Re: Limiting Individual User Upload w/ PF+ALTQ
On 18:18:09 Mar 27, Joe Ryan wrote: I am trying to setup traffic shaping on our network. I was wondering if it was possible to limit a users download bandwidth and upload bandwidth within the same state connection. For example, say a user connects to an external FTP site and does some uploading and downloading. Can I allow him to download at 1Mb but limit his upload to 500Kb? Easy with pf. As I understand the packet filtering of PF, the first packet creates a state and the rest are then ignored by the filtering software. Then your understanding is wrong. If this is true, the users first packet will be inbound on the internal interface which will be queued for download speed. This makes sense to me when you want to queue the entire connection but how do I then do a separate queue on the traffic coming back? What happens is that maintaining state enhances security and does not reduce it as people often think. Matching states is several orders of magnitude faster, more efficient and secure than matching every packet with the thousand firewall rules. Anyway that is a digression. You want to limit speeds? Only upload speeds? Use the HFSC queue or CBQ queue of pf. You can specify the direction as in or out. So pf gives you enough granularity for restricting either inbound or outbound traffic (downloads and uploads). The only caveat is that you will need to invest some time and effort in figuring out how queuing disciplines work. No big deal if you can read thro' the documentation. Here is a site that can help you. http://www.calomel.org/pf_hfsc.html Thanks. -Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 7.0 and pf
On 07:56:48 Mar 19, Norman Maurer wrote: Hi all, im using freebsd 7.0 + gif interfaces + racoon + pf to filter stuff on my box. After upgrading to freebsd 7.0 I see some strange behavior. I see packets get dropped because of bad hdr length. The problems only seems to happen on traffic between the local nets and nets routed via ipsec. Here is a tcpdump snipped: block in on em5: 192.168.175.4.1107 192.168.116.6.22: tcp 544 [bad hdr length 12 - too short, 20] gif interface: gif5: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST metric 0 mtu 1402 tunnel inet 213.157.17.67 -- 213.23.198.131 inet 192.168.116.1 -- 192.168.175.1 netmask 0xff00 Any help is welcome. A TCP header can never be less than 20 bytes. And 12 is odd since all headers are a multiple of 4 bytes (word boundary). Check your MTU of the PPPoE/PPPoA/Ethernet/WiFi or whatever datalink layer. I bet there is a problem there. Best, Girish -- unix soi qui mal y pense UNIX to him who evil thinks +--+ | GnuPG key : 0xC7BBF207 | http://wwwkeys.nl.pgp.net| | Fingerprint: 2AFF C264 20CE C80C DDFF CC15 AD3E F190 C7BB F207 | +--+ pgp2RRO2pMnxS.pgp Description: PGP signature
Re: FreeBSD 7.0 and pf
On 10:30:38 Mar 19, Norman Maurer wrote: btw, if i remove pf all works fine :-/ Are you using any scrub rule? Comment those out and try. -Girish -- unix soi qui mal y pense UNIX to him who evil thinks +--+ | GnuPG key : 0xC7BBF207 | http://wwwkeys.nl.pgp.net| | Fingerprint: 2AFF C264 20CE C80C DDFF CC15 AD3E F190 C7BB F207 | +--+ pgpTEi05ejzA5.pgp Description: PGP signature
Re: Manually opening TCP ports
On 07:47:19 Mar 07, Siraj Shaikh wrote: Hello I am just wondering if there is a utility (or any feature in FreeBSD) that allows me to manually open a TCP port on a machine. I am looking for a way that could either allow me to open ALL or many TCP ports on a machine. Also, is there any way of running a service on more than a single port, or on all or many ports? This is a very interesting question but unfortunately I dunno the answer. I know that netcat and socat can be used in a loop. I prefer a more elegant way. Wonder if there are tools that do it in a straight forward manner. -Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: rsync
On 13:36:56 Mar 01, Gary Kline wrote: What does the --delete do?! I want to make a complete copy of, say, /usr/home/kline/* from here [tao] to my Ubuntu server, ethos, which has a /home mountpoint--- in otheer words: /home/kline/*. If the --delete /usr/home* /home syntax will let rsync rewrite /usr/home to /home, then fine. I started using rsync with -avzp but then realized that it would not delete the directories/files I deleted at the source *after* the backup. That is why I added the --delete hoping that it would replicate in such a way that both copies look identical. -Girish -- unix soi qui mal y pense UNIX to him who evil thinks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gdm + xdmcp
On 01:10:06 Mar 01, Daniel Iliev wrote: Hi, people I installed FreeBSD using the 7.0-RELEASE-i386-bootonly.iso CD image. After I installed Gnome (pkg_add -r gnome2), I was able to start it on the FreeBSD and show it on my GNU/Linux workstation like this: 1) (Xnest :1 ) ; terminal --display=:1 2) in the Xnested terminal: ssh -Y bsd.example.org gnome-session (Ctrl+D) Next I started gdmsetup on the FreeBSD system and enabled Remote Login (XDMCP). It was followed by a gdm-restart. No error messages, everything seems fine, but I can not connect to the FreeBSD box issuing Xnest -query bsd.example.org :2 from the workstation. The above steps are usually enough to get XDMCP working between GNU/Linux hosts. Actually the reverse scenario works just fine - I was able to get my GNU/Linux Gnome showing on the FreeBSD system via XDMCP. The two hosts are on the same HUB and in the same /24 private network. What am I missing in the FreeBSD setup? I am confused why you need Xnest. If you want the XDMCP of the remote host there are other means. Xnest is meant for running multiple X sessions in the same server. If you want to access a remote machine's gdm, then you don't need Xnest for that. You can test for UDP port 177 along with the TCP ports 6000 and above with the nmap command. # nmap -sT -p 6000-6005 bsd.example.org # For X # nmap -sU -p 177 bsd.example.org # For XDMCP Most likely you have to enable TCP listening in gdm.conf. Just uncomment the relevant line and you should be all set. Best of luck! -Girish P.S. /* off-topic I'm new to the *BSD world and it's my first message to this list. So, I'd like to ask if there are any special rules here that I should know about? Would no html, no thread-hijacking, no top-posting be enough to avoid offending the more sensitive folks on the list when it comes to correct e-mail formatting? */ You seem to know everything already. ;) This list is specifically meant for newbies and is very very friendly. -- unix soi qui mal y pense UNIX to him who evil thinks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: rsync
On 18:18:06 Feb 29, Gary Kline wrote: Is there a flag I can set to use with rsync to backup every file of /usr/home/* [here on my FBSD desktop] to my Ubuntu desktop that has only /home/*?? Of course, I could always create /usr/home on my other computers. ... Your question is not clear to me. I use $ rsync -avzp --delete /usr/home/* /home if that is what you are looking for. -Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gdm + xdmcp
On 04:37:58 Mar 01, Daniel Iliev wrote: Indeed. It is not my intention to use XDMCP like that (although it has some advantages in some cases), but since the remote host wasn't on the local XDMCP list I tried a more direct approach. Okay. Sorry, I forgot to mention that. nmap gives: PORTSTATE SERVICE 177/udp closed xdmcp 6000/tcp open X11 Actually I think the latter is not required, but I'll let everything be open and allowing until I get it working, then I'll disable the unnecessary options afterwards. Then your problem is right here. The XDMCP port is closed. Now, this is where I get confused. In the gdm(1) man page it is stated the configuration file should be gdm.conf. Well, the man page is from 2003 and pkg_info -L doesn't show such a file. Instead there is custom.conf{,.default} and gdmsetup seems to be writing to this one. Its content seems OK (meaning policy=allow all) to me: sed -e '/^$/d;/#/d' /usr/local/etc/gdm/custom.conf [daemon] [security] AllowRemoteRoot=true DisallowTCP=false The above line seems fine to me. [xdmcp] Enable=true [gui] [greeter] Use24Clock=yes [chooser] [debug] [servers] So, I believe there's something about gdm that I'm still missing or it's just not working on FreeBSD. (bug?) Don't think so. Thanks and the same to you! (Although I'd appreciate more help than luck in this case.) :) Open the XDMCP port and you are done. -Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gdm + xdmcp
On 07:56:29 Mar 01, Daniel Iliev wrote: How am I supposed to do that? I believe it's up to gdm to open the port it should be listening on. Just like Xorg did. If you mean I should allow access to this port in the firewall, I must say I've not (explicitly) enabled one on this system because it's connected to a private (in the sense of RFC1918) LAN with no offenders other than me and my family. :) [EMAIL PROTECTED] ~]# /etc/rc.d/ipfw rcvar # ipfw firewall_enable=NO [EMAIL PROTECTED] ~]# /etc/rc.d/ipfilter rcvar # ipfilter ipfilter_enable=NO [EMAIL PROTECTED] ~]# /etc/rc.d/pf rcvar # pf pf_enable=NO [EMAIL PROTECTED] ~]# To rule out a firewall issue try running nmap on the localhost and check. Or you could use the RFC1918 address of bsd.example.org from the same machine. In case that shows the port open then you can go the firewall route. I personally do not run gdm or kdm. So I would not know how to get this working but I *think* you already picked the right file. The one you quoted in your last mail. I think the key lies there. You have to modify it and restart gdm and see if it listens for XDMCP requests locally. Hope this helps. And sorry if it doesn't. ;) Thanks. -Girish -- unix soi qui mal y pense UNIX to him who evil thinks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Making .bash_history non writeable by user?
Hello friends, My friend wants the user commands history file ~/.bash_history to be non writeable by user. He feels that the user should not able to erase the commands entered by him. A reasonable requirement. In case the ~/.bash_history file can also be written to another location that the root alone can access then perhaps we can solve this problem. But AFAIK bash runs as the user process. How can you make the file readable and writeable by root alone? In that case how can the history mechanism function? Do you guys know a way to get around this problem? Thanks. -Girish -- unix soi qui mal y pense UNIX to him who evil thinks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: thankee, thankee!
On 08:29:19 Feb 19, Tim Daneliuk wrote: You bet, Perl is terrific. But, Perl is also harder to maintain and less readable in the long run (IMHO and many others' too). Language wars are silly, of course, one uses the right tools for the right job. But as I said, having programmed fairly widely over the years, I find Python the single most productive language I've ever used. I never ceased to be amazed at how quickly I get to a correct and finished program. I am further amazed when I pick it up a year later and it still is crystal clear and understandable. Couldn't resist saying that I plan to take a stab at lua. It seems to be a wonderfully agile and powerful language - the new kid off the block. :) http://www.lua.org However I do not have any experience with it to say anything further. Hopefully that will change one day soon. -Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Low Level Language Suggestions: OT
On 11:57:01 Dec 31, Victor Subervi wrote: Hi; Way OT here...but don't know where else to ask ;) I don't think so. I'm considering starting an open source project for language translation. Initially, I'll write this in python (with both MySQL and OpenLDAP for different needs). But the processing will be heavy duty, so I need to look toward a low-level language. I am not good in any :( I'm thinking Java's probably my best bet, just because there are more Java programmers out there than any other language (I think). But what about C++ or C#? Your comments would be appreciated. I am yet to find something that C cannot do. I just finished creating the web interface for my firewall product in C. (I don't mean the interface,but the interface backend) The inteface will be in jQuery of course. No two ways about it. (http://jquery.com ) I have coded support for unlimited UNDO/REDO/BACK/FORWARD (time travel), support for concurrent processing, high performance, crash recovery and avoided the flaws of on the fly file reading in CGI/Ajax programming. I used a combo of UNIX domain sockets, daemon(3),poll(2), sophisticated linked lists with queue(3) macros, even object oriented programming all in C. Wondering how to do OO in C? Look at GTK. You can embed function pointers in structures right? And create a linked list? What more do you need for OO? Forget protection , encapsulation and all that marketing bullshit. We have code that works and that is what counts. Performance? Can you ever match C? This is a highly sensitive topic in which passions run high. So I don't plan to create a flame war in this beautiful New Year eve.;) Hope this helps. Wish you the very best in your project and may God bless you with every success! Happy 2008! -Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Photo organizer for FreeBSD?
On 17:56:46 Dec 30, Peter Boosten wrote: You mean: http://www.linuxjournal.com/article/9696 ;-) I got my math wrong and my memory failed. ;) Thanks. -Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Photo organizer for FreeBSD?
On 15:49:56 Dec 29, Laszlo Nagy wrote: Hi, Can you tell me what kind of software should I use for organizing photos? Here are my requirements: - should be able to handle many photos (right now we are using Picasa on Ubuntu but for 100 000+ photos it is very slow and unstable) - should be able to save comments/annotations for the photos (I do not like Picasa because it uses a special database for that. I would like to have txt files saved in the same directory where the photos are, or something similar.) You can trivially do this with the convert command. Refer to my article. http://linuxjournal.com/9566 - should have a full text search feature (search for photos with given keywords) This can be easily done. I would guess there would be a third party tool to do this. - should run on Windows and FreeBSD. (Actually, I would like to burn self-starting DVDs, so a Python or Perl based GUI would be great) I wonder if netpbm or ImageMagick is available in Cygwin or in some other form in Windows. Well, if there is a web server based solution, that is fine with me, I need to burn photos to DVDs and be able to use them. Can you recommend something from the ports tree? Or should I write my own program? You can try this web based solution. I have never tried it, but apparently it would do a lot of heavy-lifting for you. http://gallery.menalto.com/ Best, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Redirecting STDOUT
On 14:49:28 Dec 21, [EMAIL PROTECTED] wrote: I am in the process of debugging a script and I would like to have the output of stdout redirected to a file. After reading about redirection on the Internet, I was under the impression the following would redirect stdout to a file, but I cannot seem to get it to work. tar -cvzf root.tgz /root /dev/null 2/home/jay/tarlog I'm sure it is something simple I am doing wrong, but I am not seeing it. Yes. Very simple indeed. This is highly shell dependent but on ksh, this command works. $ tar zcvf root.tgz /root /home/jay/tarlog 2/dev/null The above command will redirect stderr (fdes 2) to the bit bucket and stdout to /home/jay/tarlog. If you wish to redirect both stderr and stdout to a single file, you can try this command. $ tar zcvf root.tgz /root /home/jay/tarlog 21 -Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: common filesystem for Linux and FreeBSD
On 22:05:08 Dec 17, Chad Perrin wrote: Are you suggesting I put the filesystem on another machine and use NFS to make it available to both OSes on this machine? I'm looking to have a filesystem on *this* machine that is available to both OSes, running one at a time. Chad, I saw your question but couldn't think of a proper answer. I generally shy away from any multiboot situation since I have few machines with me. Even then I too have to multiboot once in a while. Anyway coming back to the point. If FFS2 and EXT3 are ruled out, then what is remaining? ;) XFS? It is a tough choice indeed. Of course you could do a diskless boot off an NFS and use that as file system for communication between the two OSes. But for that you need another machine connected over LAN running NFS of course. Sorry if my answer was irrelevant but this is the best I could do. Thanks. -Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
On 14:48:35 Dec 15, Jorn Argelo wrote: Greylisting only works so-so nowadays. There was a couple of months it was very effective, but that is long gone. Spammers aren't stupid, and they follow the development of anti-spam techniques as much as e-mail admins do. Greylisting is a start, but from my experience it is not nearly enough. I have heard this said elsewhere too. Also I believe that rejecting e-mail is a big point of discussion. We had an internet e-mail environment built about 3 years ago, and there the users were terrorized by spam. We had some users getting 30 spam mails a day at least. This setup was running amavis, spamassassin, postfix, postgrey, dcc and razor. Unfortunately, over time the bayes filter got incorrectly trained, and it sometimes rejected valid e-mails. If there's something you DON'T want to happen it's that. And also troubleshooting those kind of things can be quite hard ... What about CRM114 and dspam? Have you ever tried statistical filtering instead of heuristics with spamassassin? We rebuilt the environment from scratch. Right now we are running OpenBSD spamd + OpenBSD Packetfilter. This functions as greylisting / greptrapping in combination with the PF firewall. We made a couple of scripts to trap invalid / forged e-mail addresses that are greylisted. Also we make use of the uatraps / nixspam traplists, and our own generated blacklist generated from spam being sent to the postmaster. We had some problems with blacklisted entries in the past, but we worked around that. It goes further then that, but I will spare you all the details. pf(4) has some amazing features that come in handy for spam control. I guess it forms a key component of any spam blocking architecture. And it works in concert with the other OpenBSD niceties you point out like populating the tables with blacklists and whitelists, greytrapping and using the pf(4) anchor mechanism to automate stuff. The probability and state tracking options in pf(4) are pretty interesting too if used creatively. On the second line we run Postfix / ClamSMTP / Clamd / Spamassassin. We removed Amavis because it was annoying to upgrade and we wanted to get rid of it, as we had problems with it in the past. With SpamAssassin we use sa-update and sa-learn to keep the rules up-to-date and make sure bayes gets properly trained. So we are marking e-mail as spam and no longer block it. Why? Simple ... we no longer want to block false positives. Again, there is more to this, but I will spare you all the details. But if you don't update virus signatures wouldn't that cause worms and malware propagation? I know I am digressing but I thought signature updation was critical to malware control... Right now we have 2500 happy users. Their local helpdesks helped them with getting an Outlook rule in place to automatically move tagged e-mails to a spam folder. Just like their gmail, hotmail or Yahoo account does at home. Wow, this is great. I am not surprised to hear this. ;) The environment we have is certainly not the easiest one, but we automated many things, leaving us with practically no work on it. All the updating of rulesets / blacklists / whitelists /whatever goes by itself. Downside of an environment like this is that you will need quite some knowledge of all the components and how they work together. But hey, I got it running at home as well (a bit simpler though) and didn't had a single spam mail in my mailbox the last 4 months. Sure, the ones I do get are getting tagged and moved to my spam folder automatically, which I do with maildrop (though procmail does the job nicely too). All in all it works like a charm. Using the X-foobar headers I suppose? Well a long story, but maybe it is of use for someone else. As always, YMMV. Yes, very enlightening, many thanks. -Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: CD/DVD writer no longer works
On 11:34:25 Dec 06, Paul Schmehl wrote: [..] I can see the device using atacontrol. [EMAIL PROTECTED] atacontrol info ata0 Master: acd0 HL-DT-STDVD-ROM GDR8163B/0D20 ATA/ATAPI revision 6 Slave: acd1 TSSTcorpCD-RW TS-H292B/DE03 ATA/ATAPI revision 5 [..] Drive buf size : 1016064 = 992 KB FIFO size : 4194304 = 4096 KB Track 01: data 616 MB Total size: 707 MB (70:07.13) = 315535 sectors Lout start: 708 MB (70:09/10) = 315535 sectors cdrecord: Input/output error. test unit ready: scsi sendcmd: retryable error CDB: 00 00 00 00 00 00 status: 0x2 (CHECK CONDITION) Sense Bytes: 70 00 02 00 00 00 00 0A 00 00 00 00 3A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Sense Key: 0x2 Not Ready, Segment 0 Sense Code: 0x3A Qual 0x00 (medium not present) Fru 0x0 Sense flags: Blk 0 (not valid) cmd finished after 0.000s timeout 40s cdrecord: No disk / Wrong disk! I just upgraded from FreeBSD 6.0 RELEASE to 6.2 RELEASE hoping that might solve the problem. (I cvsupped the sources and ran make buildworld/buildkernel, etc.) Do I have a hardware failure? Or is something else wrong? Check your jumpers. I had a similar problem that I fixed by using the right jumper on the CD/DVD drive. -Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem with mkisofs -dvd-video
On 22:23:50 Dec 04, Jeremy Gransden wrote: I say almost because the dvd will not play in my standalone dvd player, but will play on both my macbook, and freebsd machine. I will look into the dvdauthor, and mencoder docs to see if i can figure out why. If you have a problem with standalone players I would suggest you go the mplex and mpeg2enc way. You can read a very detailed howto in the homepage of mjpegtools. http://mjpegtools.sf.net I am sure it will work. In case that doesn't work then there is transcode. Let me know if you need any more help. Best of luck! -Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem with mkisofs -dvd-video
On 21:42:47 Dec 02, Jeremy Gransden wrote: HI List, What is the correct procedure to create a dvd-video iso. I have tried the following and receive an error: [EMAIL PROTECTED] ~]$ mkisofs -dvd-video -o ~/develip.iso -R ~/develop_spin/ Using PSA07000.VOB;1 for /PSA074781-2.VOB (PSA074781-1.VOB) mkisofs: Unable to make a DVD-Video image. [EMAIL PROTECTED] ~]$ I searched google and did not find much of information. I read several articles about the case of the file names, but my files are uppercase as they suggested. I can create iso's without the -dvd-video switch, but not with. Check the mencoder documentation. Install mplayer, dvdauthor and growisofs (dvd+rw-tools). And set cranking. :) If you already have DVD compliant VOB, my stuff will not apply. If you don't then this is what you have to do. mencoder -oac lavc -ovc lavc -of mpeg -mpegopts format=dvd:tsaf \ -vf scale=720:576,harddup -srate 48000 -af lavcresample=48000 \ -lavcopts vcodec=mpeg2video:vrc_buf_size=1835:vrc_maxrate=9800:vbitrate=5000:\ keyint=15:vstrict=0:acodec=ac3:abitrate=192:aspect=16/9 -ofps 25 \ -o movie.mpg movie.avi Now movie.mpg contains MPEG-2 video befitting the DVD profile. Now just use a simple config file with dvdauthor and write it with growisofs. Something like this perhaps? $ cat foo.xml dvdauthor vmgm / titleset titles pgc vob file=movie.mpg / /pgc /titles /titleset /dvdauthor $ dvdauthor -x foo.xml -o myvideo dvdauthor will create a directory myvideo with dvd structure that can be directly given to growisofs or you could create an ISO with mkisofs with the -dvd-video switch. Hope this helps. -Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Secure remote shell
On 11:28:24 Nov 29, Olivier Nicole wrote: Hi, Part of (un)registerings users on my system consists in connecting to various servers to add the user account to some services: Registering users is done wia a web page, and the web server will remote execute a script on the mail server to add the users in the aliases and run newaliases, remote execute a script to the radius server to add the user in the radius tables and restart radius, etc. Of course all the remote execution should be done as root :( No. Use sudo(8) And tighten it up. Giving remote users root access should never ever be done. Typically each user should run a suid script or something. So far, one specific user from the web server can rsh -l root to the rsh? Are you living in a cave? :) ssh(8) was released several years ago. rsh is horribly insecure and broken whereas ssh(8) has an excellent security track record. -Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: efficient terminal/console screencasting
On 21:26:41 Nov 21, Andrew Pantyukhin wrote: A while ago I needed to screencast a terminal to a class of students in real-time. It turned out to be quite straightforward with screen(1) in multiuser mode. screen(1) is really cool. :) Now I want to record screencasts and allow people to watch them later. I'm looking at recordmydesktop, but the innefficiency strikes me: I'm operating in text-only environment, there's no need to record every frame as a flat bitmap. Whatever codec I choose, the files will be huge and of low quality. How about ttyrec(1) and ttyplay(1) ? What I need is something like script(1) on steroids: - accurately record the complete state of my terminal window at any given moment - store it as a succession of updates, each represented in a text-based format (as opposed to pixel-based) If you want pixel based output then there are quite a few options but none to my taste. As you mention they all are bloated. - record timings correctly - allow for a method to record speech in the background This you have to do manually with sox(1). Not a big deal. A simple shell script can do what you want. - allow for a method to play it all back in sync This is no big deal either. If you want to create a video, then you have to go in for pixel based stuff. You can however do efficient compression and use a good codec like x264 or something. Has anyone heard about any tool which would help me achieve at least some of my requirements? Your idea seems good enough to create an open source tool that does exactly what you want. Best, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: efficient terminal/console screencasting
On 11:44:49 Nov 22, Andrew Pantyukhin wrote: There are basically two ways the subtitles are encoded: bitmap and text. Both will require a full screen dump on every update. Neither allow for colors (there are html hacks though). AFAIK, there's no way to store activity in form of updates in subtitles. Subtitles can be hard coded into the video with mencoder. The command line is straight forward. $ mencoder video.avi -sub subtitles.srt -o videosubtitles.avi -ovc lavc -oac copy Moreover, even in case of bitmaps, subtitles are still utterly unstandardized. Their look is very player-dependent. Not a problem if you hard code them. But the idea is cool, thanks! I might perform a few benchmarks with mplayer when I have time. But your basic problem remains unsolved. mencoder can build a video from frames and you can mux the audio with mplex or some such thing. All this means a bit of effort. regards, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: efficient terminal/console screencasting
On 02:09:11 Nov 23, Andrew Pantyukhin wrote: I'm still hoping to get by with some hacks, but you might be right. It's a pity and almost a surprise there's no widely available text-based video codec. Maybe I just need to try my luck on mplayer-related mailing lists. Best of luck! P.S. Please don't post to questions@ and freebsd-questions@ at the same time. It's the same list and you're just sending double mails. Many thanks for pointing out. Fixed the bug in my homebrew mailing system. mutt had two entries in the subscribe line. regards, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD router and WCCP
On 10:47:37 Nov 19, Steve Bertrand wrote: Essentially, I simply need a method to redirect layer 3/4 traffic destined for anything:80 from the router to the appliance. I've got a few options now, so I'll be testing all of them in the coming days. Including this one? rdr all port 80 to ${appliance} Since you are leaving out the proto and tcp/udp fields this redirection will work as expected. regards, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash and strings
On 03:43:24 Nov 16, [EMAIL PROTECTED] wrote: Everyone, I'm sure this is easy, and I am making it harder than it is. I am being supplied a list of files, and need to create the files and directories to hold them, but I cannot figure out how to take the string apart. For example, I am given /usr/local/scripts/firewall.sh I need to create the /usr/local/scripts directory and then create firewall.sh. Any suggestions would be greatly appreciated. There is always more than one way to skin a cat. :) Perhaps you will like mine. DIR=`dirname $path` FILE=`basename $path` /bin/mkdir -p $DIR cd touch $FILE You can put this in a loop with path as loop variable. Best of luck! regards, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bash and strings
On 21:18:47 Nov 15, Garrett Cooper wrote: A better way would be to quote the string variables, i.e.: DIR=`/usr/bin/dirname $path` FILE=`/usr/bin/basename $path` /bin/mkdir -p $DIR touch $FILE Otherwise dirname and basename will choke on non-escaped characters (i.e. spaces), mkdir/touch will make funky directories / files, respectively. Just watch out for '$' chars in $path... Welcome to the wonderful world of [in]secure shell scripting :). Thanks buddy. :) I missed out something obvious. Ever willing to learn. regards, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: multihome network
On 00:18:42 Nov 16, alexus wrote: Hello, I have two NICs on my box, one (primary) connected to switch and have private IP. that IP also have a static route on Cisco PIX for accessing this box from outside. the other interface has public IP that is connected to another switch, i configure both IPs through /etc/rc.conf, but I can not for some reason access my box through that public IP, no firewall rules would prevent me from doing so. here is my output for netstat -rn alexus# netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default192.168.1.1UGS 0 250 fxp0 127.0.0.1 127.0.0.1 UH 02lo0 192.168.1 link#1 UC 00 fxp0 192.168.1.100:0d:29:09:90:61 UHLW22 fxp0 1171 192.168.1.250 00:16:cb:94:10:e9 UHLW1 12 fxp0 1169 216.112.241.24/29 link#2 UC 00 fxp1 Your default route is 192.168.1.1 and not 216.112.241.24 regards, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: master-backup CARP issue
On 09:50:51 Nov 14, Eugene wrote: Hello freebsd, We have two FreeBSD boxes, each one has 4 CARP interfaces in preempt mode, without arp balancing. Backup without any reason preempts Master and after a while (an hour or two) it becomes Backup again. When Backup becomes Master on Master box net.inet.carp.suppress_preempt: 1, but all interfaces are up and seemed to work properly. Is there any ways to debug this issue? Additional info: #uname -v FreeBSD 6.1-RELEASE-p7 Master: # grep carp /var/log/messages Nov 14 01:50:59 atlas kernel: carp3: MASTER - BACKUP (more frequent advertisement received) Nov 14 01:52:30 atlas kernel: carp3: MASTER - BACKUP (more frequent advertisement received) Nov 14 02:43:55 atlas kernel: carp3: MASTER - BACKUP (more frequent advertisement received) Nov 14 02:59:12 atlas kernel: carp3: MASTER - BACKUP (more frequent advertisement received) Nov 14 03:26:13 atlas kernel: carp3: MASTER - BACKUP (more frequent advertisement received) Nov 14 03:26:32 atlas kernel: carp3: MASTER - BACKUP (more frequent advertisement received) Nov 14 04:58:39 atlas kernel: carp3: MASTER - BACKUP (more frequent advertisement received) Nov 14 05:53:27 atlas kernel: carp3: MASTER - BACKUP (more frequent advertisement received) Nov 14 06:01:12 atlas kernel: carp3: MASTER - BACKUP (more frequent advertisement received) Nov 14 06:03:36 atlas kernel: carp2: BACKUP - MASTER (preempting a slower master) Nov 14 06:03:36 atlas kernel: carp0: BACKUP - MASTER (preempting a slower master) Nov 14 06:03:36 atlas kernel: carp1: BACKUP - MASTER (preempting a slower master) Nov 14 06:03:38 atlas kernel: carp3: BACKUP - MASTER (preempting a slower master) Master Backup (in normal state) #sysctl -a | grep net.inet.carp. net.inet.carp.allow: 1 net.inet.carp.preempt: 1 net.inet.carp.log: 2 net.inet.carp.arpbalance: 0 net.inet.carp.suppress_preempt: 0 all NICs - 3Com 3c905C-TX Master: #ifconfig | grep -A2 carp carp0: flags=49UP,LOOPBACK,RUNNING mtu 1500 inet 10.1.1.3 netmask 0xff00 carp: MASTER vhid 1 advbase 1 advskew 10 carp1: flags=49UP,LOOPBACK,RUNNING mtu 1500 inet 10.1.2.3 netmask 0xff00 carp: MASTER vhid 2 advbase 1 advskew 10 carp2: flags=49UP,LOOPBACK,RUNNING mtu 1500 inet 10.1.3.3 netmask 0xff00 carp: MASTER vhid 3 advbase 1 advskew 10 carp3: flags=49UP,LOOPBACK,RUNNING mtu 1500 inet 10.1.4.3 netmask 0xfff8 carp: MASTER vhid 4 advbase 1 advskew 10 Backup #ifconfig |grep -A2 carp carp0: flags=49UP,LOOPBACK,RUNNING mtu 1500 inet 10.1.1.3 netmask 0xff00 carp: BACKUP vhid 1 advbase 1 advskew 20 carp1: flags=49UP,LOOPBACK,RUNNING mtu 1500 inet 1.1.2.3 netmask 0xff00 carp: BACKUP vhid 2 advbase 1 advskew 20 carp2: flags=49UP,LOOPBACK,RUNNING mtu 1500 inet 10.1.3.3 netmask 0xff00 carp: BACKUP vhid 3 advbase 1 advskew 20 carp3: flags=49UP,LOOPBACK,RUNNING mtu 1500 inet 10.1.4.3 netmask 0xfff8 carp: BACKUP vhid 4 advbase 1 advskew 20 Master: #netstat -ni |grep carp NameMtu Network Address Ipkts IerrsOpkts Oerrs Coll carp0 1500 Link#12 311894 1 5926852 0 0 carp0 1500 10.1.110.1.1.3 42293866 - 263238 - - carp1 1500 Link#13 48653 1 5663615 0 0 carp1 1500 10.1.210.1.2.3 153785957 -0 - - carp2 1500 Link#14 48661 1 5663615 107 0 carp2 1500 10.1.3/24 10.1.3.3476782 -0 - - carp3 1500 Link#15 48974 1 5663634 1155 0 carp3 1500 10.1.4.3/ 10.1.4.3 6885622 -0 - - Backup: #netstat -ni |grep carp NameMtu Network Address Ipkts IerrsOpkts Oerrs Coll carp0 1500 Link#12 35221 0 6437 0 0 carp0 1500 10.1.110.1.1.3 8699 -0 - - carp1 1500 Link#13 35220 0 6438 0 0 carp1 1500 10.1.210.1.2.3 86000 -0 - - carp2 1500 Link#14 35221 0 6437 0 0 carp2 1500 10.1.3/24 10.1.3.3 0 -0 - - carp3 1500 Link#15 35190 0 644323 0 carp3 1500 10.1.4.3/ 10.1.4.3 958 -0 - - Thanks in advance! I could be talking nonsense but still... Have you tried adjusting the advskew and advbase parameters? Another thing. Are the NICs reliable? Have you tried with a different NIC? Looks like you don't have a faulty NIC here. So it could be the other possibility.
Re: master-backup CARP issue
On 15:23:49 Nov 14, Eugene wrote: No, actually i haven't tried to play with advskew and advbase parameters, and I'll give it a try, thanks. I'll report results if it helps. Yes, NIC's seemed to be reliable. If I should try a different NIC then which one should I switch, all 4? I dunno buddy. I would rather you first try to play with the advskew and advbase parameters. In case that doesn't work then you can go for plan B. There is a very remote chance of a faulty NIC causing trouble here. So let us get to it only when warranted. Best, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: PF, bridge, states and window scaling problem
On 23:42:20 Nov 12, Erik Osterholm wrote: My understanding (and please correct me if I'm wrong) is that keeping state requires fragmented packet reassembly, which can break some applications. You mean that you cannot support broken applications if you do reassembly? Packet reassembly happens if you use a scrub rule as well. The main problem with fragmentation leaving aside all performance and security considerations is that you cannot figure out anything useful from the IP fragments. The headers simply lack enough information for you to deduce anything. Reassembly does have an overhead..you can perhaps mention a delay involved in waiting for all fragments to arrive. But AFAIK it only helps if you reassemble. Never hurts. I am not aware of any breakage due to reassembly. ( But I could be ignorant). Now I specifically asked about scrub because scrub does a lot of other things which might correctly break broken applications. I just wanted to give him enough rope. Very likely scrub causes no harm. Neither would keeping state... Also, I've always followed the conventional wisdom that bridges shouldn't keep state. A posting from the maintainer supports this: http://lists.freebsd.org/pipermail/freebsd-pf/2005-September/001481.html Maybe this has changed--I'm not sure, but so far I haven't seen performance issues with pf and if_bridge without keeping state, so I haven't been worried about it. I just read the post you linked. Thanks. :) I would imagine that bridges would make things difficult for pf. I have never worked with bridges , so I cannot comment. Sorry. regards, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: PF, bridge, states and window scaling problem
On 18:57:34 Nov 13, Girish Venkatachalam wrote: I just read the post you linked. Thanks. :) I read the post once again and it looks as though I understood what is mentioned there. The 'no-df' in scrub rule clears the Don't fragment bit in the IP header. When a host wrongly sends fragmented packets with the DF bit set, this scrub rule correctly resets the DF bit. Now since the host made the mistake of sending a fragmented packet with DF bit set ( this is like saying Please don't fragment my packet, but I myself have fragmented. Odd...) no-df scrub rule causes trouble. Scrub never causes trouble with properly formed packets. regards, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: PF, bridge, states and window scaling problem
On 15:53:38 Nov 13, Alupului Costin wrote: When that client tries logging in to Yahoo Messenger I can see an increase in the number of state-mismatch reported by pfctl -si. There are states established, but after a while the packets simply do not match the states created. Also they will not create new states and nor will they match a catch-all rule which follows. Have you tried bumping up the state expiry timeout values? I have tried using flags S/SA with the filter rules. The result was that states were created, but not matched by the rest of the packets in the stream. Packets would just match a catch-all rule that follows the above mentioned rules. Still it was better because the connection wouldn't just stall, but after all that was not statefull inspection anymore... States are established and looked up based on unique 5 tuples or whatever. I don't expect a bug here. I think the packets that do not match the existing state entries have different keys into the state lookup table. IOW they don't form part of the same stream. I have tried the same setup (without the queues) on a router and I used keep state on all the rules (even the inbound ones). Works perfectly. So I guess the problem really is the bridge. In that case I would kindly suggest that the pf.conf manual page should mention that statefull firewall has an unpredictable behaviour on bridges. I.E. you can not create states on inbound rules at all although filtering works. Another problem is that states created by outbound traffic don't seem to take into account the window scaling when the client uses that. I was a big fan of the bridge setup simply because it is transparent and I would choose the bridge over the router setup anytime, provided that it would work properly (i mean statefull firewall). But bridging is more complicated to manage and this problem seems to point to that. Also did you read the other post? There is some info about bridging caused state mismatches. I always flushed the old states over and over again. The flags did not help me. As I mentioned earlier they did establish the connection on the SYN packet, but the rest of the packets in the flow did not match that connection. In that case I am pretty much exhausted. I can't think of any other possibility. Have tried without normalization, without fragment reassembly, with no-df... Pretty much all the combinations... I will answer here to Erik Osterholm also: Performance really is an issue here when I give up statefull inspection. The firewall contains roughly 2000 filter rules and the traffic passing through is 20kpps at peak hours. So it is a huge difference between statefull and stateless filtering. If I drop the stafefull filtering the machine simply cannot handle all the traffic, or in the best case scenario it develops quite some latency. Indeed. Stateful firewalling improves performance by a huge magnitude due to the shortcuts that packets take instead of having to descend down the pf ruleset. regards, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick question about PF and ALTQ
On 10:17:52 Nov 12, Peter Boosten wrote: Yu, it does. Very nice explanation, thanx. NP. Thanks. Well, it's actually quite simple: our internet access line, which is used by several people (directly, without a proxy server, but with a FreeBSD firewall). Our management wants to block unwanted traffic (so not: wants to block unwanted sited - which would be very easy), like p2p and online radio, since this traffic is: - non business related - bandwidth consuming In that case you don't need QoS at all. Just use pf for it. Refer to the first mail I sent in this thread. All the info you need is right there. Don't worry about altq. Best, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick question about PF and ALTQ
On 14:03:29 Nov 11, Peter Boosten wrote: Hi all, One quick question: is it possible to filter specific kinds of traffic with altq, traffic that is not bound to specific IP addresses, like online radio? Looks like I finally understood what you want. You want to block the protocol from/to *any* IP address. This is easily done. block all pass out all to { http smtp ftp } This is a very cruel ruleset. :) Instead you actually want this one. nonbusiess= { 522 bittorrent ... } block quick drop out all to port $nonbusiness As you can see using pf, you can leave out anything. That is the power of this marvelous creation. It gives tremendous power to firewalls. In fact I would venture to say it is the best software available for firewalling functionality. Best, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: PF, bridge, states and window scaling problem
On 22:08:03 Nov 12, Alupului Costin wrote: I seem to have quite a problem with PF. I have set up a bridge to shape my upstream traffic. I use ALTQ with hfsc discipline; but that's not really important. My problem comes with the filter rules. I have to use keep state because of the speed benefits (really I don't have a choice), One should always keep state. but PF has a problem when the clients passing traffic through the bridge use TCP window scaling. Here is an example of four filter rules that I thought should work to pass the traffic from one client through the bridge and create a state: pass in quick on vlan0 from any to anIP/32 pass out quick on vlan0 from anIP/32 to any keep state queue ul_client pass in quick on vlan1 from anIP/32 to any pass out quick on vlan1 from any to anIP/32 keep state queue dl_client The above rules generate state-mismatches. Didn't get you. What sort of mismatch? I thought that would be because pf doesn't see the SYN packet, although it does (one of the out rules) and should create the state then... I tried writing all the rules with keep state (even the inbound ones) but then nothing would work at all. My intention was to create if-bound states, but I switched back to floating states in the hope that pf would associate the state created by an outbound rule with the traffic returning on another interface of the bridge; still didn't work. Have you tried adding flags S/SAFR to the filter rules? Try it and let me know. I have read the man page for if_bridge and set the following sysctl variables: net.link.bridge.pfil_onlyip: 1 net.link.bridge.pfil_bridge: 0 net.link.bridge.pfil_member: 1 I have also read some posts on the web that said that pf simply doesn't have all the hooks necesary to do the filtering inbound and outbound, but reading the pfil man page I seem to disaggree with that. What do you mean? ? Has anyone encountered the same problem? And, more important: if i give up the bridge setup and switch to routing, would that have any effect? I.E: will I then be able to use keep state with the inbound rules? Try it. Routing changes the topology a good deal. But I doubt if that is the issue here. No harm in testing though. Any help at all would be hugely appreciated as I am trying for about a week to sort out this problem and can't seem to get any closer. The only solution was to kindly ask my clients using TCP window scaling (Vista mostly) to turn off this feature... Now I am seriously considering bumping my bridge to a router but I am not sure that the problem will be solved then. Try adding the flags switch as mentioned above. That way the states get established only from a TCP Syn packet. You should also try flushing the old states using pfctl(8). Oh, here is the setup of the bridge from rc.conf, although there shouldn't be any problems there (the bridge works fine without pf, or with pf stateless): Stateful filtering is always recommended. Performance is not the only reason why you should use it. It also adds to security. Have you tried disabling normalization/scrub? Best, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick question about PF and ALTQ
On 14:03:29 Nov 11, Peter Boosten wrote: Hi all, One quick question: is it possible to filter specific kinds of traffic with altq, traffic that is not bound to specific IP addresses, like online radio? Yes. Not altq(It is for QoS). But pf can of course. :) localip = www.shoutcast.com radioport = 554 block quick out on fxp0 proto tcp from any to $remoteip port $radioport Here is an example for you lift and plonk into your /etc/pf.conf. :) Best of luck! Obviously the IP and port are fictitious. This will block all the incoming traffic from any internal IP to the online radio service. Hope this helps. regards, Girish What is the port for online radio? Many use http. If you want to block RTSP, then I guess it should be 554 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick question about PF and ALTQ
On 18:49:37 Nov 11, Peter Boosten wrote: Thanks for your answer, although that's not quite what I'm looking for: Okay. Find my answer below. I know it's possible to 'shape' the traffic with altq, so it's possible in theory to shape certain kind of traffic to almost nihil. Smart devices like packetshapers (and even some proxy appliances like Blue Coat) have separate categories for streaming media, so I was wondering if PF and altq could do the same. Well I have no idea about appliances or commercial software. I can however tell you what I know. I have never tried these things but I can tell you what I have understood. First and foremost you can only shape outgoing traffic. You cannot do QoS with incoming traffic. You might be able to manipulate things a little but you have far more power when it comes to deciding how you want others to receive packets from you. This is the basic idea. You can only do traffic shaping with egress traffic. Not with ingress traffic. Now, pf + altq can do very sophisticated traffic shaping. There are three categories of queuing disciples supported by pf. a ) class based queuing (cbq) b ) priority based queuing (priq) c ) hierarchical fair service curve (hfsc) Each of these mechanisms have pros and cons and you have to pick one of them based on your requirements. The configuration for basic QoS management consists of three steps. 1) The altq statement ( which interface to work on , how much bandwidth you want to play around with and also the queuing discipline (one of the above) 2) You have to define the queue rules to determine how the total bandwidth in the above line has to be split amongst the various categories. Typically they are split into multiple queues based on port numbers but other possibilities also exist. For instance you will want to allocate bulk of the bandwidth for important mail traffic and browsing but you want to restrict p2p and other protocols. It is the queue lines that also determine what to do when there is congestion. (IOW most of the tweaking happens here :) 3) Next step is to use the pf filter rules to allocate which queues to use for handling which traffic I shall illustrate with an example. This is not my own. I am taking it from the pf man page. 1) altq on dc0 cbq bandwidth 5Mb queue { std, http, mail, ssh } 2) queue std bandwidth 10% cbq(default) queue http bandwidth 60% priority 2 cbq(borrow red) \ { employees, developers } queue developers bandwidth 75% cbq(borrow) queue employees bandwidth 15% queue mail bandwidth 10% priority 0 cbq(borrow ecn) queue ssh bandwidth 20% cbq(borrow) { ssh_interactive, ssh_bulk } queue ssh_interactive bandwidth 50% priority 7 cbq(borrow) queue ssh_bulk bandwidth 50% priority 0 cbq(borrow) 3) block return out on dc0 inet all queue std pass out on dc0 inet proto tcp from $developerhosts to any port 80 \ keep state queue developers pass out on dc0 inet proto tcp from $employeehosts to any port 80 \ keep state queue employees pass out on dc0 inet proto tcp from any to any port 22 \ keep state queue(ssh_bulk, ssh_interactive) pass out on dc0 inet proto tcp from any to any port 25 \ keep state queue mail As you can see the first line is the altq directive. You have defined a list of queues (std, http, mail, ssh) and also mentioned that you want to use class based queuing. Then the queue rules determine how individual queues should share the bandwidth amongst themselves. But we are not quite done yet. The most critical step is the filter rules that determine when to queue traffic and which queue to assign to. That happens in 3). It should be self explanatory. Please note that we have used pass out which corresponds to my main idea of determining how traffic leaves our network. Once data arrives on the interface, it is already too late to do QoS manipulation. This is not completely true (you can do bandwidth throttling) but at least relatively speaking this idea appears to be correct. Your solution works, however you'll have to know what sites are being visited in order to block them entirely. Hope the above explanation suffices. Can you clarify your needs a bit more? Thanks. Best, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ' Openssl.cnf ' and ' .rand ' file
On 11:22:10 Nov 10, White Hat wrote: openssl 0.9.7e-p1 25 Oct 2004 I have not been able to find an answer to this question on Google, so I figured I had better ask it here. In the '/etc/ssl/openssl.cnf' file, there is an entry for: RANDFILE= $dir/private/.rand# private random number file Well, that file does not exist. I cannot find it anywhere on my system and I have not been able to figure out how to create it. Also, where could I locate some information on the 'openssl.cnf' file. There does not appear to be a 'man' page for it. I would like some more information on what all of the settings mean and possibly how to set them for my particular needs. Why do you want it? You can use the openssl rand command for doing what you may be wanting to do. $ openssl rand 1 if you want binary output of length 1 bytes or you can use the -base64 switch for ASCII output. (You don't need the RANDFILE which is probably a seed or something) Most parts of OpenSSL are not documented properly and the source code is immensely hard to follow. I have worked with the guts of OpenSSL long ago and in spite of working with it for a long time, I have always found it hard to follow what happens where. :) The code is one of the most intricate uses of the wonderful C language. :) Enjoy the fun! :) Thanks. regards, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: skype with garbled characters
On Sat, Sep 22, 2007 at 07:37:42PM +0200, Karol Kwiatkowski wrote: Girish Venkatachalam wrote: Hello all, I am not able to use skype with FreeBSD 6.2. It installs fine after a CVSup of the ports tree. But whenever I try to run it, I get a screen like this. http://koushikn.fastmail.fm/skype.png All my efforts at resolving failed. Hello Girish, I've had similar problem[1] some time ago and it was solved since then. Anyway, can you check your fonts.conf file? It should output something like this: % $ grep dir /usr/compat/linux/etc/fonts/fonts.conf % !-- Font directory list -- % dir/usr/local/lib/X11/fonts/dir % dir~/.fonts/dir In my case fonts are located in /usr/local/lib/X11/fonts. What about your setup? If that's the problem recompiling x11-fonts/linux-fontconfig should take care of it. Dear Karol, I got it working! Many thanks! The issue was this. # cd /usr/ports/x11-fonts/xorg-fonts # make install I had missed this step. This installed fonts under /usr/local/lib/X11/fonts I guess the default dependency tree for skype does not include this. I wonder how to submit a patch for this. I have always enjoyed using skype under FreeBSD much more than linux. :) That way I don't have to use linux. :) Thanks once again. regards, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
skype with garbled characters
Hello all, I am not able to use skype with FreeBSD 6.2. It installs fine after a CVSup of the ports tree. But whenever I try to run it, I get a screen like this. http://koushikn.fastmail.fm/skype.png All my efforts at resolving failed. Please help. Best, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: which web mail / calendar to use
On Tue, Jan 02, 2007 at 11:43:33AM +0100, Michael Grant wrote: I'm looking for a web mail and calendar to install on my freebsd box. Ideally something web 2.0 like gmail and google calendar is what my users are after. In some searching around, I turned up Hula (http://hula-project.org) and Zimbra (http://www.zimbra.com). Both have open-source versions. Zimbra seems more mature. Neither seems to be easy to install on an existing freebsd box and both seem to replace everything including the mailer and popd/imapd. It's not clear to me if anyone has ever succeeded in getting Hula working on Freebsd. Has anyone had any luck with any other packages? roundcube seems to be the most talked about Ajax webmail software out there. I would go for a simple Javascript web calender. I am yet to find one since I never looked for it. :) Hope this helps. regards, Girish -- When your mind is purified like a mirror knowledge is reflected in it. Adi Sankaracharya, Hindu saint ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: chroot, performance security
On Wed, Dec 27, 2006 at 10:16:31AM +0100, VeeJay wrote: Hi I have made partations on my web server like at very outer edges of the disks, I have /, then /var, /tmp, /usr and in the end /home. Since I read that Data modified used often should be placed at close to outer edges as possible. So, I am having all logs (apache, ftp, mysql and other logs) under /var/logs I have all my mysql DBs under /var/mysql/db But if for Security reseasons, I want to chroot apache, mysql and ftp under /home, then along with all executables and liberaries I have to move all logs, DBs under /home/chroot But then I think, If I move all these data from /var... I miss performance? You need not have created so many partitions because it is going to hurt you now when you have to chroot. :) Apache running under chroot means lot of things. OpenBSD has done it by default and it means that all the files that users host have to be under the chroot. All the DSOs have to be accessible as well. chrooting ftp or sftp is not much trouble. I think a simple google search will tell you how to run sftp under chroot. I would suggest that along with chrooting ftp. mysql should not give u much trouble but then I never use it. I am a postgresql guy... Best of luck! regards, Girish - When your mind is purified like a mirror knowledge is reflected in it. Adi Sankaracharya, Hindu saint ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [ot] can I have an account on your host? (so that I can edit wikipedia)
On Fri, Dec 22, 2006 at 11:59:59AM +0800, ? wrote: Hello. I am from China and I'd like to contribute to wikipedia, but this is not easy / possible because we cannot access wikipedia from inland (the great firewall) and my usual method accesssing wikipedia (through ssh -L 80:en.wikipedia.org:80 my_server_in_german) can allow me to visit wikipedia but do not allow me to edit it (open proxy, your host IP address is detected to be belonging to a hosting company). Can I have an account on your host (or maybe not an account, any means let me access wikipedia from a host that is not in datacenter) so that I can go on editing wikipedia? I. this account don't need to have any privilege but only able to do TCP port-forward, or if you can set up stunel for me you don't need to create an account (the connection between your host and mine must be SSLed because our firewall is context based; II. your host better be online most of time, even in the night; III. I'll give you my public key so that you don't need to open password authentication of sshd; IV. even if IP address is not fixed, if there are dynamic domain name set up, I can also use that; V. If there are better ideas how I can edit wikipedia, please let me know; My public-key (long line!): ssh-dss B3NzaC1kc3MAAAEBALM/Ts0BK9LsVgTTnDSdPyKAYpTcdJAq2rdRmaZ+0kfgiwfuMCIGttWqMFigi4IVPziKJYxc+x7ahj3CVRq3CwrjRUr8uxJvJvF8L48odHVy3ZPDac9vQouySaPURLceopXNzK/QK6pIzgOKRVe1wkc2XrE8MFepchD+JynyxnEeY0so4JSJ+P/az2gryVVW0Ci/xvSIguKkAwFsJbfU8AG5HQuIpzjM7FHFE3bjqWEH8YPX9EtdsiiifwhsqTLbT2mvh6Lns3e3j9TrZoikxmJz4Bhb6Ao2VMNL1FJeu7Tq5Qj+R4uwGxbVRNy+rXZCESzguHNGfjLsZpfXKOZ9CTkVAOCOtrSRrPYov3EXjIof11WBc3thAAABAQCStUXSbYDcYgKWoMs/cFDXOjfJn8jDnaDsihZ4tUagc0T701U0aMOM22rBwcZWM+JO7G0K5CJHPC7eEEc49DwBSHLIySTnrgLOwPNsEvfCvNH6oXfvdm1oU/BRd7lPAvq/AQHqJ8upw5KjQ6kTKIRQVnkqy5TVrNkg4FFnNyplqMAuRNF4Oxxvkm9F7fdkHuTlxaoXk/X6etDPGkSb6VeXj5FY+LU2JmUEkF7cGG6t2tAFiCyqMOmgyRDleph7aP5GkCiYEdqcL81peRaA3ACly9EjFYAn8Sk4znVc6ReGWKkvqpTOzovNhw/Gjrhef8c3rjwSw5jp1TStDOai8jgqAAABAAgVAQBYwm8dZlzkUIccPha/YxPfDCpSwD7H4T/jxBqRgL7+JkjDip5KfNPgu1altPD3kVzsLahXo83WJPmOkzaquTDa6DohGa3dcYW5yp24xOaV3LLUMyCECBZbrj053Xk9F1/MusCLpDWBl7CekkucIbxgIr6sCrHibFiC5gFKf/eCCwk0jjpl/HwsQGmBzOmtWGcp6x/2gL2QoFggqcW1vdIvgZ62UykrAvuO/Hq6iBJC147Ri1ivd6P7GMB/Gqq+M03KusUWTgiJdqR8zlouljovafdCwkL00dZwowNe57ufoxg8/UtbDytR7K2/urQEwYBdw/dUEJWg2RlRoHg= [EMAIL PROTECTED] P.S. I use my root to connect because normal user cannot open port 80, hope this is not a problem. (having a port number like 8080 is not so convenient for sometimes I need to access it behind restrictive LAN firewall) I think you need tor http://tor.eff.net Best of luck! regards, Girish -- Linux is for folks who hate Windoze. FreeBSD is for folks who love UNIX. OpenBSD is for folks who can't live without UNIX. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [ot] can I have an account on your host? (so that I can edit wikipedia)
On Thu, Dec 21, 2006 at 11:32:03PM -0600, Paul Schmehl wrote: I think you mean http://tor.eff.org/ Oops! Bummer! I usually check the links before the send button but ... Sorry about that. regards, Girish -- Linux is for folks who hate Windoze. FreeBSD is for folks who love UNIX. OpenBSD is for folks who can't live without UNIX. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Network Drivers for FreeBSD5.4
On Wed, Dec 20, 2006 at 09:57:17AM +0530, Abhijit Kumbhar wrote: Hi, I m writing a virtual ethernet interface for FreeBSD5.4.I went through the documentation on Writing FreeBSD Device Drivers and depending on the loopback interface code developved a code similar to loopback interface but with interface type as ethernet.The module is getting compiled without error but when i m trying to load it m getting the error as file not found. So can i get some more documentation on Network Device Drivers to refer . Also the documentation about Bill Paul's network drivers.Please let me know asap. Something tells me this question should be in hackers@ Don't you think so? :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 6.1 max sockets
On Thu, Oct 19, 2006 at 11:24:30PM +0800, ke han wrote: I am writing a socket server deamon in C++ on FreeBSD 6.1 (or 6.2 if this matters to your answer). What this does is accept many sockets and does a little work with each. Each socket has low traffic but stay connected for long periods. All these sockets get accepted through one public ip:port (if this matters). So my desire is two things: 1 - good event handling for knowing which sockets have new data. I assume kqueue is the way to go here? 2 - I need to know what my limits are on max number of sockets. If my system is a 64-bit install on a server with 8GB RAM, I need to know how many sockets I can handle. Also, what options do I have to tune this? socket buffer size? Any kernel parameters needed to tune? As Chuck said select(2) is a good choice. That is what I used. kqueue() is more powerful and certainly much better when it comes to handling large number of sockets since kqueue(2) is very efficient when it comes to polling sockets for events. If you use select, the problem is that if you have say 2000 sockets and only one socket is available for read/write, then select has a stupid algo to figure out. Doesn't scale well. But kqueue(2) is very good at that sort of thing. Also kqueue() has a built in event mechanism that can be extended for signals and files also. If the sockets stay connected for long periods you may also want to enable TCP KEEPALIVE flag on the sockets. I don't think RAM and processor will be the bottleneck for you. Since in typical scenarios number of concurrent connected sockets don't usually hit such high limits. They come and go... HTH. Best of luck! regards, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 6.1 max sockets
On Fri, Oct 20, 2006 at 04:17:52PM +0800, ke han wrote: Thanks for the reply. This app is intended to keep 20,000++ sockets alive at a time. These sockets are very long lived. I understand about kqueue. I will eventually write for this. What I need to understand are the various kernel tunings required to handle 20,000++ active sockets. I would like to approach the theoretical max...is it 64k? That is, is the absolute max socket descriptors 64k? any thing else in the way of this maximum? I only have to say Sorry, I don't know for this question. :-) I hope other more experienced folks in this list will help you. I can give you just a thought however. If you have such massive requirements if I were you I would do the socket handling inside the kernel itself. That way you avoid the very expensive user space/kernel space context switch and also go in for some embedded system suited for this sort of thing. Perhaps I am talking rubbish. If so please pardon me. :-) Best of luck! regards, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem updating mplayer
On Tue, Oct 17, 2006 at 10:37:04PM -0500, ajm wrote: Try the following as root or su to root cd /usr/ports/multimedia/mplayer make config then deselect from the menu the Win32 option make install clean note: you will not have win32 codecs support Normally with mplayer I just download the latest and greatest from mplayerhq.hu and just hit configure gmake... As to win32 codes, it is just a binary blob you have to unpack to a standard location. I have it unpacked under /usr/lib/win32 in my box. The instructions are clearly given in the mplayer website and the associated html documentation. Sorry, I am not able to get that out of the top of my head since it is a whie since I did that. The advantage is that you have latest and most optimised mplayer for your platform. You may prefer the ports install strategy if you are a puritan... HTH, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's so compelling about FreeBSD?
On Tue, Oct 17, 2006 at 10:28:40AM -0700, Simon Gao wrote: Even though there are many Linux distributions, but Linux core pacakges are the mostly the same. The differences are mainly in window manager and GUI applications. No matter which Linux distribution, kernel 2.6.16 is always the same. When it comes to X window, it's xorg across the board. Wrong. Different vendors patch the stock linux kernel. Remember that linux has moved device handling to userland. And when the kernel itself is not same across distros what to talk of userland? My God, it gets really messy. Ubuntu stopped using /sbin/hotplug but Gentoo is still using them. Damn, there is much more confusion in the linux world than in Windoze... Damnit, but I have no bloody choice. I don't wany to buy an expensive piece of hardware like a DVB card or webcam ; then come home and find that the most precious buy is not worth a penny bcoz FreeBSD doesn't support it. At least for the really price conscious customer like me, linux has made my day. I was really surprised to find that both my webcams are supported in linux. Not with the stock kernel but with some add on. You guys sit and lament about the quality of linux code and the presence of bugs. But there is no gainsaying the fact that at least my hardware is supported albeit buggily or ineffectively... I think it is neither practical nor always possible to figure out what hardware is supported in FreeBSD and what is not. However to quote my own experience my expectations from FreeBSD has been rather modest and has never disappointed me. The support on old machines and performance simply rocks! regards, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's so compelling about FreeBSD?
On Tue, Oct 17, 2006 at 10:28:40AM -0700, Simon Gao wrote: Even though there are many Linux distributions, but Linux core pacakges are the mostly the same. The differences are mainly in window manager and GUI applications. No matter which Linux distribution, kernel 2.6.16 is always the same. When it comes to X window, it's xorg across the board. Wrong. Different vendors patch the stock linux kernel. Remember that linux has moved device handling to userland. And when the kernel itself is not same across distros what to talk of userland? My God, it gets really messy. Ubuntu stopped using /sbin/hotplug but Gentoo is still using them. Damn, there is much more confusion in the linux world than in Windoze... Damnit, but I have no bloody choice. I don't wany to buy an expensive piece of hardware like a DVB card or webcam ; then come home and find that the most precious buy is not worth a penny bcoz FreeBSD doesn't support it. At least for the really price conscious customer like me, linux has made my day. I was really surprised to find that both my webcams are supported in linux. Not with the stock kernel but with some add on. You guys sit and lament about the quality of linux code and the presence of bugs. But there is no gainsaying the fact that at least my hardware is supported albeit buggily or ineffectively... I think it is neither practical nor always possible to figure out what hardware is supported in FreeBSD and what is not. However to quote my own experience my expectations from FreeBSD has been rather modest and has never disappointed me. The support on old machines and performance simply rocks! regards, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's so compelling about FreeBSD?
On Tue, Oct 17, 2006 at 03:02:26PM -0800, Peter A. Giessel wrote: I don't mean to be rude, but if hardware support is your only criteria, why not just run Windows? If you don't care that its buggy or ineffective, and you don't want to check that it is supported before you buy it, you just want it to support everything, it would seem to me that Microsoft's OS is the obvious choice NP, you are not rude at all. :-) I never said hardware support is the only criterion. I want hardware to be supported using UNIX semantics... I would love to port some important drivers to FreeBSD if that will help. regards, Girish -- Duty for duty's sake without hope for reward or fear of punishment ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's so compelling about FreeBSD?
On Mon, Oct 16, 2006 at 12:35:13AM -0400, Andy Harrison wrote: On 10/15/06, William Tracy [EMAIL PROTECTED] wrote: So, basically, I'm asking you guys to wow me. :-) Show me how FreeBSD can outdo Linux. Make me never want to go back. Ah well, you have to experience it. No amount of convincing or intellectual gymnastics will help you. Know that in the software ecosystem there is a place for everything. There are situations in which you have to use linux and even Windoze. But things are so vibrant that more and more Windoze apps are available in linux and FreeBSD and also in NetBSD and OpenBSD. Personally for me linux has very good support for a wide range of TV cards, remote controls and other rare hardware. BSDs also have support but somewhat limited. FreeBSD gives you CCD,GEOM,GDBE, netgraph and various other features hard to find in other OSes. Some equivalents exist but not as good. OpenBSD has very good IPsec , pf , BGP and other networking stuff. pf is also available on FreeBSD but I doubt if it is as well integrated and feature rich as OpenBSD. Linux has a lousy file system and is somewhat unstable and will throw surprises if you stress it or use it in unexpected ways. Whereas BSDs have very very good stability. For instance FreeBSD will give roughly 20 to 30% better overall performance compared to Linux. This is subjective and dependent on various factors but this has been my experience. In terms of packages FreeBSD I think has the largest number since it can emulate linux binaries too. I can go on but I suggest you try things with an open mind. If you like it, stick to it , else go back. Nobody is forcing you. But remember, give it enough time and be open. regards, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Openssl 0.9.8c woes
I keep using my old certs, btw (the ones I paid good money for). Geez, I really hope I don't need to upgrade those. Still, that's no reason for Apache to core dump, right? Anyway, I appreciate your input. STFA Apache and ssh will go mad if the openssl symbols dont resolve... You don't have to upgrade ur certs or anything. Just do this. #cd /usr/ports/security/openssl #make reinstall Let me know how it goes. Best, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Openssl 0.9.8c woes
On Thu, Oct 12, 2006 at 06:33:38PM +, Mark wrote: What is up with openssl 0.9.8c? Or rather, with me installing it. :) I compiled it, installed it, and everything went seemingly well.. until I used it: (recompiled) httpd core dumps the moment it tries and load a certificate; same with stunnel, which really trips saying function are being called that really shouldn't be called (?). Apache (1.3.37), php4.4.4 and all related stuff recompiled against the new openssl (confirmed with ldd). And all seem to need: /usr/local/lib/libssl.so.4 /usr/local/lib/libcrypto.so.4 Which are there: -r--r--r-- 1 root wheel 263434 Oct 12 08:14 /usr/local/lib/libssl.so.4 -r--r--r-- 1 root wheel 1337303 Oct 12 08:14 /usr/local/lib/libcrypto.so.4 Is there something in the openssl upgrade process I'm missing? Ought to be a real straghtforward process. Things have a way of not being, though. :) Thanks, - Mark You seem to have done something ominous. :-) FreeBSD supports keeping multiple simultaneous versions of shared objects. I guess you could have gone that way. Anyway go to ports dir and reinstall it. Otherwise you will have trouble. regards, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD OpenSSL broken
Hi, I have been seeing scp xfers failing mysteriously with a Corrupted MAC on input error. This occurred more or less sporadically but for huge files it was sure to occur. I suspected the ethernet card and got it changed. Next, I suspected RAM since I used to get failed compiles saying internal compiler error and sefault. This had nothing to do with the other problems since if I issue compile again it used to go thro'. And the md5 and sha1 commands never worked. They always used to give corrupted results. Then I just gave up and moved on. I tried installing gentoo on that machine and did a memtest and it went fine. Anyway coming to the point, I am running 6.0 FreeBSD. I have come across the following cases. a) A person in Sweden had trouble with HTTPS and I solved it by reinstalling OpenSSL (check the archives, I think it was more than two months ago) b) Recently two persons had severe trouble with OpenSSH At last I tried the same medicine I have been prescribing to others and with God's grace :-) , my MD5 and SHA1 started matching... I have other machines in LAN running OpenBSD and Debian. I try matching the checksums with those boxes. And the only common factor and culprit is ... yes, OpenSSL. I urge all of you to make life simpler with this. # cd /usr/ports/security/openssl #make deinstall (it may fail, no problem :-) #make reinstall Enjoy guys! :-) I might fix the real problem if I get time. Or one of u can too. What makes me wonder is how come this problem has gone unnoticed for so long... regards, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sshd stalling upon login
On Wed, Oct 04, 2006 at 02:31:30PM -0700, Noah wrote: Wayne wrote: Noah wrote: I put that in there and that did not work. there is still a stall. any other clues? Are you running sshd by it self or trying to start it from inetd? sshd is run on its own without inetd. in fact I think portmap is dead on the box. Try this. It might help. #cd /usr/ports/security/openssl #make deinstall #make reinstall Restart sshd and test. Best, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: minimum requirements
On Fri, Sep 29, 2006 at 11:48:26AM -0400, Jerry McAllister wrote: I don't know what the current absolute minimum to run values would be. So recommended minimums would be somewhat subjective and depend on the intended use of the machine and the number of ports and user accounts you might put on it. For a personal work station with only a few ports, but not a stripped DNS server or something, I would recommend at least 512 MB memory and 18 GB disk and 1.5 GHz CPU with at least 400 MHz frontside bus. More and faster is nice. A stripped router or DNS server might get by with 1/4 the memory and 1 GB disk and a much slower CPU. A loaded desktop that included web server and web based utilities such as database services, Email and list services, etc might do better to start with 1 GB memory and 72 GB disk and 2 Ghz CPU and storage would go up from there depending on the size of things you are serving. jerry I am happily running FreeBSD 6.0 on 233 Mhz 128 MB RAM machine. It has given very good performance with very little cause for complaint. It is my workstation/desktop. I am not aware of any theoretical limit on hardware config for FreeBSD. Please remember to config a big enuf swap partition if ur RAM is low. regards, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Making simple colorful block diagrams for presentations
Hello, I want a simple tool that can be used for preparing block diagrams and arrows, that is all. I want to be able to use few colors, that is all. Please don't suggest openoffice or kde. I want something simple. Thanks. regards, Girish -- Whenever people agree with me I always feel I am wrong. - Oscar Wilde ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: User permissions to mount CDROM
On 8/27/06, Viswas Nair [EMAIL PROTECTED] wrote: I have been trying to figure out how to give users to mount CD rom and have been largely unsuccessful. Here are a few things I tried: 1) Added user to the 4th field (options) in /etc/fstab 2) Added vfs.usermount=1 to sysctl.conf 3) Created a group called optical and added the root and alpha to it 4) Added following lines to devfs,conf : own /dev/acd0 root:optical perm /dev/acd0 0770 own /dev/acd1 root:optical perm /dev/acd1 0770 5) Rebooted machine and tried to mount /dev/acd0 into /cdrom and it failed with the message: got the error message: /dev/acd0 Did u try adding the uid to the mount options in fstab? For instance, -o uid=1000. In fstab, u have to say, ro,uid=1000 or something. HTH, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: taking many 198k mp3 files and converting them to 16k mp3
On 8/27/06, Gary Kline [EMAIL PROTECTED] wrote: Is there a way of using sox (or another translator) to turn HUGE audio mp3 files into much much smaller files? Say taking man mp3 files that are stored at 198k high fidelity and outputting these to 16k or 32k mp3 (or *.ogg or other format) audio files? thanks for any insights, sugggestions, or pointers, gary Normally voice files dont' need the sort of fidelity ur talking about. you can make do with a much lower bit rate though i can't give u a number. u have to test it with ur ears. there are plenty of tools out there that give u what u want. sox is one and ffmpeg is another. i am sure there are many other that do as good a job. if i were u i woudnt go for ogg since it causes transcoding losses. If you had a wav file, ogg is ok but since u already have an mp3, ogg doesnt have enuf info to do a good job. HTH, Girish -- Education is an admirable thing but it is good to remember from time to time that anything that is worth knowing cannot be taught. - Oscar Wilde ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: compress films
On 8/25/06, Tsu-Fan Cheng [EMAIL PROTECTED] wrote: Hi BSDers, I am running freebsd 6.1/amd64. I sometimes download films and they are quite large, like 1.4GB or something. I want to make it smaller by using mencoder, the script I use is as such: mencoder ddd.avi -ovc lavc -lavcopts vcodec=mpeg4 -vf scale=352:240 -oac lavc -lavcopts acodec=mp3:abitrate=48 -o ggg.avi But sometimes the ggg.avi can still be a little larger than 700mB, is there any more optimization I can do, or use other app to do this better?? many thanks!! ffmpeg -i ddd.avi ggg.flv ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Accessing device files over the network
Hi, I want to make a USB flash stick. But I have USB ports only on my linux box. Whereas I would have to run bsdlabel from my FreeBSD box connected over the Ethernet. Any way out for me? :-) TIA for your patience. regards, Girish __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Accessing device files over the network
Grrr..Sorry for the faux pas! I want to make a USB flash stick bootable with FreeBSD on it! --- Girish Venkatachalam [EMAIL PROTECTED] wrote: Hi, I want to make a USB flash stick. But I have USB ports only on my linux box. Whereas I would have to run bsdlabel from my FreeBSD box connected over the Ethernet. Any way out for me? :-) TIA for your patience. regards, Girish __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Accessing device files over the network
--- Fabian Keil [EMAIL PROTECTED] wrote: Girish Venkatachalam [EMAIL PROTECTED] wrote: I want to make a USB flash stick. But I have USB ports only on my linux box. Whereas I would have to run bsdlabel from my FreeBSD box connected over the Ethernet. Any way out for me? :-) Prepare a file backed disk with the size of the flash stick, copy it to the Linux box and use dd to transfer it to the flash stick. mdconfig(8) and md(4) tell you the details. Fabian Thanks Fabian. Marvellous! I should have guessed that! Anyway this morning I was thinking under situations where this solution is not appropriate whether it was possible to access device files just by exporting the /dev filesystem thro' NFS? Will that work? Are there any gotchas? Thanks in advance. regards, Girish __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Intel Core 2 Duo E6600 cpu
--- Johan Johansen [EMAIL PROTECTED] wrote: I want to buy a pc from deltatronic.de with Intel Core 2 Duo E6600 cpu and mainbord Asus P5W. My boss says ok, if I can run FreeBSD on it. Can I? You have a good boss.:-) My boss used to make fun of me, What on earth are you running? Why don't you run linux like everybody else? Anyway FreeBSD would certainly run. Go ahead and buy it! regards, Girish mvh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: vmware on freebsd?
--- Peter [EMAIL PROTECTED] wrote: Is it possible to install VMWare Server on FreeBSD 6.0? I'm looking for comments from people who may have done this. Sorry if I am side tracking but why bother about vmware when qemu can do a much better job? Please feel free to flame me if vmware can do something that qemu cannot since I have never used vmware... regards, Girish Peter __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: HP Deskjet 720C ...
--- Kiffin Gish [EMAIL PROTECTED] wrote: I cannot for the life of me get FreeBSD 6.1 to work with my HP Dekjet 720C printer. I've tried following the directions as given in the FreeBSD Handbook, but to no avail. Can anyone help me and/or offer tips where I can look? Did you try postscript printing with a2ps and LPD? If the printer listens at TCP port 515, then I think yo u are set. Make sure you have LPRng. To test that, just try telnet hp-printer-ip 515 and see if it connects. If that goes thro' you only have to export a shell variable and you can print. export [EMAIL PROTECTED] HTH, Girish Thanks alot in advance. -- Kiffin Gish [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bad system clock
--- P.U.Kruppa [EMAIL PROTECTED] wrote: Hi, for some time now my system clock really goes wrong (some hours per day). Is there some simple way to find out if this is caused by a hardware or software problem? By simple I mean without installing a different OS or buying a new computer? My God! Buying a new computer is a simple solution? :-) I think for a few Euro cents or DM you can simply buy yourself a new CMOS battery and you should be set. You have not given enough details about your problem. Did you try installed ntp? regards, Girish Regards and thanks, Uli. * * Peter Ulrich Kruppa - Wuppertal - Germany * * ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bad system clock
--- P.U.Kruppa [EMAIL PROTECTED] wrote: On Sat, 12 Aug 2006, Girish Venkatachalam wrote: Hello Girish! --- P.U.Kruppa [EMAIL PROTECTED] wrote: Hi, for some time now my system clock really goes wrong (some hours per day). Is there some simple way to find out if this is caused by a hardware or software problem? By simple I mean without installing a different OS or buying a new computer? My God! Buying a new computer is a simple solution? :-) I think for a few Euro cents or DM you can simply buy yourself a new CMOS battery and you should be set. Wouldn't there be a complaint about low battery or something during boot up? Not always. You have not given enough details about your problem. I can't: it's just my clock going wrong. Did you try installed ntp? Yes, it doesn't help. ntpdate will set the clock correctly at boot time but soon afterwards it's all bad again. ntpdate is a one time affair. It only helps correct things when they go grievously wrong (like your case for instance). Whereas if you run ntpd then it polls a server, I use ptbtime1.ptb.de, then your clock will be corrected roughly every 17 mins(1024s) thus mitigating your problem. The real solution however lies in figuring out why your clock is getting offset by several hours. A single line in /etc/ntp.conf that says server ptbtime1.ptb.de should do the trick; after installing the ntp port or package of course. Best, Girish Uli. * * Peter Ulrich Kruppa - Wuppertal - Germany * * ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Improving Quake 3 frame rates in BSD
--- Viswas Nair [EMAIL PROTECTED] wrote: I managed to install Quake 3 but the frame rates and the mouse response is terrible. I am running the game on an intel integrated system 945g. While I know that this is not great for gamin, quake 3 is quite a old game and hence gives me pretty decent frame rates in windows. I am trying to get something playable in BSD. I get about 773 fps with glxgears and here is the output of glxinfo: name of display: :0.0 display: :0 screen: 0 direct rendering: No server glx vendor string: SGI server glx version string: 1.2 server glx extensions: GLX_ARB_multisample, GLX_EXT_visual_info, GLX_EXT_visual_rating, GLX_EXT_import_context, GLX_OML_swap_method, GLX_SGI_make_current_read, GLX_SGIS_multisample, GLX_SGIX_hyperpipe, GLX_SGIX_swap_barrier, GLX_SGIX_fbconfig client glx vendor string: SGI client glx version string: 1.4 client glx extensions: GLX_ARB_get_proc_address, GLX_ARB_multisample, GLX_EXT_import_context, GLX_EXT_visual_info, GLX_EXT_visual_rating, GLX_MESA_allocate_memory, GLX_MESA_swap_control, GLX_MESA_swap_frame_usage, GLX_OML_swap_method, GLX_OML_sync_control, GLX_SGI_make_current_read, GLX_SGI_swap_control, GLX_SGI_video_sync, GLX_SGIS_multisample, GLX_SGIX_fbconfig, GLX_SGIX_pbuffer, GLX_SGIX_visual_select_group GLX extensions: GLX_ARB_get_proc_address, GLX_ARB_multisample, GLX_EXT_import_context, GLX_EXT_visual_info, GLX_EXT_visual_rating, GLX_OML_swap_method, GLX_SGI_make_current_read, GLX_SGIS_multisample, GLX_SGIX_fbconfig, GLX_SGIX_visual_select_group OpenGL vendor string: Mesa project: www.mesa3d.org OpenGL renderer string: Mesa GLX Indirect OpenGL version string: 1.2 (1.5 Mesa 6.4.1) OpenGL extensions: GL_ARB_depth_texture, GL_ARB_imaging, GL_ARB_multitexture, GL_ARB_point_parameters, GL_ARB_point_sprite, GL_ARB_shadow, GL_ARB_shadow_ambient, GL_ARB_texture_border_clamp, GL_ARB_texture_cube_map, GL_ARB_texture_env_add, GL_ARB_texture_env_combine, GL_ARB_texture_env_crossbar, GL_ARB_texture_env_dot3, GL_ARB_texture_mirrored_repeat, GL_ARB_texture_rectangle, GL_ARB_transpose_matrix, GL_ARB_window_pos, GL_EXT_abgr, GL_EXT_bgra, GL_EXT_blend_color, GL_EXT_blend_func_separate, GL_EXT_blend_logic_op, GL_EXT_blend_minmax, GL_EXT_blend_subtract, GL_EXT_clip_volume_hint, GL_EXT_copy_texture, GL_EXT_draw_range_elements, GL_EXT_fog_coord, GL_EXT_multi_draw_arrays, GL_EXT_packed_pixels, GL_EXT_point_parameters, GL_EXT_polygon_offset, GL_EXT_rescale_normal, GL_EXT_secondary_color, GL_EXT_separate_specular_color, GL_EXT_shadow_funcs, GL_EXT_stencil_two_side, GL_EXT_stencil_wrap, GL_EXT_subtexture, GL_EXT_texture, GL_EXT_texture3D, GL_EXT_texture_edge_clamp, GL_EXT_texture_env_add, GL_EXT_texture_env_combine, GL_EXT_texture_env_dot3, GL_EXT_texture_lod_bias, GL_EXT_texture_object, GL_EXT_texture_rectangle, GL_EXT_vertex_array, GL_APPLE_packed_pixels, GL_ATI_texture_env_combine3, GL_ATI_texture_mirror_once, GL_ATIX_texture_env_combine3, GL_HP_occlusion_test, GL_IBM_texture_mirrored_repeat, GL_INGR_blend_func_separate, GL_MESA_pack_invert, GL_MESA_ycbcr_texture, GL_NV_blend_square, GL_NV_point_sprite, GL_NV_texgen_reflection, GL_NV_texture_rectangle, GL_SGIS_generate_mipmap, GL_SGIS_texture_border_clamp, GL_SGIS_texture_edge_clamp, GL_SGIS_texture_lod, GL_SGIX_depth_texture, GL_SGIX_shadow, GL_SGIX_shadow_ambient, GL_SUN_multi_draw_arrays glu version: 1.3 glu extensions: GLU_EXT_nurbs_tessellator, GLU_EXT_object_space_tess visual x bf lv rg d st colorbuffer ax dp st accumbuffer ms cav id dep cl sp sz l ci b ro r g b a bf th cl r g b a ns b eat -- 0x23 24 tc 0 24 0 r y . 8 8 8 0 0 16 0 0 0 0 0 0 0 None 0x24 24 tc 0 24 0 r y . 8 8 8 0 0 16 8 16 16 16 0 0 0 None 0x25 24 tc 0 32 0 r y . 8 8 8 8 0 16 8 16 16 16 16 0 0 None 0x26 24 tc 0 32 0 r . . 8 8 8 8 0 16 8 16 16 16 16 0 0 None 0x27 24 dc 0 24 0 r y . 8 8 8 0 0 16 0 0 0 0 0 0 0 None 0x28 24 dc 0 24 0 r y . 8 8 8 0 0 16 8 16 16 16 0 0 0 None 0x29 24 dc 0 32 0 r y . 8 8 8 8 0 16 8 16 16 16 16 0 0 None 0x2a 24 dc 0 32 0 r . . 8 8 8 8 0 16 8 16 16 16 16 0 0 None Any suggestions on how to improve this? Thanks, Vishy You have to enable DRI. What is your video card? Procedure is different depending on your video card. I took the lengthy route of recompiling the entire X.org source tree. But others may be able to give you a simpler solution. Best, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail
Re: Playing Audio CDs
--- Viswas Nair [EMAIL PROTECTED] wrote: I am new to BSD and have mplayer installed (Gmplayer) and I do not see the option to play an Audio CD, only CDs, files and DVDs. How do I get Audio CD's to play? Can they be mounted, if so how? Is there any specific audio alone CD player (GUI based) that you suggest? I think KDE autodetects and plays audio CDs. Did you try it? Also, whats the most commonly used or popular CD + DVD burning software used in BSD? There are quite a few of them. If you want a simple cmd line utility I like cdrdao if u r talking of audio or VCDS. It can also blank CDs. There are any GUI tools like xcdroast, graveman cdrecord... I think cdrecord is the most used backend. May u shud read man cdrecord... Thanks in advance. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Need help! Apache core dumps when running startssl
--- Andreas Wider�e Andersen [EMAIL PROTECTED] wrote: Hi, I recently upgraded one of my production servers to FreeBSD 4.11 p19 and then upgraded all ports. I'm now running Apache 1.3.36 mod_ssl and Php 4.4.2 . I had Squirrelmail running on https and now I can't start Apache with ssl. Every time it coredumps. I've tried snakeoil and my own cert. Same thing happens. This is the error message I can see from my httpd-error.log: [Mon Aug 7 20:20:03 2006] [notice] caught SIGTERM, shutting down ssl-engine log: [07/Aug/2006 20:29:01 16880] [info] Server: Apache/1.3.36, Interface: mod_ssl/2.8.27, Library: OpenSSL/0.9.8b [07/Aug/2006 20:29:01 16880] [info] Init: 1st startup round (still not detached) [07/Aug/2006 20:29:01 16880] [info] Init: Initializing OpenSSL library [07/Aug/2006 20:29:01 16880] [info] Init: Loading certificate private key of SSL-aware server my.domain.com:443 [07/Aug/2006 20:29:01 16880] [info] Init: Seeding PRNG with 136 bytes of entropy [07/Aug/2006 20:29:01 16880] [info] Init: Generating temporary RSA private keys (512/1024 bits) from messages: Aug 7 20:34:52 server /kernel: pid 17041 (httpd), uid 0: exited on signal 11 (core dumped) That's it. I can't find any other logs and I can't tell what's wrong. What could it be and what can I do? I have checked the httpd.conf file and compared the previous version with the new dist. Same directives related to ssl virtualhost as far as I can see. Hope to get some input. Looks like ur random seeding is not happening properly. check whether /dev/random and /dev/urandom work properly. You can verify it with the command $openssl rand 512 HTH, Girish Thanks Best regards, Andreas W. Andersen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Need help! Apache core dumps when running startssl
--- Andreas Wider�e Andersen [EMAIL PROTECTED] wrote: On 8/8/06, Girish Venkatachalam [EMAIL PROTECTED] wrote: --- Andreas Wider�e Andersen [EMAIL PROTECTED] wrote: Hi, I recently upgraded one of my production servers to FreeBSD 4.11 p19 and then upgraded all ports. I'm now running Apache 1.3.36 mod_ssl and Php 4.4.2 . I had Squirrelmail running on https and now I can't start Apache with ssl. Every time it coredumps. I've tried snakeoil and my own cert. Same thing happens. This is the error message I can see from my httpd-error.log: [Mon Aug 7 20:20:03 2006] [notice] caught SIGTERM, shutting down ssl-engine log: [07/Aug/2006 20:29:01 16880] [info] Server: Apache/1.3.36, Interface: mod_ssl/2.8.27, Library: OpenSSL/0.9.8b [07/Aug/2006 20:29:01 16880] [info] Init: 1st startup round (still not detached) [07/Aug/2006 20:29:01 16880] [info] Init: Initializing OpenSSL library [07/Aug/2006 20:29:01 16880] [info] Init: Loading certificate private key of SSL-aware server my.domain.com:443 [07/Aug/2006 20:29:01 16880] [info] Init: Seeding PRNG with 136 bytes of entropy [07/Aug/2006 20:29:01 16880] [info] Init: Generating temporary RSA private keys (512/1024 bits) from messages: Aug 7 20:34:52 server /kernel: pid 17041 (httpd), uid 0: exited on signal 11 (core dumped) That's it. I can't find any other logs and I can't tell what's wrong. What could it be and what can I do? I have checked the httpd.conf file and compared the previous version with the new dist. Same directives related to ssl virtualhost as far as I can see. Hope to get some input. Looks like ur random seeding is not happening properly. check whether /dev/random and /dev/urandom work properly. You can verify it with the command $openssl rand 512 HTH, Girish Thanks for your reply. This just gave me a lot of garbage on the screen. Ie, like this: ¿Ã3â¢Ãšï¼â|¥¾WpÅÃÃà vCÂ~ jþâvzü¼ùµÃ¼}$(c)swügþâ¬Ã±Â¿gé¶ïa°(c)éå4|Câ(c)\à }â¢v=Ãñ5ÃÃ%âÃÃZ`Â,BÃÃTâ°â¹Ã¾BÅv´ýh£ÃlõKkòä2ZüìÃg{Ã¥Vµ±ü3`BæÃ(âºÂ¤2çyõû12ÿNº9à âùèkÃâ¢ÂºÃâ¦Â¼'âú ... Then that is working properly. I think you can try this then. Which might also work and I am out of ideas. :-( $ openssl genrsa 1024 Rgds, Andreas __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Booting more than 4 OSes from a hard disk?
Dear all, I was wondering if the 4 primary parition booting limit still exists. Is it possible to have Windoze Linux FreeBSD OpenBSD NetBSD on the same box in such a way that we can boot into any of them? I am particularly interested in the x86 arch with IDE disks. I think this is possible on other archs with SCSI. What boot manager am I supposed to use? Does it require setting something on the BIOS? Does FreeBSD support booting from a point way off the first sector? Thanks. regards, Girish __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Cheap terminals for FreeBSD
--- Nagy L�szl� Zsolt [EMAIL PROTECTED] wrote: Hello, I need to setup an environment where some users (10 to 20 employees) will use terminals to run programs. They need to run a few popular programs: thunderbird, firefox, adobe acrobat, openoffice and gaim. This site will be a customer service. We decided to reduce the costs by using Open Source software and cheap terminal computers. This is a good solution because most of the users will read messages and images on the screen and they can share the same processor and memory. I know that I can setup a computer and use its X server as a terminal for another computer. This solution still requires new (or used) computers. I would like to reduce the costs to the minimum. Here are some key questions that I could not answer: - Is there a more cost-effective solution? (Something that I did not think of) - How much RAM will I need? Will FireFox Thunderbird and OpenOffice load shared objects and reduce the overall memory usage? Or should I reserve 256MB of memory for each client? - Do I need to use gigabit ethernet? Or is it enough to use a normal 100 Mbps wired network? I heard that there can be bandwidth problems when using many terminals, but I do not have experience. - Are there any pitfalls that I need to be aware of? It would be perfect to provide links to some articles or manuals - I do not need anyone to write detailed instuctions and do my job. I'm asking for help because the handbook was not very useful in this case. I only found this: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/term.html#TERM-X It does not help too much, and there is no know-how. I need to know what hardware I need to buy. Did u look at this? http://cambuca.ldhs.cetuc.puc-rio.br/multiuser/ I am sure you can do something similar for FreeBSD too. regards, Girish Thank you Laszlo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: watchdog question.
--- Efren Bravo [EMAIL PROTECTED] wrote: Hi, I've a freeBSD box and I've been seeing this message for several months: sis0 watchdog timeout. The box has two ethernet cards, sis0 (100mb) and vr0 (10mb). The messages isn't frequent but yesterday it got my attention. What does this mean? I am afraid you aren't gonna like this. AFAIK watchdog is some kind of a heartbeat monitoring done at the hardware level just to make sure that ur hardware is fine. So the watchdog has a timer that will expire in case the hardware does not send this heartbeat every few seconds or so. So it is not good news if your ethernet cards report that since it normally means the hardware is defective; however since everything else works for you it may be time to change your card yet. I hope I am wrong. Can someone correct me? Best, Girish Thanks... Efren Bravo. - Fight back spam! Download the Blue Frog. http://www.bluesecurity.com/register/s?user=ZWZyZW5iYQ%3D%3D __ LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y m�viles desde 1 c�ntimo por minuto. http://es.voice.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]