[OT] ssh security
Greetings, I'm doing some research into ssh and its underlying cryptographic methods and I have questions. I don't know whom else to ask and humbly ask for forgiveness if I'm way OT. So, SSH uses algorithms like ssh-dss or ssh-rsa to do key exchange. These algorithms can defeat any attempts on eavesdropping, but cannot defeat man-in-the-middle attacks. To defeat them, some pre-shared information is needed - key fingerprint. If hypothetically someone uses instead of the plain text authentication some challenge-response scheme, based on user's password or even a hash of user's password would ssh be able to avoid the need the user to have key fingerprints of the server prior the first connection? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [OT] ssh security
On Sun, Mar 7, 2010 at 11:25 PM, Angelin Lalev lalev.ange...@gmail.com wrote: Greetings, I'm doing some research into ssh and its underlying cryptographic methods and I have questions. I don't know whom else to ask and humbly ask for forgiveness if I'm way OT. So, SSH uses algorithms like ssh-dss or ssh-rsa to do key exchange. These algorithms can defeat any attempts on eavesdropping, but cannot defeat man-in-the-middle attacks. To defeat them, some pre-shared information is needed - key fingerprint. If hypothetically someone uses instead of the plain text authentication some challenge-response scheme, based on user's password or even a hash of user's password would ssh be able to avoid the need the user to have key fingerprints of the server prior the first connection? To clarify, we as users anyway do have shared secret with the server and that's the authentication password why we could not use that instead of or in addition to a key fingerprint? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Dual booting Windows 7 and FreeBSD (and possibly GRUB)
Well, Windows 7 isn't playing nicely with FreeBSD (and some other OS systems). I have my first primary partition (MBR scheme) installed with Windows 7 and I want to have FreeBSD as second primary partition. Eventually, I want to have Ubuntu on my first and second extended partitions. Any suggestions? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: portsnap - broken metadata
On Sat, Jan 23, 2010 at 9:52 AM, Angelin Lalev lalev.ange...@gmail.com wrote: Greetings, I believe I have broken the metainformation folders of portsnap. How to fix them? ironholm# rm -rf /var/db/portsnap/ ironholm# mkdir /var/db/portsnap ironholm# portsnap fetch Looking up portsnap.FreeBSD.org mirrors... 3 mirrors found. Fetching public key from portsnap2.FreeBSD.org... done. Fetching snapshot tag from portsnap2.FreeBSD.org... done. Fetching snapshot metadata... done. Fetching snapshot generated at Sat Jan 23 01:17:43 UTC 2010: 8161b7b0a3b6b42453659f19197bfcc324b0a54b57dc29100% of 61 MB 249 kBps 00m00s Extracting snapshot... done. Verifying snapshot integrity... done. Fetching snapshot tag from portsnap2.FreeBSD.org... done. Fetching snapshot metadata... done. Updating from Sat Jan 23 01:17:43 UTC 2010 to Sat Jan 23 08:00:35 UTC 2010. Fetching 4 metadata patches. done. Applying metadata patches... done. Fetching 4 metadata files... /usr/sbin/portsnap: cannot open bd5906dc86367765516942be65b56170d979598ac1325709aa83e67efec39d6d.gz: No such file or directory metadata is corrupt. ironholm# I have some additional details: I have proxy server that requires username and password and I have set the HTTP_PROXY and FTP_PROXY environment variables accordingly. (HTTP_PROXY = FTP_PROXY = USERNAME:passw...@proxy.uni-svishtov.bg:8080) portsnap --debug shows, among other rows the following error message: phttpget: host = USERNAME, port = passw...@proxy.uni-svishtov.bg:8080: servname not supported for ai_socktype Seems to me like a bug somewhere in portsnap. Any help? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
portsnap - broken metadata
Greetings, I believe I have broken the metainformation folders of portsnap. How to fix them? ironholm# rm -rf /var/db/portsnap/ ironholm# mkdir /var/db/portsnap ironholm# portsnap fetch Looking up portsnap.FreeBSD.org mirrors... 3 mirrors found. Fetching public key from portsnap2.FreeBSD.org... done. Fetching snapshot tag from portsnap2.FreeBSD.org... done. Fetching snapshot metadata... done. Fetching snapshot generated at Sat Jan 23 01:17:43 UTC 2010: 8161b7b0a3b6b42453659f19197bfcc324b0a54b57dc29100% of 61 MB 249 kBps 00m00s Extracting snapshot... done. Verifying snapshot integrity... done. Fetching snapshot tag from portsnap2.FreeBSD.org... done. Fetching snapshot metadata... done. Updating from Sat Jan 23 01:17:43 UTC 2010 to Sat Jan 23 08:00:35 UTC 2010. Fetching 4 metadata patches. done. Applying metadata patches... done. Fetching 4 metadata files... /usr/sbin/portsnap: cannot open bd5906dc86367765516942be65b56170d979598ac1325709aa83e67efec39d6d.gz: No such file or directory metadata is corrupt. ironholm# ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Secure method for fetching freebsd sources ?
Greetings, Which is the *secure* way of fetching freebsd sources? Cvsup looks prone to MiM attacks, CTM looks promising, but only if I have been member of the appropriate ctm list since the release of 8.0. (it seems that the ctm deltas on the ftp are not signed.). Do FreeBSD cvs servers support ssh instead of rsh access as OpenBSD server do? Other alternatives? Please note that this is not a theoretical question. I really have a system which i'll put in a place I don't trust, so I'll try to encrypt everything from the disk to the connections which I will use for updating. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
geli problem (???)
I have Intel DG45ID + Core2 machine with USB keyboard and I want to use geom_eli to encrypt my entire freebsd partition. My FreeBSD version is freebsd 8.0p2, my Drive is SATA and I have USB keyboard and mouse. I intend to boot via USB flash disk and attach the partition at boot. Everything works as described in the documentation, except for a nasty problem. When I try to attach my encrypted partition at boot, it seems that my enter key on the keyboard gets stuck and keep sending LF to my console continuously. The keyboard and the key though are 100% ok (tested on windows). I'm not getting this problem when I use geli to attach the partition after boot, only at boot time (geom_eli_load=YES in loader.conf). I'm not quite sure that the problem isn't the USB keyboard itself or to be more exactly the USB support for that keyboard. For example when I go to mountroot prompt (screwed fstab) I can't type a thing. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Can freebsd-update update kernels with option IPFIREWALL_FORWARD
Greetings, Several weeks ago I tried to change the way my FreeBSD servers are updated. Instead of the lengthy procedure of building FreeBSD from sources, I tried to use freebsd-update. On two of the servers, I ran into a problem. Obviously GENERIC kernel with ipfw module loaded couldn't provide the functionality of a kernel, compiled with IPFIREWALL_FORWARD option. So I've returned to my old ways of updating, but I forgot the crontab entry which invoked freebsd-update. To my surprise, yesterday I received a message, that said that updates are downloaded for my kernel (currently FreeBSD 6.2p3 - yeah, I'm lazy ...). Does this mean that freebsd-update team builds kernels with IPFIREWALL_FORWARD now? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
passing parameters to configure script of a port
Hi, I want to build squid from ports, but I need to pass some custom options to configure script. Something more, I want to be sure that when I run portupdate it won't revert to default options. Which is the right way to do this ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfw forward from GENERIC kernel - is it possible?
From ipfw manpage: To enable fwd a custom kernel needs to be compiled with the option options IPFIREWALL_FORWARD. Is there any workaround that would allow me to use ipfw fwd with GENERIC kernel? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
freebsd-update and kernel
Greetings, I did binary update with freebsd-update from RELENG6_2p2 to p5 and now uname -a shows: FreeBSD mail.uni-svishtov.bg 6.2-RELEASE-p4 FreeBSD 6.2-RELEASE-p4 #0: Thu Apr 26 17:55:55 UTC 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/SMP i386 Is that normal ? My original kernel was indeed SMP, built from source 6.2-RELEASE-p2. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
is it possible to set the following IPC options at boot instead of hard-coding them in kernel
Hi list, I'm running squid diskd on my proxy machines and I want to be able to use freebsd-update. Squid diskd requires the following options set in the kernel (example from daemon news http://ezine.daemonnews.org/200209/squid.html) options SYSVMSG options MSGMNB=8192 # max # of bytes in a queue options MSGMNI=40 # number of message queue identifiers options MSGSEG=512 # number of message segments per queue options MSGSSZ=64 # size of a message segment options MSGTQL=2048 # max messages in system I guess that updating that custom kernel will be a problem for freebsd-update, so is that possible to set those values at boot? (I believe SYSVMSG is in GENERIC by default). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is it possible to set the following IPC options at boot insteadof hard-coding them in kernel
Thanks, it worked! On Sun, 27 May 2007 12:40:09 +0100, Matthew Seaman [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Angelin Lalev wrote: Hi list, I'm running squid diskd on my proxy machines and I want to be able to use freebsd-update. Squid diskd requires the following options set in the kernel (example from daemon news http://ezine.daemonnews.org/200209/squid.html) options SYSVMSG options MSGMNB=8192 # max # of bytes in a queue options MSGMNI=40 # number of message queue identifiers options MSGSEG=512 # number of message segments per queue options MSGSSZ=64 # size of a message segment options MSGTQL=2048 # max messages in system I guess that updating that custom kernel will be a problem for freebsd-update, so is that possible to set those values at boot? (I believe SYSVMSG is in GENERIC by default). You should be able to set these via /boot/loader.conf which will let you just use a GENERIC kernel. Run: sysctl kern.ipc to find the OID names and then just put eg: kern.ipc.msgmnb=8192 into loader.conf (plus all the other tunables you want to change) and reboot. For the gory details, look at /usr/src/sys/kern/sysv_msg.c --- I can't find any actual documentation mentioning these OIDs but my reading of the code suggests that is how it is meant to work. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.3 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGWW4Z8Mjk52CukIwRCPSTAJwOC14nviduEXerQbsHW1YsumtVBACcDltH yrFMw2UGAPBmG4NKh828G/k= =zGWU -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ifconfig seems to not accept inet and ether parameters on one line
Hi everyone, I'm running FreeBSD 6.2. and I'm trying in short to change the MAC address of my network interface at boot. So I wrote something like this in my rc.conf file: ifconfig_xl0=inet 192.168.1.1 netmask 255.255.255.0 ether 00:00:11:11:22:22 at next boot the interface was not configured at all, so I tried it manually: ifconfig xl0 inet 192.168.1.1 netmask 255.255.255.0 ether 00:00:11:11:22:22 and got ifconfig:ether:bad value It works perfectly when I set only inet and only ether addresses. How to make It work in rc.conf? The only info in the net that I could find was non-authoritative and suggested this is a bug? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
freebsd-update question
I have machine wich is build from sources (FreeBSD 6.2p3 , RELENG_6_2). Can I use freebsd-update on that machine straight away? In the article that appears on top of google (http://www.daemonology.net/freebsd-update/binup.html), there is section about removing kernel counters, perllocal.pod etc. It's not clear for me if that step should be taken at server's or the client's side. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD machine instead of wireless hotspot device
I have wireless hotspot device (Handlink WG-601) which I need to replace with FreeBSD machine. The device has following functionality I need to replicate: 1. It has dhcp server (that's easy) 2. It makes NAT between it's internal interfaces and wan interface (easy too, but look at 3). 3. It actually responds on every ARP request coming on it's internal interfaces. That allows it to act as router for machines that instead of using dhcp are configured with wrong static IP addresses. 4. It can use RADIUS for authentication of the users. Actually, non-authenticated users are given IP address (no WPA, TKIP, etc) and when they first try to load a web page are redirected to authentication web-page. Then their username and password are checked against RADIUS database and only then they are allowed to connect to the outer network. Two more things: 1. It was part of a larger wireless hotspot service, sponsored from the government and implemented by outer organization, so buying another with my organization's money is out of the question. 2. I'm aware of the issues with security but again I cannot modify the policy there. I'll be very thankful for any ideas. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD machine instead of wireless hotspot device
On Sat, 21 Apr 2007 09:38:36 -0400, Chris Slothouber [EMAIL PROTECTED] wrote: Chris Slothouber wrote: Angelin Lalev wrote: I have wireless hotspot device (Handlink WG-601) which I need to replace with FreeBSD machine. The device has following functionality I need to replicate: 1. It has dhcp server (that's easy) 2. It makes NAT between it's internal interfaces and wan interface (easy too, but look at 3). 3. It actually responds on every ARP request coming on it's internal interfaces. That allows it to act as router for machines that instead of using dhcp are configured with wrong static IP addresses. 4. It can use RADIUS for authentication of the users. Actually, non-authenticated users are given IP address (no WPA, TKIP, etc) and when they first try to load a web page are redirected to authentication web-page. Then their username and password are checked against RADIUS database and only then they are allowed to connect to the outer network. Two more things: 1. It was part of a larger wireless hotspot service, sponsored from the government and implemented by outer organization, so buying another with my organization's money is out of the question. 2. I'm aware of the issues with security but again I cannot modify the policy there. I'll be very thankful for any ideas. http://www.howtoforge.com/setting_up_a_freebsd_wlan_access_point Sorry, wrong URL. http://www.howtoforge.com/wifi_hotspot_setup Thanks a lot! Chillispot is exactly what I need! It has all the described functionality (point (3) as a additional patch)! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
advice on anti-spam tools
Hi List, My e-mail server is running the latest spamassassin with all of the blacklist enabled and etc. but I still receive over 20 spam messages a day (image spam mostly). The situation with other users may be worse. That's why I was thinking about some tool that 1. store incoming email 2. send request to the sender of the message, requiring to go to some address and enter the numbers (letters) from image 3. if the puzzle is solved in time (week or so) deliver the message, otherwise delete it. Is there such tool(s) ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
saving kernel configuration file into the kernel itself
I remember that in FreeBSD 4 there was a way to include configuration file in the kernel being compiled, but I could not remember what it was and I could not find it in the handbook. Is there such feature in FreeBSD 6 ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
deleting file '--preserve-permissions'
I've made mistake with tar. Something like tar cvfz --preserve-permissions home.tgz * or tar cvfz --preserve-permissions * home.tgz As result I have a file with name '--preserve-permissions'. It seems that it's not easy to delete this file. rm '--preserve-permissions' does not give the desired result. What should I do :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
clamav-milteClamAv: accept() returned invalid socket (Result too large)
What is causing this ? The full message appears in /var/log/messages and looks like this: mail clamav-milter: ClamAv: accept() returned invalid socket (Result too large), try again I get long series of this message on average twice a day at which time the server gradually stops to process mail until I restart clamAV. sendmail.cf ... Xclmilter, S=local:/var/run/clamav/clmilter.sock, F=T, T=S:4m;R:4m;E:5m ... ps -axww|grep clam 787 ?? Is 0:11.53 /usr/local/sbin/clamd 815 ?? Is 0:00.09 /usr/local/bin/freshclam --daemon -p /var/run/clamav/freshclam.pid 89956 ?? Ss 3:02.57 /usr/local/sbin/clamav-milter --pidfile /var/run/clamav/clamav-milter.pid --postmaster-only --local --outgoing --timeout=10 --max-children=100 /var/run/clamav/clmilter.sock ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Firefox, TrueType, Windows Fonts
I'm not certain to even ask the right question here, but here I go. Apparently, there are certain web pages that require specifically Arial and look like sh*th on Firefox. Since there is no Arial on FreeBSD and since I'm aware of the copyright and patent issues which prevent copying and displaying (correctly) Arial and other TTF fonts from Windows boxes, I was wandering is there a way to make firefox choose Helvetica instead of Arial and say Times New Roman instead of Tahoma and so on ... The Fonts dialog on Firefox seem to only address the choice of default Serif, Sans-Serif and Monospace fonts. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Using Flash on FreeBSD [Fwd: Macromedia Customer Service Request [8564611]]
On Wed, 31 May 2006 13:35:53 -0500 Don Hinton [EMAIL PROTECTED] wrote: Hi: When trying to upgrade Flash, I ran into the following in the UPDATING file: 20060408: AFFECTS: users of www/linux-flashplugin* AUTHOR: [EMAIL PROTECTED] These ports have been removed because the End User License Agreement explicitly forbids to run the Flash Player on FreeBSD. For more details, see http://www.macromedia.com/shockwave/download/license/desktop/. So I contacted Adobe, see below, and according to the customer service rep, Astrid C. Villanueva, there is not problem with using Flash on FreeBSD, it's just not supported. Therefore, would it be possible to add it back to the ports? thanks... don -- Forwarded Message -- Subject: Macromedia Customer Service Request [8564611] Date: Wednesday 31 May 2006 13:33 From: Service [EMAIL PROTECTED] To: don hinton [EMAIL PROTECTED] Hi again Don, Thank you for writing back and for the clarification provided. I understand your feedback on the compatibility of Flash Player on FreeBSD. Please note that Flash Player is not supported in FreeBSD, thus it not mentioned on the End User License Agreement that Flash Player can be downloaded and installed on the operating system. It is not that the web player is prohibited in FreeBSD, but the operating system itself is not compatible with Player. Please note that it is your option whether to install Flash Player on your FreeBSD; however, please note that we cannot provide you with any technical support, warranties or remedies for the software, although it is clearly stated on the End User License Agreement, the only authorized operating systems where you may download and install Flash Player. To view the System Requirements of Flash Player, you may go to: http://www.macromedia.com/software/flashplayer/productinfo/systemreqs/ In connection with this, if you would like to make suggestions or comments on how we can improve future versions of our software, or to report possible bugs in our current versions, please visit: http://www.macromedia.com/support/email/wishform/ Your comments, suggestions, and ideas for improvements are very important to us. We appreciate you taking the time to send us this information. I hope this additional information helps. Thank you for your patience on this matter. Should you have further concerns, feel free to write us back. Regards, Astrid C. Villanueva Customer Service Macromedia, now part of Adobe Systems Please use your incident number 8564611 in any correspondence with us. Customer Service at Macromedia, now part of Adobe Systems http://www.macromedia.com/support/service/ Note concerning Attachments: Please do not send attachments in a reply to this email. Instead, can you please contact the support agent to make arrangements to send your files. Thank you. --- Have you tried gnash? /usr/ports/graphics/gnash ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Acroread7
Greetings, I've installed acrobat reader from /usr/ports/print/acroread7 and have some trouble with it. When I start it with acroread, it crashes with message: /usr/X11R6/Adobe/Acrobat7.0/ENU/bin/acroread: /dev/null: Operation not supported /usr/X11R6/Adobe/Acrobat7.0/ENU/bin/acroread: /dev/null: Operation not supported ERROR: Cannot determine current directory. Some additional info: $ kldstat |grep linux 32 0xc1e69000 17000linux.ko $ pkg_info|grep linux linux-XFree86-libs-4.3.99.902_7 XFree86 libraries, Linux binary linux-atk-1.8.0_2 Accessibility Toolkit, Linux/i386 binary linux-expat-1.95.7_1 Linux/i386 binary port of Expat XML-parsing library linux-fontconfig-2.2.3_4 Linux/i386 binary of Fontconfig linux-glib2-2.4.8_2 Version 2.X Linux/i386 binary port of GLib linux-jpeg-6b.33_1 RPM of the JPEG lib linux-png-1.2.8_1 RPM of the PNG lib linux-tiff-3.6.1_6 TIFF library, Linux/i386 binary $ mount /dev/ad0s1a on / (ufs, local) devfs on /dev (devfs, local) /dev/ad0s1f on /home (ufs, local, soft-updates) /dev/ad0s1g on /opt (ufs, NFS exported, local, soft-updates) /dev/ad0s1d on /usr (ufs, local, soft-updates) /dev/ad0s1e on /var (ufs, local, soft-updates) /dev/acd0 on /cdrom (cd9660, local, read-only) linprocfs on /usr/compat/linux/proc (linprocfs, local) $ uname -a FreeBSD fence 7.0-CURRENT FreeBSD 7.0-CURRENT #6: Tue May 9 16:19:07 EEST 2006 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/FENCE i386 $ ls -l /usr/ports/UPDATING -rw-r--r-- 1 root wheel 130397 May 17 21:36 /usr/ports/UPDATING Any ideas would be appreciated :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Acroread7
On Fri, 19 May 2006 08:03:08 -0400 Robert Huff [EMAIL PROTECTED] wrote: Angelin Lalev writes: $ pkg_info|grep linux linux-XFree86-libs-4.3.99.902_7 XFree86 libraries, Linux binary linux-atk-1.8.0_2 Accessibility Toolkit, Linux/i386 binary linux-expat-1.95.7_1 Linux/i386 binary port of Expat XML-parsing library linux-fontconfig-2.2.3_4 Linux/i386 binary of Fontconfig linux-glib2-2.4.8_2 Version 2.X Linux/i386 binary port of GLib linux-jpeg-6b.33_1 RPM of the JPEG lib linux-png-1.2.8_1 RPM of the PNG lib linux-tiff-3.6.1_6 TIFF library, Linux/i386 binary Shouldn't there be a linux_base-something in this list? And how did you these installed without linux_base-something being pulled in as a dependency? Robert Huff Thanks for the competent response! I should have mentioned this on the first mail, because the approach I used is not exactly right. (Guilty). I went into /usr/ports/print/acroread7 and typed 'make fetch-recursive' and then 'make install'. 'make install' failed two or three times but i rather laysily just restarted it and it continiued. I didn't even look at the make output. I guess I must clean that mess and try again. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Resolved: Acroread7
On Fri, 19 May 2006 16:40:25 +0300 Angelin Lalev [EMAIL PROTECTED] wrote: On Fri, 19 May 2006 08:03:08 -0400 Robert Huff [EMAIL PROTECTED] wrote: Angelin Lalev writes: $ pkg_info|grep linux linux-XFree86-libs-4.3.99.902_7 XFree86 libraries, Linux binary linux-atk-1.8.0_2 Accessibility Toolkit, Linux/i386 binary linux-expat-1.95.7_1 Linux/i386 binary port of Expat XML-parsing library linux-fontconfig-2.2.3_4 Linux/i386 binary of Fontconfig linux-glib2-2.4.8_2 Version 2.X Linux/i386 binary port of GLib linux-jpeg-6b.33_1 RPM of the JPEG lib linux-png-1.2.8_1 RPM of the PNG lib linux-tiff-3.6.1_6 TIFF library, Linux/i386 binary Shouldn't there be a linux_base-something in this list? And how did you these installed without linux_base-something being pulled in as a dependency? Robert Huff Thanks for the competent response! I should have mentioned this on the first mail, because the approach I used is not exactly right. (Guilty). I went into /usr/ports/print/acroread7 and typed 'make fetch-recursive' and then 'make install'. 'make install' failed two or three times but i rather laysily just restarted it and it continiued. I didn't even look at the make output. I guess I must clean that mess and try again. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] The problem is caused by very weird mess-up of linux-base. I have questions about it and will repost it under appropriate topcic. Thanks again. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Installing gdm themes?
On Thu, 18 May 2006 19:18:25 -0400 Lowell Gilbert [EMAIL PROTECTED] wrote: Angelin Lalev [EMAIL PROTECTED] writes: gdmsetup binary seem to miss from the last gnome gdm port. Look in /usr/X11R6/sbin. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] There it is. Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Installing gdm themes?
gdmsetup binary seem to miss from the last gnome gdm port. If that's normal, what is the proper manual way of installing themes? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Intelligent way of dealing with dependancies in ports
I'm rather tired of having to update firefox port due security fixes and then having to build the new versions of glib, expat, and so on an so on, every one of which complains that tere are older versions of the lib installed. I've tried pkg_delete -f and install of the newer version, but then all the binaries in the system started complaining because they don't find the exact version of the shared library they are compiled with. What's the intelligent way of dealing with the problem? (Prefferably the one which does not include downloading 600+ MB of source every time :-( ) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD handbook.
Hi, How can I get the sgml #sources# of the FreeBSD handbook? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ls -c vs. ls -u / manpage / architecture question
Hi, I want to ask if I got this right. The manpage of ls, supplied with FreeBSD 6.0 says: -c Use time when file status was last changed for sorting or printing. -u Use time of last access, instead of last modification of the file for sorting and printing I could see in the source of ls that these two options are opposite of each other, but being ignorant about the architecture of UNIX file system, i'm not positive that in addition to the time of last modification and the time of last access, there is not another time - file status change time. Or is it what I suppose, that the -c option is just on by default and no other than these 2 times are saved in the file system info about the file. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: qmail + vpopmail + procmail
Michael P. Soulier wrote: On 12/28/05, Angelin Lalev [EMAIL PROTECTED] wrote: But now my friend's clients want all mail that is tagged as spam (in my case, prefixed with [SPAM] in the subject) moved to separate courier imap folder (for example .SPAM). I figured out (maybe I make error here) that I need procmail to deliver the mail to the different courier-imap folders in the Maildir. I couldn't find on the net clear algorithm that does that. (or at least I failed reproducing it). Anyone could help? This is up to the end user to do. My $HOME/.qmail looks like so | preline procmail ~/.procmailrc From there, you can filter in .procmailrc like... :0 ^Subject:.*SPAM $MAILDIR/junkmail/ where MAILDIR=$HOME/Maildir, or some other appropriate place for the user's MUA. Thanks very much for the advice. I've tried something like that, but in the end of .procmailrc file I've piped the regular messages to vdelivermail, instead of delivering them directly (stupid, wasn't it :-)). I'm sure that it would work even that way, if I used -p option and correct paths in .procmailrc file. Anyway, I've read in the net that there is some incompatibility of exit codes between procmail and qmail. Since I was not sure if that's fixed, had no time to dig into the documentation and I was working on production system, decided to use maildrop, which did the job nicely. But I'm still curious if that incompatibility is fixed ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
qmail + vpopmail + procmail
Greetings, It's been a long time since my last day as a system administrator, but recently I needed to install a qmail server for a friend. Although I had forgoten many things, I've managed to make a working netqmail 1.05 + SMTP-AUTH + TLS patch + qmail-scanner + spam-assassin + courier imap + vpopmail (mysql db) installation, following scattered trough internet documents and howto's. But now my friend's clients want all mail that is tagged as spam (in my case, prefixed with [SPAM] in the subject) moved to separate courier imap folder (for example .SPAM). I figured out (maybe I make error here) that I need procmail to deliver the mail to the different courier-imap folders in the Maildir. I couldn't find on the net clear algorithm that does that. (or at least I failed reproducing it). Anyone could help? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
net-snmp and mrtg question
I have FreeBSD router with two interfaces. Every interface has several networks. The basic configuration of snmpd and mrtg allow me to monitor the load only on per-interface basis, but I need to be able to monitor the traffic on each network separately. Is there a way to do it via net-snmp / mrtg? Are there orther tools with output similar to mrtg (prefferably the same), which can do this? TIA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfilter problems
Thank You very much! Well, the short answer is: there is no keep state in the line pass in quick on rl0 all the dns reply you get back times out because your default rule is block and there is nowhere in the in rules for rl1 that allows the reply back. This makes sense... And I probably have done huge mistake... I thought that these rules are applied two times - once when the packet is about to enter routing logic and once when it exits routing logic the machine and once when the packet exits the machine (like ipfw). If that was the case the rule pass out quick on rl1 all keep state would do... Some recomendations: 1) I have a bit of dificulty understanding your network setup - why do you have two private networks on your external interface? May scetch in a diagram. rl0 is connected to an internet caffe with some game servers. It has only one IP address 192.168.0.0/24. rl1 is connected via ethernet to a wireless bridge. The management address of the wireless bridge (provider's property) is 10.1.6.1. I added alias addr. 10.1.6.2/24 to the rl1, so I can ping it to test connectivity. Recently we have connected some outer clients to the same ethernet network on wich is the wireless bridge. They have addresses 192.168.5.0/24 and have for gateway the our freebsd machine. They use squid server on the machine (like the machines on rl0 do) and need access to some game servers. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfilter problems
Two days ago I've switched the firewall on my FreeBSD 5.3 RELEASE router from ipfw to ipfilter. The firewalls are not my speciality and ipfilter looked simplier way to do NAT with firewall, because it separates NAT rules from filtering rules. The router has two interfaces rl0 (192.168.0.254/24) and rl1 (82.137.64.106/29, 192.168.5.1/24, 10.1.6.2/24). The ipfilter is compiled in kernel: == options IPFILTER options IPFILTER_LOG options IPFILTER_DEFAULT_BLOCK /etc/ipnat.conf map rl1 192.168.0.1/27 - 82.137.64.106/32 /etc/ipf.rules pass in quick on lo0 pass out quick on lo0 pass out quick on rl0 all pass in quick on rl0 all pass in quick on rl1 proto tcp from 192.168.5.1/24 to 192.168.5.1 port = 80 flags S keep state pass in quick on rl1 proto tcp from 192.168.5.1/24 to 192.168.5.1 port = 3128 flags S keep state # local counter-strike server. No NAT. pass in quick on rl1 from 192.168.5.1/24 to 192.168.0.50 keep state block in quick on rl1 from 192.168.5.1/24 to any pass out quick on rl1 all keep state The problem On 192.168.0.0/24 network I have 6 machines. The router itself is an old 166 MHz Pentium box, but load averages are not bigger than 10%. When one of the machins makes dns lookup (the dns server is on outside - 62.73.78.2) it fails with timeout in about 9 of 10 times. ipfstat -t shows that a rule is created - something like this: Source IP Dest IPST PR pkts.bytes 192.168.0.4,1029 62.73.78.2,53 0/0 udp 165 9992 Any help will be appreciated. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
curious about da_quirk_table
Greetings, I have an usb flash disk which does not support cache synchronization. Usb vendor 0x1005. (The inscription on it says Apacer HandySTENO). On FreeBSD 5.3 RELEASE it generates several of umass0: Phase Error, residue = 0 (da0:umass-sim0:0:0:0): Synchronize cache failed, status == 0x4, scsi status == 0x0 error messages. I've looked in Google and in the source and found da_quirk_table array in scsi_da.c. I've added my disk data there and the disk started working... I'm just curious is that the right way to do this and if so do you gather the data. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
what is S.M.A.R.T and do I need it when I'm using freebsd (5.x...)
Hi everyone, I've got this question that bugs me. It seems that the bios setup utility on my desktop machine (MB. GA-8IPE1000-G Pro) does not support turning on S.M.A.R.T. I remember that long ago I've read somewhere in the net that S.M.A.R.T has to do something with remapping the bad sectors on the IDE drive similar to the way SCSI controller should do it, but probably I've got it wrong... So, what is S.M.A.R.T, does FreeBSD use it, and should it be turned on trough the bios setup utility? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
SMB/NetBIOS proxying tool ?
Hi everybody, I need to do a NAT translation between two networks, having windows shares (with NetBIOS over TCP/IP) still working between them. I have read some previous discussions on that matter and it looks that it's not possible to do that without proxying tool, because the IP addresses are somehow encoded in the NetBIOS packets. Is there such tool for FreeBSD? TIA To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Slightly OT (and more related to the wireless networking)
Hi everybody, Is there any way to get list of all SSIDs, which are present in given area, with the tools provided by FreeBSD. I'm not sure that is possible at all, but a colleague of mine insist that he was seen such tool for Windows. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
freeradius 0.7 under FreeBSD 4.7
Two weeks ago I have installed freeradius 0.7 from ports on a FreeBSD 4.6.2 system. It worked just fine (except the crash at the startup of the system). A couple of days ago I upgraded the system from sources to 4.7 and the radius stopped to work. Next, I made a clean install of the 4.7 from the CD-ROM and installed radius from the ports collection, comming from the CD-ROM to see that the radius again was not working. The error message in the both cases was: Starting - reading configuration files ... Module: Loaded System HASH: Reinitializing hash structures and lists for caching... HASH: Stored 25 entries from (null) rlm_unix: Can't open file group file (null): Bad address Segmentation fault Did anyone else experienced similar problems? Ideas ? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
