Re: replacing ^M with emacs
On Fri, Oct 27, 2006 at 04:20:49PM -0700, Noah wrote: this is the best answer. Hits it right on the head of what I want. What if I want the character to replace the ^M with a new line what do I enter in the replace field? The nice thing about that method is that it'll work for odd characters when you don't know what they are. For simple things like ^M you can always use ^Q^M to produce an actual ^M when doing the query-replace stuff. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Do I need to completely disable sendmail?
On Sun, Sep 24, 2006 at 05:18:27PM -0400, Rob Gabaree wrote: So what should I do? Should I just have sendmail_enable=NO in / etc/rc.conf, so only the incoming mail service is disabled? That way messages could be sent without the above errors? Or what? You should allow the system to send out it's mail. And it should go somewhere meaningful (i.e., to you). And you should read it. All my systems send me mail every day, and I scan through it to make sure everything is okay. That's what those messages are for. :) So, yes. You should disabled incoming, but allow submit, etc. You can also firewall off incoming instead or in addition. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sshd brute force attempts?
On Tue, Sep 19, 2006 at 02:22:41PM -0700, backyard wrote: well you could pretty much eliminate the problem by disabling password logins to sshd and only accepting keyed logins. Then only a key will work. This is probably the best thing you can do to keep the bad guys out. This is what I'm doing on every box I have control over. It does not stop anyone from trying, but nobody gets in. I have yet to see even an attempt by script kiddies to use keys. Frequently changing the keys would ensure hackers would have to want to get in REALLY bad in order to gain unauthorized access by a brute force attempt. Depending on how hosts login and their systems, you could perhaps run a login script that regenerates keys automatically and distributes them to the user every so many days or whatever so the system appears passwordless to them, and secure to the outside. This may be more trouble then you are looking for though. I think this isn't needed, and is somewhat silly. Like all (decent) implementations of pubkey, the key is only used to authenticate and exchange a symetric session key. So the pubkey sees little actual use, compared with the session key. Anyone who knows better please correct me. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Window Manager Recommendations
On Fri, Sep 08, 2006 at 07:49:46PM -0700, Joel Adamson wrote: I am switching over my desktop system to FreeBSD soon and want to choose a nice window manager. One of the more annoying things I want to get away from in Microsoft Windows is focus-shifting: I'll be typing along in one place, then a webpage will finish loading, the window focus shifts, I keep typing and execute a bunch of commands in the new window (chosen by Windows, rather than by me, who would be content to keep typing and go to the webpage when I'm good and ready). In general I'd prefer a window manager that avoids these sorts of things (i.e., only does what I ask it to). If that's really a major goal then look into ion3 or ratpoison. I've been using ion3 for quite a while now and I'm happy. (you probably won't like it, though, coming from Windows) -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Window Manager Recommendations
On Fri, Sep 08, 2006 at 10:52:41PM -0500, Chris wrote: If that's really a major goal then look into ion3 or ratpoison. I've been using ion3 for quite a while now and I'm happy. (you probably won't like it, though, coming from Windows) I prefer XFCE4 Darrin - if possible, could you provide screenshots? http://www.modeemi.fi/~tuomov/ion/ is the ion3 home page, with some screenshots toward the bottom. It's somewhat spartan, but if you want something that stays out of your way then it's very nice. It's like an X version of screen, on steroids. :) -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: not adding daemons to rc.conf
On Wed, Aug 30, 2006 at 08:47:06PM -0500, Jonathan Horne wrote: ive noticed that apache can be started manually using the apachectl tool, even if it is not enabled in /etc/rc.conf. do many other daemons have this ability? i have a dev server that i would like to not have many things enabled in the rc.conf, but i would like an easy way to just start specific daemons when i need. Why, yes. There's nothing magical about the rc mechanisms, and you are free to start daemons on your own. Be warned that there may be side effects with some daemons, being that they are not started the same way regarding login class or whatnot. But normally this won't be a problem. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BSDstats: Just added - Vendor Stats
On Sat, Aug 26, 2006 at 10:43:38PM -0300, Marc G. Fournier wrote: Neat to see nVidia *much* more popular then ATI though ... Really? Why is that neat? nVidia restricts your choices through their staunch refusal to provide open specs. They are not nice players in this game. At least there's some hope about ATI after the AMD deal. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Web server requirements
On Sat, Aug 19, 2006 at 02:55:59PM -0400, Dearment, Alaric J wrote: I'm the on-line editor of expo, Ball State University's student-run magazine. We're reviving our Web site, and I've been thinking seriously about running it off a FreeBSD-based server. However, I'm not sure what kinds of system requirements I'll have. The school has roughly 20,000 students and the magazine comes out once a semester. If I were to guess, I'd say we'll be having 100 people on the server at once on busy days, most of whom will be on campus. In addition to articles, the server will probably offer a 10- to 15-minute video and/or podcast to go with the cover story. Also, the server will also be used as a mail server and file server, though file services will likely only be needed for a couple of days each semester and E-mail accounts will only be for staff to do things such as receive feedback on articles and so forth. What sorts of requirements would such a server need as far as processor, RAM and HD are concerned, assuming it would be running on FreeBSD? Would a machine with 512M of RAM, a 140G HD and 1.2GHz processor work? A lot depends on how your web content will be served up. If you're going to run a very dynamic CMS w/ database then requirements will go up. If you're serving more or less static pages then the requirements won't be nearly as high. Spend money on RAM. Big payoff, and it's pretty cheap. Spend money on a good disk (SCSI, SAS, High-End SATA) with a good controller and you'll get your money in performance. Buy a decent network card! These things will pay off more than processor speed for a web server, usually. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: user level
On Sat, Aug 19, 2006 at 03:52:13PM -0500, conrad sobol wrote: survived some major problems with other operating systems. I have run and used:Fedora Core, Xandros, Ubuntu, installed Debian, DesktopBSD, and PCBSD; but, my dream is to run FreeBSD, but I have to be connected to the Internet to conduct personal business. What must I know to configure sbcglobal.net to operate FreeBSD. And, do you think I need to learn a If you have used the operating systems you listed, then you should be able to use FreeBSD! First, there's the handbook. It's just plain good, and it covers most all of the things you'll need to know. Second, see if there are local user groups for FreeBSD or *BSD. Third, you've come to the right place to ask questions. What, exactly, are the problems you're having with DHCP and sbcglobal, and what sort of connection do you have? Modem, DSL? -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to prevent users from receiving email
On Sat, Aug 19, 2006 at 07:40:02PM -0400, Bill Moran wrote: Daniel Gerzo [EMAIL PROTECTED] wrote: Hello Bill, Sunday, August 20, 2006, 1:21:39 AM, you wrote: Apparently my memory is useless and I've lost the ability to use google as well. I just added a user account to a mail server, but I don't want that user to receive mail on that server. It's running Postfix. I seem to remember a canonical method for preventing certain users from receiving email. But my memory has failed, and I can't seem to find anything on google. Is it an /etc/aliases trick? Indeed. Just make it go to /dev/null: user: /dev/null Do not forget to run newaliases ;-) Hmm ... That works, but it would be nice to have it reject the mail instead. Otherwise, someone could hog a lot of my bandwidth sending mails to the bit-bucket. virtusertable allows you to do that, like: [EMAIL PROTECTED] error:5.7.0:550 No such user. or something like that... -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BSDstats Project v2.0 ...
On Fri, Aug 11, 2006 at 02:38:48PM +0100, Matthew Seaman wrote: He's trying to prevent any possibility of information disclosure about his servers. If I wanted to hack into his site, knowing what hosts he had running (ie. a bunch of live IP numbers) and what OS etc. each used would mean I'm already halfway to my goal. Now, while the design of bsdstats does not disclose that sort of stuff readily, any security conscious admin is going to worry about that data being collected and held outside of his administrative control. Having a completely anonymous and untraceable token to identify each of the hosts sending in information should make connecting the information back to the original sender practically impossible. Yes, this kind of information leakage is particularly bad. Some script kiddie with a given hammer can go in search of just the right nails, and find them. If it's some work to extract info it's still worth it for a tidy list of hosts with a high probability of vulnerability. Although, playing devil's advocate here, anyone that could steal the Apache log files from the bsdstats server would be able to work out that sort of data fairly readily. I guess the truly paranoid should only submit their data via some sort of anonymizing proxy. It's easier than stealing log files. Anyone with access to traffic anywhere along the line can sniff this stuff without cracking into anyone's box. The suggestion to use a 128-bit random as an ID is a good one. Further, the stats server should have a public key and data sent to it should be encrypted. Or submissions could be over SSL. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Confused on how to properly set /etc/hosts
On Sun, Aug 06, 2006 at 09:24:59AM -0400, Ro BGCT wrote: I am new to FreeBSD and am wondering if someone couldt tell me how to properly set /etc/hosts. Right now it is: 127.0.0.1 localhost localhost.my.domain It says to replace my.domain with the domain name of my machine. If I am using this box remotely and its hostname is web1.server.net, would I make the change like: 127.0.0.1 localhost web1.server.net Or am I doing it wrong? You should only replace the my.domain part with the 2nd level domain, so it would be: 127.0.0.1 localhost localhost.server.net You *may* also have an entry for web1, but it would normally contain your assigned IP address: 10.10.10.115 web1 web1.server.net But you may not want anything except localhost, depending on your DNS setup. In fact, stick with localhost only until and unless you have a reason to add more to /etc/hosts. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pflog0 question
On Fri, Aug 04, 2006 at 02:26:49PM +0200, Beni wrote: Hi all, Does pflog0 need to get an ip-address from dhcp ? From what I can see in dmesg, pflog0 can't get one (vr0 does) but pflog0 seems to be up and running (same for pf and pflogd). So how do I get an address for pflog0 (if needed) ? I'm using 6.1-STABLE. You can't have an address on pflog0, and shouldn't be trying. It is just a pseudo device to let you use tcpdump in real time (or close to it) on what is logged by pflogd. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf states
On Sun, Jul 30, 2006 at 08:53:48PM +, Ivan Levchenko wrote: Have a little question to which google didn't help a lot. I have pf firewall working great. i installed pftop to see whats going on in real time. I see some state meanings that i would like to know more about, for example no_traffic. I looked in the man pages and what not, but could not find what i was looking for. Pftop assumes you have some knowledge of pf. Pf assumes you have some knowledge of networking. I think you are right that there's nowhere that really explains what these states are in realtion to pf. The STATE column in pftop (or pfctl -s state) has two sides, one for each endpoint. The state SINGLE:NO_TRAFFIC is something I see a lot using symon/symux, where a udp datagram is sent and there is no reply (it's merely accepted). You will also see a lot of ESTABLISHED:ESTABLISHED and FIN_WAIT_2:FIN_WAIT_2 states. Most of these are not really specific to pf, and will be documented in various references online and in books. Most of the states you will see have to do with TCP connections being build, or as established, or being torn down. Google for Transmission Control Protocol and you should find what you're looking for (and WAY more). -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
August PhxBUG Meeting, Tuesday August 1st
Hi! The next meeting of the Phoenix BSD User Group will be Tuesday, August 1st at 7:30pm. The location is ASU, Bateman PS-F Room 566 (map at http://www.asu.edu/map/b2.html), courtesty of Marco. This month's presentation will be An Introduction to PF, by Yours Truly. I will lightly cover all the main features, with simple example rule sets. With luck, we will also be able to show these in action. For any of you not familiar with pf, it is a stateful packet filter developed and maintained by the OpenBSD project, and ported to NetBSD, FreeBSD, and (I've heard tell) Linux. It features an efficient and secure design, coupled with a clean and readable rule syntax. Last month we missed some of the usual crowd but had a few new faces attend. I hope we can get the best of both this month, and I hope to see you there. -- Darrin Chandler Phoenix BSD Users Group (PhxBUG) [EMAIL PROTECTED] http://bsd.phoenix.az.us/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: newbee to freebsd, unix, etc...
On Sat, Jul 29, 2006 at 08:10:05PM -0700, Charlie OBrien wrote: Hi, im Charlie in Tucson Arizona. Im trying to teach myself FreeBSD and this is what i have done so far. I have downloaded and installed FreeBSD 6.1 onto my spare computer. i can boot the computer and login into the # prompt. how do i invoke the KDE windows environment? what are some other resources for me to learn the how to do... for example: how do i install applications. Im pretty proficient at using microsofts windows environment. any help is greatly appreciated. The handbook is a great resource that covers almost all aspects of running and configuring your system. It'll be a great help. Also, if you weren't aware, there's a user group in Tucson! I don't recall the URL just now, but if you have trouble finding it email me and I'll help you get in touch. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Are hardware vendors starting to bail on FreeBSD ... ?
On Fri, Jul 28, 2006 at 04:16:55PM -0300, User Freebsd wrote: And my point is that those not supporting FreeBSD already don't care, since as far as they are concerned, their is no market for them to be losing not buying their products isn't telling them anything they didn't already believe ... Actually, this is a very valid point. A good approach would be to write to the vendor and tell them than you had considered their product and it looks good based on purely technical mertis, but you had to go with a competitors products due to availability of technical documentation. Frankly, the lost sales from FreeBSD will get lost in the noise for a company like Adaptec. However, a few dozen or a few hundred letters like above would carry a fair amount of weight. Leave out any attitude or flames. Just tell them their competitor made money instead of them. AMD has played pretty nice with specs, along with price and other things to be comptetitive. It's worked well for them. Has Intel changed because of this? You bet. In addition to lowering prices, they've begun to open specs. Yes! That's a win for everyone, even Intel, and Intel is beginning to suspect... Now, can we get Adaptec or Broadcom to follow suite? Maybe. Some companies are slow learners. Counting FreeBSD installs and telling them how many there are won't do nearly as much as 1 out of 1000 FreeBSD users writing them a letter telling them you bought from their competitors because of their policies. Bonus points if the competitor has been nipping at their heels lately. ;) -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Are hardware vendors starting to bail on FreeBSD ... ?
On Thu, Jul 27, 2006 at 12:50:57PM -0500, Nikolas Britton wrote: Except most of the people using FreeBSD in a professional setting are pretty high up on the IT/IS/MIS food chain. If a product doesn't work on my platform of choice then there's no way in hell I'll approve it's uses on other platforms, FreeBSD is my litmus test. If a vendor doesn't support FreeBSD they can still pass my test by providing open documentation. What we really need is score card to keep track of the good and bad companies. Someone with initiative could have this up and running in a day or less... After it's up we can put a BIG HONKING LINK on the FreeBSD main page. It's not FBSD specific, but there's http://www.vendorwatch.org/, which is trying to do exactly that. They've got some good info, and I believe they would welcome any updates or info on companies that they don't have. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Are hardware vendors starting to bail on FreeBSD ... ?
On Wed, Jul 26, 2006 at 11:44:38AM -0500, Nikolas Britton wrote: We need an Internet store that only stocks compatible hardware. It should include all the BSDs as well as Linux, Mac OS X, and any other non Microsoft OS. On the site they can just list whats compatible with what and customers can leave compatibility feedback. Other part requirements could be: * Open documentation. * No binary blob drivers. * Source code for company developed drivers. I would not limit the store to just parts that interact with the OS, I want everything needed to build a system; this includes desktops, workstations, rackmount servers, and embedded systems. I also want networking gear. If anyone knows of a vendor that already does this let me know. This may be old news, but http://www.vendorwatch.org/ is making a good attempt at showing how well vendors are working with the open source / free software community. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Replacing windows XP at home.
On Wed, Jul 26, 2006 at 06:15:48PM +0100, RW wrote: KDE is mostly application modules, which you don't need to install if you dont want them. These days, though, the avoidance of bloat is mostly just a fetish. I've not noticed any speed difference between KDE and the lighter window managers for years. And as far as disk space is concerned we are talking about pennies. I've tried fluxbox and the like off-and-on, but I always miss some KDE feature within minutes. I disagree. Bloat is bloat. I'm using ion3 on my laptop and it's blazingly fast. I installed KDE on my wife's computer and while it's not a dog it is NOT blazingly fast. OTOH, my wife's only experience was with Windows and she never had any trouble finding her way around in KDE (which is why I installed it for her). If you're replacing WinXP and you want people up to speed fairly quickly then I think KDE is a pretty good choice. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Are hardware vendors starting to bail on FreeBSD ... ?
On Wed, Jul 26, 2006 at 03:36:51PM -0300, User Freebsd wrote: On Wed, 26 Jul 2006, Nikolas Britton wrote: * No binary blob drivers. This is one that I don't necessarily agree with ... if Adaptec came out with a *supported* iir driver, but it was binary only, I'd be happy with that ... I just want to know that if I *have* a problem with a piece of hardware, that I can get support for it ... A lot of people agree with you, but I'm not one of them. It's not about you being inconvenienced in this particular case. It's about choice, and vendors supporting the customers by providing *specs*. What if they provide a blob for FreeBSD but you decide you want to run NetBSD on a particular machine and there's no blob? Or much more likely: what if they provide a blob for Linux, but not for FreeBSD? Should they also provide a blob for Plan 9? If the specs are not open, then your choices are limited to what the vendor wants to develop and support. And that's likely to be Windows, and maybe Linux, and maybe maybe FreeBSD. OTOH, if the vendor opens the specs then good, solid drivers can be written for whatever platform. And ported. And if there's a problem it can be fixed. This even turns out to benefit people who don't give a hoot about whether something is free or open or not. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Are hardware vendors starting to bail on FreeBSD ... ?
On Wed, Jul 26, 2006 at 04:48:52PM -0300, User Freebsd wrote: My point isn't that I *liked* binary-only drivers ... my point is that I'd rather a company like Adaptec to *at least* supply a binary driver if they require their specs to be closed, then provide *no means* for me to use Adaptec products ... Right now, I personally am being hurt more by having *nothing* from Adaptec, binary or open, then I would be if they'd provide something binary, since under 4.x, the Adaptec driver *was* rock solid, so I felt pretty safe upgrading to 6.x, which turns out was not so smart a move ... How many out there are *still* running 4.x on their servers and desktops, for similar fears? Do you see that if support in 4.x had been based on open specs from Adaptec that this issue would not exist? Adaptec is controlling your ability to use their product, and that's the real problem. It's consumer-hostile, unless you fit their perfect picture of consumer. You don't, so you're left in the cold. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dumping net traffic to log file
On Tue, Jul 25, 2006 at 01:39:49PM -0400, Steel City Phantom wrote: Great, im making good progress here. it seems like tcpdump only captures the headers, is there a way to capture the entire packet, data and all? In addition the the other fine answers you got, after you've written to a file with -w and are later reading it with -r you can raise the snaplength with -s to view a bit more without seeing the whole packet. Often that's a nice way to narrow things down when you don't yet know exactly what you're looking for. Also, you will want to get familiar with filter expressions, which may appear at the end of the tcpdump command: tcpdump ... host 192.168.10.100 and port 999 would only show traffic for port 999 to or from 192.168.10.11, for instance. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf firewall for a server
On Tue, Jul 25, 2006 at 08:30:46PM -0500, Jonathan Horne wrote:
ive been googling for a while now this evening, but have unsuccesfully found
any examples on how to firewall a server. i do *not* want to build a router,
and unfortunatly, every article i seem to find wants to tell me how to build
a router!
i just want to learn how to build a simple pf config suitable for a server.
if anyone knows of a website where such an example might be found, that would
be awesome (but direct config examples in a reply will also be duely
appreicated as well :)
Most of the rulesets for router/gateway firewalls with give you lots of
good info for a single server, too. Understanding how the rules work is
the name of the game either way. The handbood is a great place to start,
and the pf faq on the OpenBSD site is another.
Here's a very simple but functional pf.conf to get you going:
-
if1 = ne0 # Our Interface
allowed_svc = { ssh www } # Services to let in
set skip on lo
scrub in
block in
pass out keep state
antispoof quick for lo
pass in log on $if1 inet proto icmp to ($if1) keep state # Optional
pass in log on $if1 inet proto tcp to ($if1) port $allowed_svc \
keep state
-
That is something you can start with. BUT, you need to understand what
the rules do! Do read the handbook, faq, and man pages. See if you can
find anything wrong with the above ruleset.
--
Darrin Chandler| Phoenix BSD Users Group
[EMAIL PROTECTED] | http://bsd.phoenix.az.us/
http://www.stilyagin.com/ |
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dumping net traffic to log file
On Mon, Jul 24, 2006 at 03:20:32PM -0400, Steel City Phantom wrote: i am troubleshooting an application and am having a hell of a time with it. with bsd 6.1 is there a way where i can dump all traffic coming over the nic to a log file so i can see exactly what is coming in? tcpdump works nicely for this. :) -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sshd not working
On Sun, Jul 09, 2006 at 02:55:41PM -0400, Elijah Savage wrote: I just did a fresh install of FreeBSD 6.1 I enabled ssh on startup. I can see that it is running from the console but it is not accepting ssh connections across the network. I can ping the machine and nmap the machine and see ssh port 22 open, also /etc/rc.conf shows ssh enabled what am I missing? Since port 22 is open, try the -v switch on the client side and see where and what isn't working. If it's a config problem between what the server will accept and what the client is trying it should show up there. Also check syslog to see if something funky happened on the server side. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sshd not working
On Sun, Jul 09, 2006 at 03:38:33PM -0400, Elijah Savage wrote: Well thank you for the reply but it was the network card. I am not sure if I should take it back or not. It is a brand new network D Link GigE card realtek chipset RTL8169. This was such strange behavior, I could get out from the machine but could not get into it across the network. I just replaced it with a Intel 100mb fxp0 and everything works now. Sort of sucks my server will be runnning at 100mb and every other client at GigE. I made sure my card was on the list so it could be bad I suppose. If you want to investigate it might be worth it. Check ifconfig output and compare to other cards of the same make. Check duplex settings, etc. Swap cards and see if problems follow the card or stay with the machine... Glad you found the problem, anyway. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf on freebsd 6.1 on DMZ in m0n0wall question
On Sat, Jul 01, 2006 at 11:46:42PM +0800, jan gestre wrote: i recently installed and configured (postfix+dovecot+amavisd-new+clamav+dspam+roundcubemail) in my freebsd 6.1box, i placed the box in my dmz protected by m0n0wall, however i have no firewall on the mentioned box and i'm relying on m0n0wall to protect it. is that ok? i'm new to freebsd and read about pf and i'm having some thoughts of installing pf as firewall in my webmailserver but i'm afraid to mess things up especially now that the box is already a production server, do i really need to install a separate firewall? is it an overkill? if not then anybody kind enough to lend a working pf configuration that allows http, smtp and ssh, i've read the handbook but don't understand it much particularly the firewall thing. I think you're right not to try this out on your production box. Pf is nice, and I encourage you to use it, but *please* find a test machine! Pf works well and it's pretty easy to learn, but you almost certainly will make mistakes in the beginning. In addition to the fine Handbook, there's a nice pf faq at www.openbsd.org/faq/pf/ that explains a lot and has a few ruleset examples. If you learn your way on a test box it'll be a snap to put it in production... -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf + ftp throughput
On Fri, Jun 16, 2006 at 02:31:07PM -0500, J.D. Bronson wrote: for a trial, I am going to fire up a drive loaded with OpenBSD 3.9 and PF and see if there is anything better/worse with the same pf.conf file. I've been playing at home, trying to reproduce this behavior (sparc64, OpenBSD). I haven't done so yet, but I don't have the best test cases. I tried with a 12M file across the 'net, and what looked like the same issue went away, so it was just fluctuations on the net. I tried the same file from the firewall itself to a client, and times are virtually identical. What I really need is two local clients going through the firewall. If I get that going I'll let you know what I find. FWIW, I Googled pretty heavily for this and didn't turn up much. I found one mailing list message from years ago describing *exactly* the same problem. Unfortunately I didn't see any followups or further problem reports. Are you also doing nat/rdr on this box? Have you run tcpdump on the pflog interface to make sure you're matching the rules you think? I'd like to track this down, so please feel free to send me any info you think pertains to this. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: smoke and mirrors - any way to trick an app into thinking I'm running linux?
On Sun, Jun 18, 2006 at 10:13:03PM +0100, Alex Zbyslaw wrote: That really rather depends on *how* the app is asking. If you can tell us that, we can almost certainly tell you how to fool it. Of course, if you have the source code, it should be easy as you can just comment out the test and recompile. Mind you, if the app is as short-sighted and bloody-minded as its developers, maybe you should just look for an alternative. I agree with the above. In addition, consider respecting the wishes of the developer(s) and not using it. If they have any sort of free license then you can always release a portable fork. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf + ftp throughput
On Fri, Jun 16, 2006 at 01:59:01PM -0500, J.D. Bronson wrote: For example...moving a 50MB file: 'keep state' = 11-12MB/sec over 100MB-FDX 'modulate state = 6-7MB/sec over 100MB-FDX ..it took me a while to determine the culprit here - but I am curious as to why this is the case? Since modulate state substitues its own high quality random sequence for the TCP stream in both directions, a wimpy CPU or similar problem could easily cause this, I think. Still, I'm surprised to see a 50% hit from using modulate state. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf + ftp throughput
On Fri, Jun 16, 2006 at 02:13:00PM -0500, J.D. Bronson wrote: At 02:10 PM 6/16/2006, Darrin Chandler wrote: On Fri, Jun 16, 2006 at 01:59:01PM -0500, J.D. Bronson wrote: For example...moving a 50MB file: 'keep state' = 11-12MB/sec over 100MB-FDX 'modulate state = 6-7MB/sec over 100MB-FDX ..it took me a while to determine the culprit here - but I am curious as to why this is the case? Since modulate state substitues its own high quality random sequence for the TCP stream in both directions, a wimpy CPU or similar problem could easily cause this, I think. Still, I'm surprised to see a 50% hit from using modulate state. Yes. I am too! This is a P4-3.06 with 1GB ram...under almost no load...so I cant fault the CPU this time The only two things that come to mind are 1) pf is using a really complex and slow random source, or 2) something is going haywire with the connection. Have your tried tcpdump on either interface (not pflog) to see if anything strange is going on (ACK storms, etc)? Just fishing at this point... -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Im new to FreeBSD
On Mon, Jun 12, 2006 at 12:52:48PM -0400, [EMAIL PROTECTED] wrote: why do all of these e-mails show up in my inboxxx please lemme know Where should they show up? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] If you don't want to be subscribed to this list then see the above line starting with To unsubscribe -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: wikipedia article
On Mon, Jun 12, 2006 at 02:48:07PM -0400, Thor Lancelot Simon wrote: Does it really matter? This whole discussion seems like a deliberate effort to dredge up old rivalries and create bad feeling. It is all ancient, ancient history now. I doubt this was the original intention, but it looks like it's headed that way... At this point in time it seems like there's a fair amount of porting, backpatching, and code sharing between the BSDs. Who came first has less to do with anything than the philosophy and focus of each project today, and how well it fits with a particular application. If the wikipedia article helps people determine suitability for a purpose then it's worthwhile. The history is already out there, and can be included or merely linked to. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
