Re: SCSI vs. SATA (was Re: Upgrading our mail server)
Bill Moran wrote: > > Has anyone every verified whether or not SATA has the problems that plagued > ATA? Such as crappy quality and lying caches? > > Personally, I still demand SCSI on production servers because it still > seems as if: > a) The performance is still better > b) The reliability is still better > > But I haven't taken a comprehensive look at the SATA offerings. It also > seems as if SATA is more limiting. Most SCSI cards can support 16 > devices, does SATA have similar offerings? I know it's not common, but > if you need that many spindles, you need them! I've used 15-drive SATA Promise arrays with some success. They come in both Fibre Channel and SCSI varieties, and are about $10k with 400GB SATA drives. I've run them up to ~170MB/s with RAID-5, which is more than enough for me. You get the best of both the SATA and SCSI/FC worlds. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Re: Snapshot performance
Kris Kennaway wrote: > On Fri, Sep 01, 2006 at 11:08:51AM -0700, Paul Lathrop wrote: > >> Hi all, >> >> We're working on deploying a new mail server on FreeBSD 6.1-STABLE. One >> of the major selling points was the ability to take filesystem snapshots >> in order to make backups from a consistent filesystem on such a >> high-traffic system. Unfortunately, when I take a snapshot, performance >> slows to a crawl - to the point where the system stops responding to >> network requests (ping, SMTP, etc.). Also, the snapshot takes 10-15 >> minutes to complete. >> >> Is this a typical situation? Will I need to schedule downtime for >> backups in spite of this nifty new feature? Am I doing something wrong? >> > > Time depends on the size of the filesystem - but you are correct that > snapshots were not designed with performance in mind (rather, to speed > up booting after an unclean shutdown by removing the need to wait for > fsck). > > Kris > Are there plans to improve performance of snapshots? Using the freebsd-snapshot port to link FS snapshots to the automounter is pretty nifty, but it does kill I/O performance while that's in progress as the OP mentioned. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Re: SMP detection
Michal Mertl wrote: > No! Kernel threads (e.g. handling interrupts) aren't that much different > to normal processes. > > Logical CPUs on a single HTT capable CPU share most of the CPU logic, > especially all the external stuff (handling interrupts). Scheduling > handling of interrupts on the "secondary/logical" core wouldn't > probably help performance at all (if that is at all possible). > Could you clarify note 20031022 in /usr/src/UPDATING? It states that HTT CPUs are used for interrupts if they are detected, even if they aren't used by regular processes. Was this something that just showed up in pre-6.x releases? -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Re: SMP detection
Jordi Carrillo wrote: > Skylar, > So, 50% is used for processes and the other 50% to handle hardware > interrupts. Is that right? > I believe so, but the blurb that I read that in is from 2003. There's a good chance someone will jump in to correct me. :) It was in /usr/src/UPDATING: 20031022: Support for HyperThread logical CPUs has now been enabled by default. As a result, the HTT kernel option no longer exists. Instead, the logical CPUs are always started so that they can handle interrupts. However, the extra logical CPUs are prevented from executing user processes by default. To enable the logical CPUs, change the value of the machdep.hlt_logical_cpus from 1 to 0. This value can also be set from the loader as a tunable of the same name. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Re: SMP detection
Jordi Carrillo wrote: > 2006/8/30, backyard <[EMAIL PROTECTED]>: >> >> >> >> --- Jordi Carrillo <[EMAIL PROTECTED]> wrote: >> >> > I've read that SMP should be disabled for >> > performance issues (I did not know >> > that before installing freebsd). I have a P4 3GHz >> > with hyperthreading >> > technology. I have the SMP-GENERIC kernel and it >> > only launches one cpu. So, >> > I've decided to disable SMP from BIOS. Is that ok?, >> > knowing that I have a >> > Smp enabled kernel? or should I install one without >> > smp? If so, is there a >> > way to install one already precompiled? >> > Thanks in advance >> > >> > -- >> > http://jordilin.wordpress.com >> > ___ >> > freebsd-questions@freebsd.org mailing list >> > >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> > To unsubscribe, send any mail to >> > "[EMAIL PROTECTED]" >> > >> >> if the system runs with one cpu now and you don't >> enable smp with HT with the sysctl variable then you >> should be ok. If your not doing SMP then recompiling >> the kernel for single processor mode will make things >> run a little quicker because the SMP code won't come >> into play. >> >> with HT disabling in FreeBSD is more for the security >> issues about a potential exploit whereby one process >> in one pipe can access the priveledged information of >> a process in another pipe because the two cores share >> one processor cache and thus one cache table. To my >> knowledge this hasn't been exploited yet. >> >> If you just install the generic kernel you it should >> be only the uniprocessor one. I would just do a: >> >> cd /usr/src && make buildworld && make >> KERNCONF=GENERIC buildkernel && make KERNCONF=GENERIC >> installkernel >> >> as opposed to a binary version assuming you haven't >> updated yet you won't have to install world but I >> believe it must have the build in the source tree to >> build a kernel. On your P4 though the difference >> between SMP and uniproc may not be worth the trouble >> because I don't think much of a gain would be made. on >> a P1 a much different story... >> >> if you aren't concerned with bad users or hackers >> hitting the box I would just enable HT with the sysctl >> variable. This will not make things run slower at all, >> just (in theory) less secure, which is why the >> veriable was created in the first place as I recall. >> If you are concerned I would wait until you update >> your system and then just build a GENERIC/CUSTOM >> kernel without the SMP option set. >> >> >> -brian >> > > > I will disable smp from bios. If I have a smp kernel, I suppose there > will > be no problem after all. Would that be ok? > The problem with having SMP enabled is that the smp kernel only > detects one > cpu and the system monitor only features one cpu as well as gkrellm (in > Linux it shows two cpus). When compiling the system monitor shows the > cpu at > a maximum of 50%, so what's going on with the other 50%? > writing machdep.hlt_logical_cpus to 2 in loader.conf does not solve > anything. I believe FreeBSD uses the other logical CPU to handle hardware interrupts, which can still help performance. You can check dmesg to see how it's actually handling it. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Re: SMP detection
Jordi Carrillo wrote: > I've read that SMP should be disabled for performance issues (I did > not know > that before installing freebsd). I have a P4 3GHz with hyperthreading > technology. I have the SMP-GENERIC kernel and it only launches one > cpu. So, > I've decided to disable SMP from BIOS. Is that ok?, knowing that I have a > Smp enabled kernel? or should I install one without smp? If so, is > there a > way to install one already precompiled? > Thanks in advance > I believe that HTT was disabled in FreeBSD per security report FreeBSD-SA-05:09.htt (http://security.freebsd.org/advisories/FreeBSD-SA-05:09.htt.asc). If you want to enable, I believe you can set the loader.conf option machdep.hlt_logical_cpus to 2. Having SMP enabled on a uniprocessor box shouldn't give you any stability problems, but SMP does use a different locking mechanism that can affect performance. You will probably get slightly better performance if you run with an SMP-disabled kernel. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Re: php5-extentsions broken
Mike Loiterman wrote: After installing the php5-extensions port, I get lots of the following errors when trying to start Apache: PHP Warning: PHP Startup: U\x89\xe5WVS\x83\xec\x14\xe8: Unable to initialize module\nModule compiled with module API=20020429, debug=0, thread-safety=0\nPHPcompiled with module API=20050922, debug=0, thread-safety=0\nThese options need to match\n in Unknown on line 0 Apache and php are working fine - I can get to the phpinfo page without problems. Its just that the extensions aren't being found for somereason. I have treid adding their location to the extensions_dir directive in php.ini with no luck. I have done a portupgrade rRfo lang/php5 php5 which should upgrade everything related to php5 and it does, but somehow the extension are not being found. Any ideas? Is your extensions_dir variable set properly in php.ini? - Skylar ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: transparent proxy howto
Oliver A. Rojo wrote: > Skylar Thompson wrote: >> Oliver A. Rojo wrote: >> >>> hi! >>> >>> Im using freebsd-5.2.1-RELEASE-p14 and I just want to ask if how can I >>> setup transparent proxying with squid using ipnat? >>> >> >> You're going to want something like this in your ipnat configuration: >> >> rdr int0 0/0 port 80 -> 192.168.0.1 port 3128 >> >> Where int0 is your internal interface name, and 192.168.0.1 is your >> internal interface IP address. You'll also want this in your squid.conf: >> >> http_port 8080 >> httpd_accel_host virtual >> httpd_accel_port 80 >> httpd_accel_with_proxy on >> >> Full documentation here: >> >> http://www.squid-cache.org/Doc/FAQ/FAQ-17.html >> httpd_accel_uses_host_header on >> >> >> >> > is there anything to be done with the kernel? I've done this one but > it didn't worked... Make sure that ipnat is loaded by putting ipnat_enable="YES" in /etc/rc.conf, and you should be good to go. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Re: transparent proxy howto
Oliver A. Rojo wrote: > hi! > > Im using freebsd-5.2.1-RELEASE-p14 and I just want to ask if how can I > setup transparent proxying with squid using ipnat? You're going to want something like this in your ipnat configuration: rdr int0 0/0 port 80 -> 192.168.0.1 port 3128 Where int0 is your internal interface name, and 192.168.0.1 is your internal interface IP address. You'll also want this in your squid.conf: http_port 8080 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on Full documentation here: http://www.squid-cache.org/Doc/FAQ/FAQ-17.html httpd_accel_uses_host_header on -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Re: Mail Merging
Carlos Silva wrote: hi, someone know a way to merge e-mails? my intention is to merge old gziped mailing list archives on my mail account. What format (e.g. mbox, maildir) are the archives in? -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Re: Diagnosing reboot under load
Micah wrote: My desktop system just started doing this last night. I was upgrading Gnome using the handy shell script they provide. It looks like sometime around 11:30pm the computer reset. This morning I'm trying to reinstall all the software that got lost in last night's reset and I get another reset in the middle of compiling. The last message in /var/log/messages before reboot is: Nov 6 10:41:08 trisha ntpd[489]: kernel time sync enabled 6001 Nov 6 10:58:14 trisha ntpd[489]: kernel time sync enabled 2001 Nov 6 13:02:57 trisha syslogd: kernel boot file is /boot/kernel/kernel I just ran memtest86+ and there's no memory errors. I'm guessing it's a hardware issue, but how do I diagnose it? Could it be a bad power supply? Try swapping in another one and see what happens. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Hangs with UFS2 snapshots
I'm running FreeBSD 5.4-RELEASE on a dual processor P-III, with 512MB RAM and a Mylex AcceleRAID controller. I'm trying to do live filesystem backups to a hot-spare system with UFS2 snapshots. I create the snapshots with mksnap_ffs, mount them, and then rsync the data over to the hot spare over NFS. I can very reliably cause the system to hang on disk requests to certain filesystems, requiring a reboot. I can also get this to happen with dump's "-L" option, but have yet to experience it with background fscks. Has anyone experienced this, or know of a fix? -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Re: Weird NFS problems
Jon Dama wrote: Yes, but surely you weren't bridging gigabit and 100Mbit before? Did you try my suggestion about binding the IP address of the NFS server to the 100Mbit side? Yeah. Unfortunately networking on the server fell apart when I did that. Traffic was still passed and I could get through to the server on the 100Mb/s side, but not on the 1000Mb/s. It looked like the arp tables weren't being forwarded properly, but I couldn't convince FreeBSD to do proxy arp. After doing some more poking around, it actually looks like it might be a misfeature in the Linux 2.4 kernel wrt ipfilter (which is running on the bridge). Apparently 2.4 fragments UDP packets in the reverse order that every other UNIX-like operating system does, which throws off ipfilter's state tables. I'm going to do some testing to see if the difference between UDP and TCP NFS is negligible enough for us to disregard. Thanks for the suggestions! -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Re: Weird NFS problems
Jon Dama wrote: Try switching to TCP NFS. a 100MBit interface cannot keep up with a 1GBit interface in a bridge configuration. Therefore, in the long run, at full-bore you'd expect to drop 9 out of every 10 ethernet frames. MTU is 1500 therefore 1K works (it fits in one frame), 2K doesn't (your NFS transactions are split across frames, one of which will almost certainly be dropped, it's UDP so the loss of one frame invalidates the whole transaction). This is the same reason you can't use UDP with a block size greater than MTU to use NFS over your DSL or some such arrangement. Incidentially, this has nothing to do with FreeBSD. So if using TCP mounts solves your problem, don't expect Solaris NFS to magically make the UDP case work... The thing is that UDP NFS has been working for us for years. A big part of our work is performance analysis, so to change our network architecture will invalidate a large part of our data. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Weird NFS problems
I'm having some problems with NFS serving on a FreeBSD 5.4-RELEASE machine. The FreeBSD machine is the NFS/NIS server for a group of four Linux clusters. The network archictecture looks like this: 234/24 234/24 Cluster 1 ---|--- Cluster 3 | --- em0| File server | fxp0 | -- Cluster 2 ---|--- Cluster 4 234/24230/24 em0 and fxp0 are bridged, and em0 has a 234/24 IP address while fxp0 is just in promiscuous mode. 234/24 is an 802.1q VLAN on the fxp0 side of the server, so packets are untagged at the switch just before fxp0, and are forwarded to em0 through the bridge. The problem manifests itself in large UDP NFS requests from Clusters 3 and 4. The export can be mounted fine from both those clusters, and small transfers such as with ls work fine, but the moment any serious data transfer starts, the entire mount just hangs. Running ethereal on the file server shows a a lot of fragmented packets, and RPC retransmissions on just a single request. Reducing the read and write NFS buffers on the Linux clients to 1kB from the default of 4kB solves the issue, but kills the transfer rate. The moment I go to 2kB, the problem reappearss. Clusters 1 and 2 use the default of 4kB buffers, and have no problems communicating to em0. Poking through the list archives, I ran across this message (http://lists.freebsd.org/pipermail/freebsd-stable/2003-May/001007.html) that reveals a bug in the fxp(4) driver in 4-RELEASE that incorrectly detects the capabilities of the NIC. Is this still an issue in 5-RELEASE, or am I looking at a different problem? Any ideas on how I can get the NFS buffers up to a reasonable level? -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Re: Quota problems
On Wed, Mar 09, 2005 at 03:06:55PM -0600, Dan Nelson wrote: > In the last episode (Mar 09), Skylar Thompson said: > > there should be changes to mention that /etc/rc will only create the > > files with check_quota enabled, and also that creating zero-length > > files is not only unnecessary, but also dangerous. > > I don't know that the 0-byte quota files are the source of your > problem; I only know that they're not doing any good :) It looks like they were the problem. I took the server down to single-user mode, deleted the zero-size quota.{user,group} files, and then ran quotacheck on that filesystem. After booting back up, the system ran normally without hanging. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpQfGvPWfWfB.pgp Description: PGP signature
Re: Quota problems
Dan Nelson wrote: In the last episode (Mar 09), Skylar Thompson said: there should be changes to mention that /etc/rc will only create the files with check_quota enabled, and also that creating zero-length files is not only unnecessary, but also dangerous. I don't know that the 0-byte quota files are the source of your problem; I only know that they're not doing any good :) When I remove the zero-length quota files, quotas aren't enabled properly, but there are no problems. I guess we'll know for sure when I try out quotacheck Friday morning. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Re: Quota problems
Dan Nelson wrote: In the last episode (Mar 09), Skylar Thompson said: I'm having some problems getting quotas enabled on a FreeBSD 4.11-RELEASE box. I already have quotas enabled on two filesystems, and need to extend that to a third (presently unquota'd) filesystem. I added "userquota,groupquota" to the line in /etc/fstab for the filesystem, touched the files quota.user and quota.group, and rebooted. The sytem came back up fine, but hung after a few minutes of normal activity. I rebooted, and the same thing happened. Turning of the quotas on just that filesystem solved the problem. Has anyone else had problems like this? The entire system hung how? Did the cursor stop flashing? If you switch to another vty and try to log in, does it let you enter your username and then hang? If so, hit ^T and tell us what's in the square brackets. The system is still running and accepting NFS traffic on a separate filesystem (/clients), but all disk I/O on the filesystem I'm enabling on (/usr) is stopped. Also, running "quotacheck /filesystem" is a better way to create the quota files than touching them. It ensures that existing files on the filesystem are correctly accounted for. OK. The handbook should be clearer on this. Where it says: === For finer control over your quota startup, there is an additional configuration variable available. Normally on bootup, the quota integrity of each file system is checked by the quotacheck(8) <http://www.FreeBSD.org/cgi/man.cgi?query=quotacheck&sektion=8> program. The quotacheck(8) <http://www.FreeBSD.org/cgi/man.cgi?query=quotacheck&sektion=8> facility insures that the data in the quota database properly reflects the data on the file system. This is a very time consuming process that will significantly affect the time your system takes to boot. If you would like to skip this step, a variable in /etc/rc.conf is made available for the purpose: check_quotas="NO" === And: === At this point you should reboot your system with your new kernel. /etc/rc will automatically run the appropriate commands to create the initial quota files for all of the quotas you enabled in /etc/fstab, so there is no need to manually create any zero length quota files. === there should be changes to mention that /etc/rc will only create the files with check_quota enabled, and also that creating zero-length files is not only unnecessary, but also dangerous. In any case, I have more downtime scheduled early Friday morning, so I can see if using quotacheck solves my problems. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Quota problems
I'm having some problems getting quotas enabled on a FreeBSD 4.11-RELEASE box. I already have quotas enabled on two filesystems, and need to extend that to a third (presently unquota'd) filesystem. I added "userquota,groupquota" to the line in /etc/fstab for the filesystem, touched the files quota.user and quota.group, and rebooted. The sytem came back up fine, but hung after a few minutes of normal activity. I rebooted, and the same thing happened. Turning of the quotas on just that filesystem solved the problem. Has anyone else had problems like this? -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpIai3q0Ncst.pgp Description: PGP signature
Re: high latency
Peter Risdon wrote: On Mon, 2005-02-21 at 11:52 +0200, Chris Knipe wrote: Hi, I have 4 FreeBSD Servers connected to a Cisco 2950 all doing inter-VLAN routing. Everything is working right, but one server is getting absurdly high latency through the VLANs. [...] Now, the problematic box is running a RealTek card, Ugh. You don't say which one, but I just cured a prob with nfs by replacing a brand new Realtek card with an old digital NIC that was lying around. Not for the first time, I vow never to use Realtek cards again. Not for naught is this comment in the source for the FreeBSD driver: The RealTek 8139 PCI NIC redefines the meaning of 'low end.' I've had nothing but bad luck from them. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Re: dell poweredge servers
On Mon, Feb 07, 2005 at 05:00:54PM -0700, David Bear wrote: > I was looking at the support hardware list for Fbsd 5.x and could find > no mention of the PERC3-DI scsi controller.. so I was wondering if > anyone has used a dell poweredge 2650, and what your experience was > running Freebsd 4.X and 5.x on it. We're running a PE2650 with a PERC 3/Di and it works beautifully. I would highly recommend the system for FreeBSD. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpyhq5weI1Nt.pgp Description: PGP signature
Re: Very general shutdown question
On Sun, Feb 06, 2005 at 04:46:26PM +, Ned Harrison wrote: > I run FreeBSD 5.3 on my home PC in a stand alone machine as a desktop. Is > it > possible to set it up so an ordinary user can shut the system? I've created > a couple of accounts that are not in the wheel group so I can give friends > and house guests the chance to play on a non-Microsoft system. I don't want > to give them root access just to shut it down. > > None of the books which I have discuss using FreeBSD in this way. They are > mostly geared to setting up networks running it for businesses. Areas where > one may not want an ordinary user to be able to shutdown the machine. > However, I prefer having the machine off when I'm not on it. If it's not > possible that fine I can continue working around it like I do now. sudo(8) is a nice general-purpose utility that gives mortal users superuser access to certain commands. There's a port of it in security/sudo. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgptiF3FCK0w9.pgp Description: PGP signature
Re: realplayer-10
On Wed, Jan 26, 2005 at 08:45:01PM -0800, Gary Kline wrote: > > People, > > Does anybody know why I'm getting this err output > from the FBSD mozilla? > > > pd 12:05 [1353] LoadPlugin: failed to initialize shared library > /usr/local/lib/linux-mozilla/plugins/nphelix.so [Shared object > "libstdc++.so.5" not found, required by "nphelix.so"] > locate nphelix.so > /usr/X11R6/lib/browser_plugins/nphelix.so > /usr/local/lib/linux-mozilla/plugins/nphelix.so > > I don't run linux-mozilla on my laptop; I *have* installed > the linuxpluginwrapper port. Do you have the linux_base package installed? You'll need that for libstdc++.so.5, which is the library that you're missing. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpJIQiK1n4mM.pgp Description: PGP signature
Re: Web Email
On Sat, Jan 15, 2005 at 08:24:18PM -0800, [EMAIL PROTECTED] wrote: > Hi, > > I'd like to have access to my spool via web browser. What kind of > applications can I use? I've had good luck with Squirrelmail (http://www.squirrelmail.org). It's fast, and has an easy-to-use plugin interface for more features. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpppaqDRLLAK.pgp Description: PGP signature
Re: Which OS should we use?
On Tue, Jan 11, 2005 at 03:22:15PM -0600, Paul Schmehl wrote: > We're getting ready to create some new servers from scratch > (format/install). We've been using 4.9 and 4.10 for a while now with no > problems. We've got one 5.3 box setup for test purposes. > > On this list I have seen comments about instability issues in 5.3. These > servers need to be stable. Should we install 4.10/11? Or move up to 5.3? I'm not sure about 5.3, but our tape backup server has been rock solid on 5.2.1 for months. We use Vinum to do software RAID on our holding disk, and that hasn't hiccuped at all. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpYnZrH08N9h.pgp Description: PGP signature
Re: poptop
Justin L. Boss wrote: Has anyone had any success with poptop. I'm able to get a windows client to connect but can not see the privet network at all. Here are my config file Do you have the sysctl variable net.inet.ip.forwarding set to 1? -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Re: How long will 4.x be supported?
DanGer wrote: Hi sp0ng3b0b, Friday, January 7, 2005, 10:49:23 PM, you typed: Given the serious stability issues that *some* users are having with 5.3, many are sticking with 4.x for production servers. Will FreeBSD keep the 4.x line alive for a little while longer? Perhaps going into 4.12, 4.13, etc? next 4.x release - 4.11 will be the last release from 4.x branch Will there still be security patches released for 4.x? Will any patches be backported from 5-RELEASE? -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Re: FreeBSD on Sun SPARC 20
[EMAIL PROTECTED] wrote: I've got a Sun SPARC 20 collecting dust, and I was wondering if any version of FreeBSD would run on my Sun SPARC 20? From what I can gather FreeBSD only works on UltraSPARC. The SS20 isn't an UltraSPARC, so it won't be supported by FreeBSD's Sparc64 port. I've had good luck running NetBSD on an SS20, and IPCs and IPXs, though. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Re: Powering down FreeBSD 5
Forrest Aldrich wrote: Can FreeBSD be configured to actually power off the machine, rather than sit with "Press any key to reboot". We're redeploying some servers, and we'd like them to be powered on individually, not powered up upon plug-in to the power cable. Do you have ACPI compiled into your kernel? -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Privoxy at boot.
Adam wrote: I installed Privoxy and it seems to run nicely but I have installed it many times before (not because it didn't install, but because the machine was insane.) but anyway, I for some reason have never been able to find out how to make it start up at boot. I tried /etc/rc.conf but no luck. I tried Google and still no luck. Try adding it to /etc/rc.local. That's how I start it up on my FreeBSD box. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Re: Networking to WinXP
On Fri, Dec 31, 2004 at 04:56:47AM -0500, Gerard Seibert wrote: > I have used the 'smbclient' from Samba to access my WinXP computers from > my FreeBSD computer. I have also used 'sharity-light'. > > Does anyone know of any other full featured networking tool that I can > use to access my WinXP boxes. I am not too happy with either of the two > I mentioned above. That's pretty much it; Samba is your answer to just about any Unix<->Windows internetworking. What precisely aren't you please with? -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpETWfy9R30b.pgp Description: PGP signature
Re: upgrading perl
On Fri, Dec 31, 2004 at 12:46:09PM +0100, Erik Norgaard wrote: > I haven't found big differences between 5.6 and 5.8, so I'd suggest you > use 5.8. The main reason to stick with an older version is that you > might develop scripts for platforms where the newer are not available. I've noticed some memory allocation bugs with 5.6, so I'd just go straight for 5.8. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpUQ7dHbn1YP.pgp Description: PGP signature
Re: upgrading perl
Karl Agee wrote: Freebsd 4.11-pre. I am working on learning perl, and have perl 5.00x that is in the base system when I installed 4.10-Release. Since most of the learning materials out there are based on later verisions esp since 5.6.x some of the features arent in this older version. I am considering upgrading to 5.8.5 via ports, but, dont know if that will break anything. Just being cautious... --Karl The biggest thing you have to watch out for is to upgrade the modules with the distribution. Look in /usr/ports/UPDATING and search for Perl for more info. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Re: Streaming, real time MRTG solution?
Matt Juszczak wrote: Hello all, I've seen the Adobe SVG viewer work with traffic stats to show real time traffic statistics, such as the one found in m0n0wall. Does anyone know of a real time, web based software package that can communicate with SNMP (much like MRTG does), except it shows "real time" data instead of 5 minute averages? Possibly a self moving graph so the page wouldn't have to be reloaded? I think if you try this, you'll run into Heisenberg problems, by which your measurements actually affect the data significantly. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ signature.asc Description: OpenPGP digital signature
Java [was: Re: Switching FreeBSD machines]
On Thu, Dec 23, 2004 at 12:20:09PM -0600, Joshua Lokken wrote: > to give you a confidence boost, I very recently built jdk14 on > a 5.3-RELEASE machine *by the instructions*, and it built > without problems, and apps were able to find it afterwards. > If that's all that's keeping from starting from scratch, don't > worry about java; it's not that bad. Does anyone know if JDK1.5 is going to be supported by FreeBSD? I have some JDK1.5 apps that I've written for Linux that I would like to run on FreeBSD. I've been unsuccessful in getting JDK1.5 running through Linux emulation too. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpV5j4s5vCqZ.pgp Description: PGP signature
Re: why must boot in single mode.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 LeKhoi wrote: | Thank you Skylar for sharing the information. | | I current have a simple server running RedHat, and wanting to | switch to FreeBSD as I think that FreeBSD would offer better | platform as a server in stability and security patches as such. (Am | I correct here or what ? :-) Yes. Until my current job, I used to be exclusively Red Hat Linux (unless you count the OS/2 box :-) ). Where I work now uses FreeBSD nearly exclusively on the x86 servers, with the only x86 server running Linux out of necessity for SystemImager. Getting started on FreeBSD can be a bit rough, but I'd give the Handbook <http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html> a good look over and you should be set. ports is a blessing unto itself, and the reliability and good division between production and development branches just makes it that much better than Red Hat. I think the only Linux distro that comes close is Debian. | I am doing all my research just to make sure I am making the | correct decision here. | | And this one about the single user mode is really making me cold | feet at the moment :-) I acutally wouldn't worry about it. We just patch our systems for critical security updates. We still have a bunch of servers running 4.4-RELEASE just because we know it works. I would, however, make sure the data centre staff is willing to look at FreeBSD single-user mode in case something goes FUBAR. | I will contact data centres just to make sure that they have all | the facility needed to boot it into single user mode. Thanks again | | Oh, btw, I have a quick scan on your personal page, very impress | that you are helping to maintain the servers. Would my choice of | FreeBSD over RedHat be correct in this instance for a webserver do | you think? Most definitely. If you listen to Netcraft <http://www.netcraft.com>, FreeBSD is by far the best web-serving platform imaginable. All our web servers run FreeBSD, and I've never once wished they ran Linux. - -- - -- Skylar Thompson ([EMAIL PROTECTED]) - -- http://www.cs.earlham.edu/~skylar/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBw2s4sc4yyULgN4YRAqKpAKCSaa1I708aw67p81bBloyJ1UZOaQCdHRem 9jqsR1DKZrPn77EpWPSjvRc= =tU56 -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: why must boot in single mode.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 LeKhoi wrote: | Hi Chuck and Kris | | I am also interesting in the scenario. Some FreeBSD boxes are being | used for webserving in a production environment from data centres. | | | If this upgrading procedures is in question and is forced to reboot | into single user mode (which is not practical as I am not in the | data centre) then is there a way that we could upgrade the box | safely remotely? Even if we need to shut down the server. I guess I have a few things to say to this, based on personal experience: 1. If the box works, why upgrade? All you really need to do is apply individual security patches, which does not require single-user mode. 2. If you do need to upgrade, then you should count on requiring single-user mode if anything goes wrong. 3. Many boxen in data centers, even low-end boxen like Poweredges and Proliants, have either integrated remote-management modules or options for them. Even if they don't have that, the BIOS of any real server will support redirection to a serial port that will allow you to use a modem to dial-in to the console. Even if it can't do that, decent KVM switches will have that kind of functionality. Any of these will allow you to get a remote console for work with the BIOS/single-user mode. - -- - -- Skylar Thompson ([EMAIL PROTECTED]) - -- http://www.cs.earlham.edu/~skylar/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBwk4wsc4yyULgN4YRApFqAKCXgGSsYBIFkAL5hgUpCu6V2akUiACfWJvp VfxM/Lpnx1F7rDi/1QCHuFE= =0vrR -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: CPU, RAM, information
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kris Kennaway wrote: | On Thu, Dec 16, 2004 at 04:04:51PM -0800, Curtis Vaughan wrote: | |> Where do I find information in 5.3 about my cpu, ram, etc? Like |> under Linux I would go to /proc/ and look at files like cpuinfo |> and meminfo. | | | dmesg and sysctl. If the kernel message ring buffer overflows, you can also look in /var/run/dmesg.boot. - -- - -- Skylar Thompson ([EMAIL PROTECTED]) - -- http://www.cs.earlham.edu/~skylar/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBwjD3sc4yyULgN4YRArj1AJ454TkqASuvEskNdTQRlu4fvcsp4gCfay32 pNTSv5zd5IK13erantVVv14= =qthx -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
SMBFS vulnerability
I just read about Linux's vulernability WRT SMBFS. Does FreeBSD suffer from the same vulnerability? -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.os2.dhs.org/~skylar/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Ports config location
On Fri, Sep 17, 2004 at 08:18:02PM -0400, Bill Moran wrote: > Skylar Thompson <[EMAIL PROTECTED]> wrote: > > > I'm having some trouble with deleting an old ports configuration file. I'm > > trying to build the new PHP 4.3.8 (with the new modular config setup), and > > made a mistake in setting it up. I want to be able to pull up the > > curses-based config screen, but not even deleting the entire ports tree and > > pulling it down again solves that; I get the some setup every time, and it > > proceeds with the build without prompting me. How do I get it to prompt me > > again for configuration? > > cd /usr/ports/lang/php4-extensions && make config && \ > make FORCE_PKG_REGISTER=yes install > > ... a little more complicated than usual for the ports sytem ... That did the trick. Thanks! -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgptjeWlllKcJ.pgp Description: PGP signature
Ports config location
I'm having some trouble with deleting an old ports configuration file. I'm trying to build the new PHP 4.3.8 (with the new modular config setup), and made a mistake in setting it up. I want to be able to pull up the curses-based config screen, but not even deleting the entire ports tree and pulling it down again solves that; I get the some setup every time, and it proceeds with the build without prompting me. How do I get it to prompt me again for configuration? -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgphidh4NYdv7.pgp Description: PGP signature
Re: squirellmail login problem
On Mon, Aug 30, 2004 at 05:44:34PM +0600, indunil wrote: > Hey, > > I installed PHP, Couier-Imap and squirellmail for MTA sendmail under > freeBSD 5.2.1. but when i go to squirellmail and login to it, it says > unknown user name and password. > > What is wrong with it. > > Imap is also working,When I test it with telnet 198.168.0.1 143 it says > IMAP ready Can you give us the output of your mail log and web server error log while you login? Also, try logging using a different IMAP client (like Mozilla) to see if it works that way. Other things to check are to make sure that you configured it all right with the ./configure script in the squirrelmail directory after installation. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpvXVh6aaDRm.pgp Description: PGP signature
LPRng troubles
I have an LPRng print server running FreeBSD 4.10, and I'm running into some problems with the hostnames that LPRng returns to lpq. We need to provide access to queues on a different machine which is in a different domain, but lpd only returns partial hostnames (mir instead of mir.earlham.edu), so the remote queues can't be accessed. How does one force the use of FQDNs? -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpEcP8MqLWUV.pgp Description: PGP signature
Re: FreeBSD's problem?
On Mon, Aug 09, 2004 at 11:37:50PM +0300, Vlad Tudorache wrote: > Hello! > I've been using Linux for 2 years and I know how to configure this system (not using > GUI tools!). I'm now trying FreeBSD. My problems are: > 1) If I enable ACPI, my floppy disk controller is not seen by the kernel! What kind of floppy controller is it? Is it an NEC, or something else? > 2) My USB controller tells me that "Error: Restarting port 1/2". What kind of USB controller is it? UHCI? OHCI? EHCI? > 3) If I'm using kdm, log into GNOME as root and select "Shut Down" when exiting > directly from the GNOME session's logout menu, my system hangs untill I press Ctrl-C > or Ctrl-Alt-Del. This was not happenning on Linux. What version of GNOME are you using? 2.2? 2.4? 2.6? -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpcljhoQ46qr.pgp Description: PGP signature
Re: 3COM NIC Card???
On Mon, Jul 26, 2004 at 12:33:53PM -0400, Hakim Singhji wrote: > Hello All, > > I recently purchased a pair of 3Com 3C905CTXM EtherLink XL PCI TX Network > adapter PCI 100 Mbps NIC Cards and I wanted to know if they are > compatible with FreeBSD 4.10 (stable). Could someone please give me some > feedback on this thanks. Sure are. We've got a bunch of machines with them, and they work fine. They're supported by the xl(4) driver. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgppeYSRljnIc.pgp Description: PGP signature
Re: slow serial console 5.2.1
On Sun, Jul 04, 2004 at 08:59:57AM -0500, J.D. Bronson wrote: > This is really odd. I setup a 5.2.1 machine and used the serial port for > console. I see it booting up just fine until it gets to the part where it > checks the hard drive for fragmentationthen it SLOWS to a crawl > > it get's past the hard drive and then each part of the boot is word by word > as if someone is typing it > > Once the machine is up, the network side of it FLIES and all is well...but > the serial console cannot be used at all...nothing happens. Like it's > jammed or stuck for example. > > This is on a compaq deskpro EN SFF with dual COM ports and I built a kernel > that detects as much as I can on this machine. > > I have other FreeBSD machines that do not exhibit this and was wondering if > anyone else came across this before and what they did? Do the serial settings change at all on the port? -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpwyZQ6d4Anr.pgp Description: PGP signature
Re: Gigabit Adaptors
On Thu, Jul 01, 2004 at 10:53:11AM -0500, Michael Clark wrote: > After my recent disagreements with the em0 Intel MT adaptor, I have decided > to order something else for my FreeBSD use. > Anyone have any good suggestions for cards that they prefer to use in 5.x? I've had good experience with the Broadcom gigabit adapters. The ones I'm using are integrated, but I'm sure their cards are just as good. They're supported by the bge kernel driver. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpf68N7xPTHF.pgp Description: PGP signature
Re: sshd:
On Thu, Jul 01, 2004 at 09:46:16PM -0400, [EMAIL PROTECTED] wrote: > I exec /usr/sbin/sshd, but got "Privilege separation user sshd does not > exist" > but I do have, in the /etc/group: > sshd:*:22: > and with vipw: > sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/sbin/nologin > > > is there anything I missed? Are you using any kind of other password database, like NIS? -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpKIOWmlY3vX.pgp Description: PGP signature
Re: port upgrades
On Wed, Jun 30, 2004 at 02:22:07PM -0500, Chris wrote: > 5.2.1-RELEASE > > I've started using 'portupgrade' to update several ports to the latest versions, but > have an odd problem when it comes to certain ports. > > For example: > > server# pkg_version -v | grep Spam > bsdpan-Mail-SpamAssassin-2.63 < needs updating (port has 2.63_2) > > server# portupgrade bsdpan-Mail-SpamAssassin > ---> Skipping 'mail/p5-Mail-SpamAssassin' because it is held by user (specify -f to > force) > server# portupgrade -f bsdpan-Mail-SpamAssassin Have you tried running "pkgdb -F"? -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpocQYl8sBq6.pgp Description: PGP signature
Re: Forgot to add...
On Sun, Jun 27, 2004 at 01:40:48PM -0400, Chuck Swiger wrote: > 3BSD wrote: > >One thing I forgot to add to be previous e-mail about hardware > >compatibility was that I'm using the DVI port of my graphics card, > >connected to an LCD display, will that pose any problems? > > Generally not. To the extent that your configuration of video card and > monitor can be treated as a generic (s)VGA display, FreeBSD will be > plug-and-play for text mode (booting, console), and will also work > genericly under X11. > > Getting 3D hardware support going for fast OpenGL stuff, and/or doing a > multimonitor display mode are more complicated questions, but generally one > can get such things working after more tweaking and time spent on your part. In the previous message, he mentioned using an nVidia geForce4. I've had good experiences with a geForce2 in my FreeBSD 5-RELEASE box. nVidia has a driver you can download from their website for FreeBSD, and I haven't had any problems with it. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpCv1xc8j0gK.pgp Description: PGP signature
Re: OT: Cable management
On Sat, Jun 26, 2004 at 01:38:55PM -0700, Kevin Stevens wrote: > > If you're new to cable management, remember to tag both ends of the > cables BEFORE running them through any conduit. Once they get bundled > together in any way, that's all you have to go by. If you do get into a situation where you don't know which cable is which, you can always tone them. It's a PITA and works best wiht two people, but it works. It's not a bad idea to have a toner on hand, because even labeled cables can run into trouble. The ink might rub off, or you might accidentally cut off some excess slack without relableling. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgprbJ7ofyz0d.pgp Description: PGP signature
Re: question
On Wed, Jun 23, 2004 at 11:17:06PM -0500, [EMAIL PROTECTED] wrote: > please > > i need driver nic compaq prosignia 200 for unix sco R 3.2 V 4.2 Does this use an integrated Netelligent controller? If so, I believe they use the Texas Instruments ThunderLAN chipset, which uses the tl driver. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpsGTIHdJGTv.pgp Description: PGP signature
Re: :::Support PHP/perl???:::
On Mon, Jun 21, 2004 at 07:11:02PM +0200, Dragan Veljkovic wrote: > Is this FreeBSD support PHP/Perl application/language? In the ports collection, take a look at lang/perl5{,.8} and lang/php4. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpZ5EWC11x8V.pgp Description: PGP signature
Re: Audio?
On Mon, Jun 21, 2004 at 10:55:49AM -0400, Tom Moyer wrote: > I am setting up a new computer and the motherboard I am using has > integrated audio. It says it is Realtek ALC850 does anyone know if it is > supported by FreeBSD? If so, what driver should I use? The motherboard > is the Asus P4P800-E Deluxe. As root, try doing kldload snd_driver -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpeKDmIxlUHE.pgp Description: PGP signature
Re: Sendmail for Large Sites
On Fri, Jun 18, 2004 at 01:06:34PM -0400, Jason Stewart wrote: > On 18/06/04 06:13 -0500, Martin McCormick wrote: > > > > There are other considerations such as the facts that all > > incoming and outgoing messages are checked for malicious attachments. > > ldap is used to drive the setting of customer mail delivery > > preferences and even their user ID choice. > > > > Hi Martin, > > Sendmail and Postfix can do the virus scanning. You're going to need > some serious firepower to scan all attachments for 25000 users. It depends on how much email these users are generating. I'm an admin for a small CS department at a liberal arts college. We support around 250 users (math, physics, CS, alums, and professors). On a normal day, we process between 1000 and 3000 messages. Our email server is a Dell Poweredge 2650 with dual 2.8GHz processors and 1GB of RAM. We run Sendmail with MailScanner, which in turn invokes its own testing rubrics and disarming routines along with SpamAssassin and ClamAV. Benchmarking this system indicated that we could process over 1,000,000 messages a day. And with MailScanner, incoming mail will queue up if MailScanner can't keep up for a while, so you never actually send back the temporary failure codes you have to use with milters. This system is hardly "big iron" (or any kind of iron, for that matter), and cost less than $5000. If he supports 25,000 users, he should be able to scare up at least that much money. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpK92bjvrM5N.pgp Description: PGP signature
Re: Migrating my mailhub from 4.9 to 5.x
On Wed, Jun 16, 2004 at 01:43:43PM +0200, Frank BONNET wrote: > Hello > > I am in the process to migrate my mailhub ( ~3000 mailboxes ) from 4.9 > to the next 5.x release to be able to use native nss_ldap and pam_ldap. > > I have tested the 5.2.1 version on another smallest machine and most > of my needings are working. > > BUT > > I need also to change the webmail I use actually as it seems to be not > supported anymore , this is IMHO working on the Roxen http server. > > I need a webmail that works with uw-imap ( mandatory ) and the maildox > format as I have to keep a large amount of mailboxes and don't want > want to use the maildir format for now. > > Any recommendations on the webmail I should use ? > I have tested some on my spare machine but really don't know how they > will work under a "production load" > > The machine is a HP/Compaq Proliant GL380 with 2 Gb RAM > and a lot of disk space. I'd highly recommend Squirrelmail (http://www.squirrelmail.org). I use it on a couple servers at work (a campus-wide server, and a server specific to the CS department), and it works great. It's got a good plugin system, and is reasonably fast (and with options to make it very fast). Another one to look at is OpenWebmail (http://openwebmail.org). I haven't used this in a production environment, so I don't have much practical knowledge of it. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpub1JvftV7J.pgp Description: PGP signature
Re: new server hardware recommendations ?
On Wed, Jun 16, 2004 at 01:28:56AM +0200, Stephan van Beerschoten wrote: > Hi Folks, > > I'm will be retiring my old and trusty rackmount machine soon and will > be purchasing a new one to replace it. The old one was a home-grown > combination of hardware, fitting into a 2U chassis. > > For its replacement however, I am looking for a more professional > system, including professional (hardware) support if needed, because I > will be trying to run some paid services of it. > Something from a vendor like Dell, IBM or HP/Compaq. > Something that preferably fits into 1U and can give me some degree of > hardware fault tolerance like a raid5 built-in on 3 disks. > I have seen something like this coming from Dell for example (allthough > I'd really rather use 2x AMD64, which Dell doesn't do ..) > > Anyway, who is using FreeBSD in a professional world on hardware like > this ? Anyone with a recommendation? > This 'swap' won't happen untill Q4 this year, so it will be running > 5-STABLE then. Please take this new platform into consideration for when > recommending new hardware. Although I can highly recommend Dell systems, FreeBSD has an annoying bug wrt to their 1U system (the Poweredge 1750) where the SCSI bus will hang if you have more than one device installed at boot time. This apparently doesn't happen if you have the $400 RAID option card installed; it only happens when the SCSI bus is a plain SCSI bus. Other than that, I've been very happy with Poweredges. We also have 2650 running FreeBSD 4.10, and it's been a pleasure to work with. It's blazingly fast (especially compared to our old dual P-III setup), reliable, and has FreeBSD support for *everything*. There's a software utility for the PERC RAID card (aaccli), a kernel support for the remote-access controller, etc. I'd highly recommend it. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgp3IUGX3xVRI.pgp Description: PGP signature
Re: Scheme for securing LAN
On Wed, Jun 09, 2004 at 02:32:31PM +0300, B.Bonev wrote: > Hi FreeBSDers, I have a simple question. > > What scheme for securing LAN is better? > > > > Internet > > | > > Apache _ FreeBSD LAN > > Web ServerFirewall > > > > or > >Internet > > | > >FreeBSD > >Firewall > > | > >Apache > > Web Server > > | > >FreeBSD > >Firewall > > | > > LAN > > > > What are advantages and disadvantages of two? > > I know that is much more important how tuned Firewalls, Web Server and workstations > behind are. > > Is there any difficulty for workstations that should works in Internet, because of > two Firewalls? Not really. You'll have the advantage of a secured DMZ but, the real question is, do you really need the added complexity? You need to say more about *why* you want to do this? How many users are you supporting? What's coming off the web server? etc. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgptgxnJI5CCR.pgp Description: PGP signature
Re: VMWare 4 with FreeBSD host OS
On Wed, Jun 09, 2004 at 08:09:36AM -0400, Aniruddha Bohra wrote: > Hello, > Does the VMWare Workstation 4 work with > FreeBSD as the host OS? I have it running on > Windows with -current as the guest OS, but would > like to run it as a host. I don't think so. It requires some kernel-level changes that are pretty OS specific. You can use Linux as a host OS, but not FreeBSD. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpysUImro2Gp.pgp Description: PGP signature
Re: Anti-Spam app for sendmail
On Tue, Jun 08, 2004 at 09:40:28PM -0400, Thomas Farrell wrote: > First your going to need a licensed version of sometype of > antivirus application you can always get freeB's but they will eventually > run out. some of the AV for BSD are panda, kaspersky,. macfee, and Sophos > & fprot . Both Fprot & Sophos have evaluation versions both are easy to > install and use. If you don't need commercial support, ClamAV (http://www.clamav.net) works great. I used it for my servers at work and home, and it's fast and reliable. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpqoN1R44EYJ.pgp Description: PGP signature
Re: Anti-Spam app for sendmail
On Tue, Jun 08, 2004 at 10:35:45AM -0500, Chris wrote: > Any comments on a good anti-spam app that works with sendmail for a mail > server? I'd highly recommend MailScanner (http://www.mailscanner.info) combined with SpamAssassin (http://www.spamassassin.org) and ClamAv (http://www.clamav.net/). The great thing about MailScanner is that it doesn't use milters, so you don't have to wait for a program to fire up and risk sending back temporary failure error codes. As long as your disks can keep up and you don't run out of queue space, it doesn't matter how long MailScanner takes to process messages. It'll also process messages in blocks, which makes things a lot more efficient if you're processing large amounts of mail. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpf9n4PBhuk2.pgp Description: PGP signature
Re: ipfw: getsockopt(IP_FW_ADD): Operation not permitted
On Fri, Jun 04, 2004 at 10:07:20AM +0600, ?.?. wrote: > Hello, Skylar! > > You are right, the reason was in it. > I modified in /etc/rc.conf kern_securelevel="3" to "-1" and > kern_securelevel_enable="YES". But I think securelevel=-1 is too slow and > dangerous.. As long as you don't need X, I find secure level 1 to be a happy middle ground between the two. Do a "man init" to find out more about secure levels. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgpnqYX2ZKbHj.pgp Description: PGP signature
Re: ipfw: getsockopt(IP_FW_ADD): Operation not permitted
On Thu, Jun 03, 2004 at 09:55:27AM +0600, ?.?. wrote: > > Problem is: > > ~# ipfw add 100 deny tcp from any to any 135-139 > ipfw: getsockopt(IP_FW_ADD): Operation not permitted > What securelevel are you running at? I don't think you can change your ipfw rules if you are running in level 3. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgp2sakcnucLC.pgp Description: PGP signature