From owner-freebsd-isp Sun Oct 14 0:32:32 2001 Delivered-To: freebsd-isp@freebsd.org Received: from femail4.sdc1.sfba.home.com (femail4.sdc1.sfba.home.com [24.0.95.84]) by hub.freebsd.org (Postfix) with ESMTP id 833E137B40C for ; Sun, 14 Oct 2001 00:32:29 -0700 (PDT) Received: from veager.jwweeks.com ([65.14.122.116]) by femail4.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20011014073229.ZZUG8041.femail4.sdc1.sfba.home.com@veager.jwweeks.com> for ; Sun, 14 Oct 2001 00:32:29 -0700 Date: Sun, 14 Oct 2001 03:32:27 -0400 (EDT) From: Jim Weeks X-Sender: jim@veager.jwweeks.com To: freebsd-isp@freebsd.org Subject: Re: Being Used! *Update* In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I hate to answer my own post, but I thought this might be worth a heads up to anyone allowing cgi-bin access to their hosting clients. It would appear that the betsie script (http://www.bbc.co.uk/education/betsie/) in its original form already has a list of safe URL's listed in the "@safe" array. my @safe = qw ( bbc.co.uk beeb.com bbcworldwide.com bbcresources.com bbcshop.com radiotimes.com open.ac.uk open2.net freebeeb.net ); Of course these URL's should be replaced with those of your clients approved web sites, however in my case the client simply added his to the list. I can now tell you by experience that once one of Googles robots indexes one of these scripts with the array intact, you can then expect to furnish a *lot* of bandwidth and processor time to help Google index these sites. A word to the wise! -- Jim Weeks On Sun, 14 Oct 2001, Jim Weeks wrote: > I know this has nothing to do with FreeBSD, Just wondered if any others > have experienced this. > > I notice quite a lot of user nobody perl activity on one of my servers, > and set about to find where it was coming from. I quickly discovered that > one of my virtual hosting clients was running "betsie-1.5.pl". This is a > script developed by the BBC to convert normal (image filled) html > documents to a more simple text based page. I don't have any problem with > the concept, however I also discovered that it was being used to do all of > the parsing work for a group of web robots owned by "googlebot.com". > > Any comments would be appreciated, > > -- > Jim Weeks > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 15 9:55:35 2001 Delivered-To: freebsd-isp@freebsd.org Received: from z24.zone.ee (z24.zone.ee [212.47.211.54]) by hub.freebsd.org (Postfix) with ESMTP id A536837B406 for ; Mon, 15 Oct 2001 09:55:29 -0700 (PDT) Received: from shitdaemon.ardi2 (adsl1757.estpak.ee [213.168.30.158]) by z24.zone.ee (Postfix) with ESMTP id C34332418D for ; Mon, 15 Oct 2001 18:55:19 +0200 (EET) Subject: Strange problem - ADSL clients & FreeBSD servers From: Ardi =?ISO-8859-1?Q?J=FCrgens?= To: freebsd-isp@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Mailer: Evolution/0.13 (Preview Release) Date: 15 Oct 2001 18:55:09 +0300 Message-Id: <1003161324.922.18.camel@shitdaemon> Mime-Version: 1.0 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi We've detected a strange anomaly concerning ADSL connections and=20 FreeBSD servers.=20 Namely, clients of a local Telco, who are using a specific ADSL=20 package are having trouble with connections to FreeBSD and OpenBSD servers (this might concern NetBSD too, but we haven't checked yet). Connections to BSD based servers are two times slower then connections to servers on another platform, for example Linux or Solaris. =20 The anomaly concerns only one specific bridged ADSL package (64k up, 256k down), which includes mostly Nokia bridges on the client side and has filtered incoming TCP connections by the Telco. It is also the=20 only package in their list that uses PPPOE.=20 We've observed this problem for some time now and have come up with no explanation for this. We've consulted with the Telco and=20 they have been most cooperative, as they use FreeBSD=20 themselves, but they too have not figured out a couse for this. So. Has anyone here detected any similar problems, with PPPOE=20 customers having trouble with connections to BSD servers?=20 Thank you in advance. Ardi J=FCrgens ardi.jyrgens@zone.ee Zone Media Ltd.=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 15 10: 1:10 2001 Delivered-To: freebsd-isp@freebsd.org Received: from digitaldaemon.com (digitaldaemon.com [63.105.9.34]) by hub.freebsd.org (Postfix) with SMTP id B3F9937B40F for ; Mon, 15 Oct 2001 10:01:07 -0700 (PDT) Received: (qmail 19649 invoked from network); 15 Oct 2001 16:59:44 -0000 Received: from unknown (HELO digitaldaemon.com) (192.168.0.73) by digitaldaemon.com with SMTP; 15 Oct 2001 16:59:44 -0000 Message-ID: <3BCB15A2.1070504@digitaldaemon.com> Date: Mon, 15 Oct 2001 12:58:10 -0400 From: Jan Knepper User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1 X-Accept-Language: en-us MIME-Version: 1.0 To: FreeBSD ISP Subject: script for reporting IIS worms??? Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Has anyone by any chance written some kind of a script to report IIS worms from Apache log files??? Jan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 15 10:30:30 2001 Delivered-To: freebsd-isp@freebsd.org Received: from misery.sdf.com (misery.sdf.com [204.244.213.49]) by hub.freebsd.org (Postfix) with ESMTP id 357DB37B410 for ; Mon, 15 Oct 2001 10:30:27 -0700 (PDT) Received: from tom (helo=localhost) by misery.sdf.com with local-esmtp (Exim 2.12 #1) id 15tB6R-0001X4-00; Mon, 15 Oct 2001 10:00:35 -0700 Date: Mon, 15 Oct 2001 10:00:33 -0700 (PDT) From: Tom Samplonius To: Ardi =?ISO-8859-1?Q?J=FCrgens?= Cc: freebsd-isp@freebsd.org Subject: Re: Strange problem - ADSL clients & FreeBSD servers In-Reply-To: <1003161324.922.18.camel@shitdaemon> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 15 Oct 2001, Ardi [ISO-8859-1] J=FCrgens wrote: =2E.. > Connections to BSD based servers are two times slower then connections > to servers on another platform, for example Linux or Solaris. =20 What exactly is slow? Time to open the connection? Or rate of data transfer once the connection is open? > The anomaly concerns only one specific bridged ADSL package (64k up, > 256k down), which includes mostly Nokia bridges on the client side and > has filtered incoming TCP connections by the Telco. It is also the=20 > only package in their list that uses PPPOE.=20 The most issue around PPPoE is that the fact that PPPoE connections use a MTU of 1492, and FreeBSD uses MTU patch detection which is dependent on being able to get ICMP responses back from the the PPPoE gateway. Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 15 11:47:37 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.cybcon.com (mail.cybcon.com [216.190.188.5]) by hub.freebsd.org (Postfix) with ESMTP id 0D69A37B409 for ; Mon, 15 Oct 2001 11:47:35 -0700 (PDT) Received: from ph (ph.cybcon.com [208.187.210.62]) by mail.cybcon.com (8.10.1/8.10.1) with SMTP id f9FIm9X27548 for ; Mon, 15 Oct 2001 11:48:09 -0700 (PDT) Message-Id: <3.0.32.20011015114633.013ca780@mail.cybcon.com> X-Sender: ph@mail.cybcon.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Mon, 15 Oct 2001 11:46:35 -0700 To: freebsd-isp@freebsd.org From: Ken Arck Subject: Ftpd on only one IP? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org For some reason, ftpd only allows connects on one IP aliased onto this box. Here's what ifconfig reports (I've removed the actual IP's, but they're reported properly ) FreeBSD 2.2.8-RELEASE #0: Fri Jan 8 17:01:27 PST 1999 bash-2.02$ ifconfig -a lnc1: flags=843 mtu 1500 inet XXX.XXX.XXX.X netmask 0xfffffff0 broadcast XXX.XXX.XXX.15 inet YYY.YYY.YYY.Y netmask 0xfffffff0 broadcast YYY.YYY.YYY.15 ether 00:06:29:05:ed:23 lp0: flags=8810 mtu 1500 lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 YYY.YYY.YYY.Y works fine, but I can't connect to XXX.XXX.XXX.X using FTP, although both telnet and SSH work fine on either IP. And no, ftpd is not running using -D, only -l Help! Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 15 11:50: 8 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail3.megamailservers.com (mail3.megamailservers.com [216.251.36.13]) by hub.freebsd.org (Postfix) with ESMTP id 434E637B405 for ; Mon, 15 Oct 2001 11:50:02 -0700 (PDT) Received: from blake ([24.101.32.246]) by mail3.megamailservers.com (8.12.1/8.12.0.Beta10) with SMTP id f9FInrkk036812; Mon, 15 Oct 2001 14:49:54 -0400 (EDT) From: "Blake Crosby" To: "Ken Arck" , Subject: RE: Ftpd on only one IP? Date: Mon, 15 Oct 2001 14:49:53 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <3.0.32.20011015114633.013ca780@mail.cybcon.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org If you are running ftpd through inetd, you might have to kill -1 inetd. Blake > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Ken Arck > Sent: October 15, 2001 2:47 PM > To: freebsd-isp@freebsd.org > Subject: Ftpd on only one IP? > > > For some reason, ftpd only allows connects on one IP aliased onto > this box. > Here's what ifconfig reports (I've removed the actual IP's, but they're > reported properly ) > > FreeBSD 2.2.8-RELEASE #0: Fri Jan 8 17:01:27 PST 1999 > > bash-2.02$ ifconfig -a > lnc1: flags=843 mtu 1500 > inet XXX.XXX.XXX.X netmask 0xfffffff0 broadcast XXX.XXX.XXX.15 > inet YYY.YYY.YYY.Y netmask 0xfffffff0 broadcast YYY.YYY.YYY.15 > ether 00:06:29:05:ed:23 > lp0: flags=8810 mtu 1500 > lo0: flags=8049 mtu 16384 > inet 127.0.0.1 netmask 0xff000000 > > YYY.YYY.YYY.Y works fine, but I can't connect to XXX.XXX.XXX.X using FTP, > although both telnet and SSH work fine on either IP. > > And no, ftpd is not running using -D, only -l > > Help! > > Ken > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 15 11:52:19 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.cybcon.com (mail.cybcon.com [216.190.188.5]) by hub.freebsd.org (Postfix) with ESMTP id D86C037B408 for ; Mon, 15 Oct 2001 11:52:15 -0700 (PDT) Received: from ph (ph.cybcon.com [208.187.210.62]) by mail.cybcon.com (8.10.1/8.10.1) with SMTP id f9FIqlX28259; Mon, 15 Oct 2001 11:52:48 -0700 (PDT) Message-Id: <3.0.32.20011015115111.006f4e68@mail.cybcon.com> X-Sender: ph@mail.cybcon.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Mon, 15 Oct 2001 11:51:14 -0700 To: "Blake Crosby" From: Ken Arck Subject: RE: Ftpd on only one IP? Cc: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I did a kill -HUP with no change Ken At 02:49 PM 10/15/01 -0400, Blake Crosby wrote: >If you are running ftpd through inetd, you might have to kill -1 inetd. > >Blake > >> -----Original Message----- >> From: owner-freebsd-isp@FreeBSD.ORG >> [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Ken Arck >> Sent: October 15, 2001 2:47 PM >> To: freebsd-isp@freebsd.org >> Subject: Ftpd on only one IP? >> >> >> For some reason, ftpd only allows connects on one IP aliased onto >> this box. >> Here's what ifconfig reports (I've removed the actual IP's, but they're >> reported properly ) >> >> FreeBSD 2.2.8-RELEASE #0: Fri Jan 8 17:01:27 PST 1999 >> >> bash-2.02$ ifconfig -a >> lnc1: flags=843 mtu 1500 >> inet XXX.XXX.XXX.X netmask 0xfffffff0 broadcast XXX.XXX.XXX.15 >> inet YYY.YYY.YYY.Y netmask 0xfffffff0 broadcast YYY.YYY.YYY.15 >> ether 00:06:29:05:ed:23 >> lp0: flags=8810 mtu 1500 >> lo0: flags=8049 mtu 16384 >> inet 127.0.0.1 netmask 0xff000000 >> >> YYY.YYY.YYY.Y works fine, but I can't connect to XXX.XXX.XXX.X using FTP, >> although both telnet and SSH work fine on either IP. >> >> And no, ftpd is not running using -D, only -l >> >> Help! >> >> Ken >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-isp" in the body of the message >> > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 15 13:50:12 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ashram.rhavenn.net (ashram.rhavenn.net [209.150.195.50]) by hub.freebsd.org (Postfix) with ESMTP id 1CB6237B408 for ; Mon, 15 Oct 2001 13:50:08 -0700 (PDT) Received: from there (gandalf.rhavenn.net [209.150.195.51]) by ashram.rhavenn.net (8.11.3/8.11.3) with SMTP id f9GLAVi55753; Tue, 16 Oct 2001 16:10:31 -0500 (CDT) Message-Id: <200110162110.f9GLAVi55753@ashram.rhavenn.net> Content-Type: text/plain; charset="iso-8859-1" From: Henrik Hudson Reply-To: lists@rhavenn.net To: Ardi =?iso-8859-1?q?J=FCrgens?= Subject: Re: Strange problem - ADSL clients & FreeBSD servers Date: Mon, 15 Oct 2001 16:02:10 -0500 X-Mailer: KMail [version 1.3] References: <1003161324.922.18.camel@shitdaemon> In-Reply-To: <1003161324.922.18.camel@shitdaemon> Cc: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Is this slow down just in the initial connection? or even once the connection is up, the slow down is still there? What services are people connecting too? SMTP? HTTP? POP? On Monday 15 October 2001 10:55, you wrote: > Hi > > We've detected a strange anomaly concerning ADSL connections and > FreeBSD servers. > > Namely, clients of a local Telco, who are using a specific ADSL > package are having trouble with connections to FreeBSD and OpenBSD > servers (this might concern NetBSD too, but we haven't checked yet). > > Connections to BSD based servers are two times slower then connections > to servers on another platform, for example Linux or Solaris. > > The anomaly concerns only one specific bridged ADSL package (64k up, > 256k down), which includes mostly Nokia bridges on the client side and > has filtered incoming TCP connections by the Telco. It is also the > only package in their list that uses PPPOE. > > We've observed this problem for some time now and have come up > with no explanation for this. We've consulted with the Telco and > they have been most cooperative, as they use FreeBSD > themselves, but they too have not figured out a couse for this. > > So. Has anyone here detected any similar problems, with PPPOE > customers having trouble with connections to BSD servers? > > Thank you in advance. > > Ardi Jürgens > ardi.jyrgens@zone.ee > Zone Media Ltd. > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message -- ---- Henrik Hudson lists@rhavenn.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 15 14:15:12 2001 Delivered-To: freebsd-isp@freebsd.org Received: from fepE.post.tele.dk (fepE.post.tele.dk [195.41.46.137]) by hub.freebsd.org (Postfix) with ESMTP id EB6F637B405 for ; Mon, 15 Oct 2001 14:15:08 -0700 (PDT) Received: from arnold.neland.dk ([62.243.124.200]) by fepE.post.tele.dk (InterMail vM.4.01.03.23 201-229-121-123-20010418) with ESMTP id <20011015211507.UADW13021.fepE.post.tele.dk@arnold.neland.dk>; Mon, 15 Oct 2001 23:15:07 +0200 Received: from gina ([192.168.5.109]) by arnold.neland.dk (8.11.6/8.11.6) with SMTP id f9FLFdq54382; Mon, 15 Oct 2001 23:15:39 +0200 (CEST) (envelope-from leifn@neland.dk) Message-ID: <006d01c155be$740c60c0$6d05a8c0@neland.dk> From: "Leif Neland" To: "Jan Knepper" , "FreeBSD ISP" References: <3BCB15A2.1070504@digitaldaemon.com> Subject: Re: script for reporting IIS worms??? Date: Mon, 15 Oct 2001 23:15:01 +0200 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Hi, > > Has anyone by any chance written some kind of a script to report IIS > worms from Apache log files??? > If you just want an email: run this from cron: awk '/default.ida/ || /cmd.exe/ {print $1, substr($4,2,14)}' $access_log|sort -u http://www.treachery.net/~jdyson/earlybird/ sends messages to the netblockowner according to a whois-lookup. http://www.threenorth.com/LaBrea/ creates tarpits which creates virtual machines on unused ip's and tries to hold on to anything which accesses those ip's as long as possible while using minimal bandwidth. Leif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 15 14:36:20 2001 Delivered-To: freebsd-isp@freebsd.org Received: from digitaldaemon.com (digitaldaemon.com [63.105.9.34]) by hub.freebsd.org (Postfix) with SMTP id 51BAD37B401 for ; Mon, 15 Oct 2001 14:35:58 -0700 (PDT) Received: (qmail 31970 invoked from network); 15 Oct 2001 21:34:34 -0000 Received: from unknown (HELO digitaldaemon.com) (192.168.0.73) by digitaldaemon.com with SMTP; 15 Oct 2001 21:34:34 -0000 Message-ID: <3BCB560C.6040107@digitaldaemon.com> Date: Mon, 15 Oct 2001 17:33:00 -0400 From: Jan Knepper User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1 X-Accept-Language: en-us MIME-Version: 1.0 To: Leif Neland Cc: FreeBSD ISP Subject: Re: script for reporting IIS worms??? References: <3BCB15A2.1070504@digitaldaemon.com> <006d01c155be$740c60c0$6d05a8c0@neland.dk> Content-Type: multipart/alternative; boundary="------------030003010800060304080200" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --------------030003010800060304080200 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Leif Neland wrote: >>Hi, >> >>Has anyone by any chance written some kind of a script to report IIS >>worms from Apache log files??? >> >If you just want an email: run this from cron: > >awk '/default.ida/ || /cmd.exe/ {print $1, substr($4,2,14)}' >$access_log|sort -u > Well, I was actually looking for something that can scan the httpd log files and do a reverse lookup of the client IP's and notify in an intelligent way... So far I have something created in an hour or two that reports the client IP's and (if possible) does a reverse lookup (from httpd-access.log). This creates now the list below. However it would be very cute if it could report automaticly to those responsable.... Jan 12.34.72.140 216.116.103.202 202-103-116-216.pajo.com 63.100.142.154 63.124.240.6 host61-06.prestige.net 63.167.204.52 63.168.79.6 63.192.129.6 63.194.22.101 adsl-63-194-22-101.dsl.lsan03.pacbell.net 63.199.186.227 massai2000.com 63.200.154.61 adsl-63-200-154-61.dsl.snfc21.pacbell.net 63.201.244.166 adsl-63-201-244-166.dsl.snfc21.pacbell.net 63.204.228.196 adsl-63-204-228-196.dsl.lsan03.pacbell.net 63.206.114.189 adsl-63-206-114-189.dsl.snfc21.pacbell.net 63.206.91.127 adsl-63-206-91-127.dsl.snfc21.pacbell.net 63.216.100.12 63-216-100-12.sdsl.cais.net 63.217.69.2 63-217-69-2.sdsl.cais.net 63.217.94.74 63-217-94-74.sdsl.cais.net 63.220.127.82 63.220.25.190 63.221.88.19 63.222.71.170 63.228.81.1 dnvrdslgw13poolb1.dnvr.uswest.net 63.228.81.44 dnvrdslgw13poolb44.dnvr.uswest.net 63.237.80.194 63.241.151.29 63.27.31.185 1Cust185.tnt2.st-petersburg.fl.da.uu.net 63.68.142.76 63.72.98.200 63.73.63.59 dialin2-59.ilnk.com 63.79.81.127 um2.elogic.com 63.85.226.100 63.86.173.5 63.97.205.33 >http://www.treachery.net/~jdyson/earlybird/ sends messages to the >netblockowner according to a whois-lookup. > Cute! But I am not sure if I want to change the apache configuration for all the virtual domains I run... >http://www.threenorth.com/LaBrea/ creates tarpits which creates >virtual machines on unused ip's and tries to hold on to anything which >accesses those ip's as long as possible while using minimal bandwidth. > Don't know it I want to do that either... Jan --------------030003010800060304080200 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Leif Neland wrote:
Hi,

Has anyone by any chance written some kind of a script to report IIS
worms from Apache log files???

If you just want an email: run this from cron:

awk '/default.ida/ || /cmd.exe/ {print $1, substr($4,2,14)}'
$access_log|sort -u
Well, I was actually looking for something that can scan the httpd log files and do a reverse lookup of the client IP's and notify in an intelligent way...
So far I have something created in an hour or two that reports the client IP's and (if possible) does a reverse lookup (from httpd-access.log).
This creates now the list below. However it would be very cute if it could report automaticly to those responsable....

Jan

12.34.72.140
216.116.103.202 202-103-116-216.pajo.com
63.100.142.154
63.124.240.6 host61-06.prestige.net
63.167.204.52
63.168.79.6
63.192.129.6
63.194.22.101 adsl-63-194-22-101.dsl.lsan03.pacbell.net
63.199.186.227 massai2000.com
63.200.154.61 adsl-63-200-154-61.dsl.snfc21.pacbell.net
63.201.244.166 adsl-63-201-244-166.dsl.snfc21.pacbell.net
63.204.228.196 adsl-63-204-228-196.dsl.lsan03.pacbell.net
63.206.114.189 adsl-63-206-114-189.dsl.snfc21.pacbell.net
63.206.91.127 adsl-63-206-91-127.dsl.snfc21.pacbell.net
63.216.100.12 63-216-100-12.sdsl.cais.net
63.217.69.2 63-217-69-2.sdsl.cais.net
63.217.94.74 63-217-94-74.sdsl.cais.net
63.220.127.82
63.220.25.190
63.221.88.19
63.222.71.170
63.228.81.1 dnvrdslgw13poolb1.dnvr.uswest.net
63.228.81.44 dnvrdslgw13poolb44.dnvr.uswest.net
63.237.80.194
63.241.151.29
63.27.31.185 1Cust185.tnt2.st-petersburg.fl.da.uu.net
63.68.142.76
63.72.98.200
63.73.63.59 dialin2-59.ilnk.com
63.79.81.127 um2.elogic.com
63.85.226.100
63.86.173.5
63.97.205.33

http://www.treachery.net/~jdyson/earlybird/ sends messages to the
netblockowner according to a whois-lookup.
Cute! But I am not sure if I want to change the apache configuration for all the virtual domains I run...
http://www.threenorth.com/LaBrea/ creates tarpits which creates
virtual machines on unused ip's and tries to hold on to anything which
accesses those ip's as long as possible while using minimal bandwidth.
Don't know it I want to do that either...

Jan

--------------030003010800060304080200-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 15 14:51:48 2001 Delivered-To: freebsd-isp@freebsd.org Received: from z24.zone.ee (z24.zone.ee [212.47.211.54]) by hub.freebsd.org (Postfix) with ESMTP id 9708037B40A for ; Mon, 15 Oct 2001 14:51:43 -0700 (PDT) Received: from shitdaemon (adsl1757.estpak.ee [213.168.30.158]) by z24.zone.ee (Postfix) with ESMTP id E00912418D; Mon, 15 Oct 2001 23:51:11 +0200 (EET) From: =?iso-8859-1?Q?Ardi_J=FCrgens?= To: Cc: Subject: RE: Strange problem - ADSL clients & FreeBSD servers Date: Mon, 15 Oct 2001 23:51:16 +0200 Message-ID: <000c01c155c3$84ae6590$024da8c0@shitdaemon> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <200110162110.f9GLAVi55753@ashram.rhavenn.net> Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG=20 > [mailto:owner-freebsd-isp@FreeBSD.ORG] On Behalf Of Henrik Hudson > Sent: Monday, October 15, 2001 11:02 PM > To: Ardi J=FCrgens > Cc: freebsd-isp@freebsd.org > Subject: Re: Strange problem - ADSL clients & FreeBSD servers >=20 >=20 > Is this slow down just in the initial connection? or even=20 > once the connection=20 > is up, the slow down is still there? >=20 > What services are people connecting too? SMTP? HTTP? POP? >=20 Slowness is observed during data transfer. Rate quickly drops to 10KB (other hosts are 25-27 KB) and stays there.=20 We've tested file transfers using FTP and HTTP from multiple hosts=20 with similar results.=20 Ardi=20 =20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 15 15:25:41 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id 6616937B408 for ; Mon, 15 Oct 2001 15:25:38 -0700 (PDT) Received: from [144.137.122.124] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id opddaaaa for ; Tue, 16 Oct 2001 08:25:05 +1000 Message-ID: <3BCB6245.1060108@quake.com.au> Date: Tue, 16 Oct 2001 08:25:09 +1000 From: Kal Torak User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.5) Gecko/20011011 X-Accept-Language: en-us MIME-Version: 1.0 To: Ardi =?ISO-8859-1?Q?J=FCrgens?= Cc: freebsd-isp@freebsd.org Subject: Re: Strange problem - ADSL clients & FreeBSD servers References: <000c01c155c3$84ae6590$024da8c0@shitdaemon> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ardi Jürgens wrote: > > Slowness is observed during data transfer. Rate quickly drops to 10KB > (other hosts are 25-27 KB) and stays there. > > We've tested file transfers using FTP and HTTP from multiple hosts > with similar results. It sounds like the servers are using a MTU thats too big and is causing the packets to get fragmented, slowing everything down... You could try forcing a smaller MTU and see if that fixs the problem... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Oct 15 19: 9: 0 2001 Delivered-To: freebsd-isp@freebsd.org Received: from server.fox56.tv (svcr-adsl-216-37-228-44.epix.net [216.37.228.44]) by hub.freebsd.org (Postfix) with ESMTP id B561237B409 for ; Mon, 15 Oct 2001 19:08:56 -0700 (PDT) Received: from bill (router.fox56.tv [192.168.1.1]) by server.fox56.tv (8.11.1/8.11.1) with SMTP id f9G2Eis12271 for ; Mon, 15 Oct 2001 22:14:48 -0400 (EDT) (envelope-from billak@fox56.tv) Message-ID: <001201c155e7$9420d2f0$6501a8c0@bill> From: "Bill A. K." Cc: References: <000c01c155c3$84ae6590$024da8c0@shitdaemon> <3BCB6245.1060108@quake.com.au> Subject: Re: Strange problem - ADSL clients & FreeBSD servers Date: Mon, 15 Oct 2001 22:09:20 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2505.0000 X-Mimeole: Produced By Microsoft MimeOLE V6.00.2505.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Well, I have a FreeBSD server running on a PPPoE DSL line. Nothing fancy just www, email, stuff like that. I'm running the DSL line though a Linksys DSL router and forwarding the required ports to the server. This router also provides Internet access to the local network. When I first set up the router, the MTU was set in the firmware and not adjustable. I flashed the router to a newer firmware after a while. One of the updates was an adjustable MTU setting. With the MTU setting on the router set at 1492 or 1500, some pages loaded really slow or not at all, and some pages would load, but certain elements coming from different web servers would not load. I tried 1446, which I learned was the old default for the router, and everything works perfect. If you can, try setting the MTU to 1446 and see what happens. Please let me know. Bill billak@fox56.tv ----- Original Message ----- From: "Kal Torak" To: "Ardi Jürgens" Cc: Sent: Monday, October 15, 2001 6:25 PM Subject: Re: Strange problem - ADSL clients & FreeBSD servers > Ardi Jürgens wrote: > > > > > Slowness is observed during data transfer. Rate quickly drops to 10KB > > (other hosts are 25-27 KB) and stays there. > > > > We've tested file transfers using FTP and HTTP from multiple hosts > > with similar results. > > It sounds like the servers are using a MTU thats too big and is > causing the packets to get fragmented, slowing everything down... > > You could try forcing a smaller MTU and see if that fixs the problem... > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Oct 16 6:15:38 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mars.virtual-earth.de (mars.virtual-earth.de [212.89.109.104]) by hub.freebsd.org (Postfix) with SMTP id 9578937B405 for ; Tue, 16 Oct 2001 06:15:34 -0700 (PDT) Received: (qmail 95242 invoked from network); 16 Oct 2001 13:17:41 -0000 Received: from mp.virtual-earth.de (HELO virtual-earth.de) (212.89.109.98) by mars.virtual-earth.de with SMTP; 16 Oct 2001 13:17:41 -0000 Date: Tue, 16 Oct 2001 15:15:27 +0200 (CEST) From: Mathias.Picker@virtual-earth.de Subject: getting all connections between two sites To: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8BIT Message-Id: <20011016131534.9578937B405@hub.freebsd.org> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have a problem in an intranet and thought someone might have encountered this allreads. I'm not too much a networks guy, so bear with me if my description is missing precision: two sites have to be isolated through a firewall, which are right now fully connected and have probably many cross connections, e.g. users at siteA using servers at siteB and vice versa. Since most of these connections are historically grown and both sites are very big just trying to interview people which connections they use is probably not enough. So I thought, let's just connect the sites through one cable or install the firewall but let it open, and log all connections and get records like IpAtSiteA, port, protocol, direction, IpAtSiteB Has anyone done this allready, or has anyone an idea how to do this without logging all the connection data and post-process it? I need only the fact that some connection has been up and which ip's, port and protocol was involved, and only once per connection, e.g. if I found some connection, I'm not interested in it anymore. Thanks for any hints, Mathias -- virtual earth Mathias Picker Geschäftsführer Gesellschaft für Wissens re/prä sentation mbH Mathias.Picker@virtual-earth.de Fon +49 89 / 540 7425-1 Fax +49 89 / 540 7425-9 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Oct 16 7: 6:27 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bigglesworth.mail.be.easynet.net (bigglesworth.mail.be.easynet.net [212.100.160.67]) by hub.freebsd.org (Postfix) with ESMTP id 318DD37B40C for ; Tue, 16 Oct 2001 07:06:19 -0700 (PDT) Received: from 213-193-182-3.adsl.easynet.be ([213.193.182.3] helo=krijt.livens.net) by bigglesworth.mail.be.easynet.net with esmtp (Exim 3.16 #1) id 15tUrJ-00043W-00; Tue, 16 Oct 2001 16:06:17 +0200 Received: (from wim@localhost) by krijt.livens.net (8.11.3/8.11.3) id f9GE6kt19508; Tue, 16 Oct 2001 16:06:46 +0200 (CEST) (envelope-from wim) Date: Tue, 16 Oct 2001 16:06:46 +0200 From: Wim Livens To: Mathias.Picker@virtual-earth.de Cc: freebsd-isp@freebsd.org Subject: Re: getting all connections between two sites Message-ID: <20011016160646.F92155@krijt.livens.net> References: <20011016131534.9578937B405@hub.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011016131534.9578937B405@hub.freebsd.org>; from Mathias.Picker@virtual-earth.de on Tue, Oct 16, 2001 at 03:15:27PM +0200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Op di 16 okt, 2001 om 03:15:27pm +0200, schreef Mathias.Picker@virtual-earth.de: > > two sites have to be isolated through a firewall, which are right now > fully connected and have probably many cross connections, e.g. users at > siteA using servers at siteB and vice versa. > Has anyone done this allready, or has anyone an idea how to do this > without logging all the connection data and post-process it? I need only > the fact that some connection has been up and which ip's, port and > protocol was involved, and only once per connection, e.g. if I found > some connection, I'm not interested in it anymore. See /usr/ports/net/nstreams This is especially useful when you plan to install a fire- wall but if you do not know the nstreams that the network users are generating (http, real audio, and more...). nstreams can read the tcpdump output directly from stdin, or from a file. It can even generate the configuration file of your firewall, using the -O option. -- Wim Livens http://wim.livens.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Oct 16 9: 3:23 2001 Delivered-To: freebsd-isp@freebsd.org Received: from fepA.post.tele.dk (fepA.post.tele.dk [195.41.46.143]) by hub.freebsd.org (Postfix) with ESMTP id 87E1F37B408 for ; Tue, 16 Oct 2001 09:03:16 -0700 (PDT) Received: from arnold.neland.dk ([62.243.124.200]) by fepA.post.tele.dk (InterMail vM.4.01.03.23 201-229-121-123-20010418) with ESMTP id <20011016160314.YCJY23247.fepA.post.tele.dk@arnold.neland.dk>; Tue, 16 Oct 2001 18:03:14 +0200 Received: from gina ([192.168.5.109]) by arnold.neland.dk (8.11.6/8.11.6) with SMTP id f9GG3kq48537; Tue, 16 Oct 2001 18:03:47 +0200 (CEST) (envelope-from leifn@neland.dk) Message-ID: <001e01c1565c$0a71e1a0$6d05a8c0@neland.dk> From: "Leif Neland" To: "Jan Knepper" Cc: "FreeBSD ISP" References: <3BCB15A2.1070504@digitaldaemon.com> <006d01c155be$740c60c0$6d05a8c0@neland.dk> <3BCB560C.6040107@digitaldaemon.com> Subject: Re: script for reporting IIS worms??? Date: Tue, 16 Oct 2001 18:03:03 +0200 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Jan Knepper" To: "Leif Neland" Cc: "FreeBSD ISP" Sent: Monday, October 15, 2001 11:33 PM Subject: Re: script for reporting IIS worms??? > Leif Neland wrote: > > >>Hi, > >> > >>Has anyone by any chance written some kind of a script to report IIS > >>worms from Apache log files??? > >> > >If you just want an email: run this from cron: > > > >awk '/default.ida/ || /cmd.exe/ {print $1, substr($4,2,14)}' > >$access_log|sort -u > > > Well, I was actually looking for something that can scan the httpd log > files and do a reverse lookup of the client IP's and notify in an > intelligent way... > So far I have something created in an hour or two that reports the > client IP's and (if possible) does a reverse lookup (from httpd-access.log). > This creates now the list below. However it would be very cute if it > could report automaticly to those responsable.... > > Jan > > 12.34.72.140 > 216.116.103.202 202-103-116-216.pajo.com > 63.100.142.154 > 63.124.240.6 host61-06.prestige.net You could take the code from earlybird and send the messages as batch-processing instead of real-time. > >http://www.treachery.net/~jdyson/earlybird/ sends messages to the > >netblockowner according to a whois-lookup. > > > Cute! But I am not sure if I want to change the apache configuration for > all the virtual domains I run... > You don't have to do that. This takes care of all virtual domains; is only listed once. The aliases works for all virtual domains. AddHandler cgi-script .ida Alias /default.ida /home/htdocs/default.ida ScriptAliasMatch ^/MSADC/root\.exe(.*) /home/htdocs/default.ida$1 ScriptAliasMatch ^/scripts/root\.exe(.*) /home/htdocs/default.ida$1 ScriptAliasMatch ^/[cd]/winnt/system32/cmd\.exe(.*) /home/htdocs/default.ida$1 ScriptAliasMatch ^/_mem_bin(/\.\..*) /home/htdocs/default.ida$1 ScriptAliasMatch ^/_vti_bin(/\.\..*) /home/htdocs/default.ida$1 ScriptAliasMatch ^/msadc(/\.\..*) /home/htdocs/default.ida$1 ScriptAliasMatch ^/scripts(/\.\..*) /home/htdocs/default.ida$1 > >http://www.threenorth.com/LaBrea/ creates tarpits which creates > >virtual machines on unused ip's and tries to hold on to anything which > >accesses those ip's as long as possible while using minimal bandwidth. > > > Don't know it I want to do that either... Wouldn't hurt your network performance. > > Jan > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Oct 16 9:27:15 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by hub.freebsd.org (Postfix) with ESMTP id EC80537B410; Tue, 16 Oct 2001 09:27:10 -0700 (PDT) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id C7C0A16B1C; Tue, 16 Oct 2001 18:27:08 +0200 (CEST) Received: from IBM-HIRXKN66F0W.Go2France.com [66.64.14.18] by mail.Go2France.com with ESMTP (SMTPD32-6.06) id A2A430DF0322; Tue, 16 Oct 2001 18:39:00 +0200 Message-Id: <5.1.0.14.0.20011016112311.00bc1008@mail.Go2France.com> X-Sender: LConrad@Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 16 Oct 2001 11:26:23 -0500 To: Freebsd-isp@freebsd.org, Freebsd-questions@freebsd.org From: Len Conrad Subject: Cyclades P300 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Anybody have any experience running this board? Running running 3 or more P300's in one machine? How to load-balance multiple T1's with FreeBSD when they are from same provider who is load-balancing on his end? (not talking about BGP with different T1 providers) Anybody know the price? Cyclades site doesn't list it, and they don't respond to email but once every 3 or 4 days. already a bad sign. Len http://MenAndMice.com/DNS-training http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Oct 17 8:54:50 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.cybcon.com (mail.cybcon.com [216.190.188.5]) by hub.freebsd.org (Postfix) with ESMTP id 52D2B37B40C for ; Wed, 17 Oct 2001 08:54:37 -0700 (PDT) Received: from ph (ph.cybcon.com [208.187.210.62]) by mail.cybcon.com (8.10.1/8.10.1) with SMTP id f9HFtCX06307 for ; Wed, 17 Oct 2001 08:55:13 -0700 (PDT) Message-Id: <3.0.32.20011017085330.0263e8b8@mail.cybcon.com> X-Sender: ph@mail.cybcon.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Wed, 17 Oct 2001 08:53:33 -0700 To: freebsd-isp@FreeBSD.ORG From: Ken Arck Subject: RE: Ftpd on only one IP? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thanks for the replies I've received on this, but I'm still suffering from the problem. Perhaps there is a better list to post my question to? Ken >> >> For some reason, ftpd only allows connects on one IP aliased onto >> this box. >> Here's what ifconfig reports (I've removed the actual IP's, but they're >> reported properly ) >> >> FreeBSD 2.2.8-RELEASE #0: Fri Jan 8 17:01:27 PST 1999 >> >> bash-2.02$ ifconfig -a >> lnc1: flags=843 mtu 1500 >> inet XXX.XXX.XXX.X netmask 0xfffffff0 broadcast XXX.XXX.XXX.15 >> inet YYY.YYY.YYY.Y netmask 0xfffffff0 broadcast YYY.YYY.YYY.15 >> ether 00:06:29:05:ed:23 >> lp0: flags=8810 mtu 1500 >> lo0: flags=8049 mtu 16384 >> inet 127.0.0.1 netmask 0xff000000 >> >> YYY.YYY.YYY.Y works fine, but I can't connect to XXX.XXX.XXX.X using FTP, >> although both telnet and SSH work fine on either IP. >> >> And no, ftpd is not running using -D, only -l >> >> Help! >> >> Ken >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-isp" in the body of the message >> > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Oct 17 15:26:25 2001 Delivered-To: freebsd-isp@freebsd.org Received: from blacklamb.mykitchentable.net (ekgr-dsl2-116.citlink.net [207.173.226.116]) by hub.freebsd.org (Postfix) with ESMTP id AC0FE37B40A for ; Wed, 17 Oct 2001 15:26:20 -0700 (PDT) Received: from tagalong (unknown [165.107.42.205]) by blacklamb.mykitchentable.net (Postfix) with SMTP id 56976EE64E; Mon, 15 Oct 2001 15:25:47 -0700 (PDT) Message-ID: <009901c155c8$565c6340$cd2a6ba5@lc.ca.gov> From: "Drew Tomlinson" To: Cc: References: <001001c15352$340ee6a0$1505010a@daylight.net> Subject: Re: Bad Network Config? - Mail Refused Date: Mon, 15 Oct 2001 15:25:46 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I wanted to let you know that all of a sudden, my mail started working. I rebooted my firewall to ensure that everything started properly. After the reboot, my mail flowed without errors. So who knows what happend? Anyway, I wanted to thank you for your time and help. I really appreciate it!!! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Oct 17 15:26:55 2001 Delivered-To: freebsd-isp@freebsd.org Received: from blacklamb.mykitchentable.net (ekgr-dsl2-116.citlink.net [207.173.226.116]) by hub.freebsd.org (Postfix) with ESMTP id AFF9837B40B for ; Wed, 17 Oct 2001 15:26:20 -0700 (PDT) Received: from bigdaddy (bigdaddy [192.168.1.3]) by blacklamb.mykitchentable.net (Postfix) with SMTP id D9260EE64D; Sat, 13 Oct 2001 08:36:02 -0700 (PDT) Message-ID: <02aa01c153fc$c3fa0150$0301a8c0@bigdaddy> From: "Drew Tomlinson" To: "ISP Questions" , References: <001a01c153a0$69e3e3e0$1505010a@daylight.net> Subject: Re: Bad Network Config? - Mail Refused Date: Sat, 13 Oct 2001 08:33:21 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "John Brooks" To: "'Drew Tomlinson'" Sent: Friday, October 12, 2001 9:34 PM Subject: RE: Bad Network Config? - Mail Refused > You do realize that by not "replying to all" you have bypassed any other > input from the list into our talk here... Sorry. I meant to include the list in my reply. > I do all of my firewall needs with OpenBSD and run all network services > with FreeBSD, I do it this way for all of the networks I build. Sendmail > has always caused configuration problems and headaches. > > ============================= > Lets fix your postfix setup on the server box first: > > myhostname = blacklamb.mykitchentable.net > mydomain = mykitchentable.net > myorigin = $mydomain > mydestination = $myhostname, localhost.$mydomain, $mydomain > mynetworks_style = subnet > mynetworks = 192.168.1.0/24, 127.0.0.0/8 > relayhost = smtp_host_at_isp > disable_dns_lookups = yes > local_recipient_maps = $alias_maps unix:passwd.byname > alias_maps = hash:/etc/aliases > alias_database = hash:/etc/aliases > > (all other items are default) > (keep your local network limited to what's behind the firewall, don't > include 64,000+ possible hosts outside the firewall) > (make sure you adjust the path to match where the alias file is) > (set relayhost to the smtp server at your isp, push the work off to them > ;-), it has to go thru their system anyway) OK, I did the above. > ============================ > Now fix your aliases file: > > root: drew > > (my.logon is meant to be an actual logon username) > It is (and was) set to the my logon account name. After completing the above, I tried again but still get the connection refused errors. > ============================= > Now the firewall box: > > make sure that inbound mail is redirected to the mail server at > 192.168.1.4 from the firewall > make sure that inbound mail is redirected to the firewall at > ???.???.???.??? from the adsl > make sure your ruleset provides for smtp traffic > > (since I use OpenBSD, ipfilter, & ipnat you're on your own for the > above) All of my tests have been with the firewall wide-open. blacksheep# ipfw show 65535 84751 10731358 allow ip from any to any And if I can telnet to port 25 on the mail server, doesn't that also eliminate any firewall problems? > ============================= > my postfix config on the firewall: > > myhostname = blacksheep.mykitchentable.net > mydomain = mykitchentable.net > myorigin = $myhostname > relayhost = [192.168.1.4] > disable_dns_lookups = yes > alias_maps = hash:/etc/postfix/aliases > alias_database = hash:/etc/postfix/aliases > mynetworks = 127.0.0.0/8 > > (no mail uses this box except for stuff generated on the box itself, not > listening on any interface) > (mail goes to only one location, the mail server behind the firewall) I will try this. > ============================== > > try this and see what happens, I am presuming that you replaced sendmail > entirely when you installed postfix - if that is not the case then all > bets are off. I think I have replaced sendmail. I set sendmail_enable="NO" in rc.conf and ps -acux | grep sendmail returns nothing. Does that do it or is there more required? I really appreciate your help and have tried all of your suggestions (with the exception of Postfix on the firewall -- I'll try it next). However, I really believe that I have a network problem of some kind. Here's what I suspect is happening: 1. The firewall does a MX lookup for mykitchentable.net. blacksheep# dig mx mykitchentable.net ;; ANSWER SECTION: mykitchentable.net. 5M IN MX 0 blacklamb.mykitchentable.net. 2. Now the firewall does a lookup on blacklamb.mykitchentable.net. I have a static DNS entry to point blacklamb's address (192.168.1.4) in my private network. If you were to do a lookup on it, you would get my public DHCP address (207.173.x.x) assigned by my ISP. blacksheep# dig blacklamb.mykitchentable.net ;; ANSWER SECTION: blacklamb.mykitchentable.net. 0S IN A 192.168.1.4 3. For whatever reason, instead of sending mail to 192.168.1.4, the firewall attempts to connect to mykitchentable.net at 207.173.x.x which is my ADSL modem/router and then the connection fails because the modem does not accept any connections to port 25. So before I install Postfix on the firewall, how can I tell sendmail to relay all mail to 192.168.1.4? Thanks again. You've been a BIG help! Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Oct 17 15:27: 1 2001 Delivered-To: freebsd-isp@freebsd.org Received: from blacklamb.mykitchentable.net (ekgr-dsl2-116.citlink.net [207.173.226.116]) by hub.freebsd.org (Postfix) with ESMTP id E812137B410 for ; Wed, 17 Oct 2001 15:26:22 -0700 (PDT) Received: from bigdaddy (bigdaddy [192.168.1.3]) by blacklamb.mykitchentable.net (Postfix) with SMTP id CDF97EE623; Fri, 12 Oct 2001 18:19:06 -0700 (PDT) Message-ID: <01d201c15385$086b73a0$0301a8c0@bigdaddy> From: "Drew Tomlinson" To: , References: <001001c15352$340ee6a0$1505010a@daylight.net> Subject: Re: Bad Network Config? - Mail Refused Date: Fri, 12 Oct 2001 18:18:57 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "John Brooks" To: Sent: Friday, October 12, 2001 12:15 PM Subject: RE: Bad Network Config? - Mail Refused > once you made the telnet connection to port 25, try manually sending > mail > > helo blacksheep > mail from: drew@mykitchentable.net > rcpt to: valid_user_on_system > data > this is a test > . > quit > > you should get a 220 response at connection, a 250 reponse for most > commands, a 354 response for "data", and a 221 response at termination It works: blacksheep# telnet blacklamb.mykitchentable.net 25 Trying 192.168.1.4... Connected to blacklamb. Escape character is '^]'. 220 blacklamb.mykitchentable.net ESMTP Postfix helo blacksheep 250 blacklamb.mykitchentable.net mail from: root 250 Ok rcpt to: drew 250 Ok data 354 End data with . this is a test . 250 Ok: queued as 5AF6BEE623 quit 221 Bye Connection closed by foreign host. > > if that works check in /var/mail/ to see if mail ended up in the mailbox I'm using Maildir format and received the mail in my IMAP client. > did you make sure that root is aliased to a valid user? I think so. We're talking about the "from" box (blacksheep), right? I have this entry in my alias file on blacksheep and have run newaliases: root: drew@mykitchentable.net The attempt here is to redirect all mail to root (daily cron jobs) on the firewall (blacksheep) to my mail server (blacklamb) where I get the rest of my mail. It worked fine when I was building the firewall and only using one NIC (ed0 192.168.1.2). When I enabled the firewall as a gateway and put it between my ADSL modem/router (the ADSL box does NAT) to pass traffic between my private network (ed0) and the Internet (ed1 192.168.10.2) is when I started getting the connection refused messages. > check /usr/local/etc/postfix/main.cf and make sure you've set it up > properly. some things to look at: > > myhostname default > mydomain default > myorigin myorigin = $mydomain > mydestination mydestination = $myhostname, localhost.$mydomain, $mydomain > mynetworks mynetworks = 192.168.0.0/16, 127.0.0.0/8 > alias_database On the mail server (blacklamb), I have these two entries: root: my.logon drew: my.logon So mostly it is a default setup. This setup receives mail from everywhere except my firewall. And from your telnet suggestion above, apparently it even accepts "manual" mail from my firewall. Now I'm really stumped. > try setting "disable_dns_lookups = yes" to eliminate it being a dns > issue I added: disable_dns_lookups = yes and then issued postfix reload. Same problem. > personally I'd run postfix on both boxes. I may try it as a last resort. I just wanted to keep the firewall "standard" as it's not doing anything more than sending it's internal messages to root. Thanks for your help! I'd appreciate any other suggestions you may have. Drew > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Drew Tomlinson > Sent: Friday, October 12, 2001 1:40 PM > To: john@day-light.com; isp@freebsd.org > Subject: Re: Bad Network Config? - Mail Refused > > > ---- Original Message ----- > From: "John Brooks" > To: > Sent: Friday, October 12, 2001 10:54 AM > Subject: RE: Bad Network Config? - Mail Refused > > > > did you try telneting from the firewall to port 25 on the server? > that > > should show you where things are breaking down > > No but now I have. :) That works fine. > > blacksheep# telnet blacklamb.mykitchentable.net 25 > Trying 192.168.1.4... > Connected to blacklamb. > Escape character is '^]'. > 220 blacklamb.mykitchentable.net ESMTP Postfix > > So I guess I have a config problem with Postfix? Any ideas where to > look? > > Thanks, > > Drew > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Oct 18 8:47:15 2001 Delivered-To: freebsd-isp@freebsd.org Received: from trinity.magpage.com (trinity.magpage.com [216.155.0.8]) by hub.freebsd.org (Postfix) with ESMTP id C91CD37B401 for ; Thu, 18 Oct 2001 08:47:10 -0700 (PDT) Received: from magpage.com (poomba.magpage.com [216.155.24.136]) by trinity.magpage.com (8.11.6/8.11.3) with ESMTP id f9IFlAA11946 for ; Thu, 18 Oct 2001 11:47:10 -0400 (EDT) Message-ID: <3BCEF97D.9040906@magpage.com> Date: Thu, 18 Oct 2001 11:47:09 -0400 From: Daniel Frazier User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.4) Gecko/20011010 X-Accept-Language: en-us MIME-Version: 1.0 To: freebsd-isp@FreeBSD.ORG Subject: question about login.conf limits... Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-RRT-Status: UNKNOWN Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, We've got a fairly typical mailserver that handles mail for over 15,000 users and have been using /etc/login.conf to limit resource usage. Today I had to deal with a corporate user that insisted on sending >20Mb files via email. The email wouldn't go thru and maillog only indicated an "Operating system error" as toe cause of the failure to deliver. The email was still in the queue and I was able to temporarily change the users' login class to one without limits(which is normally only used by the sys admins) and get the email delivered. What I'm unclear on is which limit was being reached. This is the standard class we use: standard:\ :copyright=/etc/COPYRIGHT:\ :welcome=/etc/motd:\ :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ :path=~/bin /bin /usr/bin /usr/local/bin:\ :manpath=/usr/share/man /usr/local/man:\ :cputime=1h30m:\ :datasize=24M:\ :stacksize=2M:\ :memorylocked=4M:\ :memoryuse=20M:\ :filesize=16M:\ :coredumpsize=8M:\ :openfiles=24:\ :maxproc=32:\ :priority=0:\ :requirehome:\ :umask=022:\ :ignoretime@:\ :tc=default: We're also using procmail as the local mailer and the user in question did have a .procmail.rc. Is there any way to have syslog report situations where a login.conf limit is reached? which paramater it was? which event caused it? A pointer to the appropriate reference or man page would sufficient as I haven't been able to find any that mentioned this issue. Thanks. -- ---------------------------------------------------------------------- Daniel Frazier Tel: 302-239-5900 Ext. 231 Systems Administrator Fax: 302-239-3909 MAGPAGE, We Power the Internet WWW: http://www.magpage.com/ "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, Historical Review of Pennsylvania, 1759. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Oct 18 9:52:41 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail9.megamailservers.com (mail9.megamailservers.com [216.251.36.19]) by hub.freebsd.org (Postfix) with ESMTP id 50D7537B407 for ; Thu, 18 Oct 2001 09:52:29 -0700 (PDT) Received: from blake ([24.101.32.246]) by mail9.megamailservers.com (8.12.1/8.12.0.Beta10) with SMTP id f9IGqMPm024333; Thu, 18 Oct 2001 12:52:22 -0400 (EDT) From: "Blake Crosby" To: "Daniel Frazier" , Subject: RE: question about login.conf limits... Date: Thu, 18 Oct 2001 12:52:22 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <3BCEF97D.9040906@magpage.com> X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I beleive you are hitting the filesize limit. Since e-mails being processed through the mail server are treated as a single file, an e-mail with an attachment of larger than 15MB will probably not get through. I was under the impression login.conf only is in effect if the user is actually LOGGED in to the machine. Not processes that were SUID to that user when it was excecuted (in the case if imapd for example). Blake > What I'm unclear on is which limit was being reached. This is the > standard class we use: > > standard:\ > :copyright=/etc/COPYRIGHT:\ > :welcome=/etc/motd:\ > :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ > :path=~/bin /bin /usr/bin /usr/local/bin:\ > :manpath=/usr/share/man /usr/local/man:\ > :cputime=1h30m:\ > :datasize=24M:\ > :stacksize=2M:\ > :memorylocked=4M:\ > :memoryuse=20M:\ > :filesize=16M:\ > :coredumpsize=8M:\ > :openfiles=24:\ > :maxproc=32:\ > :priority=0:\ > :requirehome:\ > :umask=022:\ > :ignoretime@:\ > :tc=default: > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Oct 18 14:33:28 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by hub.freebsd.org (Postfix) with SMTP id E79CC37B408 for ; Thu, 18 Oct 2001 14:33:22 -0700 (PDT) Received: (qmail 29292 invoked by uid 0); 18 Oct 2001 21:33:21 -0000 Received: from p3ee38aa8.dip.t-dialin.net (HELO volker) (62.227.138.168) by mail.gmx.net (mp005-rz3) with SMTP; 18 Oct 2001 21:33:21 -0000 From: "Volker Sturm" To: Subject: Connection with German T-Online? Date: Thu, 18 Oct 2001 23:33:24 +0200 Message-ID: <000201c1581c$8490df60$0100a8c0@volker> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I just try to get my Fritz!Card PCI up and running on FreeBSD and try to dial up to T-Online. I think that the ISDN card basically works as it is recognized at boot time. Now how do I link the ppp system (user-land preferrably) to i4b correctly? i tried doing it via /dev/i4bbrch0 or something and it said that it connected if i am not much mistaken. but no name servers were available although i added a "enable dns" line. in case anyone can tell me: why is it that booteasy doesnt show me a menu item where i can choose to boot the win2k which is also installed on my machine? Booting bsd is fine though. Regards, Volker Sturm To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Oct 18 20:44:34 2001 Delivered-To: freebsd-isp@freebsd.org Received: from server1.safepages.com (server1.safepages.com [216.127.146.3]) by hub.freebsd.org (Postfix) with ESMTP id C5CE837B407; Thu, 18 Oct 2001 20:43:54 -0700 (PDT) Received: from localhost (unknown [208.186.187.114]) by server1.safepages.com (Postfix) with ESMTP id 8FFC35E7F; Fri, 19 Oct 2001 03:43:33 +0000 (GMT) X-Sender: peterm@primedial.net From: Peter Matthews To: "Mortgage Rate Info" Date: Thu, 18 Oct 2001 20:53:37 -0700 Subject: Need a Home Loan? Let Us Help! Reply-To: peterm@primedial.net MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_001__301324243_75217.49" Message-Id: <20011019034333.8FFC35E7F@server1.safepages.com> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a Multipart MIME message. ------=_NextPart_000_001__301324243_75217.49 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit ------=_NextPart_000_001__301324243_75217.49 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: base64 DQoNCjxIVE1MPg0KDQo8aGVhZD4NCjxNRVRBIEhUVFAtRVFVSVY9IkNvbnRlbnQtVHlwZSIg Q09OVEVOVD0idGV4dC9odG1sO2NoYXJzZXQ9aXNvLTg4NTktMSI+DQo8IURPQ1RZUEUgSFRN TCBQVUJMSUMgIi0vL1czQy8vRFREIEhUTUwgNC4wIFRyYW5zaXRpb25hbC8vRU4iPg0KPFRJ VExFPkZyZWUgUmF0ZSBRdW90ZTwvVElUTEU+DQo8TUVUQSBjb250ZW50PSJ0ZXh0L2h0bWw7 IGNoYXJzZXQ9aXNvLTg4NTktMSIgaHR0cC1lcXVpdj1Db250ZW50LVR5cGU+PFhNRVRBIA0K Y29udGVudD0iTW96aWxsYS80LjcgW2VuXSAoV2luOTg7IEkpIFtOZXRzY2FwZV0iIG5hbWU9 IkdFTkVSQVRPUiI+DQo8TUVUQSBjb250ZW50PSJNaWNyb3NvZnQgRnJvbnRQYWdlIDQuMCIg bmFtZT1HRU5FUkFUT1I+DQo8U1RZTEU+PC9TVFlMRT4NCjwvSEVBRD4NCjxCT0RZIGJhY2tn cm91bmQ9aHR0cDovLzM2MzExMzIyMTcvbW9uZXlfZ3IuanBnIGJnQ29sb3I9I2ZmZmZmZiBi Z3Byb3BlcnRpZXM9ImZpeGVkIj4NCjxESVYgc3R5bGU9IkZPTlQ6IDEwcHQgYXJpYWwiPg0K PERJVj4mbmJzcDs8L0RJVj48L0RJVj4NCjxESVY+PEJSPjwvRElWPg0KPEJSPg0KPFAgYWxp Z249Y2VudGVyPjxiPjxpPjxmb250IGNvbG9yPSIjMDAwMGZmIiBmYWNlPSJCcnVzaCBTY3Jp cHQgTVQiIHNpemU9IjUiPiZxdW90O0FsbCBvdXIgdGhvdWdodHMsIHByYXllcnMgYW5kIGxv dmUgZ28gb3V0IHRvIHRoZSBmYW1pbGllcyBhbmQgZnJpZW5kcyBvZiB0aGUgdmljdGltcyBv ZiB0aGUgV29ybGQgVHJhZGUgQ2VudGVyIHRyYWdlZHkuJnF1b3Q7PC9mb250PjwvaT48L2I+ PC9QPg0KDQo8UCBhbGlnbj1jZW50ZXI+PGVtPjxiPjxmb250IGNvbG9yPSIjZmYwMDAwIiBz aXplPSI2IiBmYWNlPSJhcmlhbCI+JnF1b3Q7UmVmaW5hbmNlIFlvdXINCkN1cnJlbnQgTW9y dGdhZ2UgV2hpbGUgUmF0ZXMgQXJlIExPVyEhJnF1b3Q7PC9mb250PjwvYj48L2VtPjwvUD4N CjxNQVJRVUVFPjxpPjxiPjxGT05UIHNpemU9NCBjb2xvcj0jMDAwMGZmPkhPTUUgRVFVSVRZ IExPQU5TICoqKiBKVU1CTyBMT0FOUyAqKiogSE9NRSBJTVBST1ZFTUVOVCBMT0FOUyAqKiog DQogICAgICBERUJUIENPTlNPTElEQVRJT04gTE9BTlMgKioqIFJFRklOQU5DRSBMT0FOUyAq KiogQUxMIEFSRSBBVkFJTEFCTEUgVE8gWU9VICoqKiBSQVRFUyBBUyBMT1cgQVMgDQogICAg ICAzLjk1JTwvZm9udD48L2I+PC9pPjwvbWFycXVlZT4NCjxCUj48QlI+DQo8cCBhbGlnbj0i Y2VudGVyIj48Yj48Zm9udCBzaXplPSI0Ij5Nb3J0Z2FnZSBSYXRlcyBBcmUgU28gTG93ISZu YnNwOzwvZm9udD48L2I+PC9wPg0KPHAgYWxpZ249ImNlbnRlciI+PGI+PGZvbnQgc2l6ZT0i NCI+WW91IENhbiBTYXZlIFRob3VzYW5kcyBPZiBEb2xsYXJzIEJ5IFRha2luZw0KQWR2YW50 YWdlIE5vdyE8L2ZvbnQ+PC9iPjwvcD4NCjxQIGFsaWduPWNlbnRlcj48RU0+PEI+PEZPTlQg Y29sb3I9I2ZmMDAwMCBzaXplPTU+JnF1b3Q7V0UgQVJFIEFOIEFTU09DSUFUSU9OIE9GDQpN T1JUR0FHRSBCUk9LRVJTIEFORCBMRU5ERVJTIDwvRk9OVD48L0I+PC9FTT48L1A+DQo8UCBh bGlnbj1jZW50ZXI+PEVNPjxCPjxGT05UIGNvbG9yPSNmZjAwMDAgc2l6ZT01PldJVEggVEhF IEJFU1QgUkFURVMgQU5EIFRIRSBMT1dFU1QNCkNPU1RTISZxdW90PC9GT05UPjwvQj48L0VN PjwvUD4NCjxwIGFsaWduPSJjZW50ZXIiPiZuYnNwOzwvcD4NCjxQIGFsaWduPWNlbnRlcj48 Rk9OVCBjb2xvcj0jMDAwMGZmIHNpemU9ND48Qj5XZSZuYnNwO2hhdmUgdGhvdXNhbmRzIG9m IGxvYW4gDQpwcm9ncmFtcyB0aHJvdWdoIGh1bmRyZWRzIG9mIGxlbmRlcnMhPEJSPjwvQj48 L0ZPTlQ+PEZPTlQgc2l6ZT0zPjwvRk9OVD48L1A+DQo8UCBhbGlnbj1jZW50ZXI+PFNUUk9O Rz48Rk9OVCBzaXplPTU+WW91IGNhbiBjaG9vc2UgZnJvbSZuYnNwOyJBZGp1c3RhYmxlIFJh dGUNCk1vcnRnYWdlcyANCmFzIGxvdyBhcyAzLjk1JSZxdW90OzwvRk9OVD48L1NUUk9ORz48 L1A+DQo8UCBhbGlnbj1jZW50ZXI+PFNUUk9ORz48Rk9OVCBzaXplPTU+YW5kJm5ic3A7IkZp eGVkIFJhdGUgTW9ydGdhZ2VzIGFzIGxvdyBhcw0KNi41MCUmbmJzcDs8L0ZPTlQ+PC9TVFJP Tkc+PC9QPg0KPFAgYWxpZ249Y2VudGVyPjxTVFJPTkc+PEZPTlQgc2l6ZT01PmFsbCB3aXRo IHRoZSBsb3dlc3QgY29zdHMgaW4gdGhlDQpOYXRpb24hJnF1b3Q7PC9GT05UPjwvU1RST05H PjxCSUc+PEJJRz48Rk9OVCBjb2xvcj0jZmYwMDAwPio8L0ZPTlQ+PC9CSUc+PC9CSUc+PC9Q Pg0KPFAgYWxpZ249Y2VudGVyPjxGT05UIA0Kc2l6ZT01Pjxmb250IGNvbG9yPSIjRkYwMDAw Ij4mcXVvdDs8Yj48aT5ZT1UgQ0FOIDx1PkJVWSBET1dOIFlPVVIgSU5URVJFU1QgUkFURTwv dT4NClRPPC9pPjwvYj48L2ZvbnQ+PC9GT05UPjwvUD4NCjxQIGFsaWduPWNlbnRlcj48Zm9u dCBjb2xvcj0iI0ZGMDAwMCIgc2l6ZT0iNSI+PGI+PGk+QVMgTE9XIEFTIFlPVSBDQU4NCkFG Rk9SRCEmcXVvdDs8L2k+PC9iPjwvZm9udD48Rk9OVCANCnNpemU9NT48QlI+PC9GT05UPjxG T05UIHNpemU9Mz48L0ZPTlQ+PC9QPg0KPFAgYWxpZ249Y2VudGVyPjxGT05UIHNpemU9KzA+ PEZPTlQgY29sb3I9IzAwMDBmZiBzaXplPTI+PEJJRz48QklHPjxGT05UIA0KY29sb3I9I2Zm MDAwMCBzaXplPTU+KjwvRk9OVD48L0JJRz48U1RST05HPkFsbCByYXRlcyBhcmUgYmFzZWQg b24gDQpxdWFsaWZpY2F0aW9uPC9TVFJPTkc+ITwvQklHPjwvRk9OVD48L0ZPTlQ+PC9QPg0K PFAgYWxpZ249Y2VudGVyPjxGT05UIHNpemU9KzA+PEZPTlQgc2l6ZT0yPjxCSUc+PC9CSUc+ PC9GT05UPjxGT05UIA0KY29sb3I9IzAwMDBmZj48Rk9OVCBmYWNlPUFyaWFsPjxGT05UIHNp emU9Mj48QSBocmVmPSJodHRwOi8vMzYzMTEzMjIxNyIgDQp0YXJnZXQ9X2JsYW5rPjxGT05U IHNpemU9NT48U1RST05HPjxGT05UIGZhY2U9IlRpbWVzIE5ldyBSb21hbiI+Q2xpY2sgaGVy ZSBmb3IgDQp5b3VyIDwvRk9OVD48Rk9OVCBzaXplPTY+PEZPTlQgZmFjZT0iVGltZXMgTmV3 IFJvbWFuIj48RU0+IkZSRUUgUkFURSANClFVT1RFIiE8L0VNPjwvRk9OVD48L0ZPTlQ+PC9T VFJPTkc+PC9GT05UPjwvQT48L0ZPTlQ+PC9GT05UPjwvRk9OVD48L0ZPTlQ+PC9QPg0KPFAg YWxpZ249bGVmdD4mbmJzcDs8L1A+DQo8UCBhbGlnbj1sZWZ0PjxpPjxiPjxmb250IGZhY2U9 IkFyaWFsIiBzaXplPSIrMCI+Q0xJQ0sgT04gTE9BTlMgQkVMT1cgRk9SIFlPVVINCkZSRUUg QVBQTElDQVRJT04hPC9mb250PjwvYj48L2k+PEZPTlQgZmFjZT1BcmlhbD48QlI+PC9GT05U PjwvUD4NCjxQIGFsaWduPWxlZnQ+PFNUUk9ORz48RU0+PEEgaHJlZj0iaHR0cDovLzM2MzEx MzIyMTciIA0KdGFyZ2V0PV9ibGFuaz48Zm9udCBzaXplPSI1IiBjb2xvcj0iIzgwMDA4MCI+ UHVyY2hhc2UgTG9hbnM8L2ZvbnQ+PC9BPiA8Rk9OVCBzaXplPTU+DQo8L0ZPTlQ+IDwvRU0+ PEZPTlQgDQpzaXplPTQ+LSA8RU0+VGhvdXNhbmRzIG9mIHByb2dyYW1zIA0KZm9yIEZpcnN0 IE1vcnRnYWdlcyE8L0VNPjwvRk9OVD48ST48L0k+PC9TVFJPTkc+PEk+PEZPTlQgDQpjb2xv cj0jMDAwMDAwPjxCUj48QlI+PC9GT05UPjwvST48QSBocmVmPSJodHRwOi8vMzYzMTEzMjIx NyIgX2JsYW5rPz48RU0+PFNUUk9ORz48Zm9udCBzaXplPSI1IiBjb2xvcj0iIzgwMDA4MCI+ UmVmaW5hbmNlIExvYW5zPC9mb250PjwvU1RST05HPjwvRU0+PEk+PEZPTlQgDQpjb2xvcj0j MDAwMDAwIHNpemU9Mj4gPC9GT05UPjwvST48L0E+PEk+PEZPTlQgY29sb3I9IzAwMDAwMCBz aXplPTQ+LSA8Qj5SZWR1Y2UgeW91ciANCm1vbnRobHkgcGF5bWVudHMgYW5kPC9GT05UPjxG T05UIGNvbG9yPSMwMDAwMDAgc2l6ZT0yPiA8L0ZPTlQ+PEZPTlQgDQpjb2xvcj0jZmYwMDAw IHNpemU9NT5HZXQgQ2FzaCBCYWNrITwvRk9OVD48L0I+PEZPTlQgY29sb3I9IzAwMDAwMCBz aXplPTQ+IA0KPC9GT05UPjxGT05UIGNvbG9yPSMwMDAwMDAgc2l6ZT0zPjxCUj48QlI+PC9G T05UPjwvST48QSANCmhyZWY9Imh0dHA6Ly8zNjMxMTMyMjE3IiB0YXJnZXQ9X2JsYW5rPjxm b250IGNvbG9yPSIjODAwMDgwIj48RU0+PEI+PEZPTlQgc2l6ZT01PlNlY29uZCANCk1vcnRn YWdlczwvRk9OVD48L0I+PC9FTT48ST48Rk9OVCBzaXplPTM+IDwvRk9OVD48L0k+DQo8L2Zv bnQ+IDwvQT48ST48Rk9OVCBjb2xvcj0jMDAwMDAwIHNpemU9Mz4gLSA8L0ZPTlQ+PEI+PEZP TlQgDQpjb2xvcj0jMDAwMDAwIHNpemU9ND5XZSBjYW4gaGVscCB5b3UgZ2V0IGZyb20gPC9G T05UPjxGT05UIGNvbG9yPSNmZjAwMDAgDQpzaXplPTU+OTAlPC9GT05UPjxGT05UIGNvbG9y PSMwMDAwMDAgc2l6ZT00PiB1cCB0byA8L0ZPTlQ+PEZPTlQgY29sb3I9I2ZmMDAwMCANCnNp emU9NT4xMjUlPC9GT05UPjxGT05UIGNvbG9yPSMwMDAwMDAgc2l6ZT00PiBvZiB5b3VyIGhv bWVzIHZhbHVlISAocmF0aW9zIHZhcnkgDQpieSBzdGF0ZSk8L0ZPTlQ+PC9CPjwvUD4NCjxQ IGFsaWduPWxlZnQ+PEEgaHJlZj0iaHR0cDovLzM2MzExMzIyMTciIA0KdGFyZ2V0PV9ibGFu az48Qj48Zm9udCBzaXplPSI1IiBjb2xvcj0iIzgwMDA4MCI+RGVidCBDb25zb2xpZGF0aW9u PC9mb250PjwvQj48L0E+PEZPTlQgY29sb3I9IzAwMDAwMCBzaXplPTM+IDxGT05UIGNvbG9y PSMwMDAwMDAgc2l6ZT00Pi0gDQo8Qj5Db21iaW5lIDwvRk9OVD48Rk9OVCBjb2xvcj0jZmYw MDAwIHNpemU9NT5hbGw8L0ZPTlQ+PEZPTlQgY29sb3I9IzAwMDAwMCANCnNpemU9ND4geW91 ciBiaWxscyBpbnRvIDwvRk9OVD48Rk9OVCBjb2xvcj0jZmYwMDAwIHNpemU9NT5PbmUgTG93 IE1vbnRobHkgDQpQYXltZW50ITwvRk9OVD48L0I+PEJSPjxCUj48L0ZPTlQ+PEI+PEEgDQpo cmVmPSJodHRwOi8vMzYzMTEzMjIxNyIgdGFyZ2V0PV9ibGFuaz48Zm9udCBzaXplPSI1IiBj b2xvcj0iIzgwMDA4MCI+Rmlyc3QgVGltZSBIb21lIEJ1eWVyczwvZm9udD48L0E+PEZPTlQg Y29sb3I9IzAwMDAwMCBzaXplPTM+IC0gDQo8Rk9OVCBjb2xvcj0jMDAwMDAwIHNpemU9ND5X ZSBjYW4gaGVscCB5b3UgYnV5IHdpdGggPEZPTlQgY29sb3I9I2ZmMDAwMCANCnNpemU9NT5M b3c8L0ZPTlQ+PC9GT05UPjxGT05UIGNvbG9yPSNmZjAwMDAgc2l6ZT01PiBNb25leSBEb3du PC9GT05UPjxGT05UIA0KY29sb3I9IzAwMDAwMCBzaXplPTQ+LCBhbmQgZXZlbiA8L0ZPTlQ+ PEZPTlQgY29sb3I9I2ZmMDAwMCBzaXplPTU+R2V0IENhc2ggDQpCYWNrITwvRk9OVD48L0ZP TlQ+PC9CPjwvUD48L0k+DQo8UCBhbGlnbj1jZW50ZXI+PEJJRz48QklHPjxGT05UIGNvbG9y PSNmZjAwMDA+KjwvRk9OVD48L0JJRz5BbGwgcmF0ZXMgYXJlIGJhc2VkIA0Kb24gcXVhbGlm aWNhdGlvbiE8L0JJRz48L1A+DQo8UCBhbGlnbj1jZW50ZXI+PEI+PEk+PEZPTlQgY29sb3I9 IzAwMDAwMCBzaXplPTY+V2UgaGF2ZSBwcm9ncmFtcyBmb3IgDQo8L0ZPTlQ+PEZPTlQgY29s b3I9I2ZmMDAwMCBzaXplPTY+PFU+RVZFUlk8L1U+PC9GT05UPjxGT05UIGNvbG9yPSMwMDAw MDAgc2l6ZT02PiANCmNyZWRpdCBzaXR1YXRpb24hPC9GT05UPjxCUj48QlI+PEEgaHJlZj0i aHR0cDovLzM2MzExMzIyMTciIHRhcmdldD1fYmxhbms+PEZPTlQgDQpjb2xvcj0jMDAwMGZm IHNpemU9NT5DbGljayBoZXJlIGZvciB5b3VyIEZSRUUgUkFURSBRVU9URSE8L0ZPTlQ+PC9B PjwvST48L0I+PC9QPg0KPFAgYWxpZ249bGVmdD48Rk9OVCBjb2xvcj0jMDA4MDAwPjxTVFJP Tkc+JnF1b3Q7VGhpcyBtZXNzYWdlIGlzIGJlaW5nIHNlbnQgdG8NCnlvdSBpbiBjb21wbGlh bmNlIHdpdGgmbmJzcDtCaWxsIFMuIDE2MTggVGl0bGUgSUlJIHBhc3NlZCBieSB0aGUgMTA1 dGggVVMNCkNvbmdyZXNzLCB3aGljaCBzdGF0ZXMgdGhhdCB0aGlzIGxldHRlciBjYW4gbm90 IGJlIGNvbnNpZGVyZWQgc3BhbSBhcyBsb25nIGFzIHdlDQppbmNsdWRlICgxKSBWYWxpZCBD b250YWN0IEluZm9ybWF0aW9uIGFuZCAoMikmbmJzcDthIHdheSB0byBiZSByZW1vdmVkIGZy b20gYW55DQpmdXJ0aGVyIHRyYW5zbWlzc2lvbnMgYXQgbm8gY29zdCB0byB5b3UgYnkgc3Vi bWl0dGluZyBhIHJlcXVlc3QgdG8gYmUNCnJlbW92ZWQuJnF1b3Q7IC4gPGEgaHJlZj0iaHR0 cDovLzM2MzExMzIyMTcvcmVtb3ZlLmh0bSI+Q2xpY2sgSGVyZSB0byBTZW5kIGEgUmVtb3Zl IFJlcXVlc3Q8L2E+Lg0KJnF1b3Q7V2UgaG9ub3IgYWxsIHJlbW92ZSBlbWFpbCBhZGRyZXNz IHJlcXVlc3RzJm5ic3A7aW1tZWRpYXRlbHkuJnF1b3Q7PC9TVFJPTkc+PC9GT05UPjwvUD48 L0JPRFk+PC9IVE1MPg== ------=_NextPart_000_001__301324243_75217.49-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Oct 19 10:48:58 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.cableaz.com (mail.cableaz.com [63.241.154.20]) by hub.freebsd.org (Postfix) with ESMTP id 9098637B408 for ; Fri, 19 Oct 2001 10:48:54 -0700 (PDT) Received: from caz ([63.241.150.53]) by mail.cableaz.com (Build 101 8.9.3/NT-8.9.3) with SMTP id KAA00888 for ; Fri, 19 Oct 2001 10:43:09 -0700 Message-ID: <000801c158c6$235dc000$3596f13f@caz> From: "Jeremy Buckner" To: Subject: Mail Quotas Date: Fri, 19 Oct 2001 10:47:35 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C1588B.7681C8C0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0005_01C1588B.7681C8C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I currently have quotas enabled on my users mail boxes (30MB). The = problem I run into is that when the quota is exceeded, they can't log = into the mailbox to clean it out. They get an error saying "failed to = connect...quota exceeded" or something of that nature. Is there a way to = configure it so that instead of the admin (me) having to delete a = portion of their mail to gain access again, can I make it so they can at = least log in to download all their mail before sending again? Any help = would be appreciated.. Oh yea my config is like this: FreeBSD 4.3 / Sendmail / Qpopper... Jeremy Buckner =20 ------=_NextPart_000_0005_01C1588B.7681C8C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
I currently = have quotas=20 enabled on my users mail boxes (30MB). The problem I run into is that = when the=20 quota is exceeded, they can't log into the mailbox to clean it out. They = get an=20 error saying "failed to connect...quota exceeded" or something of that = nature.=20 Is there a way to configure it so that instead of the admin (me) having = to=20 delete a portion of their mail to gain access again, can I make it so = they can=20 at least log in to download all their mail before sending again? Any = help would=20 be appreciated..
 
Oh yea my = config is like=20 this: FreeBSD 4.3 / Sendmail / Qpopper...
 
Jeremy = Buckner
 
 
------=_NextPart_000_0005_01C1588B.7681C8C0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Oct 19 10:54:44 2001 Delivered-To: freebsd-isp@freebsd.org Received: from tsunami.acidpit.org (tsunami.acidpit.org [206.190.163.234]) by hub.freebsd.org (Postfix) with ESMTP id 0962537B403 for ; Fri, 19 Oct 2001 10:54:34 -0700 (PDT) Received: (from rch@localhost) by tsunami.acidpit.org (8.11.3/8.11.3) id f9JHsKm28406; Fri, 19 Oct 2001 13:54:20 -0400 (EDT) (envelope-from rch@acidpit.org) Date: Fri, 19 Oct 2001 13:54:20 -0400 From: Robert Hough To: Jeremy Buckner Cc: isp@FreeBSD.ORG Subject: Re: Mail Quotas Message-ID: <20011019135420.A28355@acidpit.org> References: <000801c158c6$235dc000$3596f13f@caz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <000801c158c6$235dc000$3596f13f@caz>; from jeremy@cableaz.com on Fri, Oct 19, 2001 at 10:47:35 -0700 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ran into this awhile back at my last place of employment. The problem is the pop.lock that qpopper creates. If memory serves me, we got around this problem once we dumped qpopper. We switched to cucipop, which was pretty much a dream come true for us. YMMV... On Fri, Oct 19, 2001, Jeremy Buckner wrote: > I currently have quotas enabled on my users mail boxes (30MB). The problem I run into is that when the quota is exceeded, they can't log into the mailbox to clean it out. They get an error saying "failed to connect...quota exceeded" or something of that nature. Is there a way to configure it so that instead of the admin (me) having to delete a portion of their mail to gain access again, can I make it so they can at least log in to download all their mail before sending again? Any help would be appreciated.. > > Oh yea my config is like this: FreeBSD 4.3 / Sendmail / Qpopper... > > Jeremy Buckner > > -- Robert Hough (rch@acidpit.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Oct 20 18:53:20 2001 Delivered-To: freebsd-isp@freebsd.org Received: from femail4.sdc1.sfba.home.com (femail4.sdc1.sfba.home.com [24.0.95.84]) by hub.freebsd.org (Postfix) with ESMTP id E3A4137B403 for ; Sat, 20 Oct 2001 18:53:18 -0700 (PDT) Received: from veager.jwweeks.com ([65.14.122.116]) by femail4.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20011021015318.QDIS571.femail4.sdc1.sfba.home.com@veager.jwweeks.com> for ; Sat, 20 Oct 2001 18:53:18 -0700 Date: Sat, 20 Oct 2001 21:53:16 -0400 (EDT) From: Jim Weeks X-Sender: jim@veager.jwweeks.com To: freebsd-isp@freebsd.org Subject: arplookup failed: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Would someone please check me on this. I know this has been discussed before and I want to make sure I understand correctly. I am receiving the following error, Oct 20 21:16:21 server /kernel: arplookup XXX.XXX.XXX.XXX failed: host is not on local network Indeed the server issuing the request is not on the same subnet. If I understand arp correctly, the kernel is not able to respond to a mac address not directly connected to the subnet of the responding machine. After looking at the results of "tcpdump -n -e -p arp", I see a lot of traffic from several subnets. Should I be seeing arp requests other than those initiated by my default gateway or other machines on the same subnet? Why would this machine be issuing request for interfaces connected to a different subnet, and if it should, why isn't it directing the requests to my default gateway? Am I correct in assuming that this is a routing problem and not something I can correct from my end? Thanks in advance, -- Jim Weeks To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Oct 20 19: 2: 6 2001 Delivered-To: freebsd-isp@freebsd.org Received: from 4evermail.com (equinox.4evermail.com [204.92.209.4]) by hub.freebsd.org (Postfix) with SMTP id 78DEE37B403 for ; Sat, 20 Oct 2001 19:02:03 -0700 (PDT) Received: (qmail 36031 invoked from network); 21 Oct 2001 02:03:18 -0000 Received: from 66-65-109-16.nyc.rr.com (HELO sioux) (66.65.109.16) by equinox.4evermail.com with SMTP; 21 Oct 2001 02:03:18 -0000 From: "Jonathan M. Slivko" To: "'Jim Weeks'" , Subject: RE: arplookup failed: Date: Sat, 20 Oct 2001 22:02:07 -0400 Message-ID: <002401c159d4$63c1ab20$6501a8c0@sioux> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Jim, What you may have done is you may have set your NIC card into promiscuous mode, which tells the NIC card to intercept all packets on that network, not just the ones meant for that particular machine. What you may have seen could have been a result of that. -- Jonathan --------------------------------------------------- Jonathan Slivko - 4EverMail.COM - www.4evermail.com Web Hosting - Web Desgin - UNIX Shell Accounts JSlivko@4evermail.com - Phone: (212) 663-1109 -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG] On Behalf Of Jim Weeks Sent: Saturday, October 20, 2001 9:53 PM To: freebsd-isp@freebsd.org Subject: arplookup failed: Would someone please check me on this. I know this has been discussed before and I want to make sure I understand correctly. I am receiving the following error, Oct 20 21:16:21 server /kernel: arplookup XXX.XXX.XXX.XXX failed: host is not on local network Indeed the server issuing the request is not on the same subnet. If I understand arp correctly, the kernel is not able to respond to a mac address not directly connected to the subnet of the responding machine. After looking at the results of "tcpdump -n -e -p arp", I see a lot of traffic from several subnets. Should I be seeing arp requests other than those initiated by my default gateway or other machines on the same subnet? Why would this machine be issuing request for interfaces connected to a different subnet, and if it should, why isn't it directing the requests to my default gateway? Am I correct in assuming that this is a routing problem and not something I can correct from my end? Thanks in advance, -- Jim Weeks To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Oct 20 19:12: 2 2001 Delivered-To: freebsd-isp@freebsd.org Received: from femail4.sdc1.sfba.home.com (femail4.sdc1.sfba.home.com [24.0.95.84]) by hub.freebsd.org (Postfix) with ESMTP id CB52C37B401 for ; Sat, 20 Oct 2001 19:11:59 -0700 (PDT) Received: from veager.jwweeks.com ([65.14.122.116]) by femail4.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20011021021159.QNVL571.femail4.sdc1.sfba.home.com@veager.jwweeks.com>; Sat, 20 Oct 2001 19:11:59 -0700 Date: Sat, 20 Oct 2001 22:11:58 -0400 (EDT) From: Jim Weeks X-Sender: jim@veager.jwweeks.com To: "Jonathan M. Slivko" Cc: freebsd-isp@FreeBSD.ORG Subject: RE: arplookup failed: In-Reply-To: <002401c159d4$63c1ab20$6501a8c0@sioux> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thats entirely possible. I think I did run trafshow which would do that, but I am pretty sure the machine has been rebooted since doing so. Promiscuous mode wouldn't survive a hot boot would it? -- Jim Weeks On Sat, 20 Oct 2001, Jonathan M. Slivko wrote: > Jim, > > What you may have done is you may have set your NIC card into > promiscuous mode, which tells the NIC card to intercept all packets on > that network, not just the ones meant for that particular machine. What > you may have seen could have been a result of that. -- Jonathan > > --------------------------------------------------- > Jonathan Slivko - 4EverMail.COM - www.4evermail.com > Web Hosting - Web Desgin - UNIX Shell Accounts > JSlivko@4evermail.com - Phone: (212) 663-1109 > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG] On Behalf Of Jim Weeks > Sent: Saturday, October 20, 2001 9:53 PM > To: freebsd-isp@freebsd.org > Subject: arplookup failed: > > Would someone please check me on this. I know this has been discussed > before and I want to make sure I understand correctly. > > I am receiving the following error, > > Oct 20 21:16:21 server /kernel: arplookup XXX.XXX.XXX.XXX failed: host > is > not on local network > > Indeed the server issuing the request is not on the same subnet. If I > understand arp correctly, the kernel is not able to respond to a mac > address not directly connected to the subnet of the responding machine. > > After looking at the results of "tcpdump -n -e -p arp", I see a lot of > traffic from several subnets. Should I be seeing arp requests other > than > those initiated by my default gateway or other machines on the same > subnet? > > Why would this machine be issuing request for interfaces connected to a > different subnet, and if it should, why isn't it directing the requests > to my default gateway? > > Am I correct in assuming that this is a routing problem and not > something > I can correct from my end? > > Thanks in advance, > > -- > Jim Weeks > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Oct 20 19:13:47 2001 Delivered-To: freebsd-isp@freebsd.org Received: from 4evermail.com (equinox.4evermail.com [204.92.209.4]) by hub.freebsd.org (Postfix) with SMTP id 1360337B401 for ; Sat, 20 Oct 2001 19:13:43 -0700 (PDT) Received: (qmail 36254 invoked from network); 21 Oct 2001 02:14:58 -0000 Received: from 66-65-109-16.nyc.rr.com (HELO sioux) (66.65.109.16) by equinox.4evermail.com with SMTP; 21 Oct 2001 02:14:58 -0000 From: "Jonathan M. Slivko" To: "'Jim Weeks'" Cc: Subject: RE: arplookup failed: Date: Sat, 20 Oct 2001 22:13:47 -0400 Message-ID: <002501c159d6$05139f50$6501a8c0@sioux> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I think tcpdump does the same thing as trafshow, essentially. As far as promiscuous mode surviving a hot boot, I have no idea. Someone else on the list might be better suited to answer that question. -- Jonathan --------------------------------------------------- Jonathan Slivko - 4EverMail.COM - www.4evermail.com Web Hosting - Web Desgin - UNIX Shell Accounts JSlivko@4evermail.com - Phone: (212) 663-1109 -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG] On Behalf Of Jim Weeks Sent: Saturday, October 20, 2001 10:12 PM To: Jonathan M. Slivko Cc: freebsd-isp@FreeBSD.ORG Subject: RE: arplookup failed: Thats entirely possible. I think I did run trafshow which would do that, but I am pretty sure the machine has been rebooted since doing so. Promiscuous mode wouldn't survive a hot boot would it? -- Jim Weeks On Sat, 20 Oct 2001, Jonathan M. Slivko wrote: > Jim, > > What you may have done is you may have set your NIC card into > promiscuous mode, which tells the NIC card to intercept all packets on > that network, not just the ones meant for that particular machine. What > you may have seen could have been a result of that. -- Jonathan > > --------------------------------------------------- > Jonathan Slivko - 4EverMail.COM - www.4evermail.com > Web Hosting - Web Desgin - UNIX Shell Accounts > JSlivko@4evermail.com - Phone: (212) 663-1109 > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG] On Behalf Of Jim Weeks > Sent: Saturday, October 20, 2001 9:53 PM > To: freebsd-isp@freebsd.org > Subject: arplookup failed: > > Would someone please check me on this. I know this has been discussed > before and I want to make sure I understand correctly. > > I am receiving the following error, > > Oct 20 21:16:21 server /kernel: arplookup XXX.XXX.XXX.XXX failed: host > is > not on local network > > Indeed the server issuing the request is not on the same subnet. If I > understand arp correctly, the kernel is not able to respond to a mac > address not directly connected to the subnet of the responding machine. > > After looking at the results of "tcpdump -n -e -p arp", I see a lot of > traffic from several subnets. Should I be seeing arp requests other > than > those initiated by my default gateway or other machines on the same > subnet? > > Why would this machine be issuing request for interfaces connected to a > different subnet, and if it should, why isn't it directing the requests > to my default gateway? > > Am I correct in assuming that this is a routing problem and not > something > I can correct from my end? > > Thanks in advance, > > -- > Jim Weeks > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Oct 20 19:23:38 2001 Delivered-To: freebsd-isp@freebsd.org Received: from femail4.sdc1.sfba.home.com (femail4.sdc1.sfba.home.com [24.0.95.84]) by hub.freebsd.org (Postfix) with ESMTP id C60B637B401 for ; Sat, 20 Oct 2001 19:23:34 -0700 (PDT) Received: from veager.jwweeks.com ([65.14.122.116]) by femail4.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20011021022334.QULQ571.femail4.sdc1.sfba.home.com@veager.jwweeks.com>; Sat, 20 Oct 2001 19:23:34 -0700 Date: Sat, 20 Oct 2001 22:23:33 -0400 (EDT) From: Jim Weeks X-Sender: jim@veager.jwweeks.com To: "Jonathan M. Slivko" Cc: freebsd-isp@FreeBSD.ORG Subject: RE: arplookup failed: In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I suppose that wasn't a relevant question since ifconfig -a doesn't include PROMISC for xl0. I'l keep digging :/ xl0: flags=8843 mtu 1500 -- Jim Weeks On Sat, 20 Oct 2001, Jim Weeks wrote: > Thats entirely possible. I think I did run trafshow which would do that, > but I am pretty sure the machine has been rebooted since doing > so. Promiscuous mode wouldn't survive a hot boot would it? > > -- > Jim Weeks > > > On Sat, 20 Oct 2001, Jonathan M. Slivko wrote: > > > Jim, > > > > What you may have done is you may have set your NIC card into > > promiscuous mode, which tells the NIC card to intercept all packets on > > that network, not just the ones meant for that particular machine. What > > you may have seen could have been a result of that. -- Jonathan > > > > --------------------------------------------------- > > Jonathan Slivko - 4EverMail.COM - www.4evermail.com > > Web Hosting - Web Desgin - UNIX Shell Accounts > > JSlivko@4evermail.com - Phone: (212) 663-1109 > > > > -----Original Message----- > > From: owner-freebsd-isp@FreeBSD.ORG > > [mailto:owner-freebsd-isp@FreeBSD.ORG] On Behalf Of Jim Weeks > > Sent: Saturday, October 20, 2001 9:53 PM > > To: freebsd-isp@freebsd.org > > Subject: arplookup failed: > > > > Would someone please check me on this. I know this has been discussed > > before and I want to make sure I understand correctly. > > > > I am receiving the following error, > > > > Oct 20 21:16:21 server /kernel: arplookup XXX.XXX.XXX.XXX failed: host > > is > > not on local network > > > > Indeed the server issuing the request is not on the same subnet. If I > > understand arp correctly, the kernel is not able to respond to a mac > > address not directly connected to the subnet of the responding machine. > > > > After looking at the results of "tcpdump -n -e -p arp", I see a lot of > > traffic from several subnets. Should I be seeing arp requests other > > than > > those initiated by my default gateway or other machines on the same > > subnet? > > > > Why would this machine be issuing request for interfaces connected to a > > different subnet, and if it should, why isn't it directing the requests > > to my default gateway? > > > > Am I correct in assuming that this is a routing problem and not > > something > > I can correct from my end? > > > > Thanks in advance, > > > > -- > > Jim Weeks > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Oct 20 19:36:56 2001 Delivered-To: freebsd-isp@freebsd.org Received: from velvet.sensation.net.au (serial1-2-velvet-brunswick.sensation.net.au [203.20.114.195]) by hub.freebsd.org (Postfix) with ESMTP id 4A0E737B403 for ; Sat, 20 Oct 2001 19:36:52 -0700 (PDT) Received: from localhost (rowan@localhost) by velvet.sensation.net.au (8.9.3/8.9.3) with ESMTP id MAA36342 for ; Sun, 21 Oct 2001 12:36:53 +1000 (EST) (envelope-from rowan@sensation.net.au) X-Authentication-Warning: velvet.sensation.net.au: rowan owned process doing -bs Date: Sun, 21 Oct 2001 12:36:52 +1000 (EST) From: Rowan Crowe To: freebsd-isp@freebsd.org Subject: Re: arplookup failed: In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, 20 Oct 2001, Jim Weeks wrote: > Would someone please check me on this. I know this has been discussed > before and I want to make sure I understand correctly. > > I am receiving the following error, > > Oct 20 21:16:21 server /kernel: arplookup XXX.XXX.XXX.XXX failed: host is > not on local network > > Indeed the server issuing the request is not on the same subnet. If I > understand arp correctly, the kernel is not able to respond to a mac > address not directly connected to the subnet of the responding machine. > > After looking at the results of "tcpdump -n -e -p arp", I see a lot of > traffic from several subnets. Should I be seeing arp requests other than > those initiated by my default gateway or other machines on the same > subnet? Hi Jim, I had this problem when REPLY packets from a host on a different subnet, but same physical wire, were arriving directly back at my box, rather than via the gateway for its own subnet. Presumably the remote host thought it could be smart by bypassing the gateway. See where a traceroute from the other server goes? Cheers. -- Rowan Crowe camrecord.com / camdiscover.com / Sensation Internet Services Melbourne, Australia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Oct 20 19:47:54 2001 Delivered-To: freebsd-isp@freebsd.org Received: from femail4.sdc1.sfba.home.com (femail4.sdc1.sfba.home.com [24.0.95.84]) by hub.freebsd.org (Postfix) with ESMTP id 834A737B403 for ; Sat, 20 Oct 2001 19:47:51 -0700 (PDT) Received: from veager.jwweeks.com ([65.14.122.116]) by femail4.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20011021024751.RGOP571.femail4.sdc1.sfba.home.com@veager.jwweeks.com>; Sat, 20 Oct 2001 19:47:51 -0700 Date: Sat, 20 Oct 2001 22:47:50 -0400 (EDT) From: Jim Weeks X-Sender: jim@veager.jwweeks.com To: Rowan Crowe Cc: freebsd-isp@FreeBSD.ORG Subject: Re: arplookup failed: In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org A traceroute from my server back to the offending machine travels through my default gateway, which is how it should be, I think. Or shouldn't the trace also show the gateway for the offending machine? -- Jim Weeks On Sun, 21 Oct 2001, Rowan Crowe wrote: > On Sat, 20 Oct 2001, Jim Weeks wrote: > > > Would someone please check me on this. I know this has been discussed > > before and I want to make sure I understand correctly. > > > > I am receiving the following error, > > > > Oct 20 21:16:21 server /kernel: arplookup XXX.XXX.XXX.XXX failed: host is > > not on local network > > > > Indeed the server issuing the request is not on the same subnet. If I > > understand arp correctly, the kernel is not able to respond to a mac > > address not directly connected to the subnet of the responding machine. > > > > After looking at the results of "tcpdump -n -e -p arp", I see a lot of > > traffic from several subnets. Should I be seeing arp requests other than > > those initiated by my default gateway or other machines on the same > > subnet? > > Hi Jim, > > I had this problem when REPLY packets from a host on a different subnet, > but same physical wire, were arriving directly back at my box, rather than > via the gateway for its own subnet. Presumably the remote host thought it > could be smart by bypassing the gateway. See where a traceroute from the > other server goes? > > Cheers. > > > -- > Rowan Crowe > camrecord.com / camdiscover.com / Sensation Internet Services > Melbourne, Australia > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Oct 20 19:51: 6 2001 Delivered-To: freebsd-isp@freebsd.org Received: from velvet.sensation.net.au (serial1-2-velvet-brunswick.sensation.net.au [203.20.114.195]) by hub.freebsd.org (Postfix) with ESMTP id 5E70137B403 for ; Sat, 20 Oct 2001 19:51:03 -0700 (PDT) Received: from localhost (rowan@localhost) by velvet.sensation.net.au (8.9.3/8.9.3) with ESMTP id MAA36404 for ; Sun, 21 Oct 2001 12:51:05 +1000 (EST) (envelope-from rowan@sensation.net.au) X-Authentication-Warning: velvet.sensation.net.au: rowan owned process doing -bs Date: Sun, 21 Oct 2001 12:51:05 +1000 (EST) From: Rowan Crowe To: freebsd-isp@freebsd.org Subject: Re: arplookup failed: In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, 20 Oct 2001, Jim Weeks wrote: > A traceroute from my server back to the offending machine travels through > my default gateway, which is how it should be, I think. Or shouldn't the > trace also show the gateway for the offending machine? Hello Jim, Are you able to trace back from the other end? That's what I was getting at. If you can't, then use tcpdump -e to compare ethernet addresses; see if the packets FROM the other server have the source ethernet address of your gateway. If not, then something is funny (like the host sending directly...) Cheers. -- Rowan Crowe camrecord.com / camdiscover.com / Sensation Internet Services Melbourne, Australia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Oct 20 19:57:16 2001 Delivered-To: freebsd-isp@freebsd.org Received: from femail4.sdc1.sfba.home.com (femail4.sdc1.sfba.home.com [24.0.95.84]) by hub.freebsd.org (Postfix) with ESMTP id E3C4B37B401 for ; Sat, 20 Oct 2001 19:57:13 -0700 (PDT) Received: from veager.jwweeks.com ([65.14.122.116]) by femail4.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20011021025713.RKSZ571.femail4.sdc1.sfba.home.com@veager.jwweeks.com>; Sat, 20 Oct 2001 19:57:13 -0700 Date: Sat, 20 Oct 2001 22:57:12 -0400 (EDT) From: Jim Weeks X-Sender: jim@veager.jwweeks.com To: Rowan Crowe Cc: freebsd-isp@FreeBSD.ORG Subject: Re: arplookup failed: In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ok, thats what I thought you meant. No, I can login to the offending machine to do the trace, I'll try your idea. Thanks, -- Jim Weeks On Sun, 21 Oct 2001, Rowan Crowe wrote: > On Sat, 20 Oct 2001, Jim Weeks wrote: > > > A traceroute from my server back to the offending machine travels through > > my default gateway, which is how it should be, I think. Or shouldn't the > > trace also show the gateway for the offending machine? > > Hello Jim, > > Are you able to trace back from the other end? That's what I was getting > at. > > If you can't, then use tcpdump -e to compare ethernet addresses; see if > the packets FROM the other server have the source ethernet address of your > gateway. If not, then something is funny (like the host sending > directly...) > > Cheers. > > > -- > Rowan Crowe > camrecord.com / camdiscover.com / Sensation Internet Services > Melbourne, Australia > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Oct 20 20: 3:44 2001 Delivered-To: freebsd-isp@freebsd.org Received: from femail4.sdc1.sfba.home.com (femail4.sdc1.sfba.home.com [24.0.95.84]) by hub.freebsd.org (Postfix) with ESMTP id 8A0A337B403 for ; Sat, 20 Oct 2001 20:03:42 -0700 (PDT) Received: from veager.jwweeks.com ([65.14.122.116]) by femail4.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20011021030342.RNUQ571.femail4.sdc1.sfba.home.com@veager.jwweeks.com>; Sat, 20 Oct 2001 20:03:42 -0700 Date: Sat, 20 Oct 2001 23:03:41 -0400 (EDT) From: Jim Weeks X-Sender: jim@veager.jwweeks.com To: Rowan Crowe Cc: freebsd-isp@FreeBSD.ORG Subject: Re: arplookup failed: In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, 21 Oct 2001, Rowan Crowe wrote: > If you can't, then use tcpdump -e to compare ethernet addresses; see if > the packets FROM the other server have the source ethernet address of your > gateway. If not, then something is funny (like the host sending > directly...) Wait, already done that, and no the offending machine doesn't show the same mac address as my default gateway. Is this what you meant? -- Jim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message