From owner-freebsd-isp Sun Jul 8 5:45:26 2001 Delivered-To: freebsd-isp@freebsd.org Received: from roulen-gw.morning.ru (roulen-gw.morning.ru [195.161.98.242]) by hub.freebsd.org (Postfix) with ESMTP id 2CA8737B401; Sun, 8 Jul 2001 05:45:14 -0700 (PDT) (envelope-from poige@morning.ru) Received: from NIC1 (seven.ld [192.168.11.7]) by roulen-gw.morning.ru (Postfix) with ESMTP id CF9773D; Sun, 8 Jul 2001 20:45:09 +0800 (KRAST) Date: Sun, 8 Jul 2001 20:45:27 +0800 From: Igor Podlesny X-Mailer: The Bat! (v1.52 Beta/7) UNREG / CD5BF9353B3B7091 Organization: Morning Network X-Priority: 3 (Normal) Message-ID: <335722238.20010708204527@morning.ru> To: freebsd-isp@FreeBSD.ORG Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Flight of the rat, living wreck..... In-Reply-To: <1595443006.20010630190139@morning.ru> References: <1595443006.20010630190139@morning.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Hello everybody! > This is relative to 4.3 for yet ;) so if you're using something older > you can skip it easily. well, I came up with a patch (http://www.morning.ru/~poige/patchzone/ip_fw.c.patch) > How it was started > ------------------ > For a long time I've been looking forward (and even trying to learn > freebsd internals enough to implement it by myself :) for newly > implemented ipfw's feature allowing easy filtering of non-transit > ip-packets, i.e., packets with destination address of one of the > interfaces. (You know in Linux it is done now with netfilter, which > separates ip flow into 3 different chains, BSDi's ipfw looks like a > programming language :) which allows such things for ages, if I'm not > mistaken ;). In short -- the feature is cool, and I get prepared to > start using it. At first it seemed to be okay, I felt security > comparable to "deny ip from any to any" ;)), but than, noticed that > something was going wrong. > And this was with Point-to-point interfaces. Everything was as if > remote peer ip-address matched 'me'. It's certainly wrong as far as I > can guess, so after applying fixes to my IPFW's rules allowing easy > going (passing) for packets to such addresses I started digging the > code. > ip_fw.c looks okay, but in_var.h with its INADDR_TO_IFP definition > which is a core for 'me'-feature >> if (f->fw_flg & IP_FW_F_SME) { >> INADDR_TO_IFP(src_ip, tif); >> if (tif == NULL) >> continue; >> } >> if (f->fw_flg & IP_FW_F_DME) { >> INADDR_TO_IFP(dst_ip, tif); >> if (tif == NULL) >> continue; > doesn't: >> /* >> * Macro for finding the interface (ifnet structure) corresponding to one >> * of our IP addresses. >> */ >> #define INADDR_TO_IFP(addr, ifp) \ >> /* struct in_addr addr; */ \ >> /* struct ifnet *ifp; */ \ >> { \ >> register struct in_ifaddr *ia; \ >> \ >> for (ia = in_ifaddrhead.tqh_first; \ > // so here we start looking through the queue >> ia != NULL > // sanity (I'd have written just (ia)) >> && ((ia->ia_ifp->if_flags & IFF_POINTOPOINT)? \ > // hm. special case if the interface is PTP >> IA_DSTSIN(ia):IA_SIN(ia))->sin_addr.s_addr != (addr).s_addr; \ > // so it is like: if it is PTP, then we using DST address in comparison > // with addr.s_addr > // it is the time I started to ask myself why it is so? why we're (ok, > // they're) checking for remote ip-address if the head comment > // says: > // * Macro for finding the interface (ifnet structure) corresponding to one > // * of our IP addresses. > // ^^^ > // ^^^ >> ia = ia->ia_link.tqe_next) \ >> continue; \ > // as it's seen, the algo is: checking addresses of our ifaces or > // our remote ends in case of PTP until we get the matching or reach the end > // this is like vice versa: looking through the queue for exact matching > // and in case only ia is NULL after the first search. Also, this > // it's taking into consideration only PTP interfaces and only local > // addresses of them. >> if (ia == NULL) \ >> for (ia = in_ifaddrhead.tqh_first; \ >> ia != NULL; \ >> ia = ia->ia_link.tqe_next) \ >> if (ia->ia_ifp->if_flags & IFF_POINTOPOINT && \ >> IA_SIN(ia)->sin_addr.s_addr == (addr).s_addr) \ >> break; \ > // the terminator: if we have found something we would come up with > // ia_ifp, or with NULL at least. >> (ifp) = (ia == NULL) ? NULL : ia->ia_ifp; \ >> } > Now, getting down to IPFW's 'me'-keyword business: > IMHO, it breaks the sense in this way: > on first cycle-pass, the matching is found and ia isn't NULL. so the > second is skipped. and we got the matching, although we shouldn't. > I deem this is wrong. > Now, in conclusion > ------------------ > I'm a man who hasn't very deep knowledge of the BSD's bones, still be > learning it. So I can't say that the code INADDR_TO_IFP is completely > wrong because of lack of knowledge and all I say is just it doesn't > fit the purpose of IPFW's 'me'-keyword and the solution is to avoid > using it there. > Your ideas and opinions are really appreciated. > Good luck everybody and thank you in advance. -- Igor mailto:poige@morning.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jul 8 9:37:38 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bigglesworth.mail.be.easynet.net (bigglesworth.mail.be.easynet.net [212.100.160.67]) by hub.freebsd.org (Postfix) with ESMTP id AD81C37B405 for ; Sun, 8 Jul 2001 09:37:34 -0700 (PDT) (envelope-from wim@krijt.livens.net) Received: from 213-193-182-11.adsl.easynet.be ([213.193.182.11] helo=krijt.livens.net) by bigglesworth.mail.be.easynet.net with esmtp (Exim 3.16 #1) id 15JHYr-0008SN-00; Sun, 08 Jul 2001 18:37:33 +0200 Received: (from wim@localhost) by krijt.livens.net (8.11.3/8.11.3) id f68Gbcm03202; Sun, 8 Jul 2001 18:37:38 +0200 (CEST) (envelope-from wim) Date: Sun, 8 Jul 2001 18:37:38 +0200 From: Wim Livens To: tony.mccrory@mgn.co.uk Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Multiport serial cards Message-ID: <20010708183737.A2541@krijt.livens.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from tony.mccrory@mgn.co.uk on Fri, Jul 06, 2001 at 05:38:51PM +0100 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Jul 06, 2001 at 05:38:51PM +0100, tony.mccrory@mgn.co.uk wrote: > Can anyone recommend a multiport pci serial card that works with FreeBSD ? > I'm looking for a unit that can handle at least 16 modems. http://www.cyclades.com/products/index.htm Y-series or Z-series depending on your needs. I've used Y-series cards with success. -- Wim Livens mailto:wim@livens.net http://wim.livens.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jul 9 12:54:38 2001 Delivered-To: freebsd-isp@freebsd.org Received: from comp1.mastery.ca (comp1.mastery.ca [209.202.88.60]) by hub.freebsd.org (Postfix) with ESMTP id 6756337B401 for ; Mon, 9 Jul 2001 12:54:36 -0700 (PDT) (envelope-from rmasse@mastery.ca) Received: from 78kw954 ([209.202.88.150]) (authenticated) by comp1.mastery.ca (8.11.3/8.11.1) with ESMTP id f69JsPQ36289 for ; Mon, 9 Jul 2001 15:54:25 -0400 (EDT) (envelope-from rmasse@mastery.ca) Message-ID: <00d101c108b0$f2f085c0$3200000a@Intranet> From: "Ryan Masse" To: Subject: remote power-on/off Date: Mon, 9 Jul 2001 15:54:21 -0400 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Can anyone recommend a technology that would allow a customer to remotely reboot a colocated server? Thanks, Ryan Masse IT Manager / Authoring Tech Mastery Group of Canada, Inc. Rmasse@mastery.ca http://www.masterycanada.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jul 9 12:58: 7 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pandora.worldonline.nl (pandora.worldonline.nl [195.241.48.140]) by hub.freebsd.org (Postfix) with ESMTP id C42FA37B401 for ; Mon, 9 Jul 2001 12:57:59 -0700 (PDT) (envelope-from eric@monkey-online.net) Received: from monkey-online.net (unknown [195.241.113.9]) by pandora.worldonline.nl (Postfix) with ESMTP id 1D19636B73; Mon, 9 Jul 2001 21:57:53 +0200 (MET DST) Message-ID: <3B4A0DF6.85614DF4@monkey-online.net> Date: Mon, 09 Jul 2001 22:03:02 +0200 From: Eric Veraart X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Ryan Masse Cc: freebsd-isp@FreeBSD.ORG Subject: Re: remote power-on/off References: <00d101c108b0$f2f085c0$3200000a@Intranet> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Use an APC MasterSwitch. http://www.apc.com/products/pdu.cfm Ryan Masse wrote: > > Can anyone recommend a technology that would allow a customer to remotely > reboot a colocated server? > > Thanks, > > Ryan Masse > IT Manager / Authoring Tech > Mastery Group of Canada, Inc. > Rmasse@mastery.ca > http://www.masterycanada.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 10 6:59:25 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 59C1637B406 for ; Tue, 10 Jul 2001 06:59:21 -0700 (PDT) (envelope-from jwyatt@rwsystems.net) Received: from bsdie.rwsystems.net([209.197.223.2]) (1131 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Tue, 10 Jul 2001 08:58:37 -0500 (CDT) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Tue, 10 Jul 2001 08:58:35 -0500 (CDT) From: James Wyatt To: Ryan Masse Cc: freebsd-isp@freebsd.org Subject: Re: remote power-on/off In-Reply-To: <00d101c108b0$f2f085c0$3200000a@Intranet> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 9 Jul 2001, Ryan Masse wrote: > Can anyone recommend a technology that would allow a customer to remotely > reboot a colocated server? There are several. We have an APC switch that is great, but not cheap. It knows what serial and network connections are and has a nice rack mount. If you have an extra phone line, www.x10.com has a telephone responder that can control X10 modules that go inline with the power. The user calls it and issues ToucnTone(tm) commands to command it. Easily handles 16 hosts, but they have to be on the same UPS. Hope this helps - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 10 7: 4:16 2001 Delivered-To: freebsd-isp@freebsd.org Received: from euphoria.confusion.net (dementia.confusion.net [205.166.119.16]) by hub.freebsd.org (Postfix) with ESMTP id A73F637B407 for ; Tue, 10 Jul 2001 07:04:11 -0700 (PDT) (envelope-from stuyman@euphoria.confusion.net) Received: from localhost (localhost [127.0.0.1]) by euphoria.confusion.net (8.11.2/8.11.2) with SMTP id f6AE3lZ26494; Tue, 10 Jul 2001 07:03:47 -0700 (PDT) Date: Tue, 10 Jul 2001 07:03:47 -0700 (PDT) From: Laurence Berland To: James Wyatt Cc: Ryan Masse , freebsd-isp@FreeBSD.ORG Subject: Re: remote power-on/off In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 10 Jul 2001, James Wyatt wrote: > > If you have an extra phone line, www.x10.com has a telephone responder > that can control X10 modules that go inline with the power. The user calls > it and issues ToucnTone(tm) commands to command it. Easily handles 16 > hosts, but they have to be on the same UPS. > As a general rule, I won't buy things from a company whose ads are so unbearably rude and pointless. Especially when I see them so many times that their web site becomes the 5th most popular on the net. However, that said, I've heard their products work as advertised :) L: http://www.isp.northwestern.edu/~laurence To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 10 13:39: 2 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.hostorama.com (208-128-72-15.ipv4.intur.net [208.128.72.15]) by hub.freebsd.org (Postfix) with SMTP id 42B4937B403 for ; Tue, 10 Jul 2001 13:38:55 -0700 (PDT) (envelope-from eric@ericwalters.com) Received: (qmail 65208 invoked from network); 10 Jul 2001 20:59:58 -0000 Received: from unknown (HELO netmon1) (12.45.139.50) by 0 with SMTP; 10 Jul 2001 20:59:58 -0000 From: "Eric Walters" To: "Ryan Masse" Cc: Subject: RE: remote power-on/off Date: Tue, 10 Jul 2001 15:38:53 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 In-Reply-To: Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org If you have an old APC UPS that you aren't using or doesn't work, you can check out APC's Trade-UPS program and get a Master Switch for a pretty decent discount. Thanks, Eric -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of James Wyatt Sent: Tuesday, July 10, 2001 8:59 AM To: Ryan Masse Cc: freebsd-isp@freebsd.org Subject: Re: remote power-on/off On Mon, 9 Jul 2001, Ryan Masse wrote: > Can anyone recommend a technology that would allow a customer to remotely > reboot a colocated server? There are several. We have an APC switch that is great, but not cheap. It knows what serial and network connections are and has a nice rack mount. If you have an extra phone line, www.x10.com has a telephone responder that can control X10 modules that go inline with the power. The user calls it and issues ToucnTone(tm) commands to command it. Easily handles 16 hosts, but they have to be on the same UPS. Hope this helps - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 10 14:17:46 2001 Delivered-To: freebsd-isp@freebsd.org Received: from snake.supranet.net (snake.supranet.net [205.164.160.19]) by hub.freebsd.org (Postfix) with ESMTP id 0420B37B403 for ; Tue, 10 Jul 2001 14:17:44 -0700 (PDT) (envelope-from john@snake.supranet.net) Received: from localhost (john@localhost [127.0.0.1]) by snake.supranet.net (8.11.0/8.11.0) with ESMTP id f6ALHdJ41435; Tue, 10 Jul 2001 16:17:39 -0500 (CDT) (envelope-from john@snake.supranet.net) Date: Tue, 10 Jul 2001 16:17:38 -0500 (CDT) From: John Heyer X-Sender: john@snake.supranet.net To: freebsd-hackers@supranet.net, freebsd-isp@freebsd.org Subject: "NOARP" option to ifconfig Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Is there any way to turn on ARP for the ng0 interface? I'm running a mpd based VPN, which is supposed to be doing proxy arp. The entries do show up when I do arp -a, but no one else on the network sees them. I think this is the problem: serena ~ > ifconfig ng0 ng0: flags=88d1 mtu 1498 inet 192.168.0.250 --> 192.168.0.251 netmask 0xffffffff inet6 fe80::2a0:24ff:fed8:b29e%ng0 --> :: prefixlen 64 scopeid 0x5 Is there any way I can do get rid of the "NOARP" option? -- Johh Heyer - john@personal.supranet.net - http://heyer.supranet.net "Me fail English? That's unpossible!" -- Ralph Wiggam To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 10 18: 7:56 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hawk-systems.com (hawk-systems.com [161.58.152.235]) by hub.freebsd.org (Postfix) with ESMTP id 115FB37B406 for ; Tue, 10 Jul 2001 18:07:54 -0700 (PDT) (envelope-from dave@hawk-systems.com) Received: from WS1 (ws1.nexusinternetsolutions.net [204.50.158.15]) by hawk-systems.com (8.11.2) id f6B17rk13197 for ; Tue, 10 Jul 2001 19:07:53 -0600 (MDT) From: "Dave VanAuken" To: Subject: Intel ISP1100 or similar 1U experience with 4.3 stable Date: Tue, 10 Jul 2001 21:12:52 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org we arelooking for a new vendor for 1U units. Given the inherant marketing valur of brand recognition, we are considering trying out a few Intel ISP1100 and SRMK2 models of 1U servers (not the preconfigured hosting/cache and other garbage models). Any first hand experience with loading up 4.3 Stable on these systems that would be helpful before we dump a chunk of change on some? Barring that, any other first hand recommendations for solid 1U FreeBSD friendly solutions from solid well founded companies. Looking for dual SCSI / RAID mirroring, hefty memory (a la 4GB max), low heat and power consumption... but most of all solid performer. Appreciate any input. Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 10 18:25: 6 2001 Delivered-To: freebsd-isp@freebsd.org Received: from c003.snv.cp.net (c003-h000.c003.snv.cp.net [209.228.32.214]) by hub.freebsd.org (Postfix) with SMTP id BAA4437B401 for ; Tue, 10 Jul 2001 18:25:00 -0700 (PDT) (envelope-from ignacioc@avantel.net) Received: (cpmta 5354 invoked from network); 10 Jul 2001 18:24:59 -0700 Received: from maq-148-245-81-14.interclan.net (HELO nachito) (148.245.81.14) by smtp.avantel.net (209.228.32.214) with SMTP; 10 Jul 2001 18:24:59 -0700 X-Sent: 11 Jul 2001 01:24:59 GMT From: "Ignacio Cristerna" To: "Dave VanAuken" , Subject: RE: Intel ISP1100 or similar 1U experience with 4.3 stable Date: Tue, 10 Jul 2001 20:26:00 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org We are using an ISP1100 running 4.2-STABLE. Nice machine but we were never able to find a driver for the RAID card. Our machine has 2 CPU and the SMP version runs just fine. Robust but expensive hardware -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Dave VanAuken Sent: Martes, 10 de Julio de 2001 20:13 To: freebsd-isp@FreeBSD.ORG Subject: Intel ISP1100 or similar 1U experience with 4.3 stable we arelooking for a new vendor for 1U units. Given the inherant marketing valur of brand recognition, we are considering trying out a few Intel ISP1100 and SRMK2 models of 1U servers (not the preconfigured hosting/cache and other garbage models). Any first hand experience with loading up 4.3 Stable on these systems that would be helpful before we dump a chunk of change on some? Barring that, any other first hand recommendations for solid 1U FreeBSD friendly solutions from solid well founded companies. Looking for dual SCSI / RAID mirroring, hefty memory (a la 4GB max), low heat and power consumption... but most of all solid performer. Appreciate any input. Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 10 19:48: 0 2001 Delivered-To: freebsd-isp@freebsd.org Received: from london.physics.purdue.edu (london.physics.purdue.edu [128.210.67.35]) by hub.freebsd.org (Postfix) with ESMTP id 4AD7337B40B for ; Tue, 10 Jul 2001 19:47:58 -0700 (PDT) (envelope-from will@physics.purdue.edu) Received: from bohr.physics.purdue.edu (bohr.physics.purdue.edu [128.210.67.12]) by london.physics.purdue.edu (8.8.8/8.8.8) with ESMTP id VAA19453; Tue, 10 Jul 2001 21:47:57 -0500 (EST) Received: by bohr.physics.purdue.edu (Postfix, from userid 12409) id 909DE5BB5; Tue, 10 Jul 2001 21:47:58 -0500 (EST) Date: Tue, 10 Jul 2001 21:47:58 -0500 From: Will Andrews To: Wim Livens Cc: tony.mccrory@mgn.co.uk, freebsd-isp@FreeBSD.ORG Subject: Re: Multiport serial cards Message-ID: <20010710214758.E97456@bohr.physics.purdue.edu> Reply-To: Will Andrews Mail-Followup-To: Wim Livens , tony.mccrory@mgn.co.uk, freebsd-isp@FreeBSD.ORG References: <20010708183737.A2541@krijt.livens.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.17i In-Reply-To: <20010708183737.A2541@krijt.livens.net>; from wim@livens.net on Sun, Jul 08, 2001 at 06:37:38PM +0200 X-Operating-System: FreeBSD 4.3-STABLE i386 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, Jul 08, 2001 at 06:37:38PM +0200, Wim Livens (wim@livens.net) wrote: > http://www.cyclades.com/products/index.htm > > Y-series or Z-series depending on your needs. I've used Y-series > cards with success. With cy(4) on FreeBSD >= 4.0? -- wca To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 10 20:54:17 2001 Delivered-To: freebsd-isp@freebsd.org Received: from root.com (root.com [209.102.106.178]) by hub.freebsd.org (Postfix) with ESMTP id 77EA137B401 for ; Tue, 10 Jul 2001 20:54:11 -0700 (PDT) (envelope-from dg@root.com) Received: (from dg@localhost) by root.com (8.11.2/8.11.2) id f6B3h2035702; Tue, 10 Jul 2001 20:43:02 -0700 (PDT) (envelope-from dg) Date: Tue, 10 Jul 2001 20:43:02 -0700 From: David Greenman To: Dave VanAuken Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Intel ISP1100 or similar 1U experience with 4.3 stable Message-ID: <20010710204302.B26312@nexus.root.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: ; from dave@hawk-systems.com on Tue, Jul 10, 2001 at 09:12:52PM -0400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >we arelooking for a new vendor for 1U units. > >Given the inherant marketing valur of brand recognition, we are >considering trying out a few Intel ISP1100 and SRMK2 models of 1U >servers (not the preconfigured hosting/cache and other garbage >models). > >Any first hand experience with loading up 4.3 Stable on these systems >that would be helpful before we dump a chunk of change on some? > >Barring that, any other first hand recommendations for solid 1U >FreeBSD friendly solutions from solid well founded companies. Looking >for dual SCSI / RAID mirroring, hefty memory (a la 4GB max), low heat >and power consumption... but most of all solid performer. > >Appreciate any input. My company manufactures 1U and 2U servers. We haven't done RAID inside the 1U server, but it's theoretically possible using a RAID card of some sort. We have sold configurations of 1U with our external RAID systems, however, and have a great deal of RAID expertise. I'd be happy to discuss this privately with you in more depth. -DG David Greenman Co-founder, The FreeBSD Project - http://www.freebsd.org President, TeraSolutions, Inc. - http://www.terasolutions.com Pave the road of life with opportunities. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jul 10 23:17: 7 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pericles.IPAustralia.gov.au (pericles.IPAustralia.gov.au [202.14.186.30]) by hub.freebsd.org (Postfix) with ESMTP id 5932537B403 for ; Tue, 10 Jul 2001 23:17:02 -0700 (PDT) (envelope-from Stanley.Hopcroft@IPAustralia.gov.au) Received: (from smap@localhost) by pericles.IPAustralia.gov.au (8.11.3/8.11.1) id f6B6GtR55779 for ; Wed, 11 Jul 2001 16:16:55 +1000 (EST) (envelope-from Stanley.Hopcroft@IPAustralia.gov.au) Received: from unknown(10.0.3.110) by pericles.IPAustralia.gov.au via smap (V2.1) id xma055769; Wed, 11 Jul 01 16:16:42 +1000 Received: (from anwsmh@localhost) by stan.aipo.gov.au (8.11.3/8.11.1) id f6B6Ggx00854 for isp@FreeBSD.ORG; Wed, 11 Jul 2001 16:16:42 +1000 (EST) (envelope-from anwsmh) Date: Wed, 11 Jul 2001 16:16:42 +1000 From: Stanley Hopcroft To: isp@FreeBSD.ORG Subject: Re: Multiport serial cards Message-ID: <20010711161641.D758@IPAustralia.Gov.AU> Mime-Version: 1.0 Content-Type: message/rfc822 Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear Sir, I am writing to say "yes" the Cyclade Cyclom Y series PCI cards work fine for me with FreeBSD 4.3-RELEASE. On Tue, Jul 10, 2001 at 09:47:58PM -0500, Will Andrews wrote: > On Sun, Jul 08, 2001 at 06:37:38PM +0200, Wim Livens (wim@livens.net) wrote: > > http://www.cyclades.com/products/index.htm > > > > Y-series or Z-series depending on your needs. I've used Y-series > > cards with success. > > With cy(4) on FreeBSD >= 4.0? > tsitc> more /var/log/dmesg.yesterday Copyright (c) 1992-2001 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.3-RELEASE #2: Fri Jul 6 15:07:09 EST 2001 root@tsitc.aipo.gov.au:/usr/src/sys/compile/TSITC cy0: port 0xec00-0xec7f mem 0xfebf4000-0xfebf7fff,0xfebfec00-0xfebfec7f irq 7 at device 14.0 on pci0 and cuacnn devices. tsitc> grep cuac /etc/remote modem:dv=/dev/cuac00:br#9600:pa=none:\ ibm2210-prod:dv=/dev/cuac01:br#9600:pa=none: ibm2210-internet:dv=/dev/cuac02:br#9600:pa=none: ibm2210-spare:dv=/dev/cuac03:br#9600:pa=none: mpac1:dv=/dev/cuac04:br#9600:pa=none: Hardware is Dell PE 350 (must hack the metal work to get access to the RJ12 connector for Port 0 - cuac00). Yours sincerely. -- ------------------------------------------------------------------------ Stanley Hopcroft IP Australia Network Specialist +61 2 6283 3189 +61 2 6281 1353 (FAX) Stanley.Hopcroft@IPAustralia.Gov.AU ------------------------------------------------------------------------ The Advertising Agency Song: When your client's hopping mad, Put his picture in the ad. If he still should prove refractory, Add a picture of his factory. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 11 2:16:13 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pericles.IPAustralia.gov.au (pericles.IPAustralia.gov.au [202.14.186.30]) by hub.freebsd.org (Postfix) with ESMTP id D8E5937B403 for ; Wed, 11 Jul 2001 02:16:08 -0700 (PDT) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: (from smap@localhost) by pericles.IPAustralia.gov.au (8.11.3/8.11.1) id f6B9G7Y62151 for ; Wed, 11 Jul 2001 19:16:07 +1000 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: from wf-131.aipo.gov.au(192.168.1.131) by pericles.IPAustralia.gov.au via smap (V2.1) id xma062147; Wed, 11 Jul 01 19:15:44 +1000 Received: (from anwsmh@localhost) by stan.aipo.gov.au (8.11.1/8.11.1) id f6B9M3U00442 for isp@FreeBSD.ORG; Wed, 11 Jul 2001 19:22:03 +1000 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) X-Authentication-Warning: stan.aipo.gov.au: anwsmh set sender to anwsmh@IPAustralia.Gov.AU using -f Date: Wed, 11 Jul 2001 19:22:02 +1000 From: Stanley Hopcroft To: isp@FreeBSD.ORG Subject: StatsScout. Software SNMP Manager and RMON probes based (I think on FreeBSD). Message-ID: <20010711192201.B327@IPAustralia.Gov.AU> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear Ladies and Gentlemen, I am writing about a product called StatsScout (http://www.StatsScout.COM), a SNMP 'network manager' and software/headless PC RMON probe product that is based on FreeBSD. The product might interest those managing distributed operations and also those with Large LANS (>= 1000 Nodes). As I seee it the product provides :- 1 (via the probes) top n statistics (top errors, top talkers, top errors etc. Maybe traffic matrix.) 2 High peformance monitoring of *basic* (non customisable) OIDS (restricted to interface goup) together with their consolidation, organisation and archiving. Apparently the performance is achieved by having the SNMP gets and walks done by the kernel. 3 A web interface to the report and config tools (although the config is kept in text files. Phew !). The web interface includes nice drill down facilities. 4 Very fast report production. 5 Device grouping and selection (via the report filters) 6 SLA compliance (the config tool allows the specification of 'business hours') 7 Email (or email to SMS gateway) notification 8 Exception reporting. The product can be used to generate the probes by generating a boot floppy and having the futue probe load its OS and applications automatically (whereupon it perhaps becomes an instant FreeBSD host itself) on boot. The company is Australia and I think the developer is Paul Koch. While it's not free, it is not as outrageously expensive as stuff like OpenView or whatrever Spectrum is called these days. It certainly has far more features and power than the lower cost commercial stuff (Cisco Works 2000 - that number - for Windows for example). I was stunned when they said it was a FreeBSD application. Delighted and suprised. I would be very interested to hear (off list) comments from those who have tried it. Thank you, Yours sincerely. -- ------------------------------------------------------------------------ Stanley Hopcroft IP Australia Network Specialist +61 2 6283 3189 +61 2 6281 1353 (FAX) Stanley.Hopcroft@IPAustralia.Gov.AU ------------------------------------------------------------------------ If God had intended Man to Watch TV, He would have given him Rabbit Ears. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 11 2:51: 7 2001 Delivered-To: freebsd-isp@freebsd.org Received: from jake.akitanet.co.uk (jake.akitanet.co.uk [212.1.130.131]) by hub.freebsd.org (Postfix) with ESMTP id F362437B403 for ; Wed, 11 Jul 2001 02:51:03 -0700 (PDT) (envelope-from wiggy@wopr.akitanet.co.uk) Received: from dsl-212-135-208-201.dsl.easynet.co.uk ([212.135.208.201] helo=wopr.akitanet.co.uk) by jake.akitanet.co.uk with esmtp (Exim 3.13 #3) id 15KGdo-000K9K-00; Wed, 11 Jul 2001 10:50:44 +0100 Received: from wiggy by wopr.akitanet.co.uk with local (Exim 3.21 #2) id 15KGeC-000C9j-00; Wed, 11 Jul 2001 10:51:08 +0100 Date: Wed, 11 Jul 2001 10:51:08 +0100 From: Paul Robinson To: Stanley Hopcroft Cc: isp@FreeBSD.ORG Subject: Re: StatsScout. Software SNMP Manager and RMON probes based (I think on FreeBSD). Message-ID: <20010711105108.E3963@jake.akitanet.co.uk> References: <20010711192201.B327@IPAustralia.Gov.AU> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20010711192201.B327@IPAustralia.Gov.AU>; from Stanley.Hopcroft@IPAustralia.Gov.AU on Wed, Jul 11, 2001 at 07:22:02PM +1000 X-Scanner: exiscan *15KGdo-000K9K-00*$AK$cyqkv/O5JbtLFk2I7VYSq0* Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Jul 11, Stanley Hopcroft wrote: > Dear Ladies and Gentlemen, > > I am writing about a product called StatsScout > (http://www.StatsScout.COM), a SNMP 'network manager' and I think that URL might be an error: No match for domain "STATSSCOUT.COM". >>> Last update of whois database: Wed, 11 Jul 2001 02:02:47 EDT <<< Which would explain why it won't resolve. Indeed. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 11 3:34:31 2001 Delivered-To: freebsd-isp@freebsd.org Received: from moat.teksupport.net.au (moat.teksupport.net.au [203.17.1.98]) by hub.freebsd.org (Postfix) with ESMTP id B80E537B401 for ; Wed, 11 Jul 2001 03:34:22 -0700 (PDT) (envelope-from robseco@teksupport.net.au) Received: from rob.secombe (robseco.secombe [192.168.1.2]) by moat.teksupport.net.au (8.11.0/8.11.0) with SMTP id f6BAYI305566 for ; Wed, 11 Jul 2001 20:34:19 +1000 (EST) (envelope-from robseco@teksupport.net.au) Message-Id: <3.0.5.32.20010711203417.03722b20@secombe> X-Sender: robseco@secombe X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Wed, 11 Jul 2001 20:34:17 +1000 To: freebsd-isp@freebsd.org From: Rob Secombe Subject: Re: Can anyone explain this? In-Reply-To: <3B4729A4.18892.B6CBA25@localhost> References: <3.0.5.32.20010708003023.03759b60@secombe> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi All, Thanks to all that replied. In the end I decided to take the path of least resistance and build a new firewall on 4.3. It appears that thanks to Brian Somers this is now fixed by default in the latest and greatest userland ppp. [tcp]mssfixup Default: Enabled. This option tells ppp to adjust outgoing TCP SYN packets so that the maximum receive segment size is not greater than the amount allowed by the interface MTU. Cheers Rob At 15:24 07/07/01 -0400, Gene Bomgardner wrote: >I had exactly the same problem using 3.4. Once I upgraded to 4.3 >everything worked fine. > >Gene > > >On 8 Jul 2001, at 0:30, Rob Secombe wrote: > >Hi all, > >I recently upgraded a customers link from ISDN using a TA to ADSL >using the Alcatel Speed Touch Home ADSL modem and pppoe, as >supplied >by the access provider. The machine is acting as a gateway/firewall >with one NIC connected to the LAN and a second connecting the >ADSL >modem and uses userland ppp -nat and ipfw. > >Here is the problem. Everthing works fine from the gateway >machine to >any machine on the inside or the outside. Browsing works ok >provided >we use a proxy on the gateway. As soon as we try to forward >packets >across the gateway via ppp nat something goes awry. For >instance, if I >try to collect mail from an external pop server the client will >establish a connection but will not transfer data. Passive FTP works >ok from the gateway but not from a workstation on the inside. We were >ipforwarding external smtp to a internal mail server but that doesn't >work either. I have temporarily set up sendmail on the gateway to >route the mail to the internal server. which does work. The wierd >thing is that I can ping hosts across the gateway with varing packet >sizes, establish a telnet session with a pop server and even manually >do a 'retr' but if I use a mail client it locks up and the pop server >drops the connection. The Internal network is not using 'private' ip's >but the customer owns the class c, it is behind NAT and the network is >not advertised. I have also tried it with the firewall open but to no >avail. > >Here is the config: > >FreeBSD 3.4-RELEASE > >ppp.conf > >adsl: > set device PPPoE:rl1 > set mru 1492 > set mtu 1492 > set authname xxxxxxxx > set authkey xxxxxxxxx > set speed sync > enable lqr > set cd 5 > set dial > set login > set redial 0 0 > set ifaddr 0/0 0/0 > add default HISADDR > nat enable yes > #nat port tcp 203.34.150.3:25 25 > nat port tcp 203.34.150.3:80 8000 > nat port tcp 203.34.150.2:80 80 > nat port tcp 203.34.150.5:80 8080 > nat port tcp 203.34.150.5:81 8001 > nat port tcp 203.34.150.5:13000 13000 > nat port tcp 203.34.150.5:13001 13001 > nat port tcp 203.34.150.5:13999 13999 > >ifconfig > >rl0: flags=8843 mtu 1500 > inet 203.34.150.1 netmask 0xffffff00 broadcast 203.34.150.255 > ether 00:60:67:06:94:0b media: autoselect (100baseTX > ) supported media: autoselect 100baseTX > 100baseTX > 100baseTX 10baseT/UTP 10baseT/UTP >10baseT/UTP rl1: >flags=8843 mtu 1500 > inet 10.0.0.1 netmask 0xff000000 broadcast 10.255.255.255 > ether 00:60:67:79:61:c2 media: autoselect supported media: > autoselect 100baseTX 100baseTX > 100baseTX 10baseT/UTP 10baseT/UTP >10baseT/UTP tun0: >flags=8051 mtu 1492 > inet xxx.xxx.xxx.xxx --> yyy.yyy.yyy.yyy netmask 0xffffff00 > >Anybody got any ideas - 'cause I have run out. > >Thanks > >Rob. > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 11 4: 1:32 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pericles.IPAustralia.gov.au (pericles.IPAustralia.gov.au [202.14.186.30]) by hub.freebsd.org (Postfix) with ESMTP id 565F237B401 for ; Wed, 11 Jul 2001 04:01:27 -0700 (PDT) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: (from smap@localhost) by pericles.IPAustralia.gov.au (8.11.3/8.11.1) id f6BB1Pd63853 for ; Wed, 11 Jul 2001 21:01:25 +1000 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: from wf-131.aipo.gov.au(192.168.1.131) by pericles.IPAustralia.gov.au via smap (V2.1) id xma063851; Wed, 11 Jul 01 21:01:05 +1000 Received: (from anwsmh@localhost) by stan.aipo.gov.au (8.11.1/8.11.1) id f6BB7Pe00571 for ISP@FreeBSD.ORG; Wed, 11 Jul 2001 21:07:25 +1000 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) X-Authentication-Warning: stan.aipo.gov.au: anwsmh set sender to anwsmh@IPAustralia.Gov.AU using -f Date: Wed, 11 Jul 2001 21:07:24 +1000 From: Stanley Hopcroft To: ISP@FreeBSD.ORG Subject: Re: StatsScout. Software SNMP Manager and RMON probes based (I think on FreeBSD). Message-ID: <20010711210723.H327@IPAustralia.Gov.AU> References: <20010711192201.B327@IPAustralia.Gov.AU> <20010711210245.G327@IPAustralia.Gov.AU> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010711210245.G327@IPAustralia.Gov.AU>; from Stanley.Hopcroft@IPAustralia.Gov.AU on Wed, Jul 11, 2001 at 09:02:47PM +1000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear Ladies and Gentlemen, I am writing to correct the mistaken URL in this letter (thank you to Paul Robinson for pointing it out). > On Wed, Jul 11, 2001 at 07:22:02PM +1000, Stanley Hopcroft wrote: > > > I am writing about a product called StatsScout > (http://www.StatsScout.COM), a SNMP 'network manager' and > software/headless PC RMON probe product that is based on FreeBSD. Sorry about that. The name is more Unix centric than I thought. http://www.StatScout.COM MAP: http://www.statscout.com/#HomeHeader 1. About Statscout Pty Ltd 2. Overview Of Statscout Products 3. Sample Of Statscout Clients 4. Statscout News 5. Request Information 6. Frequentlty Asked Questions 7. Statscout Technical Documentation 8. Statscout Downloads 9. Product Key Request Form 10. Support Request Yours sincerely, -- ------------------------------------------------------------------------ Stanley Hopcroft IP Australia Network Specialist +61 2 6283 3189 +61 2 6281 1353 (FAX) Stanley.Hopcroft@IPAustralia.Gov.AU ------------------------------------------------------------------------ "It's easier said than done." ... and if you don't believe it, try proving that it's easier done than said, and you'll see that "it's easier said that `it's easier done than said' than it is done", which really proves that "it's easier said than done". To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 11 4:30:10 2001 Delivered-To: freebsd-isp@freebsd.org Received: from backup.dagupan.com (www.psysc.org.ph [206.101.69.5]) by hub.freebsd.org (Postfix) with ESMTP id 9B10D37B401 for ; Wed, 11 Jul 2001 04:30:07 -0700 (PDT) (envelope-from francisv@dagupan.com) Received: by chat.dagupan.com with Internet Mail Service (5.5.2653.19) id <3M2R933F>; Wed, 11 Jul 2001 19:29:53 +0800 Message-ID: <10F29E27A956D511B0940050DA8D86A908F647@chat.dagupan.com> From: francisv@dagupan.com To: isp@freebsd.org Subject: Ppp and libradius Date: Wed, 11 Jul 2001 19:29:52 +0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, I've done some experiment with PPP and /etc/radius.conf and somewhat resulted positively. However, there is one catch: the RADIUS server, RadiusNT on Windows 2000, needs to know a port for it to log accounting data. Any experiences regarding this setup? -- Francis Vidal [::Bitstop Internet::] streaming media services [v] +63 (75) 522-0092 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 11 6:13:28 2001 Delivered-To: freebsd-isp@freebsd.org Received: from otto.oss.uswest.net (otto.oss.uswest.net [204.147.85.81]) by hub.freebsd.org (Postfix) with ESMTP id 8852937B401 for ; Wed, 11 Jul 2001 06:13:25 -0700 (PDT) (envelope-from pmckenna@otto.oss.uswest.net) Received: (from pmckenna@localhost) by otto.oss.uswest.net (8.11.3/8.11.1) id f6BD9pO20929; Wed, 11 Jul 2001 08:09:51 -0500 (CDT) (envelope-from pmckenna) Date: Wed, 11 Jul 2001 08:09:51 -0500 From: Pete McKenna To: francisv@dagupan.com Cc: isp@FreeBSD.ORG Subject: Re: Ppp and libradius Message-ID: <20010711080951.C12414@otto.oss.qwest.net> References: <10F29E27A956D511B0940050DA8D86A908F647@chat.dagupan.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <10F29E27A956D511B0940050DA8D86A908F647@chat.dagupan.com>; from francisv@dagupan.com on Wed, Jul 11, 2001 at 07:29:52PM +0800 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I can't say that I've done this on NT, but Radius typically does accounting on the port just above the authentication port. The default ports used to be: 1645 Auth 1646 Acct The official IANA assignment is now apparently: 1812 Auth 1813 Acct I wasn't able to get valid acct packets out of libradius, and ended up using radclient from freeradius, which worked very well for what I needed to do. YMMV http://www.freeradius.org/ Pete On Wed, Jul 11, 2001 at 07:29:52PM +0800, francisv@dagupan.com wrote: > Hi all, > > I've done some experiment with PPP and /etc/radius.conf and somewhat > resulted positively. However, there is one catch: the RADIUS server, > RadiusNT on Windows 2000, needs to know a port for it to log accounting > data. Any experiences regarding this setup? > > -- > Francis Vidal [::Bitstop Internet::] > streaming media services [v] +63 (75) 522-0092 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message -- Peter McKenna Qwest Internet Solutions pmckenna@qwest.net Main 612-664-4000 FAX 612-664-4770 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 11 6:43: 2 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.hostorama.com (208-128-72-15.ipv4.intur.net [208.128.72.15]) by hub.freebsd.org (Postfix) with SMTP id C417B37B401 for ; Wed, 11 Jul 2001 06:42:52 -0700 (PDT) (envelope-from eric@ericwalters.com) Received: (qmail 73872 invoked from network); 11 Jul 2001 14:03:57 -0000 Received: from unknown (HELO netmon1) (12.45.139.50) by 0 with SMTP; 11 Jul 2001 14:03:57 -0000 From: "Eric Walters" To: "Ryan Masse" , "Eric Walters" Cc: Subject: RE: remote power-on/off Date: Wed, 11 Jul 2001 08:42:50 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 In-Reply-To: <007701c109ac$e72d11c0$3200a8c0@Home> Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I guess it depends on who you talk to. I know that when I called the guy told me that he was not supposed to do it, but he did it any way. I must have caught someone in a generous mood. Good luck, Eric -----Original Message----- From: Ryan Masse [mailto:mail@max-info.net] Sent: Tuesday, July 10, 2001 8:57 PM To: Eric Walters Cc: freeBSD-isp@freebsd.org Subject: Re: remote power-on/off Ya they won't allow me to trade up a UPS for the masterswitch =\ i had already gone through that. Ryan > If you have an old APC UPS that you aren't using or doesn't work, you can > check out APC's Trade-UPS program and get a Master Switch for a pretty > decent discount. > > Thanks, > > Eric > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of James Wyatt > Sent: Tuesday, July 10, 2001 8:59 AM > To: Ryan Masse > Cc: freebsd-isp@freebsd.org > Subject: Re: remote power-on/off > > > On Mon, 9 Jul 2001, Ryan Masse wrote: > > Can anyone recommend a technology that would allow a customer to remotely > > reboot a colocated server? > > There are several. We have an APC switch that is great, but not cheap. It > knows what serial and network connections are and has a nice rack mount. > > If you have an extra phone line, www.x10.com has a telephone responder > that can control X10 modules that go inline with the power. The user calls > it and issues ToucnTone(tm) commands to command it. Easily handles 16 > hosts, but they have to be on the same UPS. > > Hope this helps - Jy@ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 11 7:47:40 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bigglesworth.mail.be.easynet.net (bigglesworth.mail.be.easynet.net [212.100.160.67]) by hub.freebsd.org (Postfix) with ESMTP id A395937B401 for ; Wed, 11 Jul 2001 07:47:36 -0700 (PDT) (envelope-from wim@krijt.livens.net) Received: from 213-193-182-61.adsl.easynet.be ([213.193.182.61] helo=krijt.livens.net) by bigglesworth.mail.be.easynet.net with esmtp (Exim 3.16 #1) id 15KLH4-00041z-00; Wed, 11 Jul 2001 16:47:34 +0200 Received: (from wim@localhost) by krijt.livens.net (8.11.3/8.11.3) id f6BEmEj84256; Wed, 11 Jul 2001 16:48:14 +0200 (CEST) (envelope-from wim) Date: Wed, 11 Jul 2001 16:48:13 +0200 From: Wim Livens To: Will Andrews Cc: Wim Livens , tony.mccrory@mgn.co.uk, freebsd-isp@FreeBSD.ORG Subject: Re: Multiport serial cards Message-ID: <20010711164813.A84178@krijt.livens.net> References: <20010708183737.A2541@krijt.livens.net> <20010710214758.E97456@bohr.physics.purdue.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010710214758.E97456@bohr.physics.purdue.edu>; from will@physics.purdue.edu on Tue, Jul 10, 2001 at 09:47:58PM -0500 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jul 10, 2001 at 09:47:58PM -0500, Will Andrews wrote: > On Sun, Jul 08, 2001 at 06:37:38PM +0200, Wim Livens (wim@livens.net) wrote: > > http://www.cyclades.com/products/index.htm > > > > Y-series or Z-series depending on your needs. I've used Y-series > > cards with success. > > With cy(4) on FreeBSD >= 4.0? > yep. I used it since FreeBSD 3.3. -- Wim Livens mailto:wim@livens.net http://wim.livens.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 11 8: 2:58 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bigglesworth.mail.be.easynet.net (bigglesworth.mail.be.easynet.net [212.100.160.67]) by hub.freebsd.org (Postfix) with ESMTP id DAAA337B405 for ; Wed, 11 Jul 2001 08:02:55 -0700 (PDT) (envelope-from wim@krijt.livens.net) Received: from 213-193-182-61.adsl.easynet.be ([213.193.182.61] helo=krijt.livens.net) by bigglesworth.mail.be.easynet.net with esmtp (Exim 3.16 #1) id 15KLVv-0004Ic-00 for freebsd-isp@freebsd.org; Wed, 11 Jul 2001 17:02:55 +0200 Received: (from wim@localhost) by krijt.livens.net (8.11.3/8.11.3) id f6BF3aC84509 for freebsd-isp@freebsd.org; Wed, 11 Jul 2001 17:03:36 +0200 (CEST) (envelope-from wim) Date: Wed, 11 Jul 2001 17:03:36 +0200 From: Wim Livens To: freebsd-isp@freebsd.org Subject: gcc on production server Message-ID: <20010711170336.B84178@krijt.livens.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Not sure if this is the most appropriate forum, but... Is it a good idea, security-wise, to have a build environment (gcc, et al.) on a production webserver ? Thanks for any opinions. -- Wim Livens mailto:wim@livens.net http://wim.livens.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 11 8:19:59 2001 Delivered-To: freebsd-isp@freebsd.org Received: from icon.bg (icon.bg [62.176.80.58]) by hub.freebsd.org (Postfix) with ESMTP id 042EB37B403 for ; Wed, 11 Jul 2001 08:19:56 -0700 (PDT) (envelope-from v0rbiz@icon.bg) Received: (qmail 64648 invoked by uid 1000); 11 Jul 2001 15:19:48 -0000 Date: Wed, 11 Jul 2001 18:19:48 +0300 From: Victor Ivanov To: Pete McKenna Cc: francisv@dagupan.com, isp@FreeBSD.ORG Subject: Re: Ppp and libradius Message-ID: <20010711181948.A64599@icon.icon.bg> References: <10F29E27A956D511B0940050DA8D86A908F647@chat.dagupan.com> <20010711080951.C12414@otto.oss.qwest.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20010711080951.C12414@otto.oss.qwest.net> User-Agent: Mutt/1.3.19i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Jul 11, 2001 at 08:09:51AM -0500, Pete McKenna wrote: > I can't say that I've done this on NT, but Radius typically does > accounting on the port just above the authentication port. > The default ports used to be: > > 1645 Auth > 1646 Acct > The official IANA assignment is now apparently: > 1812 Auth > 1813 Acct > > I wasn't able to get valid acct packets out of libradius, and ended > up using radclient from freeradius, which worked very well for what > I needed to do. > YMMV > > http://www.freeradius.org/ PPP uses correctly libradius, I have used it with merit radius and now am using it with freeradius. You need to specify both accounting and authentication radius servers in radius.conf, even if it is actualy the same server listening on a different port. -- Players win and winners play Have a lucky day To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 11 9:27: 0 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pitr.tuxinternet.com (pitr.tuxinternet.com [208.32.175.113]) by hub.freebsd.org (Postfix) with ESMTP id 0CA7037B406 for ; Wed, 11 Jul 2001 09:26:48 -0700 (PDT) (envelope-from hugme@pitr.tuxinternet.com) Received: (from hugme@localhost) by pitr.tuxinternet.com (8.11.0/8.11.0) id f6BCWXI22545 for freebsd-isp@FreeBSD.ORG; Wed, 11 Jul 2001 12:32:33 GMT (envelope-from hugme) Date: Wed, 11 Jul 2001 12:32:33 +0000 From: Hug Me To: freebsd-isp@FreeBSD.ORG Subject: Re: gcc on production server Message-ID: <20010711123133.A21587@pitr.tuxinternet.com> References: <20010711170336.B84178@krijt.livens.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="1SQmhf2mF2YjsYvc" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010711170336.B84178@krijt.livens.net>; from wim@livens.net on Wed, Jul 11, 2001 at 05:03:36PM +0200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --1SQmhf2mF2YjsYvc Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 11, 2001 at 05:03:36PM +0200, Wim Livens wrote: >=20 > Not sure if this is the most appropriate forum, but... >=20 > Is it a good idea, security-wise, to have a build environment (gcc, et al= .) > on a production webserver ? it will depend on what level of security you are going for. The first and best layer of defence for your web server is the network. TURN OFF EVERYTHING YOU DON'T USE. don't ever use anything with a password clear text.. telnet, ftp,pop mail etc...=20 secound, make sure none of your services run as root... make sure that the = web server runs as one user and your web pages are owned by another.. your web = server should not have the rights to write to these pages unless it REALLY needs t= hem. if everything is turned off it should be hard for someone to get a shell. I= =20 have shell accounts on my system, I have done somthing simaliar, I changed the permissions on anything on the system that can compile so that only root can run it, gcc, c++, cc... etc also everything in the /sbin, /usr/sbin and /usr/local/sbin directory. then I have gone through and changed ANYTHING a user wouldn't need to run to execute only by root (-r-x------) I do regular scans on my system, run tripwire... things like that... if you are REALLY worried about security, get a drive that has a jumper you can change to read only, put your operating system on it, move the jumper like I said there are many levels as to how paranoid you want to be and with each level you are going to have to spend a little more time on your system configuring. find a good balance that you feel comfortable with between securiting your system and how much time you spend on it. then you can decide what level of paranoia is good for you... oh, I have been working on a simple security help section on my page, it's = not finished yet, (it should have 6 parts when I am done) but you can check out= what=20 I have so far at http://www.hugme.org/computer/freebsd >=20 > Thanks for any opinions. >=20 > --=20 > Wim Livens =20 > mailto:wim@livens.net > http://wim.livens.net >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message --=20 ************************************************* hugme hugme@hugme.org http://www.hugme.org http://www.atlantacon.org PGP Public key: http://www.hugme.org/mykey.pgp --1SQmhf2mF2YjsYvc Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjtMR2EACgkQCEkxz3stqbQdpgCgkl7igRA056dy0JRzfMonU9cK cKYAnAlfEslhsV8E3NsKm7LFt2q2kqBI =t+w7 -----END PGP SIGNATURE----- --1SQmhf2mF2YjsYvc-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 11 10:21:52 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pitr.tuxinternet.com (pitr.tuxinternet.com [208.32.175.113]) by hub.freebsd.org (Postfix) with ESMTP id 1185A37B403 for ; Wed, 11 Jul 2001 10:21:50 -0700 (PDT) (envelope-from hugme@pitr.tuxinternet.com) Received: (from hugme@localhost) by pitr.tuxinternet.com (8.11.0/8.11.0) id f6BDRlL23000 for freebsd-isp@freebsd.org; Wed, 11 Jul 2001 13:27:47 GMT (envelope-from hugme) Date: Wed, 11 Jul 2001 13:27:47 +0000 From: Hug Me To: freebsd-isp@freebsd.org Subject: This weekend Message-ID: <20010711132747.E21587@pitr.tuxinternet.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="HB4mHL4PVvkpZAgW" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --HB4mHL4PVvkpZAgW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Defcon is this weekend. For any of you going there will be a group of us meeting by the big pool at the alexis at 8:00 thursday evening Hope to see new faces and old friends there!! --=20 ************************************************* hugme hugme@hugme.org http://www.hugme.org http://www.atlantacon.org PGP Public key: http://www.hugme.org/mykey.pgp --HB4mHL4PVvkpZAgW Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjtMVFMACgkQCEkxz3stqbQFpgCcDmlkB3BdJuS3hw5k+6/uqB3f Iv4An2g3HgHxSZdbha/Oj0AlLLVTLk9a =bo9D -----END PGP SIGNATURE----- --HB4mHL4PVvkpZAgW-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 11 16: 8:53 2001 Delivered-To: freebsd-isp@freebsd.org Received: from orbital.mtl.posixnet.org (orbital.mtl.posixnet.org [66.38.182.19]) by hub.freebsd.org (Postfix) with ESMTP id 56E2B37B401 for ; Wed, 11 Jul 2001 16:08:50 -0700 (PDT) (envelope-from paul@colba.net) Received: from colba.net ([204.92.10.133]) by orbital.mtl.posixnet.org (8.11.4/8.11.1) with ESMTP id f6BNC7k01430 for ; Wed, 11 Jul 2001 19:12:12 -0400 (EDT) (envelope-from paul@colba.net) Message-ID: <3B4D1660.18205869@colba.net> Date: Wed, 11 Jul 2001 23:15:44 -0400 From: Paul Khavkine X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Subject: IPv6 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi i have a few questions regarding IPv6 I got a /48 subnet from Freenet6 and would like to play with it. I have: box #1 --> tunnel to Freenet6 box #2 --> tunnel to box #1 I have box1 -> box2 tunnel working, ping telnet, ssh, ftp, etc... Now i can't seem to make box1 route properly. Anyone has an example setup with one box doing routing IPv6 to a 6Bone provider tunnel ? Thanx Paul -- ************************************************* Paul Khavkine Network Administrator Distributel Communications 740 Notre Dame West, Suite 1135 Montreal, Quebec, Canada, H3C 3X6 1-514-877-0064 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 11 16:56:20 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.cableaz.com (mail.cableaz.com [63.241.154.20]) by hub.freebsd.org (Postfix) with ESMTP id 67AE937B405 for ; Wed, 11 Jul 2001 16:56:17 -0700 (PDT) (envelope-from jeremy@cableaz.com) Received: from caz ([63.241.150.19]) by mail.cableaz.com (Build 101 8.9.3/NT-8.9.3) with SMTP id QAA00182 for ; Wed, 11 Jul 2001 16:46:24 -0700 Message-ID: <000b01c10a64$a903f220$1396f13f@caz> From: "Jeremy Buckner" To: Subject: Quotas Date: Wed, 11 Jul 2001 16:53:18 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I am building a new mail server for my Internet customers and I am running into some trouble with enabling quotas. I have done this once before on another machine and everything worked fine. Here's my problem: After building and installing the new kernel with the quota option, I edit my fstab and my rc.conf file to the appropriate settings (according to the handbook). The handbook then says to reboot the machine and that /etc/rc runs the proper commands to create user.quota and group.quota. When I do this it appears as though /etc/rc is not creating these two files. I am setting up quotas on my /usr. when the machine boots I get the following: Enabling Quotas : QUOTAON: /usr/user.config , file does not exist. and of course I get the same for group.quota. In other words, it thinks that they should be there already? I have reloaded (re-installed) the machine several times and I get the same error. I am at a loss. Can anyone help? Thanks, Jeremy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 11 17: 0:16 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bobcat.ncia.net (bobcat.ncia.net [207.141.177.10]) by hub.freebsd.org (Postfix) with ESMTP id 919E937B401 for ; Wed, 11 Jul 2001 17:00:13 -0700 (PDT) (envelope-from rjtaylor@ncia.net) Received: from wolf.ncia.net (wolf.ncia.net [207.140.8.22]) by bobcat.ncia.net (8.11.3/8.11.3) with ESMTP id f6C00BS60054; Wed, 11 Jul 2001 20:00:12 -0400 (EDT) (envelope-from rjtaylor@ncia.net) Received: from localhost (rjtaylor@localhost) by wolf.ncia.net (8.11.3/8.11.3) with ESMTP id f6C009B12831; Wed, 11 Jul 2001 20:00:09 -0400 Date: Wed, 11 Jul 2001 20:00:09 -0400 (EDT) From: Ryan Taylor To: Jeremy Buckner Cc: Subject: Re: Quotas In-Reply-To: <000b01c10a64$a903f220$1396f13f@caz> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 11 Jul 2001, Jeremy Buckner wrote: > I am building a new mail server for my Internet customers > and I am running into some trouble with enabling quotas. I > have done this once before on another machine and everything > worked fine. Here's my problem: > > After building and installing the new kernel with the quota > option, I edit my fstab and my rc.conf file to the > appropriate settings (according to the handbook). The > handbook then says to reboot the machine and that /etc/rc > runs the proper commands to create user.quota and > group.quota. > > When I do this it appears as though /etc/rc is not creating > these two files. I am setting up quotas on my /usr. when the > machine boots I get the following: Enabling Quotas : > QUOTAON: /usr/user.config , file does not exist. and of > course I get the same for group.quota. In other words, it > thinks that they should be there already? > > I have reloaded (re-installed) the machine several times and > I get the same error. I am at a loss. > > Can anyone help? > > Thanks, > > Jeremy > I think you'll need to touch those two files first to create them. IIRC you should also chmod 600 them too. --------------------- Ryan J. Taylor Systems/Network Administrator NCIA rj@ncia.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jul 11 17:32:53 2001 Delivered-To: freebsd-isp@freebsd.org Received: from backup.dagupan.com (www.psysc.org.ph [206.101.69.5]) by hub.freebsd.org (Postfix) with ESMTP id BBA8F37B405 for ; Wed, 11 Jul 2001 17:32:48 -0700 (PDT) (envelope-from francisv@dagupan.com) Received: by chat.dagupan.com with Internet Mail Service (5.5.2653.19) id <3M2R9P3N>; Thu, 12 Jul 2001 08:32:35 +0800 Message-ID: <10F29E27A956D511B0940050DA8D86A908F648@chat.dagupan.com> From: francisv@dagupan.com To: v0rbiz@icon.bg, pmckenna@qwest.net Cc: isp@FreeBSD.ORG Subject: RE: Ppp and libradius Date: Thu, 12 Jul 2001 08:32:35 +0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yes, I have both "acct" and "auth" lines in my radius.conf file. Radius.conf auth ip.add.of.auth secret acct ip.add.of.acct secret -----Original Message----- From: Victor Ivanov [mailto:v0rbiz@icon.bg] Sent: Wednesday, July 11, 2001 11:20 PM To: Pete McKenna Cc: francisv@dagupan.com; isp@FreeBSD.ORG Subject: Re: Ppp and libradius On Wed, Jul 11, 2001 at 08:09:51AM -0500, Pete McKenna wrote: > I can't say that I've done this on NT, but Radius typically does > accounting on the port just above the authentication port. > The default ports used to be: > > 1645 Auth > 1646 Acct > The official IANA assignment is now apparently: > 1812 Auth > 1813 Acct > > I wasn't able to get valid acct packets out of libradius, and ended > up using radclient from freeradius, which worked very well for what > I needed to do. > YMMV > > http://www.freeradius.org/ PPP uses correctly libradius, I have used it with merit radius and now am using it with freeradius. You need to specify both accounting and authentication radius servers in radius.conf, even if it is actualy the same server listening on a different port. -- Players win and winners play Have a lucky day To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 12 4:35: 7 2001 Delivered-To: freebsd-isp@freebsd.org Received: from jake.akitanet.co.uk (jake.akitanet.co.uk [212.1.130.131]) by hub.freebsd.org (Postfix) with ESMTP id EA79037B403 for ; Thu, 12 Jul 2001 04:35:01 -0700 (PDT) (envelope-from wiggy@wopr.akitanet.co.uk) Received: from dsl-212-135-208-201.dsl.easynet.co.uk ([212.135.208.201] helo=wopr.akitanet.co.uk) by jake.akitanet.co.uk with esmtp (Exim 3.13 #3) id 15Keju-000IN6-00; Thu, 12 Jul 2001 12:34:38 +0100 Received: from wiggy by wopr.akitanet.co.uk with local (Exim 3.21 #2) id 15Keke-00070y-00; Thu, 12 Jul 2001 12:35:24 +0100 Date: Thu, 12 Jul 2001 12:35:23 +0100 From: Paul Robinson To: Hug Me Cc: freebsd-isp@FreeBSD.ORG Subject: Re: gcc on production server Message-ID: <20010712123523.G53408@jake.akitanet.co.uk> References: <20010711170336.B84178@krijt.livens.net> <20010711123133.A21587@pitr.tuxinternet.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <20010711123133.A21587@pitr.tuxinternet.com>; from hugme@hugme.org on Wed, Jul 11, 2001 at 12:32:33PM +0000 X-Scanner: exiscan *15Keju-000IN6-00*$AK$V96zSmqeiLU5KQA8VR1Pk0* Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Jul 11, Hug Me wrote: > The first and best layer of defence for your web server is the network. T= URN > OFF EVERYTHING YOU DON'T USE. don't ever use anything with a password cle= ar > text.. telnet, ftp,pop mail etc...=20 I'm sorry, but for a moment then I thought this was freebsd-isp, but if you're going to take that approach, then you can't be an ISP. Or you must be one with very few/very savvy customers. It just isn't practical to be a commercial ISP and not offer vanilla FTP and POP3. The way to ensure compromising yourself there is to use non-system authentication - e.g. popper and ftpd auth out of a MySQL database. That way, even if a password is snarfed, the attacker can't get a shell via ssh or whatever (unless the same password is being used for a shell account). Incidentally, part of the company I work for does penetration testing, and the most common method of gaining access is guessable passwords. If you have a complicated password and write it on a post-it note stuck to your monitor, you're actually more secure than using a guessable password that an attacker can crack from 3,000 miles away. =20 > secound, make sure none of your services run as root... make sure that th= e web > server runs as one user and your web pages are owned by another.. your we= b server > should not have the rights to write to these pages unless it REALLY needs= them. Again, issues of practicality. What if you really want to get rid of FTP and so instead offer a file upload page? =20 > if everything is turned off it should be hard for someone to get a shell.= I=20 > have shell accounts on my system, I have done somthing simaliar, I changed > the permissions on anything on the system that can compile so that only r= oot > can run it, gcc, c++, cc... etc also everything in the /sbin, /usr/sbin a= nd > /usr/local/sbin directory. then I have gone through and changed ANYTHING > a user wouldn't need to run to execute only by root (-r-x------) Ummmm.... you really don't need to do that. I'm not saying anything. I'm sure somebody else will. That really is not the point of the unix permissions system.... =20 > I do regular scans on my system, run tripwire... things like that... Well done. Have a lollipop. :-) =20 > if you are REALLY worried about security, get a drive that has a jumper y= ou > can change to read only, put your operating system on it, move the jumper Ummmm... that's not clever. That's stupid. So, you're an ISP. If you're running this system, exactly how do you deliver mail, allow users to change webpages, etc? Oh yeah, and just out or curiosity, what happens to /var and /tmp ? As one colleague just replied when I read that paragraph to him "that's not an OS - it's a coaster". I hope it keeps your coffee warm. I understand what you're trying to get at, but there is a LOT more to getting such a system working than you might think. =20 > oh, I have been working on a simple security help section on my page, it'= s not > finished yet, (it should have 6 parts when I am done) but you can check o= ut what=20 > I have so far at http://www.hugme.org/computer/freebsd That URL just plain doesn't work for me over here. --=20 Paul Robinson ,--------------------------------------- Technical Director @ Akita | A computer lets you make more mistakes PO Box 604, Manchester, M60 3PR | than any other invention with the=20 T: +44 (0) 161 228 6388 (F:6389)| possible exceptions of handguns and | Tequila - Mitch Ratcliffe `----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 12 9:43:13 2001 Delivered-To: freebsd-isp@freebsd.org Received: from kira.epconline.net (kira2.epconline.net [209.83.132.2]) by hub.freebsd.org (Postfix) with ESMTP id AC93637B409 for ; Thu, 12 Jul 2001 09:43:10 -0700 (PDT) (envelope-from carock@epctech.com) Received: from therock (betterguard.epconline.net [207.206.185.193]) by kira.epconline.net (8.11.2/8.11.2) with SMTP id f6CGh4f81134 for ; Thu, 12 Jul 2001 11:43:04 -0500 (CDT) Reply-To: From: "Chuck Rock" To: Subject: ISP target mode? Date: Thu, 12 Jul 2001 11:43:04 -0500 Message-ID: <002e01c10af1$b8eeac10$1805010a@epconline.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm configuring a new web server with 4.3, and I found ISP_TARGET_MODE in the LINT file. I can't seem to find iny information on this. Does anyone know what this option is for? Thanks, Chuck Rock Internet Services Manager EPC Inc. http://www.epctech.com http://www.epconline.com http://www.pconramp.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 12 10: 0:24 2001 Delivered-To: freebsd-isp@freebsd.org Received: from misery.sdf.com (misery.sdf.com [204.244.213.49]) by hub.freebsd.org (Postfix) with ESMTP id 87CE437B401 for ; Thu, 12 Jul 2001 10:00:21 -0700 (PDT) (envelope-from tom@sdf.com) Received: from tom (helo=localhost) by misery.sdf.com with local-esmtp (Exim 2.12 #1) id 15KjXz-0006Cu-00; Thu, 12 Jul 2001 09:42:39 -0700 Date: Thu, 12 Jul 2001 09:42:37 -0700 (PDT) From: Tom Samplonius To: Chuck Rock Cc: freebsd-isp@FreeBSD.ORG Subject: Re: ISP target mode? In-Reply-To: <002e01c10af1$b8eeac10$1805010a@epconline.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 12 Jul 2001, Chuck Rock wrote: > I'm configuring a new web server with 4.3, and I found ISP_TARGET_MODE in > the LINT file. I believe it is target mode support for the isp series SCSI cards. Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 12 10:39:29 2001 Delivered-To: freebsd-isp@freebsd.org Received: from imo-r10.mx.aol.com (imo-r10.mx.aol.com [152.163.225.106]) by hub.freebsd.org (Postfix) with ESMTP id 6FBEB37B405 for ; Thu, 12 Jul 2001 10:39:24 -0700 (PDT) (envelope-from Bsdguru@aol.com) Received: from Bsdguru@aol.com by imo-r10.mx.aol.com (mail_out_v30.22.) id h.65.170e42f2 (4415); Thu, 12 Jul 2001 13:39:17 -0400 (EDT) From: Bsdguru@aol.com Message-ID: <65.170e42f2.287f3ac4@aol.com> Date: Thu, 12 Jul 2001 13:39:16 EDT Subject: Re: Intel ISP1100 or similar 1U experience with 4.3 stable To: crandall@matchlogic.com, isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 5.0 for Windows sub 139 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In a message dated 07/11/2001 3:14:19 PM Eastern Daylight Time, crandall@matchlogic.com writes: > Don't know how this ended up on -hackers, but... > > The 1U server market is indeed hot (pun intended). > > Take a look at the new 1400 series from iXsystems (www.ixsystems.net -- > formerly BSDi, formerly Telenet) and the Dell 1550. I've tested both systems > and was impressed by both. If you're buying more than a few machines, Dell > has some very aggressive pricing. > > Charles the fact that you were impressed doesnt mean that they are adaquately cooled or anything else. Are you implying that just because something is popular it is well-engineered? There is less than 1" of space above the cpu in a 1U unit, which doesnt leave enough space for an approproate heat-sink and fan for high Mhz cpu. Yes they will run, and may never fail, but they are not as reliable as 2U units which allow for a more appropriate heat sink and larger fans. Bryan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 12 10:52: 1 2001 Delivered-To: freebsd-isp@freebsd.org Received: from matthew.uk1.vbc.net (matthew.uk1.vbc.net [194.207.2.14]) by hub.freebsd.org (Postfix) with ESMTP id 07EAB37B405 for ; Thu, 12 Jul 2001 10:51:59 -0700 (PDT) (envelope-from jdd@vbc.net) Received: from localhost (jdd@localhost) by matthew.uk1.vbc.net (8.9.3/8.9.3) with ESMTP id SAA75014 for ; Thu, 12 Jul 2001 18:51:57 +0100 (BST) X-Authentication-Warning: matthew.uk1.vbc.net: jdd owned process doing -bs Date: Thu, 12 Jul 2001 18:51:57 +0100 (BST) From: Jim Dixon X-Sender: jdd@matthew.uk1.vbc.net To: freebsd-isp@freebsd.org Subject: VOIP Message-ID: X-NCC-RegID: uk.vbcnet MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Does anyone have any experience running voice over IP on UNIX hosts? -- Jim Dixon VBCnet GB Ltd http://www.vbc.net tel +44 117 929 1316 fax +44 117 927 2015 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 12 10:53:50 2001 Delivered-To: freebsd-isp@freebsd.org Received: from kira.epconline.net (kira2.epconline.net [209.83.132.2]) by hub.freebsd.org (Postfix) with ESMTP id 94E4137B406 for ; Thu, 12 Jul 2001 10:53:43 -0700 (PDT) (envelope-from carock@epconline.net) Received: from therock (betterguard.epconline.net [207.206.185.193]) by kira.epconline.net (8.11.2/8.11.2) with SMTP id f6CHrgf88817 for ; Thu, 12 Jul 2001 12:53:42 -0500 (CDT) From: "Chuck Rock" To: Subject: RE: Intel ISP1100 or similar 1U experience with 4.3 stable Date: Thu, 12 Jul 2001 12:53:42 -0500 Message-ID: <004f01c10afb$96fbfbd0$1805010a@epconline.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 In-Reply-To: <65.170e42f2.287f3ac4@aol.com> Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You said below while dirtbagging this guy's comments.... > cpu. Yes they > will run, and may never fail, but they are not as reliable as 2U > units which Hmmm, run and never fail. Sounds like the definition of reliable to me..! Are you having a bad day? Chuck > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Bsdguru@aol.com > Sent: Thursday, July 12, 2001 12:39 PM > To: crandall@matchlogic.com; isp@FreeBSD.ORG > Subject: Re: Intel ISP1100 or similar 1U experience with 4.3 stable > > > In a message dated 07/11/2001 3:14:19 PM Eastern Daylight Time, > crandall@matchlogic.com writes: > > > Don't know how this ended up on -hackers, but... > > > > The 1U server market is indeed hot (pun intended). > > > > Take a look at the new 1400 series from iXsystems (www.ixsystems.net -- > > formerly BSDi, formerly Telenet) and the Dell 1550. I've tested both > systems > > and was impressed by both. If you're buying more than a few > machines, Dell > > has some very aggressive pricing. > > > > Charles > > the fact that you were impressed doesnt mean that they are > adaquately cooled > or anything else. Are you implying that just because something is > popular it > is well-engineered? > > There is less than 1" of space above the cpu in a 1U unit, which > doesnt leave > enough space for an approproate heat-sink and fan for high Mhz > cpu. Yes they > will run, and may never fail, but they are not as reliable as 2U > units which > allow for a more appropriate heat sink and larger fans. > > > Bryan > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 12 11: 6:42 2001 Delivered-To: freebsd-isp@freebsd.org Received: from root.com (root.com [209.102.106.178]) by hub.freebsd.org (Postfix) with ESMTP id F399B37B409 for ; Thu, 12 Jul 2001 11:06:37 -0700 (PDT) (envelope-from dg@root.com) Received: (from dg@localhost) by root.com (8.11.2/8.11.2) id f6CHt5d49937; Thu, 12 Jul 2001 10:55:05 -0700 (PDT) (envelope-from dg) Date: Thu, 12 Jul 2001 10:55:05 -0700 From: David Greenman To: Bsdguru@aol.com Cc: crandall@matchlogic.com, isp@freebsd.org Subject: Re: Intel ISP1100 or similar 1U experience with 4.3 stable Message-ID: <20010712105505.A49840@nexus.root.com> References: <65.170e42f2.287f3ac4@aol.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <65.170e42f2.287f3ac4@aol.com>; from Bsdguru@aol.com on Thu, Jul 12, 2001 at 01:39:16PM -0400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >In a message dated 07/11/2001 3:14:19 PM Eastern Daylight Time, >crandall@matchlogic.com writes: > >> Don't know how this ended up on -hackers, but... >> >> The 1U server market is indeed hot (pun intended). >> >> Take a look at the new 1400 series from iXsystems (www.ixsystems.net -- >> formerly BSDi, formerly Telenet) and the Dell 1550. I've tested both >systems >> and was impressed by both. If you're buying more than a few machines, Dell >> has some very aggressive pricing. >> >> Charles > >the fact that you were impressed doesnt mean that they are adaquately cooled >or anything else. Are you implying that just because something is popular it >is well-engineered? > >There is less than 1" of space above the cpu in a 1U unit, which doesnt leave >enough space for an approproate heat-sink and fan for high Mhz cpu. Yes they >will run, and may never fail, but they are not as reliable as 2U units which >allow for a more appropriate heat sink and larger fans. Uhh, that just isn't true. It's true that _most_ low profile CPU coolers will not cool adequately, but certainly not all of them. There are some that are large but not tall that have a powerful fan and are made partly or completely of copper that do a fine job of cooling. CPUs in our 1U systems, for example, run worst case about 20C above ambient temperature, usually less than 10C above - i.e. about 35C, which is well below the 70C thermal requirement of the 1GHz FCPGA PIII and fairly close to the performace of the large aluminum heat sink that Intel provides with the boxed processor. -DG David Greenman Co-founder, The FreeBSD Project - http://www.freebsd.org President, TeraSolutions, Inc. - http://www.terasolutions.com Pave the road of life with opportunities. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 12 11:11: 4 2001 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.iMach.com (workhorse.iMach.com [206.127.77.89]) by hub.freebsd.org (Postfix) with ESMTP id 19D3C37B403 for ; Thu, 12 Jul 2001 11:11:00 -0700 (PDT) (envelope-from forrestc@imach.com) Received: from localhost (forrestc@localhost) by workhorse.iMach.com (8.9.3/8.9.3) with ESMTP id LAA06350; Thu, 12 Jul 2001 11:56:33 -0600 (MDT) Date: Thu, 12 Jul 2001 11:56:33 -0600 (MDT) From: "Forrest W. Christian" To: Chuck Rock Cc: freebsd-isp@FreeBSD.ORG Subject: RE: Intel ISP1100 or similar 1U experience with 4.3 stable In-Reply-To: <004f01c10afb$96fbfbd0$1805010a@epconline.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'll toss my comments in here. I use a Intel CA810E motherboard with various processors in a 1U case and I've never seen a heat problem. The key IS the CPU fan. I use the low profile thermaltake orbs. They push a LOT of air across the fan and I haven't seen the temp on the cpu's get over what I'd see typically in a larger case with a "correctly" sized heatsink and lots of fans. -forrest On Thu, 12 Jul 2001, Chuck Rock wrote: > Date: Thu, 12 Jul 2001 12:53:42 -0500 > From: Chuck Rock > To: freebsd-isp@FreeBSD.ORG > Subject: RE: Intel ISP1100 or similar 1U experience with 4.3 stable > > You said below while dirtbagging this guy's comments.... > > > cpu. Yes they > > will run, and may never fail, but they are not as reliable as 2U > > units which > > Hmmm, run and never fail. Sounds like the definition of reliable to me..! > > Are you having a bad day? > > Chuck > > > -----Original Message----- > > From: owner-freebsd-isp@FreeBSD.ORG > > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Bsdguru@aol.com > > Sent: Thursday, July 12, 2001 12:39 PM > > To: crandall@matchlogic.com; isp@FreeBSD.ORG > > Subject: Re: Intel ISP1100 or similar 1U experience with 4.3 stable > > > > > > In a message dated 07/11/2001 3:14:19 PM Eastern Daylight Time, > > crandall@matchlogic.com writes: > > > > > Don't know how this ended up on -hackers, but... > > > > > > The 1U server market is indeed hot (pun intended). > > > > > > Take a look at the new 1400 series from iXsystems (www.ixsystems.net -- > > > formerly BSDi, formerly Telenet) and the Dell 1550. I've tested both > > systems > > > and was impressed by both. If you're buying more than a few > > machines, Dell > > > has some very aggressive pricing. > > > > > > Charles > > > > the fact that you were impressed doesnt mean that they are > > adaquately cooled > > or anything else. Are you implying that just because something is > > popular it > > is well-engineered? > > > > There is less than 1" of space above the cpu in a 1U unit, which > > doesnt leave > > enough space for an approproate heat-sink and fan for high Mhz > > cpu. Yes they > > will run, and may never fail, but they are not as reliable as 2U > > units which > > allow for a more appropriate heat sink and larger fans. > > > > > > Bryan > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 12 12: 8:34 2001 Delivered-To: freebsd-isp@freebsd.org Received: from beastie.saturn-tech.com (beastie.saturn-tech.com [207.229.19.136]) by hub.freebsd.org (Postfix) with ESMTP id B7D9537B403 for ; Thu, 12 Jul 2001 12:08:29 -0700 (PDT) (envelope-from drussell@saturn-tech.com) Received: from localhost (drussell@localhost) by beastie.saturn-tech.com (8.11.1/8.11.0) with ESMTP id f6CLeLs05465; Thu, 12 Jul 2001 15:40:21 -0600 (MDT) (envelope-from drussell@saturn-tech.com) X-Authentication-Warning: beastie.saturn-tech.com: drussell owned process doing -bs Date: Thu, 12 Jul 2001 15:40:21 -0600 (MDT) From: Doug Russell To: Jim Dixon Cc: freebsd-isp@FreeBSD.ORG Subject: Re: VOIP In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 12 Jul 2001, Jim Dixon wrote: > Does anyone have any experience running voice over IP on UNIX hosts? Depends... Are we talking about hobby-level toys, or a real H323 gateway and such. Later...... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 12 13:51:12 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smcloud.sosbbs.com (excelsior.sosbbs.com [216.37.208.31]) by hub.freebsd.org (Postfix) with ESMTP id 716B337B403 for ; Thu, 12 Jul 2001 13:51:05 -0700 (PDT) (envelope-from bsilver@sosbbs.com) Received: from sojourner (ds9m25.sarvers.com [216.37.231.25]) by smcloud.sosbbs.com (Vircom SMTPRS 4.5.186) with SMTP id for ; Thu, 12 Jul 2001 16:50:49 -0400 Message-ID: <007c01c10b14$5462d820$0100a8c0@sosbbs.com> From: "Bart Silverstrim" To: References: <20010711170336.B84178@krijt.livens.net> <20010711123133.A21587@pitr.tuxinternet.com> <20010712123523.G53408@jake.akitanet.co.uk> Subject: Re: gcc on production server Date: Thu, 12 Jul 2001 16:50:45 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Paul Robinson" To: "Hug Me" Cc: Sent: Thursday, July 12, 2001 7:35 AM Subject: Re: gcc on production server On Jul 11, Hug Me wrote: >> if you are REALLY worried about security, get a drive that has a jumper you >> can change to read only, put your operating system on it, move the jumper > >Ummmm... that's not clever. That's stupid. So, you're an ISP. If you're >running this system, exactly how do you deliver mail, allow users to change >webpages, etc? Oh yeah, and just out or curiosity, what happens to /var and >/tmp ? As one colleague just replied when I read that paragraph to him >"that's not an OS - it's a coaster". I hope it keeps your coffee warm. Why not use two drives, one read only with the OS on it, one with multiple partitions to mount to /var and /tmp, , /home...stuff like that...or some variation of that theme? I toyed with the idea of trying to make bootable CD's for the key system files and such before, should work in a similar manner to what is basically described above (although performance from the read operations would be terrible) if I actually had the time and extra hardware to dedicate to making system laid out to create a "image" and make a slave drive on another system with a CD-R drive :-) Gotta admit, that would make it terribly difficult to crack into and lay trojaned system binaries... --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.264 / Virus Database: 136 - Release Date: 7/3/01 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 12 14:14: 6 2001 Delivered-To: freebsd-isp@freebsd.org Received: from cx175057-a.ocnsd1.sdca.home.com (cx175057-a.ocnsd1.sdca.home.com [24.13.23.40]) by hub.freebsd.org (Postfix) with ESMTP id 0108C37B401 for ; Thu, 12 Jul 2001 14:13:57 -0700 (PDT) (envelope-from bri@sonicboom.org) Received: from Brian (cx175057-b.ocnsd1.sdca.home.com [24.13.23.147]) by cx175057-a.ocnsd1.sdca.home.com (8.11.1/8.11.1) with SMTP id f6CLDsA84157; Thu, 12 Jul 2001 14:13:55 -0700 (PDT) (envelope-from bri@sonicboom.org) Message-ID: <005101c10b17$51c67b00$3324200a@sonicboom.org> From: "Brian" To: "Bart Silverstrim" , References: <20010711170336.B84178@krijt.livens.net> <20010711123133.A21587@pitr.tuxinternet.com> <20010712123523.G53408@jake.akitanet.co.uk> <007c01c10b14$5462d820$0100a8c0@sosbbs.com> Subject: Re: gcc on production server Date: Thu, 12 Jul 2001 14:12:07 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org There are some articles on sans.org that talk about making /usr read only on a solaris system. Perhaps some portions of http://www.sans.org/newlook/resources/hard_solaris.htm, especially the step by step at the bottom could be used, at least from an idea perspective. I know its Solaris but ideas can be grafted. Bri ----- Original Message ----- From: "Bart Silverstrim" To: Sent: Thursday, July 12, 2001 1:50 PM Subject: Re: gcc on production server > > ----- Original Message ----- > From: "Paul Robinson" > To: "Hug Me" > Cc: > Sent: Thursday, July 12, 2001 7:35 AM > Subject: Re: gcc on production server > > > On Jul 11, Hug Me wrote: > > >> if you are REALLY worried about security, get a drive that has a jumper > you > >> can change to read only, put your operating system on it, move the > jumper > > > >Ummmm... that's not clever. That's stupid. So, you're an ISP. If you're > >running this system, exactly how do you deliver mail, allow users to change > >webpages, etc? Oh yeah, and just out or curiosity, what happens to /var and > >/tmp ? As one colleague just replied when I read that paragraph to him > >"that's not an OS - it's a coaster". I hope it keeps your coffee warm. > > Why not use two drives, one read only with the OS on it, one with multiple > partitions to mount to /var and /tmp, , /home...stuff like that...or > some variation of that theme? > > I toyed with the idea of trying to make bootable CD's for the key system > files and such before, should work in a similar manner to what is basically > described above (although performance from the read operations would be > terrible) if I actually had the time and extra hardware to dedicate to > making system laid out to create a "image" and make a slave drive on another > system with a CD-R drive :-) Gotta admit, that would make it terribly > difficult to crack into and lay trojaned system binaries... > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.264 / Virus Database: 136 - Release Date: 7/3/01 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 12 14:36: 1 2001 Delivered-To: freebsd-isp@freebsd.org Received: from imo-m04.mx.aol.com (imo-m04.mx.aol.com [64.12.136.7]) by hub.freebsd.org (Postfix) with ESMTP id 8941137B401 for ; Thu, 12 Jul 2001 14:35:57 -0700 (PDT) (envelope-from Bsdguru@aol.com) Received: from Bsdguru@aol.com by imo-m04.mx.aol.com (mail_out_v31.7.) id y.110.240247e (4240); Thu, 12 Jul 2001 17:35:41 -0400 (EDT) From: Bsdguru@aol.com Message-ID: <110.240247e.287f722d@aol.com> Date: Thu, 12 Jul 2001 17:35:41 EDT Subject: Re: Intel ISP1100 or similar 1U experience with 4.3 stable To: carock@epconline.net, isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 5.0 for Windows sub 139 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In a message dated 07/12/2001 1:54:03 PM Eastern Daylight Time, carock@epconline.net writes: > You said below while dirtbagging this guy's comments.... > > > cpu. Yes they > > will run, and may never fail, but they are not as reliable as 2U > > units which > > Hmmm, run and never fail. Sounds like the definition of reliable to me..! > > Are you having a bad day? > If you think that a 5% failure rate is reliable (which implies that 95% dont) then you are quite the engineer. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 12 14:50:18 2001 Delivered-To: freebsd-isp@freebsd.org Received: from imo-r03.mx.aol.com (imo-r03.mx.aol.com [152.163.225.99]) by hub.freebsd.org (Postfix) with ESMTP id B752837B403 for ; Thu, 12 Jul 2001 14:50:13 -0700 (PDT) (envelope-from Bsdguru@aol.com) Received: from Bsdguru@aol.com by imo-r03.mx.aol.com (mail_out_v31.7.) id x.da.8f012a9 (4240); Thu, 12 Jul 2001 17:50:08 -0400 (EDT) From: Bsdguru@aol.com Message-ID: Date: Thu, 12 Jul 2001 17:50:08 EDT Subject: Re: Intel ISP1100 or similar 1U experience with 4.3 stable To: dg@root.com, isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 5.0 for Windows sub 139 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In a message dated 07/12/2001 2:07:02 PM Eastern Daylight Time, dg@root.com writes: > >There is less than 1" of space above the cpu in a 1U unit, which doesnt > leave > >enough space for an approproate heat-sink and fan for high Mhz cpu. Yes > they > >will run, and may never fail, but they are not as reliable as 2U units > which > >allow for a more appropriate heat sink and larger fans. > > Uhh, that just isn't true. It's true that _most_ low profile CPU coolers > will not cool adequately, but certainly not all of them. There are some that > are large but not tall that have a powerful fan and are made partly or > completely of copper that do a fine job of cooling. CPUs in our 1U systems, > for example, run worst case about 20C above ambient temperature, usually > less than 10C above - i.e. about 35C, which is well below the 70C thermal > requirement of the 1GHz FCPGA PIII and fairly close to the performace of the > large aluminum heat sink that Intel provides with the boxed processor. > Firstly, we are talking about dual systems, or at least my original post was. Even on the slimist fan, the clearance above the fan is too small, 1/8 to 1/4" usually. Its not enough space, no matter how powerful the fan. You'll have hot spots, particularly near the cpus, which can cause failures over time. Are you really arguing with me that a 2U enclosure is more reliable and offers better cooling, or only that its possible to use a 1U (or in dgs case are you just trying to justify your product...i suspect you dont have a 2U solution to offer)? Im not sure what is wrong with you people. Very few people cant spare the extra 2" of space,and the result is more reliable, which was and is my point. There is zero question that 2U offers better cooling than 1U, so what exactly are all of you home-spun "engineers" trying to say? B To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 12 15:14:58 2001 Delivered-To: freebsd-isp@freebsd.org Received: from tsunami.acidpit.org (tsunami.solveinteractive.com [206.190.163.234]) by hub.freebsd.org (Postfix) with ESMTP id 3883537B407 for ; Thu, 12 Jul 2001 15:14:44 -0700 (PDT) (envelope-from rch@acidpit.org) Received: (from rch@localhost) by tsunami.acidpit.org (8.11.4/8.11.3) id f6CMCwN16814 for freebsd-isp@FreeBSD.ORG; Thu, 12 Jul 2001 18:12:58 -0400 (EDT) (envelope-from rch@acidpit.org) Date: Thu, 12 Jul 2001 18:12:57 -0400 From: Robert Hough To: freebsd-isp@FreeBSD.ORG Subject: Re: gcc on production server Message-ID: <20010712181257.A71299@acidpit.org> Mail-Followup-To: freebsd-isp@FreeBSD.ORG References: <20010711170336.B84178@krijt.livens.net> <20010711123133.A21587@pitr.tuxinternet.com> <20010712123523.G53408@jake.akitanet.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010712123523.G53408@jake.akitanet.co.uk>; from paul@akita.co.uk on Thu, Jul 12, 2001 at 12:35:23 +0100 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Jul 12, 2001, Paul Robinson wrote: > > The first and best layer of defence for your web server is the network. TURN > > OFF EVERYTHING YOU DON'T USE. don't ever use anything with a password clear > > text.. telnet, ftp,pop mail etc... > > I'm sorry, but for a moment then I thought this was freebsd-isp, but if > you're going to take that approach, then you can't be an ISP. Since when does a web server need popper, ftp, or telnet enabled? I'm just going by the paragraph above, as I don't have the original here. However, I'm pretty sure he said the best defense for a web server. > > /usr/local/sbin directory. then I have gone through and changed ANYTHING > > a user wouldn't need to run to execute only by root (-r-x------) > > Ummmm.... you really don't need to do that. I'm not saying anything. I'm > sure somebody else will. That really is not the point of the unix > permissions system.... I would have to agree, and it sounds to me like he is running as root 90% of the time he is on the system. Shame on him! > > I do regular scans on my system, run tripwire... things like that... > > Well done. Have a lollipop. :-) Hmm, what good is a tripwire scan going to do you, if the cracker has "fixed" the database? Take that lollipop away! The "read-only" drive solution works well for this actually. > > if you are REALLY worried about security, get a drive that has a jumper you > > can change to read only, put your operating system on it, move the jumper > > Ummmm... that's not clever. That's stupid. So, you're an ISP. If you're > running this system, exactly how do you deliver mail, allow users to change > webpages, etc? Oh yeah, and just out or curiosity, what happens to /var and > /tmp ? As one colleague just replied when I read that paragraph to him > "that's not an OS - it's a coaster". I hope it keeps your coffee warm. Hmm, maybe you can explain to me why /, /usr, and /usr/local need to be writtable on a production machine? I can't think of any real reason's myself. We actually use this setup here, and it works quite well. YMMV. > I understand what you're trying to get at, but there is a LOT more to > getting such a system working than you might think. Not really, just takes a little thought is all. It *is* however, a pain in the ass to take an existing system and move it to this type of setup though. -- Robert Hough (rch@acidpit.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 12 15:32:12 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bilver.wjv.com (dhcp-1-113.n01.orldfl01.us.ra.verio.net [157.238.210.113]) by hub.freebsd.org (Postfix) with ESMTP id 66D9C37B403 for ; Thu, 12 Jul 2001 15:32:00 -0700 (PDT) (envelope-from bill@bilver.wjv.com) Received: (from bill@localhost) by bilver.wjv.com (8.11.1/8.11.1) id f6CMVsB44994; Thu, 12 Jul 2001 18:31:54 -0400 (EDT) (envelope-from bill) Date: Thu, 12 Jul 2001 18:31:24 -0400 From: Bill Vermillion To: Bart Silverstrim Cc: freebsd-isp@FreeBSD.ORG Subject: Re: gcc on production server Message-ID: <20010712183124.A44876@wjv.com> Reply-To: bv@wjv.com References: <20010711170336.B84178@krijt.livens.net> <20010711123133.A21587@pitr.tuxinternet.com> <20010712123523.G53408@jake.akitanet.co.uk> <007c01c10b14$5462d820$0100a8c0@sosbbs.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <007c01c10b14$5462d820$0100a8c0@sosbbs.com>; from bsilver@sosbbs.com on Thu, Jul 12, 2001 at 04:50:45PM -0400 Organization: W.J.Vermillion / Orlando - Winter Park Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Jul 12, 2001 at 04:50:45PM -0400, Bart Silverstrim thus sprach: > On Jul 11, Hug Me wrote: > >> if you are REALLY worried about security, get a drive that has > >> a jumper you can change to read only, put your operating system > >> on it, move the jumper > >Ummmm... that's not clever. That's stupid. So, you're an ISP. > >If you're running this system, exactly how do you deliver mail, > >allow users to change webpages, etc? Oh yeah, and just out or > >curiosity, what happens to /var and /tmp ? As one colleague just > >replied when I read that paragraph to him "that's not an OS - > >it's a coaster". I hope it keeps your coffee warm. > Why not use two drives, one read only with the OS on it, one > with multiple partitions to mount to /var and /tmp, , > /home...stuff like that...or some variation of that theme? > I toyed with the idea of trying to make bootable CD's for the key > system files and such before, should work in a similar manner to > what is basically described above (although performance from the > read operations would be terrible) if I actually had the time and > extra hardware to dedicate to making system laid out to create a > "image" and make a slave drive on another system with a CD-R drive > :-) Gotta admit, that would make it terribly difficult to crack > into and lay trojaned system binaries... Using the highest security level and performing a noschg on all the important system directores can make the OS look almost like a ROM. Leave the file systems which need to be written as set normally. Eric Brueggmann posted this last August to this same list. =============================================================================== #!/bin/sh # Run this after a make world, for better security. chflags noschg /bin/* chflags noschg /usr/bin/* chflags noschg /sbin/* chflags noschg /usr/sbin/* chflags noschg /bin ; chflags noschg /sbin chflags noschg /usr/bin ; chflags noschg /usr/sbin cd /var/log; chmod g-w,o-r * ; chmod a+r wtmp echo "Edit /etc/rc.conf and change the kernellevel to 2" for i in ` find / -type f -perm -2000 | egrep -wv "lockfile" ` ; do chmod g-s $i ; done for i in ` find / -type f -perm -4000 | egrep -wv "man|login|passwd|su|ssh|sendmail|procmail|sudo|mail.local" ` ; do chmod u-s $i ; done for i in ` find / -type d -perm -002 | egrep -v "tmp" ` ; do chmod o-w $i ; done chmod 700 /root # cd to /home and chmod 700 every directory except "apache|newuser|ftp|?????" chflags schg /bin/* chflags schg /usr/bin/* chflags schg /sbin/* chflags schg /usr/sbin/* chflags schg /bin ; chflags schg /sbin chflags schg /usr/bin ; chflags schg /usr/sbin # =============================================================================== -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 12 15:44:21 2001 Delivered-To: freebsd-isp@freebsd.org Received: from root.com (root.com [209.102.106.178]) by hub.freebsd.org (Postfix) with ESMTP id 0AB3237B403 for ; Thu, 12 Jul 2001 15:44:18 -0700 (PDT) (envelope-from dg@root.com) Received: (from dg@localhost) by root.com (8.11.2/8.11.2) id f6CMX2551063; Thu, 12 Jul 2001 15:33:02 -0700 (PDT) (envelope-from dg) Date: Thu, 12 Jul 2001 15:33:02 -0700 From: David Greenman To: Bsdguru@aol.com Cc: isp@freebsd.org Subject: Re: Intel ISP1100 or similar 1U experience with 4.3 stable Message-ID: <20010712153302.J40357@nexus.root.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: ; from Bsdguru@aol.com on Thu, Jul 12, 2001 at 05:50:08PM -0400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >In a message dated 07/12/2001 2:07:02 PM Eastern Daylight Time, dg@root.com >writes: > >> >There is less than 1" of space above the cpu in a 1U unit, which doesnt >> leave >> >enough space for an approproate heat-sink and fan for high Mhz cpu. Yes >> they >> >will run, and may never fail, but they are not as reliable as 2U units >> which >> >allow for a more appropriate heat sink and larger fans. >> >> Uhh, that just isn't true. It's true that _most_ low profile CPU coolers >> will not cool adequately, but certainly not all of them. There are some >that >> are large but not tall that have a powerful fan and are made partly or >> completely of copper that do a fine job of cooling. CPUs in our 1U systems, >> for example, run worst case about 20C above ambient temperature, usually >> less than 10C above - i.e. about 35C, which is well below the 70C thermal >> requirement of the 1GHz FCPGA PIII and fairly close to the performace of >the >> large aluminum heat sink that Intel provides with the boxed processor. >> > >Firstly, we are talking about dual systems, or at least my original post was. >Even on the slimist fan, the clearance above the fan is too small, 1/8 to >1/4" usually. Its not enough space, no matter how powerful the fan. You'll >have hot spots, particularly near the cpus, which can cause failures over >time. > >Are you really arguing with me that a 2U enclosure is more reliable and >offers better cooling, or only that its possible to use a 1U (or in dgs case >are you just trying to justify your product...i suspect you dont have a 2U >solution to offer)? Im not sure what is wrong with you people. Very few >people cant spare the extra 2" of space,and the result is more reliable, >which was and is my point. There is zero question that 2U offers better >cooling than 1U, so what exactly are all of you home-spun "engineers" trying >to say? You're really starting to sound like a troll. I'm not a 'home-spun' engineer. I don't need to justify our products; they are built based on sound engineering and have extremely low failure rates - well below 1%. We've never had a cooling related failure. We have both 1U and 2U solutions. The cooling in the 2U solution is better than the 1U, but the 1U is well within the acceptable range. We measure both cabinet temperature and the on-die diode CPU temperature and our spec is for the CPU to operate 20C or more below the recommended maximum operating temperature of 70C. We've engineered and tested the 1U solution for dual CPUs, but don't currently offer that due to reasons that have nothing to do with cooling. What *I'm* trying to say is that, while the 2U solutions may have slightly better cooling, it doesn't matter because the 1U cooling is just fine and provides a large margin for reliable operation in idiot environments where the ambient temperature is high enough to roast any humans nearby. -DG David Greenman Co-founder, The FreeBSD Project - http://www.freebsd.org President, TeraSolutions, Inc. - http://www.terasolutions.com Pave the road of life with opportunities. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 12 17:26:11 2001 Delivered-To: freebsd-isp@freebsd.org Received: from snfc21.pbi.net (mta6.snfc21.pbi.net [206.13.28.240]) by hub.freebsd.org (Postfix) with ESMTP id 1D40737B403 for ; Thu, 12 Jul 2001 17:26:09 -0700 (PDT) (envelope-from mda@discerning.com) Received: from mdaxke ([64.169.92.103]) by mta6.snfc21.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with SMTP id <0GGD00BBMYJJFF@mta6.snfc21.pbi.net> for isp@FreeBSD.ORG; Thu, 12 Jul 2001 17:26:08 -0700 (PDT) Date: Thu, 12 Jul 2001 17:23:18 -0700 From: "Mark D. Anderson" Subject: Re: Intel ISP1100 or similar 1U experience with 4.3 stable To: isp@FreeBSD.ORG Message-id: <0a7a01c10b32$048ca100$13bf2581@mdaxke> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Mailer: Microsoft Outlook Express 5.50.4133.2400 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7BIT X-Priority: 3 X-MSMail-priority: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org a nice feature of both the isp1100 and the sun netra is that they have both: 1. serial bios output (not just serial console after some OS is booted), 2. remote reboot (not remote boot like PXE, and not wake-on-lan, but a remote command to it to reset power, whether any OS is running or not). the isp1100 does this using the "EMP" serial port available on the L440GX+ board; i assume that other systems using the same board could do the same. the vacm.sourceforge.net project has support for the control protocol from a linux-based controller (intel only offers a win32 executable for control). i assume that could be easily ported to freebsd, though there is no requirement for the controlling PC to match the controlled PCs. i don't know of any other production intel 1U system that has these features, besides the ISP1100. despite the fact that VA spearheaded the vacm project, their 1U system instead used a proprietary ethernet port. ones based on simple serial ports are better since you can run them all through a dialup terminal concentrator (or a PC with a multi-serial card, your choice). HP, Dell, and Compaq have some of these features, but based on extra plug-in cards (variously called "Lights Out Management", "Remote Insight", etc.). this adds a lot to the expense. IBM offers a system (the xSeries 330) with a proprietary kvm daisy-chain cable they call "C2T". That cuts down on cabling, but doesn't offer the simplicity of a serial port. if anyone has info on an intel 1U system with the features of the ISP1100, please let us (or at least me) know. I don't know why there is apparently not much demand for it -- seems to me that if you care enough about space that you get 1Us, then you care about manageability. -mda To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 12 18:48: 3 2001 Delivered-To: freebsd-isp@freebsd.org Received: from beastie.saturn-tech.com (beastie.saturn-tech.com [207.229.19.136]) by hub.freebsd.org (Postfix) with ESMTP id E2FC737B401 for ; Thu, 12 Jul 2001 18:48:01 -0700 (PDT) (envelope-from drussell@saturn-tech.com) Received: from localhost (drussell@localhost) by beastie.saturn-tech.com (8.11.1/8.11.0) with ESMTP id f6D4WbY06584; Thu, 12 Jul 2001 22:32:37 -0600 (MDT) (envelope-from drussell@saturn-tech.com) X-Authentication-Warning: beastie.saturn-tech.com: drussell owned process doing -bs Date: Thu, 12 Jul 2001 22:32:37 -0600 (MDT) From: Doug Russell To: Bsdguru@aol.com Cc: isp@FreeBSD.ORG Subject: Re: Intel ISP1100 or similar 1U experience with 4.3 stable In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 12 Jul 2001 Bsdguru@aol.com wrote: > Firstly, we are talking about dual systems, or at least my original post was. > Even on the slimist fan, the clearance above the fan is too small, 1/8 to > 1/4" usually. Its not enough space, no matter how powerful the fan. You'll What makes you think all fans are mounted on TOP of the heat sink? Please stop spamming our lists! :( Later...... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 12 23:16:46 2001 Delivered-To: freebsd-isp@freebsd.org Received: from matthew.uk1.vbc.net (matthew.uk1.vbc.net [194.207.2.14]) by hub.freebsd.org (Postfix) with ESMTP id F3BC337B401 for ; Thu, 12 Jul 2001 23:16:43 -0700 (PDT) (envelope-from jdd@vbc.net) Received: from localhost (jdd@localhost) by matthew.uk1.vbc.net (8.9.3/8.9.3) with ESMTP id HAA76794; Fri, 13 Jul 2001 07:16:36 +0100 (BST) X-Authentication-Warning: matthew.uk1.vbc.net: jdd owned process doing -bs Date: Fri, 13 Jul 2001 07:16:36 +0100 (BST) From: Jim Dixon X-Sender: jdd@matthew.uk1.vbc.net To: Doug Russell Cc: freebsd-isp@FreeBSD.ORG Subject: Re: VOIP In-Reply-To: Message-ID: X-NCC-RegID: uk.vbcnet MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 12 Jul 2001, Doug Russell wrote: > > Does anyone have any experience running voice over IP on UNIX hosts? > > Depends... > Are we talking about hobby-level toys, or a real H323 gateway and such. For practical commercial use. -- Jim Dixon VBCnet GB Ltd http://www.vbc.net tel +44 117 929 1316 fax +44 117 927 2015 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Jul 13 4:24:19 2001 Delivered-To: freebsd-isp@freebsd.org Received: from jake.akitanet.co.uk (jake.akitanet.co.uk [212.1.130.131]) by hub.freebsd.org (Postfix) with ESMTP id 2FFAC37B405 for ; Fri, 13 Jul 2001 04:24:14 -0700 (PDT) (envelope-from wiggy@wopr.akitanet.co.uk) Received: from dsl-212-135-208-201.dsl.easynet.co.uk ([212.135.208.201] helo=wopr.akitanet.co.uk) by jake.akitanet.co.uk with esmtp (Exim 3.13 #3) id 15L13A-000K8x-00; Fri, 13 Jul 2001 12:24:00 +0100 Received: from wiggy by wopr.akitanet.co.uk with local (Exim 3.21 #2) id 15L148-0007z1-00; Fri, 13 Jul 2001 12:25:00 +0100 Date: Fri, 13 Jul 2001 12:25:00 +0100 From: Paul Robinson To: Bart Silverstrim Cc: freebsd-isp@FreeBSD.ORG Subject: Re: gcc on production server Message-ID: <20010713122500.A23202@jake.akitanet.co.uk> References: <20010711170336.B84178@krijt.livens.net> <20010711123133.A21587@pitr.tuxinternet.com> <20010712123523.G53408@jake.akitanet.co.uk> <007c01c10b14$5462d820$0100a8c0@sosbbs.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <007c01c10b14$5462d820$0100a8c0@sosbbs.com>; from bsilver@sosbbs.com on Thu, Jul 12, 2001 at 04:50:45PM -0400 X-Scanner: exiscan *15L13A-000K8x-00*$AK$MiRtgMJZzNnv09qwMLNiJ0* Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Jul 12, Bart Silverstrim wrote: > Why not use two drives, one read only with the OS on it, one with multiple > partitions to mount to /var and /tmp, , /home...stuff like that...or > some variation of that theme? Because I'm not sure that enhances security in any way. There are lots of problems here, not least that if somebody finds a hole in your ftpd or whatever, you are going to have to go into serious downtime to patch it. Whereas a rw disk can be patched in seconds. Not only that, but you're completely forgetting the the ro jumper is really only a software lock. Oh yeah, and if you're an ISP with 40 1u rack servers in a cabinet, you're already moving into the world of problems with heat dissipation, you don't want to be sticking in extra drives that could potentially be adding an extra $10,000 in hardware costs to your setup. I really think the right approach that should be considered from a security point of view, is that of TrustedBSD. The intention of what you are attempting to acheive is good, but there are better and more manageable ways of acheiving the same result. > I toyed with the idea of trying to make bootable CD's for the key system > files and such before, should work in a similar manner to what is basically > described above (although performance from the read operations would be > terrible) if I actually had the time and extra hardware to dedicate to > making system laid out to create a "image" and make a slave drive on another > system with a CD-R drive :-) Gotta admit, that would make it terribly > difficult to crack into and lay trojaned system binaries... I looked to do this a while back, not for reasons of security, but because it meant I could 'upgrade' a box by sending out a new CD to the customer site and asking them to change it. It's actually relatively easy, once you get your head around mkisofs. ;-) But like I say, this is not something I would personally encourage you to do because you believe it to be securing something. -- Paul Robinson ,--------------------------------------- Technical Director @ Akita | A computer lets you make more mistakes PO Box 604, Manchester, M60 3PR | than any other invention with the T: +44 (0) 161 228 6388 (F:6389)| possible exceptions of handguns and | Tequila - Mitch Ratcliffe `----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Jul 13 13:37:47 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smcloud.sosbbs.com (excelsior.sosbbs.com [216.37.208.31]) by hub.freebsd.org (Postfix) with ESMTP id 317BA37B403 for ; Fri, 13 Jul 2001 13:37:43 -0700 (PDT) (envelope-from bsilver@sosbbs.com) Received: from sojourner (ds10m178.sarvers.com [216.37.208.178]) by smcloud.sosbbs.com (Vircom SMTPRS 4.5.186) with SMTP id ; Fri, 13 Jul 2001 16:37:41 -0400 Message-ID: <010c01c10bdb$a8f11600$0100a8c0@sosbbs.com> From: "Bart Silverstrim" To: "Paul Robinson" Cc: References: <20010711170336.B84178@krijt.livens.net> <20010711123133.A21587@pitr.tuxinternet.com> <20010712123523.G53408@jake.akitanet.co.uk> <007c01c10b14$5462d820$0100a8c0@sosbbs.com> <20010713122500.A23202@jake.akitanet.co.uk> Subject: Re: gcc on production server Date: Fri, 13 Jul 2001 16:37:37 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > On Jul 12, Bart Silverstrim wrote: > > > Why not use two drives, one read only with the OS on it, one with multiple > > partitions to mount to /var and /tmp, , /home...stuff like that...or > > some variation of that theme? > > Because I'm not sure that enhances security in any way. There are lots of > problems here, not least that if somebody finds a hole in your ftpd or > whatever, you are going to have to go into serious downtime to patch > it. Whereas a rw disk can be patched in seconds. If somebody finds a hold in FTPD and you want to patch it, you're going to have serious downtime no matter what; I wouldn't trust binaries afterwards. In a small ISP setting where I was (or in the place I'm working in now, if it would be possible) I'd rather do a full reinstall of the OS or get spare hardware and set up a replacement server to cycle in, depending on the damage. Otherwise you could be leaving back doors open. A read-only media would really keep them from hosing the system (for this context, I'll refer to the CD ROM idea, since that's what I had in mind before with this idea). I wouldn't do this for certain types of systems; as always, it depends on the application and context. For a small ISP, we could do it for servers that do things like small DNS servers, systems where you need to keep the system protected, etc. Patching would be done on a system that's set aside as a vanilla "image" blank; patch that, reburn the CD's, and just swap the CD's into the server's drives and restart. Also with a RO media, if a hacker gets in, it does enhance security...how do you trojan a system you can't modify? The damage would occur to things like web pages and personal files. Restoration from backups should take care of that side, but it would at least keep you from having to keep reinstalling and reconfiguring the servers. And a simple system like this would not be something for a huge company or large ISP; I agree there. With that kind of budget, chances are they can get better solutions. But for small mom-and-pop providers, I think this could be budgeted from the money they'd save not running with NT licenses :-) *shrug* I thought it would be a good idea. I just don't work at a place that's as unix-friendly right now to try it out. -Bart --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.264 / Virus Database: 136 - Release Date: 7/4/01 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Jul 14 1:39:19 2001 Delivered-To: freebsd-isp@freebsd.org Received: from paloma16.e0k.nbg-hannover.de (paloma16.e0k.nbg-hannover.de [62.159.219.16]) by hub.freebsd.org (Postfix) with SMTP id 69E6237B41F for ; Sat, 14 Jul 2001 01:39:17 -0700 (PDT) (envelope-from marcus@hamburg.de) Received: (qmail 20797 invoked from network); 14 Jul 2001 08:39:16 -0000 Received: from unknown (HELO mhntwks.hamburg.de) ([62.155.185.196]) (envelope-sender ) by 0 (qmail-ldap-1.03) with SMTP for ; 14 Jul 2001 08:39:16 -0000 Message-Id: <5.1.0.14.0.20010714104617.00a665f0@pop3.hamburg.de> X-Sender: marcus!hamburg.de@pop3.hamburg.de (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sat, 14 Jul 2001 10:47:27 +0200 To: freebsd-isp@FreeBSD.ORG From: Marcus Henschel Subject: promiscuous mode Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi there, i am using 4.3 stable and want to know how to enable manuallay the promiscuous mode of my network interface rl0. Does anybody know the right syntax ? regards marcus -- Marcus Henschel mail: marcus[at]hamburg.de 20357 Hamburg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Jul 14 1:42:52 2001 Delivered-To: freebsd-isp@freebsd.org Received: from h24-79-118-81.vc.shawcable.net (h24-79-118-81.vc.shawcable.net [24.79.118.81]) by hub.freebsd.org (Postfix) with ESMTP id 3768637B691 for ; Sat, 14 Jul 2001 01:42:47 -0700 (PDT) (envelope-from brentr@h24-79-118-81.vc.shawcable.net) Received: (from brentr@localhost) by h24-79-118-81.vc.shawcable.net (8.11.3/8.11.3) id f6E8hr800951; Sat, 14 Jul 2001 01:43:53 -0700 (PDT) (envelope-from brentr) Content-Type: text/plain; charset="iso-8859-1" From: Brent Rector To: Marcus Henschel , freebsd-isp@FreeBSD.ORG Subject: Re: promiscuous mode Date: Sat, 14 Jul 2001 01:43:52 -0700 X-Mailer: KMail [version 1.2] References: <5.1.0.14.0.20010714104617.00a665f0@pop3.hamburg.de> In-Reply-To: <5.1.0.14.0.20010714104617.00a665f0@pop3.hamburg.de> MIME-Version: 1.0 Message-Id: <01071401435200.00529@h24-79-118-81.vc.shawcable.net> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I think trafshow will do that for you... Brent On July 14, 2001 01:47 am, Marcus Henschel wrote: > Hi there, > > i am using 4.3 stable and want to know how to enable manuallay the > promiscuous mode of my network interface rl0. Does anybody know the right > syntax ? > > regards > > marcus > > -- > > Marcus Henschel mail: marcus[at]hamburg.de > 20357 Hamburg > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Jul 14 6:20:32 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pit.lv (www.pit.lv [159.148.96.253]) by hub.freebsd.org (Postfix) with ESMTP id C649437B405 for ; Sat, 14 Jul 2001 06:20:26 -0700 (PDT) (envelope-from sandstorm@astranet.lv) Received: from ysdh45 ([159.148.83.150]) by pit.lv (8.10.2/8.11.2) with SMTP id f6EDUTO24779 for ; Sat, 14 Jul 2001 16:30:29 +0300 Message-ID: <001001c10cbb$ae304060$9653949f@lv> From: =?windows-1257?Q?Mat=EEss_Elsbergs?= To: Subject: Background processes limiting Date: Sat, 14 Jul 2001 16:21:14 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000D_01C10C81.00D5A340" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_000D_01C10C81.00D5A340 Content-Type: text/plain; charset="windows-1257" Content-Transfer-Encoding: quoted-printable Hi there,=20 I'm intending to run public shells server on 4.3 release, but I can not = find out, how to limit background processes for freeshell users. man login.conf didn't showed me any keywords. Is there a need to install some other software? Regards, Matis Elsberg Astranet IS IT manager sandstorm@astranet.lv ------=_NextPart_000_000D_01C10C81.00D5A340 Content-Type: text/html; charset="windows-1257" Content-Transfer-Encoding: quoted-printable
Hi there,
 
I'm intending to run public shells = server on 4.3=20 release, but I can not find out, how to limit background processes for = freeshell=20 users.
 
man login.conf didn't showed me any=20 keywords.
 
Is there a need to install some other=20 software?
 
 
Regards,
Matis Elsberg
Astranet IS
IT manager
sandstorm@astranet.lv
 
------=_NextPart_000_000D_01C10C81.00D5A340-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Jul 14 10:43:27 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id F098037B401 for ; Sat, 14 Jul 2001 10:43:24 -0700 (PDT) (envelope-from kaltorak@quake.com.au) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id exacaaaa for ; Sun, 15 Jul 2001 03:42:03 +1000 Message-ID: <3B50854D.5D597F0@quake.com.au> Date: Sun, 15 Jul 2001 03:45:49 +1000 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: =?iso-8859-1?Q?Mat=EEss?= Elsbergs Cc: freebsd-isp@freebsd.org Subject: Re: Background processes limiting References: <001001c10cbb$ae304060$9653949f@lv> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Matīss Elsbergs wrote: > > Hi there, > > I'm intending to run public shells server on 4.3 release, but I can not find out, how to limit background processes for freeshell users. > > man login.conf didn't showed me any keywords. > > Is there a need to install some other software? What about just using the maxproc setting? This limits all processes, but a shell user shouldnt really have many more than 5 things running, at least I dont think they would... Giving them a limit of 5 would mean 4 background processes, since there shell would use the 5th... I dont know if there is another way, but this seems like a simply answer :P To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Jul 14 10:50: 3 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pit.lv (www.pit.lv [159.148.96.253]) by hub.freebsd.org (Postfix) with ESMTP id 0D4E937B401 for ; Sat, 14 Jul 2001 10:49:57 -0700 (PDT) (envelope-from sandstorm@astranet.lv) Received: from ysdh45 ([159.148.83.150]) by pit.lv (8.10.2/8.11.2) with SMTP id f6EHxwl03309; Sat, 14 Jul 2001 20:59:59 +0300 Message-ID: <001701c10ce1$52a05a20$9653949f@lv> From: =?windows-1257?Q?Mat=EEss_Elsbergs?= To: "Kal Torak" Cc: References: <001001c10cbb$ae304060$9653949f@lv> <3B50854D.5D597F0@quake.com.au> Subject: Re: Background processes limiting Date: Sat, 14 Jul 2001 20:50:42 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1257" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >What about just using the maxproc setting? This limits all processes, >but a shell user shouldnt really have many more than 5 things running, >at least I dont think they would... >Giving them a limit of 5 would mean 4 background processes, since there >shell would use the 5th... I dont know if there is another way, but this >seems like a simply answer :P yeah, that was the first thing that came into my mind.. But 4 bg processes roughly for free shell users means 4 eggdrops.. Or BXses, or something like that - very nice for user, but a hell for a old crappy BSD box. So, i was just wondering - how to keep it down to one bg process, or even none of them. I have seen how it was done 3 years ago, when I was a free shell user :-) they allowed any process, any number while you are logged in, but, almost at the time i logged out, they terminated my detached BX. I am very curious, how it is done, since i'm now intending to do the same. Regards, Matis Elsbergs Astranet IS IT manager sandstorm@astranet.lv To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Jul 14 10:59: 5 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smtp8.xs4all.nl (smtp8.xs4all.nl [194.109.127.134]) by hub.freebsd.org (Postfix) with ESMTP id C287A37B401 for ; Sat, 14 Jul 2001 10:59:02 -0700 (PDT) (envelope-from freebsd@lurkie.xs4all.nl) Received: from lurkie.xs4all.nl (lurkie.xs4all.nl [194.109.236.164]) by smtp8.xs4all.nl (8.9.3/8.9.3) with ESMTP id TAA07284; Sat, 14 Jul 2001 19:59:00 +0200 (CEST) Received: (from freebsd@localhost) by lurkie.xs4all.nl (8.11.4/8.11.4) id f6EHwx652322; Sat, 14 Jul 2001 19:58:59 +0200 (CEST) (envelope-from freebsd) Date: Sat, 14 Jul 2001 19:58:59 +0200 From: Marc Veldman To: =?iso-8859-1?Q?Mat=EEss_Elsbergs?= Cc: Kal Torak , freebsd-isp@FreeBSD.ORG Subject: Re: Background processes limiting Message-ID: <20010714195859.A52301@lurkie.xs4all.nl> References: <001001c10cbb$ae304060$9653949f@lv> <3B50854D.5D597F0@quake.com.au> <001701c10ce1$52a05a20$9653949f@lv> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <001701c10ce1$52a05a20$9653949f@lv>; from sandstorm@astranet.lv on Sat, Jul 14, 2001 at 08:50:42PM -0700 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Jul 14, 2001 at 08:50:42PM -0700, Matīss Elsbergs wrote: > But 4 bg processes roughly for free shell users means 4 eggdrops.. Or BXses, > or something like that - very nice for user, but a hell for a old crappy BSD > box. > > So, i was just wondering - how to keep it down to one bg process, or even > none of them. Couldn't you just add a priority=15 (or any high 'nice' value) to the login class for the free shell users ? And limit the number of processes they can run at the same time ? -- Marc Veldman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Jul 14 12:19: 2 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pit.lv (www.pit.lv [159.148.96.253]) by hub.freebsd.org (Postfix) with ESMTP id CF53537B405 for ; Sat, 14 Jul 2001 12:18:58 -0700 (PDT) (envelope-from sandstorm@astranet.lv) Received: from ysdh45 ([159.148.83.150]) by pit.lv (8.10.2/8.11.2) with SMTP id f6EJSwl05253; Sat, 14 Jul 2001 22:28:58 +0300 Message-ID: <002801c10ced$c1a0ae00$9653949f@lv> From: =?windows-1257?Q?Mat=EEss_Elsbergs?= To: "Marc Veldman" Cc: "Kal Torak" , References: <001001c10cbb$ae304060$9653949f@lv> <3B50854D.5D597F0@quake.com.au> <001701c10ce1$52a05a20$9653949f@lv> <20010714195859.A52301@lurkie.xs4all.nl> Subject: Re: Background processes limiting Date: Sat, 14 Jul 2001 22:19:42 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1257" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Couldn't you just add a priority=15 >(or any high 'nice' value) to the login class for >the free shell users ? Of course I can, for I am the root :-), but that's not what I want. Since I started this thread, I was sitting at the manual, searching internet for hours, but I didn't find anything on this. I guess, there must be a man who 'knows how' and is willing to say the right words. Regards, Matis Elsberg, Astranet IS IT manager sandstorm@astranet.lv To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Jul 14 13:24:32 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 3302837B401 for ; Sat, 14 Jul 2001 13:24:23 -0700 (PDT) (envelope-from jwyatt@rwsystems.net) Received: from bsdie.rwsystems.net([209.197.223.2]) (1789 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Sat, 14 Jul 2001 15:19:47 -0500 (CDT) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Sat, 14 Jul 2001 15:19:46 -0500 (CDT) From: James Wyatt To: =?windows-1257?Q?Mat=EEss_Elsbergs?= Cc: Marc Veldman , Kal Torak , freebsd-isp@freebsd.org Subject: Re: Background processes limiting In-Reply-To: <002801c10ced$c1a0ae00$9653949f@lv> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, 14 Jul 2001, [windows-1257] Mat=EEss Elsbergs wrote: > >Couldn't you just add a priority=3D15 > >(or any high 'nice' value) to the login class for > >the free shell users ? >=20 > Of course I can, for I am the root :-), but that's not what I want. >=20 > Since I started this thread, I was sitting at the manual, searching inter= net > for hours, but I didn't find anything on this. I guess, there must be a m= an > who 'knows how' and is willing to say the right words. I'm sure there is a man or woman on the list who can answer it, but they may have already killed the thread or be on vacation... I'll try to help. I have seen such things done in .logout scripts, but usually users can remove the .logout file to prevent the action. One approach might be to have a script run from cron that finds processes with a PPID of "1" (parent now init) and owned by a regular login user and kills them. Another might be to look for regular-user process without an associated tty device. Hope this helps... - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Jul 14 14: 8:42 2001 Delivered-To: freebsd-isp@freebsd.org Received: from odin.wrath.net (024man167.chartermi.net [24.213.24.167]) by hub.freebsd.org (Postfix) with ESMTP id 8393F37B401 for ; Sat, 14 Jul 2001 14:08:36 -0700 (PDT) (envelope-from ircd@wrath.com) Received: from danrc ([192.168.1.2]) by odin.wrath.net with Microsoft SMTPSVC(5.0.2172.1); Sat, 14 Jul 2001 17:16:08 -0400 Message-ID: <002501c10ca9$18740eb0$0201a8c0@fear.wrath.net> From: "Brian" To: References: Subject: Re: Background processes limiting Date: Sat, 14 Jul 2001 17:08:14 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-OriginalArrivalTime: 14 Jul 2001 21:16:08.0124 (UTC) FILETIME=[32E9C7C0:01C10CAA] Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "James Wyatt" To: "Matīss Elsbergs" Cc: "Marc Veldman" ; "Kal Torak" ; Sent: Saturday, July 14, 2001 4:19 PM Subject: Re: Background processes limiting > On Sat, 14 Jul 2001, [windows-1257] Matīss Elsbergs wrote: > > >Couldn't you just add a priority=15 > > >(or any high 'nice' value) to the login class for > > >the free shell users ? > > > > Of course I can, for I am the root :-), but that's not what I want. > > > > Since I started this thread, I was sitting at the manual, searching internet > > for hours, but I didn't find anything on this. I guess, there must be a man > > who 'knows how' and is willing to say the right words. > > I'm sure there is a man or woman on the list who can answer it, but they > may have already killed the thread or be on vacation... I'll try to help. > > I have seen such things done in .logout scripts, but usually users can > remove the .logout file to prevent the action. One approach might be to > have a script run from cron that finds processes with a PPID of "1" > (parent now init) and owned by a regular login user and kills them. > Another might be to look for regular-user process without an associated > tty device. Hope this helps... - Jy@ I've seen people use .logout scripts and also run a cron job once a day (during non-peak hours) to kill all processes associated with a username that isn't connected to the machine remotely (telnet/ssh) or sitting at the console. .logout scripts seem to work 99.9% of the time, since most users (including myself) are inept. The Sun machines at school don't let you remove the .logout scripts or in case of the Linux boxen they just re-add them on deletion somehow. I haven't got the foggiest idea what they did to do this. -Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Jul 14 14:46: 6 2001 Delivered-To: freebsd-isp@freebsd.org Received: from srv1.cosmo-project.de (srv1.cosmo-project.de [213.83.6.106]) by hub.freebsd.org (Postfix) with ESMTP id 834D337B403 for ; Sat, 14 Jul 2001 14:46:01 -0700 (PDT) (envelope-from ticso@mail.cicely.de) Received: from mail.cicely.de (cicely20 [10.1.1.22]) by srv1.cosmo-project.de (8.11.0/8.11.0) with ESMTP id f6ELjwV81036; Sat, 14 Jul 2001 23:45:58 +0200 (CEST) Received: (from ticso@localhost) by mail.cicely.de (8.11.0/8.11.0) id f6ELkgY24479; Sat, 14 Jul 2001 23:46:42 +0200 (CEST) Date: Sat, 14 Jul 2001 23:46:41 +0200 From: Bernd Walter To: Paul Khavkine Cc: freebsd-isp@FreeBSD.ORG Subject: Re: IPv6 Message-ID: <20010714234640.A24200@cicely20.cicely.de> References: <3B4D1660.18205869@colba.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3B4D1660.18205869@colba.net>; from paul@colba.net on Wed, Jul 11, 2001 at 11:15:44PM -0400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Jul 11, 2001 at 11:15:44PM -0400, Paul Khavkine wrote: > Hi i have a few questions regarding IPv6 > I got a /48 subnet from Freenet6 and would like to play with it. > I have: > box #1 --> tunnel to Freenet6 > box #2 --> tunnel to box #1 > > I have box1 -> box2 tunnel working, ping telnet, ssh, ftp, etc... > Now i can't seem to make box1 route properly. > > Anyone has an example setup with one box doing routing IPv6 to a 6Bone > provider tunnel ? That's how we (www.cosmo-project.de) do it: # IPv6 Tunnel to JOIN gifconfig gif1 213.83.6.106 128.176.191.66 ifconfig gif1 inet6 3ffe:400:8d0:101::1 3ffe:401::2c0:33ff:fe02:14 prefixlen 128 route add -inet6 default 3ffe:401::2c0:33ff:fe02:14 The first IP of ifconfig and gifconfig is on our side. Of course you can add it to /etc/rc.conf but we have had good reasons in our special case not to do so and put it into /etc/rc.local. As you have an /48 you may want to setup ipv6_gateway_enable="YES" in rc.conf and configure an ethernet interface: ipv6_network_interfaces="de0" ipv6_ifconfig_de0="3ffe:400:8d0:802::1 prefixlen 64" -- B.Walter COSMO-Project http://www.cosmo-project.de ticso@cicely.de Usergroup info@cosmo-project.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Jul 14 22: 5:27 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id C95D337B401 for ; Sat, 14 Jul 2001 22:05:24 -0700 (PDT) (envelope-from kaltorak@quake.com.au) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id jyacaaaa for ; Sun, 15 Jul 2001 15:04:02 +1000 Message-ID: <3B512528.BD0C9C21@quake.com.au> Date: Sun, 15 Jul 2001 15:07:52 +1000 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: James Wyatt Cc: =?iso-8859-1?Q?Mat=EEss?= Elsbergs , Marc Veldman , freebsd-isp@freebsd.org Subject: Re: Background processes limiting References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org James Wyatt wrote: > > I have seen such things done in .logout scripts, but usually users can > remove the .logout file to prevent the action. One approach might be to > have a script run from cron that finds processes with a PPID of "1" > (parent now init) and owned by a regular login user and kills them. > Another might be to look for regular-user process without an associated > tty device. Hope this helps... - Jy@ Why not just make .logout owned by root? Only give the users group read access... That should work, just have a killall -m . -9 or something like that in there... Then just have your cron job running every so often to clean up anything that might of somehow slipped though the cracks... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message