Re: Bot?
It's unlikely that the bot would relay outbound spam through your MTA - that would be inconvenient, slow and raise some suspicion. If the provider is right, you most likely have a bit of code running on the server that is directly connecting to external mail servers. There could be reasons you aren't seeing a spike, such as you're only looking at traffic processed by the MTA, or it simply doesn't show as a material increase on a graph of traffic on the network interface if the server is busy. Jerry On 1/5/2011 10:41 AM, Robert Fitzpatrick wrote: Keep getting calls from our provider at one location that our FreeBSD 8.0-RELEASE server is sending bursts of 1000 spam messages to 70K recipients. Since the first call a few weeks ago, I have MRTG and Mail Statistics graphs setup and see no spikes in traffic. Their last sighting was over the weekend and graphs show a reduction in traffic during that time as expected, again with no spikes in traffic or messages sent/received by our Postfix/Amavisd-maia MTA. All services on that server including SSH, SMTP and mail queue size all monitored by Nagios and have had no alerts from that server. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Runaway ProFTP?
I have been having this happen a few times per week for the past few weeks. I believe it is caused by someone attacking proftpd. I noticed today that there is an updated version - 1.3.3c that fixes a vulnerability that they may have been trying to exploit. When I looked at the process list, I would see around 20 proftpd's, each with a high amount of CPU used, and connected to a specific IP. I'd firewall off those IPs and kill off proftpd/restart. Knock on wood, I have not had that happen since upgrading to 1.3.3c, but that may just be because no one has tried again yet. Jerry On 12/10/2010 4:39 PM, Ryan Coleman wrote: Does anyone have any ideas? On Dec 9, 2010, at 3:12 PM, Ryan Coleman wrote: Dear list, Has anyone else had experience with ProFTP 1.3.3a running away with processes? I installed it about 2 months ago with a new server build and over the course of the last three weeks I've had to forcibly kill, wait and restart the service every one-to-three days and sucking up between 20% and 80% of my system resources. I've attempted to change the logging in hopes to track down what is causing the problems but I have not been successful. Additionally it won't connect after a restart through Filezilla but using Terminal on my MBP it will connect in the CLI. It's not the end of the world (for me) but it is for my staff when they have to upload large numbers of photos. Thanks, Ryan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FTP like web app
There is a nice web app called OWL that does essentially this (plus a bunch more): http://sourceforge.net/projects/owl/ It needs php, mysql and apache to run, but it does work well on FreeBSD. Regards, Jerry On 10/18/2010 4:04 PM, Chuck Swiger wrote: On Oct 18, 2010, at 12:45 PM, Andrea Venturoli wrote: Sorry if this is a bit OT, but I'm looking for an app that should: _ replace an ftp server; _ have a web interface; _ run on FreeBSD; _ let one of my users upload some file and send a link to someone else; _ let that someone else download that file without seeing others' stuff; _ possibily notify the uploader when someone else downloads that file. Sounds like you want Apache + WebDAV. For download notifications, you can have something scanning the Apache logs Regards, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to enable NCQ on freebsd 8.1 ?
I believe you need to use AHCI. I recently moved a test system over to AHCI and this is what I see at boot time for my hard drive: ada0 at ahcich0 bus 0 scbus0 target 0 lun 0 ada0: ST31000528AS CC34 ATA-8 SATA 2.x device ada0: 300.000MB/s transfers (SATA 2.x, UDMA6, PIO 8192bytes) ada0: Command Queueing enabled ada0: 953869MB (1953525168 512 byte sectors: 16H 63S/T 16383C) Regards, Jerry On 7/27/2010 12:47 PM, Nickolay Krylov wrote: Hi, all. I have enabled options ATA_CAM in the generic kernel and now can't understand NCQ works or not. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Ssh attack appears to be hanging ssh
I am running 8.1 BETA. My server started getting hammered with brute force ssh login attacks recently. One thing I have noticed is that I see lots of these: Jun 18 23:26:47 www3 sshd[33171]: error: ssh_msg_send: write Jun 18 23:26:47 www3 sshd[33169]: error: ssh_msg_send: write Jun 18 23:26:47 www3 sshd[33172]: error: ssh_msg_send: write Jun 18 23:26:47 www3 sshd[33176]: error: ssh_msg_send: write Jun 18 23:26:47 www3 sshd[33175]: error: ssh_msg_send: write Jun 18 23:26:47 www3 sshd[33170]: error: ssh_msg_send: write Jun 18 23:26:47 www3 sshd[33174]: error: ssh_msg_send: write Jun 18 23:28:30 www3 sshd[33254]: error: ssh_msg_send: write Jun 18 23:28:30 www3 sshd[33255]: error: ssh_msg_send: write in my logs, which roughly correlates to when the problems start. I have sshguard running, so I am thinking that the above messages are happening because ipf has cut off communication with the host. Anyhow, at some point, and for some reason, ssshd stops processing new requests. The sshed process continues to run, but simply does not work. From a the side of a system trying to log in, I see this (logging set to DEBUG in sshd_config: ssh -v u...@www3.stelesys.com OpenSSH_5.2p1 FreeBSD-20090522, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to www3.stelesys.com [69.61.23.66] port 22. debug1: Connection established. debug1: identity file /home/user/.ssh/identity type -1 debug1: identity file /home/user/.ssh/id_rsa type -1 debug1: identity file /home/user/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host On the server side, I see this in the debug logs: Jun 20 22:43:11 www3 sshd[76171]: debug1: fd 5 clearing O_NONBLOCK Jun 20 22:43:11 www3 sshd[76171]: debug1: drop connection #10 I happened to catch one in the act... This log snipped starts with sshd being started, is attacked by one host and ends with the sshd server locking up: Jun 20 21:44:18 www3 sshd[76171]: debug1: Bind to port 22 on ::. Jun 20 21:44:18 www3 sshd[76171]: debug1: Bind to port 22 on 0.0.0.0. Jun 20 21:44:53 www3 sshd[76171]: debug1: fd 5 clearing O_NONBLOCK Jun 20 21:44:53 www3 sshd[76171]: debug1: Forked child 76179. Jun 20 21:44:53 www3 sshd[76179]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 Jun 20 21:44:53 www3 sshd[76179]: debug1: inetd sockets after dupping: 3, 3 Jun 20 21:44:53 www3 sshd[76179]: debug1: res_init() Jun 20 21:44:53 www3 sshd[76171]: debug1: fd 5 clearing O_NONBLOCK Jun 20 21:44:53 www3 sshd[76171]: debug1: Forked child 76180. Jun 20 21:44:53 www3 sshd[76180]: debug1: rexec start in 5 out 5 newsock 5 pipe 8 sock 9 Jun 20 21:44:53 www3 sshd[76180]: debug1: inetd sockets after dupping: 3, 3 Jun 20 21:44:53 www3 sshd[76180]: debug1: res_init() Jun 20 21:44:53 www3 sshd[76171]: debug1: fd 5 clearing O_NONBLOCK Jun 20 21:44:53 www3 sshd[76171]: debug1: Forked child 76181. Jun 20 21:44:53 www3 sshd[76181]: debug1: rexec start in 5 out 5 newsock 5 pipe 9 sock 10 Jun 20 21:44:53 www3 sshd[76181]: debug1: inetd sockets after dupping: 3, 3 Jun 20 21:44:53 www3 sshd[76181]: debug1: res_init() Jun 20 21:44:53 www3 sshd[76171]: debug1: fd 5 clearing O_NONBLOCK Jun 20 21:44:53 www3 sshd[76171]: debug1: Forked child 76182. Jun 20 21:44:53 www3 sshd[76182]: debug1: rexec start in 5 out 5 newsock 5 pipe 10 sock 11 Jun 20 21:44:53 www3 sshd[76182]: debug1: inetd sockets after dupping: 3, 3 Jun 20 21:44:53 www3 sshd[76182]: debug1: res_init() Jun 20 21:44:53 www3 sshd[76171]: debug1: fd 5 clearing O_NONBLOCK Jun 20 21:44:53 www3 sshd[76171]: debug1: Forked child 76183. Jun 20 21:44:53 www3 sshd[76183]: debug1: rexec start in 5 out 5 newsock 5 pipe 11 sock 12 Jun 20 21:44:53 www3 sshd[76183]: debug1: inetd sockets after dupping: 3, 3 Jun 20 21:44:53 www3 sshd[76183]: debug1: res_init() Jun 20 21:44:53 www3 sshd[76171]: debug1: fd 5 clearing O_NONBLOCK Jun 20 21:44:53 www3 sshd[76171]: debug1: Forked child 76184. Jun 20 21:44:53 www3 sshd[76184]: debug1: rexec start in 5 out 5 newsock 5 pipe 12 sock 13 Jun 20 21:44:53 www3 sshd[76184]: debug1: inetd sockets after dupping: 3, 3 Jun 20 21:44:53 www3 sshd[76184]: debug1: res_init() Jun 20 21:44:53 www3 sshd[76171]: debug1: fd 5 clearing O_NONBLOCK Jun 20 21:44:53 www3 sshd[76171]: debug1: Forked child 76185. Jun 20 21:44:53 www3 sshd[76185]: debug1: rexec start in 5 out 5 newsock 5 pipe 13 sock 14 Jun 20 21:44:53 www3 sshd[76171]: debug1: fd 5 clearing O_NONBLOCK Jun 20 21:44:53 www3 sshd[76171]: debug1: Forked child 76186. Jun 20 21:44:53 www3 sshd[76186]: debug1: rexec start in 5 out 5 newsock 5 pipe 14 sock 15 Jun 20 21:44:53 www3 sshd[76185]: debug1: inetd sockets after dupping: 3, 3 Jun 20 21:44:53 www3 sshd[76185]: debug1: res_init() Jun 20 21:44:53 www3 sshd[76186]: debug1: inetd sockets after dupping: 3, 3 Jun 20 21:44:53 www3 sshd[76186]: debug1: res_init() Jun 20 21:44:53 www3 sshd[76171]: debug1: fd 5 clearing O_NONBLOCK Jun 20 21:44:53 www3 sshd[76171]:
Re: Need help with SATA disk timing out in 8.1 Beta
Yes, twice. On 6/18/2010 4:52 AM, Matthias Gamsjager wrote: Have you changed the cable? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: system is under attack (what can I do more?)
On 6/18/2010 8:23 AM, Dino Vliet wrote: 2) are there other things I could do? Brgds Dino Look at ports/security/sshguard and ports/security/bruteblock. I use sshguard with ipfilter, but it works with pf and ipfw as well. It is very simple to set up and gets the job done. Jerry ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Need help with SATA disk timing out in 8.1 Beta
I am having all sorts of problems with drives in a new server. I have a 450G sata drive that hold my root partition, works great, no issues. I have a second, 1TB drive that has been all sorts of trouble. When writing to this disk, I occasionally see errors like this: Jun 17 07:40:36 www3 kernel: ad8: WARNING - WRITE_DMA48 UDMA ICRC error (retrying request) LBA=1564898207 Jun 17 07:40:36 www3 kernel: ad8: FAILURE - WRITE_DMA48 status=51READY,DSC,ERROR error=10NID_NOT_FOUND LBA=1564898207 Jun 17 07:57:12 www3 kernel: ad8: WARNING - WRITE_DMA48 UDMA ICRC error (retrying request) LBA=1565052351 Jun 17 07:57:12 www3 kernel: ad8: FAILURE - WRITE_DMA48 status=51READY,DSC,ERROR error=10NID_NOT_FOUND LBA=1565052351 Jun 17 09:45:12 www3 kernel: ad8: WARNING - WRITE_DMA48 UDMA ICRC error (retrying request) LBA=1565983775 Jun 17 09:45:12 www3 kernel: ad8: FAILURE - WRITE_DMA48 status=51READY,DSC,ERROR error=10NID_NOT_FOUND LBA=1565983775 Jun 17 09:50:24 www3 kernel: ad8: WARNING - WRITE_DMA48 UDMA ICRC error (retrying request) LBA=1566082719 Jun 17 09:50:24 www3 kernel: ad8: FAILURE - WRITE_DMA48 status=51READY,DSC,ERROR error=10NID_NOT_FOUND LBA=1566082719 Jun 17 10:01:25 www3 kernel: ad8: WARNING - WRITE_DMA48 UDMA ICRC error (retrying request) LBA=1566358623 Jun 17 10:01:25 www3 kernel: ad8: FAILURE - WRITE_DMA48 status=51READY,DSC,ERROR error=10NID_NOT_FOUND LBA=1566358623 Jun 17 10:02:59 www3 kernel: ad8: WARNING - WRITE_DMA48 UDMA ICRC error (retrying request) LBA=1566387807 Jun 17 10:02:59 www3 kernel: ad8: FAILURE - WRITE_DMA48 status=51READY,DSC,ERROR error=10NID_NOT_FOUND LBA=1566387807 Jun 17 10:18:59 www3 kernel: ad8: WARNING - WRITE_DMA UDMA ICRC error (retrying request) LBA=43231 Jun 17 10:18:59 www3 kernel: ad8: WARNING - WRITE_DMA UDMA ICRC error (retrying request) LBA=57567 Jun 17 10:18:59 www3 kernel: ad8: WARNING - WRITE_DMA UDMA ICRC error (retrying request) LBA=773471 Jun 17 10:18:59 www3 kernel: ad8: WARNING - WRITE_DMA UDMA ICRC error (retrying request) LBA=786271 Jun 17 10:18:59 www3 kernel: ad8: WARNING - WRITE_DMA UDMA ICRC error (retrying request) LBA=810079 Jun 17 10:19:00 www3 kernel: ad8: WARNING - WRITE_DMA UDMA ICRC error (retrying request) LBA=76767 Jun 17 10:19:00 www3 kernel: ad8: WARNING - WRITE_DMA UDMA ICRC error (retrying request) LBA=784479 Last week, I asked the datacenter to provide me with a new 1TB drive, and they did. It formatted fine, no errors. I copied files to it, ran bonnie, etc, and no signs of any DMA issues. Until this morning when I started having the errors again. If I run a tool like bonnie, I am very easily reproduce the errors. After some research, I find that these errors are often indicative of SATA cable problems. The datacenter replaced the cable, and the problem continues. The datacenter moved the sata cable to a new SATA port, and the problem continues The datacenter adds a BRAND NEW 1TB drive (now the system has 3 drive), and I am unable to format the drive because of these errors: ad10: WARNING - WRITE_DMA UDMA ICRC error (retrying request) LBA=168172351 ad10: WARNING - WRITE_DMA48 UDMA ICRC error (retrying request) LBA=602334847 ad10: FAILURE - WRITE_DMA48 status=51READY,DSC,ERROR error=10NID_NOT_FOUND LBA=602334847 ad10: WARNING - WRITE_DMA48 UDMA ICRC error (retrying request) LBA=427014463 ad10: FAILURE - WRITE_DMA48 status=51READY,DSC,ERROR error=10NID_NOT_FOUND LBA=427014463 ad10: WARNING - WRITE_DMA UDMA ICRC error (retrying request) LBA=15425407 ad10: WARNING - WRITE_DMA48 UDMA ICRC error (retrying request) LBA=471408895 ad10: FAILURE - WRITE_DMA48 status=51READY,DSC,ERROR error=10NID_NOT_FOUND LBA=471408895 ad10: WARNING - WRITE_DMA UDMA ICRC error (retrying request) LBA=91422655 ad10: WARNING - WRITE_DMA UDMA ICRC error (retrying request) LBA=203161183 ad10: WARNING - WRITE_DMA48 UDMA ICRC error (retrying request) LBA=1211817727 ad10: FAILURE - WRITE_DMA48 status=51READY,DSC,ERROR error=10NID_NOT_FOUND LBA=1211817727 ad10: WARNING - WRITE_DMA UDMA ICRC error (retrying request) LBA=37998847 ad10: WARNING - WRITE_DMA48 UDMA ICRC error (retrying request) LBA=309632575 ad10: FAILURE - WRITE_DMA48 status=51READY,DSC,ERROR error=10NID_NOT_FOUND LBA=309632575 ad10: TIMEOUT - WRITE_DMA retrying (1 retry left) LBA=24831007 ad10: WARNING - WRITE_DMA UDMA ICRC error (retrying request) LBA=59067391 ad10: WARNING - WRITE_DMA48 UDMA ICRC error (retrying request) LBA=497744575 ad10: FAILURE - WRITE_DMA48 status=51READY,DSC,ERROR error=10NID_NOT_FOUND LBA=497744575 ad10: FAILURE - WRITE_MUL status=51READY,DSC,ERROR error=84ICRC,ABORTED LBA=1128895 ad10: WARNING - WRITE_DMA UDMA ICRC error (retrying request) LBA=13920511 ad10: WARNING - WRITE_DMA48 UDMA ICRC error (retrying request) LBA=547029919 ad10: FAILURE - WRITE_DMA48 status=51READY,DSC,ERROR error=10NID_NOT_FOUND LBA=547029919 So, the problem has occurred on 3 different drives. SATA ports and cables do not appear to impact the problem. The
Building amd64 kernel problems (missing kernel configuration files)
Hello, I am have a fresh install of FreeBSD 8.0 i386 and need to install an amd64 kernel. I have copied /usr/src/sys/amd64/conf/GENERIC to /usr/src/sys/amd64/conf/JERRY Then, I run make buildkernel KERNCONF=JERRY in /usr/src and get the following error: ERROR: Missing kernel configuration file(s) (JERRY). *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. It seems to want JERRY to be in i386/conf. If I copy JERRY to i386/conf and run make buildkernel KERNCONF=JERRY, I get the following error: -- Kernel build for JERRY started on Wed Jun 9 20:50:30 EDT 2010 -- === JERRY mkdir -p /usr/obj/usr/src/sys -- stage 1: configuring the kernel -- cd /usr/src/sys/i386/conf; PATH=/usr/obj/usr/src/tmp/legacy/usr/sbin:/usr/obj/usr/src/tmp/legacy/usr/bin:/usr/obj/usr/src/tmp/legacy/usr/games:/usr/obj/usr/src/tmp/usr/sbin:/usr/obj/usr/src/tmp/usr/bin:/usr/obj/usr/src/tmp/usr/games:/sbin:/bin:/usr/sbin:/usr/bin config -d /usr/obj/usr/src/sys/JERRY /usr/src/sys/i386/conf/JERRY /usr/src/sys/i386/conf/JERRY: unknown option HAMMER *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. I know I'm missing something simple, but can't quite figure out what it is. Thanks, Jerry ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Member of group wheel, but still can't shutdown system?
You need to be in the wheel group to be able to SU to root, but that won't give you permission to run shutdown. Only root can do that, I believe. Hi All, I've just installed FreeBSD 6.1 and listed myself as a member of the wheel group during the add users portion of the installation. For some reason I have not put a finger on yet I cannot shutdown the system do not have permission to effect the command. Went back as root on a later session and re-entered my name in /etc/group to the wheel account to no avail, anybody got an idea as to where I need to look? Thanks, Tommy2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Trouble with new poweredge 2950 - solved
When I disabled hyperthreading (labelled logical processors in BIOS), the system started booting. Strange that HT would cause the system to hang at boot. The correct number of processors shows and the amount of CPU time being used is properly represented. Jerry I just got a PE 2950 and I'm having some problems. I installed 6.2PRE and it went well. The first thing I noticed is that immediate as BSD start to load, a bold/highlighted message says 768xxx bytes above 4G ignore or something like that (don't recall what xxx was. Next thing I noticed whilest trying a buildworld against the latest stable sources. My system detects 8 cpus. It actually only has 4 - 2 dual core xeons. I'm guessing that the others are from hyperthreading, but I'm not certain. Hyperthreading is disabled by default, I believe. So, in the process of make buildworld -j 32, I noticed that only even numbered CPUs are being used (0,2,4,6). Is that because BSD is ignoring the HT CPUs, which would be 1,3,5,7? top and iostat both show that I was never able to exceed 50% overall CPU usage. Is that because even though I have the HT representations disabled, the OS is using their availabilty in calculating % idle time? Is there any way to get an accurate number? The PE doesn't let me disable HT, I don't believe. Finally, after the upgrade, I'm having a problem with the system hanging on startup right after the firewall message, and sometimes right after the CD ROM detection message. I believe that the SAS controller is supposed to be detected next, and I'm assuming that's the problem. When I first tried to install, I used 6.1, and it completely didn't recognize my SAS controller. I found a message in the archives that suggested trying the latest stable source, so I tried 6.2 and it worked. Any ideas what could be causing the problem? When I was using the 6.2PRE ISO, I had to restart a few times before it got past that stage also. Thanks much! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Trouble with new poweredge 2950
I just got a PE 2950 and I'm having some problems. I installed 6.2PRE and it went well. The first thing I noticed is that immediate as BSD start to load, a bold/highlighted message says 768xxx bytes above 4G ignore or something like that (don't recall what xxx was. Next thing I noticed whilest trying a buildworld against the latest stable sources. My system detects 8 cpus. It actually only has 4 - 2 dual core xeons. I'm guessing that the others are from hyperthreading, but I'm not certain. Hyperthreading is disabled by default, I believe. So, in the process of make buildworld -j 32, I noticed that only even numbered CPUs are being used (0,2,4,6). Is that because BSD is ignoring the HT CPUs, which would be 1,3,5,7? top and iostat both show that I was never able to exceed 50% overall CPU usage. Is that because even though I have the HT representations disabled, the OS is using their availabilty in calculating % idle time? Is there any way to get an accurate number? The PE doesn't let me disable HT, I don't believe. Finally, after the upgrade, I'm having a problem with the system hanging on startup right after the firewall message, and sometimes right after the CD ROM detection message. I believe that the SAS controller is supposed to be detected next, and I'm assuming that's the problem. When I first tried to install, I used 6.1, and it completely didn't recognize my SAS controller. I found a message in the archives that suggested trying the latest stable source, so I tried 6.2 and it worked. Any ideas what could be causing the problem? When I was using the 6.2PRE ISO, I had to restart a few times before it got past that stage also. Thanks much! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Some SMP questions
The default kernel doesn't support SMP. You have to recompile with the SMP config and it'll start getting your other processor. Regards, Jerry http://www.bsdsec.com Paul Schmehl wrote: When you do a default install of 6.0-RELEASE, does the kernel have support for SMP? Or do you have to compile a custom kernel to get that? Does this mean SMP is not enabled? kern.smp.cpus: 1 kern.smp.disabled: 0 kern.smp.active: 0 kern.smp.maxcpus: 1 Can I set these with sysctl? Or do I need to recompile the kernel? (I'm assuming I need this: kern.smp.cpus: 2 kern.smp.disabled: 0 kern.smp.active: 1 kern.smp.maxcpus: 2 Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Every 12-hrs -- ad0: TIMEOUT - WRITE DMA
I had a drive dying and it showed up just like this - it turned out to be the daily scripts that scan for file changes, etc, and my backup script were tickling a back sector of the disk. Have you run the smartctl -t long /dev/ad0 command to have it perform a full self test? You normally have to let that run for a while, then take another look at the smart error log to see if anything showed up. Mine ended up having an error that the drive could not self correct. As to why you're able to write a 2 gig file without a problem - if you have some binary or config file or man file, etc sitting on those bad spots, you wouldn't be writing to those blocks. Anytime a security script iterates through them, they would be tickling that block, causing an error. Another possibility is that you have a bad ide cable. Hopefully that is of some use. Jerry http://www.networkstrike.com V.I.Victor wrote: On Sun, 19 Feb 2006, Mike Tancsa wrote: On Sun, 19 Feb 2006 22:21:04 +, in sentex.lists.freebsd.questions you wrote: On Thu, 16 Feb 2006, Mike Tancsa wrote: For the last 4-days, our (otherwise OK) 5.4-RELEASE machine has been reporting: Feb 12 12:08:05 : ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=2701279 Feb 13 00:08:51 : ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=2701279 Feb 13 12:09:38 : ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=2963331 Feb 14 00:10:24 : ad0: TIMEOUT - WRITE_DMA retrying (2 retries left) LBA=2705947 So -- can anyone help track this down? It sounds like a hardware issue. Install /usr/ports/sysutils/smartmontools and ask the drive to see whats up. I installed 'smartmontools' but haven't used as yet. I've been waiting to see what happens -- the problem simply stopped. There've been no ad0: TIMEOUT messages for 3-days. The errors get logged in the drive so you dont have to wait for more errors to happen. Start it running now so you can see if any of the bad counters are changing as well as to ask the drive what it was. My guess is you have some bad sectors the drive remapped. OK. No problems found... And -- still -- no more ad0: TIMEOUTs But, I'm not really surprised. As mentioned in the original post, a 2-gig file had been created that presumably moved-past any bad sector patches; approx. midway during the TIMEOUT report period. Plus -- since the drive is (was) storing email, writing logs, etc. 24-hrs a day, it seems improbable that bad-sectors would only show-up every 12-hrs. Although I'm uncomfortable with magic-fixes, I wonder if there's more than a coincidental connection between setting the date and the reports starting and stopping. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help with strange web server problem
Path MTU problem? That would be my vote also. Ted I've done some more troubleshooting and some strange things have appeared. First, the colo says there is NO proxy, and NO firewall in front of this server. I captured a misfire on both the server and on my freebsd gateway. The two traffic flows don't seem to quite line up. First, here is the view from the server: www# tcpdump - -vvv -A port 80 tcpdump: listening on em0, link-type EN10MB (Ethernet), capture size 96 bytes 2006-02-15 22:18:11.014600 IP (tos 0x0, ttl 110, id 10713, offset 0, flags [DF], length: 48) c-71-199-184-251.hsd1.ga.comcast.net.3945 www.musiclodge.com.http: S [tcp sum ok] 1671172334:1671172334(0) win 64512 mss 1260,nop,nop,sackOK E..0)[EMAIL PROTECTED]QG...?.d,.i.Pc...p..._... 2006-02-15 22:18:11.014650 IP (tos 0x0, ttl 64, id 34040, offset 0, flags [DF], length: 48) www.musiclodge.com.http c-71-199-184-251.hsd1.ga.comcast.net.3945: S [bad tcp cksum a4c0 (-9a1f)!] 1547658190:1547658190(0) ack 1671172335 win 65535 mss 1460,nop,nop,sackOK [EMAIL PROTECTED]@..2?.d,GP.i\?c.c...p... 2006-02-15 22:18:11.060824 IP (tos 0x0, ttl 110, id 10715, offset 0, flags [DF], length: 40) c-71-199-184-251.hsd1.ga.comcast.net.3945 www.musiclodge.com.http: . [tcp sum ok] 1:1(0) ack 1086692403 win 64856 E..()[EMAIL PROTECTED]WG...?.d,.i.Pc...P..X.. 2006-02-15 22:18:11.060837 IP (tos 0x0, ttl 64, id 60576, offset 0, flags [DF], length: 40) www.musiclodge.com.http c-71-199-184-251.hsd1.ga.comcast.net.3945: R [bad tcp cksum a4b8 (-5e83)!] 2634350593:2634350593(0) win 0 E..([EMAIL PROTECTED]@...?.d,GP.iP... 2006-02-15 22:18:11.065196 IP (tos 0x0, ttl 110, id 10716, offset 0, flags [DF], length: 40) c-71-199-184-251.hsd1.ga.comcast.net.3945 www.musiclodge.com.http: . [tcp sum ok] 387:387(0) ack 1086692403 win 64856 E..()[EMAIL PROTECTED]VG...?.d,.i.Pc..qP..X.. 2006-02-15 22:18:11.065208 IP (tos 0x0, ttl 64, id 4488, offset 0, flags [DF], length: 40) www.musiclodge.com.http c-71-199-184-251.hsd1.ga.comcast.net.3945: R [bad tcp cksum a4b8 (-5e83)!] 2634350593:2634350593(0) win 0 E..([EMAIL PROTECTED]@...?.d,GP.iP... 2006-02-15 22:18:11.069569 IP (tos 0x0, ttl 110, id 10717, offset 0, flags [DF], length: 426) c-71-199-184-251.hsd1.ga.comcast.net.3945 www.musiclodge.com.http: P 1:387(386) ack 1086692403 win 64856 E...)[EMAIL PROTECTED].G...?.d,.i.Pc...P..X'1..GET / HTTP/1.1 Accept: image/gif, image/x 2006-02-15 22:18:11.069579 IP (tos 0x0, ttl 64, id 40159, offset 0, flags [DF], length: 40) www.musiclodge.com.http c-71-199-184-251.hsd1.ga.comcast.net.3945: R [bad tcp cksum a4b8 (-5e83)!] 2634350593:2634350593(0) win 0 E..([EMAIL PROTECTED]@..R?.d,GP.iP... 2006-02-15 22:18:14.014594 IP (tos 0x0, ttl 64, id 12734, offset 0, flags [DF], length: 48) www.musiclodge.com.http c-71-199-184-251.hsd1.ga.comcast.net.3945: S [bad tcp cksum a4c0 (-9a1f)!] 1547658190:1547658190(0) ack 1671172335 win 65535 mss 1460,nop,nop,sackOK [EMAIL PROTECTED]@.dl?.d,GP.i\?c.c...p... 2006-02-15 22:18:14.073367 IP (tos 0x0, ttl 110, id 10734, offset 0, flags [none], length: 40) c-71-199-184-251.hsd1.ga.comcast.net.3945 www.musiclodge.com.http: R [tcp sum ok] 1671172335:1671172335(0) win 0 Next, here is the view from the gateway (time is off on that one): beta# tcpdump - -vvv -A port 80 and host 63.175.100.44 tcpdump: listening on xl0, link-type EN10MB (Ethernet), capture size 96 bytes 2006-02-16 03:29:02.970756 IP (tos 0x0, ttl 128, id 10713, offset 0, flags [DF], length: 48) atllapjbell1.iss.local.3945 www.musiclodge.com.http: S [tcp sum ok] 1671172334:1671172334(0) win 64512 mss 1260,nop,nop,sackOK E..0)[EMAIL PROTECTED],.i.Pc...p... 2006-02-16 03:29:03.016989 IP (tos 0x0, ttl 32, id 0, offset 0, flags [DF], length: 40) www.musiclodge.com.http atllapjbell1.iss.local.3945: S [tcp sum ok] 2634350592:2634350592(0) ack 1671172335 win 64512 E..([EMAIL PROTECTED] ...?.d,.P.ic...P...-p.. 2006-02-16 03:29:03.017099 IP (tos 0x0, ttl 45, id 34040, offset 0, flags [DF], length: 48) www.musiclodge.com.http atllapjbell1.iss.local.3945: S [tcp sum ok] 1547658190:1547658190(0) ack 1671172335 win 65535 mss 1460,nop,nop,sackOK [EMAIL PROTECTED],.P.i\?c.c...p... 2006-02-16 03:29:03.017963 IP (tos 0x0, ttl 128, id 10715, offset 0, flags [DF], length: 40) atllapjbell1.iss.local.3945 www.musiclodge.com.http: . [tcp sum o k] 1:1(0) ack 1086692403 win 64856 E..()[EMAIL PROTECTED],.i.Pc...P..X,. 2006-02-16 03:29:03.018308 IP (tos 0x0, ttl 128, id 10716, offset 0, flags [DF], length: 40) atllapjbell1.iss.local.3945 www.musiclodge.com.http: . [tcp sum o k] 387:387(0) ack 1086692403 win 64856 E..()[EMAIL PROTECTED],.i.Pc..qP..X*. 2006-02-16 03:29:03.018794 IP (tos 0x0, ttl 128, id 10717, offset 0, flags [DF],
Re: Help with strange web server problem
What's the best way to go about verifying and fixing that? I have several other BSD servers on the same subnet in that colo that aren't having the problem. Many thanks for your help! Jerry Ted Mittelstaedt wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Charles Swiger Sent: Monday, February 13, 2006 11:41 AM To: Jerry Bell Cc: freebsd-questions@freebsd.org Subject: Re: Help with strange web server problem On Feb 13, 2006, at 7:58 AM, Jerry Bell wrote: It's hit or miss, but the first time someone visits the web site, they get a server not found page. On hitting refresh, they get the page - no problems. If I wait a while and try again, I get the same problem. Path MTU problem? That would be my vote also. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Help with strange web server problem
It's hit or miss, but the first time someone visits the web site, they get a server not found page. On hitting refresh, they get the page - no problems. If I wait a while and try again, I get the same problem. The problem appears to be something in the initial communication with the web server. Using tcpdump, I can see that the PC connects to the web server and sends the GET request, but the server closes the connection abruptly. Comparing that flow to a normal session, I see that there are some extra packets between the initial SYN and the sending of the GET phrase that do not exist during a successful session. I'm running 5.4-STABLE FreeBSD 5.4-STABLE #0: Thu Aug 18 (built from the stable source as of that day). I'm using apache 1.3.34. I was on 1.3.33 and rebuilt the port to see if that was the problem. I'm not sure if this is an apache problem or a FreeBSD problem. Any suggestions on further troubleshooting or known issues? Thank you! Jerry ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help with strange web server problem
It's certainly possible. This is a Dell PE 750, and I didn't do anything in bios or in FreeBSD to enable that, so I'm thinking it might not be that, but I'll investigate it. Thanks! Jerry I think Ive seen this before too... Is it possible that FreeBSD spins down the hard drive after inactivity, and the server doesn't always spin up the HD with a network request like this? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help with strange web server problem
I didn't want to spam the link out, but it's www.musiclodge.com. I will gather the capture data from working and non working sessions and send it out. Thanks! On Feb 13, 2006, at 7:58 AM, Jerry Bell wrote: It's hit or miss, but the first time someone visits the web site, they get a server not found page. On hitting refresh, they get the page - no problems. If I wait a while and try again, I get the same problem. Path MTU problem? The problem appears to be something in the initial communication with the web server. Using tcpdump, I can see that the PC connects to the web server and sends the GET request, but the server closes the connection abruptly. Comparing that flow to a normal session, I see that there are some extra packets between the initial SYN and the sending of the GET phrase that do not exist during a successful session. The details would help. :-) Or you could tell us what the server is so we could try hitting it ourselves... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help with strange web server problem
So ACPI is disabled? I'm assuming it's enabled. Can that be a problem? Aug 29 12:04:46 www syslogd: kernel boot file is /boot/kernel/kernel Aug 29 12:04:46 www kernel: Copyright (c) 1992-2005 The FreeBSD Project. Aug 29 12:04:46 www kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 Aug 29 12:04:46 www kernel: The Regents of the University of California. All rights reserved. Aug 29 12:04:46 www kernel: FreeBSD 5.4-STABLE #0: Thu Aug 18 07:49:41 UTC 2005 Aug 29 12:04:46 www kernel: [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC Aug 29 12:04:46 www kernel: Timecounter i8254 frequency 1193182 Hz quality 0 Aug 29 12:04:46 www kernel: CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz (2800.12-MHz 686-class CPU) Aug 29 12:04:46 www kernel: Origin = GenuineIntel Id = 0xf41 Stepping = 1 Aug 29 12:04:46 www kernel: Features=0xbfebfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE Aug 29 12:04:46 www kernel: Hyperthreading: 2 logical CPUs Aug 29 12:04:46 www kernel: real memory = 536608768 (511 MB) Aug 29 12:04:46 www kernel: avail memory = 515444736 (491 MB) Aug 29 12:04:46 www kernel: ACPI APIC Table: DELL PE750 Aug 29 12:04:46 www kernel: ioapic0: Changing APIC ID to 2 Aug 29 12:04:46 www kernel: ioapic1: Changing APIC ID to 3 Aug 29 12:04:46 www kernel: ioapic0 Version 2.0 irqs 0-23 on motherboard Aug 29 12:04:46 www kernel: ioapic1 Version 2.0 irqs 24-47 on motherboard Aug 29 12:04:46 www kernel: npx0: math processor on motherboard Aug 29 12:04:46 www kernel: npx0: INT 16 interface Aug 29 12:04:46 www kernel: acpi0: DELL PE750 on motherboard Aug 29 12:04:46 www kernel: acpi0: Power Button (fixed) Aug 29 12:04:46 www kernel: Timecounter ACPI-fast frequency 3579545 Hz quality 1000 Aug 29 12:04:46 www kernel: acpi_timer0: 24-bit timer at 3.579545MHz port 0x808-0x80b on acpi0 Aug 29 12:04:46 www kernel: cpu0: ACPI CPU on acpi0 Aug 29 12:04:46 www kernel: pcib0: ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0 Aug 29 12:04:46 www kernel: pci0: ACPI PCI bus on pcib0 Aug 29 12:04:46 www kernel: pcib1: ACPI PCI-PCI bridge at device 3.0 on pci0 Aug 29 12:04:46 www kernel: pci1: ACPI PCI bus on pcib1 Aug 29 12:04:46 www kernel: em0: Intel(R) PRO/1000 Network Connection, Version - 1.7.35 port 0xece0-0xecff mem 0xfe2e-0xfe2f irq 18 at device 1.0 on pci1 Aug 29 12:04:46 www kernel: em0: Ethernet address: 00:12:3f:ec:f4:90 Aug 29 12:04:46 www kernel: em0: Speed:N/A Duplex:N/A Aug 29 12:04:46 www kernel: pcib2: ACPI PCI-PCI bridge at device 28.0 on pci0 Aug 29 12:04:46 www kernel: pci2: ACPI PCI bus on pcib2 Aug 29 12:04:46 www kernel: aac0: Dell CERC SATA RAID 2 mem 0xf400-0xf7ff irq 24 at device 1.0 on pci2 Aug 29 12:04:46 www kernel: aac0: Unknown processor 100MHz, 48MB cache memory, optional battery not installed Aug 29 12:04:46 www kernel: aac0: Kernel 4.1-0, Build 7406, S/N c540d4 Aug 29 12:04:46 www kernel: aac0: Supported Options=1097cWCACHE,DATA64,HOSTTIME,RAID50,WINDOW4GB,SOFTERR,ALARM Aug 29 12:04:46 www kernel: uhci0: UHCI (generic) USB controller port 0xcce0-0xccff irq 16 at device 29.0 on pci0 Aug 29 12:04:46 www kernel: usb0: UHCI (generic) USB controller on uhci0 Aug 29 12:04:46 www kernel: usb0: USB revision 1.0 Aug 29 12:04:46 www kernel: uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 Aug 29 12:04:46 www kernel: uhub0: 2 ports with 2 removable, self powered Aug 29 12:04:46 www kernel: uhci1: UHCI (generic) USB controller port 0xccc0-0xccdf irq 19 at device 29.1 on pci0 Aug 29 12:04:46 www kernel: usb1: UHCI (generic) USB controller on uhci1 Aug 29 12:04:46 www kernel: usb1: USB revision 1.0 Aug 29 12:04:46 www kernel: uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 Aug 29 12:04:46 www kernel: uhub1: 2 ports with 2 removable, self powered Aug 29 12:04:46 www kernel: pci0: base peripheral at device 29.4 (no driver attached) Aug 29 12:04:46 www kernel: pci0: base peripheral, interrupt controller at device 29.5 (no driver attached) Aug 29 12:04:46 www kernel: pci0: serial bus, USB at device 29.7 (no driver attached) Aug 29 12:04:46 www kernel: pcib3: ACPI PCI-PCI bridge at device 30.0 on pci0 Aug 29 12:04:46 www kernel: pci3: ACPI PCI bus on pcib3 Aug 29 12:04:46 www kernel: em1: Intel(R) PRO/1000 Network Connection, Version - 1.7.35 port 0xdcc0-0xdcff mem 0xfdee-0xfdef irq 21 at device 2.0 on pci3 Aug 29 12:04:46 www kernel: em1: Ethernet address: 00:12:3f:ec:f4:91 Aug 29 12:04:46 www kernel: em1: Speed:N/A Duplex:N/A Aug 29 12:04:46 www kernel: pci3: display, VGA at device 14.0 (no driver attached) Aug 29 12:04:46 www kernel: isab0: PCI-ISA bridge at device 31.0 on pci0 Aug 29 12:04:46 www kernel: isa0: ISA bus on isab0 Aug 29 12:04:46 www kernel: atapci0: Intel 6300ESB SATA150 controller port 0xfea0-0xfeaf,0x376,0x170-0x177,0x3f6,0x1f0-0x1f7 at device 31.2 on pci0 Aug 29 12:04:46 www kernel: ata0: channel #0 on atapci0 Aug 29 12:04:46 www kernel: ata1:
Re: Help with strange web server problem
I will give that a try. Thank you for your help! Jerry I'm hardly on expert on these sorts of things, but I *believe* that ACPI is responsible for power management stuff, including possibly spinning down your hard drive after inactivity. Try restarting with ACPI enabled (which you can do on your boot menu), or disable ACPI within your BIOS for a while to see if this helps.. certainly can't hurt to try. On Feb 13, 2006, at 3:15 PM, Jerry Bell wrote: So ACPI is disabled? I'm assuming it's enabled. Can that be a problem? Aug 29 12:04:46 www syslogd: kernel boot file is /boot/kernel/kernel Aug 29 12:04:46 www kernel: Copyright (c) 1992-2005 The FreeBSD Project. Aug 29 12:04:46 www kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 Aug 29 12:04:46 www kernel: The Regents of the University of California. All rights reserved. Aug 29 12:04:46 www kernel: FreeBSD 5.4-STABLE #0: Thu Aug 18 07:49:41 UTC 2005 Aug 29 12:04:46 www kernel: [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC Aug 29 12:04:46 www kernel: Timecounter i8254 frequency 1193182 Hz quality 0 Aug 29 12:04:46 www kernel: CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz (2800.12-MHz 686-class CPU) Aug 29 12:04:46 www kernel: Origin = GenuineIntel Id = 0xf41 Stepping = 1 Aug 29 12:04:46 www kernel: Features=0xbfebfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,P GE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE Aug 29 12:04:46 www kernel: Hyperthreading: 2 logical CPUs Aug 29 12:04:46 www kernel: real memory = 536608768 (511 MB) Aug 29 12:04:46 www kernel: avail memory = 515444736 (491 MB) Aug 29 12:04:46 www kernel: ACPI APIC Table: DELL PE750 Aug 29 12:04:46 www kernel: ioapic0: Changing APIC ID to 2 Aug 29 12:04:46 www kernel: ioapic1: Changing APIC ID to 3 Aug 29 12:04:46 www kernel: ioapic0 Version 2.0 irqs 0-23 on motherboard Aug 29 12:04:46 www kernel: ioapic1 Version 2.0 irqs 24-47 on motherboard Aug 29 12:04:46 www kernel: npx0: math processor on motherboard Aug 29 12:04:46 www kernel: npx0: INT 16 interface Aug 29 12:04:46 www kernel: acpi0: DELL PE750 on motherboard Aug 29 12:04:46 www kernel: acpi0: Power Button (fixed) Aug 29 12:04:46 www kernel: Timecounter ACPI-fast frequency 3579545 Hz quality 1000 Aug 29 12:04:46 www kernel: acpi_timer0: 24-bit timer at 3.579545MHz port 0x808-0x80b on acpi0 Aug 29 12:04:46 www kernel: cpu0: ACPI CPU on acpi0 Aug 29 12:04:46 www kernel: pcib0: ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0 Aug 29 12:04:46 www kernel: pci0: ACPI PCI bus on pcib0 Aug 29 12:04:46 www kernel: pcib1: ACPI PCI-PCI bridge at device 3.0 on pci0 Aug 29 12:04:46 www kernel: pci1: ACPI PCI bus on pcib1 Aug 29 12:04:46 www kernel: em0: Intel(R) PRO/1000 Network Connection, Version - 1.7.35 port 0xece0-0xecff mem 0xfe2e-0xfe2f irq 18 at device 1.0 on pci1 Aug 29 12:04:46 www kernel: em0: Ethernet address: 00:12:3f:ec:f4:90 Aug 29 12:04:46 www kernel: em0: Speed:N/A Duplex:N/A Aug 29 12:04:46 www kernel: pcib2: ACPI PCI-PCI bridge at device 28.0 on pci0 Aug 29 12:04:46 www kernel: pci2: ACPI PCI bus on pcib2 Aug 29 12:04:46 www kernel: aac0: Dell CERC SATA RAID 2 mem 0xf400-0xf7ff irq 24 at device 1.0 on pci2 Aug 29 12:04:46 www kernel: aac0: Unknown processor 100MHz, 48MB cache memory, optional battery not installed Aug 29 12:04:46 www kernel: aac0: Kernel 4.1-0, Build 7406, S/N c540d4 Aug 29 12:04:46 www kernel: aac0: Supported Options=1097cWCACHE,DATA64,HOSTTIME,RAID50,WINDOW4GB,SOFTERR,ALARM Aug 29 12:04:46 www kernel: uhci0: UHCI (generic) USB controller port 0xcce0-0xccff irq 16 at device 29.0 on pci0 Aug 29 12:04:46 www kernel: usb0: UHCI (generic) USB controller on uhci0 Aug 29 12:04:46 www kernel: usb0: USB revision 1.0 Aug 29 12:04:46 www kernel: uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 Aug 29 12:04:46 www kernel: uhub0: 2 ports with 2 removable, self powered Aug 29 12:04:46 www kernel: uhci1: UHCI (generic) USB controller port 0xccc0-0xccdf irq 19 at device 29.1 on pci0 Aug 29 12:04:46 www kernel: usb1: UHCI (generic) USB controller on uhci1 Aug 29 12:04:46 www kernel: usb1: USB revision 1.0 Aug 29 12:04:46 www kernel: uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 Aug 29 12:04:46 www kernel: uhub1: 2 ports with 2 removable, self powered Aug 29 12:04:46 www kernel: pci0: base peripheral at device 29.4 (no driver attached) Aug 29 12:04:46 www kernel: pci0: base peripheral, interrupt controller at device 29.5 (no driver attached) Aug 29 12:04:46 www kernel: pci0: serial bus, USB at device 29.7 (no driver attached) Aug 29 12:04:46 www kernel: pcib3: ACPI PCI-PCI bridge at device 30.0 on pci0 Aug 29 12:04:46 www kernel: pci3: ACPI PCI bus on pcib3 Aug 29 12:04:46 www kernel: em1: Intel(R) PRO/1000 Network Connection, Version - 1.7.35 port 0xdcc0-0xdcff mem 0xfdee-0xfdef irq 21 at device 2.0
Re: Help with strange web server problem
Charles - thank you for your excellent investigation! I'm pretty sure that my colo provider isn't running a firewall (I've asked them not to, anyhow). I am running IPFW on that box, with the standard allow tcp from any to any established followed by the allow tcp any to my_ip 80 setup. I've done that on other servers without it being a problem like this. I'm going to have the colo double check for router acl's or something like that in the morning. Since this is such an intermittent problem, I can't yet say that it's fixed, but I ran with the disks being idled theory and wrote a small script that creates a file and deletes a file every minute, and since that's been running, I've not seeing the issue repeat - but then this is not a very repeatable problem. Thanks again for your great assistance. Jerry Charles Swiger wrote: On Feb 13, 2006, at 3:12 PM, Jerry Bell wrote: I didn't want to spam the link out, but it's www.musiclodge.com. I will gather the capture data from working and non working sessions and send it out. Well, I can confirm the behavior you've described. It looks somewhat like a stateful firewall or is in the way and is generating an RST, even while your webserver tries to generate a response. However, once the firewall sees the outbound traffic, it seems to create a dynamic rule which lets the traffic from subsequent connections through: 5-pan# tcpdump -tnXs 0 host www.musiclodge.com tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes IP 199.103.21.238.50740 63.175.100.44.80: S 2282569549:2282569549(0) win 65535 mss 1460,nop,wscale 0,nop,nop,timestamp 1159441862 0 0x: 4510 003c 4653 4000 4006 7328 c767 15ee E..[EMAIL PROTECTED]@.s(.g.. 0x0010: 3faf 642c c634 0050 880d 3f4d ?.d,.4.P..?M 0x0020: a002 815f 0204 05b4 0103 0300 ._.. 0x0030: 0101 080a 451b adc6 E... IP 63.175.100.44.80 199.103.21.238.50740: S 2634350592:2634350592(0) ack 2282569550 win 65535 0x: 4500 0028 4000 2506 d49f 3faf 642c E..([EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 9d05 880d 3f4e .g...P.4..?N 0x0020: 5012 03bc 1b60 P..` 0x0030: 2678 x IP 199.103.21.238.50740 63.175.100.44.80: . ack 1 win 65535 0x: 4510 0028 4655 4000 4006 733a c767 15ee E..([EMAIL PROTECTED]@.s:.g.. 0x0010: 3faf 642c c634 0050 880d 3f4e 9d05 0001 ?.d,.4.P..?N 0x0020: 5010 03bd P... 3-way handshake is completed here, next traffic should be from my machine making the GET /, request, but instead your machine sends another ACK: IP 63.175.100.44.80 199.103.21.238.50740: S 2238145710:2238145710(0) ack 2282569550 win 65535 mss 1460,nop,wscale 1,nop,nop,timestamp 1453026167 1159441862 0x: 4500 003c 57fa 4000 3206 6f91 3faf 642c E..[EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 8567 64ae 880d 3f4e .g...P.4.gd...?N 0x0020: a012 9cdb 0204 05b4 0103 0301 0x0030: 0101 080a 569b 6b77 451b adc6 9345 1153 V.kwEE.S Interesting that the previous ack had no TCP options set, whereas this one does include a timestamp in response. IP 199.103.21.238.50740 63.175.100.44.80: . ack 396204883 win 65535 nop,nop,timestamp 1159441863 1453026167 0x: 4510 0034 4656 4000 4006 732d c767 15ee [EMAIL PROTECTED]@.s-.g.. 0x0010: 3faf 642c c634 0050 880d 3f4e 9d05 0001 ?.d,.4.P..?N 0x0020: 8010 8157 0101 080a 451b adc7 .W..E... 0x0030: 569b 6b77V.kw Where did sequence # 396204883 come from? And your side follows up with a pair of connection resets, and a normal ACK packet, too. IP 63.175.100.44.80 199.103.21.238.50740: R 2634350593:2634350593(0) win 0 0x: 4500 0028 b6f6 4000 3206 10a9 3faf 642c E..([EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 9d05 0001 .g...P.4 0x0020: 5004 cb24 f3fa P$.. 0x0030: 5489 T. IP 63.175.100.44.80 199.103.21.238.50740: R 2634350593:2634350593(0) win 0 0x: 4500 0028 4bfc 4000 3206 7ba3 3faf 642c E..([EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 9d05 0001 .g...P.4 0x0020: 5004 cb24 abb8 P$.. 0x0030: c9be .. IP 63.175.100.44.80 199.103.21.238.50740: S 2238145710:2238145710(0) ack 2282569550 win 65535 mss 1460,nop,wscale 1,nop,nop,timestamp 1453026467 1159441862 0x: 4500 003c 3a9d 4000 3206 8cee 3faf 642c E..:[EMAIL
Re: Help with strange web server problem
Looks like it's still an issue, so I'd say the firewall issue is still in play. If there is not a firewall/proxy in place, are there any known issues with IPFW (or anything else with FBSD) that could cause this behavior? Jerry Bell wrote: Charles - thank you for your excellent investigation! I'm pretty sure that my colo provider isn't running a firewall (I've asked them not to, anyhow). I am running IPFW on that box, with the standard allow tcp from any to any established followed by the allow tcp any to my_ip 80 setup. I've done that on other servers without it being a problem like this. I'm going to have the colo double check for router acl's or something like that in the morning. Since this is such an intermittent problem, I can't yet say that it's fixed, but I ran with the disks being idled theory and wrote a small script that creates a file and deletes a file every minute, and since that's been running, I've not seeing the issue repeat - but then this is not a very repeatable problem. Thanks again for your great assistance. Jerry Charles Swiger wrote: On Feb 13, 2006, at 3:12 PM, Jerry Bell wrote: I didn't want to spam the link out, but it's www.musiclodge.com. I will gather the capture data from working and non working sessions and send it out. Well, I can confirm the behavior you've described. It looks somewhat like a stateful firewall or is in the way and is generating an RST, even while your webserver tries to generate a response. However, once the firewall sees the outbound traffic, it seems to create a dynamic rule which lets the traffic from subsequent connections through: 5-pan# tcpdump -tnXs 0 host www.musiclodge.com tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes IP 199.103.21.238.50740 63.175.100.44.80: S 2282569549:2282569549(0) win 65535 mss 1460,nop,wscale 0,nop,nop,timestamp 1159441862 0 0x: 4510 003c 4653 4000 4006 7328 c767 15ee E..[EMAIL PROTECTED]@.s(.g.. 0x0010: 3faf 642c c634 0050 880d 3f4d ?.d,.4.P..?M 0x0020: a002 815f 0204 05b4 0103 0300 ._.. 0x0030: 0101 080a 451b adc6 E... IP 63.175.100.44.80 199.103.21.238.50740: S 2634350592:2634350592(0) ack 2282569550 win 65535 0x: 4500 0028 4000 2506 d49f 3faf 642c E..([EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 9d05 880d 3f4e .g...P.4..?N 0x0020: 5012 03bc 1b60 P..` 0x0030: 2678 x IP 199.103.21.238.50740 63.175.100.44.80: . ack 1 win 65535 0x: 4510 0028 4655 4000 4006 733a c767 15ee E..([EMAIL PROTECTED]@.s:.g.. 0x0010: 3faf 642c c634 0050 880d 3f4e 9d05 0001 ?.d,.4.P..?N 0x0020: 5010 03bd P... 3-way handshake is completed here, next traffic should be from my machine making the GET /, request, but instead your machine sends another ACK: IP 63.175.100.44.80 199.103.21.238.50740: S 2238145710:2238145710(0) ack 2282569550 win 65535 mss 1460,nop,wscale 1,nop,nop,timestamp 1453026167 1159441862 0x: 4500 003c 57fa 4000 3206 6f91 3faf 642c E..[EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 8567 64ae 880d 3f4e .g...P.4.gd...?N 0x0020: a012 9cdb 0204 05b4 0103 0301 0x0030: 0101 080a 569b 6b77 451b adc6 9345 1153 V.kwEE.S Interesting that the previous ack had no TCP options set, whereas this one does include a timestamp in response. IP 199.103.21.238.50740 63.175.100.44.80: . ack 396204883 win 65535 nop,nop,timestamp 1159441863 1453026167 0x: 4510 0034 4656 4000 4006 732d c767 15ee [EMAIL PROTECTED]@.s-.g.. 0x0010: 3faf 642c c634 0050 880d 3f4e 9d05 0001 ?.d,.4.P..?N 0x0020: 8010 8157 0101 080a 451b adc7 .W..E... 0x0030: 569b 6b77V.kw Where did sequence # 396204883 come from? And your side follows up with a pair of connection resets, and a normal ACK packet, too. IP 63.175.100.44.80 199.103.21.238.50740: R 2634350593:2634350593(0) win 0 0x: 4500 0028 b6f6 4000 3206 10a9 3faf 642c E..([EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 9d05 0001 .g...P.4 0x0020: 5004 cb24 f3fa P$.. 0x0030: 5489 T. IP 63.175.100.44.80 199.103.21.238.50740: R 2634350593:2634350593(0) win 0 0x: 4500 0028 4bfc 4000 3206 7ba3 3faf 642c E..([EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 9d05 0001 .g...P.4 0x0020: 5004 cb24 abb8 P$.. 0x0030: c9be
Re: syslog logging recommendation
I'd recommend using rsyslog (www.rsyslog.com). The integration with mysql is much cleaner, IMO, than syslog-ng. Jerry http://www.syslog.org Bill Schmitt (SW) wrote: I'm looking for a recommendation for capturing syslogs from my small network. Specifically, initially I'd like to capture the syslog from my Netgear router and store it on my FreeBSD machine. Later I'd add other machines on the network. I've seen msyslog in the ports, but there's virtually no information on it out there. I've also seen syslog-ng, which looks promising. I'd like to store the information in mySQL. I'd appreciate any recommendations and/or pointers to pages with setup examples. Thanks, Bill ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: turck-mmcache-2.4.6 disappeared from ports tree?
Turk has been replaced with eaccelerator, which is in the ports tree now. Jerry http://www.syslog.org Hi, I am wondering why turck-mmcache-2.4.6 disappeared from the ports tree in 5.4, and later on I found out that it disppeared in 5.3 as well. Will it make its way back to the ports tree? Any Ideas? Thanks in advance. Lei ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Is this a safe way to multi-home a mail server?
I believe the problem you are going to run into is with outbound routing. You're only able to have one default route, which will point you out one dsl router or the other. If the ISP that is your default dies, then your traffic isn't going anywhere. Depending on what problems the ISP's are having, you may able to overcome the problem by using dynamic routing from the routers to the BSD server. If you can get that to work, you're most of the way there. The other problem I see is that when everything is working good and traffic comes in on the secondary ISP, your return traffic is going to be sent out the default route, not necessarily the one that came in. This may be a problem if your ISP's are performing egress filtering, preventing IP's that aren't their own from leaving out of their network (this is a good practice, btw). If you can either work out an arrangement with the ISP's on the filtering (if it exists) or you can set things up such that mail doesn't come into the secondary ISP unless the primary is down, and you have dymanic routing set up, I think this will work pretty well. Jerry http://www.syslog.org I have a machine on two DSL networks: a /29 and a /28 provided by different ISPS (why is a long story). The machine acts as a mail server (sendmail) as well as a NAT server for an internal network. Both DSL nets arrive at one interface card, and the LAN is on the other card. I have added one of the DSL nets as the main net for the external interface and the other DSL net as an alias via ifconfig. Two questions: 1. Can I have both host IPs (one from each DSL net) as A records in DNS for the mail server's name--e.g., mail.my.domain IN A 1.2.3.4 mail.my.domain IN A 5.6.7.8 and expect mail to arrive at the machine regardless of which network is working at any given time? (Part of the long story is that we're having serious trouble with one or the other network at various times and are trying, temporarily at least, to stay afloat by using whichever is better at the moment.) Both host IPs have correct (identical) reverse DNS. 2. Is there a way, via routed or other means, to cause the machine to figure out automatically which net to use for default traffic? It would be wonderful if natd could keep up with this too, but there I suspect I'm asking for the moon... Thanks much for any responses. Please Cc me. -- Doug Lee [EMAIL PROTECTED]http://www.dlee.org BART Group [EMAIL PROTECTED] http://www.bartsite.com I before E, except after C, or when sounded like A, as in neighbor and weigh, except for when weird foreign concierges seize neither leisure nor science from the height of society. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: securing SSH, FBSD systems
These attacks are almost exclusively automated, looking to install a script to launch spam runs from. They're essentially trying common username and weak password combinations - blank password, passwords the same as the user name, abc123, etc. There are four things you can do to improve the secutiy of sshd: 1. Move sshd to listen on a different port. This will not protect against a concerted attack, though. 2. Check for weak passwords. John the ripper can help out with that. pam_passwdqc(8) can help you enforce strong passwords. 3. Integrate an automated log monitoring system that looks for *successful* logins, since those are really what you're worried about anyway. This can be difficult to manage if you have a log of regular shell users. 4. Keep up-to-date with security patches and advisories. Attacking your system through password guessing is much harder than using a vulnerability in sshd or some other service. I have a security guide for FreeBSD at: http://www.syslog.org/Content-5-4.phtml Jerry http://www.syslog.org Would someone mind briefly talking about securing FBSD systems from such attacks, at least in a manner that's a bit more extensive and detailed than just saying use Snort? I'm not a newbie to FBSD, but I'm not a *NIX guru either. I'd really appreciate your help. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spam Problems
web script. The sender was specified as [EMAIL PROTECTED] according to the complaint email. I use phpBB, vBulletin and Awstats. Most likely the attacker used a flaw in phpBB or awstats. Are you running the latest versions of those? Otherwise, it is possible they found a vulnerability in something else you were running, like apache, php, etc. Jerry http://www.syslog.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ps: bad namelist
Typically this is caused by a kernel and utilities (like ps and w) being out of sync. It sounds like you don't think that is the case, though. I suppose it could be a problem with your procfs, but I'm not sure that would cause this kind of symptom. My suspicion is still on inconsistencies between the kernel and world. ps: bad namelist w: bad namelist Jerry http://www.syslog.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What is *** WRONG *** with my network?
These are signs of a kernel that is out of sync with the rest of world. You said you didn't run a makeworld recently, but what about rebuilding the kernel? # netstat -rn # netstat: kvm not available Routing tables rt_tables: symbol not in namelist Jerry http://www.syslog.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: syslogd will be removed from freebsd???
Sorry about that - I was having a little bit of fun on April Fool's day. This is definitely not true. Hopefully the opposite will happen and more people will pay more attention to their logs messages. Saying that Linux and BSD variants are going to remove syslog in the next months. Regards, Jerry http://www.syslog.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: screwy network/dmz problem
The first thing I would check is that it's the BSD box that you are actually pinging. I'd try unplugging it and trying the ping again from the IIS box. Barring that, I would double and triple check the network mask on the BSD box. Also, make sure you don't have some screwy firewall rules on the BSD server that prevent outbound pings. Next, look at the output of 'netstat -rn' You should see entries for the default gateway as well as your local network. If all looks good there, check your arp table with arp -a. If you don't see anything there, it's probably a layer 1 or 2 problem (cabling/vlan). There are many many possibilities for what could be wrong, but it's hard for us to say. Let us know what you find on those tests. Jerry http://www.syslog.org here in our office we have a firewall running Firewall-1 (it is administered remotely from another office in another country). It is set up with a dmz so I can host a web server (which is running IIS), but it works. I am now adding another web server, running Apache/FreeBSD. Problem is the FBSD box does not ping anything. The IIS box can ping the FBSD box and get a response from it. I have used the same network settings on the FBSD box that are on the IIS box, changing only the ipaddress. I don't understand why the FBSD box only responds with network not found when trying to ping anything. Now the IIS box is not a member of any network, it is it's own workgroup called DMZ. Is the problem that the FBSD box needs to be a member of the workgroup DMZ? And if so, how do I get it there? Regards, Chip ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to find files less than a day old?
It doesn't appear to work on my FreeBSD box, either. What does work is this: find /var/log -newerct '1 hour ago' -exec cat {} /var/tmp/filename \; Jerry http://www.syslog.org I read the man page and didn't see that. It doesn't appear to work on the box that I am ssh-ing to. Sorry, I should have mentioned that it is not a FreeBSD box that I am connected to. I think it may be a Solaris 9 box. Is there any way to get this to work in Solaris? Thanks /Brian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Anthony's drive issues.Re: ssh password delay
No, the only way to find the error is to find someone who knows the FreeBSD code and is competent and willing to discuss the problem, instead of people who spend their time blowing smoke in order to avoid admitting that they haven't a ghost of a clue as to what the problem is. You're looking for the reason that your older hardware runs on NT and doesn't run on FreeBSD. Save any real hardware problem, the reason is most certainly pure incompatibility between the hardware and the drivers that are in FreeBSD. When someone goes to write a driver (unless it's provided by the manufacturer, which I don't think is all that common) for a piece of hardware, they have a piece of hardware and some docs on how to interface with it. If the firmware on the board they are using is later than yours, and is incompatible in some slight way that the driver author took advantage of, you see this exact problem. The driver authors ask for people to test the drivers out - but if no one who is willing/ready/able to test is running an older firmware rev, then the testing doesn't extend back to your version and it's not found to be a problem until someone like you comes along and trips over an incompatibility. I've had this very thing happen for several different older raid cards. In every case, I fixed the problem by upgrading the firmware. Alternatively, you can try linux. They tend to support all sorts of crazy hardware versions. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Serious issue with SATA disks again
I don't think Western Digital has one (?). If it does, where can I find it? Here is WDC's data lifeguard utility for DOS: http://support.wdc.com/download/index.asp?cxml=npid=2swid=30 Also, you might want to try flashing the firmware for the controller/motherboard with the lastest versions. I've had several occaisons recently where I couldn't get hardware to work with BSD until I got up to the lastest firmware (an old dell perc 2 most recently). I didn't see the original email, so I may be off-base on the controller being the problem, though. Jerry http://www.syslog.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: MS Exchange server on FreeBSD?
Count me in on the group that doesn't think that a web-based system is adequate for the enterprise, but in the realm of web-based groupware systems, I have taken a strong liking to group office. I've not used all of these below, but I've been most impressed with group office's interface and features. http://sourceforge.net/projects/group-office/ Jerry http://www.syslog.org Have a look here: eGroupWare (at egroupware.org) OpenGroupware.org (at opengroupware.org) Open Source Exchange Replacement (at oser.sourceforge.net) OPEN-XCHANGE (at open-xchange.org) PHPGroupware (at phpgroupware.org) -- Best regards, Chris Everything may be divided into as many parts as you please. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: MS Exchange server on FreeBSD?
One option is to use communigate. It allegedly works with the outlook mapi client and should work on freebsd. http://www.stalker.com/content/solutions.htm I've heard from a lot of people that swear by it, particularly in the ISP space. Jerry Thanks for all the replies. I will take a look at the, more or less, open solutions. I never intended to use the MS exchange as my primary mail server. But its functionality for syncinig calenders, documents and so on, seemed to a nice simple way of dealing with my situation here. I have to admit, that I never used a windows server, and thought it should be fairly easy. Now by looking at your submissions, and the docs, which tend to give me headaches, I realize that an Free BSD solution must be found to get the job done. thx again for all your advice Christian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: MS Exchange server on FreeBSD?
I'll second that the calendar/email functionality has become a utility service in many organizations. Exchange/outlook, for all their shortcomings, have really changed the way companies work. At my day job, we have 9 exchange servers around the world, with about 1500 mailboxes, so not a huge install, but in the past 5 years, calendaring, email and public folders have become a critical component of the business, and any bit of unavailability isn't tolerated. Now, we are fortunate that we have several really good windows/exchange guys to keep things humming, but it is clear that the business demands of calendaring and email are outstripping the ability of MS to deliver. We, along with many other organizations, are really looking at ways to achieve 99.999% uptime on exchange, but we're realy kidding ourselves. Something like communigate pro, that can be clustered and run on a non-windows OS could move us closer to the mark, but still not really there. The OS' and apps just aren't meant for that type of availability yet. Jerry A definite career-limiting move. It is a major reason why we can't go to a fully open source desktop. To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Howto monitor system security
I've recently started using devialog (http://devialog.sourceforge.net/), which is pretty good at sending exceptions to you. Examlog (http://examlog.sourceforge.net/index.php) is by far the most popular that I've seen, but I have not had a chance to try it on FreeBSD. Lire (http://logreport.org/lire/) is a good all-around choice - it has built in recognition for many different types of logs, but I found it a bit hard to use. If you are comfortable with it, I'd try this one. I've heard of several companies that have part of the security monitoring built around logwatch (http://www2.logwatch.org:81/), but it takes a good amount of customizing to get it to where it's really useful. Jerry http://www.syslog.org On 2005-03-14, Jerry Bell [EMAIL PROTECTED] wrote: There are many tools that will send alerts to you, but very few that will work out of the box, without some level of tuning. There is a collection of them here: http://www.syslog.org/Web_Links+index-req-viewlink-cid-4.phtml and here: http://www.syslog.org/Web_Links+index-req-viewlink-cid-19.phtml I see lots of log analizer tools. Which one is a good choice? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Howto monitor system security
Sergei, As one of the other responses points out, it's possible that it would be too late by the time a monitoring system was able to send an email to you. One way to partly mitigate that risk is by having your logs forwarded to another system, and having the analysis run from that machine. You still run the risk of the attacker stopping the logs from being forwarded, but you will likely get *some* notice that something is wrong. There are many tools that will send alerts to you, but very few that will work out of the box, without some level of tuning. There is a collection of them here: http://www.syslog.org/Web_Links+index-req-viewlink-cid-4.phtml and here: http://www.syslog.org/Web_Links+index-req-viewlink-cid-19.phtml I am running my FreeBSD machine on DMZ. I use ipfw and I expose http and smtp ports. I also expose sshd port, but only to a trusted network (work). I'd like to know what is the best way to monitor my machine security. FreeBSD security email is rather anoying, because it keeps sending messages even if nothing has changed. I need an email sent to me only if there is something abnormal. If you have portaudit installed, the daily security emails will include a section on vulnerable ports (software, not network) installed. This is really helpful, as it's hard to keep up with the latest vulnerabilities in all the software that a given system has to run. I think there tends to be a lag between the announcement of the vulnerability and portaudit knowing about it, though. Staying subscribed to the security lists for those applications you run is still a good idea. Jerry http://www.syslog.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: chroot jail and syslogd
I have a very similar setup with bind run inside a chroot jail. I experience a similar problem if I set up named to use /var/run/log. I commected it out and put syslog daemon in its place and it works like a champ. Sadly, I've not found the time to spend figuring out why it doesn't work otherwise. Jerry http://www.syslog.org channel audit_log { // Send the security related messages to a separate file. file /var/run/log; severity debug; print-time yes; }; ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
large core file from more
Earlier today, I was trying to look at a session file created by squirrelmail. I did a more filename. It put up one page of the file, but when I tried to scroll down, it gave the error message: more in malloc(): error: allocation failed Abort (core dumped) I logged in on a new session and killed the process (had to use -9). What is left is a 537038848 byte core file. Mind you, the file I was running more on is 896656 bytes. I've never seen anything like this, and the system has been working fine for months. It's not a problem at all for me, but I figured it may be a symptom of a bigger problem. Here is the info on my system: FreeBSD web1.stelesys.com 5.2.1-RELEASE-p9 FreeBSD 5.2.1-RELEASE-p9 #0: Mon Aug 30 11:48:25 EDT 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 Any ideas what could have happened? Jerry http://www.syslog.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Using poptop....
It's really pretty easy. I beat my head on the wall about a year ago, so I don't recall where all the docs are, but this is what my configs look like: /etc/ppp/ppp.conf: pptp: set timeout 0 set dial set login set ifaddr {IP address of internal interface} {IP address range xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx} set server /var/run/pptp_ppp_%d 0700 enable mschapv2 mppe # --- these two lines enable encryption set mppe * *#--- enable chap disable pap disable utmp disable passwdauth enable proxy accept dns set dns 192.168.x.x set nbns 192.168.x.x /usr/local/etc/pptpd.conf: option /etc/ppp/ppp.conf localip {IP address of internal interface} remoteip {IP address range xxx.xxx.xxx.2-255} pidfile /var/run/pptpd.pid You'll have to use the ppp.secret password file or a radius server (that's a whole other story). Other than that, this works like a champ, and is encrypted. Just for a point of clarification, omit the {} I added those for readability. Hope that helps. Jerry ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: HOW TO USE C-R-O-N?????
crontab -e then put in */2**** /usr/bin/perl /usr/scripts/my.pl save and it should be good to go. Jerry http://www.syslog.org - Original Message - From: Denis [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, September 13, 2003 7:09 AM Subject: HOW TO USE C-R-O-N? Hi All!!! Does anybody can show me how i can use Cron??? For example, I want to start: /usr/bin/perl /usr/scripts/my.pl every 30 seconds. Can i to do it? -- Best regards, Denis [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /etc/fstab explain me please.....
msdosfs should work so long as it's fat or fat32. Jerry http://www.syslog.org - Original Message - From: Denis [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, September 13, 2003 7:11 AM Subject: /etc/fstab explain me please. Hi All!!! I want to mount automatically my second disk drive which has Fat32 file system. Could you tell me what i must write in FSType section in /etc/fstab?? Maybe msdos or fat32??? -- Best regards, Denis [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: HOW TO USE C-R-O-N?????
As has been pointed out, this will make it run every 2 minutes, not every 30 seconds. I don't know of a way to go less than 1 minute. Jerry - Original Message - From: Jerry Bell [EMAIL PROTECTED] To: Denis [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, September 13, 2003 7:33 AM Subject: Re: HOW TO USE C-R-O-N? crontab -e then put in */2**** /usr/bin/perl /usr/scripts/my.pl save and it should be good to go. Jerry http://www.syslog.org - Original Message - From: Denis [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, September 13, 2003 7:09 AM Subject: HOW TO USE C-R-O-N? Hi All!!! Does anybody can show me how i can use Cron??? For example, I want to start: /usr/bin/perl /usr/scripts/my.pl every 30 seconds. Can i to do it? -- Best regards, Denis [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ISPs blocking SMTP connections from dynamic IP address space
snip The problem with running an MTA on a dynamic IP is even a little more difficult than just dealing with the dnsbls. A while back on the exim users list: http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030623/055733.html and http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030630/055875.html was a discussion about how technically, the HELO address, forward dns and reverse dns should all match according to the smtp rfc. I'm not advocating one way or the other, but it brings up a good point - that the best way to run an MTA on a dsl or cable line is to either reflect off your ISP's mail server (unpopular as per the discussion so far) or to reflect off of some other 'legitimate' mail server, which is what I do. I'm fortunate enough to have a box on a colo network, so I'm able to control the server that my mail gets reflected off of, but I don't think that's the case for many people. What may be an option is to look for some form of ISP who provides that services and gives some control and visibility into the email flow. I'm not sure that that exists, but it can't be an expensive service to run (I see a business opportunity :) I think it really stinks that it has come to the point that people companies have to take such steps to block dynamic IP's, but I can see both sides of the arguement. Jerry ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Networking hardware question
It partially depends on how the 5 switches and one hub are connected to each other. If they 5 of the devices all connect into one central device, you're probably safe, but if one is connected to the other and on and on, you will have problems. The problem is propogation delays when the devices are chained together in series. The delay can lead to retries and crashes which, in some cases, can really degrade the throughput of your network and in some cases halt it all together. Jerry - Original Message - From: Christophe Simon [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 20, 2002 1:47 PM Subject: Networking hardware question Hi, For one week, I have the responsability to administrate a LAN in a society where there's at least 5 swithes and 1 hub connected together in chain. I heard that plugging too many hubs or swithes in chain can cause network stability problems. Is that right, and what can I do. I have been adviced to put a bridge station between twoo switches in the chain, but I didn't succeeded in configuring the twoo interfaces (twoo RTL 8139 cards) on the same network adress (for exemple 192.168.0.1 and 192.168.0.2 cards in the same box...) and making a bridge. I compiled my kernel with the BRIDGE option, and I put sysct.net.link.bridge_cfg=rl0:0,rl1:0 in sysctl.conf. Im I on the rigt way, and if not so on, what ca I do ? Thanks a lot ! _ MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message