LDAP Authentication questions...
Hello folks, First, please reply-all to this message as I'm not on the list. I'm trying to configure a bunch of FreeBSD 6.x and 7.x servers for authentication via LDAP. I've got LDAP setup with user accounts, I've got replication configured on the LDAP servers, and I have pam_ldap and nss_ldap installed, configured, and working. The last hurdle I'm trying to leap is server failover. I have the following line in my /usr/local/etc/ldap.conf file: uri ldap://ldap.example.com ldap://ldap2.example.com If I finger ldap_user with both servers running, I get a response with that user's information. If I switch around the order of the two ldap servers, I get a response (for a different username to avoid the caching). My problem lies with failing the first server in the list. In this case, I'm simply stopping the slapd process. finger ldap_user hangs forever and authentications all timeout for ldap- configured services like ssh. Now, shouldn't it eventually fail over to my secondary LDAP server? I've even tried adding timelimit 10 to the ldap.conf file to set a timeout, to no avail. Thanks! - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
any cisco gurus help me off list?
Hey folks, I've got a problem I'm trying to resolve on a Cisco router involving NAT-on-a-stick. Are there any Cisco gurus willing to help me off-list? Thanks. - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenLDAP 2.4 and FreeBSD Ports
Add the following to /etc/make.conf (create if it doesn't exist): WANT_OPENLDAP_VER= 24 Eric (Thanks folks) On Feb 11, 2008, at 2:27 PM, Mark Foster wrote: Eric F Crist wrote: I'm trying to use OpenLDAP 2.4, which I installed from the FreeBSD ports tree. However, everything else I try to install, LDAP support in Apache22, pam_ldap, seems to want to use 2.3.40 instead. Obviously, it tries to install that version, which fails since 2.4.7 is installed. How do I tell the ports system I'm using 2.4 instead of 2.3 so it links correctly? I've noticed the same for phpLDAPadmin. Would like to use it with 2.4 on the same server but it wants 2.3. -- Some days it's just not worth chewing through the restraints... Mark D. Foster, CISSP [EMAIL PROTECTED] http://mark.foster.cc/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenLDAP 2.4 and FreeBSD Ports
I'm not finding what you're referring to. I've looked into all the Makefile* files in /usr/ports/www/apache22 and I cannot find an option to tell apache22 to build with openldap24-sasl-client. Any more pointers? Eric On Feb 11, 2008, at 12:26 PM, David Alanis wrote: Eric: Can you include this in your make.conf: DEFAULT_PHP_VER=5 DEFAULT_MYSQL_VER=50 APACHE_PORT=www/apache22 DEFAULT_LDAP_VER= number goes here but I don't know the correct wording this is just an example of my make.conf Otherwise: Edit usr/ports/www/apache22/Makefile and select the correct version of ldap you want that port to use. David Alanis Quoting Eric F Crist [EMAIL PROTECTED]: Hello folks! First off, please reply-all as I'm not longer a subscriber. I'm trying to use OpenLDAP 2.4, which I installed from the FreeBSD ports tree. However, everything else I try to install, LDAP support in Apache22, pam_ldap, seems to want to use 2.3.40 instead. Obviously, it tries to install that version, which fails since 2.4.7 is installed. How do I tell the ports system I'm using 2.4 instead of 2.3 so it links correctly? thanks! - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] This message was sent using IMP, the Internet Messaging Program. - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
OpenLDAP 2.4 and FreeBSD Ports
Hello folks! First off, please reply-all as I'm not longer a subscriber. I'm trying to use OpenLDAP 2.4, which I installed from the FreeBSD ports tree. However, everything else I try to install, LDAP support in Apache22, pam_ldap, seems to want to use 2.3.40 instead. Obviously, it tries to install that version, which fails since 2.4.7 is installed. How do I tell the ports system I'm using 2.4 instead of 2.3 so it links correctly? thanks! - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFW/Divert problem...
On Nov 6, 2007, at 12:29 AM, Andrey V. Elsukov wrote: Eric F Crist wrote: I've been working on doing some bandwidth accounting with ipfw count rules, but I've come across a very crappy problem. After adding the following two lines to /etc/rc.conf, I'm posed with a question during boot: Loading divert daemons are you sure [yn]: About which lines you talk? Sorry, left that part out: firewall_enable=YES firewall_script=/etc/ipfw.sh FWIW, ipfw.sh ONLY has count rules it it. There isn't any NAT/etc going on here. Also, IPFW was compiled with DEFAULT TO ACCEPT, since I'm not really using it for anything other than accounting. - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFW/Divert problem...
On Nov 6, 2007, at 7:32 AM, Andrey V. Elsukov wrote: Eric F Crist wrote: firewall_enable=YES firewall_script=/etc/ipfw.sh FWIW, ipfw.sh ONLY has count rules it it. There isn't any NAT/etc going on here. Also, IPFW was compiled with DEFAULT TO ACCEPT, since I'm not really using it for anything other than accounting. In the your /etc/ipfw.sh script you should use -f flag when you run ipfw flush command. I am, but that has nothing to do with my problem. My problem is that, during system boot, I'm asked the following question: Loading divert daemons Are you sure? [yn]: The system sits there indefinitely until the question is answered. I need this to go away. - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFW/Divert problem...
On Nov 6, 2007, at 9:28 AM, Andrey V. Elsukov wrote: Eric F Crist wrote: In the your /etc/ipfw.sh script you should use -f flag when you run ipfw flush command. I am, but that has nothing to do with my problem. My problem is that, during system boot, I'm asked the following question: Loading divert daemons Are you sure? [yn]: The system sits there indefinitely until the question is answered. I need this to go away. Are you sure? Please, show your script. I think these is two different messages: 1) Loading divert daemons - probably from some of your third party software start script. 2) Are you sure? [yn] - message from ipfw, when you run `ipfw flush` in the /etc/ipfw.sh script. So, I looked, and you were right, it was two different messages. I had ipfw flush -f rather than ipfw -f flush. Thank you, thank you, thank you! - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
IPFW show format question...
So, everything I've read says that ipfw show displays rule number, packets caught, bytes matched, and rule. The problem I'm having is that it seems that the bytes, at least on some rules, is way out of whack. I'm capturing this data for cacti, and trying to display accumulated ipfw traffic. If I zero my counters and download a file via FTP, the downloaded sizes don't even compare. 61MB into the download, if I convert the ipfw show from the supposed bytes into MB, it says I've downloaded 155MB. Please help me understand this! Thanks! - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
IPFW2 woes...
Hey all, I've written a short IPFW ruleset, with only some count rules and one allow all ip rule. I've got the following entries in my /etc/rc.conf file: # IPFW Settings # Only used for traffic accounting! firewall_enable=YES firewall_script=/etc/ipfw.sh Every time this system boots, it asks if I'm sure if I want the divert daemon enabled? The answer, really, is NO. pf is doing all that for me, I'm just using IPFW for packet accounting. The message changes slightly if I add natd_enable=NO to the file. Why is it asking me this, and what do I need to do to make it go away!? Thanks! - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Windows SSH client?
It was a request by the boss. He loves pico, and was getting cursor position from his current ssh client. We've since convinced him to use nano -c, and use putty. thanks for all the advice! Eric On Oct 25, 2007, at 5:11 PMOct 25, 2007, Predrag Punosevac wrote: N.J. Thomas wrote: * Eric F Crist [EMAIL PROTECTED] [2007-10-24 14:12:59 -0500]: I'm looking for a good, free, SSH client that has line/column numbers at the bottom, similar to SecureCRT. I'm curious as to why you need the line/column numbers displayed for your terminal in an SSH client? That seems to me a completely unrelated function. Most editors (Vi, Emacs, etc.) will give you that info, but can you explain why need it as necessary component for an SSH client? Thomas I am also confused about your question as a previous sender. Do you have cygwin installed on your Windows machines? You can use shell to ssh to a remote location like in Unix. The next thing that comes to my mind is PUTTY but I am not really sure if you already dismissed it as inadequate. WinSCP is secure copy client (sftp) which is in Unix world part of ssh but as I said earlier if you have cygwin you can pretend that you are in the Unix environment. OpenSSH is a cygwin package! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: reverse DNS resolution...
Thanks to all for their help. I was ignoring the forward DNS, and many things don't resolve reverse DNS unless there's a matching forward DNS. duh. thanks! Eric Crist On Oct 23, 2007, at 12:00 PMOct 23, 2007, Oliver Fromme wrote: Eric F Crist wrote: As I already stated, if I do a host 172.30.x.x, I get a the correct reverse resolution. dig works as well. What isn't working is the reverse resolution in certain command outputs, etc. Note that the DNS tools (host, nslookup, dig) use their own resolver code, not the one from FreeBSD's libc, like all other tools. That might explain the difference. Make sure that you have configured /etc/nsswitch.conf and /etc/resolv.conf correctly. Also note that /etc/hosts overrides DNS by default. You can use tcpdump to check if a reverse lookup request is sent to the DNS server when the failure occurs, and what the reply looks like. E.g. let this command run in one terminal: # tcpdump -i tun0 -s 1500 -l -n -vvv udp port domain Add an -i option to specify the interface to listen on, if you have multiple interfaces (e.g. -i fxp0). Then run the command (w, irc client, whatever) in another terminal and watch the tcpdump output. Oh by the way, I think the addresses in IRC are resolved by the servers, not by the clients, so you would have to run the tcpdump command on the IRC server (if it's an internal one to which you can login and have root access). Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http:// www.secnetix.de/bsd PI: int f[9814],b,c=9814,g,i;long a=1e4,d,e,h; main(){for(;b=c,c-=14;i=printf(%04d,e+d/a),e=d%a) while(g=--b*2)d=h*b+a*(i?f[b]:a/5),h=d/--g,f[b]=d%g;} ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Windows SSH client?
Hey folks, I'm looking for a good, free, SSH client that has line/column numbers at the bottom, similar to SecureCRT. Any advice is appreciated! - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: reverse DNS resolution...
On Oct 22, 2007, at 4:51 PMOct 22, 2007, Philip M. Gollucci wrote: Eric F Crist wrote: Hey folks, We're trying to get reverse DNS resolution for a block of IPs (private). We've had the 10.x network working great at the office for quite some time now, but I'm having a problem getting the 172.30.x network to work. Typing 'host ip' returns a valid result, however output from who, as well as other network services (IRC, apache) only see the IP. Is there something I'm missing? Thanks for the pointers! Well, your DNS needs to be authoritative for both forward and reverse. If you are trying to do this for less then a /24 block the zone files get messy quick because of the 8bit boundaries. You seem to be trying to do this for a /16. I'll bet you're missing the named.conf entries and related reverse zone files: Odds are you'll want to have zones: zone 1.30.172.in.addr.arpa { type master; file master/1.30.172.in.addr.arpa notify yes; } zone 255.30.172.in.addr.arpa { ;; or slave config since you'll have more than 1 ns type slave; file slave/255.30.172.in.addr.arpa; masters { x.y.z.a; }; } Or some larger splits of that. You're going to have give me a netmask for more help. /16 is the netmask, you already figured that one out. ;) As I already stated, if I do a host 172.30.x.x, I get a the correct reverse resolution. dig works as well. What isn't working is the reverse resolution in certain command outputs, etc. Maybe there is something missing here: == named.conf == zone 30.172.IN-ADDR.ARPA { type master; file master/vpn.rev; }; == vpn.rev == $TTL 86400 @ IN SOA snowball2.secure-computing.net root.secure- computing.net ( 1 ; Serial 21600 ; Refresh 1200; Retry 1209600 ; Expire 3600; TTL ) IN NS snowball2.secure-computing.net ; Static vpn ips go here. 21.1IN PTR user1.vpn. 25.1IN PTR user2.vpn. 29.1IN PTR user3.vpn. 33.1IN PTR user4.vpn. 37.1IN PTR user5.vpn. 41.1IN PTR user6.vpn. 45.1IN PTR user7.vpn. 49.1IN PTR user8.vpn. 53.1IN PTR user9.vpn. ; Auto-generate reverse dns for our dynamic block. $ORIGIN 0.30.172.in-addr.arpa. $GENERATE 2-254 $ PTR 172-30-0-$.vpn. For what it's worth, the hosts I'm testing have snowball2 listed as their primary DNS server. Again, host 172.30.1.21 successfully returns user1.vpn, etc. Just output in w and last, as well as certain services such as UnrealIRCd don't resolve these correctly. Thanks for the help folks! - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
reverse DNS resolution...
Hey folks, We're trying to get reverse DNS resolution for a block of IPs (private). We've had the 10.x network working great at the office for quite some time now, but I'm having a problem getting the 172.30.x network to work. Typing 'host ip' returns a valid result, however output from who, as well as other network services (IRC, apache) only see the IP. Is there something I'm missing? Thanks for the pointers! - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Real-Time traffic monitor?
Hey all, I've got a fairly heavy-duty machine doing firewalling for my network, and the VAST majority of it's processing power is going unused. As such, I'd like to put X on this box, attach a monitor, and display a series of real-time traffic graphs. Does anyone know what the best software to use for this would be? Thanks! - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Some hosting weirdness...
Hey folks, I've got a few websites hosted on my systems, and I've having some VERY strange connection timeout issues. Here's three sites to use as examples. 1) www.unixarmy.com This site has very basic HTML. Loads fine everywhere we've tried it. 2) www.secure-computing.net This site is also basic HTML, doesn't load from insight.com or rr.com addresses. 3) www.fastandcleaninc.com This site is some sort of java/dynamic HTML, also doesn't load from insight or rr.com. All of these sites are hosted on the same box, across the same connections. Secure-computing.net is redirected to https for secure connections. All the apache configurations are generally the same. From where I am in Minneapolis, MN, I can connect from multiple ISPs to all of my hosted sites without problems or latency. People I know in Bloomington, IL and Jacksonville, NC, timeout on secure- computing.net and fastandcleaninc.com. What should I look for? Is there possibly some weird caching issues at their ISPs? How can I fix this? Thanks a lot! - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Some hosting weirdness...
On Jul 11, 2007, at 7:40 AMJul 11, 2007, Heiko Wundram (Beenic) wrote: On Wednesday 11 July 2007 14:19:09 Eric F Crist wrote: snip What should I look for? Is there possibly some weird caching issues at their ISPs? How can I fix this? Do a tcpdump when someone connects from their network and check for TCP-MSS issues, which would be my first guess when small files/items load fine over HTTP but items larger than a single TCP-packet won't (which basically fits the symptoms you describe). As some ISPs will do IP fragmentation when a packet too large to fit over the downlink to a customer arrives, you'll not see this problem with these. Those ISPs that don't do IP fragmentation on the downlink (quite a few) generally should send out an ICMP-message with a Fragmentation needed error (which appears in the tcpdump), but some don't do that either. Generally, the MSS in their SYN-packet when connecting to your webserver should be below 1460; most probably at 1452 (which is DSL and cable AFAIK), or more generally speaking (their) MTU-40, and the _IP_ packet size your host sends back should always be equal to or below the minimum of your MSS (which is sent in the SYN/ACK packet) and their MSS, plus 40. If this is not the case, you have an issue. Well, I performed a tcpdump as you suggested, and my mss is exactly 1460, not the 1452 you suggest. What does this mean? - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPv6 Setup...
On Jun 22, 2007, at 9:23 PMJun 22, 2007, Eric F Crist wrote: Hello all, I've been toying with getting IPv6 installed and running for a while, and I've got only one hurdle remaining. I have 5 servers on my quaint little network, and my primary firewall is configured with an IPv6 address, we'll say 1000:2000:1::6 and is connected to my ISP through a gif tunnel (router doesn't support IPv6 yet, on my end) to 1000:2000:1::5. I can ping6 all day long across this tunnel, and I can even connect through this firewall to other sites using the IPv6 addresses. I've been given 2001:4900:1:0111::/64 for my use. I've configured / etc/rc.conf on my first two machines with ipv6_enable=YES and given them 2001:4980:1:0111::1 and 2001:4980:1:0111::2. Each machine can ping6 itself, but they cannot ping6 eachother. I know the copper is good, and my ipv6 is running along side my ipv4 addresses and such. In addition, there are no firewalls in between. Is there something I'm missing? Also, what the heck is rtadvd_enable=YES actually doing for me? I understand it's broadcasting some routing stuff so my other hosts can auto-configure their IPv6 addresses, but anything else? Thanks a lot all! - Eric F Crist Secure Computing Networks Alright, sorry to reply to my own post, but the situation is a little different than I thought. As it turns out, all of my systems can ping eachother, save my gateway/firewall machine. This machine is configured with 2 NICs, with ethernet bridging. My configuration is as follows: INET -- ROUTER -- FBSD GATEWAY -- LAN While the FBSD GATEWAY has an IP assigned to it's internal interface (available from both sides), and it's bridging IPv6 correctly, I'm thinking this may be my IPv6 problem. The gateway has a gif tunnel to my ISP for IPv6 routing, as my cheap router doesn't support the new IP protocol. The gateway can ping across the tunnel using IPv6 perfectly fine. It can also ping it's own IPv6 addresses, regardless of the interface. What I CANNOT do, is ping to the IPv6 box from any machine on my LAN. I can ping IPv4 just fine. Please help! Eric Crist - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
IPv6 Setup...
Hello all, I've been toying with getting IPv6 installed and running for a while, and I've got only one hurdle remaining. I have 5 servers on my quaint little network, and my primary firewall is configured with an IPv6 address, we'll say 1000:2000:1::6 and is connected to my ISP through a gif tunnel (router doesn't support IPv6 yet, on my end) to 1000:2000:1::5. I can ping6 all day long across this tunnel, and I can even connect through this firewall to other sites using the IPv6 addresses. I've been given 2001:4900:1:0111::/64 for my use. I've configured / etc/rc.conf on my first two machines with ipv6_enable=YES and given them 2001:4980:1:0111::1 and 2001:4980:1:0111::2. Each machine can ping6 itself, but they cannot ping6 eachother. I know the copper is good, and my ipv6 is running along side my ipv4 addresses and such. In addition, there are no firewalls in between. Is there something I'm missing? Also, what the heck is rtadvd_enable=YES actually doing for me? I understand it's broadcasting some routing stuff so my other hosts can auto-configure their IPv6 addresses, but anything else? Thanks a lot all! - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
GEOM/GELI Boot Disk Encryption
Hey folks, I'm trying to take a system that already has a running freebsd system (or I can start over), and make the entire system encrypted. I've found instructions (freebsd manual) for creating secondary disks, but not the boot disk in particular. Can anyone point me in the right direction? TIA Eric F Crist ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: share my experience: highlight parts of a text file that matches a regular expression
That's great! One question, how do I make it highlight the entire line, rather than the searched-for text? Thanks! Eric Crist On 6/6/07, Zhang Weiwu [EMAIL PROTECTED] wrote: Dear list I'd like to highlight part of output of one application that matches a regular expression. First I thought this is simple: $ my_app | grep --color=auto 'regexp' This method have a big problem that lines doesn't match regexp is not displayed, in my case I want all output of my_app being displayed, only the matching part highlighted. First I thought grep might have a parameter to output everything it receive, and it seems it doesn't. And I discovered I can use '-e' parameter for this purpose: $ my_app | grep --color=auto -e 'regexp' -e '$' The second -e makes all line matched. Maybe useful for some newbies. -- Zhang Weiwu Real Softservice http://www.realss.com +86 592 2091112 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: not able to output anything to /dev/ttyv8?
Along those same lines, I'd like to output iftop to ttyv0 (main console) with login across serial and/or another tty. I get rate limit errors of some sort when I edit /etc/ttys. What method should I use to ouput an application such as iftop to a tty? TIA Eric Crist On 6/6/07, Zhang Weiwu [EMAIL PROTECTED] wrote: On Wed, 2007-06-06 at 09:31 -0500, Jonathan Horne wrote: Im not sure what your application may be, but my simple solution is just to 'tail -f /path/logfile'. This way, I can see the output of my application from anywhere I am via ssh (not just the local tty). Year, sure, right! I have been using your method for months! I start to thinking of piping result to a tty because the box running this app is not far away and I just think it's fun and looking nice to have it poping up progress :) As you said, this is not very very necessary, it's mostly for fun and a little bit easier for me -- Zhang Weiwu Real Softservice http://www.realss.com +86 592 2091112 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: share my experience: highlight parts of a text file that matches a regular expression
that worked great! thanks! On 6/6/07, Zhang Weiwu [EMAIL PROTECTED] wrote: 于 Wed, 6 Jun 2007 11:16:17 -0500 Eric F Crist [EMAIL PROTECTED] 写道: That's great! One question, how do I make it highlight the entire line, rather than the searched-for text? Guess would be: $ my_app | grep --color=auto -e '.*regexp.*' -e '$' Add '.*' before and after your regular expression Thanks! Eric Crist On 6/6/07, Zhang Weiwu [EMAIL PROTECTED] wrote: Dear list I'd like to highlight part of output of one application that matches a regular expression. First I thought this is simple: $ my_app | grep --color=auto 'regexp' This method have a big problem that lines doesn't match regexp is not displayed, in my case I want all output of my_app being displayed, only the matching part highlighted. First I thought grep might have a parameter to output everything it receive, and it seems it doesn't. And I discovered I can use '-e' parameter for this purpose: $ my_app | grep --color=auto -e 'regexp' -e '$' The second -e makes all line matched. Maybe useful for some newbies. -- Zhang Weiwu Real Softservice http://www.realss.com +86 592 2091112 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
IPv6 Tunnel issues...
Hey all, I've got a FreeBSD 6.2 system, compiled from source only two days ago, so it should have the routing patch applied. I'm trying to get a tunnel between my systems and my ISP. I'm performing the configuration as follows: ifconfig gif0 create ifconfig gif0 tunnel my IPv4 address my ISP IPv4 address ifconfig gif0 inet6 alias ::a::a ::b::b prefixlen 126 When I execute the last command, I get: ifconfig: ioctl (SIOCAIFADDR): Invalid argument This works on a FreeBSD 4.11 system when my ISP tested on their end (slightly different syntax). What am I doing wrong? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPv6 Tunnel issues...
On 3/20/07, Eric F Crist [EMAIL PROTECTED] wrote: My ISP tells me it should be prefixlen 126, not 128 On 3/20/07, Björn König [EMAIL PROTECTED] wrote: Eric F Crist schrieb: [...] I'm performing the configuration as follows: ifconfig gif0 create ifconfig gif0 tunnel my IPv4 address my ISP IPv4 address ifconfig gif0 inet6 alias ::a::a ::b::b prefixlen 126 When I execute the last command, I get: ifconfig: ioctl (SIOCAIFADDR): Invalid argument [...] Use a prefix length of 128 instead of 126. Regards Björn Sorry for the top post earlier. I've eliminated the second IP address on the inet6 ifconfig command, and prefixlen 126 is accepted. Now I just get no ping replies accross the gif0 interface. ifconfig shows all the correct information, and netstat -rn shows valid routes. What am I missing? I *did* have this working at one time this morning, but I tried to get things into rc.conf and haven't been able to get it back up. TIA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPv6 Tunnel issues...
On 3/20/07, Nikos Vassiliadis [EMAIL PROTECTED] wrote: On Tuesday 20 March 2007 17:01, Eric F Crist wrote: On 3/20/07, Eric F Crist [EMAIL PROTECTED] wrote: My ISP tells me it should be prefixlen 126, not 128 On 3/20/07, Björn König [EMAIL PROTECTED] wrote: Eric F Crist schrieb: [...] I'm performing the configuration as follows: ifconfig gif0 create ifconfig gif0 tunnel my IPv4 address my ISP IPv4 address ifconfig gif0 inet6 alias ::a::a ::b::b prefixlen 126 When I execute the last command, I get: ifconfig: ioctl (SIOCAIFADDR): Invalid argument [...] Use a prefix length of 128 instead of 126. Regards Björn Sorry for the top post earlier. I've eliminated the second IP address on the inet6 ifconfig command, and prefixlen 126 is accepted. Now I just get no ping replies accross the gif0 interface. ifconfig shows all the correct information, and netstat -rn shows valid routes. What am I missing? I *did* have this working at one time this morning, but I tried to get things into rc.conf and haven't been able to get it back up. There is an errata notice about gif(4)s, don't know it affects you... http://www.freebsd.org/releases/6.2R/errata.html Yes, I saw that, my first post mentions I'm patched and good-to-go. I've also tried the work around mentioned, just to be sure. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Reducing the size of /
On May 12, 2006, at 11:11 AM, bsd wrote: Hello, I have three partitions on my server and would like to reduce the size of / because I am getting quite full ! Filesystem SizeUsed Avail Capacity Mounted on /dev/ar0s1a3.8G2.8G668M81%/ devfs 1.0K1.0K 0B 100%/dev /dev/ar0s1d 60G1.9G 53G 3%/home What are the places I could start looking in to delete not so usefull files, knowing that I am syncing using portsnat (and previously cvsup). A good command I use when things start getting full is: #du -hd 1 [filesystem] Where [filesystem] is the partition path you want stats on. My output looks like this: # du -hd 1 / 2.0K/.snap 1.5K/dev 49G/usr 841M/var 3.1G/www 2.3M/stand 3.1M/etc 2.0K/cdrom 924K/bin 39M/boot 3.2M/lib 282K/libexec 2.0K/mnt 2.0K/proc 3.5M/rescue 15M/root 4.0M/sbin 8.3M/tmp 2.0K/floppy 2.2M/jail 53G/ It can tell you where your using the most space. I'm guessing your / usr directory is the culprit. Try going to /usr/ports and typing make distclean. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
[OT] DomainKeys question...
Hello list! I've been trying to get DomainKeys working for my domain, with marginal success. With the many test addresses out there, my installation is listed as successful on only one of the three addresses I've tested. I know this is vague, but I'm not sure what information to include. Thanks for any input. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD router two DSL connections
On Dec 12, 2005, at 2:05 AM, Yance Kowara wrote: Ted, Thanks for the advice. A friend of mine has just acquired an Internet Cafe. The previous owner connected the lan to 2 different ADSL (two different ISPs) one is a back up he said. So, two ADSL routers with half the Lan connected to one router and another half to the other router. I am just thingking of a way to optimise the connection and came accross Steven's article. I thought I could do something similar with *BSD + pf. There is such thing as Dual Wan ADSL router: http://www.infosmart.com.tw/p-ndr3024.htm However, they are quite pricey compare to setting up a *BSD box (using old readily available hardware). So, if this load balancing idea does not work, any other thing I can do to optimise two DSLs? I also came accross this (linux way): http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple- links.html Is this worth trying? Kind regards, Yance, The reason, without a pretty heavily involved configuration, this won't work is packet routing. Unless you're using BGP, Border Gateway Protocol, you're not going to reliably route return packets to any interface other than the interface it was transmitted from. I'm guessing that the dual-wan device you speak of handles some things differently. Something like a large file download is going to fail to utilize the full bandwidth, however, because of the nature of the traffic. If you really need to boost network bandwidth, you're going to be forced into either working directly with an ISP to link multiple DSL channels, or, more likely, obtain business-class service over a T1/T3 setup. HTH - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Reaching kern.maxfiles
On Dec 12, 2005, at 8:19 AM, Robert Fitzpatrick wrote: Been running this FreeBSD 5.2.1 server since 5.2 was released, never had an issue couldn't resolve, especially with the help of this and other lists. Now I'm stumped. I posted this issue last week, someone suggested I look at: Robert, Why are you _still_ running 5.2x? Really, you should be running 5.4. Try an upgrade and let us know if that fixes your problem. There are MANY issues with 5.2.1, and it's never been a truly stable release. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: calendar scheduler
On Dec 8, 2005, at 9:51 AM, Mark Busby wrote: I've been searching for a web-based calendar, scheduler and message board for a small network of 15 employees. I saw one about a year ago that used bsd-apache-php and any browser could access it, but I've been unable to find it now. Any suggestions to fill the need? Take a look at eGroupware. Don't remember if it's in the ports tree or not... - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sendmail local-host-names
On Dec 6, 2005, at 10:35 AM, Charles Howse wrote: Hi, I want to collect mail for FreeBSD user charles on my Mac. The hostname of my FreeBSD box is: moe.local User charles has an account, has been added to the qpopper authentication database, and sendmail_enable=NO is in /etc/rc.conf. In /etc/mail/local-host-names, I have: moe.local larry.local local It's working, but I think I have too many entries in local-host-names. What entries are necessary? Are you sure you don't also need curly.local in there? Haha! You shouldn't really need any of those in there, unless mail is addressed to them. For example, if you only receive mail on that box for [EMAIL PROTECTED], and the machine's name is moe.local, you don't even need a local-host-names file. The only entries needed are those for which you accept mail, that are not the actual hostname for the box. Make sense? - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Project Management Software
On Nov 22, 2005, at 3:05 PM, Greg Barniskis wrote: Gerard Seibert wrote: On Tuesday, November 22, 2005 11:49:23 AM, Greg Barniskis [EMAIL PROTECTED] Not nearly as featureful (read: bloated, cough, cough) as MS Project, but if all you want is simple Gantt charts and work breakdowns then try out Imendio Planner for gnome, which can be found under ports/deskutils. * REPLY SEPARATOR * On 10/11/2005 5:29:42 PM, Gerard Replied: The term 'featureful' obviously varies from individual to individual and situation to situation. Agreed, but I could be bounded in a nutshell and count myself king of infinite space. I like small, tightly focused apps. =) I have used MS Project in the past, and found it to be a rather useful tool. The learning curve was not as extensive as I had first feared. I certainly did not find it to be over burdened by an excessive number of unused features. In fact, I rather appreciated the fact that they were available if I should ever require them. To each, their own. My sense was the opposite though. The installer is over 130 MB and there are many features I'd never go near, mainly MS Project Server (and if I recall, Exchange) integration stuff. In other words, a bunch of proprietary stuff without much use to anyone outside of a largish Wincentric environment. In any case, check out: http://www.openworkbench.org. Someone else in the thread mentioned that one. I was disappointed to see that it is not truly OSS (some components remain proprietary, and actually playing with the code requires Visual Studio, according to their FAQ). Also, it is for Windows only, and while I have to use Windows every day I quite frequently wish that I did not, so I'm not about to add yet another Windows-only tool to the bag. Anyone know any real OSS (preferably cross platform) app that does what gnome planner does, only better? I'm coming into this late, but did you ever consider eGroupware? I think it's www.egroupware.org. We use it here fairly successfully. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: PHP stopped working :(
On Nov 20, 2005, at 2:09 PM, Matt Singerman wrote: Hi all, I have a FreeBSD 6.0 system which had PHP4 running perfectly fine on it. However, I wanted to install Horde (www.horde) with IMP, which requires IMAP support, so I decided to try and recompile PHP using /usr/ports/lang/php4-extensions, first running make deinstall in php4-extensions and php4. At first, this did not work. I checked, and sure enough, the old data for the compilation was in /var/db/ports, so I deleted it out. Anyway, I ran make and make install in /usr/ports/lang/php4-extensions without any problems, then I ran make and make install in /usr/ports/lang/php4. This is where I first noticed things looked a bit weird. It didn't seem like php4 was completely recompiling it; that is, it didn't seem to take long enough. But it claimed to have worked correctly, so I restarted Apache. Lo and behold, my problems started. First off, and this is weird, my test file - a simple file containing only a callto phpInfo() - will work in IE, but not in Firefox. Check it out: http://list.mchgroup.org/test.php Second, SquirrelMail won't load at all: http://list.mchgroup.org/squirrelmail/src/login.php I have tried deinstalling and reinstalling PHP countless times now, with no results. I checked my httpd.conf file, and all seems okay. Any ideas what this could be? I'm very trustrated at this point, and am considering blowing away Apache and starting it from scratch :( Thanks, Matt Try going to the respective ports directories and type make clean. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: UPS advice, please ...
On Nov 20, 2005, at 5:55 PM, Murray Taylor wrote: Second the motion -- nut works well with the APC ups's -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cezar Fistik Sent: Monday, November 21, 2005 10:05 AM To: freebsd-questions@freebsd.org Subject: Re: UPS advice, please ... Hello Kiffin, Friday, November 18, 2005, 10:20:08 PM, you wrote: I have a couple web servers running FreeBSD 5.x and need to protect them against power outages. These are two simple machines running at home so nothing fancy. Just some way to do a power down neatly so the shutdown has time to clean up. What do I need and where can I look for more detailed information. check this out, I use it and it works with many different UPS. # cd /usr/ports/sysutils/nut # cat pkg-descr This is a developing project to monitor a large assortment of UPS hardware. Network communications are used so that multiple systems can monitor a single physical UPS and shut down together if necessary without any special sharing hardware on the UPS itself. CGI scripts are provided to monitor UPS status via a WEB browser. WWW: http://www.networkupstools.org/ I personally use APC UPS with apcupsd (in ports) which works very well with the USB cable supplied. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: if_bridge interface confuses Windows Small Business Server 2000
On Nov 15, 2005, at 10:52 PM, Erik Osterholm wrote: On Tue, Nov 15, 2005 at 08:43:18AM -0500, Steve Bertrand wrote: FreeBSD 6 came at the perfect time for me. I've just switched my primary desktop from Win2k to FreeBSD, and I put the Windows boot disk in an old machine that was heading for the skip. I wanted to access the W2k machine (fred) over VNC without flooding our switch, so I thought let's take advantage of the new features in REL 6... I added a second ethernet card to my FreeBSD box (alfie) and configured a bridge in /etc/rc.conf: Don't worry about flooding the switch with VNC. I use it very well over a 33.6 modem from my mac to a win2k3 server. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: switching terminals
Try watch. On Nov 17, 2005, at 3:36 AM, Atis wrote: Is the following possible? I log into a computer, and by executing ps see that there's some program xx reading and writing to/from a terminal called /dev/ttyp3. The controlling terminal for my current processes, however, is /dev/ttyp2. Now, can I make the program xx change its terminal so that it starts writing to /dev/ttyp2 and its output magically appears in front of me? Atis ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pausing boot process
On Nov 17, 2005, at 10:27 AM, James Bailie wrote: J. W. Ballantine wrote: Is there someway to pause the scrolling/process so the error is read-able?? No. After the system boots, log in as, or su to, root, and invoke dmesg to view kernel messages. You're incorrect. You can pause this screen, and even scroll up/ down, by pressing the Scroll Lock key. When you're done, press Scroll Lock again to continue. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cvsup the wrong version???
Hello list, Two days ago, I cvsupped the RELENG_5_4 tag, and rebuilt the system using make buildworld, make buildkernel KERNCONF=mykernel, make installworld, make installkernel KERNCONF=mykernel. Before I started, I was at 5.4-RELEASE #2. Now that I've done this, I'm at 5.3-RELEASE #3. How can this be? I verified my cvs-supfile, and everything is pointing to 5.4. Please help. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cvsup the wrong version???
On Nov 12, 2005, at 7:42 AM, Doug Poland wrote: On Sat, Nov 12, 2005 at 07:36:31AM -0600, Eric F Crist wrote: Hello list, Two days ago, I cvsupped the RELENG_5_4 tag, and rebuilt the system using make buildworld, make buildkernel KERNCONF=mykernel, make installworld, make installkernel KERNCONF=mykernel. Before I started, I was at 5.4-RELEASE #2. Now that I've done this, I'm at 5.3-RELEASE #3. How can this be? I verified my cvs-supfile, and everything is pointing to 5.4. I recently (yesterday) had a problem with cvsup8.us.freebsd.org. I was trying for RELENG_6 and it kept feeding me 6.0-RC1. I suggest trying another cvsup server. -- Regards, Doug I've tried 3 of them so far... - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cvsup the wrong version???
On Nov 12, 2005, at 2:17 PM, Kris Kennaway wrote: On Sat, Nov 12, 2005 at 07:36:31AM -0600, Eric F Crist wrote: Hello list, Two days ago, I cvsupped the RELENG_5_4 tag, and rebuilt the system using make buildworld, make buildkernel KERNCONF=mykernel, make installworld, make installkernel KERNCONF=mykernel. Before I started, I was at 5.4-RELEASE #2. Now that I've done this, I'm at 5.3-RELEASE #3. How can this be? I verified my cvs-supfile, and everything is pointing to 5.4. Show us your cvsupfile. Kris %more /root/cvs-supfile *default host=cvsup3.FreeBSD.org *default base=/usr *default prefix=/var/db *default tag=RELENG_5_4 *default release=cvs *default delete use-rel-suffix *default compress src-all doc-all Same cvsup file I've always used... - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
password expiration question
How can I force POP3/IMAP servers to honor password expiration? Thanks. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to setup DNS server and making sub-domains in DSL server
On Nov 6, 2005, at 4:45 PM, Paul Waring wrote: On Sun, Nov 06, 2005 at 04:41:06PM -0600, Chris wrote: It may not be necessary - but to do it right... I for one like to have mu IP's resolve both forward and reverse. It's just professional looking as a whole. I like to have my IPs resolve both ways too, but try finding an ISP who will either give you that sort of control through delegation or is willing to setup the required reverse DNS records on their side. If you're lucky you'll get customer114324.myisp.net to play with. I don't know of any residential ISPs, at least not in the UK, who will do that sort of thing. Having said that, there's nothing particularly wrong about not having reverse DNS records for IPs, or having ones that don't match. It only really matters if you're sending out email to people with overly aggressive spam filters that check for that sort of thing. Paul Actually, my ISP, ipHouse.net is one who's willing to configure reverse DNS for you. Qwest Communications is another one who'll setup DNS for you, and they're HUGE. If you choose to go with ipHouse, tell them I sent you -- then I get free DSL for a month! - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NFS Installation Issues
On Nov 6, 2005, at 5:58 PM, Matthew Smith wrote: I've just had a look through /var/log/messages and have spotted some lines that may be relevant: {timestamp} kernel: re0: couldn't map ports/memory {timestamp} kernel: rl0: couldn't map ports/memory {timestamp} kernel: pci0: network, ethernet at device 8.0 (no driver attached) Well, the second line there, referencing rl0 is indeed the Realtek driver for the network card. The error, on the other hand, is something I'm not familiar with. Reading through the archives, I see the following link: http://lists.freebsd.org/pipermail/freebsd-questions/2004-December/ 067477.html In this post, this excerpt seems to apply: [QUOTE] I upgraded my laptop (Fujitsu-Siemens Lifebook C4355) to 5.3 this week, and had the same problem. My card started working when i disabled ACPI. I don't have a sufficiently pointy hat to tell you _why_ this happened... It shouldn't be like that, separate parts of the system, mumble grumble, but in the spirit of empirical observation: It Worked For Me. [/QUOTE] HTH - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: More help with find
On Nov 6, 2005, at 6:58 PM, Jeffrey Ellis wrote: Hi, Rolland-- Ok. Stupid of me. Find -x /volumes/foo/* Seems to work fine. So I guess now I'm just left with the display and sorting questions. All My Best, Jeffrey Jeffrey, man find is your friend. Even though you're using Darwin, the man pages are still there. Simply go to a terminal and type: # man find If there's a particular page you're looking for, such as page 5, type: # man 5 find In this particular instance, there is no section 5 for find. For further help on using the man(ual), type: # man man HTH - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: filesystem full error
On Nov 6, 2005, at 6:59 PM, Dave Webster wrote: Hi, I'm trying to: pkg_add -r openoffice and I get the following: /var: write failed, filesystem is full mkdir: /var/db/pkg/ORBit-0.5.17_2: No space left on device pkg_add: can't record package infor '/var/db/pkg/ORBit-0.5.17_2', you're on your own! That last part is particularily chilling - if I'm on my own, I'm hooped! Here's the result of df -h: Filesystem SizeUsed Avail Capacity Mounted on /dev/ad0s1a248M 93M135M41%/ devfs 1.0K1.0K 0B 100%/dev /dev/ad0s1e248M294K228M 0%/tmp /dev/ad0s1f 72G 25G 42G37%/usr /dev/ad0s1d248M 62M166M27%/var linprocfs 4.0K4.0K 0B 100%/usr/compat/linux/proc Any suggestions on what I should do? thanx in advance, Dave Try this: # du -hd2 /var Post that here, or reply directly to me. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NFS Installation Issues
On Nov 6, 2005, at 7:17 PM, Matthew Smith wrote: Just a minor point - is 6 actually a stable version? I was wondering whether I've gone and picked up a development version when I should have been using 5.something. It's officially a RELEASE, but I won't trust it until 6.3 or later on a production machine. Unless you're using some really special/new hardware, I would recommend attempting to install 5.4. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to upgrade?
On Nov 5, 2005, at 6:11 AM, Yaakov Nemoy wrote: Hi, I'm sure this question has been asked before, but I couldn't find any good help in the documentation, and its only my 5th day using freebsd so i'm not really sure where to look. i installed 5.4-RELEASE from a CD and I want to upgrade to 6.0-RELEASE using binary packages. my computer is far too slow and doesn't really have enough hard drive space to compile the entire BSD system, nor do I have a CD burner to make myself a new CD. how do I upgrade my system from binary packages without breaking it in the middle? once again, i apologize if this has been asked too many times. even a vague reference to some 3 year old mailing list post will probably help me though. You *could* browse the list archives, but that *is* a lot of work. I suppose I'll just briefly answer this. boot from cd. change options so that your version read 6.0-RELEASE choose upgrade from menu choose FTP as your installation source run install HTH - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to upgrade?
Sure, why not? Make sure you have no other users, though. On Nov 5, 2005, at 8:24 AM, Yaakov Nemoy wrote: On 11/5/05, Eric F Crist [EMAIL PROTECTED] wrote: On Nov 5, 2005, at 6:11 AM, Yaakov Nemoy wrote: Hi, I'm sure this question has been asked before, but I couldn't find any good help in the documentation, and its only my 5th day using freebsd so i'm not really sure where to look. i installed 5.4-RELEASE from a CD and I want to upgrade to 6.0- RELEASE using binary packages. my computer is far too slow and doesn't really have enough hard drive space to compile the entire BSD system, nor do I have a CD burner to make myself a new CD. how do I upgrade my system from binary packages without breaking it in the middle? once again, i apologize if this has been asked too many times. even a vague reference to some 3 year old mailing list post will probably help me though. You *could* browse the list archives, but that *is* a lot of work. I suppose I'll just briefly answer this. boot from cd. change options so that your version read 6.0-RELEASE choose upgrade from menu choose FTP as your installation source run install I just finished trying that out. The 5.4-RELEASE CD doesn't want to actually connect to any of the servers. It has no problem getting DHCP and and IP address, which I find very strange. I am using an Acer Extensa laptop from 1998, with a 3com NIC on PCMCIA. I think its the vortex chipset but i'm not sure. That could have something to do with it. In any case, is it safe to do this procedure from sysinstall running on the live system itself? is this even possible? -Yaakov ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to clear an improperly unreferenced file in multi-user mode?
On Nov 3, 2005, at 7:00 AM, Olaf Greve wrote: Hi, When doing some maintenance on my fall-back server I ran into something weird. When running df it turned out /var was for 90% full. I then manually deleted some files (as root over SSH), amongst which the 'maillog' logfiles in /var/log, I also killed sendmail (as it was generating the big log files, and at present I don't need to run it on that machine), and just to be sure I created a new 'maillog file of 0 length. So far so good, but after removing the maillog files and performing another df call, the available size had not quite dropped as much as expected and as should. DU reports the proper amount of disk usage, so I performed an fsck. ... Now, of course one way to get rid of that big sucker is to boot the machine in single user mode and run fsck again, however, the box is nowhere near me and I cannot go down to the city where the machine is anytime soon (besides: this is far from an urgent issue). So, I was wondering about a thing: rather than doing a remote reboot and hope that fsck will clear it up in the booting process (if it does that at all, that is), I was wondering if there's a way to fix this when running in multi user mode. Does anyone know how (if possible) to achieve this, or do I have to reboot the machine in single user mode after all? I think that if you run a du -hd2 / you'll see that there's probably a bunch of crap in /var/ftp. I found this when I mistakenly enabled anonymous FTP. There were a much of random-sized binaries killing my hard drive. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Buildworld fails for 6.0-RC1
Something you could try in this instance is deleting everything under /usr/src: #cd /usr/src rm -rf ./ Then re-sup your source tree. Eric On Nov 1, 2005, at 10:41 PM, Eric Schuele wrote: Eric F Crist wrote: On Nov 1, 2005, at 9:50 PM, Doug Poland wrote: Just cvsup'd from a different server ( cvsup8.freebsd.org ), this time I saw some updates go by. Now my error is occurring here... FWIW... (not that it helps you much). I'm not seeing any errors. cvsup'd from cvsup8 last night and did a build world. Isn't RELENG_6 the current tree? I could be completely off-base here, though. RELENG_6 != HEAD They branched it sometime (July?) back. Doug, Keep trying, but do NOT reboot the machine until you successfully complete a make buildworld make installworld, if you've started part of the process. Note that, at this point, you should not be using the make world method -- it's rather depreciated. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] -- Regards, Eric - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: The best scripts ever (trick or treat)
On Nov 2, 2005, at 3:09 PM, Gary Kline wrote: On Wed, Nov 02, 2005 at 10:47:43PM +0200, Giorgos Keramidas wrote: On 2005-11-02 12:42, Gary Kline [EMAIL PROTECTED] wrote: On Wed, Nov 02, 2005 at 10:14:40PM +0200, Giorgos Keramidas wrote: CATEORY: foo FUNCTION: it_does_this OPTIONS: can_do_this_or_that BEGINSCRIPT !#/bin/sh echo hello world ENDSCRIPT What happens when the script itself contains a line that starts with one of the special markup lines? AFAIK, the only markup lines this would use would be the TAGS/TAGS. A sh script might use the or for redirection, but the conversion script would ignore everything between BEGINSCRIPT ENDSCRIPT which would make parsing straightforeward. Unless the shell script itself contains 'ENDSCRIPT' somewhere ;-) This is what I was referring to as markup. Hmmm! :-) Okay, then what about BEGIN_somelonghexstringthatis256byteslong and END_somelonghexstringthatis256byteslong Dammit!! I was just writing a script that used that exact variable! - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick Routing Question
On Nov 1, 2005, at 11:15 AM, Jason Morgan wrote: ... Ok, it looks like it was an issue with the default settings on the Linksys (and is still somewhat of an issue). I can now connect to systems in each of the two subnets and I also have routing to the outside world from both subnets. My only remaining issue is getting to the web app setup for the Linksys - I can only do it from a local address (meaning a 192.168.1.x address). The Linksys refuses connections from my 10.0.0.x subnet. Is this a NAT issue? Most Linksys routers deny configuration from the WAN interface by default. You MUST configure the linksys router initially to enable administration via the WAN interface. At the very least, please set a reasonable password and enable https! - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: The best scripts ever (trick or treat)
On Nov 1, 2005, at 12:59 PM, Gary Kline wrote: What's the best way of suggesting that we (fbsd.org) support a page of best scripts?? (Another beneficial project that would only require mailing in a function or n functions would be to submit functions that do a given task. A few lines of description and example use, of course.) gary PS: I've cc'd www with this. If anybody is interested, let's discuss it. --At least a collection of best /bin/sh scripts. It's been too long since I contributed... I'd be willing to discuss and perhaps help out in some manner with a project like this. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: user limits
On Nov 1, 2005, at 4:24 PM, kalin mintchev wrote: hi all... i was reading the login.conf man to figure out a way to limit user from a class to only certain directories. apparently that isn't possible there. there is a path, but thats $PATH for the particular user... not really what s/he can see or not... if i can not restrict user cd-ing into certain directories using login.conf how can i do it? thanks -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] You need either MAC (Mandatory Access Control) or jail. I would probably recommend jails for your purpose. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Buildworld fails for 6.0-RC1
On Nov 1, 2005, at 9:50 PM, Doug Poland wrote: Just cvsup'd from a different server ( cvsup8.freebsd.org ), this time I saw some updates go by. Now my error is occurring here... Isn't RELENG_6 the current tree? I could be completely off-base here, though. Doug, Keep trying, but do NOT reboot the machine until you successfully complete a make buildworld make installworld, if you've started part of the process. Note that, at this point, you should not be using the make world method -- it's rather depreciated. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: laptop firewall rules
On Oct 30, 2005, at 6:23 PM, Eric F Crist wrote: On Oct 30, 2005, at 4:41 PM, [EMAIL PROTECTED] wrote: Does anyone have a good example of a firewall ruleset for a wireless interface in a laptop, or a pointer to documentation? I want to use IPFilter on 6.0 rc1. I want to let all connections out and keep state, but block all incoming from the outside. TIA That ruleset is easy: ipfw add check-state ipfw add allow tcp from me to any setup keep-state ipfw add allow tcp from any to any established ipfw add deny from any to me in This should do the trick. I forgot a couple of rules here. I'm assuming you want DNS to function, so here's another rule to add, immediately above the last, deny, line: ipfw add allow udp from me to any ipfw add allow udp from any 53 to me 53 Also, that last line above should read: ipfw add deny all from any to me in - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: firewall messages to syslogd
On Oct 29, 2005, at 10:32 PM, Daniel Molina Wegener wrote: Hello, How can I add firewall log messages to syslogd, I have added the following lines to the syslog.conf: # router +router *.* /var/log/router.log Also, syslogd is running with the flag -a with the ip address of the firewall -- the mask, and service. The computer receive the packets to the 514 port -- I've used tcpdump to log the packets -- but the messages are not logged into the router.log file. Try the following in your /etc/syslog.conf file, assuming you're using ipfw as your firewall: #ipfw logging !ipfw *.*/var/log/router.log Now, perform the following command, assuming your running FreeBSD 5.x+: # touch /var/log/router.log chmod 0600 /var/log/router.log /etc/ rc.d/syslogd restart Let me know what happens - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mounting an iPod
On Oct 30, 2005, at 9:03 AM, edward wrote: I rebuilt the kernel with HFS/HFS+ support and it boots and loads OK. But no luck mounting the iPod on the firewire port. No luck on the USB port either : # mount -t hfs /dev/da0s1 /mnt hfs: /dev/da0s1: Operation not supported by device Same happens with /dev/da0s2 and /dev/da0s3 Any ideas ? Edward Are you sure your ipod is on /dev/daX? - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mounting an iPod
If you attach the device as the root user, you should get a console message indicating that a new device was found on such-and-such port. Also, I believe it will be listed in either /var/log/messages or /var/log/all.log. On Oct 30, 2005, at 10:11 AM, edward wrote: It should be. How do I check ? Edw. Eric F Crist wrote: On Oct 30, 2005, at 9:03 AM, edward wrote: I rebuilt the kernel with HFS/HFS+ support and it boots and loads OK. But no luck mounting the iPod on the firewire port. No luck on the USB port either : # mount -t hfs /dev/da0s1 /mnt hfs: /dev/da0s1: Operation not supported by device Same happens with /dev/da0s2 and /dev/da0s3 Any ideas ? Edward Are you sure your ipod is on /dev/daX? - Eric F Crist Secure Computing Networks http://www.secure-computing.net - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: laptop firewall rules
On Oct 30, 2005, at 4:41 PM, [EMAIL PROTECTED] wrote: Does anyone have a good example of a firewall ruleset for a wireless interface in a laptop, or a pointer to documentation? I want to use IPFilter on 6.0 rc1. I want to let all connections out and keep state, but block all incoming from the outside. TIA That ruleset is easy: ipfw add check-state ipfw add allow tcp from me to any setup keep-state ipfw add allow tcp from any to any established ipfw add deny from any to me in This should do the trick. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portupgrade stale dependencies
On Oct 28, 2005, at 7:31 PM, John DeStefano wrote: cd /usr/ports/www/apache20 make deinstall make clean make reinstall See what happens. Talk about strange: # cd /usr/ports/www/apache20/ # make deinstall === Deinstalling for www/apache20 === apache not installed, skipping # make -V PKGNAME apache-2.0.55 # pkg_info | grep apache apache-2.0.48 Version 2 of the extremely popular Apache http server # apachectl -v Server version: Apache/2.0.48 Server built: Nov 19 2003 22:44:21 OK. the try #make install what happens? - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portupgrade stale dependencies
I ended up deinstalling that apache installation (which I was not keen on doing), and installing the apache20 port (which was the same version (2.0.55) as the apache2 port ?), and, thankfully, it's working fine. I'm also now able to run both 'pkgdb -F'and 'portsdb -Uu' without ANY errors (except for a few 'Duplicate INDEX entry' warnings). Needless to say, this process wasn't much fun. What can I do to keep this from happening again? What can/can't I safely include in cron to automate database and index maintenance? Thanks to all. What I do for critical system ports is a manual upgrade. I have never trusted any of the port management tools. I suggest you pay attention to bugtracker and some other sites. When you see a compelling reason to upgrade, do it manually. The process I use is what I described in an earlier post: #cd /usr/ports/port-to-upgrade make deinstall #make install #restart whatever port I just upgraded HTH - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: installation failure
FreeBSD 5.0 is relatively outdated. Try 6.0RC1. On Oct 29, 2005, at 2:28 PM, some one wrote: Any one help!! Installing on i386 platform, AMD Athlon 2100, 512MB memory, NVIDIA GeForce FX 5500 graphic card I get an error while trying to install FREEBSD 5.0 which is: ata0: reseting devices.. Please help me! I could be reached at [EMAIL PROTECTED] THANXS - Yahoo! FareChase - Search multiple travel sites in one click. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portupgrade stale dependencies
status report finished == == percentDone-=0 = 100 - ( 100 * ( QTY_outOfDatePortsDb-=1 / TOTAL_outOfDatePortsDb-=1 ) ) upgrade 0.3.0_0 info: ignoring apache-2.0.48, reason: failed during (2) make -- -- update of ports collection complete with either some errors, ignored ports or both Unfortunately, this is the most crucial of all, and ironically the one about which I've been asking since the beginning. As I mentioned earlier, upgrading this port bails consistently with a C callout to PEM_F_DEF_CALLBACK. I'd really like to get this port updated, not only to finally complete this insane goose chase of updating, but because I know that apache-2.0.48 is chock full of vulerabilities. cd /usr/ports/www/apache20 make deinstall make clean make reinstall See what happens. - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Hot-Swap HDD hardware recommendations?
Hello list, I need a cost-effective solution for hot-swap hard drives. I'm currently using a removable drive cage available at any CompUSA, but it's standard IDE/ATA, which is, AFAIK, not hot-swappable. What kind of RAID hardware/software would I need so that I can hot swap hard drives? TIA ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portupgrade stale dependencies
On Oct 27, 2005, at 8:32 PM, John DeStefano wrote: On 10/27/05, Andrew P. [EMAIL PROTECTED] wrote: On 10/27/05, John DeStefano [EMAIL PROTECTED] wrote: After clearing out the ports, updating ports (with portsnap) and source, and rebuilding the system and kernel... it seemed the ultimate problem was actually a dependency of the package to apache1.3. After I ran 'pkgdb -F' and fixed this dependency to point to apache2.1, but I still had trouble installing ports. At this point, what usually works for me is to: #cd /usr rm -rf ./ports #mkdir ./ports cvsup /root/ports-supfile The above will delete your ENTIRE ports tree, provided it's kept in / usr/ports and as long as you use cvsup (and your ports supfile is / root/ports-supfile as mine is). When a whole bunch of ports stop working, I find this is the easiest thing to do. The other thing I do is run a cron job every week that updates, via cvsup, the ports tree. About once a year I perform the above, mostly to clean out the crap. Re-downloading your entire ports tree will be quicker if you don't use the ports-all tag and actually define which port segments you are interested in. For example, there's no real reason to download all the x11/kde/gnome crap if you're doing this on a headless server that isn't going to serve X. HTH ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Qwest DLS MSN Premium Linksys Router FreeBSD.. Oh my
On Oct 24, 2005, at 10:47 PM, Kris Anderson wrote: Hey folks, I'm getting off cable (Comcast and 6 megabits) and either looking at Qwest DSL w/MSN premium or a service called Clear Wire (Wireless internet). I'm a bit baffled because Qwest says they have a deal that I could get DSL for $19.99 a month for a year. Of course the fine prints MSN is the ISP so forth and so on. [snip] How I had it previously was Comcast's modem to wireless router (Linksys WRT-54G), a little Linksys switch, FreeBSD and misc. Windows computers happily sharing the connection. Just to confirm, my guess is that this would not be the service to go with since I would love to have my spiffy Linksys Router (WRT-54G) hook to the DSL. And to the WR54G the usual network systems of FreeBSD, and misc Windows computers. If the above isn't going to work then I'm stuck with a different bundle (a few bucks more) that would allow me to do the same thing. I hope. I'm not familiar with the way in which DSL does its connectivity thing. Okay, I saw in a previous question that PPoE is needed with DSL. And I noticed that I could set my WRT54G to utilize PPoE, so maybe MSN ISP Qwest service will work? So am I right in still thinking that with MSN as the ISP my setup it isn't going to be FreeBSD friendly and that my spiffy little Comcast setup isn't going to work with MSN as the ISP? Most appreciated. Gah, that means I'm probably not going to be needing my little WRT-54G router then. :~( Hope I wasn't to confusiong there. Your FreeBSD system will work fine. You login credentials get entered into the DSL router/modem. If you want to do some webhosting, etc out of your home, spend the extra money and utilize a *real* ISP. Even Qwest.net supports static IP addresses (up to a /26). HTH ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: updating in single-user mode
On Oct 24, 2005, at 11:45 PM, Dimitar Vasilev wrote: I don't reccommend doing installworld or kernel in multiuser, but I have never had any problems doing it on a lightly loaded machine. With that said what could bite you is your new kernel not booting or something broken in userland. You will then need console access (serial or local) to fix it. I would set up your machine with serial console access and use a laptop or another machine when you reboot. Beech -- I have done it when there is NO activity on the machine. Read UPDATING first. Reset your securelevel to -1, stop all services except SSH and go. It's possible to break your machine though. Then you have to rebuild it again and it's 50/50 to succeed. As advised twice, use serial cables/KVM switches if possible. -- Димитър Василев Dimitar Vassilev GnuPG key ID: 0x4B8DB525 Keyserver: pgp.mit.edu Key fingerprint: D88A 3B92 DED5 917E 341E D62F 8C51 5FC4 4B8D B525 If this isn't a production machine, try it. I have been doing system updates since 3.4 and not once have I booted into single user mode to compile my kernel or userland. I've even done it as recently as two weeks ago. I don't have a huge userbase, so my system is pretty quiet. ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: i get stuck installing kernel
Ok, this feels a bit silly to ask, but what would be a convenient folder? Should I move it later? Does it matter where i have it when i run it later? I keep my sup-files in /root, which is the root user's home directory. ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: probably a simple routing or firewall question
On Oct 25, 2005, at 9:59 AM, Dave wrote: Hello, Hello, I've got a 5.4 box acting as a gateway/router and i have to set up another for another network. This one will rely on a different ip range, so i thought i'd hand it out while i'm doing the install via my dhcp server, this part works but the box can't get to the net to retrieve ports and so forth. I'm suspecting either a routing or firewall issue. I'm using pf and am natting all traffic from this new box to my external interface and passing all traffic, that should be working. My network range is 10.8.0.0 and the range for this new box is 10.10.0.0 i believe my problem is here, i'm not sure where to fix it at, my gateway, this new box or both? I'd rather not make to many modifications to this new machine save what it needs to get going, ideally i'd like to hand it over, and have it be dropped in and go. It needs to be that simple, the person whose getting it has an impulsive habbit especially if something doesn't work right out of the box. Any help appreciated. Thanks. Dave. what is your netmask for the two boxes? Your default router needs to be on the same network as the machines that need to access it. ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: probably a simple routing or firewall question
On Oct 25, 2005, at 2:00 PM, Dave wrote: Hi, The netmask for my working setup is 255.255.0.0 same for the nonworking setup. I am starting to wondering since the boxes are in two different subnets if they need a route to each other? Thanks. Dave. Yes, they do. ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: i get stuck installing kernel
On Oct 24, 2005, at 5:18 PM, Linnea Forslund wrote: There is a message asking running multiuser, assume network has already been configured? I say yes, since I don't know what it's about. Then it waits for a looong time saying it's logging in, but it doesn't connect. What have I done wrong? What can I do? I have two more days to fix everything... please help! Is this machine connected to a working internet connection? The dialog you are talking about has noticed that your computer is not running in single-user mode, but rather in multi-user mode. Typically, systems running multi-user are configured for network and/ or internet access. Make sure the machine is connected to the internet. ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: i get stuck installing kernel
On Oct 24, 2005, at 5:32 PM, Linnea Forslund wrote: -- Forwarded message -- From: Linnea Forslund [EMAIL PROTECTED] Date: Oct 25, 2005 12:31 AM Subject: Re: i get stuck installing kernel To: Eric F Crist [EMAIL PROTECTED] On 10/25/05, Eric F Crist [EMAIL PROTECTED] wrote: On Oct 24, 2005, at 5:18 PM, Linnea Forslund wrote: There is a message asking running multiuser, assume network has already been configured? I say yes, since I don't know what it's about. Then it waits for a looong time saying it's logging in, but it doesn't connect. What have I done wrong? What can I do? I have two more days to fix everything... please help! Is this machine connected to a working internet connection? The dialog you are talking about has noticed that your computer is not running in single-user mode, but rather in multi-user mode. Typically, systems running multi-user are configured for network and/ or internet access. Make sure the machine is connected to the internet. It _is_ connected to the internet. It is the machine I'm using right now. /Linnea You could try going to /usr/src/ssys, or which ever directory houses the function you need and typing 'make install' HTH ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: i get stuck installing kernel
On Oct 24, 2005, at 5:59 PM, Linnea Forslund wrote: But there is nothing in there cd /usr/src/ssys /usr/src/ssys: No such file or directory. Install cvsup. Create a cvsup file to fetch the entire source tree. cvsup your source tree. see what happens. ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFW equivalent of iptables --state ESTABLISHED, RELATED
On Oct 22, 2005, at 11:53 PM, John Do wrote: Hi guys I'm having trouble with IPFW I need to allow user initiated traffic IN but I can't Basically in iptables for Linux I would have used something like -A INPUT -p tcp -m tcp --state ESTABLISHED,RELATED -j ACCEPT Can someone help me discover what the equivalent syntax in IPFW would be? I have tried to use allow tcp from any to any established in but it doesn't work much appreciated thanks guys ! I'm not quite sure what you're trying to accomplish. If you just want traffic enabled so that when users are browsing the web they get the replies from their requests, that rule is written as: ipfw add ### allow ip from any to any established The rule won't allow new traffic in or out without other rules enabling it. An example ruleset could look like this: ipfw add 100 allow ip from me to any ipfw add 200 allow ip from 192.168.1.0/24 to any out via dc0 ipfw add 300 allow ip from any to any established ipfw add 400 deny ip from 192.168.1.0/24 to me in via dc0 ipfw add 500 allow ip from any to any via sk0 In this example, I'm assuming your FreeBSD machine is the network gateway. NIC dc0 is the outside NIC and sk0 is the internal one. HTH ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RFC: my firewall ruleset(s)
Hey all. I'm relatively new to shell scripting and I'm looking for some comments on my firewall script. Comments on either the ipfw rules themselves or on my scripting lack of ability would be appreciated. Thanks. nerp.firewall Description: Binary data ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RFC: my firewall ruleset(s)
On Oct 23, 2005, at 10:44 AM, Eric F Crist wrote: Hey all. I'm relatively new to shell scripting and I'm looking for some comments on my firewall script. Comments on either the ipfw rules themselves or on my scripting lack of ability would be appreciated. Thanks. nerp.firewall ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson Sorry to post a shell program as an attachment. I wasn't thinking. Please don't run the shell program - it'll set an open firewall on your *nix system if you're root. ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RFC: my firewall ruleset(s)
On Oct 23, 2005, at 11:12 AM, Chuck Swiger wrote: Eric F Crist wrote: Hey all. I'm relatively new to shell scripting and I'm looking for some comments on my firewall script. Comments on either the ipfw rules themselves or on my scripting lack of ability would be appreciated. Ugh. :-) IPFW knows how to increment rule numbers all by itself; you can get rid of the rulenum1=`expr $rulenum1 + 50` stuff. I do this so that I have sufficient space between rules for my own sanity. By default, IPFW numbers rules that increment by 1. I have a need on occasion to add or remove a rule on the fly. Perhaps there is a better way? The breakdown of sh functions like setup_loopback, setup_keepstate, setup_ntp is fine if you want to play with shell scripts, but it scatters your IPFW rules into different places. I'd rather see something that closely resembles what ipfw list gives you. The reasoning behind this is so I have a single firewall script for all of my servers. At some point in the very near future, there will be a cron job on each server the pulls the current script from a central source. Depending on the rc.conf entries on that server, the firewall script will be executed accordingly. This allows me to edit one script and have it apply to multiple systems. I'm calling the functions for basic components, rather than writing the whole thing out each time. You could chain several ports together into a list rather than listing them all seperately as individual rules, IPFW will end up doing less work. Is this a 'good' way to do things? The server in this instance has really nothing else to do, save serving up a couple website with low traffic. You have anti-spoofing for the lookback, lo0 interface, but not for your other interfaces. You should add anti-spoofing rules, and also block strict and loose source routing [1]: Point taken. I pulled those rules from the default script that ships with FreeBSD. I did a brief google search on the strict and loose source routing. Can you share more information? # Stop strict and loose source routing add deny log all from any to any ipoptions ssrr add deny log all from any to any ipoptions lsrr You should give some thought to ICMP filtering. Consider something like: add allow icmp from any to any icmptypes 0,3,4,8,11,12 This was simply forgotten. Thanks! You should use the log command more when developing a ruleset, to see what traffic you are blocking or permitting, until you've gotten your rules and network finalized. Is there a way to direct different rules to different facilities or log files? This is the primary reason I have not enabled logging more. -- -Chuck [1]: This is known to hackers as the how to go through a firewall as if it wasn't there IP option if you don't block these. :-) Thanks for the great input! I'll work further to develop my script. Part of my reason for getting so involved with the shell scripting on this ruleset is so that I have an actual project with a purpose in front of me to develop my scripting abilities. ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How do I name my network interface?
On Oct 23, 2005, at 11:30 AM, Andreas Davour wrote: Hi! I have realized that my new motherboard has a built-in network interface, and I'd like to use it as well as the PCI based one I have. But, what do I call it when I plumb it with ifconfig? The PCI card I have is identified during boot as rl0, and the built- in as rlphy0: RealTek internal media interface on miibus0. Using ifconfig rlphy0 plumb does not work. It says: ifconfig: SIOCIFCREATE: Invalid argument and that's it. So, what do I call it? I tried rl1 as well, no cookie. If you type 'ifconfig -a' at the command line, it should list all network interfaces... ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
writing to syslog from a shell script?
How could I write an entry to syslog from a shell script. For example, I want to write an entry stating that a command worked or didn't work, along with an error message. TIA ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: writing to syslog from a shell script?
On Oct 23, 2005, at 11:42 AM, David Kirchner wrote: On 10/23/05, Eric F Crist [EMAIL PROTECTED] wrote: How could I write an entry to syslog from a shell script. For example, I want to write an entry stating that a command worked or didn't work, along with an error message. Check out logger(1) Thanks! That does exactly what I need! ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem with groups
On Oct 21, 2005, at 3:12 PM, RW wrote: From a KDE Root console, I changed a directory's permissions to 770 and added my account to it's group with pw. In another console, under my own account, I tried to cd into the directory and failed, no gui application could access the directory either. pw showed I was a member of the group. I logged in though a virtual terminal, under the same account, and was able to cd to the directory. And once I restarted the KDE session from KDM, the problem went away. Is this normal behaviour? Is there any way around it? I'm running 5.4-RELEASE-p8 if it make a difference. You need to log out and then back in for new group memberships to take effect. This has always been the way it works, and I don't believe this is going to change any time soon. ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS server on firewall
On Oct 21, 2005, at 8:04 AM, kilim wrote: Hi, I'm getting a second machine next week and was wondering if the following settup would be ok: 1st machine pf + NAT and also primary DNS 2nd machine as a secondary DNS Now I know that its not the smartest thing to do, have primary DNS on the firewall, but I'm thinking since the DNS is going to be chrooted, it would be ok, no ? What do you think ? Thank you ! You're better off not installing and running a DNS server on your firewall. I would recommend you simply turn your new machine into your primary DNS server and ask/pay someone to host a secondary server for you. ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: PPP setup through OS X
On Oct 20, 2005, at 8:53 AM, Lowell Gilbert wrote: Live-Wire [EMAIL PROTECTED] writes: I'm going to be connecting my 5.4 box w/ no monitor to my network, but before I move it to the router area I want to make sure I'll be able to change the network configuration without lugging the box back to where I can plug it into a monitor. Is there a guide or reference to plugging in my Mac OS X laptop directly into my box with PPP to configure it for the network? What other issues do I have to be aware of? I'm not sure exactly what you're asking for. You will probably need to look elsewhere for help configuring your Mac. For the FreeBSD side, there are pages in the handbook, as well as the ppp(8) manual. Let us know what you've tried, and what went wrong. You can do this by simply enabling your FBSD server's serial port. I do this on two different machines and things work great. Also note that I used to handle this with my PowerBook G4. You're going to probably need a USB-Serial Port adapter. I would recommend the Keyspan model. I don't remember what terminal software I used to use as I also have a windows laptop now that I use when I must connect to the BSD boxes via serial. HTH ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Suggestions for server hardware sub 800 dollars
On Oct 21, 2005, at 3:21 PM, Ben Siemon wrote: I need to make a server box that will serve web pages ( light ), do light file storage for my home network and allow me ssh access when I am away from the apartment. I have read a great deal about this on the site and looked at the manufactures sites. I see a great deal of potential there but I have more fun building it up myself. I would be glad for any suggestions any of you have. -- cheers Ben Siemon 254 723 6937 cs.baylor.edu/~siemon eBay.com Most PC hardware there should work. ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Suggestions for server hardware sub 800 dollars
On Oct 21, 2005, at 4:18 PM, Matt Crossley wrote: I've found that if it's not really all that heavy a load, machines at Dell that regularly come up are worth it. The latest one that I saw in a Dell flyer (in Canada), was a Celeron 2.9, 512MB, 80 or 60GB, etc, etc for $349 CAD. Can beat it, in many ways! If you want to build it yourself, then maybe you can build yourself a little mini-ATX machine, one that's small and out of the way? Cheers, Matt Speaking of Dell... I know that I have seen some pretty nifty 1u rack servers for as little as $450. You don't to build it, but not a bad deal IMHO. ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Suggestions for server hardware sub 800 dollars
On Oct 21, 2005, at 5:55 PM, Matt Crossley wrote: Eric F Crist wrote: On Oct 21, 2005, at 4:18 PM, Matt Crossley wrote: I've found that if it's not really all that heavy a load, machines at Dell that regularly come up are worth it. The latest one that I saw in a Dell flyer (in Canada), was a Celeron 2.9, 512MB, 80 or 60GB, etc, etc for $349 CAD. Can beat it, in many ways! If you want to build it yourself, then maybe you can build yourself a little mini-ATX machine, one that's small and out of the way? Cheers, Matt Speaking of Dell... I know that I have seen some pretty nifty 1u rack servers for as little as $450. You don't to build it, but not a bad deal IMHO. hmmm, Do you have any links for that? I'd be interested, even if it is US Dollars! Matt Nevermind. Must have been a promotion. I was referring to the Dell PowerEdge 850. I see now that it's priced at $999. My bad. ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help Understanding While Loop
On Oct 15, 2005, at 5:59 PM, Drew Tomlinson wrote: On 10/14/2005 3:24 PM David Kirchner wrote: On 10/14/05, Drew Tomlinson [EMAIL PROTECTED] wrote: OK, I've been working on an sh script and I'm almost there. In the script, I created a 'while read' loop that is doing what I want. Now I want to keep track of how many times the loop executes. Thus I included this line between the 'while read' and 'done' statements: count = $(( count + 1 )) I've tested this by adding an 'echo $count' statement in the loop and it increments by one each time the loop runs. However when I attempt to call $count in an 'echo' statement after the 'done', the variable is null. Thus I assume that $count is only local to the loop and I have to export it to make it available outside the loop? What must I do? Oh yeah, that's another side effect of using the while read method. Because it's | while read it's starting a subshell, so any variables are only going to exist there. You'd need to have some sort of 'echo' within the while read, and then | wc -l at the end of the while loop, or something along those lines. The IFS method someone else mentioned, in regards to 'for' loops, would probably be better all around. So you'd want: OLDIFS=$IFS # Note this is a single quote, return, single quote, no spaces IFS=' ' for i in `find etc` do done IFS=$OLDIFS OK, I've tried this and it does fix the count problem. However it messes up another part of the script and I'm trying understand why. I tried to make this script dynamic in that all I would need to do is edit variables set at the top and then not have to worry about all occurrences in the script. Thus I set the following variables: remote_pictures_dir=/multimedia/Pictures local_pictures_dir=/tv/pictures find_args=-iname '*.jpg' -or -iname '*.gif' Then I called the 'find' command as follows: for original in $(/usr/bin/find $remote_pictures_dir $find_args - print) But when I run my script, I get /usr/bin/find: invalid predicate `- iname '*.jpg' -or -iname '*.gif''. However if I don't try and use $find_args and type the arguments in specifically, the script runs fine. I tried various combinations of quoting and escaping those quotes but can't come up with a combination that works. What is going on? And is there some way to set verbosity so I can see how the shell is expanding the variables? Thanks much, Drew IIRC, you can do that be appending a '-x' after #!/bin/sh. Your first line would look like this: #!/bin/sh -x This will result in the script echoing all of the commands as they're executed. As far as the count problem, try declaring the variable before the while loop. For example: doit = 0 count = 0 while [ $doit -lt 4 ] do count=$[$count+1] doit=$[$doit+1] done echo $count HTH ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Denying Multiple login in samba with ipfw2
On Oct 11, 2005, at 10:06 PM, RdBSD wrote: Dear all, Can i deny multiple login with the same username in samba using ipfw2 ? Thanks, RdBSD IT Staff I do not believe so. IPFW checks for IP packets, not login credentials. This is something you would have to do within Samba itself, if the capability is there. What you could do is traffic shaping with IPFW. Simply limit the amount of bandwidth a person uses based on IP address, then it doesn't really matter how many time they log in. My $.02. ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Fwd: Port broken, or is it me?
Begin forwarded message: From: Eric F Crist [EMAIL PROTECTED] Date: October 11, 2005 1:32:48 PM CDT To: [EMAIL PROTECTED] Subject: Port broken, or is it me? Hello list! I've not posted here before, so Hi! I've been trying to get mod_proxy to work with Apache 2.0.54, and I'm failing miserably. I believe it has to do with my reinstall of Apache 2. I get the following output after I run this command: make WITH_MODULES=proxy auth rewrite include ssl deflate proxy_http reinstall Note the output below that I'm most interested in is the lines indicating that the libraries are not being copied. OUTPUT: /bin/sh /usr/ports/www/apache20/work/httpd-2.0.54/srclib/apr/ libtool --mode=install cp aprutil.exp /usr/local/lib/apache2 cp aprutil.exp /usr/local/lib/apache2/aprutil.exp if [ ! -d /usr/local/lib/apache2 ]; then /usr/ports/www/apache20/ work/httpd-2.0.54/srclib/apr/build/mkdir.sh /usr/local/lib/ apache2; fi; /bin/sh /usr/ports/www/apache20/work/httpd-2.0.54/srclib/apr/ libtool --mode=install cp apu-config.out /usr/local/lib/apache2/apu- config cp apu-config.out /usr/local/lib/apache2/apu-config chmod 755 /usr/local/lib/apache2/apu-config Making install in pcre Making install in os Making install in unix Making install in server Making install in mpm Making install in prefork Making install in modules Making install in aaa /usr/ports/www/apache20/work/httpd-2.0.54/srclib/apr/libtool -- silent --mode=install cp mod_auth.la /usr/local/libexec/apache2/ grep: /usr/local/libexec/apache2/mod_auth.la: No such file or directory grep: /usr/local/libexec/apache2/mod_auth.la: No such file or directory Warning! dlname not found in /usr/local/libexec/apache2/mod_auth.la. Assuming installing a .so rather than a libtool archive. Making install in filters /usr/ports/www/apache20/work/httpd-2.0.54/srclib/apr/libtool -- silent --mode=install cp mod_include.la /usr/local/libexec/apache2/ grep: /usr/local/libexec/apache2/mod_include.la: No such file or directory grep: /usr/local/libexec/apache2/mod_include.la: No such file or directory Warning! dlname not found in /usr/local/libexec/apache2/ mod_include.la. Assuming installing a .so rather than a libtool archive. /usr/ports/www/apache20/work/httpd-2.0.54/srclib/apr/libtool -- silent --mode=install cp mod_deflate.la /usr/local/libexec/apache2/ grep: /usr/local/libexec/apache2/mod_deflate.la: No such file or directory grep: /usr/local/libexec/apache2/mod_deflate.la: No such file or directory Warning! dlname not found in /usr/local/libexec/apache2/ mod_deflate.la. Assuming installing a .so rather than a libtool archive. Making install in proxy /usr/ports/www/apache20/work/httpd-2.0.54/srclib/apr/libtool -- silent --mode=install cp mod_proxy.la /usr/local/libexec/apache2/ grep: /usr/local/libexec/apache2/mod_proxy.la: No such file or directory grep: /usr/local/libexec/apache2/mod_proxy.la: No such file or directory Warning! dlname not found in /usr/local/libexec/apache2/mod_proxy.la. Assuming installing a .so rather than a libtool archive. /usr/ports/www/apache20/work/httpd-2.0.54/srclib/apr/libtool -- silent --mode=install cp mod_proxy_connect.la /usr/local/libexec/ apache2/ grep: /usr/local/libexec/apache2/mod_proxy_connect.la: No such file or directory grep: /usr/local/libexec/apache2/mod_proxy_connect.la: No such file or directory Warning! dlname not found in /usr/local/libexec/apache2/ mod_proxy_connect.la. Assuming installing a .so rather than a libtool archive. /usr/ports/www/apache20/work/httpd-2.0.54/srclib/apr/libtool -- silent --mode=install cp mod_proxy_ftp.la /usr/local/libexec/apache2/ grep: /usr/local/libexec/apache2/mod_proxy_ftp.la: No such file or directory grep: /usr/local/libexec/apache2/mod_proxy_ftp.la: No such file or directory Warning! dlname not found in /usr/local/libexec/apache2/ mod_proxy_ftp.la. Assuming installing a .so rather than a libtool archive. /usr/ports/www/apache20/work/httpd-2.0.54/srclib/apr/libtool -- silent --mode=install cp mod_proxy_http.la /usr/local/libexec/apache2/ grep: /usr/local/libexec/apache2/mod_proxy_http.la: No such file or directory grep: /usr/local/libexec/apache2/mod_proxy_http.la: No such file or directory Warning! dlname not found in /usr/local/libexec/apache2/ mod_proxy_http.la. Assuming installing a .so rather than a libtool archive. Making install in ssl /usr/ports/www/apache20/work/httpd-2.0.54/srclib/apr/libtool -- silent --mode=install cp mod_ssl.la /usr/local/libexec/apache2/ grep: /usr/local/libexec/apache2/mod_ssl.la: No such file or directory grep: /usr/local/libexec/apache2/mod_ssl.la: No such file or directory Warning! dlname not found in /usr/local/libexec/apache2/mod_ssl.la. Assuming installing a .so rather than a libtool archive. Making install in http Making install in mappers /usr/ports/www/apache20/work/httpd-2.0.54/srclib/apr/libtool -- silent --mode=install cp mod_rewrite.la /usr/local/libexec/apache2/ grep: /usr
BIND upgrade from ports....
Hello list, First off, please reply directly to me (with CC to list), as I'm no longer a member of the list. (Too much erroneous traffic.) FreeBSD 5.3 uses BIND 9.3.0 and I'm trying to upgrade to 9.3.1. I know with PERL, you can set an option to use-ports-dist or something like that so that system perl is disabled and perl from ports is used instead. Is there a similar option for BIND, or do I need to symlink the execs from /usr/sbin/... to /usr/local/sbin? Thanks. ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BIND upgrade from ports....
On Apr 15, 2005, at 10:11 AM, Eric F Crist wrote: Hello list, First off, please reply directly to me (with CC to list), as I'm no longer a member of the list. (Too much erroneous traffic.) FreeBSD 5.3 uses BIND 9.3.0 and I'm trying to upgrade to 9.3.1. I know with PERL, you can set an option to use-ports-dist or something like that so that system perl is disabled and perl from ports is used instead. Is there a similar option for BIND, or do I need to symlink the execs from /usr/sbin/... to /usr/local/sbin? Thanks. Sorry for the self-reply, but I answered my own question. Doing a little reading, the following command will do what I require: From within /usr/ports/dns/bind9, I executed the following: # make WITH_PORT_REPLACES_BASE_BIND9=yes install clean All is updated! Thanks. ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Found This In /usr - @LongLink
On Mar 3, 2005, at 8:08 PM, James A. Coulter wrote: I found this in /usr on two FBSD 4.11 boxen: -- 1 root wheel 105 Dec 31 1969 @LongLink One box is my firewall/router/gateway attached to a cable modem and the other is behind the firewall. The 1969 timestamp and lack of file attributes is making the small hair on the back of my neck standup. Is this normal? If so, what the heck is it? Or have I been rooted? Thanks! Jim -- James A. Coulter [EMAIL PROTECTED] http://jacoulter.net James, I'm not trying to be rude, but a 30 second search through Google results for @LongLink turned up the following entry (on the first results page): Quote from http://www-unix.globus.org/mail_archive/discuss/2002/10/msg00352.html: I learned that @LongLink is a GNU tar's way to handle long path names. Apparently GNU tar now has to be used to untar some packages. I'd like to suggest that the configuration script check and make sure it gets the GNU tar, the same way it makes sure it gets Perl 5-005 or higher. Now that I've installed the GNU tar on my system, what files do I need to modify to invoke it, not the vendor tar, in order to continue building for the information services. I'd rather not to start over if I could help it. -- Wendy Lin - IT Research Computing Services [EMAIL PROTECTED] http://www-rcd.cc.purdue.edu/~af5/ ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sshd
On Mar 2, 2005, at 1:53 AM, Stevan Tiefert wrote: Thanks Eugene, but I can not close myself out with a firewall. I need the access to my system over the internet. Am I right that in this case, only a good password is protecting me? With regards Stevan Tiefert Steven, Change the port sshd runs on in /etc/ssh/sshd_config. Once I changed the port, I stopped seeing all those log in attempts. HTH ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sshd
On Mar 2, 2005, at 7:31 AM, Stevan Tiefert wrote: On Wed, 2 Mar 2005, Eric F Crist wrote: On Mar 2, 2005, at 1:53 AM, Stevan Tiefert wrote: Thanks Eugene, but I can not close myself out with a firewall. I need the access to my system over the internet. Am I right that in this case, only a good password is protecting me? With regards Stevan Tiefert Steven, Change the port sshd runs on in /etc/ssh/sshd_config. Once I changed the port, I stopped seeing all those log in attempts. HTH ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson Hello Eric, that meens also to change the port at the ssh-client with ssh -p ??, isn't it? With regards Stevan Tiefert Steven, You are correct. For example, if you were to use 8000 as your new port, you would use a command similar to this to connect: # ssh -p 8000 -l username 10.0.0.1 HTH ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Booting an iso image from HD for pre-burn testing on FreeBSD
On Mar 2, 2005, at 7:19 PM, [EMAIL PROTECTED]@comcast.net wrote: Has anyone ever seen, heard of, done it? I'm working on a FreeSBIE-built image (w/ 5.3-Stable) and would like to pre-burn boot the final iso image. I can mount and traverse the image fine but want to make sure I've crossed all the t's with an actual boot before I start manufacturing shiny coasters...got enough of those from AOL. MTIA --Chris A couple ways you can do this: 1) Use CDRW's. You can always re-burn them. ;) 2) On Mac OS X with Virtual PC, you can use an image to boot from. Just a thought. HTH ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ip addr changes on 5.3 but not on 4.8
On Feb 26, 2005, at 8:06 PM, Marty Landman wrote: At 10:32 AM 2/26/2005, Eric F Crist wrote: On Fri, Feb 25, 2005 at 04:16:40PM -0500, Marty Landman wrote: that the IP address for the 5.3 box gets changed on a fairly regular basis [snip] The 4.8 box's IP addr has been stable. The other thing you could try would be to set a static IP on your workstations... I just can't help but notice that this is only a problem on my 5.3 box and not on the 4.8. AFAIK the config's are identical, although obviously I am still a newbie at this. BTW, why is my nic on 4.8 ep0 but on 5.3 dc0? Is that the way it should be? Marty Marty, The ed0, dc0 situation is because of the driver the NIC uses. If you have two, or three, etc, cards that all use the same driver, then you'll start to see dc0, dc1, dc2, etc (provided they use the dc driver... HTH ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ip addr changes on 5.3 but not on 4.8
On Feb 25, 2005, at 4:27 PM, Jonathan Chen wrote: On Fri, Feb 25, 2005 at 04:16:40PM -0500, Marty Landman wrote: [...] Here's the problem, hope the preceding is a good background to it. Find that the IP address for the 5.3 box gets changed on a fairly regular basis by (I guess) my xp gateway so that I then have to change the gateway hosts file, the 5.3 hosts file and 5.3 rc.conf file. The 4.8 box's IP addr has been stable. Any idea where I start to fix this? Would like the 5.3 box's IP addr to remain stable as well. This has nothing to do with the FreeBSD boxes, but rather a configuration issue with your DHCP server. The DHCP server can be configured so that it will always give the same IP for a particular NIC. Talk to your admin about it. -- The other thing you could try would be to set a static IP on your workstations... HTH ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]