From owner-freebsd-questions@freebsd.org Sun Mar 29 00:58:27 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AEF4326C8BE for ; Sun, 29 Mar 2020 00:58:27 +0000 (UTC) (envelope-from dvoich@aim.com) Received: from sonic316-12.consmr.mail.bf2.yahoo.com (sonic316-12.consmr.mail.bf2.yahoo.com [74.6.130.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48qcdw5zTJz4NF1 for ; Sun, 29 Mar 2020 00:58:12 +0000 (UTC) (envelope-from dvoich@aim.com) X-YMail-OSG: 2K_lW7UVM1kJTzrZofB1PkKdh2wkEnl_jpbvCOIRTqAceNwwJ_fQTjj58HU2DjH jbGtSOpml8LXiJi3_7sL7mwQhoqOLZEwqNluYhm3kglmg6ZmRSsciiiPt9Mm14vPjTl_a073mYkb jH2mswrxXwGXFhwsUuSVyT1SipX9qRBAiRhnvdHol2DQ8tW.RztE7n_KgVL4qI.xSHCZ2Jp9FN2R ecVqCf.BmY.9kuNjnVHgtge9T5iEaQPPfXab_MCrhU9.bmYN5f4ddw9vwgHHO9ANCGgOWJGZumtg hp1hUfgNrY1an_W65LJVnVgUPsoic_5rdsMpufE624sssed5LCSzp6f89Ypzi.FAmj.cY9HoFayj 3X9w6sPPS5lJfJGJsbxFe3Kf3poDbNc9ZtbgsSqYh_ES1TND_bbWFUqv3Zwzm9UZNDSj1LPo7Xyq utEog8_AtBycXZw17ZAL5KPofy_UMYiGbTFXVGBPM8t.65jPqOiy1uAbKzwvc2OSsIBfcs3XMT4y vexZvmGILeG_fkw0o.JGRhA5jHIcWHoz0lbbNOF2OR8mCmEoZUbY_wojLm.pVcJm4mU.aOYsvCEt LWUGw_.otYjCKRr4.T08gF2k8i4ndfPhDNvkDo1GNSr8OlLhGCw7aWYzo2E4iuWHIIjWxwIy4Pki kVegTeSO.y5AGtFOXNpZEqBvJla2kaW4nxsroCfzAxKTfhJInoAuRH.Sjf1jxOuQRJWI7TdgFmZ8 i4XSbBFnmTdG0CjeVSayepyTh8gMDhCaMaP91__RzsUmcXHaY2QU6TLqhrjcSaVQ0uGr7ptKQASd RpPMFDKAE6QqyqxH77PIRh7Flto9mtyN_gm0VFdZiPi3rdZGGyProqyBcFpJFyDhAfQ_wVFp.31E GzOim5viDh.iZh95vwJTjXPUP4WiX5_tNf6CamNiDy_npbThnvuhP6qZn8sn8u.lkt0ouee0hIjL oO5ctL38KuglqPjqcg5RBtmqIkWkzcMow.qy2.uGdVO807Uy204xFiY3Db0FrKyQFN5A.odmbcCo UvYSj0M4pQyi9miVKOdVHFJzlwobHQn9IWcfSk1UfoFeynBYVPKKN_GZqHebuKJSlaURiyZdOTVZ hGZ3WtxGssRjOz0kBc8BsgcQWOp1GUf4F0HPVIo1celatEZ3STSU_Cb7lNKaSLkRy914DnjJw9TJ uuslVNqQUPz6KvA1SzeH.5_LI0uJ8ntqoDiwWvZDksZvgjAmr9cOAGowJjiEITVeFA.d6TnarkFj Wq2BHURAacZk.MZnXEPLSeUY.mkxoNBaadFDD_.s.mkEHLizRIx5E5wjdKGe74op2xjuGCaN4jAG F_A3sYkOBTQdujurxtW2Jvr2dM9euitxvBhh4ws.TlJXozw-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.bf2.yahoo.com with HTTP; Sun, 29 Mar 2020 00:58:01 +0000 Received: by smtp416.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 0e821a8973f0cb21d343973b1b83f50d; Sun, 29 Mar 2020 00:57:56 +0000 (UTC) Date: Sat, 28 Mar 2020 20:57:55 -0400 From: "Vlad D. Markov" To: Polytropon Cc: "Vlad D. Markov via freebsd-questions" Subject: Re: sane crashes Message-Id: <20200328205755.d55855545c0f9a4656a0ce64@aim.com> In-Reply-To: <20200323034250.be7371f1.freebsd@edvax.de> References: <20200321183703.9566f2b45dd4193a51381291.ref@aim.com> <20200321183703.9566f2b45dd4193a51381291@aim.com> <20200321184307.8fb232b54dd802ae8c0a11bb@aim.com> <20200322093038.1f6933c3e68d6622c7d39427@aim.com> <20200322152424.6fd38112.freebsd@edvax.de> <1270065762.180915.1584894974045@mail.yahoo.com> <20200322175247.fc82ac9b590f745d35ab47da@aim.com> <20200323034250.be7371f1.freebsd@edvax.de> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; amd64-portbld-freebsd12.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48qcdw5zTJz4NF1 X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.35 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.95)[-0.954,0]; R_DKIM_ALLOW(-0.20)[aim.com:s=a2048]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:74.6.128.0/21]; FREEMAIL_FROM(0.00)[aim.com]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; NEURAL_HAM_LONG(-0.90)[-0.900,0]; IP_SCORE_FREEMAIL(0.00)[]; MV_CASE(0.50)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[aim.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[122.130.6.74.list.dnswl.org : 127.0.5.0]; DMARC_POLICY_ALLOW(-0.50)[aim.com,reject]; RCVD_TLS_LAST(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[122.130.6.74.rep.mailspike.net : 127.0.0.17]; FROM_EQ_ENVFROM(0.00)[]; FREEMAIL_ENVFROM(0.00)[aim.com]; ASN(0.00)[asn:26101, ipnet:74.6.128.0/21, country:US]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.00)[ip: (3.64), ipnet: 74.6.128.0/21(1.29), asn: 26101(1.03), country: US(-0.05)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 00:58:27 -0000 On Mon, 23 Mar 2020 03:42:50 +0100 Polytropon wrote: > On Sun, 22 Mar 2020 17:52:47 -0400, Vlad D. Markov via freebsd-questions wrote: > > I think something is broken in my rc subsystem. > > > > I got past the xsane issue using rc.local to start things. > > This is possible, but should not be needed. Also note that > there _might_ be problems caused by the point in time during > the system startup process when /etc/rc.local is being > executed (things needed could be started _after_ it). > > > > > Then I noticed other things like cupsd & privoxy would not start. > > So I went into debug mode and got this: > > > > root@happy:/var/log # grep cupsd messages > > Mar 22 17:34:59 happy root[1302]: /usr/local/etc/rc.d/cupsd: > > DEBUG: checkyesno: cupsd_enable is set to YES. > > Mar 22 17:34:59 happy root[1303]: /usr/local/etc/rc.d/cupsd: > > DEBUG: run_rc_command: start_precmd: cupsd_prestart > > Mar 22 17:34:59 happy root[1304]: /usr/local/etc/rc.d/cupsd: > > DEBUG: run_rc_command: doit: limits -C daemon /usr/local/sbin/cupsd > > Mar 22 17:37:57 happy root[1711]: /usr/local/etc/rc.d/cupsd: > > DEBUG: checkyesno: cupsd_enable is set to YES. > > root@happy:/var/log # service cupsd status > > /usr/local/etc/rc.d/cupsd: DEBUG: checkyesno: cupsd_enable is set to YES. > > cupsd is not running.r > > That is a problem. Does the CUPS error log file contain anything > that is related? > > > > > So I do this: > > > > root@happy:/var/log # limits -C daemon /usr/local/sbin/cupsd > > root@happy:/var/log # service cupsd status > > /usr/local/etc/rc.d/cupsd: DEBUG: checkyesno: cupsd_enable is set to YES. > > cupsd is running as pid 1754. > > > > I am confused. It started via the terminal yet not via the script ( I think). > > This looks wrong. Can you try re-installing CUPS & related > things? Usually, cupsd_enable="YES" in /etc/rc.conf is fully > sufficient to get CUPS running. Maybe there is also something > wrong that similarly stops DBus from running? > > It should not matter if CUPS is started interactively or by > the rc.d subsystem - at least not to CUPS... > > If, by some reason, your OS is damaged, a re-installation (or > at least a repair) of the OS could help. > > Also note the permissions advice from Paul Pathiakis: For testing, > prefix sane / xscanimage commands with "sudo"; if you get it working, > check the permissions. For example, /etc/devfs.rules can be > extended with a ruleset to give certain usb*, ulpt* and xpt* (!) > devices to the "cups" group in mode 0660; scanners could also > require the pass* devices, if I remember correctly. > In /etc/rc.local I had this line: cd /home/vlad;/usr/bin/su - vlad /usr/local/bin/startx vt6 Removing it fixed my problem. I did the same thing under Debian and skipped logging on going directly into my X session. From owner-freebsd-questions@freebsd.org Sun Mar 29 09:24:10 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1A60C27871A for ; Sun, 29 Mar 2020 09:24:10 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48qqsb1880z4Xpw for ; Sun, 29 Mar 2020 09:24:02 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de ([94.222.3.178]) by mrelayeu.kundenserver.de (mreue109 [212.227.15.183]) with ESMTPA (Nemesis) id 1MTRIg-1jm5Eo3DHo-00Tk3r; Sun, 29 Mar 2020 11:17:42 +0200 Date: Sun, 29 Mar 2020 10:17:41 +0200 From: Polytropon To: "Vlad D. Markov" Cc: "Vlad D. Markov via freebsd-questions" Subject: Re: sane crashes Message-Id: <20200329101741.8d20b5aa.freebsd@edvax.de> In-Reply-To: <20200328205755.d55855545c0f9a4656a0ce64@aim.com> References: <20200321183703.9566f2b45dd4193a51381291.ref@aim.com> <20200321183703.9566f2b45dd4193a51381291@aim.com> <20200321184307.8fb232b54dd802ae8c0a11bb@aim.com> <20200322093038.1f6933c3e68d6622c7d39427@aim.com> <20200322152424.6fd38112.freebsd@edvax.de> <1270065762.180915.1584894974045@mail.yahoo.com> <20200322175247.fc82ac9b590f745d35ab47da@aim.com> <20200323034250.be7371f1.freebsd@edvax.de> <20200328205755.d55855545c0f9a4656a0ce64@aim.com> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:97y4c6QdDHpIZmidsl/gulLVPFI8Kq06buwss8dpYg4irrzeWyd 9luXyLYX3V2zdADv3ns5si/muM9uvNUKDN8P394YngPqs/MWoEbGsruEe+fRdVGKILsXRb8 cRDnnAAnEYyJy57tQf8bdK0WGcON4n44m5ILSJOwb/8nVuY18hG5PoEJYDxnUHJkJeLpDc6 sV+mpUQH1u8/be7wJ3EXA== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:Q7MerfALBwM=:mkIuvRKI9UcGarVd4xUNiM X0IoKOM6t+H+14JLo0zp7XFMLg6N4VXZhhODld9+PFXCPrs0HEhcdiGXn6/ZdJetJ/Rl07Zvt Fp3/Le8SiLahPpLMHJcMr9/4i+9PdJu4Phs27bSKcIuJ7bwu/Q4CYYJ8l5nCe3Ez9IXc2sLhL gmO2GrLT2wDgzTcI4WAFqvNtHqpJK0aY9Ss1Nkgx9kRxIfO3+RntJHgbbPWraowqw+xlvGlib IkuM2NNtUbgpfKRcUU2u0GT0gR0lE/qd9e8/z5KQK4DukM1aFzCF8vSOrAiYbvQzpRYrEL+le 822CxD6R1FI74IKrDT8aHxYbbSMEz3qecSss5P46L/i4gAo4PyavFdOx1SMvlQZFKOY5/hm8M HcFAQeM4iiIJL59gkaKzD1vfchtTMhJiY/HyTw84OdmCvYPdbF0f4HH+NXL3O+/D+WCESeJ2J Agik2VkzaNmPuBI+YBxsom/Sf5x4r08pspWdPR2/JRHch2P6XEha8FJZWCiQzT5Iw8cnOy8XP sZ/omerdW0co4wJv0ByUmkLv2B7CWp3ArOWXaoBJ/Se1EHYGfyGKg+1VyBxHeyJMiR81+9fy3 lPNo8VS/gxJlYQw9LzF1wUnCBU9aPQFnSuE1PigurxXmMxkikdPOIhoS8Ezh3cZJVis37uz4Y xJSRDaMjtUiZZNpTrZlGL/gs/8NeL9hCrCU0PdkLY5cxv0oKOjup4bOVQm3vdXmhCQg7hPQWr HO97CExdYU5iPBEXPpW3KghZIb8LU5lqnbBX6L1VfrHhBf/XoqbvANceIHe7IrqAhyBEjh4va eoq0ClLlSzkJKehpCJbrkdSdoMt1/czH4HXYRDKady0qt6coA075gLLCydxGm/P10xxWyfu X-Rspamd-Queue-Id: 48qqsb1880z4Xpw X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd@edvax.de has no SPF policy when checking 212.227.17.24) smtp.mailfrom=freebsd@edvax.de X-Spamd-Result: default: False [4.52 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_REPLYTO(0.00)[freebsd@edvax.de]; MV_CASE(0.50)[]; HAS_ORG_HEADER(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; FREEMAIL_TO(0.00)[aim.com]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; MIME_TRACE(0.00)[0:+]; RECEIVED_SPAMHAUS_PBL(0.00)[178.3.222.94.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; ARC_NA(0.00)[]; REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[edvax.de]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.96)[0.965,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(1.00)[0.996,0]; MID_CONTAINS_FROM(1.00)[]; RCVD_IN_DNSWL_NONE(0.00)[24.17.227.212.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; IP_SCORE(0.16)[ip: (-0.23), ipnet: 212.227.0.0/16(-1.11), asn: 8560(2.16), country: DE(-0.02)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 09:24:10 -0000 On Sat, 28 Mar 2020 20:57:55 -0400, Vlad D. Markov wrote: > In /etc/rc.local I had this line: > > cd /home/vlad;/usr/bin/su - vlad /usr/local/bin/startx vt6 > > Removing it fixed my problem. I did the same thing under Debian > and skipped logging on going directly into my X session. Oh, your auto-login to X is the problem? In this case, FreeBSD offers a convenient solution: 1. Create an entry in /etc/gettytab for your username that should be automatically logged in, "vlad": autologin:\ :al=vlad:tc=Pc: You can add this infront of the other entries. 2. Use that profile for the 1st console in /etc/ttys: ttyv0 "/usr/libexec/getty autologin" xterm on secure This will now automatically login "vlad" after system startup (as the profile "autologin" will be used). In order to run X for that user, use his local configuration files. I assume you're using FreeBSD's default shell configuration; changes might be needed if you're using Bash, Zsh, or something else. 3. In you ~/.login file, #!/bin/sh mesg y [ ! -f /tmp/.X0-lock ] && startx This makes sure there will be no attempt to start further X sessions in case there's an additional console login. Add the command logout as last line in case you wish the uer to be logged off (instead of dropped back to the console) if the X session is terminated. For proper shell configuration in X, and compatibility with use of xdm (or any other display manager that honors user setting, explicitely excludes GDM which doesn't care about what users want) the following additions are quite convenient: 4. Make your ~/.xsession file a "pointer to" your regular X startup file: #!/bin/csh source ~/.cshrc exec ~/.xinitrc Now you don't need two configuration files, one for if you use xdm, and one for "startx". This file is ignored in case you only use "startx", but if you later on introduce a display manager such as xdm, no surprise about "empty desktop" will occur. 5. Keep your settings in ~/.xinitrc as you probably already have, for example: #!/bin/sh [ -f ~/.xmodmaprc ] && xmodmap ~/.xmodmaprc numlockx xbindkeys xsetroot -solid rgb:3b/4c/7a xset b 100 1000 15 & xset r rate 250 30 & xset s off & xset -dpms & exec wmaker This approach should provide maximum flexibility, while needing to have configuration elements only in _one_ file for each distinct aspect. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@freebsd.org Sun Mar 29 09:58:15 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 112D22792EE for ; Sun, 29 Mar 2020 09:58:15 +0000 (UTC) (envelope-from 4250.82.1d4c100009905dd.3183d38435b0bc0185572f928dcb6340@email-od.com) Received: from s1-b0c6.socketlabs.email-od.com (s1-b0c6.socketlabs.email-od.com [142.0.176.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48qrcq5Pl6z3HH1 for ; Sun, 29 Mar 2020 09:58:03 +0000 (UTC) (envelope-from 4250.82.1d4c100009905dd.3183d38435b0bc0185572f928dcb6340@email-od.com) DKIM-Signature: v=1; a=rsa-sha256; d=email-od.com;i=@email-od.com;s=dkim; c=relaxed/relaxed; q=dns/txt; t=1585475884; x=1588067884; h=content-transfer-encoding:content-type:mime-version:references:in-reply-to:message-id:subject:cc:to:from:date:x-thread-info; bh=NSDY6eWSms68oizHwuvvr8+5+eXvBwm2EoxA214rCtI=; b=C2rL4znbyDcO6IcoAnZJ+KLaMVDa0gEDTvViDzNfp2pYlnUQ4Zyxb7+NDEY8OIV4vd92LGt6osc+ZV1jEHfv6VvzL5dPWOCoq+WUfjPrK9Hkb0b8De3xf7ltXBQzEBpUKPQoBsNNlvLR1LiO/YROXVWzOQp714A+V6HGRjEDxbo= X-Thread-Info: NDI1MC45Mi4xZDRjMTAwMDA5OTA1ZGQuZnJlZWJzZC1xdWVzdGlvbnM9ZnJlZWJzZC5vcmc= Received: from r3.us-east-1.aws.in.socketlabs.com (r3.us-east-1.aws.in.socketlabs.com [142.0.191.3]) by mxsg2.email-od.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Sun, 29 Mar 2020 05:57:51 -0400 Received: from smtp.lan.sohara.org (EMTPY [185.202.17.215]) by r3.us-east-1.aws.in.socketlabs.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Sun, 29 Mar 2020 05:57:50 -0400 Received: from [192.168.63.1] (helo=steve.lan.sohara.org) by smtp.lan.sohara.org with smtp (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1jIUhQ-000M04-MB; Sun, 29 Mar 2020 10:57:48 +0100 Date: Sun, 29 Mar 2020 10:57:48 +0100 From: Steve O'Hara-Smith To: Polytropon Cc: "Vlad D. Markov" , "Vlad D. Markov via freebsd-questions" Subject: Re: sane crashes Message-Id: <20200329105748.5c2f0e2edbb370504a61d8e9@sohara.org> In-Reply-To: <20200329101741.8d20b5aa.freebsd@edvax.de> References: <20200321183703.9566f2b45dd4193a51381291.ref@aim.com> <20200321183703.9566f2b45dd4193a51381291@aim.com> <20200321184307.8fb232b54dd802ae8c0a11bb@aim.com> <20200322093038.1f6933c3e68d6622c7d39427@aim.com> <20200322152424.6fd38112.freebsd@edvax.de> <1270065762.180915.1584894974045@mail.yahoo.com> <20200322175247.fc82ac9b590f745d35ab47da@aim.com> <20200323034250.be7371f1.freebsd@edvax.de> <20200328205755.d55855545c0f9a4656a0ce64@aim.com> <20200329101741.8d20b5aa.freebsd@edvax.de> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; amd64-portbld-freebsd12.0) X-Clacks-Overhead: "GNU Terry Pratchett" Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48qrcq5Pl6z3HH1 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=email-od.com header.s=dkim header.b=C2rL4znb; dmarc=none; spf=pass (mx1.freebsd.org: domain of 4250.82.1d4c100009905dd.3183d38435b0bc0185572f928dcb6340@email-od.com designates 142.0.176.198 as permitted sender) smtp.mailfrom=4250.82.1d4c100009905dd.3183d38435b0bc0185572f928dcb6340@email-od.com X-Spamd-Result: default: False [-1.60 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.993,0]; R_DKIM_ALLOW(-0.20)[email-od.com:s=dkim]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip4:142.0.176.0/20]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[sohara.org]; NEURAL_HAM_LONG(-1.00)[-0.997,0]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[email-od.com:+]; RCVD_IN_DNSWL_NONE(0.00)[198.176.0.142.list.dnswl.org : 127.0.15.0]; IP_SCORE(0.09)[ip: (-0.24), ipnet: 142.0.176.0/22(0.50), asn: 7381(0.25), country: US(-0.05)]; FORGED_SENDER(0.30)[steve@sohara.org,4250.82.1d4c100009905dd.3183d38435b0bc0185572f928dcb6340@email-od.com]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:7381, ipnet:142.0.176.0/22, country:US]; FROM_NEQ_ENVFROM(0.00)[steve@sohara.org,4250.82.1d4c100009905dd.3183d38435b0bc0185572f928dcb6340@email-od.com]; MID_RHS_MATCH_FROM(0.00)[]; FREEMAIL_CC(0.00)[aim.com] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 09:58:15 -0000 On Sun, 29 Mar 2020 10:17:41 +0200 Polytropon wrote: > Add the command > > logout > > as last line in case you wish the uer to be logged off > (instead of dropped back to the console) if the X session > is terminated. I find startx & logout a good mantra for starting X from a console session. -- Steve O'Hara-Smith From owner-freebsd-questions@freebsd.org Sun Mar 29 10:50:29 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5E50327A6C8 for ; Sun, 29 Mar 2020 10:50:29 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mout.kundenserver.de (mout.kundenserver.de [217.72.192.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48qsn51VGcz46MR for ; Sun, 29 Mar 2020 10:50:16 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de ([94.222.3.178]) by mrelayeu.kundenserver.de (mreue107 [212.227.15.183]) with ESMTPA (Nemesis) id 1Mn1iT-1iu8Oj0DEF-00kAS7; Sun, 29 Mar 2020 12:50:02 +0200 Date: Sun, 29 Mar 2020 12:49:36 +0200 From: Polytropon To: "Steve O'Hara-Smith" Cc: "Vlad D. Markov" , "Vlad D. Markov via freebsd-questions" Subject: Re: sane crashes Message-Id: <20200329124936.5b428c45.freebsd@edvax.de> In-Reply-To: <20200329105748.5c2f0e2edbb370504a61d8e9@sohara.org> References: <20200321183703.9566f2b45dd4193a51381291.ref@aim.com> <20200321183703.9566f2b45dd4193a51381291@aim.com> <20200321184307.8fb232b54dd802ae8c0a11bb@aim.com> <20200322093038.1f6933c3e68d6622c7d39427@aim.com> <20200322152424.6fd38112.freebsd@edvax.de> <1270065762.180915.1584894974045@mail.yahoo.com> <20200322175247.fc82ac9b590f745d35ab47da@aim.com> <20200323034250.be7371f1.freebsd@edvax.de> <20200328205755.d55855545c0f9a4656a0ce64@aim.com> <20200329101741.8d20b5aa.freebsd@edvax.de> <20200329105748.5c2f0e2edbb370504a61d8e9@sohara.org> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:I/v6FzmAAlhANkPUBgjtMliiR3yHgPKvzgxYaZ27Ti9JwDp46e0 N+QMLaRDT7FxL6hEGcHXcogMcYR86KfBmozr1rT8DOQ52mzS35zVKmbliFBAyT13rFKYHyx hEI8vatpt8P9yYA49qxt4ZkMW4eP2K1uPw/+TtX7aokzXW5nh0eEeZPpce66QYUcrrU5ffJ WyKrKTr/c7clIx5VZM7Mw== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:KlkKC4bLFok=:ELAm0YMwKc5BzdKwN5WkDf i3JqQieIYjMseDp9cvKLN1XDDG+95O0u0h/YVVJUMAdEBoSxLCIaxgQfukJYC/QbM2pWj8FD1 7xf7F3pzI5shW3tnUF5u+kr4l7/Z+GZZddvN1riDD2EscRfJ1VmTntPabsJ7mZIaIh4DOomDi 5oC2lE172wpCOzsjeENer9KDLUCpEosM0ytx71yHr6XRHLcQKEUl2j0GjUk4HhH8/wjvjduhw BD4HlYTY7bB9iVoB+xni/ElCNVGx6b7BEfYz+e8mzxNMlK0Mih5/M61OHFzuuZNc4Qwot9tu5 tviqzJ569HcFm6eXA53WL7IFGdtGYzdMTTUjTJzxn/DWqPahRzKVnsqs3TM2swSUgB+UBb8Xt ozk5kyF6u8vZQBstNvmpH++KwUwhVpc1yqYJ7zVv9Z4Ve7xKkToOzuH+nzCGKa65gxjBUYJ7N yWldHYMYW2wWasTSFJSuH1d9++dq7eYcy7mmDlvUvZ4mWAgE9ljZe9+8zUi/5dMhJFkFbJHGo mWsQXZa+OOOtM+RdwldwFEQ+0Bh4w6q2vlqAuzBKTIhI2TJ2SE8uySTCVLkpSn7x9mPyA/d19 tsW5VS5Y9QQxgmIuSW6ep76ngzed5SEON9vBmb/w2WH77qIVP9HZqUV6z+I/YYEox2ymZLjia S3rNZM/DP3BHs/TFMXcdkjCIE9cTmH5bPCFCIMtPCCbPQuFDUIN+/ds3JTfW3zYbGqhRxuiZe /2N/ndt8JYPThYB/StaAP8ZVOdyoiVnPNaBUfG3BocapkLgMyUz92vWJonTnQwjNlnVOomRfN PxWdRE3RduO7yyk3Bl5QmjZV0y6o2awcKtkKDNicSgmHu/7b8/iwjP0nvKpySYYDZcwGLfe X-Rspamd-Queue-Id: 48qsn51VGcz46MR X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd@edvax.de has no SPF policy when checking 217.72.192.74) smtp.mailfrom=freebsd@edvax.de X-Spamd-Result: default: False [4.79 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_REPLYTO(0.00)[freebsd@edvax.de]; MV_CASE(0.50)[]; HAS_ORG_HEADER(0.00)[]; TO_DN_ALL(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[178.3.222.94.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8560, ipnet:217.72.192.0/20, country:DE]; ARC_NA(0.00)[]; REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[edvax.de]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.98)[0.983,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(1.00)[0.999,0]; MID_CONTAINS_FROM(1.00)[]; RCVD_IN_DNSWL_NONE(0.00)[74.192.72.217.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; FREEMAIL_CC(0.00)[aim.com]; RCVD_COUNT_TWO(0.00)[2]; IP_SCORE(0.41)[ip: (-0.47), ipnet: 217.72.192.0/20(0.37), asn: 8560(2.16), country: DE(-0.02)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 10:50:29 -0000 On Sun, 29 Mar 2020 10:57:48 +0100, Steve O'Hara-Smith wrote: > On Sun, 29 Mar 2020 10:17:41 +0200 > Polytropon wrote: > > > Add the command > > > > logout > > > > as last line in case you wish the uer to be logged off > > (instead of dropped back to the console) if the X session > > is terminated. > > I find startx & logout a good mantra for starting X from a console > session. Maybe "exec startx" would also work? If the process after login is replaced with startx, and the X session ends, the process keeping the state "logged in" active will end, so the logout will appear? -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@freebsd.org Sun Mar 29 11:42:08 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2C42227BE65 for ; Sun, 29 Mar 2020 11:42:08 +0000 (UTC) (envelope-from 4250.82.1d4c100009c8b20.e81deeff616c12f006326819b9ed6fbe@email-od.com) Received: from s1-b0c6.socketlabs.email-od.com (s1-b0c6.socketlabs.email-od.com [142.0.176.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48qtwk3dJ4z4RDv for ; Sun, 29 Mar 2020 11:41:58 +0000 (UTC) (envelope-from 4250.82.1d4c100009c8b20.e81deeff616c12f006326819b9ed6fbe@email-od.com) DKIM-Signature: v=1; a=rsa-sha256; d=email-od.com;i=@email-od.com;s=dkim; c=relaxed/relaxed; q=dns/txt; t=1585482119; x=1588074119; h=content-transfer-encoding:content-type:mime-version:references:in-reply-to:message-id:subject:cc:to:from:date:x-thread-info; bh=YtPbM4jXEDyIyBu7eR7I5dVeq0si2A8Jsq3TkfwfvLI=; b=iwToFoF6yCRGYF4YxE6+rvrCDPuMX4B/PmwxBtqliRv6lRz5PqQoZmLQF16x4eqIpqhxZkUL8OEKFcqQgGOSlvsk+VIUTrlybcxMx7/t9xmV7i/G/ocqwgYy1ZhREXlnzKdIVhj2QHIrOYgyn5Wc8UWuaRDQIIx+tnVky8MwO0c= X-Thread-Info: NDI1MC45Mi4xZDRjMTAwMDA5YzhiMjAuZnJlZWJzZC1xdWVzdGlvbnM9ZnJlZWJzZC5vcmc= Received: from r3.h.in.socketlabs.com (r3.h.in.socketlabs.com [142.0.180.13]) by mxsg2.email-od.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Sun, 29 Mar 2020 07:41:41 -0400 Received: from smtp.lan.sohara.org (EMTPY [185.202.17.215]) by r3.h.in.socketlabs.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Sun, 29 Mar 2020 07:41:40 -0400 Received: from [192.168.63.1] (helo=steve.lan.sohara.org) by smtp.lan.sohara.org with smtp (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1jIWJu-000MJb-NL; Sun, 29 Mar 2020 12:41:38 +0100 Date: Sun, 29 Mar 2020 12:41:38 +0100 From: Steve O'Hara-Smith To: freebsd-questions@freebsd.org Cc: Polytropon Subject: Re: sane crashes Message-Id: <20200329124138.d301dd26ba1e0a2b479e3962@sohara.org> In-Reply-To: <20200329124936.5b428c45.freebsd@edvax.de> References: <20200321183703.9566f2b45dd4193a51381291.ref@aim.com> <20200321183703.9566f2b45dd4193a51381291@aim.com> <20200321184307.8fb232b54dd802ae8c0a11bb@aim.com> <20200322093038.1f6933c3e68d6622c7d39427@aim.com> <20200322152424.6fd38112.freebsd@edvax.de> <1270065762.180915.1584894974045@mail.yahoo.com> <20200322175247.fc82ac9b590f745d35ab47da@aim.com> <20200323034250.be7371f1.freebsd@edvax.de> <20200328205755.d55855545c0f9a4656a0ce64@aim.com> <20200329101741.8d20b5aa.freebsd@edvax.de> <20200329105748.5c2f0e2edbb370504a61d8e9@sohara.org> <20200329124936.5b428c45.freebsd@edvax.de> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; amd64-portbld-freebsd12.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48qtwk3dJ4z4RDv X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=email-od.com header.s=dkim header.b=iwToFoF6; dmarc=none; spf=pass (mx1.freebsd.org: domain of 4250.82.1d4c100009c8b20.e81deeff616c12f006326819b9ed6fbe@email-od.com designates 142.0.176.198 as permitted sender) smtp.mailfrom=4250.82.1d4c100009c8b20.e81deeff616c12f006326819b9ed6fbe@email-od.com X-Spamd-Result: default: False [-1.58 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.98)[-0.978,0]; R_DKIM_ALLOW(-0.20)[email-od.com:s=dkim]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:142.0.176.0/20]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[sohara.org]; NEURAL_HAM_LONG(-0.99)[-0.992,0]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[email-od.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[198.176.0.142.list.dnswl.org : 127.0.15.0]; IP_SCORE(0.09)[ip: (-0.24), ipnet: 142.0.176.0/22(0.50), asn: 7381(0.25), country: US(-0.05)]; FORGED_SENDER(0.30)[steve@sohara.org,4250.82.1d4c100009c8b20.e81deeff616c12f006326819b9ed6fbe@email-od.com]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:7381, ipnet:142.0.176.0/22, country:US]; FROM_NEQ_ENVFROM(0.00)[steve@sohara.org,4250.82.1d4c100009c8b20.e81deeff616c12f006326819b9ed6fbe@email-od.com]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 11:42:08 -0000 On Sun, 29 Mar 2020 12:49:36 +0200 Polytropon wrote: > Maybe "exec startx" would also work? If the process after > login is replaced with startx, and the X session ends, the > process keeping the state "logged in" active will end, so > the logout will appear? Yes it will - but startx & logout means the the login prompt reappears immediately no matter what happens to the X session. There's something in me that doesn't like tying up two VCs for one session :) -- Steve O'Hara-Smith | Directable Mirror Arrays C:\>WIN | A better way to focus the sun The computer obeys and wins. | licences available see You lose and Bill collects. | http://www.sohara.org/ From owner-freebsd-questions@freebsd.org Sun Mar 29 12:40:14 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7069827DF8B for ; Sun, 29 Mar 2020 12:40:14 +0000 (UTC) (envelope-from kremels@kreme.com) Received: from mail.covisp.net (mail.covisp.net [65.121.55.42]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48qwCm48hVz4nc0 for ; Sun, 29 Mar 2020 12:40:04 +0000 (UTC) (envelope-from kremels@kreme.com) From: "@lbutlr" Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: NFS exports Message-Id: <4D1B1F02-773C-4390-8E11-C59A4CCE5105@kreme.com> Date: Sun, 29 Mar 2020 06:39:54 -0600 To: FreeBSD X-Mailer: Apple Mail (2.3608.80.23.2.2) X-Rspamd-Queue-Id: 48qwCm48hVz4nc0 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of kremels@kreme.com designates 65.121.55.42 as permitted sender) smtp.mailfrom=kremels@kreme.com X-Spamd-Result: default: False [-0.51 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.996,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MISSING_MIME_VERSION(2.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_NA(0.00)[kreme.com]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; IP_SCORE(-0.11)[ip: (-0.35), ipnet: 65.112.0.0/12(-0.06), asn: 209(-0.11), country: US(-0.05)]; TO_DN_ALL(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; RCVD_IN_DNSWL_LOW(-0.10)[42.55.121.65.list.dnswl.org : 127.0.5.1]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:209, ipnet:65.112.0.0/12, country:US]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 12:40:14 -0000 I have created /etc/exports: /mnt/backups -alldirs [IP address of remote machine] When I start mountd, I get an error in /var/log/messages: bad exports list line '/mnt/backups': symbolic link in export path or = statfs failed df -Ph shows: /dev/ada1p1 217G 89G 110G 45% /mnt/backup The IP address is not a LAN IP, but the actual IP of the machine I = intend to mount the NFS share on. --=20 'There has to be enough light,' he panted, 'to see the darkness.=E2=80=99 From owner-freebsd-questions@freebsd.org Sun Mar 29 13:40:58 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 219CA27F5B0 for ; Sun, 29 Mar 2020 13:40:58 +0000 (UTC) (envelope-from 4250.82.1d4c100009e30ca.cf085c4cc30e547b247e19367af12b31@email-od.com) Received: from s1-b0c6.socketlabs.email-od.com (s1-b0c6.socketlabs.email-od.com [142.0.176.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48qxZ01wRQz3x2Q for ; Sun, 29 Mar 2020 13:40:55 +0000 (UTC) (envelope-from 4250.82.1d4c100009e30ca.cf085c4cc30e547b247e19367af12b31@email-od.com) DKIM-Signature: v=1; a=rsa-sha256; d=email-od.com;i=@email-od.com;s=dkim; c=relaxed/relaxed; q=dns/txt; t=1585489257; x=1588081257; h=content-transfer-encoding:content-type:mime-version:references:in-reply-to:message-id:subject:cc:to:from:date:x-thread-info; bh=0P8RgLG4BspSdNOcJ3C6FrjREbU13OYTV79cxMMQo/Q=; b=gdgupScys7wLzd6VulRe9ScSYJwgyg8S5oq4MQRMTszxH9kyqyupzmJ4gk7flfZlcas1khZBbdyZxoTmEopIozA0mejd+4HOMDNRB7+ICw0+1ws/I2SyqLSBo27dY/L3H6sEQ0E/aLJToR4NcZ9sm89BkHUZEAJArwdSJak6J88= X-Thread-Info: NDI1MC45Mi4xZDRjMTAwMDA5ZTMwY2EuZnJlZWJzZC1xdWVzdGlvbnM9ZnJlZWJzZC5vcmc= Received: from r2.us-east-1.aws.in.socketlabs.com (r2.us-east-1.aws.in.socketlabs.com [142.0.191.2]) by mxsg2.email-od.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Sun, 29 Mar 2020 09:25:48 -0400 Received: from smtp.lan.sohara.org (EMTPY [185.202.17.215]) by r2.us-east-1.aws.in.socketlabs.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Sun, 29 Mar 2020 09:25:47 -0400 Received: from [192.168.63.1] (helo=steve.lan.sohara.org) by smtp.lan.sohara.org with smtp (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1jIXwf-000Mcg-Pb; Sun, 29 Mar 2020 14:25:45 +0100 Date: Sun, 29 Mar 2020 14:25:45 +0100 From: Steve O'Hara-Smith To: "@lbutlr" Cc: FreeBSD Subject: Re: NFS exports Message-Id: <20200329142545.9a5c14d8a52019cef0a0669b@sohara.org> In-Reply-To: <4D1B1F02-773C-4390-8E11-C59A4CCE5105@kreme.com> References: <4D1B1F02-773C-4390-8E11-C59A4CCE5105@kreme.com> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; amd64-portbld-freebsd12.0) X-Clacks-Overhead: "GNU Terry Pratchett" Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48qxZ01wRQz3x2Q X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=email-od.com header.s=dkim header.b=gdgupScy; dmarc=none; spf=pass (mx1.freebsd.org: domain of 4250.82.1d4c100009e30ca.cf085c4cc30e547b247e19367af12b31@email-od.com designates 142.0.176.198 as permitted sender) smtp.mailfrom=4250.82.1d4c100009e30ca.cf085c4cc30e547b247e19367af12b31@email-od.com X-Spamd-Result: default: False [-1.60 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.990,0]; R_DKIM_ALLOW(-0.20)[email-od.com:s=dkim]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:142.0.176.0/20]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[sohara.org]; NEURAL_HAM_LONG(-1.00)[-0.996,0]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[email-od.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[198.176.0.142.list.dnswl.org : 127.0.15.0]; IP_SCORE(0.09)[ip: (-0.24), ipnet: 142.0.176.0/22(0.49), asn: 7381(0.25), country: US(-0.05)]; FORGED_SENDER(0.30)[steve@sohara.org,4250.82.1d4c100009e30ca.cf085c4cc30e547b247e19367af12b31@email-od.com]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:7381, ipnet:142.0.176.0/22, country:US]; FROM_NEQ_ENVFROM(0.00)[steve@sohara.org,4250.82.1d4c100009e30ca.cf085c4cc30e547b247e19367af12b31@email-od.com]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 13:40:58 -0000 On Sun, 29 Mar 2020 06:39:54 -0600 "@lbutlr" wrote: > I have created /etc/exports: > > /mnt/backups -alldirs [IP address of remote machine] > > When I start mountd, I get an error in /var/log/messages: > > bad exports list line '/mnt/backups': symbolic link in export path or > statfs failed > > df -Ph shows: > /dev/ada1p1 217G 89G 110G 45% /mnt/backup I notice that you are exporting /mnt/backups but the mount is /mnt/backup. From the error message I speculate that /mnt/backups is a symlink to the actual mount point, change the export to match the mount and all should be well. -- Steve O'Hara-Smith From owner-freebsd-questions@freebsd.org Sun Mar 29 18:33:50 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3B6AB2A6CD5 for ; Sun, 29 Mar 2020 18:33:50 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor.nl2k.ab.ca (doctor.nl2k.ab.ca [204.209.81.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48r43f6J64z3KLR for ; Sun, 29 Mar 2020 18:33:33 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.93.0.4 (FreeBSD)) (envelope-from ) id 1jIcl4-0006sY-CM for freebsd-questions@freebsd.org; Sun, 29 Mar 2020 12:34:06 -0600 Date: Sun, 29 Mar 2020 12:34:06 -0600 From: The Doctor To: freebsd-questions@freebsd.org Subject: FreeBSD bridging security router Message-ID: <20200329183406.GB5418@doctor.nl2k.ab.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Rspamd-Queue-Id: 48r43f6J64z3KLR X-Spamd-Bar: ++ X-Spamd-Result: default: False [2.21 / 15.00]; ARC_NA(0.00)[]; RBL_SENDERSCORE_FAIL(0.00)[1.81.209.204.bl.score.senderscore.com:query timed out]; FROM_HAS_DN(0.00)[]; RBL_SEM_FAIL(0.00)[1.81.209.204.bl.spameatingmonkey.net:query timed out]; R_SPF_ALLOW(0.00)[+a]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; TO_DN_NONE(0.00)[]; NEURAL_SPAM_MEDIUM(0.03)[0.033,0]; RCPT_COUNT_ONE(0.00)[1]; BAD_REP_POLICIES(0.10)[]; DBL_FAIL(0.00)[query timed out]; ZRD_FAIL(0.00)[query timed out]; URIBL_PBL(0.02)[empire.kred]; DMARC_POLICY_ALLOW(0.00)[nl2k.ab.ca,quarantine]; NEURAL_SPAM_LONG(0.32)[0.323,0]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; INTRODUCTION(2.00)[]; ASN(0.00)[asn:6171, ipnet:204.209.81.0/24, country:CA]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(-0.17)[ip: (-0.40), ipnet: 204.209.81.0/24(-0.20), asn: 6171(-0.16), country: CA(-0.09)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 18:33:50 -0000 Question is that I have the following set up 1) /etc/rc.conf hostname="border.nk.ca" ifconfig_bce0="inet 192.168.81.14 netmask 255.255.255.0 promisc " ifconfig_bce1="up media 100baseTX mediaopt full-duplex promisc " ifconfig_bce2="up promisc" ifconfig_bce3="up promisc" defaultrouter="192.168.81.2" hald_enable="YES" named_enable="YES" sshd_enable="YES" sshguard_enable="YES" moused_enable="YES" ntpdate_enable="YES" ntpd_enable="YES" gateway_enable="YES" ipv6_gateway_enable="YES" pf_enable="YES" clamav_clamd_enable="YES" clamd_enable="YES" squid_enable="YES" tcsd_enable="YES" tcsd_mode="emulator" tpmd_enable="YES" dbus_enable="YES" apache24_enable="yes" postgresql_enable="YES" firebird_enable="YES" firebird_mode="superserver" suricata_enable="YES" suricata_divertport="8000" cloned_interfaces="bridge0 tap0 tap1 tap2 tap3" ifconfig_bridge0="addm bce2 addm tap0 addm tap1 addm tap2 addm tap3 up" cloned_interfaces="bce0 bce1" ifconfig_bridge1="addm bce0 addm bce1 up" #firewall_enable="YES" #firewall_type="simple" #firewall_quiet="YES" #firewall_logging="YES" vm_enable="YES" vm_dir="/usr/vm/" vboxdrv_load="YES" xrdp_enable="YES" xrdp_sesman_enable="YES" saslauthd_enable="YES" openvassd_enable="YES" openvasmd_enable="YES" gsad_enable="YES" pflog_logfile="/var/log/pflog" # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev="AUTO" redis_enable="YES" cbsd_workdir="/usr/vm" cbsdrsyncd_enable="YES" cbsdrsyncd_flags="--config=/usr/vm/etc/rsyncd.conf" cbsdd_enable="YES" rcshutdown_timeout="900" and 2) /etc/pf.conf ## Set your public interface ## ext_if="bce1" ##Internal bridge for virtually hosted machines int_if="bce0" bridge0="bridge0" ## Set your server public IP address ## int_if_ip="192.168.81.14" bridge0_ip="192.168.81.13" intnet = $int_if:network #Proxy for FTP proxy="127.0.0.1" proxyport="8021" #All virtal machines go here! win2019="192.168.81.18" kali="192.168.81.15" seconion="192.168.81.16" parrot="192.168.81.17" #In case you need a whole group vhosts =" { 192.168.81.16, 192.168.81.15, 192.168.81.17,192.168.81.18 }" ## Set and drop these IP ranges on public interface and any other troublemakers ## martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \ 10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \ 0.0.0.0/8, 240.0.0.0/4 }" ## Set http(80)/https (443) port here and other ports that need accessing ## webports = "{http, https,8443,119,561,110,143,993,995,20,21,23,25,464,465,587,53 ,513,783,88,135,137,138,139,445,69,10000,20000,43,636,1024:5000,8000:8100,5900:5 999,49150:61000}" # Radius radiusports = "{1645,1646,1812,1813 }" ## enable these services ## int_tcp_services = "{domain, ntp, smtp,nntp, smtps,submission, www, https,20,88, ftp, ssh,110,139,137,138,135,143,636,993,995,443,445,464,561,636,783,389,7500,84 43,10000,20000,43,63,1024:5000,8000:8100,5900:5999,23,49150:61000}" int_udp_services = "{domain, ntp,69,88,137,138,139,445,464}" int_radius_services = "{1645,1646,1812,1813 }" ## Skip loop back interface - Skip all PF processing on interface bridge and vir tual hosts ## set skip on lo set skip on bridge0 set skip on tap0 set skip on tap1 set skip on tap2 set skip on tap3 ## Sets the interface for which PF should gather statistics such as bytes in/out and packets passed/blocked ## set loginterface $ext_if set fingerprints "/etc/pf.os" # Deal with attacks based on incorrect handling of packet fragments scrub in all ################### TRANSLATION ############# #### NAT and RDR start nat on $ext_if from $intnet to any -> ($ext_if) nat on $intnet from $bridge0 to any -> ($intnet) nat on $bridge0 from $kali to any -> ($bridge0) nat on $bridge0 from $win2019 to any -> ($bridge0) nat on $bridge0 from $kali to any -> ($bridge0) --se note for virtual machines you are passing the packects via the ## Virtual switch so treat as michine (tap) into switch (Bridge) into ## your macine acting as the host (exit) nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" # Redirect ftp traffic to proxy rdr pass proto tcp from any to any port ftp -> $proxy port $proxyport ## Set default policy ## block return in log all block out all # We need to have an anchor for ftp-proxy anchor "ftp-proxy/*" pass out proto tcp from $proxy to any port 20 pass out proto tcp from $proxy to any port 21 pass out on $int_if inet proto {tcp, udp} from $int_if to any port ftp:ftp-proxy pass in on egress proto tcp to port 21 pass in on egress proto tcp to port 20 pass in on egress proto tcp to port > 49151 pass out quick on egress inet proto tcp from any to 192.168.81.1 flags S/SA pass out quick on egress inet proto tcp from any to 192.168.81.3 flags S/SA #set up virtual switch pass in quick on bridge0 all pass quick on tap0 all pass quick on tap1 all pass quick on tap2 all pass quick on tap3 all # Drop all Non-Routable Addresses block drop in quick on $int_if from $martians to any block drop out quick on $int_if from any to $martians block drop in quick on $vhosts from $martians to any block drop out quick on $vhosts from any to $martians ## Blocking spoofed packets antispoof quick for $int_if antispoof quick for $vhosts # Open SSH port which is listening on port 22 from VPN 139.xx.yy.zz Ip only # I do not allow or accept ssh traffic from ALL for security reasons #pass in quick on $ext_if inet proto tcp from 192.168.81.0/24 to $ext_if_ip port = ssh flags S/SA keep state label "USER_RULE: Allow SSH from 139.xxx.yyy.zzz" ## Use the following rule to enable ssh for ALL users from any IP address # ## pass in inet proto tcp to $ext_if port ssh ### [ OR ] ### pass in inet proto tcp to $int_if port 22 pass in inet proto tcp to $vhosts port 22 pass in inet proto tcp to $int_if port 36941 pass in inet proto tcp to $vhosts port 36941 # Allow Ping-Pong stuff. Be a good sysadmin icmp_types = "{ echoreq, unreach }" pass inet proto icmp all icmp-type $icmp_types keep state # allow out the default range for traceroute(8): pass out on $ext_if inet proto udp from any to any port 33433 >< 33626 keep stat e pass out on $int_if inet proto udp from any to any port 33433 >< 33626 keep stat e pass out on $vhosts inet proto udp from any to any port 33433 >< 33626 keep stat e # All access to our Nginx/Apache/Lighttpd Webserver and other ports pass proto tcp from any to $int_if port $webports pass proto udp from any to $int_if port $webports pass proto udp from any to $int_if port $radiusports pass proto tcp from any to $vhosts port $webports pass proto udp from any to $vhosts port $webports pass in on $int_if proto tcp from any to any port = 36941 keep state pass in on $vhosts proto tcp from any to any port = 36941 keep state pass in on $kali proto tcp from any to any port = 36941 keep state # Allow essential outgoing traffic pass out quick on $int_if proto tcp to any port $int_tcp_services pass out quick on $int_if proto udp to any port $int_udp_services pass out quick on $int_if proto udp to any port $int_radius_services pass out quick on $vhosts proto tcp to any port $int_tcp_services pass out quick on $vhosts proto udp to any port $int_udp_services #For radius make certain for older syatems port 1645 and current 1812 pass in log quick on $int_if proto tcp from any to any port = 1645 flags S/SA ke ep state pass in log quick on $int_if proto udp from any to any port = 1645 keep state pass in log quick on $int_if proto tcp from any to any port = 1812 flags S/SA ke ep state pass in log quick on $int_if proto udp from any to any port = 1812 keep state pass in log quick on $int_if proto tcp from any to any port = 36941 flags S/SA k eep state pass in log quick on $int_if proto udp from any to any port = 36941 keep state pass in log quick on $vhosts proto tcp from any to any port = 36941 flags S/SA k eep state pass in log quick on $vhosts proto udp from any to any port = 36941 keep state pass out quick all flags S/SA keep state # Add custom rules below block quick from pass quick proto { tcp, udp } from any to any port ssh \ flags S/SA keep state \ (max-src-conn 15, max-src-conn-rate 5/3, \ overload flush global) ## I wonder if sshguard works with pf. Well this is suppose to act as a server / firewall /router. The primary DNS does ping the outside world once bce1 is up but not resolve domain names. Anything in the configuration I forget? Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism Truth is emancipating, yet to the fool it looks like chains. -unknown From owner-freebsd-questions@freebsd.org Sun Mar 29 19:30:52 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DF5602600AB for ; Sun, 29 Mar 2020 19:30:52 +0000 (UTC) (envelope-from trond.endrestol@ximalas.info) Received: from enterprise.ximalas.info (enterprise.ximalas.info [IPv6:2001:700:1100:1::8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "ximalas.info", Issuer "Hostmaster ximalas.info" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48r5KP692Wz49jm for ; Sun, 29 Mar 2020 19:30:33 +0000 (UTC) (envelope-from trond.endrestol@ximalas.info) Received: from enterprise.ximalas.info (Ximalas@localhost [127.0.0.1]) by enterprise.ximalas.info (8.15.2/8.15.2) with ESMTPS id 02TJTsmW054989 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Sun, 29 Mar 2020 21:29:54 +0200 (CEST) (envelope-from trond.endrestol@ximalas.info) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ximalas.info; s=default; t=1585510195; bh=+0jAJjFyuQsN0BZPNGGenEqNX2CEehtKpM6/BMcP3mA=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=CLQ33HwvF50fT/2jTz8yaDEYo2vCN9Pl+mMpaEsUAA+Y+2PMdfL2smfav3zxzjfSg VOtJgcXUs8enfL2xrRPqqLFmd8gYMo5lFxvenFUUQDw7cNMrw4kvTSEnyF/aq1uB/c fVlOvdw+kIERIZsuGCbAM697id0vrkq2zcquZP/mt4Z7yCcU1U3cWYHqLW+GPgPTAU SKt/a9iWAiV5byhay8Uys1G8mzk1TgO52sN1MSANpK5L4PdGwGgBD0iCDtu8AAROPu k320+lyBvpF8RqLB3msX+H2ixSDexSF0MgYaeOt8YNAgH2yVIm9GBmrcxm7PIY6FUT cnnD9ciBGLYaQ== Received: from localhost (trond@localhost) by enterprise.ximalas.info (8.15.2/8.15.2/Submit) with ESMTP id 02TJTsIK054986; Sun, 29 Mar 2020 21:29:54 +0200 (CEST) (envelope-from trond.endrestol@ximalas.info) X-Authentication-Warning: enterprise.ximalas.info: trond owned process doing -bs Date: Sun, 29 Mar 2020 21:29:54 +0200 (CEST) From: =?UTF-8?Q?Trond_Endrest=C3=B8l?= Sender: Trond.Endrestol@ximalas.info To: The Doctor cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD bridging security router In-Reply-To: <20200329183406.GB5418@doctor.nl2k.ab.ca> Message-ID: References: <20200329183406.GB5418@doctor.nl2k.ab.ca> User-Agent: Alpine 2.22 (BSF 395 2020-01-19) OpenPGP: url=http://ximalas.info/about/tronds-openpgp-public-key MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on enterprise.ximalas.info X-Rspamd-Queue-Id: 48r5KP692Wz49jm X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ximalas.info header.s=default header.b=CLQ33Hwv; dmarc=pass (policy=none) header.from=ximalas.info; spf=pass (mx1.freebsd.org: domain of trond.endrestol@ximalas.info designates 2001:700:1100:1::8 as permitted sender) smtp.mailfrom=trond.endrestol@ximalas.info X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[ximalas.info:s=default]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[ximalas.info:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[ximalas.info,none]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 19:30:53 -0000 On Sun, 29 Mar 2020 12:34-0600, The Doctor via freebsd-questions wrote: > Question is that I have the following set up > > 1) /etc/rc.conf > > hostname="border.nk.ca" > ifconfig_bce0="inet 192.168.81.14 netmask 255.255.255.0 promisc " > ifconfig_bce1="up media 100baseTX mediaopt full-duplex promisc " > ifconfig_bce2="up promisc" > ifconfig_bce3="up promisc" > defaultrouter="192.168.81.2" > hald_enable="YES" > named_enable="YES" > sshd_enable="YES" > sshguard_enable="YES" > moused_enable="YES" > ntpdate_enable="YES" > ntpd_enable="YES" > gateway_enable="YES" > ipv6_gateway_enable="YES" Do you need IPv6? I don't see any IPv6 related config elsewhere. > pf_enable="YES" > clamav_clamd_enable="YES" > clamd_enable="YES" > squid_enable="YES" > tcsd_enable="YES" > tcsd_mode="emulator" > tpmd_enable="YES" > dbus_enable="YES" > apache24_enable="yes" > postgresql_enable="YES" > firebird_enable="YES" > firebird_mode="superserver" > suricata_enable="YES" > suricata_divertport="8000" > cloned_interfaces="bridge0 tap0 tap1 tap2 tap3" > ifconfig_bridge0="addm bce2 addm tap0 addm tap1 addm tap2 addm tap3 up" > cloned_interfaces="bce0 bce1" Are the two cloned_interfaces lines intentional? The second one overrides the first one. > ifconfig_bridge1="addm bce0 addm bce1 up" > #firewall_enable="YES" > #firewall_type="simple" > #firewall_quiet="YES" > #firewall_logging="YES" > vm_enable="YES" > vm_dir="/usr/vm/" > vboxdrv_load="YES" > xrdp_enable="YES" > xrdp_sesman_enable="YES" > saslauthd_enable="YES" > openvassd_enable="YES" > openvasmd_enable="YES" > gsad_enable="YES" > pflog_logfile="/var/log/pflog" > # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable > dumpdev="AUTO" > redis_enable="YES" > cbsd_workdir="/usr/vm" > cbsdrsyncd_enable="YES" > cbsdrsyncd_flags="--config=/usr/vm/etc/rsyncd.conf" > cbsdd_enable="YES" > rcshutdown_timeout="900" > > and > > 2) /etc/pf.conf > > ## Set your public interface ## > ext_if="bce1" > ##Internal bridge for virtually hosted machines > int_if="bce0" > bridge0="bridge0" > ## Set your server public IP address ## > int_if_ip="192.168.81.14" > bridge0_ip="192.168.81.13" > intnet = $int_if:network > #Proxy for FTP > proxy="127.0.0.1" > proxyport="8021" > #All virtal machines go here! > win2019="192.168.81.18" > kali="192.168.81.15" > seconion="192.168.81.16" > parrot="192.168.81.17" > #In case you need a whole group > vhosts =" { 192.168.81.16, 192.168.81.15, > 192.168.81.17,192.168.81.18 }" > ## Set and drop these IP ranges on public interface and any other troublemakers > ## > > martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \ > 10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \ > 0.0.0.0/8, 240.0.0.0/4 }" > ## Set http(80)/https (443) port here and other ports that need accessing ## > webports = "{http, https,8443,119,561,110,143,993,995,20,21,23,25,464,465,587,53 > ,513,783,88,135,137,138,139,445,69,10000,20000,43,636,1024:5000,8000:8100,5900:5 > 999,49150:61000}" > # Radius > radiusports = "{1645,1646,1812,1813 }" > > ## enable these services ## > int_tcp_services = "{domain, ntp, smtp,nntp, smtps,submission, www, https,20,88, > ftp, ssh,110,139,137,138,135,143,636,993,995,443,445,464,561,636,783,389,7500,84 > 43,10000,20000,43,63,1024:5000,8000:8100,5900:5999,23,49150:61000}" > int_udp_services = "{domain, ntp,69,88,137,138,139,445,464}" > int_radius_services = "{1645,1646,1812,1813 }" > > > ## Skip loop back interface - Skip all PF processing on interface bridge and vir > tual hosts ## > set skip on lo > set skip on bridge0 > set skip on tap0 > set skip on tap1 > set skip on tap2 > set skip on tap3 > > > ## Sets the interface for which PF should gather statistics such as bytes in/out > and packets passed/blocked ## > set loginterface $ext_if > set fingerprints "/etc/pf.os" > > # Deal with attacks based on incorrect handling of packet fragments > scrub in all > > ################### TRANSLATION ############# > > #### NAT and RDR start > nat on $ext_if from $intnet to any -> ($ext_if) > nat on $intnet from $bridge0 to any -> ($intnet) > nat on $bridge0 from $kali to any -> ($bridge0) > nat on $bridge0 from $win2019 to any -> ($bridge0) > nat on $bridge0 from $kali to any -> ($bridge0) > > --se note for virtual machines you are passing the packects via the This doesn't look like a proper comment. > ## Virtual switch so treat as michine (tap) into switch (Bridge) into > ## your macine acting as the host (exit) > > nat-anchor "ftp-proxy/*" > rdr-anchor "ftp-proxy/*" > > # Redirect ftp traffic to proxy > rdr pass proto tcp from any to any port ftp -> $proxy port $proxyport > > > ## Set default policy ## > block return in log all > block out all > > # We need to have an anchor for ftp-proxy > anchor "ftp-proxy/*" > pass out proto tcp from $proxy to any port 20 > pass out proto tcp from $proxy to any port 21 > pass out on $int_if inet proto {tcp, udp} from $int_if to any port ftp:ftp-proxy > pass in on egress proto tcp to port 21 > pass in on egress proto tcp to port 20 > pass in on egress proto tcp to port > 49151 > pass out quick on egress inet proto tcp from any to 192.168.81.1 flags S/SA > pass out quick on egress inet proto tcp from any to 192.168.81.3 flags S/SA > > #set up virtual switch > > pass in quick on bridge0 all > pass quick on tap0 all > pass quick on tap1 all > pass quick on tap2 all > pass quick on tap3 all > > # Drop all Non-Routable Addresses > block drop in quick on $int_if from $martians to any > block drop out quick on $int_if from any to $martians > block drop in quick on $vhosts from $martians to any > block drop out quick on $vhosts from any to $martians > > ## Blocking spoofed packets > antispoof quick for $int_if > antispoof quick for $vhosts > > # Open SSH port which is listening on port 22 from VPN 139.xx.yy.zz Ip only > # I do not allow or accept ssh traffic from ALL for security reasons > #pass in quick on $ext_if inet proto tcp from 192.168.81.0/24 to $ext_if_ip port > = ssh flags S/SA keep state label "USER_RULE: Allow SSH from 139.xxx.yyy.zzz" > ## Use the following rule to enable ssh for ALL users from any IP address # > ## pass in inet proto tcp to $ext_if port ssh > ### [ OR ] ### > pass in inet proto tcp to $int_if port 22 > pass in inet proto tcp to $vhosts port 22 > > > pass in inet proto tcp to $int_if port 36941 > pass in inet proto tcp to $vhosts port 36941 > > > # Allow Ping-Pong stuff. Be a good sysadmin > icmp_types = "{ echoreq, unreach }" > pass inet proto icmp all icmp-type $icmp_types keep state > # allow out the default range for traceroute(8): > pass out on $ext_if inet proto udp from any to any port 33433 >< 33626 keep stat > e > pass out on $int_if inet proto udp from any to any port 33433 >< 33626 keep stat > e > pass out on $vhosts inet proto udp from any to any port 33433 >< 33626 keep stat > e > > # All access to our Nginx/Apache/Lighttpd Webserver and other ports > pass proto tcp from any to $int_if port $webports > pass proto udp from any to $int_if port $webports > pass proto udp from any to $int_if port $radiusports > pass proto tcp from any to $vhosts port $webports > pass proto udp from any to $vhosts port $webports > > pass in on $int_if proto tcp from any to any port = 36941 keep state > pass in on $vhosts proto tcp from any to any port = 36941 keep state > pass in on $kali proto tcp from any to any port = 36941 keep state > > # Allow essential outgoing traffic > pass out quick on $int_if proto tcp to any port $int_tcp_services > pass out quick on $int_if proto udp to any port $int_udp_services > pass out quick on $int_if proto udp to any port $int_radius_services > pass out quick on $vhosts proto tcp to any port $int_tcp_services > pass out quick on $vhosts proto udp to any port $int_udp_services > > #For radius make certain for older syatems port 1645 and current 1812 > pass in log quick on $int_if proto tcp from any to any port = 1645 flags S/SA ke > ep state > pass in log quick on $int_if proto udp from any to any port = 1645 keep state > pass in log quick on $int_if proto tcp from any to any port = 1812 flags S/SA ke > ep state > pass in log quick on $int_if proto udp from any to any port = 1812 keep state > > pass in log quick on $int_if proto tcp from any to any port = 36941 flags S/SA k > eep state > pass in log quick on $int_if proto udp from any to any port = 36941 keep state > > pass in log quick on $vhosts proto tcp from any to any port = 36941 flags S/SA k > eep state > > pass in log quick on $vhosts proto udp from any to any port = 36941 keep state > pass out quick all flags S/SA keep state > > # Add custom rules below > block quick from > pass quick proto { tcp, udp } from any to any port ssh \ > flags S/SA keep state \ > (max-src-conn 15, max-src-conn-rate 5/3, \ > overload flush global) > ## I wonder if sshguard works with pf. > > Well this is suppose to act as a server / firewall /router. > > The primary DNS does ping the outside world once bce1 is up > but not resolve domain names. > > Anything in the configuration I forget? What's the contents of /etc/resolv.conf? -- Trond. From owner-freebsd-questions@freebsd.org Sun Mar 29 19:40:20 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AA8832605ED for ; Sun, 29 Mar 2020 19:40:20 +0000 (UTC) (envelope-from aryeh.friedman@gmail.com) Received: from mail-il1-x12c.google.com (mail-il1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48r5XY1HPTz4Dpl for ; Sun, 29 Mar 2020 19:40:12 +0000 (UTC) (envelope-from aryeh.friedman@gmail.com) Received: by mail-il1-x12c.google.com with SMTP id x16so13748065ilp.12 for ; Sun, 29 Mar 2020 12:40:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=ZZ7dPpt14SEYsm5yOd4SaB4ngHOFL1SYptLze+TFIG4=; b=RCHm7euwCIvoahTGMIPDQKeMuXHjWWWKT7XHV+dDW8J52mEyzpkJquyv3dDZcKLQxu +WOdkwfHEgJwGxToefjRzvU1gGv/vAic4NPMilcKBvaPRwGm8isNnwRk8C/oSH0oUjrC d1N9OR/mbylJ/DxXq4J0R2HVChz21ncGdLoK/t7d7Xx4HubEeTPNM6DDuXpgOVez+hV7 p26fOzVxlQk4tDjDOzHl7J7B4PdxDFoxTi8zLq7jPIBinunQJdySKr7xpH+EKM4x2Ay6 NHRy1JXM4gEROtogQAwQaLkMvqtvScL4w6p7D3HQxjoflMoGCOhdG8TbojZZbGjQeVQM OwPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=ZZ7dPpt14SEYsm5yOd4SaB4ngHOFL1SYptLze+TFIG4=; b=jODA0ALmzdxlnsSp8KtlMnsEvow4pFNzJn7V17inCHdXQ5rFq02R4fBsUXhi2oHTyE 3Wx0gLXtfe/OAGKMWHcvEDcw41ktsR8egNhXpbjZe8oKOhotwRJwqDyYVCupidbYqZZp vd2FisNUrVtr3du0CLvBuYTT68ncFBHMSssg48JT8Hn13MBJuMBIXFVCULeSwF5r6tdw xbJsNzJYYWlrQuu4sM4miAR+IecSIwWmB+7LjaL1WZtK1y6oq3gX7O79hqwJP7pYe7Xx 8qqBE8s6PJzGv8M3AmxcjLUxj0zU0NcgAGKok4+OK8zS1Jc053nnKPyp3JTSMMo7gXj+ m/Dw== X-Gm-Message-State: ANhLgQ04T+TYD212CmyWuHx74OVZfXV0VlHJN5Wk9krJPsfgsmUiIy5x UJq+T3doFux1cSLsq7U8QSkPBD4BEpMwzEssXvjLMRNg X-Google-Smtp-Source: ADFU+vuVI7TXj0cMhlXRZ5YEzEGOU/kh2h7PFkHtJ2o93yvUs2ipQZHfIP80UXzIegR34gEkkDZdX871alL/mMzUlfQ= X-Received: by 2002:a05:6e02:dd1:: with SMTP id l17mr8678600ilj.81.1585510801527; Sun, 29 Mar 2020 12:40:01 -0700 (PDT) MIME-Version: 1.0 From: Aryeh Friedman Date: Sun, 29 Mar 2020 15:39:49 -0400 Message-ID: Subject: current best FreeBSD hosting services To: FreeBSD Mailing List X-Rspamd-Queue-Id: 48r5XY1HPTz4Dpl X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=RCHm7euw; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of aryehfriedman@gmail.com designates 2607:f8b0:4864:20::12c as permitted sender) smtp.mailfrom=aryehfriedman@gmail.com X-Spamd-Result: default: False [-2.00 / 15.00]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; URI_COUNT_ODD(1.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(0.00)[ip: (-9.06), ipnet: 2607:f8b0::/32(-0.36), asn: 15169(-0.46), country: US(-0.05)]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; IP_SCORE_FREEMAIL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[c.2.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 19:40:21 -0000 My company currently uses RootBSD and we are looking to deactivate our two servers there and consolidate them into one. I decided at the same time to looking into other options. We are looking for very basic hosting (i.e. we manage the machine [or vm] completely and they only supply the hardware and networking). Currently we use the servers for cloud storage, a few very low traffic web sites (all running on www/tomcat9 [java/openjdk8]) and DIY off site backups/cloud storage. My guess is we need 2 cores, 4 GB of RAM and about 80 GB of disk to be safe and want to be running 12.1-RELEASE (amd64) on it but have the right to upgrade it ourselves. Suggestions? -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org From owner-freebsd-questions@freebsd.org Sun Mar 29 19:47:00 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C7378260B2C for ; Sun, 29 Mar 2020 19:47:00 +0000 (UTC) (envelope-from mark@exonetric.com) Received: from relay.exonetric.net (relay0.exonetric.net [178.250.72.161]) by mx1.freebsd.org (Postfix) with ESMTP id 48r5hH4yM3z4H0S for ; Sun, 29 Mar 2020 19:46:55 +0000 (UTC) (envelope-from mark@exonetric.com) Received: from belkin-usb.localdomain (90.69.187.81.in-addr.arpa [81.187.69.90]) by relay.exonetric.net (Postfix) with ESMTPSA id 48ABF2B5E1; Sun, 29 Mar 2020 20:46:48 +0100 (BST) From: Mark Blackman Message-Id: Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\)) Subject: Re: current best FreeBSD hosting services Date: Sun, 29 Mar 2020 20:46:47 +0100 In-Reply-To: Cc: FreeBSD Mailing List To: Aryeh Friedman References: X-Mailer: Apple Mail (2.3608.80.23.2.2) X-Rspamd-Queue-Id: 48r5hH4yM3z4H0S X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of mark@exonetric.com has no SPF policy when checking 178.250.72.161) smtp.mailfrom=mark@exonetric.com X-Spamd-Result: default: False [2.82 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; MV_CASE(0.50)[]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; DMARC_NA(0.00)[exonetric.com]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.34)[0.341,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(0.85)[0.849,0]; R_SPF_NA(0.00)[]; FREEMAIL_TO(0.00)[gmail.com]; RCVD_NO_TLS_LAST(0.10)[]; RCVD_IN_DNSWL_LOW(-0.10)[161.72.250.178.list.dnswl.org : 127.0.5.1]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:12290, ipnet:178.250.72.0/21, country:GB]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.23)[ipnet: 178.250.72.0/21(1.13), asn: 12290(0.12), country: GB(-0.07)]; FROM_EQ_ENVFROM(0.00)[] Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 19:47:00 -0000 > On 29 Mar 2020, at 20:39, Aryeh Friedman = wrote: >=20 > My company currently uses RootBSD and we are looking to deactivate our = two > servers there and consolidate them into one. I decided at the same = time > to looking into other options. We are looking for very basic = hosting > (i.e. we manage the machine [or vm] completely and they only supply = the > hardware and networking). Currently we use the servers for cloud = storage, > a few very low traffic web sites (all running on www/tomcat9 > [java/openjdk8]) and DIY off site backups/cloud storage. My guess = is we > need 2 cores, 4 GB of RAM and about 80 GB of disk to be safe and want = to be > running 12.1-RELEASE (amd64) on it but have the right to upgrade it > ourselves. >=20 > Suggestions? Exonetric (my firm) provide FreeBSD jails on decent hardware in the UK = with SSD filesystems. We obviously handle the host upgrades, but you can = do jail userland upgrades after ours any time you like. useful? https://www.exonetric.com Regards, Mark= From owner-freebsd-questions@freebsd.org Sun Mar 29 20:19:28 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2A78F2617D8 for ; Sun, 29 Mar 2020 20:19:28 +0000 (UTC) (envelope-from bch@online.de) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.130]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48r6Pc2Tz9z4TFL for ; Sun, 29 Mar 2020 20:19:15 +0000 (UTC) (envelope-from bch@online.de) Received: from x230a1 ([84.189.156.132]) by mrelayeu.kundenserver.de (mreue010 [212.227.15.167]) with ESMTPSA (Nemesis) id 1M3UlW-1jJCY736zy-000aci for ; Sun, 29 Mar 2020 22:14:01 +0200 From: Christian Barthel To: freebsd-questions@freebsd.org Subject: Convert to EFI boot loader Date: Sun, 29 Mar 2020 22:14:00 +0200 Message-ID: <87v9mmrkaf.fsf@barthel.ch> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain X-Provags-ID: V03:K1:rA0J7gzNbgNj6uBBp5wcjY/qCfzQx/11ZGRe07lmlnHX1puIAto YOC3xHKZ1lEquS+7MD0n3A8XYoXjqJz6By3jWq5DYyL0c91EKGrEHTVpKz1UDvPojMpm36E Scap6sIkK/b4WAlH4bvIHZ8v9CksA2v4CgopTUrK6TvpF/KN+DkbuFqosUPndcf+edrqq2O uGTn64Qjrjy02aSHEZQNg== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:0/tsX0s1V5c=:ZuzOaXLyp5LqozU5dfYZaE 1/dWW/+Ry6kT4a419QGv8zEHFt5KU35qbbpfolzZUXwgmd5gyKBIngmGYWwqpl9X4xmQNpJr4 KcygmLgAgFuvQy82z4OkphBSla9YZf1s/zwolaCONG9Qm223UpH+8CBh9KBIqwR8d+SdYsd8H 3O4Po1Z4ogAXOLOBNeXvD/K5KO+S6YPTuTzxTbYVX85jYX1OWkU0kXyctiTbGjTeq4nZT/ueP zRbIfeamjMDWCmKRGiM8qA9GmVLk8kwgvpGxEskWfwkdFEa3OtSAemv6CA6GGt9HJTccPR/T6 DLqf/LRs67dDXaiF9W+G6HaOXdGYUVwrJVYxkQsA88m605Rb1IkeQrkKAQXgm3MzWtNRjBzLI ayyEpo39lPqgqIe82aLH7v55NrGGg+kI6zjuOJ5PjcxXOIJILgwwRgBcutDEGXAvEmW+68c72 f2gDbXGTna2XtJeCYFqJwBAdAAZdGMDPzrAnudiCeRRYU8+39FfatWgn/KSrHY8jguMT/rO35 yeHObWLy6oa80+ohrnORXsrHm3SfkQP5rF8C74wis1bjqrbHp3L/dWtk+U6L8cQa2LH1CACTX zINtuIdKB6KHrP2yBX63gpYseY1FL2XEBmZrhzmfOzYIDeNfVREzmY4RRny88t5oJyr+KPTJe 3b1emUGLrre9h6rGgjfn5xezqM3XtDJDzBKbz0GpgkreBEaz5RXMNM66I9F1GKGKStnhGbyn5 5IPBZyJOQ3ISz8V/E7b1/VWpiAjMegmG98m5zsWoxLo9I+15zFhHaWm7VLhQECrhRvyyB/R8P yRoG3ayUOJA9Bm7kfxg/ni2ceN8nGwaRveVYmshhSj+95abN3w= X-Rspamd-Queue-Id: 48r6Pc2Tz9z4TFL X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of bch@online.de designates 212.227.126.130 as permitted sender) smtp.mailfrom=bch@online.de X-Spamd-Result: default: False [0.29 / 15.00]; ARC_NA(0.00)[]; SUBJECT_ENDS_SPACES(0.50)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:212.227.126.128/25]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; DMARC_NA(0.00)[online.de]; NEURAL_SPAM_LONG(0.05)[0.047,0]; RCVD_IN_DNSWL_NONE(0.00)[130.126.227.212.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_MEDIUM(-0.56)[-0.556,0]; IP_SCORE(0.60)[ip: (1.96), ipnet: 212.227.0.0/16(-1.11), asn: 8560(2.16), country: DE(-0.02)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[132.156.189.84.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 20:19:28 -0000 Hello I'd like to convert an existing FreeBSD 12.1 installation (that is using GPT / freebsd-boot / encrypted ZFS) to EFI (the reason for this is that I want to plug the disk into a ThinkPad X230 instead of a ThinkPad X201). The former layout on the X201 notebook using the legacy freebsd-boot partition looks like: 40 7814037088 ada0 GPT (3.6T) 40 1024 1 freebsd-boot (512K) 1064 984 - free - (492K) 2048 16777216 2 freebsd-swap (8.0G) 16779264 7797256192 3 freebsd-zfs (3.6T) 7814035456 1672 - free - (836K) I then adapted this layout with the commands: gpart delete -i 1 ada0 gpart delete -i 2 ada0 gpart add -b 40 -s 409600 -t efi ada0 gpart add -b 409640 -s 1024 -t freebsd-boot ada0 gpart add -b 411648 -s 7G -t freebsd-swap ada0 The current layout looks like this: $ sudo gpart show /dev/ada0 => 40 7814037088 ada0 GPT (3.6T) 40 409600 1 efi (200M) 409640 1024 2 freebsd-boot (512K) 410664 984 - free - (492K) 411648 16777216 3 freebsd-swap (8.0G) 17188864 7796846592 4 freebsd-zfs (3.6T) 7814035456 1672 - free - (836K) I then did the above commands to install the bootloader: gpart bootcode -p /boot/boot1.efifat -i 1 ada0 (*) gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 2 ada0 I can mount ada0p1 and see the efi/boot/BOOTx64.efi loader. But when I am trying to start the system on the X230, it's not working: pressing on the Lenovo X230 and selecting the disk does not boot the system. It tries a different source afterwards. Am I missing something? Additional observations: Interestingly enough, the disk still boots on the X201 (maybe due to the legacy freebsd-boot loader at index 2?). The X230 BIOS option is set to "UEFI Only". I tested "Legacy" and "Both" as well. With the "Legacy" option being selected, I get the message that "No gptzfsboot loader found" (or something similar to this). Instead of using the above (*) gpart(1) command, I also tried dd if=/boot/boot1.efifat of=/devada0p1 but there was no visible change to the gpart(1) command. I discovered a similar article at [1] and the author is doing almost the same. [1] https://ashish.blog/2018/06/freebsd-uefi-boot/ -- Christian Barthel From owner-freebsd-questions@freebsd.org Sun Mar 29 20:22:51 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D381B261B83 for ; Sun, 29 Mar 2020 20:22:51 +0000 (UTC) (envelope-from freebsd@gregv.net) Received: from aurora.gregv.net (aurora.gregv.net [IPv6:2607:5600:bd::1:1000]) by mx1.freebsd.org (Postfix) with ESMTP id 48r6Tb5b1Fz4VW8 for ; Sun, 29 Mar 2020 20:22:43 +0000 (UTC) (envelope-from freebsd@gregv.net) Received: by aurora.gregv.net (Postfix, from userid 1001) id 08BAF682; Sun, 29 Mar 2020 16:22:33 -0400 (EDT) Date: Sun, 29 Mar 2020 16:22:33 -0400 From: Greg Veldman To: Aryeh Friedman Cc: FreeBSD Mailing List Subject: Re: current best FreeBSD hosting services Message-ID: <20200329202233.GJ1068@aurora.gregv.net> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.12.1 (2019-06-15) X-Rspamd-Queue-Id: 48r6Tb5b1Fz4VW8 X-Spamd-Bar: +++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd@gregv.net has no SPF policy when checking 2607:5600:bd::1:1000) smtp.mailfrom=freebsd@gregv.net X-Spamd-Result: default: False [3.14 / 15.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[gregv.net]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.59)[0.593,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(0.93)[0.931,0]; R_SPF_NA(0.00)[]; FREEMAIL_TO(0.00)[gmail.com]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:31863, ipnet:2607:5600::/32, country:US]; IP_SCORE(0.72)[asn: 31863(3.63), country: US(-0.05)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 20:22:52 -0000 On Sun, Mar 29, 2020 at 03:39:49PM -0400, Aryeh Friedman wrote: > My company currently uses RootBSD and we are looking to deactivate our two > servers there and consolidate them into one. I decided at the same time > to looking into other options. We are looking for very basic hosting > (i.e. we manage the machine [or vm] completely and they only supply the > hardware and networking). Currently we use the servers for cloud storage, > a few very low traffic web sites (all running on www/tomcat9 > [java/openjdk8]) and DIY off site backups/cloud storage. My guess is we > need 2 cores, 4 GB of RAM and about 80 GB of disk to be safe and want to be > running 12.1-RELEASE (amd64) on it but have the right to upgrade it > ourselves. > > Suggestions? Well, first off, based on your requirements it sounds like you would be OK with VPS hosting, which will save you a bit of money over bare metal. Many bare metal providers offer the ability to install your own system over an IP KVM, so running whatever you want wouldn't be an issue. On the VPS side, I personally run my secondary DNS and MX servers at Vultr. They offer the same virtual KVM service, so you can put whatever you like on your VM. The also offer ready-to-install FreeBSD images that are generally fairly up to date, and if you go that route you really can have a system fully up and running in just a few minutes. Their network has also been pretty solid in my experience, at least at the two locations I've had servers. https://www.vultr.com I am not affiliated with them in any way, just a happy customer. -- Greg Veldman freebsd@gregv.net From owner-freebsd-questions@freebsd.org Sun Mar 29 20:24:08 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 399DE261C0B for ; Sun, 29 Mar 2020 20:24:08 +0000 (UTC) (envelope-from johnl@iecc.com) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gal.iecc.com", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48r6Vw1j8gz4Vvl for ; Sun, 29 Mar 2020 20:23:51 +0000 (UTC) (envelope-from johnl@iecc.com) Received: (qmail 9290 invoked from network); 29 Mar 2020 20:23:39 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=2448.5e8103cb.k2003; bh=aNxvlnOZvwAN36z+T1eaCN4tKyXDiDu+9zDYhMap0KY=; b=K6XcUr62fojry2soZIpgv5NkjuNyY0CKb9x3W1svgB8gLT66QFUgQ9wMMzlDTvaxEfEHSFuqJRihLwWDPDP0vHSUBwN4Pd3RpvB88iGqoIpfcE2svRaA80HOL8Kv17LZKCs3oFLchGVn01Mj5nShiSBwK0PcXyiHveuUKamtPtoaBEO9YPGb/07Hb76dmM2P/QchZwRdo7MTBPRw8cV2yr8OmgBLWqnCrovZlYUzHENolbSsTK9yfsWPCIByQKuI Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 29 Mar 2020 20:23:38 -0000 Received: by ary.qy (Postfix, from userid 501) id 8DD1A16C7591; Sun, 29 Mar 2020 16:23:38 -0400 (EDT) Date: 29 Mar 2020 16:23:38 -0400 Message-Id: <20200329202338.8DD1A16C7591@ary.qy> From: "John Levine" To: freebsd-questions@freebsd.org Cc: aryeh.friedman@gmail.com Subject: Re: current best FreeBSD hosting services In-Reply-To: Organization: Taughannock Networks X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit X-Rspamd-Queue-Id: 48r6Vw1j8gz4Vvl X-Spamd-Bar: ------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=iecc.com header.s=2448.5e8103cb.k2003 header.b=K6XcUr62; dmarc=pass (policy=none) header.from=iecc.com; spf=pass (mx1.freebsd.org: domain of johnl@iecc.com designates 2001:470:1f07:1126:0:43:6f73:7461 as permitted sender) smtp.mailfrom=johnl@iecc.com X-Spamd-Result: default: False [-7.13 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(0.00)[iecc.com:s=2448.5e8103cb.k2003]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_MED(-2.00)[iecc.com.dwl.dnswl.org : 127.0.4.2]; R_SPF_ALLOW(0.00)[+ip6:2001:470:1f07:1126::/64]; MV_CASE(0.50)[]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; BAD_REP_POLICIES(0.10)[]; HAS_ORG_HEADER(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[iecc.com:+]; URIBL_PBL(0.01)[jl.ly]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(0.00)[iecc.com,none]; IP_SCORE(-3.64)[ip: (-9.90), ipnet: 2001:470::/32(-4.65), asn: 6939(-3.59), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; FREEMAIL_CC(0.00)[gmail.com]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 20:24:08 -0000 In article you write: >hardware and networking). Currently we use the servers for cloud storage, >a few very low traffic web sites (all running on www/tomcat9 >[java/openjdk8]) and DIY off site backups/cloud storage. My guess is we >need 2 cores, 4 GB of RAM and about 80 GB of disk to be safe and want to be >running 12.1-RELEASE (amd64) on it but have the right to upgrade it >ourselves. I've been happy with VPS at Tektonic.net in Pennsylvania. They're pretty cheap, quite reliable, and when I've had technical issues, their responses have been clueful. Their current FreeBSD VPS comes with 11.1 but I've upgraded mine using freebsd-update without problems. -- Regards, John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly From owner-freebsd-questions@freebsd.org Sun Mar 29 20:29:00 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E1235261F44 for ; Sun, 29 Mar 2020 20:29:00 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor.nl2k.ab.ca (doctor.nl2k.ab.ca [204.209.81.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48r6cg659Rz4Xcv for ; Sun, 29 Mar 2020 20:28:50 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.93.0.4 (FreeBSD)) (envelope-from ) id 1jIeYc-0008iu-BK; Sun, 29 Mar 2020 14:29:22 -0600 Date: Sun, 29 Mar 2020 14:29:22 -0600 From: The Doctor To: Trond Endrest??l Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD bridging security router Message-ID: <20200329202922.GA32467@doctor.nl2k.ab.ca> References: <20200329183406.GB5418@doctor.nl2k.ab.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 48r6cg659Rz4Xcv X-Spamd-Bar: / X-Spamd-Result: default: False [0.71 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.66)[-0.660,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(0.00)[+a]; NEURAL_HAM_LONG(-0.48)[-0.480,0]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; BAD_REP_POLICIES(0.10)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; URIBL_PBL(0.02)[empire.kred]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(0.00)[nl2k.ab.ca,quarantine]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; INTRODUCTION(2.00)[]; ASN(0.00)[asn:6171, ipnet:204.209.81.0/24, country:CA]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(-0.17)[ip: (-0.40), ipnet: 204.209.81.0/24(-0.20), asn: 6171(-0.16), country: CA(-0.09)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 20:29:01 -0000 On Sun, Mar 29, 2020 at 09:29:54PM +0200, Trond Endrest??l wrote: > On Sun, 29 Mar 2020 12:34-0600, The Doctor via freebsd-questions wrote: > > > Question is that I have the following set up > > > > 1) /etc/rc.conf > > > > hostname="border.nk.ca" > > ifconfig_bce0="inet 192.168.81.14 netmask 255.255.255.0 promisc " > > ifconfig_bce1="up media 100baseTX mediaopt full-duplex promisc " > > ifconfig_bce2="up promisc" > > ifconfig_bce3="up promisc" > > defaultrouter="192.168.81.2" > > hald_enable="YES" > > named_enable="YES" > > sshd_enable="YES" > > sshguard_enable="YES" > > moused_enable="YES" > > ntpdate_enable="YES" > > ntpd_enable="YES" > > gateway_enable="YES" > > > ipv6_gateway_enable="YES" > > Do you need IPv6? I don't see any IPv6 related config elsewhere. > > > pf_enable="YES" > > clamav_clamd_enable="YES" > > clamd_enable="YES" > > squid_enable="YES" > > tcsd_enable="YES" > > tcsd_mode="emulator" > > tpmd_enable="YES" > > dbus_enable="YES" > > apache24_enable="yes" > > postgresql_enable="YES" > > firebird_enable="YES" > > firebird_mode="superserver" > > suricata_enable="YES" > > suricata_divertport="8000" > > > cloned_interfaces="bridge0 tap0 tap1 tap2 tap3" > > ifconfig_bridge0="addm bce2 addm tap0 addm tap1 addm tap2 addm tap3 up" > > cloned_interfaces="bce0 bce1" > > Are the two cloned_interfaces lines intentional? The second one > overrides the first one. > > > ifconfig_bridge1="addm bce0 addm bce1 up" > > #firewall_enable="YES" > > #firewall_type="simple" > > #firewall_quiet="YES" > > #firewall_logging="YES" > > vm_enable="YES" > > vm_dir="/usr/vm/" > > vboxdrv_load="YES" > > xrdp_enable="YES" > > xrdp_sesman_enable="YES" > > saslauthd_enable="YES" > > openvassd_enable="YES" > > openvasmd_enable="YES" > > gsad_enable="YES" > > pflog_logfile="/var/log/pflog" > > # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable > > dumpdev="AUTO" > > redis_enable="YES" > > cbsd_workdir="/usr/vm" > > cbsdrsyncd_enable="YES" > > cbsdrsyncd_flags="--config=/usr/vm/etc/rsyncd.conf" > > cbsdd_enable="YES" > > rcshutdown_timeout="900" > > > > and > > > > 2) /etc/pf.conf > > > > ## Set your public interface ## > > ext_if="bce1" > > ##Internal bridge for virtually hosted machines > > int_if="bce0" > > bridge0="bridge0" > > ## Set your server public IP address ## > > int_if_ip="192.168.81.14" > > bridge0_ip="192.168.81.13" > > intnet = $int_if:network > > #Proxy for FTP > > proxy="127.0.0.1" > > proxyport="8021" > > #All virtal machines go here! > > win2019="192.168.81.18" > > kali="192.168.81.15" > > seconion="192.168.81.16" > > parrot="192.168.81.17" > > #In case you need a whole group > > vhosts =" { 192.168.81.16, 192.168.81.15, > > 192.168.81.17,192.168.81.18 }" > > ## Set and drop these IP ranges on public interface and any other troublemakers > > ## > > > > martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \ > > 10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \ > > 0.0.0.0/8, 240.0.0.0/4 }" > > ## Set http(80)/https (443) port here and other ports that need accessing ## > > webports = "{http, https,8443,119,561,110,143,993,995,20,21,23,25,464,465,587,53 > > ,513,783,88,135,137,138,139,445,69,10000,20000,43,636,1024:5000,8000:8100,5900:5 > > 999,49150:61000}" > > # Radius > > radiusports = "{1645,1646,1812,1813 }" > > > > ## enable these services ## > > int_tcp_services = "{domain, ntp, smtp,nntp, smtps,submission, www, https,20,88, > > ftp, ssh,110,139,137,138,135,143,636,993,995,443,445,464,561,636,783,389,7500,84 > > 43,10000,20000,43,63,1024:5000,8000:8100,5900:5999,23,49150:61000}" > > int_udp_services = "{domain, ntp,69,88,137,138,139,445,464}" > > int_radius_services = "{1645,1646,1812,1813 }" > > > > > > ## Skip loop back interface - Skip all PF processing on interface bridge and vir > > tual hosts ## > > set skip on lo > > set skip on bridge0 > > set skip on tap0 > > set skip on tap1 > > set skip on tap2 > > set skip on tap3 > > > > > > ## Sets the interface for which PF should gather statistics such as bytes in/out > > and packets passed/blocked ## > > set loginterface $ext_if > > set fingerprints "/etc/pf.os" > > > > # Deal with attacks based on incorrect handling of packet fragments > > scrub in all > > > > ################### TRANSLATION ############# > > > > #### NAT and RDR start > > nat on $ext_if from $intnet to any -> ($ext_if) > > nat on $intnet from $bridge0 to any -> ($intnet) > > nat on $bridge0 from $kali to any -> ($bridge0) > > nat on $bridge0 from $win2019 to any -> ($bridge0) > > nat on $bridge0 from $kali to any -> ($bridge0) > > > > > --se note for virtual machines you are passing the packects via the > > This doesn't look like a proper comment. > > > ## Virtual switch so treat as michine (tap) into switch (Bridge) into > > ## your macine acting as the host (exit) > > > > nat-anchor "ftp-proxy/*" > > rdr-anchor "ftp-proxy/*" > > > > # Redirect ftp traffic to proxy > > rdr pass proto tcp from any to any port ftp -> $proxy port $proxyport > > > > > > ## Set default policy ## > > block return in log all > > block out all > > > > # We need to have an anchor for ftp-proxy > > anchor "ftp-proxy/*" > > pass out proto tcp from $proxy to any port 20 > > pass out proto tcp from $proxy to any port 21 > > pass out on $int_if inet proto {tcp, udp} from $int_if to any port ftp:ftp-proxy > > pass in on egress proto tcp to port 21 > > pass in on egress proto tcp to port 20 > > pass in on egress proto tcp to port > 49151 > > pass out quick on egress inet proto tcp from any to 192.168.81.1 flags S/SA > > pass out quick on egress inet proto tcp from any to 192.168.81.3 flags S/SA > > > > #set up virtual switch > > > > pass in quick on bridge0 all > > pass quick on tap0 all > > pass quick on tap1 all > > pass quick on tap2 all > > pass quick on tap3 all > > > > # Drop all Non-Routable Addresses > > block drop in quick on $int_if from $martians to any > > block drop out quick on $int_if from any to $martians > > block drop in quick on $vhosts from $martians to any > > block drop out quick on $vhosts from any to $martians > > > > ## Blocking spoofed packets > > antispoof quick for $int_if > > antispoof quick for $vhosts > > > > # Open SSH port which is listening on port 22 from VPN 139.xx.yy.zz Ip only > > # I do not allow or accept ssh traffic from ALL for security reasons > > #pass in quick on $ext_if inet proto tcp from 192.168.81.0/24 to $ext_if_ip port > > = ssh flags S/SA keep state label "USER_RULE: Allow SSH from 139.xxx.yyy.zzz" > > ## Use the following rule to enable ssh for ALL users from any IP address # > > ## pass in inet proto tcp to $ext_if port ssh > > ### [ OR ] ### > > pass in inet proto tcp to $int_if port 22 > > pass in inet proto tcp to $vhosts port 22 > > > > > > pass in inet proto tcp to $int_if port 36941 > > pass in inet proto tcp to $vhosts port 36941 > > > > > > # Allow Ping-Pong stuff. Be a good sysadmin > > icmp_types = "{ echoreq, unreach }" > > pass inet proto icmp all icmp-type $icmp_types keep state > > # allow out the default range for traceroute(8): > > pass out on $ext_if inet proto udp from any to any port 33433 >< 33626 keep stat > > e > > pass out on $int_if inet proto udp from any to any port 33433 >< 33626 keep stat > > e > > pass out on $vhosts inet proto udp from any to any port 33433 >< 33626 keep stat > > e > > > > # All access to our Nginx/Apache/Lighttpd Webserver and other ports > > pass proto tcp from any to $int_if port $webports > > pass proto udp from any to $int_if port $webports > > pass proto udp from any to $int_if port $radiusports > > pass proto tcp from any to $vhosts port $webports > > pass proto udp from any to $vhosts port $webports > > > > pass in on $int_if proto tcp from any to any port = 36941 keep state > > pass in on $vhosts proto tcp from any to any port = 36941 keep state > > pass in on $kali proto tcp from any to any port = 36941 keep state > > > > # Allow essential outgoing traffic > > pass out quick on $int_if proto tcp to any port $int_tcp_services > > pass out quick on $int_if proto udp to any port $int_udp_services > > pass out quick on $int_if proto udp to any port $int_radius_services > > pass out quick on $vhosts proto tcp to any port $int_tcp_services > > pass out quick on $vhosts proto udp to any port $int_udp_services > > > > #For radius make certain for older syatems port 1645 and current 1812 > > pass in log quick on $int_if proto tcp from any to any port = 1645 flags S/SA ke > > ep state > > pass in log quick on $int_if proto udp from any to any port = 1645 keep state > > pass in log quick on $int_if proto tcp from any to any port = 1812 flags S/SA ke > > ep state > > pass in log quick on $int_if proto udp from any to any port = 1812 keep state > > > > pass in log quick on $int_if proto tcp from any to any port = 36941 flags S/SA k > > eep state > > pass in log quick on $int_if proto udp from any to any port = 36941 keep state > > > > pass in log quick on $vhosts proto tcp from any to any port = 36941 flags S/SA k > > eep state > > > > pass in log quick on $vhosts proto udp from any to any port = 36941 keep state > > pass out quick all flags S/SA keep state > > > > # Add custom rules below > > block quick from > > pass quick proto { tcp, udp } from any to any port ssh \ > > flags S/SA keep state \ > > (max-src-conn 15, max-src-conn-rate 5/3, \ > > overload flush global) > > ## I wonder if sshguard works with pf. > > > > Well this is suppose to act as a server / firewall /router. > > > > The primary DNS does ping the outside world once bce1 is up > > but not resolve domain names. > > > > Anything in the configuration I forget? > > What's the contents of /etc/resolv.conf? > search nk.ca nameserver 8.8.8.8 #nameserver 192.168.46.1 nameserver 192.168.81.1 nameserver 192.168.81.3 nameserver 198.181.96.1 nameserver 192.168.46.1 nameserver 69.20.95.4 nameserver 65.61.188.4 nameserver 8.8.8.8 nameserver 8.8.6.6 nameserver 8.8.4.4 > -- > Trond. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism Truth is emancipating, yet to the fool it looks like chains. -unknown From owner-freebsd-questions@freebsd.org Sun Mar 29 20:46:13 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3689E262A9C for ; Sun, 29 Mar 2020 20:46:13 +0000 (UTC) (envelope-from karl@denninger.net) Received: from colo1.denninger.net (colo1.denninger.net [104.236.120.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48r70X0hFMz4fSX for ; Sun, 29 Mar 2020 20:46:03 +0000 (UTC) (envelope-from karl@denninger.net) Received: from denninger.net (ip68-1-57-197.pn.at.cox.net [68.1.57.197]) by colo1.denninger.net (Postfix) with ESMTP id 880732110B2 for ; Sun, 29 Mar 2020 16:45:50 -0400 (EDT) Received: from [192.168.10.25] (D15.Denninger.Net [192.168.10.25]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by denninger.net (Postfix) with ESMTPSA id 1D80D1D009A for ; Sun, 29 Mar 2020 15:45:50 -0500 (CDT) Subject: Re: current best FreeBSD hosting services To: freebsd-questions@freebsd.org References: From: Karl Denninger Autocrypt: addr=karl@denninger.net; prefer-encrypt=mutual; keydata= xsFNBF1Rd+gBEACmLAH7SAzdQq57ZN56QQEy0jDFfH5BvGOMZgCaP+Y5lJQ5u9WphCoCALMs Rg0o1Q9DRNWgUmy/cgsxioXAEzZFXXzOHPJhwplVOgfjxnoByD5KQhWG8Owm9QmATdtiZPSV 4UYVNUIbZv7btSnnAXysG2OUHajYS5PVeFQxFbhNFq/SS8VaXr1WEVTFa8NFKp2W3/KY1A+U KKDUlYwnOauK3fnY9chF2IRSoxAbBJFrJ4lPGz04HtzNos4Q9CBfTphKcdFjcPntNS9wrqs3 sm+7hLNTH9B2Kj6aekG5UhD03eyP+gevTgBy51RL6ULzI13Kc4aeyOByuBXrA8D2m2Ee67iy 4+ZSxM9Wn1gQce5624OWzCYIGBH2r75Bshp1KHKu36N2rN//kyKYnwl/z6UZB/S9cMUFKZgL gFx7QxpFX/HvSiBcPfcGS0meModpg6qma7/2jRoQAXacslpiT+uOfRGspNbnglkbw435RzX/ kMUclJQNZBBBUpPiGjVCjeBTiAfN8TyjS+pWzwxNCUZWbYO5xVaS0gbIhgVNoBOGn1rdTsdA PP65SRjaoL5KY6bzkkzrXLB2Djx8/p4vr0qIqxIQWbewJq3xKyKGiqI46ae77BF7k0B++Ndx g9K9UeWKl/iJ0eoI0ftR+xH3aIHTU1Or3j/tj4j8Z0tnVSyt1wARAQABzSNLYXJsIERlbm5p bmdlciA8a2FybEBkZW5uaW5nZXIubmV0PsLBfwQTAQgAKQUCXVF36AIbIwUJCWYBgAcLCQgH AwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEG8twBXrj1l4swkP/3uOzRxW16K6H4JIEIRMUEbt nxDhmk+gR/7H9phg7HtvR7i22QejZX1N1NHcGRNmBwLshWVjJkHKhCE/AM8Cf9XyaV2ft6qn g1xK6NuhapxVuaaMeCVPUzsPkTcR+JMl72ZR4Q+mJMVQButCITekmr7aIzIZ80fF0t86rnq+ O74ZGt0SAMsLV/GAKlIw8fGMi9Xj4OKDgqmxTnIoV4+0mpo26W957pnlOrjN3/6VqWUyAdHH DkyqsuP/9jx2f5pZCcD7X04+93GI+sGb1s6BOFRHq2oJgs6W0z0nPx5Ks9MDDgSQlxXAryje 17WphTR7DWn1BeF3Y8AhRkzc2+Mgc5s1i2fPe6YwvksDNOEyNXIvFV7chwDQYb0Q3I8XsoHu 2WUjXp0kVokobJPdVdY55nbY+brezweRJMiEpFtGOmoUekQWlI5KS1kE8+Xuqpm+MSxEpqY8 5ncPt0lekOrICGajlOotkUK86iVemlW1rMzMc5Xwp9j8oxa+bRtGD6u1rYz4i+qIdE+GSCBy 1nnHN/my0nefhQyHXr8wGVEbyiMZCten9fm1iXpBr0jY+tvtbo8XqZQG7Lr+3kSO6VUgc8kW IPf2HxIV7AnGUN+ddZGCcPPhb2mY/Yy7si54wJFj6YoG+/+rNjF9F5d8WeLoeUWczgHTvZmS o6F7UhjjuwzgzsFNBF1Rd+gBEADNVFS8nQ+kpKOpgtP+f3bCVxHAm7eHMbX6oew5yZiQwfD+ 1RWNWLVOMeTt7G2e5HsHpJOUwFUJhbDb0omB0r38xTSVSAig9kmUfb7tTMJG2bG7WfWykBOM WIZ4OhCf+ISv9dUkjNgx4ionWotFxwDiPRwWumVQ7WYZmRZlhDWMiaHgKvBrjJ7Y6GKPRbQc 5/0Qz9xGhXKlFxDQrrSMkyRThIOxXqdfD9z3rEsV3ZwOojzNsnkIImnQMKyIAR0FBQop34G9 wDQi7fxk8wGIfDszwfR4oAdDdPGq4gcAvE7Fd3xKyNpGyjSED5szoaFjldaZSXQIffquSUvy sFCTTLRIso5Dn9uQgi57gIv+5mnyKBfm2Z2P6pEQPSt073TED9rS0+JpniJL7rKRVpO5niqw sQJS6ht+JF88rXro+SiwxD/KeDpTuuJ10+ohLVi1Y+X82X7BIQEhqtFp9FVJSds4o/eNyaHd SoqfoeWMy3EV+rdJ3DneXcPS1BgxO57Rko5Hx3NUSVK83ovFb+Ofes9SLNdqNu3xAUcfpRdS DyxzpVbCq6Y2CIojiaweiYe5BOBhmR9OPGhqP8YD7GukYmQufAVuOrIVyctBlVPHgMBb+UX+ ItYXuX4weSJWLOsmM45xd/EYvBq2DWFpKlyihoktNzTGqxGsNeG7gCOEUTAnUwARAQABwsFl BBgBCAAPBQJdUXfoAhsMBQkJZgGAAAoJEG8twBXrj1l4Dm0P/iEx2gIHSOnvgpG799Vf2RM0 7gPbDWzDaw8YTV49H+VTOqq7RlT52aO0QfNAmtppX0V1/5f30fuSCF46NWnYGu35P/LvOAPb sLbeWCyJy4GOPN4cjsBMbgmooGdl24RdcvGMmY177o7oOSWBqXfhAj+YA6r+hEar1qxqLgwB Gy8wAId4qYSQhN/FxiQbyUs2tPAI6Wn/41pI7Hu6WgmRGpZrBv8HhVV9Gl7jallSsS/g+fhu WRbDKCknUS5SX3+w2AUFr4kf62gSSxXBxd075KnViV9c0sraAPI31XbM5QUc0Xssfaqs6Srr z4MjKaLhb7GD8C1JwI23PuGdFvk9WK996UvIyjdWIE99VSlg/5gEKkXzwx7oysrSG9BqkfGf I4addK55xRQPul0V3s2LtDoQTxg3VHrL6wrvGhYUcTHLmlsvNx1EOb5a3xBT+SUK/Ltq08LW YcmNbU/G217MlfvDJYHCb0uOtxqJFm8RiZGj2eEcLgvyWnlWCD2rfP4EqCxmpr3Ic725FiQR cBbdTV3clTgclhBG3TA9dxVjfZDcatz5cFBwXP8k5Yn9tNl90T2r79V4SNh1mCHtGTSEf449 qz9tm7EguLchjmoirJTuiipZKcalcHAHtz4VPUykdXsrfEJTzdEcujzqF6v/9CY+DjpAd3et Z0vw7xC5tS+b Message-ID: <7312bb23-e62f-7cac-5f74-7fa2c159f435@denninger.net> Date: Sun, 29 Mar 2020 15:45:49 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-512; boundary="------------ms000801040801060505010401" X-Rspamd-Queue-Id: 48r70X0hFMz4fSX X-Spamd-Bar: ------- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=denninger.net; spf=pass (mx1.freebsd.org: domain of karl@denninger.net designates 104.236.120.189 as permitted sender) smtp.mailfrom=karl@denninger.net X-Spamd-Result: default: False [-7.50 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; SIGNED_SMIME(-2.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; HAS_ATTACHMENT(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,multipart/alternative,text/plain]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[]; DMARC_POLICY_ALLOW(-0.50)[denninger.net,none]; IP_SCORE(-2.60)[ip: (-9.84), ipnet: 104.236.64.0/18(-4.46), asn: 14061(1.36), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:~]; ASN(0.00)[asn:14061, ipnet:104.236.64.0/18, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[197.57.1.68.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11] X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 20:46:13 -0000 This is a cryptographically signed message in MIME format. --------------ms000801040801060505010401 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 3/29/2020 14:39, Aryeh Friedman wrote: > My company currently uses RootBSD and we are looking to deactivate our = two > servers there and consolidate them into one. I decided at the same ti= me > to looking into other options. We are looking for very basic hosting= > (i.e. we manage the machine [or vm] completely and they only supply the= > hardware and networking). Currently we use the servers for cloud stor= age, > a few very low traffic web sites (all running on www/tomcat9 > [java/openjdk8]) and DIY off site backups/cloud storage. My guess is= we > need 2 cores, 4 GB of RAM and about 80 GB of disk to be safe and want t= o be > running 12.1-RELEASE (amd64) on it but have the right to upgrade it > ou I've been happy with Digital Ocean. --=20 Karl Denninger karl@denninger.net /The Market Ticker/ /[S/MIME encrypted email preferred]/ --------------ms000801040801060505010401 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCC DdgwggagMIIEiKADAgECAhMA5EiKghDOXrvfxYxjITXYDdhIMA0GCSqGSIb3DQEBCwUAMIGL MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHRmxvcmlkYTESMBAGA1UEBwwJTmljZXZpbGxlMRkw FwYDVQQKDBBDdWRhIFN5c3RlbXMgTExDMRgwFgYDVQQLDA9DdWRhIFN5c3RlbXMgQ0ExITAf BgNVBAMMGEN1ZGEgU3lzdGVtcyBMTEMgMjAxNyBDQTAeFw0xNzA4MTcxNjQyMTdaFw0yNzA4 MTUxNjQyMTdaMHsxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdGbG9yaWRhMRkwFwYDVQQKDBBD dWRhIFN5c3RlbXMgTExDMRgwFgYDVQQLDA9DdWRhIFN5c3RlbXMgQ0ExJTAjBgNVBAMMHEN1 ZGEgU3lzdGVtcyBMTEMgMjAxNyBJbnQgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK AoICAQC1aJotNUI+W4jP7xQDO8L/b4XiF4Rss9O0B+3vMH7Njk85fZ052QhZpMVlpaaO+sCI KqG3oNEbuOHzJB/NDJFnqh7ijBwhdWutdsq23Ux6TvxgakyMPpT6TRNEJzcBVQA0kpby1DVD 0EKSK/FrWWBiFmSxg7qUfmIq/mMzgE6epHktyRM3OGq3dbRdOUgfumWrqHXOrdJz06xE9NzY vc9toqZnd79FUtE/nSZVm1VS3Grq7RKV65onvX3QOW4W1ldEHwggaZxgWGNiR/D4eosAGFxn uYeWlKEC70c99Mp1giWux+7ur6hc2E+AaTGh+fGeijO5q40OGd+dNMgK8Es0nDRw81lRcl24 SWUEky9y8DArgIFlRd6d3ZYwgc1DMTWkTavx3ZpASp5TWih6yI8ACwboTvlUYeooMsPtNa9E 6UQ1nt7VEi5syjxnDltbEFoLYcXBcqhRhFETJe9CdenItAHAtOya3w5+fmC2j/xJz29og1KH YqWHlo3Kswi9G77an+zh6nWkMuHs+03DU8DaOEWzZEav3lVD4u76bKRDTbhh0bMAk4eXriGL h4MUoX3Imfcr6JoyheVrAdHDL/BixbMH1UUspeRuqQMQ5b2T6pabXP0oOB4FqldWiDgJBGRd zWLgCYG8wPGJGYgHibl5rFiI5Ix3FQncipc6SdUzOQIDAQABo4IBCjCCAQYwHQYDVR0OBBYE FF3AXsKnjdPND5+bxVECGKtc047PMIHABgNVHSMEgbgwgbWAFBu1oRhUMNEzjODolDka5k4Q EDBioYGRpIGOMIGLMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHRmxvcmlkYTESMBAGA1UEBwwJ TmljZXZpbGxlMRkwFwYDVQQKDBBDdWRhIFN5c3RlbXMgTExDMRgwFgYDVQQLDA9DdWRhIFN5 c3RlbXMgQ0ExITAfBgNVBAMMGEN1ZGEgU3lzdGVtcyBMTEMgMjAxNyBDQYIJAKxAy1WBo2kY MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IC AQCB5686UCBVIT52jO3sz9pKuhxuC2npi8ZvoBwt/IH9piPA15/CGF1XeXUdu2qmhOjHkVLN gO7XB1G8CuluxofOIUce0aZGyB+vZ1ylHXlMeB0R82f5dz3/T7RQso55Y2Vog2Zb7PYTC5B9 oNy3ylsnNLzanYlcW3AAfzZcbxYuAdnuq0Im3EpGm8DoItUcf1pDezugKm/yKtNtY6sDyENj tExZ377cYA3IdIwqn1Mh4OAT/Rmh8au2rZAo0+bMYBy9C11Ex0hQ8zWcvPZBDn4v4RtO8g+K uQZQcJnO09LJNtw94W3d2mj4a7XrsKMnZKvm6W9BJIQ4Nmht4wXAtPQ1xA+QpxPTmsGAU0Cv HmqVC7XC3qxFhaOrD2dsvOAK6Sn3MEpH/YrfYCX7a7cz5zW3DsJQ6o3pYfnnQz+hnwLlz4MK 17NIA0WOdAF9IbtQqarf44+PEyUbKtz1r0KGeGLs+VGdd2FLA0e7yuzxJDYcaBTVwqaHhU2/ Fna/jGU7BhrKHtJbb/XlLeFJ24yvuiYKpYWQSSyZu1R/gvZjHeGb344jGBsZdCDrdxtQQcVA 6OxsMAPSUPMrlg9LWELEEYnVulQJerWxpUecGH92O06wwmPgykkz//UmmgjVSh7ErNvL0lUY UMfunYVO/O5hwhW+P4gviCXzBFeTtDZH259O7TCCBzAwggUYoAMCAQICEwCg0WvVwekjGFiO 62SckFwepz0wDQYJKoZIhvcNAQELBQAwezELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0Zsb3Jp ZGExGTAXBgNVBAoMEEN1ZGEgU3lzdGVtcyBMTEMxGDAWBgNVBAsMD0N1ZGEgU3lzdGVtcyBD QTElMCMGA1UEAwwcQ3VkYSBTeXN0ZW1zIExMQyAyMDE3IEludCBDQTAeFw0xNzA4MTcyMTIx MjBaFw0yMjA4MTYyMTIxMjBaMFcxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdGbG9yaWRhMRkw FwYDVQQKDBBDdWRhIFN5c3RlbXMgTExDMRswGQYDVQQDDBJrYXJsQGRlbm5pbmdlci5uZXQw ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC+HVSyxVtJhy3Ohs+PAGRuO//Dha9A 16l5FPATr6wude9zjX5f2lrkRyU8vhCXTZW7WbvWZKpcZ8r0dtZmiK9uF58Ec6hhvfkxJzbg 96WHBw5Fumd5ahZzuCJDtCAWW8R7/KN+zwzQf1+B3MVLmbaXAFBuKzySKhKMcHbK3/wjUYTg y+3UK6v2SBrowvkUBC+jxNg3Wy12GsTXcUS/8FYIXgVVPgfZZrbJJb5HWOQpvvhILpPCD3xs YJFNKEPltXKWHT7Qtc2HNqikgNwj8oqOb+PeZGMiWapsatKm8mxuOOGOEBhAoTVTwUHlMNTg 6QUCJtuWFCK38qOCyk9Haj+86lUU8RG6FkRXWgMbNQm1mWREQhw3axgGLSntjjnznJr5vsvX SYR6c+XKLd5KQZcS6LL8FHYNjqVKHBYM+hDnrTZMqa20JLAF1YagutDiMRURU23iWS7bA9tM cXcqkclTSDtFtxahRifXRI7Epq2GSKuEXe/1Tfb5CE8QsbCpGsfSwv2tZ/SpqVG08MdRiXxN 5tmZiQWo15IyWoeKOXl/hKxA9KPuDHngXX022b1ly+5ZOZbxBAZZMod4y4b4FiRUhRI97r9l CxsP/EPHuuTIZ82BYhrhbtab8HuRo2ofne2TfAWY2BlA7ExM8XShMd9bRPZrNTokPQPUCWCg CdIATQIDAQABo4IBzzCCAcswPAYIKwYBBQUHAQEEMDAuMCwGCCsGAQUFBzABhiBodHRwOi8v b2NzcC5jdWRhc3lzdGVtcy5uZXQ6ODg4ODAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF oDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMDMGCWCG SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGllbnQgQ2VydGlmaWNhdGUwHQYDVR0O BBYEFLElmNWeVgsBPe7O8NiBzjvjYnpRMIHKBgNVHSMEgcIwgb+AFF3AXsKnjdPND5+bxVEC GKtc047PoYGRpIGOMIGLMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHRmxvcmlkYTESMBAGA1UE BwwJTmljZXZpbGxlMRkwFwYDVQQKDBBDdWRhIFN5c3RlbXMgTExDMRgwFgYDVQQLDA9DdWRh IFN5c3RlbXMgQ0ExITAfBgNVBAMMGEN1ZGEgU3lzdGVtcyBMTEMgMjAxNyBDQYITAORIioIQ zl6738WMYyE12A3YSDAdBgNVHREEFjAUgRJrYXJsQGRlbm5pbmdlci5uZXQwDQYJKoZIhvcN AQELBQADggIBAJXboPFBMLMtaiUt4KEtJCXlHO/3ZzIUIw/eobWFMdhe7M4+0u3te0sr77QR dcPKR0UeHffvpth2Mb3h28WfN0FmJmLwJk+pOx4u6uO3O0E1jNXoKh8fVcL4KU79oEQyYkbu 2HwbXBU9HbldPOOZDnPLi0whi/sbFHdyd4/w/NmnPgzAsQNZ2BYT9uBNr+jZw4SsluQzXG1X lFL/qCBoi1N2mqKPIepfGYF6drbr1RnXEJJsuD+NILLooTNf7PMgHPZ4VSWQXLNeFfygoOOK FiO0qfxPKpDMA+FHa8yNjAJZAgdJX5Mm1kbqipvb+r/H1UAmrzGMbhmf1gConsT5f8KU4n3Q IM2sOpTQe7BoVKlQM/fpQi6aBzu67M1iF1WtODpa5QUPvj1etaK+R3eYBzi4DIbCIWst8MdA 1+fEeKJFvMEZQONpkCwrJ+tJEuGQmjoQZgK1HeloepF0WDcviiho5FlgtAij+iBPtwMuuLiL shAXA5afMX1hYM4l11JXntle12EQFP1r6wOUkpOdxceCcMVDEJBBCHW2ZmdEaXgAm1VU+fnQ qS/wNw/S0X3RJT1qjr5uVlp2Y0auG/eG0jy6TT0KzTJeR9tLSDXprYkN2l/Qf7/nT6Q03qyE QnnKiBXWAZXveafyU/zYa7t3PTWFQGgWoC4w6XqgPo4KV44OMYIFBzCCBQMCAQEwgZIwezEL MAkGA1UEBhMCVVMxEDAOBgNVBAgMB0Zsb3JpZGExGTAXBgNVBAoMEEN1ZGEgU3lzdGVtcyBM TEMxGDAWBgNVBAsMD0N1ZGEgU3lzdGVtcyBDQTElMCMGA1UEAwwcQ3VkYSBTeXN0ZW1zIExM QyAyMDE3IEludCBDQQITAKDRa9XB6SMYWI7rZJyQXB6nPTANBglghkgBZQMEAgMFAKCCAkUw GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAwMzI5MjA0NTQ5 WjBPBgkqhkiG9w0BCQQxQgRAAJ8AYFeAccj6BxvHzt3oBrCRkYd6yGN7QOUG4w/H+WIkyPJd 0Ce4hAxnlEmIAyTLpRRovCGfrEx4eSfT0emsrDBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFl AwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3 DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGjBgkrBgEEAYI3EAQxgZUwgZIwezEL MAkGA1UEBhMCVVMxEDAOBgNVBAgMB0Zsb3JpZGExGTAXBgNVBAoMEEN1ZGEgU3lzdGVtcyBM TEMxGDAWBgNVBAsMD0N1ZGEgU3lzdGVtcyBDQTElMCMGA1UEAwwcQ3VkYSBTeXN0ZW1zIExM QyAyMDE3IEludCBDQQITAKDRa9XB6SMYWI7rZJyQXB6nPTCBpQYLKoZIhvcNAQkQAgsxgZWg gZIwezELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0Zsb3JpZGExGTAXBgNVBAoMEEN1ZGEgU3lz dGVtcyBMTEMxGDAWBgNVBAsMD0N1ZGEgU3lzdGVtcyBDQTElMCMGA1UEAwwcQ3VkYSBTeXN0 ZW1zIExMQyAyMDE3IEludCBDQQITAKDRa9XB6SMYWI7rZJyQXB6nPTANBgkqhkiG9w0BAQEF AASCAgCA/QKSVX9IHM2+xVdBnsA6iJeR+XaVIsYvgqe7HfuWcB4JyAy+hHKDqRCxWXdZElFg z05NN8HKL9FBwxpfnVAQElvs2AdP0rUNP4q/Z4QgxrM5pT/79Kju2NnoLG0xKTjDACYdAlo3 ZA9Cc1fpoBKXYwsh0cjn2QKXmCMFOVBb+7yBneKOOLf5GBjj3CaNHQSY+bfvWeimlvJHGWVI wxUBNDtFwhFKVgZKHQljDAjdUxggUsmNcSeBFF+GoSRQruYh02PgMmtO1+MiBzGTfsqn8ZZw vn+E96xkQI6+ESAaFzMr2eQS6i3S0uhqZmiGVI+ubpzY2X7Mpuv6TNqd6pEpzrY95B9recQP MFNEZ2Mr5hLN/wDtQM3+uafth2GWndv/WfE018+SXqveN1lBnN1/Y4I2yJHSeDjZ85YydOUL /tJlAEE1Ix85PFpd2ipPeIWVmX7+tIZ03i2kDsC9EDLHQ0+gQadvR+bkLUG5nTyBqDTNWlpD npU6RYqD4F/sfObwwev5LA/sUMibzcHzIMCYbfg1ApfpUKo69piP4Y4VyyhLlQoX1ZR2Hxm6 tw2vD182fv0TnTXMc1RwinrSE7UI7JrUWmqbrZqL+yapE8c2qq3Nmj8qMpZX7IcdsOoGGWkp 0S1pCc/mPIS1y2Xz9WcxTNtVfaa74ad4aDmi4rOt/AAAAAAAAA== --------------ms000801040801060505010401-- From owner-freebsd-questions@freebsd.org Sun Mar 29 20:50:06 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B6220262C45 for ; Sun, 29 Mar 2020 20:50:06 +0000 (UTC) (envelope-from phascolarctos@protonmail.ch) Received: from mail-40131.protonmail.ch (mail-40131.protonmail.ch [185.70.40.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "protonmail.com", Issuer "SwissSign Server Gold CA 2014 - G22" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48r74q2fpkz3C18 for ; Sun, 29 Mar 2020 20:49:46 +0000 (UTC) (envelope-from phascolarctos@protonmail.ch) Date: Sun, 29 Mar 2020 20:49:32 +0000 To: Aryeh Friedman From: Lorenzo Salvadore Cc: FreeBSD Mailing List Reply-To: Lorenzo Salvadore Subject: Re: current best FreeBSD hosting services Message-ID: In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.2 required=7.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mail.protonmail.ch X-Rspamd-Queue-Id: 48r74q2fpkz3C18 X-Spamd-Bar: ------ X-Spamd-Result: default: False [-6.81 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[phascolarctos@protonmail.ch]; R_DKIM_ALLOW(-0.20)[protonmail.ch:s=default]; REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:185.70.40.0/24]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[protonmail.ch:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[protonmail.ch,quarantine]; IP_SCORE(-3.71)[ip: (-9.80), ipnet: 185.70.40.0/24(-4.89), asn: 62371(-3.91), country: CH(0.04)]; FREEMAIL_TO(0.00)[gmail.com]; RCVD_COUNT_ZERO(0.00)[0]; RCVD_IN_DNSWL_LOW(-0.10)[131.40.70.185.list.dnswl.org : 127.0.5.1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:62371, ipnet:185.70.40.0/24, country:CH]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[protonmail.ch.dwl.dnswl.org : 127.0.5.0] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 20:50:07 -0000 =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 Original Me= ssage =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 On Sunday 29 March 2020 21:39, Aryeh Friedman wr= ote: > My company currently uses RootBSD and we are looking to deactivate our tw= o > servers there and consolidate them into one. I decided at the same time > to looking into other options. We are looking for very basic hosting > (i.e. we manage the machine [or vm] completely and they only supply the > hardware and networking). Currently we use the servers for cloud storage, > a few very low traffic web sites (all running on www/tomcat9 > [java/openjdk8]) and DIY off site backups/cloud storage. My guess is we > need 2 cores, 4 GB of RAM and about 80 GB of disk to be safe and want to = be > running 12.1-RELEASE (amd64) on it but have the right to upgrade it > ourselves. > > Suggestions? I am a happy customer of aruba cloud: https://www.arubacloud.com/ When I choosed my OS, only an out of date FreeBSD image was available, but = I easily updated it with freebsd-update. They might have updated it since then. They have many servers available in Europe, especially in Italy (it's an It= alian company). They also have often some discounts (right count I think they offer many di= scounts due to coronavirus). They also offer a 10 euros trial (at least in Italy, not sure= in other countries). Cheers, Lorenzo Salvadore From owner-freebsd-questions@freebsd.org Sun Mar 29 21:14:26 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 085482646B1 for ; Sun, 29 Mar 2020 21:14:26 +0000 (UTC) (envelope-from clay.daniels.jr@gmail.com) Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48r7d44VjZz3Mmj for ; Sun, 29 Mar 2020 21:14:16 +0000 (UTC) (envelope-from clay.daniels.jr@gmail.com) Received: by mail-lf1-x12f.google.com with SMTP id j17so12373513lfe.7 for ; Sun, 29 Mar 2020 14:14:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=S5bn9lBP1TwK44n+ij/1O5SUwqmq/ReDa6znUdC63lo=; b=XPt8Hezs16Z9EU2h+p8hkrUyAGnZuosBzSLlv6R2GzOqmR7k3cXXy4/S95ZaB6c21M 8VqsjMB6Sgiz4bSinUEIY3j6jesVscvK6h8Okui12gQCRNoxDaWVg3Vua22cfs75t/ee yfnYLvwJzuUNVGCzcg+frHabR4yxcHYZxjkOoql512tyLquIwLCqGCJtw9cWoacH8r3S 7aqjF/zhoem6iAI1lGep0H/nzttDAE493irWsLWME5jH902YHdGJPTkkXRw41tT/D2Ge Y5J/3aKp+4CiywcygKMA/AnT+mvy7bA737J8Xay7hz6t10ONkHU3unfFCqRtNYgUQ14E l5dw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=S5bn9lBP1TwK44n+ij/1O5SUwqmq/ReDa6znUdC63lo=; b=jbA55qZhsHEJw2rWMdDUS9SCrX7OvzzxMvz6vlTJnknzVTWqCrTk58F0Ba4lVTog16 3L7y2iSdEyE0OScNNZs5qTy2HbCeyNlRS5wZ7/GAs1SNxfy4O3a+rut10Ct+mdCeObtW VvxzIXm9MLTUDWvGvGJIAqslYKQS+dgdkMf4Mb4LoN6KuQMqIjUZoLHgkI0mkVHJL5hX GfTkxd+qgNTurRqOD3KJY5gWAU1ZAwum0vSjiYkd31W59ZZmJYLE88H5vf2ktyrsXmp6 JLULYI5j/+oI6ov2t4fskNn7YABBZbvyRLdlzt19dVHsc7gumiwYM7BO/dh7uoJ6AeJe 0BpA== X-Gm-Message-State: AGi0PubhAjKJK98GxfQ6wmth/1pqCiKh0qwQW/XoRRCNTGzOyk/cGqYf qUIr9QlZnN39MvsdaRtdqK2oEYEIa1SJaX/vHAyg3JU= X-Google-Smtp-Source: APiQypJouFWor8GX7P6pF/zs2SUkVfX89ISbzZLzlEEG/Rv2U4AjleV+2ow0KfHDyCqCavRBHfCNRg665ZksKJbrKEo= X-Received: by 2002:ac2:5ede:: with SMTP id d30mr6008325lfq.157.1585516444934; Sun, 29 Mar 2020 14:14:04 -0700 (PDT) MIME-Version: 1.0 References: <20200321183703.9566f2b45dd4193a51381291.ref@aim.com> <20200321183703.9566f2b45dd4193a51381291@aim.com> <20200321184307.8fb232b54dd802ae8c0a11bb@aim.com> <20200322093038.1f6933c3e68d6622c7d39427@aim.com> <20200322152424.6fd38112.freebsd@edvax.de> <1270065762.180915.1584894974045@mail.yahoo.com> <20200322175247.fc82ac9b590f745d35ab47da@aim.com> <20200323034250.be7371f1.freebsd@edvax.de> <20200328205755.d55855545c0f9a4656a0ce64@aim.com> <20200329101741.8d20b5aa.freebsd@edvax.de> <20200329105748.5c2f0e2edbb370504a61d8e9@sohara.org> In-Reply-To: <20200329105748.5c2f0e2edbb370504a61d8e9@sohara.org> From: Clay Daniels Date: Sun, 29 Mar 2020 16:13:53 -0500 Message-ID: Subject: Re: sane crashes To: "Steve O'Hara-Smith" Cc: Polytropon , "Vlad D. Markov" , "Vlad D. Markov via freebsd-questions" X-Rspamd-Queue-Id: 48r7d44VjZz3Mmj X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=XPt8Hezs; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of claydanielsjr@gmail.com designates 2a00:1450:4864:20::12f as permitted sender) smtp.mailfrom=claydanielsjr@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_TWO(0.00)[2]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[f.2.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(0.00)[ip: (-9.13), ipnet: 2a00:1450::/32(-2.38), asn: 15169(-0.46), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; TAGGED_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 21:14:26 -0000 > > I find startx & logout a good mantra for starting X from a console > session. -- > Me too Steve, that's why I love BSD. Clay From owner-freebsd-questions@freebsd.org Sun Mar 29 22:43:30 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CC325266D36 for ; Sun, 29 Mar 2020 22:43:30 +0000 (UTC) (envelope-from the.lists@mgm51.com) Received: from oneyou.mgm51.net (oneyou.mgm51.net [174.136.99.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "oneyou.mgm51.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48r9bs3Hb8z4Qpb for ; Sun, 29 Mar 2020 22:43:20 +0000 (UTC) (envelope-from the.lists@mgm51.com) Received: from sentry.24cl.com (unknown [IPv6:2001:558:6017:19e:6455:4a1c:b9b4:6f7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "sentry.24cl.com", Issuer "Mike's Certificate Authority" (verified OK)) by oneyou.mgm51.net (Postfix) with ESMTPS id 48r9bh0WC7zD6bg for ; Sun, 29 Mar 2020 18:43:12 -0400 (EDT) Received: from [10.20.2.100] (bigbloat.24cl.home [10.20.2.100]) by sentry.24cl.com (Postfix) with ESMTP id 48r9bg0ZYLz1Lwt for ; Sun, 29 Mar 2020 18:43:11 -0400 (EDT) Subject: Re: current best FreeBSD hosting services To: freebsd-questions@freebsd.org References: From: Mike Message-ID: Date: Sun, 29 Mar 2020 18:43:10 -0400 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48r9bs3Hb8z4Qpb X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.91 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:174.136.99.202]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_MED(-0.20)[202.99.136.174.list.dnswl.org : 127.0.6.2]; DMARC_POLICY_ALLOW(-0.50)[mgm51.com,quarantine]; IP_SCORE(-0.91)[ipnet: 174.136.96.0/20(-4.11), asn: 25795(-0.41), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:25795, ipnet:174.136.96.0/20, country:US]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 22:43:30 -0000 On 3/29/2020 3:39 PM, Aryeh Friedman wrote: > My company currently uses RootBSD and we are looking to deactivate our two > servers there and consolidate them into one. I decided at the same time > to looking into other options. We are looking for very basic hosting > (i.e. we manage the machine [or vm] completely and they only supply the > hardware and networking). Currently we use the servers for cloud storage, > a few very low traffic web sites (all running on www/tomcat9 > [java/openjdk8]) and DIY off site backups/cloud storage. My guess is we > need 2 cores, 4 GB of RAM and about 80 GB of disk to be safe and want to be > running 12.1-RELEASE (amd64) on it but have the right to upgrade it > ourselves. > > Suggestions? > It is difficult for me to know if this one is "best" for you, but they have worked most excellently for me... https://arpnetworks.com From owner-freebsd-questions@freebsd.org Mon Mar 30 01:17:17 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7A4DE26A633 for ; Mon, 30 Mar 2020 01:17:17 +0000 (UTC) (envelope-from hartzell@alerce.com) Received: from corvid.alerce.com (corvid.alerce.com [206.125.171.163]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48rF19107mz4P74 for ; Mon, 30 Mar 2020 01:17:00 +0000 (UTC) (envelope-from hartzell@alerce.com) Received: from postfix.alerce.com (76-226-160-236.lightspeed.sntcca.sbcglobal.net [76.226.160.236]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by corvid.alerce.com (Postfix) with ESMTPSA id A2A207C760 for ; Sun, 29 Mar 2020 18:16:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alerce.com; s=dkim; t=1585531003; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=44XpuD0cJRReOxPxTnhsH8mlWRnwUICFHiUJCDEWj/U=; b=WCuVVjsZc9JTh3hvHtMWJAqnr62GqLaFAt3EXgnE5LYxH5jEWSFUJ1teLxRhIGxucuKvdp jr5h3WwMEfPn3/YbEL6hbnmmrg4PxCwGIlv69xdx8umlZs0HheHnDRNK5+9SAuL/C/6TvC p7FdvSvWGmWAGRtEcrHYci3fGsRrD/bLiVexkxa0GZFk1nAYLsYhc+4yHiM9ydGTOfNjLD orABmdZrTNJqH0VWLgGMuWDEMJje78UO0QBuBQW9p1h1fdJgkt6xSu5B7fZ2qX1/CrHJIb Nyu/bGvNzJV1p4CW2/ZSWBYHPzOWS3vPbfm8uAB99VjeiBRogxV00MjY8GH6OA== Received: by postfix.alerce.com (Postfix, from userid 501) id E092F201C106A9; Sun, 29 Mar 2020 18:16:42 -0700 (PDT) From: George Hartzell MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <24193.18554.855425.236055@alice.local> Date: Sun, 29 Mar 2020 18:16:42 -0700 To: freebsd-questions@freebsd.org Subject: Re: current best FreeBSD hosting services In-Reply-To: References: X-Mailer: VM undefined under 26.3 (x86_64-apple-darwin14.5.0) Reply-To: hartzell@alerce.com X-Rspamd-Queue-Id: 48rF19107mz4P74 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=alerce.com header.s=dkim header.b=WCuVVjsZ; dmarc=pass (policy=none) header.from=alerce.com; spf=pass (mx1.freebsd.org: domain of hartzell@alerce.com designates 206.125.171.163 as permitted sender) smtp.mailfrom=hartzell@alerce.com X-Spamd-Result: default: False [-5.91 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[alerce.com:s=dkim]; HAS_REPLYTO(0.00)[hartzell@alerce.com]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; SURBL_MULTI_FAIL(0.00)[query timed out]; DKIM_TRACE(0.00)[alerce.com:+]; DMARC_POLICY_ALLOW(-0.50)[alerce.com,none]; REPLYTO_ADDR_EQ_FROM(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-2.91)[ip: (-9.43), ipnet: 206.125.168.0/21(-4.65), asn: 25795(-0.42), country: US(-0.05)]; ASN(0.00)[asn:25795, ipnet:206.125.168.0/21, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Mar 2020 01:17:17 -0000 Mike via freebsd-questions writes: > On 3/29/2020 3:39 PM, Aryeh Friedman wrote: > > My company currently uses RootBSD and we are looking to deactivate our two > > servers there and consolidate them into one. I decided at the same time > > to looking into other options. We are looking for very basic hosting > > (i.e. we manage the machine [or vm] completely and they only supply the > > hardware and networking). Currently we use the servers for cloud storage, > > a few very low traffic web sites (all running on www/tomcat9 > > [java/openjdk8]) and DIY off site backups/cloud storage. My guess is we > > need 2 cores, 4 GB of RAM and about 80 GB of disk to be safe and want to be > > running 12.1-RELEASE (amd64) on it but have the right to upgrade it > > ourselves. > > > > Suggestions? > > > > It is difficult for me to know if this one is "best" for you, but they > have worked most excellently for me... > > https://arpnetworks.com Another thumbs up for https://arpnetworks.com I've been happy there for many years, currently running on an ARP Thunder dedicated server: https://www.arpnetworks.com/dedicated. g. From owner-freebsd-questions@freebsd.org Mon Mar 30 01:22:37 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B849F26AABE for ; Mon, 30 Mar 2020 01:22:37 +0000 (UTC) (envelope-from wallbridge@blur.com) Received: from mail-pg1-x531.google.com (mail-pg1-x531.google.com [IPv6:2607:f8b0:4864:20::531]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48rF7K2NT5z4Qw2 for ; Mon, 30 Mar 2020 01:22:20 +0000 (UTC) (envelope-from wallbridge@blur.com) Received: by mail-pg1-x531.google.com with SMTP id a32so7910992pga.4 for ; Sun, 29 Mar 2020 18:22:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blur.com; s=blur; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=LC5t1K6n7VShMWjFgUMeDsVvu7ylv/0/u8gO2oAHRNc=; b=Q/6cOIVxLb7vRewCIyO8bMovK2VEu8+whkcevq9yxEWzaT02pKp3FB6O97JEU7+gNl gb8wwrFhknlC6adkSik3wjVmC6DFEpaHpcZFNnmav9CRGWDaPY91oxxxf7iNgUWqiETi mCNBX6W+6yz3Qs9zVfYLLEMvozfw5Nkn800dgXo/4EgPJ51secqDLEdxH80Hp+cV1sLz W4Q6rbOS0j3EYzsPMDqBoxE+x6QRey5RNDSOV5AA9B8Ve+Ix1aPJ2gZJ7KdgpaDrA5sj dR0bOUxFGazlXyH/ILtVYfq5Jc26pvIUTcRm+WuWisWCJO+gzPjz1Pa/NzVJ7uOLo8Dc /K/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=LC5t1K6n7VShMWjFgUMeDsVvu7ylv/0/u8gO2oAHRNc=; b=XgaivPK2/HXWJtT/IAm1fbFHQczhz5gyZy/RtKbnhJjTFYu6PhknD1a3s2rYx2zxnh CwRy7YdBmqq3WOcCxtzllJgOa9sy5Zh+u+fkkVGSnwbsWGU5WNLK+qMxp9I1az/eJJas iRSMWJNVzXAY570AljOCipVVrQVwdFy4i9IFxhRTctroZSSN93HPGIYMckOuzyyxiQSh i/wsyzF4LAc1kM6i+0VcDFQW8Lw+5VQRxLEgp5JV/FbHcBCKqFt3eV4JX7nQxlNEUTzF ofDFBxhP3eIABXNux5XorFFsHL6bLIsziSn+dxizPhVCx98TLmnJOcIngGOQmRZKrXFZ I5fQ== X-Gm-Message-State: AGi0PuY6U+lOOujRAXrIYQ424WhfAXZx2+pAaNDTtiRE9JtzXpTxmbeX vciU8FIZhCDlaUphC7mGD1OYbYRcXnvezl3e2GK/gCzQlWmRTw== X-Google-Smtp-Source: ADFU+vsIsGyRkP3bMu9oMj+tGP+h9gMFHNWeBHc27sR5elApXynfA7PeIZ/Bq9ZsnOu3TeFBRKb6ExB0thFgyrnZxPs= X-Received: by 2002:a6b:ee10:: with SMTP id i16mr318792ioh.114.1585530983510; Sun, 29 Mar 2020 18:16:23 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Shawn Wallbridge Date: Sun, 29 Mar 2020 18:16:12 -0700 Message-ID: Subject: Re: current best FreeBSD hosting services To: FreeBSD Questions X-Rspamd-Queue-Id: 48rF7K2NT5z4Qw2 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none (invalid DKIM record) header.d=blur.com header.s=blur header.b=Q/6cOIVx; dmarc=none; spf=pass (mx1.freebsd.org: domain of wallbridge@blur.com designates 2607:f8b0:4864:20::531 as permitted sender) smtp.mailfrom=wallbridge@blur.com X-Spamd-Result: default: False [-4.28 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[blur.com]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[blur.com:~]; RCVD_IN_DNSWL_NONE(0.00)[1.3.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; R_DKIM_PERMFAIL(0.00)[blur.com:s=blur]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; IP_SCORE(-1.98)[ip: (-9.05), ipnet: 2607:f8b0::/32(-0.36), asn: 15169(-0.46), country: US(-0.05)]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Mar 2020 01:22:37 -0000 On Sun, Mar 29, 2020 at 3:46 PM Mike via freebsd-questions < freebsd-questions@freebsd.org> wrote: > On 3/29/2020 3:39 PM, Aryeh Friedman wrote: > > My company currently uses RootBSD and we are looking to deactivate our > two > > servers there and consolidate them into one. I decided at the same time > > to looking into other options. We are looking for very basic hosting > > (i.e. we manage the machine [or vm] completely and they only supply the > > hardware and networking). Currently we use the servers for cloud > storage, > > a few very low traffic web sites (all running on www/tomcat9 > > [java/openjdk8]) and DIY off site backups/cloud storage. My guess is > we > > need 2 cores, 4 GB of RAM and about 80 GB of disk to be safe and want to > be > > running 12.1-RELEASE (amd64) on it but have the right to upgrade it > > ourselves. > > > > Suggestions? > > > > It is difficult for me to know if this one is "best" for you, but they > have worked most excellently for me... > > https://arpnetworks.com > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > +1 for arpnetworks.com, I have used them for ages, and they are great guys. shawn From owner-freebsd-questions@freebsd.org Mon Mar 30 02:43:38 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E47A526E4F1 for ; Mon, 30 Mar 2020 02:43:37 +0000 (UTC) (envelope-from newsgroups@rubenschade.com) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48rGws40c7z3xq9 for ; Mon, 30 Mar 2020 02:43:25 +0000 (UTC) (envelope-from newsgroups@rubenschade.com) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 37CE55C0745; Sun, 29 Mar 2020 22:43:16 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Sun, 29 Mar 2020 22:43:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rubenschade.com; h=subject:to:references:from:message-id:date:mime-version :in-reply-to:content-type:content-transfer-encoding; s=fm3; bh=5 zWBbX3R/RPWu1fPBZUfwitnD3RaJrJl2MEJIzCujQg=; b=CDsh1qYgXDB2qOyot yzRgSKCGKX0oMhv+8i5qjP3WDmHtd73OBN+5zLnBn3dVYcvq/ySwbahAZPT604qK p+3ysYHrO30E2OmtpesNZD7RBwAuL0di1XYhcgaYkXMYhTXFnovcSC11Td4zVeY0 38HoYKi9+ssUOKog2sPuUCWqZi4lWFevmkCKn8OCz7gM/oFPz2Kg1+HaqqkD8gYv xjX5a1r9OF5Rf+0sC/Fo80IWNf/P793FnmqzZQpcuE50vmtincOnZxAe1x19bK6B QwkGjZmTDp/mhqhB0MujdC8y8VzrmtTSNPZT5mHmPe9ZnwJeeajmt/DA0HyLr0bk ACwXA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=5zWBbX3R/RPWu1fPBZUfwitnD3RaJrJl2MEJIzCuj Qg=; b=MSYvuZ+kX1vNCHdCfvrh2SCh/+YBzb0EPJHE6rP1GrxQ58H/5jY67ZgpF es/IaFfB8YsoxAjk5zFsrAKGMhk3DYdR8B1qsr9yVmujzUb9d3fmcYF6S/UgYs3Y 9xbkVgbnfHjxeHfhWI+/ftekt6Q2JI/e/UZV84Vf2k413zMF+ZghlinDLSXNT4Bu 0HHn1o7dROPy4hwhhCqgpKcTdSABM9HfhWWZU+jbWdi8OXgvLhoeOtK4Bxi4DMeC brgVNZa2Y2djfXPLiuwoLQJvi/ydQi8aThafDshF6j/+QJhSvtbIJ4tOATbaFtPD Ckd2G0mIug/wFStSBUUjX1lxx0fCw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudeigedgieefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepuffvfhfhkffffgggjggtgfesthejredttdefjeenucfhrhhomheptfhusggv nhcuufgthhgruggvuceonhgvfihsghhrohhuphhssehruhgsvghnshgthhgruggvrdgtoh hmqeenucffohhmrghinheptghonhhfrdgruhdprhhusggvnhgvrhgurdgtohhmnecukfhp peduvddvrdduleelrdegfedrvddvnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrg hmpehmrghilhhfrhhomhepnhgvfihsghhrohhuphhssehruhgsvghnshgthhgruggvrdgt ohhm X-ME-Proxy: Received: from RubenVMmkIII.local (122-199-43-22.ip4.superloop.com [122.199.43.22]) by mail.messagingengine.com (Postfix) with ESMTPA id 4AF7D306C92D; Sun, 29 Mar 2020 22:43:15 -0400 (EDT) Subject: Re: current best FreeBSD hosting services To: freebsd-questions@freebsd.org, Aryeh Friedman References: From: Ruben Schade Message-ID: <3eea4691-e0c5-0a42-c26f-94394dc420f7@rubenschade.com> Date: Mon, 30 Mar 2020 13:43:12 +1100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48rGws40c7z3xq9 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=rubenschade.com header.s=fm3 header.b=CDsh1qYg; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=MSYvuZ+k; dmarc=none; spf=pass (mx1.freebsd.org: domain of newsgroups@rubenschade.com designates 66.111.4.27 as permitted sender) smtp.mailfrom=newsgroups@rubenschade.com X-Spamd-Result: default: False [-6.09 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[rubenschade.com:s=fm3,messagingengine.com:s=fm2]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.27]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[rubenschade.com]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[rubenschade.com:+,messagingengine.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[27.4.111.66.list.dnswl.org : 127.0.5.1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:11403, ipnet:66.111.4.0/24, country:US]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(-3.49)[ip: (-9.84), ipnet: 66.111.4.0/24(-4.89), asn: 11403(-2.69), country: US(-0.05)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Mar 2020 02:43:38 -0000 On 30/3/20 6:39 am, Aryeh Friedman wrote: > My company currently uses RootBSD and we are looking to deactivate our two > servers there and consolidate them into one. I decided at the same time > to looking into other options. We are looking for very basic hosting > (i.e. we manage the machine [or vm] completely and they only supply the > hardware and networking). Currently we use the servers for cloud storage, > a few very low traffic web sites (all running on www/tomcat9 > [java/openjdk8]) and DIY off site backups/cloud storage. My guess is we > need 2 cores, 4 GB of RAM and about 80 GB of disk to be safe and want to be > running 12.1-RELEASE (amd64) on it but have the right to upgrade it > ourselves. > > Suggestions? > (*** With a caveat that I work for them! ***) I'm the FreeBSD and NetBSD template maintainer at OrionVM, did a WIP talk at AsiaBSDCon 2019 and the FreeBSD stream at Linux.conf.au this year about it. I can get you a demo account to play with and some pricing if you're interested. We do VMs with the cores and RAM you want, and you can live attach/detach extra disks and networks. Anything within the VM (upgrades, packages, etc) are up to you. Our POPs are in Virgina, Santa Clara, and Australia. We usually work with MSPs, Telcos, system integrators and such, but your CFL stuff on your site looks really interesting. Cheers, -- Ruben Schade https://rubenerd.com/ From owner-freebsd-questions@freebsd.org Mon Mar 30 06:00:05 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4EBF227461B for ; Mon, 30 Mar 2020 06:00:05 +0000 (UTC) (envelope-from aryeh.friedman@gmail.com) Received: from mail-il1-x134.google.com (mail-il1-x134.google.com [IPv6:2607:f8b0:4864:20::134]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48rMHW302rz4Dsc for ; Mon, 30 Mar 2020 05:59:49 +0000 (UTC) (envelope-from aryeh.friedman@gmail.com) Received: by mail-il1-x134.google.com with SMTP id p13so14604980ilp.3 for ; Sun, 29 Mar 2020 22:59:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hjfeuU9xfMzdPrbeTs/FYouDBAsu2OrHeHb3QvVmNDM=; b=a7UIVQv6FrYU9SItcI12OTra5gWws9utnEWMv9xbvPgo8LdD0kK1GOX/w4DXYPfQh1 eHSUCb+9KDG4efGlAKc6cgnJmetOXij1xdaH7Njn1KIo4mihK+R1hNWg42U/RY1gP1HL zzYX1FvzaVZylHCbrvezLYq4ap6sg041t3sEQQArzw2NsL2AdHh7nW1OmpvzatvsQ44r BkErNtXPqGKBHkUDJRvN5Qh6mBC4wYOcjaK+ZLfaC24g1Ggt9RQ7wN2m7X5tpdon9Zn5 XIBlnVINha3Qlc10LpNYyqANlNgXlJ6kzU3vaDTp0taEts935BrnnssxvSk9tBjk8Bn/ DXTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hjfeuU9xfMzdPrbeTs/FYouDBAsu2OrHeHb3QvVmNDM=; b=nh0p4gJ7Ip7x2Q+9COZBSgvqa6CGuAmNjx/OffGFzPYWGvszGPSsqa7ke3MvvXaIsS JmgHxHnUb54OWupZbAKmKF+jQa5kTw5gvxraf86krakbtcfHY5FgWFgz0mmuqGbfh5vj Wp1/qPmdrs+UQssaOobmNUWZpcSb4mXgnVDh59Aa+EtLT6BlXhB3k5YZb5LkXmc4ml9i IG7ZfGveAGp6wpRzZE+TNwNyi5g9Vmyc+kY1YNKyfz+zNwt464De5/Ov622NurgTzIPg Kp8K1o5Y1m5wt7PYTyYYxD+LRiZiY/1IHbEkyO/gxXZ5cB2WHeEX7B06IaYv3XoDMS9L Ra0w== X-Gm-Message-State: ANhLgQ21YvJgMDl1mjBZfQiICfPh76+WiPvYxs9QG0Maom2ctDMJI+bO 8VHt6NfjViBwBRn7nEAwgsTao1Ho41/MpClUG90Sf4Eu64I= X-Google-Smtp-Source: ADFU+vt4+yH/AyIa5MEsU4kyjhZTz4MAeRT2H3PF0EPSLgrTQKtuEvm5SiIsMNScWriW7CcF0FCKULPLbQ/zNKfBOvw= X-Received: by 2002:a92:35db:: with SMTP id c88mr9640011ilf.187.1585547983501; Sun, 29 Mar 2020 22:59:43 -0700 (PDT) MIME-Version: 1.0 References: <3eea4691-e0c5-0a42-c26f-94394dc420f7@rubenschade.com> In-Reply-To: <3eea4691-e0c5-0a42-c26f-94394dc420f7@rubenschade.com> From: Aryeh Friedman Date: Mon, 30 Mar 2020 01:59:31 -0400 Message-ID: Subject: Re: current best FreeBSD hosting services To: Ruben Schade Cc: FreeBSD Mailing List X-Rspamd-Queue-Id: 48rMHW302rz4Dsc X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=a7UIVQv6; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of aryehfriedman@gmail.com designates 2607:f8b0:4864:20::134 as permitted sender) smtp.mailfrom=aryehfriedman@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[4.3.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; IP_SCORE(0.00)[ip: (-8.92), ipnet: 2607:f8b0::/32(-0.36), asn: 15169(-0.46), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Mar 2020 06:00:05 -0000 On Sun, Mar 29, 2020 at 10:43 PM Ruben Schade wrote: > On 30/3/20 6:39 am, Aryeh Friedman wrote: > > My company currently uses RootBSD and we are looking to deactivate our > two > > servers there and consolidate them into one. I decided at the same time > > to looking into other options. We are looking for very basic hosting > > (i.e. we manage the machine [or vm] completely and they only supply the > > hardware and networking). Currently we use the servers for cloud > storage, > > a few very low traffic web sites (all running on www/tomcat9 > > [java/openjdk8]) and DIY off site backups/cloud storage. My guess is > we > > need 2 cores, 4 GB of RAM and about 80 GB of disk to be safe and want to > be > > running 12.1-RELEASE (amd64) on it but have the right to upgrade it > > ourselves. > > > > Suggestions? > > > > (*** With a caveat that I work for them! ***) > > I'm the FreeBSD and NetBSD template maintainer at OrionVM, did a WIP > talk at AsiaBSDCon 2019 and the FreeBSD stream at Linux.conf.au this > year about it. > > I can get you a demo account to play with and some pricing if you're > interested. We do VMs with the cores and RAM you want, and you can live > attach/detach extra disks and networks. Anything within the VM > (upgrades, packages, etc) are up to you. > > Our POPs are in Virgina, Santa Clara, and Australia. > > We usually work with MSPs, Telcos, system integrators and such, but your > CFL stuff on your site looks really interesting. > We where kind of hoping to find someone who would be interested in helping us further develop PetiteCloud/ThinStorm. The cloud part of the project has been on the back burner for the last few years only because like everyone we have bills to pay and thus had to focused on paid vs. FOSS work. Luckily the paid work utilizes most if not all of the core components of the API/DB layer of ThinStorm in a HIPAA (US healthcare privacy regulations that requires end to end encryption) and thus in the advanced stages of developing (used in limited production) what, as far we know, is one of the only (if not the only) fully encrypted end-to-end API/DB (near) general purpose framework (encrypted transit and DB encrypted all the way down to the physical table level). For more info on what we can discuss publicly about this see an interview I did in the Dec. 2016 issue of BSG Mag ( https://bsdmag.org/download/simple-quorum-drive-freebsd-ctl-ha-beast-storage-system/ ). At the IaaS level we are currently working on modernizing the interface to bhyve so the web (and API) interfaces can spin up windows instances also as well as move from the adhoc pre-pApi (the API/DB layer of ThinStorm mentioned above) to use pApi and generalizing the DB backend of pApi to allow for integration with 3rd party DB's such as MySQL (in a non-encrypted manner due to the nature of SQL DB's). Until recently the work was also hampered by the lack of hardware resources in that the only machine we had that was compatible with bhyve (lack of POPCNT despite it being advertised on pre-RyZEN AMD processors... see thread in -virtuation@ for more info) was being used as our in office production cloud server. Over the last 6 months we upgraded it and one of our desktops to RyZen 2600X's so we have 24 cores to play with plus the 4 Intel ones we had already. For the lack of hardware resources mentioned above (and not having enough justification for colo'ed bare metal) we have done very little work in making PetiteCloud data center ready and your offer sounds like a good opportunity to perhaps do that and for us to partner with a hosting provider so we can do more wide scale testing of the framework when it is ready for late alpha/early beta testing. > Cheers, > > -- > Ruben Schade > https://rubenerd.com/ > -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org From owner-freebsd-questions@freebsd.org Mon Mar 30 07:15:40 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 11F73278E6B for ; Mon, 30 Mar 2020 07:15:39 +0000 (UTC) (envelope-from kremels@kreme.com) Received: from mail.covisp.net (mail.covisp.net [65.121.55.42]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48rNyj43mwz3DkK for ; Mon, 30 Mar 2020 07:15:25 +0000 (UTC) (envelope-from kremels@kreme.com) From: "@lbutlr" Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: NFS exports Date: Mon, 30 Mar 2020 01:15:14 -0600 References: <4D1B1F02-773C-4390-8E11-C59A4CCE5105@kreme.com> <20200329142545.9a5c14d8a52019cef0a0669b@sohara.org> To: FreeBSD In-Reply-To: <20200329142545.9a5c14d8a52019cef0a0669b@sohara.org> Message-Id: X-Mailer: Apple Mail (2.3608.80.23.2.2) X-Rspamd-Queue-Id: 48rNyj43mwz3DkK X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of kremels@kreme.com designates 65.121.55.42 as permitted sender) smtp.mailfrom=kremels@kreme.com X-Spamd-Result: default: False [-0.51 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MISSING_MIME_VERSION(2.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_NA(0.00)[kreme.com]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; IP_SCORE(-0.11)[ip: (-0.34), ipnet: 65.112.0.0/12(-0.06), asn: 209(-0.11), country: US(-0.05)]; TO_DN_ALL(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; RCVD_IN_DNSWL_LOW(-0.10)[42.55.121.65.list.dnswl.org : 127.0.5.1]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:209, ipnet:65.112.0.0/12, country:US]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Mar 2020 07:15:41 -0000 On 29 Mar 2020, at 07:25, Steve O'Hara-Smith wrote: > On Sun, 29 Mar 2020 06:39:54 -0600 "@lbutlr" = wrote: >> /mnt/backups -alldirs [IP address of remote machine] >>=20 >> bad exports list line '/mnt/backups': symbolic link in export path or >> statfs failed >>=20 >> df -Ph shows: >> /dev/ada1p1 217G 89G 110G 45% /mnt/backup >=20 > I notice that you are exporting /mnt/backups but the mount is = /mnt/backup. =46rom the error message I speculate that /mnt/backups is a = symlink to the actual mount point, change the export to match the mount = and all should be well. The extraneous =E2=80=99s=E2=80=99 was the issue, but there was no = /mnt/backups folder or symlink. Error message is really misleading; = =E2=80=9C/mnt/backups does not exist=E2=80=9D would be much better. --=20 I've never seen religious faith move mountains, but I've seen what it does to skyscrapers. From owner-freebsd-questions@freebsd.org Mon Mar 30 08:09:55 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6D1CF27ABFF for ; Mon, 30 Mar 2020 08:09:55 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from holgerdanske.com (holgerdanske.com [184.105.128.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "xray.he.net", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48rQ9M75pXz44Tt for ; Mon, 30 Mar 2020 08:09:43 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from 99.100.19.101 ([99.100.19.101]) by holgerdanske.com with ESMTPSA (ECDHE-RSA-AES128-GCM-SHA256:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(128):Mac=AEAD) (SMTP-AUTH username dpchrist@holgerdanske.com, mechanism PLAIN) for ; Mon, 30 Mar 2020 01:09:32 -0700 Subject: Re: drive selection for disk arrays To: freebsd-questions@freebsd.org References: <20200325081814.GK35528@mithril.foucry.net> <713db821-8f69-b41a-75b7-a412a0824c43@holgerdanske.com> <20200326124648725158537@bob.proulx.com> <20200327104555.1d6d7cd9.freebsd@edvax.de> <1bcd7aa2-31e5-91f1-5151-926c9d16e16e@holgerdanske.com> <8e74482f-b951-ee97-50b8-04ea1f0d46a3@denninger.net> From: David Christensen Message-ID: <4aef0358-b25a-028d-28ec-84fdabead8b7@holgerdanske.com> Date: Mon, 30 Mar 2020 01:09:32 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 48rQ9M75pXz44Tt X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of dpchrist@holgerdanske.com has no SPF policy when checking 184.105.128.27) smtp.mailfrom=dpchrist@holgerdanske.com X-Spamd-Result: default: False [-1.48 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.92)[-0.918,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; IP_SCORE(-0.62)[ipnet: 184.104.0.0/15(0.55), asn: 6939(-3.59), country: US(-0.05)]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.84)[-0.839,0]; DMARC_NA(0.00)[holgerdanske.com]; ZRD_FAIL(0.00)[query timed out]; RCVD_IN_DNSWL_NONE(0.00)[27.128.105.184.list.dnswl.org : 127.0.10.0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:184.104.0.0/15, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Mar 2020 08:09:55 -0000 On 2020-03-27 18:46, David Christensen wrote: > On 2020-03-27 17:45, Karl Denninger wrote: >> >> On 3/27/2020 19:39, David Christensen wrote: >>> On 2020-03-27 02:45, Polytropon wrote: >>> >>>> When a drive _reports_ bad sectors, at least in the past >>>> it was an indication that it already _has_ lots of them. >>>> The drive's firmware will remap bad sectors to spare >>>> sectors, so "no error" so far. >>> >>> If a drive detects an error, my guess is that it will report the error >>> to the OS; regardless of the outcome of a particular I/O operation >>> (data read, data written, data lost) or internal actions taken (block >>> marked bad, block remapped, etc.).  It is then up to the OS to decide >>> what to do next.  RAID and/or ZFS offer the means for shielding the >>> application from I/O and drive failures. >>> >> Yes, but... >> >> Those drives that can do "SMART" will report (if you have a patrol >> daemon for it running) if they do a "silent" sector reassignment. >> Otherwise the OS is none the wiser and neither is ZFS (or anything >> else.) > > I guess I need to RTFM: > > https://www.intel.com/content/dam/www/public/us/en/documents/technical-specifications/serial-ata-ahci-spec-rev1-3-1.pdf That specification seems to address the HBA. It references the Serial ATA Revision 2.6 specification, which has been superseded. "SATA-IO" (consortium?) seems to control SATA specifications. "Serial ATA Revision 3.3 Specification (released February 2016)" is recommended for current implementations. It might contain the answers to our questions, but purchase is required: https://sata-io.org/developers/purchase-specification David From owner-freebsd-questions@freebsd.org Mon Mar 30 12:37:46 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4FF8E2A2A47 for ; Mon, 30 Mar 2020 12:37:46 +0000 (UTC) (envelope-from 4250.82.1d4c10000aefc0a.06d5d3861c3f10ac5951b6724236dc99@email-od.com) Received: from s1-b0c6.socketlabs.email-od.com (s1-b0c6.socketlabs.email-od.com [142.0.176.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48rX6S3vSKz3JJd for ; Mon, 30 Mar 2020 12:37:35 +0000 (UTC) (envelope-from 4250.82.1d4c10000aefc0a.06d5d3861c3f10ac5951b6724236dc99@email-od.com) DKIM-Signature: v=1; a=rsa-sha256; d=email-od.com;i=@email-od.com;s=dkim; c=relaxed/relaxed; q=dns/txt; t=1585571857; x=1588163857; h=content-transfer-encoding:content-type:mime-version:references:in-reply-to:message-id:subject:cc:to:from:date:x-thread-info; bh=toCo7lq1WtPPesMaOUN1v5wf+mnZSDRVAplGEmdt2hU=; b=iImH45VDq5lFHefesIbFejxm9fSjh+msoqFbvTgE1vWEPhJbmeXMzNyGAnwcX7wut7ECXKtkPe6/Lfku72JimOzf90PauJ7yk81CUufQn/9/z0A/kQtsBKOhwiYCUNiMQNO6iMv3gpiMYTRODnKUdKCQ7tkJDRmNNv6YGDaYZ0U= X-Thread-Info: NDI1MC45Mi4xZDRjMTAwMDBhZWZjMGEuZnJlZWJzZC1xdWVzdGlvbnM9ZnJlZWJzZC5vcmc= Received: from r2.h.in.socketlabs.com (r2.h.in.socketlabs.com [142.0.180.12]) by mxsg2.email-od.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Mon, 30 Mar 2020 08:37:17 -0400 Received: from smtp.lan.sohara.org (EMTPY [185.202.17.215]) by r2.h.in.socketlabs.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Mon, 30 Mar 2020 08:37:16 -0400 Received: from [192.168.63.1] (helo=steve.lan.sohara.org) by smtp.lan.sohara.org with smtp (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1jItfG-0001bL-PJ; Mon, 30 Mar 2020 13:37:14 +0100 Date: Mon, 30 Mar 2020 13:37:14 +0100 From: Steve O'Hara-Smith To: freebsd-questions@freebsd.org Cc: "@lbutlr" Subject: Re: NFS exports Message-Id: <20200330133714.99a56bc51c36f809507d7d24@sohara.org> In-Reply-To: References: <4D1B1F02-773C-4390-8E11-C59A4CCE5105@kreme.com> <20200329142545.9a5c14d8a52019cef0a0669b@sohara.org> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; amd64-portbld-freebsd12.0) X-Clacks-Overhead: "GNU Terry Pratchett" Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 48rX6S3vSKz3JJd X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=email-od.com header.s=dkim header.b=iImH45VD; dmarc=none; spf=pass (mx1.freebsd.org: domain of 4250.82.1d4c10000aefc0a.06d5d3861c3f10ac5951b6724236dc99@email-od.com designates 142.0.176.198 as permitted sender) smtp.mailfrom=4250.82.1d4c10000aefc0a.06d5d3861c3f10ac5951b6724236dc99@email-od.com X-Spamd-Result: default: False [-1.60 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.992,0]; R_DKIM_ALLOW(-0.20)[email-od.com:s=dkim]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:142.0.176.0/20]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[sohara.org]; NEURAL_HAM_LONG(-1.00)[-0.997,0]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[email-od.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[198.176.0.142.list.dnswl.org : 127.0.15.0]; IP_SCORE(0.09)[ip: (-0.24), ipnet: 142.0.176.0/22(0.49), asn: 7381(0.25), country: US(-0.05)]; FORGED_SENDER(0.30)[steve@sohara.org,4250.82.1d4c10000aefc0a.06d5d3861c3f10ac5951b6724236dc99@email-od.com]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:7381, ipnet:142.0.176.0/22, country:US]; FROM_NEQ_ENVFROM(0.00)[steve@sohara.org,4250.82.1d4c10000aefc0a.06d5d3861c3f10ac5951b6724236dc99@email-od.com]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Mar 2020 12:37:47 -0000 On Mon, 30 Mar 2020 01:15:14 -0600 "@lbutlr" wrote: > On 29 Mar 2020, at 07:25, Steve O'Hara-Smith wrote: > > On Sun, 29 Mar 2020 06:39:54 -0600 "@lbutlr" wrote: > >> /mnt/backups -alldirs [IP address of remote machine] > >> > >> bad exports list line '/mnt/backups': symbolic link in export path or > >> statfs failed > >> > The extraneous ’s’ was the issue, but there was no /mnt/backups folder or > symlink. Error message is really misleading; “/mnt/backups does not > exist” would be much better. To be fair to the error message author one good reason for statfs to fail is a non-existent path, but we both overlooked that aspect of the message :( It would be nice if instead of a list of possible reasons, the actual detected reason was displayed. But you know - patches always welcome - nobody capable has yet thought it important/irritating enough to make the effort (even if the code change is trivial that's not insignificant) and get it merged. There may even be a really good reason not to do it that escapes me. -- Steve O'Hara-Smith From owner-freebsd-questions@freebsd.org Mon Mar 30 18:13:47 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CC92E262663 for ; Mon, 30 Mar 2020 18:13:47 +0000 (UTC) (envelope-from FreeBSD@chroot.pl) Received: from mail.apsz.com.pl (mail.apsz.com.pl [91.217.18.46]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48rgZ91XSnz412V for ; Mon, 30 Mar 2020 18:13:37 +0000 (UTC) (envelope-from FreeBSD@chroot.pl) Received: from chroot.pl (89-74-178-152.dynamic.chello.pl [89.74.178.152]) by mail.apsz.com.pl (Postfix) with ESMTPS id AA105E745A for ; Mon, 30 Mar 2020 20:06:58 +0200 (CEST) From: Lukasz DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=chroot.pl; s=mail; t=1585591618; bh=7L/mVyyuuwee3CQHID8AM7ifI5J5iXZ+xc3dCgC1MWg=; h=From:Subject:References:To:Date:In-Reply-To; b=uzHpwbPNLkZBXQcsn5zOLgvHJeEu1ERLM/NxWIvSP9m6SJRZb+pE2w7T+k3RhqAm8 2YqyDgD43xFc0rePhS89oLsYwox7/AAP2QrX90MseYFSnVm7RxyJ4SolDv35vn8TqX Mqf3QkUwGiTUgCgt7eO5Wc/ScxhWV39uKY/kJ/I8FxNGl7E3G74uOOc3flR+POXB5o 9EpMvrMYO40mwqq3nRCXBqFAr7avFftjZnF+f816l9XTL8HXn6SQidzKEMZz2S9Drd QmZ8gTwD9yz5Y75HgxLkfomHCxff5uSiVJMPBzbYE6KxHsXTizSXQzR0//4ONLIDZB X2NxijYfq1T+w== Subject: Re: replace disk in zpool - solved References: <18a94704-5411-3b44-a525-2ae50121a467@holgerdanske.com> <4a8d409e-ecac-77c8-3ad9-025aefdfb4ef@holgerdanske.com> <20200325081814.GK35528@mithril.foucry.net> To: freebsd-questions@freebsd.org Message-ID: Date: Mon, 30 Mar 2020 20:06:56 +0200 User-Agent: WebMail MIME-Version: 1.0 In-Reply-To: <20200325081814.GK35528@mithril.foucry.net> Content-Type: text/plain; charset=utf-8 Content-Language: pl-PL Content-Transfer-Encoding: 8bit X-Spam-Status: Yes, score=6.3 required=4.0 tests=BAYES_50,KHOP_HELO_FCRDNS, NO_FM_NAME_IP_HOSTN,RDNS_DYNAMIC autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mail.apsz.com.pl X-Virus-Scanned: clamav-milter 0.102.2 at mail.apsz.com.pl X-Virus-Status: Clean X-Spam-Flag: YES X-Spam-Report: * 2.0 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5967] * 1.7 RDNS_DYNAMIC Delivered to internal network by host with * dynamic-looking rDNS * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 2.2 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address X-Spam-Level: ****** X-Rspamd-Queue-Id: 48rgZ91XSnz412V X-Spamd-Bar: +++ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=chroot.pl header.s=mail header.b=uzHpwbPN; dmarc=pass (policy=none) header.from=chroot.pl; spf=pass (mx1.freebsd.org: domain of FreeBSD@chroot.pl designates 91.217.18.46 as permitted sender) smtp.mailfrom=FreeBSD@chroot.pl X-Spamd-Result: default: False [3.66 / 15.00]; ARC_NA(0.00)[]; GREYLIST(0.00)[pass,body]; R_DKIM_ALLOW(-0.20)[chroot.pl:s=mail]; SPAM_FLAG(5.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:91.217.18.46:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; XM_UA_NO_VERSION(0.01)[]; RECEIVED_SPAMHAUS_PBL(0.00)[152.178.74.89.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; NEURAL_HAM_MEDIUM(-0.21)[-0.207,0]; DKIM_TRACE(0.00)[chroot.pl:+]; DMARC_POLICY_ALLOW(-0.50)[chroot.pl,none]; RCVD_IN_DNSWL_NONE(0.00)[46.18.217.91.list.dnswl.org : 127.0.10.0]; NEURAL_HAM_LONG(-0.16)[-0.158,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(0.01)[country: PL(0.06)]; ASN(0.00)[asn:51426, ipnet:91.217.18.0/23, country:PL]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Mar 2020 18:13:47 -0000 Hello, this behavior was due to errors in zpool. Regards, Lukasz On 3/25/20 09:18, Jacques Foucry via freebsd-questions wrote: > Le mardi 24 mars 2020 à 16:47:10 (-0700), David Christensen à écrit: >> On 2020-03-24 14:15, Lukasz wrote: >>> Ohh… I forgot mention: >>> it's 12.1-p3 >>> >>> # zpool status -v mypool >>> pool: mypool >>> state: DEGRADED >>> status: One or more devices has experienced an error resulting in data >>> corruption. Applications may be affected. >>> action: Restore the file in question if possible. Otherwise restore the >>> entire pool from backup. >>> see: http://illumos.org/msg/ZFS-8000-8A >>> scan: resilvered 180G in 0 days 16:00:55 with 2 errors on Sun Mar 22 >>> 05:18:46 2020 >>> config: >>> >>> NAME STATE READ WRITE CKSUM >>> mypool DEGRADED 0 0 2 >>> raidz1-0 DEGRADED 0 0 4 >>> diskid/DISK-WD-WMC1F0521131 ONLINE 0 0 0 >>> replacing-1 DEGRADED 0 0 0 >>> 15838717335844820448 UNAVAIL 0 0 0 was /dev/diskid/DISK-WD-WCC130964640 >>> diskid/DISK-K4JG5D2B ONLINE 0 0 0 >>> ada6 ONLINE 0 0 0 >>> ada1 ONLINE 0 0 0 >>> diskid/DISK-WD-WCC130650055 ONLINE 0 0 0 >>> >>> errors: Permanent errors have been detected in the following files: >>> mypool/XXXXXXXXXXXX >>> >>> Yes, I did exacly as you wrote - removed the failed drive, installed a replacement drive, and issued a 'zpool replace' command. >>> I tried this way to: >>> I disabled running services in that pool, unmounted and mounted it again. Even I exported/imported that pool. >>> It has no readonly property. >>> Of course I have a backup. >> >> >> My guess is that resilvering is stuck because ZFS has encountered data >> corruption. This could be caused by drive(s), cable(s), and/or data port(s) >> (motherboard or expansion card). >> >> >> What was the failure mode of the bad drive? Did you test it in any other >> machines? >> >> >> Are the any items of concern in the SMART reports for the current set of >> drives? Please post anything that looks questionable. >> >> >> Unplug and plug all of your drive power and data cables. Make sure they >> seat well. If unsure about a data cable, replace it with a new, locking >> cable. I have experienced too many problems with red SATA cables. Few, if >> any, are marked with their rated speed (I did mark some StarTech SATA III >> cables). So, I stocked up on various lengths and configurations of Cable >> Matters SATA III cables. They are black, marked "6G", and have locking >> connectors. Now, whenever I am in a system case, I replace most every red >> SATA cable just to be safe. >> >> >> I appears that you have Western Digital hard drives. Download Data >> Lifeguard Diagnostic (DLG) for DOS, burn it to a USB flash drive, boot it, >> and test all of your drives. Please post the results: >> >> https://support.wdc.com/downloads.aspx?p=2 > > If you permit an advice, ALWAYS (when it's possible) buy and use disks from > different brand (mix seagate, WD, etc..) in order to avoid same series and same > MTBF. > > I know this to late in this case, but keep this in mind. > > I know this will not help in this case, please excuse my intervention if it's > inappropriate. > From owner-freebsd-questions@freebsd.org Mon Mar 30 19:03:09 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4118D264103 for ; Mon, 30 Mar 2020 19:03:09 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from holgerdanske.com (holgerdanske.com [184.105.128.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "holgerdanske.com", Issuer "holgerdanske.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48rhg40Rq1z4Knx for ; Mon, 30 Mar 2020 19:02:55 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from 99.100.19.101 ([99.100.19.101]) by holgerdanske.com with ESMTPSA (ECDHE-RSA-AES128-GCM-SHA256:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(128):Mac=AEAD) (SMTP-AUTH username dpchrist@holgerdanske.com, mechanism PLAIN) for ; Mon, 30 Mar 2020 12:02:44 -0700 Subject: Re: replace disk in zpool - solved To: freebsd-questions@freebsd.org References: <18a94704-5411-3b44-a525-2ae50121a467@holgerdanske.com> <4a8d409e-ecac-77c8-3ad9-025aefdfb4ef@holgerdanske.com> <20200325081814.GK35528@mithril.foucry.net> From: David Christensen Message-ID: Date: Mon, 30 Mar 2020 12:02:43 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48rhg40Rq1z4Knx X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of dpchrist@holgerdanske.com has no SPF policy when checking 184.105.128.27) smtp.mailfrom=dpchrist@holgerdanske.com X-Spamd-Result: default: False [-1.71 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.995,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; IP_SCORE(-0.62)[ipnet: 184.104.0.0/15(0.55), asn: 6939(-3.60), country: US(-0.05)]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.99)[-0.995,0]; SPAMHAUS_AUTHBL_RECEIVED_FAIL(0.00)[101.19.100.99.khpj7ygk5idzvmvt5x4ziurxhy.authbl.dq.spamhaus.net:query timed out]; DMARC_NA(0.00)[holgerdanske.com]; RCVD_IN_DNSWL_NONE(0.00)[27.128.105.184.list.dnswl.org : 127.0.10.0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:184.104.0.0/15, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Mar 2020 19:03:09 -0000 On 2020-03-30 11:06, Lukasz wrote: > this behavior was due to errors in zpool. Solved how? Could you please expand upon errors in zpool and how you got past them? I have been confused by zpool and zfs on several occasions. Even if I cannot understand something, perhaps I can add another "monkey see, monkey do" trick to my repertoire for the next time I run into problems. David From owner-freebsd-questions@freebsd.org Mon Mar 30 19:13:15 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 135BA2646B9; Mon, 30 Mar 2020 19:13:15 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48rhtl4KMMz4PGM; Mon, 30 Mar 2020 19:13:02 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: by mail-wm1-x329.google.com with SMTP id c81so30153wmd.4; Mon, 30 Mar 2020 12:13:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=FB0Z+21rbbdj5XDz5q56I7WJNK+Y+6zmzRqgyBonKfg=; b=Bz5RtOMqfx514pVEg0DaggtsCkTCIe4o4xXIvxKGcGCh1mWC+z3jcW8izqk+npR7/1 KWjWi1rH4oGHXaUrpqaYxZBFzU4gx+GW29ykWHefZN4Ha/sBECQI535KpWib+tT1z2Gl JLtGJii3CvodWmygyG5aeOjPGLU1oh0MAdNDXrwUbLjY8DF96zOQKjQEqCutPDtQNPIU ZzOGarlHOPKLUGB9KA1S6hswm+ahDxo3W2hgbTgsfM7+z1mqGaTGUi/7YrT8R8Dr3ynH uZDrRZU+zUkRgqH59u13k3O0EC69OWoX3owr/65opohnGGbTcMzRNh/8k0v57clPM6+l XQQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=FB0Z+21rbbdj5XDz5q56I7WJNK+Y+6zmzRqgyBonKfg=; b=GVl8iW87FThzAOZJCpqkggQxxN8NvVK49UtF2jFIrteyBRlHiU3d+uPT8Tx/+DcXli EhbU1d+Z/NPCVq3RAhYO3nBjPLiWqnOtkinaEe3jtsl2IE7l8DrVCc77wGe15lmpXzLg RziDK/YAkMP1qKOP4eof04vkYxT74Ss32N4KFF04oxmnU8vaYbN85EcZIcdPgTav7Mu9 +El/6+C06JuFSYwQjmylPQzP+HCyeKzAnqdud0wZB7Uk0vgxVf1P5LkKQdikhdXnkXpo xSEiixydvLc+pjEGj22cFvoFn1luCNYg6npV0JwDs7m+ipI0r/q53ymJAIIw1RS9lqQp NWRQ== X-Gm-Message-State: ANhLgQ3AzFyWS9w6sC7rnaHrU/Dd8Xzm3BYotQaREphCMwrbjq/5ehml At5AdYKn7SSsmqJFgsOGZW7TvHMAGF95Ag== X-Google-Smtp-Source: ADFU+vuP+TXCmwkUdm+rxM7mwXLN78wg0Wnw9lDDD777v9L0x26uSn9S1DrxjUTece3o8a+tgZcInA== X-Received: by 2002:a1c:7d88:: with SMTP id y130mr762873wmc.5.1585595176871; Mon, 30 Mar 2020 12:06:16 -0700 (PDT) Received: from [192.168.1.7] (79-66-147-78.dynamic.dsl.as9105.com. [79.66.147.78]) by smtp.gmail.com with ESMTPSA id b199sm631127wme.23.2020.03.30.12.06.16 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 30 Mar 2020 12:06:16 -0700 (PDT) Subject: Re: USB microphones with FreeBSD-CURRENT To: Jan Beich Cc: freebsd-current@freebsd.org, FreeBSD questions References: <5c93c4d2-897b-0671-b29a-9fde6031adf5@gmail.com> From: Graham Perrin Message-ID: <6467df72-92de-64b5-5a2c-f23b415543b1@gmail.com> Date: Mon, 30 Mar 2020 20:06:15 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Rspamd-Queue-Id: 48rhtl4KMMz4PGM X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=Bz5RtOMq; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of grahamperrin@gmail.com designates 2a00:1450:4864:20::329 as permitted sender) smtp.mailfrom=grahamperrin@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_DN_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; IP_SCORE(0.00)[ip: (-9.39), ipnet: 2a00:1450::/32(-2.37), asn: 15169(-0.45), country: US(-0.05)]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[9.2.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; IP_SCORE_FREEMAIL(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Mar 2020 19:13:15 -0000 On 28/03/2020 12:45, Jan Beich wrote: > Graham Perrin writes: > >> I can't get web browsers to recognise USB microphones. >> >> USB output (e.g. to my headphones) is OK. >> >> USB input (e.g. from the microphone part of the headphones) is not. >> >> Any suggestions? > Firefox uses "pulse-rust" cubeb backend *by default* if "pulseaudio" > package is installed. getUserMedia is supposed to preset a dropdown menu > to select a microphone. Make sure pulseaudio actually recognizes the > desired microphone e.g., debug via "pactl list" and "parec". > > I don't have a mic but, looking at the code, only pulse-rust or pulse > backends on Linux/FreeBSD support selecting non-default audio device. > It maybe possible to use other backends but if audio device used for > output and input are different that'd require routing defaults which can > be done via config file (e.g., ~/.asoundrc) or externally via virtual_oss. > >> pcm3: (play/rec) default >> pcm4: (rec) > Are these distinct physical devices? Yes. > >> hw.snd.default_unit: 3 > Have you tried using 4? I did, but decided that the device previously at 4 (Alctron USB700 ) probably has a hardware fault. Worth noting: if I attempt to suspend the system whilst the device at 3 (SteelSeries Siberia 350 headphones with integral microphone ) is physically connected, suspend sometimes fails; it becomes necessary to force off the computer. If I start the system with the headphones connected, then the microphone at 3 is usable at e.g. and (see ) but not in Microsoft Teams. If I disconnect the headphones (to minimise the risk of failure to suspend), then reconnect, the system seems unable to reuse the headphones (see ); a restart is required. In Microsoft Teams, neither 2 nor 3 is detected; there's only 1 (see ) and after allowing use of /dev/dsp1 it 'disappears', leaving only the camera in use (head of ). From owner-freebsd-questions@freebsd.org Tue Mar 31 00:08:30 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 31CD926BD92; Tue, 31 Mar 2020 00:08:30 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: from mail-wm1-x343.google.com (mail-wm1-x343.google.com [IPv6:2a00:1450:4864:20::343]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48rqRN5wsrz44Wy; Tue, 31 Mar 2020 00:08:16 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: by mail-wm1-x343.google.com with SMTP id c187so679682wme.1; Mon, 30 Mar 2020 17:08:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=gmP3/r47iCkYaqNt0mG7784eqgXZ9AANLOb+D0kM5tI=; b=JQkYXHYOnunfe7tYLD8W+R602ITClZc2HKw1unFY7RBUy1cCMpH8DA4tcX6715C4wS LWHozVRqsobY3eb+ioZrwbdW8CerQdCRus5AaIBcisQNJpPbHTyF92aky0zOh5Ulkjwd D3H4xdG5bgq+QBRQd7xpDOJhXqwgLT/IiUMmXdERndac3okyHy1HfmzjYxA3elX/TLRG FkR2ira+v9FLVYBrIzJ8a401S4HJotl6pyqS/A3aJijVx+SZxu9yLqIUihbBm9A3KVa4 vn4wXT1ANYYjHfWpmSCw/LiFiJYqwWcsfQLvuT5YqLP9lG03zxd65qBEuLFVGzC8AUOM CWWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=gmP3/r47iCkYaqNt0mG7784eqgXZ9AANLOb+D0kM5tI=; b=HOvxlvsoyL08bh5N0Aqm72NWb+ipQORpr0jobySJ9TvFEp/dlrQ+8gnJM95mOM+jp1 zSg+XklKnnSsI891WU/1AlBOkl3mSalLb6RUc8ui1ifVvDxokdA6lokDWGcaKCbq9MLp FlTCsZzT9kCyfQmocvjF65uPAbgpcoZMphBkX1auAcS2TYIXgkesZJIJSjNbNcA5P84K gViXTHe00ssqfS+iqcPtKO+I+xkSkTN666ndNgiRfXfS3+pL7HS2hA/LjEkRZr6gl0yl Gt4MqIq5vAN+HcssIJBiM0iAYw4OBqGlRVTX4gmoAGn+meYbtGmVVgtQsAlJy2hw4GtO zpAA== X-Gm-Message-State: ANhLgQ2QyR8P1SFTH30M24FV2EOKlDkx+tPZp4RJmzTHrmXBa/6amtet KZ7TfMVFTy3ghhiKuFXspmPXh6Mg8PJf3w== X-Google-Smtp-Source: ADFU+vu3CEthXeW8xiIgnylZDs8a5obj2PpClwdVR7dcdt8f8j94zKvBFtpks9sSp6+UV06QKRlhmA== X-Received: by 2002:a1c:4486:: with SMTP id r128mr634611wma.32.1585613286463; Mon, 30 Mar 2020 17:08:06 -0700 (PDT) Received: from [192.168.1.7] (79-66-147-78.dynamic.dsl.as9105.com. [79.66.147.78]) by smtp.gmail.com with ESMTPSA id f12sm20483302wrm.94.2020.03.30.17.08.05 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 30 Mar 2020 17:08:05 -0700 (PDT) Subject: USB microphones with FreeBSD-CURRENT: bug 194727, r358629 To: Theron Cc: freebsd-current@freebsd.org, FreeBSD questions References: <5c93c4d2-897b-0671-b29a-9fde6031adf5@gmail.com> <6467df72-92de-64b5-5a2c-f23b415543b1@gmail.com> <8dc58802-5849-93c2-0ba2-e321a589e6a3@gmail.com> From: Graham Perrin Message-ID: <28c59a7f-8f9e-4a33-2546-5b97c0c4f33d@gmail.com> Date: Tue, 31 Mar 2020 01:08:04 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: <8dc58802-5849-93c2-0ba2-e321a589e6a3@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: 48rqRN5wsrz44Wy X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=JQkYXHYO; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of grahamperrin@gmail.com designates 2a00:1450:4864:20::343 as permitted sender) smtp.mailfrom=grahamperrin@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FREEMAIL_TO(0.00)[gmail.com]; RECEIVED_SPAMHAUS_PBL(0.00)[78.147.66.79.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; ZRD_FAIL(0.00)[query timed out]; RCVD_IN_DNSWL_NONE(0.00)[3.4.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(0.00)[ip: (2.87), ipnet: 2a00:1450::/32(-2.37), asn: 15169(-0.45), country: US(-0.05)]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Mar 2020 00:08:30 -0000 On 30/03/2020 20:36, Theron wrote: > On 2020-03-30 15:06, Graham Perrin wrote: >> Worth noting: if I attempt to suspend the system whilst the device at >> 3 (SteelSeries Siberia 350 headphones with integral microphone >> ) is physically >> connected, suspend sometimes fails; it becomes necessary to force off >> the computer. > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194727 > Theron, thank you! That might explain a recent sense of randomness with the symptoms. I've been testing in three different boot environments, only one of which is above the 358629 at : grahamperrin@momh167-gjp4-8570p:~ % beadm list BE       Active Mountpoint  Space Created Waterfox -      -          383.2M 2020-03-10 18:24 r357746f -      -          148.3M 2020-03-20 06:19 r359249b -      -           15.8G 2020-03-28 01:19 r357746g NR     /           60.9G 2020-03-31 00:24 (In retrospect, most remarkable to me was that the bug could bite before logging in; taking the 'Sleep' option in sddm did not lead to a suspend of the system. Hopefully fixed for FreeBSD-CURRENT by r358629; I'll not test now, maybe later in the week.) From owner-freebsd-questions@freebsd.org Tue Mar 31 19:29:10 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A8A0D268872 for ; Tue, 31 Mar 2020 19:29:10 +0000 (UTC) (envelope-from artem@artem.ru) Received: from smtp53.i.mail.ru (smtp53.i.mail.ru [94.100.177.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48sKBh2XqSz4Wqm for ; Tue, 31 Mar 2020 19:28:58 +0000 (UTC) (envelope-from artem@artem.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2; h=Content-Type:MIME-Version:Date:Message-ID:Subject:From:To; bh=FTuoNE31Ub1zsi/dnKOO7ujDLRbPuX9by5ejNfRVkhw=; b=Tjso18vd65xzGEnlRD0qaHEOBRd6VWV5ZIPciY+dPKjruZpHPQ82ODJtkS8YCu5Yvz7jmijtv5Wc5TlLMqpzptuvWkoQNbK2Zbmuit+jYsoaO77qJZA5sa/lpLaQKb8NpPmUVRZRJWB1FXciS8WC41ZKg21SiFj3wjCQREqhjNI=; Received: by smtp53.i.mail.ru with esmtpa (envelope-from ) id 1jJMZ3-0005Pt-Pr for freebsd-questions@freebsd.org; Tue, 31 Mar 2020 22:28:46 +0300 To: freebsd-questions@freebsd.org From: Artem Kuchin Subject: I see no way to convert LBA to disk position Message-ID: <2f107fd2-de31-7dfc-7c3e-abb3597b9f3f@artem.ru> Date: Tue, 31 Mar 2020 22:28:43 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 Content-Language: ru X-7564579A: B8F34718100C35BD X-77F55803: 0A44E481635329DB0E1AA8A03B392317D32E5E48865217365060145B739F5F5C37D2C72149323728F688BCB05C26794DA18BAC356798249DA96F94FA60F8D2B6EDFC2D6B529262DA7DB3481FE2EBAE2C X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE75C0AD7D016C066E3C2099A533E45F2D0395957E7521B51C2CFCAF695D4D8E9FCEA1F7E6F0F101C6778DA827A17800CE723C544A82E63DB9DEA1F7E6F0F101C674E70A05D1297E1BBC6CDE5D1141D2B1C7C0992C112CF61B327CEA9B16035D82E9D4F49F262EEF1169FA2833FD35BB23D9E625A9149C048EE33AC447995A7AD18BDFBBEFFF4125B51D2E47CDBA5A96583BD4B6F7A4D31EC0BB23A54CFFDBC96A8389733CBF5DBD5E9D5E8D9A59859A8B65FF0BFC5AEE34BE6CC7F00164DA146DA6F5DAA56C3B73B23E7DDDDC251EA7DABD81D268191BDAD3DC09775C1D3CA48CFE6DA32D78056113CBA3038C0950A5D36C8A9BA7A39EFB76686247BD26A3DF5C4BA3038C0950A5D36D5E8D9A59859A8B649582130F7F636E276E601842F6C81A1F004C90652538430FAAB00FBE355B82D2DBA43225CD8A89FB26E97DCB74E6252262FEC7FBD7D1F5BB5C8C57E37DE458B4C7702A67D5C3316FA3894348FB808DB48C21F01D89DB561574AF45C6390F7469DAA53EE0834AAEE X-D57D3AED: Y8kq8+OzVozcFQziTi/Zi1xwo7H2ZNxGP5qz8aO2mjTJzjHGC4ogvVuzB3zfVUBtENeZ6b5av1fnCBE34JUDkWdM6QxE+Ga5d8voMtmXfSopeeH/M7whDZf1Wbpd8t+6 X-Mailru-Sender: 00097D31F91C944BED4F565345CFF1DF678AA0F9A2F44153799B15706E1364A322AB40DADB8413386D82E86CD0B8CCCC342CD0BA774DB6A91DF22CB62C7DF609901300E88B9FC5FAEDA952A69F3EBF603453F38A29522196 X-Mras: Ok X-Rspamd-Queue-Id: 48sKBh2XqSz4Wqm X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=mail.ru header.s=mail2 header.b=Tjso18vd; dmarc=none; spf=none (mx1.freebsd.org: domain of artem@artem.ru has no SPF policy when checking 94.100.177.113) smtp.mailfrom=artem@artem.ru X-Spamd-Result: default: False [-2.33 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.992,0]; R_DKIM_ALLOW(-0.20)[mail.ru:s=mail2]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[artem.ru]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(0.06)[ipnet: 94.100.176.0/20(0.06), asn: 47764(0.24), country: RU(0.01)]; DKIM_TRACE(0.00)[mail.ru:+]; R_SPF_NA(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; RCVD_IN_DNSWL_LOW(-0.10)[113.177.100.94.list.dnswl.org : 127.0.5.1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:47764, ipnet:94.100.176.0/20, country:RU]; MID_RHS_MATCH_FROM(0.00)[] Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Mar 2020 19:29:11 -0000 Hello! I have a strange story. One of the disk in a gmirror array reported  a read error. smartctvl -a showed this: Sector Sizes: 512 bytes logical, 4096 bytes physical Error: UNC at LBA = 0x0b3ede08 = 188669448 So, from this it should be very easy to locate the bad block, we have 512 bytes LBA blocks and we have a block number, so dd if=/dev/ada2 of=/dev/null bs=512 skip=188669448 count=1 should generate a read error BUT NO! It is not there! It read okay. So, i tried many ways and eventually just wrote my own scanner which return me absolute bytes offset of 2570499919872 convert 512 blocks 2570499919872/512= 5020507656 and # dd if=/dev/ada2 bs=512 skip=5020507656 count=1 > z dd: /dev/ada2: Input/output error 0+0 records in 0+0 records out 0 bytes transferred in 19.432749 secs (0 bytes/sec) Now everything is correct. So, i have LBA 188669448 and real 512 block offset 5020507656 Then i wrote zeros to the bas sector dd if=/dev/zero of=/dev/ada2 bs=512 oseek=5020507656 count=8 and pending blocks went away and also dd if=/dev/ada2 bs=512 skip=5020507656 count=1 now read okay Question is HOW 5020507656 511 bytes disk blocks offset is related to reported lba 188669448 ? Artem From owner-freebsd-questions@freebsd.org Tue Mar 31 20:03:49 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0B13926A150 for ; Tue, 31 Mar 2020 20:03:49 +0000 (UTC) (envelope-from jerry@seibercom.net) Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48sKyd0FD3z3H0J for ; Tue, 31 Mar 2020 20:03:36 +0000 (UTC) (envelope-from jerry@seibercom.net) Received: by mail-io1-xd36.google.com with SMTP id b12so6913818ion.8 for ; Tue, 31 Mar 2020 13:03:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seibercom.net; s=google; h=date:from:to:subject:message-id:reply-to:organization:face :mime-version:content-transfer-encoding; bh=yA7hGegqM9uo93m0n7Kpht2BR4SA6XZmFIoMOscEyvw=; b=UVUo2cu/mBpjKzZidS78/pKQ+A9gDf15xSiFt+iJdrWrmnX1I2MIgdJx4KPQzfckul Go8FD37PbSuJQ9HBL0gYI/fteCCt6TKvbT87iI5h8xX8L21NC3qiclxAeSeEXQnPhcBf qkWSDKFiUmMFyrfNSECNWOPRFg8+9C3vstJAw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:reply-to :organization:face:mime-version:content-transfer-encoding; bh=yA7hGegqM9uo93m0n7Kpht2BR4SA6XZmFIoMOscEyvw=; b=sqz/PqNZFXk1fcCUmgrXIizyL41G1L/DLiUeH8EMbc5jfpnJViLVh9n2Bc4eLIJb/r jH+P/Z2va7OrmoHCJAVCWuFrTJu+tX7ILATTh0enp2/JD0RMyP64X1X6pl6LsJBbsnCc 1QwJ0SsnkiPdUhbt8Qw9TxzF3VgIKYvs86app2ayY3dWV6v6T1gEX+tCBqWiIBslE6VY 0cCEkFx1HPNPPsoOuFSoaQhtEdL4OF5Dg5rx0eRhIkEix2CmXSEdpzuTMGS4jJYMQqQC eLskiV77XwZumtz6Ha5PX2FrF+Fb7Tn3KRWeiTRhhCqDgW9PW/mP+rCOVC/0Os9jmzKS nbrA== X-Gm-Message-State: ANhLgQ3o89zMv2oCXUF6eYa7sH0U3JSoifTRwLFVBWx9bLcr/EYaBB+c 05CfpsmMlDg9r2NEaSkVYOAj4UjAIGc= X-Google-Smtp-Source: ADFU+vt+i9h+N6RJtZiUwC5JYbEwLunXLA5QhTh7frBWmAH+XJXuLtDcyDFpxKOmBxOEyuhsAUO5/g== X-Received: by 2002:ac8:3813:: with SMTP id q19mr4317298qtb.66.1585684533827; Tue, 31 Mar 2020 12:55:33 -0700 (PDT) Received: from scorpio.seibercom.net (cpe-174-109-225-250.nc.res.rr.com. [174.109.225.250]) by smtp.gmail.com with ESMTPSA id n67sm14109841qte.79.2020.03.31.12.55.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 31 Mar 2020 12:55:33 -0700 (PDT) Received: from scorpio (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: jerry@seibercom.net) by scorpio.seibercom.net (Postfix) with ESMTPSA id 48sKnH70pbz2TBs for ; Tue, 31 Mar 2020 15:55:31 -0400 (EDT) Date: Tue, 31 Mar 2020 15:55:29 -0400 From: Jerry To: freebsd-questions@freebsd.org Subject: Updating database in smartmontools Message-ID: <20200331155529.597ee482@scorpio> Reply-To: freebsd-questions@freebsd.org Organization: seibercom.net X-Mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; amd64-portbld-freebsd11.3) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAD1BMVEXHx8eCek7////4+fjWs03LZvEkAAAB+UlEQVQ4jY2UC5LbIAyGhfEB0JoDULgAAR8ANrr/mfpL2Em2087UExyiT+hNKJfesVrGB99ri0UvkAtW73+CnBPZs90AL0U5V5N7FXcsuvQBfIFYt3bGQFNQaMaWdVsu0Jd8Hy5+J/G6h5BWRDlJFOLj5OiziWh5SCwcHYd9MnvzQmapxglJFBFmlqC2zLmTCLkKOeprtAWciOlOFcoUFvEALScXI9Gc0ezsItEXRJVXSrlUyMMVU84L2JMADiitXx9gV98tcUs0EG675QWZcPz+xUd1+ygfQGNin+I4Q5APcIqFS1F2IYClXSkh7/NZKSBb4bGcI/XgEL+MTo5kRtSYlhyV1UqhhS5ECbTCPSF7EE4MbSTvomkqqFGGg+3J2nW83JcB9EK+gu/nII/WuYq+GHBwvYWGpmtFs2uPOBQU1JMqB3WM9hK3Mp8KEu2TKNh4IDCPlEu+wPAhbBcY7qouaumcR/gakYbMqxbUCwUZNL21BDkeq3XUs+mJnSB5uu0CeYHdbGEaub06SFalGjDoCTnmF6haV9oe6AVrzhfo/bFAJ23TZcgGrqqtuT3Uya2/JtHiPyrOHT8AjpANqczL0H0/eg0WmTxf+vet7YT5jiF/gt6vy1Zuz8VEdF//91Pet/bfoN8zrsPeF3j/yXT1+pc/mf8FvwFLRp5BkxdhkQAAAABJRU5ErkJggg== MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 48sKyd0FD3z3H0J X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=pass header.d=seibercom.net header.s=google header.b=UVUo2cu/; dmarc=none; spf=pass (mx1.freebsd.org: domain of jerry@seibercom.net designates 2607:f8b0:4864:20::d36 as permitted sender) smtp.mailfrom=jerry@seibercom.net X-Spamd-Result: default: False [1.55 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_REPLYTO(0.00)[freebsd-questions@freebsd.org]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; TO_DN_NONE(0.00)[]; HAS_ORG_HEADER(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[seibercom.net:+]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(-1.45)[ip: (-6.41), ipnet: 2607:f8b0::/32(-0.35), asn: 15169(-0.45), country: US(-0.05)]; MIME_TRACE(0.00)[0:+]; REPLYTO_EQ_TO_ADDR(5.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RECEIVED_SPAMHAUS_PBL(0.00)[250.225.109.174.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[seibercom.net:s=google]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[seibercom.net]; RCPT_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[6.3.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; MID_RHS_NOT_FQDN(0.50)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Mar 2020 20:03:49 -0000 The "update-smart-drivedb " configuration option is turned off in the smartmontools Makefile. CONFIGURE_ARGS= --disable-dependency-tracking \ --enable-sample \ --with-gnupg=no \ --with-initscriptdir=${PREFIX}/etc/rc.d \ --with-nvme-devicescan=yes \ --with-update-smart-drivedb=no What is the recommended method to update the drive database if this option is off? Using FreeBSD 11.3-p7 amd64. -- Jerry From owner-freebsd-questions@freebsd.org Tue Mar 31 20:11:27 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3A2FD26A5D3 for ; Tue, 31 Mar 2020 20:11:27 +0000 (UTC) (envelope-from artem@artem.ru) Received: from smtp59.i.mail.ru (smtp59.i.mail.ru [217.69.128.39]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48sL7R6MKgz3KKc for ; Tue, 31 Mar 2020 20:11:14 +0000 (UTC) (envelope-from artem@artem.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:References:Cc:To:Subject; bh=SWVRw0LG3Zin05tkiZ+TCNW6ly6JeqIDTSSlJAyszpg=; b=YHwVPN1GLFY+72ia5ehQHX2KTTVi9WV4yXQPbHAkprUBDnlr+OXO7WuU44mesJ0CXeAejPbJFGFtSkPeRlzpJn+VOtCfffcx29miZTs93Lun07qgPxlKQkUC5axX+ds+3LEgv45OJbixrtNPQx2y0yWKJGjKH+QuywEyU8lqNpg=; Received: by smtp59.i.mail.ru with esmtpa (envelope-from ) id 1jJNE2-0003B3-82; Tue, 31 Mar 2020 23:11:06 +0300 Subject: Re: I see no way to convert LBA to disk position To: "Kevin P. Neal" Cc: freebsd-questions@freebsd.org References: <2f107fd2-de31-7dfc-7c3e-abb3597b9f3f@artem.ru> <20200331194552.GA393@neutralgood.org> From: Artem Kuchin Message-ID: Date: Tue, 31 Mar 2020 23:11:02 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: <20200331194552.GA393@neutralgood.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: ru X-7564579A: B8F34718100C35BD X-77F55803: 0A44E481635329DB0E1AA8A03B392317D32E5E48865217365060145B739F5F5CFE5E0A39B35787E4F688BCB05C26794D74841BB71BF617E6C4AE0606FD43761B556A2B8DCD7840CABFCAC5A6DDD0629C X-7FA49CB5: 0D63561A33F958A5F0BB51229AFFD4BE24C2B8F5A611F2E4B272A53F9BBAC8E28941B15DA834481FA18204E546F3947C17119E5299B287EEF6B57BC7E64490618DEB871D839B7333395957E7521B51C2545D4CF71C94A83E9FA2833FD35BB23D27C277FBC8AE2E8BB37B5D51F58B3735A471835C12D1D977C4224003CC8364767815B9869FA544D8D32BA5DBAC0009BE9E8FC8737B5C22497D7908739D16C58076E601842F6C81A12EF20D2F80756B5F012D6517FE479FCD76E601842F6C81A127C277FBC8AE2E8BCB2D3143548416E53AA81AA40904B5D99449624AB7ADAF3726B9191E2D567F0E725E5C173C3A84C3483320834B361D1F089D37D7C0E48F6C5571747095F342E857739F23D657EF2B6825BDBE14D8E7028C9DFF55498CEFB0BD9CCCA9EDD067B1EDA766A37F9254B7 X-D57D3AED: Y8kq8+OzVozcFQziTi/Zi1xwo7H2ZNxGP5qz8aO2mjTJzjHGC4ogvVuzB3zfVUBtENeZ6b5av1fnCBE34JUDkWdM6QxE+Ga5d8voMtmXfSqq2T2UpS0GCJf1Wbpd8t+6 X-Mailru-Sender: 00097D31F91C944B5944008ED339AAA19845F0923656D1D45990C7E904D6298CDEE95B3D783315C26D82E86CD0B8CCCC342CD0BA774DB6A91DF22CB62C7DF609901300E88B9FC5FAEDA952A69F3EBF603453F38A29522196 X-Mras: Ok X-Rspamd-Queue-Id: 48sL7R6MKgz3KKc X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=mail.ru header.s=mail2 header.b=YHwVPN1G; dmarc=none; spf=none (mx1.freebsd.org: domain of artem@artem.ru has no SPF policy when checking 217.69.128.39) smtp.mailfrom=artem@artem.ru X-Spamd-Result: default: False [-2.27 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; R_DKIM_ALLOW(-0.20)[mail.ru:s=mail2]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[artem.ru]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[mail.ru:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[39.128.69.217.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(0.03)[ipnet: 217.69.128.0/20(-0.09), asn: 47764(0.24), country: RU(0.01)]; ASN(0.00)[asn:47764, ipnet:217.69.128.0/20, country:RU]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Mar 2020 20:11:27 -0000 31.03.2020 22:45, Kevin P. Neal пишет: > On Tue, Mar 31, 2020 at 10:28:43PM +0300, Artem Kuchin wrote: > >> Then i wrote zeros to the bas sector >> dd if=/dev/zero of=/dev/ada2 bs=512 oseek=5020507656 count=8 > Wait, does this mean that the two disks in your mirror have different > data at the same block address? Is that safe? Does gmirror keep track > of bad blocks and avoid reading from them "forever" when it hits one? > > If it was me I'd copy the block from the good drive to the bad drive > instead of writing zeros. I don't think it is important because those blocks are unallocated (i checked), but eventually, when did so - copied from one disk to another.  I wrote zeros because smart specs say that i need to write zeroes to resolve pending sector. From owner-freebsd-questions@freebsd.org Tue Mar 31 20:30:22 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B1EEF26AD20 for ; Tue, 31 Mar 2020 20:30:22 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from holgerdanske.com (holgerdanske.com [IPv6:2001:470:0:19b::b869:801b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "holgerdanske.com", Issuer "holgerdanske.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48sLYH0J6tz3wjw for ; Tue, 31 Mar 2020 20:30:10 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from 99.100.19.101 ([99.100.19.101]) by holgerdanske.com with ESMTPSA (ECDHE-RSA-AES128-GCM-SHA256:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(128):Mac=AEAD) (SMTP-AUTH username dpchrist@holgerdanske.com, mechanism PLAIN) for ; Tue, 31 Mar 2020 13:27:13 -0700 Subject: Re: I see no way to convert LBA to disk position To: freebsd-questions@freebsd.org References: <2f107fd2-de31-7dfc-7c3e-abb3597b9f3f@artem.ru> <20200331194552.GA393@neutralgood.org> From: David Christensen Message-ID: <0263aaa3-b4d6-34e4-5210-af19bb01a550@holgerdanske.com> Date: Tue, 31 Mar 2020 13:27:13 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48sLYH0J6tz3wjw X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=temperror reason="query timed out" header.from=holgerdanske.com (policy=temperror); spf=none (mx1.freebsd.org: domain of dpchrist@holgerdanske.com has no SPF policy when checking 2001:470:0:19b::b869:801b) smtp.mailfrom=dpchrist@holgerdanske.com X-Spamd-Result: default: False [-3.83 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RSPAMD_URIBL_FAIL(0.00)[query timed out]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-1.73)[ip: (-0.34), ipnet: 2001:470::/32(-4.66), asn: 6939(-3.60), country: US(-0.05)]; DMARC_DNSFAIL(0.00)[holgerdanske.com : query timed out]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Mar 2020 20:30:22 -0000 On 2020-03-31 13:11, Artem Kuchin wrote: > I wrote zeros because smart specs say that i need to write zeroes to resolve pending sector. I am trying to find a canonical document that describes disk drive failure modes and what how disk drive controllers detect and respond to these failures. I found what appears to be a useful document on the SATA-IO consortium web site, but I do not have member access and I do not want to buy the document: https://sata-io.org/developers/purchase-specification What "smart specs" are you referring to? Can you please provide a URL? David From owner-freebsd-questions@freebsd.org Tue Mar 31 20:35:27 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 97F4026B2A1 for ; Tue, 31 Mar 2020 20:35:27 +0000 (UTC) (envelope-from freebsd@dreamchaser.org) Received: from nightmare.dreamchaser.org (ns.dreamchaser.org [66.109.141.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "dreamchaser.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48sLfy40M6z3yYk for ; Tue, 31 Mar 2020 20:35:05 +0000 (UTC) (envelope-from freebsd@dreamchaser.org) Received: from breakaway.dreamchaser.org (breakaway [192.168.151.122]) by nightmare.dreamchaser.org (8.15.2/8.15.2) with ESMTP id 02VKYpJ6066790 for ; Tue, 31 Mar 2020 14:34:51 -0600 (MDT) (envelope-from freebsd@dreamchaser.org) To: FreeBSD Mailing List Reply-To: freebsd@dreamchaser.org From: Gary Aitken Subject: weird 403 (forbidden) website access issue Message-ID: Date: Tue, 31 Mar 2020 14:33:20 -0600 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (nightmare.dreamchaser.org [192.168.151.101]); Tue, 31 Mar 2020 14:34:51 -0600 (MDT) X-Rspamd-Queue-Id: 48sLfy40M6z3yYk X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of freebsd@dreamchaser.org designates 66.109.141.57 as permitted sender) smtp.mailfrom=freebsd@dreamchaser.org X-Spamd-Result: default: False [-5.53 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[freebsd@dreamchaser.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[dreamchaser.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_TLS_LAST(0.00)[]; TO_DN_ALL(0.00)[]; REPLYTO_ADDR_EQ_FROM(0.00)[]; IP_SCORE(-3.23)[ip: (-8.49), ipnet: 66.109.128.0/19(-4.24), asn: 21947(-3.39), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:21947, ipnet:66.109.128.0/19, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Mar 2020 20:35:27 -0000 Totally bewildered by a 403 error attempting to access a website I created several years ago and haven't touched (or accessed) in ages. Administered and hosted at greengeeks.com 11.3-RELEASE-p6 Using firefox 74.0: The addr (www.ovandoschool.org) resolves to 69.175.87.226 If I type in 69.175.87.226 in the address bar, I get a 403 error with a note 69.175.87.226/cp_errordocument.shtml (port 80) Seems to be accessible fine from windows machines going through the same fbsd 11.3-RELEASE-P6 gateway (not the same system as the one with the browser having the problem). If I manually access from the failing fbsd system, it works: $ telnet 69.175.87.226 80 Trying 69.175.87.226... Connected to chi-node42.websitehostserver.net. Escape character is '^]'. GET / HTTP/1.1 Host: www.ovandoschool.org HTTP/1.1 200 OK Connection: Keep-Alive X-Pingback: http://www.ovandoschool.org/xmlrpc.php Content-Type: text/html; charset=UTF-8 Link: ; rel=shortlink Transfer-Encoding: chunked Date: Tue, 31 Mar 2020 19:04:40 GMT Strict-Transport-Security: max-age=63072000; includeSubDomains X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff 203a etc. I have noscript installed, but if I turn off all restrictions for the accessing tab, I get the same result. I tried opera and get the same result, kinda; the tab shows a "403 Forbidden" error and I get a blank screen. I tried chrome but when it loads all I get is a blank window. Any thoughts on what might be causing this? Why would a browser report a 403 error when telnet doesn't? Thanks for any insights, Gary From owner-freebsd-questions@freebsd.org Tue Mar 31 20:43:10 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5A05C26B956 for ; Tue, 31 Mar 2020 20:43:10 +0000 (UTC) (envelope-from freebsd@boosten.org) Received: from smtpq2.tb.mail.iss.as9143.net (smtpq2.tb.mail.iss.as9143.net [212.54.42.165]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48sLr70Q2gz42S4 for ; Tue, 31 Mar 2020 20:43:02 +0000 (UTC) (envelope-from freebsd@boosten.org) Received: from [212.54.42.134] (helo=smtp10.tb.mail.iss.as9143.net) by smtpq2.tb.mail.iss.as9143.net with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jJNip-00032y-CX; Tue, 31 Mar 2020 22:42:55 +0200 Received: from 84-25-247-31.cable.dynamic.v4.ziggo.nl ([84.25.247.31] helo=smtp.boosten.org) by smtp10.tb.mail.iss.as9143.net with esmtp (Exim 4.90_1) (envelope-from ) id 1jJNip-0007FW-8Z; Tue, 31 Mar 2020 22:42:55 +0200 Received: from amon.boosten.org (amon.boosten.org [192.168.13.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.boosten.org (Postfix) with ESMTPSA id 3043A4D739; Tue, 31 Mar 2020 22:42:54 +0200 (CEST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\)) Subject: Re: weird 403 (forbidden) website access issue From: freebsd@boosten.org In-Reply-To: Date: Tue, 31 Mar 2020 22:42:53 +0200 Cc: FreeBSD Mailing List Content-Transfer-Encoding: quoted-printable Message-Id: <3E2FEC61-CD71-48D8-B60E-0E814E30C753@boosten.org> References: To: freebsd@dreamchaser.org X-Mailer: Apple Mail (2.3608.80.23.2.2) X-SourceIP: 84.25.247.31 X-Ziggo-spambar: / X-Ziggo-spamscore: 0.0 X-Ziggo-spamreport: CMAE Analysis: v=2.3 cv=BJ0oUGYG c=1 sm=1 tr=0 a=JWBJsaPp29SgP5DpYRBqZw==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=IkcTkHD0fZMA:10 a=SS2py6AdgQ4A:10 a=0wQVMjYSAAAA:8 a=9rbr_SGYp0WgupECCF4A:9 a=QEXdDO2ut3YA:10 a=ibV0ZHtNwtz4ncopG1mI:22 X-Ziggo-Spam-Status: No X-Spam-Status: No X-Spam-Flag: No X-Rspamd-Queue-Id: 48sLr70Q2gz42S4 X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.82 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[boosten.org:s=myselector]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; RCVD_TLS_LAST(0.00)[]; RWL_MAILSPIKE_GOOD(0.00)[165.42.54.212.rep.mailspike.net : 127.0.0.18]; R_SPF_ALLOW(-0.20)[+ip4:212.54.32.0/19]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE(-1.22)[ipnet: 212.54.32.0/20(-3.92), asn: 33915(-2.19), country: NL(0.03)]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_DN_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[boosten.org:+]; RCPT_COUNT_TWO(0.00)[2]; FROM_NO_DN(0.00)[]; DMARC_POLICY_ALLOW(-0.50)[boosten.org,quarantine]; RCVD_IN_DNSWL_LOW(-0.10)[165.42.54.212.list.dnswl.org : 127.0.5.1]; RECEIVED_SPAMHAUS_PBL(0.00)[31.247.25.84.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:33915, ipnet:212.54.32.0/20, country:NL]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Mar 2020 20:43:10 -0000 > Op 31 mrt. 2020, om 22:33 heeft Gary Aitken = het volgende geschreven: >=20 > [snip] >=20 > Any thoughts on what might be causing this? > Why would a browser report a 403 error when telnet doesn=E2=80=99t? >=20 Do you, by any chance, have modsecurity installed on the server end? Peter= From owner-freebsd-questions@freebsd.org Tue Mar 31 21:38:27 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3FB1026D1E2 for ; Tue, 31 Mar 2020 21:38:27 +0000 (UTC) (envelope-from Norman.Gray@glasgow.ac.uk) Received: from plockton.cent.gla.ac.uk (plockton.cent.gla.ac.uk [130.209.16.75]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48sN3x5xQJz4Nk8 for ; Tue, 31 Mar 2020 21:38:21 +0000 (UTC) (envelope-from Norman.Gray@glasgow.ac.uk) Received: from cas08.campus.gla.ac.uk ([130.209.14.165]) by plockton.cent.gla.ac.uk with esmtp (Exim 4.72) (envelope-from ) id 1jJOBM-0000PR-Uo; Tue, 31 Mar 2020 22:12:24 +0100 Received: from cas07.campus.gla.ac.uk (130.209.14.164) by cas08.campus.gla.ac.uk (130.209.14.165) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 31 Mar 2020 22:12:24 +0100 Received: from GBR01-CWL-obe.outbound.protection.outlook.com (104.47.20.56) by cas07.campus.gla.ac.uk (130.209.14.164) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 31 Mar 2020 22:12:24 +0100 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IdXn9FofyaoIUg0SxSU4yfWbr7CFD98HpvIHoTQW21C+F8mjy53C3YX5jAoLX7bF5avAeZbyHte5TlUCfsWsfAnOQ81ZQ8sXqO2p8dMItxaJ3qiuRhPYCt0eQ3yTMeqWevocdqTV7ZqSKPXwm6Xulv+ga2nvOqCfqLqeG1mutkYd3lF0/Y98xdr3oxHsHmarpnI1mNQllL4IBo9yxWNFfRqWIS6ymWPbpOAOIrYUxCO3CE/hzV0AvmFGk6jEYm8yje+rr09i+AB5yOXTIO4TlxLQ7smYzSxpjMOqdBgRFLiN/is9NFxj57m3RVNx/iIAfjrHYNkP0IhqcIvN5rLjBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F6h7HZ0RSBldixSVuiMH4WlfokI3/no5seGM07SiNUU=; b=IZhIY8cI/bdCkSDtXNgjUXqdTBWhkrGejt3VGLxZVOf1HyVPKNEc8O6D8SaRNKgecdcziTN+EbrPJfQTZtuOYKvjD1IqF1Q9ndBl8T5ZmdcMmAlyslf4xGXL+Mmf5GeFV+h2MwU71v+WUDXobGvm9AxMydl5fSQr8DJ18nVkw/CUVoFvxj8YTaPHbp9dtyApIE68IhMwG5x0KVdyoKgBSUANNpCfnpI8sbeXns5BKjjEtmsfMXXm1VHLmGsGqYzr86tgA7TZ0F6GEafaHs++Yp5wPsbXXlTOWZtllZiUBQjmmhAhog2td+FG+roiOgGkYzn/VfyC5nBrVAlmO55DFw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=glasgow.ac.uk; dmarc=pass action=none header.from=glasgow.ac.uk; dkim=pass header.d=glasgow.ac.uk; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gla.onmicrosoft.com; s=selector2-gla-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F6h7HZ0RSBldixSVuiMH4WlfokI3/no5seGM07SiNUU=; b=e05H6O1pI0xxsqacfxBjgETWWqs28NM3EGylM6/411Hc3lC7PccIPg551F85wiP/9/WK46Nig308vMoFEpi16Mzd0LIIZtRZmsPCOzWo9kvkCr4amE29rkQor0F+/+IwS1gS/nL/1NTTRmNlSpS/zXhZDzBjdun7dUfwfLKfYFg= Received: from CWXP265MB0149.GBRP265.PROD.OUTLOOK.COM (10.164.144.19) by CWXP265MB1336.GBRP265.PROD.OUTLOOK.COM (20.176.47.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.20; Tue, 31 Mar 2020 21:12:23 +0000 Received: from CWXP265MB0149.GBRP265.PROD.OUTLOOK.COM ([fe80::6c2a:7278:7a4d:3891]) by CWXP265MB0149.GBRP265.PROD.OUTLOOK.COM ([fe80::6c2a:7278:7a4d:3891%3]) with mapi id 15.20.2856.019; Tue, 31 Mar 2020 21:12:22 +0000 From: "Norman Gray" To: Gary Aitken CC: FreeBSD Mailing List Subject: Re: weird 403 (forbidden) website access issue Date: Tue, 31 Mar 2020 22:12:21 +0100 X-Mailer: MailMate (1.13.1r5671) Message-ID: In-Reply-To: References: Content-Type: text/plain; format=flowed X-ClientProxiedBy: LO2P265CA0111.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:c::27) To CWXP265MB0149.GBRP265.PROD.OUTLOOK.COM (2603:10a6:401:8::19) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [192.168.1.50] (2001:8b0:df5:af53:5bf:2528:c542:ae41) by LO2P265CA0111.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:c::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.20 via Frontend Transport; Tue, 31 Mar 2020 21:12:22 +0000 X-Mailer: MailMate (1.13.1r5671) X-Originating-IP: [2001:8b0:df5:af53:5bf:2528:c542:ae41] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 435bc22e-0672-4887-195a-08d7d5b8344b X-MS-TrafficTypeDiagnostic: CWXP265MB1336: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-Forefront-PRVS: 0359162B6D X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CWXP265MB0149.GBRP265.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(366004)(346002)(136003)(396003)(39860400002)(376002)(2906002)(8676002)(52116002)(5660300002)(33656002)(4326008)(16526019)(186003)(6486002)(86362001)(36756003)(53546011)(66476007)(66556008)(66946007)(786003)(6916009)(316002)(966005)(2616005)(15974865002)(81166006)(8936002)(66574012)(81156014)(478600001)(21443002); DIR:OUT; SFP:1101; Received-SPF: None (protection.outlook.com: glasgow.ac.uk does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ZQqeg8LOmO1msDPvDBOP3TXUcV0mUbpLZm9AIWybWJdCzlHcRqQVffMofmqPBjezEED3VQp294e6QVQcZjvcL22wGrpnOJv03EjOsv+Xra4VdTvTu0p21LN6wqhmZIaFepwi8GlkbaPzKIsSUR3vDlPhSvTUhNd5hIHVdqUL/iBPCZLsnwAV2GFfq4BA+jAZaxrO8qB1DpJtmbfZzxJ7KSi0CnrtyJdds+rjLLee2xDETDXs9tvIvS1yKmiKg8MyMVhabymFbGp9xUdnq5ZvNKc3QeYXuJinFEPsbPCKJKE1baRuMv5361aW5GGruFvOIeakaHGNiEwvJL4v25h00lUFhs+8OiuwZsWBl0dA39drsGFWF2XDrjl7qyq7cYJ9eQ7VoM6TM1By3YMpu1rrOQbv5+1QS1ENb1U21PvJBiwep0/hg4XzCXy/xcOfkr5lq6z+0xZu049RTtH4PcdB03/ECn+EnNhGKJIQ/fKuyLe0ixxUf7XXVeWrhrJty60/7LH+sgYCau9fU3FIVxP3GJicPuc6TEIqk94i8LyWKJlL4pqnGxoSewylC53iD8VX6OUw+2+5FfGuIWOd2//K8w== X-MS-Exchange-AntiSpam-MessageData: jc59eMxffu3b8L+LrBBBJiQvp31xfbyQORccZAO2qdN2CW8grOc7HzlUwqHKZlacm5eZlXM2vSHZHMIF6Hvwwe0T57WjOM+S6CML+Xr0B7N4JE9M5pemoe8mrOd+XlEsYiWJcZQlww4JEIicHh5pyIXhNbTfr0C5uQ4PPdiZv++vDCtpJprAXk/VPl3HviVjpD8zuV9TbwJPQ4vLiJD8cA== X-MS-Exchange-CrossTenant-Network-Message-Id: 435bc22e-0672-4887-195a-08d7d5b8344b X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Mar 2020 21:12:22.7308 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 6e725c29-763a-4f50-81f2-2e254f0133c8 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: WaS/xBiFSWAXMcqWxFBjF+tiZxxbR5TB6OMlYfaURmxkiQPLt2kW1d/S1rdHOrt3mwWpw0ltQfhRKUZxKs54f58JY4clUiE/qLA3uArGj+c= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CWXP265MB1336 X-OriginatorOrg: glasgow.ac.uk X-Rspamd-Queue-Id: 48sN3x5xQJz4Nk8 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gla.onmicrosoft.com header.s=selector2-gla-onmicrosoft-com header.b=e05H6O1p; dmarc=none; spf=none (mx1.freebsd.org: domain of Norman.Gray@glasgow.ac.uk has no SPF policy when checking 130.209.16.75) smtp.mailfrom=Norman.Gray@glasgow.ac.uk X-Spamd-Result: default: False [-4.95 / 15.00]; RCVD_COUNT_SEVEN(0.00)[7]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gla.onmicrosoft.com:s=selector2-gla-onmicrosoft-com]; HAS_XOIP(0.00)[]; FROM_HAS_DN(0.00)[]; RWL_MAILSPIKE_GOOD(0.00)[75.16.209.130.rep.mailspike.net : 127.0.0.18]; IP_SCORE(-0.95)[ipnet: 130.209.0.0/16(-4.38), asn: 786(-0.28), country: GB(-0.07)]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[glasgow.ac.uk]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCVD_IN_DNSWL_MED(-0.20)[75.16.209.130.list.dnswl.org : 127.0.11.2]; DKIM_TRACE(0.00)[gla.onmicrosoft.com:+]; RCPT_COUNT_TWO(0.00)[2]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:786, ipnet:130.209.0.0/16, country:GB]; ARC_ALLOW(-1.00)[i=1]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Mar 2020 21:38:28 -0000 Gary, greetings. On 31 Mar 2020, at 21:33, Gary Aitken wrote: > The addr (www.ovandoschool.org) resolves to 69.175.87.226 > > If I type in 69.175.87.226 in the address bar, I get a 403 error > with a note > 69.175.87.226/cp_errordocument.shtml (port 80) > Seems to be accessible fine from windows machines going through the > same > fbsd 11.3-RELEASE-P6 gateway (not the same system as the one with the > browser having the problem). > > If I manually access from the failing fbsd system, it works: > > $ telnet 69.175.87.226 80 > Trying 69.175.87.226... > Connected to chi-node42.websitehostserver.net. > Escape character is '^]'. > GET / HTTP/1.1 > Host: www.ovandoschool.org If you type the IP address in to the address bar, then the browser will either send that as the 'Host' request header, or won't send the header at all. Thus the server, presuming it's set up to serve multiple hosts, won't know which website to send back. An alternative route to the same conclusion is that HTTP 1.1 requires the 'Host' request header, so if it's missing (or possibly if it's an IP address, or if it's not one of the hosts the server has been configured to handle), then... error document. If this works with any browser, then it _might_ be that the browser is being clever, doing a reverse lookup of the IP address, and sending the result as the 'Host' request header. In that case, a bit of tcpdump will clarify. Apologies if this is obvious, but if this isn't the problem, you might need to elaborate. Good wishes, Norman -- Norman Gray : http://www.astro.gla.ac.uk/users/norman/it/ Research IT Coordinator SUPA School of Physics and Astronomy, University of Glasgow, UK Charity number SC004401 From owner-freebsd-questions@freebsd.org Tue Mar 31 22:02:07 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 06D0326DC1D for ; Tue, 31 Mar 2020 22:02:07 +0000 (UTC) (envelope-from freebsd@dreamchaser.org) Received: from nightmare.dreamchaser.org (ns.dreamchaser.org [66.109.141.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "dreamchaser.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48sNb42t6Vz4XRW for ; Tue, 31 Mar 2020 22:01:51 +0000 (UTC) (envelope-from freebsd@dreamchaser.org) Received: from breakaway.dreamchaser.org (breakaway [192.168.151.122]) by nightmare.dreamchaser.org (8.15.2/8.15.2) with ESMTP id 02VM1aQJ067005; Tue, 31 Mar 2020 16:01:36 -0600 (MDT) (envelope-from freebsd@dreamchaser.org) Reply-To: freebsd@dreamchaser.org Subject: Re: weird 403 (forbidden) website access issue To: freebsd@boosten.org Cc: FreeBSD Mailing List References: <3E2FEC61-CD71-48D8-B60E-0E814E30C753@boosten.org> From: Gary Aitken Message-ID: Date: Tue, 31 Mar 2020 15:59:59 -0600 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: <3E2FEC61-CD71-48D8-B60E-0E814E30C753@boosten.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (nightmare.dreamchaser.org [192.168.151.101]); Tue, 31 Mar 2020 16:01:36 -0600 (MDT) X-Rspamd-Queue-Id: 48sNb42t6Vz4XRW X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of freebsd@dreamchaser.org designates 66.109.141.57 as permitted sender) smtp.mailfrom=freebsd@dreamchaser.org X-Spamd-Result: default: False [-5.55 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[freebsd@dreamchaser.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[dreamchaser.org]; REPLYTO_ADDR_EQ_FROM(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-3.25)[ip: (-8.52), ipnet: 66.109.128.0/19(-4.26), asn: 21947(-3.41), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:21947, ipnet:66.109.128.0/19, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Mar 2020 22:02:07 -0000 On 3/31/20 2:42 PM, freebsd@boosten.org wrote: > > >> Op 31 mrt. 2020, om 22:33 heeft Gary Aitken het volgende geschreven: >> >> [snip] >> >> Any thoughts on what might be causing this? >> Why would a browser report a 403 error when telnet doesn’t? >> > > > Do you, by any chance, have modsecurity installed on the server end? I haven't a clue, unfortunately, as I don't control the server. The server is through greengeeks.com, but a reverse dns shows chi-node42.websitehostserver.net. Gary From owner-freebsd-questions@freebsd.org Tue Mar 31 22:09:59 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CF25326E01E for ; Tue, 31 Mar 2020 22:09:59 +0000 (UTC) (envelope-from freebsd@dreamchaser.org) Received: from nightmare.dreamchaser.org (ns.dreamchaser.org [66.109.141.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "dreamchaser.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48sNmF4BFDz4ZrQ for ; Tue, 31 Mar 2020 22:09:48 +0000 (UTC) (envelope-from freebsd@dreamchaser.org) Received: from breakaway.dreamchaser.org (breakaway [192.168.151.122]) by nightmare.dreamchaser.org (8.15.2/8.15.2) with ESMTP id 02VM9d2K067039; Tue, 31 Mar 2020 16:09:39 -0600 (MDT) (envelope-from freebsd@dreamchaser.org) Reply-To: freebsd@dreamchaser.org Subject: Re: weird 403 (forbidden) website access issue To: Richard Tobin , FreeBSD Mailing List References: <20200331210711.301BC2CC98FE@macaroni.inf.ed.ac.uk> From: Gary Aitken Message-ID: <5f5f0c28-95bf-4bc0-a677-fabc9b87812e@dreamchaser.org> Date: Tue, 31 Mar 2020 16:08:03 -0600 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: <20200331210711.301BC2CC98FE@macaroni.inf.ed.ac.uk> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (nightmare.dreamchaser.org [192.168.151.101]); Tue, 31 Mar 2020 16:09:40 -0600 (MDT) X-Rspamd-Queue-Id: 48sNmF4BFDz4ZrQ X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of freebsd@dreamchaser.org designates 66.109.141.57 as permitted sender) smtp.mailfrom=freebsd@dreamchaser.org X-Spamd-Result: default: False [-5.56 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[freebsd@dreamchaser.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[dreamchaser.org]; REPLYTO_ADDR_EQ_FROM(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-3.26)[ip: (-8.55), ipnet: 66.109.128.0/19(-4.27), asn: 21947(-3.42), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:21947, ipnet:66.109.128.0/19, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Mar 2020 22:10:00 -0000 On 3/31/20 3:07 PM, Richard Tobin wrote: >> The addr (www.ovandoschool.org) resolves to 69.175.87.226 >> >> If I type in 69.175.87.226 in the address bar, I get a 403 error > > ... > >> $ telnet 69.175.87.226 80 >> Trying 69.175.87.226... >> Connected to chi-node42.websitehostserver.net. >> Escape character is '^]'. >> GET / HTTP/1.1 >> Host: www.ovandoschool.org > > If you give a browser the numeric IP address, it won't know what > Host: header to send. Thanks, that makes sense. However, it fails with "www.ovandoschool.org" as well. From owner-freebsd-questions@freebsd.org Tue Mar 31 22:20:31 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A356B26E535 for ; Tue, 31 Mar 2020 22:20:31 +0000 (UTC) (envelope-from richard@inf.ed.ac.uk) Received: from loire.is.ed.ac.uk (loire.is.ed.ac.uk [129.215.16.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48sP0G36c4z4fD9 for ; Tue, 31 Mar 2020 22:20:14 +0000 (UTC) (envelope-from richard@inf.ed.ac.uk) Received: from crunchie.inf.ed.ac.uk (crunchie.inf.ed.ac.uk [129.215.202.41]) by loire.is.ed.ac.uk (8.14.7/8.14.7) with ESMTP id 02VL7BBD014209 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Mar 2020 22:07:11 +0100 Received: from macaroni.inf.ed.ac.uk (macaroni.inf.ed.ac.uk [129.215.197.42]) by crunchie.inf.ed.ac.uk (8.14.7/8.14.7) with ESMTP id 02VL7AC0015089; Tue, 31 Mar 2020 22:07:10 +0100 Received: by macaroni.inf.ed.ac.uk (Postfix, from userid 26013) id 301BC2CC98FE; Tue, 31 Mar 2020 22:07:11 +0100 (BST) From: Richard Tobin Subject: Re: weird 403 (forbidden) website access issue To: freebsd@dreamchaser.org, FreeBSD Mailing List In-Reply-To: Gary Aitken's message of Tue, 31 Mar 2020 14:33:20 -0600 X-Mailer: Ream 5.1.51-richard-mac Message-Id: <20200331210711.301BC2CC98FE@macaroni.inf.ed.ac.uk> Date: Tue, 31 Mar 2020 22:07:11 +0100 (BST) X-Edinburgh-Scanned: at loire.is.ed.ac.uk with MIMEDefang 2.84, Sophie, Sophos Anti-Virus, Clam AntiVirus Content-Type: text/plain MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 129.215.16.10 X-Rspamd-Queue-Id: 48sP0G36c4z4fD9 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=ed.ac.uk; spf=pass (mx1.freebsd.org: domain of richard@inf.ed.ac.uk designates 129.215.16.10 as permitted sender) smtp.mailfrom=richard@inf.ed.ac.uk X-Spamd-Result: default: False [-3.07 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a:internalmailrelay.ed.ac.uk]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE(-0.07)[asn: 786(-0.28), country: GB(-0.07)]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_MED(-0.20)[10.16.215.129.list.dnswl.org : 127.0.11.2]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[ed.ac.uk,none]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:786, ipnet:129.215.0.0/16, country:GB]; RCVD_TLS_LAST(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Mar 2020 22:20:31 -0000 > The addr (www.ovandoschool.org) resolves to 69.175.87.226 > > If I type in 69.175.87.226 in the address bar, I get a 403 error ... > $ telnet 69.175.87.226 80 > Trying 69.175.87.226... > Connected to chi-node42.websitehostserver.net. > Escape character is '^]'. > GET / HTTP/1.1 > Host: www.ovandoschool.org If you give a browser the numeric IP address, it won't know what Host: header to send. -- Richard -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. From owner-freebsd-questions@freebsd.org Tue Mar 31 23:22:06 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E225027221B for ; Tue, 31 Mar 2020 23:22:06 +0000 (UTC) (envelope-from freebsd@dreamchaser.org) Received: from nightmare.dreamchaser.org (ns.dreamchaser.org [66.109.141.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "dreamchaser.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48sQMc0P3Fz49Qh for ; Tue, 31 Mar 2020 23:22:02 +0000 (UTC) (envelope-from freebsd@dreamchaser.org) Received: from breakaway.dreamchaser.org (breakaway [192.168.151.122]) by nightmare.dreamchaser.org (8.15.2/8.15.2) with ESMTP id 02VNLpvE067250; Tue, 31 Mar 2020 17:21:52 -0600 (MDT) (envelope-from freebsd@dreamchaser.org) Reply-To: freebsd@dreamchaser.org Subject: Re: weird 403 (forbidden) website access issue To: Norman Gray Cc: FreeBSD Mailing List References: From: Gary Aitken Message-ID: <1f345a1d-f0c8-688c-c3e5-3a6b09ff1fa9@dreamchaser.org> Date: Tue, 31 Mar 2020 17:20:15 -0600 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (nightmare.dreamchaser.org [192.168.151.101]); Tue, 31 Mar 2020 17:21:52 -0600 (MDT) X-Rspamd-Queue-Id: 48sQMc0P3Fz49Qh X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of freebsd@dreamchaser.org designates 66.109.141.57 as permitted sender) smtp.mailfrom=freebsd@dreamchaser.org X-Spamd-Result: default: False [-5.57 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[freebsd@dreamchaser.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[dreamchaser.org]; REPLYTO_ADDR_EQ_FROM(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-3.27)[ip: (-8.57), ipnet: 66.109.128.0/19(-4.29), asn: 21947(-3.43), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:21947, ipnet:66.109.128.0/19, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Mar 2020 23:22:07 -0000 On 3/31/20 3:12 PM, Norman Gray wrote: > > Gary, greetings. Thanks for helping, Norman. > On 31 Mar 2020, at 21:33, Gary Aitken wrote: > >> The addr (www.ovandoschool.org) resolves to 69.175.87.226 >> >> If I type in 69.175.87.226 in the address bar, I get a 403 error >> with a note 69.175.87.226/cp_errordocument.shtml (port 80) Seems to >> be accessible fine from windows machines going through the same >> fbsd 11.3-RELEASE-P6 gateway (not the same system as the one with >> the browser having the problem). >> >> If I manually access from the failing fbsd system, it works: >> >> $ telnet 69.175.87.226 80 Trying 69.175.87.226... Connected to >> chi-node42.websitehostserver.net. Escape character is '^]'. GET / >> HTTP/1.1 Host: www.ovandoschool.org > > If you type the IP address in to the address bar, then the browser > will either send that as the 'Host' request header, or won't send the > header at all. Thus the server, presuming it's set up to serve > multiple hosts, won't know which website to send back. Makes sense. > An alternative route to the same conclusion is that HTTP 1.1 requires > the 'Host' request header, so if it's missing (or possibly if it's an > IP address, or if it's not one of the hosts the server has been > configured to handle), then... error document. > > If this works with any browser, then it _might_ be that the browser > is being clever, doing a reverse lookup of the IP address, and > sending the result as the 'Host' request header. In that case, a bit > of tcpdump will clarify. A reverse dns shows chi-node42.websitehostserver.net. so that obviously would be a problem. > Apologies if this is obvious, but if this isn't the problem, you > might need to elaborate. So the actual problem is the errors show up when the website url is entered: http://www.ovandoschool.org/ I was using the IP to try to simplify the problem, but obviously that won't work in this case. Since the site displays on windows machines when using the proper url, but not on the fbsd machine, it feels like something messed up in my fbsd environment. A tcpdump from the gateway for a successful (windows) access shows: IP 66.109.141.60.55271 > 69.175.87.226.80: Flags [S], seq 983728199, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], lengt h 0 IP 69.175.87.226.80 > 66.109.141.60.55271: Flags [S.], seq 4210427857, ack 983728200, win 29200, options [mss 1400,nop,nop,sackOK,no p,wscale 7], length 0 IP 66.109.141.60.55271 > 69.175.87.226.80: Flags [.], ack 1, win 16450, length 0 IP 66.109.141.60.55271 > 69.175.87.226.80: Flags [P.], seq 1:375, ack 1, win 16450, length 374: HTTP: GET / HTTP/1.1 IP 69.175.87.226.80 > 66.109.141.60.55271: Flags [.], ack 375, win 237, length 0 IP 69.175.87.226.80 > 66.109.141.60.55271: Flags [.], seq 1:1401, ack 375, win 237, length 1400: HTTP: HTTP/1.1 200 OK IP 69.175.87.226.80 > 66.109.141.60.55271: Flags [.], seq 1401:2801, ack 375, win 237, length 1400: HTTP IP 69.175.87.226.80 > 66.109.141.60.55271: Flags [P.], seq 2801:2850, ack 375, win 237, length 49: HTTP IP 69.175.87.226.80 > 66.109.141.60.55271: Flags [P.], seq 2850:3109, ack 375, win 237, length 259: HTTP IP 69.175.87.226.80 > 66.109.141.60.55271: Flags [P.], seq 3109:3114, ack 375, win 237, length 5: HTTP IP 66.109.141.60.55271 > 69.175.87.226.80: Flags [.], ack 3114, win 16450, length 0 IP 66.109.141.60.55271 > 69.175.87.226.80: Flags [P.], seq 375:814, ack 3114, win 16450, length 439: HTTP: GET /wp-content/themes/tw entythirteen/fonts/genericons.css?ver=2.09 HTTP/1.1 On the machine that fails, the tcpdump on the gateway shows: IP 66.109.141.62.12350 > 69.175.87.226.80: Flags [S], seq 1576349922, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 336582 5370 ecr 0], length 0 IP 69.175.87.226.80 > 66.109.141.62.12350: Flags [S.], seq 4093820683, ack 1576349923, win 28960, options [mss 1400,sackOK,TS val 25 42931075 ecr 3365825370,nop,wscale 7], length 0 IP 66.109.141.62.12350 > 69.175.87.226.80: Flags [.], ack 1, win 1028, options [nop,nop,TS val 3365825433 ecr 2542931075], length 0 IP 66.109.141.62.12350 > 69.175.87.226.80: Flags [P.], seq 1:341, ack 1, win 1028, options [nop,nop,TS val 3365825523 ecr 2542931075 ], length 340: HTTP: GET / HTTP/1.1 IP 69.175.87.226.80 > 66.109.141.62.12350: Flags [.], ack 341, win 235, options [nop,nop,TS val 2542931231 ecr 3365825523], length 0 IP 69.175.87.226.80 > 66.109.141.62.12350: Flags [P.], seq 1:1048, ack 341, win 235, options [nop,nop,TS val 2542931232 ecr 33658255 23], length 1047: HTTP: HTTP/1.1 403 Forbidden IP 66.109.141.62.12350 > 69.175.87.226.80: Flags [.], ack 1048, win 1028, options [nop,nop,TS val 3365825697 ecr 2542931232], length 0 On the machine actually making the request, a tcpdump shows: 192.168.151.122.24498 > 69.175.87.226.80: Flags [S], cksum 0xf5e2 (incorrect -> 0x059c), seq 3235489561, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 683891704 ecr 0], length 0 192.168.151.122.21254 > 69.175.87.226.80: Flags [S], cksum 0xf5e2 (incorrect -> 0x13bb), seq 2862645472, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 4284596312 ecr 0], length 0 69.175.87.226.80 > 192.168.151.122.24498: Flags [S.], cksum 0x8738 (correct), seq 30361359, ack 3235489562, win 28960, options [mss 1400,sackOK,TS val 2544446693 ecr 683891704,nop,wscale 7], length 0 192.168.151.122.24498 > 69.175.87.226.80: Flags [.], cksum 0xf5da (incorrect -> 0x21cf), ack 1, win 1028, options [nop,nop,TS val 683891982 ecr 2544446693], length 0 192.168.151.122.24498 > 69.175.87.226.80: Flags [P.], cksum 0xf748 (incorrect -> 0x172f), seq 1:367, ack 1, win 1028, options [nop,nop,TS val 683891982 ecr 2544446693], length 366: HTTP, length: 366 GET / HTTP/1.1 Host: www.ovandoschool.org User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:74.0) Gecko/20100101 Firefox/74.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Cache-Control: max-age=0 69.175.87.226.80 > 192.168.151.122.21254: Flags [S.], cksum 0x9745 (correct), seq 1337325334, ack 2862645473, win 28960, options [mss 1400,sackOK,TS val 2544446729 ecr 4284596312,nop,wscale 7], length 0 192.168.151.122.21254 > 69.175.87.226.80: Flags [.], cksum 0xf5da (incorrect -> 0x32b4), ack 1, win 1028, options [nop,nop,TS val 4284596374 ecr 2544446729], length 0 69.175.87.226.80 > 192.168.151.122.24498: Flags [.], cksum 0x2337 (correct), ack 367, win 235, options [nop,nop,TS val 2544446760 ecr 683891982], length 0 69.175.87.226.80 > 192.168.151.122.24498: Flags [P.], cksum 0xcf9c (correct), seq 1:1048, ack 367, win 235, options [nop,nop,TS val 2544446760 ecr 683891982], length 1047: HTTP, length: 1047 HTTP/1.1 403 Forbidden Connection: Keep-Alive Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0 Pragma: no-cache Content-Type: text/html Content-Length: 698 Date: Tue, 31 Mar 2020 22:47:03 GMT Strict-Transport-Security: max-age=63072000; includeSubDomains X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff 403 Forbidden

403

Forbidden

Access to this resource on the server is denied!

I'm out of my depth here... (Aside: What's with the incorrect checksum flags?) Comparing the gateway dumps, the difference is in the first four lines. I've interlaced them below, with the lines from the successful request first: IP 66.109.141.60.55271 > 69.175.87.226.80: Flags [S], seq 983728199, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 IP 66.109.141.62.12350 > 69.175.87.226.80: Flags [S], seq 1576349922, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 3365825370 ecr 0], length 0 IP 69.175.87.226.80 > 66.109.141.60.55271: Flags [S.], seq 4210427857, ack 983728200, win 29200, options [mss 1400,nop,nop,sackOK,nop,wscale 7], length 0 IP 69.175.87.226.80 > 66.109.141.62.12350: Flags [S.], seq 4093820683, ack 1576349923, win 28960, options [mss 1400,sackOK,TS val 2542931075 ecr 3365825370,nop,wscale 7], length 0 IP 66.109.141.60.55271 > 69.175.87.226.80: Flags [.], ack 1, win 16450, length 0 IP 66.109.141.62.12350 > 69.175.87.226.80: Flags [.], ack 1, win 1028, options [nop,nop,TS val 3365825433 ecr 2542931075], length 0 IP 66.109.141.60.55271 > 69.175.87.226.80: Flags [P.], seq 1:375, ack 1, win 16450, length 374: HTTP: GET / HTTP/1.1 IP 66.109.141.62.12350 > 69.175.87.226.80: Flags [P.], seq 1:341, ack 1, win 1028, options [nop,nop,TS val 3365825523 ecr 2542931075], length 340: HTTP: GET / HTTP/1.1 IP 69.175.87.226.80 > 66.109.141.60.55271: Flags [.], ack 375, win 237, length 0 IP 69.175.87.226.80 > 66.109.141.62.12350: Flags [.], ack 341, win 235, options [nop,nop,TS val 2542931231 ecr 3365825523], length 0 IP 69.175.87.226.80 > 66.109.141.60.55271: Flags [.], seq 1:1401, ack 375, win 237, length 1400: HTTP: HTTP/1.1 200 OK IP 69.175.87.226.80 > 66.109.141.62.12350: Flags [P.], seq 1:1048, ack 341, win 235, options [nop,nop,TS val 2542931232 ecr 3365825523], length 1047: HTTP: HTTP/1.1 403 Forbidden Thoughts? Thanks, Gary From owner-freebsd-questions@freebsd.org Wed Apr 1 01:37:10 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1B47927613F; Wed, 1 Apr 2020 01:37:10 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor.nl2k.ab.ca (doctor.nl2k.ab.ca [204.209.81.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48sTMK6JHNz44L6; Wed, 1 Apr 2020 01:37:01 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.93.0.4 (FreeBSD)) (envelope-from ) id 1jJSJs-000Dir-Kd; Tue, 31 Mar 2020 19:37:28 -0600 Date: Tue, 31 Mar 2020 19:37:28 -0600 From: The Doctor To: freebsd-pf@freebsd.org, freebsd-questions@freebsd.org Subject: Re: FreeBSD bridging security router Message-ID: <20200401013728.GA47776@doctor.nl2k.ab.ca> References: <20200329183406.GB5418@doctor.nl2k.ab.ca> <20200329202922.GA32467@doctor.nl2k.ab.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200329202922.GA32467@doctor.nl2k.ab.ca> X-Rspamd-Queue-Id: 48sTMK6JHNz44L6 X-Spamd-Bar: ++ X-Spamd-Result: default: False [2.58 / 15.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(0.00)[+a]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_SPAM_MEDIUM(0.19)[0.192,0]; BAD_REP_POLICIES(0.10)[]; MIME_TRACE(0.00)[0:+]; URIBL_PBL(0.02)[empire.kred]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(0.00)[nl2k.ab.ca,quarantine]; NEURAL_SPAM_LONG(0.53)[0.532,0]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; INTRODUCTION(2.00)[]; ASN(0.00)[asn:6171, ipnet:204.209.81.0/24, country:CA]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(-0.17)[ip: (-0.39), ipnet: 204.209.81.0/24(-0.19), asn: 6171(-0.16), country: CA(-0.09)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Apr 2020 01:37:10 -0000 Found it. The bridging was not set properly. However I run into a new problem. This is suppose to be a border gateway, but when I plug in the external interface, wireshark say traffic is flowing, but I test the browsers and they cannot find their target. So I have 1) pf.conf ## Set your public interface ## ext_if="bce1" ##Internal bridge for virtually hosted machines int_if="bce0" bridge0="bridge0" ## Set your server public IP address ## #ext_if_ip="192.168.81.7" int_if_ip="192.168.81.14" bridge0_ip="192.168.81.13" intnet = $int_if:network #Proxy for FTP proxy="127.0.0.1" proxyport="8021" #All virtal machines go here! win2019="192.168.81.18" kali="192.168.81.15" seconion="192.168.81.16" parrot="192.168.81.17" #In case you need a whole group vhosts =" { 192.168.81.16, 192.168.81.15, 192.168.81.17,192.168.81.18 }" ## Set and drop these IP ranges on public interface and any other troublemakers ## martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \ 10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \ 0.0.0.0/8, 240.0.0.0/4 }" ## Set http(80)/https (443) port here and other ports that need accessing ## webports = "{http, https,8443,119,561,110,143,993,995,20,21,23,25,464,465,587,53,513,783,88,135,137,138,139,445,69,43,636,1024:65535}" # Radius radiusports = "{1645,1646,1812,1813 }" ## enable these services ## int_tcp_services = "{domain, ntp, smtp,nntp, smtps,submission, www, https,20,88,ftp, ssh,110,139,137,138,135,143,636,993,995,443,445,464,561,636,783,7500,8443,43,63,1024:65535}" int_udp_services = "{domain, ntp,69,88,137,138,139,445,464}" int_radius_services = "{1645,1646,1812,1813 }" ## Skip loop back interface - Skip all PF processing on interface bridge and virtual hosts ## set skip on lo set skip on bridge0 set skip on tap0 set skip on tap1 set skip on tap2 set skip on tap3 ## Sets the interface for which PF should gather statistics such as bytes in/out and packets passed/blocked ## set loginterface $ext_if set fingerprints "/etc/pf.os" # Deal with attacks based on incorrect handling of packet fragments scrub in all ################### TRANSLATION ############# #### NAT and RDR start nat on $ext_if from $intnet to any -> ($ext_if) nat on $intnet from $bridge0 to any -> ($intnet) nat on $bridge0 from $kali to any -> ($bridge0) nat on $bridge0 from $win2019 to any -> ($bridge0) nat on $bridge0 from $kali to any -> ($bridge0) ## PLease note for virtual machines you are passing the packects via the ## Virtual switch so treat as michine (tap) into switch (Bridge) into ## your macine acting as the host (exit) nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" # Redirect ftp traffic to proxy rdr pass proto tcp from any to any port ftp -> $proxy port $proxyport ## Set default policy ## block return in log all block out all # We need to have an anchor for ftp-proxy anchor "ftp-proxy/*" pass out proto tcp from $proxy to any port 20 pass out proto tcp from $proxy to any port 21 pass out on $int_if inet proto {tcp, udp} from $int_if to any port ftp:ftp-proxy pass in on egress proto tcp to port 21 pass in on egress proto tcp to port 20 pass in on egress proto tcp to port > 49151 pass out quick on egress inet proto tcp from any to 192.168.81.1 flags S/SA pass out quick on egress inet proto tcp from any to 192.168.81.3 flags S/SA #set up virtual switch pass in quick on bridge0 all pass quick on tap0 all pass quick on tap1 all pass quick on tap2 all pass quick on tap3 all # Drop all Non-Routable Addresses block drop in quick on $ext_if from $martians to any block drop out quick on $ext_if from any to $martians block drop in quick on $vhosts from $martians to any block drop out quick on $vhosts from any to $martians ## Blocking spoofed packets antispoof quick for $int_if antispoof quick for $ext_if antispoof quick for $vhosts # Open SSH port which is listening on port 22 from VPN 139.xx.yy.zz Ip only # I do not allow or accept ssh traffic from ALL for security reasons #pass in quick on $ext_if inet proto tcp from 192.168.81.0/24 to $ext_if_ip port = ssh flags S/SA keep state label "USER_RULE: Allow SSH from 139.xxx.yyy.zzz" ## Use the following rule to enable ssh for ALL users from any IP address # ## pass in inet proto tcp to $ext_if port ssh ### [ OR ] ### pass in inet proto tcp to $int_if port 22 #pass in inet proto tcp to $ext_if port 22 pass in inet proto tcp to $vhosts port 22 pass in inet proto tcp to $int_if port 36941 #pass in inet proto tcp to $ext_if port 36941 pass in inet proto tcp to $vhosts port 36941 # Allow Ping-Pong stuff. Be a good sysadmin icmp_types = "{ echoreq, unreach }" pass inet proto icmp all icmp-type $icmp_types keep state # allow out the default range for traceroute(8): pass out on $ext_if inet proto udp from any to any port 33433 >< 33626 keep state pass out on $int_if inet proto udp from any to any port 33433 >< 33626 keep state pass out on $vhosts inet proto udp from any to any port 33433 >< 33626 keep state # All access to our Nginx/Apache/Lighttpd Webserver and other ports pass proto tcp from any to $int_if port $webports pass proto udp from any to $int_if port $webports pass proto udp from any to $int_if port $radiusports #pass proto tcp from any to $ext_if port $webports #pass proto udp from any to $ext_if port $webports #pass proto udp from any to $ext_if port $radiusports pass proto tcp from any to $vhosts port $webports pass proto udp from any to $vhosts port $webports pass in on $int_if proto tcp from any to any port = 36941 keep state pass in on $vhosts proto tcp from any to any port = 36941 keep state pass in on $kali proto tcp from any to any port = 36941 keep state # Allow essential outgoing traffic pass out quick on $int_if proto tcp to any port $int_tcp_services pass out quick on $int_if proto udp to any port $int_udp_services pass out quick on $int_if proto udp to any port $int_radius_services pass out quick on $ext_if proto tcp to any port $int_tcp_services pass out quick on $ext_if proto udp to any port $int_udp_services pass out quick on $ext_if proto udp to any port $int_radius_services pass out quick on $vhosts proto tcp to any port $int_tcp_services pass out quick on $vhosts proto udp to any port $int_udp_services #For radius make certain for older syatems port 1645 and current 1812 pass in log quick on $int_if proto tcp from any to any port = 1645 flags S/SA keep state pass in log quick on $int_if proto udp from any to any port = 1645 keep state pass in log quick on $int_if proto tcp from any to any port = 1812 flags S/SA keep state pass in log quick on $int_if proto udp from any to any port = 1812 keep state pass in log quick on $int_if proto tcp from any to any port = 36941 flags S/SA keep state pass in log quick on $int_if proto tcp from any to any port = 1645 flags S/SA keep state pass in log quick on $int_if proto udp from any to any port = 1645 keep state pass in log quick on $ext_if proto tcp from any to any port = 1812 flags S/SA keep state pass in log quick on $ext_if proto udp from any to any port = 1812 keep state pass in log quick on $ext_if proto tcp from any to any port = 36941 flags S/SA keep state pass in log quick on $ext_if proto udp from any to any port = 36941 keep state pass in log quick on $vhosts proto tcp from any to any port = 36941 flags S/SA keep state pass in log quick on $vhosts proto udp from any to any port = 36941 keep state pass out quick all flags S/SA keep state # Add custom rules below block quick from pass quick proto { tcp, udp } from any to any port ssh \ flags S/SA keep state \ (max-src-conn 15, max-src-conn-rate 5/3, \ overload flush global) ## I wonder if sshguard works with pf. 2) rc.conf ## Set your public interface ## ext_if="bce1" ##Internal bridge for virtually hosted machines int_if="bce0" bridge0="bridge0" ## Set your server public IP address ## #ext_if_ip="192.168.81.7" int_if_ip="192.168.81.14" bridge0_ip="192.168.81.13" intnet = $int_if:network #Proxy for FTP proxy="127.0.0.1" proxyport="8021" #All virtal machines go here! win2019="192.168.81.18" kali="192.168.81.15" seconion="192.168.81.16" parrot="192.168.81.17" #In case you need a whole group vhosts =" { 192.168.81.16, 192.168.81.15, 192.168.81.17,192.168.81.18 }" ## Set and drop these IP ranges on public interface and any other troublemakers ## martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \ 10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \ 0.0.0.0/8, 240.0.0.0/4 }" ## Set http(80)/https (443) port here and other ports that need accessing ## webports = "{http, https,8443,119,561,110,143,993,995,20,21,23,25,464,465,587,53,513,783,88,135,137,138,139,445,69,43,636,1024:65535}" # Radius radiusports = "{1645,1646,1812,1813 }" ## enable these services ## int_tcp_services = "{domain, ntp, smtp,nntp, smtps,submission, www, https,20,88,ftp, ssh,110,139,137,138,135,143,636,993,995,443,445,464,561,636,783,7500,8443,43,63,1024:65535}" int_udp_services = "{domain, ntp,69,88,137,138,139,445,464}" int_radius_services = "{1645,1646,1812,1813 }" ## Skip loop back interface - Skip all PF processing on interface bridge and virtual hosts ## set skip on lo set skip on bridge0 set skip on tap0 set skip on tap1 set skip on tap2 set skip on tap3 ## Sets the interface for which PF should gather statistics such as bytes in/out and packets passed/blocked ## set loginterface $ext_if set fingerprints "/etc/pf.os" # Deal with attacks based on incorrect handling of packet fragments scrub in all ################### TRANSLATION ############# #### NAT and RDR start nat on $ext_if from $intnet to any -> ($ext_if) nat on $intnet from $bridge0 to any -> ($intnet) nat on $bridge0 from $kali to any -> ($bridge0) nat on $bridge0 from $win2019 to any -> ($bridge0) nat on $bridge0 from $kali to any -> ($bridge0) ## PLease note for virtual machines you are passing the packects via the ## Virtual switch so treat as michine (tap) into switch (Bridge) into ## your macine acting as the host (exit) nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" # Redirect ftp traffic to proxy rdr pass proto tcp from any to any port ftp -> $proxy port $proxyport ## Set default policy ## block return in log all block out all # We need to have an anchor for ftp-proxy anchor "ftp-proxy/*" pass out proto tcp from $proxy to any port 20 pass out proto tcp from $proxy to any port 21 pass out on $int_if inet proto {tcp, udp} from $int_if to any port ftp:ftp-proxy pass in on egress proto tcp to port 21 pass in on egress proto tcp to port 20 pass in on egress proto tcp to port > 49151 pass out quick on egress inet proto tcp from any to 192.168.81.1 flags S/SA pass out quick on egress inet proto tcp from any to 192.168.81.3 flags S/SA #set up virtual switch pass in quick on bridge0 all pass quick on tap0 all pass quick on tap1 all pass quick on tap2 all pass quick on tap3 all # Drop all Non-Routable Addresses block drop in quick on $ext_if from $martians to any block drop out quick on $ext_if from any to $martians block drop in quick on $vhosts from $martians to any block drop out quick on $vhosts from any to $martians ## Blocking spoofed packets antispoof quick for $int_if antispoof quick for $ext_if antispoof quick for $vhosts # Open SSH port which is listening on port 22 from VPN 139.xx.yy.zz Ip only # I do not allow or accept ssh traffic from ALL for security reasons #pass in quick on $ext_if inet proto tcp from 192.168.81.0/24 to $ext_if_ip port = ssh flags S/SA keep state label "USER_RULE: Allow SSH from 139.xxx.yyy.zzz" ## Use the following rule to enable ssh for ALL users from any IP address # ## pass in inet proto tcp to $ext_if port ssh ### [ OR ] ### pass in inet proto tcp to $int_if port 22 #pass in inet proto tcp to $ext_if port 22 pass in inet proto tcp to $vhosts port 22 pass in inet proto tcp to $int_if port 36941 #pass in inet proto tcp to $ext_if port 36941 pass in inet proto tcp to $vhosts port 36941 # Allow Ping-Pong stuff. Be a good sysadmin icmp_types = "{ echoreq, unreach }" pass inet proto icmp all icmp-type $icmp_types keep state # allow out the default range for traceroute(8): pass out on $ext_if inet proto udp from any to any port 33433 >< 33626 keep state pass out on $int_if inet proto udp from any to any port 33433 >< 33626 keep state pass out on $vhosts inet proto udp from any to any port 33433 >< 33626 keep state # All access to our Nginx/Apache/Lighttpd Webserver and other ports pass proto tcp from any to $int_if port $webports pass proto udp from any to $int_if port $webports pass proto udp from any to $int_if port $radiusports #pass proto tcp from any to $ext_if port $webports #pass proto udp from any to $ext_if port $webports #pass proto udp from any to $ext_if port $radiusports pass proto tcp from any to $vhosts port $webports pass proto udp from any to $vhosts port $webports pass in on $int_if proto tcp from any to any port = 36941 keep state pass in on $vhosts proto tcp from any to any port = 36941 keep state pass in on $kali proto tcp from any to any port = 36941 keep state # Allow essential outgoing traffic pass out quick on $int_if proto tcp to any port $int_tcp_services pass out quick on $int_if proto udp to any port $int_udp_services pass out quick on $int_if proto udp to any port $int_radius_services pass out quick on $ext_if proto tcp to any port $int_tcp_services pass out quick on $ext_if proto udp to any port $int_udp_services pass out quick on $ext_if proto udp to any port $int_radius_services pass out quick on $vhosts proto tcp to any port $int_tcp_services pass out quick on $vhosts proto udp to any port $int_udp_services #For radius make certain for older syatems port 1645 and current 1812 pass in log quick on $int_if proto tcp from any to any port = 1645 flags S/SA keep state pass in log quick on $int_if proto udp from any to any port = 1645 keep state pass in log quick on $int_if proto tcp from any to any port = 1812 flags S/SA keep state pass in log quick on $int_if proto udp from any to any port = 1812 keep state pass in log quick on $int_if proto tcp from any to any port = 36941 flags S/SA keep state pass in log quick on $int_if proto tcp from any to any port = 1645 flags S/SA keep state pass in log quick on $int_if proto udp from any to any port = 1645 keep state pass in log quick on $ext_if proto tcp from any to any port = 1812 flags S/SA keep state pass in log quick on $ext_if proto udp from any to any port = 1812 keep state pass in log quick on $ext_if proto tcp from any to any port = 36941 flags S/SA keep state pass in log quick on $ext_if proto udp from any to any port = 36941 keep state pass in log quick on $vhosts proto tcp from any to any port = 36941 flags S/SA keep state pass in log quick on $vhosts proto udp from any to any port = 36941 keep state pass out quick all flags S/SA keep state # Add custom rules below block quick from pass quick proto { tcp, udp } from any to any port ssh \ flags S/SA keep state \ (max-src-conn 15, max-src-conn-rate 5/3, \ overload flush global) ## I wonder if sshguard works with pf. 2) rc.conf hostname="border.nk.ca" ifconfig_bce0="inet 192.168.81.14 netmask 255.255.255.0 promisc " ifconfig_bce1="up media 100baseTX mediaopt full-duplex promisc " ifconfig_bce2="up promisc" ifconfig_bce3="up promisc" defaultrouter="192.168.81.2" hald_enable="YES" named_enable="YES" sshd_enable="YES" sshguard_enable="YES" moused_enable="YES" ntpdate_enable="YES" ntpd_enable="YES" gateway_enable="YES" ipv6_gateway_enable="YES" pf_enable="YES" clamav_clamd_enable="YES" clamd_enable="YES" squid_enable="YES" tcsd_enable="YES" tcsd_mode="emulator" tpmd_enable="YES" dbus_enable="YES" apache24_enable="yes" postgresql_enable="YES" firebird_enable="YES" firebird_mode="superserver" suricata_enable="YES" suricata_divertport="8000" cloned_interfaces="bridge0 tap0 tap1 tap2 tap3" ifconfig_bridge0="addm bce2 addm tap0 addm tap1 addm tap2 addm tap3 up" #cloned_interfaces="bce0 bce1" ifconfig_bridge1="addm bce0 addm bce1 up" #firewall_enable="YES" #firewall_type="simple" #firewall_quiet="YES" #firewall_logging="YES" vm_enable="YES" vm_dir="/usr/vm/" vboxdrv_load="YES" xrdp_enable="YES" xrdp_sesman_enable="YES" saslauthd_enable="YES" openvassd_enable="YES" openvasmd_enable="YES" gsad_enable="YES" pflog_logfile="/var/log/pflog" # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev="AUTO" redis_enable="YES" cbsd_workdir="/usr/vm" cbsdrsyncd_enable="YES" cbsdrsyncd_flags="--config=/usr/vm/etc/rsyncd.conf" cbsdd_enable="YES" rcshutdown_timeout="900" What are anything internal not able to see the external world from a web browser? Further, My Android cell phone chokes. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism There shall be eternal summer in the grateful heart. -Celia Thaxter -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism There shall be eternal summer in the grateful heart. -Celia Thaxter From owner-freebsd-questions@freebsd.org Wed Apr 1 05:05:12 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A34AF2B01D4 for ; Wed, 1 Apr 2020 05:05:12 +0000 (UTC) (envelope-from freebsd@dreamchaser.org) Received: from nightmare.dreamchaser.org (ns.dreamchaser.org [66.109.141.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "dreamchaser.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48sYz94LvZz4NRL for ; Wed, 1 Apr 2020 05:04:52 +0000 (UTC) (envelope-from freebsd@dreamchaser.org) Received: from breakaway.dreamchaser.org (breakaway [192.168.151.122]) by nightmare.dreamchaser.org (8.15.2/8.15.2) with ESMTP id 03154f9v068038; Tue, 31 Mar 2020 23:04:41 -0600 (MDT) (envelope-from freebsd@dreamchaser.org) Subject: Re: weird 403 (forbidden) website access issue From: Gary Aitken To: Norman Gray Cc: FreeBSD Mailing List Reply-To: freebsd@dreamchaser.org, freebsd@dreamchaser.org References: <1f345a1d-f0c8-688c-c3e5-3a6b09ff1fa9@dreamchaser.org> Message-ID: Date: Tue, 31 Mar 2020 23:03:05 -0600 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: <1f345a1d-f0c8-688c-c3e5-3a6b09ff1fa9@dreamchaser.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (nightmare.dreamchaser.org [192.168.151.101]); Tue, 31 Mar 2020 23:04:41 -0600 (MDT) X-Rspamd-Queue-Id: 48sYz94LvZz4NRL X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=temperror (mx1.freebsd.org: error in processing during lookup of freebsd@dreamchaser.org: DNS error) smtp.mailfrom=freebsd@dreamchaser.org X-Spamd-Result: default: False [-5.36 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[freebsd@dreamchaser.org]; SPAMHAUS_ZEN_URIBL_FAIL(0.00)[query timed out]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_SPF_DNSFAIL(0.00)[-all]; FROM_HAS_DN(0.00)[]; IP_SCORE(-3.26)[ip: (-8.55), ipnet: 66.109.128.0/19(-4.27), asn: 21947(-3.42), country: US(-0.05)]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[dreamchaser.org]; REPLYTO_ADDR_EQ_FROM(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MAILSPIKE_FAIL(0.00)[57.141.109.66.rep.mailspike.net:query timed out]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RBL_NIXSPAM_FAIL(0.00)[57.141.109.66.ix.dnsbl.manitu.net:query timed out]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:21947, ipnet:66.109.128.0/19, country:US]; RSPAMD_URIBL_FAIL(0.00)[query timed out]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Apr 2020 05:05:12 -0000 On 3/31/20 5:20 PM, Gary Aitken wrote: > On 3/31/20 3:12 PM, Norman Gray wrote: ... >> On 31 Mar 2020, at 21:33, Gary Aitken wrote: >> >>> The addr (www.ovandoschool.org) resolves to 69.175.87.226 >>> >>> If I type in 69.175.87.226 in the address bar, I get a 403 error with a note 69.175.87.226/cp_errordocument.shtml (port 80) Seems to >>> be accessible fine from windows machines going through the same fbsd 11.3-RELEASE-P6 gateway (not the same system as the one with >>> the browser having the problem). >>> >>> If I manually access from the failing fbsd system, it works: >>> >>> $ telnet 69.175.87.226 80 Trying 69.175.87.226... Connected to >>> chi-node42.websitehostserver.net. Escape character is '^]'. GET / >>> HTTP/1.1 Host: www.ovandoschool.org >> >> If you type the IP address in to the address bar, then the browser >> will either send that as the 'Host' request header, or won't send the >> header at all.  Thus the server, presuming it's set up to serve >> multiple hosts, won't know which website to send back. > > Makes sense. ... > So the actual problem is the errors show up when the website url is > entered: http://www.ovandoschool.org/ > > I was using the IP to try to simplify the problem, but obviously that > won't work in this case. > > Since the site displays on windows machines when using the proper url, > but not on the fbsd machine, it feels like something messed up in my > fbsd environment. > > A tcpdump from the gateway for a successful (windows) access shows: > > IP 66.109.141.60.55271 > 69.175.87.226.80: Flags [S], seq 983728199, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], lengt > h 0 > IP 69.175.87.226.80 > 66.109.141.60.55271: Flags [S.], seq 4210427857, ack 983728200, win 29200, options [mss 1400,nop,nop,sackOK,no > p,wscale 7], length 0 > IP 66.109.141.60.55271 > 69.175.87.226.80: Flags [.], ack 1, win 16450, length 0 > IP 66.109.141.60.55271 > 69.175.87.226.80: Flags [P.], seq 1:375, ack 1, win 16450, length 374: HTTP: GET / HTTP/1.1 > IP 69.175.87.226.80 > 66.109.141.60.55271: Flags [.], ack 375, win 237, length 0 > IP 69.175.87.226.80 > 66.109.141.60.55271: Flags [.], seq 1:1401, ack 375, win 237, length 1400: HTTP: HTTP/1.1 200 OK > IP 69.175.87.226.80 > 66.109.141.60.55271: Flags [.], seq 1401:2801, ack 375, win 237, length 1400: HTTP > IP 69.175.87.226.80 > 66.109.141.60.55271: Flags [P.], seq 2801:2850, ack 375, win 237, length 49: HTTP > IP 69.175.87.226.80 > 66.109.141.60.55271: Flags [P.], seq 2850:3109, ack 375, win 237, length 259: HTTP > IP 69.175.87.226.80 > 66.109.141.60.55271: Flags [P.], seq 3109:3114, ack 375, win 237, length 5: HTTP > IP 66.109.141.60.55271 > 69.175.87.226.80: Flags [.], ack 3114, win 16450, length 0 > IP 66.109.141.60.55271 > 69.175.87.226.80: Flags [P.], seq 375:814, ack 3114, win 16450, length 439: HTTP: GET /wp-content/themes/tw > entythirteen/fonts/genericons.css?ver=2.09 HTTP/1.1 > > On the machine that fails, the tcpdump on the gateway shows: > > IP 66.109.141.62.12350 > 69.175.87.226.80: Flags [S], seq 1576349922, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 336582 > 5370 ecr 0], length 0 > IP 69.175.87.226.80 > 66.109.141.62.12350: Flags [S.], seq 4093820683, ack 1576349923, win 28960, options [mss 1400,sackOK,TS val 25 > 42931075 ecr 3365825370,nop,wscale 7], length 0 > IP 66.109.141.62.12350 > 69.175.87.226.80: Flags [.], ack 1, win 1028, options [nop,nop,TS val 3365825433 ecr 2542931075], length 0 > IP 66.109.141.62.12350 > 69.175.87.226.80: Flags [P.], seq 1:341, ack 1, win 1028, options [nop,nop,TS val 3365825523 ecr 2542931075 > ], length 340: HTTP: GET / HTTP/1.1 > IP 69.175.87.226.80 > 66.109.141.62.12350: Flags [.], ack 341, win 235, options [nop,nop,TS val 2542931231 ecr 3365825523], length 0 > IP 69.175.87.226.80 > 66.109.141.62.12350: Flags [P.], seq 1:1048, ack 341, win 235, options [nop,nop,TS val 2542931232 ecr 33658255 > 23], length 1047: HTTP: HTTP/1.1 403 Forbidden > IP 66.109.141.62.12350 > 69.175.87.226.80: Flags [.], ack 1048, win 1028, options [nop,nop,TS val 3365825697 ecr 2542931232], length >  0 > ... > I'm out of my depth here... > (Aside:  What's with the incorrect checksum flags?) > Comparing the gateway dumps, the difference is in the first four lines. > I've interlaced them below, with the lines from the successful request first: > > IP 66.109.141.60.55271 > 69.175.87.226.80: Flags [S], seq 983728199, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 > IP 66.109.141.62.12350 > 69.175.87.226.80: Flags [S], seq 1576349922, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 3365825370 ecr 0], length 0 > > IP 69.175.87.226.80 > 66.109.141.60.55271: Flags [S.], seq 4210427857, ack 983728200, win 29200, options [mss 1400,nop,nop,sackOK,nop,wscale 7], length 0 > IP 69.175.87.226.80 > 66.109.141.62.12350: Flags [S.], seq 4093820683, ack 1576349923, win 28960, options [mss 1400,sackOK,TS val 2542931075 ecr 3365825370,nop,wscale 7], length 0 > > IP 66.109.141.60.55271 > 69.175.87.226.80: Flags [.], ack 1, win 16450, length 0 > IP 66.109.141.62.12350 > 69.175.87.226.80: Flags [.], ack 1, win 1028, options [nop,nop,TS val 3365825433 ecr 2542931075], length 0 > > IP 66.109.141.60.55271 > 69.175.87.226.80: Flags [P.], seq 1:375, ack 1, win 16450, length 374: HTTP: GET / HTTP/1.1 > IP 66.109.141.62.12350 > 69.175.87.226.80: Flags [P.], seq 1:341, ack 1, win 1028, options [nop,nop,TS val 3365825523 ecr 2542931075], length 340: HTTP: GET / HTTP/1.1 > > IP 69.175.87.226.80 > 66.109.141.60.55271: Flags [.], ack 375, win 237, length 0 > IP 69.175.87.226.80 > 66.109.141.62.12350: Flags [.], ack 341, win 235, options [nop,nop,TS val 2542931231 ecr 3365825523], length 0 > > IP 69.175.87.226.80 > 66.109.141.60.55271: Flags [.], seq 1:1401, ack 375, win 237, length 1400: HTTP: HTTP/1.1 200 OK > IP 69.175.87.226.80 > 66.109.141.62.12350: Flags [P.], seq 1:1048, ack 341, win 235, options [nop,nop,TS val 2542931232 ecr 3365825523], length 1047: HTTP: HTTP/1.1 403 Forbidden How likely is it that the small window size (1028) in the 4th pair (HTTP: GET request) is causing the server to refuse the request? If so, is this a firefox issue or an underlying tcp issue? Thanks, Gary From owner-freebsd-questions@freebsd.org Wed Apr 1 07:09:38 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5FD942B2D4F for ; Wed, 1 Apr 2020 07:09:38 +0000 (UTC) (envelope-from artem@artem.ru) Received: from smtp57.i.mail.ru (smtp57.i.mail.ru [217.69.128.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48sckx6Zbzz4CPx for ; Wed, 1 Apr 2020 07:09:28 +0000 (UTC) (envelope-from artem@artem.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date:Message-ID:Subject:From:To; bh=IFP4/N4UA2xN1Ks9Vu0hkQKUjn9yTZEhS7Gtn5pYivw=; b=dXWeQGghZlDPZBb5Yx2E6/K6gHwLJjY/xvigs/wByIAmhVHeGB3Jm3U9jwTUzyVKJY8TXT3l1ZZbcrv0M20/DnFOB4QhX+NMZvqqPVWanZq906XFV26XTYv2EO55VrS8oUCGoIjqgSxjuSewomaIZds6FskdQg4OH4PIBJ8x+N0=; Received: by smtp57.i.mail.ru with esmtpa (envelope-from ) id 1jJXV0-0005uQ-1b for freebsd-questions@freebsd.org; Wed, 01 Apr 2020 10:09:18 +0300 To: FreeBSD Questions Mailing List From: Artem Kuchin Subject: gmirror disks differ at start.no boot from another disk? Message-ID: <901cb384-0888-a71c-2816-dff3e29b8119@artem.ru> Date: Wed, 1 Apr 2020 10:09:16 +0300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: ru X-7564579A: 646B95376F6C166E X-77F55803: 0A44E481635329DB0E1AA8A03B392317D32E5E48865217365060145B739F5F5C0B26773D4646A1B4F688BCB05C26794D727F189655C5A48A740BF0E960C779AB1BF4ADCB9620A77702219A9F187EED06 X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7227E4400968B082FEA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637C9C12B5E7390C9068638F802B75D45FF5571747095F342E8C7A0BC55FA0FE5FC0C1047E9E6D844F953868AA68EAFCDF0570ECBAFB5A704DE389733CBF5DBD5E913377AFFFEAFD269176DF2183F8FC7C0998E19D2343267C68941B15DA834481FCF19DD082D7633A0E7DDDDC251EA7DABA471835C12D1D977725E5C173C3A84C3FB12F4B11BB5604F117882F4460429728AD0CFFFB425014E40A5AABA2AD371193AA81AA40904B5D9A18204E546F3947C8ADF99E4698B9BE82D242C3BD2E3F4C64AD6D5ED66289B52E1A3F18E62937ED6302FCEF25BFAB345725E5C173C3A84C3CF30E10DBCAF6590BA3038C0950A5D36B5C8C57E37DE458B0B4866841D68ED3522CA9DD8327EE4930A3850AC1BE2E73557739F23D657EF2BB5C8C57E37DE458B4C7702A67D5C3316FA3894348FB808DB48C21F01D89DB561574AF45C6390F7469DAA53EE0834AAEE X-D57D3AED: Y8kq8+OzVozcFQziTi/Zi1xwo7H2ZNxGP5qz8aO2mjTJzjHGC4ogvVuzB3zfVUBtENeZ6b5av1fnCBE34JUDkWdM6QxE+Ga5d8voMtmXfSon+hp/4iz1LgD/ql6jfy+t X-Mailru-Sender: 0E9E14D9EC491FBA79C5613A73A5E7B2D8B2D6461C0C46E98CE4A0EC0A5CF8DFDD03CEE4594BE6CF8A4382C47DA47812C77752E0C033A69E376A1339FE8876DF1FC4F5A70058821069EB1F849E6DBC830DA7A0AF5A3A8387 X-Mras: Ok X-Rspamd-Queue-Id: 48sckx6Zbzz4CPx X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=mail.ru header.s=mail2 header.b=dXWeQGgh; dmarc=none; spf=none (mx1.freebsd.org: domain of artem@artem.ru has no SPF policy when checking 217.69.128.37) smtp.mailfrom=artem@artem.ru X-Spamd-Result: default: False [-1.19 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.94)[-0.944,0]; R_DKIM_ALLOW(-0.20)[mail.ru:s=mail2]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.97)[-0.974,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[artem.ru]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(0.03)[ipnet: 217.69.128.0/20(-0.09), asn: 47764(0.24), country: RU(0.01)]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[mail.ru:+]; RCVD_IN_DNSWL_NONE(0.00)[37.128.69.217.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:47764, ipnet:217.69.128.0/20, country:RU]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Apr 2020 07:09:38 -0000 Hello! Since i had a bad sector and corrected it i decided also to check how my mirror is in sync. What i found out that two disks have totally dfferent starting bytes. Cannot for sure what's there, but it seems like one disk has a bootloader and anoter one does not. So, if disk with bootloader fails i will not be able to boot from the mirror disk. dd if=/dev/ada1 of=./z1 bs=512 count=16 # strings z1 EFI u PARTu E(f; E,f;D Boot loader too large Invalid partition table I/O error loading boot loader Missing boot loader EFI PART GBW( -       q+] -       q+M dd if=/dev/ada2 of=./z1 bs=512 count=16 # strings z2 EFI PART GBW( -       q+ -       q+ Am I correct? How to fix it? Artem From owner-freebsd-questions@freebsd.org Wed Apr 1 09:54:38 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E4A4E2B6B76 for ; Wed, 1 Apr 2020 09:54:38 +0000 (UTC) (envelope-from artem@artem.ru) Received: from smtp40.i.mail.ru (smtp40.i.mail.ru [94.100.177.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48shPG1Bdyz42Hv for ; Wed, 1 Apr 2020 09:54:25 +0000 (UTC) (envelope-from artem@artem.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:References:Cc:To:Subject; bh=UHGpvnpPpHPNgskDHUVilhJLSpa4Qx9xuKUdiiNeyWA=; b=T5BkDZYBlbYSFYiENuXn8UZihdV10TI7o/IaF3vRyG9V3WrRheG9NIxp6WK1HPwz7AqwNXo0G9VsvN7/1VgsMsz1SwLshIfW/lsSeak6b+hwOPINrJWZEe0XP6zZQcAnabGY8hkunkI4I0qVaV78EgZkZB1Ler1w2eGmCCP7XGc=; Received: by smtp40.i.mail.ru with esmtpa (envelope-from ) id 1jJa4c-0000v0-04; Wed, 01 Apr 2020 12:54:14 +0300 Subject: Re: I see no way to convert LBA to disk position To: freebsd-questions@freebsd.org Cc: dpchrist@holgerdanske.com, "Kevin P. Neal" References: <2f107fd2-de31-7dfc-7c3e-abb3597b9f3f@artem.ru> <20200331194552.GA393@neutralgood.org> From: Artem Kuchin Message-ID: <0cab898e-b059-282c-0e9c-5e9110c23707@artem.ru> Date: Wed, 1 Apr 2020 12:54:12 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: <20200331194552.GA393@neutralgood.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: ru X-7564579A: B8F34718100C35BD X-77F55803: 0A44E481635329DB0E1AA8A03B392317D32E5E48865217365060145B739F5F5C37D2C72149323728F688BCB05C26794D70319E09A85105D8D7CCCD8B7AA843DC20670368477865C30DBC4301B95360A7 X-7FA49CB5: 0D63561A33F958A5506BDBAD86E5D383FC507B926894706DA29E2F051442AF778941B15DA834481FA18204E546F3947C0839144E5BB460BAF6B57BC7E64490618DEB871D839B7333395957E7521B51C2545D4CF71C94A83E9FA2833FD35BB23D27C277FBC8AE2E8B55B19328CBC4F849A471835C12D1D977C4224003CC8364767815B9869FA544D8D32BA5DBAC0009BE9E8FC8737B5C2249CB3CB8E9EF962DC476E601842F6C81A12EF20D2F80756B5F012D6517FE479FCD76E601842F6C81A127C277FBC8AE2E8BE270C32E94023BD73AA81AA40904B5D99449624AB7ADAF3726B9191E2D567F0E725E5C173C3A84C34B08FA16E56A400835872C767BF85DA2F004C906525384306FED454B719173D6462275124DF8B9C9DE2850DD75B2526BE5BFE6E7EFDEDCD789D4C264860C145E X-D57D3AED: Y8kq8+OzVozcFQziTi/Zi1xwo7H2ZNxGP5qz8aO2mjTJzjHGC4ogvVuzB3zfVUBtENeZ6b5av1fnCBE34JUDkWdM6QxE+Ga5d8voMtmXfSo/Ryvq+H5osLRFuIOw5Q1i X-Mailru-Internal-Actual: A:0.91245944679341 X-Mailru-Sender: 00097D31F91C944BC432837C7FF0DF43909C840BA42857514AC9DBA57CC529FBC4D97666E492C5A06D82E86CD0B8CCCC342CD0BA774DB6A91DF22CB62C7DF609901300E88B9FC5FAEDA952A69F3EBF603453F38A29522196 X-Mras: Ok X-Rspamd-Queue-Id: 48shPG1Bdyz42Hv X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=mail.ru header.s=mail2 header.b=T5BkDZYB; dmarc=none; spf=none (mx1.freebsd.org: domain of artem@artem.ru has no SPF policy when checking 94.100.177.100) smtp.mailfrom=artem@artem.ru X-Spamd-Result: default: False [-2.33 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.996,0]; R_DKIM_ALLOW(-0.20)[mail.ru:s=mail2]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-0.997,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[artem.ru]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[mail.ru:+]; R_SPF_NA(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; RCVD_IN_DNSWL_LOW(-0.10)[100.177.100.94.list.dnswl.org : 127.0.5.1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:47764, ipnet:94.100.176.0/20, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.06)[ipnet: 94.100.176.0/20(0.06), asn: 47764(0.24), country: RU(0.01)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Apr 2020 09:54:39 -0000 I am having troubles with my mail system - i do not see about half of all messages in the freebsd listrs and they are not in spam. So, i will answer to myself and others 1. About writing zeroes to reset pending sectors: My mistakes. It is not related to smart specs. It is just how people do it. Probably because it is easy to write zeros and read them back to check. /dev/urandom is not good for that. But i think any write will trigger remapping or repair. 2. About LBA->sector  offset question I found this on man page for smartctl: Because of the limitations of the SMART  error log, if the LBA is greater than 0xfffffff, then either  no error  log  entry will be made, or the error log entry will have an incorrect LBA.  This may happen for drives  with  a  capacity greater than 128 GiB or 137 GB. Now, lets see in binary what i have in smart and what i have in reality in smart 1011001111101101111000001000 in reality 100101011001111101101111000001000 So, as you see,  the real LBA address is 10010 concat 1011 00111110 11011110 00001000 So, there is just not enough bits to store and show full LBA address. The smart log conrain onky 28 bits if LBA - it is ATA-1 spec of 1986!!! The disk itself is ATA-8 specs and has 48 bit LBA. This specs (ATA-8): http://www.t13.org/documents/uploadeddocuments/docs2008/d1699r6a-ata8-acs.pdf in A.15.1 Overview says "The Summary SMART Error log supports 28-bit addressing only." and The value of the Summary SMART Error log version byte shall be 01h smartctl shows error log version 1 for my disk, it is summary error log with only 28bit LBA Next version of log: comprehensive error log (02h) - and it is also only 28 bit LBA. The next version of log if EXTENDED comprehensive error log (03h) - and only this error log has 48 bit LBA. However, my disk DOES include EC error log! Then i looked at the smartctl man page to see why i don't see it and i found my mistake. -a option does not include -xerror but -x option - does So,smartctl -x /dev/ada2 shows SMART Extended Comprehensive Error Log Version: 1 (1 sectors) Error: WP at LBA = 0x12b3ede08 = 5020507656 Whis is exactly what i found myself  (512 block) -  5020507656 From there it is easy to check if it is used by a file: # gpart show =>        34  5860533101  ada2  GPT  (2.7T)           34           6        - free -  (3.0K)           40         128     1  freebsd-boot  (64K)          168     8388608     2  freebsd-swap  (4.0G)      8388776  5852144352     3  freebsd-ufs  (2.7T)   5860533128           7        - free -  (3.5K) 5020507656- 8388776 = 5012118880 This is our 512K block relative to filsystrem start (ada2p3 in my case) then fsdb /dev/ada2p3 findblk 5012118880 if result is empty then it is not allocated since the real sector is 4096 then we need to write zeros (or something) to 8 secots starting from 5012118880 # enable writing to raw devices sysctl -w kern.geom.debugflags=16 # write to raw device offset  !!! NOT TO FS OFFSET dd if=/dev/zero of=/dev/ada2  oseek=5020507656  count=8 # disable write to raw device sysctl -w kern.geom.debugflags=0 Voila! no pendig sectors and, in my case, no relocated too. Probably power glitch while write. Artem From owner-freebsd-questions@freebsd.org Wed Apr 1 11:59:38 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 27F4A2B95F1 for ; Wed, 1 Apr 2020 11:59:38 +0000 (UTC) (envelope-from schmorp@schmorp.de) Received: from mail.nethype.de (mail.nethype.de [5.9.56.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48sl9Q493Sz3LRQ for ; Wed, 1 Apr 2020 11:59:21 +0000 (UTC) (envelope-from schmorp@schmorp.de) Received: from [10.0.0.5] (helo=doom.schmorp.de) by mail.nethype.de with esmtp (Exim 4.92) (envelope-from ) id 1jJc1U-002vrk-R4; Wed, 01 Apr 2020 11:59:08 +0000 Received: from [10.0.0.1] (helo=cerebro.laendle) by doom.schmorp.de with esmtp (Exim 4.92) (envelope-from ) id 1jJc1U-00018U-LC; Wed, 01 Apr 2020 11:59:08 +0000 Received: from root by cerebro.laendle with local (Exim 4.92) (envelope-from ) id 1jJc1U-0001rC-Kp; Wed, 01 Apr 2020 13:59:08 +0200 Date: Wed, 1 Apr 2020 13:59:08 +0200 From: Marc Lehmann To: Richard Tobin Cc: freebsd@dreamchaser.org, FreeBSD Mailing List Subject: Re: weird 403 (forbidden) website access issue Message-ID: <20200401115908.GA6415@schmorp.de> References: <20200331210711.301BC2CC98FE@macaroni.inf.ed.ac.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200331210711.301BC2CC98FE@macaroni.inf.ed.ac.uk> OpenPGP: id=904ad2f81fb16978e7536f726dea2ba30bc39eb6; url=http://pgp.schmorp.de/schmorp-pgpkey.txt; preference=signencrypt X-Rspamd-Queue-Id: 48sl9Q493Sz3LRQ X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=schmorp.de; spf=pass (mx1.freebsd.org: domain of schmorp@schmorp.de designates 5.9.56.24 as permitted sender) smtp.mailfrom=schmorp@schmorp.de X-Spamd-Result: default: False [-5.12 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a:spf.schmorp.de]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DMARC_POLICY_ALLOW(-0.50)[schmorp.de,none]; IP_SCORE(-2.32)[ip: (-7.67), ipnet: 5.9.0.0/16(-2.34), asn: 24940(-1.56), country: DE(-0.02)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:5.9.0.0/16, country:DE]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Apr 2020 11:59:38 -0000 On Tue, Mar 31, 2020 at 10:07:11PM +0100, Richard Tobin wrote: > If you give a browser the numeric IP address, it won't know what > Host: header to send. HTTP/1.1 specifies exactly what to send in that case, namely the uri-host, which would simply tbe the IP address in this case - URLs with ip literals are perfectly fine and work with HTTP/1.1. It might still be cause of a problem on the server side, but browser behaviour is pretty much inversally the same for this case. -- The choice of a Deliantra, the free code+content MORPG -----==- _GNU_ http://www.deliantra.net ----==-- _ generation ---==---(_)__ __ ____ __ Marc Lehmann --==---/ / _ \/ // /\ \/ / schmorp@schmorp.de -=====/_/_//_/\_,_/ /_/\_\ From owner-freebsd-questions@freebsd.org Wed Apr 1 12:25:32 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 55AF72BA321 for ; Wed, 1 Apr 2020 12:25:32 +0000 (UTC) (envelope-from markand@malikania.fr) Received: from smtp.smtpout.orange.fr (smtp07.smtpout.orange.fr [80.12.242.129]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client CN "Bizanga Labs SMTP Client Certificate", Issuer "Bizanga Labs CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48sllP3dQXz41Mg for ; Wed, 1 Apr 2020 12:25:20 +0000 (UTC) (envelope-from markand@malikania.fr) Received: from postfix.malikania.fr ([5.135.187.121]) by mwinf5d65 with ME id MQR92200g2dbEiD03QRAVH; Wed, 01 Apr 2020 14:25:10 +0200 X-ME-Helo: postfix.malikania.fr X-ME-Auth: ZGVtZWxpZXIuZGF2aWRAb3JhbmdlLmZy X-ME-Date: Wed, 01 Apr 2020 14:25:10 +0200 X-ME-IP: 5.135.187.121 Received: from [167.3.108.158] (unknown [77.159.242.250]) by postfix.malikania.fr (Postfix) with ESMTPSA id 84487143B8 for ; Wed, 1 Apr 2020 14:25:08 +0200 (CEST) Subject: Re: FreeBSD asking contributors to fix their opinions - is it official? To: freebsd-questions@freebsd.org References: <20200321122609.GB5709@schmorp.de> From: David Demelier Message-ID: <9040e619-7d00-d91a-bcb4-d78e50760dae@malikania.fr> Date: Wed, 1 Apr 2020 14:25:07 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: <20200321122609.GB5709@schmorp.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: fr Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 48sllP3dQXz41Mg X-Spamd-Bar: +++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of markand@malikania.fr has no SPF policy when checking 80.12.242.129) smtp.mailfrom=markand@malikania.fr X-Spamd-Result: default: False [5.30 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; IP_SCORE(1.40)[ip: (2.79), ipnet: 80.12.240.0/20(1.59), asn: 3215(2.63), country: FR(0.00)]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[3]; MIME_TRACE(0.00)[0:+]; NEURAL_SPAM_MEDIUM(1.00)[0.996,0]; NEURAL_SPAM_LONG(1.00)[1.000,0]; RCVD_IN_DNSWL_NONE(0.00)[129.242.12.80.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; DMARC_NA(0.00)[malikania.fr]; RWL_MAILSPIKE_POSSIBLE(0.00)[129.242.12.80.rep.mailspike.net : 127.0.0.17]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:3215, ipnet:80.12.240.0/20, country:FR]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Apr 2020 12:25:32 -0000 Le 21/03/2020 à 13:26, Marc Lehmann a écrit : > Hi! > > This is a request to clarify official policy of the FreeBSD project with > regards to regulating opinions - if this list is not the right list to > ask this question, I would be extremely happy if people could direct me > ot a more appropriate forum - I didn't find anything that seemed more > appropriate, so I am posting to this list. Apologies if this was wrong. > > Moving along, today, I received a mail[1] by some adamw@freebsd.org, > asking me to remove what "FreeBSD" perceives to be personal opinions from > my perl module, Canary::Stability[2]. > > His mail is a bit hard to read, as it makes many claims and practically > gives no evidence for them (and most are hard to believe for me, tpo be > honest). The only remotely actionably thing seesm to be that I really need > to remove these personal opinions. > > Since he writes as "@freebsd.org" and he claims that... > > I'd like to strongly urge you to retire Canary::Stability. [...] > > FreeBSD has had to go to lengths to fix Canary::Stability. If you > really are married to the module, can you please [...] remove the > personal opinions? > > If I read this correctly, he is acting in a capacity officially > representing FreeBSD in that matter and seems to indicate that the FreeBSD > project needs to police what it perceives as personal opinions. In fact, > it seems to be the most urgent and pressing matter, as nothing else of > substance was written. I personally think that personal opinions should not be present in any software (even outside FreeBSD). Code should not express personal opinions since not all people share the same and I don't want to be associated with those. I personally dislike python, ruby but I keep this for me whenever I see some problems with software I use that are written in those and do the same when I send patch about it. That said, I'm not sure if there is any policy towards this issue, but I'd love to see that FreeBSD should be unopinionated development. My $0.02. -- David From owner-freebsd-questions@freebsd.org Wed Apr 1 15:27:09 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F18752BEAEA for ; Wed, 1 Apr 2020 15:27:08 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.netfence.it (net-2-44-121-52.cust.vodafonedsl.it [2.44.121.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mailserver.netfence.it", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48sqmw5N3vz4C57 for ; Wed, 1 Apr 2020 15:26:56 +0000 (UTC) (envelope-from ml@netfence.it) Received: from alamar.ventu (alamar.local.netfence.it [10.1.2.18]) (authenticated bits=0) by soth.netfence.it (8.15.2/8.15.2) with ESMTPSA id 031FQfUh095552 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO) for ; Wed, 1 Apr 2020 17:26:44 +0200 (CEST) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.netfence.it: Host alamar.local.netfence.it [10.1.2.18] claimed to be alamar.ventu From: Andrea Venturoli Subject: Running cad/openscad remotely To: freebsd-questions@freebsd.org Message-ID: <9bf1b0cf-b3ee-ce99-ca7a-185ec28f75c7@netfence.it> Date: Wed, 1 Apr 2020 17:26:41 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48sqmw5N3vz4C57 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=netfence.it; spf=pass (mx1.freebsd.org: domain of ml@netfence.it designates 2.44.121.52 as permitted sender) smtp.mailfrom=ml@netfence.it X-Spamd-Result: default: False [-4.47 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RBL_SEM_FAIL(0.00)[52.121.44.2.bl.spameatingmonkey.net:query timed out]; R_SPF_ALLOW(-0.20)[+ip4:2.44.121.52]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; SEM_URIBL_FRESH15_UNKNOWN_FAIL(0.00)[query timed out]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; DMARC_POLICY_ALLOW(-0.50)[netfence.it,none]; IP_SCORE(-1.67)[ip: (-8.15), ipnet: 2.44.0.0/16(-4.08), asn: 30722(3.85), country: IT(0.03)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:30722, ipnet:2.44.0.0/16, country:IT]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Apr 2020 15:27:09 -0000 Hello. (For those who don't know OpenSCAD is a software that creates 3D shapes from text commands and renders them: it can run interactively or can be scripted to produce images.) I need to run it as part of a more complex script and that script runs in a jail in a remote server; I can connect to that jail via ssh and run X applications. However, OpenSCAD throws the following: > libGL error: failed to open drm device: No such file or directory > libGL error: failed to load driver: r600 > libGL error: unable to load driver: swrast_dri.so > libGL error: failed to load driver: swrast > X Error of failed request: BadValue (integer parameter out of range for operation) > Major opcode of failed request: 156 (GLX) > Minor opcode of failed request: 24 (X_GLXCreateNewContext) > Value in failed request: 0x0 > Serial number of failed request: 30 > Current serial number in output stream: 31 Is there any way to let this run? I don't care about performance, as the operation is quite light; so acceleration on the local host (where X server runs), acceleration on the remote host, software rendering... anything is fine. bye & Thanks av. From owner-freebsd-questions@freebsd.org Wed Apr 1 16:19:52 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C079E27812F for ; Wed, 1 Apr 2020 16:19:52 +0000 (UTC) (envelope-from jacques+freebsd@foucry.net) Received: from mail.foucry.net (fournil.foucry.net [95.217.83.231]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48srxZ6pj2z4Xh9 for ; Wed, 1 Apr 2020 16:19:30 +0000 (UTC) (envelope-from jacques+freebsd@foucry.net) Received: from mithril.localdomain (unknown [IPv6:2001:910:1086:1:7584:7bef:b2e7:9f65]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.foucry.net (Postfix) with ESMTPSA id D0A03473CB for ; Wed, 1 Apr 2020 16:19:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foucry.net; s=dkim; t=1585757957; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yRSjMAP/VkSD3+MhzxNXv1FCx6ozdFRLO5wg7VUUu7s=; b=wBIVlfPkYBQk4UijqqV33h3NsY15FYJHl5r2D9AicSE2p+u2oupk3K6kCvn+APujyLiNdy MH+lu2mNP3icFdD6ParEc76VPoB0/FP9aBwXGDFAB5o7CBQ2P+h+mgpxvw51Q+fBjud438 L45hKKfIprajKlvnJR+KIHW4wgA6DCQ= Received: from mithril.foucry.net (mithril.foucry.net [IPv6:::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mithril.localdomain (Postfix) with ESMTPS id 0A6A618107 for ; Wed, 1 Apr 2020 18:19:16 +0200 (CEST) Date: Wed, 1 Apr 2020 18:19:14 +0200 From: Jacques Foucry To: freebsd-questions@freebsd.org Subject: icingaweb2 and nginx are in jail Message-ID: <20200401161914.GA7923@mithril.foucry.net> Mail-Followup-To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-0.10 X-Rspamd-Server: mail.foucry.net X-Spam-Score: -0.10 X-Rspamd-Queue-Id: 48srxZ6pj2z4Xh9 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=foucry.net header.s=dkim header.b=wBIVlfPk; dmarc=temperror reason="query timed out" header.from=foucry.net (policy=temperror); spf=pass (mx1.freebsd.org: domain of jacques@foucry.net designates 95.217.83.231 as permitted sender) smtp.mailfrom=jacques@foucry.net X-Spamd-Result: default: False [-1.94 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[foucry.net:s=dkim]; NEURAL_HAM_MEDIUM(-0.98)[-0.975,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.96)[-0.962,0]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[foucry.net:+]; DMARC_DNSFAIL(0.00)[foucry.net : query timed out]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(0.50)[ipnet: 95.217.0.0/16(4.08), asn: 24940(-1.57), country: DE(-0.02)]; ASN(0.00)[asn:24940, ipnet:95.217.0.0/16, country:DE]; TAGGED_FROM(0.00)[freebsd]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Apr 2020 16:19:52 -0000 Hello folks, I try since now 2 weeks to make working icingaweb2 in a jail with nginx as http server and php-fpm but it don't work. The log is pretty clear: `/usr/local/www/icingaweb2/public/css/icinga.min.css` which is true there is no .css in ちhis directory bur .less kind of css. icingaweb2 *SHOULD* create the correct ccs _on the fly_. I cannot figure whatśs going wrong. In `/usr/local/etc/icingweb2` I only have the setup.token file. The ngnix configuration was made with the icingacli utility: ``` server { listen 80 default_server; listen [::]:80; server_name icinga.example.com root /usr/local/www/icingaweb2/public; index index.php; charset utf-8; default_type application/octet-stream; access_log /var/log/nginx/icinga.access.log; error_log /var/log/nginx/icinga.error.log; location ~ ^/icingaweb2/index\.php(.*)$ { fastcgi_pass 127.0.1.29:9000; try_files $uri /index.php =404; #fastcgi_pass unix:/var/run/php-fpm.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/www/icingaweb2/public/index.php; fastcgi_param ICINGAWEB_CONFIGDIR /usr/local/etc/icingaweb2; fastcgi_param REMOTE_USER $remote_user; } location ~ ^/icingaweb2(.+)? { alias /usr/local/www/icingaweb2/public; index index.php; try_files $1 $uri $uri/ /icingaweb2/index.php$is_args$args; } } ``` Note: 127.0.20.1 is the loopback ip for this jail The SSL part is done by the host PHP-FPM run: www php-fpm 94221 6 tcp4 127.0.1.20:9000 *:* www php-fpm 94220 6 tcp4 127.0.1.20:9000 *:* root php-fpm 94219 8 tcp4 127.0.1.20:9000 *:* So, if someone could help me, give me some advice, it will be really appreciate. -- Jacques Foucry From owner-freebsd-questions@freebsd.org Wed Apr 1 19:09:17 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D670F27E246 for ; Wed, 1 Apr 2020 19:09:17 +0000 (UTC) (envelope-from FreeBSD@chroot.pl) Received: from mail.apsz.com.pl (mail.apsz.com.pl [91.217.18.46]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48swjL24KQz3CTv for ; Wed, 1 Apr 2020 19:09:08 +0000 (UTC) (envelope-from FreeBSD@chroot.pl) Received: from chroot.pl (89-74-178-152.dynamic.chello.pl [89.74.178.152]) by mail.apsz.com.pl (Postfix) with ESMTPS id 6B814E745E; Wed, 1 Apr 2020 20:13:59 +0200 (CEST) Subject: Re: replace disk in zpool - solved DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=chroot.pl; s=mail; t=1585764838; bh=+0DE8YuaG7AdHBU+ORSrST43Jhpavt6+nafkAzhR1j0=; h=Subject:To:References:From:Date:In-Reply-To; b=wu6w91N6Mpc839lnYnCHg71I5LYqrPvvNdhmmI5INGal0NllXwjTKHwZcL3s6Efdi IHYopuq9pDUtpHa4/yVbYHIF60s/PbQXcxrIMrQRR67sfx2JR4MtVjytjxrfoaNuhA NOiU7/RJQ2SWe6Ig/dWshc6GOxG1FfIPslUp2vAKxGG/+z+x0Cf39BMYyQrw+rL1TF 4sSVD3ZMztobxA9Y5ISt7YJGvOrE0Rt0TkkVsx4P1Kguof5TsQtg6ZtaIqZ6IaI15W 0HtRQXCYHLm/JzYPRnBh8kpWKrHuBsHbs9tQqKUn6/hMrS7Rp1hTem1qwr7moNtDJx 4gDGqLkZG4JUg== To: freebsd-questions@freebsd.org, dpchrist@holgerdanske.com References: <18a94704-5411-3b44-a525-2ae50121a467@holgerdanske.com> <4a8d409e-ecac-77c8-3ad9-025aefdfb4ef@holgerdanske.com> <20200325081814.GK35528@mithril.foucry.net> From: Lukasz Message-ID: <25828f1e-8a9c-6e05-aa62-eefc734ae412@chroot.pl> Date: Wed, 1 Apr 2020 20:13:57 +0200 User-Agent: WebMail MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: pl-PL Content-Transfer-Encoding: 8bit X-Spam-Status: Yes, score=4.1 required=4.0 tests=BAYES_50,KHOP_HELO_FCRDNS, RDNS_DYNAMIC autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mail.apsz.com.pl X-Virus-Scanned: clamav-milter 0.102.2 at mail.apsz.com.pl X-Virus-Status: Clean X-Spam-Flag: YES X-Spam-Report: * 2.0 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] * 1.7 RDNS_DYNAMIC Delivered to internal network by host with * dynamic-looking rDNS * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS X-Spam-Level: **** X-Rspamd-Queue-Id: 48swjL24KQz3CTv X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=chroot.pl header.s=mail header.b=wu6w91N6; dmarc=pass (policy=none) header.from=chroot.pl; spf=pass (mx1.freebsd.org: domain of FreeBSD@chroot.pl designates 91.217.18.46 as permitted sender) smtp.mailfrom=FreeBSD@chroot.pl X-Spamd-Result: default: False [2.54 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.79)[-0.786,0]; R_DKIM_ALLOW(-0.20)[chroot.pl:s=mail]; SPAM_FLAG(5.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:91.217.18.46:c]; GREYLIST(0.00)[pass,body]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-0.70)[-0.699,0]; XM_UA_NO_VERSION(0.01)[]; RECEIVED_SPAMHAUS_PBL(0.00)[152.178.74.89.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[chroot.pl:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[chroot.pl,none]; RCVD_IN_DNSWL_NONE(0.00)[46.18.217.91.list.dnswl.org : 127.0.10.0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(0.01)[country: PL(0.06)]; ASN(0.00)[asn:51426, ipnet:91.217.18.0/23, country:PL]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Apr 2020 19:09:18 -0000 Hello, I restored corrupted files from backup. Regards, Lukasz On 3/30/20 21:02, David Christensen wrote: > On 2020-03-30 11:06, Lukasz wrote: >> this behavior was due to errors in zpool. > > Solved how?  Could you please expand upon errors in zpool and how you got past them? > > > I have been confused by zpool and zfs on several occasions.  Even if I cannot understand something, perhaps I can add another "monkey see, monkey do" trick to my repertoire for the next time I run into problems. > > > David > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" From owner-freebsd-questions@freebsd.org Wed Apr 1 21:55:30 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D49102A4716 for ; Wed, 1 Apr 2020 21:55:30 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from holgerdanske.com (holgerdanske.com [IPv6:2001:470:0:19b::b869:801b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "holgerdanske.com", Issuer "holgerdanske.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48t0P91TQCz3JjH for ; Wed, 1 Apr 2020 21:55:24 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from 99.100.19.101 ([99.100.19.101]) by holgerdanske.com with ESMTPSA (ECDHE-RSA-AES128-GCM-SHA256:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(128):Mac=AEAD) (SMTP-AUTH username dpchrist@holgerdanske.com, mechanism PLAIN) for ; Wed, 1 Apr 2020 14:43:58 -0700 Subject: Re: replace disk in zpool - solved To: freebsd-questions@freebsd.org References: <18a94704-5411-3b44-a525-2ae50121a467@holgerdanske.com> <4a8d409e-ecac-77c8-3ad9-025aefdfb4ef@holgerdanske.com> <20200325081814.GK35528@mithril.foucry.net> <25828f1e-8a9c-6e05-aa62-eefc734ae412@chroot.pl> From: David Christensen Message-ID: <07f3de58-b1ac-d1c1-e794-c455f13cc79c@holgerdanske.com> Date: Wed, 1 Apr 2020 14:43:57 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: <25828f1e-8a9c-6e05-aa62-eefc734ae412@chroot.pl> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48t0P91TQCz3JjH X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of dpchrist@holgerdanske.com has no SPF policy when checking 2001:470:0:19b::b869:801b) smtp.mailfrom=dpchrist@holgerdanske.com X-Spamd-Result: default: False [-2.83 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; IP_SCORE(-1.73)[ip: (-0.33), ipnet: 2001:470::/32(-4.66), asn: 6939(-3.60), country: US(-0.05)]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; DMARC_NA(0.00)[holgerdanske.com]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Apr 2020 21:55:31 -0000 On 2020-04-01 11:13, Lukasz wrote: > On 3/30/20 21:02, David Christensen wrote: >> On 2020-03-30 11:06, Lukasz wrote: >>> this behavior was due to errors in zpool. >> Solved how? Could you please expand upon errors in zpool and how >> you got past them? > I restored corrupted files from backup. That is something I would like to learn how to do on ZFS. Could you please elaborate: - How did you determine what files were corrupt? - How do you perform backups? - How did you restore the corrupted files? David From owner-freebsd-questions@freebsd.org Thu Apr 2 07:57:25 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E3F7C2741B7; Thu, 2 Apr 2020 07:57:24 +0000 (UTC) (envelope-from ihor@antonovs.family) Received: from mail.antonovs.family (mail.antonovs.family [100.25.240.195]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.antonovs.family", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48tFlT1JV4z3F76; Thu, 2 Apr 2020 07:57:08 +0000 (UTC) (envelope-from ihor@antonovs.family) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=antonovs.family; s=20200215; t=1585814216; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=1DWlmgC3hXSwofJXx9sNFHqg9YRUtuZM3trReRNkAII=; b=omYXB/fjLGzI2ISKBhAqRYia+IBCy6iTLJhI1KbPoq4inZMggEQKl6qQX1RKd8tQVDNp9y zV2OnVFtioZ3nixfJAL65+9MMWBLV5AR1bNEU5dWyzhpEMboF6PJC1HU66CKzSsHiW4a9V btzsd+sPYdmPO13WGKBQGRZYchfJBLY= Received: by mail.antonovs.family (OpenSMTPD) with ESMTPSA id 5b42eedc (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Thu, 2 Apr 2020 07:56:56 +0000 (UTC) Date: Thu, 2 Apr 2020 00:56:53 -0700 From: Ihor Antonov To: Allan Jude Cc: freebsd-questions@freebsd.org, freebsd-current@freebsd.org, FreeBSD Hackers Subject: Re: FreeBSD Office Hours: April 1, 2020 18:00 UTC Message-ID: <20200402075653.wi4jcapp5mdg44sy@sea-ll-10936> References: <5cae4eda-b3e9-a65e-a2dc-8f9435f20236@freebsd.org> <056ee35e-4645-6ffe-e0a9-9b4940a5ba1a@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <056ee35e-4645-6ffe-e0a9-9b4940a5ba1a@freebsd.org> X-Rspamd-Queue-Id: 48tFlT1JV4z3F76 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=antonovs.family header.s=20200215 header.b=omYXB/fj; dmarc=pass (policy=none) header.from=antonovs.family; spf=pass (mx1.freebsd.org: domain of ihor@antonovs.family designates 100.25.240.195 as permitted sender) smtp.mailfrom=ihor@antonovs.family X-Spamd-Result: default: False [-5.89 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[antonovs.family:s=20200215]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE(-3.39)[ip: (-9.33), ipnet: 100.24.0.0/13(-4.53), asn: 14618(-3.02), country: US(-0.05)]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_DN_SOME(0.00)[]; DKIM_TRACE(0.00)[antonovs.family:+]; DMARC_POLICY_ALLOW(-0.50)[antonovs.family,none]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:14618, ipnet:100.24.0.0/13, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Apr 2020 07:57:25 -0000 On 2020-04-01 16:01, Allan Jude wrote: > On 2020-03-29 20:25, Allan Jude wrote: > > Our first FreeBSD Office Hours event was a success with over 60 people > in attendance. > > I've not had time to edit and post the video yet, but it is available in > the DVR buffer on the streaming page: > > https://live.freebsd.org/FreeBSD/officehours/ Hi Allan, Is there a recording available? I missed the event :( Thanks ---- Ihor From owner-freebsd-questions@freebsd.org Thu Apr 2 08:08:11 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7C273274E58 for ; Thu, 2 Apr 2020 08:08:11 +0000 (UTC) (envelope-from cyberleo@cyberleo.net) Received: from mail.cyberleo.net (paka.cyberleo.net [216.226.128.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48tFzw6s7Dz3Jjv for ; Thu, 2 Apr 2020 08:07:56 +0000 (UTC) (envelope-from cyberleo@cyberleo.net) Received: from [172.16.44.4] (vitani.den.cyberleo.net [216.80.73.130]) by mail.cyberleo.net (Postfix) with ESMTPSA id 41BE78D990; Thu, 2 Apr 2020 04:01:00 -0400 (EDT) Subject: Re: gmirror disks differ at start.no boot from another disk? To: Artem Kuchin , FreeBSD Questions Mailing List References: <901cb384-0888-a71c-2816-dff3e29b8119@artem.ru> From: CyberLeo Kitsana Autocrypt: addr=cyberleo@cyberleo.net; prefer-encrypt=mutual; keydata= mQGiBDs52XcRBADKU8VgS34LRJl7HPEDdVeH5jhRzcmRc0+hYmJV9I2LsnfTxt91JtnLliHX t8G7YNAh1UxhHHIyBvf3vPWzpkZoN6rkv3FGJ7RTJVhhRvBoJZj7KexfVHmx5w+HCpsrlyro nKZ2mtsrlyqKeoigtISg+5wQ9OSNCwNZxR1BaEiL/QCg//K7jxBX8uLp/3a4AMlNA6lQWgsD /1gd9vK/eUTymikpXnKHALu3yUxErPRdlo9+7WnhikUle7Hn4mY3T3M7pq+9h5DMCuOQaoZ9 3QoAOPicKD5HSCiZijzWdLADJvpflZTh9FYYLBsUQ2DOFEDE+wfNKJ+BANeqpZk+5pKcpIfZ 2HMe2JQ1jKApY3BpiyyQpu/8Y2+dBACt7FpZOZuXecPJldU82Cerm0Uz6cUuqd1XckqTk0y1 Y7BuuI6lGO6HnXGEuMs083IEJ/WwoFV+v7/kFrrCn/T6tSWW4gBW4IzaS9Hojzm8AOdzJSA9 rj6bXkfcKPr9D0WtQyuaxDxOY+k37Mf+y/Y3p4ZFX0t71f5mfEmCMnGe6rQoQ3liZXJMZW8g S2l0c2FuYSA8Y3liZXJsZW9AY3liZXJsZW8ubmV0PohdBBARAgAdBQJJ3uxGBgsJCAcDAgQV AggDBBYCAwECHgECF4AACgkQi7w8kEi1KHKnjgCg3NSi7wT8OLt0IKJ36g0SYNklEtMAn088 28nAUKQuyOXjovSqPxuzSURKuQINBDs52XcQCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFu uUs4INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3bzpnh V5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr5fSI/VhO SdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67VYy4XTjTNP18F1dDox0Y bN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9 iUsiGSa6q6Jew1XpMgs7AAICCADsFyRNruscFczmF9JgyaoOArTAwoPO3/LeYK4ryhkInKn8 hFGc27jZFowp8N+2bcuUgudoJFpEjPP5d/8nyAiBUFTMJWASDFiPtfPpkGSXTLi2xUZWEqmm uRf3efQJm40yafs4EjEF5b3bRD4TEW4mmR2ywPUg36MuEbNg7ZLsFZoGHPc3OwRJJaqWb9DH 9ikjINWOMLp2xXCKazuHrm2JeOwoYUhfafptJOBsuwQZXrH4Qrxz2jTmz+K0be5xAOFef38X d/HHBjUfzM+IqRFwIKP9pRXCeoe/COBoDa/gtTpfjS+tAVY8DOQ8UI7ka5dSVyJelWHpiLqs 98ZB21jCiD8DBRg7Odl3i7w8kEi1KHIRAgQMAJ4yj/IW7zZFq/SSI/rmXMXhOnOvXQCg+HCQ s/vInjtlEpWLPbuqOGCkH3g= Message-ID: <0bc315a0-d3f0-bdfa-c446-127f1d3a89dc@cyberleo.net> Date: Thu, 2 Apr 2020 03:00:59 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.2 MIME-Version: 1.0 In-Reply-To: <901cb384-0888-a71c-2816-dff3e29b8119@artem.ru> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 48tFzw6s7Dz3Jjv X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=cyberleo.net; spf=pass (mx1.freebsd.org: domain of cyberleo@cyberleo.net designates 216.226.128.180 as permitted sender) smtp.mailfrom=cyberleo@cyberleo.net X-Spamd-Result: default: False [-1.81 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.997,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:216.226.128.180]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[cyberleo.net,none]; IP_SCORE(-0.01)[country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:13706, ipnet:216.226.128.0/24, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Apr 2020 08:08:12 -0000 On 4/1/20 2:09 AM, Artem Kuchin wrote: > Hello! > > Since i had a bad sector and corrected it i decided also to check how my > mirror is in sync. > > What i found out that two disks have totally dfferent starting bytes. > Cannot for sure what's there, > > but it seems like one disk has a bootloader and anoter one does not. So, > if disk with bootloader fails i will not > > be able to boot from the mirror disk. It's always a good idea to update your bootcode on all root/boot disks every time you update your operating system, just in case a new feature sneaks in that the bootloader needs to understand. The command 'gpart bootcode' is your friend. Its usage, however, is heavily dependent upon your system's setup, so examples will likely be of little use to you. -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net Element9 Communications http://www.Element9.net Furry Peace! - http://www.fur.com/peace/ From owner-freebsd-questions@freebsd.org Thu Apr 2 09:00:39 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0B3A127A571 for ; Thu, 2 Apr 2020 09:00:39 +0000 (UTC) (envelope-from jmc-freebsd2@milibyte.co.uk) Received: from outmx-028.london.gridhost.co.uk (outmx-028.london.gridhost.co.uk [95.142.156.253]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48tH8R5kM3z48Ft for ; Thu, 2 Apr 2020 09:00:23 +0000 (UTC) (envelope-from jmc-freebsd2@milibyte.co.uk) Received: from curlew.milibyte.co.uk (unknown [82.71.56.121]) (Authenticated sender: mailpool@milibyte.co.uk) by outmx-028.london.gridhost.co.uk (Postfix) with ESMTPA id B0010221A5BFE for ; Thu, 2 Apr 2020 09:50:38 +0100 (BST) Received: from [127.0.0.1] (helo=curlew.localnet) by curlew.milibyte.co.uk with esmtp (Exim 4.93.0.4) (envelope-from ) id 1jJvYc-0003Nr-Bt for freebsd-questions@freebsd.org; Thu, 02 Apr 2020 09:50:38 +0100 From: Mike Clarke To: freebsd-questions@freebsd.org Subject: Re: weird 403 (forbidden) website access issue Date: Thu, 02 Apr 2020 09:50:37 +0100 Message-ID: <1807716.EnoYUHA41c@curlew> In-Reply-To: References: <1f345a1d-f0c8-688c-c3e5-3a6b09ff1fa9@dreamchaser.org> MIME-Version: 1.0 X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: jmc-freebsd2@milibyte.co.uk X-SA-Exim-Scanned: No (on curlew.milibyte.co.uk); SAEximRunCond expanded to false X-Rspamd-Queue-Id: 48tH8R5kM3z48Ft X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of jmc-freebsd2@milibyte.co.uk designates 95.142.156.253 as permitted sender) smtp.mailfrom=jmc-freebsd2@milibyte.co.uk X-Spamd-Result: default: False [0.97 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.54)[-0.540,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ptr]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.15)[-0.147,0]; RCVD_COUNT_THREE(0.00)[3]; MIME_TRACE(0.00)[0:+,1:+,2:~]; DMARC_NA(0.00)[milibyte.co.uk]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[253.156.142.95.list.dnswl.org : 127.0.5.1]; R_DKIM_NA(0.00)[]; CTE_CASE(0.50)[]; ASN(0.00)[asn:198047, ipnet:95.142.156.0/22, country:GB]; MID_RHS_NOT_FQDN(0.50)[]; IP_SCORE(1.06)[ipnet: 95.142.156.0/22(3.06), asn: 198047(2.30), country: GB(-0.07)]; FROM_EQ_ENVFROM(0.00)[] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7Bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Apr 2020 09:00:39 -0000 On Wednesday, 1 April 2020 06:03:05 BST Gary Aitken wrote: > How likely is it that the small window size (1028) in the 4th pair (HTTP: > GET request) is causing the server to refuse the request? > If so, is this a firefox issue or an underlying tcp issue? It's not just Firefox. I've tried Firefox, Chrome, Midori and Konqueror and get the 403 code with them all from my FreeBSD box but no problem with Firefox, Chrome and Edge on Windows 10. But I think I've found a clue to the cause. I tried Lynx with its default settings and it worked fine but when I changed the user agent header to Mozilla/5.0 (X11; FreeBSD amd64; rv:74.0) Gecko/ 20100101 Firefox/74.0 I got a 403 error. Looks like the server is only accepting requests from a restricted range of browser and OS combinations Lynx/2.8.9rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/1.1.1d-freebsd is accepted but Mozilla/5.0 (X11; FreeBSD amd64; rv:74.0) Gecko/20100101 Firefox/74.0 appears to be regarded as 'dangerous'. -- Mike Clarke From owner-freebsd-questions@freebsd.org Thu Apr 2 13:32:30 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C84DF27CF9B; Thu, 2 Apr 2020 13:32:30 +0000 (UTC) (envelope-from thierry@pompo.net) Received: from erza.lautre.net (erza.lautre.net [80.67.160.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "lautre.net", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48tPB81B2tz3yb2; Thu, 2 Apr 2020 13:32:15 +0000 (UTC) (envelope-from thierry@pompo.net) Received: from graf.pompo.net (graf.pompo.net [78.225.128.39]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by erza.lautre.net (Postfix) with ESMTPSA id 7704DEFEF4; Thu, 2 Apr 2020 15:26:35 +0200 (CEST) Received: by graf.pompo.net (Postfix, from userid 1001) id BEBD06AB347; Thu, 2 Apr 2020 15:26:34 +0200 (CEST) Date: Thu, 2 Apr 2020 15:26:34 +0200 From: Thierry Thomas To: freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org Subject: Re: FreeBSD Office Hours: April 1, 2020 18:00 UTC Message-ID: <20200402132634.GE89783@graf.pompo.net> Mail-Followup-To: freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org References: <5cae4eda-b3e9-a65e-a2dc-8f9435f20236@freebsd.org> <056ee35e-4645-6ffe-e0a9-9b4940a5ba1a@freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="/04w6evG8XlLl3ft" Content-Disposition: inline In-Reply-To: <056ee35e-4645-6ffe-e0a9-9b4940a5ba1a@freebsd.org> X-Operating-System: FreeBSD 12.1-STABLE amd64 Organization: Kabbale Eros X-Face: (hRbQnK~Pt7$ct`!fupO(`y_WL4^-Iwn4@ly-.,[4xC4xc; y=\ipKMNm<1J>lv@PP~7Z<.tKjAnXLs: X-PGP: 0xF1C516B3C8359753 X-Rspamd-Queue-Id: 48tPB81B2tz3yb2 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of thierry@pompo.net designates 80.67.160.89 as permitted sender) smtp.mailfrom=thierry@pompo.net X-Spamd-Result: default: False [-6.80 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RBL_SEM_FAIL(0.00)[89.160.67.80.bl.spameatingmonkey.net:query timed out]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[freebsd.org]; RBL_VIRUSFREE_UNKNOWN_FAIL(0.00)[89.160.67.80.bip.virusfree.cz:query timed out]; HAS_ORG_HEADER(0.00)[]; IP_SCORE(-2.70)[ip: (-9.13), ipnet: 80.67.160.0/19(-2.44), asn: 20766(-1.92), country: FR(0.00)]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_TWO(0.00)[2]; SIGNED_PGP(-2.00)[]; FORGED_SENDER(0.30)[thierry@freebsd.org,thierry@pompo.net]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:20766, ipnet:80.67.160.0/19, country:FR]; FROM_NEQ_ENVFROM(0.00)[thierry@freebsd.org,thierry@pompo.net]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Apr 2020 13:32:31 -0000 --/04w6evG8XlLl3ft Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Le mer. 1 avr. 20 =C3=A0 22:01:53 +0200, Allan Jude =C3=A9crivait=C2=A0: > > Hello everyone Hello, > > This coming Wednesday at 18:00 UTC we will hold the first "FreeBSD > > Office Hours", an interactive online event where users, contributors, > > and developers can ask questions and get advice. > >=20 > > We are still experimenting with the format, but the first iteration will > > be an open Google Meet: > >=20 > > https://meet.google.com/yak-ydnk-rnc > >=20 > > That will also be recorded and posted to Youtube later in the day. > >=20 > > We are still seeking some additional src, ports, and docs committers to > > help field the questions as well. > >=20 >=20 > Our first FreeBSD Office Hours event was a success with over 60 people > in attendance. I tried to attend, but without success. - At first, I was asked for a meeting code... After some investigations, it appears that one must be connected with a Google account. - Some minutes later, after recovering an old Google account that I don't use anymore, I was asked to enable my microphone and my camera, OK. - At this point, the video of my cam with the following message (in french) were displayed: Pr=C3=A9paration=E2=80=A6 Vous pourrez rejoindre l=C2=B4appel dans un instant It could be translated as: Preparing=E2=80=A6 You'll be able to join the conf RSN but this message stayed forever, and I never joined. Is there some special configuration needed? Note: my desktop runs KDE + firefox + webcamd. --=20 Th. Thomas. --/04w6evG8XlLl3ft Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJehegKXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFNTM2QkU4NTM4NTM5OUQwMEI2RkFBNzZG MUM1MTZCM0M4MzU5NzUzAAoJEPHFFrPINZdTnVsP/3wob8k4slpfOr6w5y8c3qi4 FFCdCjYwi86ckCeBL2YNhX4SNm5O0FsuI7QO+MgOPD+yhlz9JiBZUeKAy+xvPDC3 gmxjNhiQlj98FFAZ61gCBtgwNGh6r1nVhj6P5elMyH7M1XglvtDytmHNglDItxQL MocOw0ZPLN/G1PV7a19YnSjow2uL7Dk1W06U970sU5gCg4frGQ3mJotQsxd8pMhG jU6swxoALkVkypRCga4Nku4Hr9kLTdC4Tt++b9VAocgmnMycFZ8HHa8TDn3dCqTM MNRKX1gnEhcYk5uqFu72rWvdSJbeD2ZIF3YUUdO47edtKeDgobHEZRKiL0aK9s9z gJh82PIsUr05Ywct6Dr+bHgc8sve0iCpUZlFGRw8aLXcD6CSL2rRMpiAulxzZCz5 55YgY7APyNlkvoOpdk9sLM+Q51Fh7jBpdAPkbnzJkOPxdyqKZ2Ruw279YxmSocAt YXz3t6DhRnyfSXDPw5bXJpB0SWsnjqSwzyJJcJniTExPmXmfZtOzgWBGYIDOJV2u 2TxR9bbmuD4ok8+YGrFmFpF706omZTYGZBlzMZF13oNoVrbIAt17I1ZPyyfw67Sz CxnFTq+sLbARNTbAOsKaLJGot0AItq51ti5uIKyx+FH4lDZNTGkT+o+dbL1v7WN2 1EtypACe278hEiNTR/Je =rmWq -----END PGP SIGNATURE----- --/04w6evG8XlLl3ft-- From owner-freebsd-questions@freebsd.org Thu Apr 2 14:26:52 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 912E62A3108 for ; Thu, 2 Apr 2020 14:26:52 +0000 (UTC) (envelope-from bch@online.de) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.130]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48tQNv1j1lz4LqP for ; Thu, 2 Apr 2020 14:26:38 +0000 (UTC) (envelope-from bch@online.de) Received: from x230a1 ([94.130.191.177]) by mrelayeu.kundenserver.de (mreue011 [212.227.15.167]) with ESMTPSA (Nemesis) id 1M433w-1jK0na3744-0000rY; Thu, 02 Apr 2020 16:26:26 +0200 From: Christian Barthel To: Aryeh Friedman Cc: FreeBSD Mailing List Subject: Re: current best FreeBSD hosting services References: Date: Thu, 02 Apr 2020 16:26:26 +0200 In-Reply-To: (Aryeh Friedman's message of "Sun, 29 Mar 2020 15:39:49 -0400") Message-ID: <87y2reufot.fsf@barthel.ch> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain X-Provags-ID: V03:K1:dN3JaFZ8rg6/sQmpCgTUXZbQhHUvRL+0GQjy2sSioQYl6nVhVND R2o9u7wN7xGaldyr82fqAdwvATycnIJ9I9onvomw7isb7tK7pMU2ezfJUEudL/tCXcDeYbn LSMDLidGZyiEqbZZXnOrn2/4/+XcoUkv2F0uPOJ9EO7xzoLAtE8IWtptuO/PEPyEOofcI72 4HNqOlbUgaDWsbNiqHc5Q== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:z3Qo2DbZp4k=:nQJps0/XDykpETMN+OLSD7 FBygqXVFFoYh7kZKCzYcss1SHqt0uBCCHvPrJNSeY6APE1WwndrkyYebkdnf/9/ZC2bCHG0Ot ah25x6YMzqar6eV/Gsxu6jehy66LXqospPu/cuZHJqTAJKFEUD3lNvyw1w/BIH09OXzDVI7KG YQpEOuSZQnk2b5QYa2snplW1gsK/HkCCeRXfyNIFMpoNUmiwC1w6N5qqmvPABccdVmW8hClvk 8zILsVUSI0HRhpGIhUAejmxtKd99UHH8uxf5/yxZerqIW4PIc4Dkpsco1DpRC247O4H2MACxr iAwUb44YA/2sskE1aT7j/Y4Sk7J5zNwhr/tkZUbkZMKC/M3jd4T9fR9TTyz56SdDYEEcltqA3 pObVRY1LJsu99L4PvOfBy/e7QoMnDRUkwlQzlMo6qL4okkLL7IGyAN9m/UbetWvoHy8hNofaQ nL3gqk1Jf06sZF7PtlsIRsPQVT6//fRWA4munRrHiRqnNTrf2wFyn1ueTvIUuEzB8bN9uyui1 xdc7C1XLJVk4mVfyRz0Gjpm1V4HrZ/FIyd0zHPnJeImCJXtlorU84KbX8rHn+hNfOGZ6T+4Eh oCDrcmrnVfGsM5hX1RFhb3x+XOTVgXSukEakYdSf7UTHZdARC6Q0tf6jSUgkD4WsIrAQZZ6sT nHoqGQIVn9znRhoC82LQVq7hpCMiCsoxMsvopeFvnhsNoxFyM7XB5U84tqCdUGYLdvzRB9RvQ 1fYrHx76UKYvtBC6NXHgAHY77zdytLvEBEwRF+a8NRUEaGsuXls+bpBn33jCjH59zQ0/ho3T0 hx1mp4QijPXCRVOki/NWTSqVghwy4I0VQOsXFbXyJYT0ebrJVw= X-Rspamd-Queue-Id: 48tQNv1j1lz4LqP X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of bch@online.de designates 212.227.126.130 as permitted sender) smtp.mailfrom=bch@online.de X-Spamd-Result: default: False [-1.55 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.93)[-0.930,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:212.227.126.128/25]; NEURAL_HAM_LONG(-0.86)[-0.862,0]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[online.de]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[130.126.227.212.list.dnswl.org : 127.0.5.0]; IP_SCORE(0.54)[ip: (1.70), ipnet: 212.227.0.0/16(-1.12), asn: 8560(2.15), country: DE(-0.02)]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Apr 2020 14:26:53 -0000 Aryeh Friedman writes: > My company currently uses RootBSD and we are looking to deactivate our two > servers there and consolidate them into one. I decided at the same time > to looking into other options. We are looking for very basic hosting > (i.e. we manage the machine [or vm] completely and they only supply the > hardware and networking). Currently we use the servers for cloud storage, > a few very low traffic web sites (all running on www/tomcat9 > [java/openjdk8]) and DIY off site backups/cloud storage. My guess is we > need 2 cores, 4 GB of RAM and about 80 GB of disk to be safe and want to be > running 12.1-RELEASE (amd64) on it but have the right to upgrade it > ourselves. > > Suggestions? I am using FreeBSD at Hetzner (for two years now) and they also offer affordable VPS systems as well: Data centers are located in Germany and Finland as far as I know. -- Christian Barthel From owner-freebsd-questions@freebsd.org Thu Apr 2 15:00:01 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B979C2A5861 for ; Thu, 2 Apr 2020 15:00:01 +0000 (UTC) (envelope-from 20.100@defert.com) Received: from 5.mo2.mail-out.ovh.net (5.mo2.mail-out.ovh.net [87.98.181.248]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48tR771JVdz4Yp9 for ; Thu, 2 Apr 2020 14:59:45 +0000 (UTC) (envelope-from 20.100@defert.com) Received: from player698.ha.ovh.net (unknown [10.108.35.103]) by mo2.mail-out.ovh.net (Postfix) with ESMTP id 18C3F1D0A9F for ; Thu, 2 Apr 2020 16:59:33 +0200 (CEST) Received: from defert.com (ip-146-0-189-246.dyn.luxfibre.pt.lu [146.0.189.246]) (Authenticated sender: 20.100@defert.com) by player698.ha.ovh.net (Postfix) with ESMTPSA id A5E9C11082DFD for ; Thu, 2 Apr 2020 14:59:32 +0000 (UTC) Subject: Re: FreeBSD asking contributors to fix their opinions - is it official? To: freebsd-questions@freebsd.org References: From: Vincent DEFERT <20.100@defert.com> Message-ID: <5a2df116-0a83-c086-2ea8-cf526e8ad2d2@defert.com> Date: Thu, 2 Apr 2020 16:59:31 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: fr X-Ovh-Tracer-Id: 18290243987081594884 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduhedrtdeggdejjecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecunecujfgurhepuffvfhfhkffffgggjggtgfesthejredttdefjeenucfhrhhomhepgghinhgtvghnthcufffghffgtffvuceovddtrddutddtseguvghfvghrthdrtghomheqnecukfhppedtrddtrddtrddtpddugeeirddtrddukeelrddvgeeinecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmohguvgepshhmthhpqdhouhhtpdhhvghlohepphhlrgihvghrieelkedrhhgrrdhovhhhrdhnvghtpdhinhgvtheptddrtddrtddrtddpmhgrihhlfhhrohhmpedvtddruddttdesuggvfhgvrhhtrdgtohhmpdhrtghpthhtohepfhhrvggvsghsugdqqhhuvghsthhiohhnshesfhhrvggvsghsugdrohhrgh X-Rspamd-Queue-Id: 48tR771JVdz4Yp9 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=defert.com; spf=pass (mx1.freebsd.org: domain of 20.100@defert.com designates 87.98.181.248 as permitted sender) smtp.mailfrom=20.100@defert.com X-Spamd-Result: default: False [0.37 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.33)[-0.332,0]; FROM_HAS_DN(0.00)[]; RWL_MAILSPIKE_GOOD(0.00)[248.181.98.87.rep.mailspike.net : 127.0.0.18]; R_SPF_ALLOW(-0.20)[+ptr:mail-out.ovh.net]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.19)[-0.187,0]; RCVD_COUNT_THREE(0.00)[3]; MIME_TRACE(0.00)[0:+]; DMARC_POLICY_ALLOW(-0.50)[defert.com,none]; RCVD_IN_DNSWL_NONE(0.00)[248.181.98.87.list.dnswl.org : 127.0.5.0]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:16276, ipnet:87.98.128.0/17, country:FR]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.69)[ipnet: 87.98.128.0/17(1.40), asn: 16276(2.04), country: FR(0.00)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Apr 2020 15:00:02 -0000 Open Source exists precisely because it is opinionated. Unopinionated development is called a paid, daytime job. Vincent On 01/04/2020 14:25, David Demelier wrote: > I'd love to see that FreeBSD should be unopinionated development. From owner-freebsd-questions@freebsd.org Thu Apr 2 16:04:26 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 546272AA093 for ; Thu, 2 Apr 2020 16:04:26 +0000 (UTC) (envelope-from freebsd@dreamchaser.org) Received: from nightmare.dreamchaser.org (ns.dreamchaser.org [66.109.141.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "dreamchaser.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48tSYX6hDrz3GtS for ; Thu, 2 Apr 2020 16:04:16 +0000 (UTC) (envelope-from freebsd@dreamchaser.org) Received: from breakaway.dreamchaser.org (breakaway [192.168.151.122]) by nightmare.dreamchaser.org (8.15.2/8.15.2) with ESMTP id 032G42ft074212; Thu, 2 Apr 2020 10:04:02 -0600 (MDT) (envelope-from freebsd@dreamchaser.org) Subject: Re: weird 403 (forbidden) website access issue To: Mike Clarke , freebsd-questions@freebsd.org References: <1f345a1d-f0c8-688c-c3e5-3a6b09ff1fa9@dreamchaser.org> <1807716.EnoYUHA41c@curlew> Reply-To: freebsd@dreamchaser.org From: Gary Aitken Message-ID: <2038d71a-e939-bbf3-77ad-d132a77e31e2@dreamchaser.org> Date: Thu, 2 Apr 2020 10:02:27 -0600 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: <1807716.EnoYUHA41c@curlew> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (nightmare.dreamchaser.org [192.168.151.101]); Thu, 02 Apr 2020 10:04:02 -0600 (MDT) X-Rspamd-Queue-Id: 48tSYX6hDrz3GtS X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of freebsd@dreamchaser.org designates 66.109.141.57 as permitted sender) smtp.mailfrom=freebsd@dreamchaser.org X-Spamd-Result: default: False [-5.57 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[freebsd@dreamchaser.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[dreamchaser.org]; REPLYTO_ADDR_EQ_FROM(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-3.27)[ip: (-8.57), ipnet: 66.109.128.0/19(-4.29), asn: 21947(-3.43), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:21947, ipnet:66.109.128.0/19, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Apr 2020 16:04:26 -0000 On 4/2/20 2:50 AM, Mike Clarke wrote: > On Wednesday, 1 April 2020 06:03:05 BST Gary Aitken wrote: > >> How likely is it that the small window size (1028) in the 4th pair >> (HTTP: GET request) is causing the server to refuse the request? If >> so, is this a firefox issue or an underlying tcp issue? > > It's not just Firefox. I've tried Firefox, Chrome, Midori and > Konqueror and get the 403 code with them all from my FreeBSD box but > no problem with Firefox, Chrome and Edge on Windows 10. > > But I think I've found a clue to the cause. I tried Lynx with its > default settings and it worked fine but when I changed the user agent > header to > > Mozilla/5.0 (X11; FreeBSD amd64; rv:74.0) Gecko/ 20100101 Firefox/74.0 > I got a 403 error. > > Looks like the server is only accepting requests from a restricted > range of browser and OS combinations > > Lynx/2.8.9rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/1.1.1d-freebsd > is accepted but > Mozilla/5.0 (X11; FreeBSD amd64; rv:74.0) Gecko/20100101 Firefox/74.0 > appears to be regarded as 'dangerous'. Thank you! I will see what the hosting service has to say from there. I got similar refusals from some sites such as lowes.com as well. Gary From owner-freebsd-questions@freebsd.org Thu Apr 2 17:24:43 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 02E652AD983 for ; Thu, 2 Apr 2020 17:24:43 +0000 (UTC) (envelope-from artem@artem.ru) Received: from smtp55.i.mail.ru (smtp55.i.mail.ru [217.69.128.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48tVL41ttbz4HXy for ; Thu, 2 Apr 2020 17:24:27 +0000 (UTC) (envelope-from artem@artem.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject; bh=JRuECadox4W4N7puukL4ic1sy3QuyRiIyT27EvkPy5I=; b=Z2xfHy/yPrWUAhMVotSk4JvOjm+mkCePwDdXD9V0pq8dnClPQcymOHuVj++wW6zKG2WRnPQW8Mi1GqGuSO82g40hnaFsWAwmGaScxARkPbenQ0a8Dw1eKQg4XjHC8pmRPfSHQC0o8Qf41b6tyz1TKp9DGx1tuEqUnl1sIW/E5Nk=; Received: by smtp55.i.mail.ru with esmtpa (envelope-from ) id 1jK3Zh-0000gG-9b; Thu, 02 Apr 2020 20:24:17 +0300 Subject: Re: gmirror disks differ at start.no boot from another disk? To: CyberLeo Kitsana , FreeBSD Questions Mailing List References: <901cb384-0888-a71c-2816-dff3e29b8119@artem.ru> <0bc315a0-d3f0-bdfa-c446-127f1d3a89dc@cyberleo.net> From: Artem Kuchin Message-ID: Date: Thu, 2 Apr 2020 20:24:15 +0300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: <0bc315a0-d3f0-bdfa-c446-127f1d3a89dc@cyberleo.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: ru X-7564579A: B8F34718100C35BD X-77F55803: 0A44E481635329DB0E1AA8A03B392317D32E5E48865217365060145B739F5F5CA26B9638504F0C26F688BCB05C26794D33461FCBF44651A3DFC0328E7319028A4CF8EA920CEB8CAB114E48CF01E95050 X-7FA49CB5: 0D63561A33F958A5C60D57CBF10365B5E89A1336CDCBD674BE5EF9B16175BFBA8941B15DA834481FA18204E546F3947CEDCF5861DED71B2F389733CBF5DBD5E9C8A9BA7A39EFB7666BA297DBC24807EA117882F44604297287769387670735209ECD01F8117BC8BEA471835C12D1D977C4224003CC8364767815B9869FA544D8D32BA5DBAC0009BE9E8FC8737B5C2249EF34D665BE9CA8B776E601842F6C81A12EF20D2F80756B5F012D6517FE479FCD76E601842F6C81A127C277FBC8AE2E8BF858E60A7739E4253AA81AA40904B5D99449624AB7ADAF3726B9191E2D567F0E725E5C173C3A84C34B08FA16E56A400835872C767BF85DA2F004C906525384306FED454B719173D6462275124DF8B9C9DE2850DD75B2526BE5BFE6E7EFDEDCD789D4C264860C145E X-D57D3AED: Y8kq8+OzVozcFQziTi/Zi1xwo7H2ZNxGP5qz8aO2mjTJzjHGC4ogvVuzB3zfVUBtENeZ6b5av1fnCBE34JUDkWdM6QxE+Ga5d8voMtmXfSp/897XLwrmbpzUdJfQ/bjz X-Mailru-Sender: 0E9E14D9EC491FBA79C5613A73A5E7B2F8BEC868D4BAA60C2492C916AA4D46FEDD03CEE4594BE6CF8A4382C47DA47812C77752E0C033A69E376A1339FE8876DF1FC4F5A70058821069EB1F849E6DBC830DA7A0AF5A3A8387 X-Mras: Ok X-Rspamd-Queue-Id: 48tVL41ttbz4HXy X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=mail.ru header.s=mail2 header.b=Z2xfHy/y; dmarc=none; spf=none (mx1.freebsd.org: domain of artem@artem.ru has no SPF policy when checking 217.69.128.35) smtp.mailfrom=artem@artem.ru X-Spamd-Result: default: False [-1.19 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.94)[-0.945,0]; R_DKIM_ALLOW(-0.20)[mail.ru:s=mail2]; RBL_SENDERSCORE_FAIL(0.00)[35.128.69.217.bl.score.senderscore.com:query timed out]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-0.98)[-0.981,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[artem.ru]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[mail.ru:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[35.128.69.217.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:47764, ipnet:217.69.128.0/20, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.03)[ipnet: 217.69.128.0/20(-0.09), asn: 47764(0.24), country: RU(0.01)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Apr 2020 17:24:43 -0000 02.04.2020 11:00, CyberLeo Kitsana пишет: > > > > It's always a good idea to update your bootcode on all root/boot disks > every time you update your operating system, just in case a new feature > sneaks in that the bootloader needs to understand. > > The command 'gpart bootcode' is your friend. Its usage, however, is > heavily dependent upon your system's setup, so examples will likely be > of little use to you. > Hello! Thank you for pointing me in the right direction. However, i cannot find anything about updating bootlcode in the UPDATING file in the source tree. I always update from the source. Any  source for such information? Artem From owner-freebsd-questions@freebsd.org Thu Apr 2 17:57:16 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 881062AE744 for ; Thu, 2 Apr 2020 17:57:16 +0000 (UTC) (envelope-from ihor@antonovs.family) Received: from mail.antonovs.family (mail.antonovs.family [100.25.240.195]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.antonovs.family", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48tW3b1Bpdz4ThM for ; Thu, 2 Apr 2020 17:56:58 +0000 (UTC) (envelope-from ihor@antonovs.family) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=antonovs.family; s=20200215; t=1585849773; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=PTpied8i6KLlaSeV16V9dBkfPOQTvuyC/vqFvLzvpk4=; b=nNuEwgNoPerLVduOVuXxFHe/pvElHiZ6Jrz2mWN+PJjz118dn+wqRBKPu7imdhAExKorFC BzvsR8UNllTm2F5uooYA6eaZspop4MqpRB+2vhOkD4UrqZUWgazU1qBAg5LcCGxyVVer/D XRnkzuSM87NgCDiprZzGNXdCEXeA3kk= Received: by mail.antonovs.family (OpenSMTPD) with ESMTPSA id 1df0982e (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Thu, 2 Apr 2020 17:49:32 +0000 (UTC) Date: Thu, 2 Apr 2020 10:49:30 -0700 From: Ihor Antonov To: Aryeh Friedman Cc: FreeBSD Mailing List Subject: Re: current best FreeBSD hosting services Message-ID: <20200402174930.m7poma4sml7yg7cr@sea-ll-10936> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 48tW3b1Bpdz4ThM X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=antonovs.family header.s=20200215 header.b=nNuEwgNo; dmarc=pass (policy=none) header.from=antonovs.family; spf=temperror (mx1.freebsd.org: error in processing during lookup of ihor@antonovs.family: DNS error) smtp.mailfrom=ihor@antonovs.family X-Spamd-Result: default: False [-5.69 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[antonovs.family:s=20200215]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_SPF_DNSFAIL(0.00)[]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[antonovs.family:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[antonovs.family,none]; IP_SCORE(-3.39)[ip: (-9.34), ipnet: 100.24.0.0/13(-4.54), asn: 14618(-3.02), country: US(-0.05)]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:14618, ipnet:100.24.0.0/13, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Apr 2020 17:57:16 -0000 On 2020-03-29 15:39, Aryeh Friedman wrote: > My company currently uses RootBSD and we are looking to deactivate our two > servers there and consolidate them into one. I decided at the same time > to looking into other options. We are looking for very basic hosting > (i.e. we manage the machine [or vm] completely and they only supply the > hardware and networking). Currently we use the servers for cloud storage, > a few very low traffic web sites (all running on www/tomcat9 > [java/openjdk8]) and DIY off site backups/cloud storage. My guess is we > need 2 cores, 4 GB of RAM and about 80 GB of disk to be safe and want to be > running 12.1-RELEASE (amd64) on it but have the right to upgrade it > ourselves. > > Suggestions? I know that rotten tomatos will be thrown at me, but I host a a couple of servers on AWS and it has been a smooth ride so far. Additionally Colin Percival builds 13-CURRENT and 12-STABLE images weekly and publishes over SNS Topic (arn:aws:sns:us-east-1:782442783595:FreeBSDAMI) Ihor Antonov From owner-freebsd-questions@freebsd.org Thu Apr 2 17:57:18 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CD7F72AE753 for ; Thu, 2 Apr 2020 17:57:18 +0000 (UTC) (envelope-from artem@artem.ru) Received: from smtp56.i.mail.ru (smtp56.i.mail.ru [217.69.128.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48tW3q41ZQz4Tlk for ; Thu, 2 Apr 2020 17:57:11 +0000 (UTC) (envelope-from artem@artem.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject; bh=L8W1GipYRWwrhS/h6AbWhXPEmAnUkvGNvC4RsmsQ9d0=; b=FU/oF8M8e3czo5+XpaXBUHEl+xaUettjqamDbeyx0YVVjLxCdUQD3XuknLLFDlbj8QpuH1MqvkSnA6VIsI8z7JArRV6/80dwLbQoYZ2I5gddOGISss8tvW/z+KIg936M5IiJoVQipDyivPiu44xAwCqH2nRqhNEv4XwhZX8SeuY=; Received: by smtp56.i.mail.ru with esmtpa (envelope-from ) id 1jK45N-0005qc-Sb; Thu, 02 Apr 2020 20:57:02 +0300 Subject: Re: gmirror disks differ at start.no boot from another disk? To: CyberLeo Kitsana , FreeBSD Questions Mailing List References: <901cb384-0888-a71c-2816-dff3e29b8119@artem.ru> <0bc315a0-d3f0-bdfa-c446-127f1d3a89dc@cyberleo.net> From: Artem Kuchin Message-ID: Date: Thu, 2 Apr 2020 20:56:59 +0300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: <0bc315a0-d3f0-bdfa-c446-127f1d3a89dc@cyberleo.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: ru X-7564579A: B8F34718100C35BD X-77F55803: 0A44E481635329DB0E1AA8A03B392317D32E5E48865217365060145B739F5F5CFE5E0A39B35787E4F688BCB05C26794DAFAE59117C603A29FEB25A86CC9FC752CA0DCB102D7D5EFB33C5C452688A93F3 X-7FA49CB5: 0D63561A33F958A55ECFA45875D7E1F06C9391DEDA049A4BD88B2F9C13F1D7088941B15DA834481FA18204E546F3947CEDCF5861DED71B2F389733CBF5DBD5E9C8A9BA7A39EFB7666BA297DBC24807EA117882F44604297287769387670735209ECD01F8117BC8BEA471835C12D1D977C4224003CC8364767815B9869FA544D8D32BA5DBAC0009BE9E8FC8737B5C22496040CC107394EA4476E601842F6C81A12EF20D2F80756B5F012D6517FE479FCD76E601842F6C81A127C277FBC8AE2E8B485CA73C03513DAC3AA81AA40904B5D99449624AB7ADAF3726B9191E2D567F0E725E5C173C3A84C34B08FA16E56A400835872C767BF85DA2F004C906525384306FED454B719173D6462275124DF8B9C9DE2850DD75B2526BE5BFE6E7EFDEDCD789D4C264860C145E X-D57D3AED: Y8kq8+OzVozcFQziTi/Zi1xwo7H2ZNxGP5qz8aO2mjTJzjHGC4ogvVuzB3zfVUBtENeZ6b5av1fnCBE34JUDkWdM6QxE+Ga5d8voMtmXfSod5d/A7RaxHwyxHfUpwjuv X-Mailru-Sender: 0E9E14D9EC491FBA79C5613A73A5E7B258A3915FA6AC07ABAE6EE5193C510086DD03CEE4594BE6CF8A4382C47DA47812C77752E0C033A69E376A1339FE8876DF1FC4F5A70058821069EB1F849E6DBC830DA7A0AF5A3A8387 X-Mras: Ok X-Rspamd-Queue-Id: 48tW3q41ZQz4Tlk X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=mail.ru header.s=mail2 header.b=FU/oF8M8; dmarc=none; spf=none (mx1.freebsd.org: domain of artem@artem.ru has no SPF policy when checking 217.69.128.36) smtp.mailfrom=artem@artem.ru X-Spamd-Result: default: False [-1.20 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.95)[-0.947,0]; R_DKIM_ALLOW(-0.20)[mail.ru:s=mail2]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-0.98)[-0.981,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[artem.ru]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[mail.ru:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[36.128.69.217.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:47764, ipnet:217.69.128.0/20, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.03)[ipnet: 217.69.128.0/20(-0.09), asn: 47764(0.24), country: RU(0.01)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Apr 2020 17:57:19 -0000 02.04.2020 11:00, CyberLeo Kitsana пишет: > > It's always a good idea to update your bootcode on all root/boot disks > Tried # sysctl -w kern.geom.debugflags=16 kern.geom.debugflags: 0 -> 16 # gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 ada1 gpart: /dev/ada1p1: Operation not permitted Stuck now Why not permitted? ada1 is  a part of gmirror, maybe that's the reason? But then how should i do it? Update mirror/boot ? But then if something goes wrong i would loose all boot loaders and partitions on both disk. I want to do it only on one disk. Artem From owner-freebsd-questions@freebsd.org Thu Apr 2 18:38:54 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8C07A2AFE2E for ; Thu, 2 Apr 2020 18:38:54 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-qv1-xf2f.google.com (mail-qv1-xf2f.google.com [IPv6:2607:f8b0:4864:20::f2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48tWzh1P07z3HbY for ; Thu, 2 Apr 2020 18:38:39 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: by mail-qv1-xf2f.google.com with SMTP id ca9so2232531qvb.9 for ; Thu, 02 Apr 2020 11:38:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tenebras-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=jNsP9H+TMQmnhWs8By0a0HyGv7tGwBB4zU/C3GyUAtE=; b=LIVJuR61j13p+FglTwqO4tKe2n0p14ey7KjLFNLAgFCjkxknnXoTImmDjpmA+D9E6K gEqaoC2nujGm74vXTgzWpnMuYIQ3YMUJXSXCpwKYzI+u3hreT1K56JFWZHkSyK424CoV Y+rywJ9LFeEU167RJDQvF85xX+gVOdMA+rxFKKGHgSZvszXhgq+U+KGKRl1aNJ9176nn bMRVHuD2VML0vu3xCrLf9/NpURlhc9gyp9GJos2/s03A9dYrQoUpd3rYSAbX6IBwdPyB fZ87Fhx3b/Vtmm9fBjWL2R/UQIDGE+iqle0iXmMEl8RzdNUX6hoomChCbXjbbWPeG00e /Evw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=jNsP9H+TMQmnhWs8By0a0HyGv7tGwBB4zU/C3GyUAtE=; b=P4V69wGP10t4pYvRWsXtu33S/7qg7WHBqpgQ9Z+nZg+oEclMzGsQkuccc86bJpKp/W GMBnKnUMnNutQVxBavW9ne8f1S+3Gs67iHGVm5+KnNEDfMAXn4pQQeUo2afDeoMZIRIT Wl/B1iV59EpusrBTUPEHdGl5zUAf97y/74bmqQBi37SciGW0jxb2Yg35VdPY7azhUv3+ WmcT0NekRGnEBDx5xzBf6B2TUU/a3z4UwfTYtw2h2dqjKer4MPFt4+CAYBAfOYAPDpNz xQ3XhzSiOE0zKwtNwMstA++2eSqP+6HiLla/crDi6alETZyL/Oi5paiPy7ASQomdAG0S ehpA== X-Gm-Message-State: AGi0PuZA4H8u9g5i0qVEp/Fbuf8XEWaJ82V4c3oSb3YeswQ/8S1v6uUy IZgGyFIEJCG6hbTR3+lFzwupxe3ICoxBFjaBA0M1y7lL+50= X-Google-Smtp-Source: APiQypJNiGuER7VckiriTBa9YRcmrn8p7gqUVdUW5ru7qXEvD+dzeLv6tlwTIgv27DfvaI2LD14RZw5fiR50PzarSfY= X-Received: by 2002:a05:6214:1810:: with SMTP id o16mr4731928qvw.139.1585852710973; Thu, 02 Apr 2020 11:38:30 -0700 (PDT) MIME-Version: 1.0 References: <20200402174930.m7poma4sml7yg7cr@sea-ll-10936> In-Reply-To: <20200402174930.m7poma4sml7yg7cr@sea-ll-10936> From: Michael Sierchio Date: Thu, 2 Apr 2020 11:37:54 -0700 Message-ID: Subject: Re: current best FreeBSD hosting services To: FreeBSD Mailing List X-Rspamd-Queue-Id: 48tWzh1P07z3HbY X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tenebras-com.20150623.gappssmtp.com header.s=20150623 header.b=LIVJuR61; dmarc=temperror reason="query timed out" header.from=tenebras.com (policy=temperror); spf=none (mx1.freebsd.org: domain of kudzu@tenebras.com has no SPF policy when checking 2607:f8b0:4864:20::f2f) smtp.mailfrom=kudzu@tenebras.com X-Spamd-Result: default: False [-3.83 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[tenebras-com.20150623.gappssmtp.com:s=20150623]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[tenebras-com.20150623.gappssmtp.com:+]; DMARC_DNSFAIL(0.00)[tenebras.com : query timed out]; RCVD_IN_DNSWL_NONE(0.00)[f.2.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; IP_SCORE(-1.53)[ip: (-6.83), ipnet: 2607:f8b0::/32(-0.34), asn: 15169(-0.44), country: US(-0.05)]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Apr 2020 18:38:54 -0000 On Thu, Apr 2, 2020 at 11:02 AM Ihor Antonov wrote: > > I know that rotten tomatos will be thrown at me, but I host a a couple > of servers on AWS and it has been a smooth ride so far. Additionally > Colin Percival builds 13-CURRENT and 12-STABLE images weekly and > publishes over SNS Topic (arn:aws:sns:us-east-1:782442783595:FreeBSDAMI) > I've been running FreeBSD in EC2 since 2010 (the bad old days, when we had to boot from a 1GiB Linux Grub volume and have FBSD kernel on a separate EBS volume). A t2.large instance (2 vCPU, 8GiB RAM) is $0.0928/hr, or $0.055/hr effective rate if you purchase a 1 year reserved instance. EBS and network are billed separately, but your needs are quite modest. In us-west-2 (Oregon), with 80GiB of storage and 100GB outbound network traffic per month, your monthly cost would be about $85. Less if you purchase a reserved instance. --=20 "Well," Brahm=C4=81 said, "even after ten thousand explanations, a fool is = no wiser, but an intelligent person requires only two thousand five hundred." - The Mah=C4=81bh=C4=81rata From owner-freebsd-questions@freebsd.org Thu Apr 2 19:14:05 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2022B260F29 for ; Thu, 2 Apr 2020 19:14:05 +0000 (UTC) (envelope-from ihor@antonovs.family) Received: from mail.antonovs.family (mail.antonovs.family [100.25.240.195]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.antonovs.family", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48tXmM5YkCz41By for ; Thu, 2 Apr 2020 19:13:55 +0000 (UTC) (envelope-from ihor@antonovs.family) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=antonovs.family; s=20200215; t=1585854823; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=cNKyLo+ckTVEX6y1RCE9UOdCAbB9DGVjVLIM1wqXuxo=; b=12eqHSRGiXGzgDzt3ATahXF1eR5m08vdnNzxYiOfDCnq542xmV/XVQK9PYZpmt4BA3na48 isxmVDPTItnat4A0UEWsXc5O5C/dhqdjC4J1Z7AKTAQDjBAzzpI3e9S8/YiZZLbQ7pgiJi 8Fk/jwwMhWQO5TwUOMQTffVQso4jHgQ= Received: from localhost (c-73-83-210-79.hsd1.wa.comcast.net [73.83.210.79]) by mail.antonovs.family (OpenSMTPD) with ESMTPSA id 24bd08b1 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Thu, 2 Apr 2020 19:13:43 +0000 (UTC) Date: Thu, 2 Apr 2020 12:13:40 -0700 From: Ihor Antonov To: Michael Sierchio Cc: FreeBSD Mailing List Subject: Re: current best FreeBSD hosting services Message-ID: <20200402191340.vs4id5i3j7uscppv@sea-ll-10936> References: <20200402174930.m7poma4sml7yg7cr@sea-ll-10936> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 48tXmM5YkCz41By X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=antonovs.family header.s=20200215 header.b=12eqHSRG; dmarc=pass (policy=none) header.from=antonovs.family; spf=pass (mx1.freebsd.org: domain of ihor@antonovs.family designates 100.25.240.195 as permitted sender) smtp.mailfrom=ihor@antonovs.family X-Spamd-Result: default: False [-5.92 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[antonovs.family:s=20200215]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE(-3.42)[ip: (-9.41), ipnet: 100.24.0.0/13(-4.60), asn: 14618(-3.02), country: US(-0.05)]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[antonovs.family:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[antonovs.family,none]; RECEIVED_SPAMHAUS_PBL(0.00)[79.210.83.73.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; ASN(0.00)[asn:14618, ipnet:100.24.0.0/13, country:US]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Apr 2020 19:14:05 -0000 On 2020-04-02 11:37, Michael Sierchio wrote: > On Thu, Apr 2, 2020 at 11:02 AM Ihor Antonov wrote: > > > > > I know that rotten tomatos will be thrown at me, but I host a a couple > > of servers on AWS and it has been a smooth ride so far. Additionally > > Colin Percival builds 13-CURRENT and 12-STABLE images weekly and > > publishes over SNS Topic (arn:aws:sns:us-east-1:782442783595:FreeBSDAMI) > > > > I've been running FreeBSD in EC2 since 2010 Ah, the days of EC2 Classic, when all customers where in a single flat network. You are fearles > (the bad old days, when we had > to boot from a 1GiB Linux Grub volume and have FBSD kernel on a separate > EBS volume). I admire your fearlessness and tolarance for pain :) > > A t2.large instance (2 vCPU, 8GiB RAM) is $0.0928/hr, or $0.055/hr > effective rate if you purchase a 1 year reserved instance. > EBS and network are billed separately, but your needs are quite modest. > > In us-west-2 (Oregon), with 80GiB of storage and 100GB outbound network > traffic per month, your monthly cost would be about $85. Less if you > purchase a reserved instance. I run a small mail server instance with a monthly total of slightly below $20. This includes t3.micro reserved instance + 100 GB EBS volume, reserved cache.t3.micro redis for rspamd, and backups on S3 in glacier. ---- Ihor From owner-freebsd-questions@freebsd.org Fri Apr 3 00:24:37 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BC9DF26CD87 for ; Fri, 3 Apr 2020 00:24:37 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor.nl2k.ab.ca (doctor.nl2k.ab.ca [204.209.81.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48tgfc6krBz43cJ for ; Fri, 3 Apr 2020 00:24:24 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.93.0.4 (FreeBSD)) (envelope-from ) id 1jKA8f-0006Pj-Oy for freebsd-questions@freebsd.org; Thu, 02 Apr 2020 18:24:49 -0600 Date: Thu, 2 Apr 2020 18:24:49 -0600 From: The Doctor To: freebsd-questions@freebsd.org Subject: OpenVPN and sasl Message-ID: <20200403002449.GB13362@doctor.nl2k.ab.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Rspamd-Queue-Id: 48tgfc6krBz43cJ X-Spamd-Bar: + X-Spamd-Result: default: False [1.97 / 15.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(0.00)[+a:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_SPAM_MEDIUM(0.04)[0.038,0]; RCPT_COUNT_ONE(0.00)[1]; BAD_REP_POLICIES(0.10)[]; RCVD_TLS_LAST(0.00)[]; URIBL_PBL(0.02)[empire.kred]; DMARC_POLICY_ALLOW(0.00)[nl2k.ab.ca,quarantine]; NEURAL_SPAM_LONG(0.08)[0.075,0]; INTRODUCTION(2.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6171, ipnet:204.209.81.0/24, country:CA]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(-0.16)[ip: (-0.38), ipnet: 204.209.81.0/24(-0.19), asn: 6171(-0.15), country: CA(-0.09)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 00:24:37 -0000 All right I am trying to set up an openvpn server based on if you have a shell account already. SASL would be nice but it looks like radius is the next best thing. What do I need to set this up properly? -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism Marvelous Truth, confront us at every turn, in every guise. -Denise Levertov From owner-freebsd-questions@freebsd.org Fri Apr 3 03:20:07 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 51A0D271DC8 for ; Fri, 3 Apr 2020 03:20:07 +0000 (UTC) (envelope-from freebsd@dreamchaser.org) Received: from nightmare.dreamchaser.org (ns.dreamchaser.org [66.109.141.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "dreamchaser.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48tlY9015Pz48rx for ; Fri, 3 Apr 2020 03:19:56 +0000 (UTC) (envelope-from freebsd@dreamchaser.org) Received: from breakaway.dreamchaser.org (breakaway [192.168.151.122]) by nightmare.dreamchaser.org (8.15.2/8.15.2) with ESMTP id 0333JiY8075765; Thu, 2 Apr 2020 21:19:44 -0600 (MDT) (envelope-from freebsd@dreamchaser.org) Subject: Re: weird 403 (forbidden) website access issue From: Gary Aitken To: Mike Clarke , freebsd-questions@freebsd.org Reply-To: freebsd@dreamchaser.org, freebsd@dreamchaser.org References: <1f345a1d-f0c8-688c-c3e5-3a6b09ff1fa9@dreamchaser.org> <1807716.EnoYUHA41c@curlew> <2038d71a-e939-bbf3-77ad-d132a77e31e2@dreamchaser.org> Message-ID: <0a2c4c08-b459-544b-5ad3-cd58da9759e7@dreamchaser.org> Date: Thu, 2 Apr 2020 21:18:09 -0600 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: <2038d71a-e939-bbf3-77ad-d132a77e31e2@dreamchaser.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (nightmare.dreamchaser.org [192.168.151.101]); Thu, 02 Apr 2020 21:19:44 -0600 (MDT) X-Rspamd-Queue-Id: 48tlY9015Pz48rx X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of freebsd@dreamchaser.org designates 66.109.141.57 as permitted sender) smtp.mailfrom=freebsd@dreamchaser.org X-Spamd-Result: default: False [-5.58 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[freebsd@dreamchaser.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[dreamchaser.org]; REPLYTO_ADDR_EQ_FROM(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-3.28)[ip: (-8.60), ipnet: 66.109.128.0/19(-4.30), asn: 21947(-3.44), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:21947, ipnet:66.109.128.0/19, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 03:20:07 -0000 On 4/2/20 10:02 AM, Gary Aitken wrote: > On 4/2/20 2:50 AM, Mike Clarke wrote: >> On Wednesday, 1 April 2020 06:03:05 BST Gary Aitken wrote: >> >>> How likely is it that the small window size (1028) in the 4th pair >>> (HTTP: GET request) is causing the server to refuse the request? If >>> so, is this a firefox issue or an underlying tcp issue? >> >> It's not just Firefox. I've tried Firefox, Chrome, Midori and >> Konqueror and get the 403 code with them all from my FreeBSD box but >> no problem with Firefox, Chrome and Edge on Windows 10. >> >> But I think I've found a clue to the cause. I tried Lynx with its >> default settings and it worked fine but when I changed the user agent >> header to >> >> Mozilla/5.0 (X11; FreeBSD amd64; rv:74.0) Gecko/ 20100101 Firefox/74.0 >> I got a 403 error. >> >> Looks like the server is only accepting requests from a restricted >> range of browser and OS combinations >> >> Lynx/2.8.9rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/1.1.1d-freebsd >> is accepted but >> Mozilla/5.0 (X11; FreeBSD amd64; rv:74.0) Gecko/20100101 Firefox/74.0 >> appears to be regarded as 'dangerous'. > > Thank you! > I will see what the hosting service has to say from there. > I got similar refusals from some sites such as lowes.com as well. Apparently the hosting service has some special rule which was triggering this. They wouldn't tell me the rule so I don't really know what it was, unfortunately. They disabled the rule for this particular site, but whether that same rule is being applied to other domains I don't know. The rule was a ModSecurity #70200 but that's in the local/private range so it's not a well-known rule. Gary From owner-freebsd-questions@freebsd.org Fri Apr 3 08:52:35 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F3620279EF0 for ; Fri, 3 Apr 2020 08:52:35 +0000 (UTC) (envelope-from dch@skunkwerks.at) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48ttwg2qvKz4FpY for ; Fri, 3 Apr 2020 08:52:18 +0000 (UTC) (envelope-from dch@skunkwerks.at) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 1DF655C0397 for ; Fri, 3 Apr 2020 04:52:11 -0400 (EDT) Received: from imap6 ([10.202.2.56]) by compute4.internal (MEProxy); Fri, 03 Apr 2020 04:52:11 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skunkwerks.at; h=mime-version:message-id:date:from:to:subject:content-type; s= fm2; bh=aOUuTmSJMIRWgsrm+PPK7mTmFwznW7+kGyuXJMug/zI=; b=Ej31mMIQ aVSEcoP+HF++m1Pw/xYhj2KLahdZcE7xwU1d7exkToYIbcm+76gP10bnoilJt9tN zinISeYlITOz+vcT2EYBcVO4zyL3fdo/KRhRWGaYd+Piin9mN+Wj599x3q1PDN94 Cn8W2kojXhcj3QKiSzxU3z8r0RT/QWkhDyKjdRNT3nh5Y/LYJi13T7tUHs6Jr5ey sMHiAjtITe+s8OLHM25EmpXFnAdCpJQX5Bs+K2Q4oncEU6zKPAK1gmzi+Bd09g0K iFb6npEgVYh2mN8mB3XBr3VrFcJHhFn8PRjKfjJGFq5r6PiKaq3tsMvkaIYTrmRn YyTt7Hy8nc179Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=aOUuTmSJMIRWgsrm+PPK7mTmFwznW 7+kGyuXJMug/zI=; b=FiKqd3tgovQbmNI8ZRK65DtdYKAJMiEO7bJ5DHHj7chdR bjUVswNUPCWHI9qm7Pd8sGDLzSi9kvcLb3ex4S1guL7x54fDpGa3jtSAWcwTrOBT ZGQ62sDenmLV0GDiatiHnoVOpmrTQe729rx6TUmtt5i5fSNSa0f9JZnrxM4cwtjg FJBgbH1CKWfjjk373TWMuVQTe0FUAJl4YIJv1yPdkQ6QcZlx5KP78PMQyf9ZIt8h nZM+xEuoxT3B+3//5TaDsDM9hPipc+jsCkCxtnBtOMwfghUHWf1HzvTXh64Arqph KZtRQxzi3OSS9QUBUEXenQ4b5BWUhBpZu9aaE2CQA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrtdeigddtlecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkfffhvffutgesthdtredtre ertdenucfhrhhomhepfdffrghvvgcuvehothhtlhgvhhhusggvrhdfuceouggthhesshhk uhhnkhifvghrkhhsrdgrtheqnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpe hmrghilhhfrhhomhepuggthhesshhkuhhnkhifvghrkhhsrdgrth X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 501) id 8496014036F; Fri, 3 Apr 2020 04:52:10 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.1.7-1082-g13d7805-fmstable-20200403v1 Mime-Version: 1.0 Message-Id: Date: Fri, 03 Apr 2020 08:51:50 +0000 From: "Dave Cottlehuber" To: freebsd-questions Subject: dealing with DoS - practical tips & tools? Content-Type: text/plain X-Rspamd-Queue-Id: 48ttwg2qvKz4FpY X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=skunkwerks.at header.s=fm2 header.b=Ej31mMIQ; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=FiKqd3tg; dmarc=none; spf=pass (mx1.freebsd.org: domain of dch@skunkwerks.at designates 66.111.4.26 as permitted sender) smtp.mailfrom=dch@skunkwerks.at X-Spamd-Result: default: False [-4.08 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[skunkwerks.at:s=fm2,messagingengine.com:s=fm2]; XM_UA_NO_VERSION(0.01)[]; FROM_HAS_DN(0.00)[]; RWL_MAILSPIKE_GOOD(0.00)[26.4.111.66.rep.mailspike.net : 127.0.0.18]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.26]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[skunkwerks.at]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[4]; IP_SCORE(-3.49)[ip: (-9.82), ipnet: 66.111.4.0/24(-4.89), asn: 11403(-2.69), country: US(-0.05)]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[skunkwerks.at:+,messagingengine.com:+]; MV_CASE(0.50)[]; RCVD_IN_DNSWL_LOW(-0.10)[26.4.111.66.list.dnswl.org : 127.0.5.1]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:11403, ipnet:66.111.4.0/24, country:US]; RCVD_TLS_LAST(0.00)[]; MID_RHS_WWW(0.50)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 08:52:36 -0000 yesterday I saw another mild DoS attack on our network. Typically we get UDP floods and similar generic attacks, and also websocket-specific "layer 7" attacks from random IPs. Typically a few applications go offline when sockets are exhausted, or when their rate limiting kicks in hard. Currently my setup is naive: - pf with manual blocklists as required - haproxy for layer7 blocklists - off-server logs indexed in graylog Which is pretty limited in both understanding what's happening *right now*, and also doing anything other than manual reaction to issues, *after* they impact users. Before we go full cloudflare or whatever, where DDoS protection which costs an arm and a leg, what do people recommend as the next open-source steps? I'd like a couple of features - better real-time visibility, and some some automation. perhaps: - last few hours of tcpdump level traffic, searchable in some form, off-server - something partially automated that can update pf & haproxy tables when Obviously Bad Things happen Are there any FreeBSD tools that people could recommend? Any tunables that help with resilience? A+ Dave From owner-freebsd-questions@freebsd.org Fri Apr 3 08:53:33 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 146F7279F39 for ; Fri, 3 Apr 2020 08:53:33 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48ttxw0mXJz4GBc for ; Fri, 3 Apr 2020 08:53:23 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: by mail-ot1-x32c.google.com with SMTP id 22so6568913otf.0 for ; Fri, 03 Apr 2020 01:53:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Zz2Ma1qWwbMwiknSkwcUB3R9igE3rSVKoYMTJBAYUNA=; b=kjjaMgJwPNLN5ffRIXpTDoNTVTXxoYqkuwpNo5dExzsY29ZqfiSqrLlutFiAPiF50o t5k+Ne1GihiJ6QpnGTCq5qyEn8mbj/4iwm5EFaWbtlK1Ig3PPS56IpbpHCK1o5tqOH1c hPzeFaTrxKz/NR1Pw/tloXjTKg15YqInMLi/lnyR6Gr9DEThOXW4Zrp434h+4JX1DKmE UZBwEppQRA+3Ach1n16UaYNrLbxELzzZZyZeJMgqZt2WtKHRWRdR2jMHsEzbMEQ20VOS 0hTeS12tRRKnxS52RO8N6ujigfDJHJE5dyX8mPV3myW2t74gJ8T4JcwgJMgngzs0RBuV gBFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Zz2Ma1qWwbMwiknSkwcUB3R9igE3rSVKoYMTJBAYUNA=; b=JZ/+hnJ655FbjX7E6IQ6KcfxWPZY1083sa80bQ6HOBoD/V2ya+smULE7CvKJLY57Hi HZbxt7Xeu7Qa4+RgUR0CGKRcXRFOSPMGgpnP5kFDK9ykbO9EGRnQecJWwVlJUJm+HEaX kWxTpMl9ozEY46u1Tod1U5SkeOPFvuTfjTrUG03myj0Xbkidc6SkaO6vmlXWRwVsWEP4 HIA5pqC/iGatJPxEma04q0b3WwSLCKUFuOxvg3A9+V9S8O9FYkV1e6e4OVNFxu5UkiaD 5idAhiP621znWITvGHjFytpXLsj1ChHm9ybMkU5JGcq15ELwmynGkHAxOU+apD2e764l JIDQ== X-Gm-Message-State: AGi0PuZo/ZdckAq2hiA7XTckq4DwvmdrORg8045SNE5T7zN24tqCgF8n 63w7TNYvdvG5P7d+vlrIyVSDB9pSItE31JzaFZGt2f8e X-Google-Smtp-Source: APiQypJycvTE5B/r8PEQsMfsYziK7442GFtrzG0eT354SVhSXXwWEZDm/tLa7dxD9HrmsvtgW0F9tQ5c8Wxe8EaSIAs= X-Received: by 2002:a9d:4b98:: with SMTP id k24mr5421254otf.26.1585903994990; Fri, 03 Apr 2020 01:53:14 -0700 (PDT) MIME-Version: 1.0 References: <20200403002449.GB13362@doctor.nl2k.ab.ca> In-Reply-To: <20200403002449.GB13362@doctor.nl2k.ab.ca> From: Odhiambo Washington Date: Fri, 3 Apr 2020 11:52:43 +0300 Message-ID: Subject: Re: OpenVPN and sasl To: The Doctor Cc: User Questions X-Rspamd-Queue-Id: 48ttxw0mXJz4GBc X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=kjjaMgJw; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of odhiambo@gmail.com designates 2607:f8b0:4864:20::32c as permitted sender) smtp.mailfrom=odhiambo@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[c.2.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; IP_SCORE(0.00)[ip: (-7.92), ipnet: 2607:f8b0::/32(-0.34), asn: 15169(-0.44), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 08:53:33 -0000 On Fri, 3 Apr 2020 at 03:27, The Doctor via freebsd-questions < freebsd-questions@freebsd.org> wrote: > All right I am trying to set up an openvpn server > based on if you have a shell account already. SASL would be nice > but it looks like radius is the next best thing. > > What do I need to set this up properly? > The best way to run OpenVPN has always been to use the certificates. It's more secure, IMHO, as long as the certs are safe. RADIUS and any other way are just complicating matters for yourself unless you want to wade into that territory to learn. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-) From owner-freebsd-questions@freebsd.org Fri Apr 3 13:51:38 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 90DCE2A378B for ; Fri, 3 Apr 2020 13:51:38 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor.nl2k.ab.ca (doctor.nl2k.ab.ca [204.209.81.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48v1Yl3NmCz493q for ; Fri, 3 Apr 2020 13:51:22 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.93.0.4 (FreeBSD)) (envelope-from ) id 1jKMjY-000PAV-GE; Fri, 03 Apr 2020 07:51:44 -0600 Date: Fri, 3 Apr 2020 07:51:44 -0600 From: The Doctor To: Odhiambo Washington Cc: User Questions Subject: Re: OpenVPN and sasl Message-ID: <20200403135144.GA92039@doctor.nl2k.ab.ca> References: <20200403002449.GB13362@doctor.nl2k.ab.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 48v1Yl3NmCz493q X-Spamd-Bar: + X-Spamd-Result: default: False [1.44 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.21)[-0.211,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(0.00)[+a]; NEURAL_HAM_LONG(-0.21)[-0.209,0]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; BAD_REP_POLICIES(0.10)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; URIBL_PBL(0.02)[empire.kred]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(0.00)[nl2k.ab.ca,quarantine]; RCVD_TLS_LAST(0.00)[]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; INTRODUCTION(2.00)[]; ASN(0.00)[asn:6171, ipnet:204.209.81.0/24, country:CA]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(-0.16)[ip: (-0.37), ipnet: 204.209.81.0/24(-0.19), asn: 6171(-0.15), country: CA(-0.09)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 13:51:38 -0000 Fri, Apr 03, 2020 at 11:52:43AM +0300, Odhiambo Washington wrote: > On Fri, 3 Apr 2020 at 03:27, The Doctor via freebsd-questions < > freebsd-questions@freebsd.org> wrote: > > > All right I am trying to set up an openvpn server > > based on if you have a shell account already. SASL would be nice > > but it looks like radius is the next best thing. > > > > What do I need to set this up properly? > > > > The best way to run OpenVPN has always been to use the certificates. It's > more secure, IMHO, as long as the certs are safe. > RADIUS and any other way are just complicating matters for yourself unless > you want to wade into that territory to learn. > Of course crets are part of the equstion. > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254 7 3200 0004/+254 7 2274 3223 > "Oh, the cruft.", grep ^[^#] :-) > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism Marvelous Truth, confront us at every turn, in every guise. -Denise Levertov From owner-freebsd-questions@freebsd.org Fri Apr 3 14:43:59 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id ADD652A4DE7 for ; Fri, 3 Apr 2020 14:43:59 +0000 (UTC) (envelope-from hartzell@alerce.com) Received: from corvid.alerce.com (corvid.alerce.com [206.125.171.163]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48v2kD4lY4z4VP2 for ; Fri, 3 Apr 2020 14:43:47 +0000 (UTC) (envelope-from hartzell@alerce.com) Received: from postfix.alerce.com (76-226-160-236.lightspeed.sntcca.sbcglobal.net [76.226.160.236]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by corvid.alerce.com (Postfix) with ESMTPSA id BC3DF898B9 for ; Fri, 3 Apr 2020 07:43:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alerce.com; s=dkim; t=1585925016; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SfaAtxfinJaV0kXgB4ySh3qqv46+iIbkwcXlYQxMVGQ=; b=ktHFGV0IolDgYqlntVCG1hqLQ/zrqJ7j0n+SFsJ9r3pF2Nr9TzibXggIuLBCZhO93x6FGg TVg7DPJ8QCI7rURsutqsj03kxU3nkz9Imo57W1KJ+5RJCa91FD1NFosLCkOmXpjBy0TgDR jqApJ39Z0KSdbHMjizQFGNPpBCA40b1G4u3WZQSxXHZe8O/neEutwB0YenRXEl2iQCriPs Ih2Z8doMm1P4LVgmdDQS0u800x21ZsTYiz23FdO2VddCGDIsCzuQ64FVRvH9HGJ6Ndm6KJ uZo4xwelYbdRDMgVr3JM39r4Vfzc+w6y03tPNd+ejDenNptA7HmIZlAr1QltSg== Received: by postfix.alerce.com (Postfix, from userid 501) id B5D7A201C24E9B; Fri, 3 Apr 2020 07:43:30 -0700 (PDT) From: George Hartzell MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <24199.19346.666044.877330@alice.local> Date: Fri, 3 Apr 2020 07:43:30 -0700 To: FreeBSD Mailing List Subject: Re: current best FreeBSD hosting services In-Reply-To: <20200402191340.vs4id5i3j7uscppv@sea-ll-10936> References: <20200402174930.m7poma4sml7yg7cr@sea-ll-10936> <20200402191340.vs4id5i3j7uscppv@sea-ll-10936> X-Mailer: VM undefined under 26.3 (x86_64-apple-darwin14.5.0) Reply-To: hartzell@alerce.com X-Rspamd-Queue-Id: 48v2kD4lY4z4VP2 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=alerce.com header.s=dkim header.b=ktHFGV0I; dmarc=pass (policy=none) header.from=alerce.com; spf=pass (mx1.freebsd.org: domain of hartzell@alerce.com designates 206.125.171.163 as permitted sender) smtp.mailfrom=hartzell@alerce.com X-Spamd-Result: default: False [-5.92 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[alerce.com:s=dkim]; HAS_REPLYTO(0.00)[hartzell@alerce.com]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; REPLYTO_ADDR_EQ_FROM(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[alerce.com:+]; DMARC_POLICY_ALLOW(-0.50)[alerce.com,none]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-2.92)[ip: (-9.46), ipnet: 206.125.168.0/21(-4.67), asn: 25795(-0.42), country: US(-0.05)]; ASN(0.00)[asn:25795, ipnet:206.125.168.0/21, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 14:44:00 -0000 Ihor Antonov writes: > [...] > I run a small mail server instance with a monthly total of slightly below > $20. This includes t3.micro reserved instance + 100 GB EBS volume, > reserved cache.t3.micro redis for rspamd, and backups on S3 in glacier. Did you have any trouble getting AWS to remove the constraints on the SMTP ports? g. From owner-freebsd-questions@freebsd.org Fri Apr 3 15:00:50 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1BFC12A5813 for ; Fri, 3 Apr 2020 15:00:50 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: from mail-io1-xd34.google.com (mail-io1-xd34.google.com [IPv6:2607:f8b0:4864:20::d34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48v35g2bCnz4bsl for ; Fri, 3 Apr 2020 15:00:39 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: by mail-io1-xd34.google.com with SMTP id x9so7721888iom.10 for ; Fri, 03 Apr 2020 08:00:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=X+dtWY5gDY2j8CTEFRVPqL4o+azIIEq4QifO+nebf1Y=; b=abcJYMQqFycYzV7+mw7AFkNor4ZowWbJwUNqWspMEfqOGzlehyit6z05fkv8Pfsw37 mgN7Ofc7ewOGr3XZLnOo//OmqwnGGxSLFesMlmrvxrIUwNVHR3FRMjzUYD8T94+bfIBq gApMHMqgNJmGNxphbRHFVs74E6cgeXcc7YG48+B/AbcYTUv2bW+1Yn+Osh9g5JpSNnDa xsY8K9WYKqTlwT7zr6JXFUKEoIq5wFarOB+Eyz/ILoELzYdAbG/s5aefWApGw+a7jU9b FYOyTjw7gtAEK7K2mr4DtvKLTTpFdkUtbJUMXT5sRCD4i0AM0gGJNUnX+mmrHDYQ6jTV NcdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=X+dtWY5gDY2j8CTEFRVPqL4o+azIIEq4QifO+nebf1Y=; b=Q+mYrSMziw/ppH2JOmOrYbyCaWSmjl/Q4vMyVYmXR9z88VaDH6Hep8xhgC49jNLxuv PZ1sFHeA+mAXTy0yU+AfTPuXx4iK8xDhKXvMR3361LKOxvxVKuXgFUj0yEO6cUp2frL5 kOxk5icjOTatfXustN/IP0c1olgLhy2m5xzO2pBIlv1b/qbLxQ+pRzUFQKHdfkEgt0NT wIBRfzCfbKJXNVxx/6hdqlEg+gz5yjgf4+wNlJutLY+/wPRHlN7U8KF6p3JPh2rTTec4 ajxeoCaumO1qqWY9vaalb0KSSOMZUsLHWtdLQYCESVWwC1/15SmLB0NcrmJMwrQtbDRV svSw== X-Gm-Message-State: AGi0Pubgg/mMPlW2mEzf7LGcK5EV9ORJC5ZITOdlAqgXviZht8vNGNb/ s88BG9RwISm5e2Mlv27c0etghvgDu0mrKLql7HHLyQyC X-Google-Smtp-Source: APiQypK5Xnauk4WaHpcXy7iaiMFaeCyftKBnmTATfK3o8IMjLHw7/sqSSV92NEh4WECMR0kjacFfbEwZP0vJxJfeN98= X-Received: by 2002:a02:3506:: with SMTP id k6mr9054836jaa.104.1585926028437; Fri, 03 Apr 2020 08:00:28 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a4f:204:0:0:0:0:0 with HTTP; Fri, 3 Apr 2020 08:00:28 -0700 (PDT) In-Reply-To: References: From: David Mehler Date: Fri, 3 Apr 2020 11:00:28 -0400 Message-ID: Subject: Re: dealing with DoS - practical tips & tools? To: Dave Cottlehuber Cc: freebsd-questions Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 48v35g2bCnz4bsl X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=abcJYMQq; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of davemehler@gmail.com designates 2607:f8b0:4864:20::d34 as permitted sender) smtp.mailfrom=davemehler@gmail.com X-Spamd-Result: default: False [-2.00 / 15.00]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(0.00)[ip: (-5.25), ipnet: 2607:f8b0::/32(-0.34), asn: 15169(-0.44), country: US(-0.05)]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[4.3.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; SUBJECT_ENDS_QUESTION(1.00)[]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 15:00:50 -0000 Hello, Where do you get your pf blocklists from? As for an idea try fail2ban see if that helps. Hth Dave. On 4/3/20, Dave Cottlehuber wrote: > yesterday I saw another mild DoS attack on our network. Typically we get UDP > floods and similar generic attacks, and also websocket-specific "layer 7" > attacks from random IPs. > > Typically a few applications go offline when sockets are exhausted, or when > their rate limiting kicks in hard. > > Currently my setup is naive: > > - pf with manual blocklists as required > - haproxy for layer7 blocklists > - off-server logs indexed in graylog > > Which is pretty limited in both understanding what's happening *right now*, > and also doing anything other than manual reaction to issues, *after* they > impact users. > > Before we go full cloudflare or whatever, where DDoS protection which costs > an arm and a leg, what do people recommend as the next open-source steps? > > I'd like a couple of features - better real-time visibility, and some some > automation. > > perhaps: > > - last few hours of tcpdump level traffic, searchable in some form, > off-server > > - something partially automated that can update pf & haproxy tables when > Obviously Bad Things happen > > Are there any FreeBSD tools that people could recommend? Any tunables that > help with resilience? > > A+ > Dave > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > From owner-freebsd-questions@freebsd.org Fri Apr 3 15:36:51 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 32D0A2A66CF for ; Fri, 3 Apr 2020 15:36:51 +0000 (UTC) (envelope-from dch@skunkwerks.at) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48v3v86LY7z3M6P for ; Fri, 3 Apr 2020 15:36:36 +0000 (UTC) (envelope-from dch@skunkwerks.at) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id C1C865C0309; Fri, 3 Apr 2020 11:36:29 -0400 (EDT) Received: from imap6 ([10.202.2.56]) by compute4.internal (MEProxy); Fri, 03 Apr 2020 11:36:29 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skunkwerks.at; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=XVAv/fQJJyr6Hc2/Z0ji87qmzQbHY0T 5Pu+O6iCOsLU=; b=iuiw8WtaiNlkU/hqslf3aZxtgO7hlXgJ7K8cXqwmcKVhWpI tk0VFjgGX5Ufqsxiy9kbSc4tayhQjdXCkdlUO2nvanU/jVED2mMM5D5GPin7+faP doSzppezmLsXhlIy4hJ5yJYlicy/9eIbnBNvan8jju7WbIrBCZ4dceFogHpwkHQ6 0b8Px/A7il7OWLbDGjXdWhk2ueNsspJq2abZm9AuRj0RLKw0pzV44IzyeKL4QsM0 JvBu10PaNLlhiTQXUtOyforNng/fEl0topONPS4x1bDmojuabks6FpTyEKTLkkDy 2jfEU5oudpaZfDRIg2SkndJLMUBps+4o1IY7mWg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=XVAv/f QJJyr6Hc2/Z0ji87qmzQbHY0T5Pu+O6iCOsLU=; b=z8L8WV1LiBGLqIsK66fFSH WnIgvAvkU2XkNdk0/IiQO7X6aPkHaC0byvHCbLVpnmI8RG3/bLFL9lgC+1lnR/fr MrRppItlUhCSXEWOKs3VTYPouczz1eHTAidvIHbtl37hWP80xT6o722bxRooQrmm uOjneQp3fgw8+4KbphLBEhnAOW2jWWpHYhCMneDBzi9AvQk+j20bqgNpuWNWzEj2 Rh6zLiK97kkYeXrVR+o3TFzQRALSqO9ua07UMDFCYGp8YVRXCHrPsg9lyYbJtVmx xiBHR1navdTIQsmn7voQLrwxXS0G47oQArV2LSdbkr85fbXGsF30ZGkFhNYx/M9g == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrtdeigdeltdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvufgtsehttdertderredtnecuhfhrohhmpedfffgrvhgv ucevohhtthhlvghhuhgsvghrfdcuoegutghhsehskhhunhhkfigvrhhkshdrrghtqeenuc ffohhmrghinheprghmrgiiohhnrgifshdrtghomhenucevlhhushhtvghrufhiiigvpedt necurfgrrhgrmhepmhgrihhlfhhrohhmpegutghhsehskhhunhhkfigvrhhkshdrrght X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 501) id 5E26514036F; Fri, 3 Apr 2020 11:36:29 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.1.7-1082-g13d7805-fmstable-20200403v1 Mime-Version: 1.0 Message-Id: <495fcc41-5ff0-4ebe-8157-1f079675a9c5@www.fastmail.com> In-Reply-To: References: Date: Fri, 03 Apr 2020 15:36:08 +0000 From: "Dave Cottlehuber" To: "David Mehler" , freebsd-questions Subject: Re: dealing with DoS - practical tips & tools? Content-Type: text/plain X-Rspamd-Queue-Id: 48v3v86LY7z3M6P X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=skunkwerks.at header.s=fm2 header.b=iuiw8Wta; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=z8L8WV1L; dmarc=none; spf=pass (mx1.freebsd.org: domain of dch@skunkwerks.at designates 66.111.4.27 as permitted sender) smtp.mailfrom=dch@skunkwerks.at X-Spamd-Result: default: False [-4.08 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[skunkwerks.at:s=fm2,messagingengine.com:s=fm2]; XM_UA_NO_VERSION(0.01)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.27]; MV_CASE(0.50)[]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[skunkwerks.at]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[skunkwerks.at:+,messagingengine.com:+]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-3.49)[ip: (-9.84), ipnet: 66.111.4.0/24(-4.89), asn: 11403(-2.69), country: US(-0.05)]; FREEMAIL_TO(0.00)[gmail.com]; RCVD_IN_DNSWL_LOW(-0.10)[27.4.111.66.list.dnswl.org : 127.0.5.1]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:11403, ipnet:66.111.4.0/24, country:US]; RCVD_TLS_LAST(0.00)[]; MID_RHS_WWW(0.50)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 15:36:51 -0000 > On 4/3/20, Dave Cottlehuber wrote: > > yesterday I saw another mild DoS attack on our network. Typically we get UDP > > floods and similar generic attacks, and also websocket-specific "layer 7" > > attacks from random IPs. > On Fri, 3 Apr 2020, at 15:00, David Mehler wrote: > Hello, > > Where do you get your pf blocklists from? Hi David, funnily enough this pretty much nailed the layer7 stuff -- for the moment: curl -#L \ https://ip-ranges.amazonaws.com/ip-ranges.json \ | jq -reC '.prefixes[].ip_prefix, .ipv6_prefixes[].ipv6_prefix' \ | sort \ | uniq \ > /etc/pf.amazon > As for an idea try fail2ban see if that helps. That might be a bit tricky as not a lot of this is HTTP traffic, and logs are not local to the box, but yes this is worth a look too. Perhaps I can get info via pflog and feed this in as well. I've found zeek as well, suricata, & will see if I can get anything useful out of graylog which we already have in place. A+ Dave From owner-freebsd-questions@freebsd.org Fri Apr 3 15:49:12 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9365E2A6B3C for ; Fri, 3 Apr 2020 15:49:12 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48v49Q4XX4z3R1x for ; Fri, 3 Apr 2020 15:48:57 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=Message-ID:Subject:To:From:Date:In-Reply-To; bh=OWqZzQRkdh/iBebhG3vsU+E0YvnljSQLwi6aJa37JVs=; b=A81id8fV/OtCaztSITQ1UfWUBE LmEYUYWzRffmE+3IHqGFcAGoO6UODVv89Tu2dK/02CJ1HmQ69L5Ttm9vjjlKAhxoq/K0kTDWQ1JMd leSXhkM15B/CAXGRr6VQNkheFd0BYpqAK0wUPYVGkuyAP/RftEqelYTgnBSywxa3a/VA=; Received: from vas by admin.sibptus.ru with local (Exim 4.93.0.4 (FreeBSD)) (envelope-from ) id 1jKOYn-000HZj-SU for freebsd-questions@freebsd.org; Fri, 03 Apr 2020 22:48:45 +0700 Date: Fri, 3 Apr 2020 22:48:45 +0700 From: Victor Sudakov To: freebsd-questions@freebsd.org Subject: $PATH for services Message-ID: <20200403154845.GA67414@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="YZ5djTAD1cGYuMQK" Content-Disposition: inline X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 48v49Q4XX4z3R1x X-Spamd-Bar: ------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=A81id8fV; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-7.44 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; SUBJECT_HAS_CURRENCY(1.00)[]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE(-3.34)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.83), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 15:49:12 -0000 --YZ5djTAD1cGYuMQK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Dear Colleagues, What is the correct way to pass PATH (and other environment variables) to services started from /usr/local/etc/rc.d ? I'm especially interested in daemons which are expected to start other daemons. One of the examples is zabbix_agentd which is supposed to start lots of helper binaries. Fortunatly it has a special provision for that: the $zabbix_agentd_paths rc.conf variable. What about other services/daemons which are not so lucky? --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --YZ5djTAD1cGYuMQK Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJeh1rdAAoJEA2k8lmbXsY0oYYH/0DJRgo6ttg4dbpz5ozv4eV6 hAVdxsK8T15e2xYfGnYyhFV1EPTZg5ytCV7PaFz+6uMVgLv442fZ9Yr5a0lCYxQh DuD8CwsDHAgmri3A4YH9/f2LKRf013ubD0yQKZj8YffpoLFwnkv42P5iSvJ+1uAW j/ot9GrLsxg0sQo8jsvXtqiXDL0GcdHNF9MAopJ/D1uBrQc7wAJqEV0CJV61kI3v 3xPc5ECpQFfVsB5+3lJKqmHyt/NuDZdkz5aqSG2TML39k408dx948rXYmpTM6kBg s5ZR9NtUiS3skETmeiRnDM9lLU48nianlE7ifuNID8/0bc9lA4FOX9FmQYhPip4= =a3MU -----END PGP SIGNATURE----- --YZ5djTAD1cGYuMQK-- From owner-freebsd-questions@freebsd.org Fri Apr 3 15:54:12 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 050FC2A6E5C for ; Fri, 3 Apr 2020 15:54:12 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48v4H43xM2z3xsf for ; Fri, 3 Apr 2020 15:53:52 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: by mail-qt1-x832.google.com with SMTP id t17so6765104qtn.12 for ; Fri, 03 Apr 2020 08:53:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tenebras-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=I5atAUb5otv8Gf69wh0NXHCeNuxfz/7pQlk/JhPKJXg=; b=H/48gdbKQMp2PO+88FnRBr/VPZ29ZsHFV+7lCFDgCM36Gt+UnugtaK6L4Lcis4uLJ3 4iKAaL0ALgg/Y195Bu1atFngNq/cC/Cxi3Ri+YcjVaH87oX9Earjt/xiIymg9NHfaxJu MbKlBH7HuHQdL4qWTJHrce5wd3G1P/EQwHTGDEMvCFDTPzQs74+jWsNCxMPgdxdvGGh/ yL6yhhF1Y3WgxcPWly8c4/RH6wtksV4XpZMF8CylmPv8FO66IF9iiKOy4PdZe8SUb1cw V522kXvzv8U4vPBOgHxOdwmhoZmP46dAAHhhZKXD2LKjnuKGHjHF72y225uc3gYelErb 68kA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=I5atAUb5otv8Gf69wh0NXHCeNuxfz/7pQlk/JhPKJXg=; b=Nu3ZjzDpBshrH0YXZjFMFvtRcSpwZC4yn4VytQPqGfsPDJucB8Cq9WTQm16aiw3ZPn iHJwySxX5lN9VBvxSn3Nkas26QRsB9Mb7Da2u3fibs860J7DsvGKTLsbyQQmNqJ2qLP7 iJV4vfTiJioGFSD1AJk/04FXA4G4FX9rq/2ZwIGfEmgvjBk1MqHYbWM6ee3NSDK2LZDG mib2kCXbhCLqxIAJniq8PUovw10DtUCoHDN9aJwgfF4lRDKSuoi1CI4sKPE2weajtcVQ EZdUJm/z081djse0taEuXCVp4iWAfCK/2TYf/QiKNz5q/bAqJ+fA/OO5dVL7jyUb0HMI enGg== X-Gm-Message-State: AGi0PuZt6jBjPqvuaJf9LrVx2+NK/Jb7RvVdvpNYltCqtw2F9EEqIszV qNAlk9aLd/Nz1Z3w57FWQxjcWXN2OdX2sZ539Ed5NTOWMjo= X-Google-Smtp-Source: APiQypJfTC5225olHCwkkIPh1sRrGruUimep4R9i0JABmyZ3J4VV9LDyZRCGGA8Se05gEhBW0JOW3CXOIUwEDqJbCNo= X-Received: by 2002:ac8:73c7:: with SMTP id v7mr8949743qtp.383.1585929222470; Fri, 03 Apr 2020 08:53:42 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Michael Sierchio Date: Fri, 3 Apr 2020 08:53:06 -0700 Message-ID: Subject: Re: dealing with DoS - practical tips & tools? To: Dave Cottlehuber Cc: freebsd-questions X-Rspamd-Queue-Id: 48v4H43xM2z3xsf X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tenebras-com.20150623.gappssmtp.com header.s=20150623 header.b=H/48gdbK; dmarc=none; spf=none (mx1.freebsd.org: domain of kudzu@tenebras.com has no SPF policy when checking 2607:f8b0:4864:20::832) smtp.mailfrom=kudzu@tenebras.com X-Spamd-Result: default: False [-3.32 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[tenebras-com.20150623.gappssmtp.com:s=20150623]; RSPAMD_URIBL_FAIL(0.00)[query timed out]; FROM_HAS_DN(0.00)[]; IP_SCORE(-2.02)[ip: (-9.28), ipnet: 2607:f8b0::/32(-0.34), asn: 15169(-0.44), country: US(-0.05)]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[tenebras.com]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[tenebras-com.20150623.gappssmtp.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[2.3.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; ZRD_FAIL(0.00)[query timed out]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 15:54:12 -0000 On Fri, Apr 3, 2020 at 1:56 AM Dave Cottlehuber wrote: yesterday I saw another mild DoS attack on our network. Typically we get > UDP floods and similar generic attacks, and also websocket-specific "laye= r > 7" attacks from random IPs. > > Typically a few applications go offline when sockets are exhausted, or > when their rate limiting kicks in hard. > > Currently my setup is naive: > > - pf with manual blocklists as required > - haproxy for layer7 blocklists > - off-server logs indexed in graylog > > Which is pretty limited in both understanding what's happening *right > now*, and also doing anything other than manual reaction to issues, *afte= r* > they impact users. > > ... > > Are there any FreeBSD tools that people could recommend? Any tunables tha= t > help with resilience? > I can't help with pf, since I use ipfw, but... I use gRED / RED courtesy of Dummynet. Depending on where you apply the pipe, it helps a great deal with things like DDoD where blocking IP addresses doesn't reduce the traffic a whit. --=20 "Well," Brahm=C4=81 said, "even after ten thousand explanations, a fool is = no wiser, but an intelligent person requires only two thousand five hundred." - The Mah=C4=81bh=C4=81rata From owner-freebsd-questions@freebsd.org Fri Apr 3 20:48:38 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A13F3270995 for ; Fri, 3 Apr 2020 20:48:38 +0000 (UTC) (envelope-from aimass@yabarana.com) Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48vBpw2slcz3Nrs for ; Fri, 3 Apr 2020 20:48:23 +0000 (UTC) (envelope-from aimass@yabarana.com) Received: by mail-lf1-x131.google.com with SMTP id h6so2421843lfc.0 for ; Fri, 03 Apr 2020 13:48:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yabarana-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=tfib//bNOHzrKoqoMMh0gWkT3DyVpa0H7pltFuF12G4=; b=eeUo1czJd4raF5I362xRzHPJGiLBuapCp3ixD2QGLKKMaFlUnnmL1tJgqrqsdp8GXo VaA9/22vcaGZ6NyLjQeIHf46A3UDHQXmjYWz+obY8evarp2xDoCM5Y+1dzu73VY+jJl5 /P/dcj4B6yfK6p0Gb2RtCMxko4PRaSNKP8+sGl5mvWe8H2SFTRwni1CvxE/aOj1UXKzq dPDP4UAr4TGpOFsvlFItKLzuCe58g+vuyW0FcmNfPJtQwPuM2kU+m3/MTGtnmyenVcej o6YUfT0F95+wrEJzLZOvNTZTfFBEQZOxa2BNPdieM3gdMiD7G/T2Q/VdgKNXzCMtgXUz qHTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=tfib//bNOHzrKoqoMMh0gWkT3DyVpa0H7pltFuF12G4=; b=hak9Iu1m7clk7+rI035KNBnX1XVddUTx3HtcSKTF6NldNMK31BwsFrupu67cVLkrjM khzCL5kUVUamP1Lcq71FLKu5ffeMXwdn+kfqa+xDp0jbLPkfD/9BlAZlLd7dhc/yV/GR veSzSlvL6HrI0SJd2RgR62DdGuCVfam/eu4upzo0l36yJWGQik6NnIeHuhxCvAd+LXAc Kpv+S3xFFHSR9fUt+Fe3Pd94w6xX0tQ4/gOMGOV1HoCTb64hNh24XebaWU7Z3LZDk47o Wbp4T0k3YMEKG1DaQa9Ueg5jvGSKKKVUjPDaYyIErb8PfgPexJno3Xn/vVvP4Qn0zrPK hmFQ== X-Gm-Message-State: AGi0PuZlog3Zq7XgNY+2+llAIq5K7AEgoPspSgUE4Bd0XaBpiI3XYr+s FngDfbCrIRSvPOczzS+YEEWI/nFP4j1Gp4Aw6Ezz5+QcPDk= X-Google-Smtp-Source: APiQypKRVkYBarPn2eKjS+1c8hGi8WZuNajodJKTPvEohrkU2KXwFjitdXBYBz5Q4eZ+Kg14G+ikbrPQUQQ5F3o5q+U= X-Received: by 2002:a19:550a:: with SMTP id n10mr6526887lfe.41.1585946892757; Fri, 03 Apr 2020 13:48:12 -0700 (PDT) MIME-Version: 1.0 From: Alejandro Imass Date: Fri, 3 Apr 2020 16:48:02 -0400 Message-ID: Subject: Bastille vs. iocage vs.CBSD opinions? To: FreeBSD Questions X-Rspamd-Queue-Id: 48vBpw2slcz3Nrs X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yabarana-com.20150623.gappssmtp.com header.s=20150623 header.b=eeUo1czJ; dmarc=none; spf=pass (mx1.freebsd.org: domain of aimass@yabarana.com designates 2a00:1450:4864:20::131 as permitted sender) smtp.mailfrom=aimass@yabarana.com X-Spamd-Result: default: False [-3.83 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[yabarana-com.20150623.gappssmtp.com:s=20150623]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[yabarana.com]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE(-2.33)[ip: (-8.79), ipnet: 2a00:1450::/32(-2.36), asn: 15169(-0.44), country: US(-0.05)]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[yabarana-com.20150623.gappssmtp.com:+]; RCVD_IN_DNSWL_NONE(0.00)[1.3.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 20:48:39 -0000 I'm having a hard time picking between these three. Just want to get a general pulse on the long-time experts here. No intention to create any flame wars, just objective comments pls. TIA! -- Alex From owner-freebsd-questions@freebsd.org Fri Apr 3 20:57:56 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 36BB9270F7B for ; Fri, 3 Apr 2020 20:57:56 +0000 (UTC) (envelope-from mark@exonetric.com) Received: from relay.exonetric.net (relay0.exonetric.net [178.250.72.161]) by mx1.freebsd.org (Postfix) with ESMTP id 48vC1d5qqNz3x62 for ; Fri, 3 Apr 2020 20:57:41 +0000 (UTC) (envelope-from mark@exonetric.com) Received: from belkin-usb.localdomain (90.69.187.81.in-addr.arpa [81.187.69.90]) by relay.exonetric.net (Postfix) with ESMTPSA id 126012BC7A; Fri, 3 Apr 2020 21:57:32 +0100 (BST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\)) Subject: Re: Bastille vs. iocage vs.CBSD opinions? From: Mark Blackman In-Reply-To: Date: Fri, 3 Apr 2020 21:57:31 +0100 Cc: FreeBSD Questions Content-Transfer-Encoding: 7bit Message-Id: <3A0517C5-4D91-4DAB-94B9-35BD58E47FA5@exonetric.com> References: To: Alejandro Imass X-Mailer: Apple Mail (2.3608.80.23.2.2) X-Rspamd-Queue-Id: 48vC1d5qqNz3x62 X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of mark@exonetric.com has no SPF policy when checking 178.250.72.161) smtp.mailfrom=mark@exonetric.com X-Spamd-Result: default: False [4.28 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[exonetric.com]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.79)[0.790,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(0.86)[0.864,0]; R_SPF_NA(0.00)[]; RCVD_NO_TLS_LAST(0.10)[]; RCVD_IN_DNSWL_LOW(-0.10)[161.72.250.178.list.dnswl.org : 127.0.5.1]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:12290, ipnet:178.250.72.0/21, country:GB]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.23)[ipnet: 178.250.72.0/21(1.09), asn: 12290(0.12), country: GB(-0.07)]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 20:57:56 -0000 > On 3 Apr 2020, at 21:48, Alejandro Imass wrote: > > I'm having a hard time picking between these three. > Just want to get a general pulse on the long-time experts here. > No intention to create any flame wars, just objective comments pls. For what? Technically, you can get by entirely without them. Regards Mark From owner-freebsd-questions@freebsd.org Fri Apr 3 21:06:16 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7D911271548 for ; Fri, 3 Apr 2020 21:06:16 +0000 (UTC) (envelope-from aimass@yabarana.com) Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48vCCH3J0Qz40t4 for ; Fri, 3 Apr 2020 21:06:03 +0000 (UTC) (envelope-from aimass@yabarana.com) Received: by mail-lf1-x131.google.com with SMTP id s13so6935463lfb.9 for ; Fri, 03 Apr 2020 14:06:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yabarana-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6+3JRqkUdRL8kM4NMVB4MMcKTE9LdLqm3wB6cTR1AEM=; b=lKyw2wFUU60v5xZAqk39az/wlo+7K1S9+iQSFvXs8qLpJSJlxBR1PVX3PlmIrKQ0YE m56VsPayTpPitLU0pmi+uhXoT4JJpQsVqde6JirR8s2/+TMTybqM+qCt5G+uJYChLo+b U6xnVJR52wtOwGTpKZBQoprGoTmoHPN4A0GDQUCfqMkvxzb//PxwEyfhX7jmF+MP6BVU adr/RiaWXkqRm4li/roE5gJZj0L5RIixTFOEST7mg4YIBkBHthBWe/fBYmJ5cm/qDVsg qugw3mx8Jx3ffdiirF/p6eavjfe2/Qz2RCmMqO5ETKOfS6Qe8PlmsaBm1mpr6qE2SeB8 XZJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6+3JRqkUdRL8kM4NMVB4MMcKTE9LdLqm3wB6cTR1AEM=; b=B8LvM/SOXLQHi4jMidsuDZy/L5kNqYOZO8op3HrB0DrUNm8Yfjhgt9vGN84V+pcBM4 sUt5TQB2epJtuapmLPqaFDDvuI27dpPYe2Xa99LPky/W+OCVovInpmcKbjBUH+HAOS9b HHeP0Q8yOne2JuD7adp+6LzGUAUw21A0kCqOtLteP9OVsAC+K054VVs2MCwyzBfNXpBX 3czoBklbEeV6pdso8gn75+6ic5La1cudZoNog/UUabbJYcXJyRGLWbkIHTYro+zg47At aBl9TMKNqeoE1hD4hXNmxgD48dj501Q9NpA/v4ivkPIOWlxrCph3i+gFmFXb2b/14R/q zQGQ== X-Gm-Message-State: AGi0Pubn76wy75Dz4XplyjRvdcMi/fZcNwRt9kSeU3KdZsC0UnhedW5M bKSAtCh1UcCoixCxt2i8kH7XNuCIPTPXVVWHZBp3WdDqcj6yNQ== X-Google-Smtp-Source: APiQypI05oY9AYN1pLbJOu82pBWSueTlvPEC0coLRcHDvkuB5Em8PHPQNxmKVz9ihu+PrGXjN8He9SIQ4Qw3OpQ0vfI= X-Received: by 2002:a05:6512:1082:: with SMTP id j2mr6769178lfg.53.1585947951572; Fri, 03 Apr 2020 14:05:51 -0700 (PDT) MIME-Version: 1.0 References: <3A0517C5-4D91-4DAB-94B9-35BD58E47FA5@exonetric.com> In-Reply-To: <3A0517C5-4D91-4DAB-94B9-35BD58E47FA5@exonetric.com> From: Alejandro Imass Date: Fri, 3 Apr 2020 17:05:40 -0400 Message-ID: Subject: Re: Bastille vs. iocage vs.CBSD opinions? To: Mark Blackman Cc: FreeBSD Questions X-Rspamd-Queue-Id: 48vCCH3J0Qz40t4 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yabarana-com.20150623.gappssmtp.com header.s=20150623 header.b=lKyw2wFU; dmarc=none; spf=pass (mx1.freebsd.org: domain of aimass@yabarana.com designates 2a00:1450:4864:20::131 as permitted sender) smtp.mailfrom=aimass@yabarana.com X-Spamd-Result: default: False [-3.82 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[yabarana-com.20150623.gappssmtp.com:s=20150623]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[yabarana.com]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[yabarana-com.20150623.gappssmtp.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[1.3.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(-2.32)[ip: (-8.76), ipnet: 2a00:1450::/32(-2.36), asn: 15169(-0.44), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 21:06:16 -0000 On Fri, Apr 3, 2020 at 4:57 PM Mark Blackman wrote: > > > > On 3 Apr 2020, at 21:48, Alejandro Imass wrote: > > > > I'm having a hard time picking between these three. > > Just want to get a general pulse on the long-time experts here. > > No intention to create any flame wars, just objective comments pls. > > For what? Technically, you can get by entirely without them. > > CI/CD pipelines, Orchestration etc. Of course, you can write your own using FBSD jail primitives but why would you want to, if these projects seem to be doing just that ? From owner-freebsd-questions@freebsd.org Fri Apr 3 21:13:08 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AB3D0271B06 for ; Fri, 3 Apr 2020 21:13:08 +0000 (UTC) (envelope-from mark@exonetric.com) Received: from relay.exonetric.net (relay0.exonetric.net [178.250.72.161]) by mx1.freebsd.org (Postfix) with ESMTP id 48vCMH4DkLz43Jk for ; Fri, 3 Apr 2020 21:12:59 +0000 (UTC) (envelope-from mark@exonetric.com) Received: from belkin-usb.localdomain (90.69.187.81.in-addr.arpa [81.187.69.90]) by relay.exonetric.net (Postfix) with ESMTPSA id 6E71C2BC7F; Fri, 3 Apr 2020 22:12:49 +0100 (BST) From: Mark Blackman Message-Id: <6C5D0CFE-B0E0-4576-976F-026118E50EDC@exonetric.com> Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\)) Subject: Re: Bastille vs. iocage vs.CBSD opinions? Date: Fri, 3 Apr 2020 22:12:48 +0100 In-Reply-To: Cc: FreeBSD Questions To: Alejandro Imass References: <3A0517C5-4D91-4DAB-94B9-35BD58E47FA5@exonetric.com> X-Mailer: Apple Mail (2.3608.80.23.2.2) X-Rspamd-Queue-Id: 48vCMH4DkLz43Jk X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of mark@exonetric.com has no SPF policy when checking 178.250.72.161) smtp.mailfrom=mark@exonetric.com X-Spamd-Result: default: False [4.39 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[161.72.250.178.list.dnswl.org : 127.0.5.1]; FROM_HAS_DN(0.00)[]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; MIME_TRACE(0.00)[0:+,1:+,2:~]; DMARC_NA(0.00)[exonetric.com]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.85)[0.850,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(0.92)[0.919,0]; R_SPF_NA(0.00)[]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:12290, ipnet:178.250.72.0/21, country:GB]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.22)[ipnet: 178.250.72.0/21(1.08), asn: 12290(0.12), country: GB(-0.07)]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 21:13:08 -0000 > On 3 Apr 2020, at 22:05, Alejandro Imass wrote: >=20 > On Fri, Apr 3, 2020 at 4:57 PM Mark Blackman > wrote: >=20 >=20 > > On 3 Apr 2020, at 21:48, Alejandro Imass > wrote: > >=20 > > I'm having a hard time picking between these three. > > Just want to get a general pulse on the long-time experts here. > > No intention to create any flame wars, just objective comments pls. >=20 > For what? Technically, you can get by entirely without them. >=20 >=20 > CI/CD pipelines, Orchestration etc.=20 > Of course, you can write your own using FBSD jail primitives but why = would you want to, if these projects seem to be doing just that ? Ok, I had no idea what your use case was.=20 - Mark From owner-freebsd-questions@freebsd.org Fri Apr 3 21:38:22 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CAE8527285B for ; Fri, 3 Apr 2020 21:38:22 +0000 (UTC) (envelope-from ihor@antonovs.family) Received: from mail.antonovs.family (mail.antonovs.family [100.25.240.195]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.antonovs.family", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48vCw63x4Pz4CpF for ; Fri, 3 Apr 2020 21:37:57 +0000 (UTC) (envelope-from ihor@antonovs.family) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=antonovs.family; s=20200215; t=1585949865; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=CKTWVOP7Rhg7de/90+ayonoIRaQ/1M//8CrjWrdBLoY=; b=BBFOcqFEYfwULWcy5qnVikaW4jzHilLsp1vn89WOqO71Z84v2P7/8itpEmTQO/bzZrpS+Q 4ofptho1jlTBjXQza6B9yu5Bpiux28qGCtnK8VngWUqMYGW4fjA6i3+RUZHIWq+Bl0QVw2 GDsaYqfe2L9Qmph8kaPaGMlf5NYVXKI= Received: by mail.antonovs.family (OpenSMTPD) with ESMTPSA id c8f0e3b2 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Fri, 3 Apr 2020 21:37:45 +0000 (UTC) Date: Fri, 3 Apr 2020 14:37:42 -0700 From: Ihor Antonov To: Alejandro Imass Cc: FreeBSD Questions Subject: Re: Bastille vs. iocage vs.CBSD opinions? Message-ID: <20200403213742.pdyuuoqudro3qvx4@sea-ll-10936> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 48vCw63x4Pz4CpF X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=antonovs.family header.s=20200215 header.b=BBFOcqFE; dmarc=pass (policy=none) header.from=antonovs.family; spf=pass (mx1.freebsd.org: domain of ihor@antonovs.family designates 100.25.240.195 as permitted sender) smtp.mailfrom=ihor@antonovs.family X-Spamd-Result: default: False [-4.91 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[antonovs.family:s=20200215]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE(-3.41)[ip: (-9.38), ipnet: 100.24.0.0/13(-4.58), asn: 14618(-3.03), country: US(-0.05)]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[antonovs.family:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[antonovs.family,none]; RCVD_IN_DNSWL_FAIL(0.00)[195.240.25.100.list.dnswl.org:query timed out]; SUBJECT_ENDS_QUESTION(1.00)[]; MID_RHS_NOT_FQDN(0.50)[]; ASN(0.00)[asn:14618, ipnet:100.24.0.0/13, country:US]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 21:38:23 -0000 On 2020-04-03 16:48, Alejandro Imass wrote: > I'm having a hard time picking between these three. > Just want to get a general pulse on the long-time experts here. > No intention to create any flame wars, just objective comments pls. Hey Alejandro, I can't give any advice on CBSD, but here is my 2 cents on iocage vs bastille Iocage: - Written in python, so has bigger dependencies footprint - ZFS only (does not work with UFS) - Uses its own settings files and format, disconnected from jails.conf (this is good and bad, bad if iocage breaks you cant start the jail manually) - Supported by IXSystems ( not 100% sure on this one) - Has a concept of "plugins". "plugins" is a misnomer, in fact this is a way to allow user to provide some input to a deployed image to customize it. My experience with plugins was not very successful. Plugins are expressed in awkward json format without proper documentation (I haven't found any, so if someone knows where to find it - please share) - Core set of features is mature enough to use it in the wild - M.Lucas in his Jails book advocates iocage as one of the recommended tools - supports resouce control with rctl BastilleBSD - Written in shell, zero dependencies if you have shell interpreter :) - Works with UFS and ZFS - AFAIK uses jail.conf to store configuration (not 100% sure) - Has concept of templates, which I find to be much better than iocage's plugins - Less mature, I often encounter bugs or unexpected behaviour. To it's defence the tools is very young, and is being actively developed, new features and fixes are being added every day. It did not exists at the time M.Lucas was writing Jails book. - The author is very responsive and replies to comments and issues on github (same thing can probably be said about iocage, but I personally did not test this) - last time I checked did not support rctl Both tools support VNET jails. Overall you should pick a tool for your task. But if both tools fit I'd recommend trying BastilleBSD as I personally like it's approach better. It might not be a super smooth ride, but you can help improve the tool and give the author first hand feedback ---- Ihor From owner-freebsd-questions@freebsd.org Fri Apr 3 21:55:15 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DB3012737F2 for ; Fri, 3 Apr 2020 21:55:15 +0000 (UTC) (envelope-from aimass@yabarana.com) Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48vDHg2JLcz4Kf1 for ; Fri, 3 Apr 2020 21:54:54 +0000 (UTC) (envelope-from aimass@yabarana.com) Received: by mail-lf1-x12d.google.com with SMTP id f8so5675553lfe.12 for ; Fri, 03 Apr 2020 14:54:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yabarana-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=xf9PdWA3P10AHj5dBp7r8SStCLTcdx/+L5IAxMzKuFs=; b=EZQJRZVmxSHV/UX2nMhOA3XlImlizk6xKYsHNhHEkUcnM0YwVLz8d99dG7wbbhvRoH M4bFw6Tb0NLZJ8cTgsEGQEgqHni5GaGq6L+qGMynlZSP6+Q9XvYQB2/fM9v7INEQphbF ZN0uWmH2DrX/klDLuvbbhvJku1Em34L1MHFN1KQL/faMQZJLnZ7XZJqJ3MlDR+zqHwiG 0eHAqsC/2msE8W9m9gmerFwZ3d7JclgmtlJzUiS9XvHOW9JkDHzWs3gNwU57PEjGHKrD PRNqPEuVZMdiqWHw3MdrnWugm0RqHFVdYRgsSUDC1TJaqXRQAAvqHYSStmDK8B9rRwtn 2guQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=xf9PdWA3P10AHj5dBp7r8SStCLTcdx/+L5IAxMzKuFs=; b=PL43wW7K6C5ZpSCPGCjmIKf5URyE2sZS1s0InGw8TH6x5zz1Qu5uYAyr2QVWl2Rym0 x3GLkmnz6aeRRDBRFsy8hF0cgVt4FMkujCDXKD5eLw9MqJDxjqe8RB9+xFyKisecdnSH frPo7VoqGUUUCcQ0Q/+jHNzVwXqQthBFXDx/6rLeB3FWgTdyQCEx7rq+P59pZQ8R6rE5 H0YWUBz3dwMe8OXMaICPHjP0k0MnNTPlCA/HlxlxDaAwwtnl5x06DOkT5aiHy5ccPJ56 JmyN9kPJQP2JYyBFymlB9tJef7KtKXlaNf8jF5T3ZExWO4h14sK+aXVcVzxy+m3nXLts AxOw== X-Gm-Message-State: AGi0PuaR6l7bq+Z1kjMiZvNVyUAoS/zIFgSHnjHoYFX18ue/kXjtYDUy dU2wNf/OMpO/qS9uvRBLbxcWZs1kB2SYupilSYYXnOrdSQA= X-Google-Smtp-Source: APiQypJ8T0FcBAwEAOf4Bh3rJRlcpJhz9Rd1O5eCyEuiqXr3zp4GecBH4hC9qLuwhSQHgmhipo1Xba6XUX2luOQkrmU= X-Received: by 2002:a05:6512:686:: with SMTP id t6mr6882725lfe.163.1585950885151; Fri, 03 Apr 2020 14:54:45 -0700 (PDT) MIME-Version: 1.0 References: <20200403213742.pdyuuoqudro3qvx4@sea-ll-10936> In-Reply-To: <20200403213742.pdyuuoqudro3qvx4@sea-ll-10936> From: Alejandro Imass Date: Fri, 3 Apr 2020 17:54:34 -0400 Message-ID: Subject: Re: Bastille vs. iocage vs.CBSD opinions? To: FreeBSD Questions X-Rspamd-Queue-Id: 48vDHg2JLcz4Kf1 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yabarana-com.20150623.gappssmtp.com header.s=20150623 header.b=EZQJRZVm; dmarc=none; spf=pass (mx1.freebsd.org: domain of aimass@yabarana.com designates 2a00:1450:4864:20::12d as permitted sender) smtp.mailfrom=aimass@yabarana.com X-Spamd-Result: default: False [-3.81 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[yabarana-com.20150623.gappssmtp.com:s=20150623]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[yabarana.com]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE(-2.31)[ip: (-8.69), ipnet: 2a00:1450::/32(-2.36), asn: 15169(-0.44), country: US(-0.05)]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[yabarana-com.20150623.gappssmtp.com:+]; RCVD_IN_DNSWL_NONE(0.00)[d.2.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 21:55:16 -0000 Thanks for your responses so far, very instructive. As Ihor, I am also inclined towards Bastille for many of the same reasons. NVL iocage seems very cool as well as does CBSD. But, since I am a biased pro-Perl person (which is almost the same as saying anti-python) I am trying to be objective and avoid confirmation bias. I've been happily using EzJail for about 14 years now, and never had a serious issue. But these other tools seem more container oriented and I want to be able to do many of the things people are doing with Docker and ECS but on FBSD in bare metal (I am NOT a fan of virtualization and AWS). From owner-freebsd-questions@freebsd.org Sat Apr 4 14:51:30 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CC84E2AE9F2 for ; Sat, 4 Apr 2020 14:51:30 +0000 (UTC) (envelope-from tomek@cedro.info) Received: from mail-ot1-x343.google.com (mail-ot1-x343.google.com [IPv6:2607:f8b0:4864:20::343]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48vfrV3tM4z4cb4 for ; Sat, 4 Apr 2020 14:51:22 +0000 (UTC) (envelope-from tomek@cedro.info) Received: by mail-ot1-x343.google.com with SMTP id 111so10455140oth.13 for ; Sat, 04 Apr 2020 07:51:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cedro.info; s=google; h=mime-version:from:date:message-id:subject:to:cc; bh=6/GVodWi/u49BH6E0FWocB5kU7SkrVdij6AtlFT5fk0=; b=cuWLEqlF6Ulz1UkmpgKCOVYgNJJlcW8T4zVfzqRDZfevfcKr6E7Q8j82yawTSzoR9G xTKDzG1WnSt/gTmRcckgVHqqTyMrNNIjy0m+Ny/p6v35q0F9DJhb3DhpYdobbvdEAIQ0 xljWIVzAPw9BFXA5Sjt/xoOipD7LgALGvYPcKpNMKQOZJ2d2ZEgau8rmxH4ZKJZbEsRo XvYE0yzPkCI6lKsE0SPTFm5sIFqxsDT84+kHk9gtrUpfJQxpWACqOu2fBKzakfJsl8kG GIAqoX8UcxT9CuSCbCVe36aPsK0NKrMZHg0u+u0qaWNpw+q4OUeOevpF05D3XcUbKetm O1lQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=6/GVodWi/u49BH6E0FWocB5kU7SkrVdij6AtlFT5fk0=; b=UYf95H9lPdOtH3nmEyz70f2fQCIGrXCevTwBF6QhVuzUZBBlTZMr2Pg1uZtQqtDU36 HNCPACM+aOAKeSDEb4qEYOp6yZdvhgPtsFaDpvUIR/y/Z7fnzIymaStwFgPPEnJwu343 tYLBmuBshZlgzvnR3UZggbTZF+9DNA1KmE5h3Gd1rPMmsHrN5i+lB1kR2FXaZrd0H9dh 5j3B7XdO1vSXbkTWBdllHpJgP8kLQ9lFMfspVEUyY4B92jQTqjfKpUWtUXpdQ0dNFqda GPQPmafjbWftHLvk3SE/blST+howwLdTII/3SzNjmp99hcDtMiqMwOL0rXcFWSpAg/Dz V3Rg== X-Gm-Message-State: AGi0PuZkEsNrVaTHxIC9QCRpOM1JAsRaa2ZWIQ0kh51U3ZEOYXSmFn7R CtrnRrmN3hgR81Q3FeaDzDrOieinbus= X-Google-Smtp-Source: APiQypIxDWg5q5rJqwIFyhpx90zkon823yKrnB/9N6bD2Ltn9ls0Wcs/jabX+L7Fhwk/RsxTW0nz5Q== X-Received: by 2002:a05:6830:1054:: with SMTP id b20mr10571942otp.360.1586011872643; Sat, 04 Apr 2020 07:51:12 -0700 (PDT) Received: from mail-ot1-f49.google.com (mail-ot1-f49.google.com. [209.85.210.49]) by smtp.gmail.com with ESMTPSA id w21sm3072893oif.45.2020.04.04.07.51.11 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 04 Apr 2020 07:51:12 -0700 (PDT) Received: by mail-ot1-f49.google.com with SMTP id c9so10454742otl.12; Sat, 04 Apr 2020 07:51:11 -0700 (PDT) X-Received: by 2002:a9d:5187:: with SMTP id y7mr10514439otg.159.1586011871117; Sat, 04 Apr 2020 07:51:11 -0700 (PDT) MIME-Version: 1.0 From: Tomasz CEDRO Date: Sat, 4 Apr 2020 16:50:53 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: /usr/src/release/release.sh -> ports -> fetch pkg -> Bad system call (core dumped) To: FreeBSD Questions Mailing List , FreeBSD Stable , freebsd-ports Cc: Hans Petter Selasky Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 48vfrV3tM4z4cb4 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=cedro.info header.s=google header.b=cuWLEqlF; dmarc=none; spf=none (mx1.freebsd.org: domain of tomek@cedro.info has no SPF policy when checking 2607:f8b0:4864:20::343) smtp.mailfrom=tomek@cedro.info X-Spamd-Result: default: False [-2.38 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[cedro.info:s=google]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[cedro.info]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[cedro.info:+]; RCVD_IN_DNSWL_NONE(0.00)[3.4.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-0.08)[ip: (0.40), ipnet: 2607:f8b0::/32(-0.33), asn: 15169(-0.43), country: US(-0.05)]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Apr 2020 14:51:31 -0000 Hello world :-) I would like to build a 12-STABLE (/usr/src contains svn.freebsd.org/base/stable/12) locally on strong machine (24CPU 127GB RAM 12-1-RELEASE AMD64), then test changes on my local machine (panasonic toughbook i5 laptop 12.1-RELEASE AMD64). This will be used for testing kernel patches and driver development/fixes. The goal is to have separate zroot/ROOT/stable to select and act as the FreeBSD base. So far I have zroot/ROOT/default to use FreeBSD 12.1-RELEASE. I would like to switch between those to on boot to have one base system stable for working and another base system for testing on real environment. I noticed that simple copy of /boot/kernel does not work on my target machine. Thus I am trying to create a whole release, put a separate system base, then on boot select different zfs container base to boot from. I just love ZFS for that! I may even use snapshots to log and rollback changes. Questions: 1. Is it a good build / testing environment? Maybe there is a simpler / better way to cross compile binaries and test on another machine? Both are using 12.1-RELEASE AMD64 installations so far. All /usr/local should work both with 12.1-RELEASE and 12-STABLE right? 2. When that works, I would like to cross-compile for ARM in a similar manner, then attach pyOCD + GDB to debug ARM target. I guess that should work too as above? 3. During /usr/src/release/release.sh I get following error as pasted below. Does release.sh update /usr/ports just as it snaps from svn or it will use the /usr/porst that are just there and I need to provide /usr/ports in a state that will be bindled into a /scratch release? ===> docproj-2.0_14 depends on file: /usr/local/sbin/pkg - not found ===> License BSD2CLAUSE accepted by the user ===> Fetching all distfiles required by pkg-1.14.2 for building ===> Extracting for pkg-1.14.2 ===> License BSD2CLAUSE accepted by the user ===> Fetching all distfiles required by pkg-1.14.2 for building => SHA256 Checksum mismatch for freebsd-pkg-1.14.2_GH0.tar.gz. ===> Refetch for 1 more times files: freebsd-pkg-1.14.2_GH0.tar.gz ===> License BSD2CLAUSE accepted by the user => freebsd-pkg-1.14.2_GH0.tar.gz doesn't seem to exist in /tmp/distfiles/. => Attempting to fetch https://codeload.github.com/freebsd/pkg/tar.gz/1.14.2?dummy=/freebsd-pkg-1.14.2_GH0.tar.gz freebsd-pkg-1.14.2_GH0.tar.gz Bad system call (core dumped) => Attempting to fetch http://distcache.FreeBSD.org/ports-distfiles/freebsd-pkg-1.14.2_GH0.tar.gz freebsd-pkg-1.14.2_GH0.tar.gz Bad system call (core dumped) => Couldn't fetch it - please try to retrieve this => port manually into /tmp/distfiles/ and try again. *** Error code 1 Stop. Any hints and comments are welcome :-) Tomek -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info From owner-freebsd-questions@freebsd.org Sat Apr 4 17:19:46 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 60F8F27AAF1 for ; Sat, 4 Apr 2020 17:19:46 +0000 (UTC) (envelope-from paparucino@gmail.com) Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48vk7X17bhz4ZWg for ; Sat, 4 Apr 2020 17:19:35 +0000 (UTC) (envelope-from paparucino@gmail.com) Received: by mail-wm1-x32f.google.com with SMTP id z7so10419071wmk.1 for ; Sat, 04 Apr 2020 10:19:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=4yMf6hWf3Ucz/AHP9CqD2YpFmT6uN5K7j8jkZzbQUqg=; b=QA4PlRnQms6S8q8Xh9o2AcaYBP9L5U+3RsvpNyIldO+t02XwaHFOyDkxDAkknh3CLx yI0kVtV9Fy973Qw449Cm3csuROOxZh/oZxTTp7TA6K/g4mBpuVXjGsDiAUkDe/oSc3oL G1S9tjeBNH3SRX/04EK7Yun7uQNAOHjpp3dZ4ZZWzYOLffxE/X0evnQAVGqV8rvi2+s/ hADwRT9KTXxzTckTtfTKjczCgB4H8t7C0PPwweoKDYz6uNnIMxww1IEXE98a2CQnSh6t BTRAESFu4X4ypeyYkcM1B8XQHKVO+SoV/rXOwVqYHXZGIN2TqPGKFEpJFsLzwZ7IZKqe sxUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=4yMf6hWf3Ucz/AHP9CqD2YpFmT6uN5K7j8jkZzbQUqg=; b=maTp93Ipy7jFwPeoVdPYJ+jmxpUwuLoXnmKnYJEvaqRXLwPzR4hYwyd8x+foWjZtiL kZL4RQK7DMKORiE9bi6bapR/t6KOx+BV6jvS6iwNnWGU2wkuILzL11YEaRqMSWVwe6bV kuG4rkcg5rzF5iArRenL5aaJYxbL0A48g/upCN/2isaNpGCvCnA/sdfXFGpKGxPLlK1U cQnEf+fyaow7T2HS+FOofCAv3oBEn5MTSF5UNKV/8b0+513Tb5oUsKk+lf7rYXP7cpQx bv6hVWjeke0J3OBFVmb8PMnF6OZMLA3afb9VvPUricuU9mYpcx+uQQO2coEFNOvtPNWw uduA== X-Gm-Message-State: AGi0PuZmFHG1HhxLqpLx3dpu/cZltS3oDNkL8Fbhej3vbhypXgDLMZQ1 6TrRA38h+fM5AqzG0H5EvE1R9znZ X-Google-Smtp-Source: APiQypLf16Bpqm9ea8fNUIWwHcPEd+Y/BamyY22A51QPbcBXh2M1pkd07jp5xsNYfTAHwhoyhIhuaw== X-Received: by 2002:a7b:cf02:: with SMTP id l2mr11823935wmg.4.1586020402823; Sat, 04 Apr 2020 10:13:22 -0700 (PDT) Received: from [192.168.1.2] (host91-95-dynamic.6-87-r.retail.telecomitalia.it. [87.6.95.91]) by smtp.gmail.com with ESMTPSA id r11sm18121099wrn.24.2020.04.04.10.13.21 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 04 Apr 2020 10:13:22 -0700 (PDT) To: freebsd-questions@freebsd.org From: papa Subject: trouble installing vbox additions Message-ID: <48186e5d-0aa9-43ea-ee8e-edc9a2e2a650@gmail.com> Date: Sat, 4 Apr 2020 19:13:20 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Rspamd-Queue-Id: 48vk7X17bhz4ZWg X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=QA4PlRnQ; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of paparucino@gmail.com designates 2a00:1450:4864:20::32f as permitted sender) smtp.mailfrom=paparucino@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(0.00)[ip: (-9.00), ipnet: 2a00:1450::/32(-2.36), asn: 15169(-0.43), country: US(-0.05)]; RECEIVED_SPAMHAUS_PBL(0.00)[91.95.6.87.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; IP_SCORE_FREEMAIL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[f.2.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Apr 2020 17:19:46 -0000 Hi all, I have just installed FreeBSD 12.1 into a Vbox version 6.14. Im trying to install the guest additions files and was confused. cd to /usr/ports/emulators/virtualbox-ose-additions then make and got following error env: /usr/local/bin/perl5.30.2: No such file or directory while I have installed perl5-5.30.1 and it seems to be the last version available Whats wrong? and... is there a pkg for this package? thank you in advance paps From owner-freebsd-questions@freebsd.org Sat Apr 4 18:40:04 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E76C727D965 for ; Sat, 4 Apr 2020 18:40:03 +0000 (UTC) (envelope-from bsduser@cloudzeeland.nl) Received: from poseidon.cloudzeeland.nl (cloudzeeland.xs4all.nl [83.161.133.58]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "cloudzeeland.nl", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48vlw55twzz471V for ; Sat, 4 Apr 2020 18:39:49 +0000 (UTC) (envelope-from bsduser@cloudzeeland.nl) Received: from poseidon.cloudzeeland.nl (cloudzeeland.nl [10.10.10.36]) by poseidon.cloudzeeland.nl (Postfix) with ESMTP id 32E8617896 for ; Sat, 4 Apr 2020 20:39:35 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cloudzeeland.nl; s=cloud; t=1586025575; bh=jIVtSjPm75rrHqZ0DxZqRpioTg5n44tZWhGVHYNv26U=; h=To:From:Subject:Date; b=SVkq9PeT+D1l5AWEb117vFXbwgh1+bOHBSd0dE3DrNAxyngj3pTfCm/GqzAyHUx4D 5tasWFTEe5ay2g2pF6zYRKvSknSixRCmaRLuhKmwmI0u2LSdgJ0vcR0b1O7q9Te4/p RfDfhLSY8yQz/AjQkshFPUO2Vd08ldJgpYTCfDXk= Received: from [10.10.10.34] (pion1.rpicloud.nl [82.176.127.71]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by poseidon.cloudzeeland.nl (Postfix) with ESMTPSA id BE7B617895 for ; Sat, 4 Apr 2020 20:39:34 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cloudzeeland.nl; s=cloud; t=1586025574; bh=jIVtSjPm75rrHqZ0DxZqRpioTg5n44tZWhGVHYNv26U=; h=To:From:Subject:Date; b=1Kk+NMsYKRf/M915Nwvz+Wcljelrff6odCPbexkOUprtJCcdn3LAU2KgAhApnO0Zc tblwwxOciwEijIPTPWDTcJdpZRkZBDCLbTbxwckcN32QNB91Xx7Vtuz1bjQXtUZbWs U/Ye3xZ98GjBb2MnQsEuhsgVwMNrMCd+OVb1LnUg= To: freebsd-questions@freebsd.org From: Jos Chrispijn Subject: ipfw | including external IP txt file Organization: Userland rocks! Message-ID: <00c3978d-c350-aec4-76fb-85718c4a6935@cloudzeeland.nl> Date: Sat, 4 Apr 2020 20:39:34 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-GB X-Virus-Scanned: ClamAV using ClamSMTP on poseidon.cloudzeeland.nl X-Rspamd-Queue-Id: 48vlw55twzz471V X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=cloudzeeland.nl header.s=cloud header.b=SVkq9PeT; dkim=pass header.d=cloudzeeland.nl header.s=cloud header.b=1Kk+NMsY; dmarc=none; spf=pass (mx1.freebsd.org: domain of bsduser@cloudzeeland.nl designates 83.161.133.58 as permitted sender) smtp.mailfrom=bsduser@cloudzeeland.nl X-Spamd-Result: default: False [-4.83 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[cloudzeeland.nl:s=cloud]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; HAS_ORG_HEADER(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DMARC_NA(0.00)[cloudzeeland.nl]; DKIM_TRACE(0.00)[cloudzeeland.nl:+]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; IP_SCORE(-2.33)[ip: (-9.83), ipnet: 83.160.0.0/14(-1.82), asn: 3265(-0.04), country: NL(0.03)]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:3265, ipnet:83.160.0.0/14, country:NL]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Apr 2020 18:40:05 -0000 Can you tell me how I can best include text file T with blocked ip addresses to my ipfw rules set? this file contains ip addresses to be blocked in this format: .0.1.0/24 1.0.2.0/23 1.0.8.0/21 1.0.32.0/19 1.1.0.0/24 1.1.2.0/23 1.1.4.0/22 1.1.8.0/24 1.1.9.0/24 1.1.10.0/23 etc I am already using a table(22) but don't want to alter that one but include the T file in let's say table(10) or something like that? Thanks for your comments, Jos From owner-freebsd-questions@freebsd.org Sat Apr 4 18:47:50 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4835F27E017 for ; Sat, 4 Apr 2020 18:47:50 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48vm583jYfz49dh for ; Sat, 4 Apr 2020 18:47:39 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de ([178.5.89.59]) by mrelayeu.kundenserver.de (mreue108 [212.227.15.183]) with ESMTPA (Nemesis) id 1McY4R-1ikeGT0dzh-00cuoB for ; Sat, 04 Apr 2020 20:47:28 +0200 Date: Sat, 4 Apr 2020 20:47:27 +0200 From: Polytropon To: FreeBSD Questions Subject: Direct control of parallel port data lines Message-Id: <20200404204727.cd2a4042.freebsd@edvax.de> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:+c2VYRCANZ2RAT2mOmZET6koPKc3kvmwSf+AnSB6xgGxkiNYS56 U+PW8mDJNLrjFNFN8ALjQXTlYS/qJ34nR0GQrBYtQnTNqzguVNHX7M+wa81n1/KJEPHI6sK p1m1YbAyrzmx3nN4VUc7FXBTR4df/pil4d4zdtf5h7PYDm5kvYC/3OJyg+Jm/Ht31sCwA5y si3HGuO3sIzJ2rkwixKRA== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:3pBCWZj/jnM=:nsvoMxSEchupxRoRyn6x1S pEdB8TQbqAgYtzky/fTNCv4NIu5U4TNBWy+yPY1p4i2bfv1Pf6xxbVB7gu+7AHqV+8aCtFotF FoO9eyFFg+nlGX8xOFA06AY/FgNestbagHC93kv7L1QIv5fBcSOy2is8Pbt54TgdGufguBqbH uTxTX2bXIbN6anzNAX1Bup1ygy7RsMiycx91bOdCvELaJHxhhBor636dyTfr5ZcvOxFMhwwBW UOwEfX5wAMlLHRkCCveK0eV7bl0C4rVUAy2XibRIzq4g+Qb7G+eP65xNLFe0kqmKgPq5gzytZ kcq6B0Ov+HYvD3umoK1GZ6qCDRoPomlBv+Zyq3Frk25h1vwwtCTTM2pS9/7foYchlr9uwn2zT Bv1MoGu0hPCuyDWeeikDFl2uXbroV6GFIo9NcCRV+JQvRLxDZnW5mANcZULZJFovdSEq9I118 u+QnoMGM/MZ2pIAPJ36XdvGq2rbt47PaGvuxEHi4upxodVEx+RfE3f0jFB8z3w6tdtQ50ip2Z Yfpkjs7UytOyfNpDEhydAXiZzbSF4j0KIzihsyhGn+5TnLBOgJ3VA59iLMBU8f3OCL1DdGL15 zFYPJ2EOyTrNydWdtEmeTZqSZ99HfUMPshejqipSYYP04RvVhAM4kZPftNM6Q1r/3eRvC/cFD 3QRacBiCON0y3rdajnLM2DlD0FBeKQVWSrvxF4QxYV8+W+HRScrkLfa5RTDXQaCnvQpINEjLK BEv/7WlEVKAN2RfNM6aj4oGiFkn8CvdpFUAkFh6GA+pA6XY5ame4qV3tenK83IhKYZ/odevF8 hB8mtDGevdVozKDw7NfTQYbuRrWZaqBu3sNKSnNLxXYt5+dYx7wmj2AJvJt90DlzeAwoGjx X-Rspamd-Queue-Id: 48vm583jYfz49dh X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd@edvax.de has no SPF policy when checking 212.227.17.24) smtp.mailfrom=freebsd@edvax.de X-Spamd-Result: default: False [4.51 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_REPLYTO(0.00)[freebsd@edvax.de]; MV_CASE(0.50)[]; HAS_ORG_HEADER(0.00)[]; TO_DN_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; MIME_TRACE(0.00)[0:+]; RECEIVED_SPAMHAUS_PBL(0.00)[59.89.5.178.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; ARC_NA(0.00)[]; REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[edvax.de]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_SPAM_MEDIUM(0.97)[0.974,0]; IP_SCORE(0.15)[ip: (-0.23), ipnet: 212.227.0.0/16(-1.15), asn: 8560(2.13), country: DE(-0.02)]; NEURAL_SPAM_LONG(0.99)[0.991,0]; RCVD_IN_DNSWL_NONE(0.00)[24.17.227.212.list.dnswl.org : 127.0.5.0]; MID_CONTAINS_FROM(1.00)[]; R_SPF_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Apr 2020 18:47:50 -0000 For an "external relay control unit", I need to activate certain lines of the parallel port. I wish to address the 8 output lines of the port. How is this done on FreeBSD? On DOS (not that DOS, the other one), it was quite simple. Depending on which parallel port you wanted to address, you simply needed to put the correct byte to a port whose address would be assigned to the parallel port you wanted to address (usually 0x378, 2nd one was 0x3BC, 3rd 0x278). In ye olde Borland C, you would then do: outportb(portnum, databyte); The "composition" of the databyte was easy: You could control each of the 8 output lines of the port by having their corresponding bit set or cleared, so for example 1 | 2 | 8 | 256 would be bits (and therefore activated lines) 1, 2, 4, and 8. The rule was simple: line n -> bit 2^n; And for the pins of the port: line n -> pin n+1 (D0 - D7). To each of the 8 lines, a 2 x 7400 + SF123 + relay unit was attached, and you could then control anything with the relays. (By cascading, you could get more than 8 output lines.) All this is a memory artifact from more than 30 years ago... it needs to be reactivated... ;-) Because Borland C here of course required "#include ", it doesn't work on FreeBSD. What's the correct in FreeBSD equivalent here? If possible, I want to use C for this task. I checked "man ppc" and "man ppi", but I don't find their content convincing, probably not what I'm looking for. What am I _actually_ looking for? -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@freebsd.org Sat Apr 4 18:54:48 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 24FE327E417 for ; Sat, 4 Apr 2020 18:54:48 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mout.kundenserver.de (mout.kundenserver.de [217.72.192.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48vmF831kvz4CyZ for ; Sat, 4 Apr 2020 18:54:35 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de ([178.5.89.59]) by mrelayeu.kundenserver.de (mreue109 [212.227.15.183]) with ESMTPA (Nemesis) id 1N0o3X-1j8kbJ2AJZ-00wkyl; Sat, 04 Apr 2020 20:54:28 +0200 Date: Sat, 4 Apr 2020 20:54:28 +0200 From: Polytropon To: papa Cc: freebsd-questions@freebsd.org Subject: Re: trouble installing vbox additions Message-Id: <20200404205428.99b45c04.freebsd@edvax.de> In-Reply-To: <48186e5d-0aa9-43ea-ee8e-edc9a2e2a650@gmail.com> References: <48186e5d-0aa9-43ea-ee8e-edc9a2e2a650@gmail.com> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:Modd0lfkQC5MXQkWbdfpJ7nbOKa6+KkP6Zh9n0vHqG4NviDwAwv +eIJxE54JjJ3mxKzz9hCvF3fFehHH0rDmqp8j4aVPz73mmSXqoiVWoJSR7RCWX+2uQ3rVM1 Gygc0gtPWFjH4Nv6quoQrcKIXIJmTrcwpw97ROoNxtdv5YVI+iLfquEZ7c3bKf9seBAeVNW uI3C6R14ubg2d0+2yr8Hg== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:YHhGyH/SL0o=:gZWqQdikUHRmL9gWM1GdN5 leHrcBnBWl10FLbIDz4XWolB20Gl5DfCJk9SrT6iKoRW1z210oPnQSUNJUdcZNnLnQPUlz79G ecEpGWhJ/5+jPtjBSYUKE92N/Sg5Mdws1vBxmyAx5I8K1zLCMFopUU+TFrh23bKTrU9cAUVB3 wktv/++uVtS/b8OSK9L4H4kdPRpp80z7l5BCEcDI+KdUFmRRTycDjVYg/khNEMce7H30YMLAa F2n51a3GPUqcRUT+erp5uJ6rpREh/MH/t2jIfoZqKwCHoSYKAvXcPYjTSK8QNJkrboQWlKhKW PU3ena7+dIKcTTV+CSRwnNiDx4xw4ZjMw2yXWaZsEpjAG8awaRyUVColw9v0canJnowvZEaf7 EZI+D3XpkxYJvwbLNPNoO0F8B4lWqQHzsTu4BujGVuaTv8s00SgVNWTOOeE7rhNoNmzJLMhQu s3y79/X2erekqCaW9sfyzSftZuPZMBSgCfjm/EUVFhqMwSQFr0Zr+7+y4dwmjVo/Ef8DDuIvc DjRZV3v5nRf5oH/vkOgISXdOzJxkV8K6Q8ax7jRI31uQynIS7G2fnNiQtSE4ztisXgMuc3q3p uOCDelXGQxK6qC2GEb3U8Za4l59Dw1x7fWrwOQGSChgBwuITGL3oRcndovy8bjVKCmA2UJUDI DGOt6zoEGKF0m3jiqaudUYTrkkf1V1BB1TM2WURlDnuwxs20I6PS8b721zKU5GtYAUpCL5BWz ShztvbWLgR85Ac0O+Qg+J5mvka7XU2IWS/Gvh2RfHoj5zWvvKMDMxDqrJrn70NIGXA22TDGVN tDiYCLYBWQMivyhVwd+biGSQKu5dpk6HdlOd/xUfvSm8JuFbVod1jIoDFd8sv61LKgTSasJ X-Rspamd-Queue-Id: 48vmF831kvz4CyZ X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd@edvax.de has no SPF policy when checking 217.72.192.75) smtp.mailfrom=freebsd@edvax.de X-Spamd-Result: default: False [4.73 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_REPLYTO(0.00)[freebsd@edvax.de]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; HAS_ORG_HEADER(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:8560, ipnet:217.72.192.0/20, country:DE]; MIME_TRACE(0.00)[0:+]; RECEIVED_SPAMHAUS_PBL(0.00)[59.89.5.178.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; ARC_NA(0.00)[]; REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[edvax.de]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.99)[0.986,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(1.00)[0.997,0]; RCVD_IN_DNSWL_NONE(0.00)[75.192.72.217.list.dnswl.org : 127.0.5.0]; MID_CONTAINS_FROM(1.00)[]; R_SPF_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; IP_SCORE(0.35)[ip: (-0.66), ipnet: 217.72.192.0/20(0.28), asn: 8560(2.13), country: DE(-0.02)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Apr 2020 18:54:48 -0000 On Sat, 4 Apr 2020 19:13:20 +0200, papa wrote: > and... is there a pkg for this package? There are two: % pkg search virtualbox-ose-additions virtualbox-ose-additions-5.2.34_2 VirtualBox additions for FreeBSD guests virtualbox-ose-additions-nox11-5.2.34_2 VirtualBox additions for FreeBSD guests You can choose between the normal and the "no X11" version. Using the package should save you from the perl5-5.30.2 <-> perl5-5.30.1 confusion. However, perl 5.30.2 should also be availeble: % pkg search perl5 perl5-5.30.2 Practical Extraction and Report Language perl5-devel-5.31.9.71 Practical Extraction and Report Language perl5.26-5.26.3 Practical Extraction and Report Language perl5.28-5.28.2 Practical Extraction and Report Language unit-perl5.30-1.16.0_1 Perl module for NGINX Unit -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@freebsd.org Sat Apr 4 20:20:34 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E91EE2A1A64 for ; Sat, 4 Apr 2020 20:20:33 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from oceanview.tundraware.com (oceanview.tundraware.com [45.55.60.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mailman.tundraware.com", Issuer "mailman.tundraware.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48vp832Bq0z3GqB for ; Sat, 4 Apr 2020 20:20:18 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from [192.168.0.2] (ozzie.tundraware.com [75.145.138.73]) (authenticated bits=0) by oceanview.tundraware.com (8.15.2/8.15.2) with ESMTPSA id 034KImPi084044 (version=TLSv1.2 cipher=AES128-SHA bits=128 verify=NO) for ; Sat, 4 Apr 2020 15:18:48 -0500 (CDT) (envelope-from tundra@tundraware.com) Subject: Re: ipfw | including external IP txt file To: freebsd-questions@freebsd.org References: <00c3978d-c350-aec4-76fb-85718c4a6935@cloudzeeland.nl> From: Tim Daneliuk Openpgp: preference=signencrypt Autocrypt: addr=tundra@tundraware.com; prefer-encrypt=mutual; keydata= mQINBFlVgYoBEADIYD9W4mbKz5cEleX923hagDWkxyJl4kRiMJnz+dNAH71MItSdErMb0cFt CPxVncb4dR4R2ec0c0MjPcgVINNtbY1DMWsF7t31TKD8NG9ZjLqF6fZDFjgkRejqHytgjmCI UejrMSCf0UJsLtg+I3N1ZVVxd7ALj2bCvC/uc5S7j+YbNnhQvSoBbdFj/xOTjyOGGpk7WfB7 e42PGKq1NSgnI7tcY6HSaSH+LHeoc0yUpBb5A1ge+RhR1N9JTniEFe0qvOBi+HgUltEoxsk4 xb6IhpkDOTsxHvEg5h0ukfl8kG9cu+LrEBqwPaC8lPw3UmoTEAU+lXHanPE12JCF/54EtVCc rb4W0vqgGmLJzn5dRU/fWkar0FKPq4eoV0XMbGZKIC6pWQnMEsxEMpNvh7oefK6Kyn+LO+59 +sNYHbv1RImDJccmfHTOA6/jHdwOcnYy37U8UF7e+mGrwNs8GsMQx2AaQbR6VErakH3GBgft bMFOGQxiaRBkbzba7BZCQ060yhiC3/Mb/xHoVi7PBEmKig1SErTMA7Fh3CYPYIRDphNs6OSr tf9O4hbzUAsjbU3rxOfiWQjP3fSOM0KUBj4wpIWZlMrjAGnMIz2wHb211wsBiLqSaGiiO1LR 7RrcvbIFZvHQHiWe2tdRyuH3N/h7A316yoLfx+yy1gyP5weWsQARAQABtCRUaW0gRGFuZWxp dWsgPHR1bmRyYUB0dW5kcmF3YXJlLmNvbT6JAjcEEwEIACEFAllVgYoCGyMFCwkIBwIGFQgJ CgsCBBYCAwECHgECF4AACgkQdoOXo5EJFKntcA/9F9ags9Ik5C49N39iRq+yqBdn/Lr75rqv +Yg7JkjeVlwHpnQt1S6orTC7EaJc+AqY3szCEmhfuT0+E96Bw2k+G/XRnaedZ9SHSdImlmq0 RmOFpWLr67ScvlA9YG1tyR+QYraEFqK5EB6qhOWRJoz1BYtAAntK9b9gUTXt/277sT7lAWaj oPi4CDd4DofHc4E9VRsniMQNMLCWqc/ygAK07cWbK2Rh90tS2C4nK6OHFkNkK94zDilfxod1 NBFTUPPYfEU2CSa3eLlpfhYY3/2X7zNvmmCt+chHUnAhQLhldQ3WlqmTKP+ZK9LX002/bY1O M8Zk76WyA/A3EfsIUbnXBQvFyjwX6W4QEytlZWtp/yRIe64JOa3dZ8rkhragb2N4VgVLBVe3 jtZgfQ72pHrfNk/T0uT+hjFqInvIYiXkhxB2GiD7Ga28VuXojTmeoaW3GKcvoVxONSju7WzD XgyxWRmNpd5uifJcC3YU3tNNAosnQ0/5FW4wkducSEVwwqnAiSMQEMDDa/e6oP6GyOzes5SV LTNCRYdHWVKbxjetYU4SKm5RdLx9XuJo0qL9vO97mCNwdNkTM7gO2ycQ49qUiGbCZJOh2gpP ZRFrpJDxbloosAfOEB6IYjhb38u6jvbScJKK3bWA+a8TK4SrQpdRd1cAnW9sA8jCTV8ejZq0 CHm5Ag0EWVWBigEQAJYuihAOOOe/kAn045Ayn+3is3S+6eV4IAgL6lJhoChkgUJJuFoRX9BY rd35z29+q2/UCoProzd4Mk66wXeWv6n4s5R79OUzjgMLCTVlVaMy4gjPL9NRDwMt7KYRF56g mnoKZwfPDi/oJ5toPPboW94FrMwonqbdqYM2Pyi/HPMe4e396WQ4TaA1CdhyzKHoFSpkGcjX zIQ5yQ5aaGS7wonRu/pg15dbu+8QOgxRNFa0bO+ntz/30u+VmxFqFVbExjuy3Or8fSBhJgx4 cfyrrunKLclpZ/52VeK3l53yWYpR8RaTZfzpu8Ih+ijAY4XLO5F8P1T6sEviMaTY2F0sbFRx ZJXsgFpiKeWPHUn7/LX7qcoFJYoFqG6b3n5km+qy39x6lMgJDuxKpeN6lYj//LB6xVzn0JI+ 4ZHPrEkFqxu8VkL7deCPTI67ZJik18jXjTH9sha1YBvgvxIPFMA7ZwXX2AwNu7PzdcCpWarS usOAHbjQBUsQ+ZPpI1oeFnsCPZ+8/mMcTjVRZyJxOPs3KnXZv2cXNuaa7lwkWS366gHzQI7O l6WdC8TyNjiOzR654cL8BgYQ/xNSW1vTXqPWSRU8/b/5IueY2tQJh0CKIvfoP0rk8976wa1R 8SRi08mwHX7+F5oSeXLRNHicQGpS1f0DywdRcQ0MFHyq/CV4dTltABEBAAGJAh8EGAEIAAkF AllVgYoCGwwACgkQdoOXo5EJFKkDNw//c8nailIVOV72l7Lze+2AuK9MYUCFb1i4qI1WTnG0 OHQlCAltPhdwZPAozJw/eNqIcuWQh8rZspve9ipj589wLSsVyaFRsuYXTiYZ9RlRsnJYa36h 2JML3ZGrRsSxaUEAggbiOKbwmw27JuOIPmC3Gln4tJuZ+nw6cfCgMI45bIzinVanxHwPLeLp BZKpaEYzAwtBykUfAXn3jDwrI95UlMJvhHDFuRgvb6uSyJIqmp5aR/BjnlSdEwICyWpRAVSt yqZeBMeHbCr1B97PIRzk/q0eHm9T+AoiZWwz1iVGGgkYdAaCfs2PBlNHmRm93cfgoEcaGvNb RbTXOe28niMJeYMQsnjOTy5AQIrhVKeP5E+qVs/oPK/inmLiTbjZcnrO2wR+uxpPGgmR6M/3 p8qyRdaOvT87HZXO+Wr+r9A4UnwhCPsfELwPlEo+TJQ/oE71Mlkx/ddQCWELcHjXrQF9YbzA Ml7g0zTkgHysh4DNkV5iYteOcmCwsWdOwn0H0yZfz6weyr8nEdPngyOjFNKMIpcTbeg8866c GxXAJj46dub4VdVwfvMRHfmmRJkjdId7YHWMgz2Kf7S7KPCROLis7WjlOdSS0q2m/7qy9WL/ ZW50YLS8ZZLMrnari5JxCyJX+8n6ZASo2AA93iTbKmYegK2LDwW1QLU1iAF3GyGOnSE= Message-ID: Date: Sat, 4 Apr 2020 15:18:43 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: <00c3978d-c350-aec4-76fb-85718c4a6935@cloudzeeland.nl> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (oceanview.tundraware.com [45.55.60.57]); Sat, 04 Apr 2020 15:18:49 -0500 (CDT) X-TundraWare-MailScanner-Information: Please contact the ISP for more information X-TundraWare-MailScanner-ID: 034KImPi084044 X-TundraWare-MailScanner: Found to be clean X-TundraWare-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, timed out) X-TundraWare-MailScanner-From: tundra@tundraware.com X-Spam-Status: No X-Rspamd-Queue-Id: 48vp832Bq0z3GqB X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of tundra@tundraware.com designates 45.55.60.57 as permitted sender) smtp.mailfrom=tundra@tundraware.com X-Spamd-Result: default: False [-1.13 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RECEIVED_SPAMHAUS_FAIL(0.00)[73.138.145.75.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net:query timed out]; NEURAL_HAM_LONG(-0.62)[-0.620,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; URIBL_MULTI_FAIL(0.00)[query timed out]; DMARC_NA(0.00)[tundraware.com]; RECEIVED_BLOCKLISTDE_FAIL(0.00)[73.138.145.75.bl.blocklist.de:query timed out]; IP_SCORE(0.61)[ip: (-1.38), ipnet: 45.55.32.0/19(3.14), asn: 14061(1.33), country: US(-0.05)]; NEURAL_HAM_MEDIUM(-0.82)[-0.818,0]; RBL_SPAMHAUS_FAIL(0.00)[57.60.55.45.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net:query timed out]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:14061, ipnet:45.55.32.0/19, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Apr 2020 20:20:34 -0000 On 4/4/20 1:39 PM, Jos Chrispijn wrote: > Can you tell me how I can best include text file T with blocked ip addresses to my ipfw rules set? > this file contains ip addresses to be blocked in this format: > > .0.1.0/24 > 1.0.2.0/23 > 1.0.8.0/21 > 1.0.32.0/19 > 1.1.0.0/24 > 1.1.2.0/23 > 1.1.4.0/22 > 1.1.8.0/24 > 1.1.9.0/24 > 1.1.10.0/23 > etc > > I am already using a table(22) but don't want to alter that one but include the T file in let's say table(10) or something like that? > > Thanks for your comments, > Jos ### # Block Naughty IP Addresses/Spaces ### # Use ipfw tables for efficiency ipfw table 10 flush for addr in `cat ${NAUGHTYFILE}` do ipfw -q table 10 add ${addr} done ipfw -q add deny all from table\(10\) to any via ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/ From owner-freebsd-questions@freebsd.org Sat Apr 4 21:05:28 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id ECB6A2A2E47 for ; Sat, 4 Apr 2020 21:05:27 +0000 (UTC) (envelope-from 4250.82.1d4c100015849ff.7554476b82c8cc03f7214b8665caf4f9@email-od.com) Received: from s1-b0c6.socketlabs.email-od.com (s1-b0c6.socketlabs.email-od.com [142.0.176.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48vq7s69Ysz43VB for ; Sat, 4 Apr 2020 21:05:13 +0000 (UTC) (envelope-from 4250.82.1d4c100015849ff.7554476b82c8cc03f7214b8665caf4f9@email-od.com) DKIM-Signature: v=1; a=rsa-sha256; d=email-od.com;i=@email-od.com;s=dkim; c=relaxed/relaxed; q=dns/txt; t=1586034314; x=1588626314; h=content-transfer-encoding:content-type:mime-version:references:in-reply-to:message-id:subject:cc:to:from:date:x-thread-info; bh=YuonHQjwlhdofoHyQ3R+U9nIxa6hdjSHhsfNo8mQuQc=; b=G/mANfR2K/sjm0tH2JEX6LFOh+ukt5VHeCYJ3pCVDcsQZhpCMNtwG2Pj/Gv50TTqRAk5p6IWRHzHm7hhHKPlzepFP4dYd19O10eHGsovXknOj/Eoe+7Huqtblf9dALSOWrw5sTPmsA6hkHbVjoo75Cbq3qN0vjqrtvqfnpLT47Y= X-Thread-Info: NDI1MC45Mi4xZDRjMTAwMDE1ODQ5ZmYuZnJlZWJzZC1xdWVzdGlvbnM9ZnJlZWJzZC5vcmc= Received: from r2.us-east-1.aws.in.socketlabs.com (r2.us-east-1.aws.in.socketlabs.com [142.0.191.2]) by mxsg2.email-od.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Sat, 4 Apr 2020 17:04:55 -0400 Received: from smtp.lan.sohara.org (EMTPY [185.202.17.215]) by r2.us-east-1.aws.in.socketlabs.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Sat, 4 Apr 2020 17:04:55 -0400 Received: from [192.168.63.1] (helo=steve.lan.sohara.org) by smtp.lan.sohara.org with smtp (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1jKpyH-0005er-Tp; Sat, 04 Apr 2020 22:04:54 +0100 Date: Sat, 4 Apr 2020 22:04:53 +0100 From: Steve O'Hara-Smith To: freebsd-questions@freebsd.org Cc: Polytropon Subject: Re: Direct control of parallel port data lines Message-Id: <20200404220453.7bf2d61465ca1880acd34e45@sohara.org> In-Reply-To: <20200404204727.cd2a4042.freebsd@edvax.de> References: <20200404204727.cd2a4042.freebsd@edvax.de> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; amd64-portbld-freebsd12.0) X-Clacks-Overhead: "GNU Terry Pratchett" Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48vq7s69Ysz43VB X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=email-od.com header.s=dkim header.b=G/mANfR2; dmarc=none; spf=temperror (mx1.freebsd.org: error in processing during lookup of 4250.82.1d4c100015849ff.7554476b82c8cc03f7214b8665caf4f9@email-od.com: DNS error) smtp.mailfrom=4250.82.1d4c100015849ff.7554476b82c8cc03f7214b8665caf4f9@email-od.com X-Spamd-Result: default: False [-1.07 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.76)[-0.763,0]; R_DKIM_ALLOW(-0.20)[email-od.com:s=dkim]; R_SPF_DNSFAIL(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[sohara.org]; NEURAL_HAM_LONG(-0.88)[-0.878,0]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[email-od.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[198.176.0.142.list.dnswl.org : 127.0.15.0]; SPAMHAUS_AUTHBL_RECEIVED_FAIL(0.00)[215.17.202.185.khpj7ygk5idzvmvt5x4ziurxhy.authbl.dq.spamhaus.net:query timed out]; IP_SCORE(0.07)[ip: (-0.24), ipnet: 142.0.176.0/22(0.44), asn: 7381(0.19), country: US(-0.05)]; FORGED_SENDER(0.30)[steve@sohara.org,4250.82.1d4c100015849ff.7554476b82c8cc03f7214b8665caf4f9@email-od.com]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:7381, ipnet:142.0.176.0/22, country:US]; FROM_NEQ_ENVFROM(0.00)[steve@sohara.org,4250.82.1d4c100015849ff.7554476b82c8cc03f7214b8665caf4f9@email-od.com]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Apr 2020 21:05:28 -0000 On Sat, 4 Apr 2020 20:47:27 +0200 Polytropon wrote: > For an "external relay control unit", I need to activate > certain lines of the parallel port. I wish to address > the 8 output lines of the port. How is this done on > FreeBSD? > If possible, I want to use C for this task. I checked > "man ppc" and "man ppi", but I don't find their content > convincing, probably not what I'm looking for. > > What am I _actually_ looking for? ppi is exactly what you are looking for, but it will be strange given where you're coming from. There is a huge difference between a protected mode multi-tasking OS like FreeBSD and a real mode program loader like DOS when it gets to this kind of thing. -- Steve O'Hara-Smith