Re: Suggestions for OS to use behind freebsd pf firewalls.
On Mar 1, 2008, at 10:13 PM, Rico Secada wrote: On Sat, 01 Mar 2008 19:45:14 -0600 eculp [EMAIL PROTECTED] wrote: I have installed freebsd server in a small company that has approx 30 pc's of all sizes, shapes, brands, etc. They have just realized that a large part of the problems that they had before the firewall was caused by the 30 windows pc's that were connected directly to the ISP's wireless router. They would like to change the PC's to unix desktops. I would like to install FreeBSD or any other bsd but don't feel that we have the drivers available to substitute such a wide variety of hardware. I would love to be proven wrong. Therefore I am considering a linux version with a graphic installer that will make it easier to train someone to install on any new machines that they add later. My problem is that I haven't done a linux install since before FreeBSD 2.2 IIRC and have no idea which version would be the most versatile and has an installer that is basically brain dead simple with most all drivers. I suspect that I am asking the impossible but you never know. I'm sure that I'm not the only person to run into this situation and I would sure appreciate any suggestions. In my experience from similar situations I would recommend OpenSUSE from Novell, since it has to be as windows like as possible. OpenSUSE is very well supported and since it is Novell who is behind the distro, the company can provide professional support. In general I recommend Debian over any distro, but in some rare cases like this one, I would rather recommend OpenSUSE. I would recommend investigating Ubuntu or one of it's clones (e.g. Xubuntu, Kubuntu). The install is brainless, they offer commercial support through the parent company Canonical, and they are Debian-based. Another option would be PC-BSD or DesktopBSD as they both have very easy installations and will support most things that the above support. The only stipulation that I have run into is the standard trouble of Flash on BSD operating systems. Thanks, ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: So How Hard Is Moving From 6.3 To 7.0?
On Feb 1, 2008, at 8:12 PM, Tim Daneliuk wrote: I have a stable 6.3 production server. If I buildworld/kernel for 7.0, install them, and reboot, will everything pretty much work the same as it did under 6.3, or have file locations, userland configuration, etc. changed? Will my 6.3 binaries run unchanged on 7.0 as well? TIA, You will want to check /usr/src/UPDATING and /usr/ports/UPDATING for changes before doing any kind of update. -- Tim Daneliuk [EMAIL PROTECTED] PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sysctl...
On Dec 27, 2007 2:20 PM, aJTiM [EMAIL PROTECTED] wrote: Hi! I am running FreeBSD 7 beta4. When I start a computer and os loading I got one message which I don't know why and how could I save a problem if it is a problem. Beta 4 works very good and I don't have problems. hw.acpi.cpu.cx_lowest: C1 sysctl: hw.acpi.cpu.cx_lowest: Invalid argument Thanks in advance. -- It just doesn't seem right to go over the river and through the woods to Grandmother's condo. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I am not running 7.0, so I am just guessing, but I am assuming you changed that option in /etc/sysctl.conf (or possibly copied your /etc directory from an older machine to the 7.0 machine). That would be the why you are getting that message during boot. The reason the message is appearing at all is most likely because that is not a current sysctl variable/option. I would check the sysctl manuals for that. -- Chad M. Gross ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd-update
On Nov 19, 2007 12:39 PM, Wojciech Puchar [EMAIL PROTECTED] wrote: --- The following files are affected by updates, but no changes have been downloaded because the files have been modified locally: /etc/rc.d/jail --- how could i look at this update manually? I believe the security patch information below is what is being referenced on your freebsd-update attempt. (Hint: Look at the Solution section on how to fix). I am not that familiar with the freebsd-update utility as I (and I suspect most FBSD users) use the CVS, patch, recompile method of keeping the systems up-to-date. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-07:01.jail Security Advisory The FreeBSD Project Topic: Jail rc.d script privilege escalation Category: core Module: etc_rc.d Announced: 2007-01-11 Credits:Dirk Engling Affects:All FreeBSD releases since 5.3 Corrected: 2007-01-11 18:16:58 UTC (RELENG_6, 6.2-STABLE) 2007-01-11 18:17:24 UTC (RELENG_6_2, 6.2-RELEASE) 2007-01-11 18:18:08 UTC (RELENG_6_1, 6.1-RELEASE-p12) 2007-01-11 18:18:35 UTC (RELENG_6_0, 6.0-RELEASE-p17) 2007-08-01 20:47:13 UTC (RELENG_5, 5.5-STABLE) 2007-08-01 20:48:19 UTC (RELENG_5_5, 5.5-RELEASE-p15) CVE Name: CVE-2007-0166 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit URL:http://security.FreeBSD.org/. 0. Revision History v1.0 2007-01-11 Initial release. v1.1 2007-08-01 Corrected patch for FreeBSD 5.5. I. Background The jail(2) system call allows a system administrator to lock a process and all of its descendants inside an environment with a very limited ability to affect the system outside that environment, even for processes with superuser privileges. It is an extension of, but far more powerful than, the traditional UNIX chroot(2) system call. The host's jail rc.d(8) script can be used to start and stop jails automatically on system boot/shutdown. II. Problem Description In multiple situations the host's jail rc.d(8) script does not check if a path inside the jail file system structure is a symbolic link before using the path. In particular this is the case when writing the output from the jail start-up to /var/log/console.log and when mounting and unmounting file systems inside the jail directory structure. III. Impact Due to the lack of handling of potential symbolic links the host's jail rc.d(8) script is vulnerable to symlink attacks. By replacing /var/log/console.log inside the jail with a symbolic link it is possible for the superuser (root) inside the jail to overwrite files on the host system outside the jail with arbitrary content. This in turn can be used to execute arbitrary commands with non-jailed superuser privileges. Similarly, by changing directory mount points inside the jail file system structure into symbolic links, it may be possible for a jailed attacker to mount file systems which were meant to be mounted inside the jail at arbitrary points in the host file system structure, or to unmount arbitrary file systems on the host system. NOTE WELL: The above vulnerabilities occur only when a jail is being started or stopped using the host's jail rc.d(8) script; once started (and until stopped), running jails cannot exploit this. IV. Workaround If the sysctl(8) variable security.jail.chflags_allowed is set to 0 (the default), setting the sunlnk system flag on /var, /var/log, /var/log/console.log, and all file system mount points and their parent directories inside the jail(s) will ensure that the console log file and mount points are not replaced by symbolic links. If this is done while jails are running, the administrator must check that an attacker has not replaced any directories with symlinks after setting the sunlnk flag. V. Solution NOTE WELL: The solution described changes the default location of the console.log for jails from /var/log/console.log inside each jail to /var/log/jail_${jail_name}_console.log on host system. If this is a problem, it may be possible to create a hard link from the new position of the console log file to a location inside the jail. A new rc.conf(5) variable, jail_${jail_name}_consolelog, can be used to change the location of console.log files on a per-jail basis. In addition, the solution described below does not fully secure jail configurations where two jails have overlapping directory trees and a file system is mounted inside the overlap. Overlapping directory trees can occur when jails share the same root directory; when a jail has a root directory which is a subdirectory of another jail's root directory; or when a part of the file system
Re: freebsd-update
On Nov 19, 2007 12:39 PM, Wojciech Puchar [EMAIL PROTECTED] wrote: --- The following files are affected by updates, but no changes have been downloaded because the files have been modified locally: /etc/rc.d/jail --- how could i look at this update manually? Also, check out: http://www.daemonology.net/freebsd-update/ It explains how older versions of the freebsd-update utility cannot update files that have been changed or recompiled locally. Newer versions can, but require manual intervention. (i.e. configuration options need to be set.). Hope that helps. -- Chad M. Gross ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Failing Drive
On Nov 16, 2007 5:05 PM, Douglas Rodriguez [EMAIL PROTECTED] wrote: I've been getting the following message repeating continuously: ad1:FAILURE - READ_DMA status=51READY, DSC, ERROR error=1ILLEGAL_LENGTH LBA=216026367 g_vfs_done():ad1s1[READ(offset = 110605467648, length = 16384)]error=5 ad1:FAILURE - READ_DMA status=51READY, DSC, ERROR error=40UNCORRECTABLE LBA=216026367 g_vfs_done():ad1s1[READ(offset = 110605467648, length = 16384)]error=5 ad1:FAILURE - READ_DMA status=51READY, DSC, ERROR error=1ILLEGAL_LENGTH LBA=216026367 g_vfs_done():ad1s1[READ(offset = 110605467648, length = 16384)]error=5 The same thing repeats every so often. What does this mean? I've read other threads (Drives Dieing) about possibly shutting down dma or reinstalling the system, but is that the best solution to this kind of problem? Thanks. ~Doug ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] One of the first things you can do is install sysutils/smartmontools. This package gives you the ability to access the S.M.A.R.T. functionality of your drives. Of course, your drives need to include S.M.A.R.T. capability and be enabled. After installing you can check to see if your drives support it by using the smartctl command. This is also the command that will use to run tests and check the results. Check out their homepage for more info: http://smartmontools.sourceforge.net/ Regards -- Chad M. Gross ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mounting/examining dd image?
On Nov 7, 2007 7:44 PM, Chad Gross [EMAIL PROTECTED] wrote: On Nov 3, 2007 3:38 PM, Jon Drukman [EMAIL PROTECTED] wrote: On Nov 3, 2007 9:23 AM, Warren Block [EMAIL PROTECTED] wrote: vnconfig is the predecessor of mdconfig. It should be present in 4.9. thanks, it is. however, i am unable to mount the vnconfig'd device. any ideas? i made the backup originally just by doing dd if=/dev/ad0 of=some.file then i ran vnconfig vn0 some.file if i dd /dev/ad0 i see all the boot sector stuff, etc. however i can't use disklabel or mount. # disklabel -r vn0 disklabel: bad pack magic number (label is damaged, or pack is unlabeled) # disklabel -r vn0a disklabel: bad pack magic number (label is damaged, or pack is unlabeled) # disklabel -r vn0b disklabel: bad pack magic number (label is damaged, or pack is unlabeled) # mount /dev/vn0s1a /mnt mount: /dev/vn0s1a on /mnt: incorrect super block You have to mount the device with 'mount -t cd9660' because it is an ISO which is a cd9660 format. Never mind I saw imagine and thought ISO. I apologize, this should hopefully help: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-virtual.html it seems like the data is there but i don't know how to access it. fc 31 c0 8e c0 8e d8 8e d0 bc 00 7c be 1a 7c bf |.1.|..|.| 0010 1a 06 b9 e6 01 f3 a4 e9 00 8a 31 f6 bb be 07 b1 |..1.| 0020 04 38 2f 74 08 7f 78 85 f6 75 74 89 de 80 c3 10 |.8/t..x..ut.| 0030 e2 ef 85 f6 75 02 cd 18 80 fa 80 72 0b 8a 36 75 |u..r..6u| 0040 04 80 c6 80 38 f2 72 02 8a 14 89 e7 8a 74 01 8b |8.r..t..| 0050 4c 02 bb 00 7c 80 fe ff 75 32 83 f9 ff 75 2d 51 |L...|...u2...u-Q| 0060 53 bb aa 55 b4 41 cd 13 72 20 81 fb 55 aa 75 1a |S..U.A..r ..U.u.| 0070 f6 c1 01 74 15 5b 66 6a 00 66 ff 74 08 06 53 6a |...t.[ fj.f.t..Sj| 0080 01 6a 10 89 e6 b8 00 42 eb 05 5b 59 b8 01 02 cd |.j.B..[Y| 0090 13 89 fc 72 0f 81 bf fe 01 55 aa 75 0c ff e3 be |...r.U.u| 00a0 bc 06 eb 11 be d4 06 eb 0c be f3 06 eb 07 bb 07 || 00b0 00 b4 0e cd 10 ac 84 c0 75 f4 eb fe 49 6e 76 61 |u...Inva| 00c0 6c 69 64 20 70 61 72 74 69 74 69 6f 6e 20 74 61 |lid partition ta| 00d0 62 6c 65 00 45 72 72 6f 72 20 6c 6f 61 64 69 6e |ble.Error loadin| 00e0 67 20 6f 70 65 72 61 74 69 6e 67 20 73 79 73 74 |g operating syst| 00f0 65 6d 00 4d 69 73 73 69 6e 67 20 6f 70 65 72 61 |em.Missing opera| 0100 74 69 6e 67 20 73 79 73 74 65 6d 00 00 00 00 00 |ting system.| 0110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 || ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Chad M. Gross -- Chad M. Gross ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mounting/examining dd image?
On Nov 3, 2007 3:38 PM, Jon Drukman [EMAIL PROTECTED] wrote: On Nov 3, 2007 9:23 AM, Warren Block [EMAIL PROTECTED] wrote: vnconfig is the predecessor of mdconfig. It should be present in 4.9. thanks, it is. however, i am unable to mount the vnconfig'd device. any ideas? i made the backup originally just by doing dd if=/dev/ad0 of=some.file then i ran vnconfig vn0 some.file if i dd /dev/ad0 i see all the boot sector stuff, etc. however i can't use disklabel or mount. # disklabel -r vn0 disklabel: bad pack magic number (label is damaged, or pack is unlabeled) # disklabel -r vn0a disklabel: bad pack magic number (label is damaged, or pack is unlabeled) # disklabel -r vn0b disklabel: bad pack magic number (label is damaged, or pack is unlabeled) # mount /dev/vn0s1a /mnt mount: /dev/vn0s1a on /mnt: incorrect super block You have to mount the device with 'mount -t cd9660' because it is an ISO which is a cd9660 format. it seems like the data is there but i don't know how to access it. fc 31 c0 8e c0 8e d8 8e d0 bc 00 7c be 1a 7c bf |.1.|..|.| 0010 1a 06 b9 e6 01 f3 a4 e9 00 8a 31 f6 bb be 07 b1 |..1.| 0020 04 38 2f 74 08 7f 78 85 f6 75 74 89 de 80 c3 10 |.8/t..x..ut.| 0030 e2 ef 85 f6 75 02 cd 18 80 fa 80 72 0b 8a 36 75 |u..r..6u| 0040 04 80 c6 80 38 f2 72 02 8a 14 89 e7 8a 74 01 8b |8.r..t..| 0050 4c 02 bb 00 7c 80 fe ff 75 32 83 f9 ff 75 2d 51 |L...|...u2...u-Q| 0060 53 bb aa 55 b4 41 cd 13 72 20 81 fb 55 aa 75 1a |S..U.A..r ..U.u.| 0070 f6 c1 01 74 15 5b 66 6a 00 66 ff 74 08 06 53 6a |...t.[ fj.f.t..Sj| 0080 01 6a 10 89 e6 b8 00 42 eb 05 5b 59 b8 01 02 cd |.j.B..[Y| 0090 13 89 fc 72 0f 81 bf fe 01 55 aa 75 0c ff e3 be |...r.U.u| 00a0 bc 06 eb 11 be d4 06 eb 0c be f3 06 eb 07 bb 07 || 00b0 00 b4 0e cd 10 ac 84 c0 75 f4 eb fe 49 6e 76 61 |u...Inva| 00c0 6c 69 64 20 70 61 72 74 69 74 69 6f 6e 20 74 61 |lid partition ta| 00d0 62 6c 65 00 45 72 72 6f 72 20 6c 6f 61 64 69 6e |ble.Error loadin| 00e0 67 20 6f 70 65 72 61 74 69 6e 67 20 73 79 73 74 |g operating syst| 00f0 65 6d 00 4d 69 73 73 69 6e 67 20 6f 70 65 72 61 |em.Missing opera| 0100 74 69 6e 67 20 73 79 73 74 65 6d 00 00 00 00 00 |ting system.| 0110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 || ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Chad M. Gross ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Flash 9
On 1/17/07, Bachilo Dmitry [EMAIL PROTECTED] wrote: В сообщении от Четверг 18 января 2007 09:15 Naim написал(a): On Wed, 17 Jan 2007 19:17:21 -0500 Chad Gross [EMAIL PROTECTED] wrote: I see it in linux compat layer http://www.freshports.org/www/linux-flashplugin9/ ;) -- Regards, -Abdullah Ibn Hamad Al-Marri Arab Portal http://www.WeArab.Net/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Does it work for anyone though? I just installed it and it gets no sound or it freezes depending on the site. I have the same situation, no sound! Best regards, Rico Don't you guys know? There would not be any sound, because linux flash 9 uses ALSA, not OSS. If there would be some wrapper sometime, we will hear the flash, if there would not be such thing, we would not. -- С уважением, Бачило Дмитрий Руководитель отдела системной интаграции ООО Компания Солинк -- With Best Regards, Bachilo Dmitry Head of systems integration dept Solink Company Ltd. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I do see the reason behind the sound under the system requirements at Adobe's website. I am wondering if it is crashing/freezing due to not using RHEL or SUSE as the compatibility layer. Has anyone testing Flash 9 under the default Linux environment and had it work? Has anyone tried it under the Gentoo base in ports and been successful? Or is it failing for everyone else too? Regards, Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Flash 9
On 1/17/07, Abdullah Al-Marrie [EMAIL PROTECTED] wrote: On 1/17/07, FreeBSD WickerBill [EMAIL PROTECTED] wrote: Maybe this would be better asked on the ports list but I'm throwing it out here first. Adobe released the linux version today (found here http://fpdownload.macromedia.com/get/flashplayer/current/install_flash_player_9_linux.tar.gz ) and was wondering if anyone has tried it yet. I'm at work, not at a *BSD desktop. Thanks... I see it in linux compat layer http://www.freshports.org/www/linux-flashplugin9/ ;) -- Regards, -Abdullah Ibn Hamad Al-Marri Arab Portal http://www.WeArab.Net/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Does it work for anyone though? I just installed it and it gets no sound or it freezes depending on the site. Regards, Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Internet Connection Problem - DNS Related?
On 12/20/06, linux quest [EMAIL PROTECTED] wrote: I am a new user of FreeBSD. I have already installed FreeBSD succesfully. However, I am not able to connect to the Internet. I have read the ppp manual in FreeBSD (by typing man ppp), but I still can't connect to the Internet. This is what happened at my prompt ... abc# ping google.com ping: cannot resolve google.com: Host name lookup failure Then, I thought perhaps I haven't configure my DNS. So I typed man dns, but I can't find the DNS manual, and yes... I know my ISP DNS IP address. But I don't know where to configure it in FreeBSD. man resolve.conf ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Local DNS Caching not caching on external interface
On 12/17/06, Tek Bahadur Limbu [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 15 Dec 2006 08:25:41 -0500 Chad Gross [EMAIL PROTECTED] wrote: On 12/15/06, Tek Bahadur Limbu [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 14 Dec 2006 08:34:11 -0500 Chad Gross [EMAIL PROTECTED] wrote: On 12/14/06, Tek Bahadur Limbu [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 14 Dec 2006 01:08:11 -0800 Christopher Cowart [EMAIL PROTECTED] wrote: On 14:57 Thu 14 Dec , Tek Bahadur Limbu wrote: Dear All, I am very new to Bind and FreeBSD. I have just configured a Local DNS server using the built-in Bind 9.3.1 on a FreeBSD 5.4 machine. My problem is that the machine can cache queries on the localhost and loop back (127.0.0.1) interface only. I have a public static IP on this machine too and I can't seem to query the caching name server from my local network. In Linux, this is no problem. I just can't seem to get Bind to work as in my local network. It works only on the loopback interface. The default /etc/namedb/named.conf configuration file for BIND says: | // If named is being used only as a local resolver, this is | a safe default. // For named to be accessible to the | network, comment this option, specify // the proper IP | address, or delete this option. listen-on { 127.0.0.1; }; It looks like if you comment out that option, it will listen on * by default. You could also add the other IP address on which you want named to listen. -- Chris Cowart Network and Infrastructure Systems Administrator RSSP-IT, UC Berkeley May all your pushes be popped Dear Chris, Thank you for your help. I did comment and added my public static IP like the following: listen-on { 202.x.x.x; }; # My Static IP Now when I do from my local PC: dig yahoo.com @202.x.x.x , I can do DNS lookups. But when I try doing that from another computer on my network, I can't do any DNS lookups. Is that anything that I miss? - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFFgT8ZVrOl+eVhOvYRAn8OAJwOOC6+C8mnY+YBP+1GxG2uDTfWpgCfTFr1 168ArGMkI0+9Qj/MpzFbmUo= =p9RV -END PGP SIGNATURE- ___ You have to tell the other machines on your network to use the IP of the local DNS server for domain name resolution. If you are using DHCP you can configure your DHCP server to give this information with the IP. Otherwise you must manually do it, which will be different between operating systems. HINT: In FreeBSD add the IP of the DNS server to /etc/resolve.conf Chad Dear Chad, I just get the following logs while troubleshooting with tcpdump. local nameserver IP: 202.102.5.100 network PC IP: 202.102.5.50 When I do a nslookup of yahoo and google from network PC using the local caching nameserver, I only get this on the caching nameserver. 13:23:58.707604 IP 202.102.5.50.44778 202.102.5.100.53: 56955+ A? google.com. (28) 13:23:32.899379 IP 202.102.5.50.40229 202.102.5.100.53: 47636+ A? yahoo.com. (27) Note: Please note that the above Static IPs are just arbitrary values. Can you please shed some light on this issue? - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFFglUsVrOl+eVhOvYRAsmMAJ9sb0fGdKiPp89CszMg5dXkvteojQCfdk0e fW0ofW8HJYq4RZXuROX7zPw= =5Ieg -END PGP SIGNATURE- Tek, Can you please post your Bind configuration files? Have you done a tcpdump or wireshark capture on both machines while issuing the resolution request? Could you please do that as well and post the results? Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Hi Chad, I have pasted my named.conf file below: options { directory /etc/namedb; pid-file/var/run/named/pid; dump-file /var/dump/named_dump.db; statistics-file /var/stats/named.stats; // If named is being used only as a local resolver, this is a safe default
Re: New style with Fluxbox
On 12/16/06, Olivier Regnier [EMAIL PROTECTED] wrote: Hello, Yesterday, i installed by the ports, fluxbox version 0.1.14_2 on my laptop with FreeBSD 6.1. I downloaded a new style called Mysta with theses files: - theme.cfg - pixmaps (button.xpm, menu.xpm and toolbar.xpm) Theses files are in /usr/X11R6/share/fluxbox/styles . The permissions are ok but i don't see my new theme in Fluxbox menu called Styles. Perhaps, i forgot to install a packages, i don't know what happened. Can you help me please ? Thanks in advance. Olivier Regnier ___ Did you put theme.cfg and the pixmaps into a folder called Mysta in /usr/X11R6/share/fluxbox/styles (e.g. /usr/X11R6/share/fluxbox/styles/Mysta/)? Also have you restarted Fluxbox or reloaded the config from the fluxbox menu? Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Local DNS Caching not caching on external interface
On 12/15/06, Tek Bahadur Limbu [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 14 Dec 2006 08:34:11 -0500 Chad Gross [EMAIL PROTECTED] wrote: On 12/14/06, Tek Bahadur Limbu [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 14 Dec 2006 01:08:11 -0800 Christopher Cowart [EMAIL PROTECTED] wrote: On 14:57 Thu 14 Dec , Tek Bahadur Limbu wrote: Dear All, I am very new to Bind and FreeBSD. I have just configured a Local DNS server using the built-in Bind 9.3.1 on a FreeBSD 5.4 machine. My problem is that the machine can cache queries on the localhost and loop back (127.0.0.1) interface only. I have a public static IP on this machine too and I can't seem to query the caching name server from my local network. In Linux, this is no problem. I just can't seem to get Bind to work as in my local network. It works only on the loopback interface. The default /etc/namedb/named.conf configuration file for BIND says: | // If named is being used only as a local resolver, this is a | safe default. // For named to be accessible to the network, | comment this option, specify // the proper IP address, or | delete this option. listen-on { 127.0.0.1; }; It looks like if you comment out that option, it will listen on * by default. You could also add the other IP address on which you want named to listen. -- Chris Cowart Network and Infrastructure Systems Administrator RSSP-IT, UC Berkeley May all your pushes be popped Dear Chris, Thank you for your help. I did comment and added my public static IP like the following: listen-on { 202.x.x.x; }; # My Static IP Now when I do from my local PC: dig yahoo.com @202.x.x.x , I can do DNS lookups. But when I try doing that from another computer on my network, I can't do any DNS lookups. Is that anything that I miss? - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFFgT8ZVrOl+eVhOvYRAn8OAJwOOC6+C8mnY+YBP+1GxG2uDTfWpgCfTFr1 168ArGMkI0+9Qj/MpzFbmUo= =p9RV -END PGP SIGNATURE- ___ You have to tell the other machines on your network to use the IP of the local DNS server for domain name resolution. If you are using DHCP you can configure your DHCP server to give this information with the IP. Otherwise you must manually do it, which will be different between operating systems. HINT: In FreeBSD add the IP of the DNS server to /etc/resolve.conf Chad Dear Chad, I just get the following logs while troubleshooting with tcpdump. local nameserver IP: 202.102.5.100 network PC IP: 202.102.5.50 When I do a nslookup of yahoo and google from network PC using the local caching nameserver, I only get this on the caching nameserver. 13:23:58.707604 IP 202.102.5.50.44778 202.102.5.100.53: 56955+ A? google.com. (28) 13:23:32.899379 IP 202.102.5.50.40229 202.102.5.100.53: 47636+ A? yahoo.com. (27) Note: Please note that the above Static IPs are just arbitrary values. Can you please shed some light on this issue? - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFFglUsVrOl+eVhOvYRAsmMAJ9sb0fGdKiPp89CszMg5dXkvteojQCfdk0e fW0ofW8HJYq4RZXuROX7zPw= =5Ieg -END PGP SIGNATURE- Tek, Can you please post your Bind configuration files? Have you done a tcpdump or wireshark capture on both machines while issuing the resolution request? Could you please do that as well and post the results? Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: stand/sysinstall
On 12/15/06, warren schreiner [EMAIL PROTECTED] wrote: have just installed 6.1 and need to setup the network connection i isually use /stand/sysinstall but i get command not found. So I down loaded the documentation and it says to use the sysinstall. So, sysinstall has changed and if so why was it not changed in the doc files. what files need to be changed in etc to get out to the real world through a firewalled gateway? thanks warren ___ man rc.conf If you use DHCP it will be ifconfig_DRIVER=dhcp, otherwise you will have to set the IP and Netmask manually along with the default gateway. Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How safe is encrypted disks? (data integrity)
On 12/14/06, Fabian Keil [EMAIL PROTECTED] wrote: Erik Norgaard [EMAIL PROTECTED] wrote: I have been thinking to make /home on my laptop encrypted - seems like a good idea if it gets stolen. Now, how safe is this? Not in terms of the strength of the encryption algorithm, but in terms of integrity. I have no insight on the code, but as nobody else answered, my response may be better than nothing. What happens in case of power failure, the battery runs out or system crashes for whatever reason? I have my home slice encrypted with GELI for several month now and so far I didn't notice any effects on the data integrity. I experienced several system crashes and one or two power failures do to empty battery but I didn't lose any data already saved on the disk (that I know of). The only inconvenience is that the system boots to single-user mode if the home slice isn't clean and I then have to fsck it manually. At that point the password for the key is already entered, so I'm not sure why the slice can't be fscked automatically. It could be the .eli extension, but I didn't investigate this any further. Fabian -- http://www.fabiankeil.de/ Erik, I also use geli and it works great. I have had power failures as well and have not lost any data upon reboot. Fabian, Yes the manual fsck is a pain. I am not sure why it has to be done manually either, but I don't think it is just the .eli extension. Did you notice you have to specify that it is UFS as well? Another thing to consider is the performance hit when using geli with a high encryption. I have mine set to the highest (I think) bit possible and when transferring anything ~500MB+ it lags the system a bit to do the encryption. Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Local DNS Caching not caching on external interface
On 12/14/06, Tek Bahadur Limbu [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 14 Dec 2006 01:08:11 -0800 Christopher Cowart [EMAIL PROTECTED] wrote: On 14:57 Thu 14 Dec , Tek Bahadur Limbu wrote: Dear All, I am very new to Bind and FreeBSD. I have just configured a Local DNS server using the built-in Bind 9.3.1 on a FreeBSD 5.4 machine. My problem is that the machine can cache queries on the localhost and loop back (127.0.0.1) interface only. I have a public static IP on this machine too and I can't seem to query the caching name server from my local network. In Linux, this is no problem. I just can't seem to get Bind to work as in my local network. It works only on the loopback interface. The default /etc/namedb/named.conf configuration file for BIND says: | // If named is being used only as a local resolver, this is a safe | default. // For named to be accessible to the network, comment this | option, specify // the proper IP address, or delete this option. | listen-on { 127.0.0.1; }; It looks like if you comment out that option, it will listen on * by default. You could also add the other IP address on which you want named to listen. -- Chris Cowart Network and Infrastructure Systems Administrator RSSP-IT, UC Berkeley May all your pushes be popped Dear Chris, Thank you for your help. I did comment and added my public static IP like the following: listen-on { 202.x.x.x; }; # My Static IP Now when I do from my local PC: dig yahoo.com @202.x.x.x , I can do DNS lookups. But when I try doing that from another computer on my network, I can't do any DNS lookups. Is that anything that I miss? - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFFgT8ZVrOl+eVhOvYRAn8OAJwOOC6+C8mnY+YBP+1GxG2uDTfWpgCfTFr1 168ArGMkI0+9Qj/MpzFbmUo= =p9RV -END PGP SIGNATURE- ___ You have to tell the other machines on your network to use the IP of the local DNS server for domain name resolution. If you are using DHCP you can configure your DHCP server to give this information with the IP. Otherwise you must manually do it, which will be different between operating systems. HINT: In FreeBSD add the IP of the DNS server to /etc/resolve.conf Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: JAVA plugin for linux-seamonkey
On 12/14/06, probsd org [EMAIL PROTECTED] wrote: I have the linux-seamonkey port built and I am trying to add the java plugin. I installed the java/diablo-jre15 and made a symlink from /usr/local/diablo-jre1.5.0/plugin/i386/ns7/libjavaplugin_oji.so to /usr/local/lib/linux-seamonkey/plugins/ as well as $HOME/.mozilla/plugins yet about:plugins in seamonkey isn't showing java support. I even tried the diablo-jdk15 libjavaplugin_oji.so to no avail. Michael Since you are running a Linux binary, you have to use a Linux version of Java. Try installing one of the Linux JDK's (e.g. linux-blackdown-jdk14). Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Getting a list of dependencies which have to be installed ?
On 12/14/06, Frank Staals [EMAIL PROTECTED] wrote: Hey..., Is there a utility to display the dependencies of a port which have yet to be installed ? I know you can get a complete dependency list on freebsd.org/ports , pkg_info -r or just looking in the files in the ports dir. But is there a command to display only the dependencies which haven't been installed on your system yet ? I also looked at pkg_add -n but it immediately starts fetching the packages needed. I don't want to start downloading the complete package just because I want a list of ports I haven't installed yet. Or is the only way making a diff between the pkg_info -r output and your pkg_info -a ? If so : Is there a way to tell pkg_info when using the -r flag on a not-yet-installed-port to only get a list of the dependencies instead of downloading the complete package ? Or is there just an other utility which can display this information which I'm not aware of ? Thanks in advance, -- -Frank Staals ___ Yes, read man ports before asking : http://www.freebsd.org/cgi/man.cgi?query=portsapropos=0sektion=0manpath=FreeBSD+6.1-RELEASEformat=html cd to the dir of the port you wish to know the dependencies of and issue one or both of these commands: *pretty-print-run-depends-list*, *pretty-print-build-depends-list* Print a list of all the compile and run dependencies, and dependencies of those dependencies. Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: where is the full compile option for sendmail?
On 12/13/06, meilin [EMAIL PROTECTED] wrote: hi all: The original sendmail's compile option is configured by m4,the one distribute with FreeBSD has tripped out some files and can not configure as the usual way,I have man make.conf,however, just find several items for sendmail and a few instructions. I want to know how to fully control the compile option while just do not install sendmail from a original source package? thx very much -- meilin mailto:[EMAIL PROTECTED] If you want to eliminate sendmail from base when you recompile the system you will add the following to /etc/make.conf: *NO_SENDMAIL= true* Sendmail and all related programs should no longer be on the system after a rebuild. This is take directly from the manpage: *NO_SENDMAIL* (*bool*) Set to not build sendmail(8) http://leaf.dragonflybsd.org/cgi/web-man?command=sendmailsection=8 and related programs. Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 6.2/AMD64: supports TYAN Tomcat n3400B motherboard?
On 12/13/06, Peter A. Giessel [EMAIL PROTECTED] wrote: On 2006/12/13 4:47, O. Hartmann seems to have typed: TYAN Tomcat n3400B motherboard (TYAN S2925G2NR). [snip] The main question is: will FreeBSD 6.2/amd64 work with this board? I don't see it on the list of tested motherboards. If compatibility is really important to you, check the list: http://www.freebsd.org/platforms/amd64/motherboards.html It may work, it may not. Just because its not on the list, doesn't mean that it won't work, it just hasn't been tested. OTOH, it may not be on the list because it doesn't work. Just from skimming the list, it seems that many nVidia chipsets have issues with their ethernet controller. ___ If this is the case than why not include a Doesn't Work list as well? That would stop the guessing on whether it doesn't work or hasn't been tested. If hardware doesn't appear on the It Works nor the Doesn't Work lists, than one can assume that it hasn't been tested. This could save a lot of headaches (and $$$). Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Newbie on tunnelling
On 12/13/06, Odhiambo Washington [EMAIL PROTECTED] wrote: * On 13/12/06 15:48 +, Chris wrote: | Loading a kernel module at boot time is done by editing (or creating) | loader.conf in /boot. And adding [module_name]_load=YES to load a module, | so: if_gre_load=YES. | | Edit rc.conf for startup configurations. Take a look at man rc.conf. The | sections on network_interfaces and static_routes will be of some help. | | On 13/12/06, Odhiambo Washington [EMAIL PROTECTED] wrote: | | I need to create a VPN between two offices. Each has a LAN that is | behind a FreeBSD router/firewall. | | I have managed to do the following manually: | | hq-office: | kldload if_gre.ko | ifconfig gre0 create | ifconfig gre0 tunnel 62.8.68.94 62.8.82.142 | ifconfig gre0 inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252 | route add -net 192.168.1.0/24 -interface gre0 | | sub-office: | kldload if_gre.ko | ifconfig gre0 create | ifconfig gre0 tunnel 62.8.82.142 62.8.68.94 | ifconfig gre0 inet 10.0.0.2 10.0.0.1 netmask 255.255.255.252 | route add -net 192.168.0.0/24 -interface gre0 | | Now my simple question is: How do I automate these commands during boot | time? | So, if I compiled kernel with device gre (FreeBSD 5.5 here, sorry) then there is no need to load the module via loader.conf, yes? So in rc.conf. would the following suffice (for hq-office)? cloned_interfaces=gre0 ifconfig_gre0=inet 10.0.0.1 10.0.0.2 tunnel 62.8.68.94 62.8.82.142 up How about the static route portions? It's still not clear to me how to take care of them in rc.conf. TIA -Wash As I believe you were previously instructed, read the manual (it's all in there): http://www.freebsd.org/cgi/man.cgi?query=rc.confapropos=0sektion=0manpath=FreeBSD+6.1-RELEASEformat=html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Missing pkg-descr - Correction
Wyane, Is there a specific reason you need ports/jdk15? If not, try java/diablo-jdk15. The latter is the result of the FreeBSD Foundation's deal with Sun. Chad On 12/13/06, Wayne M. Barnes [EMAIL PROTECTED] wrote: Correction: This problem happened during make all install for the port java/jdk15 (Not portinstall) - Forwarded message from Wayne M. Barnes [EMAIL PROTECTED] - Date: Wed, 13 Dec 2006 12:19:18 -0600 From: Wayne M. Barnes [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Subject: Missing pkg-descr User-Agent: Mutt/1.4.2.1i Dear FreeBSD, The following Missing pkg-descr is happening to me a lot, with many packages. This time it was during portinstall jdk15. === Installing for m4-1.4.8_1 === Generating temporary packing list ** Missing pkg-descr for m4-1.4.8_1. *** Error code 1 Stop in /usr/ports/devel/m4. *** Error code 1 This time it is on a brand-new install of FreeBSD 6.2. How can I be responsible for the pkg-descr. This is the second time I have asked this question. I got no help before. My email was down briefly. Did I miss the answer? Thank you, -- Wayne M. Barnes, Ph.D., President lab at: DNA Polymerase Technology, Inc. The Inventery 11 Princeton Avenue 1508 S. Grand Blvd University City, MO 63130 St. Louis, MO 63104 fax (314)754-9556 Phone: 314.680.0575 email: [EMAIL PROTECTED] - End forwarded message - -- Wayne M. Barnes, Ph.D., President lab at: DNA Polymerase Technology, Inc. The Inventery 11 Princeton Avenue 1508 S. Grand Blvd University City, MO 63130 St. Louis, MO 63104 fax (314)754-9556 Phone: 314.680.0575 email: [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: can I unload a module from within sysinstall ?
On 12/13/06, Ensel Sharon [EMAIL PROTECTED] wrote: I need to load a new kernel module during sysinstall so that I can see my raid controller. Easy - I go into configure, load, and load it off the floppy. Easy. BUT, freebsd already has a xyz.ko, and it is already loaded, so it fails. So my question is, how do I unload the existing xyz.ko before I load the new one ? Can I do it in sysinstall ? Can I do it in the loader prompt prior to sysinstall ? __ Did you try from the emergency console on F4? Haven't had to try this myself but, it would be worth a try. Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: can I unload a module from within sysinstall ?
On 12/13/06, Chad Gross [EMAIL PROTECTED] wrote: On 12/13/06, Ensel Sharon [EMAIL PROTECTED] wrote: I need to load a new kernel module during sysinstall so that I can see my raid controller. Easy - I go into configure, load, and load it off the floppy. Easy. BUT, freebsd already has a xyz.ko, and it is already loaded, so it fails. So my question is, how do I unload the existing xyz.ko before I load the new one ? Can I do it in sysinstall ? Can I do it in the loader prompt prior to sysinstall ? __ Did you try from the emergency console on F4? Haven't had to try this myself but, it would be worth a try. Chad Sorry, the command would be 'kldunload xyz.ko' ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On 12/13/06, Lane [EMAIL PROTECTED] wrote: On Wednesday 13 December 2006 16:36, Tuareg wrote: On 12/13/06, Lane [EMAIL PROTECTED] wrote: Tuareg, Post /etc/rc.conf from one of the servers that does what you want and that should lead us to what mta is handling email. cat /etc/rc.conf ### Network daemon (miscellaneous) NFS options: ### sendmail_enable=NONE # Run the sendmail daemon (or NO). cron_enable=YES # Run the periodic job daemon. portmap_enable=NO # Run the portmapper service (or NO). usbd_enable=NO sshd_enable=YES tcp_drop_synfin=YES tcp_restrict_rst=YES syslogd_enable=YES# Run syslog daemon (or NO). syslogd_flags=-s -s # Flags to syslogd (if enabled). Also, please post a copy of ls -al /usr/local/etc/rc.d from that same working server, just in case there is a custom script starting the mta. lane ls -al /usr/local/etc/rc.d total 10 drwxr-xr-x 2 root wheel 512 Jan 23 2003 . drwxr-xr-x 4 root wheel 512 Oct 30 18:06 .. -rwxr--r-- 1 root wheel 624 Jan 14 2003 squid.sh And that's all. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Tuareg, Yours is a mystery. Let's see the output of tail -200 /var/log/maillog from the working machine. Clearly there is no mta being started on boot. But I'm not familiar enough with squid to say for sure that it is not the daemon in question. It may be that squid is configurable so that it could be delivering the log messages. I'll make it and see what I can see. In the mean time, if anyone else has some ready experience to say for certain that this is probably what's happening, then jump right in. lane ___ You need something to be able to send emails to mail servers. Either a MUA which is capable of doing so (of which mail(8) is not) or an MTA locally. Are you sure you didn't follow these instructions on the other servers: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/outgoing-only.html How about trying them? Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Install via ports...
On 12/13/06, Ne'Bahn [EMAIL PROTECTED] wrote: Hi list, I've read the handbook for ports, basically (if I understand) ports are files that brings information (location, dependencies) to the system to compile a series of files (sources) to have the final piece of software. Very nice with the advantages that comes with this type of installation, but, what about a big applications like Gnome, OpenOffice and so on. I can't try ports because I can't have a fast/long connection for downloads (due to some restrictions on my country) so I always install via packages, and it takes a while, well a little bit. So what I am asking if is anyone has test a Gnome, OpenOffice.org, or any other big installations via ports (say in a Pentium 4 2.8GHz HT with 512Mb RAM) can tell me the elapsed time ??? Just curious...thanks in advance. I have a P4 2.8 w/ 1G RAM and it takes hours to compile OpenOffice and around 9GB of hdd space. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Backing up FREEBSD
The handbook is your friend: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/backup-basics.html and most likely: man dump Chad On 12/12/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi This is Arun from Singapore. I basically want to know how to back up files if a computer is already running on FREEBSD. Please help me with this as it is urgent. Thanking you Arun ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Kerberos Question
On 12/12/06, Timothy Radigan [EMAIL PROTECTED] wrote: I am having trouble getting Samba 3 to compile with ADS support and I have narrowed the problem down to Kerberos. I have been told previously to NOT install the security/krb5 port when installing Samba 3 with ADS support, but I had already done that. After removing the security/krb5 port, it leaves no trace of Kerberos on the system, not even the base version of Kerberos that comes when FreeBSD is installed. My question, is there a way to rebuild the version that comes with FreeBSD and install it? Would a make buildworld and a make installworld solve my woes? Any help would be appreciated. Tim Try looking in /usr/src/kerberos5 Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Major Version Upgrade - 4.11 to 5.x
First I would address the first question. Only you can really answer whether or not there is a benefit. Is there a specific need (e.g. software/hardware support) for you to upgrade? If not then I would recommend against the upgrade. If yes, I why not move to 6.x? I have been running FBSD since 4.0and have run every revision since and would not suggest using 5.x. Either stick with 4.x or move to 6.x based on your requirements. To answer your second question, the best place to look for help is the handbook ( http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html). Also make sure to read /usr/src/UPDATING as this may contain special instructions. It is a general rule of thumb to do a clean install between major revisions though. I have personally done them with success, but would not recommend doing it on a production server if it is your first time doing one (as it sounds to be). Stick to upgrading between minor revisions until you are familiar with the build/make process. Also these mailing lists are a great resource for help as is http://www.bsdforums.org/ (and a few others, use Google). Finally, as mentioned above, from personal experience it is best to stick with a clean install between major revisions. Good luck again, Chad On 12/11/06, James Long [EMAIL PROTECTED] wrote: On Sunday 10 December 2006 15:41, Valen Jones wrote: I'm interested in upgrading from 4.11 to 5.x. I currently track 4.x stable using cvsup, but I've never done a major version upgrade. First, should I bother? My hardware has dual pentium 1.13 processors with 1G ram (I'm considering maxing it out at 4). I host a few domains on this machine and I have four jails configured on it which will have to be upgraded too. I have users counting particularly on mail service not being down for too long. Other than the obvious advice to start with a good backup, can anyone tell me: 1) Will I gain a major benefit from upgrading 2) Where should I look for instructions / advice on upgrading 3) Also any general advice from personal experience. Beech's advice is sound. I would stress that the simplest and easiest by far is indeed a clean install. And take two backups, if you have customers counting on things going right. Make sure your backups are readable, usable and complete (no bad spots on tape media, no files inadvertently omitted, etc.). If at all possible, leave the production system running and begin the new installation on separate hardware. If you have a fast new machine to migrate onto, do that. However your current hardware sounds adequate for the light load you describe. If you have just a spare machine of nearly the same horsepower and configuration, you could do the new installation on the spare machine, get it configured and tested, and then backup the old machine twice, wipe the drive and re-partition, and then transfer the newly-built configuration onto your production hardware. Watch out for /etc/fstab gotchas, like if the test machine has an ad0 ATA drive and the production is da0 SCSI. This will allow you to do a lot of migration, testing and tweaking off-line, without your customers noticing much downtime, except for the final changeover. How current are your installed ports? Review the ports you do have installed, and see whether you're really still using them. It will save you a little time on the new machine by not having to build ports you don't really need anymore. Look at your key applications, and where there are significant version changes between what you're running and what's current, familiarize yourself with the upgrade issues (if any) that each port presents. Be prepared to test any new features you hope to use, or to regression test to make sure that legacy functionality still works the way you expect. This might be the time to switch to Apache 2, for example, if you want to. But some things that worked under 1.3 will have to be adjusted to work under 2. At the least, it would be good to upgrade to the latest 1.3.x, to use Apache as an example. As for #3, I have grown fond of using a FreesBIE or other live CD for steps like booting the migration/test box to create a backup image of the new 6.X filesystem, and then also to boot the production box for the final changeover to transfer that backup image onto the production disk. That way your file system in an off-line (inactive) state, where you can cleanly backup the old production filesystem (twice!), then wipe and re-partition, and transfer the new configuration image onto the production drive likewise in a clean state. If you haven't already, spend some time just experimenting on a test machine, and make friends with FreesBIE and/or the Fixit live CD mode of FreeBSD installation media. Good luck! Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL
Re: Major Version Upgrade - 4.11 to 5.x
On 12/11/06, Garrett Cooper [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chad Gross wrote: First I would address the first question. Only you can really answer whether or not there is a benefit. Is there a specific need (e.g. software/hardware support) for you to upgrade? If not then I would recommend against the upgrade. If yes, I why not move to 6.x? I have been running FBSD since 4.0and have run every revision since and would not suggest using 5.x. Either stick with 4.x or move to 6.x based on your requirements. To answer your second question, the best place to look for help is the handbook ( http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html ). Also make sure to read /usr/src/UPDATING as this may contain special instructions. It is a general rule of thumb to do a clean install between major revisions though. I have personally done them with success, but would not recommend doing it on a production server if it is your first time doing one (as it sounds to be). Stick to upgrading between minor revisions until you are familiar with the build/make process. Also these mailing lists are a great resource for help as is http://www.bsdforums.org/ (and a few others, use Google). Finally, as mentioned above, from personal experience it is best to stick with a clean install between major revisions. Good luck again, Chad Bad way to look at things, given that 4.x isn't supported anymore by the FreeBSD group; so anything either userland or core system related that needs to be upgraded due to a security or performance issue would require an upgrade anyhow.. You should run at least 5.x, but it's highly recommended that you go to 6.x, due to performance improvements and the fact that you won't have to source upgrade your system again for a lot longer period of time (than if you moved to 5.x). The only issue is that you don't have direct access to the machine. - -Garrett I apologize, I didn't realize that 4.x was no longer supported (I thought RELENG_4 was still getting commits). In that case, I would make the move to 6.x being that 5.x wasn't exactly the best release performance-wise and it will be moving out of support sooner too. Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fonts on X.Org...
On 12/11/06, Ne'Bahn [EMAIL PROTECTED] wrote: Hi list, how can I add some fonts to the system, for instance: Arial, Courier New, and so others. I know there are some fonts that cost to acquire them, but isn't an implementation of these fonts for the open source arena ??? PS: I've some docs made in a Windows environment that use fonts I don't have on FreeBSD, the replacement is very bad, so OpenOffice offers system fonts rather than their fonts (if it has a set), a problem for portability/compatibility but indeed better for availability. ___ Try installing x11-fonts/webfonts from the ports collection. Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Zope
/plone_3rdParty' -- 2004-03-19T15:11:37 ERROR(200) DirectoryView Error during prepareContents: Traceback (innermost last): File /usr/local/www/Zope/lib/python/Products/CMFCore/DirectoryView.py, line 198, in getContents File /usr/local/www/Zope/lib/python/Products/CMFCore/DirectoryView.py, line 215, in prepareContents File /usr/local/www/Zope/lib/python/Products/CMFCore/DirectoryView.py, line 47, in _filtered_listdir OSError: [Errno 2] No such file or directory: '/usr/local/www/Zope/lib/python/lib/python/Products/CMFPlone/skins/plone_wysiwyg' -- 2004-03-19T15:11:37 ERROR(200) DirectoryView Error during prepareContents: Traceback (innermost last): File /usr/local/www/Zope/lib/python/Products/CMFCore/DirectoryView.py, line 198, in getContents File /usr/local/www/Zope/lib/python/Products/CMFCore/DirectoryView.py, line 215, in prepareContents File /usr/local/www/Zope/lib/python/Products/CMFCore/DirectoryView.py, line 47, in _filtered_listdir OSError: [Errno 2] No such file or directory: '/usr/local/www/Zope/lib/python/lib/python/Products/CMFPlone/skins/plone_ecmascript' Again everything works fine if I run it specifically with -u root. I can't just run it as root without -u root because it gives the SETUID error. If I run with any other -u it doesn't work. Any ideas? Chad --- Khairil Yusof [EMAIL PROTECTED] wrote: On Thu, 2004-03-18 at 09:38 -0800, Chad Gross wrote: Thank you for your assistence, I managed to figure out what my problem was. It turns out zope must be started as root. I was starting it as another user which is what Zope.org suggests to do. If you installed it from ports rename the startup script from zope.sh.sample to zope.sh, and start it from /usr/local/etc/rc.d/zope.sh. eg. /usr/local/etc/rc.d/zope.sh start You can still start it manually from root, just specify the user you want the daemon to run eg: ./start -u www ATTACHMENT part 2 application/pgp-signature name=signature.asc = Chad Gross [EMAIL PROTECTED] Within the mind you can find the meaning to your existance! __ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Zope
Thank you for your assistence, I managed to figure out what my problem was. It turns out zope must be started as root. I was starting it as another user which is what Zope.org suggests to do. I guess I have to change ownership though for the rest of the files to that user in order to be able to run it as a different user. I should be able to figure out the rest of this Zope beast. Again I appreciate the quick responses. Thank you, Chad G. --- Khairil Yusof [EMAIL PROTECTED] wrote: On Wed, 2004-03-17 at 19:07 -0800, Chad Gross wrote: I am perplexed as to what I am doing wrong with Zope on FreeBSD 4.9. I have managed to get it to start, but when I go to localhost:8080 I can't duplicate this problem on any Zope port installs I've done so far (FreeBSD-5.x) and you should not have to change permissions of any of the Zope directories. Can you give the output of /usr/local/www/Zope/var/zope-output ? Anybody running Zope (from ports) on 4.9? ATTACHMENT part 2 application/pgp-signature name=signature.asc = Chad Gross [EMAIL PROTECTED] Within the mind you can find the meaning to your existance! __ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Zope
I am perplexed as to what I am doing wrong with Zope on FreeBSD 4.9. I have managed to get it to start, but when I go to localhost:8080 I get the following error: Zope Error Zope has encountered an error while publishing this resource. Error Type: ImportError Error Value: No module named DT_Let And this is only after I changed the permissions to world readable in the /usr/local/www/Zope/lib/python/App/dtml folder since I was getting a permission denied error before. Is this safe to have everything in there readable? If so why is it not done by default? I installed plone as well thinking that I needed a CMS installed, but that doesn't help. I know the port works because I have seen sites running FreeBSD with Zope (and Plone). If anyone has the anwer to this or can direct me to some place that can help please email me back at [EMAIL PROTECTED] since I am not on the list. Thanks in advance, Chad G. = Chad Gross [EMAIL PROTECTED] Within the mind you can find the meaning to your existance! __ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
3Com card stops working
I have a strange problem the 3Com cards in my router. I had installed 4.8 on a Compaq Deskpro and installed to 3Com cards that use the xl driver. Most of the time the router works fine, but at random times it would stop routing. If I would log into the machine locally and ifconfig down and up on the external NIC or reboot it would begin to work again for a random period of time and then stop again. Until I would do this I could not even ping anything. I upgraded to 4.9RC2 but the problem still occurred. Now I can only seem to fix it for about a minute or so by doing either a reboot or the ifconfig commands mentioned above. Another strange thing is that when this happens, if I try to SSH into the machines internal NIC from a machine on the local net it takes a long time to display the login prompt and then a long time to display the password prompt if it displays either at all before timing out. I can ping the internal NIC perfectly fine though. Does anyone have a clue as to what this could be caused by? CMG = Chad Gross [EMAIL PROTECTED] Within the mind you can find the meaning to your existance! __ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FTP server behind IPf/IPNAT
Hello, I have been trying to give access to an ftp server on my LAN to the outside world. I believe that it has to do with a NAT problem. I am running the ftp server on a Windows XP (only because I dont have the time to setup SAMBA right now L). Anyway, I am running the server on port 420, but I also need to allow passive connections since a few of those wanting to connect are going to be behind firewalls themselves. I have allocated a bunch of HIGH ports on the FTP server as well as in IPF.RULES on my external interface for use with passive connections. The problem lies in IPNAT.RULES as far as I can tell because the connections seem to come through, but then the user gets nothing. Here are my config files (Things dealing with my ftp server are highlighted in bold and italicized letters): /ETC/IPF.RULES #OUTSIDE INTERFACE #Block in all traffic coming from private networks block in quick on xl0 from 127.0.0.0/8 to any block in quick on xl0 from 10.0.0.0/8 to any block in quick on xl0 from 172.16.0.0/12 to any block in quick on xl0 from 192.168.0.0/16 to any #Allow in traffic for Direct Connect pass in quick on xl0 proto udp from any to any port = 412 keep state pass in quick on xl0 proto tcp from any to any port = 412 flags S keep state #Allow in bootp traffic from RoadRunner's DHCP's server only pass in quick on xl0 proto udp from 10.108.112.1/32 to any port = 68 keep state #Allow in traffic for MSN #pass in quick on xl0 proto tcp from any to any port = 1863 flags S keep state pass in quick on xl0 proto tcp from any to any port = 6901 flags S keep state pass in quick on xl0 proto udp from any to any port = 6901 keep state pass in quick on xl0 proto tcp from any to any port 6890 6901 flags S keep state pass in quick on xl0 proto udp from any to any port 6890 6901 keep state #Allow in traffic for AIM pass in quick on xl0 proto tcp from any to any port = 5190 flags S keep state #Allow in traffic for WASTE pass in quick on xl0 proto tcp from any to any port = 1337 flags S keep state #Allow in FTP traffic for server on XP machine pass in quick on xl0 proto tcp from any to 192.168.1.150 port = 420 flags S keep state pass in quick on xl0 proto tcp from any to 192.168.1.150 port 15000 2 flags S keep state #Block and log all remaining traffic coming into the firewall #Block TCP with a RST (to make it appear as if the service isn't listening) #Block UDP with an ICMP Port Unreachable (to make it appear as if the service isn't listening) #Block all remaining traffic the good 'ol fashioned way block return-rst in log quick on xl0 proto tcp from any to any block return-icmp-as-dest(port-unr) in log body quick on xl0 proto udp from any to any block return-icmp-as-dest(port-unr) in log body quick on xl0 proto icmp from any to any block in log quick on xl0 all #Block out things going to private networks block out quick on xl0 from any to 127.0.0.0/8 block out quick on xl0 from any to 10.0.0.0/8 block out quick on xl0 from any to 172.16.0/12 block out quick on xl0 from any to 192.168.0.0/16 #Allow out certain TCP, UDP, and ICMP traffic keep state on it pass out quick on xl0 proto udp from any to any keep state pass out quick on xl0 proto icmp from any to any keep state pass out quick on xl0 proto tcp from any to any port = 80 flags S keep state pass out quick on xl0 proto tcp from any to any port = 8080 flags S keep state pass out quick on xl0 proto tcp from any to any port = 21 flags S keep state pass out quick on xl0 proto tcp from any to any port = 22 flags S keep state pass out quick on xl0 proto tcp from any to any port = flags S keep state #Block out everything else block out quick on xl0 all #INSIDE INTERFACE #Block out things coming from private networks block out quick on xl1 from 127.0.0.0/8 to any block out quick on xl1 from 10.0.0.0/8 to any block out quick on xl1 from 172.16.0.0/12 to any block out quick on xl1 from 192.168.0.0/16 to any #Allow out all TCP, UDP, and ICMP traffic keep state pass out quick on xl1 proto tcp from any to 192.168.1.0/24 keep state pass out quick on xl1 proto udp from any to 192.168.1.0/24 keep state pass out quick on xl1 proto icmp from any to 192.168.1.0/24 keep state #Block out everything else coming in block out quick on xl1 all #Block in things not coming from my network #Block in things going to private networks block in on xl1 from !192.168.1.0/24 to any block in quick on xl1 from 192.168.1.0/24 to 127.0.0.0/8 block in quick on xl1 from 192.168.1.0/24 to 10.0.0.0/8 block in quick on xl1 from 192.168.1.0/24 to 172.16.0/12 #Allow in all TCP, UDP, and ICMP traffic keep state pass in quick on xl1 proto udp from 192.168.1.0/24 to any keep state pass in quick on xl1 proto icmp from 192.168.1.0/24 to any keep state pass in quick on xl1 proto tcp from 192.168.1.0/24 to any port = 80 flags S keep state pass in quick on xl1