes in your server.conf file? (hint - show, don't tell) - M On Wed, Mar 6, 2013 at 2:38 AM, Brent Clark brentgclarkl...@gmail.com wrote: Hi guys Im struggling with a freebsd vm, that I have that I use for a VPN connection too, from my workstation to my home LAN. And I was wondering if someone could peer review me and my problem. OpenVPN is working beautifully. I.e. I can connect to some services (apache etc) that I run directly on my FreeBSD / openvpn vm. What im now trying to achieve is that I can connect to other VMs / machines on my home LAN. Im using tun for my VPN, and my pf.conf looks like so (please see the nat on ...) [root@freebsd /usr/home/bclark]# cat /etc/pf.conf ext_if=re0 vpn_if=tun0 int_net=10.0.0.0/24 vpn_net=192.168.200.0/24 set skip on lo0 set optimization normal #set block-policy drop set limit { states 2, frags 1, src-nodes 2 } # Normalization: reassemble fragments and resolve or reduce traffic ambiguities. scrub in all # Translation: specify how addresses are to be mapped or redirected. # NAT rules # enabling NAT currently breaks policy based routing #nat on $ext_if from { $int_net, $vpn_net } to any - ($ext_if) #nat on tun0 from { 192.168.200.0/24 } to any - (re0) nat on re0 from { 192.168.200.0/24 } to any - (re0) table sshguard persist block in quick on re0 proto tcp from sshguard to any port ssh label ssh brute What am I missing? If anyone could assist, it would be appreciated. Kind Regards Brent Clark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: dump issue
Snapshots are not yet supported when running with journaled soft updates: Operation not supported :-( On Mon, Feb 11, 2013 at 7:27 AM, Robert Huff roberth...@rcn.com wrote: Will someone please confirm or deny that (UFS) journaling and dump -L continue to be incompatible? Respectfully, Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ZFS - whole disk or partition or BSD slice?
On Sun, Jan 27, 2013 at 5:36 PM, Shane Ambler free...@shaneware.biz wrote: I recall reading that using partitions for zfs on FreeBSD was as good as full disks. No, it isn't - ZFS can fully utilize disk caches when presented with whole devices. There are possible reasons to create partitions - one being that if an unfriendly OS sees the device, it won't try to initialize it if it sees a partition map. Another is using a cheap RAID controller that can't be fully disabled - in which case you generally need to create a partition that doesn't include the last few sectors of the disk, where such controllers keep magic data. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: time_t definition
On Sun, Jan 20, 2013 at 8:07 PM, Garance A Drosehn g...@freebsd.org wrote: Yes, this means that the only reliable way to printf a time_t is to use a cast. That has been true for at least a decade. It may be true that you happened to avoid this issue before, but the only *RELIABLE* platform-independent way to print time_t's is via a cast. Especially for variadic functions like printf. You can reasonably assume that arithmetic expressions will automagically promote a type to the proper size, but you (Garance) ably reinforce what we've been trying to convey about this particular example. Well, Brahma said, even after ten thousand explanations, a fool is no wiser, but an intelligent man requires only two thousand five hundred. - The Mahābhārata. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: time_t definition
Top posting for brevity - the fact is, the code in your original example is wrong. There are reasons to complain about argument size mismatches, esp. in print functions that call (versions of) malloc. You should cast the time_t value explicitly, or use %d instead of %ld. - M On Wed, Jan 16, 2013 at 10:14 AM, Thomas D. Dean tomd...@speakeasy.org wrote: On 01/16/13 03:00, Patrick Lamaiziere wrote: Looks like gcc47 checks the printf format string (-Wformat) Disable this check or convert your time_t. Yes, I know gcc47 checks the format string. But, time_t is of type int32, from a typedef statement. #include stdio.h typedef int zzz; typedef zzz yyy; typedef yyy xxx; int main() { xxx idx; for (idx=0; idx10; idx++) printf(%d\n,idx); return 0; } does not produce the error (I did this on the 'other' system) gcc --version gcc (Ubuntu/Linaro 4.6.3-1ubuntu5) 4.6.3 ... gcc -O2 -pipe -I../../include -std=gnu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-format-y2k -Wno-uninitialized -Wno-pointer-sign xxx.c -o xxx I did not think to do this on the FreeBSD system I was using yesterday. What I don't understand is where gcc is losing track of this definition. In 9.0, or maybe earlier, the definition of time_t was changed with a view toward 64-bit systems. I remember a statement to the effect of in 2038, 32-bit time will overflow. It is unlikely that many 32-biot systems will be around then. So, making the change to 64-bit now will prevent having to do it in the future. So, now, it seems that any calculation involving time_t requires a cast Tom Dean ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPFW stopped logging
On Mon, Jan 7, 2013 at 12:33 PM, Jerry je...@seibercom.net wrote: I have discovered that IPFW stopped logging any messages in the security log over a week ago. I did a reset, etcetera, but without favorable results. I even tried a cold reboot to see if that made any difference; however, it didn't. Other than that, it appears to be working fine. I am looking for suggests on what might be broken. The first suggestion is that you post your ruleset. The second is to show the values of the sysctl MIBs that control ipfw logging: net.inet.ip.fw.verbose net.inet.ip.fw.verbose_limit - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bsdinstall misaligns partitions
On Fri, Jan 4, 2013 at 9:14 AM, Christian Weisgerber na...@mips.inka.dewrote: Shouldn't bsdinstall attempt to align partitions on 4k boundaries both for the benefit of 4k drives and flash storage? That's rather up to you. AFAIK it attempts to create partitions that preserve cylinder boundaries - which are generally a rather obsolete concept, even for drives with spindles. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SOLVED...Re: Trying to find out how to mount as user
On Wed, Jan 2, 2013 at 8:47 AM, Leslie Jensen les...@eskk.nu wrote: I was on a wired connection first and the on wifi so I had two different IP-addresses! New question: Instead of having the following in my /etc/exports /backup machine01 machine02 Can I put my internal network as 192.168.0/24? man exports ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd-update patches custom /boot/kernel/kernel which it should not
The confusion comes from the fact that the original behavior of freebsd-update was NOT to update the kernel binaries if a custom kernel was detected. FYI my /etc/freebsd-update.conf has # Components of the base system which should be kept updated. #Components src world kernel Components src world ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd-update patches custom /boot/kernel/kernel which it should not
On Wed, Jan 2, 2013 at 11:18 AM, andreas scherrer ascher...@gmail.comwrote: This is no longer true, though it was true at the time that was written... - However, freebsd-update will detect and update the GENERIC kernel in /boot/GENERIC (if it exists), even if it is not the current (running) kernel of the system. This is no longer true, though it was true at the time - Furthermore if I remove the kernel option from the COMPONENTS in freebsd-update.conf I think I will not get the kernel source patches anymore, right? Which in turn means I have to get them via some other mechanism, no? No. If you have Components src world you'll get all sources - which you want, presumably, since /usr/src/sys changes are sometimes motivated by security vulnerabilities.. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Release Date Challenge, plus other stuff the project needs
On Mon, Dec 10, 2012 at 10:52 PM, Anonymous anonym...@foto.nl1.torservers.net wrote: We, the users of FreeBSD You speak only for yourself. - M PS I'll bet waiters in restaurants spit in your food ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Release Date Challenge, plus other stuff the project needs
The FreeBSD Foundation is not the FreeBSD Project. I encourage you to give to the Foundation, because it exists to support the Project. But the majority of work done on the development and maintenance is not funded by the Foundation - by and large, it is self-funded by contributors, or occasionally funded by outside grants for specific functions (e.g. the Trusted BSD framework). http://www.freebsdfoundation.org/donate/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: VPS FreeBSD Hosting
Top-posting for brevity. I use EC2. You can start with Colin Percival's HVM instances - I run a Xen kernel using a modified version of his original scheme - which is to have a 1GB Linux partition running grub to boot from a FreeBSD disk. I'm happy to share an AMI with you, but you should try Colin's stuff. On Sun, Nov 25, 2012 at 1:08 PM, Jim Flowers jflow...@ezo.net wrote: I gave up maintaining my own hardware for providing cloud computing services about 10 years ago and have been using several dedicated server services with root-access FreeBSD since about 6.0. with good results. At the time VPS looked like too many problems. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: WARNING: FreeBSD 9.0-RELEASE is approaching its End-of-Life date.
On Thu, Nov 15, 2012 at 1:57 PM, Matthias Petermann matth...@d2ux.net wrote: Where can I find more information on the planned lifecycles of the current and upcoming releases? Are there any? http://www.freebsd.org/security/ Scroll down about halfway. 9.0 is a regular release, EOL is January 31, 2013. Alternate releases are extended releases, so 9.1 will have a 2 year support span. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: GELI Swap password on boot
On Wed, Nov 7, 2012 at 4:20 PM, Mike Barnard mike.barna...@gmail.com wrote: Hi, I am running FreeBSD 9.0-RELEASE and I am experiencing some strange behaviour with GELI. Every time I boot up my computer, I get a request to enter the Encryption password for swap. swap is not encrypted and should not be asking for an encryption password. I have checked and ensured that there are no providers for geli for the ada0p3 partition. Any one have pointers on what I could check for to rectify this. in /etc/fstab you should have: /dev/ada0p3.eli noneswapsw 0 0 in /etc/rc.conf you should have (something like): geli_swap_flags=-e aes -l 256 -s 4096 -d /etc/rc.d/encswap will generate a random password ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: question for ipfw2 experts
On Mon, Sep 24, 2012 at 12:35 PM, Darrel levi...@iglou.com wrote: Can someone please send an exmaple of how to properly use tables? Quick, trivial example - this doesn't help you understand tableargs, this is just efficiently to handle a very large list of sparse nets. PEERS=/etc/ipfw/permitted_hosts.txt cat $PEERS | awk '/^[1-9][0-9\.][0-9\.]*/ { print ipfw table 1 add, $1 }' | sh $FW add 01000 check-state [ a bunch of rules ] $FW add 05000 allow tcp from table\(1\) to me 7514 in recv $OUTSIDE_IF setup keep-state $FW add 06000 deny tcp from any to me in recv $OUTSIDE_IF Now, if you want to atomically change tables without altering instantiated dynamic rules, you can use separate tables and swap rulesets. You can use tableargs (the second parameter when adding an entry to the table) as a rule number to skipto, or as a tag in logging, etc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Chesar
On Sat, Sep 22, 2012 at 4:39 AM, Andrea Venturoli m...@netfence.it wrote: Hello. I'm trying to deploy this: http://chesar.echa.europa.eu/ I'm using tomcat7 (but tried tomcat6) and JDK 1.6 (that's the only allowed version). It actually took some effort for me to get a working java/tomcat framework. Which version and architecture of FreeBSD? I'm using tomcat-6.0.35 and openjdk6-b24_4, if that helps. - M When I start Tomcat, I get: Sep 22, 2012 11:36:05 AM org.apache.catalina.core.StandardContext listenerStart SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.config.http.UserDetailsServiceInjectionBeanPostProcessor#0': BeanPostProcessor before instantiation of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.transaction.config.internalTransactionAdvisor': Cannot resolve reference to bean 'org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0' while setting bean property 'transactionAttributeSource'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0': Initialization of bean failed; nested exception is java.lang.IllegalArgumentException: warning no match for this type name: substance [Xlint:invalidAbsoluteTypeName] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:452) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194) at org.springframework.context.support.AbstractApplicationContext.registerBeanPostProcessors(AbstractApplicationContext.java:722) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:410) at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276) at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197) at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4790) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5284) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:618) at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:963) at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1600) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) at java.util.concurrent.FutureTask.run(FutureTask.java:138) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907) at java.lang.Thread.run(Thread.java:619) Any hint on this? Of course they support Red Hat Linux, not FreeBSD, but I though Java and Tomcat were Java and Tomcat... Thanks in advance. bye av. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: What replaces csup?
We are really behind the curve here. Git assumes (correctly) that disk space is inexpensive, much cheaper per byte than network bandwidth. By the time we adopt SVN completely, every serious project I know of will have moved from subversion to git. ;-) - M On Tue, Sep 18, 2012 at 12:33 AM, Stas Verberkt lego...@legolasweb.nl wrote: Warren Block schreef op : The difference is that a local svn checkout has all the commit history. A comparison recently showed 700-some megabytes more space used by the svn checkout. Although I believe the checkouts are bigger, I do not think they have all the commit history. This is where SVN and CVS differ from systems like Git or Mercury, which have all the history in a local working copy. I think the overhead of SVN consists of backups and cached copies of the previous revision, but I am not quite sure. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: What are negative permissions?
On Sun, Sep 16, 2012 at 12:50 PM, Matthias Apitz g...@unixarea.de wrote: El día Sunday, September 16, 2012 a las 08:37:48PM +0100, Matthew Seaman escribió: It's where the group ownership of a file gives it fewer permissions than are allowed for the world in general. Suppose you have a file with these permissions and ownership: foo bar -rwx---r-x ... So far so good (and correct) the theory. But, could you imagine a real world example where this makes any sense? Group permissions are rather blunt, and if you want fine-grained access controls, you'll need to enable ACLs. However... Imagine, if you will, a group entitled guest, with the semantics you might normally associate with that name - then using negative group permissions on a directory effectively prevents traversal beyond that point for members of that group. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Force disk with old GPT label to be recognized as MBR one
On Thu, Aug 30, 2012 at 1:54 AM, Виталий Туровец core...@corebug.net wrote: So my question is: how do i force the system to ignore old corrupt GPT header on this hdd, or how do i remove the header, or is there any workaround possible? dd if=/dev/zero of=/dev/ada1 bs=64k ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Force disk with old GPT label to be recognized as MBR one
On Thu, Aug 30, 2012 at 4:18 AM, Виталий Туровец core...@corebug.net wrote: Well, i thought that my need to get files from hdd is easy enough to understand from my original message:) Извините, пожалуйста! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /tmp filesystem full
This will happen automatically if you go to multiuser without a writeable /tmp. See /etc/rc.d/tmp I have a problem with the semantics of the rc scripts for this and var, though - if you are going to use a memory-backed filesystem, you should reserve all the space at the outset. Bad things can occur as you approach the memory limit (like a kernel panic) otherwise. I'd prefer something like this: _mdunit=`mdconfig -a -n -t malloc -o reserve -s ${tmpsize}` newfs /dev/md${_mdunit} /dev/null 21 mount -o ${tmpmfs_flags} /dev/md${_mdunit} /tmp But that's just me. mount_md doesn't quite do this. -M On Wed, Aug 22, 2012 at 12:48 PM, Sergio de Almeida Lenzi lenzi.ser...@gmail.com wrote: If you use zfs, that is easy... zfs set quota=NNG pool/tmp if not try to mount tmp in memory... in /etc/rc.conf tmpmfs=YES tmpsize=400m reboot this would create a /tmp in memory (swap) size=400 Megabytes Sergio ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /tmp filesystem full
On Wed, Aug 22, 2012 at 3:29 PM, RW rwmailli...@googlemail.com wrote: Sorry I misread the previous post which *was* referring to an md device, but the rest is right. Not really. ;-) The one compelling reason to use an md filesystem for /tmp or /var is when you have no swap, and/or your root fs is read only (or read mostly), as with embedded computers, Soekris boxes booting from CF, USB stick, or even mSATA (I wouldn't swap on a partition on an MLC mSATA device). In that case, you most certainly want to reserve the space for the filesystem at creation time. Usually /tmp - /var/tmp is that case. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /tmp filesystem full
On Wed, Aug 22, 2012 at 5:43 PM, Polytropon free...@edvax.de wrote: For the mentioned appliances, that would not be a problem. However there's a distinction between /tmp and /var/tmp that can be summarized like this: The content of /tmp may disappear after a reboot (see clear_tmp_enable=YES in /etc/rc.conf), whereas /var/tmp is to be preserved during reboot. Some programs rely on this behavior when putting delete-temporary and keep-temporary files into the respective directories. You are quite right - most of what's in /var is expected to be persistent. In the case where /var/tmp is on a mfs, it's hard to oblige. On these same systems, I do have rc scripts that save parts of /var (those listed in an rc.conf variable) for shutdown, and populate those dirs (after /etc/rc.d/var does its mtree stuff) on start up. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /tmp filesystem full
On Wed, Aug 22, 2012 at 7:17 PM, RW rwmailli...@googlemail.com wrote: tmpfs and swap md devices don't actually need swap. I don't seen any advantage in your way of creating an md device for /tmp. Then you don't understand. ;-) The advantage of my approach is avoiding a kernel panic when writing to the tmpfs when you haven't pre-allocated all the filesystem space at creation time. If that happens to matter to you... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to keep freebsd-update from trashing custom kernel?
On Mon, Aug 13, 2012 at 9:35 AM, Brett Glass br...@lariat.net wrote: Actually, freebsd-update is claimed to respect custom kernels. ... And it does, in my experience. If the hash of the kernel doesn't match that of the distribution (or recent update), freebsd-update leaves it alone. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to keep freebsd-update from trashing custom kernel?
On Mon, Aug 13, 2012 at 1:07 PM, Brett Glass br...@lariat.net wrote: At 11:33 AM 8/13/2012, Michael Sierchio wrote: And it does, in my experience. If the hash of the kernel doesn't match that of the distribution (or recent update), freebsd-update leaves it alone. That is what I thought it would do, based on the docs. However, when I recently ran freebsd-update on a FreeBSD 9.0 machine with a module-less custom kernel at /boot/kernel/kernel, it fetched a GENERIC kernel and overwrote the custom kernel with it. Interestingly, it didn't bring in any modules; it just overwrote the one file. I am skeptical, since this is counter to design and experience. I'm not saying it isn't possible, but so far it's not reproducible. When you say you updated a FreeBSD 9.0 machine, was it... 9.0-RELEASE? 9.0-RELEASE-pX ? i386? amd64? - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Mounting raw disk backup file.
On Sun, Aug 5, 2012 at 11:12 PM, Matthew Navarre navarre.matt...@gmail.comwrote: I had a drive fail recently, it was working fine until I rebooted. After that the partition map was corrupt and I can't mount either partition on the disk. So I made a copy of the whole disk using dd to an old USB drive. There were several IO errors while dd was copying the disk, so I think the disk is starting to go. I can probably fix the partition table using testdisk, but now that I've got this image file I'd rather work with that instead of the physical disk. I've read the Handbook section on using mdconfig, but that assumes the image file is of a filesystem, not a whole disk. I think I've found instructions for how to do it on linux, but if there's a way to mount it on FreeBSD I'd rather do that. So, any suggestions? Here's what file says about the file: mnavarre@pcbsd-1810] /# file /mnt/ada1_backup /mnt/ada1_backup: x86 boot sector; partition 1: ID=0xa5, active, starthead 1, startsector 63, 167766732 sectors; partition 2: ID=0xa5, starthead 254, startsector 167766795, 144809910 sectors, code offset 0x3c, BSD disklabel Why did you put it in /mnt? That's customarily used for mounting fileystems. Move it ;-) mdconfig -a -t vnode -f /new-path/ada1_backup note the device that's created (probably md0) you can then operate on /dev/md0 as if it were a disk. In particular, you might want to fix the partition map, the label info, etc. You can then fsck the filesystem (presumably something like /dev/md0s1a or /dev/md0a etc). You'll probably need to tell fsck that it's ufs (i.e. fsck -t ufs /dev/md0a ) you can then mount the fs (mount -t ufs /dev/md0a /mnt ) - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Why can't I set my cpu type in kernel config ?
make LINT vi LINT On Mon, Aug 6, 2012 at 4:53 PM, Jason Usher jushe...@yahoo.com wrote: I am installing 8.3-RELEASE on an old 900mhz pentium laptop ... it's an i686 CPU. By default, GENERIC has HAMMER as the cpu, and that isn't working. So I tried both: cpu I586_CPU and: cpu I686_CPU (I also tried them both lowercase, like i686_cpu) But all of these fail: GENERIC: unknown option I586_CPU How can I set 586/686 (you're supposed to set both) in my kernel conf ? You're sure it's an i686? Do you have the amd64 distribution, or i386? If the former, then in /usr/src/sys/amd64/conf... # make LINT # vi LINT cpu HAMMER and that's all she wrote. There are some 32-bit compatibility options: options COMPAT_FREEBSD32 options COMPAT_LINUX32 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: geli - selecting cipher
On Thu, Jul 26, 2012 at 8:47 AM, Ivan Voras ivo...@freebsd.org wrote: You didn't get an answer because in security, the answer depends on exact circumstances of use. The short answer is that if you don't have a specific adversary you need to protect your data from, I'd say that GELI's CBC is good enough for you. The specific adversary that XEX / XTS etc. is designed to protect against is probably unrealistically strong - someone who can write arbitrary data to raw disk sectors and ask to have them decrypted (chosen ciphertext attack), etc. If you don't need to detect modifications/insertions/deletions that don't go through the GELI layer, I would be perfectly comfortable with AES-CTR mode - it is many times faster than any of the above methods. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: geli - selecting cipher
On Wed, Jul 25, 2012 at 11:57 AM, Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote: i need high speed disk encryption (many disks running in parallel, lots of I'm not cryptography expert, is CBC somehow less secure, and if so is it really a problem? XTS-AES is a standard devised specifically for disk encryption - it supports operations on sectors that aren't divisible by the cipher block size. See http://en.wikipedia.org/wiki/Disk_encryption_theory#XEX-based_tweaked-codebook_mode_with_ciphertext_stealing_.28XTS.29 I personally would be fine with AES-CTR mode, since I don't see the need to defend against the mythical strong adversary who can write arbitrary bits to unused sectors and then ask to have them decrypted. AES-CTR doesn't (by itself) have any integrity check. AES-CBC is fine, but the ciphertext is larger than the plaintext. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Does FreeBSD start slices at head boundaries?
On Fri, Jul 6, 2012 at 11:58 AM, Eitan Adler li...@eitanadler.com wrote: Slices isn't the old way. There is no perf advantage for dedicated disks. Maybe you get a few kb of extra space. Don't do it. http://www.unixguide.net/freebsd/faq/09.03.shtml That is EXTREMELY old advice. The general advice, for this and many other things, is - don't do it, but if you do it, know what you're doing. ;-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Newbie question: Why aren't my cron jobs running?
On Mon, Jun 11, 2012 at 7:04 PM, Walter Hurry walterhu...@gmail.com wrote: As the subject says, this is probably a newbie question (I am new to FreeBSD but quite experienced at Linux). FreeBSD9 on x86_64. Cron is running: $ ps -ax|grep cron 1513 ?? Is 0:00.01 /usr/sbin/cron -s 2283 0 S+ 0:00.00 grep cron $ I have a syntactically valid crontab: $ crontab -l #min hr dom month dow command SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/home/ daddy/bin HOME=/home/walterh 00 02 * * * /home/walterh/exports.sh 05 02 * * * /home/walterh/backup_etc.sh 10 02 * * * /home/walterh/systemcheck.sh 15 02 * * * /home/walterh/backup_bsd.sh $ So what is wrong? Why is nothing happening? I have consulted the handbook but see nothing. Have you installed bash? It's not in the system base. What's in your shell scripts? - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Newbie question: Why aren't my cron jobs running?
On Mon, Jun 11, 2012 at 7:25 PM, Walter Hurry walterhu...@gmail.com wrote: cat /etc/shells ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: note
On Mon, Jun 11, 2012 at 8:36 PM, Arlen McIntyre fallofz...@gmail.com wrote: I cannot afford to buy FreeBSD. Dada is not dead! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Sun, Jun 10, 2012 at 9:31 AM, Bruce Cran br...@cran.org.uk wrote: Does Intel control AMD too? Last I checked there are plenty of AMD machines in major stores and they come with Windows too. So... attempting to bring reason into the argument? That won't do, I'm afraid. ;-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ran out of inodes on /var, recommended value?
On Sat, Jun 9, 2012 at 6:22 AM, Gary Aitken free...@dreamchaser.org wrote: I reconfigured my ssd filesystem with the /var partition of size 512M. Unfortunately, something in portsnap or the ports tree in general uses a boatload of small files, and i ran out of inodes. Can anyone recommend an appropriate size for the newfs -i value? 1024? less? You may find this solution cheesy, but it works. I found the problem to be /var/db, and ran into it when doing a pkg_add -r for a package with a lot of dependencies. Some things - like freebsd-update - are configurable to use a different dir without this nonsense. - M pvpn 206 ls -l /var/db total 228 -- 1 root wheel990 May 11 03:03 dhclient.leases.vr0 drwx-- 2 operator operator 512 Jun 9 16:33 entropy lrwxr-xr-x 1 root wheel 37 May 11 02:32 freebsd-update - ../../usr/local/var/db/freebsd-update drwx-- 2 root wheel512 Apr 9 21:10 ipf -r--r--r-- 1 nobodywheel 183727 Jun 9 04:15 locate.database -rw--- 1 root wheel 40790 May 16 20:05 mergemaster.mtree lrwxr-xr-x 1 root wheel 26 May 11 02:32 pkg - ../../usr/local/var/db/pkg lrwxr-xr-x 1 root wheel 28 May 11 02:32 ports - ../../usr/local/var/db/ports lrwxr-xr-x 1 root wheel 31 May 11 02:32 portsnap - ../../usr/local/var/db/portsnap drwx-- 3 root wheel512 May 21 20:54 sudo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Proper Port Forwarding
On Thu, Jun 7, 2012 at 10:15 AM, Michael Powell nightre...@hotmail.com wrote: There is also this you can place in /etc/sysctl.conf: net.inet.tcp.fast_finwait2_recycle=1 Good catch. The defaults are perhaps not ideal in all cases: net.inet.tcp.finwait2_timeout: 6 - ms, ten minutes net.inet.tcp.fast_finwait2_recycle: 0 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Proper Port Forwarding
On Thu, Jun 7, 2012 at 10:27 AM, Michael Sierchio ku...@tenebras.com wrote: net.inet.tcp.finwait2_timeout: 6 - ms, ten minutes I can't do arithmetic, but you get the idea. A full minute. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: find date of last boot
On Thu, Jun 7, 2012 at 7:34 PM, Polytropon free...@edvax.de wrote: Maybe introducing something along the /etc/rc execution? An /etc/rc.local entry like /bin/date +%Y-%m-%d %H:%M:%S /var/log/thisboot.log and then just look at the file. Requires at least one reboot to take effect. :-) You could just put the following in /etc/rc.local date and it would be retained in /var/run/dmesg.boot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Proper Port Forwarding
On Wed, Jun 6, 2012 at 11:31 AM, Simon si...@optinet.com wrote: This easily causes DoS for when too many FIN_WAIT_2 are created and IPFW stops forwarding using the rule above because of too many dynamic rules Change the defaults for the fw.dyn sysctl MIB nodes to something like net.inet.ip.fw.dyn_short_lifetime=3 net.inet.ip.fw.dyn_udp_lifetime=3 net.inet.ip.fw.dyn_rst_lifetime=1 net.inet.ip.fw.dyn_fin_lifetime=1 net.inet.ip.fw.dyn_syn_lifetime=10 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Clock lagging behind on FreeBSD 9.0-RELEASE under KVM
Try machdep.independent_wallclock=1 On Tue, Jun 5, 2012 at 8:08 AM, Martin Dimitrov martin.dimit...@mafiainc.org wrote: Hi, I am new to FreeBSD, decided to migrate a web server to FreeBSD. I recently both a VPS that claim to use KVM as a virtualization service, I don't know the details of the real hardware running behind nor what is KVM running on. Anyway I have an issue with clock on my FreeBSD installation that I can't live with. The clock is lagging behind, for example running sleep 30 is really sleeping around 35 seconds not 30. Also seems that NTP is not able to manage with this drift in time. Before posting here I red about similar problems mostly related to VMWare guests, but the solutions suggested are following: set kern.hz=100 or kern.hz=50 (doesn't work for me) set hint.apic.0.disabled=1 (this makes the guest hangs while booting also it discarding the SMP capabilities of the kernel which I assume is not a good idea) set kern.timecounter.hardware TSC (doesn't work for me) Is there any chance I deal with this time drifting issue somehow? If somebody faced such issue and managed it I would be happy to try another possible solution? Alternatively I can switch the provider with other that is using Xen for virtualization, I guess is better, but no guarantee that would not have the same issue. :( Cheers, Martin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Anyone using freebsd ZFS for large storage servers?
On Sat, Jun 2, 2012 at 7:44 PM, Daniel Staal dst...@usa.net wrote: I will agree that ZFS could use a good worst-case scenario 'fsck' like tool. Worst-case scenario? That's when fsck doesn't work. Quickly followed by a sinking feeling. ZFS can be a complicated beast: It's not the best choice for a single, small, disk. It may take tuning to work to it's full potential, and it's fairly resource-intensive. However, for large storage sets there is no other file system out there at the moment that's as flexible, or as useful, in my opinion. I don't even see the point of using it as a root drive. But this thread is about large file servers, and I wouldn't seriously consider using anything but ZFS. NO filesystem has a mean time to data loss of infinity. If your disk traffic is primarily uncacheable random reads, you might be better off with mirrored disks. I guess that's what the traffic is like at the internet cafe where Wojciech serves coffee. ;-) I tend to use RAIDZ-2 or RAIDZ-3 for most large installations. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Anyone using freebsd ZFS for large storage servers?
On Fri, Jun 1, 2012 at 7:35 AM, Polytropon free...@edvax.de wrote: I do _not_ want to try to claim a ZFS inferiority due to missing backups, but there may be occassions where (except performance), low-level file system aspects of UFS might be superior to using ZFS. If you have an operational need for offsite backups, that doesn't change no matter how much redundancy you have in a single location. Backups are still necessary. But when RAIDed, ZFS has features that make it superior to hardware RAID - copy-on-write, block deduplication, etc. Like UFS2, it supports snapshots - but a lot more of them. Another performance criterion that is important to me is mirror (or raidz) recovery - how long does mirror catch-up take when you replace a disk, and how badly does it degrade performance for other data operations? Software raid, esp. gmirror, tends to do poorly here. My experience is that ZFS raid share recovery had less of an impact. YMMV. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Anyone using freebsd ZFS for large storage servers?
On Fri, Jun 1, 2012 at 8:16 AM, Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote: Better=random read performance of single drive. What an entirely useless performance measure! Maybe you should restrict yourself to using SSDs, which have rather unbeatable random read performance - the spindle speed is really high. ;-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Anyone using freebsd ZFS for large storage servers?
On Fri, Jun 1, 2012 at 8:08 AM, Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote: ZFS is somehow in that part similar to Amiga Fast File System. when you overwrite a directory block (by hardware fault for example), everything below that directory will disappear. You may not be even aware of it until you need that data Only separate software (that - contrary to ZFS - do exist) can recover things by linearly scanning whole disk. terribly slow but at least possible. EVEN FAT16/FAT32 IS MORE SAFE. First of all, in any environment you expect disk failures. Which operationally means replacing the entire disk. Then you rely on the raid recovery mechanism (in whichever flavor of disk discipline you choose). ZFS semantics (copy on write, for example) are much safer than UFS semantics. This is not to say that UFS is not a more mature and possibly robust filesystem. But relying on gmirror, graid, etc. means you are no longer relying solely on the robustness of the underlying filesystem - you cannot offer a reduction proof that shows that if gmirror is bad, it means UFS is bad. I use UFS for most purposes, but would never build a large fileserver using gmirror on UFS. Your assertions about the dangers of ZFS are just that - assertions. They are not borne out in reality. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipfw subnetting
On Mon, May 21, 2012 at 8:30 AM, Paul Macdonald p...@ifdnrg.com wrote: A very open firewall test script is as follows: 00010 allow ip from any to any via lo0 00081 deny log ip from 180.0.0.0/8 to any 00100 check-state You don't need the following 00101 allow tcp from any to any established This may not do what you think - out does not necessarily mean out your external interface. Packets can go in and out (from the perspective of the ruleset) more than once. And you want only to start a dynamic rule for legitimate TCP traffic, which means tcpflags syn,!ack - See below 00102 allow ip from any to any out keep-state and you probably want to be selective about which ICMP you allow 00103 allow icmp from any to any 65535 deny ip from any to any It's also helpful (most of the time) to be explicit about the interface Is this ruleset just protecting this host itself, or are you using it as a firewall for an internal network? ipfw add allow ip from any to any via lo0 ifpw add allow ip from $local_net to $local_net ipfw add deny log ip from 180.0.0.0/8 to any in recv $ext_if ipfw add check-state ipfw add allow tcp from any to any out xmit $ext_if setup keep-state ipfw add allow udp from any to any out xmit $ext_if keep-state ipfw add allow icmp from any to any out xmit $ext_if keep-state ipfw add allow icmp from any to any in recv $ext_if icmptypes 3,8,11 ipfw add deny ip from any to any ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipfw subnetting
On Mon, May 21, 2012 at 10:19 AM, Paul Macdonald p...@ifdnrg.com wrote: this is now resolved, i hadn't realised (embarrassingly) that ipfw list will show rules if if the fw is disabled. You should consider using tables, which allow you to add ad hoc nets, etc. and you can swap rulesets atomically so you can manipulate tables and then deploy them. ipfw add deny ip from table\(1\) to any etc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: file permission template
man sh (or man csh) - look for 'umask' On Sat, May 12, 2012 at 7:37 AM, fake fake four.troublesome.he...@gmail.com wrote: I need a sort of file permission template. Under some particular directory (like ~/secret), I need all those files (including newly creating one) mode 700. Is there any template-trick? Or chmod -R 700 every time? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: User can't login but /etc/(master.)passwd OK
On Wed, May 9, 2012 at 8:03 AM, Robert Bonomi bon...@mail.r-bonomi.com wrote: Details are *IMPORTANT* grin What's the user's shell in the password file, and does that shell: exist? executable? In the /etc/shells file? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Adding a Static Route to rc.conf?
On Thu, May 3, 2012 at 11:17 AM, Noel noeld...@gmail.com wrote: Indeed, I should have mentioned that if you have freebsd-8x or earlier, this feature isn't built-in but can be easily added: http://freebsd.1045724.n5.nabble.com/Re-rc-8-script-waiting-for-the-network-to-become-usable-td4242157.html Or the earlier discussion: http://lists.freebsd.org/pipermail/freebsd-stable/2010-April/056521.html The link to the script in this thread is dead. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: newfs create to little inodes
On Mon, Apr 16, 2012 at 10:46 AM, Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote: Does newfs always must create sufficient count of inodes? or I must supply some addition options when creating FS? yes man newfs (-i option) There are many use cases for a filesystem - if you have mostly very large files, the defaults in newfs reserve too many inodes per X number of blocks - if you have mostly small files, there will be too few. It takes experience and a little luck to create filesystem in which free blocks and free inodes get consumed proportionally. Start by reading the man page and grok deeply. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: shutdown -p doesn't power-off USB
That would be something in the BIOS settings, probably... On Sat, Mar 31, 2012 at 8:38 AM, Jens Schweikhardt schwe...@schweikhardt.net wrote: hello world\n I'm running 9-STABLE/amd64 and for a few months now, whenever I shut down with shutdown -p now, the USB devices still have power. This is most visible on the USB keyboard, where *all* LEDs are turned on and stay on. The MB is an ASUS P5Q3 Deluxe. The USB related sysctls are: # sysctl -aw|grep -i usb descrUSB1008A Flash Disk/descr device usb hw.pci.usb_early_takeover: 1 hw.usb.no_shutdown_wait: 0 hw.usb.no_boot_wait: 0 hw.usb.debug: 0 hw.usb.usb_lang_mask: 255 hw.usb.usb_lang_id: 9 hw.usb.template: 0 hw.usb.power_timeout: 30 hw.usb.no_pf: 0 hw.usb.no_cs_fail: 0 dev.uhci.0.%desc: Intel 82801JI (ICH10) USB controller USB-D dev.uhci.0.%location: slot=26 function=0 handle=\_SB_.PCI0.USB4 dev.uhci.1.%desc: Intel 82801JI (ICH10) USB controller USB-E dev.uhci.1.%location: slot=26 function=1 handle=\_SB_.PCI0.USB5 dev.uhci.2.%desc: Intel 82801JI (ICH10) USB controller USB-F dev.uhci.2.%location: slot=26 function=2 handle=\_SB_.PCI0.USB6 dev.uhci.3.%desc: Intel 82801JI (ICH10) USB controller USB-A dev.uhci.3.%location: slot=29 function=0 handle=\_SB_.PCI0.USB0 dev.uhci.4.%desc: Intel 82801JI (ICH10) USB controller USB-B dev.uhci.4.%location: slot=29 function=1 handle=\_SB_.PCI0.USB1 dev.uhci.5.%desc: Intel 82801JI (ICH10) USB controller USB-C dev.uhci.5.%location: slot=29 function=2 handle=\_SB_.PCI0.USB2 dev.usbus.0.%desc: Intel 82801JI (ICH10) USB controller USB-D dev.usbus.0.%driver: usbus dev.usbus.0.%parent: uhci0 dev.usbus.1.%desc: Intel 82801JI (ICH10) USB controller USB-E dev.usbus.1.%driver: usbus dev.usbus.1.%parent: uhci1 dev.usbus.2.%desc: Intel 82801JI (ICH10) USB controller USB-F dev.usbus.2.%driver: usbus dev.usbus.2.%parent: uhci2 dev.usbus.3.%desc: Intel 82801JI (ICH10) USB 2.0 controller USB-B dev.usbus.3.%driver: usbus dev.usbus.3.%parent: ehci0 dev.usbus.4.%driver: usbus dev.usbus.4.%parent: xhci0 dev.usbus.5.%desc: Intel 82801JI (ICH10) USB controller USB-A dev.usbus.5.%driver: usbus dev.usbus.5.%parent: uhci3 dev.usbus.6.%desc: Intel 82801JI (ICH10) USB controller USB-B dev.usbus.6.%driver: usbus dev.usbus.6.%parent: uhci4 dev.usbus.7.%desc: Intel 82801JI (ICH10) USB controller USB-C dev.usbus.7.%driver: usbus dev.usbus.7.%parent: uhci5 dev.usbus.8.%desc: Intel 82801JI (ICH10) USB 2.0 controller USB-A dev.usbus.8.%driver: usbus dev.usbus.8.%parent: ehci1 dev.ehci.0.%desc: Intel 82801JI (ICH10) USB 2.0 controller USB-B dev.ehci.0.%location: slot=26 function=7 handle=\_SB_.PCI0.USBE dev.ehci.1.%desc: Intel 82801JI (ICH10) USB 2.0 controller USB-A dev.ehci.1.%location: slot=29 function=7 handle=\_SB_.PCI0.EUSB dev.xhci.0.%desc: XHCI (generic) USB 3.0 controller dev.uhub.0.%parent: usbus0 dev.uhub.1.%parent: usbus1 dev.uhub.2.%parent: usbus2 dev.uhub.3.%parent: usbus3 dev.uhub.4.%parent: usbus4 dev.uhub.5.%parent: usbus5 dev.uhub.6.%parent: usbus6 dev.uhub.7.%parent: usbus7 dev.uhub.8.%parent: usbus8 dev.ums.0.%desc: Logitech USB Receiver, class 0/0, rev 2.00/22.00, addr 2 dev.uhid.0.%desc: Logitech USB Receiver, class 0/0, rev 2.00/22.00, addr 2 Any help appreciated in telling me how to turn off USB power with shutdown. Regards, Jens -- Jens Schweikhardt http://www.schweikhardt.net/ SIGSIG -- signature too long (core dumped) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Editor With NO Shell Access?
There are two edits to make to ex_shell.c in /usr/src/contrib/nvi/ex that will prevent a shell from being executed. 99,100c return (1); . 48,51c return (1); . On Mon, Mar 12, 2012 at 4:59 PM, David Brodbeck g...@gull.us wrote: On Mon, Mar 12, 2012 at 7:19 PM, Tim Daneliuk tun...@tundraware.com wrote: I have a situation where I need to provide people with the ability to edit files. However, under no circumstances do I want them to be able to exit to the shell. The client in question has strong (and unyielding) InfoSec requirements in this regard. I vaguely recall that pico can be configured to work this way. Check out /usr/ports/editors/pico-alpine. Sorry I can't give much more help; it's been a very long time since I worked with that particular editor. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: semi OT: correct CIDR block?
ipsc, from packages or ports, is very useful. ipsc -gch 10.0.0.32/27 Network class:A Network mask: 255.0.0.0 Network mask (hex): FF00 Network address: 10.0.0.32 Subnet bits: 19 Max subnets: 524288 Full subnet mask: 255.255.255.224 Full subnet mask (hex): FFE0 Host bits:5 Hosts per subnet: 32 Bit map: ...sssh IP address: 10.0.0.32 Hexadecimal IP address: A20 Address allocation range: 10.0.0.32 - 10.0.0.63 Full subnet mask: 255.255.255.224 Subnet mask: 0.255.255.224 Subnet ID:0.0.0.32 Network ID: 10.0.0.0 Host ID: 0.0.0.32 Cisco Wildcard: 0.0.0.31 CIDR notation:10.0.0.0 /27 Route/Mask: 10.0.0.0 / 255.255.255.224 Hexadecimal route/mask: A00/ FFE0 Supernet max: 0 On Mon, Mar 5, 2012 at 6:51 AM, Tim Kellers wall...@smsdesign.org wrote: On 03/05/12 09:30, Robert Huff wrote: With my brain still on EBADSLEEP, I cannot decide if: 10.0.0.32-10.0.0.63 is correctly described by: 10.0.0.32/27 Anyone? Please? Robert Huff __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.org freebsd-questions-unsubscr...@freebsd.org Network = 10.0.0.32 Usable IPs = 10.0.0.33 to 10.0.0.62 for 30 Broadcast = 10.0.0.63 Netmask = 255.255.255.224 Wildcard Mask = 0.0.0.31 Looks pretty good to me. Tim Kellers __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.org freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: odd SDcard behaviour in freebsd-9.0-R
Forgive the naive question, but on one of my Nikons, it is possible to present the device itself, or the SD card as a USD drive. Which are you doing? No doubt there is no driver for the D50 in the kernel, but the generic umass driver should handle the device. On Mon, Feb 27, 2012 at 9:47 AM, John free...@growveg.net wrote: Hi list, I recently upgraded from 8.2-R to 9.0-R via freebsd-update and noticed different behaviour when I plug in my Nikon D50 via the usb port. I'm using the generic kernel while I try to sort this. It is the same in all but identity. 8.2 behaviour used to create a device /dev/da(x)s1 depending on what else was also connected to the USB subsystem. Typically the system would see the card whilst it was still in the camera as /dev/da5s1 and I could then mount it with mount_msdosfs. 9.0 behaviour just shows the following in /var/log/messages: Feb 26 09:18:02 potato kernel: ugen4.6: NIKON at usbus4 Feb 26 09:18:02 potato kernel: umass2: NIKON NIKON DSC D50, class 0/0, rev 2.00/1.00, addr 6 on usbus4 Feb 26 09:18:02 potato kernel: umass2: SCSI over Bulk-Only; quirks = 0x4100 Feb 26 09:18:02 potato kernel: umass2:5:2:-1: Attached to scbus5 and nothing corresponding to the device in /dev What am I doing wrong? thanks, -- freebsd at growveg dot net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Cloning a FreeBSD system
On Mon, Feb 27, 2012 at 10:21 AM, Damien Fleuriot m...@my.gd wrote: ssh-keygen(1) is the typical method. Or just delete the existing keys and sshd will recreate them at first boot ;) No, sshd will not create the keys. They are created by /etc/rc.d/sshd, which invokes ssh-keygen if it doesn't find the key files. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /usr/home vs /home (was: Re: One or Four?)
man hier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /usr/home vs /home (was: Re: One or Four?)
On Sat, Feb 18, 2012 at 3:10 PM, Daniel Staal dst...@usa.net wrote: --As of February 18, 2012 2:46:32 PM -0800, Michael Sierchio is alleged to have said: man hier True, but /usr/... was a typical place to find users' home directories, since /usr is mounted when the system goes to multiuser mode. /home and /usr/home weren't originally featured in UNIX. /usr/kudzu might have been kudzu's home directory, or - in a large installation, before the advent of directory hashing, a scheme like /usr/k/ku/kudzu was used to limit the number of directories in each component of the path. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: RIP routing protocol implementation is FreeBSD?
On Mon, Jan 30, 2012 at 10:33 AM, Kaya Saman kayasa...@gmail.com wrote: Hi there, does anyone know if there's an implementation of the RIP version 2 routing protocol in FreeBSD??? man routed The routed utility is a daemon invoked at boot time to manage the network routing tables. It uses Routing Information Protocol, RIPv1 (RFC 1058), RIPv2 (RFC 1723), and Internet Router Discovery Protocol (RFC 1256) to maintain the kernel routing table. router_enable=YES in /etc/rc.conf this has nothing to do with NAT, btw. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: * Re: Horrible installer
On Fri, Jan 20, 2012 at 11:13 PM, Chad Perrin per...@apotheon.com wrote: ... On the other hand, bsdinstall does get the job done, at least for my purposes. It just does so in a way that feels a bit more straightjacketed, and it rubs me personally a bit the wrong way. ... From my perspective, it replaces something that clearly had at least a decimal order of magnitude more time and effort put into it, and it again makes FreeBSD look like a hobbyist's OS. As you point out, once installed, it has its merits. ;-) - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Horrible installer
I've been using FreeBSD since 2.2.1, and IMHO, the 9.0 installer SUX! It blow chunks. It's a POS. It's crap. It is a joke. I hope I made myself clear. ;-) - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Horrible installer
On Fri, Jan 20, 2012 at 9:15 PM, Lyubomir Grigorov lyubo...@grigorovl.eu wrote: Just to give thoughts as a younger user... Also, there was plently of time during RC to discuss this, I don't see why you all cry right now. To me, it seems you are afraid of change and getting out of your comfort zone. I don't have a comfort zone, I'm still a beginner ;-) My post was half in jest, but not entirely. I'm all for making things easy for the default install, but don't like having the expert knobs so far out of reach. The old sysinstall may have been showing its age, but replacing with something that looks even less professional isn't great, either. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pf not seeing inbound packets on netgraph interface
man 4 enc On Tue, Jan 3, 2012 at 8:30 PM, Edward Carrel aza...@carrel.org wrote: On Jan 3, 2012, at 12:12 AM, Damien Fleuriot wrote: Thinking -pf@ or -net@ would be a better place to discuss this, more chances of getting an answer. I was wondering about that. I'll send my question to -net@ to start. Thanks. Out of curiosity why not use a gif interface ? I had that working just fine with racoon and was able to actually firewall traffic on it with PF, iirc. From what I understand of gif interfaces, they are useful when IPSec is handling the tunnel pretty much end-to-end, and just needs a passthrough interface to direct traffic to and from. If I am wrong about this, please let me know. The reason why I'm using netgraph instead is because the LNS is not run by me, and there is no other way of connecting to the other end but via L2TP/IPSec. If there is a way to use L2TP, and leverage a gif interface to complete the loop on my end, I'd be interested to hear about it. Thanks, Ed Carrel___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FLAME - security advisories on the 23rd ? uncool idea is uncool
Careful reading, as opposed to blindly applying updates, is often rewarded. If you aren't running telnetd, it follows that you are not vulnerable to the most serious exploit addressed by the patch (remote root). I have had no trouble since applying the patch to 7.4 and 8.2 systems. YMMV. Given the nature of the exploit, and the fact that it has been seen in the wild, there was not choice but to make the announcement and make the patch available. - M On Fri, Dec 23, 2011 at 2:54 PM, Bas Smeelen b.smee...@ose.nl wrote: If a security advisory is announced, you have to patch, period! Happy holidays to all. Black hats too :) -- George It is up to the sysadmin. If your services are not affected, there is no need to patch. Although it's best to always keep your systems up to the latest. I think the security advisories are a good thing especially this time of the year But like they say here it's a storm in a glass of water YMMV Cheers and happy holidays (holy-days :)) Disclaimer: http://www.ose.nl/email ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: restore(8) to UFS on USB key: terrible slow
Cheap USB drives, and even many CF drives, aren't much good as random read-write devices. On my Soekris boxen I run FreeBSD, and mount the root filesystem rw,noatime. And I don't write to it. ;-) /var is a memory filesystem, there /var/db/... contain symbolic links to /usr/local/db/.. because the package database can grow quite large. /tmp is a symlink to /var/tmp. Configured this way, these machines are trouble-free. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org