Re: PAE tuning
Have you thought in using 6.1/amd64 instead of 6.1/i386 + PAE ? Your Xeon processor is supported under the amd64 port, using EM64T for addressing more than 4GB. I had some stability troubles in the past running mysql server with PAE enabled, for a 6GB RAM server. Regards On Thu, 5 Oct 2006, Paul Lathrop wrote: Chuck Swiger wrote: On Oct 5, 2006, at 11:29 AM, Paul Lathrop wrote: That's really good to know. Unfortunately, nobody seems to have written down WHICH tunables need to be adjusted besides the one mentioned above, nor is there any information on what reasonable value means! Can anyone point me at a resource for more information on this? You're supposed to tune the appropriate values considering the workload the machine is going to handle. man tuning has some additional information, but without describing what kind of tasks you plan to do with this machine with 14GB of RAM, nobody is going to be able to provide you with really specific advice... Good point. :-) I intend to deploy this system as a database server running Postgresql 8.1. The database is huge (30-40Gb) and can easily grow (it has gone as high as 100Gb). I expect as many as 1000 concurrent database connections now, and a potential need for scaling this up later. I'm aware of the SystemV memory tuning issues related to running Postgres on FreeBSD and I'll address those as soon as I can get the system to see the RAM. I tried just installing the stock PAE kernel, but the system still doesn't even acknowledge the RAM above 4Gb. Is this because I have not yet performed the tuning? Thanks for your help! --Paul ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 5.3 and sshd
sshd is disabled by default in FreeBSD 5.3, enable it by hand: # /etc/rc.d/sshd start Then, If you want it to be started at boot time, add the following line to /etc/rc.conf : sshd_enable=YES HTH On Wed, 2 Feb 2005, Irina wrote: Hello at FreeBSD list. I have installed FreeBSD 5.3, have not upgraded to STABLE yet. During the installation I created a user account that is in the wheel group. After the installation, logged in as that user at console with no problems. But can not login using putty from my computer via ssh. Then enabled telnet in inetd.conf and could telnet just fine. I also noticed that I CAN ssh as that user from one of other servers (FreeBSD 5.1). Please help, I am not sure where to look. Thank you for your help in advance. Irina ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 9.3.0 on FreeBSD 5.3
Is there any reason for not using bind 9.3.0 that comes with FreeBSD 5.3 ? It can be run chrooted with the same flags you are using. Regarding your question, I suposse your master server can't connect to your slaver server on port tcp 53 which is used for transfer zones and master-slave notifications because of some packet filter. Do you have any tcp-wrapper, ipfw or ipf rules that may be blocking the establishment of tcp session on port 53 ? - Original Message - From: J.D. Bronson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Friday, December 31, 2004 8:04 AM Subject: 9.3.0 on FreeBSD 5.3 It compiles fine and runs fine...but I noticed an odd thing. When the MASTER DNS server boots up, it fails to send notifies to the SLAVES: 31-Dec-2004 06:51:33.207 zone domain.com/IN/external: notify to 1.1.1.1#53: retries exceeded (tons of them..each referring to each of my domains or zones) None of the slaves ever see the NOTIFY. ..here is the odd part: If I kill off named (after boot is all done)...then launch it again, the SLAVES now receive the NOTIFYs. So its *only* during the boot-up sequence that I am seeing this. Bind 9.3.0 starts in the SAME way as the OEM version that comes with FREEBSD 5.3 with 2 exceptions. 1. I run it chrooted to /var/named 2. In rc.conf, I simply specify my new compiled binary and launch it as such: named_enable=YES named_program=/usr/local/sbin/named named_flags=-t /var/named -u named Anyone have ANY insight on this? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 9.3.0 on FreeBSD 5.3
Is there any reason for not using bind 9.3.0 that comes with FreeBSD 5.3 ? It can be run chrooted with the same flags you are using. Regarding your question, I suposse your master server can't connect to your slaver server on port tcp 53 which is used for transfer zones and master-slave notifications because of some packet filter. Do you have any tcp-wrapper, ipfw or ipf rules that may be blocking the establishment of tcp session on port 53 ? - Original Message - From: J.D. Bronson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Friday, December 31, 2004 8:04 AM Subject: 9.3.0 on FreeBSD 5.3 It compiles fine and runs fine...but I noticed an odd thing. When the MASTER DNS server boots up, it fails to send notifies to the SLAVES: 31-Dec-2004 06:51:33.207 zone domain.com/IN/external: notify to 1.1.1.1#53: retries exceeded (tons of them..each referring to each of my domains or zones) None of the slaves ever see the NOTIFY. ..here is the odd part: If I kill off named (after boot is all done)...then launch it again, the SLAVES now receive the NOTIFYs. So its *only* during the boot-up sequence that I am seeing this. Bind 9.3.0 starts in the SAME way as the OEM version that comes with FREEBSD 5.3 with 2 exceptions. 1. I run it chrooted to /var/named 2. In rc.conf, I simply specify my new compiled binary and launch it as such: named_enable=YES named_program=/usr/local/sbin/named named_flags=-t /var/named -u named Anyone have ANY insight on this? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 9.3.0 on FreeBSD 5.3
Is there any reason for not using bind 9.3.0 that comes with FreeBSD 5.3 ? It can be run chrooted with the same flags you are using. Regarding your question, I suposse your master server can't connect to your slaver server on port tcp 53 which is used for transfer zones and master-slave notifications because of some packet filter. Do you have any tcp-wrapper, ipfw or ipf rules that may be blocking the establishment of tcp session on port 53 ? - Original Message - From: J.D. Bronson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Friday, December 31, 2004 8:04 AM Subject: 9.3.0 on FreeBSD 5.3 It compiles fine and runs fine...but I noticed an odd thing. When the MASTER DNS server boots up, it fails to send notifies to the SLAVES: 31-Dec-2004 06:51:33.207 zone domain.com/IN/external: notify to 1.1.1.1#53: retries exceeded (tons of them..each referring to each of my domains or zones) None of the slaves ever see the NOTIFY. ..here is the odd part: If I kill off named (after boot is all done)...then launch it again, the SLAVES now receive the NOTIFYs. So its *only* during the boot-up sequence that I am seeing this. Bind 9.3.0 starts in the SAME way as the OEM version that comes with FREEBSD 5.3 with 2 exceptions. 1. I run it chrooted to /var/named 2. In rc.conf, I simply specify my new compiled binary and launch it as such: named_enable=YES named_program=/usr/local/sbin/named named_flags=-t /var/named -u named Anyone have ANY insight on this? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 9.3.0 on FreeBSD 5.3
Is there any reason for not using bind 9.3.0 that comes with FreeBSD 5.3 ? It can be run chrooted with the same flags you are using. Regarding your question, I suposse your master server can't connect to your slaver server on port tcp 53 which is used for transfer zones and master-slave notifications because of some packet filter. Do you have any tcp-wrapper, ipfw or ipf rules that may be blocking the establishment of tcp session on port 53 ? - Original Message - From: J.D. Bronson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Friday, December 31, 2004 8:04 AM Subject: 9.3.0 on FreeBSD 5.3 It compiles fine and runs fine...but I noticed an odd thing. When the MASTER DNS server boots up, it fails to send notifies to the SLAVES: 31-Dec-2004 06:51:33.207 zone domain.com/IN/external: notify to 1.1.1.1#53: retries exceeded (tons of them..each referring to each of my domains or zones) None of the slaves ever see the NOTIFY. ..here is the odd part: If I kill off named (after boot is all done)...then launch it again, the SLAVES now receive the NOTIFYs. So its *only* during the boot-up sequence that I am seeing this. Bind 9.3.0 starts in the SAME way as the OEM version that comes with FREEBSD 5.3 with 2 exceptions. 1. I run it chrooted to /var/named 2. In rc.conf, I simply specify my new compiled binary and launch it as such: named_enable=YES named_program=/usr/local/sbin/named named_flags=-t /var/named -u named Anyone have ANY insight on this? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfilter loading on 5.3
Firs of all, check if the module has been loaded : # kldstat You should see the module ipl loaded : Id Refs AddressSize Name 21 0xc36df000 18000ipl.ko If not, load it manually : # kldload ipl On Mon, 8 Nov 2004, dave wrote: Hello, I believe i am having a configuration error. I've got a new 5.3 box to which i'm atempting to get ipfilter going. I read the updated handbook and have added: ipfilter_enable=YES ipfilter_rules=/etc/ipf.rules ipmon_enable=YES ipmon_flags=-Dsvn to my rc.conf file. When i try to manually load up my rules file with: ipf -FA -f /etc/ipf.rules i am getting an error can not open no such device I have not compiled anything for ipfilter in to the kernel as i had done previously i understood from the handbook that ipf was capable of being dynamically loaded and the rc.conf line would suffice. I've also added: Local0.* /var/log/ipfilter.log to my syslog.conf file getting ipf traffic in a separate logfile. When i go to rotate this file with newsyslog is there any special flags i should pass? Thanks. Dave. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
*BSD is considered the safest OS
Perhaps this is an old news, but it's interesting to post it to the list. A recent study made by MI2G, an UK company focused in data risk security, shows that *BSD and MacOS X were the less breached OS in a sample of more that 200K computers permanently connected to the internet. http://mi2g.net/cgi/mi2g/frameset.php?pageid=http%3A//mi2g.net/cgi/mi2g/press/021104.php ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: CTRL+ALT+DEL
Edit your kernel configuration, add the line : options SC_DISABLE_REBOOT then recompile your kernel, install and reboot. On Fri, 3 Sep 2004, mkondelk wrote: How to disable CTRL+ALT+DEL ? Thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Sun Fire V65x Support
Hello : Is anyone running FreeBSD-STABLE in an intel based Sun Hardware (Sun Fire V65x) ? I need running it in a production environment and I prefer FreeBSD rather than RedHat Enterprise Linux or Solaris X86 (they are the recommended OS). Regards Richard Cotrina ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: freebsd 5.2.1 openssh hole
Take a look at /usr/ports/security/openssh-portable There's the latest openssh port (3.8.1p1) On Mon, 24 May 2004, JJB wrote: Send email to FBSD OpenSSH port maintainer and tell then the port is out of date. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas May Sent: Monday, May 24, 2004 3:23 PM To: [EMAIL PROTECTED] Subject: freebsd 5.2.1 openssh hole Hi, i have installed the new version 5.2.1 and the ports collection from yesterday. i have checked the server with nessus and I got a security hole warning. You are running a version of OpenSSH which is older than 3.7.1 Versions older than 3.7.1 are vulnerable to a flaw in the buffer management functions which might allow an attacker to execute arbitrary commands on this host. What can I do ? I have installed openssl from the ports tree, but I got the same error. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.689 / Virus Database: 450 - Release Date: 21.05.2004 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
5.2.1R panic on Sun Blade 100
Hello : My Sun Blade 100 has experienced a fault virtual address panic, produced by a simple remote port scanning (done with nmap 3.5). Searching the lists, I've found a similar problem : http://lists.freebsd.org/pipermail/freebsd-sparc64/2003-August/000576.html according to this, the problem was caused by a lack of network card (dc) support . My Sun Blade has an ERI Interface, which driver, gem, uses the pci bus too. Anyone is having problems with Sun Blade and 5.2.1? I am running the last 5.2.1R code from cvs. Here is my dmesg output : Copyright (c) 1992-2004 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.2.1-RELEASE-p6 #0: Thu May 13 14:18:32 PET 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/CUSTOM Preloaded elf kernel /boot/kernel/kernel at 0xc044e000. Timecounter tick frequency 50200 Hz quality 0 real memory = 2147483648 (2048 MB) avail memory = 2082267136 (1985 MB) cpu0: Sun Microsystems UltraSparc-IIe Processor (502.00 MHz CPU) nexus0: OpenFirmware Nexus device pcib0: U2P UPA-PCI bridge on nexus0 pcib0: Sabre (US-IIe) compatible, impl 0, version 0, ign 0x7c0, bus A pcib0: [FAST] pcib0: [FAST] DVMA map: 0xc000 to 0xc3ff pci0: OFW PCI bus on pcib0 ebus0: revision 0x01 ebus0: idprom: incomplete ebus0: PCI-EBus3 bridge mem 0xf100-0xf17f,0xf000-0xf0ff at device 12.0 on pci0 ebus0: flashprom addr 0-0xf (no driver attached) eeprom0: EBus EEPROM/clock addr 0x1-0x11fff on ebus0 eeprom0: model mk48t59 eeprom0: hostid 8310ddda isab0: PCI-ISA bridge at device 7.0 on pci0 isa0: ISA bus on isab0 gem0: Sun ERI 10/100 Ethernet Adaptor mem 0x40-0x41 at device 12.1 on pci0 miibus0: MII bus on gem0 ukphy0: Generic IEEE 802.3u media interface on miibus0 ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto gem0: Ethernet address: 00:03:ba:10:dd:da, 2KB RX fifo, 2KB TX fifo pci0: serial bus, FireWire at device 12.2 (no driver attached) pci0: serial bus, USB at device 12.3 (no driver attached) pci0: old, non-VGA display device at device 3.0 (no driver attached) pci0: multimedia, audio at device 8.0 (no driver attached) atapci0: AcerLabs Aladdin UDMA66 controller port 0xa20-0xa2f,0xa08-0xa0b,0xa10-0xa17,0xa18-0xa1b,0xa00-0xa07 at device 13.0 on pci0 atapci0: [MPSAFE] ata2: at 0xa00 on atapci0 ata2: [MPSAFE] ata3: at 0xa10 on atapci0 ata3: [MPSAFE] pcib1: OFW PCI-PCI bridge at device 5.0 on pci0 pci1: OFW PCI bus on pcib1 pci0: display, VGA at device 19.0 (no driver attached) Timecounters tick every 10.000 msec IP Filter: v3.4.31 initialized. Default = pass all, Logging = enabled GEOM: create disk ad0 dp=0xf8ab6aa0 ad0: 19092MB ST320011A [38792/16/63] at ata2-master UDMA66 acd0: DVDR PIONEER 16X DVD-ROM 1.21 at ata2-slave PIO4 GEOM: create disk ad1 dp=0xf8d4b6a0 ad1: 19092MB ST320011A [38792/16/63] at ata3-master UDMA66 Mounting root from ufs:/dev/ad0a Thanks in advance, ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5.2.1R panic on Sun Blade 100
The panic message : IOMMU fault virtual address 0xc300 panic: pcib: uncorrectable DMA error AFAR 0xad6000 AFSR 0x21ff syncing disk, buffers remaining ... === The nmap was a simple stealth scan with os fingerprinting : nmap -sS -O sun_blade_100_target The same error ocurred using ping with a big icmp packet (10,000 bytes). In this case the panic message was : IOMMU fault virtual address 0xc300 panic: pcib: uncorrectable DMA error AFAR 0xad6000 AFSR 0x41ff0080 syncing disk, buffers remaining ... === RCC On Fri, 14 May 2004, Thomas Moestl wrote: On Thu, 2004/05/13 at 15:59:58 -0500, Richard Cotrina wrote: Hello : My Sun Blade 100 has experienced a fault virtual address panic, produced by a simple remote port scanning (done with nmap 3.5). I cannot reproduce this problem on my machine; can you please post the exact arguments to nmap that you have used, and the full panic message? - Thomas -- Thomas Moestl [EMAIL PROTECTED] http://www.tu-bs.de/~y0015675/ [EMAIL PROTECTED] http://people.FreeBSD.org/~tmm/ Fortunately, if we can't get inspiration, we'll accept entertainment. -- Calvin and Hobbes ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]