Re[2]: routing for 1000 users and 10Mbit internet.
BM hugle wrote: BM hugle wrote: BM hugle wrote: FG On Mon, 31 May 2004, hugle wrote: dammit.. why then my users eats so much CPU? look: CPU states: 0.0% user, 0.0% nice, 0.8% system, 38.0% interrupt, 61.2% idle Mem: 21M Active, 177M Inact, 133M Wired, 1228K Cache, 199M Buf, 1677M Free I have only 61% idle ? usualy i have ~50 idle.. now I have P4 2.4GHZ maybe my setup is bad (kernel I mean)? FG My guess is either cheap hardware (NIC) or bad tuning. What NICs are you FG using? I'm using Intel cards (fxp) at the moment. But from reading the posts I've decided to buy GBIT NIC. Now the dilema is what brand name.. INTEL or 3COM ? maybe you guys could advice? BM I've always had good results with fxp cards. how much users do you have? and what model? BM Never more than 100 ... it's been a year or two, so I don't remember the model. And yes, my PC is dealing with lots of network traffic.. It's a gateway + shaping. It deals with almost 1000 users.. Will this PC (p4 2.4GHZ) deal with 10mbit internet? as a gateway + shaper ? with one GBIT NIC connected to 100Mbit swith? BM A gbit NIC isn't going to run at gbit speed on a 100mbit switch. I know, but as I know it'll have more memory, buffer or smth like that. which somehow will help to deal with the problem, right? BM Probably. It just seems like a lot of $$$ to drop when you haven't BM tried polling yet. Keep in mind, that if you try polling and it BM doesn't work, you can just turn it back off, and you haven't spent BM any $$$ on hardware that didn't help. BM I would look elsewhere than the NIC. Intel NICs are good units (in my experience, BM if someone knows of problems with them, please speak up) from systam -v: 481 fxp0 irq12 226 fxp1 irq3 317 fxp2 irq7 I think it is quite high? right? BM I guess. I would expect numbers like that considering the load it's BM under. BM I'll ask _again_ ... is the machine's performance poor? Fact is, if BM you give it enough network traffic to shape, it's going to raise the BM CPU load, no matter what you do. now the main problem is.. that machine is shaping internet, right? I did shaping for my subnet, so users in /24 have 100kbits everybody. But they don't get such speed, they get about 70-80kbps . and if I try to skipt pipe rules for certain IPs, users get all available speed (which is left), it's about 500kbps.. so why machine can't pipe it normally ? Didn't had these problems in the past... BM Past when? What changed? BM Typically, only ~80% of available bandwidth is usable. I don't know if BM that applies to your situation, though, as that's usually referring to BM ethernet, and you claim the problem hasn't always been there. BM Try polling and see if the load reduces and the performance increases. BM If all that machine is doing is routing, you can configure it to be BM dedicated to routing. Hello all:) I'm here again.. so. I've purchased 3com nic, it recognises it as: bge0. Situation went a bit better.. (in first hours on last nics i had ~50% interrupt and here I had 30%) But after some time.. interrupts went up COmpiled in polling support But after enabling polling I don't see any changes.. Maybe bge NIC'a don't support pooling ? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re[2]: routing for 1000 users and 10Mbit internet.
BM hugle wrote: FG On Mon, 31 May 2004, hugle wrote: dammit.. why then my users eats so much CPU? look: CPU states: 0.0% user, 0.0% nice, 0.8% system, 38.0% interrupt, 61.2% idle Mem: 21M Active, 177M Inact, 133M Wired, 1228K Cache, 199M Buf, 1677M Free I have only 61% idle ? usualy i have ~50 idle.. now I have P4 2.4GHZ maybe my setup is bad (kernel I mean)? FG My guess is either cheap hardware (NIC) or bad tuning. What NICs are you FG using? I'm using Intel cards (fxp) at the moment. But from reading the posts I've decided to buy GBIT NIC. Now the dilema is what brand name.. INTEL or 3COM ? maybe you guys could advice? BM I've always had good results with fxp cards. how much users do you have? and what model? And yes, my PC is dealing with lots of network traffic.. It's a gateway + shaping. It deals with almost 1000 users.. Will this PC (p4 2.4GHZ) deal with 10mbit internet? as a gateway + shaper ? with one GBIT NIC connected to 100Mbit swith? BM A gbit NIC isn't going to run at gbit speed on a 100mbit switch. I know, but as I know it'll have more memory, buffer or smth like that. which somehow will help to deal with the problem, right? BM I would look elsewhere than the NIC. Intel NICs are good units (in my experience, BM if someone knows of problems with them, please speak up) from systam -v: 481 fxp0 irq12 226 fxp1 irq3 317 fxp2 irq7 I think it is quite high? right? BM Read the polling man page and see if it will help you. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re[2]: routing for 1000 users and 10Mbit internet.
BM hugle wrote: BM hugle wrote: FG On Mon, 31 May 2004, hugle wrote: dammit.. why then my users eats so much CPU? look: CPU states: 0.0% user, 0.0% nice, 0.8% system, 38.0% interrupt, 61.2% idle Mem: 21M Active, 177M Inact, 133M Wired, 1228K Cache, 199M Buf, 1677M Free I have only 61% idle ? usualy i have ~50 idle.. now I have P4 2.4GHZ maybe my setup is bad (kernel I mean)? FG My guess is either cheap hardware (NIC) or bad tuning. What NICs are you FG using? I'm using Intel cards (fxp) at the moment. But from reading the posts I've decided to buy GBIT NIC. Now the dilema is what brand name.. INTEL or 3COM ? maybe you guys could advice? BM I've always had good results with fxp cards. how much users do you have? and what model? BM Never more than 100 ... it's been a year or two, so I don't remember the model. And yes, my PC is dealing with lots of network traffic.. It's a gateway + shaping. It deals with almost 1000 users.. Will this PC (p4 2.4GHZ) deal with 10mbit internet? as a gateway + shaper ? with one GBIT NIC connected to 100Mbit swith? BM A gbit NIC isn't going to run at gbit speed on a 100mbit switch. I know, but as I know it'll have more memory, buffer or smth like that. which somehow will help to deal with the problem, right? BM Probably. It just seems like a lot of $$$ to drop when you haven't BM tried polling yet. Keep in mind, that if you try polling and it BM doesn't work, you can just turn it back off, and you haven't spent BM any $$$ on hardware that didn't help. BM I would look elsewhere than the NIC. Intel NICs are good units (in my experience, BM if someone knows of problems with them, please speak up) from systam -v: 481 fxp0 irq12 226 fxp1 irq3 317 fxp2 irq7 I think it is quite high? right? BM I guess. I would expect numbers like that considering the load it's BM under. BM I'll ask _again_ ... is the machine's performance poor? Fact is, if BM you give it enough network traffic to shape, it's going to raise the BM CPU load, no matter what you do. now the main problem is.. that machine is shaping internet, right? I did shaping for my subnet, so users in /24 have 100kbits everybody. But they don't get such speed, they get about 70-80kbps . and if I try to skipt pipe rules for certain IPs, users get all available speed (which is left), it's about 500kbps.. so why machine can't pipe it normally ? Didn't had these problems in the past... BM I guess, if you absolutely want to come up with a reason to buy new BM hardware, this is as good a reason as any. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re[2]: routing for 1000 users and 10Mbit internet.
BM hugle wrote: BM hugle wrote: BM hugle wrote: FG On Mon, 31 May 2004, hugle wrote: dammit.. why then my users eats so much CPU? look: CPU states: 0.0% user, 0.0% nice, 0.8% system, 38.0% interrupt, 61.2% idle Mem: 21M Active, 177M Inact, 133M Wired, 1228K Cache, 199M Buf, 1677M Free I have only 61% idle ? usualy i have ~50 idle.. now I have P4 2.4GHZ maybe my setup is bad (kernel I mean)? FG My guess is either cheap hardware (NIC) or bad tuning. What NICs are you FG using? I'm using Intel cards (fxp) at the moment. But from reading the posts I've decided to buy GBIT NIC. Now the dilema is what brand name.. INTEL or 3COM ? maybe you guys could advice? BM I've always had good results with fxp cards. how much users do you have? and what model? BM Never more than 100 ... it's been a year or two, so I don't remember the model. And yes, my PC is dealing with lots of network traffic.. It's a gateway + shaping. It deals with almost 1000 users.. Will this PC (p4 2.4GHZ) deal with 10mbit internet? as a gateway + shaper ? with one GBIT NIC connected to 100Mbit swith? BM A gbit NIC isn't going to run at gbit speed on a 100mbit switch. I know, but as I know it'll have more memory, buffer or smth like that. which somehow will help to deal with the problem, right? BM Probably. It just seems like a lot of $$$ to drop when you haven't BM tried polling yet. Keep in mind, that if you try polling and it BM doesn't work, you can just turn it back off, and you haven't spent BM any $$$ on hardware that didn't help. BM I would look elsewhere than the NIC. Intel NICs are good units (in my experience, BM if someone knows of problems with them, please speak up) from systam -v: 481 fxp0 irq12 226 fxp1 irq3 317 fxp2 irq7 I think it is quite high? right? BM I guess. I would expect numbers like that considering the load it's BM under. BM I'll ask _again_ ... is the machine's performance poor? Fact is, if BM you give it enough network traffic to shape, it's going to raise the BM CPU load, no matter what you do. now the main problem is.. that machine is shaping internet, right? I did shaping for my subnet, so users in /24 have 100kbits everybody. But they don't get such speed, they get about 70-80kbps . and if I try to skipt pipe rules for certain IPs, users get all available speed (which is left), it's about 500kbps.. so why machine can't pipe it normally ? Didn't had these problems in the past... BM Past when? What changed? actualy nothing... more users joint the LAN. BM Typically, only ~80% of available bandwidth is usable. I don't know if BM that applies to your situation, though, as that's usually referring to BM ethernet, and you claim the problem hasn't always been there. no.. for example if i start downlaoding without using pipes (no shaping) my total bandwith usage increases up to 98-99% BM Try polling and see if the load reduces and the performance increases. BM If all that machine is doing is routing, you can configure it to be BM dedicated to routing. I'll do it in ~10-12 hours.. I'll plug my server off, plug in new 3com gbit NIC. and boot my kernel with new options - device_POOLING. and see what is happening and so on.. PS. i think my PC has too less CPU. cause I think that NAT + shaper both eats much processor. and read somewhere, that: interrupts apper if CPU doesn't manage to deal with them. So, after changing NIC, i'll post my result here hugle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
routing for 1000 users and 10Mbit internet.
Hello all. I run into some problem here Let's take, that I have 10mbit internet and 1000 users behind the router. All I want to do is to NAT internet over all of these users give some users external IPs (BIMAP in ipfilter) And olso do traffic shaping, like: Some IP groups (10.0.0.0/24) one pipe - 100kbits some IP groups (10.0.1.0/24 and 10.0.2.0/24) another pipe.. - 300 kbits for example some individual IPs individual pipes, like 10.10.10.10 has 400kbits The question in what machine do i need? What CPU and how much of ram ? dual or single processor ? or maybe there are any better suggestions ? thanks -- Best regards,Hugle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re[2]: routing for 1000 users and 10Mbit internet.
FG On Mon, 31 May 2004, hugle wrote: The question in what machine do i need? What CPU and how much of ram ? FG I set up a firewall for more than 300 users, a DMZ with a public webserver, FG webmail and MX on a PII-350MHz with 128 MB RAM. dammit.. why then my users eats so much CPU? look: CPU states: 0.0% user, 0.0% nice, 0.8% system, 38.0% interrupt, 61.2% idle Mem: 21M Active, 177M Inact, 133M Wired, 1228K Cache, 199M Buf, 1677M Free I have only 61% idle ? usualy i have ~50 idle.. now I have P4 2.4GHZ maybe my setup is bad (kernel I mean)? ps. what those interrupt means? FG On another client, I set up a firewall for 50 users with a Pentium 90MHz FG with 64MB RAM. dual or single processor ? FG One. Don't waste you money. A firewall isn't very CPU intensive. And given FG the fact that ipf works at the IP stack level, I don't think you can have FG more than one thread active at a time messing with the IP data structures. FG Fer ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re[3]: routing for 1000 users and 10Mbit internet.
FG On Mon, 31 May 2004, hugle wrote: dammit.. why then my users eats so much CPU? look: CPU states: 0.0% user, 0.0% nice, 0.8% system, 38.0% interrupt, 61.2% idle Mem: 21M Active, 177M Inact, 133M Wired, 1228K Cache, 199M Buf, 1677M Free I have only 61% idle ? usualy i have ~50 idle.. now I have P4 2.4GHZ maybe my setup is bad (kernel I mean)? FG My guess is either cheap hardware (NIC) or bad tuning. What NICs are you FG using? I'm using Intel cards (fxp) at the moment. But from reading the posts I've decided to buy GBIT NIC. Now the dilema is what brand name.. INTEL or 3COM ? maybe you guys could advice? And yes, my PC is dealing with lots of network traffic.. It's a gateway + shaping. It deals with almost 1000 users.. Will this PC (p4 2.4GHZ) deal with 10mbit internet? as a gateway + shaper ? with one GBIT NIC connected to 100Mbit swith? Thanks once more for your time guys, and thanks for your support FG Fer ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
BGP server?
Hello all I'm trying to get router ffrom mine country.. so I will be able to NAT router to my country without any limit.. look what I get from my ISP: (email) configured: router bgp 13194 neighbor 213.226.136.250 remote-as 65006 configure Your ZEBRA: remote-as: 13194 neighbor: 213.252.192.153 ebgp-multihop: 4 How is it done ? here is my conf file: cat bgpd.conf password zebra enable password zebra router bgp 65006 bgp router-id 213.226.136.253 neighbor 213.252.192.153 remote-as 13194 neighbor 213.252.192.153 ebgp-multihop 4 smux peer 1.3.6.1.2.1.14 test log file /var/log/zebra/bgpd.log but i still can't get those routes.. can anyone be so kind and help me? Never worked with bgp routers -- Best regards,Hugle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
microuptime() went backwards
Hello all. SOmetimes I see such messages in dmesg. perl# dmesg uptime() went backwards (1574174.333073 - 1573478.944788) what they mean? and what causes them to appear ? is it good or bad?? :) -- Best regards,Hugle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Question about multipath patch for FreeBSD
Hello all. I've just patched my kernel with option MULTIPATH http://www.dsm.fordham.edu/~tanzer/multipath/mpath-48S.tgz patch -p0 /usr/src/mpath/mpath-diff-sys patch -p0 /usr/src/mpath/mpath-diff-route patch -p0 /usr/src/mpath/mpath-diff-netstat patch -p0 /usr/src/mpath/mpath-diff-man #here made a backup of files ;) cp /usr/include/net/route.h /home/hugle/multipath/route.h cp /usr/include/net/if_var.h /home/hugle/multipath/if_var.h cp /usr/src/sys/net/route.h /usr/include/net/route.h cp /usr/src/sys/net/if_var.h /usr/include/net/if_var.h did config make depend and while doing make i get this error: cast-qual -fformat-extensions -ansi -nostdinc -I- -I. -I../.. -I../../../include -I../../contrib/dev/acpica -I../../contrib/ipfilter -D_KERNEL -include opt_global.h -mpreferred-stack-boundary=2 ../../netinet/if_ether.c ../../netinet/if_ether.c: In function `arplookup': ../../netinet/if_ether.c:923: too few arguments to function `rtrequest' *** Error code 1 Stop in /usr/src/sys/compile/MULTIPATH. can someone help me? I've cvsupeed with RELENG_4 today on 2004-4-09 -- Best regards,Hugle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Process eats too much CPU!
Hello all. I've run into some problem.. some of processes on my machine eats so much CPU... look: ps aux gives USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 199 34.8 0.5 10852 10560 ?? Rs Sun10PM 3316:56.86 natd -a 212.59.9.59 -p 8668 root 201 4.7 0.0 664 356 ?? Ss Sun10PM 473:53.55 natd -a 213.252.192.142 -p 8672 - here are some eddited SYSCTL values perl# cat /boot/loader.conf | egrep -v ^# userconfig_script_load=YES kern.maxusers=0 kern.maxfiles=24656 kern.maxfilesperproc=22190 kern.ipc.nmbclusters=13312 kern.ipc.nmbufs=53248 kern.ipc.maxsockets=24653 - maybe this info also helps ya... ps. I could oslo paste ipfw rules for NATD # uptime 11:47PM up 2 days, 1:30, 1 user, load averages: 0.54, 0.57, 0.61 processor usage is low, because it's ~1.00 AM now.. at 6PM it would be before 2-3... # netstat -m 684/6864/53248 mbufs in use (current/peak/max): 671 mbufs allocated to data 5 mbufs allocated to packet headers 8 mbufs allocated to socket names and addresses 582/5592/13312 mbuf clusters in use (current/peak/max) 12900 Kbytes allocated to network (32% of mb_map in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines -- Best regards,Hugle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Need bash help
Hello all. I'm writing here, cause i think just here people can help me. (p.s. didn't find bash mailing lists) So here's what I'm palnning to do.. I have big LAN in here, and noticed that lots of users are still exploitable using RPC. I've just found source of this exploit, compiled it, and tried to use - it works. What i'm planning to is automaticaly detect such users (exploitable). So i run : ftp# ./dc IP and get: - - Remote DCOM RPC Buffer Overflow Exploit - Original code by FlashSky and Benjurry - Rewritten by HDM hdm [at] metasploit.com - Using return address of 0x77e626ba - Dropping to System Shell... Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\WINDOWS\system32 END. So if there is text like '- Dropping to System Shell...' means that system is vulderable. otherways it teturns: - - Remote DCOM RPC Buffer Overflow Exploit - Original code by FlashSky and Benjurry - Rewritten by HDM hdm [at] metasploit.com - Using return address of 0x77e626ba - Exploit appeared to have failed. So what I wanna do is smth like: for i in `seq 1 254`; do ./dc 192.168.1.$i and if it returns 'Dropping to system shell' then add these IP to vulderable_users done After i'm planning to block those users on my router, and forward them to the webpage with explanation on howto FIX that bug. Thanks for help in advance Jarek ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Installing apache 2.0.48_4
Hello all. Trying to install apache2, and get: Checksum OK for apache2/httpd-2.0.48.tar.gz. Checksum OK for apache2/powerlogo.gif. Checksum OK for apache2/httpd-2.0.48-buildconf.patch. === Patching for apache-2.0.48_4 === Applying distribution patches for apache-2.0.48_4 === Applying FreeBSD patches for apache-2.0.48_4 === apache-2.0.48_4 depends on file: /usr/local/bin/autoconf - found === apache-2.0.48_4 depends on file: /usr/local/libexec/libtool13/libtool - fou nd === apache-2.0.48_4 depends on shared library: expat.4 - found === Configuring for apache-2.0.48_4 rebuilding srclib/apr/configure buildconf: checking installation... buildconf: autoconf version 2.53 (ok) buildconf: libtool version 1.3.5 (ok) Copying libtool helper files ... buildconf: Using libtool13.m4 at /usr/local/share/aclocal/libtool13.m4. Creating include/arch/unix/apr_private.h.in ... WARNING: Using auxiliary files such as `acconfig.h', `config.h.bot' WARNING: and `config.h.top', to define templates for `config.h.in' WARNING: is deprecated and discouraged. WARNING: Using the third argument of `AC_DEFINE' and WARNING: `AC_DEFINE_UNQUOTED' allows to define a template without WARNING: `acconfig.h': WARNING: AC_DEFINE([NEED_MAIN], 1, WARNING: [Define if a function `main' is needed.]) WARNING: More sophisticated templates can also be produced, see the WARNING: documentation. autoheader: `include/arch/unix/apr_private.h.in' is unchanged Creating configure ... rebuilding srclib/apr-util/configure Looking for apr source in ../apr Creating include/private/apu_config.h ... autoheader: `include/private/apu_config.h.in' is unchanged Creating configure ... Invoking xml/expat/buildconf.sh ... Incorporating /usr/local/share/aclocal/libtool.m4 into aclocal.m4 ... Copying libtool helper files ... Creating config.h.in ... WARNING: Using auxiliary files such as `acconfig.h', `config.h.bot' WARNING: and `config.h.top', to define templates for `config.h.in' WARNING: is deprecated and discouraged. WARNING: Using the third argument of `AC_DEFINE' and WARNING: `AC_DEFINE_UNQUOTED' allows to define a template without WARNING: `acconfig.h': WARNING: AC_DEFINE([NEED_MAIN], 1, WARNING: [Define if a function `main' is needed.]) WARNING: More sophisticated templates can also be produced, see the WARNING: documentation. what could be the problem?;/ thanks ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
CPU usege too HIGH
In last past days, users confirmed of big lag in games.. I looged into the server, and saw big proccessor usage there: last pid: 90449; load averages: 5.55, 9.11, 6.74 up 21+19:48:35 17:18:34 68 processes: 5 running, 63 sleeping CPU states: 29.6% user, 0.0% nice, 34.6% system, 35.8% interrupt, 0.0% idle Mem: 321M Active, 1313M Inact, 286M Wired, 85M Cache, 199M Buf, 3488K Free Swap: 4079M Total, 216K Used, 4079M Free PID USERNAME PRI NICE SIZERES STATETIME WCPUCPU COMMAND 46087 root 62 0 8912K 8624K RUN393:39 28.86% 28.86% natd 63795 nobody62 0 191M 190M RUN 22:38 22.61% 22.61% squid 87001 root -6 0 9288K 8756K piperd 0:04 7.57% 7.57% perl 60589 root 2 0 672K 368K sbwait 297:12 0.24% 0.24% natd 65212 root 66 19 17416K 15684K RUN 89:50 0.00% 0.00% mlnet-real perl# uptime 5:24PM up 21 days, 19:54, 2 users, load averages: 8.05, 11.78, 8.94 i have a little sciprt running avery 5 minutes.. it uses perl, but.. why natd is using so much resourses ? there I have to dig the problem? and why active memory is so low ?;/ -- Best regards,Hugle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re[2]: CPU usege too HIGH
JA What is behind that server? If there are many servers/clients behind that JA server that require net access and that box functions as the gateway, then it JA is not really a surprisement that the loads are so high. nothing behind the server, just clients... I have about 500 users, and this BOX is doint NAT for all of them. JA Also, how many users are connected to that server? A few users won't bring JA that much load, but having twenty or thirty of them connected will bring JA quite a load to the CPU. It would make sense that Squid and NAT are using so JA much CPU time then. JA Your script may be small, but if again used by the same thirty people then JA perl will put quite a load on the server. But this never used to happen for over a mnoth... i had the same count of users. I have 3 internet connections. Even now, when it is 1 o'clock (AM) when everybody sleeps (almost) there is: PID USERNAME PRI NICE SIZERES STATETIME WCPUCPU COMMAND 46087 root 63 0 9924K 9636K RUN677:27 87.74% 87.74% natd 63795 nobody 2 0 305M 305M poll 176:15 5.08% 5.08% squid 60589 root 2 0 692K 388K sbwait 316:23 2.05% 2.05% natd perl# uptime 12:49AM up 22 days, 3:19, 1 user, load averages: 2.24, 2.15, 1.86 in last week load avarage at night was about 0.40 with best wishes Jarek JA Cheers, JA Jorn JA On Wednesday 25 February 2004 16:27, hugle wrote: In last past days, users confirmed of big lag in games.. I looged into the server, and saw big proccessor usage there: last pid: 90449; load averages: 5.55, 9.11, 6.74 up 21+19:48:35 17:18:34 68 processes: 5 running, 63 sleeping CPU states: 29.6% user, 0.0% nice, 34.6% system, 35.8% interrupt, 0.0% idle Mem: 321M Active, 1313M Inact, 286M Wired, 85M Cache, 199M Buf, 3488K Free Swap: 4079M Total, 216K Used, 4079M Free PID USERNAME PRI NICE SIZERES STATETIME WCPUCPU COMMAND 46087 root 62 0 8912K 8624K RUN393:39 28.86% 28.86% natd 63795 nobody62 0 191M 190M RUN 22:38 22.61% 22.61% squid 87001 root -6 0 9288K 8756K piperd 0:04 7.57% 7.57% perl 60589 root 2 0 672K 368K sbwait 297:12 0.24% 0.24% natd 65212 root 66 19 17416K 15684K RUN 89:50 0.00% 0.00% mlnet-real perl# uptime 5:24PM up 21 days, 19:54, 2 users, load averages: 8.05, 11.78, 8.94 i have a little sciprt running avery 5 minutes.. it uses perl, but.. why natd is using so much resourses ? there I have to dig the problem? and why active memory is so low ?;/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Mysql question (sorry if wrong Maililning List)
Hello all. I've got into some problem... I've been running one of mysql databases for almost a year.. and now met some problems.. I have working mysql database.. it has lots of fields (columns) and now.. when I trie to add autoid column.. it puts value 1 everywhere.. i did it auto incremental + primary key.. didn't help Tried also to export to .CSV and import from it... same thing.. everywhere value goes equal to 1... any ideas on how to fix that ? Thx -- Best regards,Hugle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD 5.1 pure-ftpd stopped working, can't kill process
Hello all. DOn't know if i'm posting to the right place, but... I came up with kinda situation.. i saw that samba died.. trie ftp'ing to the server.. waited a long time while getting directory list, after got time out. samba olso seems not to be working. ps aux show such processes: ftp 1498 0.0 0.2 2824 1188 ?? D12:13AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 1500 0.0 0.2 2824 1188 ?? D12:13AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 2953 0.0 0.2 2824 1188 ?? D12:14AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3289 0.0 0.2 2824 1188 ?? D12:16AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) root 3292 0.0 0.4 5312 2224 ?? I12:16AM 0:00.07 /usr/local/sbin/smbd -s /usr/smb.conf ftp 3639 0.0 0.2 2824 1188 ?? D12:17AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3640 0.0 0.2 2824 1188 ?? D12:19AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3664 0.0 0.2 2824 1188 ?? D12:22AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3671 0.0 0.2 2824 1188 ?? D12:23AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3672 0.0 0.2 2824 1188 ?? D12:23AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3676 0.0 0.2 2824 1192 ?? D12:25AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3677 0.0 0.2 2824 1188 ?? D12:25AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3678 0.0 0.2 2824 1188 ?? D12:26AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3691 0.0 0.2 2824 1188 ?? D12:32AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3705 0.0 0.2 2824 1188 ?? D12:33AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3706 0.0 0.2 2824 1188 ?? D12:33AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3710 0.0 0.2 2824 1188 ?? D12:37AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3711 0.0 0.2 2824 1188 ?? D12:38AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3715 0.0 0.2 2824 1188 ?? D12:40AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3733 0.0 0.2 2824 1188 ?? D12:49AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3739 0.0 0.2 2824 1188 ?? D12:52AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3786 0.0 0.2 2824 1188 ?? D 1:07AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3807 0.0 0.2 2824 1188 ?? D 1:18AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3826 0.0 0.2 2824 1188 ?? D 1:22AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3836 0.0 0.2 2824 1188 ?? D 1:32AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3837 0.0 0.2 2824 1188 ?? D 1:32AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3839 0.0 0.2 2824 1188 ?? D 1:32AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3860 0.0 0.2 2824 1188 ?? D 1:42AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3880 0.0 0.2 2824 1188 ?? D 1:48AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3900 0.0 0.2 2824 1188 ?? D 1:55AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 3901 0.0 0.2 2824 1188 ?? D 1:58AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) nobody3928 0.0 0.4 5268 2072 ?? D 2:05AM 0:00.01 /usr/local/sbin/smbd -s /usr/smb.conf nobody3930 0.0 0.4 5252 2048 ?? D 2:06AM 0:00.01 /usr/local/sbin/smbd -s /usr/smb.conf nobody4034 0.0 0.4 5268 2072 ?? D 2:07AM 0:00.01 /usr/local/sbin/smbd -s /usr/smb.conf ftp 4035 0.0 0.2 2824 1188 ?? D 2:10AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) root 4078 0.0 0.2 2740 1268 ?? Ss2:16AM 0:00.00 pure-ftpd (SERVER) (pure-ftpd) ftp 4081 0.0 0.3 2808 1412 ?? D 2:16AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) ftp 4082 0.0 0.3 2824 1428 ?? D 2:16AM 0:00.00 pure-ftpd (IDLE) (pure-ftpd) but while killing any of them, I have no success.. can't kill any even with kill -9 PID strange.. got this problem once.. rebooted machine - helped now came up with tha same problem... so i'm trying to figure out. SSH working.. THX, Jarek -- Best regards,Hugle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
turn off FreeBSD 5.1 machine? completely?
Hello all. How can I turn off machine completely? cause it waits for CTRL+D of root pass.. Thx -- Best regards,Hugle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
httpAccept: FD 10: accept failure: (53) Software caused connection abort
Hello all I saw these strange messages in cache.log 2004/01/06 18:44:59| httpAccept: FD 10: accept failure: (53) Software caused connection abort 2004/01/06 18:46:25| comm_accept: FD 10: (53) Software caused connection abort 2004/01/06 18:46:25| httpAccept: FD 10: accept failure: (53) Software caused connection abort After some googling i tried decided to make some changes: kern.maxusers=0 kern.maxproc=6164 kern.maxfiles=65536 kern.maxprocperuid= kern.maxfilesperproc=32768 kern.argmax=65536 kern.maxproc=12000 kern.maxprocperuid=13000 kern.ipc.maxsockbuf=262144 perl# netstat -m gives me : 1890/8560/30624 mbufs in use (current/peak/max): 1749 mbufs allocated to data 141 mbufs allocated to packet headers 1502/7842/14656 mbuf clusters in use (current/peak/max) 17824 Kbytes allocated to network (48% of mb_map in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines after makeing changes to kernel, i tried recompiling squid too. but still no luck.. could anyone help me? B(53) Software caused connection abort/b maybe 53 means that smth is wrong with my bind9 options ? ps. server keeps giving same messages every 15min... (plus minus) 2004/01/08 01:08:25| comm_accept: FD 10: (53) Software caused connection abort 2004/01/08 01:08:25| httpAccept: FD 10: accept failure: (53) Software caused connection abort 2004/01/08 01:32:00| comm_accept: FD 10: (53) Software caused connection abort 2004/01/08 01:32:00| httpAccept: FD 10: accept failure: (53) Software caused connection abort 2004/01/08 01:46:24| comm_accept: FD 10: (53) Software caused connection abort 2004/01/08 01:46:24| httpAccept: FD 10: accept failure: (53) Software caused connection abort then it could crash with : FATAL: xcalloc: Unable to allocate 1 blocks of 4104 bytes! Squid Cache (Version 2.5.STABLE4): Terminated abnormally. At hight load: 2004/01/08 01:46:24| comm_accept: FD 10: (53) Software caused connection abort 2004/01/08 01:46:24| httpAccept: FD 10: accept failure: (53) Software caused connection abort these messages could appear about every 1 min! Any help appreciated thx -- Best regards,Hugle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfw forward alternative in IPF ?
Hello all. I'm searching for alternative `ipfw forward` comamnd in ipf From man I didn't find if there would eb any. actualy what i'm trying to do is to forward some traffic but ipnat and ipfw forward doens't work together ;) -- Best regards,Hugle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re[2]: ipfw forward alternative in IPF ?
f Sure ipnat and IPFW can and do play together very well. I had f problems with IPFW keep-state rules and IPFW/NATD. The Natd function f is a subroutine launched by the divert rule. I removed the divert f rule and turned off IPFW_nat in rc.conf and added ipfilter-ipnat to f rc.conf. IPFILTER defaults to pass all traffic so by just using f ipnat all the Nating gets done outside of IPFW. f IPNAT does have forward rules. so ipnat `rdr` does the same ash ipfw's `fwd`? am I right? i had smth like: ipfw add 501 fwd x.141 ip from x.142 to any ipfw add 502 fwd z.161 ip from z.162 to any ipfw add 503 fwd y.1 ip from y.59 to any fo ipant rules would look like: rdr vlan0 from x.142 to 0.0.0.0/0 - x.141 rdr fxp0 from y.162 to 0.0.0.0/0 - y.161 rdr rl1 from z.59 to 0.0.0.0/0 - z.1 But why then ipfw has forward rule and natd redirect function? but ipf has no forward/redirect and ipnat does have redirect. So ipnat can ahndle both forward and redirect? Am i right? The whitng is interesting.. that tried to turn on nat with ipnat and leave only fwd ruels in ipfw, but seemed tot to wrok (can't understatnd why) f After an while I converted all my IPFW rules to f IPFILTER and got rid of IPFW all together. I never compile IPFW or f IPFILTER into the kernel, just let FBSD load the binary modules at f boot time. what is the easiest way to upgrade ipfiler after cvsup'int (sure if it had eben updated) just make clean, make and make install ? and unload/load the module? f I found IPFILTER to be easier to use and configure using f the 'quick' option. The only reason to use IPFW is if you use f dummynet for bandwidth control. I know the FBSD handbook misleads f the reader into believing IPFW is the best firewall but that is f because IPFW is an internal FBSD development project. actualy ipfw's rules seems easier to read that ipf ones. anyways ipfws pipe's rule;) f http://www.obfuscation.org/ipf/ipf-howto.html#TOC_1 thx for the link Thanks for your time, hugle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: master.passwd -- securing
RJ Ive been playing with vipw trying to change passwords into * for a RJ slightly higher level of security but ran into some very big problems. From RJ reading through the FreeBSD handbook it seemed all i had to do was replace RJ the encrypted password with *, which is what i did. I thought it seemed a RJ bit odd but continued anyway. Foolishly (although i was quite tired) i did RJ this to both my user account and root. So they both had * as their password RJ and looked the same as every other entry in the file. I saved it and vipw RJ updated the database so i thought all was well and logged off to check... RJ big mistake! The net result of this was not good, i couldnt access my user RJ account or root :( Anyway i had to cut the power to my PC since i couldnt RJ shut it down because i was locked out. After that i went into single user RJ mode and changed the passwords back and its working now but i cant hide the RJ passwords. So i guess after all this rambling my question is how to i secure RJ the password file? How do i change from the encrypted password to * without RJ screwing over my system? Any help would by much appreciated try doing that: #Forget your root pw? 1. Reboot. when you see the boot prompt, type boot -s and hit enter 2. run this command: fsck -p / mount -u / 3. use the `passwd` command to set a password for root 4. reboot, done hope that helps.. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
bash bug or something else?
Hello all. I have a little problem in here. Actulay i think, that bash doesn't caount good, look: cat bin/users | wc -l 1877 so the file contains 1877 lines cat bin/users: #!/bin/sh /sbin/ipfw -q delete 2001 /dev/null 21 /sbin/ipfw -q add 2001 count ip from 192.168.0.1 to not me in via fxp0 /dev/null 21 /sbin/ipfw -q delete 2002 /dev/null 21 /sbin/ipfw -q add 2002 count ip from not me to 192.168.0.1 out via fxp0 /dev/null 21 /sbin/ipfw -q delete 2003 /dev/null 21 /sbin/ipfw -q add 2003 count ip from 192.168.0.111 to not me in via fxp0 /dev/null 21 /sbin/ipfw -q delete 2004 /dev/null 21 /sbin/ipfw -q add 2004 count ip from not me to 192.168.0.111 out via fxp0 /dev/null 21 * * /sbin/ipfw -q add 2935 count ip from 192.168.5.63 to not me in via fxp0 /dev/null 21 /sbin/ipfw -q delete 2936 /dev/null 21 /sbin/ipfw -q add 2936 count ip from not me to 192.168.5.63 out via fxp0 /dev/null 21 /sbin/ipfw -q delete 2937 /dev/null 21 /sbin/ipfw -q add 2937 count ip from 192.168.5.99 to not me in via fxp0 /dev/null 21 /sbin/ipfw -q delete 2938 /dev/null 21 /sbin/ipfw -q add 2938 count ip from not me to 192.168.5.99 out via fxp0 /dev/null 21 so I should have 938 rules in my firewall. 938 * 2=1876 + 1 = 1877 lines in the script (1 rule for delete rule and one for add rule + rule at the top '#!/bin/sh') but when adding this rules to the ipfw ruleset i have: ipfw show 2000-2938 | wc -l 809 so somehere my 938-809=129 rules had just gone somewhere. I'm using bash in here.. could that be a bug in bash ? bash --version GNU bash, version 2.05b.0(1)-release (i386-portbld-freebsd4.9) btw, when i look into ipfw and can't find some rules in it.. for example there goes rule nr 2001,2002,2003,2004,2005,2008 so i have no rule with number 2006 and 2007 but they exist in my script. after running this script other time i got ipfw show 2000-2938 | wc -l 814 one more time : ipfw show 2000-2938 | wc -l 836 But I have not changed anything in my script. -- Best regards,Hugle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re[2]: socket: no buffer space available
AT Just for the record, I fixed this problem by recompiling my kernel with AT MAXUSERS 512 actualy you don't need to recompile kernel. you can achieve that by doing: echo kern.maxusers=0 /boot/loader.conf It is better to use 0, since them freeBSD can dynamicaly change you need (as i heard) AT :) AT ajt. AT On Mon, 2003-12-15 at 16:15, Andrew Thomson wrote: I've got a perl script doing some p5-sybase stuff for me.. However after a while, it fails with the following error message: ..socket: No buffer space available... I've seen other reports from other uses getting this problem however no clear responses on a fix. This script used to work find on my 5.0-RELEASE box now I'm trying it on a 5.1-RELEASE box. I admit the new box is a lower spec - less cpu and less memory - so that may affect some of the default sysctl values??? I've tried tweaking a couple of sysctl entries however nothing has gotten me over this hurdle. Below are some relevant(??) sysctls. kern.ipc.maxsockbuf: 1048576 kern.ipc.sockbuf_waste_factor: 8 kern.ipc.nmbufs: 17920 kern.ipc.nsfbufs: 2496 kern.ipc.mbuf_wait: 64 kern.ipc.mbuf_hiwm: 512 kern.ipc.mbuf_lowm: 128 kern.ipc.numopensockets: 94 kern.ipc.maxsockets: 4008 Any suggested tweaks appreciated. Regards, ajt. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] AT ___ AT [EMAIL PROTECTED] mailing list AT http://lists.freebsd.org/mailman/listinfo/freebsd-questions AT To unsubscribe, send any mail to AT [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re[2]: howto upgrade 4.8 to 4.9 without cdrom or floppy? ERROR
MS There's actually a very simple process to use to upgrade, providing you MS have a broadband connection: MS 1) cvsup your sources to the newer sources. For more information read MS about cvsup or checkout the handbook! MS 2) once you have new sources, cd to /usr/src and type make world; this MS could take an hour or more MS 3) if this completes OK, cd to /usr/src/sys/i386/conf (on 386-based MS processor systems) and type: MS # config GENERIC (or whatever your kernel config file is) MS 4) type: MS # cd ../../compile/GENERIC (or name of kernel config file) MS # make; make depend; make install MS 5) if this completes OK, type: MS # shutdown -r now MS 6) once rebooted, login, and check uname -a. You will see stats for a MS 4.9-x kernel! at step 4, you should do: make depend make make install ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re[2]: Stupid cvsup questions
IMT On Mon, 15 Dec 2003 21:34:55 -0500 IMT Garance A Drosihn [EMAIL PROTECTED] wrote: At 11:41 PM +0200 12/15/03, Ion-Mihai Tetcu wrote: Hi, I have 2 identical (copy/paste) ports-supfiles on two machines: it# grep -v '#' /etc/ports-supfile *default host=cvsup.ro.FreeBSD.org *default base=/usr *default prefix=/usr *default release=cvs tag=. *default delete use-rel-suffix *default compress ports-all try this: cat /usr/share/examples/cvsup/ports-supfile | egrep -v ^# | sed s/CHANGE_THIS/cvsup.ro/g /home/ports-supfile then run cvsup: cvsup -g -L 2 /home/ports-supfile ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipnat+ipfw + 3 gateways
hello all. I'm trying to to smth like load balancing between 3 interfaces using ipnat and ipfw my gw's are: 213.252.192.161 on fxp0 with 213.252.192.162 213.252.192.141 on vlan0 with 213.252.192.142 212.59.9.1 on rl1 with 212.59.9.59 the ruleset i have is: in ipfw: ipfw add 1001 fwd 213.252.192.141 ip from 213.252.192.142 to any ipfw add 1002 fwd 213.252.192.161 ip from 213.252.192.162 to any ipfw add 1003 fwd 212.59.9.1 ip from 212.59.9.59 to any and ipnat.rules #games gw map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 53 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6111 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6112 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6113 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6114 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6115 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6116 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6117 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6118 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6119 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 4000 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 7787 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 7877 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 7887 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 27005 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 27015 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 27960 - 213.252.192.142/32 #mail/web/irc/icq map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 22 - 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 25 - 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 79 - 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 81 - 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 110 - 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 443 - 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 2082 - 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 5050 - 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 5190 - 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 1863 - 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6667 - 213.252.192.162/32 #all other traffic go via gw3 map rl1 from 192.168.0.0/16 ! to 192.168.0.0/16 - 212.59.9.59/32 -- I think there is smth wrong with my IPNAT rules. i'm probably doing smth wrong with those ports... Could anyone help me ? Thanks -- Best regards,Hugle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: POP3 server.
f Does FBSD have an built in preconfigured pop3 server? f A pop3 server that's part of the FBSD basic install? f I know qpopper is in the ports. courier-imap has both POP3 and IMAP servers I think. f Thanks f ___ f [EMAIL PROTECTED] mailing list f http://lists.freebsd.org/mailman/listinfo/freebsd-questions f To unsubscribe, send any mail to f [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re[2]: ipnat+ipfw + 3 gateways
TH On Sun, Dec 14, 2003 at 07:23:26PM -0500, fbsd_user wrote: What do you think IPF is? That's the utility name used to load filter rules into IPFILTER. So you are doing just what I said. The original poster said nothing about doing traffic shaping. IPNAT will not function with out IPFILTER rules. At lease pass in all on all interfaces. He listed none in his post. TH Unlike IPFW, IPF defaults to open (thus the reason for the TH IPFILTER_DEFAULT_BLOCK kernel option). Thus IPF won't be blocking any of TH the packets that IPNAT is NATing. For example, when I issue a `ipf -F TH a`, my IPNAT rules continue to function normally. TH -T As for now my rules are default to allow. But I can't understand, why I can't use forward. As i know, NAT is done before forwarding, so firstly packets, get NAT'ed, and after they are forwarded to needed gateway. I had these king of rules in ipfw+natd using fwd rules. So I thought there is a must to use forward rule , but didn't find rule like forward in IPF. Actually it doesn't mather to me if it will be using ipnat+ipfw ar ipnat+ipf. THe main reason WHY i'm doing that is because of oidentd doesnt' work with NATD. but i've also heard that ipnat has better pperformanse as it runs in kernel space (not user space like natd do). now about this script. The result I came to (depending on this FAQ http://www.obfuscation.org/ipf/ipf-howto.html#TOC_1) was to just remove ipfw rules (default to allow) #gw2 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 53 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6111 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6112 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6113 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6114 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6115 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6116 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6117 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6118 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6119 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 4000 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 7787 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 7877 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 7887 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 27005 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 27015 - 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 27960 - 213.252.192.142/32 #gw1 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 22 - 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 25 - 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 79 - 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 81 - 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 110 - 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 443 - 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 2082 - 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 5050 - 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 5190 - 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 1863 - 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6667 - 213.252.192.162/32 map fxp0 from 192.168.0.0/16 to 213.226.139.46 port = 7000 - 213.252.192.162/32 #all other traffic go via gw3 map rl1 from 192.168.0.0/16 ! to 192.168.0.0/16 - 212.59.9.59/32 default route is: 213.252.192.161 in MY opinion these rules should WORK. but as it seems, they don't Any ideas? Thanks, Jarek ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re[2]: ipnat+ipfw + 3 gateways
btw, why should i use forward? cause system has ONE deufalt route, so if i nat via otehr interface, teh packets don't know to wwhch GW they have to go. So maybe i need to add default gateways to other interfaces ? so i have: default gw is 213.252.192.161 and default gw for 213.252.192.142 is 213.252.192.141 and deafult gw for 212.59.9.59 is 212.59.9.1 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ident patch for NATD
Hello all. I've found this : http://ofca.pl/bsdident/ thsi is a patch for oidentd 2.0.7 and natd + libalias under freebsd 4.8 It used to work for me, but my HDD have died. so i downlaoded 4.9.iso, burned, upgraded kernel source, and now can't patch ne libalias/natd Could someone implement this code to natd in the future ? Or maybe I could post my ipfw/natd rules so someone can help 'translating' them to ipf/ipnat? Thank you in advance -- Best regards,Hugle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
