Re: jail.conf ignoring exec.fib?
--On 20 August 2013 18:02 +0100 Arthur Chance free...@qeng-ho.org wrote: And that's just made me think of something else - I have a horrible feeling that jexec will attach to the jail using whatever fib it's running under, i.e. the fib from the host environment. Do you have (or can you enable) ssh running in the jail? If so, log into the jail that way, and see what sysctl net.my_fibnum shows then, because you'll be running under the environment created by /etc/rc. Ok, one word: Bingo. That was it. I'll spare you the gory details of how I cut myself off from the machine, managed to create a jail with no access etc. etc. But yes, that was it - in summary: jail -c -v Does not actually *show* the fib being set, but will show an error if the setfib call fails. jexec Runs a process in the jail, using the prevailing fib - not the jails fib, you can rectify this by using 'setfib X jexec jail tcsh' I don't know if that last point should be considered a 'bug' or not... Many thanks for your help! -Karl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: jail.conf ignoring exec.fib?
--On 20 August 2013 08:27 +0100 Arthur Chance free...@qeng-ho.org wrote: In the source the exec.fib parameter is given as an integer, so the quotes probably shouldn't be there, but I'm not sure whether it matters. I tried it just as 'exec.fib = 1;' originally, and it makes no difference :( There's definitely a setfib call in the source that's done if exec.fib exists. All I can think of right now is that you try firing up the jail using the -v verbose flag. This should show everything the jail command does as the jail is created. Ok, I tried that and got: root# jail -v -c jail jail: run command: /sbin/mount -t devfs -oruleset=4 . /usr2/jails/jail/dev jail: jail_set(JAIL_CREATE) persist name=jail devfs_ruleset=4 jid=100 path=/usr2/jails/jail host.hostname=jail.somedomain.com ip4.addr=192.186.0.20 allow.raw_sockets jail: created jail: run command in jail: /bin/sh /etc/rc Setting hostname: jail.somedomain.com ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib 32-bit compatibility ldconfig path: /usr/lib32 Creating and/or trimming log files. ln: /dev/log: Operation not permitted Starting syslogd. Clearing /tmp (X related). Updating motd:. Starting cron. Tue Aug 20 11:39:20 UTC 2013 jail: jail_set(JAIL_UPDATE) jid=100 nopersist Certainly more detail, but no mention of fib's :( - I tried it both with, and without quotes around the FIB value. You can also see I have raw sockets available for debugging. -Karl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: jail.conf ignoring exec.fib?
--On 17 August 2013 17:32:18 +0100 Arthur Chance free...@qeng-ho.org
wrote:
What do you get in the jail from
sysctl net.fibs
sysctl net.my_fibnum
?
I didn't know those sysctl's existed :) If I fire up the jail, and jexec to
it, and run the above - I get:
root@jail:/ # sysctl net.fibs
net.fibs: 4
root@jail:/ # sysctl net.my_fibnum
net.my_fibnum: 0
(I have 'ROUTETABLES=4' in the Kernel, so the 4 above is correct).
That's for a jail which has:
jail {
jid = 100;
exec.fib = 1;
...
In /etc/jail.conf
So, on the surface it looks like 'exec.fib' is being ignored :( I tried it
without quotes as well, to no avail.
-Karl
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
jail.conf ignoring exec.fib?
I'm running 9.2-RC2 amd64 on a system, with a number of jails. The jails
are setup using '/etc/jail.conf' - but the exec.fib in jail.conf seems to
be being ignored?
e.g. in /etc/jail.conf I have:
testjail {
jid = 100;
exec.fib = 1; Set FIB 1
path = /usr2/jails/testjail;
host.hostname = testjail.somedomain.com;
ip4.addr = 192.168.0.40;
mount.devfs;
}
But if I run up that jail and connect to it, 'netstat -r -n' shows it's
still using fib 0 (i.e. the default gateway is set).
If before running the jail, I do 'setfib 1 route add default 192.186.0.90'
- when the jail is run up, again - netstat within it still shows the
systems default gateway, not the gateway from fib 1?
-Karl
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: jail.conf ignoring exec.fib?
--On 14 August 2013 08:58 -0400 Fbsd8 fb...@a1poweruser.com wrote: The jail(8) man page lacks details about how to use exec.fib. It requires either a new kernel (with options ROUTETABLES=2 or however many you want), or a boot-time setting with net.fibs=2 in /boot/loader.conf (requiring a reboot). Yup, done that :) setfib 1 route add default 198.192.64.21 creates routing table number 1 with that IP address. In this example exec.fib=1 would be coded. See setfib(8) and setfib(2) for details. Yeah, I do that as well - but 'netstat -r -n' from within the jail shows the systems default routing table. As opposed to 'setfib 1 netstat -r -n' (outside the jail) which shows fib either has no default gateway, or the one I set (which is right). Just within the jail, it only every shows it's using the systems default routing table :( Fib's work fine outside the jail (i.e. I can show them, set differing default gateways) - but no matter what I do, the 'exec.fib=' line in jail.conf seems to be ignored, when the jail is run up - it only ever sees the default routing table :( -Karl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Static Jail ID's (JID's) for use with IPFW?
Hi, I have a number of jailed systems running - and I've been setting up ipfw rules for them. This is on FBSD 9.1. 'ipfw' lets you match on traffic to/from a Jail ID (JID) - however every time jails get started / stopped their JID changes [thus breaking the firewall rules]. I can't see anywhere to 'statically' configure a JID to a Jail (i.e. in /etc/rc.conf). Is this possible? / How? Thanks, -Karl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Static Jail ID's (JID's) for use with IPFW?
--On 07 August 2013 12:23 +0100 Arthur Chance free...@qeng-ho.org wrote: I don't think the old /etc/rc.conf way of handling jails lets you do it, but the latest version of jail(8) introduced /etc/jail.conf and you should be able to add jid = N; parameters in there. Thanks - I'll check that out... I've no idea what will happen if your choice conflicts with an automatically generated jid, so you'll either have to make sure all jails have fixed jids, or choose a suitably high range for fixed ones and hope you never generate too many unfixed jids. I'll be making them all static - just to avoid that problem ;) Cheers, -Karl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
net-snmp - Crazy figures for swap interrupts?
Hi, We've got a number of 9.x machines - just setup a new 9.1-RELEASE-p4 amd64 system, put net-snmp on it (net-snmp-5.7.2_3) - and we're getting 'weird' results for some stats, e.g. UCD-SNMP-MIB::ssSysInterrupts.0 = INTEGER: 1145324516 interrupts/s UCD-SNMP-MIB::ssSwapIn.0 = INTEGER: 1145324612 kB UCD-SNMP-MIB::ssSwapOut.0 = INTEGER: 1145324593 kB That's an insane number of interrupts/second (systat shows 200-300 total) - also ssSwapIn.0 is 'The average amount of memory swapped out to disk, calculated over the last minute.'. The machine isn't swapping - and had 784k swapped out (according to Top) - it's lightly loaded (LA 0.02) w/3Gb memory 'free' and 3Gb inactive. Any idea where net-snmp is getting those figures from, or why? - Or better - how to fix? Thanks, -Karl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd-update - To 'Stable'?
--On 22 November 2012 17:41 +0100 Polytropon free...@edvax.de wrote: I'm looking at switching to 'freebsd-update' - is there an equivalent way to get it to update me to '-STABLE'? No. The freebsd-update program can only be used to follow the RELEASE branch, plus the security updates (RELEASE-pN). Following STABLE branch still requires you to update by source. Ok, as csup is 'deprecated' - I guess what I need to do is move over to Subversion instead? - As 'freebsd-update' is only going to get me release + security (-pX), not 'stable'. At the moment we have a local host that has the entire FreeBSD source tree on it - so we can just 'cherry pick' versions we need to update - I'd guess / hope a similar setup is possible, but with Subversion... -Karl [Off to look for a setup guide ;)] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Tuning modern (i.e. 9.x) FreeBSD Systems for 'servers' - any guides?
Hi, We've got a number of 9.x systems in service - replacing a number of older 6/7/8 ones. In the olden days (going back quite a while) you had to fiddle around with stuff like NMBCLUSTERS, MAXUSERS etc. In fact, if you have a look around Google it's littered with guides/articles for this stuff, which appears to be all very out of date. Does anyone have any links for 'modern' tuning guides - or is it simply not necessary with newer FreeBSD versions? (e.g. 9.x upwards) e.g. if the machine is amd64 w/6-8Gb of RAM - running GENERIC. The servers typically handle lots of TCP sessions - so I'm just concerned about what in the olden days would have been network buffers etc. Thanks, -Karl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Issues with smartd starting up at boot time - delays sever start?
--On 13 November 2012 11:14 -0600 Dan Nelson dnel...@allantgroup.com wrote: Can anyone think of a 'simple' fix for this? - Is there anything I can do to '/usr/local/etc/rc.d/smartd' to make it run later in the startup process? Try adding mail to the REQUIRE: line, since sendmail has that in its PROVIDES: line. Thanks, I'll give that a go when I get a chance, -Karl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Issues with smartd starting up at boot time - delays sever start?
Hi, I've noticed on our systems (9.0-Stable, amd64) that starting smartd at boot time massively extends the startup time of the box. I think I've traced this down to smartd, and our use of the '-M test' config option (which sends a test message, apparently forking to 'mail' - and, as the config man page says - it will block until that command returns). For whatever reason (networking not stable at that point in time, MTA not started yet etc.) - on our machines this leaves smartd handing around for minutes - before it returns, the machine starts up (and the status emails arrive). Can anyone think of a 'simple' fix for this? - Is there anything I can do to '/usr/local/etc/rc.d/smartd' to make it run later in the startup process? Does the dreaded '/etc/rc.local' still get run -after- everything else? (Worst case I could launch it from there). Thanks, -Karl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD 9-R pxeboot fails with 'Mounting root filesystem rw failed'...
Hi, I've got a 9.0-R amd64 system I'm trying to netboot / pxeboot from the network, to install other machines (and do fixups etc.) I set this up as we setup previous versions here - but setting up a tftp server, and nfs server - and 'dumping' the contents of the install CD to a directory on the dhcp server, which is exported via nfs (it's exported as read/write). The system kind of boots, but falls over with: Interface em0 IP-Address 192.168.0.47 Broadcast 192.168.0.255 Entropy harvesting: interrupts ethernet point_to_pick kickstart. Starting file system checks: mount_nfs: no host:dirpath nfs-name Mounting root filesystem rw failed, startup aborted ERROR: ABORTING BOOT (sending SIGTERM to parent)! Mar 1 118:10 init: /bin/sh on /etc/rc terminated abnormally, going to single user mode Enter full pathname of shell or RETURN for /bin/sh: It looks like it's failing to 'remount' / promote the root file system as read/write (It's definitely exported as read/write - I've tested it by mounting it on another machine). If you start a shell at this point and run mount, you get: 192.168.0.37:/usr2/netboot/os/9.0-amd64 on / (nfs, read-only) devfs on /dev (devfs, local, multilabel) Is there something I have to set (e.g. in '/etc/rc.conf') in order to fix this? Previous systems setup this way would always boot through to the sysinstall menu. Thanks, -Karl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 9-R pxeboot fails with 'Mounting root filesystem rw failed'...
--On 01 March 2012 11:53 +0100 ego...@ramattack.net wrote: So I recomend you reading last mails of mine in freebsd-hackers... Hope it helps, Bye! For what it's worth - I've resolved the issue I had (which was basically the system booted, but failed trying to re-mount root as RW, and hence wouldn't go into the installer). The fix I did was to change the '/etc/fstab' on the Netboot server (i.e. the copy of FreeBSD that you're booting). It contains: /dev/iso9660/FREEBSD_INSTALL / cd9660 ro 0 0 Just commenting out that line, i.e. #/dev/iso9660/FREEBSD_INSTALL / cd9660 ro 0 0 Means the boot now completes, and I get offered the Install / Shell / Live CD prompt, instead of an error about not being able to remount root. I've yet to complete an install this way (so far we're just using a script to extract the new 9.x style '.txz' files). But that little change does let us netboot correctly now, enough for what we need. -Karl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Using both ar0 and underlying ad12/ad14 'at the same time' (smartmontools)
Hi, I have a couple of FreeBSD 8.2-STABLE (as of 25/08) boxes. These have onboard RAID 'type' controllers. The OS is installed on 'ar0' (e.g. /dev/ar0s1d et'al). Additionally I've installed the smartmontools port - which monitors drive SMART attributes. Am I ok setting this up to access the 'underlying' devices for ar0 (which are also exposed by the OS) - e.g. as '/dev/ad12' and '/dev/ad14' - at the same time as obviously data is being read / written to '/dev/ar0' (which comprises both those disks as a RAID1 array)? Cheers, -Karl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Is it safe to increase / double kern.maxvnodes under FreeBSD 6.4 i386?
Hi, We had some issues at the weekend that left one of our machines with a very, very large sendmail queue... While we were trying to sort it out we noticed the machine takes over 4 minutes to go through the queue (i.e. 'mailq'). I noticed the machine was hovering around the maxvnode limit - so I upped it. The 'sweet spot' appears to be: sysctl -w kern.maxvnodes=25 That cuts the time to run a mailq from over four minutes down to 12 seconds. The machine has 2Gb of RAM, and is 'moderately' loaded (normally) - is it wise to leave that setting at 250,000 - or is it likely to cause other issues (i.e. kernel memory issues) - is there any metric I can look at / check to see if we can get away with leaving it that high? The only stuff I can seem to find on the 'net mostly concerns upping it under amd64 as that uses a different mapping method for vnodes - I can't seem to find anything that covers increasing it that much (2.5 * the default of 100,000) under i386. As it obviously makes a huge difference for us, I'd love to leave it in place - but don't want to risk anything drastic like a panic. Thanks, -Karl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Hanging when trying to 'rm' files off a read-only NFS export? [7.2-R]
Hi, I've got a 7.2-RELEASE box that has it's root file system mounted read/only via NFS. It hangs when trying to shutdown, at the Writing entropy file: point. Having chased this down - it hangs *any* time you try to rm' a file off of the filesystem. e.g. If I do: recovery# cd / recovery# touch test touch: test: Read-only file system recovery# rm COPYRIGHT nfs server 10.0.0.1:/usr2/boot/os/7.2-i386: not responding nfs server 10.0.0.1:/usr2/boot/os/7.2-i386: not responding nfs server 10.0.0.1:/usr2/boot/os/7.2-i386: not responding That last error is just repeated for infinity at about 5-10 second intervals. Any suggestions? The NFS server exports line being used is: /usr2/boot/os -alldirs -maproot=root -ro -network 10.0.0.1 -mask 255.255.255.0 The reason for the shutdown hang is that '/etc/rc.d/random' rm's the '/entropy' file if it exists as the system shuts down, and that rm never returns (the error output is redirected so you never see the errors) :( -Karl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Hanging when trying to 'rm' files off a read-only NFS export? [7.2-R]
--On 16 July 2009 13:49 + stopeme stop...@gmail.com wrote: The reason for the shutdown hang is that '/etc/rc.d/random' rm's the '/entropy' file if it exists as the system shuts down, and that rm never returns (the error output is redirected so you never see the errors) :( grep entropy | /etc/defaults/rc.conf entropy_file=/entropy # Set to NO to disable caching entropy through reboots. # /var/db/entropy-file is preferred if / is not avail. entropy_dir=/var/db/entropy # Set to NO to disable caching entropy via cron. entropy_save_sz=2048# Size of the entropy cache files. entropy_save_num=8 # Number of entropy cache files to save. move entropy file to rw fs - like /var or somewhere else Already done that as a 'workaround' - but the underlying problem is that rm hangs... Surely it shouldn't hang? Also the actual '/etc/rc.d/random' appears to have code designed to work around read-only root file systems, but that doesn't work in this case - it doesn't avoid the hang. Touch doesn't hang, cp's don't hang, file redirection (e.g. 'echo hello test') doesn't hang - infact everything I can think of doing write wise doesn't hang, except for rm? The rm hangs for ever (left it for hours). If any other software, scripts, or anything on there attempts a similar operation - it'll lock up that process for eternity, that can't be right? -Karl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Acepting lnown bad mail?
--On 06 September 2006 06:59 -0400 stan [EMAIL PROTECTED] wrote: What's going on is that the local sendmail on the new machine is rejecting these mails. Like this Sep 6 06:50:43 brown sm-mta[12249]: k86Ai3w8012249: ruleset=check_mail, arg1=r [EMAIL PROTECTED], relay=localhost [127.0.0.1], reject=451 4.1.8 Doma in of sender address [EMAIL PROTECTED] does not resolve S Now I _know_ this is a laformed header, but, (at least right now), I'd like for sendmail to just take the mail, without being so picky about it. Is there a rule I can tweak to accomplish this? Not really a FreeBSD question ;) Having said that, you probably need to look at adding: FEATURE(accept_unresolvable_domains In your sendmail config... -Kp ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
pxeboot to -Install- FreeBSD...
Hi All, I've been messing about with FreeBSD 6.1-Beta#4 recently, and I'm trying to get a server setup, so that I can pxeboot and install FreeBSD on some other servers... I've gotten dhcpd, tftp, pxeboot et'al to work - and, indeed the client machine dhcp's, pxeboots - and dumps itself into an 'Amnesic' FreeBSD system, with df showing: Filesystem 1k-blocks Used Avail Capacity Mounted On 10.0.0.1:/export/pxe 26353244 4071180 20173806 17% / devfs 1 1 1100% /dev /dev/md131470 134 28820 0% /var /dev/md21956612 17990 0% /tmp Obviously, this would be great if I wanted to run FreeBSD off of nfs/pxeboot - but not so good for installing it... On the off chance - I tried logging in, and firing up 'sysinstall' - which didn't do too well, probably obviously :) What do I need to do, to turn this 'booting FreeBSD from pxeboot' into something that will dump me into sysinstall, like booting from the CD rom? I've searched the net - but the only stuff I've found is either for much earlier FreeBSD versions, or incomplete - or both :) Thanks, -Karl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OT: tcp redictor with dump-(in|out)put-to-stdout capability
Why dont you wish use tcpdump? Cause I want to debug http, which is ASCII. Having every tcp segment in hex and/or ASCII won't help much. 'GET / HTTP/1.1' is much easier to read than the hexdump. 0x4174206c6561737420666f72206d653a29 Have you tried tcpflow? That can either dump the actual flows to files - or you can dump them to the console... If you're sending it to the console, and it might be gifs / other binary, piping it through 'strings' is usually a good idea :) -Kp ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pxeboot to -Install- FreeBSD...
--On 07 April 2006 11:40 +0100 Karl Pielorz [EMAIL PROTECTED] wrote: What do I need to do, to turn this 'booting FreeBSD from pxeboot' into something that will dump me into sysinstall, like booting from the CD rom? I've searched the net - but the only stuff I've found is either for much earlier FreeBSD versions, or incomplete - or both :) Replying to my own post :( - I fixed this in the end, I overlooked a line in 'loader.conf': vfs.root.mountfrom=ufs:/dev/md0c Kind of important that one :) -Kp ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Backup Question
--On 07 June 2005 11:02 -0500 Cody Holland [EMAIL PROTECTED] wrote: Ok, I'm trying to do a simple tar+gzip backup for my file system. I can do this no problem. The backup is a little less than 2Gb. What I would like to do is chop this up into 650Mb pieces that I can ftp over to a server with a cd-r and burn them. Does anyone know a good utility that can do this, or another method that will accomplish what I'm trying to do? split -b (see the man page) - or I think tar has an option to define both the 'size of the tape' (in 1k blocks) and a script to run 'between tape changes' - so you should be able to sort something out with that... -Karl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: HP DL360-P4 slow network writes
--On 01 June 2005 00:37 -0700 Ted Mittelstaedt [EMAIL PROTECTED] wrote: Hi Kent, I think it's the Broadcom-switch connection. You said you changed switches - but I'm betting you just swapped in another Foundry. We have had trouble with the Broadcom gig E adapters under WinXP and certain switches. Try swapping in a 3com or some such. And certainly also try the system on a 100BaseT port as well. FWIW - we've got a bunch of the DL360 G4's and found a very nasty problem with the way the onboard Broadcom reacted to our HP switches - by default we forced the NIC's to 100Mbit/FDX. This resulted in a system that could send 'small' packets fine (e.g. dns) - but bogged down on anything large [it'd work, but not fun getting about 6k/sec for some transfers). After fiddling with the switch ports, putting the NIC's back to 'auto-select' fixed it - which is ironic, as we have a bunch of Intel Pro1000's that need exactly the opposite to work properly [i.e. we _have_ to lock them at 100/FDX to work with the switches]. I love 'standards' :) -Karl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
5.3-R Serial Console - hangs restart, HP DL360 G4?
Hi All, Anyone here using 5.3-R and a serial console? (aka echo -h /boot.config). Doing this on an HP DL360 G4 works, until you come to do a restart, where upon the whole machine locks solid just at the Rebooting now... bit [after sync'ing, waiting for various things an ACAPI chatter on said console]. Anyone else seen this problem? - I'll host/post dmesg output etc. - I've just been 'away' from the lists a bit, couldn't find anything in the archives so just wanted to see if anyone else had any similar problems with serial consoles, and perhaps different hardware? Cheers, -Karl ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD tunnels / performance et'al (gif/tun etc.)
--On 20 January 2004 21:40 -0500 Robert Watson [EMAIL PROTECTED] wrote: On Tue, 20 Jan 2004, Karl Pielorz wrote: I've just setup a FreeBSD tunnel (we've tried both gif and tun [via nos-tun]) now between two fairly large networks of machines... What version of FreeBSD are you using? If using FreeBSD 5.x, you may well want to switch to 4.x for at least one more minor version, as interrupt latency hasn't been optimized in 5.x yet since the move to interrupt threads, and the network stack also runs with Giant in 5.2 out of the box. I wouldn't think this would hurt you as much as seen below, but it's worth keeping in mind. Also, I would generally expect gif, gre, et al, to be faster than tun-based tunneling, as they avoid the trip through userspace, which involves a number of packet copies. We're already using 4.9. I also take your point about gif being quicker than switching to user space and back (And, in testing - tun was indeed even slower than gif). In the end we fixed this problem by putting stupidly fast machines at each end (i.e. P4 2.6Ghz) - we also made some tweaks to the tcp sysctls (such as disabling delayed acks, and closing the window size down) - which also seemed to help. I'm just wondering if it was something 'weird' such as the delay over the tunnel being on average 'just the right delay time' to cause problems that you wouldn't get on a LAN or something? :) Regards, -Karl ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD tunnels / performance et'al (gif/tun etc.)
--On 23 January 2004 10:51 -0500 Robert Watson [EMAIL PROTECTED] wrote: I'm just wondering if it was something 'weird' such as the delay over the tunnel being on average 'just the right delay time' to cause problems that you wouldn't get on a LAN or something? :) I agree that something sounds weird -- I've had no problem tunneling hundreds of megabits using similar hardware to what you're using, and what sounds like a similar configuration. So it seems like something is going on. Do you have any load information available on the systems -- i.e., interrupt rate as measured by vmstat, cpu usage, etc? Are you using natd or other address space translation? Both systems are dedicated boxes, i.e. they run the tunnel - and nothing else (no nat, nothing). Load on each was unremarkable, i.e. no excessive interrupts etc. on the hardware that didn't work we were getting about 300 or so interrupts a second on each network card. After the changes this it rose to about 800 a second per card [as the tunnel performance rose]. We're due to pull the failed machine from the remote end soon - If I get a chance I'll run it up here - though I don't think it's flakey hardware/network card - as when scp/ftp'ing to that host via either it's physical address, or tunnel endpoint address we got good performance... Looking briefly at the tcpdumps - it looks like there were a lot of duplicated ACK packets being sent from the remote side (which would suggest they never made it to the other side) - and that would also be a credible reason for the sessions stalling so badly... It'd also explain why at the time the 'aggregate' traffic flow on gif0 looked good, but individual machines/IP's were getting really pityful throughput... I'll see if I can dig out the original tcpdumps [most the debug stuff usually starts disappearing once the problem is solved, regardless of how :(] -Karl ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD tunnels / performance et'al (gif/tun etc.)
Hi All, I've just setup a FreeBSD tunnel (we've tried both gif and tun [via nos-tun]) now between two fairly large networks of machines... We've routed multiple class C networks over the tunnel - only to find the performance is, basically abysmal :( If I do a transfer from the machines 'wan' facing addresses directly, it works fine [we get about 230Kbytes a sec, on a 2mbit link between the hosts] - if I do a transfer from machine to machine via the tunnel endpoint IP's - we get about 140-160Kbytes a second... But 'general' traffic going across the link gets really lousy rates, and seems very 'staccato' (e.g. a few hundred bytes per second to a host). We've been careful re. MTU sizes by deploying tcpmssd where needed (e.g. for gif) Has anyone got any experience of routing large networks of traffic via tunnels under FreeBSD? As a comparison a linksys vpn box did the same thing for a single VPN and got nearly 200k with one host, and degraded 'fairly' with others online [but unfortunately doesn't have the support for multiple networks over the VPN etc. that we need]. Any help, info, or experience greatly appreciated... -Karl ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Terminal program on fbsd
--On 19 August 2003 02:20 -0700 Jonas [EMAIL PROTECTED] wrote: Sorry for the novice question. I have connected the console port on a Cisco router to COM1 on my fbsd box. Which program on the fbsd can I use to access the router? Does the COM port need to be mounted and how do I set the speed? Try, man tip Klunky but it works, and it's on every install :) ... -Kp ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to remove ^M character
--On 01 August 2003 14:01 +0530 Anil Garg [EMAIL PROTECTED] wrote: Hi, I ftp'd a file from windows to freebsdnot its every line has ^M at its end. Is there some command in vi (or some way) by which ^M can be removed. Or, on second thoughts - upload it via ftp in ASCII mode, not binary mode - and the system should do it for you... :) -Kp ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to remove ^M character
--On 01 August 2003 14:01 +0530 Anil Garg [EMAIL PROTECTED] wrote: Hi, I ftp'd a file from windows to freebsdnot its every line has ^M at its end. Is there some command in vi (or some way) by which ^M can be removed. man tr or simply, cat file | tr -d \r newfile -Kp ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adaptec 2400A update
--On 31 July 2003 14:04 -0500 Kung Foo Ham[p]?ster [EMAIL PROTECTED] wrote: I also have an Adaptec 2400A RAID controller and have problems when my system seems to be having a lot of random hard disk accesses. Hi, We have a 2400A in a heavily loaded 'backup' machine at the office (i.e. lots of large IDE drives, storing backups from all the other machines until they're spooled to tape) - it's often gzip'ing and storing the data from several machines simultaneously, all across a 100Mbit LAN. We've never [touch wood] had any problems with it so far... For a while I've thought that it could be my system over heating. But when my machine overheats it just powers off abruptly. I'd be a bit concerned if any machine I'd been using, ever actually had to shut itself down for thermal reasons [unless it was, actually faulty]. Remember - weird things can happen before it gets to the 'critical' level set by the motherboard [unless it's been set really, really pessimistically in the BIOS]. I have been searching the groups and mail archives for almost a year now. I can only find posts with similar problems but no resolution. Your post appears to be closer to my problems than others. There seems to be a small handful of ppl who have mentioned this problem. I'll agree - I don't particularly like the 2400A - we have a bunch of 3ware controllers as well, which seem better supported in FreeBSD, and 3ware themselves seem to be more open-source/OS friendly, but we've never had any real problems with the 2400A. if you managed to read through my ramblings. Thanks! I hope more people will come out and discuss more about the 2400A. Even those of you who have stable systems! I would definitley like to know what kind of hardware and software specs you have. (especially if FreeBSD-5.0 works better with this card due to UFS2 or device drivers or what not.. i really have no idea) The hardware we have it on here is a lowly ASUS K7VML, running FreeBSD 4.8-STABLE w/784Mb of RAM. The CPU is an AMD Athlon 2000. I can post you it's dmesg output off list if that might be remotely helpful - but just to let you know, there is at least the odd 2400A based system out there running under heavy load :) Regards, -Karl ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DAT tape drive compatibility with FreeBSD?
--On 22 July 2003 12:14 +0300 Johan Paul [EMAIL PROTECTED] wrote: Hi all, I was just wondering what tape drives (DAT) people use with FreeBSD for backup? I was thinking of a HP Superstore DAT 40I. Any experiences with that? Has anyone got the One Button Disaster Recovery function working in FreeBSD? HP DAT drives generally work ok with FreeBSD - we have a DAT40 [external] and DAT24 [external] on a box here, both work fine... They appear as standard SCSI tape drives... The one-touch recovery button stuff, AFAIK won't work - it's dependant on HP drivers software under windows etc... Having seen the mess it made of a friends one touch recovery under Windows, I'm not too keen to see that working under Unix anyway :-) -Kp ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How can I verify my ISP internet speed?
--On 08 July 2003 20:35 +0900 Rob Lahaye [EMAIL PROTECTED] wrote: Hi, I have my FreeBSD PC connected to the internet via ADSL with PPPoE. My ISP claims my speed is 2 Mbs. Is there a reliable command on my FreeBSD system to double check the internet speed? I ask this, because when I complain, the answer is always that the reason for slow network is due to the slow response of the sites I access. Is this situation I find it difficult to verify who is right. I used to use 'bing' (look in the ports collection) for doing this [I don't know how much 'in favour' it is these days] - but just remember this kind of this is never going to be that 'accurate' with stuff like ADSL - especially when you're at the end of what might be a long IP food chain (many hops)... It could be your ISP, it could be contention at your local Exchange, it could be contention at any point from you to the remote system (Try a traceroute and see what that says about ping times to the various hops). The other thing to bear in mind (without wildly defending your ISP :) - is that just because you have 2Mbs the other site may not have 2Mb's to supply you with :-) [Plus most countries ADSL services are condended 20, or 50:1, or have at least some kind of local contention]. Failing all else try searching around a bit with a search engine, e.g. google for other tools / tests etc. -Kp ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Network Performace
--On 24 June 2003 17:01 -0700 Shawn Ramsey [EMAIL PROTECTED] wrote: Try looking into FreeBSD's polling mode - i.e. interrupt free Network cards. If your shifting a lot of small packets (such as online gaming stuff etc.) - you may find your milage pretty limited using standard PC kit - as the x86 architecture wasn't really designed for shifting lots of small packets around [as I've seen many a time in the past :(] This router is routing 99% NNTP traffic, so I wouldn't think small packet size would be it. I tried polling, and its greatly increased the amount of idle CPU, and Interupt is around 20% now... That's certainly a step in the right direction :) But something is still very wrong performance wise. It has helped, but I still can't push in/out nearly 100Mb/sec. (100Mb in, 100Mb out I mean). A simple FTP transfer locally through the routers gigabit interface causes our internet performance to plummet. I've disabled all the onboard stuff that was sharing IRQs with PCI cards, but I didn't figure that was an issue, didn't make a difference either way. Would the fact the gigabit is on the same PCI bus have any bearing? I would expect to at least get 100BT performance even so, but I don't have any experience with gigabit ethernet... The only thing I can suggest is try different PCI slots, or Gigabit cards, or, worst case a different system. Having NIC's on separate PCI busses (as opposed to both on the same PCI bus) may help it [But that's probably going to need a new board etc.] You don't say what Gigabit nic's your using? - I've had a lot of varied results with different nic's, with surprisingly cheap 10/100/1000Mbit cards giving 'reasonable' performance - but get left standing for dust by other more expensive cards. The only other thing I can think of is, check the duplex/media options are all setup properly on the cards / switches etc. - or try forcing things to fdx etc. -Kp ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Network Performace
--On 23 June 2003 18:12 -0700 Shawn Ramsey [EMAIL PROTECTED] wrote: I am having some issues with network performance and am wondering if anyone has any suggestions... the box in question has 2 100BT interfaces, and an Intel (em driver) fiber Gigabit. The Gigabit connects to a switch, and the two fast-e are WAN connections to our ISP(s). This box seems to be using an awful lot of CPU cycles relative to the traffic it is pushing, which is around 65-70Mb inbound, and 20-30 Mb/outbound(on average), which seems to be about its limit. This is an Athlon XP 1500 box, 256MB RAM, top shows 90+% interrupt usage, CPU usually has about 5-10% idle. Gigabit is on a 32-bit bus, and Gigabit is on an IRQ shared with unused USB and onboard NIC which is also not used. Should I be able to push more than 100Mb sec with such a system? It is not doing anything else, no NAT, one IPFW rule. OS is FreeBSD 4.7-RELEASE. All depends how big the packets are etc. - 90% interrupt time is fairly typical of x86/PC kit shoveling lots of small packets. Try looking into FreeBSD's polling mode - i.e. interrupt free Network cards. If your shifting a lot of small packets (such as online gaming stuff etc.) - you may find your milage pretty limited using standard PC kit - as the x86 architecture wasn't really designed for shifting lots of small packets around [as I've seen many a time in the past :(] -Kp ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Eliminating noise from secondary MX
--On 23 June 2003 08:48 -0600 Brett Glass [EMAIL PROTECTED] wrote: [snip] The secondary mail exchanger tries to send the message on to its destination, but the mail is bounced by the primary mail host (either as spam or because it has been sent to an invalid address). So, the secondary dutifully tries to notify the sender that the message didn't get through. Of course, the From: and Reply-to: headers of the spam contain either a completely bogus address or one that has quickly been shut down due to spamming. So, the host, not knowing what else to do, sends a notice to Postmaster, saying that the notice to the sender could not be delivered. What's the easiest way to suppress this resource-consuming, mailbox clogging chain reaction? Carefully check out the sendmail Double Bounce Address option, with a view to piping it to /dev/null [Like I said, 'carefully' check this out :)] Or, secondly - as was cleverly suggested to me a while ago - setup a 3rd MX that has a IN A PTR to your primary MX, and make it the highest priority... e.g. mx0.mydomain.com PRI 20 mx1.mydomain.com PRI 30 mx2.mydomain.com PRI 40 (Which is really just a different name for mx0) That way, you'll probably find most the spam hits the highest priority MX (which is, in reality your primary MX). -Kp ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
