Work From Home With E-Commerce

From owner-freebsd-isp Sun Dec 16 0:20:31 2001 Delivered-To: freebsd-isp@freebsd.org Received: from leaf.lumiere.net (leaf.lumiere.net [208.44.192.100]) by hub.freebsd.org (Postfix) with ESMTP id A235737B405 for ; Sun, 16 Dec 2001 00:20:29 -0800 (PST) Received: by leaf.lumiere.net (Postfix, from userid 1082) id D875BCD13; Sun, 16 Dec 2001 00:20:28 -0800 (PST) Date: Sun, 16 Dec 2001 00:20:28 -0800 From: Derrick John Klise To: Jeff Lasman Cc: freebsd-isp@freebsd.org Subject: Re: Using DNAT and DNS round-robin Message-ID: <20011216002028.A1264@leaf.lumiere.net> References: <196254713265.20011209213749@hostonfly.com> <3C1C270F.164076BA@nobaloney.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3C1C270F.164076BA@nobaloney.net>; from jblists@nobaloney.net on Sat, Dec 15, 2001 at 08:46:07PM -0800 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Dec 15, 2001 at 08:46:07PM -0800, Jeff Lasman wrote: > Are you sure? I've been looking for a definitive answer in my DNS & > Bind book for about an hour now, and I'm still not certain . Any > page references welcome . IIRC, something like: monkey.example.net IN A 192.168.0.1 IN A 192.168.0.2 IN A 192.168.0.3 > And how about failure rollover? We'd like to offer clients > geographically dispersed hosting; there's a call for it since September > 11th showed everyone of the hazards of hosting at only one location. > But I don't think we can rely on short TTL; too many large ISPs seem to > ignore it . > Is there a way to handle high-availability strictly in DNS? Possibly; I'm unaware of one if there is, though. If you're not too worried about the TTL problem, you could set up a monitoring program to remove an entry from the rotation if it's corresponding address becomes unavailable, then add it when it comes back up. -- Derrick John Klise "I went into a general store, and they wouldn't sell me anything specific". -- Steven Wright To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 16 5:49:28 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailout01.sul.t-online.com (mailout01.sul.t-online.com [194.25.134.80]) by hub.freebsd.org (Postfix) with ESMTP id 0202937B41A for ; Sun, 16 Dec 2001 05:49:12 -0800 (PST) Received: from fwd07.sul.t-online.de by mailout01.sul.t-online.de with smtp id 16FbaT-0007v9-09; Sun, 16 Dec 2001 14:44:17 +0100 Received: from carstenshome (520075190812-0001@[217.230.104.105]) by fwd07.sul.t-online.com with esmtp id 16FbaK-0pby8OC; Sun, 16 Dec 2001 14:44:08 +0100 From: stefan.sonnenberg-carstens@t-online.de (Stefan Sonnenberg-Carstens) To: Subject: Strange load jumps Date: Sun, 16 Dec 2001 14:44:30 +0100 Message-ID: <000001c18637$ca201cf0$0100a8c0@carstenshome> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Sender: 520075190812-0001@t-dialin.net Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi there. I've set up freebsd 4.4-RELEASE mashines running on IBM x330 series hardware. Both with SMP support compiled kernels, apache 1.3.22 and php 4.0.6 with sybase support to connect to an ms sql server. Both have 2 NIC online, one to get over a bigip loadbalancer to the internet, and one internal for database link. Both are running fast and stable, but sometimes the load goes up to 20,30 or even >140 for a few seconds and then comes relativly fast back down to an avg of ~0.5. So the question is, why ? Both mashines have 1GB of RAM, a 1GB swap partition, two 866PIII procs and an adaptec U160SCSI controller, which accesses a 9GB U160 disk. I also attach the kernel config file. Thanks in advance ! > > KERNEL CONFIG > > > > machine i386 > cpu I686_CPU > ident KERNEL > maxusers 512 > > options NMBCLUSTERS=16384 > options MATH_EMULATE #Support for x87 emulation > options INET #InterNETworking > options INET6 #IPv6 communications protocols > options FFS #Berkeley Fast Filesystem > options FFS_ROOT #FFS usable as root device [keep this!] options > SOFTUPDATES #Enable FFS soft updates support > options MFS #Memory Filesystem > options MD_ROOT #MD is a potential root device > options NFS #Network Filesystem > options NFS_ROOT #NFS usable as root device, NFS required > options MSDOSFS #MSDOS Filesystem > options CD9660 #ISO 9660 Filesystem > options CD9660_ROOT #CD-ROM usable as root, CD9660 required > options PROCFS #Process filesystem > options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!] options > SCSI_DELAY=500 #Delay (in ms) before probing SCSI options UCONSOLE > #Allow users to grab the console options USERCONFIG #boot -c editor > options VISUAL_USERCONFIG #visual boot -c editor > options KTRACE #ktrace(1) support > options SYSVSHM #SYSV-style shared memory > options SYSVMSG #SYSV-style message queues > options SYSVSEM #SYSV-style semaphores > options P1003_1B #Posix P1003_1B real-time extensions > options _KPOSIX_PRIORITY_SCHEDULING > options ICMP_BANDLIM #Rate limit bad replies > options KBD_INSTALL_CDEV # install a CDEV entry in /dev > > # To make an SMP kernel, the next two are needed > options SMP # Symmetric MultiProcessor Kernel > options APIC_IO # Symmetric (APIC) I/O > > device isa > device eisa > device pci > > # Floppy drives > device fdc0 at isa? port IO_FD1 irq 6 drq 2 > device fd0 at fdc0 drive 0 > device fd1 at fdc0 drive 1 > # > # If you have a Toshiba Libretto with its Y-E Data PCMCIA floppy, # > don't use the above line for fdc0 but the following one: #device fdc0 > > # ATA and ATAPI devices > device ata0 at isa? port IO_WD1 irq 14 > device ata1 at isa? port IO_WD2 irq 15 > device ata > device atadisk # ATA disk drives > device atapicd # ATAPI CDROM drives > device atapifd # ATAPI floppy drives > device atapist # ATAPI tape drives > options ATA_STATIC_ID #Static device numbering > > # SCSI Controllers > device ahb # EISA AHA1742 family > device ahc # AHA2940 and onboard AIC7xxx devices > device amd # AMD 53C974 (Tekram DC-390(T)) > device isp # Qlogic family > device ncr # NCR/Symbios Logic > device sym # NCR/Symbios Logic (newer chipsets) > options SYM_SETUP_LP_PROBE_MAP=0x40 > # Allow ncr to attach legacy NCR devices when > # both sym and ncr are configured > > device adv0 at isa? > device adw > device bt0 at isa? > device aha0 at isa? > device aic0 at isa? > > device ncv # NCR 53C500 > device nsp # Workbit Ninja SCSI-3 > device stg # TMC 18C30/18C50 > > # SCSI peripherals > device scbus # SCSI bus (required) > device da # Direct Access (disks) > device sa # Sequential Access (tape etc) > device cd # CD > device pass # Passthrough device (direct SCSI access) > > # RAID controllers interfaced to the SCSI subsystem > device asr # DPT SmartRAID V, VI and Adaptec SCSI RAID device dpt > # DPT Smartcache - See LINT for options! device mly # Mylex > AcceleRAID/eXtremeRAID > > # RAID controllers > device aac # Adaptec FSA RAID, Dell PERC2/PERC3 > device ida # Compaq Smart RAID > device amr # AMI MegaRAID > device mlx # Mylex DAC960 family > device twe # 3ware Escalade > > # atkbdc0 controls both the keyboard and the PS/2 mouse device > atkbdc0 at isa? port IO_KBD device atkbd0 at atkbdc? irq 1 flags 0x1 > device psm0 at atkbdc? irq 12 > > device vga0 at isa? > > # splash screen/screen saver > pseudo-device splash > > # syscons is the default console driver, resembling an SCO console > device sc0 at isa? flags 0x100 > > # Enable this and PCVT_FREEBSD for pcvt vt220 compatible console > driver #device vt0 at isa? > #options XSERVER # support for X server on a vt console > #options FAT_CURSOR # start with block cursor > # If you have a ThinkPAD, uncomment this along with the rest of the > PCVT lines #options PCVT_SCANSET=2 # IBM keyboards are non-std > > # Floating point support - do not disable. > device npx0 at nexus? port IO_NPX irq 13 > > # Power management support (see LINT for more options) > device apm0 at nexus? disable flags 0x20 # Advanced Power Management > > # PCCARD (PCMCIA) support > device card > device pcic0 at isa? irq 0 port 0x3e0 iomem 0xd0000 > device pcic1 at isa? irq 0 port 0x3e2 iomem 0xd4000 disable > > # Serial (COM) ports > device sio0 at isa? port IO_COM1 flags 0x10 irq 4 > device sio1 at isa? port IO_COM2 irq 3 > device sio2 at isa? disable port IO_COM3 irq 5 > device sio3 at isa? disable port IO_COM4 irq 9 > > # Parallel port > device ppc0 at isa? irq 7 > device ppbus # Parallel port bus (required) > device lpt # Printer > device plip # TCP/IP over parallel > device ppi # Parallel port interface device > #device vpo # Requires scbus and da > > > # PCI Ethernet NICs. > device de # DEC/Intel DC21x4x (``Tulip'') > device txp # 3Com 3cR990 (``Typhoon'') > device vx # 3Com 3c590, 3c595 (``Vortex'') > > # PCI Ethernet NICs that use the common MII bus controller code. # > NOTE: Be sure to keep the 'device miibus' line in order to use these > NICs! device miibus # MII bus support device dc # DEC/Intel 21143 > and various workalikes device fxp # Intel EtherExpress PRO/100B > (82557, 82558) device pcn # AMD Am79C97x PCI 10/100 NICs > device rl # RealTek 8129/8139 > device sf # Adaptec AIC-6915 (``Starfire'') > device sis # Silicon Integrated Systems SiS 900/SiS 7016 > device ste # Sundance ST201 (D-Link DFE-550TX) > device tl # Texas Instruments ThunderLAN > device tx # SMC EtherPower II (83c170 ``EPIC'') > device vr # VIA Rhine, Rhine II > device wb # Winbond W89C840F > device wx # Intel Gigabit Ethernet Card (``Wiseman'') > device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'') > > # ISA Ethernet NICs. > # 'device ed' requires 'device miibus' > device ed0 at isa? port 0x280 irq 10 iomem 0xd8000 > device ex > device ep > device fe0 at isa? port 0x300 > # Xircom Ethernet > device xe > # PRISM I IEEE 802.11b wireless NIC. > device awi > # WaveLAN/IEEE 802.11 wireless NICs. Note: the WaveLAN/IEEE really # > exists only as a PCMCIA device, so there is no ISA attachment needed # > and resources will always be dynamically assigned by the pccard code. > device wi # Aironet 4500/4800 802.11 wireless NICs. Note: the > declaration below will # work for PCMCIA and PCI cards, as well as ISA > cards set to ISA PnP # mode (the factory default). If you set the > switches on your ISA # card for a manually chosen I/O address and IRQ, > you must specify # those parameters here. > device an > # The probe order of these is presently determined by i386/isa/isa_compat.c. > device ie0 at isa? port 0x300 irq 10 iomem 0xd0000 > #device le0 at isa? port 0x300 irq 5 iomem 0xd0000 > device lnc0 at isa? port 0x280 irq 10 drq 0 > device cs0 at isa? port 0x300 > device sn0 at isa? port 0x300 irq 10 > > # Pseudo devices - the number indicates how many units to allocate. > pseudo-device loop # Network loopback pseudo-device ether # Ethernet > support pseudo-device sl 1 # Kernel SLIP > pseudo-device ppp 1 # Kernel PPP > pseudo-device tun # Packet tunnel. > pseudo-device pty # Pseudo-ttys (telnet etc) > pseudo-device md # Memory "disks" > pseudo-device gif # IPv6 and IPv4 tunneling > pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation) > > # The `bpf' pseudo-device enables the Berkeley Packet Filter. # Be > aware of the administrative consequences of enabling this! > pseudo-device bpf #Berkeley packet filter > > # USB support > device uhci # UHCI PCI->USB interface > device ohci # OHCI PCI->USB interface > device usb # USB Bus (required) > device ugen # Generic > device uhid # "Human Interface Devices" > device ukbd # Keyboard > device ulpt # Printer > device umass # Disks/Mass storage - Requires scbus and da device > ums # Mouse device uscanner # Scanners > # USB Ethernet, requires mii > device aue # ADMtek USB ethernet > device cue # CATC USB ethernet > device kue # Kawasaki LSI USB ethernet > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 16 7:25:19 2001 Delivered-To: freebsd-isp@freebsd.org Received: from niwun.pair.com (niwun.pair.com [209.68.2.70]) by hub.freebsd.org (Postfix) with SMTP id 42F7D37B41B for ; Sun, 16 Dec 2001 07:25:13 -0800 (PST) Received: (qmail 97152 invoked by uid 3193); 16 Dec 2001 15:25:12 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 16 Dec 2001 15:25:12 -0000 Date: Sun, 16 Dec 2001 10:25:12 -0500 (EST) From: Mike Silbersack X-Sender: To: Cc: , Subject: RE: 3Com driver problems In-Reply-To: <176.cf4901.294bd7bc@aol.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 14 Dec 2001 HP889@aol.com wrote: > We dont sell ethernet drivers, and Im not trying to "hide". Why does linux > have specific code to disable the stats under load if Im making this up? Why > can you lock up a FreeBSD 4.4 system with a 3com card at 20Kpps due to > counter overflow interrupts in about 3 seconds? Well, I'm unable to lock up my -current box with a 3c905-tx (non-B or C). However, I can see the delay (apparently) caused by the stat collection routine, which was previously mentioned in the message http://docs.freebsd.org/cgi/getmsg.cgi?fetch=12982+0+archive/2001/freebsd-net/20010114.freebsd-net Interestingly enough, the delay seems to grow as I run the test longer and longer. (My test is ping -s 1400 -i .001 boxwithxlnic.) The delay seems to be able to grow to as much as 12 ms, though it's typically less, around 5 ms or so. If I switch back to the dc interface, I see no delayed packets. I see the hack you refer to in the 3c59x.c driver; I also notice that 3com's official driver (3c90x.c) doesn't contain such a workaround. They must be doing something subtly different which avoids the problem. I have a few ideas, I'll try them out next week and see what I can come up with. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 16 8: 6:15 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailout04.sul.t-online.com (mailout04.sul.t-online.com [194.25.134.18]) by hub.freebsd.org (Postfix) with ESMTP id 60E4C37B41C for ; Sun, 16 Dec 2001 08:06:13 -0800 (PST) Received: from fwd07.sul.t-online.de by mailout04.sul.t-online.de with smtp id 16Fdnk-0004Ri-02; Sun, 16 Dec 2001 17:06:08 +0100 Received: from carstenshome (520075190812-0001@[217.230.104.105]) by fwd07.sul.t-online.com with smtp id 16FdnP-0ENlbcC; Sun, 16 Dec 2001 17:05:47 +0100 Message-ID: <000901c1864b$943190b0$0100a8c0@carstenshome> From: stefan.sonnenberg-carstens@t-online.de (Stefan Sonnenberg-Carstens) To: , References: <000001c18637$ca201cf0$0100a8c0@carstenshome> <20011216101939.C1680@absinthe> Subject: Re: Strange load jumps Date: Sun, 16 Dec 2001 17:06:10 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Sender: 520075190812-0001@t-dialin.net Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I don't think that that's the point, on both mashines the swap space is used by ~ 10 MByte. ----- Original Message ----- From: "Dylan Carlson" To: "Stefan Sonnenberg-Carstens" Sent: Sunday, December 16, 2001 4:19 PM Subject: Re: Strange load jumps > Stefan Sonnenberg-Carstens wrote: > > Hi there. > > Both mashines have 1GB of RAM, a 1GB swap partition, two 866PIII procs > > and > > an adaptec U160SCSI controller, which accesses a 9GB U160 disk. > > The VM algorithms are tuned to have swap slices that are 2 times > physical RAM. I don't believe this is your problem but you should > probably read the tuning(7) manpage anyhow. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 16 9:51:29 2001 Delivered-To: freebsd-isp@freebsd.org Received: from imo-r09.mx.aol.com (imo-r09.mx.aol.com [152.163.225.105]) by hub.freebsd.org (Postfix) with ESMTP id 6FFFE37B41D; Sun, 16 Dec 2001 09:51:24 -0800 (PST) Received: from TD790@aol.com by imo-r09.mx.aol.com (mail_out_v31_r1.9.) id n.14a.5dcd50d (4330); Sun, 16 Dec 2001 12:51:12 -0500 (EST) From: TD790@aol.com Message-ID: <14a.5dcd50d.294e390f@aol.com> Date: Sun, 16 Dec 2001 12:51:11 EST Subject: 3Com driver problems To: hackers@freebsd.org Cc: isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 5.0 for Windows sub 138 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In a message dated 12/16/01 10:25:31 AM Eastern Standard Time, silby@silby.com writes: > Well, I'm unable to lock up my -current box with a 3c905-tx (non-B or C). > However, I can see the delay (apparently) caused by the stat collection > routine, which was previously mentioned in the message > > http://docs.freebsd.org/cgi/getmsg.cgi?fetch=12982+0+archive/2001/freebsd- > net/20010114.freebsd-net > > Interestingly enough, the delay seems to grow as I run the test longer and > longer. (My test is ping -s 1400 -i .001 boxwithxlnic.) The delay seems > to be able to grow to as much as 12 ms, though it's typically less, around > 5 ms or so. If I switch back to the dc interface, I see no delayed > packets. > ping is not a very good test...one of the reasons that most people cant find problems generally. plus you want to use smaller packets to get the pps up. The ave size packet is under 400 bytes on the net and it better simulates real life. Once you saturate the wire the lockup occurs rather quickly....you have to get to the point where the overflows are happening faster than the machine can process the interupts. intels "official" driver for linux locks up quite easily...dont assume that the manufacturer puts out bulletproof drivers, because they dont test them that rigorously. dennis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 16 13:15: 5 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smtp.popsite.net (smtp.popsite.net [216.126.128.17]) by hub.freebsd.org (Postfix) with ESMTP id AA00437B419 for ; Sun, 16 Dec 2001 13:15:03 -0800 (PST) Received: from nobaloney.net (c5T2-131.015.popsite.net [216.126.188.131]) by smtp.popsite.net (Postfix) with ESMTP id 4467E5086C for ; Sun, 16 Dec 2001 15:14:52 -0600 (CST) Message-ID: <3C1D0EF1.783B48AD@nobaloney.net> Date: Sun, 16 Dec 2001 13:15:29 -0800 From: Jeff Lasman Organization: nobaloney.net X-Mailer: Mozilla 4.72 [en] (Win98; U) X-Accept-Language: en,en-US MIME-Version: 1.0 To: freebsd-isp@FreeBSD.ORG Subject: Re: Using DNAT and DNS round-robin References: <196254713265.20011209213749@hostonfly.com> <3C1C270F.164076BA@nobaloney.net> <20011216002028.A1264@leaf.lumiere.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Derrick John Klise wrote: > IIRC, something like: > > monkey.example.net IN A 192.168.0.1 > IN A 192.168.0.2 > IN A 192.168.0.3 Thanks. Finally found it on page 259 of DNS and Bind. > > Is there a way to handle high-availability strictly in DNS? > > Possibly; I'm unaware of one if there is, though. > > If you're not too worried about the TTL problem, you could set up a monitoring > program to remove an entry from the rotation if it's corresponding address > becomes unavailable, then add it when it comes back up. That's exactly what we're planning on. Along with very low TTL. Won't help with AOL, Earthlink, etc., though . Jeff -- Jeff Lasman Linux and Cobalt/Sun/RaQ Consulting nobaloney.net P. O. Box 52672, Riverside, CA 92517 voice: (909) 778-9980 * fax: (702) 548-9484 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 16 14:20:16 2001 Delivered-To: freebsd-isp@freebsd.org Received: from postoffice.aims.com.au (eth0.lnk.aims.com.au [203.31.73.253]) by hub.freebsd.org (Postfix) with ESMTP id 4481637B41C for ; Sun, 16 Dec 2001 14:20:09 -0800 (PST) Received: from postoffice.aims.com.au (nts-ts1.aims.private [192.168.10.2]) by postoffice.aims.com.au with ESMTP id fBGMK7X13292 for ; Mon, 17 Dec 2001 09:20:07 +1100 (EST) (envelope-from chris@aims.com.au) Received: from ntsts1 by aims.com.au with SMTP (MDaemon.v3.5.3.R) for ; Mon, 17 Dec 2001 09:19:26 +1100 Reply-To: From: "Chris Knight" To: Cc: Subject: RE: Using DNAT and DNS round-robin Date: Mon, 17 Dec 2001 09:19:24 +1100 Message-ID: <020c01c1867f$b885ce70$020aa8c0@aims.private> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <3C1C270F.164076BA@nobaloney.net> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Importance: Normal X-Return-Path: chris@aims.com.au X-MDaemon-Deliver-To: freebsd-isp@freebsd.org Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Howdy, > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Jeff Lasman > Sent: Sunday, 16 December 2001 15:46 > To: Dmitry Koltsov; freebsd-isp@FreeBSD.ORG > Subject: Re: Using DNAT and DNS round-robin > > [snip] > And how about failure rollover? We'd like to offer clients > geographically dispersed hosting; there's a call for it since > September 11th showed everyone of the hazards of hosting at > only one location. > But I don't think we can rely on short TTL; too many large > ISPs seem to ignore it . > > Is there a way to handle high-availability strictly in DNS? > You might want to look at Eddieware. It's in the ports tree - www/eddie. It contains a load-balancing DNS engine, plus a swag of other tools to create highly available sites with geopgraphic distribution of servers in mind. Also in the ports tree is net/dns_balance. This may also meet your needs. > Thanks. > > Jeff Regards, Chris Knight Systems Administrator AIMS Independent Computer Professionals Tel: +61 3 6334 6664 Fax: +61 3 6331 7032 Mob: +61 419 528 795 Web: http://www.aims.com.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 16 15:49:39 2001 Delivered-To: freebsd-isp@freebsd.org Received: from inet03.citec.qld.gov.au (inet03.citec.qld.gov.au [203.5.10.10]) by hub.freebsd.org (Postfix) with ESMTP id 57D5E37B419 for ; Sun, 16 Dec 2001 15:49:32 -0800 (PST) Received: by inet03.citec.qld.gov.au; id JAA08489; Mon, 17 Dec 2001 09:49:29 +1000 (EST) Received: from citecub.citec.qld.gov.au( 131.242.4.98) by inet03.citec.qld.gov.au via smap (V2.0) id xma008274; Mon, 17 Dec 01 09:49:21 +1000 Received: from guru.citec.qld.gov.au by citecub.citec.qld.gov.au (SMI-8.6/SMI-SVR4) id JAA10936; Mon, 17 Dec 2001 09:49:20 +1000 Received: from localhost (sgcccdc@localhost) by guru.citec.qld.gov.au (8.9.3/8.9.3) with ESMTP id JAA24171; Mon, 17 Dec 2001 09:49:19 +1000 (EST) (envelope-from sgcccdc@citec.qld.gov.au) X-Authentication-Warning: guru.citec.qld.gov.au: sgcccdc owned process doing -bs Date: Mon, 17 Dec 2001 09:49:19 +1000 (EST) From: Colin Campbell To: Jeff Lasman Cc: Subject: Re: Using DNAT and DNS round-robin In-Reply-To: <3C1D0EF1.783B48AD@nobaloney.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, On Sun, 16 Dec 2001, Jeff Lasman wrote: > Derrick John Klise wrote: > > > IIRC, something like: > > > > monkey.example.net IN A 192.168.0.1 > > IN A 192.168.0.2 > > IN A 192.168.0.3 > > Thanks. Finally found it on page 259 of DNS and Bind. > > > > Is there a way to handle high-availability strictly in DNS? > > > > Possibly; I'm unaware of one if there is, though. > > > > If you're not too worried about the TTL problem, you could set up a monitoring > > program to remove an entry from the rotation if it's corresponding address > > becomes unavailable, then add it when it comes back up. > > That's exactly what we're planning on. Along with very low TTL. Won't > help with AOL, Earthlink, etc., though . There used to be (still is? - cou;dn't find it) a paper on the ISC web site (www.isc.org) exlpaining why using DNS for HA was pointless. If memory serves, the main reasons were - most browsers cache DNS lookups and so a system that goes down will simply appear as unreachable to the browser. - most browsers ignore TTLs. Colin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 16 15:59:41 2001 Delivered-To: freebsd-isp@freebsd.org Received: from lemon.national.com.au (lemon.national.com.au [203.57.241.81]) by hub.freebsd.org (Postfix) with ESMTP id E456C37B41A for ; Sun, 16 Dec 2001 15:59:37 -0800 (PST) Received: by lemon.national.com.au (Postfix, from userid 5) id 586399F821; Mon, 17 Dec 2001 10:59:31 +1100 (EST) Received: from unknown(10.25.154.32) by lemon.national.com.au via csmap (V4.1) id srcAAAlNaisS; Mon, 17 Dec 01 10:59:30 +1100 Received: (from uucp@localhost) by peppermint.national.com.au (8.9.3+Sun/8.8.8) id KAA15191; Mon, 17 Dec 2001 10:59:23 +1100 (EST) Received: from webjump.national.com.au(164.53.27.38) via SMTP by peppermint, id smtpdAAAQZaOQD; Mon Dec 17 10:59:23 2001 Received: (from nconedd@localhost) by webjump.national.com.au (8.10.2+Sun/8.10.2) id fBGNxQS22427; Mon, 17 Dec 2001 10:59:26 +1100 (EST) Date: Mon, 17 Dec 2001 10:59:26 +1100 From: Enno Davids To: Colin Campbell Cc: Jeff Lasman , freebsd-isp@FreeBSD.ORG Subject: Re: Using DNAT and DNS round-robin Message-ID: <20011217105926.K16592@webjump.national.com.au> References: <3C1D0EF1.783B48AD@nobaloney.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from sgcccdc@citec.qld.gov.au on Mon, Dec 17, 2001 at 09:49:19AM +1000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Dec 17, 2001 at 09:49:19AM +1000, Colin Campbell wrote: |On Sun, 16 Dec 2001, Jeff Lasman wrote: |> Derrick John Klise wrote: |> |> > IIRC, something like: |> > |> > monkey.example.net IN A 192.168.0.1 |> > IN A 192.168.0.2 |> > IN A 192.168.0.3 |> |> Thanks. Finally found it on page 259 of DNS and Bind. |> |> > > Is there a way to handle high-availability strictly in DNS? |> > | |There used to be (still is? - cou;dn't find it) a paper on the ISC web |site (www.isc.org) exlpaining why using DNS for HA was pointless. If |memory serves, the main reasons were | |- most browsers cache DNS lookups and so a system that goes down will | simply appear as unreachable to the browser. | |- most browsers ignore TTLs. FWIW, squid (and possibly other proxies) when faced with a list of address for a name will retry on the next address in the list when they get a hard error on the one they're using. Its still not HA, but its better than you thought. The real answer is hardware load balancers like F5, Foundry or Rad. Enno. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 16 23:13: 1 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailout01.sul.t-online.com (mailout01.sul.t-online.com [194.25.134.80]) by hub.freebsd.org (Postfix) with ESMTP id 5459337B41B for ; Sun, 16 Dec 2001 23:12:57 -0800 (PST) Received: from fwd07.sul.t-online.de by mailout01.sul.t-online.de with smtp id 16FrxH-0005VW-04; Mon, 17 Dec 2001 08:12:55 +0100 Received: from carstenshome (520075190812-0001@[217.230.104.105]) by fwd07.sul.t-online.com with smtp id 16Frx8-20jKQCC; Mon, 17 Dec 2001 08:12:46 +0100 Message-ID: <003901c186ca$47d32420$0100a8c0@carstenshome> From: stefan.sonnenberg-carstens@t-online.de (Stefan Sonnenberg-Carstens) To: References: <000001c18637$ca201cf0$0100a8c0@carstenshome> <20011216101939.C1680@absinthe> <000901c1864b$943190b0$0100a8c0@carstenshome> Subject: Re: Strange load jumps Date: Mon, 17 Dec 2001 08:13:08 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Sender: 520075190812-0001@t-dialin.net Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ok, I switched off SMP support - and it goes ! The x330 series are running an ServerWorks chipset. Any idea ? ----- Original Message ----- From: "Stefan Sonnenberg-Carstens" To: ; Sent: Sunday, December 16, 2001 5:06 PM Subject: Re: Strange load jumps > I don't think that that's the point, > on both mashines the swap space is used by ~ 10 MByte. > > ----- Original Message ----- > From: "Dylan Carlson" > To: "Stefan Sonnenberg-Carstens" > Sent: Sunday, December 16, 2001 4:19 PM > Subject: Re: Strange load jumps > > > > Stefan Sonnenberg-Carstens wrote: > > > Hi there. > > > Both mashines have 1GB of RAM, a 1GB swap partition, two 866PIII procs > > > and > > > an adaptec U160SCSI controller, which accesses a 9GB U160 disk. > > > > The VM algorithms are tuned to have swap slices that are 2 times > > physical RAM. I don't believe this is your problem but you should > > probably read the tuning(7) manpage anyhow. > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 17 0:19: 8 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web20102.mail.yahoo.com (web20102.mail.yahoo.com [216.136.226.39]) by hub.freebsd.org (Postfix) with SMTP id A35A537B41C for ; Mon, 17 Dec 2001 00:19:02 -0800 (PST) Message-ID: <20011217081901.62776.qmail@web20102.mail.yahoo.com> Received: from [193.227.212.161] by web20102.mail.yahoo.com via HTTP; Mon, 17 Dec 2001 09:19:01 CET Date: Mon, 17 Dec 2001 09:19:01 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: vrrpd doesn't work To: freebsd-cluster@freebsd.org Cc: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello all I've installed vrrpd 0.2 from the ports on freebsd 4.3, if I launch it I've got the errors: Indio# vrrpd -i ed0 -v 1 -p 150 192.168.0.90 Dec 16 21:01:27 Indio vrrpd[824]: starting Dec 16 21:01:27 Indio vrrpd[824]: router 1 init Dec 16 21:01:30 Indio vrrpd[824]: setting master 1 Dec 16 21:01:30 Indio vrrpd[824]: ioctl (set lladdr): Inappropriate ioctl for device Dec 16 21:01:30 Indio vrrpd[824]: ioctl (set lladdr): Inappropriate ioctl for device Dec 16 21:01:30 Indio vrrpd[824]: Can't SIOCADDMULTI on ed0: Can't assign requested address Dec 16 21:01:30 Indio vrrpd[824]: Can't SIOCADDMULTI on ed0: Can't assign requested address Any Ideas? Thanks bye ______________________________________________________________________ Iscriviti al Meglio della Settimana, la newsletter di Yahoo! Per saperne di pi� vai alla pagina: http://buongiorno.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 17 0:38:18 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web20108.mail.yahoo.com (web20108.mail.yahoo.com [216.136.226.45]) by hub.freebsd.org (Postfix) with SMTP id 5B66537B41D for ; Mon, 17 Dec 2001 00:38:12 -0800 (PST) Message-ID: <20011217083812.63311.qmail@web20108.mail.yahoo.com> Received: from [193.227.212.160] by web20108.mail.yahoo.com via HTTP; Mon, 17 Dec 2001 09:38:12 CET Date: Mon, 17 Dec 2001 09:38:12 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: Bridge/Firewall cluster? To: freebsd-cluster@freebsd.org Cc: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello all I've done a bridge/firewall to connect a dmz to Internet,this is the scheme: Internet | | Router cisco | | rl0 Fbsd bridge/FW | rl1 | DMZ The public ip of the cisco is like 200.20.20.1 Then rl0 200.20.20.3. I want to make this bridge high available putting another freebsd bridge machine so that if one goes down there is the other and the dmz is still available. Can I put another Fbsd bridge between the cisco and the dmz like this scheme: Internet | | Router cisco | |________________ | rl0 | Fbsd |ed0 bridge/FW Fbsd | rl1 Bridge/FW |________________| | DMZ For example ed0 could be 200.20.20.5, perhaps is stupid question, but can it works? Or is there other solutions? Any help would be appreciated. Bye ______________________________________________________________________ Iscriviti al Meglio della Settimana, la newsletter di Yahoo! Per saperne di pi� vai alla pagina: http://buongiorno.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 17 1:45:24 2001 Delivered-To: freebsd-isp@freebsd.org Received: from wells.tecc.co.uk (wells.tecc.co.uk [195.217.37.90]) by hub.freebsd.org (Postfix) with ESMTP id 1ED6237B41E; Mon, 17 Dec 2001 01:45:16 -0800 (PST) Received: from leven (leven.tecc.co.uk [195.217.37.153]) by wells.tecc.co.uk (8.9.3+Sun/8.9.3) with SMTP id JAA11945; Mon, 17 Dec 2001 09:45:12 GMT From: "Andy" To: "Fabrizio Ravazzini" , Cc: Subject: RE: vrrpd doesn't work Date: Mon, 17 Dec 2001 09:45:12 -0000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-reply-to: <20011217081901.62776.qmail@web20102.mail.yahoo.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Funny, I thought I marked the vrrp port broken since it doesn't quite meet the RFC like the docs says they do. Anyhow, to get it working how you want include the -n switch on the command line. Regards Andy > -----Original Message----- > From: owner-freebsd-isp@freebsd.org > [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Fabrizio Ravazzini > Sent: 17 December 2001 08:19 > To: freebsd-cluster@freebsd.org > Cc: freebsd-isp@freebsd.org > Subject: vrrpd doesn't work > > > Hello all I've installed vrrpd 0.2 from the ports on > freebsd 4.3, if I launch it I've got the errors: > > Indio# vrrpd -i ed0 -v 1 -p 150 192.168.0.90 > Dec 16 21:01:27 Indio vrrpd[824]: starting > Dec 16 21:01:27 Indio vrrpd[824]: router 1 init > Dec 16 21:01:30 Indio vrrpd[824]: setting master 1 > Dec 16 21:01:30 Indio vrrpd[824]: ioctl (set lladdr): > Inappropriate ioctl for device > Dec 16 21:01:30 Indio vrrpd[824]: ioctl (set lladdr): > Inappropriate ioctl for device > Dec 16 21:01:30 Indio vrrpd[824]: Can't SIOCADDMULTI > on ed0: Can't assign requested address > Dec 16 21:01:30 Indio vrrpd[824]: Can't SIOCADDMULTI > on ed0: Can't assign requested address > > > Any Ideas? > Thanks bye > > > ______________________________________________________________________ > > Iscriviti al Meglio della Settimana, la newsletter di Yahoo! > Per saperne di pi� vai alla pagina: http://buongiorno.yahoo.it > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 17 1:55: 3 2001 Delivered-To: freebsd-isp@freebsd.org Received: from SRDMAIL.SINP.MSU.RU (bigking.sinp.msu.ru [213.131.9.130]) by hub.freebsd.org (Postfix) with ESMTP id 70E7637B41B; Mon, 17 Dec 2001 01:54:59 -0800 (PST) Received: from dima (helo=localhost) by SRDMAIL.SINP.MSU.RU with local-esmtp (Exim 3.33 #3) id 16FuTa-000Kif-00; Mon, 17 Dec 2001 12:54:26 +0300 Date: Mon, 17 Dec 2001 12:54:26 +0300 (MSK) From: Dmitry Mottl To: freebsd-questions@FreeBSD.org, Subject: readonly mount Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi All I want to organize virtual hosts with jails So I need to mount (readonly) some parts of file system to virtual hosts (for example /bin, /usr) What mount_* will be fine for this? mount_union? - is it actualy bugy or stable? mount_nfs? any other ideas? Thank You -- best regards, Dmitry Mottl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 17 1:58:18 2001 Delivered-To: freebsd-isp@freebsd.org Received: from relay2.agava.net.ru (ofc.agava.net [213.59.3.194]) by hub.freebsd.org (Postfix) with ESMTP id 712D737B41C; Mon, 17 Dec 2001 01:58:08 -0800 (PST) Received: from hellbell.domain (hellbell.domain [192.168.1.12]) by relay2.agava.net.ru (Postfix) with ESMTP id 17D4E66B40; Mon, 17 Dec 2001 12:58:03 +0300 (MSK) Received: from localhost (localhost [127.0.0.1]) by hellbell.domain (Postfix) with ESMTP id D6F86CD08; Mon, 17 Dec 2001 12:58:02 +0300 (MSK) Date: Mon, 17 Dec 2001 12:58:02 +0300 (MSK) From: Alexey Zakirov X-X-Sender: To: Dmitry Mottl Cc: , Subject: Re: readonly mount In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 17 Dec 2001, Dmitry Mottl wrote: > I want to organize virtual hosts with jails > So I need to mount (readonly) some parts of file system to virtual hosts > (for example /bin, /usr) > What mount_* will be fine for this? > > mount_union? - is it actualy bugy or stable? works ok until you want to use fifo, unix-domain sockets or sendfile(2) on it. > mount_nfs? slow? > any other ideas? there is a patch somewhere which allows to mount ufs partition more than one time. *** WBR, Alexey Zakirov (frank@agava.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 17 2:56:37 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.lkb.lv (ns.lkb.lv [195.13.170.2]) by hub.freebsd.org (Postfix) with ESMTP id A0B5F37B41A for ; Mon, 17 Dec 2001 02:56:32 -0800 (PST) Received: from ramex1 ([195.13.170.15]) by mail.lkb.lv (8.11.5/8.11.3) with SMTP id fBHAuPE89870 for ; Mon, 17 Dec 2001 12:56:25 +0200 (EET) (envelope-from vic@is.lv) Received: from ([192.168.203.21]) by ramex1; Mon, 17 Dec 2001 12:54:54 +0200 (EET) Received: from kaktuss.lkb.lv ([192.168.203.21]) by kaktuss.lkb.lv (Lotus Domino Release 5.0.8) with SMTP id 2001121712562100:2431 ; Mon, 17 Dec 2001 12:56:21 +0200 Received: from is.lv ([192.168.203.247]) by kaktuss.lkb.lv (NAVGW 2.5 bld 90) with SMTP id M2001121712561728508 for ; Mon, 17 Dec 2001 12:56:20 +0200 Message-ID: <3C1DCF87.3080806@is.lv> Date: Mon, 17 Dec 2001 12:57:11 +0200 From: Victor Meirans User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.6) Gecko/20011120 X-Accept-Language: en-us MIME-Version: 1.0 To: FreeBSD-isp@freebsd.org Subject: IDE Raid controllers on FreeBSD X-MIMETrack: Itemize by SMTP Server on KAKTUSS/LKB/LV(Release 5.0.8 |June 18, 2001) at 12/17/2001 12:56:21 PM, Serialize by Router on KAKTUSS/LKB/LV(Release 5.0.8 |June 18, 2001) at 12/17/2001 12:56:23 PM, Serialize complete at 12/17/2001 12:56:23 PM Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=windows-1257; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, Does anyone have the experience with IDE Raid controllers on FreeBSD??? What models/manufacturers would you recommend? A what with the drivers??? I am planning buing one, 'cos software raid seems to be kinda slow for me... Thanks in advance, -- ViC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 17 4:30:42 2001 Delivered-To: freebsd-isp@freebsd.org Received: from relay.office.bezpeka.net (gw.office.annaltd.com [193.108.112.118]) by hub.freebsd.org (Postfix) with ESMTP id B2B5E37B41A for ; Mon, 17 Dec 2001 04:30:18 -0800 (PST) Received: (from admin@localhost) by unixbox.office.bezpeka.net (8.11.3/8.11.3) id fBHBG3g02310 for freebsd-isp@freebsd.org; Mon, 17 Dec 2001 13:16:03 +0200 (EET) (envelope-from admin) Date: Mon, 17 Dec 2001 13:16:03 +0200 From: apache@ukr.net To: freebsd-isp@freebsd.org Subject: firewall + ftp Message-ID: <20011217131602.A1843@unixbox.office.annaltd.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, guys! I am aranging firewall in my office network connected to Internet via dedicated line. I wanna close everything but HTTP, SMTP, SSH and FTP from internal network. The problem is FTP. I wanna make uploads/downloads to Internet hosts via ftp. What can i do with data ports? Are there any solutions or start points for me (ftp proxy, etc.)? -- e-mail: apache@ukr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 17 4:50:20 2001 Delivered-To: freebsd-isp@freebsd.org Received: from creator.ukrsat.com (creator.ukrsat.com [212.35.160.30]) by hub.freebsd.org (Postfix) with ESMTP id 11DB237B416 for ; Mon, 17 Dec 2001 04:50:07 -0800 (PST) Received: from prophet.firewall (relay1.blitz.kiev.ua [212.35.160.68]) by creator.ukrsat.com (8.11.6/8.11.6) with ESMTP id fBHGg9h15680; Mon, 17 Dec 2001 14:42:11 -0200 Received: by relay1.blitz.kiev.ua with Internet Mail Service (5.5.2653.19) id ; Mon, 17 Dec 2001 14:47:50 +0200 Message-ID: <558A166DE464D511977C00304821AB160102465B@mainexch.firewall> From: mikolaev@blitz.kiev.ua To: apache@ukr.net, freebsd-isp@FreeBSD.ORG Subject: RE: firewall + ftp Date: Mon, 17 Dec 2001 14:47:51 +0200 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org hi ftp protocol use ports 20,21,49152-65535(active mode) http - 80 smtp - 25 ssh - 22 where is the problem? ;) -------------------------------------------------- sorry for poor english, wbr, Roman V. Liskovenko mail-to: romul_rules@mailru.com mikolaev@blitz.kiev.ua > ---------- > ��: apache@ukr.net[SMTP:apache@ukr.net] > ��: Monday, December 17, 2001 1:16 PM > ��: freebsd-isp@FreeBSD.ORG > ��: firewall + ftp > > Hi, guys! > > I am aranging firewall in my office network connected to Internet via > dedicated > line. I wanna close everything but HTTP, SMTP, SSH and FTP from internal > network. The problem is FTP. I wanna make uploads/downloads to Internet > hosts > via ftp. > > What can i do with data ports? > Are there any solutions or start points for me (ftp proxy, etc.)? > > -- > e-mail: apache@ukr.net > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > ============================================== > > �� . > > > > �� KAV for MS Exchange. > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 17 5:32:22 2001 Delivered-To: freebsd-isp@freebsd.org Received: from blue.frogfoot.net (blue.frogfoot.net [66.8.28.50]) by hub.freebsd.org (Postfix) with SMTP id 438B437B405 for ; Mon, 17 Dec 2001 05:32:08 -0800 (PST) Received: (qmail 31250 invoked by uid 1004); 17 Dec 2001 13:31:58 -0000 Date: Mon, 17 Dec 2001 15:31:58 +0200 From: Johann Botha To: apache@ukr.net Cc: freebsd-isp@freebsd.org Subject: Re: firewall + ftp Message-ID: <20011217133158.GB30894@blue.frogfoot.net> References: <20011217131602.A1843@unixbox.office.annaltd.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20011217131602.A1843@unixbox.office.annaltd.com> User-Agent: Mutt/1.3.24i Organization: Frogfoot Networks X-Operating-System: Debian GNU/Linux blue 2.4.13-ac7 (Athlon) X-GPG-Public-Key: http://blue.frogfoot.net/keys/frogfoot.gpg X-Uptime: 2:57pm up 1 day, 18:06, 6 users, load average: 1.50, 1.37, 1.28 X-Edited-With-Muttmode: muttmail.sl - 2001-10-27 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi apache! > I am aranging firewall in my office network connected to Internet via dedicated > line. I wanna close everything but HTTP, SMTP, SSH and FTP from internal > network. The problem is FTP. I wanna make uploads/downloads to Internet hosts > via ftp. > > What can i do with data ports? > Are there any solutions or start points for me (ftp proxy, etc.)? man natd ------------< snip <------< snip <------< snip <------------ -punch_fw basenumber:count This option directs natd to `punch holes'' in an ipfirewall(4) based firewall for FTP/IRC DCC connections. This is done dynamically by installing temporary firewall rules which allow a particular connection (and only that con- nection) to go through the firewall. The rules are removed once the corresponding connection terminates. ------------< snip <------< snip <------< snip <------------ but.. i could not get this to work, imho natd is broken. (in 4.3 anyway) so now i use jftpgw: http://www.mcknight.de/jftpgw/features.html eg. ------------< snip <------< snip <------< snip <------------ # Transparent Proxy for FTP fwd 66.8.1.1,2370 tcp from 66.8.1.48/29 to any 21 in recv ed1 ------------< snip <------< snip <------< snip <------------ and then just allow "1025-65535 to any 21" on the firewall's IP. ..or use IPF's NAT: http://coombs.anu.edu.au/~avalon/ip-filter.html -- Regards Johann "FreD is not dead" - echo $(uname) is not dead | sed "s/eBS//" _________________________________________________________ Johann L. Botha Debian GNU Jedi: joe@debian.org email: joe@frogfoot.net snail mail: PO Box 3472 mobile: +27 82 5626 167 Matieland workpage: http://www.frogfoot.net Stellenbosch homepage: http://blue.frogfoot.net 7602 gps: 33deg 56.09S, 18deg 25.31E, 64m South Africa ham: ZR1JOE Copyright (c) 2001. The Sovereigns of Frogfoot. All rights reserved. Disclaimer available upon request. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 17 6:48:57 2001 Delivered-To: freebsd-isp@freebsd.org Received: from support.euronet.nl (support.euronet.nl [194.134.32.134]) by hub.freebsd.org (Postfix) with ESMTP id 06BD537B417 for ; Mon, 17 Dec 2001 06:48:54 -0800 (PST) Received: from localhost (franst@localhost) by support.euronet.nl (8.11.3/8.11.0) with ESMTP id fBHEmoV50767; Mon, 17 Dec 2001 15:48:50 +0100 (CET) X-Authentication-Warning: support.euronet.nl: franst owned process doing -bs Date: Mon, 17 Dec 2001 15:48:50 +0100 (CET) From: Frans ter Borg X-Sender: franst@support.euronet.nl To: Victor Meirans Cc: FreeBSD-isp@FreeBSD.ORG Subject: Re: IDE Raid controllers on FreeBSD In-Reply-To: <3C1DCF87.3080806@is.lv> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 17 Dec 2001, Victor Meirans wrote: > Does anyone have the experience with IDE Raid controllers on > FreeBSD??? What models/manufacturers would you recommend? A what with > the drivers??? I am planning buing one, 'cos software raid seems to be > kinda slow for me... I'm using a Promise Fasttrak 100, with two Matrox disks in stripe configuration. With sequential reads and writes I've seen speeds up to 50 Megabyte/s using large blocks. No config was required for FreeBSD, just mount the /dev/arXXX device that shows up after installation. regards, Frans To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 17 7:32: 7 2001 Delivered-To: freebsd-isp@freebsd.org Received: from fox.raw-io.com (dsl-216-227-24-201.telocity.com [216.227.24.201]) by hub.freebsd.org (Postfix) with ESMTP id DF0B637B417 for ; Mon, 17 Dec 2001 07:31:58 -0800 (PST) Received: from raw-io.com (cvig2 [192.168.0.199]) by fox.raw-io.com (8.11.6/8.11.6) with ESMTP id fBHFVfJ87313; Mon, 17 Dec 2001 09:31:41 -0600 (CST) (envelope-from cvig@raw-io.com) Message-ID: <3C1E0FD3.5000405@raw-io.com> Date: Mon, 17 Dec 2001 09:31:31 -0600 From: Cymen Vig User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.6+) Gecko/20011216 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Victor Meirans Cc: FreeBSD-isp@FreeBSD.ORG Subject: Re: IDE Raid controllers on FreeBSD References: <3C1DCF87.3080806@is.lv> Content-Type: text/plain; charset=windows-1257; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Victor Meirans wrote: > Does anyone have the experience with IDE Raid controllers on > FreeBSD??? What models/manufacturers would you recommend? A what with > the drivers??? I am planning buing one, 'cos software raid seems to be > kinda slow for me... I have a 3ware Escalade 6200 in a Freebsd 4.4-stable box. I am using it with 2 20 gig Maxtor drives in a RAID mirror but I did run bonnie++ on it with it configured as a 40 gig stripe. I'm happy with the Escalade but just so we are all on the same page recently 3ware stopped selling their IDE RAID cards then changed their minds and returned to the market due to demand. I don't know anymore than that and IDE RAID is part of their core business (see their other products) but I thought I would mention it... Hardware: Celeron 550 Mhz (100 Mhz FSB) 440BX motherboard 512mb RAM 3ware Escalade 6200 (latest firmware) 2 x 20gb Maxtor D740X-6L (7200 RPM) with acoustic management left to factory default (on) RAID stripe: static# /usr/local/sbin/bonnie++ -r 512 -s 1024 -d /mnt/twe/ -u root Version 1.02 ------Sequential Output------ --Sequential Input- --Random- -Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- --Seeks-- Machine Size K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP /sec %CP static.raw-io.co 1G 22318 96 70591 91 17579 24 18807 97 65507 44 238.4 2 ------Sequential Create------ --------Random Create-------- -Create-- --Read--- -Delete-- -Create-- --Read--- -Delete-- files /sec %CP /sec %CP /sec %CP /sec %CP /sec %CP /sec %CP 16 464 81 +++++ +++ 3033 49 492 80 800 99 1341 84 static.raw-io.com,1G,22318,96,70591,91,17579,24,18807,97,65507,44,238.4,2,16,464,81,4 RAID mirror: root@static:/home# bonnie++ -u root -s 1024 -r 512 Version 1.02 ------Sequential Output------ --Sequential Input- --Random- -Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- --Seeks-- Machine Size K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP /sec %CP static.raw-io.co 1G 20986 94 31321 42 12913 17 18410 96 33787 22 311.2 2 ------Sequential Create------ --------Random Create-------- -Create-- --Read--- -Delete-- -Create-- --Read--- -Delete-- files /sec %CP /sec %CP /sec %CP /sec %CP /sec %CP /sec %CP 16 544 93 +++++ +++ 7895 95 594 97 771 97 1772 98 static.raw-io.com,1G,20986,94,31321,42,12913,17,18410,96,33787,22,311.2,2,16,544,93,+++++,+++,7895,95,594,97,771,97,1772,98 For comparision a 40gb 7200 RPM Maxtor 5T040H4 on a Promise Ultra66 IDE card (not RAID) that was in the same machine: static# /usr/local/sbin/bonnie++ -r 512 -s 1024 -d /home -u root Version 1.02 ------Sequential Output------ --Sequential Input- --Random- -Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- --Seeks-- Machine Size K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP /sec %CP static.raw-io.co 1G 21645 95 29567 39 13861 22 18529 97 31890 21 167.2 1 ------Sequential Create------ --------Random Create-------- -Create-- --Read--- -Delete-- -Create-- --Read--- -Delete-- files /sec %CP /sec %CP /sec %CP /sec %CP /sec %CP /sec %CP 16 561 94 +++++ +++ 7024 95 612 98 781 97 1721 98 static.raw-io.com,1G,21645,95,29567,39,13861,22,18529,97,31890,21,167.2,1,16,561,94,8 Some other IDE RAID providers to look at are Adaptec and Promise... Apparently while some cards have the majority of the IDE RAID functionality on the card (Adaptec, 3ware) others have a lot of the functionality in the drivers (Promise). I don't know how true that is so perhaps others can confirm this... Also the 3ware (and I presume the Adaptec) support hotswap while the Promise does not (again, confirmation would be good). Personally I use the 3ware products where IDE RAID is needed and the Promise Ultra66/100/?? where fast regular IDE is needed. StorageReview.com should have reviews of all the products in question. Cymen Vig cvig@raw-io.com ObDisclaimer: benchmarking drives is a pain in the rear because the speeds are different depending on where the head is (ie closer to the center of the disc or out at the edges) so these benchmarks while fun and dandy are inherently flawed and should be taken with a grain of salt. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 17 12:56:41 2001 Delivered-To: freebsd-isp@freebsd.org Received: from c003.snv.cp.net (c003-h000.c003.snv.cp.net [209.228.32.214]) by hub.freebsd.org (Postfix) with SMTP id 2374A37B41E for ; Mon, 17 Dec 2001 12:56:24 -0800 (PST) Received: (cpmta 28987 invoked from network); 17 Dec 2001 12:56:22 -0800 Received: from 216.227.100.85 (HELO vector) by smtp.telocity.com (209.228.32.214) with SMTP; 17 Dec 2001 12:56:22 -0800 X-Sent: 17 Dec 2001 20:56:22 GMT From: "Dustin Puryear" To: "Forrest W. Christian" Cc: Subject: RE: Public DNS server and FreeBSD firewall Date: Mon, 17 Dec 2001 15:04:31 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org gatekeeper# cat /etc/rc.conf|grep nat natd_enable="YES" natd_interface="rl0" natd_flags="-f /etc/natd.conf" gatekeeper# cat /etc/rc.conf | grep ifconfig ifconfig_nge0="inet 10.0.0.1 netmask 255.255.255.0" ifconfig_rl0="inet aa.aa.aa.aa netmask 255.255.255.192 media 10baseT/UTP" ifconfig_rl0_alias0="inet xx.xx.xx.xx netmask 255.255.255.192" ifconfig_rl0_alias1="inet yy.yy.yy.yy netmask 255.255.255.192" ifconfig_rl0_alias2="inet zz.zz.zz.zz netmask 255.255.255.192" gatekeeper# cat /etc/natd.conf redirect_address 10.0.0.20 xx.xx.xx.xx redirect_address 10.0.0.21 yy.yy.yy.yy redirect_address 10.0.0.5 zz.zz.zz.zz Regards, Dustin --- Dustin Puryear Information Systems Consultant http://members.telocity.com/~dpuryear In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Forrest W. Christian > Sent: Sunday, December 16, 2001 1:43 AM > To: Dustin Puryear > Cc: freebsd-isp@FreeBSD.ORG > Subject: Re: Public DNS server and FreeBSD firewall > > > What is your nat configured as? > > The problem is probably in your natd.conf file. > > On Sun, 16 Dec 2001, Dustin Puryear wrote: > > > Date: Sun, 16 Dec 2001 01:13:14 -0600 > > From: Dustin Puryear > > To: freebsd-isp@FreeBSD.ORG > > Subject: Public DNS server and FreeBSD firewall > > > > I am setting up a public DNS server and having a bit of a > problem figuring > > out why it cannot query outside of our network. I am using FreeBSD > > 4.4-RELEASE on both the DNS server and firewall. Basically, > when I try to > > resolve a host outside of my network the local named times out: > > > > Server: XXXXX.com > > Address: 10.0.0.5 > > > > *** XXXXXX.com can't find www.cdrom.com: Non-existent > host/domain > > > www.google.com > > Server: XXXXX.com > > Address: 10.0.0.5 > > > > *** XXXX.com can't find www.google.com: Non-existent host/domain > > > > > > > I can't figure out why, and darn if I am not getting any denied > packet log > > entries in /var/log/security on the firewall. I am using static > NAT, with my > > DNS server having the internal address 10.0.0.5, but an > external address of > > aa.bb.cc.dd. The ipfw entries that appear relevant are: > > > > # internal DNS.. > > 03000 allow udp from ww.xx.yy.zz to any 53 keep-state > > 03100 allow tcp from ww.xx.yy.zz to any 53 keep-state > > # this is the public DNS server.. > > 03200 allow udp from aa.bb.cc.dd to any 53 keep-state > > 03300 allow tcp from aa.bb.cc.dd to any 53 keep-state > > > > This should allow my name servers to access any outside name > servers right? > > I even get dynamic rules that indicate some type of connection is being > > attempted: > > > > 03200 0 0 (T 29, # 91) ty 0 udp, aa.bb.cc.dd 1196 <-> 66.135.0.10 53 > > > > Despite this entry the local named still times out. The wierd > thing is that > > the named running on the firewall, ww.xx.yy.zz (internal > 10.0.0.1), works. > > But the named running on aa.bb.cc.dd (10.0.0.5) doesn't. > > > > Note, the entire ruleset follows if you need more information: > > > > 00100 allow ip from any to any via lo0 > > 00200 deny ip from any to 127.0.0.0/8 > > 00300 deny ip from 127.0.0.0/8 to any > > 00400 allow ip from any to any via nge0 > > 00500 deny ip from 10.0.0.0/24 to any in recv rl0 > > 00600 deny ip from public-network-XXX/26 to any in recv nge0 > > 00700 deny ip from any to 10.0.0.0/8 via rl0 > > 00800 deny ip from any to 172.16.0.0/12 via rl0 > > 00900 deny ip from any to 192.168.0.0/16 via rl0 > > 01000 deny ip from any to 0.0.0.0/8 via rl0 > > 01100 deny ip from any to 169.254.0.0/16 via rl0 > > 01200 deny ip from any to 192.0.2.0/24 via rl0 > > 01300 deny ip from any to 224.0.0.0/4 via rl0 > > 01400 deny ip from any to 240.0.0.0/4 via rl0 > > 01500 divert 8668 ip from any to any via rl0 > > 01600 deny ip from 10.0.0.0/8 to any via rl0 > > 01700 deny ip from 172.16.0.0/12 to any via rl0 > > 01800 deny ip from 192.168.0.0/16 to any via rl0 > > 01900 deny ip from 0.0.0.0/8 to any via rl0 > > 02000 deny ip from 169.254.0.0/16 to any via rl0 > > 02100 deny ip from 192.0.2.0/24 to any via rl0 > > 02200 deny ip from 224.0.0.0/4 to any via rl0 > > 02300 deny ip from 240.0.0.0/4 to any via rl0 > > 02400 allow tcp from any to any established > > 02500 allow ip from any to any frag > > 02800 allow tcp from any to any 22 keep-state > > 02900 allow icmp from any to any keep-state > > 03000 deny log logamount 10 tcp from any to any in recv rl0 setup > > 03100 allow tcp from any to any setup > > 03200 allow udp from ww.xx.yy.zz to any 53 keep-state > > 03300 allow tcp from ww.xx.yy.zz to any 53 keep-state > > 03400 allow udp from aa.bb.cc.dd to any 53 keep-state > > 03500 allow tcp from aa.bb.cc.dd to any 53 keep-state > > 65535 deny ip from any to any > > > > Regards, Dustin > > > > --- > > Dustin Puryear > > Information Systems Consultant > > http://members.telocity.com/~dpuryear > > In the beginning the Universe was created. > > This has been widely regarded as a bad move. - Douglas Adams > > > > > > > -----Original Message----- > > > From: Gabriel Ambuehl [mailto:gabriel_ambuehl@buz.ch] > > > Sent: Tuesday, December 11, 2001 12:15 PM > > > To: Dustin Puryear > > > Cc: isp@freebsd.org > > > Subject: Re[10]: Using DNAT and DNS round-robin > > > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > Hello Dustin, > > > > > > Tuesday, December 11, 2001, 6:29:35 PM, you wrote: > > > > Yes, that is what I eventually found out. Apparently, unless you > > > > have some type of special gear, you cannot do IP-based virtual > > > > hosting in a > > > > load-sharing or -balancing environment. Now, doing HA might not be > > > > too much work depending on what your requirements for switch over > > > > time are. > > > > > > <10s is doable with standard gear. <1s is quite a bit harder but > > > perhaps still doable. > > > > > > >> That's nice. I wished I were in the same situation... > > > > Yes, it is nice. I have yet to do work for a company providing web > > > > hosting to consumers, but I can see how it would have some real > > > > challenges. But it > > > > > > It certainly has. > > > > > > > synchronization issue. NAS being one. A second is using a few > > > > "shell" servers that automatically get replicated to your web > > > > servers seems to be another. > > > > > > I've been thinking about that approach too, but it doesn't buy you > > > much since there are still that morons that use the FS as DB... > > > > > > >> Squid should do the job too, more flexibly, but probably slower. > > > > I played with Squid and it works nicely. Indeed, I liked the fact > > > > that with Squid I can make my web cluster disappear from outsiders > > > > and use Squid as a reverse proxy. However, since we dropped the > > > > requirement for IP-based virtual hosting the point is moot. We will > > > > be using just a standard configuration where we will DNS > > > > round-robin between web servers. > > > > > > That's the easiest approach, of course. OTOH, I haven't got a very > > > high opinion of DNS round robin since it essentially still lets the > > > remote client fuck it up... > > > > > > > > > > > > > > > Best regards, > > > Gabriel > > > > > > -----BEGIN PGP SIGNATURE----- > > > Version: PGP 6.5i > > > > > > iQEVAwUBPBY/HcZa2WpymlDxAQFoUQgAuCZrFy8u5EILeyiLBgjtLuRVcLhX8ItT > > > 3LfKOnw2ve513rx4F6gT9nVNrapH4jWYtidrBla4Z8xtH3N6Yem9r53To6xCqYpd > > > GMxv8RZdxuZtXCV92CnDxeKGIZ89nPBPFAsC6sQkDPX3jThf9+t6jI59J9rroqq+ > > > rwP63//vR8Pq63//Q7Lc7/TgAE6jJHs0nAXadiq1mUSwFZVF+nUgPYU3BnN9iyud > > > 7CLLxYnArXguGZRx2wfdskPiZ7ZCSl5mC78kUimTDHLXrV2VofyzjIJWBcWyMzNA > > > d9fo9b9OtDKRj3Hnvj5MpDjJySaxDBsyY15NaecYlAVazQIWuRMUyQ== > > > =5dpk > > > -----END PGP SIGNATURE----- > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > - Forrest W. Christian (forrestc@imach.com) AC7DE > ---------------------------------------------------------------------- > The Innovation Machine Ltd. P.O. Box 5749 > http://www.imach.com/ Helena, MT 59604 > Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 > ---------------------------------------------------------------------- > Protect your personal freedoms - visit http://www.lp.org/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 17 14:46:16 2001 Delivered-To: freebsd-isp@freebsd.org Received: from niwun.pair.com (niwun.pair.com [209.68.2.70]) by hub.freebsd.org (Postfix) with SMTP id EDCA737B41D for ; Mon, 17 Dec 2001 14:46:09 -0800 (PST) Received: (qmail 35688 invoked by uid 3193); 17 Dec 2001 22:46:08 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 17 Dec 2001 22:46:08 -0000 Date: Mon, 17 Dec 2001 17:46:08 -0500 (EST) From: Mike Silbersack X-Sender: To: Cc: , Subject: Re: 3Com driver problems (fixed) In-Reply-To: <14a.5dcd50d.294e390f@aol.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, 16 Dec 2001 TD790@aol.com wrote: > ping is not a very good test...one of the reasons that most people cant find > problems generally. plus you want to use smaller packets to get the pps up. > The ave size packet is under 400 bytes on the net and it better simulates > real life. Once you saturate the wire the lockup occurs rather > quickly....you have to get to the point where the overflows are happening > faster than the machine can process the interupts. Blah blah blah blah blah. I know ping isn't a great network diagnostic tool, but it allowed me to see the problem easily. You're welcome to run further tests with your flooder of choice to confirm my findings. The problem with stats interrupts causing slowdown was indeed due to a bug in our driver, and not some hardware bug. I have fixed the bug and committed the fix to -current; the fix will be MFC'd in a day or two, before the 4.5 codefreeze begins. In the meantime, you can grab the diff out of cvsweb if you're interested. And yes, it was pretty bad. The reason I didn't notice it too much is because stats interrupts were disabled under -current as a temporary fix; that change never got ported back to 4.x. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 17 18:39: 3 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hotmail.com (oe27.pav1.hotmail.com [64.4.30.84]) by hub.freebsd.org (Postfix) with ESMTP id 0F1FA37B405; Mon, 17 Dec 2001 18:38:58 -0800 (PST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 17 Dec 2001 18:38:54 -0800 X-Originating-IP: [66.185.84.77] From: "jack xiao" To: , Subject: Fw: radiusclients questions Date: Mon, 17 Dec 2001 21:41:00 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00E5_01C18743.8494FE00" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: X-OriginalArrivalTime: 18 Dec 2001 02:38:54.0027 (UTC) FILETIME=[225511B0:01C1876D] Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_00E5_01C18743.8494FE00 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 DQpIaSwNCg0KTm93IEkgd2FudCB0byB1c2UgcmFkaXVzY2xpZW50ICggdmVyc2lvbiAwLjMuMSAp IHVuZGVyIEZyZWVCU0QgcG9ydHMgYW5kIHVzZSByYWRsb2dpbiB0byBzdWJzdGl0dXRlIG5vcm1h bCBsb2dpbiBmb3IgUFBQIGxvZ2luIHVzZXIuIEkgaGF2ZSBwb3J0ZWQgcmFkaXVzY2xpZW50IGFu ZCByYWRsb2dpbiB3b3JrcyB3ZWxsLCBidXQgSSBkb24ndCBrbm93IGhvdyB0byB1c2UgcmFkbG9n aW4gaW5zdGVhZCBvZiBsb2dpbi4gQW55IGlkZWFzIHdpbGwgYmUgYXBwcmVjaWF0ZWQuDQoNClRo YW5rcyENCg0KSmFjaw0KDQoNCg0KDQo= ------=_NextPart_000_00E5_01C18743.8494FE00 Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: base64 PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu dD0idGV4dC9odG1sOyBjaGFyc2V0PWdiMjMxMiI+DQo8TUVUQSBjb250ZW50PSJNU0hUTUwgNi4w MC4yNjAwLjAiIG5hbWU9R0VORVJBVE9SPg0KPFNUWUxFPjwvU1RZTEU+DQo8L0hFQUQ+DQo8Qk9E WSBiZ0NvbG9yPSNmZmZmZmY+DQo8RElWPjxGT05UIGZhY2U9QXJpYWwgc2l6ZT0yPjwvRk9OVD4m bmJzcDs8L0RJVj4NCjxESVYgc3R5bGU9IkZPTlQ6IDEwcHQgYXJpYWwiPjxGT05UIGZhY2U9QXJp YWwgc2l6ZT0yPkhpLDwvRk9OVD48L0RJVj4NCjxESVY+PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+ PC9GT05UPiZuYnNwOzwvRElWPg0KPERJVj48Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj5Ob3cgSSB3 YW50IHRvIHVzZSByYWRpdXNjbGllbnQgKCB2ZXJzaW9uIDAuMy4xIA0KKSZuYnNwO3VuZGVyIEZy ZWVCU0QgcG9ydHMgYW5kJm5ic3A7dXNlIHJhZGxvZ2luIHRvIHN1YnN0aXR1dGUgbm9ybWFsIGxv Z2luIA0KZm9yJm5ic3A7UFBQIGxvZ2luIHVzZXIuJm5ic3A7SSBoYXZlIHBvcnRlZCByYWRpdXNj bGllbnQgYW5kIHJhZGxvZ2luJm5ic3A7d29ya3MgDQp3ZWxsLCBidXQgSSBkb24ndCBrbm93IGhv dyB0byB1c2UgcmFkbG9naW4gaW5zdGVhZCBvZiBsb2dpbi4mbmJzcDtBbnkgaWRlYXMgd2lsbCAN CmJlIGFwcHJlY2lhdGVkLjwvRk9OVD48L0RJVj4NCjxESVY+PEZPTlQgZmFjZT1BcmlhbCBzaXpl PTI+PC9GT05UPiZuYnNwOzwvRElWPg0KPERJVj48Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj5UaGFu a3MhPC9GT05UPjwvRElWPg0KPERJVj48Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj48L0ZPTlQ+Jm5i c3A7PC9ESVY+DQo8RElWPjxGT05UIGZhY2U9QXJpYWwgc2l6ZT0yPkphY2s8L0ZPTlQ+PC9ESVY+ DQo8RElWPjxGT05UIGZhY2U9QXJpYWwgc2l6ZT0yPjwvRk9OVD4mbmJzcDs8L0RJVj4NCjxESVY+ PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+PC9GT05UPiZuYnNwOzwvRElWPg0KPERJVj48Rk9OVCBm YWNlPUFyaWFsIHNpemU9Mj48L0ZPTlQ+Jm5ic3A7PC9ESVY+DQo8RElWPjxGT05UIGZhY2U9QXJp YWwgc2l6ZT0yPjwvRk9OVD4mbmJzcDs8L0RJVj48L0JPRFk+PC9IVE1MPg0K ------=_NextPart_000_00E5_01C18743.8494FE00-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 17 18:49: 8 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hotmail.com (oe64.pav1.hotmail.com [64.4.30.199]) by hub.freebsd.org (Postfix) with ESMTP id 5361337B422; Mon, 17 Dec 2001 18:49:00 -0800 (PST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 17 Dec 2001 18:48:59 -0800 X-Originating-IP: [66.185.84.77] From: "jack xiao" To: , Subject: radiusclients questions Date: Mon, 17 Dec 2001 21:51:06 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0135_01C18744.EE5ECA40" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: X-OriginalArrivalTime: 18 Dec 2001 02:48:59.0445 (UTC) FILETIME=[8B308650:01C1876E] Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0135_01C18744.EE5ECA40 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: base64 DQpIaSwNCiANCk5vdyBJIHdhbnQgdG8gdXNlIHJhZGl1c2NsaWVudCAoIHZlcnNpb24gMC4zLjEg KSB1bmRlciBGcmVlQlNEIHBvcnRzIGFuZCB1c2UgcmFkbG9naW4gdG8gc3Vic3RpdHV0ZSBub3Jt YWwgbG9naW4gZm9yIFBQUCBsb2dpbiB1c2VyLiBJIGhhdmUgcG9ydGVkIHJhZGl1c2NsaWVudCBh bmQgcmFkbG9naW4gd29ya3Mgd2VsbCwgYnV0IEkgZG9uJ3Qga25vdyBob3cgdG8gdXNlIHJhZGxv Z2luIGluc3RlYWQgb2YgbG9naW4uIEFueSBpZGVhcyB3aWxsIGJlIGFwcHJlY2lhdGVkLg0KIA0K VGhhbmtzIQ0KIA0KSmFjaw0KIA0K ------=_NextPart_000_0135_01C18744.EE5ECA40 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: base64 PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu dD0idGV4dC9odG1sOyBjaGFyc2V0PXdpbmRvd3MtMTI1MiI+DQo8TUVUQSBjb250ZW50PSJNU0hU TUwgNi4wMC4yNjAwLjAiIG5hbWU9R0VORVJBVE9SPg0KPFNUWUxFPjwvU1RZTEU+DQo8L0hFQUQ+ DQo8Qk9EWT4NCjxESVY+PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+PC9GT05UPjxGT05UIGZhY2U9 QXJpYWwgc2l6ZT0yPjwvRk9OVD4mbmJzcDs8L0RJVj4NCjxESVY+PEZPTlQgZmFjZT1BcmlhbCBz aXplPTI+SGksPEJSPiZuYnNwOzxCUj5Ob3cgSSB3YW50IHRvIHVzZSByYWRpdXNjbGllbnQgKCAN CnZlcnNpb24gMC4zLjEgKSB1bmRlciBGcmVlQlNEIHBvcnRzIGFuZCB1c2UgcmFkbG9naW4gdG8g c3Vic3RpdHV0ZSBub3JtYWwgbG9naW4gDQpmb3IgUFBQIGxvZ2luIHVzZXIuIEkgaGF2ZSBwb3J0 ZWQgcmFkaXVzY2xpZW50IGFuZCByYWRsb2dpbiB3b3JrcyB3ZWxsLCBidXQgSSANCmRvbid0IGtu b3cgaG93IHRvIHVzZSByYWRsb2dpbiBpbnN0ZWFkIG9mIGxvZ2luLiBBbnkgaWRlYXMgd2lsbCBi ZSANCmFwcHJlY2lhdGVkLjxCUj4mbmJzcDs8QlI+VGhhbmtzITxCUj4mbmJzcDs8QlI+SmFjazxC Uj48L0ZPTlQ+Jm5ic3A7PC9ESVY+PC9CT0RZPjwvSFRNTD4NCg== ------=_NextPart_000_0135_01C18744.EE5ECA40-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 17 20:43: 7 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hotmail.com (oe29.pav1.hotmail.com [64.4.30.86]) by hub.freebsd.org (Postfix) with ESMTP id 2C76737B419; Mon, 17 Dec 2001 20:43:02 -0800 (PST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 17 Dec 2001 20:42:57 -0800 X-Originating-IP: [66.185.84.77] From: "jack xiao" To: , Subject: radius problem Date: Mon, 17 Dec 2001 23:45:03 -0500 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0013_01C18754.D937CD00" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: X-OriginalArrivalTime: 18 Dec 2001 04:42:57.0014 (UTC) FILETIME=[76B2C160:01C1877E] Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0013_01C18754.D937CD00 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0014_01C18754.D937CD00" ------=_NextPart_001_0014_01C18754.D937CD00 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 DQo= ------=_NextPart_001_0014_01C18754.D937CD00 Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: base64 PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu dD0idGV4dC9odG1sOyBjaGFyc2V0PWdiMjMxMiI+DQo8TUVUQSBjb250ZW50PSJNU0hUTUwgNi4w MC4yNjAwLjAiIG5hbWU9R0VORVJBVE9SPg0KPFNUWUxFPjwvU1RZTEU+DQo8L0hFQUQ+DQo8Qk9E WSBiZ0NvbG9yPSNmZmZmZmY+DQo8RElWPiZuYnNwOzwvRElWPjwvQk9EWT48L0hUTUw+DQo= ------=_NextPart_001_0014_01C18754.D937CD00-- ------=_NextPart_000_0013_01C18754.D937CD00 Content-Type: text/plain; name="radius problem.txt" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="radius problem.txt" Hi, Now I want to use radiusclient ( version 0.3.1 ) under FreeBSD ports and use radlogin to substitute normal login for PPP login user. I have ported radiusclient and radlogin works well, but I don't know how to use radlogin instead of login. Any ideas will be appreciated. Thanks! Jack ------=_NextPart_000_0013_01C18754.D937CD00-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 18 1:33:48 2001 Delivered-To: freebsd-isp@freebsd.org Received: from arnold.neland.dk (0x3ef34d8c.albnxx2.adsl.tele.dk [62.243.77.140]) by hub.freebsd.org (Postfix) with ESMTP id EA33037B417 for ; Tue, 18 Dec 2001 01:33:44 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by arnold.neland.dk (8.11.6/8.11.6) with ESMTP id fBI9ZVD79690 for ; Tue, 18 Dec 2001 10:35:32 +0100 (CET) (envelope-from leifn@neland.dk) Date: Tue, 18 Dec 2001 10:35:31 +0100 (CET) From: Leif Neland To: Subject: OT: What if registrar folds? Message-ID: <20011218102924.G79003-100000@arnold.neland.dk> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org If I've registrered a .com-domain at a registrar, but my own nameservers hold the domain, what happens if the registrar goes bankrupt? The domain is still registrered in my name, and the GTLD-servers will continue to point to my nameservers unless somebody actively removes it, i guess. It might be an inconvenience if I need to change whois-information, but nobody can "steal" my domain, right? As somebody else mentioned, I'm pretty sure some other registrar will buy the portfolio of customers quickly. So is there _really_ a reason to stick with overpriced NSI/Verisign? Leif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 18 1:52:24 2001 Delivered-To: freebsd-isp@freebsd.org Received: from kermit.netivity.nl (wc-68.r-195-85-144.essentkabel.com [195.85.144.68]) by hub.freebsd.org (Postfix) with ESMTP id EDA5837B405 for ; Tue, 18 Dec 2001 01:52:19 -0800 (PST) Received: by KERMIT with Internet Mail Service (5.5.2653.19) id ; Tue, 18 Dec 2001 10:52:13 +0100 Message-ID: <510EAC2065C0D311929200A02472526237A6B9@NETIVITY-FS> From: Enriko Groen To: 'Leif Neland' , freebsd-isp@freebsd.org Subject: RE: What if registrar folds? Date: Tue, 18 Dec 2001 10:52:09 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > If I've registrered a .com-domain at a registrar, but my own > nameservers > hold the domain, what happens if the registrar goes bankrupt? > > The domain is still registrered in my name, and the GTLD-servers will > continue to point to my nameservers unless somebody actively > removes it, i > guess. > > It might be an inconvenience if I need to change > whois-information, but > nobody can "steal" my domain, right? I'm not sure about the legal state of a domain when the registrar goes bankrupt. I think that you as the owner will get a chance to re-register/renew the domain before it is "free". After the final bankrupt it will probably become a free domain. > As somebody else mentioned, I'm pretty sure some other > registrar will buy > the portfolio of customers quickly. > > So is there _really_ a reason to stick with overpriced NSI/Verisign? IMHO yes... the Mail form and webinterface they use is quite nice. I don't know about other registrars, but the ones I've seen until now all need human interaction. Although I have good experience with dotearth.com and heard good stuff about gandi.net and joker.com. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 18 6:18:21 2001 Delivered-To: freebsd-isp@freebsd.org Received: from federation.addy.com (addy.com [208.11.142.20]) by hub.freebsd.org (Postfix) with ESMTP id 1DAFA37B416 for ; Tue, 18 Dec 2001 06:18:17 -0800 (PST) Received: from localhost (jim@localhost) by federation.addy.com (8.9.3/8.9.3) with ESMTP id JAA23931 for ; Tue, 18 Dec 2001 09:18:16 -0500 (EST) (envelope-from jim@federation.addy.com) Date: Tue, 18 Dec 2001 09:18:16 -0500 (EST) From: Jim Sander Cc: freebsd-isp@FreeBSD.ORG Subject: RE: What if registrar folds? In-Reply-To: <510EAC2065C0D311929200A02472526237A6B9@NETIVITY-FS> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > what happens if the registrar goes bankrupt? The absolute truth I think is that nobody knows for sure right now. (witness the recent issues resulting in proposal of a fee escrow system) But we can guess what might happen- *if* the process were rational... Short-term I imagine that domains controlled by that registrar would continue in a steady-state until such time as the pieces could be put back together. The only way I can see that causing problems is if you have a domain that goes "On Hold" just before the registrar dies- you'd be out of commission for non-payment, but there'd be nobody to pay. (moral of the story, make sure you keep your account current with your registrar) Long-term I think it's likely that before any registrar goes bankrupt one of their competitors will absorb them- and thus their customers. I highly doubt any domains would be sold out from under anyone, and suspect that because of the uniform domain name policy that can't legally happen. (which is not to guaranty it won't) Remember that it's not terribly difficult to do a registrar-transfer, and unless you're bumping up against the 10-year limit you won't lose any time that you pay for. So, bottom line is that the risk is probably low. > networksolutions' web controls Contrary to what someone else said, for day-to-day registration activities I don't think it matters much. As far as I know, only the odd-ball registrars (for a few ccTLDs) make you involve a human at any stage of the normal domain life-cycle. The problem (ignoring price) I see with networksolutions is that their service, from an ISP perspective especially, is "somewhat lacking." That said, please, let's try to avoid a flame-war about networksolutions, or the "I use and they're good" types of cluttery discussions. There are plenty of them in the archive already. -=Jim=- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 18 7:18:56 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smtp013.mail.yahoo.com (smtp013.mail.yahoo.com [216.136.173.57]) by hub.freebsd.org (Postfix) with SMTP id 3542C37B41A for ; Tue, 18 Dec 2001 07:18:53 -0800 (PST) Received: from ihws.com (HELO ?192.168.0.102?) (63.218.21.114) by smtp.mail.vip.sc5.yahoo.com with SMTP; 18 Dec 2001 15:18:53 -0000 User-Agent: Microsoft-Outlook-Express-Macintosh-Edition/5.02.2022 Date: Tue, 18 Dec 2001 10:18:49 -0500 Subject: Simple E-Commerce Solution From: Frank Laszlo To: Message-ID: Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org What would be an affordable easy to manage e-commerce solution for FreeBSD running Apache? possibly perl or php based.. Thanks -Frank _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 18 8:55:45 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.lkb.lv (ns.lkb.lv [195.13.170.2]) by hub.freebsd.org (Postfix) with ESMTP id 719DD37B416 for ; Tue, 18 Dec 2001 08:55:33 -0800 (PST) Received: from ramex1 ([195.13.170.15]) by mail.lkb.lv (8.11.5/8.11.3) with SMTP id fBIGtME13307 for ; Tue, 18 Dec 2001 18:55:22 +0200 (EET) (envelope-from vic@is.lv) Received: from ([192.168.203.21]) by ramex1; Tue, 18 Dec 2001 18:53:18 +0200 (EET) Received: from kaktuss.lkb.lv ([192.168.203.21]) by kaktuss.lkb.lv (Lotus Domino Release 5.0.8) with SMTP id 2001121818544615:6841 ; Tue, 18 Dec 2001 18:54:46 +0200 Received: from is.lv ([192.168.203.247]) by kaktuss.lkb.lv (NAVGW 2.5 bld 90) with SMTP id M2001121818544530406 for ; Tue, 18 Dec 2001 18:54:46 +0200 Message-ID: <3C1F74E3.2050306@is.lv> Date: Tue, 18 Dec 2001 18:54:59 +0200 From: Victor Meirans User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.6) Gecko/20011120 X-Accept-Language: en-us MIME-Version: 1.0 To: FreeBSD-isp Subject: IDE Raid controllers - question #2 X-MIMETrack: Itemize by SMTP Server on KAKTUSS/LKB/LV(Release 5.0.8 |June 18, 2001) at 12/18/2001 06:54:46 PM, Serialize by Router on KAKTUSS/LKB/LV(Release 5.0.8 |June 18, 2001) at 12/18/2001 06:54:46 PM, Serialize complete at 12/18/2001 06:54:46 PM Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=windows-1257; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello all, Thanks for so many answers, now another question... Is it possible with IDE Raid controller to make raid 0 with harddrives of different sizes? Width vinum I could make 100GB stripe with 3x20GB + 1x40GB HDD... will it be possible with hardware IDE Raid controller? Or I have to use similar disks i.e 4x40GB or 4x20GB??? I'm considering buying one of "Promise" IDE Raid controllers... Thanks in advance, -- ViC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 18 9: 1:12 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mta05-svc.ntlworld.com (mta05-svc.ntlworld.com [62.253.162.45]) by hub.freebsd.org (Postfix) with ESMTP id 81BDA37B419 for ; Tue, 18 Dec 2001 09:00:59 -0800 (PST) Received: from pc1-stme2-0-cust102.cdf.cable.ntl.com ([62.252.56.102]) by mta05-svc.ntlworld.com (InterMail vM.4.01.03.23 201-229-121-123-20010418) with ESMTP id <20011218170058.HLOK27606.mta05-svc.ntlworld.com@pc1-stme2-0-cust102.cdf.cable.ntl.com>; Tue, 18 Dec 2001 17:00:58 +0000 Received: from lfarr (snorlax.bka.epcdirect.co.uk [192.168.10.200]) by pc1-stme2-0-cust102.cdf.cable.ntl.com (8.11.3/8.11.3) with ESMTP id fBIH0o061863; Tue, 18 Dec 2001 17:00:57 GMT (envelope-from freebsd-isp@epcdirect.co.uk) From: "Lawrence Farr" To: "'Victor Meirans'" , "'FreeBSD-isp'" Subject: RE: IDE Raid controllers - question #2 Date: Tue, 18 Dec 2001 17:00:52 -0000 Message-ID: <004a01c187e5$910b1e10$c80aa8c0@lfarr> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3311 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <3C1F74E3.2050306@is.lv> Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The stripes use the entire disk, and are the size of the smallest disk: eg 2x40Gb 2x20Gb ends up as 4x20Gb if striped together. Lawrence Farr EPC Direct Limited > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG] On Behalf Of Victor Meirans > Sent: 18 December 2001 16:55 > To: FreeBSD-isp > Subject: IDE Raid controllers - question #2 > > > Hello all, > > Thanks for so many answers, now another question... > Is it possible with IDE Raid controller to make raid 0 with > harddrives > of different sizes? Width vinum I could make 100GB stripe > with 3x20GB + > 1x40GB HDD... will it be possible with hardware IDE Raid > controller? Or > I have to use similar disks i.e 4x40GB or 4x20GB??? I'm considering > buying one of "Promise" IDE Raid controllers... > > Thanks in advance, > > -- > ViC > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 18 13: 8:52 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smtp1.amigo.net (smtp1.amigo.net [209.94.64.30]) by hub.freebsd.org (Postfix) with ESMTP id 99AFC37B405 for ; Tue, 18 Dec 2001 13:08:43 -0800 (PST) Received: from there (billing.amigo.net [209.94.67.250]) by smtp1.amigo.net (8.11.4/8.11.4) with SMTP id fBIL8kr24601 for ; Tue, 18 Dec 2001 14:08:46 -0700 (MST) (envelope-from randys@amigo.net) Message-Id: <200112182108.fBIL8kr24601@smtp1.amigo.net> Content-Type: text/plain; charset="iso-8859-1" From: Randy Smith Organization: Amigo.Net To: freebsd-isp@freebsd.org Subject: Sendmail issue? Date: Tue, 18 Dec 2001 14:09:17 -0700 X-Mailer: KMail [version 1.3.1] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, I am having what looks like a sendmail issue on my 4.4-R smtp server. I am getting hundreds of lines like this in /var/log/messages: Dec 18 13:58:01 smtp1 sendmail[23994]: fBIDmVs10046: SYSERR(root): putbody: write error I couldn't find anything on it on sendmail's site. Can someone point me to the right place? Thanks, -- Randy Smith Amigo.Net Systems Administrator 1-719-589-6100 x 4185 http://www.amigo.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 18 13:13:45 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smtp.kka.com (smtp.kka.com [63.141.65.2]) by hub.freebsd.org (Postfix) with ESMTP id 9508337B405 for ; Tue, 18 Dec 2001 13:13:40 -0800 (PST) Subject: Re: Sendmail issue? To: freebsd-isp@freebsd.org X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: From: Eric_Stanfield@kenokozie.com Date: Tue, 18 Dec 2001 15:10:32 -0600 X-MIMETrack: Serialize by Router on Notes1st/Keno(Release 5.0.4 |June 8, 2000) at 12/18/2001 03:10:34 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Quick search for 'putbody: write error' on www.deja.com yieleded tons of info. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Eric Stanfield, K2Access Keno Kozie Associates 222 N LaSalle #1500 Chicago, IL 60606 (312) 332-3000 Randy Smith To: freebsd-isp@freebsd.org Sent by: cc: owner-freebsd-isp@F Subject: Sendmail issue? reeBSD.ORG 12/18/2001 03:09 PM Hi all, I am having what looks like a sendmail issue on my 4.4-R smtp server. I am getting hundreds of lines like this in /var/log/messages: Dec 18 13:58:01 smtp1 sendmail[23994]: fBIDmVs10046: SYSERR(root): putbody: write error I couldn't find anything on it on sendmail's site. Can someone point me to the right place? Thanks, -- Randy Smith Amigo.Net Systems Administrator 1-719-589-6100 x 4185 http://www.amigo.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Dec 18 14:22:42 2001 Delivered-To: freebsd-isp@freebsd.org Received: from omnis.com (omnis-mail.omnis.com [216.239.128.28]) by hub.freebsd.org (Postfix) with SMTP id 3365237B41B for ; Tue, 18 Dec 2001 14:22:25 -0800 (PST) Received: (qmail 18972 invoked from network); 18 Dec 2001 22:22:23 -0000 Received: from brad.omnis.com (HELO brad) (216.239.128.128) by omnis-mail.omnis.com with SMTP; 18 Dec 2001 22:22:23 -0000 From: "Brad Schuetz" To: Subject: RE: What if registrar folds? Date: Tue, 18 Dec 2001 14:22:23 -0800 Organization: Omnis Network, LLC Message-ID: <000801c18812$77246fb0$8080efd8@OMNIS.COM> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <20011218102924.G79003-100000@arnold.neland.dk> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org As a registrar I can tell you it's been thought of. There are agreements in place with ICANN for every registrar that covers the possibility of an individual registrar going bankrupt. Your domain is safe. I obviously have bias, but I don't see why anyone would stick with NSI. :) -Brad Sys Admin Omnis Network, LLC -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG] On Behalf Of Leif Neland Sent: Tuesday, December 18, 2001 1:36 AM To: freebsd-isp@freebsd.org Subject: OT: What if registrar folds? If I've registrered a .com-domain at a registrar, but my own nameservers hold the domain, what happens if the registrar goes bankrupt? The domain is still registrered in my name, and the GTLD-servers will continue to point to my nameservers unless somebody actively removes it, i guess. It might be an inconvenience if I need to change whois-information, but nobody can "steal" my domain, right? As somebody else mentioned, I'm pretty sure some other registrar will buy the portfolio of customers quickly. So is there _really_ a reason to stick with overpriced NSI/Verisign? Leif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 19 0:53:19 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.voljatel.si (mail.voljatel.si [217.72.64.15]) by hub.freebsd.org (Postfix) with ESMTP id 6E60637B419 for ; Wed, 19 Dec 2001 00:53:16 -0800 (PST) Received: from pxna.hide.voljatel.si (unknown [217.72.64.8]) by mail.voljatel.si (Postfix) with SMTP id 4689853501 for ; Tue, 18 Dec 2001 08:35:20 +0100 (CET) Date: Tue, 18 Dec 2001 08:35:31 +0100 From: Damir Horvat To: freebsd-isp@freebsd.org Subject: Re: vrrpd doesn't work Message-Id: <20011218083531.65d26d40.damir@voljatel.si> In-Reply-To: <20011217081901.62776.qmail@web20102.mail.yahoo.com> References: <20011217081901.62776.qmail@web20102.mail.yahoo.com> Organization: Voljatel telekomunikacije d.d. X-Mailer: Sylpheed version 0.6.1 (GTK+ 1.2.10; i386--freebsd4.4) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 17 Dec 2001 09:19:01 +0100 (CET) Fabrizio Ravazzini wrote: > Hello all I've installed vrrpd 0.2 from the ports on > freebsd 4.3, if I launch it I've got the errors: > > Indio# vrrpd -i ed0 -v 1 -p 150 192.168.0.90 > Dec 16 21:01:27 Indio vrrpd[824]: starting > Dec 16 21:01:27 Indio vrrpd[824]: router 1 init > Dec 16 21:01:30 Indio vrrpd[824]: setting master 1 > Dec 16 21:01:30 Indio vrrpd[824]: ioctl (set lladdr): > Inappropriate ioctl for device > Dec 16 21:01:30 Indio vrrpd[824]: ioctl (set lladdr): > Inappropriate ioctl for device > Dec 16 21:01:30 Indio vrrpd[824]: Can't SIOCADDMULTI > on ed0: Can't assign requested address > Dec 16 21:01:30 Indio vrrpd[824]: Can't SIOCADDMULTI > on ed0: Can't assign requested address Use freevrrpd instead. It's RFC 2338 Compliant. More infos at http://conan.lip6.fr/~spe/ I've try it and it works nice. Current DL version is 0.8 which has error in config file - space character after device name ("fxp0 "). Get rid of that space and it'll work. regards, Damir Horvat -- ................................. Damir Horvat System administrator VOLJATEL telekomunikacije d.d. Smartinska 106 SI-1000 Ljubljana Slovenia Tel. +386.(0)1.5875 832 Fax. +386.(0)1.5875 899 www.voljatel.si E-mail: damir.horvat@voljatel.si ................................. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 19 8:31:48 2001 Delivered-To: freebsd-isp@freebsd.org Received: from c003.snv.cp.net (c003-h000.c003.snv.cp.net [209.228.32.214]) by hub.freebsd.org (Postfix) with SMTP id 1BC3437B405 for ; Wed, 19 Dec 2001 08:31:44 -0800 (PST) Received: (cpmta 17596 invoked from network); 19 Dec 2001 08:31:42 -0800 Received: from 216.227.100.85 (HELO vector) by smtp.telocity.com (209.228.32.214) with SMTP; 19 Dec 2001 08:31:42 -0800 X-Sent: 19 Dec 2001 16:31:42 GMT From: "Dustin Puryear" To: Subject: Monitoring Performance Date: Wed, 19 Dec 2001 10:39:58 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20011218083531.65d26d40.damir@voljatel.si> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org We would like to monitor performance over a given time interval for our FreeBSD 4.4-RELEASE machines. (These machines will be used in a web hosting and database serving capacity, so we would like to create a baseline before they go in production.) The hope is that we will have available to us the same level of information as that provided by sar on SysV systems. Is something like that available? I realize that system accounting (sa) is available, but that doesn't provide information such as disk I/O, network I/O, and detailed memory usage breakdowns(core, virtual, swap in, swap out, etc). Can anyone point me in the right direction? I looked in ports, but didn't find anything that came close to providing the detail that we need. Regards, Dustin > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Damir Horvat > Sent: Tuesday, December 18, 2001 1:36 AM > To: freebsd-isp@freebsd.org > Subject: Re: vrrpd doesn't work > > > On Mon, 17 Dec 2001 09:19:01 +0100 (CET) > Fabrizio Ravazzini wrote: > > > Hello all I've installed vrrpd 0.2 from the ports on > > freebsd 4.3, if I launch it I've got the errors: > > > > Indio# vrrpd -i ed0 -v 1 -p 150 192.168.0.90 > > Dec 16 21:01:27 Indio vrrpd[824]: starting > > Dec 16 21:01:27 Indio vrrpd[824]: router 1 init > > Dec 16 21:01:30 Indio vrrpd[824]: setting master 1 > > Dec 16 21:01:30 Indio vrrpd[824]: ioctl (set lladdr): > > Inappropriate ioctl for device > > Dec 16 21:01:30 Indio vrrpd[824]: ioctl (set lladdr): > > Inappropriate ioctl for device > > Dec 16 21:01:30 Indio vrrpd[824]: Can't SIOCADDMULTI > > on ed0: Can't assign requested address > > Dec 16 21:01:30 Indio vrrpd[824]: Can't SIOCADDMULTI > > on ed0: Can't assign requested address > > Use freevrrpd instead. It's RFC 2338 Compliant. More infos at > http://conan.lip6.fr/~spe/ > > I've try it and it works nice. Current DL version is 0.8 which has error > in config file - space character after device name ("fxp0 "). Get rid of > that space and it'll work. > > regards, > Damir Horvat > > -- > ................................. > Damir Horvat > System administrator > VOLJATEL telekomunikacije d.d. > Smartinska 106 > SI-1000 Ljubljana > Slovenia > > Tel. +386.(0)1.5875 832 > Fax. +386.(0)1.5875 899 > www.voljatel.si > E-mail: damir.horvat@voljatel.si > ................................. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 19 8:53:46 2001 Delivered-To: freebsd-isp@freebsd.org Received: from lily.ezo.net (lily.ezo.net [206.102.130.13]) by hub.freebsd.org (Postfix) with ESMTP id 2136537B405 for ; Wed, 19 Dec 2001 08:53:40 -0800 (PST) Received: from savvyd (c3-1a119.neo.rr.com [24.93.230.119]) by lily.ezo.net (8.11.3/8.11.3) with SMTP id fBJGtuN08712; Wed, 19 Dec 2001 11:55:56 -0500 (EST) Message-ID: <013b01c188ad$ea3bc570$22b197ce@ezo.net> From: "Jim Flowers" To: , Subject: Infrastructure Design with Portmasters and FreeBSD/Zebra (long) Date: Wed, 19 Dec 2001 11:55:06 -0500 Organization: EZNets, Inc. MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Our current ISP infrastructure has a head-end connection to the Internet and a number of remote POPs at the end of point-to-point connections. The Internet routers are IRX-211s and the pop-connecting routers are IRX-114s. Customer connections at the pops include dialup via PM3s and point-to-point dedicated via fbsd routers. 5 subnetted class C address blocks are used including /30 on the numbered point-to-point links. Routing is ospf (Zebra-0.92a on fbsd). Additional Internet sources are being added to several of the POPs using BGP routing as are some inter-pop telecom links with ospf. I am considering renumbering all of the interior (to the Internet) infrastructure subnets to RFC1918 private addresses, primarily to promote security but also to reclaim public addresses. Customers, both dialup and dedicated, would still have public addresses routed by ospf over the RFC1918 infrastructure to allow full access to Internet services. Local servers that require access to the Internet connections would have public addresses on their own network allowing connections to the Internet via the RFC1918 infrastructure. Customers would also have the option to connect via a secured public subnet. I question that a PM3 with a private Ethernet interface and a public assigned address pool will work. I think connections would just be routed by ospf instead of proxy arp so it would be OK. Is this correct? This layout also relies on a web proxy (squid) host with a secondary public address on the RFC1918 subnetwork to allow http connections to Internet hosts and other cache servers. Eliminates loading router to unsecured public subnet that would result if the web proxy host were placed there. Seems a compromise to the concept though explicit filtering at the IRX-211 could minimize the vulnerability. Opinions? I am also thinking of connecting all 3 subnets (private, public and public secured) to a vlan segmented level 2 switch to take away sniffing capability from a compromised host (mirrored to the MGMT host for management use). Will this introduce additional problems? Any other caveats? Alternate suggestions? Thanks. Fixed width charcter spacing ASCII map follow: POP layout ================= Internet | | ]--------> to previous POP (RFC1019) [IRX-211] [IRX-411]--------> to next POP (RFC1918) | | | | +--+--------+-------+-------+---- RFC1918 subnet | | | | | | [W/P] [R] [PM3] [R] | | | +--------> ptp | | Unsecure Customers (public) | | | +----------+-- unsecured public subnet | | | [W/P] [MGMT] [servers] | | | +------+---------+-------+---- secured (public) subnet | | | [servers] [PM3] [R] (secure) | +--------> ptp Secure Customers (public) IRX-211 and PM3 for unsecured network uses minimal filtering IRX-211 and PM3 for secured network uses maximal filtering RFC1918 addresses can only be reached from secure subnet Unsecure customers may use W/P (web proxy) Secure customers must use W/P Management from Internet requires first to connect to MGMT host Management by dialup to directly connected subnet only To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 19 10:26:33 2001 Delivered-To: freebsd-isp@freebsd.org Received: from knight.astranet.lv (knight.astranet.lv [62.85.45.36]) by hub.freebsd.org (Postfix) with ESMTP id 97CE337B41A for ; Wed, 19 Dec 2001 10:26:27 -0800 (PST) Received: from weird ([159.148.83.150]) by knight.astranet.lv (8.11.3/8.11.3) with SMTP id fBJIQfT98812 for ; Wed, 19 Dec 2001 20:26:42 +0200 (EET) (envelope-from matiss@astranet.lv) Message-ID: <007c01c188ba$cb94dd70$0300a8c0@weird> From: "Matiss Elsbergs" To: Subject: forwarding surfers.. Date: Wed, 19 Dec 2001 20:27:13 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello there, fellow owners of many system processes.. Explanation: I have a web server, which must display a one page to one network [ let's say network A ], and the other one - to all other internet. And, it must be done like that: some application [ perhaps ipfw ] checks if the IP belongs to network A. If yes, then nothing's altered, and it goes to web page sitting right there on let's say 159.148.108.4. If it belongs to other Internet, [ which accesses the page by the same URL ], it goes to let's say 159.148.108.5. Is it possible? With best regards - Matiss Elsbergs, Astranet IS Hostmaster +371 6435911 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 19 10:39:49 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hermes.intergate.ca (hermes.intergate.ca [207.34.179.108]) by hub.freebsd.org (Postfix) with SMTP id 0972437B417 for ; Wed, 19 Dec 2001 10:39:39 -0800 (PST) Received: (qmail 98531 invoked by uid 1007); 19 Dec 2001 19:20:40 -0000 Received: from tim@ke.uu.net by hermes.intergate.ca with qmail-scanner-0.93 (uvscan: v4.0.50/v4176. . Clean. Processed in 0.745521 secs); 19/12/2001 11:20:40 Received: from gateway-208.181.231.146.intergate.ca (HELO r0u5c9.ke.uu.net) (208.181.231.146) by hermes.intergate.ca with SMTP; 19 Dec 2001 19:20:39 -0000 Message-Id: <5.1.0.14.0.20011219102837.0244c980@pop.uunet.co.ke> X-Sender: tpriebe@pop.uunet.co.ke X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 19 Dec 2001 10:34:50 -0800 To: Fabrizio Ravazzini , freebsd-cluster@freebsd.org From: Tim Priebe Subject: Re: Bridge/Firewall cluster? Cc: freebsd-isp@freebsd.org In-Reply-To: <20011217083812.63311.qmail@web20108.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The problem with this is it would duplicate packets. My solution to this=20 was to not use bridging, but to route through the firewall, using dynamic=20 routing. As long as everything in the DMZ can understand some routing=20 protocol you will be fine. The Cisco advertises default to the two=20 firewalls, and the firewalls redistribute learned and directly connected=20 routes. You can limit which hosts you learn routes from in your firewall=20 rules, depending on the protocol used. Tim. At 09:38 AM 12/17/01 +0100, Fabrizio Ravazzini wrote: >Hello all I've done a bridge/firewall to connect a dmz >to Internet,this is the scheme: > > Internet > | > | > Router cisco > | > | rl0 > Fbsd bridge/FW > | rl1 > | > DMZ > >The public ip of the cisco is like 200.20.20.1 >Then rl0 200.20.20.3. >I want to make this bridge high available putting >another freebsd bridge machine so that if one goes >down there is the other and the dmz is still >available. >Can I put another Fbsd bridge between the cisco and >the dmz like this scheme: > > > Internet > | > | > Router cisco > | > |________________ > | rl0 | > Fbsd |ed0 > bridge/FW Fbsd > | rl1 Bridge/FW > |________________| > | > DMZ > >For example ed0 could be 200.20.20.5, perhaps is >stupid question, but can it works? >Or is there other solutions? >Any help would be appreciated. >Bye > > >______________________________________________________________________ > >Iscriviti al Meglio della Settimana, la newsletter di Yahoo! >Per saperne di pi=F9 vai alla pagina: http://buongiorno.yahoo.it > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 19 11:18: 6 2001 Delivered-To: freebsd-isp@freebsd.org Received: from white.netsurf.net (White.NetSurf.Net [206.186.135.4]) by hub.freebsd.org (Postfix) with ESMTP id 789FD37B427 for ; Wed, 19 Dec 2001 11:17:50 -0800 (PST) Received: from localhost (kadamski@localhost) by white.netsurf.net (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id OAA32497; Wed, 19 Dec 2001 14:17:43 -0500 Date: Wed, 19 Dec 2001 14:17:43 -0500 (EST) From: Krzysztof Adamski To: Jim Flowers Cc: portmaster-users@portmasters.com, freebsd-isp@freebsd.org Subject: Re: (PM) Infrastructure Design with Portmasters and FreeBSD/Zebra (long) In-Reply-To: <013b01c188ad$ea3bc570$22b197ce@ezo.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Replacing routable IPs with RFC1918 on a PM will work just fine, but there is one problem with it. It breaks Path-MTU-discovery protocol. This would be a problem for routers that can have different MTU size of different interfaces, like a PM with dial in users. If you are efficiently using your address space you should not have a problem with getting more addresses. K On Wed, 19 Dec 2001, Jim Flowers wrote: > Our current ISP infrastructure has a head-end connection to the Internet and > a number of remote POPs at the end of point-to-point connections. The > Internet routers are IRX-211s and the pop-connecting routers are IRX-114s. > Customer connections at the pops include dialup via PM3s and point-to-point > dedicated via fbsd routers. 5 subnetted class C address blocks are used > including /30 on the numbered point-to-point links. Routing is ospf > (Zebra-0.92a on fbsd). Additional Internet sources are being added to > several of the POPs using BGP routing as are some inter-pop telecom links > with ospf. > > I am considering renumbering all of the interior (to the Internet) > infrastructure subnets to RFC1918 private addresses, primarily to promote > security but also to reclaim public addresses. Customers, both dialup and > dedicated, would still have public addresses routed by ospf over the RFC1918 > infrastructure to allow full access to Internet services. Local servers > that require access to the Internet connections would have public addresses > on their own network allowing connections to the Internet via the RFC1918 > infrastructure. Customers would also have the option to connect via a > secured public subnet. > > I question that a PM3 with a private Ethernet interface and a public > assigned address pool will work. I think connections would just be routed > by ospf instead of proxy arp so it would be OK. Is this correct? > > This layout also relies on a web proxy (squid) host with a secondary public > address on the RFC1918 subnetwork to allow http connections to Internet > hosts and other cache servers. Eliminates loading router to unsecured > public subnet that would result if the web proxy host were placed there. > Seems a compromise to the concept though explicit filtering at the IRX-211 > could minimize the vulnerability. Opinions? > > I am also thinking of connecting all 3 subnets (private, public and public > secured) to a vlan segmented level 2 switch to take away sniffing capability > from a compromised host (mirrored to the MGMT host for management use). > Will this introduce additional problems? > > Any other caveats? > > Alternate suggestions? > > Thanks. > > Fixed width charcter spacing ASCII map follow: > > POP layout > > ================= Internet > | > | ]--------> to previous POP (RFC1019) > [IRX-211] [IRX-411]--------> to next POP (RFC1918) > | | | > | +--+--------+-------+-------+---- RFC1918 subnet > | | | | | > | [W/P] [R] [PM3] [R] > | | | +--------> ptp > | | Unsecure Customers (public) > | | > | +----------+-- unsecured public subnet > | | > | [W/P] [MGMT] [servers] > | | | > +------+---------+-------+---- secured (public) subnet > | | | > [servers] [PM3] [R] > (secure) | +--------> ptp > Secure Customers (public) > > IRX-211 and PM3 for unsecured network uses minimal filtering > IRX-211 and PM3 for secured network uses maximal filtering > RFC1918 addresses can only be reached from secure subnet > Unsecure customers may use W/P (web proxy) > Secure customers must use W/P > Management from Internet requires first to connect to MGMT host > Management by dialup to directly connected subnet only > > - > To unsubscribe, email 'majordomo@portmasters.com' with > 'unsubscribe portmaster-users' in the body of the message. > List archive: > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 19 11:20:57 2001 Delivered-To: freebsd-isp@freebsd.org Received: from thor.ghim.org (thor.ghim.org [209.249.182.115]) by hub.freebsd.org (Postfix) with ESMTP id 9479837B419 for ; Wed, 19 Dec 2001 11:20:48 -0800 (PST) Received: from electra (electra.nexus [192.168.1.126]) by thor.ghim.org (8.11.3/8.11.3) with SMTP id fBJJKOc03335; Wed, 19 Dec 2001 19:20:24 GMT Received: by electra (sSMTP sendmail emulation); Wed, 19 Dec 2001 19:20:24 +0000 Date: Wed, 19 Dec 2001 19:20:24 +0000 From: George Lewis To: Matiss Elsbergs Cc: freebsd-isp@FreeBSD.ORG Subject: Re: forwarding surfers.. Message-ID: <20011219192023.D30870@schvin.net> References: <007c01c188ba$cb94dd70$0300a8c0@weird> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <007c01c188ba$cb94dd70$0300a8c0@weird>; from matiss@astranet.lv on Wed, Dec 19, 2001 at 08:27:13PM +0200 X-PGP-Fingerprint: 3D79 875A 9E33 E7BE E868 7EFA A703 5DDA A7C0 9E2C Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Matiss Elsbergs (matiss@astranet.lv) wrote: > Hello there, fellow owners of many system processes.. > > Explanation: > > I have a web server, which must display a one page to one network [ let's > say network A ], and the other one - to all other internet. And, it must be > done like that: some application [ perhaps ipfw ] checks if the IP belongs > to network A. If yes, then nothing's altered, and it goes to web page > sitting right there on let's say 159.148.108.4. If it belongs to other > Internet, [ which accesses the page by the same URL ], it goes to let's say > 159.148.108.5. Is it possible? Matiss, You'd probably be best off to let an HTTP server like apache make the distinctions, you can setup rules based on the inbound IP... that should do quite nicely for what you need. If you are not using Apache, other HTTP servers may have similar features, or you could always put an Apache server with mod_proxy/mod_rewrite in front of the "real" HTTP server. HTH, George > > > > With best regards - > Matiss Elsbergs, > Astranet IS Hostmaster > +371 6435911 > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message -- http://schvin.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Dec 19 13:29:26 2001 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.iMach.com (workhorse.iMach.com [206.127.77.89]) by hub.freebsd.org (Postfix) with ESMTP id 8304437B405 for ; Wed, 19 Dec 2001 13:29:18 -0800 (PST) Received: from localhost (forrestc@localhost) by workhorse.iMach.com (8.9.3/8.9.3) with ESMTP id OAA18861; Wed, 19 Dec 2001 14:20:06 -0700 (MST) Date: Wed, 19 Dec 2001 14:20:06 -0700 (MST) From: "Forrest W. Christian" To: Jim Flowers Cc: portmaster-users@portmasters.com, freebsd-isp@FreeBSD.ORG Subject: Re: Infrastructure Design with Portmasters and FreeBSD/Zebra (long) In-Reply-To: <013b01c188ad$ea3bc570$22b197ce@ezo.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: