From owner-freebsd-isp Sun Oct 3 3:51:45 1999 Delivered-To: freebsd-isp@freebsd.org Received: from mail.palnet.com (mail.palnet.com [212.29.201.7]) by hub.freebsd.org (Postfix) with ESMTP id BCABC14E12 for ; Sun, 3 Oct 1999 03:51:32 -0700 (PDT) (envelope-from rjebara@palnet.com) Received: from localhost (rjebara@localhost) by mail.palnet.com (8.9.3/8.9.3) with ESMTP id MAA25120; Sun, 3 Oct 1999 12:51:16 +0200 (IST) Date: Sun, 3 Oct 1999 12:51:16 +0200 (IST) From: Rami Abu Jebara To: Tim Priebe Cc: freebsd-isp@FreeBSD.ORG Subject: Re: multi-port ethernet cards In-Reply-To: <99100221133100.12711@310.priebe.alt.na> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thanks :) cheers Rami **************************** Rami Abu Jebara Technical Director Palnet Communications Ltd e-mail : rjebara@palnet.com Tel: ++ 972 2 583 5666 Fax: ++ 972 2 583 6354 w w w . p a l n e t . c o m On Sat, 2 Oct 1999, Tim Priebe wrote: > I have been using this in production since April or early May, but 3.1-RELEASE > will panic your system if you try this! ( it is possible to use a more recent > if_vlan.c and eliminate the panic.) I have a 3.2 BETA from 24 May that is > routing between 10 networks. > > How to implement. > > 1) edit your kernel configuration file, adding the following line, > > pseudo-device vlan n > > where n is the number of vlan devices you want. > > 2) build and install kernel as usual. > > 3) get, build and install a version if ifconfig that supports configuring vlan > devices. A copy can be obtained from > ftp://196.31.225.208/pub/FreeBSD/misc/ifconfig-vlan.tgz > ( I have lost the email address of the person that sent this to me, he may now > have an improved version. make install does not work, I have not looked at it.) > The man page included expains the new vlan options. > > 4) add the apropriate entries to your rc.conf eg. > > ifconfig_xl0="inet 192.168.225.199 netmask 255.255.255.0" > fconfig_vlan0="inet 192.168.25.199 netmask 255.255.255.0 vlan 2 vlandev xl0" > network_interfaces="xl0 vlan0 lo0" > > important it is possible to have one untagged vlan on the interface, as above. > If you do not have an untagged vlan on the interface, then you must enable the > interface. ie ifconfig xl0 up. > > 5) reboot your syestem to start your new kernel and interfaces. > > dont forget to configure your switch. > > Good luck, > > Tim. > > On Sat, 02 Oct 1999, Rami Abu Jebara > wrote: > Hi > > > > This is very interesting .. > > > > can you please point me in the right direction ... > > > > Thanks in advance .. > > > > Cheers > > > > Rami > > [...] > > > > > what is this "VLAN feature" of FreeBSD ? (IP aliasing ?) > > > > > > > > TfH > > > > > > No, it is 802.1Q VLAN tagging. It is an extension to the Ethernet header, that > > > specifies which virtual LAN the packet belongs to. With a Switch that can > > > handel the 802.1Q standard, and is capable of enforcing that packets do not > > > cross to an other VLAN, you can effectively have multiple network cards on > > > multipule networks, with only one network card. > > > > > > The available documentation is quite sparse right now, but I have someone > > > preparing some web pages describing how to do it. It is actually quite simple, > > > if you want, I can send you a brief instruction, and a replacement for ifconfig > > > I was given. > > > > > > Tim. > > [...] > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Oct 3 11:58:12 1999 Delivered-To: freebsd-isp@freebsd.org Received: from noop.colo.erols.net (noop.colo.erols.net [207.96.1.150]) by hub.freebsd.org (Postfix) with ESMTP id 0207C14DE6 for ; Sun, 3 Oct 1999 11:58:09 -0700 (PDT) (envelope-from gjp@noop.colo.erols.net) Received: from localhost ([127.0.0.1] helo=noop.colo.erols.net) by noop.colo.erols.net with esmtp (Exim 2.12 #1) id 11Xqqh-000Gha-00; Sun, 3 Oct 1999 14:59:07 -0400 To: "Kelsey Cummings" Cc: freebsd-isp@freebsd.org From: "Gary Palmer" Subject: Re: email content filtering In-reply-to: Your message of "Thu, 30 Sep 1999 13:56:21 PDT." <05eb01bf0b86$3ffcd280$33f9c9d0@neteze.com> Date: Sun, 03 Oct 1999 14:59:06 -0400 Message-ID: <64205.938977146@noop.colo.erols.net> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Kelsey Cummings" wrote in message ID <05eb01bf0b86$3ffcd280$33f9c9d0@neteze.com>: > Hey all- > I'm considering adding some more advanced de-spamming to my email > services. I'd like to provide content filtering (for virus signitures, > buffer overruns in subject lines, etc, etc.) Also, ideally, real time > blocking for inbound spam. IE: I've recieved 20 copies of the same message > for different customers, I'm going to spool all further messages that look > like this one for manual processing (approval or rejection by the > postmaster) in a a single group. > Currently I am more concerned about inbound SMTP than what my customers > are sending. So- what I'm asking is: what mail server could be used like > this (after a message passed the filters it would be forwarded to the > existing pop3/smtp server.) I've heard that you can do this with Sendmail > (although its way above my head) but I've also heard that procmail and qmail > are the best choices. Anybody have any experience doing this? What qould > you recommend? Content based filtering is a BAD idea. While your idea of dumping it into a different directory is a good one, it also means you have to have someone there 24/7 to check that directory manually and approve the mail. Also, spammers have taken to injecting random text into the body of the message, changing the subject, changing from lines, etc, to try and combat simple content checks. You are more likely (IMNSHO) to have better results doing IP based filtering ... use some sort of IPC between all your inbound mail servers and figure out what IP address is hitting you hard with inbound mail for multiple recipients. Exceptions would need to be in place to stop you blocking (for example) AOL, but in theory it should work pretty well. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Oct 3 18:53:33 1999 Delivered-To: freebsd-isp@freebsd.org Received: from backup.af.speednet.com.au (af.speednet.com.au [202.135.188.244]) by hub.freebsd.org (Postfix) with ESMTP id 18F8014FB9 for ; Sun, 3 Oct 1999 18:53:28 -0700 (PDT) (envelope-from andyf@speednet.com.au) Received: from localhost (localhost [127.0.0.1]) by backup.af.speednet.com.au (8.9.3/8.9.3) with ESMTP id LAA27310; Mon, 4 Oct 1999 11:52:52 +1000 (EST) (envelope-from andyf@speednet.com.au) Date: Mon, 4 Oct 1999 11:52:52 +1000 (EST) From: Andy Farkas X-Sender: andyf@localhost To: Doug Cc: Leif Neland , freebsd-isp@FreeBSD.ORG Subject: Re: limiting apache cgi mem/cpu In-Reply-To: <37F67081.9C9EEF04@gorean.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 2 Oct 1999, Doug wrote: > Leif Neland wrote: > > > > How can I limit the mem and cpu a perl/cgi script can use when started > > from apache? > > Create a login class for the web/cgi user and modify its resource > limits in login.conf. That doesn't work if you are using Apache's suexec feature (which is a wise thing to enable). See PR ports/13606 -- :{ andyf@speednet.com.au Andy Farkas System Administrator Speednet Communications http://www.speednet.com.au/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Oct 3 19:46:46 1999 Delivered-To: freebsd-isp@freebsd.org Received: from sentry.granch.ru (sentry.granch.ru [212.20.5.135]) by hub.freebsd.org (Postfix) with ESMTP id DE3C614D35 for ; Sun, 3 Oct 1999 19:46:41 -0700 (PDT) (envelope-from shelton@sentry.granch.ru) Received: from localhost (IDENT:shelton@localhost.granch.ru [127.0.0.1]) by sentry.granch.ru (8.9.3/8.9.3) with ESMTP id JAA09704 for ; Mon, 4 Oct 1999 09:46:41 +0700 (NOVST) Date: Mon, 4 Oct 1999 09:46:40 +0700 (NOVST) From: "Rashid N. Achilov" To: freebsd-isp@freebsd.org Subject: One password base for some *NIX boxes Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Does anybody know any decision of this problem: I have some set of *NIX boxes (Linux, FreeBSD, Solaric SPARC) and will, that it all use one users/passwords database. Any advices received. With Best Regards. Rashid N. Achilov (RNA1-RIPE), Cert. ID: 28514, Granch Ltd. lead engineer e-mail: achilov@granch.ru, tel (383-2) 24-2363 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Oct 3 20:19:20 1999 Delivered-To: freebsd-isp@freebsd.org Received: from cliff.i-plus.net (cliff.i-plus.net [209.100.20.42]) by hub.freebsd.org (Postfix) with ESMTP id 578AA14F65 for ; Sun, 3 Oct 1999 20:19:16 -0700 (PDT) (envelope-from st@i-plus.net) Received: from abyss ([209.100.25.1]) by cliff.i-plus.net (8.9.3/8.9.3) with SMTP id XAA79248; Sun, 3 Oct 1999 23:18:19 -0400 (EDT) From: "Troy Settle" To: "Rashid N. Achilov" , Subject: RE: One password base for some *NIX boxes Date: Sun, 3 Oct 1999 23:18:03 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The easiest answer, is NIS. But, NIS isn't exactly secure. I'd reccomend that you select one box to be your master server, then use ssh and some perl to generate and distribute appropriate passwd and shadow files to the other servers. IMO, FreeBSD would be the best choice for a master passwd server, as it keeps all it's information in one file (/etc/master.passwd). IIRC, solaris keeps different information in passwd and shadow. I don't know about linux. When implementing this, you'll need to educate your users so they'll know to change their passwords on the master server only (you can simplify this by setting up a passwd util on a web page). Also note that you'll need to install the DES encryption libraries for FreeBSD in order to achive the inter-operability you desire. HTH, Troy > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Rashid N. Achilov > Sent: Sunday, October 03, 1999 10:47 PM > To: freebsd-isp@FreeBSD.ORG > Subject: One password base for some *NIX boxes > > > Does anybody know any decision of this problem: I have some set of *NIX > boxes (Linux, FreeBSD, Solaric SPARC) and will, that it all use one > users/passwords database. > > Any advices received. > > With Best Regards. > Rashid N. Achilov (RNA1-RIPE), Cert. ID: 28514, Granch Ltd. > lead engineer > e-mail: achilov@granch.ru, tel (383-2) 24-2363 > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Oct 3 22:28:32 1999 Delivered-To: freebsd-isp@freebsd.org Received: from sasami.jurai.net (sasami.jurai.net [63.67.141.99]) by hub.freebsd.org (Postfix) with ESMTP id 9E64E14D2B for ; Sun, 3 Oct 1999 22:28:22 -0700 (PDT) (envelope-from winter@jurai.net) Received: from localhost (winter@localhost) by sasami.jurai.net (8.8.8/8.8.7) with ESMTP id BAA26602; Mon, 4 Oct 1999 01:28:15 -0400 (EDT) Date: Mon, 4 Oct 1999 01:28:14 -0400 (EDT) From: "Matthew N. Dodd" To: Troy Settle Cc: "Rashid N. Achilov" , freebsd-isp@FreeBSD.ORG Subject: RE: One password base for some *NIX boxes In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 3 Oct 1999, Troy Settle wrote: > The easiest answer, is NIS. But, NIS isn't exactly secure. Nobody has suggested Kerberos? Sheesh. Talk about making it hard on yourselves. NIS+Kerberos is a very viable solution. -- | Matthew N. Dodd | '78 Datsun 280Z | '75 Volvo 164E | FreeBSD/NetBSD | | winter@jurai.net | 2 x '84 Volvo 245DL | ix86,sparc,pmax | | http://www.jurai.net/~winter | This Space For Rent | ISO8802.5 4ever | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 4 3:42:29 1999 Delivered-To: freebsd-isp@freebsd.org Received: from cliff.i-plus.net (cliff.i-plus.net [209.100.20.42]) by hub.freebsd.org (Postfix) with ESMTP id AA00114C17 for ; Mon, 4 Oct 1999 03:42:24 -0700 (PDT) (envelope-from st@i-plus.net) Received: from abyss ([209.100.25.1]) by cliff.i-plus.net (8.9.3/8.9.3) with SMTP id GAA90495 for ; Mon, 4 Oct 1999 06:42:21 -0400 (EDT) From: "Troy Settle" To: Subject: RE: One password base for some *NIX boxes Date: Mon, 4 Oct 1999 06:42:06 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You say NIS+Kerberos? I thought those were 2 independant auth schemes (like how MD5 and DES are mutually exclusive encryption schemes, but can co-exist). Guess I got a lot more reading as to what Kerberos is. I did make a short search for documents and guides at one time, but failed to pull anything up. Can you cough up a URL to a fairly comprehensive guide to setting up and using kerberos? > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Matthew N. Dodd > Sent: Monday, October 04, 1999 1:28 AM > To: Troy Settle > Cc: Rashid N. Achilov; freebsd-isp@FreeBSD.ORG > Subject: RE: One password base for some *NIX boxes > > > On Sun, 3 Oct 1999, Troy Settle wrote: > > The easiest answer, is NIS. But, NIS isn't exactly secure. > > Nobody has suggested Kerberos? > > Sheesh. Talk about making it hard on yourselves. NIS+Kerberos is a very > viable solution. > > -- > | Matthew N. Dodd | '78 Datsun 280Z | '75 Volvo 164E | FreeBSD/NetBSD | > | winter@jurai.net | 2 x '84 Volvo 245DL | ix86,sparc,pmax | > | http://www.jurai.net/~winter | This Space For Rent | ISO8802.5 4ever | > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 4 3:53:49 1999 Delivered-To: freebsd-isp@freebsd.org Received: from dominik.saargate.de (dominik.saargate.de [212.88.132.246]) by hub.freebsd.org (Postfix) with ESMTP id 937C614EAB for ; Mon, 4 Oct 1999 03:53:41 -0700 (PDT) (envelope-from domi@saargate.de) Received: from localhost (localhost [127.0.0.1]) by dominik.saargate.de (8.9.3/8.9.3) with ESMTP id JAA69312; Mon, 4 Oct 1999 09:49:38 +0200 (CEST) (envelope-from domi@saargate.de) Date: Mon, 4 Oct 1999 09:49:38 +0200 (CEST) From: Dominik Brettnacher To: "winter@jurai.net" Cc: st@i-plus.net, shelton@sentry.granch.ru, freebsd-isp@freebsd.org Subject: RE: One password base for some *NIX boxes In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 4 Oct 1999, winter@jurai.net wrote: > >> The easiest answer, is NIS. But, NIS isn't exactly secure. > Nobody has suggested Kerberos? > Sheesh. Talk about making it hard on yourselves. NIS+Kerberos is a very > viable solution. How do I set up NIS+Kerberos? -- Dominik - http://www.saargate.de/~domi/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 4 5:33:13 1999 Delivered-To: freebsd-isp@freebsd.org Received: from relay04.indigo.ie (relay04.indigo.ie [194.125.133.228]) by hub.freebsd.org (Postfix) with SMTP id 873D915404 for ; Mon, 4 Oct 1999 05:32:46 -0700 (PDT) (envelope-from judgea@indigo.ie) Received: (qmail 19796 messnum 46369 invoked from network[194.125.133.235/relay-mgr.indigo.ie]); 4 Oct 1999 12:32:45 -0000 Received: from relay-mgr.indigo.ie (HELO indigo.ie) (194.125.133.235) by relay04.indigo.ie (qp 19796) with SMTP; 4 Oct 1999 12:32:45 -0000 To: Jeff Lynch Cc: freebsd-isp@freebsd.org Subject: Re: NetApp NFS & FreeBSD In-reply-to: Message from Jeff Lynch dated Friday at 16:15. From: Alan Judge Date: Mon, 04 Oct 1999 13:32:45 +0100 Message-Id: <19991004123247.873D915404@hub.freebsd.org> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You'll find the two scripts below. Not much to them and I'd be very wary of making any sort of serious deductions based on something so simple, particularly since I made no attempt to take other load off the filer or to think about caching effects, single process vs multiple process effects, or lots of other things. There are other benchmarks out there that might be useful, depending on the application you are actually interested in running. Just out of interest, I've also run the two scripts on local disk (a CCD stripe across two Seagate Cheetahs, with soft-updates enabled). Results are: Create lots of small files: perl ~judgea/f.pl 2.60s user 28.82s system 7% cpu 6:45.43 total Create same file lots of times: perl ~judgea/f2.pl 1.60s user 14.09s system 94% cpu 16.651 total Interesting, that the lots of files test is slower than the filer even with soft-updates, whereas a straight sequential I/O test with iozone gets 35-38MB/s on the same file system (vs 10Mb/s for the filer, mostly limited by ethernet). However, you can really see the effect of local caching and so on in the single file test, since most of the work is just in memory, as opposed to being written out over NFS. I've also appended another script that I use sometimes, which more accurately mimics our high-load cases. It creates and deletes lots of random files of various sizes and can be tweaked to change the distributions to whatever you like. For this test, the filer under load is a little slower than local CCD stripe. -- Alan f.pl: #!/usr/bin/perl foreach $i (0..99) { $f = sprintf("%02d", $i); mkdir($f, 0700); } $string = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXX\n" x 1500; $nloops = 50000; $size = 20000; foreach $i (0..$nloops) { $fn = sprintf("%02d/%05d", $i%100, $i); open(F, ">$fn") || die "$!: open $fn"; syswrite(F, $string, $size); close(F); } f2.pl: #!/usr/bin/perl $string = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXX\n" x 300; $nloops = 50000; $size = 20000; foreach $i (0..$nloops) { open(F, ">myfile") || die "$!: open $fn"; syswrite(F, $string, $size); close(F); } file-test.pl: #!/usr/bin/perl $nloops = 100000; $debug = 0; $maxf = 1000000; $ndir = 69; $string = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n" x 1500; print "File test V2. Fewer subdirs. Higher delete rate.\n"; print "nloops = $nloops, maxf = $maxf, ndir = $ndir\n"; # Quick hack script to test creating and deleting files. # Step 1. Create sub dirs. foreach $i (0..$ndir) { $d = sprintf("%02d", $i); mkdir($d, 0777); } # Step 2. Loop. print "Start step 2\n" if ($debug); $start = time(); while($nloops-- > 0) { if ((rand(1.0) > 0.51) && $#flist > 0) { if (rand(1.0) > 0.5) { # Delete most recent file $f = shift(@flist); &Unlink($f); print "Array now: ", join(":", @flist), "\n" if ($debug); } else { # Delete random file $fn = int(rand($#flist)); $f = $flist[$fn]; splice(@flist, $fn, 1); &Unlink($f); print "Array now: ", join(":", @flist), "\n" if ($debug); } } else { # Create do { $f = int(rand($maxf)); } until (! -f &fname($f)); &mkfile($f); push(@flist, $f); print "Array now: ", join(":", @flist), "\n" if ($debug); } } # End. ($user,$system,$cuser,$csystem) = times; print "Clock time = ", time()-$start, "\n"; print "utime $user stime $system cutime $cuser csys $csystem\n"; print "left over files: ", $#flist, "\n"; sub fname { local($fn) = @_[0]; sprintf("%02d/%d", $fn%$ndir, $fn); } sub Unlink { local($f) = @_[0]; local($fn) = &fname($f); print "Unlinking $f -> $fn\n" if ($debug); unlink($fn) || die "$!: unlink"; } sub mkfile { local($f) = @_[0]; local($fn) = &fname($f); local($size); if (rand(1.0) > 0.1) { # Size is 0..8K $size = int(rand(8192)); } else { $size = int(rand(102400)); } print "Creating $fn at size $size\n" if ($debug); open(F, ">$fn") || die "$!: open $fn"; syswrite(F, $string, $size); close(F); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 4 7:38:29 1999 Delivered-To: freebsd-isp@freebsd.org Received: from jerry.katrinet.se (jerry.katrinet.se [195.58.109.130]) by hub.freebsd.org (Postfix) with ESMTP id 0B8E1154D3 for ; Mon, 4 Oct 1999 07:38:12 -0700 (PDT) (envelope-from tom@jerry.katrinet.se) Received: from localhost (localhost.katrinet.se [127.0.0.1]) by jerry.katrinet.se (Postfix) with ESMTP id 6BCD226CF; Mon, 4 Oct 1999 16:37:56 +0200 (CEST) To: domi@saargate.de Cc: winter@jurai.net, st@i-plus.net, shelton@sentry.granch.ru, freebsd-isp@freebsd.org Subject: RE: One password base for some *NIX boxes In-Reply-To: Your message of "Mon, 4 Oct 1999 09:49:38 +0200 (CEST)" References: X-Mailer: Mew version 1.93 on Emacs 20.3 / Mule 4.0 (HANANOEN) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <19991004163755W.tom@jerry.katrinet.se> Date: Mon, 04 Oct 1999 16:37:55 +0200 From: Tom Backman X-Dispatcher: imput version 980905(IM100) Lines: 13 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org From: Dominik Brettnacher > > How do I set up NIS+Kerberos? > There is some documentation on http://www.pdc.kth.se/kth-krb/ It only describes the krb part. The NIS part is basically the same as always, but you dont distribute any passwds. If you want krb5, i have no idea where to look at the moment :) / Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 4 9:37:16 1999 Delivered-To: freebsd-isp@freebsd.org Received: from filer4.isc.rit.edu (filer4.isc.rit.edu [129.21.3.73]) by hub.freebsd.org (Postfix) with ESMTP id 6A0931524A for ; Mon, 4 Oct 1999 09:37:12 -0700 (PDT) (envelope-from jcptch@osfmail.isc.rit.edu) Received: from grace ("port 3453"@[129.21.3.102]) by osfmail.isc.rit.edu (PMDF V5.2-32 #21576) with SMTP id <0FJ3001807BN5V@osfmail.isc.rit.edu> for freebsd-isp@freebsd.org; Mon, 4 Oct 1999 12:33:23 -0400 (EDT) Received: by grace (5.65v4.0/1.1.19.2/21Sep98-0910AM) id AA00693; Mon, 04 Oct 1999 12:33:22 -0400 Date: Mon, 04 Oct 1999 12:33:22 -0400 From: Jon Parise Subject: Re: One password base for some *NIX boxes In-reply-to: ; from st@i-plus.net on Mon, Oct 04, 1999 at 06:42:06AM -0400 To: freebsd-isp@freebsd.org Mail-followup-to: freebsd-isp@freebsd.org Message-id: <19991004123322.A515@osfmail.isc.rit.edu> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii User-Agent: Mutt/0.96.3i X-Operating-System: OSF1 V4.0 (alpha) References: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Oct 04, 1999 at 06:42:06AM -0400, Troy Settle wrote: > You say NIS+Kerberos? I thought those were 2 independant auth > schemes (like how MD5 and DES are mutually exclusive encryption > schemes, but can co-exist). Guess I got a lot more reading as to > what Kerberos is. I did make a short search for documents and > guides at one time, but failed to pull anything up. Can you > cough up a URL to a fairly comprehensive guide to setting up and > using kerberos? We run NIS and kerberosV on our machines here. NIS handles the passwd / group distribution and kerberos handles all of the authentication / certificate passing. They're not mutually exclusive. I'm afraid I don't know of any immediate references, though. -- Jon Parise (parise@pobox.com) . Rochester Inst. of Technology http://www.pobox.com/~parise/ : Computer Science House Member To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 4 10: 4:53 1999 Delivered-To: freebsd-isp@freebsd.org Received: from etinc.com (et-gw.etinc.com [207.252.1.2]) by hub.freebsd.org (Postfix) with ESMTP id DA7B414A13 for ; Mon, 4 Oct 1999 10:04:41 -0700 (PDT) (envelope-from dennis@etinc.com) Received: from dbsys (dbsys.etinc.com [207.252.1.18]) by etinc.com (8.9.3/8.9.3) with SMTP id NAA03382; Mon, 4 Oct 1999 13:01:19 -0400 (EDT) Message-Id: <199910041701.NAA03382@etinc.com> X-Sender: dennis@etinc.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0 Date: Mon, 04 Oct 1999 11:59:38 -0400 To: matt , FreeBSD-ISP From: Dennis Subject: Re: bandwidth limiting users. In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 05:06 PM 9/17/99 -0400, matt wrote: > >This may be an inappropriate list, but it is a kind of an ISP related >question, that said... Is there a fairly painfree way to limit how much >bandwidth a webhosted user can eat up? At the price of bandwidth nowadays, >a few megs per second just cannot be handed over to one user.. > >-Matt A full-featured commercial product is available for Freebsd (as well as a plug-and-play rackmount unit based on Freebsd). Limiting, shaping, prioritization and firewalling with an HTML interface. The product also implements full-feature bridging so you dont have to renumber your networks. We have customers limiting well over 1000 hosts with one box. www.etinc.com Dennis Emerging Technologies, Inc. http://www.etinc.com ISA and PCI T1/T3/V35/HSSI Cards for FreeBSD and LINUX Multiport T1 and HSSI/T3 UNIX-based Routers Bandwidth Management Standalone Systems Bandwidth Management software for LINUX and FreeBSD DSL Frame Relay Bridging over T1 and T3 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 4 10: 6:17 1999 Delivered-To: freebsd-isp@freebsd.org Received: from etinc.com (et-gw.etinc.com [207.252.1.2]) by hub.freebsd.org (Postfix) with ESMTP id 07AD515474 for ; Mon, 4 Oct 1999 10:06:02 -0700 (PDT) (envelope-from dennis@etinc.com) Received: from dbsys (dbsys.etinc.com [207.252.1.18]) by etinc.com (8.9.3/8.9.3) with SMTP id NAA03394; Mon, 4 Oct 1999 13:02:41 -0400 (EDT) Message-Id: <199910041702.NAA03394@etinc.com> X-Sender: dennis@etinc.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0 Date: Mon, 04 Oct 1999 12:00:59 -0400 To: matt , FreeBSD-ISP From: Dennis Subject: Re: bandwidth limiting users. Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org oops...forget to mention, you can also gather usage statistics and graph customers based on IP address..... DB At 05:06 PM 9/17/99 -0400, matt wrote: > >This may be an inappropriate list, but it is a kind of an ISP related >question, that said... Is there a fairly painfree way to limit how much >bandwidth a webhosted user can eat up? At the price of bandwidth nowadays, >a few megs per second just cannot be handed over to one user.. > >-Matt A full-featured commercial product is available for Freebsd (as well as a plug-and-play rackmount unit based on Freebsd). Limiting, shaping, prioritization and firewalling with an HTML interface. The product also implements full-feature bridging so you dont have to renumber your networks. We have customers limiting well over 1000 hosts with one box. www.etinc.com Dennis Emerging Technologies, Inc. http://www.etinc.com ISA and PCI T1/T3/V35/HSSI Cards for FreeBSD and LINUX Multiport T1 and HSSI/T3 UNIX-based Routers Bandwidth Management Standalone Systems Bandwidth Management software for LINUX and FreeBSD DSL Frame Relay Bridging over T1 and T3 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 4 11:39:20 1999 Delivered-To: freebsd-isp@freebsd.org Received: from dominik.saargate.de (dominik.saargate.de [212.88.132.246]) by hub.freebsd.org (Postfix) with ESMTP id C24F8154A3 for ; Mon, 4 Oct 1999 11:39:16 -0700 (PDT) (envelope-from domi@saargate.de) Received: from localhost (localhost [127.0.0.1]) by dominik.saargate.de (8.9.3/8.9.3) with ESMTP id TAA74135; Mon, 4 Oct 1999 19:17:16 +0200 (CEST) (envelope-from domi@saargate.de) Date: Mon, 4 Oct 1999 19:17:16 +0200 (CEST) From: Dominik Brettnacher To: "tom@jerry.katrinet.se" Cc: winter@jurai.net, st@i-plus.net, shelton@sentry.granch.ru, freebsd-isp@freebsd.org Subject: RE: One password base for some *NIX boxes In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 4 Oct 1999, tom@jerry.katrinet.se wrote: > >> How do I set up NIS+Kerberos? > There is some documentation on http://www.pdc.kth.se/kth-krb/ > It only describes the krb part. The NIS part is basically the same as > always, but you dont distribute any passwds. > If you want krb5, i have no idea where to look at the moment :) And how about a RADIUS or Tacacs+-Server for Unix Authentication? -- Dominik - http://www.saargate.de/~domi/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 4 12:22:15 1999 Delivered-To: freebsd-isp@freebsd.org Received: from pau-amma.whistle.com (pau-amma.whistle.com [207.76.205.64]) by hub.freebsd.org (Postfix) with ESMTP id 71CCD1555B for ; Mon, 4 Oct 1999 12:21:50 -0700 (PDT) (envelope-from dhw@whistle.com) Received: (from dhw@localhost) by pau-amma.whistle.com (8.9.2/8.9.2) id MAA70531; Mon, 4 Oct 1999 12:21:49 -0700 (PDT) Date: Mon, 4 Oct 1999 12:21:49 -0700 (PDT) From: David Wolfskill Message-Id: <199910041921.MAA70531@pau-amma.whistle.com> To: freebsd-isp@FreeBSD.ORG, shelton@sentry.granch.ru, st@i-plus.net Subject: RE: One password base for some *NIX boxes In-Reply-To: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >From: "Troy Settle" >Date: Sun, 3 Oct 1999 23:18:03 -0400 >The easiest answer, is NIS. But, NIS isn't exactly secure. True enough. >... >When implementing this, you'll need to educate your users so they'll know to >change their passwords on the master server only .... It's not apparent to me why the above suggestion was made. Within the Engineering net here, we use NIS. And I assure you that my desktop isn't even a NIS slave server. Yet: pau-amma[1]% passwd Changing NIS password for dhw on prawn.whistle.com. Old Password: you will see that I had an opportunity to change my NIS password from a NIS client machine, using the usual "passwd" command. >Also note that you'll need to install the DES encryption libraries for >FreeBSD in order to achive the inter-operability you desire. Quite true. And since the non-FreeBSD NIS implementations are unlikely to be aware of the existence of the master.passwd.by{name,uid} maps, you'll also need to tweak the /var/yp/Makefile, per the comments in it, to be less secure (by placing the encrypted password in the passwd.by{name,uid} maps -- where anyone with access to a shell can get the encrypted passwords). Cheers, david -- David Wolfskill dhw@whistle.com UNIX System Administrator voice: (650) 577-7158 pager: (888) 347-0197 FAX: (650) 372-5915 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 4 12:42: 2 1999 Delivered-To: freebsd-isp@freebsd.org Received: from hda.hda.com (hdat.bicnet.net [208.220.68.243]) by hub.freebsd.org (Postfix) with ESMTP id 9B3BA15543 for ; Mon, 4 Oct 1999 12:41:29 -0700 (PDT) (envelope-from dufault@hda.hda.com) Received: (from dufault@localhost) by hda.hda.com (8.8.5/8.8.5) id PAA13448 for freebsd-isp@freebsd.org; Mon, 4 Oct 1999 15:38:35 -0400 (EDT) From: Peter Dufault Message-Id: <199910041938.PAA13448@hda.hda.com> Subject: MA service needed To: freebsd-isp@freebsd.org Date: Mon, 4 Oct 1999 15:38:34 -0400 (EDT) X-Mailer: ELM [version 2.4ME+ PL25 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Are there any FreeBSD oriented ISPs capable of routing a class C network over a 56K dialup in MA? We don't really need the entire subnet routed, just at least 8 IP numbers and they can be consecutive. Peter -- Peter Dufault (dufault@hda.com) Realtime development, Machine control, HD Associates, Inc. Safety critical systems, Agency approval To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 4 13: 5:52 1999 Delivered-To: freebsd-isp@freebsd.org Received: from cliff.i-plus.net (cliff.i-plus.net [209.100.20.42]) by hub.freebsd.org (Postfix) with ESMTP id 9D34E1555C for ; Mon, 4 Oct 1999 13:05:33 -0700 (PDT) (envelope-from st@i-plus.net) Received: from ARCADIA (arcadia.i-plus.net [209.100.20.198]) by cliff.i-plus.net (8.9.3/8.9.3) with SMTP id QAA28611 for ; Mon, 4 Oct 1999 16:05:33 -0400 (EDT) From: "Troy Settle" To: "FreeBSD ISP" Subject: RE: One password base for some *NIX boxes Date: Mon, 4 Oct 1999 16:05:21 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <199910041921.MAA70531@pau-amma.whistle.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > >The easiest answer, is NIS. But, NIS isn't exactly secure. > > True enough. > > >... > > >When implementing this, you'll need to educate your users so > they'll know to > >change their passwords on the master server only .... > > It's not apparent to me why the above suggestion was made. > > Within the Engineering net here, we use NIS. And I assure you that my > desktop isn't even a NIS slave server. You missed the 2nd paragraph of my post... I'd already left NIS out of the picture as a solution: >> I'd reccomend that you select one box to be your master server, >> then use ssh and some perl to generate and distribute appropriate >> passwd and shadow files to the other servers. > > Yet: > > pau-amma[1]% passwd > Changing NIS password for dhw on prawn.whistle.com. > Old Password: > > you will see that I had an opportunity to change my NIS password from a > NIS client machine, using the usual "passwd" command. Of course, but again, I stopped talking about NIS after the first line of my post. Laterz, Troy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 4 16:37:48 1999 Delivered-To: freebsd-isp@freebsd.org Received: from bubba.whistle.com (bubba.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id E820114C81 for ; Mon, 4 Oct 1999 16:37:45 -0700 (PDT) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id QAA61907; Mon, 4 Oct 1999 16:37:45 -0700 (PDT) From: Archie Cobbs Message-Id: <199910042337.QAA61907@bubba.whistle.com> Subject: PPPoE question (repeat) (fwd) To: freebsd-isp@freebsd.org Date: Mon, 4 Oct 1999 16:37:45 -0700 (PDT) Cc: julian@whistle.com (Julian Elischer) X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Julian- Forwarding your question re PPPoE to the isp mailing list.. -Archie ----- Forwarded message from Julian Elischer ----- From owner-freebsd-net@FreeBSD.ORG Mon Oct 4 15:36:34 1999 Delivered-To: freebsd-net@freebsd.org Date: Mon, 4 Oct 1999 15:24:20 -0700 (PDT) From: Julian Elischer To: net@FreeBSD.ORG Subject: PPPoE question (repeat) Message-ID: Sender: owner-freebsd-net@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Does ANYONE have any ideas of the expected formats of the AC-Name and Service-Name fields? I'm trying to figure out if it's possible to 'bind' a listenning socket ahead of time (not really, but the analagy works) to a service, so that it gets all teh PADI requests to that service, or whether I'd have to bind using a regexp pattern (e.g. ".+@whistle.com"). Obviously that would require some sort of pattern matching code in the kernel. (We already have similar in the CAM code for QUIRK matching). I don't know however how extensive this needs to be. I can imagine that "*@my-isp.net" might be sufficient. The alternative is to pass ALL PADI service requests to a userland agent that interprets the packets and decides whether or not to offer a service to the requesting client machine. I'd rather have the option of some pre-processing in the kernel so that the the server daemons can be simpler in the case where a server is only selecting simple services to respond to. julian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message ----- End of forwarded message from Julian Elischer ----- ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 4 17:32:16 1999 Delivered-To: freebsd-isp@freebsd.org Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (Postfix) with ESMTP id C9A3315214 for ; Mon, 4 Oct 1999 17:32:03 -0700 (PDT) (envelope-from julian@whistle.com) Received: from current1.whistle.com (current1.whistle.com [207.76.205.22]) by alpo.whistle.com (8.9.1a/8.9.1) with SMTP id RAA63719; Mon, 4 Oct 1999 17:31:55 -0700 (PDT) Date: Mon, 4 Oct 1999 17:31:54 -0700 (PDT) From: Julian Elischer To: Wm Brian McCane Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Transparent Proxying In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 2 Oct 1999, Wm Brian McCane wrote: > Okay, I went through the ISP mailing list on www.freebsd.org and didn't > find the answer to this question. I kept getting the impression that it > is so obvious I shouldn't need any help, but anyway: > > I have 2 boxes that allow dialin connected to my intranet. > I have 1 box which is multihomed > a) one side on my intranet > b) other side on an ADSL line with static IP > The multihomed box gateways my ADSL side into my intranet > It is also running SQUID-22 > > I want my dialin lines to be transparently proxied by the > multihomed box. I have added the following rule to ipfw: > > ipfw add 216 fwd 1.2.3.4,3128 tcp from 1.2.3.216 to any 80 is 1.2.3.4 the local machine? and why not use 127.0.0.1 which machine is 1.2.3.216? > > The squid cache never shows the inbound connection. Have I missed > something obvious? You may need to turn on an option on squid too. I did it once, but I forget what it was. (At one stage you needed to actually patch squid but that it no longer true). The Linix squid howtos give the details... > > brian > > +-----------------------------------+------------------------------------------+ > He rides a cycle of mighty days, and \ Wm Brian and Lori McCane > represents the last great schizm among\ McCane Consulting > the gods. Evil though he obviously is, \ root@bmccane.maxbaud.net > he is a mighty figure, this father of \ http://bmccane.maxbaud.net/ > my spirit, and I respect him as the sons \ http://bmccane.maxbaud.net/~pictures/ > of old did the fathers of their bodies. \ http://bmccane.maxbaud.net/~bmccane/ > Roger Zelazny - "Lord of Light" \ > +-------------------------------------------+----------------------------------+ > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 4 18:45: 6 1999 Delivered-To: freebsd-isp@freebsd.org Received: from bmccane.maxbaud.net (ppp-bmccane.maxbaud.net [12.13.66.225]) by hub.freebsd.org (Postfix) with ESMTP id 1340914BFD for ; Mon, 4 Oct 1999 18:44:58 -0700 (PDT) (envelope-from root@bmccane.maxbaud.net) Received: from localhost (root@localhost) by bmccane.maxbaud.net (8.9.3/8.9.3) with SMTP id UAA16651 for ; Mon, 4 Oct 1999 20:44:55 -0500 (CDT) (envelope-from root@bmccane.maxbaud.net) Date: Mon, 4 Oct 1999 20:44:55 -0500 (CDT) From: Wm Brian McCane To: freebsd-isp@FreeBSD.ORG Subject: Re: Transparent Proxying In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 4 Oct 1999, Julian Elischer wrote: > > On Sat, 2 Oct 1999, Wm Brian McCane wrote: > > > Okay, I went through the ISP mailing list on www.freebsd.org and didn't > > find the answer to this question. I kept getting the impression that it > > is so obvious I shouldn't need any help, but anyway: > > > > I have 2 boxes that allow dialin connected to my intranet. > > I have 1 box which is multihomed > > a) one side on my intranet > > b) other side on an ADSL line with static IP > > The multihomed box gateways my ADSL side into my intranet > > It is also running SQUID-22 > > > > I want my dialin lines to be transparently proxied by the > > multihomed box. I have added the following rule to ipfw: > > > > > ipfw add 216 fwd 1.2.3.4,3128 tcp from 1.2.3.216 to any 80 > > is 1.2.3.4 the local machine? > and why not use 127.0.0.1 > which machine is 1.2.3.216? 1.2.3.4 is squid server (not it's real number of course) 1.2.3.216 is modem1 on dialin1 1.2.3.197 is dialin1 (not listed above, but it is where I am put the rule) I changed the rule to: ipfw add 216 fwd 1.2.3.197,3128 tcp from 1.2.3.216 to any 80 and now I am getting redirects to the 3128 port on dialin1. I put a copy of squid there and suddenly I get a proxy. This is not what I wanted though because this would require 3 proxy servers (1 on each dialin and 1 on the multihomed box). Plus, the server on the dialin's will try to directly download any ICP_MISS's that they receive from the multi-homed box. If someone knows how to configure Squid to force a parent to do the fetch, I would be a lot closer to a usable solution at least. > > > > The squid cache never shows the inbound connection. Have I missed > > something obvious? More detail is needed here. When I say: $ telnet ftp.freebsd.org 80 I should connect to 1.2.3.4:3128 I think. Instead, I hook directly to ftp.freebsd.org:80 just like I would without the rule. When I made the change to the rule as mentioned above, I got "Connection refused..." until I brought up a squid server on the dialin1 machine. > > You may need to turn on an option on squid too. > > I did it once, but I forget what it was. > (At one stage you needed to actually patch squid but that it no longer > true). > > The Linix squid howtos give the details... From what I have read, these changes have to do with using the FQDN of the machine that a file was transferred from instead of using that machines IP address when putting a copy of a file into the cache. This is the least of my worries at present. I will need to use (at least) the virtual setting later on. > > > > > > brian > > > > +-----------------------------------+------------------------------------------+ > > He rides a cycle of mighty days, and \ Wm Brian and Lori McCane > > represents the last great schizm among\ McCane Consulting > > the gods. Evil though he obviously is, \ root@bmccane.maxbaud.net > > he is a mighty figure, this father of \ http://bmccane.maxbaud.net/ > > my spirit, and I respect him as the sons \ http://bmccane.maxbaud.net/~pictures/ > > of old did the fathers of their bodies. \ http://bmccane.maxbaud.net/~bmccane/ > > Roger Zelazny - "Lord of Light" \ > > +-------------------------------------------+----------------------------------+ > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 4 19:54:14 1999 Delivered-To: freebsd-isp@freebsd.org Received: from velvet.sensation.net.au (tunnel0-velvet-brunswick.sensation.net.au [203.20.114.195]) by hub.freebsd.org (Postfix) with ESMTP id 70AEF151E6 for ; Mon, 4 Oct 1999 19:53:37 -0700 (PDT) (envelope-from rowan@sensation.net.au) Received: from localhost (rowan@localhost) by velvet.sensation.net.au (8.8.8/8.8.8) with SMTP id MAA04078 for ; Tue, 5 Oct 1999 12:53:30 +1000 (EST) (envelope-from rowan@sensation.net.au) X-Authentication-Warning: velvet.sensation.net.au: rowan owned process doing -bs Date: Tue, 5 Oct 1999 12:53:27 +1000 (EST) From: Rowan Crowe To: freebsd-isp@freebsd.org Subject: TCP connections stuck in "CLOSING" state Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi all, I have a minor(?) problem with TCP sockets apparently not closing properly on my Squid machine, when I do a netstat there are several of these showing: tcp 0 0 proxy3.4884 207.239.35.80.http CLOSING tcp 0 0 proxy3.4790 207.239.35.80.http CLOSING tcp 0 0 proxy3.4342 207.211.106.40.http CLOSING tcp 0 0 proxy3.3957 ny450cd5vip.doub.http CLOSING tcp 0 0 proxy3.3318 members7a.tripod.http CLOSING tcp 0 0 proxy3.2129 193.60.34.1.http CLOSING tcp 0 0 proxy3.4116 res5.geocities.c.http CLOSING tcp 0 0 proxy3.2947 thecounter.com.http CLOSING tcp 0 0 proxy3.4370 ballard-4.real.c.http CLOSING tcp 0 0 proxy3.1741 dl1.yahoo.com.http CLOSING tcp 0 0 proxy3.4485 www.raysweb.net.http CLOSING tcp 0 0 proxy3.2268 girl-friend.com.http CLOSING tcp 0 0 proxy3.4741 windoms.sitek.ne.http CLOSING tcp 0 0 proxy3.2189 207.211.106.90.http CLOSING tcp 0 0 proxy3.2927 194.217.188.2.http CLOSING tcp 0 0 proxy3.2662 www.icq.com.http CLOSING tcp 0 0 proxy3.2211 dl3.download.com.http CLOSING tcp 0 0 proxy3.1988 38.15.24.93.http CLOSING tcp 0 0 proxy3.3972 208.147.89.138.http CLOSING tcp 0 0 proxy3.3949 208.147.89.157.http CLOSING tcp 0 0 proxy3.4265 216.32.116.201.http CLOSING Some of these have been here for weeks. Restarting Squid doesn't change anything. I seem to recall something in the FAQ about connections stuck in the FIN_WAIT1 state, but what about CLOSING? Is the only way to "fix" this to reboot or is it possible for the superuser to kill off specific sockets? (this was a handy feature in MS-DOS's KA9Q!). This machine no longer handles any critical routing or dialin functionality but I'd still prefer not to have to reboot it for something small like this. The machine runs 3.2-RELEASE and has been up for 88 days. I don't remember seeing this when it was running 2.2.5-RELEASE, which is why I'm posting this message into a FreeBSD specific mailing list. Squid version is 2.2.STABLE3 if that makes any difference. Any ideas appreciated... thanks. :) Cheers. -- Rowan Crowe http://www.rowan.sensation.net.au/ Sensation Internet Services http://www.sensation.net.au/ Melbourne, Australia Phone: +61-3-9388-9260 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 4 21:42:32 1999 Delivered-To: freebsd-isp@freebsd.org Received: from emu.sourcee.com (emu.sourcee.com [205.181.251.129]) by hub.freebsd.org (Postfix) with ESMTP id 314C014C9E for ; Mon, 4 Oct 1999 21:42:29 -0700 (PDT) (envelope-from nrice@emu.sourcee.com) Received: (from nrice@localhost) by emu.sourcee.com (8.9.3/8.9.3) id AAA07140; Tue, 5 Oct 1999 00:42:20 -0400 (EDT) Date: Tue, 5 Oct 1999 00:42:19 -0400 From: "Norman C. Rice" To: Palle Girgensohn Cc: freebsd-isp@FreeBSD.ORG, Marcel Moolenaar Subject: Re: Linux emulation: APC UPS software "Powerchute"? Message-ID: <19991005004219.E5553@emu.sourcee.com> References: <37EA4B28.BE506FEC@partitur.se> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i In-Reply-To: <37EA4B28.BE506FEC@partitur.se> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Sep 23, 1999 at 05:45:44PM +0200, Palle Girgensohn wrote: > Hi! > > Has anyone gotten the Powerchute software running on FreeBSD under Linux > emulation? The software is for monitoring and controlling UPS devices > made by APC (www.apcc.com). I have PowerChute Plus v4.51 (p451_libc.tar) running (upsd and xpowerchute communicating on the same system). However, I have no need to monitor/configure remote hosts so I responded with 'n' when prompted with "Do you currently have TCP/IP Installed?" during the install. I also responded with 'y' when prompted with "Do you want to execute command files as root?" so I didn't need to create a 'pwrchute' account on the system (FreeBSD 4.0-CURRENT: Sun Sep 26 15:04:47 EDT 1999). > I've gotten as far as the server and the x/motif client starting, but > the client cannot authorize against the server. The server authenticates > against a system account, 'pwrchute', and I think this is the core > problem. I've tried both DES and md5 passwords, and also tried putting > the account both in NIS and /etc/passwd. Since FreeBSD creates a > master.passwd whereas Linux uses /etc/shadow, I've also tried making a > symlink /etc/shadow -> /etc/master.passwd. Nope. > > Any ideas? > > /Palle -- Regards, Norman C. Rice, Jr. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Oct 5 0:32: 3 1999 Delivered-To: freebsd-isp@freebsd.org Received: from smtp02.wxs.nl (smtp02.wxs.nl [195.121.6.60]) by hub.freebsd.org (Postfix) with ESMTP id 027D71534F for ; Tue, 5 Oct 1999 00:31:14 -0700 (PDT) (envelope-from asmodai@wxs.nl) Received: from daemon.ninth-circle.org ([195.121.197.229]) by smtp02.wxs.nl (Netscape Messaging Server 3.61) with ESMTP id AAA54A6; Tue, 5 Oct 1999 09:31:13 +0200 Received: (from asmodai@localhost) by daemon.ninth-circle.org (8.9.3/8.9.3) id JAA98131; Tue, 5 Oct 1999 09:31:44 +0200 (CEST) (envelope-from asmodai) Date: Tue, 5 Oct 1999 09:31:44 +0200 From: Jeroen Ruigrok/Asmodai To: Troy Settle Cc: "Rashid N. Achilov" , freebsd-isp@freebsd.org Subject: Re: One password base for some *NIX boxes Message-ID: <19991005093144.E98066@daemon.ninth-circle.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i In-Reply-To: Organisation: Ninth-Circle Enterprises Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On [19991004 08:18], Troy Settle (st@i-plus.net) wrote: > >The easiest answer, is NIS. But, NIS isn't exactly secure. Don't foget that FreeBSD's NIS is more NIS+ than normal NIS. Makes a world of difference. -- Jeroen Ruigrok van der Werven/Asmodai asmodai(at)wxs.nl The BSD Programmer's Documentation Project Network/Security Specialist BSD: Technical excellence at its best What's one man's poison, is another's meat or drink... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Oct 5 3:39:12 1999 Delivered-To: freebsd-isp@freebsd.org Received: from inter-trade.dn.ua (itrade.dn.ua [194.44.53.238]) by hub.freebsd.org (Postfix) with ESMTP id E924915133; Tue, 5 Oct 1999 03:38:35 -0700 (PDT) (envelope-from nature@inter-trade.dn.ua) Received: from nature (nature.inter-trade.dn.ua [172.16.1.2]) by inter-trade.dn.ua (8.9.3/8.9.3) with SMTP id NAA09450; Tue, 5 Oct 1999 13:34:28 +0300 (EEST) (envelope-from nature@inter-trade.dn.ua) Message-ID: <000901bf0f14$ea4646e0$020110ac@nature.inter-trade.dn.ua> From: "Alexey Lysenko" To: , , Subject: Problem setting up nntpd-1.5.9 Date: Tue, 5 Oct 1999 13:34:25 +0400 MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello ! I'm Alexey Lysenko, a beginner in Unix, from Donetsk, Ukraine. I really can say that FreeBSD Unix is powerfull thing. But You know there are a lot of questions, problems occur 'th me. PER ASPERA AD ASTRA (latin) ! I have a problem 'th setting up nntpd-1.5.9. In this version, there is no need 2 use MKGRDATES from its packet. But when I run it, nothing happens. Please, help me ! With regard, Alexey Lysenko. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Oct 5 7:59:15 1999 Delivered-To: freebsd-isp@freebsd.org Received: from monster.abyss.net (dark.abyss.net [207.198.22.202]) by hub.freebsd.org (Postfix) with ESMTP id A8AF014C0F for ; Tue, 5 Oct 1999 07:59:09 -0700 (PDT) (envelope-from ksb@abyss.net) Received: from nightmare.abyss.net (ksb@nightmare.abyss.net [10.0.0.3]) by monster.abyss.net (8.9.2/8.9.2) with ESMTP id KAA27599 for ; Tue, 5 Oct 1999 10:44:37 -0400 (EDT) (envelope-from ksb@abyss.net) Date: Tue, 5 Oct 1999 10:58:42 -0400 (EDT) From: "Kevin S. Brackett" To: freebsd-isp@freebsd.org Subject: Kerberos+NIS (Was: One password base for some *NIX boxes) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've been searching the web and usenet for hints on how to make NIS use Kerberos.. but so far have had no luck.. how does one make NIS interact with Kerberos to make passwd transfer secure? - kevin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Oct 5 16:16:13 1999 Delivered-To: freebsd-isp@freebsd.org Received: from mars.cablenet.net (mars.cablenet.net [195.248.96.41]) by hub.freebsd.org (Postfix) with SMTP id 7AFCD156AC for ; Tue, 5 Oct 1999 16:16:05 -0700 (PDT) (envelope-from mambo@themail.co.uk) Received: (qmail 13522 invoked from network); 5 Oct 1999 23:13:57 -0000 Received: from ppp-98-141.cablenet.co.uk (HELO themail.co.uk) (195.248.98.141) by mars.cablenet.net with SMTP; 5 Oct 1999 23:13:57 -0000 Message-ID: <37FA8675.E0B2877A@themail.co.uk> Date: Wed, 06 Oct 1999 00:15:01 +0100 From: Damian Hamill Organization: Themail X-Mailer: Mozilla 4.6 [en] (X11; I; FreeBSD 3.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-isp@FreeBSD.ORG Subject: NetApp servers References: <19991004123247.873D915404@hub.freebsd.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Can anyone put any figures on what it costs to install and run a large scale email service (say > 10,000 users) using a NetApp file server, i.e. what are the real costs in terms of all the hardware components and also how many man hours per month to look after it etc. Any real life examples out there ? Many thanks in advance. regards damian ________________________________________________________________________ Get your free UK dialup Internet account at http://www.themail.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Oct 5 16:35:28 1999 Delivered-To: freebsd-isp@freebsd.org Received: from sasami.jurai.net (sasami.jurai.net [63.67.141.99]) by hub.freebsd.org (Postfix) with ESMTP id 71FD0156A0 for ; Tue, 5 Oct 1999 16:34:45 -0700 (PDT) (envelope-from winter@jurai.net) Received: from localhost (winter@localhost) by sasami.jurai.net (8.8.8/8.8.7) with ESMTP id TAA11394; Tue, 5 Oct 1999 19:33:26 -0400 (EDT) Date: Tue, 5 Oct 1999 19:33:26 -0400 (EDT) From: "Matthew N. Dodd" To: "Kevin S. Brackett" Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Kerberos+NIS (Was: One password base for some *NIX boxes) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 5 Oct 1999, Kevin S. Brackett wrote: > I've been searching the web and usenet for hints on how to make NIS > use Kerberos.. but so far have had no luck.. how does one make NIS > interact with Kerberos to make passwd transfer secure? This isn't an issue if you're using Kerberos and NIS. Kerberos supplies the authentication, NIS supplies the user database. (Well, the username:uid/gid mappings at least.) -- | Matthew N. Dodd | '78 Datsun 280Z | '75 Volvo 164E | FreeBSD/NetBSD | | winter@jurai.net | 2 x '84 Volvo 245DL | ix86,sparc,pmax | | http://www.jurai.net/~winter | This Space For Rent | ISO8802.5 4ever | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Oct 5 18:38:26 1999 Delivered-To: freebsd-isp@freebsd.org Received: from dingo.cdrom.com (dingo.cdrom.com [204.216.28.145]) by hub.freebsd.org (Postfix) with ESMTP id C8F5C1518B for ; Tue, 5 Oct 1999 18:38:18 -0700 (PDT) (envelope-from mike@dingo.cdrom.com) Received: from dingo.cdrom.com (localhost.cdrom.com [127.0.0.1]) by dingo.cdrom.com (8.9.3/8.8.8) with ESMTP id SAA02038 for ; Tue, 5 Oct 1999 18:27:58 -0700 (PDT) (envelope-from mike@dingo.cdrom.com) Message-Id: <199910060127.SAA02038@dingo.cdrom.com> Date: Tue, 05 Oct 1999 18:27:58 -0700 From: Mike Smith Subject: Request for hardware (drivers for Mylex, AMI, DELL, HP RAID controllers) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ------- Blind-Carbon-Copy X-Mailer: exmh version 2.0.2 2/24/98 To: hackers@freebsd.org Subject: Request for hardware (drivers for Mylex, AMI, DELL, HP RAID controllers) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 05 Oct 1999 18:27:58 -0700 From: Mike Smith In brief: I'm developing drivers for the Mylex DAC960/1100 and AMI MegaRAID/Dell PERC/HP whatever families of RAID controllers, and I need some more hardware to test with. Details below. Current status: - Mylex DAC960 driver works with P/PL/PD/PU controllers. Support is planned for the older EISA controllers (documentation pending), as well as for the newer PG/PJ, AcceleRAID and eXtremeRAID controllers (requires some fixes to the bootloader). - MegaRAID driver works with some members of the Express family (at least the 466, aka Dell PERC 2/SC). I have a 418 on the way, but I need access to many other members of this family. These drivers are all originals, written with information obtained from other drivers (esp. the Linux drivers for these controllers). They will be committed to the FreeBSD source when they're a little more mature. What I need: In order to flesh out support for more of these controllers, I need to have them here in the lab. I can probably do everything that needs to be done for a given controller in about a week, so if you can only lend one for a short time, that's OK. Ideally, I'd like to be able to keep them indefinitely in order to test and evaluate them better, but I realise this isn't always practial. Since there are other issues preventing me from working on the newer/ better Mylex controllers, I want to focus on the MegaRAID units for now. If you have one or more of the following, and are able to send them to me (in California) for at least a week, please let me know. - Dell PERC 2 (not SC) - AMI MegaRAID o Enterprise 1500 o Enterprise 1400 (or -H) aka 438 o Enterprise 1300 aka 434 o Enterprise 1200 aka 428 o Express 300 - Any HP-branded MegaRaid-compatible controller Any hardware loaned will be handled correctly and returned to you at our cost. Please don't send me anything you're going to want back until I've sorted out what's coming from whom and when, so that I don't overcommit. If you just want to send something straight off (always nice!), you can ship to: Mike Smith FreeBSD Test Labs 4041 Pike Lane #F Concord, CA 94520 USA Future Plans: - I intend to try to get documentation from Infortrend on their current range of controllers (also being sold by ASUS). They have a Linux driver, but only in binary form. - All of these drivers will be backported to the 3.x branch in time for 3.4. And just as a teaser; on the Perc 2/SC that I have been using, under - -current, on a 4-way Xeon/400, I'm seeing over 20MB/sec sustained read/ write on a RAID-5 arry built on five Seagate Hawk ST15230WC's (ie. fast/ wide 5400rpm drives). Thanks to: - Ulf Zimmerman for the Mylex controllers and disks he's lent so far. - Geoff Buckingham for sending the PERC 2/SC all the way from the UK. - Walnut Creek CDROM for letting me ignore almost everything else and concentrate on this project. - The folks on #bsdcode for critique and therapy. Acknowledgements: - AMI for releasing their MegaRAID driver for Linux, no matter how terrible I think it is. - Leonard Zubkoff for the Mylex driver for Linux, which is amazingly hard to read but a wonderful source of information. - An unnamed supporter inside Mylex, who has been very helpful to date. - -- \\ Give a man a fish, and you feed him for a day. \\ Mike Smith \\ Tell him he should learn how to fish himself, \\ msmith@freebsd.org \\ and he'll hate you for a lifetime. \\ msmith@cdrom.com ------- End of Blind-Carbon-Copy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Oct 6 9:40:55 1999 Delivered-To: freebsd-isp@freebsd.org Received: from phoenix.kurgan.ru (phoenix.kurgan.ru [195.54.28.21]) by hub.freebsd.org (Postfix) with ESMTP id 7C83014C2D for ; Wed, 6 Oct 1999 09:40:33 -0700 (PDT) (envelope-from Martin@McFlySr.Kurgan.Ru) Received: from hilldale.kurgan.ru (hilldale.kurgan.ru [195.54.28.11]) by phoenix.kurgan.ru (8.9.3/8.9.3) with ESMTP id WAA24678 for ; Wed, 6 Oct 1999 22:39:43 +0600 (ESS) Date: Wed, 6 Oct 1999 22:39:41 +0600 From: Martin McFlySr X-Mailer: The Bat! (v1.35) UNREG / CD5BF9353B3B7091 Reply-To: Martin McFlySr Organization: Back To The Future X-Priority: 3 (Normal) Message-ID: <7944.991006@McFlySr.Kurgan.Ru> To: freebsd-isp@FreeBSD.ORG Subject: compiled check_del for freebsd (4.9.7 named) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello freebsd-isp@FreeBSD.ORG, Anybody have a compiled check_del (for named 4.9.7) ? thank you. -- Wednesday, October 06, 1999, 22:37 Best regards from future, Martin McFlySr, HillDale. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Oct 7 2:14:14 1999 Delivered-To: freebsd-isp@freebsd.org Received: from enya.clari.net.au (enya.clari.net.au [203.8.14.116]) by hub.freebsd.org (Postfix) with ESMTP id 9AE34150EC for ; Thu, 7 Oct 1999 02:14:06 -0700 (PDT) (envelope-from danny@freebsd.org) Received: from localhost (danny@localhost) by enya.clari.net.au (8.9.2/8.9.1) with ESMTP id TAA28310 for ; Thu, 7 Oct 1999 19:12:20 +1000 (EST) (envelope-from danny@freebsd.org) X-Authentication-Warning: enya.clari.net.au: danny owned process doing -bs Date: Thu, 7 Oct 1999 19:12:20 +1000 (EST) From: "Daniel O'Callaghan" X-Sender: danny@enya.clari.net.au To: freebsd-isp@freebsd.org Subject: Samba and read-only attribute Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've installed a samba fileserver for a client, and it seems that in scoping the job I failed to discover that the customer makes extensive use of the read-only attribute with the old NT file server, setting RO on files which should not be accidentally changed. The problem lies in the fact that with the old system any user who had rw access to the directory and the files in it could also set the RO attribute. With FreeBSD, only the owner can change the permissions on a file. I've read the samba docs and everywhere it seems to say that samba is never less restrictive than the underlying Unix filesystem. I've e-mailed the samba mailling list and heard nothing. Does anyone have any idea how I can provide the customer with the desired functionality? I'm prepared to hack the samba code and the ufs code if necessary, but I'd prefer not to do that, of course. Please respond quickly. There is urgency in resolving this issue. Thanks, Danny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Oct 7 3:14: 3 1999 Delivered-To: freebsd-isp@freebsd.org Received: from mail.polytechnic.edu.na (mail.polytechnic.edu.na [196.31.225.2]) by hub.freebsd.org (Postfix) with ESMTP id 74A9C14E50; Thu, 7 Oct 1999 03:13:27 -0700 (PDT) (envelope-from tim@iafrica.com.na) Received: from [196.31.225.199] (helo=310.priebe.alt.na) by mail.polytechnic.edu.na with smtp (Exim 3.02 #2) id 11ZCTZ-0003GH-00; Thu, 07 Oct 1999 10:16:49 -0200 From: Tim Priebe Reply-To: tim@iafrica.com.na To: "Daniel O'Callaghan" , freebsd-isp@freebsd.org Subject: Re: Samba and read-only attribute Date: Thu, 7 Oct 1999 12:10:07 +0200 X-Mailer: KMail [version 1.0.17] Content-Type: text/plain References: MIME-Version: 1.0 Message-Id: <99100712141801.12711@310.priebe.alt.na> Content-Transfer-Encoding: 8bit X-KMail-Mark: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I believe there is an option is samba to have all of the files owned by user X that samba runs as, and have samba look after all of the access permissions. I hope this is accurate, it was a couple of months back that I read the documentation. What I am talking about is in the documentation, but I do not have time to look for it now. Tim. On Thu, 07 Oct 1999, Daniel O'Callaghan wrote: > I've installed a samba fileserver for a client, and it seems that in > scoping the job I failed to discover that the customer makes extensive use > of the read-only attribute with the old NT file server, setting RO on > files which should not be accidentally changed. > > The problem lies in the fact that with the old system any user who had rw > access to the directory and the files in it could also set the RO > attribute. With FreeBSD, only the owner can change the permissions on a > file. > > I've read the samba docs and everywhere it seems to say that samba is > never less restrictive than the underlying Unix filesystem. I've e-mailed > the samba mailling list and heard nothing. > > Does anyone have any idea how I can provide the customer with the desired > functionality? I'm prepared to hack the samba code and the ufs code if > necessary, but I'd prefer not to do that, of course. > > Please respond quickly. There is urgency in resolving this issue. > > Thanks, > > Danny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Oct 7 3:54:59 1999 Delivered-To: freebsd-isp@freebsd.org Received: from enya.clari.net.au (enya.clari.net.au [203.8.14.116]) by hub.freebsd.org (Postfix) with ESMTP id ECAE1150B9 for ; Thu, 7 Oct 1999 03:54:42 -0700 (PDT) (envelope-from danny@freebsd.org) Received: from localhost (danny@localhost) by enya.clari.net.au (8.9.2/8.9.1) with ESMTP id UAA28433; Thu, 7 Oct 1999 20:53:41 +1000 (EST) (envelope-from danny@freebsd.org) X-Authentication-Warning: enya.clari.net.au: danny owned process doing -bs Date: Thu, 7 Oct 1999 20:53:40 +1000 (EST) From: "Daniel O'Callaghan" X-Sender: danny@enya.clari.net.au To: Tim Priebe Cc: freebsd-isp@freebsd.org Subject: Re: Samba and read-only attribute In-Reply-To: <99100712141801.12711@310.priebe.alt.na> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 7 Oct 1999, Tim Priebe wrote: > I believe there is an option is samba to have all of the files owned > by user X that samba runs as, and have samba look after all of the > access permissions. I hope this is accurate, it was a couple of months > back that I read the documentation. What I am talking about is in the > documentation, but I do not have time to look for it now. Thanks. Unfortunately, they want to have user permissions set so that some users are restricted from accessing certain files/directories, but if the user has rw access to the directory, he should be able to set/reset the w bits on the files within it. Danny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Oct 7 7:12:47 1999 Delivered-To: freebsd-isp@freebsd.org Received: from tahiti.oss.uswest.net (tahiti.oss.uswest.net [204.147.85.151]) by hub.freebsd.org (Postfix) with ESMTP id 96B7B15190; Thu, 7 Oct 1999 07:12:43 -0700 (PDT) (envelope-from pmckenna@uswest.net) Received: from uswest.net (otto.oss.uswest.net [204.147.85.81]) by tahiti.oss.uswest.net (8.9.2/8.9.2) with ESMTP id JAA63278; Thu, 7 Oct 1999 09:10:38 -0500 (CDT) (envelope-from pmckenna@uswest.net) Message-ID: <37FCAA77.9A4DE517@uswest.net> Date: Thu, 07 Oct 1999 09:13:11 -0500 From: Pete Mckenna X-Mailer: Mozilla 4.61 [en] (X11; U; FreeBSD 3.2-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: "Daniel O'Callaghan" Cc: freebsd-isp@freebsd.org Subject: Re: Samba and read-only attribute References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Daniel O'Callaghan wrote: > > I've installed a samba fileserver for a client, and it seems that in > scoping the job I failed to discover that the customer makes extensive use > of the read-only attribute with the old NT file server, setting RO on > files which should not be accidentally changed. > > The problem lies in the fact that with the old system any user who had rw > access to the directory and the files in it could also set the RO > attribute. With FreeBSD, only the owner can change the permissions on a > file. It's a root equivalent for the share, but you can use the "admin users" option for user you want to have the ability to set RO on a given share. > > I've read the samba docs and everywhere it seems to say that samba is > never less restrictive than the underlying Unix filesystem. I've e-mailed > the samba mailling list and heard nothing. > > Does anyone have any idea how I can provide the customer with the desired > functionality? I'm prepared to hack the samba code and the ufs code if > necessary, but I'd prefer not to do that, of course. > > Please respond quickly. There is urgency in resolving this issue. > > Thanks, > > Danny > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Oct 7 10:22:25 1999 Delivered-To: freebsd-isp@freebsd.org Received: from pluto.cablenet.net (pluto.cablenet.net [195.248.96.42]) by hub.freebsd.org (Postfix) with SMTP id 6DB0D14FC4 for ; Thu, 7 Oct 1999 10:22:20 -0700 (PDT) (envelope-from mambo@themail.co.uk) Received: (qmail 6687 invoked from network); 7 Oct 1999 17:20:57 -0000 Received: from unknown (HELO themail.co.uk) (195.248.98.178) by pluto.cablenet.net with SMTP; 7 Oct 1999 17:20:57 -0000 Message-ID: <37FCD6B5.37794C4@themail.co.uk> Date: Thu, 07 Oct 1999 18:21:58 +0100 From: Damian Hamill Organization: Themail X-Mailer: Mozilla 4.6 [en] (X11; I; FreeBSD 3.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Subject: Virtual Web server reqd Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi FreeBSD-ISP buddies I need a virtual web service very soon. Requirements are; DNS server for our domain Email redirection Virtual web server for www.our-domain-name.net Apache with PHPv3 Mysql database access from PHP scripts Low bandwidth requirements, UK or USA preferred. Please respond, with setup and monthly charges, by email direct to me. Many Thanks regards damian ________________________________________________________________________ Get your free UK Internet account at http://www.themail.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Oct 7 14:26:50 1999 Delivered-To: freebsd-isp@freebsd.org Received: from dt011n66.san.rr.com (dt011n66.san.rr.com [204.210.13.102]) by hub.freebsd.org (Postfix) with ESMTP id 7D14914C8F for ; Thu, 7 Oct 1999 14:26:48 -0700 (PDT) (envelope-from Doug@gorean.org) Received: from gateway.gorean.org (gateway.gorean.org [10.0.0.1]) by dt011n66.san.rr.com (8.9.3/8.8.8) with ESMTP id OAA65746; Thu, 7 Oct 1999 14:24:28 -0700 (PDT) (envelope-from Doug@gorean.org) Date: Thu, 7 Oct 1999 14:24:28 -0700 (PDT) From: Doug X-Sender: doug@dt011n66.san.rr.com To: Damian Hamill Cc: freebsd-isp@freebsd.org Subject: Re: Virtual Web server reqd In-Reply-To: <37FCD6B5.37794C4@themail.co.uk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 7 Oct 1999, Damian Hamill wrote: > Hi FreeBSD-ISP buddies > > I need a virtual web service very soon. Requirements are; Take a look at http://simplenet.com/. I think that either the Cobalt Raq or dedicated server program would nicely suit your needs. Good luck, Doug -- "Stop it, I'm gettin' misty." - Mel Gibson as Porter, "Payback" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Oct 7 14:31:49 1999 Delivered-To: freebsd-isp@freebsd.org Received: from bekool.com (ns2.netquick.net [216.48.34.2]) by hub.freebsd.org (Postfix) with ESMTP id C5AE214C89 for ; Thu, 7 Oct 1999 14:31:46 -0700 (PDT) (envelope-from trouble@netquick.net) Received: from bastille.netquick.net ([216.48.32.159] helo=netquick.net) by bekool.com with esmtp (Exim 3.03 #1) id 11ZLTp-000Dze-00; Thu, 07 Oct 1999 21:53:41 +0000 Message-ID: <37FD15A1.1F159381@netquick.net> Date: Thu, 07 Oct 1999 16:50:25 -0500 From: Charlie Root Reply-To: trouble@netquick.net X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 3.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Doug Cc: Damian Hamill , freebsd-isp@freebsd.org Subject: Re: Virtual Web server reqd References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org come on over to http://www.hostquick.net/ I am the Administrator here and of course it runs FreeBSD.... what else would it run........ shells available....... Doug wrote: > On Thu, 7 Oct 1999, Damian Hamill wrote: > > > Hi FreeBSD-ISP buddies > > > > I need a virtual web service very soon. Requirements are; > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Oct 7 14:51:21 1999 Delivered-To: freebsd-isp@freebsd.org Received: from smtp1.xs4all.nl (smtp1.xs4all.nl [194.109.127.48]) by hub.freebsd.org (Postfix) with ESMTP id 041541527A for ; Thu, 7 Oct 1999 14:51:16 -0700 (PDT) (envelope-from niels@bakker.net) Received: from liquid.tpb.net (arctic.xs4all.nl [194.109.37.82]) by smtp1.xs4all.nl (8.9.3/8.9.3) with ESMTP id XAA18290; Thu, 7 Oct 1999 23:51:15 +0200 (CEST) Received: from localhost (niels@localhost) by liquid.tpb.net (8.9.3/8.9.3/Debian/GNU) with ESMTP id XAA06681; Thu, 7 Oct 1999 23:51:14 +0200 Date: Thu, 7 Oct 1999 23:51:14 +0200 (CEST) From: N X-Sender: niels@liquid.tpb.net To: Damian Hamill Cc: freebsd-isp@FreeBSD.ORG Subject: Re: NetApp servers In-Reply-To: <37FA8675.E0B2877A@themail.co.uk> Message-ID: <9910072340520.6647-100000@liquid.tpb.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Damian Hamill wrote: > Can anyone put any figures on what it costs to install and run a large > scale email service (say > 10,000 users) using a NetApp file server, > i.e. what are the real costs in terms of all the hardware components > and also how many man hours per month to look after it etc. Any real > life examples out there ? Very expensive, since all mail software needs to lock files it's writing to. NFS is stateless, a lock is state information, so by design any implementation of such is already a gross hack. I suggest getting a RAID controller, preferably a SCSI-SCSI one. Cost is about a third of a NetApp. If you really want a purple box in your racks use them to store web pages or user home directories (i.e. stuff you need on several machines at the same time and that will hardly be written to). EarthLink do run mail on NetApps. They have a white paper somewhere on their website describing their setup (which involves some hacks in local delivery agents and POP3 daemons to work around the locking issue). -- Niels. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Oct 7 15:23:53 1999 Delivered-To: freebsd-isp@freebsd.org Received: from kerouac.deepwell.com (deepwell.com [209.63.174.12]) by hub.freebsd.org (Postfix) with SMTP id 6364F14CF7 for ; Thu, 7 Oct 1999 15:23:51 -0700 (PDT) (envelope-from freebsd@deepwell.com) Received: (qmail 8376 invoked from network); 7 Oct 1999 23:09:49 -0000 Received: from proxy.dcomm.net (HELO terry) (209.63.175.10) by deepwell.com with SMTP; 7 Oct 1999 23:09:49 -0000 Message-Id: <4.2.0.58.19991007152026.02f2f9d0@mail1.dcomm.net> X-Sender: freebsd@mail.deepwell.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Thu, 07 Oct 1999 15:20:48 -0700 To: freebsd-isp@freebsd.org From: Deepwell Internet Subject: Re: NetApp servers Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The Earthlink whitepaper is at http://www.earthlink.net/about/papers/mailarch.html but I agree. It looks like a cheezy hack. Can anyone point me to good documentation of building highly scalable web servers or mail servers? I'd like to explore some different designs and look at how they scale and increase reliability. I noticed that Geocities offers all user pages at www.geocities.com/~username. How do you suppose they are implementing this? A large Sun box or two with NFS? At 11:51 PM 10/7/99 +0200, you wrote: >Damian Hamill wrote: > > > Can anyone put any figures on what it costs to install and run a large > > scale email service (say > 10,000 users) using a NetApp file server, > > i.e. what are the real costs in terms of all the hardware components > > and also how many man hours per month to look after it etc. Any real > > life examples out there ? > >Very expensive, since all mail software needs to lock files it's writing >to. NFS is stateless, a lock is state information, so by design any >implementation of such is already a gross hack. > >I suggest getting a RAID controller, preferably a SCSI-SCSI one. Cost is >about a third of a NetApp. If you really want a purple box in your racks >use them to store web pages or user home directories (i.e. stuff you need >on several machines at the same time and that will hardly be written to). > >EarthLink do run mail on NetApps. They have a white paper somewhere on >their website describing their setup (which involves some hacks in local >delivery agents and POP3 daemons to work around the locking issue). > > > -- Niels. > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Oct 7 16:35:19 1999 Delivered-To: freebsd-isp@freebsd.org Received: from smtp7.xs4all.nl (smtp7.xs4all.nl [194.109.127.50]) by hub.freebsd.org (Postfix) with ESMTP id 74F8414BE5 for ; Thu, 7 Oct 1999 16:35:10 -0700 (PDT) (envelope-from niels@bakker.net) Received: from liquid.tpb.net (arctic.xs4all.nl [194.109.37.82]) by smtp7.xs4all.nl (8.9.3/8.9.3) with ESMTP id AAA07009; Fri, 8 Oct 1999 00:36:10 +0200 (CEST) Received: from localhost (niels@localhost) by liquid.tpb.net (8.9.3/8.9.3/Debian/GNU) with ESMTP id AAA06835; Fri, 8 Oct 1999 00:36:09 +0200 Date: Fri, 8 Oct 1999 00:36:09 +0200 (CEST) From: N X-Sender: niels@liquid.tpb.net To: Deepwell Internet Cc: freebsd-isp@FreeBSD.ORG Subject: Re: NetApp servers In-Reply-To: <4.2.0.58.19991007152026.02f2f9d0@mail1.dcomm.net> Message-ID: <9910080030530.6647-100000@liquid.tpb.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Deepwell Internet wrote: > Can anyone point me to good documentation of building highly scalable web > servers or mail servers? I'd like to explore some different designs and > look at how they scale and increase reliability. One scenario is to store usernames in an LDAP database with a MySQL backend, and change all end user-facing software to not use getpwnam() but query the LDAP server instead. Write a PHP3 frontend to the MySQL database and you have a very robust system. We're actually converting some of our setup to something similar to this. With PAM you can use whatever authentication system you want, provided there is a PAM module for it and you PAMify the application. One very large advantage of this is that you can use this on Linux, FreeBSD and Solaris. auth_radius may be useful as an alternative to the situation outlined above. > I noticed that Geocities offers all user pages at > www.geocities.com/~username. How do you suppose they are implementing > this? A large Sun box or two with NFS? I guess more than two boxes because them eedjits mark all content served as uncacheable. -- Niels. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Oct 7 16:37:13 1999 Delivered-To: freebsd-isp@freebsd.org Received: from proteus.eclipse.net.uk (proteus.eclipse.net.uk [195.188.32.118]) by hub.freebsd.org (Postfix) with ESMTP id E4E4314BE5 for ; Thu, 7 Oct 1999 16:37:10 -0700 (PDT) (envelope-from stuart@eclipse.net.uk) Received: from eclipse.net.uk (p1.telesto.eclipse.net.uk [212.104.138.193]) by proteus.eclipse.net.uk (Postfix) with ESMTP id 31DA49B23; Fri, 8 Oct 1999 00:37:09 +0100 (BST) Message-ID: <37FD275D.F30BFF9E@eclipse.net.uk> Date: Fri, 08 Oct 1999 00:06:05 +0100 From: Stuart Henderson X-Mailer: Mozilla 4.5 [en] (Win95; U) X-Accept-Language: en-GB,en MIME-Version: 1.0 To: Deepwell Internet Cc: freebsd-isp@FreeBSD.ORG Subject: Re: NetApp servers References: <4.2.0.58.19991007152026.02f2f9d0@mail1.dcomm.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Can anyone point me to good documentation of building highly scalable web > servers or mail servers? I'd like to explore some different designs and > look at how they scale and increase reliability. > I noticed that Geocities offers all user pages at > www.geocities.com/~username. How do you suppose they are implementing > this? A large Sun box or two with NFS? Other alternatives would be to use squid or some natd-style code (or some custom hardware, perhaps some of the load balancing boxes can do this) and divert requests to the correct web server based on a hash of the username or database lookup. > >EarthLink do run mail on NetApps. They have a white paper somewhere on > >their website describing their setup (which involves some hacks in local > >delivery agents and POP3 daemons to work around the locking issue). One file per mailbox is not the only way to store mail :-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Oct 7 17:29:53 1999 Delivered-To: freebsd-isp@freebsd.org Received: from richard2.pil.net (richard2.pil.net [207.8.164.9]) by hub.freebsd.org (Postfix) with SMTP id 7494714BB7 for ; Thu, 7 Oct 1999 17:29:44 -0700 (PDT) (envelope-from up@pil.net) Received: (qmail 6840 invoked by uid 1825); 8 Oct 1999 00:28:43 -0000 Date: Thu, 7 Oct 1999 20:28:43 -0400 (EDT) From: X-Sender: up@richard2.pil.net To: Deepwell Internet Cc: freebsd-isp@freebsd.org Subject: Re: NetApp servers In-Reply-To: <4.2.0.58.19991007152026.02f2f9d0@mail1.dcomm.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org If you're looking for reliability with NFS, check out qmail with Maildir. It solves the locking issues, but on a really large scale, it may bring up inode issues. Nonetheless, I believe it's still what Hotmail uses. On Thu, 7 Oct 1999, Deepwell Internet wrote: > The Earthlink whitepaper is at > http://www.earthlink.net/about/papers/mailarch.html > > but I agree. It looks like a cheezy hack. > > > Can anyone point me to good documentation of building highly scalable web > servers or mail servers? I'd like to explore some different designs and > look at how they scale and increase reliability. > > I noticed that Geocities offers all user pages at > www.geocities.com/~username. How do you suppose they are implementing > this? A large Sun box or two with NFS? > > > At 11:51 PM 10/7/99 +0200, you wrote: > >Damian Hamill wrote: > > > > > Can anyone put any figures on what it costs to install and run a large > > > scale email service (say > 10,000 users) using a NetApp file server, > > > i.e. what are the real costs in terms of all the hardware components > > > and also how many man hours per month to look after it etc. Any real > > > life examples out there ? > > > >Very expensive, since all mail software needs to lock files it's writing > >to. NFS is stateless, a lock is state information, so by design any > >implementation of such is already a gross hack. > > > >I suggest getting a RAID controller, preferably a SCSI-SCSI one. Cost is > >about a third of a NetApp. If you really want a purple box in your racks > >use them to store web pages or user home directories (i.e. stuff you need > >on several machines at the same time and that will hardly be written to). > > > >EarthLink do run mail on NetApps. They have a white paper somewhere on > >their website describing their setup (which involves some hacks in local > >delivery agents and POP3 daemons to work around the locking issue). > > > > > > -- Niels. > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-isp" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am ========================================================================= ISPF 3 - The Forum for ISPs by ISPs(tm) || Nov 15-17, 1999, New Orleans 3 days of clues, news, and views from the industry's best and brightest. Visit for information and registration. ========================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Oct 7 19:22:45 1999 Delivered-To: freebsd-isp@freebsd.org Received: from sentry.granch.ru (sentry.granch.ru [212.20.5.135]) by hub.freebsd.org (Postfix) with ESMTP id 2FA4B14C21; Thu, 7 Oct 1999 19:22:32 -0700 (PDT) (envelope-from shelton@sentry.granch.ru) Received: from localhost (IDENT:shelton@localhost.granch.nsk.su [127.0.0.1]) by sentry.granch.ru (8.9.3/8.9.3) with ESMTP id JAA03290; Fri, 8 Oct 1999 09:20:14 +0700 (NOVST) Date: Fri, 8 Oct 1999 09:20:13 +0700 (NOVST) From: "Rashid N. Achilov" To: freebsd-isp@freebsd.org, freebsd-newbies@freebsd.org Subject: Full list of sysctl Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Where can I find description of full sysctls list? I found many sysctls, which doesn't described in sysctl manual page. With Best Regards. Rashid N. Achilov (RNA1-RIPE), Cert. ID: 28514, Granch Ltd. lead engineer e-mail: achilov@granch.ru, tel (383-2) 24-2363 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Oct 8 2:39:30 1999 Delivered-To: freebsd-isp@freebsd.org Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by hub.freebsd.org (Postfix) with SMTP id BDBD514BD2 for ; Fri, 8 Oct 1999 02:39:26 -0700 (PDT) (envelope-from oppermann@pipeline.ch) Received: (qmail 30736 invoked from network); 8 Oct 1999 09:39:14 -0000 Received: from unknown (HELO pipeline.ch) ([195.134.128.41]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 8 Oct 1999 09:39:14 -0000 Message-ID: <37FDBBA3.1D19542F@pipeline.ch> Date: Fri, 08 Oct 1999 11:38:43 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.03 [en] (WinNT; U) MIME-Version: 1.0 To: Deepwell Internet Cc: freebsd-isp@freebsd.org Subject: Re: NetApp servers References: <4.2.0.58.19991007152026.02f2f9d0@mail1.dcomm.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Deepwell Internet wrote: > > The Earthlink whitepaper is at > http://www.earthlink.net/about/papers/mailarch.html > > but I agree. It looks like a cheezy hack. > > Can anyone point me to good documentation of building highly scalable web > servers or mail servers? I'd like to explore some different designs and > look at how they scale and increase reliability. Check out qmail-ldap with clustering support: http://www.nrg4u.com -- Andre Oppermann CEO / Geschaeftsfuehrer Internet Business Solutions Ltd. (AG) Hardstrasse 235, 8005 Zurich, Switzerland Fon +41 1 277 75 75 / Fax +41 1 277 75 77 http://www.pipeline.ch ibs@pipeline.ch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Oct 8 2:52:20 1999 Delivered-To: freebsd-isp@freebsd.org Received: from relay04.indigo.ie (relay04.indigo.ie [194.125.133.228]) by hub.freebsd.org (Postfix) with SMTP id 39CB514BFA for ; Fri, 8 Oct 1999 02:52:17 -0700 (PDT) (envelope-from judgea@indigo.ie) Received: (qmail 12831 messnum 46558 invoked from network[194.125.133.235/relay-mgr.indigo.ie]); 8 Oct 1999 09:52:16 -0000 Received: from relay-mgr.indigo.ie (HELO indigo.ie) (194.125.133.235) by relay04.indigo.ie (qp 12831) with SMTP; 8 Oct 1999 09:52:16 -0000 To: freebsd-isp@freebsd.org Subject: Re: NetApp servers In-reply-to: Message from N dated Thursday at 23:51. From: Alan Judge Date: Fri, 08 Oct 1999 10:52:16 +0100 Message-Id: <19991008095218.39CB514BFA@hub.freebsd.org> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >>>>> N writes: Niels> Damian Hamill wrote: >> Can anyone put any figures on what it costs to install and run a large >> scale email service (say > 10,000 users) using a NetApp file server, >> i.e. what are the real costs in terms of all the hardware components >> and also how many man hours per month to look after it etc. Any real >> life examples out there ? Niels> Very expensive, since all mail software needs to lock files Niels> it's writing to. NFS is stateless, a lock is state Niels> information, so by design any implementation of such is already Niels> a gross hack. Locking over NFS is indeed a gross hack and I'd never touch it. That said, we run most of our business on Netapp filers with FreeBSD front ends. Not all email systems need locking. We run qmail with Maildirs for around 100K users and it works fine. Standard out of the box qmail works with deliveries to NFS. Front end machines are cheap, replicatable, and easily upgradable, and we can add more when we need to. With clustered NetApps (expensive, I admit), you can eliminate most single points of failure; which is where the statelessness of NFS wins hands down. In terms of manpower to run, it's much better than our previous system which did use big boxes and RAID. Scaling is a big problem. By using multiple front end machines, all our customers still access mail.indigo.ie pop.indigo.ie and so on. Using local disk means you need a system to map users to machines; doable, but messy. -- Alan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Oct 8 8:55:36 1999 Delivered-To: freebsd-isp@freebsd.org Received: from phoenix.aye.net (phoenix.aye.net [206.185.8.134]) by hub.freebsd.org (Postfix) with SMTP id 5092B14D26 for ; Fri, 8 Oct 1999 08:55:29 -0700 (PDT) (envelope-from barrett@phoenix.aye.net) Received: (qmail 3080 invoked by uid 1000); 8 Oct 1999 15:59:53 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 8 Oct 1999 15:59:53 -0000 Date: Fri, 8 Oct 1999 11:59:53 -0400 (EDT) From: Barrett Richardson To: Alan Judge Cc: freebsd-isp@freebsd.org Subject: Re: NetApp servers In-Reply-To: <19991008095218.39CB514BFA@hub.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 8 Oct 1999, Alan Judge wrote: > In terms of manpower to run, it's much better than our previous system > which did use big boxes and RAID. Scaling is a big problem. By using > multiple front end machines, all our customers still access > mail.indigo.ie pop.indigo.ie and so on. Using local disk means you > need a system to map users to machines; doable, but messy. > -- > Alan > > Does the NetApp have tremendous benefits over building your own mongo NFS server with a super duper RAID controller? - Barrett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Oct 8 9:13:43 1999 Delivered-To: freebsd-isp@freebsd.org Received: from mail.palnet.com (mail.palnet.com [212.29.201.7]) by hub.freebsd.org (Postfix) with ESMTP id B726C14FC2 for ; Fri, 8 Oct 1999 09:13:38 -0700 (PDT) (envelope-from rjebara@palnet.com) Received: from localhost (rjebara@localhost) by mail.palnet.com (8.9.3/8.9.3) with ESMTP id SAA23678; Fri, 8 Oct 1999 18:13:12 +0200 (IST) Date: Fri, 8 Oct 1999 18:13:12 +0200 (IST) From: Rami Abu Jebara To: "Rashid N. Achilov" Cc: freebsd-isp@FreeBSD.ORG Subject: Re: One password base for some *NIX boxes In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hi How about PAM - Pluggable Authentication Modules, supported by LINUX, FreeBSD and SOLARIS ... IMHO, PAM will be a good autentication platform .. and IIRC you could set it up to autenticate from an SQL database or from RADIUS ... hope this helps Cheers Rami **************************** Rami Abu Jebara Technical Director Palnet Communications Ltd e-mail : rjebara@palnet.com Tel: ++ 972 2 583 5666 Fax: ++ 972 2 583 6354 w w w . p a l n e t . c o m On Mon, 4 Oct 1999, Rashid N. Achilov wrote: > Does anybody know any decision of this problem: I have some set of *NIX > boxes (Linux, FreeBSD, Solaric SPARC) and will, that it all use one > users/passwords database. > > Any advices received. > > With Best Regards. > Rashid N. Achilov (RNA1-RIPE), Cert. ID: 28514, Granch Ltd. lead engineer > e-mail: achilov@granch.ru, tel (383-2) 24-2363 > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Oct 8 9:36: 8 1999 Delivered-To: freebsd-isp@freebsd.org Received: from cliff.i-plus.net (cliff.i-plus.net [209.100.20.42]) by hub.freebsd.org (Postfix) with ESMTP id 98CF015325 for ; Fri, 8 Oct 1999 09:36:04 -0700 (PDT) (envelope-from st@i-plus.net) Received: from ARCADIA (arcadia.i-plus.net [209.100.20.198]) by cliff.i-plus.net (8.9.3/8.9.3) with SMTP id MAA75239 for ; Fri, 8 Oct 1999 12:35:55 -0400 (EDT) From: "Troy Settle" To: Subject: RE: One password base for some *NIX boxes Date: Fri, 8 Oct 1999 12:35:43 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I wanna set up a radius server that authenticates off PAM, and have PAM authenticate off Radius. "Gee, I don't know why it's not working!" *grin* -Troy > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Rami Abu Jebara > Sent: Friday, October 08, 1999 12:13 PM > To: Rashid N. Achilov > Cc: freebsd-isp@FreeBSD.ORG > Subject: Re: One password base for some *NIX boxes > > > hi > > How about PAM - Pluggable Authentication Modules, > supported by LINUX, FreeBSD and SOLARIS ... > > IMHO, PAM will be a good autentication platform .. > and IIRC you could set it up to autenticate from an > SQL database or from RADIUS ... > > hope this helps > > Cheers > > Rami > > > **************************** > Rami Abu Jebara > Technical Director > Palnet Communications Ltd > e-mail : rjebara@palnet.com > Tel: ++ 972 2 583 5666 > Fax: ++ 972 2 583 6354 > w w w . p a l n e t . c o m > > On Mon, 4 Oct 1999, Rashid N. Achilov wrote: > > > Does anybody know any decision of this problem: I have some set of *NIX > > boxes (Linux, FreeBSD, Solaric SPARC) and will, that it all use one > > users/passwords database. > > > > Any advices received. > > > > With Best Regards. > > Rashid N. Achilov (RNA1-RIPE), Cert. ID: 28514, Granch Ltd. > lead engineer > > e-mail: achilov@granch.ru, tel (383-2) 24-2363 > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Oct 8 10:52:36 1999 Delivered-To: freebsd-isp@freebsd.org Received: from kerouac.deepwell.com (deepwell.com [209.63.174.12]) by hub.freebsd.org (Postfix) with SMTP id B3B8F14EC3 for ; Fri, 8 Oct 1999 10:52:32 -0700 (PDT) (envelope-from freebsd@deepwell.com) Received: (qmail 2282 invoked from network); 8 Oct 1999 18:39:44 -0000 Received: from proxy.dcomm.net (HELO terry) (209.63.175.10) by deepwell.com with SMTP; 8 Oct 1999 18:39:44 -0000 Message-Id: <4.2.0.58.19991008104612.032ec840@mail1.dcomm.net> X-Sender: freebsd@mail.deepwell.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Fri, 08 Oct 1999 10:49:43 -0700 To: freebsd-isp@freebsd.org From: Deepwell Internet Subject: Re: NetApp servers In-Reply-To: References: <19991008095218.39CB514BFA@hub.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > >Does the NetApp have tremendous benefits over building your >own mongo NFS server with a super duper RAID controller? I Beleive the Mongo brand NFS appliance isn't due to hit the market for another 6 months, but SuperDuper Raid (c) should be available soon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Oct 8 11:14:26 1999 Delivered-To: freebsd-isp@freebsd.org Received: from shell.xecu.net (shell.xecu.net [208.241.7.3]) by hub.freebsd.org (Postfix) with ESMTP id C5F2C14DD4 for ; Fri, 8 Oct 1999 11:14:20 -0700 (PDT) (envelope-from andy@xecu.net) Received: from localhost (andy@localhost) by shell.xecu.net (8.9.1/8.9.1) with ESMTP id OAA13013 for ; Fri, 8 Oct 1999 14:14:18 -0400 (EDT) X-Authentication-Warning: shell.xecu.net: andy owned process doing -bs Date: Fri, 8 Oct 1999 14:14:18 -0400 (EDT) From: Andy Dills To: freebsd-isp@FreeBSD.ORG Subject: FreeBSD routing (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ok, the short version (the long version would take about an hour to type): Is there any way, under FreeBSD, to route packets based on their source address? Thanks, Andy ---------------------------------------------------- Andy Dills 301-682-9972 Network Administrator Fax 301-695-4060 Xecunet, LLC www.xecu.net ---------------------------------------------------- Dialup * Webhosting * E-Commerce * High-Speed Access To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Oct 8 11:21:25 1999 Delivered-To: freebsd-isp@freebsd.org Received: from pau-amma.whistle.com (pau-amma.whistle.com [207.76.205.64]) by hub.freebsd.org (Postfix) with ESMTP id D458114A29 for ; Fri, 8 Oct 1999 11:21:23 -0700 (PDT) (envelope-from dhw@whistle.com) Received: (from dhw@localhost) by pau-amma.whistle.com (8.9.2/8.9.2) id LAA10225; Fri, 8 Oct 1999 11:21:22 -0700 (PDT) Date: Fri, 8 Oct 1999 11:21:22 -0700 (PDT) From: David Wolfskill Message-Id: <199910081821.LAA10225@pau-amma.whistle.com> To: andy@xecu.net Subject: Re: FreeBSD routing (fwd) Cc: freebsd-isp@FreeBSD.ORG In-Reply-To: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Date: Fri, 8 Oct 1999 14:14:18 -0400 (EDT) >From: Andy Dills >Ok, the short version (the long version would take about an hour to type): >Is there any way, under FreeBSD, to route packets based on their source >address? Well, on my NAT/firewall box at home, I accept incoming requests *from* certain IP addresses (on certain ports), and forward them to an internal machine. I do this via natd & ipfw. It's possible that otehr apporaches would also work. Cheers, david -- David Wolfskill dhw@whistle.com UNIX System Administrator voice: (650) 577-7158 pager: (888) 347-0197 FAX: (650) 372-5915 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Oct 8 11:56:21 1999 Delivered-To: freebsd-isp@freebsd.org Received: from dt011n66.san.rr.com (dt011n66.san.rr.com [204.210.13.102]) by hub.freebsd.org (Postfix) with ESMTP id 44DA114DC7; Fri, 8 Oct 1999 11:56:17 -0700 (PDT) (envelope-from Doug@gorean.org) Received: from gorean.org (master [10.0.0.2]) by dt011n66.san.rr.com (8.9.3/8.8.8) with ESMTP id LAA74933; Fri, 8 Oct 1999 11:56:03 -0700 (PDT) (envelope-from Doug@gorean.org) Message-ID: <37FE3E43.E286A2AB@gorean.org> Date: Fri, 08 Oct 1999 11:56:03 -0700 From: Doug Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 4.0-CURRENT-0927 i386) X-Accept-Language: en MIME-Version: 1.0 To: "Rashid N. Achilov" Cc: freebsd-isp@freebsd.org, freebsd-newbies@freebsd.org Subject: Re: Full list of sysctl References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org For future reference this question is not appropriate for either list, and you should never cross post. You have a question, ask freebsd-questions. "Rashid N. Achilov" wrote: > > Where can I find description of full sysctls list? I found many sysctls, > which doesn't described in sysctl manual page. The source is the only reliable guide. diffs to the man pages would be greatly appreciated. Good luck, Doug -- "Stop it, I'm gettin' misty." - Mel Gibson as Porter, "Payback" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Oct 8 12:16:22 1999 Delivered-To: freebsd-isp@freebsd.org Received: from phoenix.aye.net (phoenix.aye.net [206.185.8.134]) by hub.freebsd.org (Postfix) with SMTP id AAD7D14EB0 for ; Fri, 8 Oct 1999 12:16:17 -0700 (PDT) (envelope-from barrett@phoenix.aye.net) Received: (qmail 535 invoked by uid 1000); 8 Oct 1999 19:20:49 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 8 Oct 1999 19:20:49 -0000 Date: Fri, 8 Oct 1999 15:20:49 -0400 (EDT) From: Barrett Richardson To: freebsd-isp@freebsd.org Subject: Re: NetApp servers In-Reply-To: <4.2.0.58.19991008104612.032ec840@mail1.dcomm.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 8 Oct 1999, Deepwell Internet wrote: > > > > >Does the NetApp have tremendous benefits over building your > >own mongo NFS server with a super duper RAID controller? > > > I Beleive the Mongo brand NFS appliance isn't due to hit the market for > another 6 months, but SuperDuper Raid (c) should be available soon. > > Given the current limited availability of those two items I am forced to consider a Micron NetFRAME 9201 with a six channel Mylex DAC960SXI RAID controller. Should I get a NetApp instead? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Oct 8 13:59:15 1999 Delivered-To: freebsd-isp@freebsd.org Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1]) by hub.freebsd.org (Postfix) with ESMTP id E5B9C14F8F; Fri, 8 Oct 1999 13:59:01 -0700 (PDT) (envelope-from mike@sentex.net) Received: from simoeon (simeon.sentex.ca [209.112.4.47]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id QAA07638; Fri, 8 Oct 1999 16:59:01 -0400 (EDT) Message-Id: <3.0.5.32.19991008165743.01746210@staff.sentex.ca> X-Sender: mdtpop@staff.sentex.ca X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Fri, 08 Oct 1999 16:57:43 -0400 To: questions@freebsd.org From: Mike Tancsa Subject: improving NIS speeds Cc: freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I am in the process of testing to see if NIS is the system for us. I havent got into any formal benchmarkings yet, but have noticed some speed differences. For example, running top, has a good 3 second delay before it displays anything. I imagine this is due to the looking up username-UID maps via NIS. Are there any optimizations that I can do ? I am concerned that if I make this a 20K user pop server, there will be similar delays each time at authentication time ? Or is it something special about top. I ordered the ORA "Managing NIS+NFS" book, but it hasnt arrived yet. In the mean time, are there any good online resources I could consult about NIS optimizations? Or should I just look at some other system like Kerberos. ---Mike ------------------------------------------------------------------------ Mike Tancsa, tel 01.519.651.3400 Network Administrator, mike@sentex.net Sentex Communications www.sentex.net Cambridge, Ontario Canada To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Oct 8 14: 6:10 1999 Delivered-To: freebsd-isp@freebsd.org Received: from shell.futuresouth.com (shell.futuresouth.com [198.78.58.28]) by hub.freebsd.org (Postfix) with ESMTP id 63F76153F2; Fri, 8 Oct 1999 14:06:05 -0700 (PDT) (envelope-from tim@futuresouth.com) Received: (from tim@localhost) by shell.futuresouth.com (8.9.3/8.9.3) id QAA20514; Fri, 8 Oct 1999 16:05:53 -0500 (CDT) Date: Fri, 8 Oct 1999 16:05:53 -0500 From: Tim Tsai To: Mike Tancsa Cc: questions@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG Subject: Re: improving NIS speeds Message-ID: <19991008160552.A20238@futuresouth.com> References: <3.0.5.32.19991008165743.01746210@staff.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i In-Reply-To: <3.0.5.32.19991008165743.01746210@staff.sentex.ca> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'd personally avoid NIS altogether for POP. Most newer mail software allows a single UID system where the username/mailbox is detached from the underlying OS's username/UID system. If you do want to use FreeBSD's username/UID, you might want to consider simply a rdist script that'll copy the master.passwd database and run the password make program. We have found this solution to be a lot more reliable and maintainable than NIS. Tim On Fri, Oct 08, 1999 at 04:57:43PM -0400, Mike Tancsa wrote: > > Hi, > I am in the process of testing to see if NIS is the system for us. I > havent got into any formal benchmarkings yet, but have noticed some speed > differences. For example, running top, has a good 3 second delay before it > displays anything. I imagine this is due to the looking up username-UID > maps via NIS. Are there any optimizations that I can do ? I am concerned > that if I make this a 20K user pop server, there will be similar delays > each time at authentication time ? Or is it something special about top. I > ordered the ORA "Managing NIS+NFS" book, but it hasnt arrived yet. In the > mean time, are there any good online resources I could consult about NIS > optimizations? Or should I just look at some other system like Kerberos. > > ---Mike > ------------------------------------------------------------------------ > Mike Tancsa, tel 01.519.651.3400 > Network Administrator, mike@sentex.net > Sentex Communications www.sentex.net > Cambridge, Ontario Canada > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Oct 8 16:16:33 1999 Delivered-To: freebsd-isp@freebsd.org Received: from etinc.com (et-gw.etinc.com [207.252.1.2]) by hub.freebsd.org (Postfix) with ESMTP id EA10A14FA1 for ; Fri, 8 Oct 1999 16:16:24 -0700 (PDT) (envelope-from dennis@etinc.com) Received: from dbsys (dbsys.etinc.com [207.252.1.18]) by etinc.com (8.9.3/8.9.3) with SMTP id TAA18756; Fri, 8 Oct 1999 19:13:55 -0400 (EDT) Message-Id: <199910082313.TAA18756@etinc.com> X-Sender: dennis@etinc.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0 Date: Fri, 08 Oct 1999 18:12:19 -0400 To: list@inet-access.net From: Dennis Subject: ATM to Frame Converters Cc: isp@freebsd.org In-Reply-To: <005901bf119d$f13b5b80$0de9b5cf@2> References: <3.0.32.19991008104612.01494d50@mail.roava.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Is anyone doing DSL over ATM with an ATM to frame relay convertor to a frame relay router? IF these work, we could offer an ATM DSL T3 solution for under $15,000. or one frame and one ATM T3 for about $18,000. complete with CSUs. Dennis Emerging Technologies, Inc. http://www.etinc.com ISA and PCI T1/T3/V35/HSSI Cards for FreeBSD and LINUX Multiport T1 and HSSI/T3 UNIX-based Routers Bandwidth Management Standalone Systems Bandwidth Management software for LINUX and FreeBSD DSL Frame Relay Bridging over T1 and T3 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Oct 8 22:27: 2 1999 Delivered-To: freebsd-isp@freebsd.org Received: from princess.it-au.com (princess.it-au.com [203.36.219.3]) by hub.freebsd.org (Postfix) with ESMTP id 4587A150BF for ; Fri, 8 Oct 1999 22:26:53 -0700 (PDT) (envelope-from matthew@imagineering.net.au) Received: from wolfven (wolfven.it-au.com [203.36.219.42]) by princess.it-au.com (Rockliffe SMTPRA 3.4.2) with ESMTP id for ; Sat, 9 Oct 1999 15:15:30 +1000 Message-Id: <4.2.1.9.19991009142652.025f58c0@mail.imagineering.net.au> X-Sender: matthew@mail.imagineering.net.au X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.1.9 (Beta) Date: Sat, 09 Oct 1999 14:26:56 +1000 To: freebsd-isp@FreeBSD.ORG From: "Matthew R. Proctor" Subject: help Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --- Current Net Legislation will slow us down and cost us more! Tell you Local Federal Member NOW it will hurt your business For more info visit http://www.efa.org.au/Campaigns/99.html --- Imagineering Technology Pty. Ltd. Web Site - http://www.imagineering.net.au/ Tel - (03) 9866 7200 Fax - (03) 9820 5898 Mobile - (0412) 010 546 Office : Level 5, 3 Bowen Crescent, Melbourne Victoria 3004 Australia Personal - http://www.wolfven.com/ ICQ 1502497 eCommerce Solutions for Australia http://www.opencommerce.com.au/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Oct 9 1: 2:54 1999 Delivered-To: freebsd-isp@freebsd.org Received: from dominik.saargate.de (dominik.saargate.de [212.88.132.246]) by hub.freebsd.org (Postfix) with ESMTP id 5FB5314FB2 for ; Sat, 9 Oct 1999 01:02:49 -0700 (PDT) (envelope-from domi@saargate.de) Received: from localhost (localhost [127.0.0.1]) by dominik.saargate.de (8.9.3/8.9.3) with ESMTP id SAA90069; Fri, 8 Oct 1999 18:41:27 +0200 (CEST) (envelope-from domi@saargate.de) Date: Fri, 8 Oct 1999 18:41:26 +0200 (CEST) From: Dominik Brettnacher To: "rjebara@palnet.com" Cc: shelton@sentry.granch.ru, freebsd-isp@freebsd.org Subject: Re: One password base for some *NIX boxes In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 8 Oct 1999, rjebara@palnet.com wrote: > IMHO, PAM will be a good autentication platform .. > and IIRC you could set it up to autenticate from an > SQL database or from RADIUS ... How do I set up this? -- Dominik - http://www.saargate.de/~domi/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message