RE: disabling system boot text
# echo 'beastie_disable=YES' /boot/loader.conf -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tommy Barus Sent: Tuesday, July 26, 2005 8:45 PM To: freebsd-questions@freebsd.org Subject: disabling system boot text I'm trying to disable, change, or hide the text displayed or outputted to the screen as the system boots. I have set up a machine with no monitor, nor keyboard, and I connect to the device via the serial interface. My goal is to create an embedded device, on which the user will to connect via the serial port and go directly to the user/login prompt. I'm a little new to FreeBSD and I could not find any documentation that will help me do this. To avoid some of the confusion about the text I'm talking about, I have attached a sample of the display I would like to change or disable (and the text that follows). Any help on this matter would be greatly appreciated. Regards, Tommy Bartus ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: pppOe 1000baseTX config
I've recently switched from a Netgear router to use pppOe for my public internet ip on FreeBSD 5.4. My machine has two nics: bge0 and re0, both of which support 1000baseTX configurations, however neither of the two seem to be able to connect when I configure them in /etc/rc.conf. Here's what works: correct me if this is a wrong assumption, this is a dsl line?? what do you expect to gain here? forcing 1000baseTX on the NIC won't speed up the dsl line. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: rcNG issue
On Jul 18, 2005, at 11:58 AM, Kövesdán Gábor wrote: Hello, I have a problem with my rcNG scripts. There are three scripts: named.sh, apache2.sh and proftpd.sh. Apache and ProFTPd require hostname resolving thus named should start firstly. Where do these scripts live? Are they in /usr/local/etc/rc.d? If so, they run in lexographic order. The rc ordering stuff does not apply to /usr/local/etc/rc.d Chad An easy fix is to rename these scripts with a numeric prefix in the order you want them to execute. 100.named.sh 200.apache2.sh 300.proftpd.sh John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: problem with setup of dns on freebsd-5.4
netstat -an | grep LISTEN doesn't show listening udp ports try instead netstat -na | more -- John Brooks [EMAIL PROTECTED] Hello Antoine, do you have a firewall on the box ? what about: netstat -an | grep LISTEN ipfw list ps auwx | grep named cat /etc/resolv.conf ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: two 3C905B's in 5.4
you may need to set the parameters of the card with a vendor specific utility. depending upon your bios, you may also need to disable pnp (also a vendor specific utility) and then manually set the irq and memory addr. -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of dave Sent: Monday, July 11, 2005 12:42 PM To: freebsd-questions@freebsd.org Cc: freebsd-net@freebsd.org Subject: two 3C905B's in 5.4 Hello, I've got a 5.4 box that's going to be a router. It has two 3C905B cards in it and i'm having a blank fill it in as you wish, of a time getting the cards working. Neither card likes dhcp, sometimes i'll start dhclient and the cards will work, sometimes they won't. If i give the -v option to dhclient i get the message network is unreachable, see readme about broadcast address. I know this isn't a cable modem issue or a cable, because i plugged in an old 3c509 isa card and it worked the first time, this fix isn't practical for this setup. An ifconfig check shows both 905's in autonegociation mode 100-mbit tx, i'm wondering if i should manually set them to something, but am unsure as to what. One card one time gave me the waiting to transmit error message as mentioned in the man page and it took a reboot to fix it. I've checked the bios on this box and it's pnp os option is off. Any help appreciated. If more information is needed ask, i will send it. Thanks. Dave. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Copying data onto a NTFS partitioned hdd
WinNT does not support FAT32 -- John Brooks [EMAIL PROTECTED] BTW, I had to format as NTFS since Win2K is my only option for the moment; first time I ever tried to use WinNT to format a volume or drive as FAT32 was strikingly unsurprised when it failed at such a banal task. I am now operating under the assumption I must reformat later to use with *nix/*BSD, so this thread is quite interesting to me so I can do it right the next time .. hopefully within a week to ten days. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: not-yet-a-newbie : DL (ftp?) iso image help question
don't know who Anon is, but you might try anonymous -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of nbco Sent: Wednesday, July 06, 2005 6:04 PM To: freebsd-questions@freebsd.org; datora tehnika Subject: Re: not-yet-a-newbie : DL (ftp?) iso image help question On Wednesday 06 July 2005 22:48, datora tehnika wrote: Hi folks -- snip So, I'm trying to DL the ISO images have been having a very frustrating past three days. Very minor fluctuations in the local connection (including power blips) keep wrecking the ISO image DL via web browser. I'd like very much to use ftp (unless there is something better?), but have been unable to connect. Am using winsock ftp 95, but all attempts at connection are being refused (at main ftp.freebsd.org site various european ftp mirrors). What I see as my need: how do I connect ? Anon keeps being rejected, I have not been able to locate ftp instructions at freebsd.org website; only web browser links. The ftp links (e.g. ftp://ftp.freebsd.org etc etc) don't work in WSFTP_95. It is recommended that I use FTP software w/ resume function, but no such instructions haave I seen. Hello there, To download the iso image, maybe try using filezilla, a very easy ftp doze client. It has reasonable resume functions: http://sourceforge.net/project/showfiles.php?group_id=21558 Or maybe get a torrent client such as Shareaza, and get the iso via P2P: http://www.shareaza.com/ In terms of documentation, the handbook is the best place to start: http://www.freebsd.org/doc/en_US.ISO88http://www.freebsd.org/doc/e n_US.ISO8859-1/books/handbook/59-1/books/handbook/ All the best nbco ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: dot.logout
I have several files and directories added to the skel location that are propagated to new user creations. You shouldn't have any trouble at all as long as it doesn't have the same name as one of the standard system files, since these will be overwritten in the 'make installworld' process. -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Stefan Thurner Sent: Saturday, July 02, 2005 11:36 AM To: freebsd-questions@freebsd.org Subject: dot.logout Hi. FreeBSD provides a bunch of helpful configuration files under /usr/share/skel. But in my opinion one important file isn't there (dot.logout). NetBSD for example has such a dot.logout file. I know that there is a system-wide logout file under /etc but it would be nice to have one for each user by default. Is it possible to add a default /usr/share/skel/dot.logout file to FreeBSD? -Stefan -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: phpMyAdmin - Startup Error Message
Without going into why would you want to use this... The error looks to me like a mysql authentication error, which would mean that you either failed to set up the correct account information in mysql or you failed to configure phpMyAdmin with a valid account. Find the phpMyAdmin config file and make sure you entered the correct mysql user account. Then check the mysql db to make sure that the correct user account exists. -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Gerard Seibert Sent: Saturday, July 02, 2005 5:46 PM To: freebsd-questions Subject: phpMyAdmin - Startup Error Message I am making headway. I am now able to get phpMyAdmin to work in a web browser. There is another problem though; when run it responds with a #1045 error message, to wit: Error #1045 - access denied for user '[EMAIL PROTECTED]' (using password: NO) I have googled for a definitive answer, but without success. It appears that there are quite a few individuals with this same problem. I trust that there are some users of this program who have succeeded in getting it to run successfully who might be willing to tell me what I have to do to get it operational. -- Ciao Gerard Seibert [EMAIL PROTECTED] No one ever says 'It's only a game', when their team is winning. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: autoblocking many ssh failed logins from the same IP....
they are originating from the high ports, arriving on port 22 at your box. this is normal. in a default setup sshd only listens on port 22. -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Cholewa Sent: Friday, July 01, 2005 8:43 AM To: freebsd-questions@freebsd.org Subject: autoblocking many ssh failed logins from the same IP Jun 30 10:36:05 phantom sshd[70478]: Failed password for news from 212.88.182.121 port 51218 ssh2 Jun 30 10:36:16 phantom sshd[70500]: Failed password for sshd from 212.88.182.121 port 51608 ssh2 Jun 30 10:36:39 phantom sshd[70569]: Failed password for root from 212.88.182.121 port 52297 ssh2 I get the above a lot in my logs (except more of it). Each day, a couple hundred failed attempts to log in from one or sometimes two IP addresses shows up. I don't have anything like ipf running, and since this machine is about fifteen hundred miles away from me, I don't want to experiment with software firewalling right now. That known, is there any way to tell sshd (or some more powerful daemon) to stop accepting login attempts from a given IP if it tries and fails to log in too many times in a limited duration (like in the same minute)? I suppose, now that I'm thinking about it, that it'd be best to actually just read the man pages and figure out how to get sshd to ignore any attempt to attach from ports other than 22. I mean, why are other machines trying to ssh in at ports over fifty thousand anyway? -- -JC http://www.livejournal.com/users/jcholewa/ PS: Oh, yeah ... FreeBSD 4.8-RELEASE #0: Thu Apr 3 10:53:38 GMT 2003 ; openssh-3.6.1_5 ; openssl-0.9.7d_1 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: autoblocking many ssh failed logins from the same IP....
he is using 4.8, unless things have changed, pf is not available on 4.x PS: Oh, yeah ... FreeBSD 4.8-RELEASE #0: Thu Apr 3 10:53:38 GMT 2003 ; openssh-3.6.1_5 ; openssl-0.9.7d_1 -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Hornet Sent: Friday, July 01, 2005 9:10 AM To: John Cholewa Cc: freebsd-questions@freebsd.org Subject: Re: autoblocking many ssh failed logins from the same IP Below (and atached) is a script I wrote do exactly what you are talking about. It's commented, so edit to your taste. I have been using to for about 4 months. Since I am using PF as my firewall, it is customized for that. If you are using something other then PF, again... edit to your taste. -Erik- snip ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Ping and general network weirdness
run:
dig fragile.mshome.net a
more /etc/resolv.conf
more /etc/host.conf
more /etc/hosts
that should give you some good clues
--
John Brooks
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Phil Cooper
Sent: Wednesday, June 29, 2005 7:10 PM
To: freebsd-questions@freebsd.org
Subject: Re: Ping and general network weirdness
Thanks;
I checked with ifconfig, and fragile's IP is actually 192.168.0.224,
and I put this in the hosts file.
Now, I can ping and ssh into fragile using the IP address, but
pinging fragile still assumes 192.168.0.116 is it's IP - so does
the fault now lie with the other machines on the network? How do I
get them to realise that fragile==192.168.0.224 and not .116?
- P
On 30 Jun 2005, at 00:57, fbsd_user wrote:
Do you have fragile.mshome.net in the /etc/hosts file?
To ping using fragile.mshome.net you would need a DSN server
to resolve that name to an internal IP address.
Look in the ports collection for djbdns
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Phil Cooper
Sent: Wednesday, June 29, 2005 7:43 PM
To: freebsd-questions@freebsd.org
Subject: Ping and general network weirdness
Hi everybody;
Not doing too well with my first freeBSD install. I have a machine
set up with the name fragile, no ipv6, DHCP, no ipfw, and sshd on.
Problem is, I can ping out to other machines on the network, or to
another machine on the Internet ('net connection via another winXP
machine), but neither of the other machine on the network can ping
fragile. Fragile can ping itself via localhost, but not by name.
From any machine, or fragile itself, pinging fragile or the IP
gives:
bramley:~ phil$ ping fragile
PING fragile.mshome.net (192.168.0.116): 56 data bytes
ping: sendto: No route to host
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
^C
--- fragile.mshome.net ping statistics ---
10 packets transmitted, 0 packets received, 100% packet loss
bramley:~ phil$
Any ideas?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: waiting 15 seconds for scsi devices to settle
just a shot in the dark here... have you tried shifting the drives to different positions in the drive cage? could it possibly be hanging when it probes a vacant slot? bad cable connections? bad termination? missing jumpers? -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Scott Neville Sent: Tuesday, June 28, 2005 3:36 PM To: freebsd-questions@freebsd.org Subject: waiting 15 seconds for scsi devices to settle I still have the problem of waitinf 15 seconds for the SCSI devices to settle on my 1850R proliant server. I have tried erasing the system and using SCO UNIX, DOS5 and Other as the operating systems. I have tried apci enabled and disabled and I have checked to ensure the drives work (which they do). All of this has had no effect on the problem of the waiting for 15 seconds which never end. I am using the 3200 controler that comes with the proliant server and the drive cage is not fully populated (2/4). If anyone has any other suggestions of how to fix this problem, then please let me know. Many thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Still trying to get my site up!
do you have any kind of firewall? from the outside world port 9545 is closed. so either it is being blocked, you are not actually listening on it, or there is no port forwarding on your gateway. run this on the box itself and post the output: netstat -na | grep LISTEN try to connect from another host on your network: http://192.168.0.4:9545 then try: http://192.168.0.4:80 -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Gerard Seibert Sent: Sunday, June 26, 2005 6:07 PM To: freebsd-questions Subject: Still trying to get my site up! Thanks to several individuals, I have almost gotten my Apache2 server working. Almost, but not quite. My ISP blocks port 80; therefore I am using a redirect from DynDNS.org to redirect to an alias using port 9545. The 'beerstud.us' redirects to 'www2.beerstud.us:9545' From my FreeBSD box, if I type: lynx http://beerstud.us, I see the following message: Using http://www2.beerstud.us:9545/. The connection is made and the index.htm file is displayed. However, I am unable to reach this site from any other computer. Eventually, the request will time out and I receive an error message telling me that the site is not available. I am not sure what I am doing wrong at this point. I have posted the following files if anyone feels ambitious enough to look them over for me. httpd.conf = http://www.seibercom.us/FreeBSD/httpd.conf hosts = http://www.seibercom.us/FreeBSD/hosts This is the output from ifconfig -a net-card.txt = http://www.seibercom.us/FreeBSD/net-card.txt resolv.conf = http://www.seibercom.us/FreeBSD/resolv.conf The 'hosts' file has a pretty good description of my network in it. I double checked my router, and I believe it is configured correctly to pass port 9545 through. -- Thanks! Gerard Seibert [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: IPNAT / IPF / rdr issue
Implement a 'split-horizon' dns setup. Clients on the internal network are served the internal address for the resource and never need to traverse the gateway. External hosts are served from the authoritative nameservers as is currently happening. I set up such a system a couple weeks ago with tinydns, took about 30 minutes, and was fairly easy. Alternately you could use each internal computer's hosts file with a setting of the internal address for the resource. Can get complicated keeping everything in sync. Tinydns works much better. Bind also has a split-horizon capability, but then bind is not permitted to exist in any of my networks or systems (personal choice, but let's not go there ;-) ). google for tinydns and split-horizon for howto's. -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Andy Sutcliffe Sent: Saturday, June 25, 2005 8:01 PM To: freebsd-questions@freebsd.org Subject: IPNAT / IPF / rdr issue I am having problems accessing internal resources (such as a web server) from other internal clients when going from internal client - public address - internal resource. For example, when I attempt to reach 'mydomain.com' from client machine X, the connection is refused (I am of course, able to reach the web server through the internal IP), however, I am able to access the web server via that URL from an external network. I have 'mydomain.com' pointed towards the external IP of my gateway which in turn relays it to the internal web server. I have included the pertinent contents of /etc/ipnat.rules as well as my /etc/ipf.conf file. I am at a loss at this point...can anyone point me in the right direction ? Thanks in advance, - andy ( andy dot sutcliffe at gmail dot com) Gateway: OS:FreeBSD 5.4 Firewall: IPFilter Port Forwarding: IPNAT External eth: dc0 Internal eth: ed0 (10.0.0.0) Web Server OS: FreeBSD 5.4 WWW: Apache 2.0 Client Machine(s) OS: Windows XP, FreeBSD, Linux I have the following in /etc/ipnat.rules: # innernet map dc0 10.0.0.0/16 - 0.0.0.0/32 portmap tcp/udp 4:65000 map dc0 10.0.0.0/16 - 0.0.0.0/32 # www rdr dc0 0.0.0.0/0 port 80 - 10.0.0.3 port 80 I have the following in /etc/ipf.conf: # # No restrictions on Inside LAN Interface for private network # Not needed unless you have LAN # pass out quick on ed0 all pass in quick on ed0 all # # No restrictions on Loopback Interface # pass in quick on lo0 all pass out quick on lo0 all # # Interface facing Public Internet (Outbound Section) # Interrogate session start requests originating from behind the # firewall on the private network # or from this gateway server destine for the public Internet. # # Allow out access to my ISP's Domain name server. # xxx must be the IP address of your ISP's DNS. # Dup these lines if your ISP has more than one DNS server # Get the IP addresses from /etc/resolv.conf file pass out quick on dc0 proto tcp from any to 67.43.192.6 port = 53 flags S keep state pass out quick on dc0 proto udp from any to 67.43.192.6 port = 53 keep state pass out quick on dc0 proto tcp from any to 137.118.1.33 port = 53 flags S keep state pass out quick on dc0 proto udp from any to 137.118.1.33 port = 53 keep state # Allow out access to my ISP's DHCP server for cable or DSL networks. # This rule is not needed for 'user ppp' type connection to the # public Internet, so you can delete this whole group. # Use the following rule and check log for IP address. # Then put IP address in commented out rule delete first rule pass out quick on dc0 proto udp from any to 67.43.192.6 port = 67 keep state # Allow out non-secure standard www function pass out quick on dc0 proto tcp from any to any port = 80 flags S keep state pass out quick on dc0 proto tcp from any to any port = 81 flags S keep state # Allow out secure www function https over TLS SSL pass out quick on dc0 proto tcp from any to any port = 443 flags S keep state # Allow out send get email function pass out quick on dc0 proto tcp from any to any port = 110 flags S keep state pass out quick on dc0 proto tcp from any to any port = 25 flags S keep state # Allow out Time pass out quick on dc0 proto tcp from any to any port = 37 flags S keep state # Allow out nntp news pass out quick on dc0 proto tcp from any to any port = 119 flags S keep state # Allow out gateway LAN users non-secure FTP ( both passive active modes) # This function uses the IPNAT built in FTP proxy function coded in # the nat
RE: IPNAT / IPF / rdr issue
unless I'm completely misunderstanding this... sending packets out thru the gateway from the inside only to turn around and come back in thru the same gateway is not going to fly. if you can get that to work please let me know how. -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of fbsd_user Sent: Saturday, June 25, 2005 9:12 PM To: Andy Sutcliffe; freebsd-questions@freebsd.org Subject: RE: IPNAT / IPF / rdr issue Your using the public ip address of your gateway box from the private LAN. In this mode NAT and thus your rdr rule is never evoked. Your request never exits your private network. The gateway system knows himself by that public ip address. What you should be doing is using the www.domainname.com so the request has to go to your ISP DNS server to get your public ip address, then it will enter on the external interface and be nated/rdr to correct location. There is nothing wrong with your ipfilter configuration, your just using the wrong URL. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Andy Sutcliffe Sent: Saturday, June 25, 2005 9:01 PM To: freebsd-questions@freebsd.org Subject: IPNAT / IPF / rdr issue I am having problems accessing internal resources (such as a web server) from other internal clients when going from internal client - public address - internal resource. For example, when I attempt to reach 'mydomain.com' from client machine X, the connection is refused (I am of course, able to reach the web server through the internal IP), however, I am able to access the web server via that URL from an external network. I have 'mydomain.com' pointed towards the external IP of my gateway which in turn relays it to the internal web server. I have included the pertinent contents of /etc/ipnat.rules as well as my /etc/ipf.conf file. I am at a loss at this point...can anyone point me in the right direction ? Thanks in advance, - andy ( andy dot sutcliffe at gmail dot com) Gateway: OS:FreeBSD 5.4 Firewall: IPFilter Port Forwarding: IPNAT External eth: dc0 Internal eth: ed0 (10.0.0.0) Web Server OS: FreeBSD 5.4 WWW: Apache 2.0 Client Machine(s) OS: Windows XP, FreeBSD, Linux I have the following in /etc/ipnat.rules: # innernet map dc0 10.0.0.0/16 - 0.0.0.0/32 portmap tcp/udp 4:65000 map dc0 10.0.0.0/16 - 0.0.0.0/32 # www rdr dc0 0.0.0.0/0 port 80 - 10.0.0.3 port 80 I have the following in /etc/ipf.conf: # # No restrictions on Inside LAN Interface for private network # Not needed unless you have LAN # pass out quick on ed0 all pass in quick on ed0 all # # No restrictions on Loopback Interface # pass in quick on lo0 all pass out quick on lo0 all # # Interface facing Public Internet (Outbound Section) # Interrogate session start requests originating from behind the # firewall on the private network # or from this gateway server destine for the public Internet. # # Allow out access to my ISP's Domain name server. # xxx must be the IP address of your ISP's DNS. # Dup these lines if your ISP has more than one DNS server # Get the IP addresses from /etc/resolv.conf file pass out quick on dc0 proto tcp from any to 67.43.192.6 port = 53 flags S keep state pass out quick on dc0 proto udp from any to 67.43.192.6 port = 53 keep state pass out quick on dc0 proto tcp from any to 137.118.1.33 port = 53 flags S keep state pass out quick on dc0 proto udp from any to 137.118.1.33 port = 53 keep state # Allow out access to my ISP's DHCP server for cable or DSL networks. # This rule is not needed for 'user ppp' type connection to the # public Internet, so you can delete this whole group. # Use the following rule and check log for IP address. # Then put IP address in commented out rule delete first rule pass out quick on dc0 proto udp from any to 67.43.192.6 port = 67 keep state # Allow out non-secure standard www function pass out quick on dc0 proto tcp from any to any port = 80 flags S keep state pass out quick on dc0 proto tcp from any to any port = 81 flags S keep state # Allow out secure www function https over TLS SSL pass out quick on dc0 proto tcp from any to any port = 443 flags S keep state # Allow out send get email function pass out quick on dc0 proto tcp from any to any port = 110 flags S keep state pass out quick on dc0 proto tcp from any to any port = 25 flags S keep state # Allow out Time pass out quick on dc0 proto tcp from any to any
RE: Virtual Interfaces and Subnet Masks
it's my understanding that when you add an alias to an interface AND that alias is within the same network as the main address on the interface that it should be set with a /32 bit netmask. for example: ifconfig_fxp0=inet 192.168.1.1 netmask 255.255.255.0 ifconfig_fxp0_alias0=inet 192.168.1.7 netmask 255.255.255.255 IF the address is in a DIFFERENT network then the netmask should reflect that network. ifconfig_fxp0_alias1=inet 10.1.1.10 netmask 255.255.255.0 HTH (ps - make sure your alias numbering is numerically sequential without gaps) -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Martin McCormick Sent: Friday, June 24, 2005 6:34 AM To: freebsd-questions@freebsd.org Subject: Re: Virtual Interfaces and Subnet Masks Daniel Marsh writes: Why don't you just setup an IP alias for the fxp0 interface? ie: ifconfig_fxp0_alias0=inet 192.168.1.7 Thank you. that both validates some of what I did, but raises new questions. Originally, I tried to bring up a second Ethernet card which is on the system in question and which I thought we would use if we ever had to. This had worked once before when the dead system we were replacing was on a different network and I just assumed it would work on the same network. Big mistake! After discovering the hard way about conflicting instances of the same subnetmask and getting a bit nervous because we were still down on the interface we needed most, I tried bringing up fxp1 as follows: ifconfig fxp1 192.168.1.1 This worked, but I soon realized that ifconfig gave it a default mask of 255.255.255.0 which is wrong for that network. I then tried the alias for fxp0 exactly as you indicated and got it but the packets going out still had a 255.255.255.0 mask. I ended up, somehow, with that bad mask on both the primary interface and the alias after trying to start over with ifconfig. if config -alias ifconfig fxp0 inet 192.168.1.50 netmask 255.255.252.0 ifconfig fxp0 alias 192.168.1.1 I thought of bringing fxp0 down first but was doing all of this remotely from home and was concerned that I'd loose the system completely and it would be some minutes before one of us could physically go there and take control. We or at least I don't do this very thing nearly often enough because things under FreeBSD and Linux just don't break that often and it is difficult to duplicate every possible permutation of trouble meaning that sometimes, one gets nasty surprises. While not laughing at what happened too hard, can you think of how I ended up with the bad mask that wouldn't go away? Many thanks. Martin McCormick WB5AGZ Stillwater, OK OSU Information Technology Division Network Operations Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Invoking rc.conf changes w/o rebooting
On Fri, 17 Jun 2005 14:50:23 +0100 walker, mick [EMAIL PROTECTED] wrote: You can drop to ren level 1 using the command init 1. No, there is no need for such an action. A simple entry as the one listed in pkg-message is enough to set up webmin for starting at boot time and run time. Cheers (assuming a startup script was installed in /usr/local/etc/rc.d and is named webmin.sh and is executable) (also assuming you have added the correct entries to /etc/rc.conf in this case 'webmin_enable=yes') you should be able to start it up with /usr/local/etc/rc.d/webmin.sh start (that is assuming that the assumptions are correct ;-) -- John Brooks [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Remote server warnings
might be good to make sure you can actually ssh into the box before you move it, make sure root logins are not permitted in sshd_config, make sure the daily reports will be emailed to you -- John Brooks [EMAIL PROTECTED] I'm going to be moving my server to a remote site, where I'll only be able to ssh to it for any kind of service. It has been local, hooked up via a KVM switch, so it will be a new setup for me. What sorts of problems should I keep an eye out for? What kind of setup should I have? I've turned on ssh. What else should I do? How hard will it be to update my system remotely? Thanks in advance for any help you can provide. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Remote server warnings
for security reasons, remote root logins are a bad thing. log in as yourself, then su to root. make sure you are a member of the 'wheel' group. -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jonathan Arnold Sent: Thursday, June 16, 2005 8:51 AM To: freebsd-questions@freebsd.org Subject: Re: Remote server warnings John Brooks wrote: might be good to make sure you can actually ssh into the box before you move it, Thanks for the quick response. I've done this - in fact, I'm updateing to 4.10 as we speak via SSH with my box still local. make sure root logins are not permitted in sshd_config, If I do this, how do I do root stuff? Login as myself and use su? make sure the daily reports will be emailed to you Ahh, good idea. -- Jonathan Arnold (mailto:[EMAIL PROTECTED]) Daemon Dancing in the Dark, a FreeBSD weblog: http://freebsd.amazingdev.com/blog/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Complete Port Removal Question
pkg_info -r pkgnameshows dependencies pkg_delete -r pkgname removes pkg and dependencies -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of M. Goodell Sent: Thursday, June 16, 2005 10:24 AM To: FreeBSD Questions Subject: Complete Port Removal Question How can I remove a port and all of it's dependencies from a system? For example, I installed sqWebmail and tried it out then decided it's not what we were looking for. Now, I would like to not only remove sqWebmail but all of the stuff it installed along with it. sqwebmail also installed things like: - courier-authlib-base-0.56 - ispell-3.2.06_13 and others as well Is there a safe / quick way to remove the dependencies for a port and not break the rest of the system by removing stuff other things depend on? For example, I don't want to remove Perl obviously which is a dependency of sqwebmail. Thank you, FreeBSDUtah __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Complete Port Removal Question
yes -- John Brooks [EMAIL PROTECTED] -Original Message- From: M. Goodell [mailto:[EMAIL PROTECTED] Sent: Thursday, June 16, 2005 12:10 PM To: [EMAIL PROTECTED]; FreeBSD Questions Subject: RE: Complete Port Removal Question Will pkg_delete work with items installed via the ports collection? John Brooks [EMAIL PROTECTED] wrote: pkg_info -r shows dependencies pkg_delete -r removes pkg and dependencies ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: disabling ata devices
just unplug the cable and/or power to the hardware device -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dmitry Mityugov Sent: Wednesday, June 15, 2005 8:24 AM To: JM Cc: freebsd-questions@freebsd.org Subject: Re: disabling ata devices On 6/15/05, JM wrote: i'm not exactly sure how to accomplish this... i'm having problems with my cd-rom, which isn't surprising since it's a slim-line without UDMA and probably isn't supported... but... it's eating up time when i'm booting the system. i've erased the fstab lines for acd0 but it's still probing the hardware when i boot the machine. how do i completely disable probing for this device at startup? if possible i'd like to just remove the device node altogether. every time i remove /dev/acd0 it's just recreated each time i restart. not sure how to permanently remove it without physically removing it from the system. is there anyway to remove the node without removing the iso9660 entry from the kernel? Is it possible to disable it in BIOS? -- Dmitry We live less by imagination than despite it - Rockwell Kent, N by E ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: df: root partition at 108% capacity! Can't find why...
check /tmp for files run: # cd / # du -h -d2 | grep M this will show the total amount of disk usage in MB for files in directories 2 deep. you should be able to find the big ones from that (you may have to drill down a tad) -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Aaron Gibson Sent: Wednesday, June 15, 2005 4:30 PM To: SteveW Cc: freebsd-questions@freebsd.org Subject: Re: df: root partition at 108% capacity! Can't find why... -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SteveW wrote: Hi All, df: root partition at 108% capacity! Can't find why... After searching google freebsd.org I am no nearing to figuring this out, other than this is a known problem. Either I or the system managed to get the root partition back to under 100% but only just... I have looked for any large files that might be taking up space but have yet to locate anything over 3meg. Any suggestions, ideas, thoughts gratefully received. Thanks, Steve INFO: FreeBSD 4.7-RELEASE-p10 / 80gig drive df was: /dev/ad0s1a 252M 250M -18.5M 108% df now: FilesystemSize Used Avail Capacity Mounted on /dev/ad0s1a 252M 230M 1.8M99%/ /dev/ad0s1g29G 2.3G24G 9%/home /dev/ad0s1f 3.0G 1.7G 1.0G62%/usr /dev/ad0s1e 3.9G75M 3.5G 2%/var procfs4.0K 4.0K 0B 100%/proc After the cras dmesg was filled with this: pid 8967 (cp), uid 0 on /: file system full pid 8967 (cp), uid 0 on /: file system full ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] The filesystem reserves blocks for the superuser (consult manpage for newfs) -m free-space The percentage of space reserved from normal users; the minimum free space threshold. The default value used is defined by MINFREE from ufs/ffs/fs.h, currently 8%. See tunefs(8) for more details on how to set this option. - --Aaron -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCsJ3pm1yLNDpKjl4RAkkYAKCEj6sFAv43mOPOd7sYnHnR2Dc5YACg8vu9 foObxS/qd6RHhTz5IijKyAo= =xZDl -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Buildworld problem?
run the hard drive diagnostics software of your hard drive manufacturer to test the condition of your hard drive. it should be available from their website. this should always be done on used drives being put back into service. -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Java Weenie Sent: Tuesday, June 14, 2005 11:38 AM To: [EMAIL PROTECTED] Subject: Buildworld problem? I had a 4gig drive laying around that I wanted to use for a router, so I installed the latest (from about 1.5 weeks ago) from the 5.x distrubutions. I added ipfw/natd/dummynet to the kernel file and did a full buildworld, buildkernel. I rebooted after install kernel, everything seemed normal, did install world/mergemaster, rebooted. Right now, I have an 'ok' prompt, it appears after the 'Press enter to start booting immediately, or hit any other key to do something else' option and it states it cannot find kernel or kernel.old. My guesses are that either I got a really bad batch of sources, I performed a buildworld wrong (though I did double check my steps with the handbook first), or my hard drive picked a really unusual place to die. It is a new clean install so it wouldn't be a huge issue to reinstall, but if it is hardware, I will need to replace the drive before doing this again. Any thoughts on how to determine the problem? Thanks for any tips. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: [Solved] How to disable quoting of lines starting with From in email body?
This is a function of the receiving MTA. mbox format inserts a line at the beginning of each email in the form of: From [EMAIL PROTECTED] date This serves as a message delimiter inside the flat text file format of mbox. Your POP3 mail server needs these lines. Anyway, any time another line within the headers or message body BEGINS with From xxx... it will be prepended with a single to preserve the validity of the message delimiters. This is easy to test. telnet to your mail server on port 25 and manually deposit an email that has the following lines: this is a test From: hello From From hello see which will be prepended This is an entirely distinct issue from the 'quoting' of previous message bodies (as in below) -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Danny MacMillan Sent: Tuesday, June 14, 2005 2:16 PM To: Bart Silverstrim Cc: freebsd-questions@freebsd.org Subject: Re: [Solved] How to disable quoting of lines starting with From in email body? On Tue, Jun 14, 2005 at 02:28:45PM -0400, Bart Silverstrim wrote: On Jun 14, 2005, at 2:17 PM, Danny MacMillan wrote: It turns out that when I send the same email both to freebsd-test@ and directly to the account I have subscribed to that list, the mail delivered via the list has the From line quoting and the other one doesn't. So it looks like the list is actually sending the From lines quoted over the wire and my FreeBSD configuration is okay. Most of the mail I read on this box is list traffic so I didn't notice. On this list? I forget what it's called now, but qualcomm had a method of quoting messages so that email would be indented properly on very small displays, and it's a format that Mail.app uses in quoting things...and I don't have the , but rather colored lines showing snip . ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: MAC address rc.conf
just curious... what happens when your 'router' and your 'laptop' both have the same MAC address? -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bob Bomar Sent: Monday, June 13, 2005 10:42 AM To: Peter; [EMAIL PROTECTED] Subject: Re: MAC address rc.conf -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter wrote: |Hi, |My ISP have aauthorization by username, password AND mac address. |I currently make PPPoE connection from my laptop(win XP) to them. |However I want to put FreeBSD router in front of my laptop. |That is why I will need to make MAC address of outgoing ethernet card |same as my laptop. |I plan to make bash script(ifconfig down, ifconfig up) for that |purpose. |However I prefer a little bit cleaner solution ... | is there any way I can set MAC address for the network card in |rc.conf ? |Thanks :-))) |Kind regards, |Pete | When the system boots, it will read rc.conf, and then it will pass the ifconfig_inf=... to ifconfig, so what I do is just to add ether aa:bb:cc:dd:ee:ff to that line: ifconfig_fxp0=inet 1.2.3.4 netmask 255.0.0.0 ether aa:bb:cc:dd:ee:ff - -- Bob Bomar [EMAIL PROTECTED] http://www.bomar.us/~bob -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCralK9Jm/aTrtdKoRAlFFAJ93Y0XL7OMbJcdhFvBxQP3XEtzP6QCeOHIQ 8m1uyAMjW8F1SW0E/HNYFBA= =d5HD -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Driving Me Nuts
try this: kill the ntpd process run ntpdate sundial.columbia.edu restart ntpd ntpd is not happy if the clock is too far off -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David Marshall Sent: Sunday, June 12, 2005 1:37 AM To: freebsd-questions@freebsd.org Subject: NTP: Driving Me Nuts I'm having an awful time trying to get NTP working on some new servers. Consider three machines: jeffy: my home machine, runs 5.4 with a very sleek kernel, sits behind a router. web1: one of the new servers, running 5.4-p2 with a kernel configuration that *only* has options INET6 commented out: [EMAIL PROTECTED] diff GENERIC WEB 25c25 ident GENERIC --- ident WEB 32c32 options INET6 # IPv6 communications protocols --- #options INET6 # IPv6 communications protocols web2: another of the new servers, running 5.4 with GENERIC All three have the same /etc/ntp.conf: server sundial.columbia.edu driftfile /var/db/ntp.drift All, of course, have ntpd_enable=YES in /etc/rc.conf Here are the relevant lines from the log when I run /etc/rc.d/ntpd start, after making sure it is stopped, of course. When any of them is stopped netstat -n | fgrep 123 yields no lines. jeffy: Jun 11 23:24:53 jeffy ntpd[90141]: ntpd 4.2.0-a Mon May 9 15:42:44 PDT 2005 (1) Jun 11 23:24:53 jeffy ntpd[90141]: no IPv6 interfaces found web1: Jun 12 02:28:23 web1 ntpd[783]: ntpd 4.2.0-a Sun Jun 12 00:46:05 EDT 2005 (1) Jun 12 02:28:23 web1 ntpd[783]: no IPv6 interfaces found Jun 12 02:28:23 web1 ntpd[783]: bind() fd 6, family 2, port 123, addr 0.0.0.0, in_classd=0 flags=8 fails: Address already in use web2: Jun 12 02:24:28 web2 ntpd[32792]: ntpd 4.2.0-a Sun May 8 06:01:21 UTC 2005 (1) Jun 12 02:24:28 web2 ntpd[32792]: bind() fd 9, family 2, port 123, addr 0.0.0.0, in_classd=0 flags=8 fails: Address already in use 'ntpq -p' on jeffy returns a normal looking ntpq result. 'ntpq -p' on either web1 or web2 eventually times out. However, if I put a restrict into their ntp.conf I get something like remote refid st t when poll reach delay offset jitter == hickory.cc.colu .INIT. 16 u- 6400.000 0.000 40 that never changes, even after several hours. I've read a lot of similar problem reports, but none of them ever seem to have a definitive answer. Can anyone help? I'm really mystified. The only thing I have left to try is that I have noticed that jeffy has NO_INET6 = true set in /etc/make.conf, whereas web1 does not have this. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: DNS problem?
are the dns servers of the other computers the SAME as the freebsd server? what are the contents of /etc/resolv.conf? -- John Brooks [EMAIL PROTECTED] Thank you John. I will try this series of pings the next time my server freezes. I did try something similiar, if not so methodical last time it froze and could ping most things on the interior. The firewall was still working as I could still access the outside using other computers on the network, so I think the problem was with the server somehow. Alan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Setting Up Email Only / Very Restricted Accounts
I use a combination of postfix, courier-imap, and mysql. It eliminates the need for shell accounts. There are several good tutorials at http://www.postfix.org/docs.html -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of M. Goodell Sent: Wednesday, June 08, 2005 5:46 PM To: FreeBSD Questions Subject: Setting Up Email Only / Very Restricted Accounts Hello, What is the recommended method to setup E-Mail only accounts? I am running a server that will host several websites and also provide e-mail services for many site users. What I want to do is configure each user to only have email access and *no* shell access / ftp access of any kind. Is it good enough to simply use /usr/sbin/nologin as the shell and leave it at that or is there a more secure / better way of implementing this. Thank you. FreeBSDUtah __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: DNS problem?
I am running a FreeBSD server behind a Linksys Wireless Access Point / Router (BEFW11S4). Its local address is 192.168.1.1. The Linksys is attached to a DSL modem. In my /etc/rc.conf file I have defaultrouter=192.168.1.1 which works most of the time. However occasionally, all network traffic freezes, I cannot login to the server using ssh and my mailing lists and websites do not function. If, at my server, I type host someip.com it reports 'no server can be found' or some similar message (I sorry, I didn't note down the exact message) - a reboot has fixed the problem. I assume that the problem is that the server is unable to find a DNS server. Is that right? Probably... Do I have it right that I should point defaultrouter at the firewall? Assuming that the firewall is your gateway to the outside world, then yes. How do I tell FreeBSD about other DNS servers to use if the firewall route fails? If your resolving dns servers as listed in /etc/resolv.conf are outside the firewall, then they cannot be reached if the default route is down. Likewise if your resolving dns servers are inside or on the firewall, then their queries will never be answered. The effect is the same, you don't get an answer. Unless they have some cached results that have not yet timed out, but even with the cached answer you still cannot reach the destination, so the end effect is the same - you know where to go but cannot get there. Why does pointing defaultrouter at the filewall fail? Cable unplugged, switch down, nic dead, firewall down, upstream isp out, isp router down, electricity out, hard drive on firewall crashed, dsl/cable modem out, telco burped, and so forth for another hundred possible reasons... You could start troubleshooting by these steps: 1) ping 127.0.0.1 2) ping ip of local machine 3) ping localhost 4) ping hostname of local machine 5) ping another host on same lan by ip address 6) ping another host on same lan by hostname (if any exist in /etc/hosts) 7) ping interior ip of firewall (192.168.1.1) 8) ping exterior ip of firewall 9) ping default gateway of firewall 10) ping ip address of some internet host (yahoo.com = 66.94.234.13) As you proceed down this list it will give you clues as to what is wrong, and tell you where to look. Good luck... Thanks Alan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: DNS and Gateway in FreeBSD?
what is the contents of /etc/resolv.conf -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Xu Qiang Sent: Wednesday, June 08, 2005 2:16 AM To: Jonathan Chen; Xu Qiang Cc: freebsd-questions@FreeBSD.org Subject: RE: DNS and Gateway in FreeBSD? Jonathan Chen wrote: /etc/rc.conf, output of netstat -rn, ifconfig -a would help. The output of ifconfig -a is: --- gso_dev_2# ifconfig -a xl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=9RXCSUM,VLAN_MTU inet 13.198.33.131 netmask 0xfc00 broadcast 13.198.35.255 inet6 fe80::2b0:d0ff:fe44:403c%xl0 prefixlen 64 scopeid 0x1 ether 00:b0:d0:44:40:3c media: Ethernet autoselect (10baseT/UTP) status: active plip0: flags=108810POINTOPOINT,SIMPLEX,MULTICAST mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 --- The content of /etc/rc.conf: --- # -- sysinstall generated deltas -- # Tue Apr 12 23:53:44 2005 # Created: Tue Apr 12 23:53:44 2005 # Enable network daemons for user convenience. # Please make all changes to this file, not to /etc/defaults/rc.conf. # This file now contains just the overrides from /etc/defaults/rc.conf. defaultrouter=13.198.32.1 hostname=gso_dev_2.workgroup ifconfig_xl0=inet 13.198.33.131 netmask 255.255.252.0 linux_enable=YES moused_enable=YES usbd_enable=YES --- I didn't remember I have added the gateway 13.198.32.1. I manually added the ip address (13.198.33.131) and netmask (255.255.252.0), so I wonder how the gateway was added into this file. And I didn't have any DNS setting here. Yet it can ping www.yahoo.com successfully. Quite strange. :( Regards, Xu Qiang ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: pf block question
Are you sure the ruleset is loaded, and pf is enabled? -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matt Rechkemmer Sent: Tuesday, June 07, 2005 1:43 AM To: [EMAIL PROTECTED] Subject: pf block question So, at the very top of my pf filter rules, I have these rules: block drop in quick on fxp0 inet proto icmp from 1.3.3.7 to any block drop in quick on fxp0 inet proto tcp from 1.3.3.7 to any 1.3.3.7 is a made up IP address ;-). Even with this rule present, pf allows traffic from the IP through. I guess I'm a bit confused as to why it isn't being dropped. Since it has the quick keyword, shouldn't that take precedence over all other filter rules? Any ideas? -- Matt Rechkemmer [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
inbound ssh ceased on 4 servers at same time
Yesterday at about noon, all four freebsd servers on a clients lan quit accepting ssh connections. All were running 4.11-release-p4, and had been cvsup'd at the same time from cvs-10, cvs-11, or cvs-12. Outbound ssh (from console of the affected boxes) works as expected, both to local openbsd boxes and to remote locations. There are no host based firewalls involved, and all other network services are operating correctly. Netstat shows port 22 as listening. At 11:20 am (40 minutes earlier), ssh was working properly on all boxes. Has anybody encountered a situation like this before? -- John Brooks [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: inbound ssh ceased on 4 servers at same time
sshd is running on the affected machines no errors on console or logs, just times out waiting for the password prompt. interestingly: when investigating this at the console, attempting ssh sessions from the db server and backup server to the file server (these two are 'deeper' in the network so there was never an occasion to ssh FROM them before) produced the std warning about an unknown host prompting for inclusion in the ~/.ssh/known_hosts file. dns is not really involved, the ssh session is sent to the ip address directly as in ssh [EMAIL PROTECTED] ping works in both directions as does all other network services (internal mysql, intranet http, pop3, smtp, smbd, nmdb, dns). network hardware and cabling issues have been effectively ruled out. -- John Brooks [EMAIL PROTECTED] -Original Message- From: Glenn Dawson [mailto:[EMAIL PROTECTED] Sent: Saturday, June 04, 2005 2:56 PM To: [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Subject: Re: inbound ssh ceased on 4 servers at same time At 09:05 AM 6/4/2005, you wrote: Yesterday at about noon, all four freebsd servers on a clients lan quit accepting ssh connections. All were running 4.11-release-p4, and had been cvsup'd at the same time from cvs-10, cvs-11, or cvs-12. Outbound ssh (from console of the affected boxes) works as expected, both to local openbsd boxes and to remote locations. There are no host based firewalls involved, and all other network services are operating correctly. Netstat shows port 22 as listening. At 11:20 am (40 minutes earlier), ssh was working properly on all boxes. Has anybody encountered a situation like this before? Not specifically, but the first things I would check: is sshd running on the affected machines? when trying to connect to the affected machines, do the clients give any error messages? or does the connection just time out? are there any relevant entries in the log files on the affected machines? specifically /var/log/messages and /var/log/auth.log are the affected machines using the same name server? and if they are, can the affected machines do forward and reverse lookups for the IP of the system you are trying to connect from? -Glenn -- John Brooks [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: inbound ssh ceased on 4 servers at same time
sshd is running on the affected machines no errors on console or logs, just times out waiting for the password prompt. interestingly: when investigating this at the console, attempting ssh sessions from the db server and backup server to the file server (these two are 'deeper' in the network so there was never an occasion to ssh FROM them before) produced the std warning about an unknown host prompting for inclusion in the ~/.ssh/known_hosts file. dns is not really involved, the ssh session is sent to the ip address directly as in ssh [EMAIL PROTECTED] ping works in both directions as does all other network services (internal mysql, intranet http, pop3, smtp, smbd, nmdb, dns). network hardware and cabling issues have been effectively ruled out. Have you tried ssh with the -vvv switch to get extra debugging info at the console? If there's anything happening with ssh, it should show up there, I'd expect. Are you testing to/from multiple hosts here? If so, what's different between each set of hosts you're testing? Hope that helps, G Have not tried the -vvv switch, good call, I have several other networks running the same versions of FreeBSD that are not affected so that will make for a good comparison. Will do that later this evening. I have tested each of the four boxes in the following ways: From OpenBSD firewall to each of the four FreeBSD servers: times out From each FreeBSD server to the OpenBSD firewall: works as expected From each FreeBSD server to off network BSD boxes: works as expected From each FreeBSD server to other FreeBSD server: times out For the last 18 months I have almost daily ssh'd into these 5 boxes for maintenance, programming, logs, mail tracing, backups, etc. I am the only login shell user on them. I had been in the network on these boxes earlier in day, before this started. There were no config changes made. That is part of what is puzzling, and to happen to all four boxes at the same time is cause for conceern. The why of it all is my primary objective at this point. I'll post the results of the -vvv switch a little later this evening. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: permissions issue help ?!?!
you need to stop and restart mysql usually: /usr/local/etc/rd.d/mysql-server.sh stop /usr/local/etc/rd.d/mysql-server.sh start ymmv -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brent Bailey Sent: Tuesday, January 07, 2003 12:27 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: permissions issue help ?!?! Awesomethanx for your help... i have one other one for ya ...if your up to it .. for whatever reason ...a file that was in the /tmp dir is missing its a file that mysql used called mysql.sock= it had permissions like srwxrwxrwx mysql wheelmysql.sock= any thoughts ?? Im sure i need this for mysql to work...i would hate to have to reinstall mysql,,,Thanx again for you help, Brent To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Sendmail and NIS files
Does anyone know where I can find a complete list of all files specific to sendmail and nis, that exist in 4.7? -- John Brooks [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
4.7Release - sed problems?
I'm working on a new clean install of 4.7R from the iso. dmesg gives an error: pid 94 (sed), uid 0: exited on signal 4 (core dumped) this comes from the 'sed' call in 'update_motd' installing applications from ports also fail on 'sed' calls release notes on 4.7 indicate: sed(1) now takes a -i option to enable in-place editing of files. my question: Does this mean that the wrong version of sed is included in the iso of disk 1? (I've just subscribed to this list) -- John Brooks [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Ports failing
this is a new clean install of 4.7 release from cdrom. previously this box had 4.5 release. from a boot screen: Illegal instruction (core dumped) Jan 6 16:30:36 joseph /kernel: pid 94 (sed), uid 0: exited on signal 4 (core dumped) setting 'update_motd=NO' bypasses this error release notes on 4.7 indicate: sed(1) now takes a -i option to enable in-place editing of files. also, ports will not compile, returning errors of 'invalid syntax', 'syntax error', 'return makes integer from pointer without a cast', and 'data definition has no type or storage class' I suspect this is related. Has anyone dealt with this or seen this before? -- John Brooks [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
