Re: musicpd frustrations
- Original Message - From: "Sam Jones" <[EMAIL PROTECTED]> To: Sent: Friday, March 02, 2007 11:43 AM Subject: musicpd frustrations Hi all, I'm trying to get musicpd to start on bootup. I'm doing my best to follow the documentation on the website, but there are slight contradictions as far as where to put config files. Right now I have the line musicpd_enable="YES" in /etc/rc.conf, the file /usr/local/etc/rc.d/musicpd, and the file /usr/local/etc/mpd.conf, which looks like this: port "6600" music_directory "~/music" playlist_directory "~/playlists" log_file "~/.mpdlog" error_file"~/.mpderror" db_file "~/.mpddb" filesystem_charset "ISO-8859-1" user "sdjones" I can start musicpd by typing /usr/local/etc/rc.d/musicpd start but it won't start at bootup. -- Sam Jones [EMAIL PROTECTED] [EMAIL PROTECTED] /usr/local/etc/rc.d/musicpd should be /usr/local/etc/rc.d/musicpd.sh for it to be started at bootup unless things have changed in the bootup requirements that I'm not aware of. -- Micheal Patterson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Have I been hacked or is nmap wrong?
- Original Message - From: "Kilian Hagemann" <[EMAIL PROTECTED]> To: Sent: Tuesday, January 17, 2006 11:07 AM Subject: Have I been hacked or is nmap wrong? Hi there, I'm managing two FreeBSD based gateways, one running 5.2.1-RELEASE and the other 5.3-STABLE, both not having been updated since I installed from ISO images. They both have custom ipfw firewalls that are dropping pretty much everything that's not supposed to come in. All was fine and dandy until one day I noticed that when I nmap'ed them from the outside, the one shows The 1663 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE 80/tcp open http 554/tcp open rtsp 1755/tcp open wms 5190/tcp open aol Kilian, what does a sockstat show you on those systems and are there any nats on either of these systems that would have a redirect_address to something behind them? -- Micheal Patterson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: resolv.conf
. - Original Message - From: "Ronny Machado C." <[EMAIL PROTECTED]> To: Sent: Tuesday, August 16, 2005 8:54 AM Subject: resolv.conf Hi list, I'm new to FreeBSD, and this is the first time I configure a FreeBSD box. Ok, let's get to the point: my problem is with DNS resolution, form some reason the resolv.conf changes after some time (10 to 20 minutes), from my DNS IP to the rl0 IP. Does any one know why? My machine is an AMD64/FreeBSD 5.3 with PPPoE for an ADSL connection, greetings from .CL, pElA'0 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" As you may have seen already, this is a common issue with systems running dhclient. It will overwrite the resolv.conf with the ISP provided dns information as soon as it obtains it from the dhcp server. To counter this, do this with your dhclient.conf file (/etc/dhclient.conf) and create a prepend entry for each server you want to answer your dns requests. Take note, the file is read from top to bottom and in the example below, 127.0.0.1 would be the primary dns server for your system. interface "rl0" { prepend domain-name-servers enteryourdnsiphere prepend domain-name-servers enteryourdnsiphere prepend domain-name-servers 127.0.0.1; } -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Simple question of dns?
- Original Message - From: "Carstea Catalin" <[EMAIL PROTECTED]> To: Sent: Wednesday, August 10, 2005 12:01 PM Subject: Simple question of dns? I want to configure my dns to redirect all request from : http://www.mail.mydomain.com <http://www.mail.mydomain.com> to http://mail.mydomain.com Many users do first request and my server respond only al the second url. Tks! If you have access to your dns zone file, add a cname entry: www.mail CNAME mail.mydomain.com. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Helpdesk/Call tracking software
- Original Message - From: "Cezar Fistik" <[EMAIL PROTECTED]> To: Sent: Wednesday, July 20, 2005 5:11 PM Subject: OT: Helpdesk/Call tracking software Dear group, Sorry for OT, but I'm sure someone in this group can help me. I'm looking for an open source helpdesk/call tracking application for use in an ISP customer support dept. We need something that will allow us to register all incomming calls, to assign tasks to different admnis/engineers according to customer's problem, to be able to see the status of each opened issue and so on. Nothing unusual. I made a search and found a number of such applications, but there are so many...it wouldn't be possible to test all of them. So please just tell me what you are using and how would you rate it. Thank you very much. -- Best regards, Cezar mailto:[EMAIL PROTECTED] I currently use RT for our open source ticketing system. It's coded by Best Practical and is available at http://bestpractical.com/rt/ Screen shots and a description are available at their site. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: removing freebsd bootloader
Paulo Roberto wrote: Hello, How do I remove the FreeBSD bootloader from the MBR without touching the slices? I do have an active WinXP primary slice that I would like to boot from directly. thank you, Paulo __ Discover Yahoo! Have fun online with music videos, cool games, IM and more. Check it out! http://discover.yahoo.com/online.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" Start up with the WinXP install cd, go into console repair mode and run fixmbr to intall the standard WinXP loader settings on the primary drive. Doing so will prevent you from being able to boot from any other drive however until / unless another boot manager is enabled on the primary drive. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Multi-Volume Backup
- Original Message - From: "Cody Holland" <[EMAIL PROTECTED]> To: Sent: Thursday, June 09, 2005 4:14 PM Subject: Multi-Volume Backup I'm trying to do a multi-volume backup to hard drive via gnu tar. It works with the following command: gtar -c -L 681574400 -f /usr/local/backup/dev1.tgz -f /usr/local/backup/dev2.tgz -f /usr/local/backup/dev3.tgz / But I really, really need this compressed. If I put a -z in the command it errors out stating: gtar: Cannot use multi-volume compressed archives gtar: Error is not recoverable: exiting now Is there any way to do a compressed multi-volume backup, with each volume being 650mb to hard drive? Either with gtar or any other backup method. Thanks, Cody ___ You'll need to use the -M flag as well to indicate a multi-volume tarball. >From what I can tell from the man page, a -L doesn't imply multi-volume. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FTP Log
- Original Message - From: "Dixit, Viraj" <[EMAIL PROTECTED]> To: "Dan Nelson" <[EMAIL PROTECTED]> Cc: Sent: Thursday, June 09, 2005 4:05 PM Subject: RE: FTP Log My previous email didn't show some lines correctly. This one is fine. VJ Hi Dan, Can you shed light on why my FTP daemon not writing FTP logins in my ftplog file. I have my FTP account enabled in my syslog.conf file and syslogd is running. 54148 ?? Ss 0:16.13 /usr/libexec/ftpd -D 84598 ?? Ss 0:03.73 /usr/sbin/syslogd -m 0 !ftpd *.* /var/log/ftp.log VJ - A few things for starters: 1. Try adding the -l option to enable connection logging. Add it twice to include get, store, cmd info as well. 2. Check to make sure those are tabs and not spaces in the syslog.conf entry. 3. Make sure the /var/log/ftp.log file actually exists. It won't create it on it's own, so you may need to do a touch on the file and then restart syslogd. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Odd nis problem..
Nevermind folks. I'm feeling pretty stupid right now. The problem was starting me right in the face and I totally missed it. Just an FYI, the # in the "#$FreeBSD: src/etc/group,v 1.31 2004/06/23 01:32:28 mlaier Exp $" line in the /etc/group file is a *VERY* important thing. The affected gid was 32. Now, as it turns out, the 32 is in the proper spot to indicate that $FreeBSD is the group name. Who'da thunk! -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. - Original Message ----- From: "Micheal Patterson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 09, 2005 4:54 AM Subject: Odd nis problem.. I've used yp in FBSD for some time now. I've never ran across this particular issue though, until now. My layout. I have a 4.10 yp master server. I have various servers linked to it including other fbsd 5.3 servers. They do well. However, I have one inparticular server that simply will not pull one "specific" group name over. drwxr-xr-x 2 root$FreeBSD512 Apr 12 15:54 Usage Policy drwxr-xr-x 7 rootwheel 512 Jun 9 04:45 archives Instead of showing the actual group name, it displays $FreeBSD. Can anyone shed some light on possibly why this is occuring since the particular gid is viewable via ypcat group (itdept:*:32:root). -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Odd nis problem..
I've used yp in FBSD for some time now. I've never ran across this particular issue though, until now. My layout. I have a 4.10 yp master server. I have various servers linked to it including other fbsd 5.3 servers. They do well. However, I have one inparticular server that simply will not pull one "specific" group name over. drwxr-xr-x 2 root$FreeBSD512 Apr 12 15:54 Usage Policy drwxr-xr-x 7 rootwheel 512 Jun 9 04:45 archives Instead of showing the actual group name, it displays $FreeBSD. Can anyone shed some light on possibly why this is occuring since the particular gid is viewable via ypcat group (itdept:*:32:root). -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
FreeBSD 5.3 and NIS
I'm running nfs/nis off of a FreeBSD 4.10 system. I have a secondary NIS master on a freebsd 5.3 system and so far, everything is cool between them. There is one thing that I've noticed that I've never seen before though. I have a nfs mount mounted but the permissions for the group show as $FreeBSD instead of the actual group it should be. I've checked my nis settings in /etc/group and have the standard +::: at the end. Anyone else seen this or can possibly explain why this isn't listing as the appropriate group? Thanks. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: smbfs in fstab
. - Original Message - From: "Ash" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: Sent: Tuesday, April 26, 2005 10:32 AM Subject: Re: smbfs in fstab > [EMAIL PROTECTED] wrote: > > currently I mount my XP share via: mount_smbfs -N //a7v133/raid /storage1 > > > > How can I get put this in my /etc/fstab so that it doesn't prompt me > > for a password upon bootup. This winshare is accessible without a > > password and by anyone. I have read through seveal forums and read > > man pages gallore, but I still remain unsuccessful. > > > > 5.3-RELEASE-p1 FreeBSD 5.3-RELEASE-p1 #0 > > From the man page for mount_smbfs(8): > > [quote] > > ~/.nsmbrc Keeps static parameters for connections and other information. > See /usr/share/examples/smbfs/dot.nsmbrc for details. > > ... > > It is possible to use fstab(5) for smbfs mounts: > >//[EMAIL PROTECTED]/public/smb/public smbfs rw,noauto 0 > 0 > > [/quote] > > > From /usr/share/examples/smbfs/dot.nsmbrc: > > [quote] > > # smbfs lookups configuration files in next order: > # 1. ~/.nsmbrc > # 2. /etc/nsmb.conf - if this file found it will > # override values with same keys from user files. > > [/quote] > > > You will have to store your password in cleartext, but you seem to > already be doing this in home directory since you are using the -N flag. > > -Ash > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > If you want this to mount from the fstab at system boot, remove the noauto flag and place an -N in the string: #//[EMAIL PROTECTED]/share_name /mount_pointsmbfs rw,-N That will read the password information from the users .nsmbrc file as Ash stated, or, if you want it system wide, use the /etc/nsmb.conf file instead. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Exabyte 221L Auto Loader
Is there anyone using this device with FreeBSD 4.x or 5.x? I'm new to the world of auto-loaders and am curious if FreeBSD's tar / dump utilities can support it properly for backing up of 3tb of data from various partitions. If so, are there any specifics that I should be aware of when using this device? Any recommendations on using other software other than tar or dump to do this that are available in the ports tree? Thanks. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: newbie question
- Original Message - From: "Chad Morland" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: Sent: Monday, April 18, 2005 1:10 PM Subject: Re: newbie question On 4/17/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Hello > > Can anyone give me a very rough estimate on how much time is required on an > ongoing basis, after a server is set up with FreeBSD and Apache, to maintain > everything. By everything I am referring to everything required to keep the > server up, and host about 100 domains. Thank you in advance and I apologize > if this question is not appropriate for this list. > > Sue If you will be doing this as a business venture I HIGHLY recommend that you either get a managed server or hire someone to help you admin the server when you are stuck. There are many people out there that offer this service. Go to any webhosting forum and ask for some referrals. The reason I say this is because it seems that A LOT of people think they can make a quick buck off of webhosting without any "real" work. These are usually the companies that fail quickly and give the hosting industry a bad name. Running any type of business requires some thought and experience. There are a lot of minor issues that will stump a self described "newbie" and having someone there to assist you will make your life and the life of your clients that much easier. -CM Good advice Chad. Even for those that have been admin'ing *Nix boxes for years get stumped by the most simplest of things at times. We rarely admit it, but it happens. Some additional things to consider if you plan on hosting sites as a business. oCGI access requirements of your clients. oDNS, SMTP, POP3 requirements for your clients. These usually go hand in hand with web hosting these days. oThe ability for them to update pages properly on their own (ftp / front page requirements / access) oThe responsibility to ensure that the software is patched quickly as needed (perl, php, mysql to name a few) oSpam / AV filtering (do they want it? Do they not care?, Are they going to trip out if you start filtering their mail?, etc) oAre you going to host these on static IP's? If you're going to provide SSL enabled sites, you have no choice since you can't use SSL on name based virtual hosting. oAre you going to need to do virtual domain maps for the users that require / use email services? A sundry of other items that are just too numerous to mention. I'm not trying to scare anyone away from it, far from it, just trying to add my .02 to the discussion of things to consider before you decide that hosting is the thing for you. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: tcpwrappers problem
- Original Message - From: "Didier Wiroth" <[EMAIL PROTECTED]> To: Cc: Sent: Monday, April 18, 2005 6:26 AM Subject: tcpwrappers problem Hi, (using freebsd5.4-stable) I'm trying to display a ftpd banner with hosts.allow, but it doesn't work. I'm using ftpd (/usr/libexec/ftpd) started through inetd. Ined is started with standard flags: /usr/sbin/inetd -wW -C 60 In hosts.allow I have: ALL : ALL : allow ALL : ALL : banners /usr/local/etc/banners/ ALL : PARANOID : RFC931 20 : deny In /usr.../banners/ I've a banner called: ftpd and inetd and ftp etc.. copied the banner to different names to be sure ... ;-) The directory is world r-x and the banners are world readable. When changing for example: ALL:ALL:allow to ALL:ALL:deny, ftpd connections are blocked, so I assume the wrappers work. Why isn't my banner displayed? thanks didier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" At first glance, I would say because you have an "ALL : ALL : allow" before you have your "ALL : ALL : banners /usr/local/etc/banners/ With that, it's never making it to the banners entry. -- Micheal Patterson Senior Communications Systems Engineer TSG Incorporated 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Hard drive fullness limits information help request
- Original Message - From: "NMH" <[EMAIL PROTECTED]> To: "hardware" ; "questions" Sent: Monday, April 11, 2005 2:30 PM Subject: Hard drive fullness limits information help request > Hi all > I know hard drives tend to not run well when near > full. They have trouble performing self adjustments > (hardware), self defragging(unix/FFS) etc.. (as I can > express it) However, I need to find some documentation > or some help in explaining this better. > I am working with some people who store loads of > files, on many drives and tend to fill the drives to > 95% and more and then can't understand why they become > unstable. I need to be able to explain it better and > I would also like to know more to be able to > factually/sanely set a percent full safe limit. > > Any help would be appreciatted > > Thanks! > > NMH. > > > > The Large Print Giveth And The Small Print Taketh Away > -- Anon NMH, If these people are old enough to remember LP records, explain it to them in this fashion. A hard drive is much like an older LP record. Multiple songs, in sequencial order. You can play them in any order that you wish by moving the tone arm to a different song on the album. Now, say that you don't like track 3 and wish to delete it (if you could). You would end up with 3 minutes of blank space in the album. So, you want to add another song that you do like, but it's 3 minutes 30 seconds long and won't fit into a 3 minute time slot. A hard drive is able to place this 30 seconds at the end of the current space and be able to jump to that 30 extra seconds and you never know the difference. Now, if this happens a lot, meaning removing data, adding larger data, removing data, adding smaller chunks of data, etc, the actual data will get scattered throughout the disk. This is known as data fragmentation. Hard drives are able to deal with to a considerable degree however the more fragmented a drive is, the harder the drive has to work in order to make that unnoticed jump. As the drive works harder, access times grow longer and there is a higher potential for data loss. When drives get to a higher usage (90%+ utilization), there isn't much room to left to handle those scattered chuncks of data. That's the analogy that I used to use and it worked pretty well for me. Your mileage may vary. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Automounting smbfs?
- Original Message - From: "Kirk Strauser" <[EMAIL PROTECTED]> To: Sent: Friday, April 08, 2005 3:40 PM Subject: Re: Automounting smbfs? On Friday 08 April 2005 14:12, you wrote: > Kirk, here's what I did to auto mount my pesky windows shared backup > folder prior to having a separate nfs mount to put them. > > Configure your share as noauto in /etc/fstab (example) [...] Out of curiosity, why would you do that instead of just letting FreeBSD mount it automatically (which is what I do now)? The goal I'm trying to accomplish is pushing the same map to multiple machines (eg via LDAP). I never bothered to do that with my NFS mounts, but I'm using the addition of the SMB shares as an excuse to rework the system before it grows much more. -- Kirk Strauser In my experience, automounting it via fstab doesn't always work correctly. Some folks have great success with it where others don't. For example, I can remove the noauto and with the very same config files and 5 out of 10 times the mount won't take on system startup. When I remove the noauto and cron it for @reboot, it works just fine. I've no idea why but it works for me. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Portupgrade problem
- Original Message - From: "Aperez" <[EMAIL PROTECTED]> To: Sent: Friday, April 08, 2005 1:23 PM Subject: Portupgrade problem > Hi > > I am having the following problem when I try to upgrade my ports: > > portupgrade -arR > cd: can't cd to /usr/ports/multimedia/nautilus-media > Port directory not found: multimedia/nautilus-media > !multimedia/nautilus-media (nautilus-media-0.8.0_4) (port directory error) > > I checked in /usr/ports/multimedia and of course there is not such > directory. > > Is there a way I can fix this? > > Thanks > > Is your ports tree current via cvs? If not, I'd update the tree, then rebuild portupgrade and see how that works for you. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Automounting smbfs?
- Original Message - From: "Kirk Strauser" <[EMAIL PROTECTED]> To: Sent: Friday, April 08, 2005 12:52 PM Subject: Automounting smbfs? The built-in amd automounter may work great for NFS, but I increasingly find myself mounting Windows shares and amd doesn't seem to support them. Any suggestions? -- Kirk Strauser Kirk, here's what I did to auto mount my pesky windows shared backup folder prior to having a seperate nfs mount to put them. Configure your share as noauto in /etc/fstab (example) ### SMBFS Mounts # #//[EMAIL PROTECTED]/share /smbfs noauto,rw,-N,-I= 0 0 Then, in the root crontab, add this: "@reboot//mbfs.sh" Then, in create a file named mbfs.sh and edit it as such: #!/bin/sh echo " " echo " " echo "mounting smbfs slices..." sleep 5 /sbin/mount /backups Please keep in mind, that this method will require the proper share auth info to be in /etc/nsmb.conf, so protect this file as it holds plain text passwords for your windows systems. Then on system restart, after everything else is accessible and running, cron will launch and remount those drives for you. Hope it helps. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: cmpq dl380 server. ipmi bmc question
- Original Message - From: "Aaron Sloan" <[EMAIL PROTECTED]> To: Sent: Friday, April 08, 2005 11:16 AM Subject: cmpq dl380 server. ipmi bmc question > > Hello guys and gals, > > > > Does system fan control on a Compaq DL380 ,first edition, have any support? > Sounds like a jet at idle in the machine room. > > I have looked through the acpi and port recomendations I have come > across via google and I'm not having any luck at all. I believe it is supported in Linux > but I don't know how. I can't say I'm any hardware wizard on this kind of thing. > > Update: I installed freeipmi and ipmitool and I'm not having any luck with these apps. > The cli commands are apparently over my head because I haven't been able to get it to work and now my head hurts. > Am I barking up the right tree or just peeing on it? > HP was not terribly helpful. All the recent ROMpaks have been installed. > Thanks, > Aaron > Aaron, are you sure that you're supposed to be able to adjust the fan speed on the 380 from within the OS? The reason that I ask, is that the 330's and 350's have a temp sensor that isn't detected until during post, so there's a few seconds on them that the fans run full on. I'm just curious because if the 380's are set up the same, you may have a faulty sensor. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: iSCSI (revisited?)
- Original Message - From: "Justin Bennett" <[EMAIL PROTECTED]> To: "FreeBSD Hackers" Cc: "FreeBSD Questions" Sent: Monday, April 04, 2005 5:30 PM Subject: iSCSI (revisited?) > All, > > I was wondering what people thought of iSCSI and FreeBSD. Is it a viable > option for creating SANs? > > I want to move away from tape backups, and have numerous production > FreeBSD machines that I need to back up data from. > > Any other ideas for a disk to disk backup solution that people have used? > > Thanks, > > Justin > Justin, what I'm currently using is the following for just that: Promise Vtrak 15100 with 15 250gb sata's, connected to a dual channel Adaptec 39160 housed in a Compaq ML 330 running FreeBSD 5.3. The Vtrak has 2 logical arrays assigned, where my other 14 servers (windows and freebsd alike) back up to one or the other arrays. I have one array shared via nfs for the bsd boxes to back up to and the other is samba shared so that windows systems can back up to that one. So far, it's worked well for me. All I need to do now is get the company to realize they still need tape if they want long term storage and then I can chain that to the Promise raid and have it back up to take during the day and still have my backup window in the early morning hours. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: mpd VPN Server / W2K Clients
- Original Message - From: "Anton Zavrin" <[EMAIL PROTECTED]> To: Sent: Monday, April 04, 2005 9:27 AM Subject: mpd VPN Server / W2K Clients > Hello Jonathan, > > I found this thread from a long time ago at FreeBSD addicts: > http://lists.freebsd.org/pipermail/freebsd-questions/2003-December/027869.ht > ml > > I'm having absolutely identical problem with my MPD (it used to work and > then it just stopped, who knows why). I tried to follow up on that solution > you posted, but that page no longer opens up. Any help is greatly > appreciated. > > Thank you much! > > -- > No virus found in this outgoing message. > Checked by AVG Anti-Virus. > Version: 7.0.308 / Virus Database: 266.9.1 - Release Date: 4/1/2005 > > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" Anton, some things too look for here. Are the remote systems using Win XP? If so, are their firewalls configured to allow traffic from your network on TCP ports 1723? Also, is GRE being blocked at any point between your mpd system and their end? If it just stopped working, has anyone placed a firmware firewall device in recently? Many of them that I've run across recently don't even know what GRE is so a specific entry has to be made to allow protocol 47 to pass freely in order to get pptp to function properly. Hope it helps. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NIS
- Original Message - From: "Brian McCann" <[EMAIL PROTECTED]> To: "FreeBSD mailinglist" Cc: "Bob Van Zant" <[EMAIL PROTECTED]> Sent: Wednesday, January 05, 2005 7:36 AM Subject: Re: NIS Nope...just tried that with no luck. Thanks though. Any other ideas anyone? --Brian On Tue, 04 Jan 2005 15:43:40 -0800, Bob Van Zant <[EMAIL PROTECTED]> wrote: Are your dates screwed up? By that I mean is master.passwd newer than your NIS file? Try touch(1)ing your NIS file and then running make. I've never actually setup NIS before. My comment is just based on my experiences with make. -Bob On Tue, 2005-01-04 at 17:29 -0500, Brian McCann wrote: > HI all...I'm having a NIS problem I can't figure out. I've done > this > before on 4.7, and countless other times on RedHat...but this is > evading me. I'm trying to re-make my databases since I've added a > user, I go into /var/yp and run "make mynis" and get "`mynis' is up > to > date.", which I know can't be right. I've got to be missing > something > somewhere. > I've added the line to the Makefile "MASTER_PASSWD = > /etc/master.passwd" so that YP uses the file in /etc...or at > least...that's all I recall having to do on 4.7, and doctored up > the > sections that involve the passwd files changed it to only look at > UIDs > greater then 3. > Can someone point out my probably obvious mistake? > > Thanks, > --Brian > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > > === >This footer was appended by the Honeypot Injector >The message was injected from 216.136.204.119 >on 04 Jan 2005 14:29:24 -0800. This IP >was classified in the WHITELIST sender group. >The org ID is 1681939, and the SBRS is 2.1 > === ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" If you've added a user with adduser and need to update your nis maps, cd /var/yp and type make. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mounting smbfs
- Original Message - From: "Robert Fitzpatrick" <[EMAIL PROTECTED]> To: "FreeBSD" Sent: Thursday, December 30, 2004 10:19 AM Subject: Mounting smbfs Familiar with Webmin way of mounting smbfs type file systems on our Linux boxes, I tried it with one of the FreeBSD 5.3 machines. It works fine, but when rebooted, it sits waiting for a password. After investigating a bit on the web I found that FreeBSD is uses the /etc/nsmb.conf file for configuration and in that file I find information evidently setup by Webmin, for example: [spc2k:backupexec:backup] workgroup=SPCLOCAL password=x addr=192.168.1.13 First, was this properly setup by Webmin? From the comments in the file, it looks good. Since I am at a remote location, I had someone locally just hit Ctrl+C during boot to get back in and look at these things. I go to Webmin and click to mount, but then it wipes out all the mount points except the one I clicked and does not mount that one. From looking around the web, I realize Webmin may not be the best way to manage this, I found this document: http://www.freebsd.org/cgi/query-pr.cgi?pr=34247 I am looking for something that can guide me on how to make the entries in my fstab file. I assume what I have now below is incorrect as the boot up fails as previously mentioned. //[EMAIL PROTECTED]/backup /home/backup/Veritas/SPC2K smbfs rw 0 0 Can someone help or guide me to some more documentation on this? -- Robert -- Make your fstab entry something like this: //[EMAIL PROTECTED]/backup /home/backup/Veritas/SPC2K smbfs rw,-N,-I=192.168.1.13 0 0 See how that works for you. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Linux libs missing dependancies
- Original Message - From: "Stephen Maver" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, December 20, 2004 1:16 PM Subject: Linux libs missing dependancies > Dear List, > > I've installed the linux steam client the other day, > > /usr/ports/games/linux-steam > > This theoretically allows you to download and run steam based games, > such as Halflife and Counter Strike Source. > > Related ports installed: > linux-steam-1.0 Half Life dedicated server running on steam > linux_base-7.1_7The base set of packages needed in Linux mode > > # uname -a > FreeBSD lupus.ntropy.net 5.3-RELEASE-p2 FreeBSD 5.3-RELEASE-p2 #1: > Sun Dec 5 16:11:09 GMT 2004 ... > > # kldstat > Id Refs AddressSize Name > 1 10 0xc040 39dcf8 kernel > 2 14 0xc079e000 537f0acpi.ko > 31 0xc15e1000 6000 linprocfs.ko > 41 0xc15ef000 17000linux.ko > > I chanced it and used the linux steam client to download the Counter > Strike Source files, with no obvious problems. > > When I try to run the dedicated server it immediately crashes, > probably as it should as it is linux specific I'd guess. > > $ ./srcds_run -console -game cstrike +map de_dust +maxplayers 16 > -steamuser -steampass > -- > Auto detecting CPU > Using default binary. > Auto-restarting the server on crash > ./srcds_i486: error while loading shared libraries: > /usr/compat/linux/lib/libm.so.6: ELF file OS ABI invalid > Mon Dec 20 17:53:37 GMT 2004: Server restart in 10 seconds > > > # ldd ./srcds_i486 > ./srcds_i486: > ./srcds_i486: error while loading shared libraries: > /lib/libm.so.6: ELF file OS ABI invalid > ./srcds_i486: exit status 127 > > The binary 'srcds_i486' relies on several other files that > have missing dependancies. > > # ldd bin/dedicated_i486.so > bin/dedicated_i486.so: > libm.so.6 => not found (0x0) > libdl.so.2 => not found (0x0) > tier0_i486.so (0x0) > vstdlib_i486.so (0x0) > libc.so.6 => not found (0x0) > > All of these libs exist in /usr/compat/linux/lib, and, with > the linux emulation running, are seen as being in /lib/* if I > understand it all correctly. > > Also, last night I was trying to use ldd, and suicidal symbolic > linking, to show the *so files where their libs were. At one > point it failed with an error about being unable to use the > libraries as they were not freebsd native. > > Sorry for the lack of the specific error I am unable to > recreate it today. > > So, the questions are: > > 1) What would cause the error "ELF file OS ABI invalid" on > `ldd ./srcds_i486` above ? > > 2) How would I go about teaching the linux *.so files where > their linux libraries are located ? > > Pointers to docs, or FMs I should have read, are welcome. I > had a look through the manual and googled about on the error, > but didnt turn up anything that helped. > > Thanks, > > Ste > This is my post to the hlds_linux list on how to get Source running on FreeBSD. Hopefully it will get you where you need to go. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 - Micheal Patterson [EMAIL PROTECTED] Fri Aug 20 05:08:02 2004 Previous message: [hlds_linux] CS:S and FreeBSD 4.10-STABLE Next message: [hlds_linux] CS:S and FreeBSD 4.10-STABLE Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] Ok folks.. Here's what I did to get Source running on FreeBSD 4.10 with an Intel cpu. AMD should be no different system wise. 1. Install source :) 2. Install the Linux_base-8 port. Once this is done, run: shell$> ldconfig -m /compat/linux/lib ** This merges the linux compat lib paths into your existing environment and is what allows source to locate lib.so.6 3. Then recompile your kernel with the following options: ## SSE/MMX2 instructions support options CPU_ENABLE_SSE ** This allows source to determine your CPU speed. 3. Reboot Log back into the account you installed steam to, and execute: ./srcds_run -game cstrike +ip xx.xx.xx.xx -port 27015 +maxplayers 20 +map de_dust This procedure worked for me with a clean freebsd 4.10 install and no linux base. If you have linux base 7 installed, you'll need to run a pkg_delete linux_base-7.1_7 before base 8 will install. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: traffic volume monitoring - what program
- Original Message - From: "Matthias F. Brandstetter" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, December 20, 2004 2:05 PM Subject: Re: traffic volume monitoring - what program > -- quoting David Banning -- > > I am looking at a new ISP that charges for a certain number > > gigabites of traffic. I have -no- idea what my traffic volume > > is. > > > > Can anyone recommend a good traffic volume checker in the > > ports? > > I only found ipac-ng for Linux based IPTABLES firewalls. > But none so far for *BSD firewalls :( > > Any ideas? > > -- > As far as anyone knows we're a nice, normal family. > > -- Homer Simpson > There's No Disgrace Like Home Can't MRTG get you close enough for that wouldn't it? -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: bash - superuser
- Original Message - From: "Joshua Lokken" <[EMAIL PROTECTED]> To: "David Landgren" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, December 20, 2004 11:04 AM Subject: Re: bash - superuser > On Mon, 20 Dec 2004 12:29:37 +0100, David Landgren <[EMAIL PROTECTED]> wrote: > > Giuliano Cardozo Medalha wrote: > > > Hi, > > > > > > I have a machine with FreeBSD 5.3 - release -p2. > > > > > > I have installed bash from ports. > > > > > > How is possible to use bash in root account ? > > > > > > Thanks a lot > > > > Don't. > > > > Leave /bin/sh as your shell. > > 'Leave' /bin/sh as your shell makes it sound like /bin/sh is the > default root shell. Did this change in FreeBSD 5.x? It appears > that in 4.x, the root shell is /bin/csh by default, which [I believe] > is linked to /bin/tcsh. > > > -- > Joshua Lokken > Open Source Advocate csh is still the default root shell. At one time, systems required multiple drives due to space. So, these systems would have a partioning scheme such as: hda0 - / hda1 - /var hda2 - /swap hda3 - /usr ... and so on depending on their drive capacity at the time. Please keep in mind that this OS (and it's ancestors) were running on systems that had multiple drives with 20mb or less in their day. The tree has constantly grown from those days. As such, many admins use this scheme today because they either have used this scheme for 10's of years and don't wish to change their ways. Personal and/or financial reasoning aside as to why they don't wish to change is totally their decision. Even so, there are some good points to this methodology. It provides the ability to not lose the entire system in the event of drive failure. In this method, having the root shell on another partition invites failure for the entire system should root's shell reside on a crashed / failed partition. No root, no repair capability. On the other hand, many admins use a system with a single drive in them and use NIS/NFS as their userland drive space. Some may even have /usr/ itself fed from NFS. In either method, if you want to use anything other than csh, you will need to move it to /bin. You want it to be uncorruptable in the event of breach. So, if you still wish to use bash as the root shell, copy the executable into /bin, add it to /etc/shells, and set it immutable ("chflags schg /bin/bash") so that in the event of breach, the shell is still unable to be modified and will be reachable in the event of NFS or partition failure. With the state of drives, raid arrays, etc in todays world, either way will work just as good as the other. Each person has their own preferences for their own reasons. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Opening ports
- Original Message - From: "Curtis Vaughan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, December 17, 2004 12:20 PM Subject: Re: Opening ports > > On 17 Dec, 2004, at 09:24, Curtis Vaughan wrote: > > > I realized that apparently by default most all ports are closed on my > > 5.3-Release box. The reason I say this is because besides port 22, 80 > > and 1 no other port seems to be open (based on a port scan). I > > just installed postfix and courier-imap and wanted to test ports 25 > > and 110, but they do not respond even though postfix is running, I > > have enabled the ports in master.cf. Also they are in /etc/services. > > > > Looking over documents and checking my install, /etc/rc.firewall is > > not enabled in /etc/defaults/rc.conf. > > > > I assume I could go through rc.firewall and set it up for those ports > > I need opened, and enable it in rc.conf, but whereas we have a > > gatewall/firewall for our company, I don't see a lot of > > reason for having all the ports closed down on this server. Is there > > an easy way to enable them all? > > > > Curtis > > > > OK, I've got courier-imap running now and it opened port 143, but there > is still no reply on 25. Which makes me think that the problem isn't > the fact that ports are closed, but that nothing is listening. > However, netstat shows: > > cod# netstat -na | grep LISTEN > tcp4 0 0 *.143 *.* > LISTEN > tcp6 0 0 *.143 *.* > LISTEN > tcp4 0 0 *.80 *.* > LISTEN > tcp4 0 0 *.25 *.* > LISTEN > tcp4 0 0 *.1*.* > LISTEN > tcp4 0 0 *.22 *.* > LISTEN > tcp6 0 0 *.22 *.* > LISTEN > > So, something is listening on port 25, but why no response to telnet > requests? > > Curtis > I realize that this may sound strange, but do you have an allow in your hosts.allow file for sendmail? Sendmail now uses wrappers by default as I recall, and without it, you'll get refused. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Lost am I (FreeBSD4.10)
- Original Message - From: "Kevin D. Kinsey, DaleCo, S.P." <[EMAIL PROTECTED]> To: "Matthew Seaman" <[EMAIL PROTECTED]> Cc: "gazwacker the kazmaster" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Saturday, November 20, 2004 3:52 PM Subject: Re: Lost am I (FreeBSD4.10) Matthew Seaman wrote: On Fri, Nov 19, 2004 at 11:19:05PM -0500, gazwacker the kazmaster wrote: Annoyed am I. For mine computer hath been tampered upon by a fool which hath deleted mine "/usr/share" folder. I have the installation CD, now how would I re-install my purloined portfolio? (If no one knows how to do that, a copy of the "/usr/share/misc/termcap" file would suffice) Grab the system sources via cvsup, and do a 'make world' cycle as described here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html and here http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html That will reinstall the contents of /usr/share along with all of the rest of the system -- sure, it's a sledge hammer, but it will crack this nut very effectively. Nb. you should always compile a new kernel to go with the new system -- having kernel and world out of synch tends to cause a number of oddities of behaviour in the system. Cheers, Matthew Lo! A large hammer indeed. Might not he simply changeth to /usr/src/share (if he indeed hath such) and typest "make install" as root? Kevin Kinsey ___ Are ye the wise owl in the woodline yonder? Thou must be for thou has provided rich knowledge upon those in need. So sayeth Kevin, so mote it be. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: What is preferred method to get new software on 4.10 stable?
- Original Message - From: "Andy Firman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 15, 2004 9:33 AM Subject: What is preferred method to get new software on 4.10 stable? > > Let's take Clamav for example. My freshclam logs say this: > WARNING: Your ClamAV installation is OUTDATED - please update immediately ! > > So, I have clamav-0.75.1 installed from ports. > > What would be the proper way to get clamav .80 installed? > > pkg_delete clamav-0.75.1 and then install .80 from source? > > Or is there some mechanism to get .80 in from the ports? > > > Thanks, > Andy If you're ports tree has been kept up to date, you can go into the clamav ports dir and run make deinstall, then make reinstall right behind it to update it to current. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How can I specify the ipaddress in smbfs entry in fstab?
- Original Message - From: "Mark Jayson Alvarez" <[EMAIL PROTECTED]> To: "albi" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, November 03, 2004 7:46 PM Subject: Re: How can I specify the ipaddress in smbfs entry in fstab? --- albi <[EMAIL PROTECTED]> wrote: hi, > mountpt > //[EMAIL PROTECTED]/mp3s /mp3 you can probably use e.g. //[EMAIL PROTECTED]/mp3s /mp3 It still doesn't work. I remember mounting it manually using the command mount_smbfs -I ipaddress //[EMAIL PROTECTED]/mp3s /mtpoint I don't think substituting ipaddress(eg, 10.1.1.1) for "samba" in [EMAIL PROTECTED] will make any sense because I still have to specify its IP address using the "-I" option whenever I mount it manually. in your /etc/fstab, but of course you can also add your samba-server in /etc/hosts tried it also, but didn't work. Anymore idea? thanks. If you trust those with root access on your system, you can use the /etc/nsmb.conf file and configure that with the proper info for the remote server: [HOST:USER:SHARE_NAME] addr=HOST_IP password=USER_password_on_remote_system workgroup=domain/workgroup ... then edit your fstab to something like: //[EMAIL PROTECTED]/SHARE /mountpointsmbfs rw,-N,-I=remote system ip 0 0 USER, HOST, SHARE are the same as in the nsmb.conf file, and I've found that these are often case sensitive. If the password is listed in nsmb.conf, then the -N in the fstab entry will use that password and not require you to enter it. Once done, a simple mount /mountpoint should get you on your way. Hope it helps. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [OT] Re: Serious investigations into UNIX and Windows
. - Original Message - From: "Ted Mittelstaedt" <[EMAIL PROTECTED]> To: "Ed Budd" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, October 29, 2004 1:03 AM Subject: RE: [OT] Re: Serious investigations into UNIX and Windows -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ed Budd Sent: Wednesday, October 27, 2004 10:54 AM To: [EMAIL PROTECTED] Subject: [OT] Re: Serious investigations into UNIX and Windows It doesn't seem to matter whether the topic is international affairs or computer science, when the discussion degenerates to grandiose and overgeneralized assessments regarding "human nature" it's time for the thread to die, at least IMHO. No, we haven't brought Hitler and the Nazi's up, yet, so we are still viable. ;-) Ted You can have that discussion by yourself, I won't jump into that fire pit. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: dummynet
. - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 28, 2004 5:39 PM Subject: Re: dummynet In a message dated 10/28/04 6:07:18 PM Eastern Daylight Time, [EMAIL PROTECTED] writes: As far as being "nowhere as good as you can buy", take a WatchGuard Firebox X1000 for example, they're pretty popular because they work. People that use them always tell me they prefer them to any *Nix based solution. By that statement, I know they've not really looked into that unit because the developers plainly state that it runs on a Linux hardened kernel. It terminates vpn connections, both ipsec and pptp, rate limits, nats and firewalls. All of the very same features you can do with Linux or FreeBSD using the appropriate packages. --- I never said anything about the O/S not being able to do it... "works" is a relative term. Most of the linux firewall/bwmgt boxes are just the same marginal stuff in the native O/S with a front end. Its better than nothing, but no better than dummynet, so no sense bringing them up. Allot's stuff runs on linux, etinc's stuff runs on both linux and freebsd. So it certainly can be done on un*x. The problem with dummynet is that once you do all the work and figure it all out, its still only marginally functional compared to something relatively inexpensive. So instead of buying the $3500 box that is everything you need, you've spend $800 on hardware, $2000 worth of time, and you still have something not nearly as good. One question, have you ever used dummynet? If so, I'm curious as to why you find it only marginal. Not to be rude, but if you've not used it, please stop trolling. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: dummynet
- Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, October 28, 2004 3:58 PM Subject: Re: dummynet > In a message dated 10/28/04 12:52:14 PM Eastern Daylight Time, > [EMAIL PROTECTED] writes: > >>Funny, I thought that's what Dummynet did. It seems that you wouldn't > >want to steer a user into a horribly overpriced closed-source > >rate-limiting solutuion when it's available for free in the OS. > > >BTW: Nice email addr. ;) > > Ah, but its not really "available" for free, because the free ones don't work > well, aren't supported and don't scale. Plus it seems that unless you > value your time at $2./hr its already cost you more than the $800. to try to > use the "free" stuff. Are you planning on completely rewriting it yourself > using dummynet as the code base? What good is open source if > the entire code base is nowhere near as good as what you can buy? > You would really struggle with an inadequate open source solution > rather than pay for something that works? > > TM I'm just curious to know if you're ever actually looked at the hardware options to see what OS they function on. I think you'd be surprised to find that many of the more popular ones, are running on some flavor of either BSD or Linux. On the support issue, dummynet is supported by it's developer, Luigi Rizzo and he literally begs you to contact him directly if you locate a bug in the subsystem, need some questions answered and even offers his support under contract if you prefer. "3. Support If you have found some bug, please report it to me by email, but don't forget to include information on which version of FreeBSD and dummynet you are using, your rules (ipfw show; ipfw pipe show), your configuration (bridge or router) etc. If you have a simple question, again just email me and i generally try to reply as soon as possible. Again, please supply details! For more complex things (like "i have no time to learn how to use it, i just want this work done"), or customizations and additions of new features to dummynet/ipfw, I am available (through my department) for doing support on a contract basis. Email [EMAIL PROTECTED] for discussing details." As far as being "nowhere as good as you can buy", take a WatchGuard Firebox X1000 for example, they're pretty popular because they work. People that use them always tell me they prefer them to any *Nix based solution. By that statement, I know they've not really looked into that unit because the developers plainly state that it runs on a Linux hardened kernel. It terminates vpn connections, both ipsec and pptp, rate limits, nats and firewalls. All of the very same features you can do with Linux or FreeBSD using the appropriate packages. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sendmail just wont work
- Original Message - From: "nocturnal" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 28, 2004 10:31 AM Subject: sendmail just wont work > Hi > > I don't think i'll be lying when i say that i've setup close to a > hundred FreeBSD servers(or 100 times) and the last one i setup was for a > dedicated server customer but it has me stumped cuz sendmail just wont > work on it, i used to get some localhost related errors in > /var/log/maillog which i did not save. > It did say something about Connection refused by localhost. In rc.conf i > have sendmail set to NONE since it's not a smtp server, only a webserver > and i have other webservers which have the sendmail option in rc.conf > set to NONE but on them people can use the php mail function just fine. > The issue is mainly that they want to use the mail() function in PHP but > i've also tried just sending mails from the command line with sendmail > and with the t argument but it never works. > > I don't know what else to say, if you need more info about the system > then ask me. It's FreeBSD 4.10 and here are some config files. > > /etc/hosts > ::1 localhost.polarfilm.com localhost > 127.0.0.1 localhost.polarfilm.com localhost > #213.80.36.150 web01.polarfilm.com web01 > #213.80.36.150 web01.polarfilm.com. > > - > /etc/rc.conf > defaultrouter="secret" > font8x14="iso15-8x14" > font8x16="iso15-8x16" > font8x8="iso15-8x8" > hostname="web01" > ifconfig_fxp0="inet secret netmask secret" > inetd_enable="NO" > kern_securelevel_enable="NO" > keymap="swedish.cp850" > nfs_reserved_port_only="YES" > scrnmap="iso-8859-1_to_cp437" > sendmail_enable="NONE" > sshd_enable="YES" > hostname="secret" > usbd_enable="NO" > moused_type="NO" > moused_enable="NO" > linux_enable="YES" > --------- > -- > > > > With kind regards > > Stefan > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" In your /etc/hosts.allow file add "sendmail: 127.0.0.1 : allow" and see if it helps. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Serious investigations into UNIX and Windows
. - Original Message - From: "Ted Mittelstaedt" <[EMAIL PROTECTED]> To: "Micheal Patterson" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, October 27, 2004 3:24 AM Subject: RE: Serious investigations into UNIX and Windows I'll make this short, sweet, and to the point. The Human Race, is by nature a lazy race. We, as in, ALL humans, strive to make our life easier. I'm well aware of monopolies and their effect on us. I'm also aware of how technology has changed our lives. If you think that you, or I don't have it easy? Go check out the Amish. Ask them about why they don't have autos, or computers, electricity, running water, internal plumbing or any other item you and I take for granted on a day to day basis. Live for a year in the middle east in a tent, with none of those items and tell me that you'd not be thrilled to have a toilet to sit on again. As for your Milk monopoly, a few words, Pail, Bucket and grab an udder and "roll your own". Unless you own the source of a product, you can't monopolize it, or prevent others from undercutting you. Don't harp on me about the internet and it's creation and how or why it was designed. I know why it was designed as I was a part of the US Air Forces side of it's inception. It's initial civilian usage was designed to allow colleagues from the testing universities to share data quickly and efficiently. DNS was designed because a host file couldn't hold every host that used it. The US Military had an interest in it as a possible redundant network in the event that Autovon, or Autodin failed and wanted a non-centralized network that could still function in the event of catastrophic failure of their internal communications network. Bottom Line. We're lazy, we've always been lazy and damn it, we WILL always look for something easier, more convienient that can do more. So, to you, Windows is harder to administrate, to me Unix is harder to administrate. Who do you think's had to spend more time on the phone getting someone else to answer their questions and who's had to look it all up themself? I don't call MS for my issues. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Serious investigations into UNIX and Windows
- Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, October 26, 2004 12:32 PM Subject: Re: Serious investigations into UNIX and Windows In a message dated 10/26/04 12:24:06 PM Eastern Daylight Time, [EMAIL PROTECTED] writes: > If you think that administering a Windows server is so simple then > answer the following test: > > How do you lock down an Exchange 5.5 server to prevent a spammer from > using it as a relay. > So who was the one who said either was "easy"? I said it takes a higher talent level to generally administer a un*x box than a windows box. I don't think that just because you can think of something thats not easy to do in windows makes any point at all. The fact that a un*x guy had to be called in to solve the problem says alot about the type of talent that is required to do most things that windows techs do. - I agree with you. However, it wasn't I that posed that question. :) -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Serious investigations into UNIX and Windows
- Original Message - From: "Ted Mittelstaedt" <[EMAIL PROTECTED]> To: "Micheal Patterson" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, October 26, 2004 1:20 AM Subject: RE: Serious investigations into UNIX and Windows > > > > -Original Message- > > From: Micheal Patterson [mailto:[EMAIL PROTECTED] > > Sent: Monday, October 25, 2004 9:44 AM > > To: Ted Mittelstaedt; [EMAIL PROTECTED]; [EMAIL PROTECTED] > > Cc: [EMAIL PROTECTED] > > Subject: Re: Serious investigations into UNIX and Windows > > > > > > Honestly, what makes you think that Windows is more complex in it's > > administration than a *Nix system? > > Well, the first thing that makes me think this is because the ISP I > work at has an arm of the businesses that is purely Windows > techs who companies pay to fix their Windows servers, and I get called > in to help fix lots of messes there pretty regularly. (even > though I do not have a MCSE myself) > > I've seen the stuff with my own eyes. It ain't pretty. > > If you think that administering a Windows server is so simple then > answer the following test: > > How do you lock down an Exchange 5.5 server to prevent a spammer from > using it as a relay. > > I know how to do it. No, it does not involve grubbing around in the > registry. No it is not documented, either. I know for a fact that > it isn't because I was in the conference call > where we had to do it, and the Microsoft support tech himself told us > it wasn't documented. > Are you referring to reconfiguring the IMC with: "Reroute incoming SMTP mail", then in Routing Restrictions, selecting "Hosts and Clients with these IP addresses" and leaving the data fields blank? If that's the method that you're talking about, it's only "non-documented" within MS's help files. It's plastered all over the web. Do a search on google for "MS exchange 5.5 open relay" and just look at the info that you get. If that's the issue that you're discussing, someone in your admin section just cost the company the price for the trouble ticket for no reason because they didn't bother to look for it. > > It's common knowledge that Windows is > > "easier" to manage. That's one of it's selling points and it always has > > been. "Windows is now easier than ever, just point and click". Tell me how > > many times have you heard someone say that about any *Nix OS currently > > available? > > > > Windows by itself is pretty useless as a server. It only becomes useful > when you start adding in all the other crap, like a mailserver (exchange) > a terminal server, a backup software, etc. People in the type of network that I'm in, only use Windows for applications that require it's use. Telerad, Centricity, and various other medical software that requires MSSQL. All other applications here on my network are using FreeBSD from 4.9 to 5.3.7 or AIX. > You have obviously never had to sort out a mess with Veritos ie: Seagate > Backup on Windows. Backup is so hairy under Windows servers that even > Microsoft themselves is afraid or unable to release a backup program > with the operating system that backs up open files. And SQL server, > Exchange, and any other serious server application ALWAYS has open > files under a Windows server. Oh, yes.. I've had my share of issues with Windows. Just as I've had with every other OS that I've used. I also know how to use login restrictions to force users out of the network so that the backups can occur to reduce the amount of open file skips as well. > > The human race as a whole, is always looking for something to make doing > > something easier for them. That's what drives our desire to contstantly > > design new technology. > > > > Hate to wake you with the clue phone but WE don't design new technology. > The people who design new technology are the companies that produce > it. And they have agendas OTHER than just making your life easier. > Such as making money. Why do you think that there's a new version of > Microsoft Word every couple years? Can you tell me with a straight > face that each new version of Word has made it easier to type a > typical business letter? Clue phone? How about letting me smack you in the forhead with a clue bat. You speak about companies having other agendas. Yes, that's true. Pray tell, do answer the inevitable quesiton. How is it that companies, corporations and other big business are able to make that profit? Do they force their wares onto the
Re: Serious investigations into UNIX and Windows
- Original Message - From: "Ted Mittelstaedt" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Sunday, October 24, 2004 4:54 AM Subject: RE: Serious investigations into UNIX and Windows > > There > > are more people around that can administer MS systems than unix, > > Yes, > > > and it can > > be done with a lower level of talent. . > > Having seen and dealing with the aftermath of networks owned by > people that thought that, I have to state your out of your gourd. > > Windows today is just as complex as any UNIX system. Sure, maybe > a decade ago a peer-to-peer network of Windows systems your > statement might have been true, but not today. > This type of discussion has been going around the world since Windows and *Nix first clashed. Windows has a gui, *Nix by default on most OS's, doesn't. To configure Windows, you point here, click there, right click and check properties here, add this information in the line provided. Click apply and the program runs and yet there are those that feel it is more complex than *Nix. I'll tell you what. You take any MS certified, high end admin, that's never seen a *Nix OS and see how far he gets. Just tell him to setup ftp with chroot environment, or bind, or heaven forbid Sendmail with rbl, access, virtual aliasing, etc. If he's never seen it, it'll take him forever. To those that live in the *Nix world, we can generally walk up to a Windows DC and make it do what we want. Do you really think that MS was the first to come up with MS Shares? What about AD User propogation to other DC's? DNS? Or even Mail? Where do you think they got those ideas from? Honestly, what makes you think that Windows is more complex in it's administration than a *Nix system? It's common knowledge that Windows is "easier" to manage. That's one of it's selling points and it always has been. "Windows is now easier than ever, just point and click". Tell me how many times have you heard someone say that about any *Nix OS currently available? The human race as a whole, is always looking for something to make doing something easier for them. That's what drives our desire to contstantly design new technology. o Man walked everywhere then he realized, riding a horse was faster and easier than walking 3 hours. o They designed a saddle for the horse because it was easier on the ass than barebacking it. o They designed a car because it was easier than riding a horse and thought to be faster in it's infancy. o Cars were made faster as the years went along because we wanted to get there faster. o The airplane was designed because people wanted to leave the ground and fly to wherever they wanted to go. o Helicopters were made because it's easier to land in a field with no landing strip than to build the runway for a plane. o Computers were made because people got headaches doing complex calculations and wanted something that could do it for them and do it faster as well. and so on and so forth. The human race, as a whole, is lazy and always looking for something to make their lives easier. In this day and age of computer technology, MS provides that to us better than *Nix does. Yet, there are those that are adamant that Windows is more complex than *Nix is. How ironic. > Ted > -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Internet Access
- Original Message - From: "Li Davis" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 21, 2004 11:58 PM Subject: Internet Access Hi, I am switiching my OS over to FreeBSD. Hopefully, that is. My DSL service with SBCYahoo said that they can't integrate with FreeBSD. I have to find someone in the area I live that will work before my first 30 days is up with SBC, so I can cancel the one year contract without big $ penalties. It seems like it should work, from what is said about FreeBSD. Could you please help me with this? Thank you. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" I have various sites that use SBC dsl just fine. SBC doesn't know officially support FreeBSD which is kind of surprising these days as various other venders (via google search) have setup info for freebsd and their service. At any rate, it will work. Since all new service via SBC uses PPPOE, that will need to be configured on your system to use dsl via SBC. Have a look at the handbook link below. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/pppoe.html -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: vpn
. - Original Message - From: "Dmitry Chorine" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, October 18, 2004 1:56 PM Subject: vpn Hello I need to be able to connect to my FreeBSD server using VPN client that comes with Windows 2000/XP. 1) I would like to be able to surf internet but I don't want others to see my real public IP, only public IP of my FreeBSD server. 2) Is it possible to use only software part that comes with FreeBSD itself? Without installing any 3rd party applications even from ports? (like I found in handbook how to do side-to-side vpn) but I need to be able to "dial-in" using windows's client. Thanks in advance ___ mpd from ports will terminate 128bit pptp connections via freebsd with the native Windows 2000/XP pptp client. I use it all the time. That would be the only thing you will need to intall and it's server side only. "Multi-link PPP capability PAP, CHAP, and MS-CHAP authentication PPP compression and encryption Point-to-Point Tunnelling Protocol (PPTP) PPP over Ethernet (PPPoE) RADIUS (authentication and accounting) " -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Read-Only file system
- Original Message - From: "steveb99" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, October 14, 2004 4:28 PM Subject: Read-Only file system > I appear to have hosed myself and having trouble finding out what I do > and how to fix it. It appears that many of my file-systems are now > saying they are read-only and I can't do anything with them, even when I > login as root. > I'm still learning so not a production mess. Can someone point to me how > a file system can become Read-Only, the file permissions are fine. > Also can this be repaired if so what should I be reading to learn to do > that. > > TIA, > Steve B. First thing I would look at would be to make sure that the settings in /etc/fstab are configured to be mount your slices as read write (rw) instead of read only (r). Your /etc/fstab should have entries similar to the one below. This would be a normal one. /dev/da0s1a / ufs rw 1 1 Where you see rw, if that is an r only, then the file system will be mounted as read only and cause your problem. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD 5.x and Lint
- Original Message - From: <[EMAIL PROTECTED]> To: "'Kris Kennaway'" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, September 30, 2004 4:29 PM Subject: RE: FreeBSD 5.x and Lint > >From the handbook: > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-confi > g.html > > In FreeBSD 5.X and later versions you can still generate a buildable LINT > file by typing: > > # cd /usr/src/sys/i386/conf && make LINT > > Kevin Glick > ITS Manager > [EMAIL PROTECTED] > Sterling Business Forms I'm not concerned about the LINT generation, I'm concerned with the lack of comments within LINT now compared to the 2.x, 3.x and 4.x trees. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD 5.x and Lint
- Original Message - From: "Kris Kennaway" <[EMAIL PROTECTED]> To: "Micheal Patterson" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, September 30, 2004 4:25 PM Subject: Re: FreeBSD 5.x and Lint On Thu, Sep 30, 2004 at 04:22:27PM -0500, Micheal Patterson wrote: > Stupid question maybe, but are there any plans on putting the comments back > into Lint? I realize that these may be documented within the online > handbook, however, for those of us, who at times are required to go to a > remote site, and the net link has failed, needing to recompile something > without comments or access to the handbook is a problem. They're in NOTES instead, from which LINT is autogenerated. Kris --- Just out of curiosity, have you compared 5x NOTES to a 4.10 LINT and see what's missing? I don't see anything on FIREWALL or IPFW or even IPF within the 5.x NOTES, whereas within a 4.10 LINT, you have all the information for the various settings. You need to cross reference the 5.x LINT, NOTES and Handbook now to get the information you had within one single file within the 4.x branch. Not that I'm really complaining, it's just that from all of the various other version updates to FBSD, from 2.x to 3.x, from 3.x to 4.x everything you needed to know about the kernel options was contained within one single file. With the jump from 4.x to 5.x, it's no longer the same. There was a time, when you could take LINT, remove what you didn't need and actually build your kernel and maintain the comments so you knew exactly what you had within your kernel. That's no longer an option unless one desires to recombine NOTES and LINT themself. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
FreeBSD 5.x and Lint
Stupid question maybe, but are there any plans on putting the comments back into Lint? I realize that these may be documented within the online handbook, however, for those of us, who at times are required to go to a remote site, and the net link has failed, needing to recompile something without comments or access to the handbook is a problem. Thanks. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: natd not doing anything
- Original Message - From: "Alex de Kruijff" <[EMAIL PROTECTED]> To: "Micheal Patterson" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, September 29, 2004 10:51 AM Subject: Re: natd not doing anything > This is not a problem. First ipfw and ipf are two different firewall > rules. Its perfectly ok for one to deny everything by default and the > other to accept everything. Also both firewalls can be used to gether. > Secondly where one to set something like this for one firewall, then > that firewall would most likly pick only one setting. > > He probly don't use ipf and thus can remove IPFILTHER lines. All this > does is to make the kernel a bit smaller. > > -- > Alex > > Articles based on solutions that I use: > http://www.kruijff.org/alex/FreeBSD/ Oops.. my bad. I missed that it was IPFilter and IPFW. As for the double nat, that can be an issue as I've recently had that exact same problem. If his router / natd unit isn't configured to provide nat for the range he is using, it will fail due to routing. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: natd not doing anything
- Original Message - From: "Alex de Kruijff" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, September 29, 2004 10:05 AM Subject: Re: natd not doing anything > I changed the list from current@ to questions@, since you question is > not only for CURRENT. > > On Tue, Sep 28, 2004 at 09:11:39PM +1000, Rebecca Dridan wrote: > > Hi all: > > > > I am having some issues with network set-up. I'm running CURRENT as of > > 26th September, with an ipfw firewall and natd. I have one gateway > > machine with one external NIC and 3 internal NICs. At present nothing from > > my internal machines can get out. I've reduced the firewall (temporarily) to > > a basic > > ipfw -f flush > > divert natd ip from any to any via fxp0 > > allow ip from any to any > > > > When I turn logging on, I see the packets being diverted, and then > > accepted by later rules, but not being rewritten in between, ie > > > > ipfw: 30 Divert 8668 TCP 192.168.7.2:54619 :1025 out via fxp0 > > ipfw: 70 Accept TCP 192.168.7.2:54619 :1025 out via fxp0 > > >From the looks of that log entry, he's created a double NAT with 192.168.7.2 being the IP of fxp0, his outside interface. If his next link (router?) isn't configured to do NAT for the range he's using on fxp0, he'll not have a back channel for the traffic to respond to and routing will fail. The end result, is the problem that he's encountering. > > options IPFILTER_DEFAULT_BLOCK #block all packets by default > > options IPFIREWALL #firewall - need for mac filtering > > options IPFIREWALL_DEFAULT_TO_ACCEPT#allow everything by > Your kernel is fine. Otherwise, you wouldn't have the ability to log or > to diverd. The later would result in packets being throuwn away at rule > 30. > He has both accept and block as the default configuration for the firewall. That's not fine. I honestly don't know if it may cause a conflict with them both defined nor which one would take precedence when both configured. I would recommend removing one or the other for the default action he wishes his firewall to take. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: random device settings on bind9
- Original Message - From: "Joshua Lewis" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 21, 2004 10:44 PM Subject: random device settings on bind9 I have set up bind 9.2.3 on 4.10. I followed the instructions for setting up random as per the instructions at the end of the bind install. the instructions say to add the rndc-key in my namd.conf. I was wondering if that is a good idea? Doesn't this file get quarried by people on the Internet. So am I basically just showing my secret key to everyone? Thank you, Joshua Lewis No you're not. The named.conf file doesn't get queried from the net. It's only function is to provide options to the daemon and how to respond to the rndc command channel. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Too many dynamic rules, sorry
- Original Message - From: "Norm Vilmer" <[EMAIL PROTECTED]> To: "Micheal Patterson" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, September 17, 2004 11:47 AM Subject: Re: Too many dynamic rules, sorry > Micheal Patterson wrote: > > > > - Original Message - > > From: "Norm Vilmer" <[EMAIL PROTECTED]> > > To: "Micheal Patterson" <[EMAIL PROTECTED]> > > Cc: <[EMAIL PROTECTED]> > > Sent: Friday, September 17, 2004 10:30 AM > > Subject: Re: Too many dynamic rules, sorry > > > > > > > > > >>I do have a check-state rule > >> > >>add 00200 check-state > >> > >>Norm Vilmer > > > > > > Ok. Then right above the check-state entry, place an > > > > allow ip from 123.123.123/24 to 123.123.123./24 > > > > Replace the ip's with the appropriate network/metric for your lan and that > > will allow lan traffic to go to itself unhindered by any stateful checks. > > > > -- > > > > Micheal Patterson > > TSG Network Administration > > 405-917-0600 > > > > > > > would this be the same? > > add 00200 allow all from any to any via ${iif} keep-state > add 00210 check-state > > The goal is to not use dynamic rules for your local lan, only the traffic from the lan to the net. Otherwise, you're wasting dynamic state table space for rules that aren't necessary. A very basic stateful ruleset: ipfw add 100 allow ip from 1.1.1.0/24 to 1.1.1.0/24 ipfw add 500 check-state ipfw add 600 allow ip from 1.1.1.0/24 to any keep-state ipfw add 65000 deny log ip from any to any That type of ruleset, will allow local traffic without using state table, and the entry at 1000 will catch everything else outbound and use state tables for it. If it's not originating from your network, and there's no state entry, it's blocked by 65000. -- Micheal Patterson TSG Network Administration 405-917-0600 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Too many dynamic rules, sorry
- Original Message - From: "Norm Vilmer" <[EMAIL PROTECTED]> To: "Micheal Patterson" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, September 17, 2004 10:30 AM Subject: Re: Too many dynamic rules, sorry > > I do have a check-state rule > > add 00200 check-state > > Norm Vilmer Ok. Then right above the check-state entry, place an allow ip from 123.123.123/24 to 123.123.123./24 Replace the ip's with the appropriate network/metric for your lan and that will allow lan traffic to go to itself unhindered by any stateful checks. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Too many dynamic rules, sorry
. - Original Message - From: "Norm Vilmer" <[EMAIL PROTECTED]> To: "Micheal Patterson" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, September 17, 2004 9:41 AM Subject: Re: Too many dynamic rules, sorry > Micheal Patterson wrote: > > . > > > > > > - Original Message - From: "Norm Vilmer" > > <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, September 16, 2004 11:57 PM > > Subject: Too many dynamic rules, sorry > > > > > >> If I repeatedly nmap my FreeBSD 4.10 machine configured with ipfirewall, > >> I get the message "Too many dynamic rules, sorry". Doing a sysctl -a > >> |grep ip.fw I can see the the net.inet.ip.fw.dyn_count has reached the > >> max value of 8192 that I set. The net.inet.ip.fw.dyn_ack_lifetime is set > >> to 300, so the dynamic rule count starts going down after about 5 > >> minutes after the simulated attack. > >> > >> Questions: > >> > >> When this happens, if my firewall still fully operational, in other > >> words can I safely ignore this message? > >> > >> Is there a way to fix this? > >> > > > > > > The error "Too many dynamic rules, sorry" will cause the system to drop > > any packets that are covered by a keep-state entry. So, the firewall, > > while operational, is in a dead lock down state for any outbound traffic > > until the dynamic rules clear out. I'm hoping that you're checking the > > system with nmap from behind it, because if your outside the firewall, > > then you're keeping state in inbound traffic and that's bad. You only > > want keep-state from traffic leaving that system, not to it. > > > > -- > > > > Micheal Patterson > > TSG Network Administration > > 405-917-0600 > > > > Confidentiality Notice: This e-mail message, including any attachments, > > is for the sole use of the intended recipient(s) and may contain > > confidential and privileged information. Any unauthorized review, use, > > disclosure or distribution is prohibited. If you are not the intended > > recipient, please contact the sender by reply e-mail and destroy all > > copies of the original message > > ___ > > [EMAIL PROTECTED] mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > > "[EMAIL PROTECTED]" > > > Thanks for your help. > > I was running nmap against my public or outside interface. This is my > first FreeBSD firewall, so I am sure my rules are not optimal, however, > the firewall appears to be doing what I want. I gathered these rules > from a number of how-to's and postings on the web with only a partial > understanding of what they actually do (yes, I know, problem # 1). > Here are the rules that I have that keep-state on the outside interface: > > #For DNS > add 01300 pass udp from ${oip} to any 53 keep-state > # For NTP > add 01400 pass udp from ${oip} to any 123 keep-state > # For VPN > add 01500 pass gre from any to any keep-state > # For ICMP > add 01600 pass icmp from any to any via ${oip} keep-state > > Do you think these are causing the problem? > > Norm Vilmer I don't recall if you're running ipfilter or ipfw on that system. I don't know ipfilter well enough to assist yet, but with ipfw, if you have a check-state entry above your keep-states, that may reduce the amount of dynamic rule entries that you'll have. What the check-state does, is to check the dynamic list, if an entry already exists, it stops processing rules there. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Too many dynamic rules, sorry
. - Original Message - From: "Norm Vilmer" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 16, 2004 11:57 PM Subject: Too many dynamic rules, sorry If I repeatedly nmap my FreeBSD 4.10 machine configured with ipfirewall, I get the message "Too many dynamic rules, sorry". Doing a sysctl -a |grep ip.fw I can see the the net.inet.ip.fw.dyn_count has reached the max value of 8192 that I set. The net.inet.ip.fw.dyn_ack_lifetime is set to 300, so the dynamic rule count starts going down after about 5 minutes after the simulated attack. Questions: When this happens, if my firewall still fully operational, in other words can I safely ignore this message? Is there a way to fix this? The error "Too many dynamic rules, sorry" will cause the system to drop any packets that are covered by a keep-state entry. So, the firewall, while operational, is in a dead lock down state for any outbound traffic until the dynamic rules clear out. I'm hoping that you're checking the system with nmap from behind it, because if your outside the firewall, then you're keeping state in inbound traffic and that's bad. You only want keep-state from traffic leaving that system, not to it. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: rl2 not working on otherwise functioning network/gateway
- Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 01, 2004 9:42 PM Subject: rl2 not working on otherwise functioning network/gateway Ok, if someone here can help me w/ this I will be really grateful. I turned to this list after a post on a forum offering the expected advice didn't help solve my problem. Basically my computer acts as a gateway for my network, and it functions fine. I then decided to add another network adapter so that I could add my file server to the network. But after making the necessary changes to my rc.conf, I found that the network card was "active", but had no IP address, and wasn't passing traffic. I'm attaching my dmesg, and the output from ifconfig rl2. Here are a few things I've tried to remedy the problem. You can't have multiple nics on the same network segment unless the system is in bridge mode. If you're wanting to route through, I assume, rl0 to the net, and have rl1 internal to the other system(s), you'll either have to bridge rl1 / rl2 together (man bridge) or renumber your internal systems to something other than the same network that rl1 is on. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: setup firewall/router/proxy
- Original Message - From: "Eric Brunner-Williams in Portland Maine" <[EMAIL PROTECTED]> To: "Steve Bertrand" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; "messmate" <[EMAIL PROTECTED]>; "freebsd-questions-en" <[EMAIL PROTECTED]> Sent: Wednesday, September 01, 2004 7:27 AM Subject: Re: setup firewall/router/proxy > Oki all, > > If it isn't too much of a bother, someone asked me the same question, > but for a platform I'm unfamiliar with -- a 2.4.18-6mdk (Mandrake) > linux distro. As the target is not freebsd, I'll be happy with any > technical response, and off-list is probably better than on. > > TiA, > Eric It's been a long time since I've played with Linux in general, last one was RH. If Mandrake has ipchains or ipfw, I'd say go with either and still use squid. It's popular, easy to configure, works well and has support. It shouldn't need any routing daemon as long as none of the advanced routing protocols are needed. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [OT] VPN issues with some windows users...
- Original Message - From: "Eric Crist" <[EMAIL PROTECTED]> To: "'Jonathan T. Sage'" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, August 17, 2004 8:48 PM Subject: RE: [OT] VPN issues with some windows users... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jonathan T. Sage Sent: Tuesday, August 17, 2004 8:51 PM To: Eric Crist Cc: [EMAIL PROTECTED] Subject: Re: [OT] VPN issues with some windows users... Eric Crist wrote: > Hello all, > > I'm sorry this is a bit off-topic, but you're the only truly > knowledgable group I know. ;) Some fellow users and I have been > having some issues connecting to a Cisco VPN system with the built-in > windows VPN software. While successfully connected to the internet > (at home, for example), I connect to the remote VPN. Instantly, my > internet connectivity seems to be lost, but I can use the VPN > perfectly fine. As soon as I disconnect, my internet connectivity is > completely restored. I have a second VPN I connect to using V-One's > SmartPass software, and I have no issues (i.e. everything works > perfectly, including my 'net connection). > > Anyone have any ideas? probably (although not definatally) is related to a misconfigured router on the cisco VPN not allowing internet traffic out. this might be intentional too. I run a very small vpn, and in order to keep connection times down (my user base is um well then) i have configured to not allow any traffic other than directly to the machine that hosts the vpn. dunno if this helps much, but might give you a starting point. Jonathan, Thanks for the quick reply. I'm not trying to access the internet through this VPN, I want to access the internet through my own internet connection, and have only the VPN traffic try to use the VPN tunnel. The SmartPass VPN connection resides just fine without interfering with my connection. This is what I'm hoping for. Does this make sense? Thanks, Eric F Crist Best Access Systems 11300 Rupp Dr. Burnsville, MN 55337 Phone: 952.894.3830 Cell: 612.998.3588 Fax: 952-894-1990 When I was using the Cisco VPN client to connect to our router as a terminator back in the olden days, there was an option for the security policy within the client software to totally disable access to non-secure networks while the client was active. I can't see Cisco changing that as time progressed. There's also a couple of things to consider when working with the built in vpn software for Win2k and WinXP. Windows, when connected via builtin VPN, will connect with the remote network and provide a metric of 1 for that route and it will also be flagged as a default gateway (remote network of 0.0.0.0) , it becomes your best, lowest metric, route to the world by design. I would say, that one of your vpn connections is configured to allow your traffic to pass through it to the net whereas one is not. Since my remote vpn users need access to medical web sites due to the nature of thier specific jobs, I have to provide them a method of either adjusting the metric on their individual systems or configure to allow their web traffic to proceed as required. To me, it's easier for me to allow their traffic and filter it heavily than to allow remote users in other states administrative control over their network settings. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: using FreeBSD within a cluster
- Original Message - From: "Š±ŠŠ¤ŠŠ ŃŠ„ŠŠŠŠŠ£ŠŠŠŠ" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 03, 2004 1:22 AM Subject: using FreeBSD within a cluster > Hi there. :$ > Perhaps it is not a good start for a letter to such an organization, but I hope to be excused (please). And, quite straightforward, i wish to ask you a question. I can't find an answer to it in any FreeBSD FAQ, so - > > The problem that I have is how to orgainze cluster between (with) a number of FreeBSD AND Linux servers. OR, if that is not suitable, using several FreeBSD servers. I couldn't find any information explaining that variant of using FreeBSD, so here goes the question: > > are FreeBSD-with-Linux clusters really possible? > > And, in case of positive answer, here is the next question - where can I find any information about how it will become possible? > How to make Linux/FreeBSD (preferably), or only FreeBSD servers work together in a cluster? > > Again wishing you all the best and waiting for answer - > Anton Suhonosenko > [EMAIL PROTECTED] > ICQ 143779294 > > P.S. I am sorry for my terrible english. Are you wanting to truely cluster the servers or are you wanting to load balance services (web, mail, pop3, etc) between a group of servers? -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: freebsd How do you restart rc.conf without rebooting
- Original Message - From: "Dan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, July 30, 2004 3:28 PM Subject: freebsd How do you restart rc.conf without rebooting How do you restart rc.conf without rebooting your machine. Dan /etc/netstart if I recall will reload and execute the settings within rc.conf without rebooting. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: BigApache for Windows - Why doesn't BSD have an installer
- Original Message - From: "DK" <[EMAIL PROTECTED]> To: "Jerry McAllister" <[EMAIL PROTECTED]> Cc: "Giorgos Keramidas" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, July 29, 2004 1:55 AM Subject: Re: BigApache for Windows - Why doesn't BSD have an installer > --- Jerry McAllister <[EMAIL PROTECTED]> wrote: > > > - Installing Packages is nice & easy & straight forward from the > > docs(should be more of these!) > > > - Installing ports/packages via ftp/net - Forget it!! > > > I have barely got BSD running, the last thing I want is connecting a BSD > > > box to my broadband > > > connection ?? Does BSD have a default firewall ?? Don't know, having > > > trouble installing stuff let > > > alone configuring a firewall via scripts/files > > > > You are probably better off and more secure with an initial install, with > > no additional work or tweaking, of FreeBSD on the net than you would be > > with a MS system with every know "fix" available. The system is > > inherently more secure and in addition - and maybe partially because of > > this - fewer, by far, attempts at cracking FreeBSD are made than are > > made against MS systems. Some of this is, of course, because there are > > much fewer FreeBSD systems out there to tempt kiddies. But, the fact > > that cracking FreeBSD is more difficult contributes to this effect. > > So if I do a default install of FreeBSD & then connect to the net for > ports/packages, is there a default firewall running in the background ?? No, but then again, there are hardly any services either. See, unlike Windows, you're not going to have the same issues with trojans and breeches. If it's just you, and you've not added anyone else, you're pretty damn safe. Root can't log in from remote at all unless you specifically change the options that would allow it. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Re: BigApache for Windows - Why doesn't BSD have an installerpackage like this ???
- Original Message - From: "DK" <[EMAIL PROTECTED]> To: "Guillermo_GarcĆa-Rojas" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, July 29, 2004 1:36 AM Subject: Re: Re: BigApache for Windows - Why doesn't BSD have an installerpackage like this ??? > > > > Can you live without your Windows 2000 GUI? Can you work without it? > > Why would I want to... a GUI makes life easier & makes my ability to do work > more productive :) Not really. Your windows 2k pro doesn't allow for remote administration unless you have pc anywhere running, or it's connected to a domain to allow remote management. If your gui crashes, the box dies. If IE crashes to far, the box will die. No pretty gui for you then. > > What if some big company ask you to work for them, but they have UNIX > > systems, are you prepared or can you handle that work? > > Any OS will take me about 1 week to get up to speed - if its a MS product, > about 2 days :) You've been playing with FreeBSD 4.10 for 6 days, and still have issues. You've played with 4.5 in the past also. Yet you still have problems. > > > One more thing, my OpenBSD 3.5 costs me $0, FreeBSD price is $0 too. > > Did you spend the same amount of money on your Windows 2000?? > > Yea 0$ - all my software is War... *cough* ... donated You should be used to the problems of not having docs on the software that's "donated" to your hard drive then. Except in this case, the docs ARE freely available, it would just appear that you decided to not use them and run head long into something you know little to nothing about. Not that there's anything wrong with that, but it's just like buying a car and not knowing it needs gas. First thing you'd do is blame the car for not running when if you look at the owners manual, it will plainly tell you that fuel is required. > > Kind Regards, > > DK > > > > __ > Do you Yahoo!? > New and Improved Yahoo! Mail - Send 10MB messages! > http://promotions.yahoo.com/new_mail > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: BigApache for Windows - Why doesn't BSD have an installerpackage like this ???
. - Original Message - From: "Ed Budd" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 28, 2004 5:59 PM Subject: Re: BigApache for Windows - Why doesn't BSD have an installerpackage like this ??? ...damn I have gone way off track here... sorry for the ranting people... but after 6 days straight of messing around trying to install Apache/MySQL/Mod_Perl/Mod_SSL/PHP.. I am a little tired... 3 days of that was trying to get a basic GUI/File Manager/Find Files/Editor working It must be very tiring and stressful to be a Troll. Perhaps you should consider another occupation... ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" If this wasn't a troll, perhaps he needs to stick with Windows until he has a better understanding of what the difference between workstations and servers really are. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Firewall, OpenVPN and Squid question
- Original Message - From: "Paul Hillen" <[EMAIL PROTECTED]> To: "Steve Bertrand" <[EMAIL PROTECTED]>; "Paul Hillen" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, July 21, 2004 1:33 PM Subject: RE: Firewall, OpenVPN and Squid question > I have around 100 users at our site that would require the use of squid, we > house are own webserver, mail server, public DNS servers in the DMZ and 2 > private DNS servers on the internal network, used by both Internal and VPN > users. > > Sites connecting Gateway to Gateway, there are apprx as follows; > Site 1 - 25 users > Site 2 - 5 users > Site 3 - 12 users > Our site VPN users are Apprx 25, and about 50% of them are connected at any > given time. > > My first thought is to put up a Firewall box that can the load of publishing > many internal boxes and "publish" a box with OpenVPN and another for SQUID > and just keep them all separate. > > Will this setup put to much strain on the FIREWALL box or will it have no > problem handling the NAT/ROUTING in this configuration. > > Thanks in advance > Paul > Considering that many of the current hardware firewall solutions aren't much more than either a BSD or Linux kernel in a ROM chip, with a 486 or 586 based cpu, memory, and a nice gui (Windows or Internal Web interface), I can't see why a similar system on a PC would be any different. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: VPN server
- Original Message - From: "lycanthrope" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, July 13, 2004 6:59 PM Subject: VPN server > hello > I would like to setup my freebsd 5.2-CURRENT box as a VPN server for windows 2k/xp clients, and enable them to use internet (PPPoE ADSL) connection. the clients are on various subnets connected to my box via LAN. > I consider using pptop port for setting up VPN server, but if you have some other idea, please tell me...all I need is it to support win clients (and authentication usrname/pass) and I want the users to be able to access internet..that's all... > the simpler the merrier :) > > thank you!! > > regards,marin > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" If you want to support mppe128, you can use netgraph-mpd (/usr/ports/net/mpd/ in the 4.x tree) It supports username / pass and ip to the vpn client. I would imagine this is also available in the 5.x tree as well. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OK i feel stupid about this noob question but....
- Original Message - From: "Jammet" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, July 10, 2004 3:52 AM Subject: OK i feel stupid about this noob question but > I dont know whats wrong with me but for some reason i cant add users to > my system. I go through the whole bit of adduser -s but it asks "user > names must match reguilar expressions [regext] " ... I dont even > remember that happening when i use to add users or i might just be going > insane, anyways i put in regext or the username or something but when i > finaly get through the other 4 questions on there and get to acually try > to add the user it says it must follow the expression ... I decided to > beat my head agenst my desk to see if i could knock something lose, > anyone wanna help with this? i have added users before ( back when i > first got everything installed about 2 years ago) and have not really > needed to since, but now im trying again.. > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > Jammet, adduser.conf doesn't yet exist on your system and adduser is asking you for the defaults. If you accept the default entries, it will ask you at the end to save them. Tell it yes and run add user again and you're all set and back to your normal routine. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NATD Port Forwarding question
Is the system configured to accept remote desktop requests? Windows XP has it disabled by default. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. - Original Message - From: "Jon Kurjakovich" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, July 04, 2004 3:57 AM Subject: NATD Port Forwarding question > Hi there, > > I am currently using FreeBSD 4.8-RELEASE. I do plan on upgrading to > 5.2-CURRENT shortly but I know people who are using 5.2-CURRENT and are > experiencing the same problem as me. If this email is not appropriate in > this mailing list, could you please forward me to the correct one. Thank > you. > > My problem: I am trying to use NATD to forward packets to machines on > the internal network using the redirect_port command. I am specifically > trying to connect to a Terminal Server on a Windows 2000 machine. It > never seems to work for me. I am running natd using the following > command: natd -f /etc/natd.conf with the following options in my > natd.conf file. > > interface tun0 > same_ports yes > use_sockets yes > unregistered_only > redirect_port tcp 192.168.1.2:3389 3389 > > When I create an SSH tunnel using putty, that works fine. It is only > when I try and use natd w/ port-forwarding that it doesn't work. I > configure an extremely open firewall to ensure it is not my firewall > causing the problems. The commands I use are: > > /sbin/ipfw -f flush > /sbin/ipfw add 50 divert natd all from any to any via tun0 > /sbin/ipfw add pass all from any to any > > If anybody could shine any light on this problem for me - it'd be > greatly appreciated. I have been trying to resolve the problem > on-and-off for months now to no avail. I finally decided I should try > the mailing list. > > Thanks. > > Regards, > Jon > > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Routing problem in IPv4/IPSec VPN environment
- Original Message - From: "James P. Howard, II" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, June 29, 2004 2:57 PM Subject: Routing problem in IPv4/IPSec VPN environment > As a personal favor, I am building a VPN for a small business. I > have chosen FreeBSD for this due to my greater familiarity. The > project will consist of linking four sites, each with a FreeBSD > system providing DHCP, NAT, and VPN services. I have built DHCP and > NAT servers before, but the IPSec and VPN is new to me. > > Right now, the first two systems are nearly complete. The two > machines are named goldengate and waltwhitman. Here's the IP > config, currently: > > goldengate: external 192.168.1.101 internal 10.1.1.1 > waltwhitman: external 192.168.1.102 internal 10.1.2.1 > > The external interfaces are in the reserved space because testing is > taking place behind a cable/DSL router providing NAT services. The > output of "gifconfig -a; ifconfig -a; netstat -rn" for each will be > provided at the end of this message. > > IPSec, with Racoon, is properly exchanging keys. From goldengate, I > can ping 10.1.2.1 and from waltwhitman I can ping 10.1.1.1. > > If a Windows computer is connected behind either system, they > receive an IP (10.1.x.254, where x is the network number). > > The problem is, if behind the 10.1.2.1 firewall, I cannot ping > 10.1.1.1 and vice-versa. I assume, at this point, this is some type > of routing issue and not a problem with IPSec. This seems to be > confirmed by the fact tracerouting to the local internal interface > goes through the *other* internal interface first: Not to be disrespectful, but did you do what I've done in the past and forget to enable forwarding so the systems can route traffic? [EMAIL PROTECTED]/>sysctl -a |grep forward net.inet.ip.forwarding: 1 If not, make sure that gateway_enable="YES" in rc.conf and reboot, or sysctl net.inet.ip.forwarding=1 from command line to enable it without a reboot. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: upgrading the perl installation problems.
- Original Message - From: "Eric Crist" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, June 12, 2004 2:13 AM Subject: upgrading the perl installation problems. Hello list, I'm trying to install mimedefang from ports, but I get the error: ===> mimedefang-2.43_1 Port requires perl 5.6.1 or later. Install lang/perl5 or lang/perl5.8 then try again. I cd to the correct directory, type make install clean, get the 'all ok' from installation telling me it's reinstalled, and type: #perl --version and get: This is perl, version 5.005_03 built for i386-freebsd What am I missing in this process? TIA. --- You're missing one of the last warnings during the make of perl5.x from the ports tree.. use.perl. Usage: /usr/local/bin/use.perl port -> /usr/bin/perl is the perl5 port /usr/local/bin/use.perl system -> /usr/bin/perl is the system perl -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Backup question
- Original Message - From: "Karen Donathan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 09, 2004 9:29 AM Subject: Backup question > Hello. > > What is the best way to back up the html directory? We do not have a > tape drive. Is there a way to have an automated .tar file created and > sent as email so I could save it on another server? Any help would be > great! > > Thanks > Karen Donathan > George Washington High School > Charleston, WV > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" Sure, have a crontab do the tar daily and then use mutt to send it as an attachment to the desired email address. Keep in mind, if you're not doing the mail services yourself, some mail servers limit the file size of attachments. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipnat and ipfw dummynet
- Original Message - From: "Nelis Lamprecht" <[EMAIL PROTECTED]> To: "FreeBSD Questions Mail List" <[EMAIL PROTECTED]> Sent: Friday, June 04, 2004 7:43 AM Subject: ipnat and ipfw dummynet Sorry, I failed to point out my current network configuration. I have 2 internal networks which use NAT, one class C ( 192.96.48.0/24 ) and one rfc1918 ( 192.168.1.0/24 ). The internal interface(bge1) is configured with the class c network and I have added a route to bge1 for 192.168.1.0/24. All traffic on the 192.96.48.0/24 network internally is routed via the gateway to get to the 192.168.1.0 network. Hope that makes sense. Nelis On Fri, 2004-06-04 at 14:43, Nelis Lamprecht wrote: > Hi, > > I'm interested to hear how people utilise dummynet in a NAT environment. > How does one create a pipe for a NAT network without effecting the > actual LAN speed ? For example, on the gateway: > > $fwcmd add pipe 1 ip from 192.168.1.0/24 to any out > $fwcmd add pipe 2 ip from any to 192.168.1.0/24 in > $fwcmd pipe 1 config bw 128Kbit/s > $fwcmd pipe 2 config bw 128Kbit/s > > The above example would be fine if 192.168.1.0/24 were only talking to > the internet but unfortunately it also effects the machines from talking > to each other internally. The only interface you can specify is the > internal interface(bge1) because this is the only time that ipfw will > see the addresses before they are passed to NAT(ipnat) and will not be > seen on the external interface(bge0). So basically the above example > should be written as: > > $fwcmd add pipe 1 ip from 192.168.1.0/24 to any out via bge1 > $fwcmd add pipe 2 ip from any to 192.168.1.0/24 in via bge1 > > This however will also give 192.168.1.0/24 an internal LAN speed of > 128Kbit/s which is to say quite humorous ;-) > > What is the solution to this ? ..I'm obviously missing something. The > internal interface is not firewalled. > > > Many thanks, -- Nelis Lamprecht Nelis, this may help. Remember, that ipfw goes through the rulesets until it finds a match and will stop at that point. So, to provide rate limiting as well as allowing traffic on the lan to go all out, place allow rules before the pipes to specifically allow traffic between your lan ip ranges unhindered. #Rate Limit Settings $fwcmd pipe 1 config bw 128Kbit/s $fwcmd pipe 2 config bw 128Kbit/s #Unrestricted LAN Access Allows $fwcmd add allow ip from 192.168.1.0/24 to 192.96.48.0/24 $fwcmd add allow ip from 192.96.48.0/24 to 192.168.0/24 #Rate Limit Rules $fwcmd add pipe 1 ip from 192.168.1.0/24 to any out $fwcmd add pipe 2 ip from any to 192.168.1.0/24 in Hope it helps. It's been awhile since I've done any rate limiting, but as I recall, that should do the trick. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Access Windows share from FreeBSD (Cannot write)
- Original Message - From: "Dustin" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 02, 2004 12:17 PM Subject: RE: Access Windows share from FreeBSD (Cannot write) > I'm able to read from the smb share but I cannot write to it. > Permissions in XP are set up correctly, do you know why I wouldn't be > able to write to the directory? > > ~dustin > If I recall this particular problem correctly, Windows uses 2 sets of permissions. Permissions on the files/folder itself and then share permissions to that file/folder. Whichever is more restrictive is honored when an attempt is made to write to it. Make sure that the proper permissions are in both places. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sophos anti virus and mailmonitor on freebsd
- Original Message - From: "Frank Mueller" <[EMAIL PROTECTED]> To: "Thomas Farrell" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, May 24, 2004 1:12 AM Subject: Re: sophos anti virus and mailmonitor on freebsd > I wonder who should ever need mailmonitor in FreeBSD > Here we are running Sophos on several FBSD machines and we use amavis to make it scan and filter > our mails. That works perfectly and so I see no need for mailmonitor at all. > > Greetz, > > Frank > While it is true that Sophos sweep will run under Amavis, and that's all you need, if you're processing mail with that system, then it's considered a mail gateway to them legally and you have to purchase the mail gateway version to legally use it. Trust me on this, I went round and around with this problem because when I ordered Sophos for FreeBSD a couple of years back, I specifically asked about the ability to use it on our mail server and everything was good. This was before they offered their mail gateway system. Earlier this year, our license was about to expire so I went to renew and was shocked to hear that I was now in violation of my license. I informed them that it was running on my smtp server, and was then informed that their licensing had changed and now, I needed to purchase the product for the mail gateway. All I needed was to be able to run sweep, but we were going to be forced to buy the Enterprise edition for mail gateways in order to continue using it. A Network Server != SMTP Server to them. I see no reason to purchase the entire mail gateway package as it's not necessary, however to be legal with them, it is. Hence the reason that we switched to another av package and pulled sweep from our server. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Multiple CPUs
- Original Message - From: "Nicholas Bernstein" <[EMAIL PROTECTED]> To: "freebsd-questions" <[EMAIL PROTECTED]> Sent: Friday, May 21, 2004 5:55 PM Subject: Multiple CPUs > How can one detect if a system is using multiple CPUs? > I'm running freebsd 4.9 and I was hoping that either uname or top would > give some information as to whether or not the second cpu is being used. > dmegs outputs the following: > > CPU: Intel(R) Xeon(TM) CPU 2.40GHz (2399.33-MHz 686-class CPU) > > but I want to make sure that this is not just showing it's been > detected, as opposed to being used. > > -- > Nicholas Bernstein, Unix Systems Administrator > Document Systems Inc. > http://docmagic.com > [EMAIL PROTECTED] > The first line of output from top shows the following information. The C column indicates that it's a multi-proc system and which CPU a given process is currently running on. PID USERNAME PRI NICE SIZERES STATE C TIME WCPUCPU COMMAND You can also "type /var/run/dmesg.boot" and it will show you the CPU information as well. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: blacklist(s)
- Original Message - From: "Gary Kline" <[EMAIL PROTECTED]> To: "Chuck Swiger" <[EMAIL PROTECTED]> Cc: "FreeBSD Mailing List" <[EMAIL PROTECTED]> Sent: Sunday, May 16, 2004 3:14 PM Subject: Re: blacklist(s) > On Sun, May 16, 2004 at 10:01:54AM -0400, Chuck Swiger wrote: > > Gary Kline wrote: > > >On Fri, May 14, 2004 at 10:00:58PM -0400, Chuck Swiger wrote: > > >>According to the RFCs, one MUST NOT bounce mail sent to postmaster. > > >>One ought to read the rfc-ignorant.org site I mentioned. > > [ ... ] > > > Well, bit again. The line in my access file was > > > > > > 206.46 550 Verizon email not wanted here > > > > > > that I've commented out. This isn't the first time I've had > > > to fine tune; it probably won't be the last. Apologies! > > > > Consider using FEATURE(`delay_checks', `friend') and add the following to > > the access map: > > > > Spam:abuse@ FRIEND > > Spam:postmaster@ FRIEND > > > > [ Pre 8.12 versions of sendmail use To: instead ] > > > > ...which will allow you to block mail as you please using IP or other > > reject rules, yet not prevent delivery of mail to postmaster and abuse... > > > > Outstanding idea, at least it seems. This site has all > the details: > > http://www.technoids.org/spamlovers.html > > I think that most email to postmaster should be allowed, > any everything to abuse. > > thanks for the tip! (and a tip of the hat), > > gary > > > -- >Gary Kline [EMAIL PROTECTED] www.thought.org Public service Unix > Delay_checks does indeed work. However, there are some side effects that need to be taken into consideration. Since you're basically filtering on the delivery of the message, sendmail doesn't check if the user exists until after acceptance. This means, that for each and every spam message you receive for an invalid user, Sendmail has to send a bounce back to the originator. See the gotcha yet? If not read on. :) For example, let's say, your mail server handles 50 - 100 thousand messages every 24 hours, and 25 thousand of those are spam. Not too uncommon in today's internet. Now, let's say that of those 25 thousand messages, 20 thousand (conservative number) have forged return addresses. You don't see these forgeries on unknown users under Sendmail's normal config as the message is rejected at connection time. Still don't see the gotcha? That's ok. I didn't either at first when it happened to me. Let me explain what I saw with it. If sendmail bounces after message acceptance, it now has to send a bounce to each of those 20 thousand forged addresses. Each of those messages will then bounce and return to postmaster after it can't deliver them and at least, 2 things will most definitely occur. 1. The amount of mail sitting in your mail queue will increase. 2. The amount of mail to postmaster will most definitely increase as these messages fail delivery to the forged originators. If you're like me, you tend to keep tabs on your postmaster email for possible problems, but in my experience, my mail load, both for the server and in my mailbox, jumped 150% on my 2 mx's because of delay_check. I ended up disabling delay_check and using amavisd and spamassassin so that I can filter on connection. I personally don't recommend delay_check to be enabled on a large production mta. For smaller systems that don't pass a lot of email, it's fine. However, for larger systems, I'd recommend using a different method. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD 4.7 Syslogs
- Original Message - From: "JJB" <[EMAIL PROTECTED]> To: "Micheal Patterson" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, May 16, 2004 9:37 AM Subject: RE: FreeBSD 4.7 Syslogs > Thanks for the additional info. > > I tested using this logger -p lpr.err "test test" > There is no error message about logger not working. > > And I get nothing in the /var/log/lpr-errs log file. > > syslogd -d shows nothing happening. > > I am running 4.9. virgin install so all the config files are there. > > This is so simple that the only conclusion is that it's broken in > 4.x versions. > > Can any one verify that it's working in 4.x versions. > > Any ideas of suggestions of how to proceed to get the logger command > working? > > -Original Message- > From: Micheal Patterson [mailto:[EMAIL PROTECTED] > Sent: Sunday, May 16, 2004 5:04 AM > To: Matt "Cyber Dog" LaPlante; 'Matthew Seaman'; > [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: FreeBSD 4.7 Syslogs > > Yes, I can verify that it's working in FreeBSD 4.7, 4.9 and 4.10 RC2 FreeBSD tsgrtr.tsgincorporated.com 4.7-RELEASE FreeBSD 4.7-RELEASE #0: Sat Apr 12 15:42:55 CDT 2003 [EMAIL PROTECTED]:/usr/src/sys/compile/LANDMARK i386 Logging to CONSOLE /dev/console Logging to FILE /var/log/messages Logging to FILE /var/log/lpd-errs Logging to FILE /var/log/all.log logmsg: pri 166, flags 17, from tsgrtr, msg May 16 14:38:58 tsgrtr micheal: test test FreeBSD router.rcservers.com 4.9-STABLE FreeBSD 4.9-STABLE #3: Sun Mar 28 20:16:07 CST 2004 [EMAIL PROTECTED]:/usr/src/sys/compile/ROUTER i386 Logging to CONSOLE /dev/console Logging to FILE /var/log/messages Logging to FILE /var/log/lpd-errs logmsg: pri 166, flags 17, from router, msg May 16 14:37:32 router micheal: test test --- FreeBSD fmswfw.firstmedok.com 4.10-RC2 FreeBSD 4.10-RC2 #1: Thu May 13 15:54:10 CDT 2004 root@:/usr/src/sys/compile/FMFW3 i386 Logging to CONSOLE /dev/console Logging to FILE /var/log/messages Logging to FILE /var/log/lpd-errs logmsg: pri 166, flags 17, from fmswfw, msg May 16 14:43:22 fmswfw micheal: test test I start syslogd with -s -c -c normally and -s -c -c -d while I was debugging so I don't get the "message repeated x number of times" entries in my logs as I have a need to see each entry in the logs. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD 4.7 Syslogs
- Original Message - From: "JJB" <[EMAIL PROTECTED]> To: "Matt "Cyber Dog" LaPlante" <[EMAIL PROTECTED]>; "'Matthew Seaman'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Saturday, May 15, 2004 3:04 PM Subject: RE: FreeBSD 4.7 Syslogs > Well since you are new to FBSD and since the syslogd -d commands > shows that you do not have logging specified in /etc/syslog.conf for > the messages file. You just do not know what you are looking at. Who > ever was sysadmin before you probably commented it out for what > ever reason. > > By the way I tried using the logger command on my 4.9 system and it > did not write any messages at all. So it is no help in debugging > this problem. I read the man logger info and as usual the man page > is useless. Who ever writes those must work real hard at writing > sentences that convey no meanings. Logger works just fine if you know how to use it and are running it as root and is a good tool for working with syslog problems. The man pages tell you quite a bit about provided you can interpret them effectively. man logger: logger [-46Ais] [-f file] [-h host] [-p pri] [-t tag] [message ...] -p pri Enter the message with the specified priority. The priority may be specified numerically or as a ``facility.level'' pair. For example, ``-p local3.info'' logs the message(s) as informational level in the local3 facility. The default is ``user.notice.'' man syslogd will give you a list of all priorities and facilities. Priorities: LOG_EMERG A panic condition. This is normally broadcast to all users. LOG_ALERT A condition that should be corrected immediately, such as a corrupted system database. LOG_CRIT Critical conditions, e.g., hard device errors. LOG_ERR Errors. LOG_WARNING Warning messages. LOG_NOTICEConditions that are not error conditions, but should possi- bly be handled specially. LOG_INFO Informational messages. LOG_DEBUG Messages that contain information normally of use only when debugging a program. Facilities: LOG_AUTH The authorization system: login(1), su(1), getty(8), etc. LOG_AUTHPRIV The same as LOG_AUTH, but logged to a file readable only by selected individuals. LOG_CONSOLE Messages written to /dev/console by the kernel console out- put driver. LOG_CRON The cron daemon: cron(8). LOG_DAEMONSystem daemons, such as routed(8), that are not provided for explicitly by other facilities. LOG_FTP The file transfer protocol daemons: ftpd(8), tftpd(8). LOG_KERN Messages generated by the kernel. These cannot be gener- ated by any user processes. LOG_LPR The line printer spooling system: lpr(1), lpc(8), lpd(8), etc. LOG_MAIL The mail system. LOG_NEWS The network news system. LOG_SECURITY Security subsystems, such as ipfw(4). LOG_SYSLOGMessages generated internally by syslogd(8). LOG_USER Messages generated by random user processes. This is the default facility identifier if none is specified. LOG_UUCP The uucp system. LOG_LOCAL0Reserved for local use. Similarly for LOG_LOCAL1 through LOG_LOCAL7. So, you have facilities of auth, authpriv, console, cron, daemon, ftp, kern, lpr, mail, news, security, syslog, user, uucp, local0 - local7 and you have priorities of: emerg, alert, crit, err, warning, notice, info and debug So, by doing the command logger -p like so: logger -p security.notice "This is a test of security.notice" You get this in your security log which is default to /var/log/security May 16 03:24:14 router /kernel: ipfw: 65000 Deny TCP 222.90.22.52:4267 68.227.96.223:65506 in via ep0 May 16 03:30:03 router micheal: This is a test of security.notice If you're running syslogd -d you'll see exactly what was sent to syslogd and where it was placed: logmsg: pri 155, flags 0, from router, msg May 16 04:01:04 micheal: This is a test of security.notice Logging to FILE /var/log/messages Logging to CONSOLE /dev/console Logging to FILE /var/log/security logmsg: pri 166, flags 17, from router, msg May 16 04:01:04 router micheal: This is a test of security.notice As you can see, I have *.notice going to messages and security.* to security and /dev/console. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and
Re: FreeBSD 4.7 Syslogs
- Original Message - From: "Matt "Cyber Dog" LaPlante" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, May 15, 2004 3:38 PM Subject: RE: FreeBSD 4.7 Syslogs You've got a pretty high number of max logs with pretty hefty file size limits. What's a df -k show on that system? -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD 4.7 Syslogs
- Original Message - From: "Matt "Cyber Dog" LaPlante" <[EMAIL PROTECTED]> To: "'Matthew Seaman'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Saturday, May 15, 2004 12:34 PM Subject: RE: FreeBSD 4.7 Syslogs > I tried the logger command, but it didn't reach the messages file (which is > still empty). Here is the output from the syslogd -d command: > > syslogd: bind: Address already in use > logmsg: pri 53, flags 4, from , msg syslogd: bind: Address already in use > Logging to CONSOLE /dev/console > syslogd: bind: Address already in use > logmsg: pri 53, flags 4, from , msg syslogd: bind: Address already in use > Logging to CONSOLE /dev/console > can't open /dev/klog (16) Something is listening already on port 514 and syslogd is complaining about that. Do a sockstat |grep 514 and see what's sitting on that port. Also, "can't open /dev/klog (16)" is another problem. That device is the kernel log device so syslog can see kernel messages. Syslog may not be too happy about that either. You might check and see if you have a klog in /dev -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: natd -redirect_port
- Original Message - From: "JJB" <[EMAIL PROTECTED]> To: "Christian Hiris" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: "Anthony Philipp" <[EMAIL PROTECTED]> Sent: Saturday, May 15, 2004 8:05 AM Subject: RE: natd -redirect_port > You are wrong, you do not have to compile ipfirewall kernel options > into the kernel. > IPFW is delivered as an bootable module. > You need this in rc.conf to enable ipfw, it will auto load the > bootable module. > > # Required For IPFW kernel firewall support > firewall_enable="YES" # Start daemon > firewall_script="/etc/ipfw.rules" # run my custom rules > firewall_logging="YES"# Enable events logging > > natd_enable="YES" # Enable IPFW nat function > natd_interface="rl0" > natd_flags="-dynamic -m -u -f /etc/natd.conf" > You're right, you don't have to recompile to use ipfw, however, since there is no divert module, the kernel will still need to be recompiled to enable divert. In order for the OP to do what they're wanting to do they will still need to recompile kernel and restart the system. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: hw-loopback
- Original Message - From: "Dave Wiebe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, May 14, 2004 5:02 PM Subject: hw-loopback > Hi, > > I am trying to get my freebsd machine to access the internet but, I can only get the machine to ping itself. Everytime I try to ping outside the machine I get "no route found". I believe my problem lies in the configuration of the ethernet card. Running ifconfig shows me that everthing is there but instead of , it says . > > I was successfully running windows on this machine and it did access the internet, so I know the problem lies somewhere in the configuration. The version of FreeBSD is 5.2. > > Any help is appreciated > > Sincerly > > David > > David, it sounds like you simply don't have a gateway route assigned to the system. Try running netstat -ran and see if you show a default route in your routing table. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Creating Virtual Interfaces
- Original Message - From: "Dwight Spence" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, May 14, 2004 4:06 PM Subject: Creating Virtual Interfaces > Is there a difference between virtual interfaces and alias ips? > Also is FreeBSD able to configured interfaces such as bge0:1, bge0:2, bge0:3? > Or is ifconfig bge0 alias netmask the only way? > I am attempting to add 30 ips. > > Dwight Spence Dwight, I've looked and what you're referring to would be sub interfaces, such as Cisco and various other main stream routers use. FreeBSD to my knowledge (and I even googled for it) doesn't support this, at least in 4.9 anyway. One thing to note when doing aliases, if all of the IP's are in the same subnet, the netmask for all aliased interfaces will be 255.255.255.255. The format for this in the rc.conf file would be: ifconfig xl0="inet 192.168.1.1 netmask 255.255.255.0" ifconfig_xl0_alias0="inet 192.168.1.2 netmask 255.255.255.255" ifconfig_xl0_alias1="inet 192.168.1.3 netmask 255.255.255.255" ... and so on. Should they be ip's from different subnets, you should use the proper netmask associated with that subnet. ifconfig xl0="inet 192.168.1.1 netmask 255.255.255.0" ifconfig_xl0_alias0="inet 192.168.2.1 netmask 255.255.255.0" ifconfig_xl0_alias1="inet 192.168.3.1 netmask 255.255.255.248" ... and so on. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Squirrell Mail question
- Original Message - From: "Micheal Patterson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, May 14, 2004 10:10 AM Subject: Re: Squirrell Mail question > > > - Original Message - > From: "Darryl Hoar" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, May 14, 2004 9:53 AM > Subject: Squirrell Mail question > > > > Does squirrell Mail do pop3 as well as smtp ? In other words, > > must I install a mail server for smtp prior to installing squirrell mail ? > > > > thanks, > > Darryl > > Squirrel mail is a client. So, for it to be able to send mail, it has to > pass the message to a smtp server. For it to read mail, it has to have an > imap server that it connects to. Squirrellmail doesn't handle POP3 directly. > You have to configure your imap server to pull mail from a pop3. Check out > the squirrellmail faq about this at > http://www.squirrelmail.org/wiki/en_US/HowToPOP > > > -- Correction, Squirrellmail has a built in utility to pull mail from a remote POP3 server and store it on your local imap server, http://www.squirrelmail.org/wiki/en_US/MailFetch -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Squirrell Mail question
- Original Message - From: "Darryl Hoar" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, May 14, 2004 9:53 AM Subject: Squirrell Mail question > Does squirrell Mail do pop3 as well as smtp ? In other words, > must I install a mail server for smtp prior to installing squirrell mail ? > > thanks, > Darryl Squirrel mail is a client. So, for it to be able to send mail, it has to pass the message to a smtp server. For it to read mail, it has to have an imap server that it connects to. Squirrellmail doesn't handle POP3 directly. You have to configure your imap server to pull mail from a pop3. Check out the squirrellmail faq about this at http://www.squirrelmail.org/wiki/en_US/HowToPOP -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re:
- Original Message - From: "wendy" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, May 11, 2004 10:52 AM > Easy to install > FreeBSD can be installed from a variety of media including CD-ROM, DVD-ROM, > floppy disk, magnetic tape, an MS-DOSĀ® partition, or if you have a network > connection, you can install it directly over anonymous FTP or NFS. All you > need is a couple of formatted 1.44MB floppies and these directions. > > > > THIS IS NOT TRUE! - the installation actually is very difficult and so this > "Superior" OS is not for 99.9% computer users - I'll probably kill my time > only if I lost my job and stay home having nothing to do to configure how to > install it. > > Comparing to Windows, this BSD is very dumb- want to me to tell it > everything. No wonder it's Free. This "BSD" is as smart or as dumb as the end user wants it to be. - Plug and Play has come a long way since it's inception years ago. However, when your windows system decides that your Nvidia 5900 is actually a Trident 8900D, or your SoundBlaster is actually an Adlib card, or your MS Mouse is a Logitech, no matter what drivers you as an admin, reading the manual that came with the component, and scratching your head in wonder, then you'll understand why they really call it Plug and Pray and you'd be forever grateful if only Windows would ask you more than it does. - Windows is much less intelligent than it believes itself to be and will run headlong into a self cratering spiral trying to convince itself that it's doing the right thing. It's the OS, so it must know more than the Administrator! It will do so without so much as an error notice in the event log. It will lock up the desktop with 100% cpu so you can't stop it while it's on it's merry little way until it either blue screens or locks up hard. - BSD is as smart, or as dumb, as you want it to be. BSD will also run headlong into a self cratering spiral, but, it will do so screaming and complaining every bloody step of the way. It will also offer you the ability to thwart the disaster because it believes that you, as root, know what you're doing and trusts you to know. It will diligently do as you request until it can scream at you no more and the kernel reboots in panic. Create a file called com1, then try to delete it on a Windows box and see how smart it really is. You know com1 can be deleted, but Windows will throw a fit, it believes that the OS is smarter than the user and knows what's best. In some cases, it's right, others, it's not. If this is a virus file, you're screwed because the OS won't allow anything to destroy the file. Ever tried to kill a specific process in Windows and got the Access Denied error when you know full well it can be killed? My Freebsd will allow me to rm -rf / and will continue to try to delete everything on the system because it trusts me to know that's a bad thing. It will inform me that it's dieing through it's various avenues, yet it will continue to destroy itself simply because I told it to do so. It will continue to eat itself alive until it can no longer perform the operation. Why does it do that you wonder? It's really very simple. It's because system admins prefer to be in control over their systems and not have their systems in control of them. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: 3 Nics - Dual (Tripe) Homed Host
> I'm not sure if you were aware of aliasing, as I was not, or if this fits > your situation as well as it did mine. I'm curious now as to whether or not > my gateway/router machine could still provide connectivity between the two > networks, via the virtual hosted interface, for clients on both LANs. > Though my setup suites me now, I may give that a try. > > Regards, > > Travis Troyer > I'm not sure if you were aware of this option or not, but to configure FreeBSD for native routing on it's directly connected network segments, you will need to enable forwarding to configure it to be a gateway system. To enable gateway mode via the command line: /root> sysctl net.inet.ip.forwarding=1 Then in your rc.conf add the following to do so on every boot: gateway_enable="YES" The initial problem you described leads me to belive that this isn't currently configured. Also, if you're running natd, then you may need to make allowances in your firewall ruleset to allow the traffic to pass from one lan segment to the other. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OpenBSD/ (maybe FreeBSD) Firewall/Router/DNS
- Original Message - From: "Bryan Cassidy" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, May 11, 2004 12:31 PM Subject: Re: OpenBSD/ (maybe FreeBSD) Firewall/Router/DNS > Sounds good to me but I'm still confused about how I need to set this up hardware wise. The link at freebsddiary sounds good to start >with I guess. I don't know if I need any extra hardware either. I have at the moment 2 NICs and 2 crossover cables. Do I need more? Do I >keep the NIC in this machine or do I move it to the machine that will be acting as a firewall/router/gateway? How do I set this up? Still >confused on this part. You'll need a total of 3 nics to hook up a firewall and one PC behind it and 2 crossover cables. 2 nics in the firewall system and 1 nic in the PC. dsl-modem <> firewall <> PC If you plan on running more than one computer behind the firewall, you'll be better off getting a hub or a low end 10/100 switch. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OpenBSD/ (maybe FreeBSD) Firewall/Router/DNS
- Original Message - From: "Bryan Cassidy" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, May 11, 2004 12:20 AM Subject: OpenBSD/ (maybe FreeBSD) Firewall/Router/DNS > Hello. I am currently running FreeBSD 4.9-RELEASE p-7. I am pretty comfortable with FreeBSD for the most part and really enjoy using it on a day to day basis. This is my thoughts. I have an older NEC PC that I would like to put to some use. First off I don't know if I need any 'extra' hardware. I have now 1 DSL modem (dhcp - could get static, is it worth getting?), 3 NICs, and 2 cables to connect the ethernet cards. I have just been reading up on Firewalls on FreeBSD using ipfw. I would basically like to do the following. I want to install OpenBSD 3.5 or Possibly one of the FreeBSD 4.x, 5.x, 4-stable, current or whatever. Which would you all recommend using in this situation? I want to continue to use my nice newer, much faster computer to do all configurations to the system, updates, installing software, running apache, configuring firewall, etc. etc. etc. via ssh (good choice?) to the other/older box. Would really appreciate some insight on this topic. Networking/Security is becoming very interesting to my. Thanks. Don't forget, do I need any 'extra' hardware? > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > I can't speak for anyone else but myself, but here's my opinion on this. If you have an older box, you'll need 2 nics. One (external / serial interface) to the dsl modem (crossover cable), one to the lan side. If this is also to a PC, you'll need another crossover cable. If the old NEC is a 486 with at least 32 mb ram, that should be all you'll need hardware wise as long a it's got a couple of gig for drive space. If you want to enable full firewall logging, you'll need more disk space for that of course. What I'd recommend doing in your situation, is the same as I have here at home. Have the bsd box (I prefer freebsd myself) connect to your provider and pull the ip on the serial interface, then assign a private ip to the internal nic and to the systems behind it on the lan. Then on the bsd box, enable nat and the first rule of your firewall will be a divert rule to pass everything to NAT. For more info on this and it's configuration, check out http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/book.html or http://www.freebsddiary.org/ipfw.php If you're still wanting more info, then I'd recommend a google search for freebsd natd and / or freebsd ipfw to get a lot of good and useful info. Hope it helps. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Removing wierd file
- Original Message - From: "Paul English" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 19, 2004 6:42 PM Subject: Removing wierd file > > One of my former users has a strange file in her directory and I can't > remove, chown or chmod it as root. > > ls -l > total 0 > -rwxrws--T 1 1708453043 4187987649 0 Oct 9 2001 10009_dir > > It was created over nfs by arcinfo running on a Sun machine. I have no > idea why it would have those permissions, let alone the invalied UID/GID. > > Suggestions anyone? > > Paul > I'm guessing that you're already tried to chown it to root and chmoding it before trying to remove the file? -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: What does: "is an interactive port" mean?
- Original Message - From: "Gerard Seibert" <[EMAIL PROTECTED]> To: "freebsd-questions" <[EMAIL PROTECTED]> Sent: Friday, April 16, 2004 4:25 PM Subject: What does: "is an interactive port" mean? > I was just trying to install Star Office 7.0 and I received the following > error message: > > ** 'editors/staroffice70' is marked as IGNORE: > "is an interactive port" > > I have run cvsup and portsdb -Uu prior to this. Can anyone enlighten me? > > Thanks! > > Gerard E. Seibert > [EMAIL PROTECTED] > As I recall, Star Office is no longer a freeware item. You have to purchase it from the main web site, place the downloaded tarball in your distfiles directory and then re-run make to patch it properly for fbsd. The last time I looked into purchasing it was when it was still 6.0 and it was $75.00 per copy. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: have i been hacked?
- Original Message - From: "dave" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 13, 2004 11:51 PM Subject: have i been hacked? > Hello, > Wondering if a system on my network has been hacked? At approx 12:30 > this evening the hard disk went crazy, i have been out of town lately and > have not checked any of the machines, when i did the CPU usage was at 15% > which on this machine it never gets above 1 maybe 1.5. So i looked, and i > had nearly 150 processes on the box, 9 running. When i got the daily run > output i noticed the setuid files have changed. Wondering if this box got > hacked and if so where to look to confirm this? And if so, what to do? > Thanks. > Dave. > > > Checking setuid files and devices: > ls: Terminated > : No such file or directory > > guardian.davemehler.net setuid diffs: > 1,52d0 > < 94240 -r-sr-xr-x 1 root wheel 448384 Jun 4 21:54:47 2003 /bin/rcp > < 117807 -r-sr-x--- 1 root operator 421832 Jun 4 21:55:39 2003 Compared to my 4.9 systems, your rcp is nearly twice the size as it should be. -r-sr-xr-x 1 root wheel 251444 Apr 9 12:05 rcp You didn't say which version you were running but if it's a 4.x, then I'd say you've got a serious issue here. If you're running 5.x then I can't say. -- Micheal Patterson Network Administration TSG Incorporated 405-917-0600 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Unusual login requirement
- Original Message - From: "Doug Hardie" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 13, 2004 11:12 PM Subject: Unusual login requirement > I am trying to figure out how to implement an unusual login requirement > and haven't found a good approach yet. What I need is to have a > specific user id that when it is logged in it executes a specific > script and then immediately logs out. Basically what it needs to do is > run a make that builds a CD from a bunch of files and then burns the > CD. Obviously a blank CD would need to be in the burner first. I > don't want a general login as this would be used by a person who should > not have access to the system. I just need him to be able to burn a CD > frequently. > > My first throught was to create a script and set it as the shell in the > passwd file and add it to /etc/shells. Is that the best approach? I > am not concerned about the user breaking out of the script as he is > trusted. I just don't want to create a regular user account for him. > The server is running FreeBSD 4.6. Thanks, > > -- Doug > If you use bash, you can create your script, start it in the .profile and have exit directly below it. That way, when the script finishes, it will exit out. Also, even though this is not a concern for you, this is a safeguard should they break out of the script, it kills the session too. -- Micheal Patterson Network Administration TSG Incorporated 405-917-0600 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: mailman - partition virtual domain name?
- Original Message - From: "Noah" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Sunday, April 11, 2004 1:04 PM Subject: Re: mailman - partition virtual domain name? > On Sun, 11 Apr 2004 10:29:38 +0100, Matthew Seaman wrote > > On Sun, Apr 11, 2004 at 12:29:16AM -0800, Noah wrote: > > > mailman-2.1.4 > > > sendmail-8.12.11 > > > freeBSD-4.9-STABLE > > > > > > I am placing listnames in the /etc/mail/aliases file to have the forwarded to > > > mailman for processing. > > > > > > I running virtual hosts on a machine and I want to stop people from sending to > > > [EMAIL PROTECTED] and only allow people to post to [EMAIL PROTECTED] > > > > > > currently users can post to both [EMAIL PROTECTED] and [EMAIL PROTECTED] > > > > This is with sendmail? To make domain specific addresses, use > > virtusertable. virtusertable support is already included in the > > stock freebsd.mc/freebsd.cf configuration, so all you need to do is populate > > the /etc/mail/virtusertable file, and run 'make' to generate the .db > > file. See /usr/share/sendmail/cf/README for details of what to put > > into virtusertable. > > > > okay that makes sense and been trying to get this to work. > > after I make the appropriate entries to the virtualusers tables. sendmail is > not able to execute the mailman delivery program. > > entry in /etc/mail/virtualusers > > --- snip --- > > [EMAIL PROTECTED] "|/usr/local/mailman/mail/mailman post test2" > > --- snip --- > > > > > and here is the error message > > --- snip --- > > Remote host said: 550 5.7.1 <[EMAIL PROTECTED]>... Cannot mail directly to > programs > > --- snip --- > > - noah > > For example: /etc/mail/aliases: employees: "|/usr/local/mailman/mail/mailman post employees" In virtusertable: [EMAIL PROTECTED]employees [EMAIL PROTECTED]unused Rebuild your table and when mail comes in for [EMAIL PROTECTED] it will bounce with a user unknown unless you have an account named unused. :) -- Micheal Patterson Network Administration TSG Incorporated 405-917-0600 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: static NAT and firewalls
- Original Message - From: "Sebastian Kutsch" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, April 10, 2004 6:17 AM Subject: static NAT and firewalls > Hi, > > if have have configured static NAT on machine A do the TCP/IP-packeges > get injectet into the firewall of the machine A or do they reach machine > B unfiltered? > > Sebastian > Sebastian, Provided that you have an entry at the beginning of your firewall to divert to natd, all traffic will hit that rule, get passed to natd and then injected back into the firewall after the divert rule and then pass out through the firewall. -- Micheal Patterson Network Administration TSG Incorporated 405-917-0600 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Sendmail refusing connection
- Original Message - From: "Payne" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, March 29, 2004 3:10 PM Subject: Sendmail refusing connection > Hi, > > I have installed FreeBSD 5.2 and I am trying to get to access mail from > the outside world. But when I do a telnet to port 25 I get this error, > > telnet mail.eatme.com > trying xxx.xxx.xxx.xxx > > telnet: connect to address xxx.xxx.xxx.xxx: Connection refused > > where do I need to go to tell my server it ok to access mail. > > Payne > > > Please note that eatme.com and xxx.xxx.xxx.xxx are flake to protect the > real server. > Sendmail has hooks into tcpd which causes it to look for the proper entries in hosts.allow for connection access. If this is to be a server that responds to the world, you'd need an entry for sendmail : all : allow -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How To Upgrade to Perl 5.8 on 4.9 System?
- Original Message - From: "Drew Tomlinson" <[EMAIL PROTECTED]> To: "Joshua Lokken" <[EMAIL PROTECTED]> Cc: "FreeBSD Questions" <[EMAIL PROTECTED]>; "Bart Silverstrim" <[EMAIL PROTECTED]> Sent: Wednesday, March 24, 2004 12:48 PM Subject: Re: How To Upgrade to Perl 5.8 on 4.9 System? > On 3/24/2004 8:18 AM Joshua Lokken wrote: > > >* Bart Silverstrim <[EMAIL PROTECTED]> [2004-03-24 07:35]: > > > > > >>On Mar 23, 2004, at 8:41 PM, Chuck Swiger wrote: > >> > >> > >> > >>>Drew Tomlinson wrote: > >>> > >>> > >>>>I'm using 4.9-RELEASE. Is is possible to upgrade Perl from the > >>>>default 5.005 version to 5.8.2? > >>>> > >>>> > >>>Yes. > >>> > >>> > >>> > >>>>Are there any steps required beyond installing the port? > >>>> > >>>> > >>>Try: > >>> > >>>cd /usr/ports/lang/perl5.8 > >>>make install > >>>use.perl port > >>> > >>> > >>> > >>I also had to re-install some of my ports after installing the new Perl > >>and switching the system perl to the newer version (4.9-release-p3). > >> > >> > > > > > >If you install sysutils/portupgrade, you can do (after > >installing the new Perl) > > > ># portupgrade -rf perl > > > > > I tried this (adding the 'n') to see what portupgrade would find. All > it found was 'perl5.8', yet I have webmin, spamassassin, and various > other things that use perl (AFAIK). I changed the line to: > > portupgrade -rRf 'p5*' > > and if found lots of things. It might be overkill but it should get > everything that needs rebuilding, correct? > > Thanks for your help. > > Drew > Drew, install perl 5.8 from ports. Once completed, you'll have both versions on your system in their respective directories. You can switch which one is used as the system default by using the script "use.perl" located by default in /usr/local/bin that is installed with the 5.8 port. Syntax is: Usage: ./use.perl port -> /usr/bin/perl is the perl5 port ./use.perl system -> /usr/bin/perl is the system perl This will allow you to switch from the system version (5.005_03), to the port (v5.8.x) and vice versa. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ftp
- Original Message - From: "Osmany Guirola Cruz" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 11, 2004 3:15 PM Subject: ftp > in my system I have installed the anonymous ftp and I have a fat32 > partition mounted in /fat32 > I need put the content of these partition on the pub directorie > something like these > ftp://mymachine/pub/fat32/ and see the content of these partition via > ftp .. Symbolic link does not work > what should I do... > Anon ftp uses a chroot environment so you can't link to any directory that's not within it's chroot. One possiblity is to mount /fat32 within the ftp users home/root directory. Another one, that isn't heard of much is to mount_null /fat32 into the ftp chroot file system. Please keep in mind that null mounting, last I heard, should be treated as experimental at best. For more info on null mounting, check out man mount_null. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: using samba for backups
- Original Message - From: "Marty Landman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 09, 2004 5:00 PM Subject: using samba for backups > Maybe a dumb question, but now that I have samba servers on all three of my > nix boxes with mapped drives on my two windows workstations there's a great > temptation brewing in my mind to backup things directly on mapped hard drives. > > Are there any potential pitfalls to this approach, iow are there any > compatibility issues that come up if I copy files from a nix box to a > windows box and vice versa? > > On the side it's getting to be such a pleasant development environment on > my lan that I can't help shake this awful feeling that something's going to > mess up big time. > > Marty Landman Face 2 Interface Inc. 845-679-9387 > FormATable DB: http://face2interface.com/Products/FormATable.shtml > Make a Website: http://face2interface.com/Home/Demo.shtml > Free Formmailer: http://face2interface.com/Products/Formal.shtml > If you're planning on backing up from Windows to Unix, no problem unless you're using the built in Windows backup system. In order to do a full recovery from that, even with server 2003, the backup media has to be local to the server to recover from a full system failure since you can't mount network shares during the recovery process. However, if you're planning on backing up from unix to Windows, you'll be limited to a 4gb maximum file size on a per file basis. This is a problem with the way that Windows communicates with smbd and it's various other relatives (sharity, smb_fs, etc). To do this, you'll need to use dump, or some other package that will allow you to limit the size of the file volume. Tar won't allow you to do this. So, for example, if you want to do a full 18gb backup from *nix to windows, you'll need to configure dump to do something like this: #!/sh /sbin/dump -0 -B 200 -f /backups/MAIL2/fri-sys-vol1,/backups/MAIL2/fri-sys-vol2,/backups/MA IL2/fri-sys-vol3,/backups/MAIL2/fri-sys-vol4,/backups/MAIL2/fri-sys-vol5,/ba ckups/MAIL2/fri-sys -vol6,/backups/MAIL2/fri-sys-vol7,/backups/MAIL2/fri-sys-vol8,/backups/MAIL2 /fri-sys-vol9,/back ups/MAIL2/fri-sys-vol10 /dev/ad0s1a The above is a direct copy of what I do on a daily basis. That runs dump, level 0 (full dump) 2gb volume size -f This will end up with 10, 2gb volumes for my system backup. Some would say that it's a waste of space, and it may be, but I prefer full system backups instead of incrementals due to the specific reasons of this particular server (HIPAA !UGH!). If for some reason, I need to move the backup volumes to a single drive, I've got an entire system image from any particular day of the week to run from instead of a full backup and a crap load of daily incrementals. To each his own on that route though. These are things to keep in mind in here. :) -- Micheal Patterson Network Administration TSG Incorporated 405-917-0600 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfw + natd - not sharing internet for LAN users
- Original Message - From: "Prodigy" <[EMAIL PROTECTED]> To: "freebsd-questions" <[EMAIL PROTECTED]> Sent: Tuesday, March 09, 2004 10:53 AM Subject: ipfw + natd - not sharing internet for LAN users > # ipfw show > 65535 1546 115746 allow ip from any to any > This is your problem. Even though you're running NATD, you need to divert all traffic to NATD in the firewall. Try adding a divert entry to your firewall like this: ipfw add 100 divert natd all from any to any via ed1 Then check /etc/services and make sure that there's an entry for natd: natd 8668/divert # Network Address Translation -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Alias in different subnet on card
- Original Message - From: "Wayne Pascoe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, March 08, 2004 12:02 PM Subject: Alias in different subnet on card > Hi all, > > I'm running a firewall at the moment using FreeBSD 5.2.1 and IPFW. I > have 3 interfaces in the machine. > > I need to be able to firewall a 4th range of IP's. I have tried to do > this by adding an alias to xl1, but this hasn't worked. If I add the > alias with a mask of 255.255.255.255, no other machine can ping the > alias. I also see the following in /var/log/messages > Mar 8 18:02:13 styx-tmp kernel: arplookup 19x.xxx.xxx.196 failed: host > is not on local network > > The primary IP on xl 1 is currently 19x.xxx.xxx.1 and the mask on there is > 255.255.255.128 (/25) > > If I add the alias with a mask of 255.255.255.240 (/28) which is the > correct mask for this subnet, and the mask that all other machines use, > then I am able to ping this address. However, at this point, no > forwarding appears to take place for machines using this IP address as > their default route. > > Is there any way to use an alias to do firewalling like this or do I > have to get another network card? The problem with another network card > is that will mean a whole new machine as I'm out of slots in this one. > > Thanks in advance ? > > -- > Wayne Pascoe > Microsoft complaining about the source > license used by Linux is like the event > horizon calling the kettle black - adamba on k5 You have 3 networks in a firewall, and since we don't know the full topology, I'll use these network ranges for my example: 192.168.1.0, 192.168.2.0, and 192.168.3.0. You now want to add a 4th range, let's say, 192.168.4.0. ipconfig_xl1="inet 192.168.1.1 netmask 255.255.255.128" ipconfig_xl1_alias0="inet 192.168.2.1 netmask 255.255.255.128" ipconfig_xl1_alias1="inet 192.168.3.1 netmask 255.255.255.128" ipconfig_xl1_alias2="inet 192.168.4.1 netmask 255.255.255.128" The only time you would use a netmask of 255.255.255.255 is if the aliased IP is a member of a subnet that is already assigned on the interface. ipconfig_xl1_alias3="inet 192.168.1.2 netmask 255.255.255.255" Then you will need to add the appropriate firewall rules to allow those networks to either talk / no talk to the remaining network segments. It would help to have all of the ip information that you're using and your current alias maps to see just what's going on. Although, I'd guess that the first problem may be a subnetting issue. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Postfix install questions..
- Original Message - From: "Remko Lodder" <[EMAIL PROTECTED]> To: "Micheal Patterson" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, March 08, 2004 12:37 AM Subject: RE: Postfix install questions.. > Try changing the file master.cf > > The first unhashed line with smtp, change the smtpd command {at the end of > the line} > into smtpd -v, > Then reload postfix, now you have more verbose logging and it could tell you > what typo you probably made, > > When that does not work, perhaps displaying your main.cf could help > > Oh, dont forget to turn off the verbose logging again by removing the -v > from > the changed line ;) > > cheers > > -- > > Kind regards, > > Remko Lodder > Elvandar.org/DSINet.org > www.mostly-harmless.nl Dutch community for helping newcomers on the > hackerscene I got it. I needed to run postmap on main.cf after configuring it. -- Micheal Patterson Network Administration TSG Incorporated 405-917-0600 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Postfix install questions..
Tonight, I starting looking into installing postfix to replace sendmail as our primary MTA. I'm currently playing with it on my home system (fbsd 4.9) and installing from ports. The install goes well, I've went through the main.cf and set it up. However, when trying to connect to port 25, I get an error "postfix fatal: unsupported dictionary type: " and nothing else. postconf -m shows: static pcre regexp environ proxy btree unix hash I've looked through google and it seems that every entry displaying unsupported dictionary type shows hash, mysql, etc but nothing just simply "empty". Am I correct in thinking that for some reason, postfix doesn't see hash as a viable type even though it's found and compiled in? Error log entries in mailllog show: Mar 7 22:51:13 caverns postfix/smtpd[3564]: fatal: unsupported dictionary type: Mar 7 22:51:14 caverns postfix/master[3560]: warning: process /usr/local/libexec/postfix/smtpd pid 3564 exit status 1 Mar 7 22:51:14 caverns postfix/master[3560]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling A nudge in the right direction would be appreciated. Thanks. -- Micheal Patterson Network Administration TSG Incorporated 405-917-0600 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ports compilation
- Original Message - From: "Tadimeti Keshav" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, March 03, 2004 12:20 AM Subject: ports compilation > Hi all, > So I managed to download a few ports's sources (such > as aterm, xmms, xine). Without connecting to the net > to install them, how may I install them using the > ports skeletons? (I mean using MAKE & MAKE INSTALL)? > > Do I need to change some variable that points to the > FTP server? > > Thanks in advance > Tk > > > If your source file is the same as the port makefile is looking for (signatures, extensions, version, etc), you can drop them into /usr/ports/distfiles and the port makefile will find, patch (if necessary) and install them for you. Provided there's no dependancies that you don't have already, you shouldn't need to connect to the net. -- Micheal Patterson Network Administration TSG Incorporated 405-917-0600 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"