Network Interface 'overload' in 4.11
Hi, This is the 2nd or 3rd time I have seen this and wondered if there is a solution. Recently, one of our 4.11 servers that we had just installed at one of our offices with about 50 users got extremely slow and non-responsive after a few hours of operation. I was unable to do an ssh login to this box, but it stayed up according to people on the scene. This box is running natd with the usual setup, an outside interface hooked to a T1 with the outside IP and the local LAN hooked up through switches to the inside interface with a class C private network with 192.168.x.x addresses, handing out DHCP over that interface. My assistant was on scene and got on the phone with me when this happened and confirmed that the box was up and responsive to console commands. I asked him to pull the ethernet to the inside interface. Instantly, I was able to ssh in to the outside address and the web server on the box became responsive again. Then we put the cable back and I tried tcpdump to see where the 'overload' was coming from. tcpdump showed virtually no traffic on the inside interface. We resorted to going through the switches and looked for a link light that was flickering the most, pulled out that cable, which went to only one Windows box and the whole network returned to normal. Now, this box was somehow spewing packets at a high enough rate (it's a 1ghz inside network) to 'shut down' the 4.11 server's networking. This is obviously not a good situation. It looks like the interface was dropping almost all packets at that point. I had this same problem a year or two ago with a 4.x box. At that time I tried playing with various sysctls. I had no real luck. Does anyone have any experience with this phenomenum and can you suggest a cure? Thanks very much, -- -Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Network Interface 'overload' in 4.11
On Thursday 18 August 2005 02:31 pm, you wrote: Sounds like viral activity to me. I has this at work recently where 2 mtob infected machines where able to bring the entire 100mbs switched network to its needs If you run ethereal you may find the network is being flooded by arp lookups from the Windows machine in question. Yes. I agree. Although we've run Symantec on the silly box and nothing is there with the latest identity files. In fact, now you can hook it back up to the net and all is fine. Maybe it got fixed by one of the 'anti-worm worms' ? 8-) . What I was really wondering is if there is some way of preventing one silly Windows box from taking the FreeBSD server into a state where it is pretty much useless network-wise. Setting throttling is one thing that was suggested, but as I recall, when I tried that, it actually made no difference because it throttled the interface and it was useless anyway. Doesn't ethereal really just run tcpdump? Tcpdump showed very little. I guess because it was running on the same machine and the machine wasn't delivering packets to the internal networking..or it was infernally slow and it didn't get much to show. Probably if I had a 2nd FreeBSD box monitoring the network on a hub insdtead of a switch, that would work, but this is an outer office with no on-site IT staff and that is sort of hard to accomplish. Thanks! -Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: MS Exchange server on FreeBSD?
On Saturday 19 March 2005 04:03 am, Christian Tischler wrote: Thanks for all the replies. I will take a look at the, more or less, open solutions. I never intended to use the MS exchange as my primary mail server. But its functionality for syncinig calenders, documents and so on, seemed to a nice simple way of dealing with my situation here. I have to admit, that I never used a windows server, and thought it should be fairly easy. Now by looking at your submissions, and the docs, which tend to give me headaches, I realize that an Free BSD solution must be found to get the job done. Investigate Mozilla's Sunbird calendars running against a WEBDAV module on Apache. This shares calendars quite nicely. It also works with OSX on Macs. You can share documents with Samba or with WEBDAV using something like webdrive which maps the WEBDAV directory on the server to Windows drive letters. Personally, I wouldn't wish Exchange on my worst enemy. It uses a database to store mail and, if that database becomes corrupted, you can lose all the email for the company. This will make you extremely unpopular. We had it happen once and just moved everyone over to Sendmail and never lost an email for 5 years now. It also has no concept of how internet mail works. It creates an environment where, if you are not running Outlook, you are outside the loop. It is its own world and not really internet mail as we know it. Also, you have to run it on a Windows server. which is not a server at all, but a glorified 2000 box or XP box. Anything that wants you to kick off all the users just because you installed a new piece of software is a toy server. You don't want to deal with that in a 24/7 world. There's never a time you can do that unless you *like* coming in Sunday night at midnight! -Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd IT mailing list or newsgroup?
On Monday 17 January 2005 04:55 pm, Gene wrote: Ever thought about starting one of your own? Gene Actually, yes, if I didn't find one. Anyone interested? Mailing list? Wiki? Whatever? -Jim Jim Durham wrote: On Saturday 15 January 2005 01:12 pm, Chuck Swiger wrote: Jim Durham wrote: I am the sys admin for a company of about 500 people and I am running Sendmail/Procmail/Spamassassin, Samba, Apache/PHP/MySql on FreeBSD..about 8 servers in 3 offices across the US and soon to be more. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd IT mailing list or newsgroup?
On Saturday 15 January 2005 01:12 pm, Chuck Swiger wrote: Jim Durham wrote: I am the sys admin for a company of about 500 people and I am running Sendmail/Procmail/Spamassassin, Samba, Apache/PHP/MySql on FreeBSD..about 8 servers in 3 offices across the US and soon to be more. OK. Freebsd-questions is wonderful and I find a lot of answers there, but the signal-to-noise is low when you are just looking for IT-oriented information regarding FreeBSD. Especially regarding systems implemented for an office/LAN environment. I was wondering if there is any mailing list or newsgroup devoted to IT on FreeBSD? Google is not returning any hits on this, nor the listing on freebsd.org. Your question parses, but it is not clear what specific thing you have in mind that would seperate an IT-oriented list from a non-IT oriented list. Can you either give an example question or two, or can you say why freebsd-questions is *not* IT-oriented? Sorry for the slow reply...I was out of touch for a day.. I guess I'm thinking that there are just a lot of things that you get into in a corporate environment . For instances are hard to think of off the top of my head, but, how about implementing Citrix NFuse on Tomcat on FreeBSD? They always assume Linux or Solaris or (sorry..SCO..8-) ) and while you can make it work on FreeBSD, you spend a lot of time fixing stuff that probably someone else has fixed before or conversly, you should be sharing thi info so others don't have to wade through the 'discovery' process. Or does your question mean you looking for a list whose members are mostly sysadmins and network managers, rather than end-users? Exactly. FreeBSD doesn't really make much distinction between an end-user and a sysadmin [1], but you might find freebsd-stable or freebsd-isp to come closer to what you are looking for. What I'm saying is a list like freebsd-isp, but focused on corporate IT with FreeBSD. -isp is helpful, and I *am* subscribed, but doesn't include a lot of IT types. (snip) -- -Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd IT mailing list or newsgroup?
On Saturday 15 January 2005 03:05 pm, Ted Mittelstaedt wrote: Have you seen my book and website? http://www.freebsd-corp-net-guide.com It is out of print now but still available on Amazon. I have the book and I contributed some stuff to you a few years ago 8-) . -- -Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd IT mailing list or newsgroup?
On Saturday 15 January 2005 03:15 pm, [EMAIL PROTECTED] wrote: Jim Durham wrote: I am the sys admin for a company of about 500 people and I am running Sendmail/Procmail/Spamassassin, Samba, Apache/PHP/MySql on FreeBSD..about 8 servers in 3 offices across the US and soon to be more. ... I was wondering if there is any mailing list or newsgroup devoted to IT on FreeBSD? Google is not returning any hits on this, nor the listing on freebsd.org. I'm not really understanding the distinction that you're looking for. For FreeBSD-specific technical discussions, this is the place. Applications of course have their own lists, which are obviously more appropriate for application-specific questions. I guess I would have to say that the niche I am talking about is supporting applications of a corporate/business nature on FreeBSD. For broader discussions, perhaps regarding best practices in system administration, commercial backup recommendations, etc, I find SAGE (the System Administrators Guild) to be an extremely valuable resource. The community seems roughly split between the educational and corporate sectors, with a very high level of signal. The topics covered on the SAGE mailing list are of high relevance to the profession and practices of system administrators, especially for someone with a network such as yours. http://www.sage.org Good suggestion. I will check that out. Thanks! -Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
freebsd IT mailing list or newsgroup?
I am the sys admin for a company of about 500 people and I am running Sendmail/Procmail/Spamassassin, Samba, Apache/PHP/MySql on FreeBSD..about 8 servers in 3 offices across the US and soon to be more. Freebsd-questions is wonderful and I find a lot of answers there, but the signal-to-noise is low when you are just looking for IT-oriented information regarding FreeBSD. Especially regarding systems implemented for an office/LAN environment. I was wondering if there is any mailing list or newsgroup devoted to IT on FreeBSD? Google is not returning any hits on this, nor the listing on freebsd.org. If such a list or newsgroup does not exist, would there be any interest in starting one or both? -- -Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Wine 20041201 on FreeBSD 5.3-RELEASE
On Wednesday 29 December 2004 12:05 am, Matthew Bluestone wrote: (I apologize for replying to jason henson rather than the list; either his reply-to was set individually, gmail doesn't correctly respect reply-to (though it seems to in other cases), or I made an error.) Some of my response to jason and his later reply are included. (I didn't think that was so clear from the page.) I applied the patch, rebuilt, and installed my kernel, and I continue to get the same error. [snip] # patch filename and got normal-looking messages about discarding junk headers and footers and applying patches in two spots. I checked the source file /usr/src/sys/vm/vm_mmap.c and found the appropriate sections updated. I had also edited a custom kernel config file in preparation for building a custom kernel anyway, and I did # cd /usr/src # make buildkernel KERNCONF=MYKERNELNAME # make installkernel KERNCONF=MYKERNELNAME (substituting the appropriate name, of course). The commands finished successfully, and I rebooted and got a functioning system without a hitch. Looks like you did the right patch command. [snip] Ok, first Kris responded to the thread with It also clearly states (in the followup) that the kernel patch is no longer needed. Sounds like what Kris was saying was you just needed to cvsup your ports system and not do the patch anymore. The wine-mmap.patch is no longer needed since that code has been #ifdef'd=20 out in the wine CVS. So you could just rm vm_mmap.c and cvsup your source then update your system and kernel. Depending on hold old your release is you should read UPDATING very carefully. As I said in my original post, my ports tree was updated the day before I tried all that (which is well after the bug is listed as being closed). Since I have apparently the latest port of wine and have tried both with and without the kernel patch, I'm at a loss. I thought this may be an issue with common enough components that somebody on this list might have encountered and solved the same problem. I figured that maybe I had misunderstood about the kernel patch no longer being needed; maybe it was merged into CURRENT, but I'd have to do it myself with my 5.3-RELEASE system. Incidentally, if I should *undo* this patch (I'm not a kernel hacker; it intuitively seems that messing with the virtual memory manager, esp. w/ code marked this is messy; somebody who knows what he's doing should fix it, could be a bad idea), I'd appreciate somebody's letting me know. Try emailing [EMAIL PROTECTED], he's the port maintainer for wine. I will also email gerald directly. Thank you. I have basically the same setup (5.3 patchlevel 2 and Wine 120104) and get the same error. However, strangely enough, the error shows up on some apps that actually run. I was able to run Mozilla's Sunbird calendar program with no apparent errors on-screen, but , if I start it from a terminal window I see the heap error, but it runs anyway... I looked at the vm_mmap.c in the latest sources and the patch would not apply, so I assume the code has been merged, but couldn't really verify that. I searched for some of the variables from the patch and they weren't in the file. So, now I'm really confused as to what needs to be done. -Jim Durham ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Blackberry Sendmail
On Tuesday 03 August 2004 02:50 pm, Mike Hogsett wrote:
This is not entirely on-topic for the FreeBSD list (except my
mail server is FreeBSD).
Does anyone know of a solution to allow secure mail forwarding to a
blackberry similar to the enterprise solutions for MS exchange,
and Lotus Notes?
Sorry I'm late in replying, but I don't read this list much any more due to
time constraints...8-) .
I guess I don't quite understand the question, not having any experience with
either system's secure mail forwarding. We have several executives with
Blackberrys and no complaints.
What I do is use procmail and put in a rule that delivers to the person's
blackberry address and then continues to deliver to the default mailbox
in /var/mail.
In ~/.procmailrc
:0 c
! [EMAIL PROTECTED]
:0
${default}
To do this, you set up procmail from ports and then rewrite the sendmail.mc
file to use procmail as the local deliver agent.
Since the mail is plain text anyway, I don't understand the 'secure'
question..
Hope this helps..
-JIm
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Centrino - Made for Microsoft Windows XP?
On Saturday 26 June 2004 02:39 am, Robert Storey wrote: I recently purchased a new laptop, an IBM X31 ThinkPad, which uses the Centrino processor. I had high expectations for this machine. Alas, my expectations have been shattered. All attempts at installing FreeBSD 5.2.1 quickly end with a crash. Interestingly, I have an old FBSD 4.8 CD - that installs fine. Lest anybody think my 5.2.1 CDR is bad, I went and downloaded it a second time, plus I also tried a network install. Failure every time. Nor is the problem limited to FreeBSD. MEPIS Linux crashes during the install as well. Knoppix Linux installed but dmesg was putting out lots of error messages (for example, it could not mount a journaled ext3 partition, so it mounted as ext2). In the end, I got Knoppix to install and run reliably only by using the older 2.4.26 kernel and by disabling APIC. After doing some Googling and seeing that others were having issues, my suspicion is that Centrino's power management features are to blame. But I could be wrong. So I guess my question is this: Has anybody here gotten FreeBSD 5.2.1 to install on a Centrino laptop? If so, did you need to do anything special to make it work? Any tips, tricks or hints I should try? Or should I just wait for FreeBSD 5.3 to come out and hope it works? Or should I file a PR? If others are not having problems with the Centrino chip, I might to back to IBM and demand that they replace the motherboard, but I tend to think they'll just tell me to reinstall Windows XP and all will be well. There is indeed a sticker on the laptop saying Made for Microsoft Windows XP (well, there was, I ripped the sticker off, but I still can't install FreeBSD). 5.2.1 Here on a Dell Inspiron 600M with Centrino. All OK ACPI-wise. Won't talk to my SCSI Adaptec 1460 card and won't talk to the internal wireless adapter. No special setup on 5.2.1. I had a Dell Inspiron 4000 before and lots of ACPI troubles. I had to select the #2 choice on the boot menu to even boot it. -- -Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sftp mount?
On Friday 07 November 2003 09:27 am, Lewis Thompson wrote: Hi, I'm wondering if there might be any way to mount an sftp ``filesystem''? At my university everything is firewalled and the only way I can transfer files to/from my account is to use sftp -- but that gets quite painful after a while. I was wondering if anybody knew a way I might achieve what could essentially be described as mounting an sftp ``export''? Maybe I could specify an argument that sets the logical root? So: mount_sftp --root=/home/lewiz foo.bar.com /remote_home would provide /home/lewiz on foo.bar.com at /remote_host? Is this possible in any way at all? Or can anybody suggest any other way I might achieve something similar? Bear in mind I am actually restricted to sftp/ssh. Sorry, I didn't see this sooner... I don't know if this is exactly what you want, but you can do this in KDE using the fish:// protocol, which is basically file sharing over ssh. You bring up the konqueror browser and do fish://[EMAIL PROTECTED] and it should pop open a GUI representation of your home directory on the server hostname. When you click on an editable file it will run an editor and it really downloads the file, edits it, then when you go to save it says something like This file is on a remote host, do you want to upload it? and you just click yes. I haven't tried this will all different kinds of editors. The editors that come with the KDE desktop all work with this, but not sure about vi or emacs. So, it's not exactly what you had in mind, but it works for me. -- -Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Worms/FreeBSD servers/Windows clients
After dealing with one of those idiotic worms on our LAN with FreeBSD servers and Windows workstations, I realized that we don't do much peer-to-peer sharing on our LAN and connections from workstation to workstation could be eliminated with only a slight loss in convenience, as files are usually shared on the Samba server. However, blocking Windows-to-Windows commmunications would stop the spread of these silly Microsoft worms. One expensive way to do this is with Layer 3 switches. This would be really cost-prohibitive for a small company. I was wondering if anyone had any ideas on modifying or inhibiting ARP so that it would not give out the MAC addresses of any of the machines on the LAN to another machine on the LAN, except the address of the FreeBSD servers, which are worm-immune. I realize that ARP would have to be defeated on the Windows machines in order for this to work. I've also considered double NAT-ing the workstations and then limiting the ports on my layer 2 switches to kill the learn function and only accept one MAC on a port. Transient users and wireless users would then be on the outside side of the 2nd NAT. I find that these users are the ones that bring in the worms when coming back from a road trip where they were plugged into who-knows-what networks. -- -Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: virus scan programs
On Friday 05 September 2003 12:32 pm, [EMAIL PROTECTED] wrote: Dear freeBSD enthusiast, Greetings. I am a newcomer to the BSD/Unix world. My place of employment is a large agency with thousands of client machines. Most of the clients use Microsoft Windows 2000 Professional operating system. Most of the servers use either Novell operating system, or I.B.M. Domino operating system. A very important ritual that each client computer performs every morning at boot-up time is to run a virus scan application program. This program is run whether or not the user desires it, because it runs before the user us granted a log-on screen. In my reading of Unix and BSD literature, I have found no mention of virus scan programs for these operating systems. Do such programs not exist? Alternately, is the Unix/BSD approach to this problem in a different philosophical and/or procedural sphere? If so, could you describe the Unix/BSD approach to locating and eradicating these invaders of one's hard drive? If the issue is already explained in either printed literature, or posted at a world wide web site, it is sufficient to cite the location. Many thanks for your response. As mentioned by others, *nix systems are highly virus-imune and also most viruses are written for Windows. Sophos is one virus software supplier that has a native freebsd version of their virus scanning engine. (www.sophos.com). If you wished to scan for viruses at system boot time, you could put a startup script in /usr/local/etc/rc.d to start Sophos sweep. There are other virus software companies that support *nix, but Sophos was one that I know has a FreeBSD version. -Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: rsync problem
On Tuesday 02 September 2003 11:59 am, Malcolm Kay wrote: On Tue, 2 Sep 2003 23:27, Guy Van Sanden wrote: Hello I'm using rsync to sort of mirror two 40GB disks (once a day). All partitions work as expected, but root is weird (and as you can see below, I sort of made it too small). I use this command: /usr/local/bin/rsync -ax --delete / /mirror/rootfs But this is what I'm getting: df -m Filesystem 1M-blocks Used Avail Capacity Mounted on /dev/ad0s1a 154 717051%/ /dev/ad1s1a 154 138 497%/mirror/rootfs So, there's a 67 MB difference between both. I started out wite a cleanly formatted mirror (UFS2) My system is FreeBSD 5.0 RELEASE-p11 Thanks for any help Guy I expect rsync does not recognise hard linked files as such and makes separate images of each directory link. Looking through /stand on my 4.8 system I see that this would create about 60Mb extra. You might do better with dump and restore: # cd /miiror/rootfs # dump -0 -a -f - / | restore -r -f - Malcolm rsync -H preserves hard links. Maybe try rsync -Hax --delete ? -Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Nachi Worm apparently causes Live Lock on 4.7 server
On Friday 29 August 2003 01:14 am, paul beard wrote: James C. Durham wrote: On Friday 29 August 2003 04:23 am, paul wrote: James C. Durham wrote: It turned out that we had several Windows boxes in the building that had been infected with the Nachi worm. This causes some kind of DOS or ping probe out onto the internet and the local LAN. Removing the inside interface's ethernet cable caused the ping times on the outside interface to go back to the normal .4 milliseconds to the router. Apparently, the blast of packets coming from the infected boxes managed to cause a live lock condition in the server. I assume it was interrupt bound servicing the inside interface. The packets were ICMP requests to various addresses. I could be way off here, but is there any way to isolate machines that send a sudden blast of packets, either by destination address (make a firewall rule that drops those packets) or working out their MAC addresses and dropping their connectivity? Or scan for open ports and block unsecured systems from connecting? What I did was go in the switch room and look for pulsing lights on the switch ports and pull the cables. That fixed it, but after much agony. well, that's a bit draconian, but effective ;-) My questions is.. what, if any, is a technique for preventing this condition? I know, fix the windows boxes, but I can't continually check the status of the virus software and patch level of the Windows boxes. There are 250 plus of them and one of me. Users won't install upgrades even when warned this worm thing was coming. But, i'd like to prevent loss of service when one of Bill's boxes goes nuts! Where I work, at the University of Washington, the network staff were dropping as many as 200 machines *per day* off the network. If a machine was found to have an open RPC port (we run an open network), that was enough to get your network access cut off. I realize these are political solutions more than technical ones, but they may be of some use. The trouble with that is that my users are largely untechnical and wouldn't have a clue what RPC is and cutting them off is not an option. Welcome to the world of corporate IT! It ain't a pretty job, but it pays the bills... been there, done that, the bruises have gone down now . . . One guy to 250 users is a bad ratio. It seems like there should be some centralized, ie, rule-based controls you can put in place. And you should have some leverage to force autoupdates on those client machines. I got the impression from some reading on Google Groups that there may be a way to tell the xl driver to use polling. I just don't know how. Well, this is the right place to ask. The other thing is interrupt priority, maybe ? -Jim -- -Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
natd and redirect_address
We have a FreeBSD machine serving as a NAT gateway for a bunch of computers on a LAN connected to the 2nd network interface the FreeBSD machine. All this works very well using natd and IPDIVERT in the kernel. One of the machines on the inside LAN now needs to be accessable from the internet (which is the outside network interface of the FBSD box). Following the handbook and the natd man page, we added an ip alias for a 2nd public IP to the outside interface and added a rule to natd.conf to redirect packets coming in addressed to the new IP to the inside machine. ( redirect_address privateIP publicIP ) using the new outside IP and the LAN IP of the machine we were trying to see on the LAN.. We set the netmask of the new alias to 255.255.255.255 and the netmask of the primary IP to 255.255.255.128 so there was no overlap in the netmasks. To test the setup, we ran VNC server on the inside machine and connected from the 'net to the new public IP. We got connected, but there appears to be no video coming back from the inside machine. Mouse and keyboard are OK, anything coming back is not happening. According to our reading of the docs, this static NAT is supposed to be symmetrical. It appears that it is not totally so. We had a similar experience trying to use redirect_port for another application running on a LAN machine. It almost worked. In that case, we recorded the inside machine trying to talk to a database server on the 'net with tcpdump and couldn't see where anything was being blocked, but it just didn't work. In that case, the same machine directly on a public IP would work just fine with the application. By the way, if we made a connection using VNC's -via option to open a secure tunnel to the FreeBSD machine and than connect over the LAN without redirection, everything worked fine, so this doesn't seem to be a VNC problem. If you fire up a web browser on the inside machine and connect to a web page that reports your IP, we get the 2nd IP of the FreeBSD machine's outside interface, which is as it should be. Can anyone shed any light on why this doesn't work? -Jim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
SquirrelMail port problems
I installed the squirrelmail port from /usr/ports/mail. Squirrelmail fails. It claims it can't find the include files in /usr/local/lib/php. Looking at /usr/local/etc/php.ini, the include path is empty. Fixing this by put /usr/local/lig/php for the path breaks our current web mail using TWIG. Now it can't find the path. Something is very strange here! ANyone else had this problem? -- Jim Durham To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: SquirrelMail port problems
On Wednesday 12 February 2003 07:36 pm, you wrote: I find the BSD port of SM to be funky. I use the source from www.squirrelmail.org and I've had no problems in 3 yrs. I installed the squirrelmail port from /usr/ports/mail. Squirrelmail fails. It claims it can't find the include files in /usr/local/lib/php. Looking at /usr/local/etc/php.ini, the include path is empty. Fixing this by put /usr/local/lig/php for the path breaks our current web mail using TWIG. Now it can't find the path. Something is very strange here! ANyone else had this problem? -- Jim Durham To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message GnuPG Key: http://probsd.org/michael.asc That was my first try. I compiled it from sources and got exactly the same error. -Jim To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: SquirrelMail port problems
On Wednesday 12 February 2003 06:46 pm, you wrote: I installed the squirrelmail port from /usr/ports/mail. Squirrelmail fails. It claims it can't find the include files in /usr/local/lib/php. Looking at /usr/local/etc/php.ini, the include path is empty. Fixing this by put /usr/local/lig/php for the path breaks our current web mail using TWIG. Now it can't find the path. Something is very strange here! ANyone else had this problem? Hi, Actually just installed today, my problem is I can't get past the login screen! Which IMAP are you using? Thanks, Tuc/TTSG Internet Services, Inc. I'm using imap-uw. -Jim To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: [Fwd: Re: SquirrelMail port problems]
On Wednesday 12 February 2003 10:09 pm, Michael Sharp wrote: cd /usr/ports/mail/imap-uw make WITH_SSL_AND_PLAINTEXT=yes install clean will fix that if you dont want to use source. michael Hmmm... I just dug up a posting in German with exactly the same error I'm getting. My German's a little ..well, a lot...bad, but it looks like i need to upgrade mod-php4. I'm going to try that. I'll have to wait until early am to rebuild IMAP if the php update doesn't work. Thanks to all for all the help. -Jim To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: kde mixer: SOLVED
Dale Morris wrote: * Dale Morris [EMAIL PROTECTED] [2002-12-28 11:47]: I'm in the process of setting up 4.7 after being away from FreeBSD for a while. I'm having trouble with kmix It's working fine now. Guess I just couldn't find the icon on the start panel. thanks for all your replys I have a kmix question since we have a group of kmix users on here. I notice that some of the faders are labelled incorrectly. The ones that come to mind right now are that the Microphone fader is actually Record Monitor (in function) and the Record Monitor is actually Microphone (in function). I see no way to change the labelling. Anyone else seend this? I'm using an ESS Maestro sound system in a laptop. -Jim To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Water Damage
Fernando Gleiser wrote: On Mon, 30 Dec 2002, Dirk-Willem van Gulik wrote: I have carefully dried out all the units. You may want to use some distilled water, or very clean water, if there is any visible residue/chalk/salt on the boards. After that, you can rinse it with isopropyl(sp) alcohol, this is the alcohol used to wash the PCBs after soldering. After the rinse, the alcohol evaporates very quickly. That's an excellent idea because the alcohol will absorb the water (I believe the correct term is that water is misable in alcohol), so when the alcohol evaporates it takes the water with it. I work for a company that operates large television trucks full of expensive gear that occasionally gets wet from leaks, road spray, etc. We have had good luck with filling the janitor's slop sink up with hot water and dousing the equipment in there to remove any salt. If the water you had was not salt, you probably don't need to do this, but I mentioned it just to show that most modern solid state gear with sealed chips is pretty resistant to water damage, as the gear would work after we dried it out. As was mentioned, power supplies are the worst, as the voltages can be much higher on certain parts of those boards. As to reliability, I'd guess if you watch it for a few days and it's OK, then go with it! Operating it will generate some nice heat to finish the drying out and a few days of this should make it or break it. -Jim To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: audiophiles - mp3 question
On Fri, 29 Nov 2002, Jim Arnold wrote: At 11:37 AM -0800 11/28/02, chip wiegand wrote: I know how to rip cd tracks to mp3 format, but what do I do to go the other way - .mp3 to cd format so they can be played in my car stereo which doesn't play .mp3's? Is this possible? You can also use XMMS to do this. As per the handbook at http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/sound-mp3.html: Just a little nit to pick. Some of the cd burning programs in ports put a little tick at the beginning of the cut if you use wave files. This is apparently the wave header getting detected as audio on the playback. What you really want is raw 44100 pcm files, which you can easily get from 'sox' with 'sox inputfile.wav outputfile.raw'. Then use these to make your cd with no 'ticks'. You do this, of course, after using xmms or lame or whatever to make the .wav files. If you compare the .wav and the .raw files, you will see that 44 bytes are missing..that's the 'tick'. You may not even care about this, but it was making me crazier. BTW 'audacity' will input wavs, raw and mp3 and output your choice and let you edit them to boot. -Jim To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: E-mail server
On Saturday 23 November 2002 10:30 pm, Damien Hull wrote: I've decided to use squirrelmail as my web based mail client. Because I get a lot of mail I need a way of sorting my mail through squirrelmail. For this the squirrelmail people have provided a procmail interface. The problem with the procmail interface is that it uses ftp to change the users procmail settings. Is there another way of sorting mail through squirrelmail or any other web based mail client? I don't want to run ftp on my server. I'm not sure exactly what your setup is, but, all you are doing is changing each user's .procmailrc file. I assume that hacking squirrelmail to use a more secure protocol like scp is not easily done, so perhaps you would be better off writing an HTML form that inputs the rules each user wants to implement and then write some PHP code to formulate the rules in .procmailrc format and scp to transfer them to the user's .promailrc file. If you use private/public key encryption with private and public keys, you can make this seamless (not ask for a password for each transfer, etc). Well.it's one way of doing it...you may get better answers. -Jim To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: VPN and roaming Windows 2K users
On Wednesday 20 November 2002 05:07 am, Marcin M. Jessa wrote: Do you know how to make a FreeBSD firewall a VPN server for roaming Win2K boxes (Win2k users without static IP's)? I've been playing with racoon for a few days but it seems that the only way it can authenticate roaming Windows VLAN users is with preshared certificates. This again excludes usage of manual keying (pre_shared_keys) which is nessesary for accepting connections from dynamic IP's. The preshared keys method can be configured to accept connections from specified hostnames and that could work with windows boxes that run a dyndns client. Again Windows and racoon can only communicate using certificates and not manual keyingan evil circle. Windows can speak with racoon if one makes racoon to automatically exchange keys but this works only if Windows clients have static IP's... Have any of you guys an idea about what to do to combine these methods? Or maybe there is a workaround? Please squeeze your brains and let me know about whatever you think may be of interest in this metter. I use mpd to serve 95,98, 2000 and XP boxes using their VPN' connection. This seems to work well and you can coach a remote user through the Windows setup over the phone with minimal trouble. I use racoon and IPSEC between offices with FreeBSD boxes on each end. -Jim To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: VPN and roaming Windows 2K users
On Wednesday 20 November 2002 10:37 am, Bill Moran wrote: Jim Durham wrote: On Wednesday 20 November 2002 05:07 am, Marcin M. Jessa wrote: Do you know how to make a FreeBSD firewall a VPN server for roaming Win2K boxes (Win2k users without static IP's)? I've been playing with racoon for a few days but it seems that the only way it can authenticate roaming Windows VLAN users is with preshared certificates. This again excludes usage of manual keying (pre_shared_keys) which is nessesary for accepting connections from dynamic IP's. The preshared keys method can be configured to accept connections from specified hostnames and that could work with windows boxes that run a dyndns client. Again Windows and racoon can only communicate using certificates and not manual keyingan evil circle. Windows can speak with racoon if one makes racoon to automatically exchange keys but this works only if Windows clients have static IP's... Have any of you guys an idea about what to do to combine these methods? Or maybe there is a workaround? Please squeeze your brains and let me know about whatever you think may be of interest in this metter. I use mpd to serve 95,98, 2000 and XP boxes using their VPN' connection. This seems to work well and you can coach a remote user through the Windows setup over the phone with minimal trouble. I use racoon and IPSEC between offices with FreeBSD boxes on each end. Have you ever tried using vtun between the FreeBSD machines? I've never used racoon/IPsec between FreeBSD machines, but I was overjoyed at the simplicity and workability of vtun. Just curious if anyone has used both that could compare them. Yes, I used vtun for about a year. It worked fine as long as the network stayed up between here and the West Coast, but, when it went down for any length of time, which happens quite regularly in the middle of the night, it wouldn't reestablish. I find that IPSEC is more robust and you don't need to run PPP over it (although technically, you don't have to with vtun). IPSEC stays up and reestablishes itself. I've also tunnelled with SSH and found that maintaining the connection was a little troublesome. -Jim To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: VPN and roaming Windows 2K users
On Wednesday 20 November 2002 02:24 pm, Philip Hallstrom wrote: [snip] I use racoon and IPSEC between offices with FreeBSD boxes on each end. Have you ever tried using vtun between the FreeBSD machines? I've never used racoon/IPsec between FreeBSD machines, but I was overjoyed at the simplicity and workability of vtun. Just curious if anyone has used both that could compare them. Yes, I used vtun for about a year. It worked fine as long as the network stayed up between here and the West Coast, but, when it went down for any length of time, which happens quite regularly in the middle of the night, it wouldn't reestablish. I find that IPSEC is more robust and you don't need to run PPP over it (although technically, you don't have to with vtun). IPSEC stays up and reestablishes itself. I've never run ipsec, but have used vtun for about 3 years b/n 4 different DSL/cablemodem setups and it re-establishes it's connections for me... at least I've never had a problem with it... from the man page: persist yes|keep|no persist mode. If yes, the client will try to reconnect to the server after connection termina- tion. If keep, the client will not remove and re- add the tunXX or tapXX device when reconnecting. If no, the client will exit (default). This option is ignored by the server. -philip I remember using that. The details are coming back to me now. We were getting situations where the network would go down, then come back long enough for things to start reestablishing and then go down again. After a few of these, I would get a call from the other office about..network's down again. I could then kill both vtund's and start from scratch and all was well. It was probably some kind of a race condition. (We also have a better network provider now 8-) ). -Jim To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: IPSEC tunnel help
On Thursday 31 October 2002 10:37 am, Wayne Pascoe wrote: Hi all, I'm struggling to setup a VPN. I'm now reading through http://www.daemonnews.org/200101/ipsec-howto.html and this is confusing me even more :( Reading this, I see: However, if your goal is to set up a VPN, that is, link 2 widely-separated networks together over the Internet, then you'll probably want to use ESP/tunnel mode. The example then goes on to show spdadd 10.10.10.0/24 10.20.20.0/24 any -P out ipsec esp/transport/1.2.3.4-5.6.7.8/require; which is transport mode, no ? Can anyone point me at a decent howto to link 2 networks together? I'm trying to setup 2 VPN gateways so that everything behind each of those talks to everything behind the other one via a VPN. I'm also confused about the ifconfig instructions for the gif0 device. I've got 2 network cards going with one being the external device (172.16.0.1 and 172.16.0.2 respectively) and the other for the internal network (10.0.1.1 and 10.0.2.1 respectively) What should my gifconfig and ifconfig lines be ? I have this running. I made a couple .sh files, which I placed in /usr/local/etc/rc.d . Here is what they look like. They should answer your questions, hopefully.. xxx.xxx.xxx.xxx is the IP of the host that is running this file, yyy.yyy.yyy.yyy is the host at the other end. The other end's file is the same, reversing the outside and inside IP's. You will also need to do some routing perhaps, because the source ip of the machines on the other LAN will show up as 10. addresses. You don't need gif support compiled in, the module will load. Hope this helps, Jim #!/bin/sh ifconfig gif0 create # These commands need to be run on node A # Set up the tunnel device. This presumes you have gif(4) support # gif0 connects xxx.xxx.xxx.xxx to yyy.yyy.yyy.yyy gifconfig gif0 xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy # The 'internal' side of the tunnel connects 10.10.10.1 to 10.20.20.1 ifconfig gif0 inet 10.10.10.1 10.20.20.1 netmask 255.255.255.0 # The next 2 lines delete all existing entries from the SPD and SAD setkey -FP setkey -F # Add the policy setkey -c EOF spdadd 10.10.10.0/24 10.20.20.0/24 any -P out ipsec esp/transport/xxx.xxx.xxx.xxx-yyy.yyy.yyy.yyy/require; spdadd 10.20.20.0/24 10.10.10.0/24 any -P in ipsec esp/transport/yyy.yyy.yyy.yyy-xxx.xxx.xxx.xxx/require; EOF To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Oops! rc.conf mistake
Jack L. Stone wrote: At 09:28 AM 10.23.2002 +0200, Roger 'Rocky' Vetterberg wrote: Steve Warwick wrote: Hey all, I wonder if anyone can tell me how to get out of this stupid mistake. I edited rc.conf to add a virtual interface and left a quote off the end (unterminated string) - now I cannot get past mounting root, so no editors. And before you ask, no, I did not backup rc.conf... I told you it was stupid. BTW: I noticed that ad0 is limited to UDMA33 - I have UDMA133 motherboard and drive so, I this really true? TIA, Steve Since other have answered the rc.conf question, I give the limited to UDMA33 a shot. Are you using a UDMA133 cable? I cant recall the UDMA133 specs, but I know UDMA66 and 100 use a different cable then UDMA33. UDMA133 might use the same cable as 66 and 100, but Im certain a 33 cable would force the drive to be UDMA33 only, even if both drive and controller is capable of UDMA133. It might also be a BIOS issue, check your settings. -- R I have noticed that some CD-ROM drives will make the system think it is on a non-compliant cable or UDMA33. For instance, this from dmesg on one machine with an older CD_ROM drive. ata1-master: DMA limited to UDMA33, non-ATA66 compliant cable If I change to a newer CD player, it's okay. Best regards, Jack L. Stone, Administrator SageOne Net http://www.sage-one.net [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message This may sound wierd, but I had this problem when I had the hard drives on the 2nd IDE interface and the CD on the 1st IDE interface. Reversing the cables and changing /etc/fstab fixed the problem. This was on an A-Open motherboard. -Jim To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Oops! rc.conf mistake
On Wednesday 23 October 2002 11:27 am, Jack L. Stone wrote: At 11:09 AM 10.23.2002 -0400, Jim Durham wrote: Jack L. Stone wrote: At 09:28 AM 10.23.2002 +0200, Roger 'Rocky' Vetterberg wrote: Steve Warwick wrote: Hey all, I wonder if anyone can tell me how to get out of this stupid mistake. I edited rc.conf to add a virtual interface and left a quote off the end (unterminated string) - now I cannot get past mounting root, so no editors. And before you ask, no, I did not backup rc.conf... I told you it was stupid. BTW: I noticed that ad0 is limited to UDMA33 - I have UDMA133 motherboard and drive so, I this really true? TIA, Steve Since other have answered the rc.conf question, I give the limited to UDMA33 a shot. Are you using a UDMA133 cable? I cant recall the UDMA133 specs, but I know UDMA66 and 100 use a different cable then UDMA33. UDMA133 might use the same cable as 66 and 100, but Im certain a 33 cable would force the drive to be UDMA33 only, even if both drive and controller is capable of UDMA133. It might also be a BIOS issue, check your settings. -- R I have noticed that some CD-ROM drives will make the system think it is on a non-compliant cable or UDMA33. For instance, this from dmesg on one machine with an older CD_ROM drive. ata1-master: DMA limited to UDMA33, non-ATA66 compliant cable If I change to a newer CD player, it's okay. Best regards, Jack L. Stone, Administrator SageOne Net http://www.sage-one.net [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message This may sound wierd, but I had this problem when I had the hard drives on the 2nd IDE interface and the CD on the 1st IDE interface. Reversing the cables and changing /etc/fstab fixed the problem. This was on an A-Open motherboard. -Jim That IS wierd! Usually the problem is limited to being on the same cable. You bet! I originally made a mistake identifying the IDE connectors, and I put the hard drives on connector 2 and the CD on connector 1. I saw this when I ran sysintall, but I had put a zillion screws in the box and I said, FreeBSD doesn't care...so I'll leave it and I installed it that way. Same message you got...ad4 limited to 33mhz, etc. So, I took the box apart, changed cables (although I already had 80 conductor cables on it) and tried various sysctl options. All no go. Finally, I thought since I had the box open now, I'd make the cables right and fix /etc/fstab. Voila! Now the drives report 133 on boot. Go figure... -Jim To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
FreeBSD IT help needed, Corona CA
Sorry if this is not the correct list, but I didn't know where else to post this. Our company needs an IT person with FreeBSD, networking and Windows XP experience for a part time position in Corona, CA area. Email me if interested. Jim Durham To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Athlon XP motherboards that work well with FreeBSD
On Thu, 10 Oct 2002, Corey Holcomb-Hockin wrote: I've been having trouble with my a7a-133. I had trouble with XFree86, and with a tv card. I'd like to know some motherboards that work well with FreeBSD? Someone didn't have the same troubles with soltek SL-75DRV2 http://www1.soltek.com.tw/English/product/75drv2.htm I've bought asus card because my hp pavillion had a asus card with a via chipset. I read after that they don't document their boards so that open source developers can support all the features easily. Whats a more open motherboard brand? Are Via chipsets the best supported? The card I'm having trouble with has a acer chipset. The A-Open AK77Pro runs very nicel with 4.6.2. I'm using vinum in Raid 1 on it and it's greased lightning. A friend who owns an ISP is using it all over his plant also. -Jim To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: what is the freebsd version for useradd -M?
On Wednesday 18 September 2002 06:52 pm, Bsd Neophyte wrote: --- Jim Durham [EMAIL PROTECTED] wrote: 'pw' has different arguments based on the first argument. If you say 'pw useradd' then -M is not valid. You'll see this if you carefully read the man page. i have, this is why i noted that there was no -M option for the useradd argument under pw apparently, the -M under vanilla useradd indicates that a home directory is not to be created. i was not, and still am not sure if there was a specific argument that allows for this. from the looks if it i guess there isn't. Hmmm... I just looked at my script to create users here and the argument -m is used. Experimenting shows that -m causes a home directory to be created, whereas the lack of -m causes the user to be added but no home directory created. The current man page for 'pw' does not show -m as an arg for 'pw useradd'. This is apparently wrong. It works as described below under the '-m' arg description with 'pw useradd'. -Jim To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: what is the freebsd version for useradd -M?
On Tuesday 17 September 2002 07:25 pm, Bsd Neophyte wrote: i'm setting up samba on my FreeBSD box. the goal is to make it a PDC. i'm following the directions from Samba Unleased by SAMS. in the instructions, there's mention that each machine needs to have a user account on the server. it gives the following command to setup a machine account: useradd -c Samba ODC fir MYDOMAIN' -M -s /bin/false -n PERSEUS$ now, I don't know what the -M stands for when you add a user. i'm assuming i need to use pw useradd. when i try i get an error. the man page for pw shows a -M, but it's only used for the groupadd option. i would like to know what i should use instead of the -M. any and all help will be appreciated. 'pw' has different arguments based on the first argument. If you say 'pw useradd' then -M is not valid. You'll see this if you carefully read the man page. What I think you want is -g groupname . IE; for group 'staff, it would be 'pw useradd username -g staff -y /dev/null -s /bin/false' . I'm not sure this works right with machine accounts, where the last character of the user name is '$'. I've never tried it. I just run 'vipw' and add the line. username$:I:4055:3000::0:0:Machine Foobo:/dev/null:/bin/false Then you run 'smbpasswd -a -m username' . -jim To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
