Re: log error..
On 4/1/12 2:01 AM, jangkawij...@students.itb.ac.id wrote: Apr 1 19:33:10 johannesang named[18782]: starting BIND 9.7.4-P1 -t /var/named -u bind Apr 1 19:33:10 johannesang named[18782]: built with '--localstatedir=/var' '--disable-linux-caps' '--disable-symtable' '--with-randomdev=/dev/random' '--with-openssl=/usr/local' '--with-libxml2=/usr/local' '--without-idn' '--enable-ipv6' '--enable-threads' '--sysconfdir=/etc/namedb' '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info/' '--build=i386-portbld-freebsd7.3' 'build_alias=i386-portbld-freebsd7.3' 'CC=cc' 'CFLAGS=-O2 -fno-strict-aliasing -pipe' 'LDFLAGS= -rpath=/usr/local/lib' 'CPPFLAGS=' 'CPP=cpp' 'CXX=c++' 'CXXFLAGS=-O2 -fno-strict-aliasing -pipe' Apr 1 19:33:10 johannesang named[18782]: Using 101 tasks for zone loading Apr 1 19:33:11 johannesang named[18782]: max open files (3520) is smaller than max sockets (4096) Apr 1 19:33:11 johannesang named[18782]: command channel listening on 127.0.0.1#953 Apr 1 19:33:11 johannesang named[18782]: command channel listening on ::1#953 Apr 1 19:33:11 johannesang named[18782]: zone 127.in-addr.arpa/IN: NS 'johannesang.com.127.in-addr.arpa' has no address records (A or ) Apr 1 19:33:11 johannesang named[18782]: zone 127.in-addr.arpa/IN: not loaded due to errors. Apr 1 19:33:11 johannesang named[18782]: zone 79.205.167.in-addr.arpa/IN: has no NS records Apr 1 19:33:11 johannesang named[18782]: zone 79.205.167.in-addr.arpa/IN: not loaded due to errors. Apr 1 19:33:11 johannesang named[18782]: zone johannesang.com/IN: NS 'host.johannesang.com' has no address records (A or ) Apr 1 19:33:11 johannesang named[18782]: zone johannesang.com/IN: not loaded due to errors. Apr 1 19:33:11 johannesang named[18782]: /etc/namedb/master/localhost-forward.db:5: unknown RR type 'Serial,' Apr 1 19:33:11 johannesang named[18782]: zone localhost/IN: loading from master file /etc/namedb/master/localhost-forward.db failed: unknown class/type Apr 1 19:33:11 johannesang named[18782]: zone localhost/IN: not loaded due to errors. Apr 1 19:33:11 johannesang named[18782]: running can somene help me ?? can some help me to selve this thanks Ah, the impatience of youthhe'd sent me essentially the same question directly and got impatient 30 minutes later and resent it here. Those error messages are pretty explicit. The one hint is that each zone file needs to have at least one NS record that uses a name for a server. That name has to have at least one A (or if you're using ipv6, but I'd suggest you stick with ipv4 until you have a clue) record that gives an IP address for the server. You can't assign your servers names in in-addr.arpa. Judging from the complaint about RR type 'Serial' you've still got uncommented-out garbage floating around. Fix all that and it'll get better. Better yet, compare what you've got against what's in the documentation and think a bit about what it *means*. The question, of course, is how did you manage to completely break this since the last go around, where I believe you had the NS records working? --Jon Radel j...@radel.com
Re: log error..
On 4/1/12 3:21 AM, Robert Bonomi wrote: Since you seen incapable of reading and following the directions for creating properly formatted BIND zone files, even after having been directed to those resoures after your prior post, the best advice is for you to either: 1) Hire a knowledgable professional to set it up for you. -or- 2) Contract with a knowledgable operator to host your zones on *their* servers. or 3) Find a fellow student locally who has figured it out and is willing to look over your files with you until you get it. --Jon Radel j...@radel.com
Re: problem
The format of named files isn't quite as free-form as you apparently think. :-) Compare one of mine: $TTL 1H @ IN SOA ns3.radel.com. jon.radel.com. ( 2010100400 ; serial 1H ; refresh 15M ; retry 2W ; expiry 30M ) ; minimum IN NS ns.radel.com. IN NS ns2.radel.com. IN NS ns3.radel.com. IN NS ns4.radel.com. with yours: $TTL3600 OK johannesang.com. IN SOA host.johannesang.com. root.johannesang.com. ( OK; @ in mine is shorthand for the domain which this zone file defines, but giving the domain explicitly works fine. 201204010042 1d12h 1w 3h Starts as OK syntax, but a 42 second refresh with 1 day retry strikes me as dubious at best and then you have an extra value on the end. Actually, I suspect that 42 is actually your extra value. 2012040100 is the serial number, you know. Serial, Refresh, Retry, Expire, Neg. cache TTL This line is extraneous garbage, as you've not commented it out; that's what the semi-colons do in my example. I suspect that's why one error message moans about an error in the vicinity of the 3h, as that's an extra value followed by garbage. Missing close parenthesis. ;DNS Servers johannesang.com. IN NS host.johannesang.com. Looks fine. ;Machine Names host.johannesang.com.IN A 167.205.79.105 Looks fine ;Aliases www IN CNAME host.johannesang.com. Looks fine here is my db.johannesang file $TTL3600 79.205.167.in-addr.arpa. IN SOA host.johannesang.com. root.johannesang.com. 201204010042 1d12h 1w 3h missing open and close parenthesis, extra value Serial, Refresh, Retry, Expire, Neg. cache TTL extraneous garbage Etc. You're pretty close and it should work fine after you clean up your syntax a bit. --Jon Radel j...@radel.com
Re: Fwd: Some questions about Link Aggregation and Failover
On 3/9/12 4:08 AM, Damien Fleuriot wrote: Well that's exactly what I'm trying to show you. Link aggregation will *NOT* allow you to get 200mbs between 2 servers by sending data over the 2 cables. As per the example I pasted below, link aggregation uses a load balancing algorithm to share the traffic across several links. It will *NOT* use *BOTH* links for a single source ip - destination ip pair. All of which is explained at least twice in the document the OP claims to have used http://www.freebsd.org/doc/en/books/handbook/network-aggregation.html once in the section on LACP: LACP balances outgoing traffic across the active ports based on hashed protocol header information and accepts incoming traffic from any active port. The hash includes the Ethernet source and destination address, and, if available, the VLAN tag, and the IPv4/IPv6 source and destination address. and once in Example 32-1, which is presumably being used as the cookbook for this project: Since frame ordering is mandatory on Ethernet links then any traffic between two stations always flows over the same physical link limiting the maximum speed to that of one interface. The transmit algorithm attempts to use as much information as it can to distinguish different traffic flows and balance across the available interfaces. Has use of Gig ethernet been considered? -- --Jon Radel j...@radel.com
Re: Some questions about Link Aggregation and Failover
On 3/6/12 11:41 PM, bo wang wrote: Hello: Recently I want to do Link Aggregation for increasing the speed. I use a Cisco 3750 Switche and two IBM Server R with BSD 9.0 .I do link aggregation According to this page. http://www.freebsd.org/doc/en/books/handbook/network-aggregation.html I use LACP .But when i have done ,the link aggregation only can do Failover .It cann't increase the speed. What is the problem?Detailed configuration as follows How are you measuring the speed to determine that there is no speed-up? You're not, by some chance, sending test data between a single source and single destination address pair are you? -- --Jon Radel j...@radel.com
Re: Do not work turn-off line to syslogd last message repeated N times'
On 3/2/12 6:33 PM, Vladislav V. Prodan wrote: 03.03.2012 1:10, Yuri Pankov wrote: Well, twice means cc :-) #man syslogd ... SYNOPSIS syslogd [-468ACcdkNnosuv] [-a allowed_peer] [-b bind_address] [-f config_file] [-l [mode:]path] [-m mark_interval] [-P pid_file] [-p log_socket] ... Where do you see an indication to use the -cc? I need to remove the logs from the line of the form: last message repeated N times There was a very clear indication in the quote from the manpage that you, your very own self, sent us all just a few minutes ago. -- --Jon Radel j...@radel.com
Re: Email issues, relay failure
On 2/25/12 1:39 PM, Bender, Chris wrote: Thanks. There aren't any firewalls between the devices but they are far apart. On 2/27/12 11:12 AM, Bender, Chris wrote: Can anybody assist me with pfctl on freebsd? I have pfctl running as adaptive. It is blocking some smtp mail. ! BTW, pfctl is the program for controlling the firewall. The actual firewall is generally referred to as pf. So if you just turn PF off for a bit, does e-mail suddenly flow? -- --Jon Radel j...@radel.com
Re: Email issues, relay failure
On 2/27/12 11:45 AM, Bender, Chris wrote: I was thinking about just reloading the pf.conf but I have never worked with pf so I am worried other things might break. My thought was by doing that the Adaptive part of the pfctl would be restarted? Any pf.conf file I've ever seen does something sensible after reload. I suspect one could write something perverse that blows up on restart, but that would making rebooting the machine problematic Does that make sense would reloading the rules wash the adaptive behavior away or Would all that still be in some sort of bruteforce file to protect the firewall? pf can load data from files when it starts or just manage things in a fashion that is transient upon restart. Hard to say what's happening in your case w/o a clue as to what's in pf.conf. I'd suggest that you at the very least whitelist internal SMTP speakers that you expect to get e-mail from on a regular basis, even if you do throttling of SMTP connections in general. Much less messy -- --Jon Radel j...@radel.com
Re: Email issues, relay failure
On 2/27/12 12:00 PM, Bender, Chris wrote: How would I whitelist SMTP speakers? You're invited to read the documentation. The Book of PF: A No-Nonsense Guide to the OpenBSD Firewall, 2nd ed., is also rather informative, although one has to keep in mind that the version of PF in FreeBSD lags that in OpenBSD. I am thinking it would be ok to reload the rules, would that clear the issue with SMTP users for now? Whats the harm? The universe might grind to a halt. This would upset a great many people. This outcome, however, is exceedingly unlikely. Again, with no clue as to what's in pf.conf, I could offer only the vaguest guesses based in part on my judged competence of the author of your pf.conf. Since your pf.conf appears to have possibly destroyed your e-mail infrastructure, the preliminary assessment is a bit shaky. -- --Jon Radel j...@radel.com
Re: Email issues, relay failure
On 2/25/12 10:26 AM, Bender, Chris wrote: On telnet w IP it says unable to connect. ... Its weird that the delivery on A says deferred connection timed out but on tcpdump I see the port 25 If you can't establish a TCP connection from A to your relay server on port 25, I'd expect all of the above. If you can't establish a TCP connection to port 25 at all from A, I'd stop focusing on the details of the e-mail server on the relay machine (as they're likely to be beside the point) and start focusing on what is blocking the traffic from A. Have you audited all the firewalls involved? To be really focused, if you see traffic (both ways) at the relay server when A tries to talk to port 25, but A is convinced that no TCP connection is established, either you're stomping on things at the relay server (do your attempts to telnet to port 25 fail immediately or just sit there for a good long time and then fail?), the reply packets from relay to A are getting mis-routed, or A is ignoring the packets coming in from the relay. Can you ping from the relay to A? There's a distinct difference between failure to establish a TCP connection (look to the network stuff) and the e-mail server giving you an error response rejecting your attempt to transfer mail or just quietly loosing the mail (look to the e-mail servers). -- --Jon Radel j...@radel.com
Re: Diljot kor wants to chat
On 12/13/11 8:23 AM, Diljot kor wrote: --- Diljot kor wants to stay in better touch using some of Google's coolest new products. The invite everyone in your address book feature is evil, yes? Be careful out there. --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipfw And ping
On 12/1/11 6:25 PM, Tim Daneliuk wrote:
I have a fairly restrictive ipfw setup on a FBSD 8.2-STABLE machine.
Pings were not getting through so I added this near the top
of the rule set:
#
# Allow icmp
#
${FWCMD} add allow icmp from any to any
It does work but, two questions:
1) Is there a better way?
Consider allowing only the ICMP that does things you want to do. Google
something like icmp types to allow for some hints and opinions. Just
as an example, you can independently control being able to ping others
and others being able to ping you.
2) Will this cause harm or otherwise expose the server to some
vulnerability?
Well, if you allow all ICMP types, it's possible to make your little
packets go places you didn't really want them to go, and similar network
breakage. You can also find those who feel strongly that allowing
others to ping your machines gives them way too much information about
what you have at which IP address. On the other hand, working ping and
traceroute can be very handy to figure out what's wrong when the network
breaks. But do you open up access on your server?---well not so much,
though having said that I'm ready for somebody to remind me of some
obscure attack that uses ICMP for more than information gathering. :-)
--Jon Radel
j...@radel.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [OT] but concerns all of us
On 11/17/11 9:02 AM, Rod Person wrote: As someone that has been stop because of how I look and where I live, I find the 'only those that break laws have reason to fear them argument' extremely naive. To put it mildly. Before you know it, records of what you've been up to on the Internet will be discoverable in your divorce proceedings when your soon-to-be-ex-spouse decides to go for the nuclear option. Now, not only will you have to pull the battery from your cell phone and pay cash at all toll plazas, but you'll have to hit a different Internet Cafe and pay cash every time you surf the web. --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Check Memory Usage, program like 'free' in Linux
Is there a program to check physical memory usage in FreeBSD(using 8.2 RELEASE)? In vain of 'free' in Linux. I know you can check the values with sysctl, I was just checking if anyone has a cleaner option. I was always curious. Thanks Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Check Memory Usage, program like 'free' in Linux
On Thu, Nov 3, 2011 at 9:25 AM, Rares Aioanei bsdlis...@gmail.com wrote: On 11/03/2011 03:18 PM, Jon Schipp wrote: Is there a program to check physical memory usage in FreeBSD(using 8.2 RELEASE)? In vain of 'free' in Linux. I know you can check the values with sysctl, I was just checking if anyone has a cleaner option. I was always curious. Thanks Jon __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.org freebsd-questions-unsubscr...@freebsd.org top? Crap, I forgot mention that it needs to be non-interactive, it will be for e-mail alerts. So that rules out top as for as I know. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Check Memory Usage, program like 'free' in Linux
On Thu, Nov 3, 2011 at 11:35 AM, Robert Bonomi bon...@mail.r-bonomi.comwrote: From owner-freebsd-questi...@freebsd.org Thu Nov 3 08:17:46 2011 Date: Thu, 3 Nov 2011 09:18:06 -0400 From: Jon Schipp jonsch...@gmail.com To: freebsd-questions@freebsd.org Subject: Check Memory Usage, program like 'free' in Linux Is there a program to check physical memory usage in FreeBSD(using 8.2 RELEASE)? In vain of 'free' in Linux. Having *NO* idea what linux 'free' does, your question is hard to answer. I know you can check the values with sysctl, I was just checking if anyone has a cleaner option. I was always curious. If you're just looking for the amount of 'free' memory, the 3rd field of the third line of the output of vmstat(8) has that value. I'm under the impression that virtual memory and physical memory usage are very different. e.g. vmstat and top report very different memory values. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Check Memory Usage, program like 'free' in Linux
On Thu, Nov 3, 2011 at 11:55 AM, Lowell Gilbert freebsd-questions-lo...@be-well.ilk.org wrote: Jon Schipp jonsch...@gmail.com writes: On Thu, Nov 3, 2011 at 9:25 AM, Rares Aioanei bsdlis...@gmail.com wrote: On 11/03/2011 03:18 PM, Jon Schipp wrote: Is there a program to check physical memory usage in FreeBSD(using 8.2 RELEASE)? In vain of 'free' in Linux. I know you can check the values with sysctl, I was just checking if anyone has a cleaner option. I was always curious. Thanks Jon __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questions http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.org freebsd-questions-unsubscr...@freebsd.org top? Crap, I forgot mention that it needs to be non-interactive, it will be for e-mail alerts. So that rules out top as for as I know. No, you could script it out of top(1), but I'm going to guess that you're trying to be warned when the system is close to running out of memory. That is silly -- you paid for the memory; why would you *want* it to sit around doing nothing? While this isn't my intention... I'm curious: You wouldn't want to know when your machine has reached periods of high memory utilization? Occurrence/frequency information seems pretty valuable. More importantly, at specific times, noticing patterns, use during/after business hours If you didn't want to use memory, it wouldn't be purchased. I don't think keeping track of the utility of your purchases is silly. Also note that the definition of free is somewhat complicated. Maybe if you described the actual problem you want to solve, we could suggest a more appropriate answer. A literal answer to your question might be: top -d 1|grep '^Mem:'|cut -d ',' -f 6 assuming the format of the line of top doesn't change. That does the trick. I didn't think it was possible to grab data from interactive programs without throwing in some garbage. Should've tested. Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Problems with php5-pdo_pgsql, libpq etc. after upgrading postgresql
Hi list, Last week, I ran portupgrade as usual (after reading UPDATING). At lot of ports were upgraded, one of them the postgresql database. In the first place, I had to change the user name to start and access the database (I placed postgresql_class=postgres in /etc/rc.conf). Secondly, I could not use davical (caldav calendar server) anymore. I cannot connect to the database and when I try to access the web interface, I get an error: Fatal error: PDO connection error 'pgsql:dbname=davical user=davical_app': could not find driver in /usr/local/share/awl/inc/AwlDBDialect.php on line 78.* *I checked my php configuration through phpinfo and I could confirm that there was no pdo driver for postgresql. There were only drivers for sqlite and mysql. When I try to rebuild databases/php5-pdo_pgsql with portupgrade -fRv databases/php5-pdo_pgsql, I got this error: ... checking for gawk... gawk checking for PostgreSQL support for PDO... yes, shared checking for pg_config... /usr/local/bin/pg_config checking for openssl dependencies... no checking for PQparameterStatus in -lpq... no Unable to build the PDO PostgreSQL driver: libpq 7.4+ is required === Script configure failed unexpectedly. My configuration: uname -a: FreeBSD servername 8.2-STABLE FreeBSD 8.2-STABLE #0: Sun Oct 16 04:26:18 CEST 2011 root@servername:/usr/obj/usr/src/sys/servername i386 Some of the relevant ports: postgresql-client-8.4.9 postgresql-server-8.4.9_2 php5-pdo-5.3.8 php5-pdo_mysql-5.3.8 php5-pdo_pgsql-5.3.8 php5-pdo_sqlite-5.3.8 I will appreciate any help, since I really need this calendar server. -- *Jon Theil Nielsen* ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
netstat -di - Idrop vs. Drop
On FreeBSD what's the difference between Drop and Idrop in the netstat output? $ netstat -di NameMtu Network Address Ipkts Ierrs Idrop Opkts Oerrs Coll Drop bge0* 1500 Link#1 00:16:d4:e3:49:310 0 0 0 0 00 wpi0 2290 Link#2 00:1b:77:86:2d:fa0 53068 0 179587 3 00 The man page doesn't explain them. Also, does netstat get the drop count from the NIC or from a kernel buffer? For instance, if the NIC can't accept any more packets because of the lack of descriptors, will the packets lost be reported as one of the drop values in netstat? I ask because in Linux, ifconfig reads from /proc/net/dev and as for as I know, it drops only when the kernel buffer is full. So if the NIC wouldn't accept packets due to lack of descriptors you wouldn't know about it i.e. it hasn't made it's way into kernel memory. that and netstat on FreeBSD has the -B option for the BPF buffer stats, so right now it makes sense that netstat -di reports the drop count from the NIC/driver itself. Right/Wrong? Any help is appreciated, Thanks -- - Jon -- -- VMB: 812-682-0231 Dubois County Linux User Group - http://www.dclinux.org Southern Indiana Computer Klub - http://sickbits.networklabs.org Bloomington FOOLS - http://www.bloomingtonfools.org/ BloomingLabs - http://www.bloominglabs.org ISSA-Kentuckiana - http://issa-kentuckiana.org GPG Key ID: 810903CB Key fingerprint = 0069 ED69 EABB DF84 5983 AD3C 6C20 BEFD 8109 03CB ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Please secure your FTP access
On 9/16/11 1:37 PM, David Demelier wrote: For me, I have tested a lot of client mails and I was always able to write text under the last message. And even microsoft outlook. Though your current client does appear to keep you from trimming. -- --Jon Radel j...@radel.com
Re: wheel group mkdir
On 9/6/11 7:13 PM, Fbsd8 wrote: Thanks for your reply. I have a user id that is in the wheel group. I su and get prompted for the user id's password after which I get returned to the command line. Running the script with the mkdir command embedded still returns Permission Denied message. I have read the su man page to no joy. Could you please explain the sequence of events to get su to work. Since you're the one having the issue you wish to have resolved, you might want to take it upon yourself to tell us *exactly* what you're typing, what the results are, and what you'd prefer to have happen instead. We can guess what you're doing when you say I su and get prompted for the user id's password after which I get returned to the command line, but given the root problem is that you don't fully understand the su command, it's hard to be certain what you mean by that. Going out on a limb, however, I'll point out that, when you're logged in as fred su - fred doesn't do much for you as you remain fred, whereas, what was meant in the suggestion to you was something more along the lines of su - which, if you enter root's password, leaves you as root. (Or gives you a shell with root's privileges to be a bit more precise.) But, again, I'd suggest that this would go faster if you provide what you're doing and what the results are rather than what you think you're doing and what you think the results mean. To recap: Cut and paste what's actually happening, not your summary of same. -- --Jon Radel j...@radel.com
Re: MFP recommendations
2011/8/10 Jon Theil Nielsen jonth...@gmail.com Hi list, I want to buy another printer to use mainly with Windows. Even though I have no good feelings about those devises, that claims to be able to do everything I need. Even though, I need a better scanner with ADF and duplex printing (it need to be able to connect wirelessly to my Windows stations). So my question is if I can find such a thing, that I can connect to my FreeBSD server too. And if you can recommend a specific model. I have been looking at a lot of models, but I can't figure out if any of them would be able to work through FreeBSD, cups etc. Examples: HP Officejet Pro 8500A (CM755A) HP Photosmart Premium Fax e-All-in-One (CQ521B) Canon PIXMA MX885 Epson... Brother... In the first place, I may have to connect it via USB or ehternet. If it could be connected by my wireless adapter (Linksys WUSB600N), it would be nice Best regards, Jon Theil Nielsen Since my main goal is to be able to print over the network via my FreeBSD station, I could put in another way: Can I expect that printers known to be supported by HPLIP ( http://hplipopensource.com/hplip-web/supported_devices/index.html) actually work in FreeBSD? And would one of the HP models by a safe choice? Regards, Jon Theil Nielsen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: MFP recommendations
2011/8/11 Michael cada...@tucu.net On Aug 11, 2011, at 2:51 AM, Jon Theil Nielsen wrote: 2011/8/10 Jon Theil Nielsen jonth...@gmail.com Since my main goal is to be able to print over the network via my FreeBSD station, I could put in another way: Can I expect that printers known to be supported by HPLIP ( http://hplipopensource.com/hplip-web/supported_devices/index.html) actually work in FreeBSD? And would one of the HP models by a safe choice? Regards, Jon Theil Nielsen Hi, If you buy something like an Lexmark X543, you'll get all the features you want and it connects directly to your LAN. It speaks IPP and LPR which will work great with FreeBSD. It also speaks fluent MS Windows, Bonjour, Appletalk, etc. It's a little more expensive and larger than the HP you're looking at but you'll end up saving money over time using toner rather than ink. Michael Hi Michael, Thank you very much for your suggestion. It seems like a very nice printer. And I actually like the idea of a laser compared to inkjet. But for now, both the physical size and the price are too much. So I have too keep looking for another FreeBSD compatible solution (though it mostly - and certainly for scanning purposes - will be used with Windows). Regards, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: top-posting 'condescending asshats' (to use Ryan Coleman's description of himself)
On 8/3/11 3:01 PM, Robert Bonomi wrote: *ANY* situation where the elapsed time between messages is longer than the recipient's ability to retain the 'frame of reference' (i.e., the previous message) in memory, it _is_ harder for the recipient of the message to follow top-posted content than interleaved/bottom-posted. They _do_ have to scan back-and-forth to find out (first) _what_ is being talked about,and (then) what the response is. But you can learn so very many interesting things if you read down to the part that has the internal discussion about what they wish to tell you, which they completely loose track of by they time they send you a nice sanitized statement way up top. ;-) --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Two Networks on one System
On 6/21/11 6:41 AM, Damien Fleuriot wrote: On 6/21/11 2:32 AM, Jerome Herman wrote: On 21/06/2011 00:13, Jon Radel wrote: So depending on the client route, packets from a given IP address can land on either interface. Actually two clients nated behind the same public address might end up on both interfaces at the same time. Even though your solution should work 99% of the time , it can lead to pretty strange behavior. I am not completely sure of how reply-to works, notably with keep state (and of course OpenBSD manuals on PF are down right now, at least from here). I remember attempting similar setups and having quite a lot of trouble with ICMP (especially RST for that matter). I most emphatically did NOT write that. Somebody else isn't quoting properly. --Jon Radel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Two Networks on one System
On 6/21/11 7:28 AM, Martin McCormick wrote: The problem I have, probably due to a misunderstanding of what I need to do, is easy to describe. The defaultrouter statement in rc.conf or route add default x.x.x.x from the command line sets an interface to know that packets whose destinations or sources that are outside the subnet go to that default gateway. There is only one default gateway per FreeBSD machine. When I set up the secondary interface, I have not been able to come up with a statement or statements that tell fxp1 that it's default router is y.y.y.y so you can't ever reach it from outside the new subnet. This, in of itself, doesn't follow. In the absence of stateful firewalls and anti-spoofing filtering (blocking packets that don't have a source IP address on the expected list), or a complete disconnect between your networks, any packet coming in fxp1 can have a reply go out fxp0, to the default gateway, and get where it's going just fine. We can quibble over the finer details of the evils of asymmetrical routing some other day, but fundamentally an IP network doesn't care in the SLIGHTEST which route a packet takes to get where it's going. I have tried both a second physical connection and an alias and have ended up with the same behavior each time. Since we have the second NIC active, I prefer to use it if I can ever get it to use its router just like the primary interface does. As hinted at above, this is possibly not a FreeBSD issue at all. Without knowledge of how your network actually works, there's not too much more to be said, but one of the following should be true: 1) You don't have stateful firewalling and anti-spoofing filtering in the way, and something on your network is broken, as the default FreeBSD behavior should simply work if you've got a network that is simply transitioning from one set of addresses to another. 2) If you really can't reply to the same default gateway for everything, you'll need to do either policy-based routing or add more specific routes, depending on whether outgoing traffic can be segregated by source address, destination address, etc. However, since it appears that you don't actually have 2 networks at all, given your clarification that you've tried an interface alias, I'm left with one key question: Are your two gateways two different interfaces, or one interface with two different IP addresses? If the former, I'd try policy-based routing. If the latter, I'd check my firewall rules really carefully. Next step in any case should probably be to do some packet sniffing to confirm that packets from the outside world to the new address actually get to you in the first place. Or have you confirmed this from DNS logs or something else? --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Two Networks on one System
On 6/20/11 5:07 PM, Martin McCormick wrote: We are moving a primary name server from network A to network B on one of our branch campuses. If the secondary interface was reachable from the world, we can change the whois information and not worry about the exact second the change goes in to effect. Can networks A and B talk to each other? I suspect not, otherwise things would be just working even if all traffic went to the primary's gateway, but I just wanted to check that there wasn't something else bad happening. On the assumption that A and B are completely disconnected, then the only solution for this problem that I know of is to do policy-based routing using the source address or interface to make routing decisions, rather than using solely the destination address. This is actually relatively trivial to do using PF. pass in on nic_a reply-to ($nic_a $gw_a) pass in on nic_b reply-to ($nic_b $gw_b) with the various interfaces named appropriately and variables set to match should get you much of the way there. If you're using a slightly older version of PF, where keeping state on connections is not the default, you'll have to add state maintenance options to the lines. If you want packets to local machines to not go to the gateways and do u-turns there, you'll have to add a bit of filtering based on addresses, etc., etc. The explanation for the first line is more or less: For any new connection that comes in on NIC A, add an entry to the state table indicating that any reply packets should physically go out NIC A and should be passed to the next hop at adress $gw_a. WARNING: I use PF primarily on OpenBSD so sometimes get caught out on the subtle differences to the FreeBSD version. --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Two Networks on one System
On 6/20/11 6:30 PM, Gary Gatten wrote: I was kinda going this route as well - policy based routing type thing, but, is there an easier way? Not that I know of given a constraint of completely disjoint networks. However, I won't be too terribly surprised if somebody comes up with something elegant that makes us all go, Ooo, what a disgustingly neat hack. 1.) Temporarily enable ipforwarding - not my favorite 2.) Instead of a second NIC, bind the new IP to the org nic (alias). man ifconfig specifically mentions using alias during ip renumbering: Yes, if you've got a single network and are renumbering it. As I understand it, the OP has 2 networks, which is an entirely different matter. --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Two Networks on one System
On 6/20/11 8:32 PM, Jerome Herman wrote: pass in on nic_a reply-to ($nic_a $gw_a) pass in on nic_b reply-to ($nic_b $gw_b) From what I understand, there are two different ISP providing access to two different interfaces. In this case I am very concerned with all the bizarre things that a reply-to might trigger. What I mean is that nothing guarantees that a distant address will access the box from the same interface every time. Who cares? The interfaces have different addresses so any traffic that belongs together will go to only one interface. It's not like machines out there will alternate packets to two different destination IP addresses. They might alternate connections, for a very broad definition of connections, but that shouldn't present a problem. As for the rest, I think you're going waay beyond what the OP described as his problem: Setup two interfaces with different addresses which make use of different gateways as the addresses belong on different networks. Allow traffic to go to one address on one network until DNS glue records are changed and traffic starts going to a second address on a second network. I would suspect that he has stateful firewalls and/or anti-spoofing rules upstream from him that keep him from replying to everything out a single interface. If it weren't for that, I suspect we wouldn't be having this discussion. --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: free sco unix
On 6/18/11 10:36 AM, Jerry McAllister wrote: On Sat, Jun 18, 2011 at 03:28:24PM +0200, C. P. Ghost wrote: On Sat, Jun 18, 2011 at 12:02 AM, Robert Bonomi bon...@mail.r-bonomi.com wrote: I'ts _MUCH_ simpler, to just sign and date a copy of the work, and have a notary public 'witness' the signature. True. Without the service of a public registry of copyrighted works that (I think) only the US offers, and when you need a legally binding official stamp of some sort, you can go to a registered public notary. They're mildly expensive though; certainly a lot more expensive than the US Copyright Office fees. Have you ever had something notarized? I have had many things. It is not generally expensive. They ask $5 - $20 and many banks will have someone who will do it for for free if you have an account in the bank. That is much cheaper than doing an officialy USA registration. What the Notary notarizes is your signature being done at that place and on that date. jerry This stream of comments from people who, for reasons I can't quite fathom, but I like to give them the benefit of the doubt and figure that they really don't know how provincial they're being, figure that everything is *just*like*it*is*in*their*country*of*residence* is really becoming quite tedious. Could we please stop it? Face it folks, despite global commerce and a heap of treaties, the low-level mechanics of how banking, the courts, notarizing documents, applying for patents, registering copyrights, etc., etc., etc. work vary from country to country, sometimes rather wildly. --Jon Radel j...@radel.com Adding terribly to the noise, once and only once ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: unable to reach bsd-lists via mail
On 6/18/11 11:53 AM, Christopher J. Ruwe wrote: I have a problem with my mail-server configuration so that mail sent will not reach any freebsd adresses. The solutions offered in similar mails already accessible via various archives did not help :-( And yet, yet, yet, here is your mail. In duplicate no less. Next time please: 1) tell us what you actually mean by will not reach 2) keep in mind that some mailing lists greylist incoming mail In other words, be specific and patient. --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Long Day's Journey into Bleep
On 6/8/11 11:53 PM, Chad Perrin wrote: On Wed, Jun 08, 2011 at 05:56:59PM -0700, Gary Kline wrote: I'm still bringing back the dozens of things I removed from ethic. And testing new ideas. But I have a general question: have any of you wizards who run your own domains or otherwise use a switch [or hub] *ever* had it just-quit?! It is solid-state. Yes, the box is within my feet/foot reach. I have accidently kicked it i suppose, but still. I think I've just had ports die one by one on a switch until it no longer worked. I don't think I've ever had the whole thing go poof for no evident reason. Ditto. Most recently a Cisco switch had a rather useful port go into a really weird state that didn't really look broken but bits just...weren'tflowing. Took a while, and a lot of poking at the server in question, before we looked at each other and said, Wait, we've been assuming the switch works, what if it isn't. BTW, Gary, Linksys=Cisco is pretty much just a marketing thing and not a technology thing. --Jon Radel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Disable or limit email in root?
On 5/27/11 12:16 AM, Jorge Biquez wrote: Hello. I am trying to find if sendmail was the problem or what... thing is not that root receive email but that root was used to send email to a list of address... And what does it say in the logs? We'll help you interpret them if you wish, but right now I've heard nothing but speculation and I've heard nothing to distinguish between: 1) Somebody sent e-mail with root@ as the return address, or 2) Somebody generated e-mail with a process running as root, or 3) both. Your sendmail log should tell you where sendmail thinks the e-mail came from and where it thinks it sent it. Or you could start by telling us HOW you detected this problem. --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Skyip? question
On 5/11/11 8:20 PM, Gary Kline wrote: (How hard/easy woold be be to hack out a better one...or do GOOG and YHOO already have their own versions of skyip?) Not all that trivial, really, but, frankly, rather beside the point. The value of communications networks is more than the technology, it's in whom you can communicate with using it. So even if you were to hack out something more elegant than Skype, the vast majority of the world wouldn't care in the slightest, as they want to talk to their friends, family, and business associates, and have no interest in talking to you and the 137 hacking buddies who built the better mousetrap. There's a reason the PSTN still does so well despite its 19th century, low-bandwidth, voice-only roots. Lastly, a few years ago, somebody on this list said that skype was free like free beer. Pretty sure they had that saying when i was a kind back in the twelfth century, but still have no ides what it means, so would appreciate it from my fellow geeks who get that 'free-beer' swipe. Free beer = you can use it without paying money, but the stuff behind the curtain is proprietary and you can't necessarily look, never mind play. Free speech = you can do as you wish with the bits behind the curtain (give or take various license terms that can start religious wars) I believe the term doesn't pre-date Linux; wasn't it first used when the unwashed masses started getting confused as to what it meant for Linux to be free? BTW, I believe this discussion belongs over in the discussion list, as it has nothing to do with FreeBSD, so I will sin no more after this. --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Newbie Needing Help
On 5/8/11 8:17 PM, John or Judy Hixson wrote: At the risk of being told to get out of here and never come back (until you know enough to not need to come back), I need help on some very elementary stuff. I haven't found anywhere else to ask these questions and am therefore taking my chances. Ah, but you appear to be trying and you're certainly giving us useful information about what you're trying. You're even reading a useful book. So we're sometimes quite tolerant. :-) I'm trying to learn some FreeBSD in anticipation of eventually admining a FBSD server for my church office network. I've installed FreeBSD 7.4 on an old PC and am trying to follow along while reading Michael Lucas' book (2nd ed.). Beautiful way to start. Right now my problem is with the command line. Lucas make a statement as follows: If you want to see a comprehensive list of loader variables, check the default configuration file. Since there is no command check, I have no idea what to use. What command will check a file? Most, but not all configuration files of this nature are plain text files, though generally there are relatively strict rules about syntax which, alas, are not consistent across all parts of the system. What I really want to do is view the file, but that command doesn't exist either. You've already had a recommendation for using a text editor. I'd suggest use of less which is a text file viewer. Not using an editor makes accidental changes a bit less likely. less filename more filename cat filename will all show you the file, though with differing effects. I generally use the first. BTW, when you can explain the really bad Unix joke, less is more than more, you'll be getting the hang of things. Another problem that's throwing me for a loop is that even though I'm logged in as root I'm getting a permission denied return when I list a file (e.g. /etc/fstab) and press enter. If you simply enter a filename at the prompt it tries to execute the file (give or take a whole bunch of details, such as what the search path for commands looks like, etc., etc.) But, basically, any command is simply a file by that name somewhere in the file system, with the exception of the very short list of commands that are built into the shell (aka command line). So if you type the name of a file all by itself at the command prompt, the shell is liable to try execute, i.e. run, that file. Unless the file was written with an eye to being executed, this doesn't necessarily work out well so sometimes the shell simply refuses to do it. This no doubt the wrong place for simple questions like these so someone PLEASE tell me where better to go. Thank you. Remember that for the really basic stuff, Unix is Unix is Linux, so any tutorial you find with a google search or two would apply. --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Home firewall with DLink router and FreeBSD
On 5/5/11 8:37 PM, Leonardo M. Ramé wrote: Hi, at home I have a DLink Dir 300 router to provide internet access for my home network. The network is composed by two Windows PCs, one Linux laptop and one FreeBSD server we use mainly for storage and as web/database server. I must add, the server only have one network card. It becomes difficult to use a server as a firewall unless you have an inside and an outside network. Easiest is to simply add another network card, should that be possible on your server. Another possibility is to use VLAN taggging and connect the server to a switch that understands VLANs. I would like to know if its possible to use the FreeBSD server as a Firewall for the whole network, securing LAN and WiFi connections. If this can be done, then how? could you point me to some howto?. Yes. I'd start on the FreeBSD website and start reading things that look useful. If you're thinking about using pf as your firewall, which I'd personally recommend though other options are perfectly workable also, there's a nice document on the OpenBSD web site, IIRC. P.S.: this is the 2nd time I send this email, the first time it got caught by SpamAssassin. Maybe because a link in my signature. We got both on the list. --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: Security question (openssl vs openssh)
On 5/3/11 10:22 AM, Mark Moellering wrote: Everyone, I am looking into setting up a webserver to hold some very sensitive information. I am trying to figure out which is more secure, forcing any web connections to be done using an ssh tunnel or forcing ssl. I have not been able to figure out if one is definitively much more secure than another or if they are close to the same. I would have initially thought the ssh tunnel was more secure but knowing that ssl can use AES-256, I am now wondering if that isn't adding a complexity for little extra security. Thanks in advance Mark Moellering I'd say that that's a really hard problem to answer definitively, but my gut reaction is that the less complex solution is less likely to involve configuration screw-ups which compromise security. Particularly if other administrators are or will be involved, that which is too clever just begs for innocent, even if clueless, changes that compromise assumptions upon which the security depends. In any case, I'd worry more about how I handle user authentication and authorization than squeezing the last little drop of warm fuzzies out of the encryption setup. To the extent that if you already have a fully trusted infrastructure in place for ssh keys, you might want to consider using ssh tunnels for that reason alone. Or, to put it another way, if your security is going to fall, it's much more likely that it's going to involve a poor configuration choice, a user that screws up big time, or a back door to the data, than a successful technical attack against TSL or SSH. --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Unable to download FreeBSD
On 4/20/11 9:23 AM, Ruben de Groot wrote: On Wed, Apr 20, 2011 at 11:09:57AM +0530, Balaje Suri typed: Hi FreeBSD Team, When I try to download the FreeBSD distribution (by clicking on the link that refers to location: ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/8.2-RELEASE) , I get an error 425 Failed to establish connection. Could you please let me know an alternate working link. The link is good. You should probably configure your ftp client to use passive mode. And if ftp just won't cooperate with you, you can always go to http://torrents.FreeBSD.org:8080/ grab a torrent file using HTTP and use a BitTorrent client to get what you need. Unless, of course, your local firewall/network/ISP/etc blocks BitTorrent also. --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Options for Secondary DNS Service?
On 04/11/2011 06:10 AM, Maxim Khitrov wrote: If you're able/willing to transfer your domain to gandi.net, they offer free secondary dns service. It is enabled by adding ns6.gandi.net as one of the nameservers. I've been using it without any issues for a few years with djbdns as primary server. - Max On 4/11/11 7:58 AM, Pierre-Luc Drouin wrote: I was more looking for a slave server, since it would prefer to keep my primary server... Thanks! Yes, that's what a secondary server is. As Maxim said, gandi.net will provide a slave server as an option. They will also provide all servers and allow use of their dashboard for maintaining records as a different option. Don't top-post in this neighborhood, please. -- --Jon Radel j...@radel.com
Re: Linksys-E4200 Wireless N-router
On 4/8/11 11:21 AM, Carmel wrote: On Fri, 08 Apr 2011 12:51:41 +0100 Arthur Chancefree...@qeng-ho.org articulated: On 04/07/11 15:32, Carmel wrote: Odhiambo, please don't CC me. I don't need multiple copies of the same post. CCing the original poster is standard etiquette on FreeBSD mailing lists. Most lists are open to anybody to mail to without being signed up, so when replying there's no way of knowing whether or not the questioner will see a reply that only goes to the list. This is especially true of freebsd-questions. 1) I have posted several times on this list and only received CC's on two of them that I can recall. Obviously your standard is not so standard. That's the nice thing about standards, there are so many of them to choose from. 2) I placed a very clear notice at the bottom of my post(s). Many people would consider that a clue as to my desire to receive multiple copies of the same document. Expecting people to actually read and react to your disclaimernow that's *not* standard, given the wild proliferation of meaningless disclaimers necessitated by current thinking on various liability matters. 3) Perhaps it is only me; however, most of the major lists that I employ all require a registration by the poster prior to being allowed to post. Try to be friendly and helpful to non-subscribers...much too old school for a modern dude like you, it appears. 4) I have seen several posts where the OP requested to be CC'd because they were not registered members of the list. Obviously, they were aware of the necessity of being CC'd or reading the archives in order to review any posts to their request. Now, is someone is just so plain stupid that they are not aware of that simple fact, then they are too stupid to be posting to begin with. You're conflating ignorance and stupidity. Not really the same thing. Shall we have a rousing discussion as to whether this is ignorant or stupid of you? Feh! 5) If you noticed, I asked Odhiambo very nicely not to include me in a CC. I am sure he meant well; however, the inevitable destruction of electrons in the transmission of the superfluous document could have been avoided. If you'd just shaken your head and gone away quietly, instead of making your numbered list and sharing with us all, a lot more electrons would have gone on to have happy, productive lives doing something useful. But, no, you had to move up the heat death of the universe by 3 seconds. -- --Jon Radel j...@radel.com
Re: reverse dns in bind9
On 3/28/11 7:21 AM, Tim Dunphy wrote:
Hello,
Thanks for your reply!
I took your advice and removed that line from resolv.conf and added
it into /etc/named/named.conf
Now it looks like this
// RFC 1912
zone localhost{ type master; file master/localhost-forward.db; };
zone 127.in-addr.arpa { type master; file master/localhost-reverse.db; };
zone 255.in-addr.arpa { type master; file master/empty.db; };
zone 192.in-addr.arpa { type master; file master/summitjnhome-reverse.db; };
And I did a restart of both network and named but the issue remains:
LBSD2# host 192.168.1.44
Host 44.1.168.192.in-addr.arpa. not found: 3(NXDOMAIN)
Nowhere do you mention that you moved all the PTR records into the
192.in-addr.arpa zone where they belong, as noted by Robert Bonomi. And
why did you change
zone 1.168.192.in-addr.arpa { type master; file
/etc/named/master/summitnjhome-reverse.db
};
to
zone 192.in-addr.arpa { type master; file
master/summitjnhome-reverse.db; };
when your PTR lines only give the last octet? Where do you expect the
168.1 to come from?
--Jon Radel
j...@radel.com
Re: reverse dns in bind9
On 3/28/11 11:36 PM, Tim Dunphy wrote: Now I could probably understand it FAILING due to perhaps a type-o in the config. But I am genuinely curious as to how forward lookups will work and reverse lookups time out. I would expect them to time out if your dns server knows nothing about the reverse zone; give or take how you connect to the rest of the DNS. What messages about zones loading did you get when you restarted bind? Where there any crabby comments in the log file about not loading master/summitnjhome-reverse.db due to error(s)? Was that file mentioned at all? --Jon Radel j...@radel.com
Re: reverse dns in bind9
On 3/29/11 12:05 AM, Tim Dunphy wrote: hello no crabby comments on restart at all! LBSD2# /etc/rc.d/named restart Stopping named. Waiting for PIDS: 4970. Starting named. Ah but yes some complaints from the logs Mar 29 04:59:47 LBSD2 named[5469]: master/summitnjhome-reverse.db:10: ignoring out-of-zone data (summitnjhome.com) Mar 29 04:59:47 LBSD2 named[5469]: dns_master_load: master/summitnjhome-reverse.db:11: unexpected end of line Mar 29 04:59:47 LBSD2 named[5469]: dns_master_load: master/summitnjhome-reverse.db:10: unexpected end of input Mar 29 04:59:47 LBSD2 named[5469]: zone 1.168.192.in-addr.arpa/IN: loading from master file master/summitnjhome-reverse.db failed: unexpected end of input Mar 29 04:59:47 LBSD2 named[5469]: zone 1.168.192.in-addr.arpa/IN: not loaded due to errors. Mar 29 04:59:47 LBSD2 named[5469]: running Tho I am not sure why it's complaining about unexpected end of input this is the whole file Really? Judging from the line numbers in the log messages, you're missing about 3 lines that, I would hope, include something like IN SOA ns1.summitnjhome.com bluethunder.gmail.com ( 201103271 ; Serial, todays date + todays serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL NS ns1.summitnjhome.com. summitnjhome.com. doesn't make much sense as data in this zone, error message 1 ^ Whoa, Nelly, where's the rest of this line? error message 2 Oh, never mind, I'm so out of here.ignore all that stuff below, messages 3 and 4 42 PTR LCENT01.summitnjhome.com. 43 PTR LCENT02.summitnjhome.com. 44 PTR LBSD2.summitnjhome.com. 45 PTR LCENT02.summitnjhome.com. 46 PTR LCENT03.summitnjhome.com. 47 PTR LCENT04.summitnjhome.com. 23 PTR virtcent01.summitnjhome.com. 24 PTR virtcent02.summitnjhome.com. 21 PTR virtcent03.summitnjhome.com. 26 PTR virtcent04.summitnjhome.com. 27 PTR virtcent05.summitnjhome.com. 28 PTR virtcent06.summitnjhome.com. 29 PTR virtcent07.summitnjhome.com. 30 PTR virtcent08.summitnjhome.com. 31 PTR virtcent09.summitnjhome.com. 32 PTR virtcent10.summitnjhome.com. 33 PTR virtcent11.summitnjhome.com. 34 PTR virtcent12.summitnjhome.com. 35 PTR virtcent13.summitnjhome.com. 36 PTR virtcent14.summitnjhome.com. 37 PTR virtcent15.summitnjhome.com. 38 PTR virtcent16.summitnjhome.com. 39 PTR virtcent17.summitnjhome.com. 40 PTR virtcent18.summitnjhome.com. 41 PTR virtcent19.summitnjhome.com. -- --Jon Radel j...@radel.com
Re: Apple FreeBSD relationship
On 3/10/11 2:39 PM, Adam Vande More wrote: On Thu, Mar 10, 2011 at 1:35 PM, Charlie Kestercorky1...@comcast.netwrote: Especially if you earmark it for a specific project. You can't do that via a donation to the FreeBSD Foundation, only offer a suggestion. If the amount of money is large enough, I strongly suspect you could negotiate an exception to that -- --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Any package for surveys?
On 1/28/11 7:42 AM, Jerry wrote: On Fri, 28 Jan 2011 06:28:48 -0600 (CST) Robert Bonomibon...@mail.r-bonomi.com articulated: But, then, you're a spammer. And have just re-proven the validity of Rule #3, and Kruegers Corrolary thereunto, of the Rules of Spam. see:http://www.pearlgates.net/nanae/rulesofspam.shtmld I would, except all I keep getting are: 404 - Not Found error messages. Remove the spurious d from the end of the URL. -- --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: questions on bind9-3.6-P1
On 1/24/11 2:33 PM, Gary Kline wrote: oKay, since my prev question caught no wixards, how about looking at the errors from bind-9.3.6? [I rebuilt this from the src tarball; it finally installed; I fixed some obvious errors, but several remain. Here is the log file where bind9 fails on em0, my NIC in my server. This is one failure that is simply over my head. +++ Jan 24 11:14:55 ethic named[59747]: starting BIND 9.3.6-P1 -c /var/named/etc/namedb/named.conf Jan 24 11:14:55 ethic named[59747]: could not listen on UDP socket: address in use Jan 24 11:14:55 ethic named[59747]: creating IPv4 interface em0 failed; interface ignored Jan 24 11:14:55 ethic named[59747]: could not listen on UDP socket: address in use Jan 24 11:14:55 ethic named[59747]: creating IPv4 interface lo0 failed; interface ignored Jan 24 11:14:55 ethic named[59747]: not listening on any interfaces Jan 24 11:14:55 ethic named[59747]: couldn't add command channel 127.0.0.1#953: address in use Jan 24 11:14:55 ethic named[59747]: couldn't add command channel ::1#953: address in use Jan 24 11:14:55 ethic named[59747]: could not listen on UDP socket: address in use Jan 24 11:14:55 ethic named[59747]: creating IPv4 interface em0 failed; interface ignored Jan 24 11:14:55 ethic named[59747]: could not listen on UDP socket: address in use Jan 24 11:14:55 ethic named[59747]: creating IPv4 interface lo0 failed; interface ignored Jan 24 11:14:55 ethic named[59747]: running +++ Can anybody explain why (eg) the lo0 failed or was ignored. And why bind9--now offically at its EOLife--has trouble creating an IPv4 interface with my NIC, em0? Do I have to do some very simple? like rebooting? It appears to be complaining that you're already running another piece of software that is listening on all those ports. I'd be guessing another copy of bind. Try: ps uxwwa | grep named and see what all is running. If you're dealing with a bind from base and bind from ports I could see you trying to start both of them. Do you have named files in both /etc/rc.d and /usr/local/etc/rc.d? -- --Jon Radel j...@radel.com
Re: vm ware
On 1/19/11 3:41 AM, rafay awan wrote: Hi, I want to inquire if its possible to install freeBSD on vm ware? is there any live cd iso available? See http://www.vmware.com/resources/compatibility/search.php?deviceCategory=software Yes, though I suspect you mean to ask a more specific question which I can't discern. -- --Jon Radel j...@radel.com
Re: harddrive encryption
On 1/17/11 5:53 PM, Roland Smith wrote: Do not rely on a keyfile that resides on a disk in the machine (that would make encryption futile)! Use a passphrase instead. I'd think that depends on your use case. If you're encrypting removable drives and then shipping them elsewhere, such as for off-site backup, and you trust the physical security for the computer a lot more than you trust the courier and/or storage site Of course, I would agree that that's probably not what the OP has in mind. :-) -- --Jon Radel j...@radel.com
Re: Is there a 'Y' (i.e. branch) version of a command pipe?
On 1/8/11 10:30 PM, Modulok wrote: List, Is there a command that lets me send standard input to two different places at the same time? (i.e. non-sequentially.) Think of it like a pipe character, but with a 'Y' branch instead. Basically, I want to record standard input to a log file, but also send it to another command for processing. Think T, not Y, and then type man tee which I suspect does exactly what you want. -- --Jon Radel j...@radel.com
Re: THE SPAM WE GET [stop fretting and read]
On 12/10/10 9:46 AM, Ryan Coleman wrote: No, this list does not. As I mentioned yesterday, this is an unmonitored, unnannyed list that accepts emails from addresses without checking authenticity... meaning I can post from 4 emails (and I have) and not be subscribed on each address. Spoofing email addresses has happened for years, and with this list's archives being publicly available online it's been happening for a while and will continue to happen until the rules may or may not be changed. -- Ryan If this discussion is about the same wave of spam I've been getting examples of in the last couple of days, it should be noted that the mail isn't coming via the mailing list at all. Somebody is harvesting e-mail addresses and subject lines from a month or more ago and sending the spam directly. Folks, you have to read the headers if you want to have a sensible discussion about specific instances of spam. If you don't, you're simply sending yet more noise that's kinda sorta pretending to be signal. My personal rule of thumb with spam is to assume that absolutely everything involved is a lie, this leading to a more accurate overall assessment than the naive thought that any of it might possible be true just because of some social contract. After careful analysis, you *might* conclude that a few things actually are true, but that's different than assuming they are. So, Subject: that look like they're from the FreeBSD mailing list: lie. From: address that of somebody you discussed that topic with on the mailing list: lie. Date:: lie. All lies with one goal, to get you to click through on a URL that is *not* (another lie, get it?) in your self-interest to visit. -- --Jon Radel j...@radel.com
Re: Installed memory today, questions immediately
On 11/4/10 10:13 PM, justin v wrote: I installed 4GB or memory today. I rebooted and see this, the first line after the splash menu thing: 983040K of memory above 4GB ignored dmesg shows avail mem amount and I am concerned as well: real memory = 4294967296 (4096 MB) avail memory = 3139940352 (2994 MB) is a stick bad perhaps? Start by reading http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/faq/compatibility-memory.html If that doesn't cover it, come back here and include a little information about the version of FreeBSD and the hardware you're using. -- --Jon Radel j...@radel.com
Re: ATTN GARY KLINE
On 11/5/10 12:22 AM, kline wrote: i''m using evo to be able to click on. i have fewer ``Fail'' type responses, but do not understand the failure messages. Also, since it has been 9.5 years since I read DNS AND BIND, the jargon is lost. What does glue means? and how should I resolve? It is time to get this stuff arrow-straight, so hoping that someone on-list can clue me in. tx, gary http://www.dnscog.com/report/thought.org/1288928790 If your parents, the nameservers authoritative for .org, tell the world that one of the nameservers for thought.org is ns1.thought.org, they also have to tell the world what the IP address for ns1.thought.org is using an A record. That A record is glue. Otherwise you get a machine conversation something like: Resolving nameserver trying to find a record in the thought.org zone (RN): Please Mr. root server, I'd like to know about www.thought.org Root: See the .org folks over there RN: Please Mr. top-level dude, about that www.thought.org Org: Well, see ns1.thought.org RN: Ahem, I'm trying to find out basic stuff about thought.org and I don't know the address for ns1.thought.org in order to ask it Org: Well, ask ns1.thought.org what the address for ns1.thought.org is... RN: But, but, butfollowed by petulant stomping off Glue A records fix that problem. BTW, the fact that a glue record isn't returned for ns2.everydns.net in response to a query about NS records for thought.org really isn't a problem; note the info rather than fail from DNSCog. Biggest problem I still see is that ns2.everydns.net refuses to respond to queries about thought.org. You sure your account there is still active and functional and that you're allowing zone transfers to them? I note that you don't allow transfers from arbitrary addresses, and http://www.everydns.com/faq/secondary-domain/example-setup does warn that the source address for transfer requests was/will/did change. Some of the problems reported by DNSCog appear to be bogus. They've got some bugs related to cases where a nameserver has a name in the domain in question. (And also some bugs related to nameservers which are reachable by both ipv4 and ipv6, but that doesn't apply to you.) -- --Jon Radel j...@radel.com
Re: ATTN GARY KLINE
On 11/4/10 1:29 AM, Polytropon wrote: On Wed, 3 Nov 2010 21:51:04 -0500, Ryan Colemanryan.cole...@cwis.biz wrote: He likely won't. This was pointed out to him two months ago and nothing's been fixed. Seems to be fine from here: % nslookup -type=any thought.org Server: 192.168.100.1 Address:192.168.100.1#53 Non-authoritative answer: thought.org mail exchanger = 10 ethic.thought.org. thought.org nameserver = ns2.everydns.net. thought.org nameserver = ns1.thought.org. Authoritative answers can be found from: % host ethic.thought.org ethic.thought.org has address 209.180.213.210 % host ns1.thought.org ns1.thought.org has address 209.180.213.210 % host ns2.everydns.net ns2.everydns.net has address 208.76.62.100 % ping -c 3 ns2.everydns.net PING ns2.everydns.net (208.76.62.100): 56 data bytes 64 bytes from 208.76.62.100: icmp_seq=0 ttl=54 time=107.684 ms 64 bytes from 208.76.62.100: icmp_seq=1 ttl=54 time=107.073 ms 64 bytes from 208.76.62.100: icmp_seq=2 ttl=54 time=107.046 ms --- ns2.everydns.net ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 107.046/107.268/107.684/0.295 ms Or am I misreading that? You're overlooking the fact that ns2.everydns.net refuses to respond to queries about thought.org, though it is happy to respond to queries about everydns.net. When half the servers for your zone refuse to answer, things work less than 100%. On the other hand, I don't think things are completely broken. Actually they're less broken than Gary's DNS frequently is; it gets discussed on a regular basis for a reason. So is the last octet of ns1.thought.org's address 209 or 210? ;-) -- --Jon Radel j...@radel.com Consistency is the hobgoblin of little minds.
Re: ssh key authentication problem...
On 10/28/10 3:39 PM, Peter Harrison wrote: Can anyone help me debug an ssh key-based authentication problem? I have an 8.1-R server running sshd, with one user account. On the server, I've used ssh-keygen to generate id_rsa and id_rsa.pub. On my laptop I then pulled the id_rsa.pub file over and: % cat id_rsa.pub .ssh/authorized_keys Either I'm having reading comprehension problems, or you've got things backwards. If you're trying to login into the server across the network, the id_rsa.pub file goes into .ssh/authorized_keys file on the server, and the id_rsa file lives on your laptop, all nicely secured with a passphrase in case somebody steals your laptop. --Jon Radel j...@radel.com
Re: Which OS for notebook
On 10/5/10 7:31 AM, Carmel wrote: I realize that at this point someone will inevitably chime in and play the blame the manufacturers whine. If that were factually correct, then no one else would be able to supply drivers and support for hardware that FreeBSD has left orphaned. I'm somewhat unclear on how that follows. Might it not be that many manufacturers, busily dealing with Microsoft, and easing into Linux now that it has significant mindshare, have simply decided that there's no economic benefit to releasing detailed hardware specs in a form that works for FreeBSD developers? I really fail to see why you think the fact that the manufacturer itself has released binary drivers for Windows, and possibly Linux, and/or released hardware specs under NDA (non-disclosure agreement) to certain business partners, has any bearing on whether sufficient information to write a driver is available to any FreeBSD programmer with permission to use it to write an open source driver. -- --Jon Radel j...@radel.com
Re: what is from [sic (wrong)] with this picture? -- Answer: It's Ubuntu, not FreeBSD
On 9/29/10 4:24 PM, Gary Kline wrote: Yes! changing the line in main.cf lets things get thru to my server cleanly, thanks for the tip. I still don't understand what's wrong with my DNS files. Hopefully, other folk on-list will see what's messed up. Your domain registrar is having your dns delegated to 3 nameservers: thought.org.86400INNSns1.thought.org. thought.org.86400INNSns1.silvertree.org. thought.org.86400INNSns1.twisted4life.com. ;; Received 142 bytes from 2001:500:48::1#53(b2.org.afilias-nst.org) in 32 ms The last of the 3, ns1.twisted4life.com, is of the opinion that your domain doesn't exist, given that it has no authoritative data and refuses to do recursive lookups for the Internet at large. I would suspect that this would result in the coming and going visibility that others have reported. Basically, you don't exist a third of the time. You need to make sure that all the nameservers you list with your registrar are actually admitting to your existence and are getting up-to-date data. I recall having this conversation with you before. -- --Jon Radel j...@radel.com
Change CPU
Hi. I am going to upgrade my CPU on a system that I compiled both world and kernel on. The current CPU is Core i5-670 and I'm changing to Xeon X3470. Will I be able to boot my system or has GCC specific flags for i5 that won't work with X3470? Can I prepare the system in any way to make it boot using the new CPU? //JO ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how do i scp .dotfiles??
On 8/27/10 1:51 PM, Gary Kline wrote: i've already done 98 or so straight scp copies. the thing is how to use rsync over to an empty ethic? [[ empty == there are no \ dot files not .directories] i want EVERYTHING from this desktop, tao, temp on ethic. thanks An alternative I use sometimes when there is ample disk space on the source machine is to create a big tar file of everything in the user's home directory, scp the tar file, and then extract into the new home directory on the destination machine. Personally I find that slightly easier to keep track of. There are many ways to skin this cat -- --Jon Radel j...@radel.com
Re: Open Mail Relay
On 8/14/10 11:05 AM, Mikhail wrote: On 14.08.2010 17:29, pe...@vfemail.net wrote: I've reviewed my mail logs for the past couple of days and I can't find any entries for any mail addressed to the complainer's domain name except mail that should have been sent. You can try it yourself, with telnet and proper smtp commands. For example, telnet from outside of your organization to your mail server and issue: ehlo mydomain.com mail from: foo...@example.com rcpt to: foo...@example.org data test mail . You actually have to get error message about relay denied for you. If you don't - you're in trouble. If you do recieve such message - you relay is closed and probably you have spam worms who send emails from legit user, or something like that. The basic test, but hardly sufficient to determine if all the known ways of fooling an smtp server are accounted for. Recall from the OP's description: saying relaying was denied in 17 separate tests. The above also can be an issue if you do the test from an IP address that the SMTP server has been configured to treat as trusted. --Jon Radel j...@radel.com
Re: mrtg-2.16.2_6,1 does not run with perl-5.12.1_1
2010/8/2 Jon Theil Nielsen jonth...@gmail.com Hi list After upgrading perl according to UPDATING, I cannot use mrtg anymore. The error message is: Bareword P_DETACH not allowed while strict subs in use at /usr/local/lib/perl5/site_perl/5.12.1/MRTG_lib.pm line 1172. Compilation failed in require at /usr/local/bin/mrtg line 89. BEGIN failed--compilation aborted at /usr/local/bin/mrtg line 89. I filled a PR on this but haven't seen any answers/solutions: http://www.freebsd.org/cgi/query-pr.cgi?pr=148914 Am I the only one having this problem? If the port needs upgrading (as suggested in my PR), but this does not happen, how can I fix it myself? Cheers, Jon -- Jon Theil Nielsen Hi again, Hope I'm not beeing a pain... But I wolud really like to hearing from *anyone* who has upgradeded perl and has mrtg installed. Even if is working whtout problems. So, at least, I know that I have to look for a specific problem on my own server. I forgot to mention that I'm running 8.1 Stable. Cheers, Jon -- Jon Theil Nielsen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mrtg-2.16.2_6,1 does not run with perl-5.12.1_1
2010/8/2 Morgan Wesström freebsd-questi...@pp.dyndns.biz On 2010-08-02 10:49, Jon Theil Nielsen wrote: 2010/8/2 Jon Theil Nielsen jonth...@gmail.com Hi list After upgrading perl according to UPDATING, I cannot use mrtg anymore. The error message is: Bareword P_DETACH not allowed while strict subs in use at /usr/local/lib/perl5/site_perl/5.12.1/MRTG_lib.pm line 1172. Compilation failed in require at /usr/local/bin/mrtg line 89. BEGIN failed--compilation aborted at /usr/local/bin/mrtg line 89. I filled a PR on this but haven't seen any answers/solutions: http://www.freebsd.org/cgi/query-pr.cgi?pr=148914 Am I the only one having this problem? If the port needs upgrading (as suggested in my PR), but this does not happen, how can I fix it myself? Cheers, Jon -- Jon Theil Nielsen Hi again, Hope I'm not beeing a pain... But I wolud really like to hearing from *anyone* who has upgradeded perl and has mrtg installed. Even if is working whtout problems. So, at least, I know that I have to look for a specific problem on my own server. I forgot to mention that I'm running 8.1 Stable. Cheers, Jon Hi Jon. You're not alone. :-) I ran into the same issue and it has also been reported on Gentoo (which I use too). The solution is mrtg 2.16.4 and until the ports tree is updated there's a patch here you can apply manually which worked for me: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/149016 Regards Morgan Hi Morgan, Thanks a lot! I'll try it out as soon as possible. If it worked for you, I guess it will work for me too. Strange, though, that so few people report this problem. Maybe they just live happily with the old perl version. :-) Regards, Jon -- Jon Theil Nielsen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
mrtg-2.16.2_6,1 does not run with perl-5.12.1_1
Hi list After upgrading perl according to UPDATING, I cannot use mrtg anymore. The error message is: Bareword P_DETACH not allowed while strict subs in use at /usr/local/lib/perl5/site_perl/5.12.1/MRTG_lib.pm line 1172. Compilation failed in require at /usr/local/bin/mrtg line 89. BEGIN failed--compilation aborted at /usr/local/bin/mrtg line 89. I filled a PR on this but haven't seen any answers/solutions: http://www.freebsd.org/cgi/query-pr.cgi?pr=148914 Am I the only one having this problem? If the port needs upgrading (as suggested in my PR), but this does not happen, how can I fix it myself? Cheers, Jon -- Jon Theil Nielsen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Timestamp + Interval time zone issues
On 7/28/10 2:28 PM, Mike Ginsburg wrote: So I have pg 8.4.3 installed, with a database set to EST5EDT time zone. When I run SELECT NOW() I get 07/28/2010 14:27:07.767286 EDT showing that the timezone is properly set up. When I then try to add an interval to a statically entered time stamp, it gets all strange: SELECT '01/03/2011 16:00:00-04'::timestamp with time zone + '-1 hour'::interval; ?column?- 01/03/2011 14:00:00 EST Any idea why the adding of the interval is converting the result into EST instead of EDT? Because Daylight Saving Time will be over by 1/3/2011? Does it still happen if you use a statically entered time stamp that's during Daylight Saving? -- --Jon Radel j...@radel.com
Re: Subject: pf: pass in quick to port 25 still getting some blocks
On 7/2/10 5:25 PM, Len Conrad wrote: setting up pf on fbsd 7.2 for host security on a mail gateway. the only rule for port 25 is: pass in quick on em0 inet proto tcp from any to $ext_if port = smtp flags S/SA keep state and then last rule: block drop in log on em0 inet from any to $ext_if while 1000s of connections to port 25 are getting through with the pass rule, several 100 connections are getting blocked with the default block rule, bypassing the pass rule. I can't see how pf is selecting these connections to be blocked. In what sense are the packets that are getting blocked part of a connection? Are you sure the blocked packets are actually a legitimate first packet, with the appropriate flags set, or is the flags S/SA portion of your rule not matching? -- --Jon Radel j...@radel.com
Re: sendmail: My unqualified host name
On 6/28/10 6:21 PM, Polytropon wrote: But how can I find out exactly what is trying to use sendmail (which fails and complaints)? I think it's sendmail itself that complains on startup (running as local-only delivery system). That's certainly what it looks like. The only change in the system I can think of is that I replaced pf with ipfw. I doubt that has anything to do with it. Unless the change blocked access to DNS and reverse DNS was being used to look up the system name. -- --Jon Radel j...@radel.com
Re: I can't execute a script in crontab
Either make the script executable or cron it like this: * * * * * /bin/sh /path/to/myscript -- Paul Schmehl, Senior Infosec Analyst On 5/18/10 3:40 PM, Yavuz MaÅŸlak wrote: the script is already executable but it doesn't work -rwxrwxrwx 1 root wheel .. This list frowns on top posting, so please don't. How do you know it doesn't work? Seriously. You really need to tell us what what you're doing, exactly, step by step, and what is happening when you do it, if anything. Are you using root's crontab or something else? Does /root/.ssh/id_rsa.pub have a passphrase on it? -- --Jon Radel j...@radel.com
Question not found in FAQs or other documentation
To whom it concerns, I am a relatively basic/amateur computer user and I just noticed today that my recent servers lists Free BSD. I do not knowingly connect to any outside servers and am concerned that any server has been connected to my computer. My question is: how can I prevent this server from ever connecting to my computer again? And anything else I can do to delete this server, this connection I have an Apple powerbook G4 running Mac OS X 10.4.11. I would most appreciate a response. Thank you kindly for your time, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Question not found in FAQs or other documentation
On 5/15/10 5:57 PM, jon wrote: To whom it concerns, Not us, really. This strikes me much more as a Mac OS or local network support issue. I am a relatively basic/amateur computer user and I just noticed today that my recent servers lists Free BSD. Your recent servers list where? We need more details. I suspect you mean Finder-Connect to Server-Recent Servers, but that's just an educated guess. I do not knowingly connect to any outside servers and am concerned that any server has been connected to my computer. You really need to determine what computer on your network(s) identifies itself with the name Free BSD if you wish to track this down. If you dislike the fact that Mac OS X tries to list other computers on your local network, I'd strongly urge you to go into System Preferences and make sure that all sharing services are turned off and that the firewall is turned on with the most locked down set of options. However, keep in mind that Mac OS X likes to list other local computers which make file services available over AFP or SMB, and this does *not* mean that the other computers are connecting to your laptop (although it doesn't rule it out either). My question is: how can I prevent this server from ever connecting to my computer again? And anything else I can do to delete this server, this connection I've seen nothing in your description to indicate that there is a current connection of any type. If it bugs you, what about hitting the clear recent servers button, should that exist in 10.4. (I have nothing older than 10.5 to look at.) And make sure that *your* sharing is off and firewall is on. I have an Apple powerbook G4 running Mac OS X 10.4.11. Upgrade to Mac OS 10.5.8 if your hardware supports it. It's still getting more attention from Apple. -- --Jon Radel j...@radel.com
Re: More than 8 partitions
2010/5/2 Christopher Key cj...@cam.ac.uk Jon Theil Nielsen wrote: 2010/5/1 Christopher Key cj...@cam.ac.uk Jon Theil Nielsen wrote: Hi I'm running 8.0-Release on an external usb hard drive. and have dual-boot with FreeBSD on da0s2 and Windows XP on da0s1. I made a setup via Sysinstall with 7 partitions: /dev/da0s2a on / (ufs, local) /dev/da0s2b (swap) /dev/da0s2d on /var (ufs, local, soft-updates) /dev/da0s2e on /tmp (ufs, local, soft-updates) /dev/da0s2f on /usr (ufs, local, soft-updates) /dev/da0s2h on /var/log (ufs, local, soft-updates) /dev/da0s2g on /home (ufs, local, soft-updates) I have about 660 GB left unused on da0s2 that I would like to use for backups. But I can't figure out how to create one more partition. If i create a file for bsdlabel like # sizeoffset fstype i: * 0 4.2BSD I get the following error message: line 2: partition name out of range a-h: i I have also tried with gpart: gpart add -s 500G -t freebsd -f x da0s2 I get something like gpart: index '9': No space left on device I thought that 8.0 should support more than 8 partitions. Maybe it does, but then I don't know how to do. Any ideas? I believe that FreeBSD does support more than 8 partitions on a disk (apparently up to 20 using gpart), but that you need sufficient entries for these partitions to be created in the disklabel, viz. gpart create -n 20 ... Some testing seems to indicate that you can manually override this by changing by byte 0x28a of the disk from 0x08 to 0x14, and that bsdlabel / gpart will then allow you to create further partitions on the disk. Kind regards, Christopher Key Thanks Christopher I am not sure if I understand all of if. And I wouldn't like to wipe the drive to test if is possible to mass produce partitions like that. Could be useful in another situation, though. My knowlodge of GEOM and its utilities is very limited. Since I have succeded in creating the two slices with fdisk and subsequently populate them with bsdlabel, my only problem is how to create the last partition from the unpartioned space on da0s2. As mentioned in the beginning of this post, I have tried with both bsdlabel (from a file) and by issuing the gpart add command. With no luck. Would it be any help to give more specific about the drive/slice? The output of df -h | grep dev/da0 is: /dev/da0s2a 3.9G 630M2.9G17%/ /dev/da0s2g97G 160K 89G 0%/home /dev/da0s2e 3.9G 129M3.4G 4%/tmp /dev/da0s2f48G 6.6G 38G15%/usr /dev/da0s2d 9.7G 151M8.8G 2%/var /dev/da0s2h 3.9G 1.5M3.6G 0%/var/log and of gpart show da0: = 0 1759551255 da0s2 BSD (839G) 0 1048576 - free - (512M) 1048576 8318064 2 freebsd-swap (4.0G) 9366640 7303168 - free - (3.5G) 16669808 8388608 1 freebsd-ufs (4.0G) 2505841620971520 4 freebsd-ufs (10G) 46029936 8388608 5 freebsd-ufs (4.0G) 54418544 104857600 6 freebsd-ufs (50G) 159276144 209715200 7 freebsd-ufs (100G) 936891344 8388608 8 freebsd-ufs (4.0G) 377379952 1382171303 - free - (659G) and, finaly, of bsdlabel da0s2: # /dev/da0s2: 8 partitions: #size offsetfstype [fsize bsize bps/cpg] a:8388608 166698084.2BSD0 0 0 b:83180641048576 swap c: 1759551255 0unused0 0 # raw part, don't edit d: 20971520 250584164.2BSD0 0 0 e:8388608 460299364.2BSD0 0 0 f: 104857600 544185444.2BSD0 0 0 g: 209715200 1592761444.2BSD0 0 0 h:8388608 3689913444.2BSD0 0 0 In my desparate effort to understand these informations/data, i have put them into a spreadsheet and rearranged them - including some of my own calculations and assumptions. bsdlabel output - sorted by sector offset: #size offset (GB*) c 1.759.551.2550839 b 8.318.0641.048.576 4 a 8.388.608 16.669.808 4 d 20.971.520 25.058.416 10 e 8.388.608 46.029.936 4 f 104.857.600 54.418.544 50 g 209.715.200 159.276.144100 h 8.388.608 368.991.344 4 gpart show output - sorted by sector offset: (#) (size)(offset) (GB) (offset*) (GiB*)(i) 1.048.57600,5 01 free b 8.318.0641.048.576 4 1.048.5764 2 7.303.1689.366.6403,5 9.366.6403 free a 8.388.608 16.669.808 4
Re: More than 8 partitions
2010/5/12 A. Wright and...@qemg.org On 2010/5/2, Christopher Key cj...@cam.ac.uk wrote: frhed. Next write the data back to the disk: dd if=/tmp/hdr of=/dev/da0s2 On 2010/5/12, Jon Theil Nielsen wrote: obviously this is not the case. So I'll dd the existing partitions to another drive, use gpart to create enough partitions and then dd the old content back. I could easily use a standard disk layout, but the other approach will add some to my FreeBSD knowledge.. Just pointing out a rabbit hole here . . . You should be aware, too that if you want to _change_ the size (or any of several other params) of the filesystem, you don't really want dd, you want to dump(8) the filesystem and then use restore(8) -- as the man page says, this is the only reliable way to change various filesystem params. Using dd will be fine only if the sizes and all other params are to be identical (which is the case in Chris' comment, but not in the general case). Andrew. Thanks again That was a very good point. I think I'll wait until tomorrow. But I'll get back here if I run into troubles. :-I Regards, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: boot Debian on a RouterStation Pro
On Mon, May 3, 2010 at 7:55 AM, Alejandro Imassa...@p2ee.org wrote: On Sun, May 2, 2010 at 4:27 PM, Jozsi Vadkanjozsi.avad...@gmail.com wrote: Can anyone post a howto/doc, help about booting a Debian on a RouterStation Pro?:\ https://forum.openwrt.org/viewtopic.php?pid=108415#p108415 I still didn't manage to boot from it. Or any other normal distro :\ Thank you.. p.s.: a little more detailed howto:\ You must be joking right? On 5/3/10 9:53 AM, Outback Dingo wrote: why joking, FreeBSD will run on the RS Or maybe he was responding to the OP asking on a FreeBSD list for somebody to please write him a more detailed howto for booting Debian on a device. Especially since he put no effort into explaining what he'd tried and what had gone wrong. You know, the usual stuff to show you're not joking.asking in the right forum, being specific, etc., etc. -- --Jon Radel j...@radel.com
Re: More than 8 partitions
2010/5/1 Christopher Key cj...@cam.ac.uk Jon Theil Nielsen wrote: Hi I'm running 8.0-Release on an external usb hard drive. and have dual-boot with FreeBSD on da0s2 and Windows XP on da0s1. I made a setup via Sysinstall with 7 partitions: /dev/da0s2a on / (ufs, local) /dev/da0s2b (swap) /dev/da0s2d on /var (ufs, local, soft-updates) /dev/da0s2e on /tmp (ufs, local, soft-updates) /dev/da0s2f on /usr (ufs, local, soft-updates) /dev/da0s2h on /var/log (ufs, local, soft-updates) /dev/da0s2g on /home (ufs, local, soft-updates) I have about 660 GB left unused on da0s2 that I would like to use for backups. But I can't figure out how to create one more partition. If i create a file for bsdlabel like # sizeoffset fstype i: * 0 4.2BSD I get the following error message: line 2: partition name out of range a-h: i I have also tried with gpart: gpart add -s 500G -t freebsd -f x da0s2 I get something like gpart: index '9': No space left on device I thought that 8.0 should support more than 8 partitions. Maybe it does, but then I don't know how to do. Any ideas? I believe that FreeBSD does support more than 8 partitions on a disk (apparently up to 20 using gpart), but that you need sufficient entries for these partitions to be created in the disklabel, viz. gpart create -n 20 ... Some testing seems to indicate that you can manually override this by changing by byte 0x28a of the disk from 0x08 to 0x14, and that bsdlabel / gpart will then allow you to create further partitions on the disk. Kind regards, Christopher Key Thanks Christopher I am not sure if I understand all of if. And I wouldn't like to wipe the drive to test if is possible to mass produce partitions like that. Could be useful in another situation, though. My knowlodge of GEOM and its utilities is very limited. Since I have succeded in creating the two slices with fdisk and subsequently populate them with bsdlabel, my only problem is how to create the last partition from the unpartioned space on da0s2. As mentioned in the beginning of this post, I have tried with both bsdlabel (from a file) and by issuing the gpart add command. With no luck. Would it be any help to give more specific about the drive/slice? The output of df -h | grep dev/da0 is: /dev/da0s2a 3.9G 630M2.9G17%/ /dev/da0s2g97G 160K 89G 0%/home /dev/da0s2e 3.9G 129M3.4G 4%/tmp /dev/da0s2f48G 6.6G 38G15%/usr /dev/da0s2d 9.7G 151M8.8G 2%/var /dev/da0s2h 3.9G 1.5M3.6G 0%/var/log and of gpart show da0: = 0 1759551255 da0s2 BSD (839G) 0 1048576 - free - (512M) 1048576 8318064 2 freebsd-swap (4.0G) 9366640 7303168 - free - (3.5G) 16669808 8388608 1 freebsd-ufs (4.0G) 2505841620971520 4 freebsd-ufs (10G) 46029936 8388608 5 freebsd-ufs (4.0G) 54418544 104857600 6 freebsd-ufs (50G) 159276144 209715200 7 freebsd-ufs (100G) 936891344 8388608 8 freebsd-ufs (4.0G) 377379952 1382171303 - free - (659G) and, finaly, of bsdlabel da0s2: # /dev/da0s2: 8 partitions: #size offsetfstype [fsize bsize bps/cpg] a:8388608 166698084.2BSD0 0 0 b:83180641048576 swap c: 1759551255 0unused0 0 # raw part, don't edit d: 20971520 250584164.2BSD0 0 0 e:8388608 460299364.2BSD0 0 0 f: 104857600 544185444.2BSD0 0 0 g: 209715200 1592761444.2BSD0 0 0 h:8388608 3689913444.2BSD0 0 0 In my desparate effort to understand these informations/data, i have put them into a spreadsheet and rearranged them - including some of my own calculations and assumptions. bsdlabel output - sorted by sector offset: #size offset (GB*) c 1.759.551.2550839 b 8.318.0641.048.576 4 a 8.388.608 16.669.808 4 d 20.971.520 25.058.416 10 e 8.388.608 46.029.936 4 f 104.857.600 54.418.544 50 g 209.715.200 159.276.144100 h 8.388.608 368.991.344 4 gpart show output - sorted by sector offset: (#) (size)(offset) (GB) (offset*) (GiB*)(i) 1.048.57600,5 01 free b 8.318.0641.048.576 4 1.048.5764 2 7.303.1689.366.6403,5 9.366.6403 free a 8.388.608 16.669.808 4 16.669.8084 1 d 20.971.520 25.058.416 10 25.058.416 10 4 e 8.388.608 46.029.936 4 46.029.9364 5 f104.857.600 54.418.544 50 46.029.936 50 6 g209.715.200
More than 8 partitions
Hi I'm running 8.0-Release on an external usb hard drive. and have dual-boot with FreeBSD on da0s2 and Windows XP on da0s1. I made a setup via Sysinstall with 7 partitions: /dev/da0s2a on / (ufs, local) /dev/da0s2b (swap) /dev/da0s2d on /var (ufs, local, soft-updates) /dev/da0s2e on /tmp (ufs, local, soft-updates) /dev/da0s2f on /usr (ufs, local, soft-updates) /dev/da0s2h on /var/log (ufs, local, soft-updates) /dev/da0s2g on /home (ufs, local, soft-updates) I have about 660 GB left unused on da0s2 that I would like to use for backups. But I can't figure out how to create one more partition. If i create a file for bsdlabel like # sizeoffset fstype i: * 0 4.2BSD I get the following error message: line 2: partition name out of range a-h: i I have also tried with gpart: gpart add -s 500G -t freebsd -f x da0s2 I get something like gpart: index '9': No space left on device I thought that 8.0 should support more than 8 partitions. Maybe it does, but then I don't know how to do. Any ideas? Regards, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Fwd: More than 8 partitions
-- Forwarded message -- From: Jon Theil Nielsen jonth...@gmail.com Date: 2010/4/30 Subject: Re: More than 8 partitions To: Alberto Mijares amijar...@gmail.com 2010/4/30 Alberto Mijares amijar...@gmail.com On Fri, Apr 30, 2010 at 1:14 PM, Jon Theil Nielsen jonth...@gmail.com wrote: Hi I'm running 8.0-Release on an external usb hard drive. and have dual-boot with FreeBSD on da0s2 and Windows XP on da0s1. I made a setup via Sysinstall with 7 partitions: /dev/da0s2a on / (ufs, local) /dev/da0s2b (swap) /dev/da0s2d on /var (ufs, local, soft-updates) /dev/da0s2e on /tmp (ufs, local, soft-updates) /dev/da0s2f on /usr (ufs, local, soft-updates) /dev/da0s2h on /var/log (ufs, local, soft-updates) /dev/da0s2g on /home (ufs, local, soft-updates) I have about 660 GB left unused on da0s2 that I would like to use for backups. But I can't figure out how to create one more partition. You should create a new slice (da0s3) and then create new partitions on it or use the whole slice (ad0s3c). Regards Alberto Mijares Thanks Alberto So it is *not* possible to have more than 8 partitions? Just a matter of interest, since I'm experimenting here. But nice to know. The next problem is that i made fdisk create the two slices covering all the space of the disk. Can I somehow - using FreeBSD tools - shrink the size of da0s2 without data loss? Regards, Jon - reposting this to the list... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Fwd: More than 8 partitions
2010/5/1 Da Rock freebsd-questi...@herveybayaustralia.com.au On Fri, 2010-04-30 at 19:44 +0200, Jon Theil Nielsen wrote: Hi I'm running 8.0-Release on an external usb hard drive. and have dual-boot with FreeBSD on da0s2 and Windows XP on da0s1. I made a setup via Sysinstall with 7 partitions: /dev/da0s2a on / (ufs, local) /dev/da0s2b (swap) /dev/da0s2d on /var (ufs, local, soft-updates) /dev/da0s2e on /tmp (ufs, local, soft-updates) /dev/da0s2f on /usr (ufs, local, soft-updates) /dev/da0s2h on /var/log (ufs, local, soft-updates) /dev/da0s2g on /home (ufs, local, soft-updates) I have about 660 GB left unused on da0s2 that I would like to use for backups. But I can't figure out how to create one more partition. If i create a file for bsdlabel like # sizeoffset fstype i: * 0 4.2BSD I get the following error message: line 2: partition name out of range a-h: i I have also tried with gpart: gpart add -s 500G -t freebsd -f x da0s2 I get something like gpart: index '9': No space left on device I thought that 8.0 should support more than 8 partitions. Maybe it does, but then I don't know how to do. Any ideas? Use vinum - thats what I needed to do. Mind I had around 15 partitions to work out so it is effective... Maybe I should consider that too. But this installation is quite experimental, and I just thought that it would be a simple task to make a few extra partitions, since that was what I read about when 8.0 was released. But I haven't found any documentation on the issue. I guess I either have to use some non-FreeBSD tool to change the size of my slices or backup the installation to another drive, rerun fdisk etc., and copy the system back. 'Regards, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: More than 8 partitions
2010/5/1 C. P. Ghost cpgh...@cordula.ws On Sat, May 1, 2010 at 1:58 AM, Jon Theil Nielsen jonth...@gmail.com wrote: So it is *not* possible to have more than 8 partitions? Just a matter of interest, since I'm experimenting here. But nice to know. Unlike OpenBSD's disklabel(8) which supports up to 15 partitions, bsdlabel(8) supports only 8 partitions (including the whole disk): http://www.openbsd.org/cgi-bin/man.cgi?query=disklabelsektion=8 http://www.freebsd.org/cgi/man.cgi?query=bsdlabelapropos=0sektion=0manpath=FreeBSD+8.0-RELEASEformat=html -cpghost. -- Cordula's Web. http://www.cordula.ws/ I am very far from being an expert on these issues. And this link is certainly not documentation: http://ivoras.sharanet.org/freebsd/freebsd8.html But if I look into the source code of bsdlabel (/usr/src/sbin/bsdlabel/bsdlabel.c), I can see this: #define MAXPARTITIONS 26 which at least tells me that is has been the *intention* that it should be possible. Regards, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: More than 8 partitions
2010/5/1 Polytropon free...@edvax.de On Sat, 1 May 2010 02:53:13 +0200, Jon Theil Nielsen jonth...@gmail.com wrote: But if I look into the source code of bsdlabel (/usr/src/sbin/bsdlabel/bsdlabel.c), I can see this: #define MAXPARTITIONS 26 which at least tells me that is has been the *intention* that it should be possible. Obviously, this refers to the possible letters a, b, c, ..., z as partition identifiers instead of numerical ones (e. g. ad0p7). -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... Sure. It could be so. All I know is that the bdslabel error message tells me that I can't add a label outside the range a-h. And I must admit that I can't find any official documentation saying that I should be able to do so. I guess it has been the intention, but that it hasn't been implemented (yet). Regards, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Request for mount_nfs assistance
Peter, The two lines shouldn't create a conflict, but it would seem to me to be more normal to append the second IP after the first, e.g.: /usr/home1 -maproot=root 192.168.0.252, 192.168.0.253 On the other hand, if the 253 machine doesn't need access it would be wise to remove the second line altogether and reduce any potential attack arising from that machine on the mount. Have you checked /var/log/messages and any other files to see why the server (maybe) didn't start after the last reboot? That could prevent any recurrence. Jon On 19 April 2010 17:48, pe...@vfemail.net wrote: 192.168.0.244's /etc/exports file says: /usr/home1 -maproot=root 192.168.0.252 /usr/home1 -maproot=root 192.168.0.253 192.168.0.252 is the machine that should have access to 192.168.0.244's drive, but was having difficulty obtaining it. I'm kind of surprised to see the entry for 192.168.0.253, because I don't think that machine has any need for access to the drive. Do these two entires in the /etc/exports file create a conflict? I don't believe there were any recent network-related changes. --- At 12:00 PM 4/19/2010, Jon Mercer wrote: What information is contained in the /etc/exports file on the NFS server? If that changed between NFS Server restarts that _could_ be the cause. Also, has there been any simultaneous change in the network across which the servers speak? Especially with regard to port 111. On 19 April 2010 15:38, pe...@vfemail.net wrote: I have two servers funning FreeBSD. For the past four years, an: /sbin/mount_nfs 192.168.0.244:/usr/home1 /home1 command has successfully allowed one server access to data on the other server's hard drive. This morning, following reboots of both servers, the mount_nsf command fails, returns: 192.168.0.244:/usr/home1: RPCPROG_MNT: RPC: Timed out error messages. Each server can ping the other and connect via ssh; the hardware's working fine; I don't believe anything's changed on either server recently; and the find command doesn't indicate that any system files have been altered in the past week. I'm at a complete loss for any explanation of the failure, and I'm uncertain how to diagnose and fix the problem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- --- Jon Mercer DirectorAchean Limited http://www.achean.com http://uk.linkedin.com/in/jonmercer --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- --- Jon Mercer DirectorAchean Limited http://www.achean.com http://uk.linkedin.com/in/jonmercer --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Request for mount_nfs assistance
Do you have anything relating to RPC connections inbound on the server logs? It may also be time to look at which version of FBSD you are running. On 20 April 2010 19:06, pe...@vfemail.net wrote: I deleted the unnecessary line from the /etc/exports file and rebooted both machines. Connecting from the client to the server using an /sbin/mount_nfs 192.168.0.244:/usr/home1 /home1 command took forever . . . well, somewhere between a half-hour and an hour. It used to be speedy. Nothing mount-related has been logged in either server's /var/log/messages file. I'm at a loss to know where to start to track down what's causing the slow connection. -- At 03:42 AM 4/20/2010, Jon Mercer wrote: Peter, The two lines shouldn't create a conflict, but it would seem to me to be more normal to append the second IP after the first, e.g.: /usr/home1 -maproot=root 192.168.0.252, 192.168.0.253 On the other hand, if the 253 machine doesn't need access it would be wise to remove the second line altogether and reduce any potential attack arising from that machine on the mount. Have you checked /var/log/messages and any other files to see why the server (maybe) didn't start after the last reboot? That could prevent any recurrence. Jon On 19 April 2010 17:48, pe...@vfemail.net wrote: 192.168.0.244's /etc/exports file says: /usr/home1 -maproot=root 192.168.0.252 /usr/home1 -maproot=root 192.168.0.253 192.168.0.252 is the machine that should have access to 192.168.0.244's drive, but was having difficulty obtaining it. I'm kind of surprised to see the entry for 192.168.0.253, because I don't think that machine has any need for access to the drive. Do these two entires in the /etc/exports file create a conflict? I don't believe there were any recent network-related changes. --- At 12:00 PM 4/19/2010, Jon Mercer wrote: What information is contained in the /etc/exports file on the NFS server? If that changed between NFS Server restarts that _could_ be the cause. Also, has there been any simultaneous change in the network across which the servers speak? Especially with regard to port 111. On 19 April 2010 15:38, pe...@vfemail.net wrote: I have two servers funning FreeBSD. For the past four years, an: /sbin/mount_nfs 192.168.0.244:/usr/home1 /home1 command has successfully allowed one server access to data on the other server's hard drive. This morning, following reboots of both servers, the mount_nsf command fails, returns: 192.168.0.244:/usr/home1: RPCPROG_MNT: RPC: Timed out error messages. Each server can ping the other and connect via ssh; the hardware's working fine; I don't believe anything's changed on either server recently; and the find command doesn't indicate that any system files have been altered in the past week. I'm at a complete loss for any explanation of the failure, and I'm uncertain how to diagnose and fix the problem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- --- Jon Mercer DirectorAchean Limited http://www.achean.com http://uk.linkedin.com/in/jonmercer --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- --- Jon Mercer DirectorAchean Limited http://www.achean.com http://uk.linkedin.com/in/jonmercer --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- --- Jon Mercer
Re: [OT] Was: Disabling DNS
On 4/20/10 5:11 PM, Sergio Tam wrote: 2010/4/20 Jorge Biquezjbiq...@icsmx.com: Hello all. My English is not perfect at all since it is not my native language. With that in mind I read the comments about the dummy word, interpreted as a basic task, simple task In th eeffort of learning... can you explain why you considered the comments unfriendly and non-professional? dummy= idiot stupid retard moron dumb dumbass fool loser jerk jackass asshole dork imbecile ass dunce slow tard ignorant silly dolt lame retarded hyphy douchebag simpleton slut cretin bitch crazy dickhead gay dipshit douche fag fucktard ignoramus dumbo dimwit dope dodo blockhead doofus dumbbell dunderhead tool nitwit dullard foolish fat annoying Which must be why the X for Dummies series of books sells so well in the U.S., eh? --Jon Radel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Request for mount_nfs assistance
What information is contained in the /etc/exports file on the NFS server? If that changed between NFS Server restarts that _could_ be the cause. Also, has there been any simultaneous change in the network across which the servers speak? Especially with regard to port 111. On 19 April 2010 15:38, pe...@vfemail.net wrote: I have two servers funning FreeBSD. For the past four years, an: /sbin/mount_nfs 192.168.0.244:/usr/home1 /home1 command has successfully allowed one server access to data on the other server's hard drive. This morning, following reboots of both servers, the mount_nsf command fails, returns: 192.168.0.244:/usr/home1: RPCPROG_MNT: RPC: Timed out error messages. Each server can ping the other and connect via ssh; the hardware's working fine; I don't believe anything's changed on either server recently; and the find command doesn't indicate that any system files have been altered in the past week. I'm at a complete loss for any explanation of the failure, and I'm uncertain how to diagnose and fix the problem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- --- Jon Mercer DirectorAchean Limited http://www.achean.com http://uk.linkedin.com/in/jonmercer --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Question. Multi Boot
On 4/18/10 12:50 PM, Kruppa, Peter Ulrich wrote: Since Windows isn't very cooperative with other operating systems, leave it where it is, buy a second hard disk and install FreeBSD (and Linux) on it. The FreeBSD bootmanager will be able to boot Windows but Windows will not boot any FreeBSD or Linux. I would agree that is the safest way to proceed, although the repartitioning of the hard disk as outlined by somebody else would certainly work. However, even here I would urge you to have a complete backup that you have verified is usable before you start. Makes that sinking feeling in your stomach when you realize you've just partitioned the wrong drive much less ugly. :-) --Jon Radel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail Five Second Greeting Delay
On 4/2/10 8:33 AM, David Allen wrote: Secondly, it seems the cause of the OP's problem was a delay associated with an IDENT query. Specificially confTO_IDENT Timeout.ident [5s] The timeout waiting for a response to an IDENT query. If he had local DNS configured, there would be no query, and therefore no issue, but setting the timeout to 0 seconds using define(`confTO_IDENT', 0s) does remove the delay, but not the underlying problem. You sure? IDENT has nothing to do with DNS, and I don't know of any program that does an IDENT query solely if DNS data is not available. I can't see why that would make any sense. What is most likely the OP's root problem is that he's sending e-mail from a machine that's on the other side of a firewall that blocks IDENT traffic but doesn't actively reject it. So sendmail has to sit around and wait for the query to time out. This is why there's a school of thought that even if your default for firewall configuration is to quietly drop unwanted packets, IDENT is a protocol that you should actively reject. It makes things move along more quickly. Put another way, I'm wondering why IDENT queries are made? My knowledge of that protocol is superficial, but my understanding is that running an identity service is widely considered a security problem. FreeBSD doesn't run identd by default, for example, but it's possible that some Linux distros do. The Wikipedia article suggests It's an IRC thing, but that doesn't address the default sendmail behavior. Things can make more sense when you realize that TCP/IP networks have changed over the years. Long ago, when dinosaurs roamed the earth, and timesharing servers were big things with professional admins and lots of users, it could be helpful to know that if you got an irritating connection from the Math Dept. server using source port X, and IDENT said the owner of the process that was using port X was a user called Jimbob, that you could go to the admin of that server and tell him to slap Jimbob upside the head. After all, if his IDENT server had been subverted, he would have mentioned it when you had a beer with him last night. These days, when so much traffic comes from individual workstations where the user can frequently arrange for an IDENT server to return any fool information they want, if they have it running at all, the value added is much less. Do remember that some of these things date from back when Linus was still in diapers (well, actually, he was about 15 when the earliest RFC with the genesis of IDENT was published), so trying to figure out why they make sense based solely on what Linux does can be futile. ;-) -- --Jon Radel j...@radel.com
Re: Sendmail Five Second Greeting Delay
On 4/2/10 11:49 AM, David Allen wrote: On 4/2/10, Jon Radelj...@radel.com wrote: On 4/2/10 8:33 AM, David Allen wrote: Secondly, it seems the cause of the OP's problem was a delay associated with an IDENT query. Specificially confTO_IDENT Timeout.ident [5s] The timeout waiting for a response to an IDENT query. If he had local DNS configured, there would be no query, and therefore no issue, but setting the timeout to 0 seconds using define(`confTO_IDENT', 0s) does remove the delay, but not the underlying problem. You sure? IDENT has nothing to do with DNS, and I don't know of any program that does an IDENT query solely if DNS data is not available. I can't see why that would make any sense. Well, I'm sure that on a network with functional DNS, sendmail sends no IDENT queries. And by extension, there are no delays due to timeouts of unaswered queries . Very odd. Why on earth would that be the case? What is most likely the OP's root problem is that he's sending e-mail from a machine that's on the other side of a firewall that blocks IDENT traffic but doesn't actively reject it. So sendmail has to sit around and wait for the query to time out. That much I get, but the question is why sendmail, by default sends those queries? Historical reasons. So that you know, when bad mail is sent to you from the Math Dept. server by Jimbob playing around with his own SMTP program, whom to yell at. (See below for references.) Please don't make out like I'm advocating as this being of much utility these days; I'm not. You can find all sorts of recommendations to turn this off if you look around. This is why there's a school of thought that even if your default for firewall configuration is to quietly drop unwanted packets, IDENT is a protocol that you should actively reject. It makes things move along more quickly. Fair enough. But that reasoning is based on a premise that IDENT is widely depended upon (and implicitly widely used), yes? It's still deployed enough to result in tedious discussions, such as this one, coming up fairly frequently. None of this is a problem until you have people who drop ident packets *and* get upset that there are servers out there that wait for a timeout. And just think, we could be in the bad old days, when you *had* to wait for the IP stack to timeout and sendmail didn't have a handy place to set the timeout to a short value. To paraphrase: One of the underlying rules of getting along on the Internet is to be strict in what you send and forgiving in what you accept. So do something sensible with IDENT requests or expect odd delays, and don't waste time wondering why there are still servers out there that do things that don't really make a lot of sense anymore. Put another way, I'm wondering why IDENT queries are made? My knowledge of that protocol is superficial, but my understanding is that running an identity service is widely considered a security problem. FreeBSD doesn't run identd by default, for example, but it's possible that some Linux distros do. The Wikipedia article suggests It's an IRC thing, but that doesn't address the default sendmail behavior. Things can make more sense when you realize that TCP/IP networks have changed over the years. Long ago, when dinosaurs roamed the earth, and timesharing servers were big things with professional admins and lots of users, it could be helpful to know that if you got an irritating connection from the Math Dept. server using source port X, and IDENT said the owner of the process that was using port X was a user called Jimbob, that you could go to the admin of that server and tell him to slap Jimbob upside the head. After all, if his IDENT server had been subverted, he would have mentioned it when you had a beer with him last night. These days, when so much traffic comes from individual workstations where the user can frequently arrange for an IDENT server to return any fool information they want, if they have it running at all, the value added is much less. Do remember that some of these things date from back when Linus was still in diapers (well, actually, he was about 15 when the earliest RFC with the genesis of IDENT was published), so trying to figure out why they make sense based solely on what Linux does can be futile. ;-) Interesting reading. Thanks for elaborating. So the IDENT protocol was relied on in the time of the dinosaurs, it's value today is so much less (a polite way of saying not used at all?), and IDENT packets are commonly dropped by firewalls. Do I have that right? Yes, except for the not used at all bit. If so, then a reasonable conclusion is that the default sendmail behaviour with respect to IDENT (sending queries and then waiting for a reply) is an anachronism. And the workaround (setting a timeout of zero) is a fix for that anachronism. Should I consider those two points as features, or should I just
Re: can't ping localhost
Well, the ping issue is just an example. My real problem is that sendmail can't send anything locally: # tail /var/log/maillog Mar 11 02:16:58 mech-anton240 sm-msp-queue[32611]: o2B0irgd029426: to=mexas, ctladdr=mexas (1001/1001), delay=01:32:05, xdelay=00:00:00, mailer=relay, pri=480031, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: [127.0.0.1]: No route to host Well, have you considered looking to see if it's right? What do you get in response to: $ netstat -rn | grep 127 127.0.0.1 127.0.0.1 UH 064746lo0 $ Showing what I get on a 7.0 server. Unless they've moved things around since 7.0, you probably want to make sure that you've not messed with the ifconfig_lo0 line in /etc/defaults/rc.conf. My apologies if that config stuff has changed in the latest; I don't have access to the latest right now. -- --Jon Radel j...@radel.com
Re: Thousands of ssh probes
Randal L. Schwartz wrote: Tim == Tim Judd taj...@gmail.com writes: Tim I've been in that same boat. I eventually came to the decision to: Tim Install PPTP server software, accepting connections from any IP. Whoa. Here we are, talking about making it *more* secure, and you go the other direction http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security_of_the_PPTP_protocol In short, you can't take anyone seriously who suggests PPTP when talking about security. Especially since rolling out OpenVPN and your own little CA to issue yourself and your 10 best friends certificates is pretty easy. I find it easier to wrap my head around than something like IPSEC for supporting a trusted server on trusted network attached to by laptops that wander around in sometimes sleazy parts of the Internet model. Just make sure you've kept up to date with your SSL libraries. :-) --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: selling freebsd cd for profit
On 2/27/10 2:58 AM, Matthew Seaman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 27/02/2010 24:50:54, Citra Cool wrote: can i selling free bsd for my profit?? is it legal?? In a word, yes -- sure you can. All you have to do is abide by the terms of the licensing. You sure that this applies in a couple countries where they have rather draconian laws about selling software that supports any type of encryption? It's a big world out there, with many interesting laws. -- --Jon Radel j...@radel.com
Re: selling freebsd cd for profit
On 2/27/10 1:31 PM, Programmer In Training wrote: On 02/27/10 12:22, Jon Radel wrote: On 2/27/10 2:58 AM, Matthew Seaman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 27/02/2010 24:50:54, Citra Cool wrote: can i selling free bsd for my profit?? is it legal?? In a word, yes -- sure you can. All you have to do is abide by the terms of the licensing. You sure that this applies in a couple countries where they have rather draconian laws about selling software that supports any type of encryption? It's a big world out there, with many interesting laws. That would be for the interested party to find out on their own, since we cannot possibly know the laws for each and every country out there. I find it hard enough to keep up with the laws in my own. Well, duh! However, in personal correspondence, the OP refuses to even say what country he or she wants to do this in and simply reiterates the original question, despite strong hints, both on and off list, to get local expertise. -- --Jon Radel j...@radel.com
Re: Squid reporting incorrect time
On 2/27/10 7:59 PM, Ty John (sand_man) wrote: On Sun, 28 Feb 2010 00:03:19 + RWrwmailli...@googlemail.com wrote: On Sun, 28 Feb 2010 09:07:27 +1030 Ty John (sand_man)ty...@eye-of-odin.com wrote: Hi guys, I've had my squid proxy running fine for quite some time now but just one thing bothers me. When a page cannot be displayed, the date and time showing on that page is incorrect even the the system date and time is correct. Works for me. Are you sure the error page is generated by your cache? Do you see your own hostname in the page? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Yes I'm 100% sure. I'll check out those others links Jon just posted. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org He's referring to my mail where I mentioned: Try http://www.linuxreaders.com/2009/08/10/squid-change-timezone/ See also the distinction between %t and %T at http://wiki.squid-cache.org/Features/CustomErrors -- --Jon Radel j...@radel.com
Re: PASSWORD LOST!!
Adam Vande More wrote: On Fri, Feb 12, 2010 at 8:05 AM, John j...@starfire.mn.org wrote: People, people - be careful that we are not creating a formula to break into FreeBSD servers around the world... The only acceptable solution is for someone in Eric's organization to secure physical access to the server. It may be in a co-lo situation, but if that's true, they must have a contract open and, if nothing else, they terminate the contract and get the machine back, though more likely, the contract allows them supervised access. Machines are not perfect - even without losing the root password, they break and need maintenance - this is a MAINTENANCE event and should be treated as such, just like a hard drive failure or a NIC failure. Creating a scheme for someone to break into FreeBSD systems remotely or to publicize schemes people have created to remotely manage their systems in ways that could be used to compromise them is foolishness! Regardless of the purity of his intention, Eric is asking us to tell him how to break into our homes or steal our cars. ;) Security through obscurity is no security, hence it is a good exercise. Quite. In any case, the OP started out by telling us how he had plugged a monitor into the server, so we're several degrees removed from reality by this point. -- --Jon Radel j...@radel.com smime.p7s Description: S/MIME Cryptographic Signature
Re: NTP Stratum
DAve wrote: Afternoon from Blizzard central in Indiana, I have three DNS servers across the state that I have installed and configured ntpd on. They seem to be working well except they are announcing themselves as Stratum 0 servers. As many times as I have read the man pages I can't seem to figure out how I *should* set them to announce themselves at a lower stratum. Not enough information about what you're trying to do: Are these synchronized against an outside source of time? Are you using a local source of time such as a GPS receiver? Or are your servers sitting there with nothing but the undisciplined local clock and something like: server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 0 in the config file? What's ntpq -c peers showing? As a general sort of rule, if you're synchronized to some trusted time from somewhere, your stratum is going to be one higher than the stratum of the server you're synchronized against, and you rather have to go out of your way to override that. -- --Jon Radel j...@radel.com smime.p7s Description: S/MIME Cryptographic Signature
Re: SU
Shone Russell wrote: I am not able to execute any commands when I utilize the su function, I am entering our correct password. It was working on Friday, but now it's not. Please let us know exactly what you're entering (without the password, of course) and what the results are. Do you get an error message? Does it hang? What? -- --Jon Radel j...@radel.com smime.p7s Description: S/MIME Cryptographic Signature
Re: partly offtopic, but need feed back now.
Gary Kline wrote: according to him, on each one copper circuit, there were two unused wires that could be used for a second phone number. so that afternoon I had a dialup line and the house had a voice line. Or more Each POTS (Plain Old Telephone Service) line takes one copper pair. The wiring inside your house probably has two pairs, which can either be used for 2 lines or for 1 line plus power to light the dial of your Princess phone. If your wiring is of the right vintage you might even have the old transformer for providing the power dangling somewhere. The wiring up to your house probably has some even number of pairs. I think I have a 4-pair and a 6-pair at this point, though most are no longer used (I'm down to a single POTS and a single T1, way down from my high point). if I'm not mistaken, there are some Qwest people amongst this group. I would like to know if what the telephone installer told me 14 years ago was true, and also, if it is likely unchanged. Well, pretty much unchanged other than that all the local exchange carriers that actually run copper wire to houses are eager to get out of that business to one extent or another. I don't follow this closely, but I think ATT is the only one to have actually gone public with a request to the FCC to set a date when they can drop POTS lines forever. at any rate, within four hours, the cable company will take ownership of the second voice line. I think it is just one physical circuit split in two by a clever tech. Hif you're doing the standard thing, and porting your phone number to the cable company, they'll have to put some equipment of their own on or in your house. They don't really take ownership of the line, just the number. See if you can get the tech to make real sure that your two inside pairs are well isolated so maybe you can get rid of the problem of ring voltage leaking from one to the other. He'll probably just detach one of your inside pairs from Qwest and hook it up to his box, assuming he doesn't just wave his hands and tell you plug your phone in here and go away. -- --Jon Radel j...@radel.com smime.p7s Description: S/MIME Cryptographic Signature
Re: Setup FTP service on FreeBSD 2.0.5?
Paul Shi wrote: Dear Matthew and Everyone, Thank you so much for your response. I think I will just create a user named ftp to enable anonymous access since security is not our major concern so far. I should hope that security will never be your concern, given how many years of security related patches you're missing. -- --Jon Radel j...@radel.com smime.p7s Description: S/MIME Cryptographic Signature
Re: NOW what?
Gary Kline wrote: My new server is back out of harm's way, but now, upon reboot, no mail. I have tail -f maillog and get Domain not found Yes, i did edit my DNS files, but I think i have a backup. Can anybody clue me in so i don't do this by mistake again? thanks. Are we talking about ethic.thought.org? (Personally I think it's a bit arrogant of you to assume we all remember the details of your network from week to week, but I'm a grouch, and other's mileage almost certainly varies.) Is your mail server on ethic.thought.org? If so, you're probably just running into a race condition, given that your *only* nameserver for thought.org is also on ethic. Or at least your only announced nameserver. In other words, your mailserver is quite possibly starting up, attempting a dns lookup and timing out, all before your nameserver is up and running. What happens if you restart just your mailserver at this time? If that doesn't resolve the matter, give us some details about where your nameserver and mailserver live, and give us the contents of /etc/resolv.conf on the mailserver, and tell us for which e-mail addresses e-mail isn't flowing. --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NOW what?
Gary Kline wrote: It was a good lesson that I should NOT have ever dared to mess around with IPv6 ... but I did. And yup, after moving the server everything restarted. And that v6 stuff busted things. H...yes, putting IPv6 addresses into your DNS w/o your IPv6 network actually working does tend to break things all over the place. You really need a test server to play with rather than subjecting your main [only] server to these experiments. ;-) [ten mins later with coffee kicking in]:: a question on the nameserver stuff: given that I have only one ISP, how could I have another nameserver? ethic is DNS, mail, and web. I've got two secondary nameservers. One in Dallas, a second in England. Wellwhich is it? One or three nameservers I find it helps to think of nameservers as being of two types: 1) Resolving nameservers These are the servers that *your* machines use to look up addresses, both your own and things like www.google.com. You can use your own server. Your ISP would also have one or more available for customer use. I'd suggest using a list of servers rather than just one. This list is what you'd set up in /etc/resolv.conf. 2) Authoritative nameservers These are the servers that tell everyone about thought.org (in your case). You say that you have one on ethic.thought.org and 2 secondaries in Dallas and England. However, given that neither your parent servers nor your own zone file as found on ethic mention those two other servers, it's very unlikely that they're doing you any good at all. (There are advanced scenarios where hidden secondaries are useful, but I don't think any of them apply to your network.) BTW, a single install of a name server on a single machine is perfectly capable of acting as both a resolving and an authoritative server, but it still helps, IMHO, to consider it as serving two different roles. (All of which leaves aside the security issues involved) I would suggest you find out what servers your ISP makes available as resolving servers for customers, and use ethic followed by those servers in resolv.conf and other such setup. I would suggest you find out if those secondary servers are actually syncing the data from ethic, and if so, list them with your domain registrar and in NS records in your dns zone. With those two steps, dns as a whole will become a bit more resilient for you. --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Source of closed port RST responses
DAve wrote: I am routinely seeing these entries in one of my servers logs. Limiting closed port RST response from 373 to 200 packets/sec The server sits behind a PIX firewall, so I am suspicious of what is trying to connect to a closed port. I don't see in any other logs what port is being hit, or what IP is causing these log entries. Any way to tell what the source IP of these is? Thanks, DAve Easiest way, probably without any observer effect, would be to mirror the switch port your server is plugged into and use a computer running wireshark, or equivalent, to look at the mirrored traffic. Unless, of course, your switch doesn't support port mirroring, you don't have a spare computer running wireshark, etc., etc. It's obviously hard to tell what resources you have available to you. You can also install wireshark from ports on your server, but depending on disk space, how pristine you want your server to remain, and internal security rules (wireshark, particularly some of the protocol decoders, is not without its own issues), there are some downsides to this. Also remember that source IPs can be forged, so look at the MAC address information as well if things appear to be really odd. -- --Jon Radel j...@radel.com smime.p7s Description: S/MIME Cryptographic Signature
Re: is this getting out?
Gary Kline wrote: ariatotle is offline; i'm exclusively on my new server. will somebody please do a digg thought.org and see if they see what i see? hope i get this. 1) If you don't share what you see, nobody can compare, 2) Various people have pointed out various problems already, however, I'll reference you to the detailed analysis of your DNS problems that Giorgos Keramidas provided to you on 12/12 at 22:29 UTC. thought.org still has at least 7 name servers referenced somewhere; some of them have an MX record pointing at ethic, some have an MX record pointing at aristotle. Until you fix *all* the problems that have been documented in great detail, you will continue to have problems like this. For example, it appears that you've reduced the servers recorded with your registrar down to 2, but ns1.thought.org still returns this list of NS records: thought.org.38400 IN NS b.ns.celestial.com. thought.org.38400 IN NS c.ns.celestial.com. thought.org.38400 IN NS d.ns.celestial.com. thought.org.38400 IN NS ns1.thought.org. thought.org.38400 IN NS ns1.localhostservices.net. thought.org.38400 IN NS ns2.secondary.com. thought.org.38400 IN NS a.ns.celestial.com. Fix your DNS! --Jon Radel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: no sshd on new server...
Polytropon wrote:
On Sun, 15 Nov 2009 15:49:33 -0800, Gary Kline kl...@thought.org wrote:
ok, i have my new server-to-be underway but having problems exec'ing
/usr/sbin/sshd. i can ssh out to existing computers, but cannot ssh
or scp stuff in. so my question is: how do i create
/etc/ssh/ssh_host_dsa_key ? checking around does no good.
Maybe I remember incorrectly, but doesn't sshd create this file
on its first startup?
Do you have
sshd_enable=YES
in /etc/rc.conf? Is sshd running, or do you get error messages
regarding the host DSA key file?
This is version specific. If you're really old fashioned (v4, for
example ;-), you can look in /etc/rc.network for a cookbook:
case ${sshd_enable} in
[Yy][Ee][Ss])
if [ -x /usr/bin/ssh-keygen ]; then
if [ ! -f /etc/ssh/ssh_host_key ]; then
echo ' creating ssh1 RSA host key';
/usr/bin/ssh-keygen -t rsa1 -N \
-f /etc/ssh/ssh_host_key
fi
if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
echo ' creating ssh2 RSA host key';
/usr/bin/ssh-keygen -t rsa -N \
-f /etc/ssh/ssh_host_rsa_key
fi
if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
echo ' creating ssh2 DSA host key';
/usr/bin/ssh-keygen -t dsa -N \
-f /etc/ssh/ssh_host_dsa_key
fi
fi
;;
esac
or just reboot after setting sshd_enable=YES. In newer versions,
/etc/rc.d/sshd start checks if the files exist and creates any of the
3 which don't, or you can force this check and creation with
/etc/rc.d/sshd keygen. In all cases that I know of, it's just the
ssh-keygen program being run on your behalf.
--
--Jon Radel
j...@radel.com
smime.p7s
Description: S/MIME Cryptographic Signature
Re: I hate to bitch but bitch I must
PJ wrote: It's owrthless to read your entire comment here as everyone is forgetting two things, here... 1. COMMON SENSE 2. NOT EVERYONE WHO READS MANUALS OR MAN PAGES IS NECESSARILY LIMITED TO THE NARROW MINDBEND OF THE INITIATED. There are those who think those who bitch because they've not taken the time to understand terms of art (to borrow language from yet another of the many, many sub-varieties of English) that have been widely used in the community for decades, and seem to feel that their resulting confusion is obviously somebody else's fault and duty to fix, lack sense, common or otherwise. On this, I suspect we'll just have to disagree. (Though I will point out that in the above passage you've just told us that you admit to having forgotten common sense. Ordinarily I wouldn't stoop this low, but you've just spent much time telling us how much clearer, better, and comprehensible your brand of English is.)) Personally, I welcomed Ian's comments, as I believe he was the first to point out explicitly that language such as this is contextual, long-standing in the community in which it is used, and really not that confusing once you pay attention. (My apologies to anyone else who discussed this earlier; I found it difficult to read every message in this thread.) BTW, it's hard for me, personally, to take seriously anyone who quotes in full, with no trimming, something which he dismisses as worthless to read. -- --Jon Radel j...@radel.com smime.p7s Description: S/MIME Cryptographic Signature
