From owner-freebsd-isp@FreeBSD.ORG Mon May 30 01:47:25 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 467BB16A41C; Mon, 30 May 2005 01:47:25 +0000 (GMT) (envelope-from ganbold@micom.mng.net) Received: from publicd.ub.mng.net (publicd.ub.mng.net [202.179.0.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 22B0043D1D; Mon, 30 May 2005 01:47:21 +0000 (GMT) (envelope-from ganbold@micom.mng.net) Received: from [202.179.0.164] (helo=ganbold.micom.mng.net) by publicd.ub.mng.net with esmtpa (Exim 4.43 (FreeBSD)) id 1DcZbz-000Dsn-Ho; Mon, 30 May 2005 11:02:39 +0900 Message-Id: <6.2.1.2.2.20050530103618.03216770@202.179.0.80> X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2 Date: Mon, 30 May 2005 10:46:53 +0900 To: freebsd-stable@FreeBSD.org From: Ganbold Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Cc: freebsd-isp@freebsd.org, freebsd-hackers@freebsd.org, rwatson@freebsd.org, freebsd-questions@freebsd.org, freebsd-users@freebsd.org Subject: TFTP server problem X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2005 01:47:25 -0000 Hi Robert and all, I'm really sorry for my cross posting, I posted my problem a year ago and I'm still having trouble with tftp server. I switched to Windows tftp server like 3Com 3C daemon for a while and now I want to use tftp server on FreeBSD. I'm using FreeBSD 5.4-STABLE and I tested default tftp server in inetd.conf with options -s and -l. tftp dgram udp wait root /usr/libexec/tftpd tftpd -s /tftpboot -l Tftp server hangs after some time (6-7 hours or less) and it seems like entire tftp server stops responding because audio files stopped playing. I would like to use tftp server for IVR with Cisco. I didn't try to use second client while it was not responding. What flags do you recommend in inetd.conf? How to debug tftpd? Is there any other tftp server which is good for IVR? tia, Ganbold From owner-freebsd-isp@FreeBSD.ORG Mon May 30 02:01:04 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 251C316A41C; Mon, 30 May 2005 02:01:04 +0000 (GMT) (envelope-from owner-freebsd-questions@freebsd.org) Received: from rutherford.zen.co.uk (rutherford.zen.co.uk [212.23.3.142]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7678843D1F; Mon, 30 May 2005 02:01:03 +0000 (GMT) (envelope-from owner-freebsd-questions@freebsd.org) Received: from [82.69.255.50] (helo=rtxnetworks.co.uk) by rutherford.zen.co.uk with esmtp (Exim 4.34) id 1DcZaQ-0006xK-OK; Mon, 30 May 2005 02:01:02 +0000 Received: from mail pickup service by rtxnetworks.co.uk with Microsoft SMTPSVC; Mon, 30 May 2005 03:00:43 +0100 thread-index: AcVku2MBaqSq6J/oTgyEsDLH5nHyjw== X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2 Date: Mon, 30 May 2005 03:00:43 +0100 To: From: "Ganbold" Message-ID: <000101c564bb$6301c710$144da8c0@rtxnetworks.local> MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; format=flowed; charset="us-ascii" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Sender: Errors-To: owner-freebsd-questions@freebsd.org X-Zen-Test-Spam-Score: 15 X-Zen-Test-Spam-Bar: (+) X-Originating-Schroedinger-IP: [216.136.204.119] X-Envelope-From: owner-freebsd-questions@freebsd.org X-Envelope-To: james@rtxnetworks.co.uk X-Apparently-To: james@rtxnetworks.co.uk X-Zen-Loop: 4e5e9d7b303bfa0036200918db506edf X-Zen-Stored: hausdorff.zen.co.uk/1DcZSJ-0001Hd-TI/2005-05-30 01:52:39 Content-Class: urn:content-classes:message Importance: normal X-Antivirus: AVG for E-mail 7.0.322 [267.2.0] Priority: normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.181 X-OriginalArrivalTime: 30 May 2005 02:00:43.0484 (UTC) FILETIME=[632331C0:01C564BB] X-Originating-Rutherford-IP: [82.69.255.50] Cc: freebsd-isp@freebsd.org, freebsd-hackers@freebsd.org, rwatson@freebsd.org, freebsd-questions@freebsd.org, freebsd-users@freebsd.org Subject: TFTP server problem X-BeenThere: freebsd-isp@freebsd.org List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2005 02:01:04 -0000 Hi Robert and all, I'm really sorry for my cross posting, I posted my problem a year ago and I'm still having trouble with tftp server. I switched to Windows tftp server like 3Com 3C daemon for a while and now I want to use tftp server on FreeBSD. I'm using FreeBSD 5.4-STABLE and I tested default tftp server in inetd.conf with options -s and -l. tftp dgram udp wait root /usr/libexec/tftpd tftpd -s /tftpboot -l Tftp server hangs after some time (6-7 hours or less) and it seems like entire tftp server stops responding because audio files stopped playing. I would like to use tftp server for IVR with Cisco. I didn't try to use second client while it was not responding. What flags do you recommend in inetd.conf? How to debug tftpd? Is there any other tftp server which is good for IVR? tia, Ganbold _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Mon May 30 20:00:02 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 05DD716A41C for ; Mon, 30 May 2005 20:00:02 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from ns2.wananchi.com (mail.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1FFD143D48 for ; Mon, 30 May 2005 20:00:00 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.51 #0 (FreeBSD 4.11-STABLE)) id 1DcqQW-000F0F-Jk by authid ; Mon, 30 May 2005 22:59:56 +0300 Date: Mon, 30 May 2005 22:59:56 +0300 From: Odhiambo Washington To: Vicky Shrestha Message-ID: <20050530195956.GB54092@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , Vicky Shrestha , freebsd-isp@freebsd.org References: <200505262340.15643.mail@vickysh.wlink.com.np> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200505262340.15643.mail@vickysh.wlink.com.np> X-Disclaimer: Any views expressed in this message, where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.9i (2005-03-13) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.9i Cc: freebsd-isp@freebsd.org Subject: Re: netstat: sysctl: net.inet.tcp.stats: Cannot allocate memory X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2005 20:00:02 -0000 * Vicky Shrestha [20050526 20:56]: wrote: > Dear all, > > I am running FreeBSD 5.4-STABLE and I have a problem with netstat. I cannot > see the tcp sockets stats using netstat -p tcp or netstat command. When using > "netstat -s" command I get "netstat: sysctl: net.inet.tcp.stats: Cannot > allocate memory" > > At first I thought it was a problem with netstat binary ,however even after > copying binary from the other working server with same release of FreeBSD , > it didn't work. > > The only change I made was to built a new kernel with the following options: > # IPSEC > options IPSEC #IP security > options IPSEC_ESP #IP security (crypto; define w/ IPSEC) > > #IPFW > options IPFIREWALL > options IPDIVERT > > I also do cvsup to sync the src and ports, I think the netstat binary and > kernel is out of sync however, when I do make > inside /usr/src/usr.bin/netstat/ it gives me the following errors: > > Warning: Object directory not changed from original /usr/src/usr.bin/netstat > cc -O -pipe -DIPSEC -DINET6 -Wsystem-headers -Wall -Wno-format-y2k > -Wno-uninitialized -c inet.c > inet.c:54:29: netinet/ip_carp.h: No such file or directory > inet.c: In function `tcp_stats': > inet.c:467: error: structure has no member named `tcps_sack_sboverflow' > inet.c:467: error: structure has no member named `tcps_sack_sboverflow' > inet.c: In function `carp_stats': > inet.c:536: error: storage size of 'carpstat' isn't known > inet.c:536: error: storage size of 'zerostat' isn't known > inet.c:537: error: invalid application of `sizeof' to incomplete type > `carpstats' > inet.c:536: warning: unused variable `carpstat' > inet.c:536: warning: unused variable `zerostat' > *** Error code 1 > > Stop in /usr/src/usr.bin/netstat. > > How can I resolve this issue, help and pointers to the web will be > appreciated. Read the handbook about how to sync kernel and userland cvsup for src make buildworld make kernel reboot mergemaster make installworld ...and everything will be okay. I run FreeBSD 5.4 here and it does not have such problem. -Wash http://www.netmeister.org/news/learn2quote.html -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ Crime does not pay ... as well as politics. -- A. E. Neuman From owner-freebsd-isp@FreeBSD.ORG Mon May 30 20:08:25 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5CD6416A41C for ; Mon, 30 May 2005 20:08:25 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from ns2.wananchi.com (ns2.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8328643D1D for ; Mon, 30 May 2005 20:08:24 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.51 #0 (FreeBSD 4.11-STABLE)) id 1DcqYf-000Fse-TM by authid for ; Mon, 30 May 2005 23:08:21 +0300 Date: Mon, 30 May 2005 23:08:21 +0300 From: Odhiambo Washington To: freebsd-isp@freebsd.org Message-ID: <20050530200821.GF54092@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Disclaimer: Any views expressed in this message, where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.9i (2005-03-13) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.9i Subject: Citadel X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2005 20:08:25 -0000 Hi, Anyone managed to install net/citadel lately? I am wondering what this issue is about "interactive ports"... -Wash -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ "Reflections on Ice-Breaking" Candy Is dandy But liquor Is quicker. -- Ogden Nash From owner-freebsd-isp@FreeBSD.ORG Tue May 31 08:53:22 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC56416A41C for ; Tue, 31 May 2005 08:53:22 +0000 (GMT) (envelope-from jdooley@ugcs.caltech.edu) Received: from beg.ugcs.caltech.edu (beg.ugcs.caltech.edu [131.215.176.69]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7CEBB43D4C for ; Tue, 31 May 2005 08:53:22 +0000 (GMT) (envelope-from jdooley@ugcs.caltech.edu) Received: from beg.ugcs.caltech.edu (localhost [127.0.0.1]) by beg.ugcs.caltech.edu (8.12.8p1/8.12.8/UGCS/5.0) with ESMTP id j4V8rMGT027290 for ; Tue, 31 May 2005 01:53:22 -0700 Received: (from jdooley@localhost) by beg.ugcs.caltech.edu (8.12.8p1/8.12.8/Submit) id j4V8rL1v027289 for freebsd-isp@freebsd.org; Tue, 31 May 2005 01:53:21 -0700 Date: Tue, 31 May 2005 01:53:21 -0700 Message-Id: <200505310853.j4V8rL1v027289@beg.ugcs.caltech.edu> To: freebsd-isp@freebsd.org Auto-Submitted: auto-replied From: jdooley@ugcs.caltech.edu (James Dooley) Delivered-By-The-Graces-Of: The Vacation program Subject: New email address for jdooley X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 May 2005 08:53:22 -0000 Either you sent email to me, or someone spammed it on your behalf. Just want to let you know - this email address is no longer valid. All email sent to it is just deleted. thanks, -james From owner-freebsd-isp@FreeBSD.ORG Wed Jun 1 21:14:55 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9914F16A41C for ; Wed, 1 Jun 2005 21:14:55 +0000 (GMT) (envelope-from jtn@jtn.cx) Received: from securemail.jtn.cx (hindenburg.jtn.cx [67.37.119.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DA3143D4C for ; Wed, 1 Jun 2005 21:14:55 +0000 (GMT) (envelope-from jtn@jtn.cx) Received: by securemail.jtn.cx (Postfix, from userid 1002) id 230F75C96; Wed, 1 Jun 2005 16:14:52 -0500 (EST) Date: Wed, 1 Jun 2005 16:14:52 -0500 From: "Jason T. Nelson" To: freebsd-isp@freebsd.org Message-ID: <20050601211452.GA49444@jtn.cx> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="0OAP2g/MAC+5xKAE" Content-Disposition: inline X-Url: http://www.jtn.cx/~jtn/ User-Agent: Mutt/1.5.6i Subject: back to back bridges X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: jtn@jtn.cx List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jun 2005 21:14:55 -0000 --0OAP2g/MAC+5xKAE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I've run into a bridge problem that has got me stumped. Here's the basic layout: AP 2km 802.11a link client local net <---sis0|--|ath0<---------------------->ath0|--|sis0---> remote n= et The "local net" consists of a Soekris 4526 with a 802.11a card running in= =20 hostap mode and other access points (non-FreeBSD) as well as a router out t= o=20 the Internet connected to an ethernet switch. The "remote net" consists of= =20 nothing more than 2 other APs (non-FreeBSD) and a hub. The client box=20 (Soekris 4526 with 802.11a card) associates to the AP and passes traffic=20 back and forth just great, with the exception of occational duplicated pack= ets which doesn't seem to harm things. BOTH the AP and the client are running the kernel bridge code. This seems to perform just great at the AP end, however, this is not so at the client end. Through some experimentation, I have discovered the following: * On the client, the IP address *must* be on the ath0 interface, otherwise the client is unpingable and otherwise invisible to the AP and the "local net". Likewise, the IP address *must* be on the sis0 interface on the AP or no packets ever seem to make it to the wireless link. * Packets never seem to cross the wireless link from the local net to the remote net, with the exception to the IP address bound to the ath0 interface on the client. Similarly, packets originating from the remote net never seem to cross the wireless link unless they come from the IP address on the ath0 interface. Doing some sniffing on both networks, it would seem that ARPs from one net are never forwarded across the wireless link to the other net. Why would th= is=20 occur? Is there some sort of odd magic involved with two bridged ethernets= =20 sharing a common wireless link? --=20 Jason T. Nelson http://www.jtn.cx/~jtn/ GPG key fingerprint =3D 6272 5482 EDDD D0A3 FED2 262A FABB 599D FF67 6C9E disclaimer: My opinions are my own. Don't bother my employer about them. --0OAP2g/MAC+5xKAE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFCniVM+rtZnf9nbJ4RAjKbAJ9UZeoe2qHa8CfjY9xPG6T8zZCzQgCgib5X 7BuYKBpK5qxHwbP/ZC4iuBg= =I7uQ -----END PGP SIGNATURE----- --0OAP2g/MAC+5xKAE-- From owner-freebsd-isp@FreeBSD.ORG Sat Jun 4 05:10:21 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D7EA716A41C for ; Sat, 4 Jun 2005 05:10:21 +0000 (GMT) (envelope-from john@day-light.com) Received: from joseph.day-light.net (209-145-160-141.accessus.net [209.145.160.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id 99C8A43D48 for ; Sat, 4 Jun 2005 05:10:21 +0000 (GMT) (envelope-from john@day-light.com) Received: from w1 (unknown [10.1.5.36]) by joseph.day-light.net (Postfix) with SMTP id 16F2C4F3E2 for ; Sat, 4 Jun 2005 00:10:20 -0500 (CDT) From: "John Brooks" To: Date: Sat, 4 Jun 2005 00:10:28 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Importance: Normal Subject: inbound ssh ceased on 4 servers at same time X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: john@day-light.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Jun 2005 05:10:22 -0000 today at about noon, all four freebsd servers on a clients lan quit accepting ssh connections. all were running 4.11-release-p4, and had been cvsup'd at the same time from cvs-10, cvs-11, or cvs-12. outbound ssh works as expected to both local openbsd boxes and to remote locations from the affected boxes. there are no host based firewalls involved, and all other network services are operating correctly. netstat shows port 22 as listening. at 11:20 am, ssh was working properly on all boxes. has anybody encountered a situation like this before? -- John Brooks john@day-light.com From owner-freebsd-isp@FreeBSD.ORG Sat Jun 4 17:47:36 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 37E2A16A41C for ; Sat, 4 Jun 2005 17:47:36 +0000 (GMT) (envelope-from reichert@numachi.com) Received: from meisai.numachi.com (meisai.numachi.com [198.175.254.6]) by mx1.FreeBSD.org (Postfix) with SMTP id 9128C43D1F for ; Sat, 4 Jun 2005 17:47:34 +0000 (GMT) (envelope-from reichert@numachi.com) Received: (qmail 55129 invoked from network); 4 Jun 2005 17:47:33 -0000 Received: from natto.numachi.com (198.175.254.216) by meisai.numachi.com with SMTP; 4 Jun 2005 17:47:33 -0000 Received: (qmail 79185 invoked from network); 4 Jun 2005 17:47:32 -0000 Received: from unknown (HELO natto.numachi.com) (127.0.0.1) by natto.numachi.com with SMTP; 4 Jun 2005 17:47:32 -0000 Received: (from reichert@localhost) by natto.numachi.com (8.13.1/8.12.11/Submit) id j54HlWlQ079183; Sat, 4 Jun 2005 13:47:32 -0400 (EDT) (envelope-from reichert@numachi.com) X-Authentication-Warning: natto.numachi.com: reichert set sender to reichert@numachi.com using -f Date: Sat, 4 Jun 2005 13:47:32 -0400 From: Brian Reichert To: John Brooks Message-ID: <20050604174732.GG79969@numachi.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.9i Cc: freebsd-isp@freebsd.org Subject: Re: inbound ssh ceased on 4 servers at same time X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Jun 2005 17:47:36 -0000 On Sat, Jun 04, 2005 at 12:10:28AM -0500, John Brooks wrote: > today at about noon, all four freebsd servers on a clients lan > quit accepting ssh connections. I've been seeing a lot of brute-force sshd attacks, which leave a lot of connections in an awkward state. I've done this for my primary sshd server, and seems to have alleviated my problems: LoginGraceTime 60 MaxStartups 10:30:60 > -- > John Brooks > john@day-light.com -- Brian Reichert 55 Crystal Ave. #286 Daytime number: (603) 434-6842 Derry NH 03038-1725 USA BSD admin/developer at large From owner-freebsd-isp@FreeBSD.ORG Sat Jun 4 18:14:20 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D3B3716A41F for ; Sat, 4 Jun 2005 18:14:20 +0000 (GMT) (envelope-from john@day-light.com) Received: from joseph.day-light.net (209-145-160-141.accessus.net [209.145.160.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A4C143D54 for ; Sat, 4 Jun 2005 18:14:18 +0000 (GMT) (envelope-from john@day-light.com) Received: from w1 (unknown [10.1.5.36]) by joseph.day-light.net (Postfix) with SMTP id 175944F3E2; Sat, 4 Jun 2005 13:14:18 -0500 (CDT) From: "John Brooks" To: "Brian Reichert" Date: Sat, 4 Jun 2005 13:14:28 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <20050604174732.GG79969@numachi.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Cc: freebsd-isp@freebsd.org Subject: RE: inbound ssh ceased on 4 servers at same time X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: john@day-light.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Jun 2005 18:14:20 -0000 Thanks, sounds good to do on the outward facing firewall. These four freebsd boxes are protected behind an openbsd firewall so none of the brute-force sshd attacks have ever reached them. All four machines were updated (buildworld) exactly 30 days earlier, and all developed this behavior at the same time. Seems almost too much of a coincidence. I guess it's time to start checksuming binaries with boxes on other networks not exhibiting this problem. -- John Brooks john@day-light.com > -----Original Message----- > From: Brian Reichert [mailto:reichert@numachi.com] > Sent: Saturday, June 04, 2005 12:48 PM > To: John Brooks > Cc: freebsd-isp@freebsd.org > Subject: Re: inbound ssh ceased on 4 servers at same time > > > On Sat, Jun 04, 2005 at 12:10:28AM -0500, John Brooks wrote: > > today at about noon, all four freebsd servers on a clients lan > > quit accepting ssh connections. > > I've been seeing a lot of brute-force sshd attacks, which leave > a lot of connections in an awkward state. I've done this for my > primary sshd server, and seems to have alleviated my problems: > > LoginGraceTime 60 > MaxStartups 10:30:60 > > > -- > > John Brooks > > john@day-light.com > > -- > Brian Reichert > 55 Crystal Ave. #286 Daytime number: (603) 434-6842 > Derry NH 03038-1725 USA BSD admin/developer > at large > From owner-freebsd-isp@FreeBSD.ORG Sat Jun 4 19:31:42 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D203116A41C for ; Sat, 4 Jun 2005 19:31:42 +0000 (GMT) (envelope-from cody@wilkshire.net) Received: from virusproxy1.wilkshire.net (virusproxy1.wilkshire.net [12.111.120.21]) by mx1.FreeBSD.org (Postfix) with SMTP id 5333843D49 for ; Sat, 4 Jun 2005 19:31:42 +0000 (GMT) (envelope-from cody@wilkshire.net) Received: (qmail 75322 invoked by uid 5020); 4 Jun 2005 19:56:42 -0000 Received: from 12.111.120.20 by virusproxy1.wilkshire.net (envelope-from , uid 5013) with qmail-scanner-1.23 ( Clear:RC:1(12.111.120.20):. Processed in 0.156691 secs); 04 Jun 2005 19:56:42 -0000 Received: from mail.wilkshire.net (12.111.120.20) by virusproxy1.wilkshire.net with SMTP; 4 Jun 2005 19:56:41 -0000 Received: (qmail 74439 invoked by uid 0); 4 Jun 2005 19:28:04 -0000 Received: from unknown (HELO ?192.168.1.155?) (cody@12.111.122.84) by mail.wilkshire.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 4 Jun 2005 19:28:04 -0000 Message-ID: <42A20198.90603@wilkshire.net> Date: Sat, 04 Jun 2005 15:31:36 -0400 From: Cody Baker User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: john@day-light.com References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: inbound ssh ceased on 4 servers at same time X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Jun 2005 19:31:43 -0000 Are they really denying the connections or rather just timing out? We had a similar issue a while back where all of our back end servers on a private network were taking forever/never authenticating SSH and a few other services. It turned out that the reverse lookup started failing because in the past our upstream had 10.x.x.x set in their DNS to deliver an nxdomain. Whatever server they had that reverse zone pointed too was either taken offfline or setup to drop outside requests making it so when any of our systems on this private network would ssh to another it would try the reverse and sit for minutes waiting for a response. We solved this by adding setting our implementing a DNS server on this private network. Thank You, Cody Baker cody@wilkshire.net 330.874.9030 http://www.wilkshire.net John Brooks wrote: >Thanks, sounds good to do on the outward facing firewall. These >four freebsd boxes are protected behind an openbsd firewall so >none of the brute-force sshd attacks have ever reached them. > >All four machines were updated (buildworld) exactly 30 days >earlier, and all developed this behavior at the same time. >Seems almost too much of a coincidence. I guess it's time to >start checksuming binaries with boxes on other networks not >exhibiting this problem. > >-- >John Brooks >john@day-light.com > > > >>-----Original Message----- >>From: Brian Reichert [mailto:reichert@numachi.com] >>Sent: Saturday, June 04, 2005 12:48 PM >>To: John Brooks >>Cc: freebsd-isp@freebsd.org >>Subject: Re: inbound ssh ceased on 4 servers at same time >> >> >>On Sat, Jun 04, 2005 at 12:10:28AM -0500, John Brooks wrote: >> >> >>>today at about noon, all four freebsd servers on a clients lan >>>quit accepting ssh connections. >>> >>> >>I've been seeing a lot of brute-force sshd attacks, which leave >>a lot of connections in an awkward state. I've done this for my >>primary sshd server, and seems to have alleviated my problems: >> >>LoginGraceTime 60 >>MaxStartups 10:30:60 >> >> >> >>>-- >>>John Brooks >>>john@day-light.com >>> >>> >>-- >>Brian Reichert >>55 Crystal Ave. #286 Daytime number: (603) 434-6842 >>Derry NH 03038-1725 USA BSD admin/developer >>at large >> >> >> >_______________________________________________ >freebsd-isp@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-isp >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > >