From owner-freebsd-isp@FreeBSD.ORG Mon Jul 19 14:52:04 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A92FE16A4CE for ; Mon, 19 Jul 2004 14:52:04 +0000 (GMT) Received: from mail.act.co.za (mail.act.co.za [196.15.213.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0DC1B43D5A for ; Mon, 19 Jul 2004 14:51:50 +0000 (GMT) (envelope-from spidey@act.co.za) Received: from localhost.act.co.za ([127.0.0.1] helo=localhost) by mail.act.co.za with esmtp (Exim 4.24; FreeBSD 5.0) id 1BmZZG-000NDp-Ih for freebsd-isp@freebsd.org; Mon, 19 Jul 2004 16:56:38 +0200 Received: from mail.act.co.za ([127.0.0.1]) by localhost (mail.act.co.za [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 89247-01 for ; Mon, 19 Jul 2004 16:56:33 +0200 (SAST) Received: from [10.0.1.11] (helo=SPIDEY) by mail.act.co.za with esmtp (Exim 4.24; FreeBSD 5.0) id 1BmZYL-000NBd-If for freebsd-isp@freebsd.org; Mon, 19 Jul 2004 16:55:41 +0200 From: "Spidey Knepscheld" To: Date: Mon, 19 Jul 2004 16:50:48 +0200 Organization: ACT Computers Message-ID: <000a01c46d9f$c81d5650$0b01000a@SPIDEY> MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Importance: Normal X-Virus-Scanned: by amavisd-new at act.co.za Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Traffic Monitor X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: spidey@act.co.za List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jul 2004 14:52:04 -0000 Hi I am an ISP running FreeBSD as a firewall and as a Mail Server. My problem is that I am not able to monitor the amount of traffic that user are using on my network. My network looks like this: My Link comes in on a Cisco 805 from the router it goes to the first NIC on the Firewall from the second NIC it runs into a Cisco Catalyst and then to the network.On the catalyst I mirrored the data coming from the network to the Firewall to one port and I have a FreeBSD box on that port just to monitor the traffic. What I am looking for is some app that could show me live what ip on my network is utilizing what part of the bandwidth.I know there are a million apps available but I need to see from IP ???? to IP ???? ???? kb/s and then see how much of the 256k is still available. Don't laugh !!I have a 256k Diginet connection and I would like to see who is killing my network. I do get live graphs from my upstream supplier but it shows the line utilization from my router and not who is using what. So I can't be proactive in solving speed issues I need to wait for it to happen and then by a process of elimination disconnect segments of the network and see when the graph drops. I hope this makes sense to someone thank you Spidey From owner-freebsd-isp@FreeBSD.ORG Mon Jul 19 14:58:30 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 47A3116A4CE for ; Mon, 19 Jul 2004 14:58:30 +0000 (GMT) Received: from virusproxy.wilkshire.net (virusproxy.wilkshire.net [207.206.44.14]) by mx1.FreeBSD.org (Postfix) with SMTP id C88F743D49 for ; Mon, 19 Jul 2004 14:58:29 +0000 (GMT) (envelope-from cody@wilkshire.net) Received: (qmail 21590 invoked by uid 5020); 19 Jul 2004 15:18:19 -0000 Received: from cody@wilkshire.net by virusproxy.wilkshire.net by uid 5013 with qmail-scanner-1.22 (clamdscan: 0.71. Clear:RC:1(10.10.55.15):. Processed in 0.029965 secs); 19 Jul 2004 15:18:19 -0000 Received: from unknown (HELO mail.wilkshire.net) (10.10.55.15) by 10.10.55.14 with SMTP; 19 Jul 2004 15:18:19 -0000 Received: (qmail 35197 invoked by uid 0); 19 Jul 2004 14:55:49 -0000 Received: from fw1-gw1.wilkshire.net (HELO ?10.57.128.81?) (cody@wilkshire.net@207.206.44.4) by mail.wilkshire.net with SMTP; 19 Jul 2004 14:55:49 -0000 Message-ID: <40FBE18B.3050300@wilkshire.net> Date: Mon, 19 Jul 2004 10:58:19 -0400 From: Cody User-Agent: Mozilla Thunderbird 0.6 (Macintosh/20040502) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-isp@freebsd.org References: <000a01c46d9f$c81d5650$0b01000a@SPIDEY> In-Reply-To: <000a01c46d9f$c81d5650$0b01000a@SPIDEY> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Traffic Monitor X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jul 2004 14:58:30 -0000 ports/net-mgmt/iftop sounds like what you need. You might have to switch your network card in to permiscious mode for it to show all of the traffic. That can be done with: ifconfig interface promisc Spidey Knepscheld wrote: >Hi > >I am an ISP running FreeBSD as a firewall and as a Mail Server. My >problem is that I am not able to monitor the amount of traffic that user >are using on my network. > >My network looks like this: My Link comes in on a Cisco 805 from the >router it goes to the first NIC on the Firewall from the second NIC it >runs into a Cisco Catalyst and then to the network.On the catalyst I >mirrored the data coming from the network to the Firewall to one port >and I have a FreeBSD box on that port just to monitor the traffic. > >What I am looking for is some app that could show me live what ip on my >network is utilizing what part of the bandwidth.I know there are a >million apps available but I need to see from IP ???? to IP ???? ???? >kb/s and then see how much of the 256k is still available. Don't laugh >!!I have a 256k Diginet connection and I would like to see who is >killing my network. I do get live graphs from my upstream supplier but >it shows the line utilization from my router and not who is using what. > >So I can't be proactive in solving speed issues I need to wait for it to >happen and then by a process of elimination disconnect segments of the >network and see when the graph drops. > >I hope this makes sense to someone > >thank you > >Spidey > > > >_______________________________________________ >freebsd-isp@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-isp >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > From owner-freebsd-isp@FreeBSD.ORG Mon Jul 19 15:01:57 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 063F716A4CE for ; Mon, 19 Jul 2004 15:01:56 +0000 (GMT) Received: from otter3.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F66943D53 for ; Mon, 19 Jul 2004 15:01:56 +0000 (GMT) (envelope-from anderson@centtech.com) Received: from [10.177.171.220] (neutrino.centtech.com [10.177.171.220]) by otter3.centtech.com (8.12.3/8.12.3) with ESMTP id i6JF1kE8062489; Mon, 19 Jul 2004 10:01:46 -0500 (CDT) (envelope-from anderson@centtech.com) Message-ID: <40FBE24B.1080406@centtech.com> Date: Mon, 19 Jul 2004 10:01:31 -0500 From: Eric Anderson User-Agent: Mozilla Thunderbird 0.7.1 (X11/20040707) X-Accept-Language: en-us, en MIME-Version: 1.0 To: spidey@act.co.za References: <000a01c46d9f$c81d5650$0b01000a@SPIDEY> In-Reply-To: <000a01c46d9f$c81d5650$0b01000a@SPIDEY> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: Traffic Monitor X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jul 2004 15:01:57 -0000 Spidey Knepscheld wrote: >Hi > >I am an ISP running FreeBSD as a firewall and as a Mail Server. My >problem is that I am not able to monitor the amount of traffic that user >are using on my network. > >My network looks like this: My Link comes in on a Cisco 805 from the >router it goes to the first NIC on the Firewall from the second NIC it >runs into a Cisco Catalyst and then to the network.On the catalyst I >mirrored the data coming from the network to the Firewall to one port >and I have a FreeBSD box on that port just to monitor the traffic. > >What I am looking for is some app that could show me live what ip on my >network is utilizing what part of the bandwidth.I know there are a >million apps available but I need to see from IP ???? to IP ???? ???? >kb/s and then see how much of the 256k is still available. Don't laugh >!!I have a 256k Diginet connection and I would like to see who is >killing my network. I do get live graphs from my upstream supplier but >it shows the line utilization from my router and not who is using what. > >So I can't be proactive in solving speed issues I need to wait for it to >happen and then by a process of elimination disconnect segments of the >network and see when the graph drops. > > Check out ports/net/trafshow or ports/net-mgmt/iftop I think one of those might be what you want.. Eric -- ------------------------------------------------------------------ Eric Anderson Sr. Systems Administrator Centaur Technology Talk sense to a fool and he calls you foolish. ------------------------------------------------------------------ From owner-freebsd-isp@FreeBSD.ORG Mon Jul 19 15:26:37 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B384416A4E0 for ; Mon, 19 Jul 2004 15:26:37 +0000 (GMT) Received: from mail.act.co.za (mail.act.co.za [196.15.213.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id C4FA743D3F for ; Mon, 19 Jul 2004 15:26:36 +0000 (GMT) (envelope-from spidey@act.co.za) Received: from localhost.act.co.za ([127.0.0.1] helo=localhost) by mail.act.co.za with esmtp (Exim 4.24; FreeBSD 5.0) id 1Bma6y-000OJD-BI for freebsd-isp@freebsd.org; Mon, 19 Jul 2004 17:31:28 +0200 Received: from mail.act.co.za ([127.0.0.1]) by localhost (mail.act.co.za [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 93136-10 for ; Mon, 19 Jul 2004 17:31:24 +0200 (SAST) Received: from [10.0.1.11] (helo=SPIDEY) by mail.act.co.za with esmtp (Exim 4.24; FreeBSD 5.0) id 1Bma6u-000OJ1-Po for freebsd-isp@freebsd.org; Mon, 19 Jul 2004 17:31:24 +0200 From: "Spidey Knepscheld" To: Date: Mon, 19 Jul 2004 17:26:32 +0200 Organization: ACT Computers Message-ID: <001401c46da4$c5975570$0b01000a@SPIDEY> MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Importance: Normal X-Virus-Scanned: by amavisd-new at act.co.za Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Spyware & AD Ware X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: spidey@act.co.za List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jul 2004 15:26:37 -0000 Hi How do I stop Spyware and AD Ware to enter my network through a FreeBSD FW or can I stop it on the Cisco ? Spidey From owner-freebsd-isp@FreeBSD.ORG Mon Jul 19 16:12:02 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2FE2816A4CE for ; Mon, 19 Jul 2004 16:12:02 +0000 (GMT) Received: from mg5.xecu.net (mg5.xecu.net [216.127.136.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id EF1A443D53 for ; Mon, 19 Jul 2004 16:12:01 +0000 (GMT) (envelope-from andy@xecu.net) Received: from localhost (unknown [127.0.0.1]) by mg5.xecu.net (Postfix) with ESMTP id 2AAF22078FB; Mon, 19 Jul 2004 12:11:59 -0400 (EDT) Received: from mg5.xecu.net ([127.0.0.1]) by localhost (mg5.xecu.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30340-07; Mon, 19 Jul 2004 12:11:55 -0400 (EDT) Received: from thunder.xecu.net (thunder.xecu.net [216.127.136.208]) by mg5.xecu.net (Postfix) with ESMTP id 57416207B9C; Mon, 19 Jul 2004 12:11:55 -0400 (EDT) Date: Mon, 19 Jul 2004 12:11:52 -0400 (EDT) From: Andy Dills To: Spidey Knepscheld In-Reply-To: <001401c46da4$c5975570$0b01000a@SPIDEY> Message-ID: <20040719121056.Q87503@thunder.xecu.net> References: <001401c46da4$c5975570$0b01000a@SPIDEY> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at xecu.net cc: freebsd-isp@freebsd.org Subject: Re: Spyware & AD Ware X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jul 2004 16:12:02 -0000 On Mon, 19 Jul 2004, Spidey Knepscheld wrote: > Hi > > How do I stop Spyware and AD Ware to enter my network through a FreeBSD > FW or can I stop it on the Cisco ? This is a problem most effectively dealt with at the end-user level. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- From owner-freebsd-isp@FreeBSD.ORG Mon Jul 19 16:47:47 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9020216A4CE for ; Mon, 19 Jul 2004 16:47:47 +0000 (GMT) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id 81C4D43D48 for ; Mon, 19 Jul 2004 16:47:47 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin02-en2 [10.13.10.147]) by smtpout.mac.com (Xserve/MantshX 2.0) with ESMTP id i6JGldBC025284; Mon, 19 Jul 2004 09:47:39 -0700 (PDT) Received: from [10.1.1.193] (nfw1.codefab.com [199.103.21.225]) (authenticated bits=0) by mac.com (Xserve/smtpin02/MantshX 4.0) with ESMTP id i6JGlcKR004262; Mon, 19 Jul 2004 09:47:38 -0700 (PDT) In-Reply-To: <001401c46da4$c5975570$0b01000a@SPIDEY> References: <001401c46da4$c5975570$0b01000a@SPIDEY> Mime-Version: 1.0 (Apple Message framework v618) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <5706CF46-D9A3-11D8-8C40-003065ABFD92@mac.com> Content-Transfer-Encoding: 7bit From: Charles Swiger Date: Mon, 19 Jul 2004 12:47:37 -0400 To: spidey@act.co.za X-Mailer: Apple Mail (2.618) cc: freebsd-isp@freebsd.org Subject: Re: Spyware & AD Ware X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jul 2004 16:47:47 -0000 On Jul 19, 2004, at 11:26 AM, Spidey Knepscheld wrote: > How do I stop Spyware and AD Ware to enter my network through a FreeBSD > FW or can I stop it on the Cisco ? A FreeBSD firewall using a good ruleset will help block spyware and adware. Using a virus scanner like ClamAV in conjunction with mail and a WWW proxy server like Squid can also help. A tool like Snort and related can provide some degree of intrusion-detection capabilities. All of that being said, how the Windows box is administered and kept up-to-date, and whether the user of the Windows box is careful, matters more. Not running Windows at all is by far the best way of avoiding spyware and adware.... -- -Chuck From owner-freebsd-isp@FreeBSD.ORG Mon Jul 19 16:56:16 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A051F16A4CF for ; Mon, 19 Jul 2004 16:56:16 +0000 (GMT) Received: from mail.webhosting.cx (mail.webhosting.cx [64.246.44.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id 22F6843D3F for ; Mon, 19 Jul 2004 16:56:14 +0000 (GMT) (envelope-from calarcon@iracsa.com.mx) X-ClientAddr: 200.78.112.162 Received: from nec (dsl-200-78-112-162.prod-infinitum.com.mx [200.78.112.162]) (authenticated (0 bits)) by mail.webhosting.cx (8.11.6/8.11.6) with ESMTP id i6JGt9G02384; Mon, 19 Jul 2004 18:55:09 +0200 Message-ID: <002301c46da8$b900fec0$230110ac@gateway.2wire.net> From: "Carlos Alarcon" To: References: <000a01c46d9f$c81d5650$0b01000a@SPIDEY> Date: Mon, 19 Jul 2004 10:53:52 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 cc: freebsd-isp@freebsd.org Subject: Re: Traffic Monitor X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jul 2004 16:56:16 -0000 If you want graphs too.. you can try NTOP and BANDWITDH, these programs gives results on web pages including stats and nice graphs, bandwith gives you a top 10 users with most traficc on you network, i use them on my network with good results, but the little problems is that these progs are hungry eaters of ram. ----- Original Message ----- From: "Spidey Knepscheld" To: Sent: Monday, July 19, 2004 9:50 AM Subject: Traffic Monitor > Hi > > I am an ISP running FreeBSD as a firewall and as a Mail Server. My > problem is that I am not able to monitor the amount of traffic that user > are using on my network. > > My network looks like this: My Link comes in on a Cisco 805 from the > router it goes to the first NIC on the Firewall from the second NIC it > runs into a Cisco Catalyst and then to the network.On the catalyst I > mirrored the data coming from the network to the Firewall to one port > and I have a FreeBSD box on that port just to monitor the traffic. > > What I am looking for is some app that could show me live what ip on my > network is utilizing what part of the bandwidth.I know there are a > million apps available but I need to see from IP ???? to IP ???? ???? > kb/s and then see how much of the 256k is still available. Don't laugh > !!I have a 256k Diginet connection and I would like to see who is > killing my network. I do get live graphs from my upstream supplier but > it shows the line utilization from my router and not who is using what. > > So I can't be proactive in solving speed issues I need to wait for it to > happen and then by a process of elimination disconnect segments of the > network and see when the graph drops. > > I hope this makes sense to someone > > thank you > > Spidey > > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Mon Jul 19 17:11:22 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E2D3716A4E1 for ; Mon, 19 Jul 2004 17:11:22 +0000 (GMT) Received: from mta13.adelphia.net (mta13.adelphia.net [68.168.78.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6897343D49 for ; Mon, 19 Jul 2004 17:11:22 +0000 (GMT) (envelope-from Barbish3@adelphia.net) Received: from barbish ([67.20.101.71]) by mta13.adelphia.net (InterMail vM.6.01.03.02 201-2131-111-104-20040324) with SMTP id <20040719171121.PFCQ28609.mta13.adelphia.net@barbish>; Mon, 19 Jul 2004 13:11:21 -0400 From: "JJB" To: , Date: Mon, 19 Jul 2004 13:11:20 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <001401c46da4$c5975570$0b01000a@SPIDEY> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Importance: Normal Subject: RE: Spyware & AD Ware X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Barbish3@adelphia.net List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jul 2004 17:11:23 -0000 Spyware and AD Ware are ms/windows problems. These have no effect on unix based systems. www.download.com has the most popular free downloads for removing these. -----Original Message----- From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Spidey Knepscheld Sent: Monday, July 19, 2004 11:27 AM To: freebsd-isp@freebsd.org Subject: Spyware & AD Ware Hi How do I stop Spyware and AD Ware to enter my network through a FreeBSD FW or can I stop it on the Cisco ? Spidey _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Tue Jul 20 04:39:31 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9894616A4CE for ; Tue, 20 Jul 2004 04:39:31 +0000 (GMT) Received: from smtp02.syd.iprimus.net.au (smtp02.syd.iprimus.net.au [210.50.76.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3E86743D55 for ; Tue, 20 Jul 2004 04:39:31 +0000 (GMT) (envelope-from wts666@iprimus.com.au) Received: from biggie (211.27.78.195) by smtp02.syd.iprimus.net.au (7.0.028) id 40F5D5030019623C for freebsd-isp@freebsd.org; Tue, 20 Jul 2004 14:39:29 +1000 Message-ID: <40F5D5030019623C@> (added by postmaster@iprimus.com.au) From: "Mark Picone" To: Date: Tue, 20 Jul 2004 14:39:20 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Thread-Index: AcRts4KLyOpcgw1nT0KtKEKnvRasKgAXlatg Subject: FW: Spyware & AD Ware X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jul 2004 04:39:31 -0000 You can stop spy/adware on your firewall at the protocol level with snort (from the ports) if you are willing to write some custom rules or google for them. There are some great examples of this in a snort add-on which is a collection of "bleeding edge" rules can be found at http://www.bleedingsnort.com/bleeding.rules They would look something like what is shown below, which is an actual rule used to stop Yesadvertising Banking Spyware. alert tcp $HOME_NET any -> any $HTTP_PORTS (msg:"BLEEDING-EDGE Yesadvertising Banking Spyware RETRIEVE"; uricontent:"/img1big.gif"; nocase; reference:url,isc.sans.org/presentations/banking_malware.pdf; sid:2000336; rev:2;) alert tcp $HOME_NET any -> any $HTTP_PORTS (msg:"BLEEDING-EDGE Yesadvertising Banking Spyware INFORMATION SUBMIT"; uricontent:"/cgi-bin/yes.pl"; nocase; reference:url,isc.sans.org/presentations/banking_malware.pdf; sid:2000337; rev:2; ) -----Original Message----- From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of JJB Sent: Tuesday, 20 July 2004 3:11 AM To: spidey@act.co.za; freebsd-isp@freebsd.org Subject: RE: Spyware & AD Ware Spyware and AD Ware are ms/windows problems. These have no effect on unix based systems. www.download.com has the most popular free downloads for removing these. -----Original Message----- From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Spidey Knepscheld Sent: Monday, July 19, 2004 11:27 AM To: freebsd-isp@freebsd.org Subject: Spyware & AD Ware Hi How do I stop Spyware and AD Ware to enter my network through a FreeBSD FW or can I stop it on the Cisco ? Spidey _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Tue Jul 20 14:19:03 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 208E816A4CE for ; Tue, 20 Jul 2004 14:19:03 +0000 (GMT) Received: from swisseasy.net (mailhost.swisseasy.net [80.74.132.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC2E243D49 for ; Tue, 20 Jul 2004 14:19:01 +0000 (GMT) (envelope-from arie@gerszt.ch) Received: (qmail 31835 invoked by uid 2537); 20 Jul 2004 14:19:00 -0000 Received: from arie@gerszt.ch by atlas.swisseasy.net by uid 89 with qmail-scanner-1.22 (clamscan: 0.70. spamassassin: 2.63. Clear:RC:1(212.41.77.18):. Processed in 1.024548 secs); 20 Jul 2004 14:19:00 -0000 Received: from unknown (HELO i8000) (arie@gerszt.ch@212.41.77.18) by mailhost.swisseasy.net with SMTP; 20 Jul 2004 14:18:59 -0000 From: "Arie Gerszt" To: Date: Tue, 20 Jul 2004 16:17:56 +0200 Message-ID: <000101c46e64$5a59b530$5b01a8c0@i8000> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Subject: Diskusage per User / mysql X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jul 2004 14:19:03 -0000 Hi I know about the tool "quot" to get the diskusage per user. I'd like to find out, if somebody know about a script, which allows to pipe this output into a mysql database. Thanks, Arie From owner-freebsd-isp@FreeBSD.ORG Tue Jul 20 14:29:23 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE0C016A4CE for ; Tue, 20 Jul 2004 14:29:23 +0000 (GMT) Received: from beg.ugcs.caltech.edu (beg.ugcs.caltech.edu [131.215.43.168]) by mx1.FreeBSD.org (Postfix) with ESMTP id A152743D41 for ; Tue, 20 Jul 2004 14:29:23 +0000 (GMT) (envelope-from jdooley@ugcs.caltech.edu) Received: from beg.ugcs.caltech.edu (localhost [127.0.0.1]) i6KETNQ9030804 for ; Tue, 20 Jul 2004 07:29:23 -0700 Received: (from jdooley@localhost) by beg.ugcs.caltech.edu (8.12.8p1/8.12.8/Submit) id i6KETN7b030803 for freebsd-isp@freebsd.org; Tue, 20 Jul 2004 07:29:23 -0700 Date: Tue, 20 Jul 2004 07:29:23 -0700 Message-Id: <200407201429.i6KETN7b030803@beg.ugcs.caltech.edu> To: freebsd-isp@freebsd.org Auto-Submitted: auto-replied From: jdooley@ugcs.caltech.edu (James Dooley) Delivered-By-The-Graces-Of: The Vacation program Subject: New email address for jdooley X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jul 2004 14:29:24 -0000 Either you sent email to me, or someone spammed it on your behalf. Just want to let you know - this email address is no longer valid. All email sent to it is just deleted. thanks, -james From owner-freebsd-isp@FreeBSD.ORG Tue Jul 20 16:07:44 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A70A16A4CF for ; Tue, 20 Jul 2004 16:07:44 +0000 (GMT) Received: from host04.cpu-hosting.com (65-87-196-78.synergy-networks.com [65.87.196.78]) by mx1.FreeBSD.org (Postfix) with SMTP id E4CA743D45 for ; Tue, 20 Jul 2004 16:07:42 +0000 (GMT) (envelope-from support@cpu-net.com) Received: (qmail 5537 invoked from network); 20 Jul 2004 16:07:41 -0000 Received: from unknown (HELO don) (65.87.196.101) by cpu-net.com with SMTP; 20 Jul 2004 16:07:41 -0000 From: "CPU Customer Support" To: Date: Tue, 20 Jul 2004 12:07:28 -0400 Message-ID: <00c001c46e73$aa853ed0$65c45741@don> MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Importance: Normal Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: bridging firewall => proftpd issue. X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jul 2004 16:07:44 -0000 The isp I administrate is running a full set of Redhat 9 servers. (Not my choice) But, as I just took over the position recently, I have been upgrading the security all around. In doing this I've installed a Bridging firewall running FreeBSD 4.9 compiled for the security branch, and IPFW. It seems that just as I installed this firewall, a customer is no longer able to ftp into our main Redhat machine. The redhat machine is running Proftpd 1.2.9. The issue: The user can log in and authenticate. It successfully authenticates his password as it should, but then when he tries to get a directory listing it bombs. It looks at first like a passive/active issue, but, I've opened the appropriate ports on the firewall, and even assigned the passive ports in Proftpd. He has tried passive and active modes both, with the same results. Mind you all other customers do not have any issues. Session Transcript: Jul 19 17:24:04 host04 proftpd[32507]: cpu-net.com (70-240-21-3.ded.swbell.net[70.240.21.3]) - FTP session opened. Jul 19 17:24:04 host04 proftpd[32507]: cpu-net.com (70-240-21-3.ded.swbell.net[70.240.21.3]) - USER **usersname**: Login successful. Jul 19 17:24:04 host04 proftpd[32507]: cpu-net.com (70-240-21-3.ded.swbell.net[70.240.21.3]) - Refused PORT 192,168,100,3,8,118 (address mismatch) Jul 19 17:24:13 host04 proftpd[32507]: cpu-net.com (70-240-21-3.ded.swbell.net[70.240.21.3]) - FTP session closed. The ip range that he's coming from was just recently issued by SBC recently. I've also tried opening all ports and ips to this ip address for him. To no avail. The customer did not have any issues prior to installing the Freebsd firewall/bridge. He was also using the current ip address prior as well. If anyone has a figment of a clue, it would be worlds of help to me. Thank you, Don Mohlmaster CPU-NET.com, Inc. Systems Administrator. From owner-freebsd-isp@FreeBSD.ORG Tue Jul 20 17:08:05 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C02016A4CF for ; Tue, 20 Jul 2004 17:08:05 +0000 (GMT) Received: from dtype.org (dtype.org [64.71.163.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D62C43D41 for ; Tue, 20 Jul 2004 17:08:03 +0000 (GMT) (envelope-from eo-admin@li.org) Received: from localhost ([127.0.0.1] helo=zaphod.alt.org ident=list) by dtype.org with esmtp (Exim 3.35 #1 (Debian)) id 1Bmy5y-0005KG-00 for ; Tue, 20 Jul 2004 17:08:02 +0000 Date: Tue, 20 Jul 2004 17:08:02 +0000 Message-ID: <20040720170802.20320.99218.Mailman@zaphod.alt.org> From: eo-admin@li.org To: freebsd-isp@freebsd.org X-Ack: no Sender: eo-admin@li.org Errors-To: eo-admin@li.org X-BeenThere: eo@li.org X-Mailman-Version: 2.0.11 Precedence: bulk Subject: Your message to eo awaits moderator approval X-BeenThere: freebsd-isp@freebsd.org List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jul 2004 17:08:05 -0000 Your mail to 'eo' with the subject Failed (eo@li.org) Is being held until the list moderator can review it for approval. The reason it is being held: Post by non-member to a members-only list Either the message will get posted to the list, or you will receive notification of the moderator's decision. From owner-freebsd-isp@FreeBSD.ORG Tue Jul 20 18:30:10 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C7A6F16A4CE for ; Tue, 20 Jul 2004 18:30:10 +0000 (GMT) Received: from admin.wolfpaw.net (admin.wolfpaw.net [204.209.44.9]) by mx1.FreeBSD.org (Postfix) with SMTP id 862C643D60 for ; Tue, 20 Jul 2004 18:30:10 +0000 (GMT) (envelope-from admin-lists@wolfpaw.net) Received: (qmail 11408 invoked from network); 20 Jul 2004 18:30:09 -0000 Received: from fw1-corp01.wolfpaw.net (HELO wolf) (142.179.166.184) by admin.wolfpaw.net with SMTP; 20 Jul 2004 18:30:09 -0000 From: "Wolfpaw - Dale Corse" To: "'CPU Customer Support'" , Date: Tue, 20 Jul 2004 12:50:03 -0600 Message-ID: <000001c46e8a$5e515ff0$0600a8c0@wolf> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.6626 In-Reply-To: <00c001c46e73$aa853ed0$65c45741@don> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Subject: RE: bridging firewall => proftpd issue. X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jul 2004 18:30:11 -0000 Has he tried using PASV? The port is coming from 192.168.100.3 .. Not from his real IP. Likely he has some kind of firewall now.. And that is causing the issue. I don't think its your end.. Bridges don't change The IP address (Unless your using nat).. So it wouldn't likely be you. D. -------------------------------- Dale Corse System Administrator Wolfpaw Services Inc. http://www.wolfpaw.net (780) 474-4095 > -----Original Message----- > From: owner-freebsd-isp@freebsd.org > [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of CPU > Customer Support > Sent: Tuesday, July 20, 2004 10:07 AM > To: freebsd-isp@freebsd.org > Subject: bridging firewall => proftpd issue. > > > The isp I administrate is running a full set of Redhat 9 > servers. (Not my choice) But, as I just took over the > position recently, I have been upgrading the security all > around. In doing this I've installed a Bridging firewall > running FreeBSD 4.9 compiled for the security branch, and > IPFW. It seems that just as I installed this firewall, a > customer is no longer able to ftp into our main Redhat > machine. The redhat machine is running Proftpd 1.2.9. > > The issue: > > The user can log in and authenticate. It successfully > authenticates his password as it should, but then when he > tries to get a directory listing it bombs. It looks at first > like a passive/active issue, but, I've opened the appropriate > ports on the firewall, and even assigned the passive ports in > Proftpd. He has tried passive and active modes both, with > the same results. Mind you all other customers do not have > any issues. > > Session Transcript: > > Jul 19 17:24:04 host04 proftpd[32507]: cpu-net.com > (70-240-21-3.ded.swbell.net[70.240.21.3]) - FTP session > opened. Jul 19 17:24:04 host04 proftpd[32507]: cpu-net.com > (70-240-21-3.ded.swbell.net[70.240.21.3]) - USER > **usersname**: Login successful. Jul 19 17:24:04 host04 > proftpd[32507]: cpu-net.com > (70-240-21-3.ded.swbell.net[70.240.21.3]) - Refused PORT > 192,168,100,3,8,118 (address mismatch) Jul 19 17:24:13 host04 > proftpd[32507]: cpu-net.com > (70-240-21-3.ded.swbell.net[70.240.21.3]) - FTP session closed. > > The ip range that he's coming from was just recently issued > by SBC recently. I've also tried opening all ports and ips > to this ip address for him. To no avail. > > The customer did not have any issues prior to installing the > Freebsd firewall/bridge. He was also using the current ip > address prior as well. > > If anyone has a figment of a clue, it would be worlds of help to me. > > Thank you, > Don Mohlmaster > CPU-NET.com, Inc. Systems Administrator. > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > -------------------------------------------------------------- > --------------- > This message has been scanned for Spam and Viruses by ClamAV > and SpamAssassin > -------------------------------------------------------------- > --------------- > > From owner-freebsd-isp@FreeBSD.ORG Wed Jul 21 10:50:11 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1501116A4D1 for ; Wed, 21 Jul 2004 10:50:11 +0000 (GMT) Received: from mproxy.gmail.com (rproxy.gmail.com [64.233.170.206]) by mx1.FreeBSD.org (Postfix) with SMTP id E40FC43D4C for ; Wed, 21 Jul 2004 10:50:05 +0000 (GMT) (envelope-from davehart@gmail.com) Received: by mproxy.gmail.com with SMTP id 73so730166rne for ; Wed, 21 Jul 2004 03:50:05 -0700 (PDT) Received: by 10.38.209.56 with SMTP id h56mr722618rng; Wed, 21 Jul 2004 03:50:05 -0700 (PDT) Message-ID: <85d954180407210350ba2a50e@mail.gmail.com> Date: Wed, 21 Jul 2004 10:50:05 +0000 From: Dave Hart To: freebsd-isp@freebsd.org In-Reply-To: <00c001c46e73$aa853ed0$65c45741@don> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <00c001c46e73$aa853ed0$65c45741@don> cc: davehart@davehart.com cc: CPU Customer Support Subject: Re: bridging firewall => proftpd issue. X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jul 2004 10:50:11 -0000 CPU Customer Support wrote: [...] > Bridging firewall running FreeBSD 4.9 compiled for the security branch, > and IPFW. It seems that just as I installed this firewall, a customer > is no longer able to ftp into our main Redhat machine. [...] > It looks at first like a passive/active issue, but, I've > opened the appropriate ports on the firewall, and even assigned the > passive ports in Proftpd. He has tried passive and active modes both, > with the same results. Mind you all other customers do not have any > issues. > > Session Transcript: > > Jul 19 17:24:04 host04 proftpd[32507]: cpu-net.com > (70-240-21-3.ded.swbell.net[70.240.21.3]) - Refused PORT > 192,168,100,3,8,118 (address mismatch) > Jul 19 17:24:13 host04 proftpd[32507]: cpu-net.com > (70-240-21-3.ded.swbell.net[70.240.21.3]) - FTP session closed. It does as you say look like an active/passive issue, as you put it, or as I like to put it, an example of how people installing NATs break end-to-end connectivity. Curious, then, that you only supply logs of an active attempt, which is bound to fail with the previously-noted 192.168.100.3:118 address in the PORT command. > The ip range that he's coming from was just recently issued by SBC > recently. I've also tried opening all ports and ips to this ip address > for him. To no avail. > > The customer did not have any issues prior to installing the Freebsd > firewall/bridge. He was also using the current ip address prior as > well. OK, I find this interesting. I'm a dirty bastard so I happened to remember that 69.0.0.0/8 was recently allocated, so I dug and verified 70.0.0.0/8 is also newly assigned. It was a "bogon" until 15 January 2004. http://www.apnic.net/mailing-lists/apops/archive/2004/01/msg00007.html Perhaps some piece of equipment along the path is attempting to filter bogons and not being kept up to date with IP allocations. Maybe not, but since the IPs are so green I thought I should toss it out there even with the apparently obvious NAT-sucks-by-design FTP PORT problem. Cheers, Dave Hart From owner-freebsd-isp@FreeBSD.ORG Wed Jul 21 15:00:37 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0FDF916A4CF for ; Wed, 21 Jul 2004 15:00:37 +0000 (GMT) Received: from mg5.xecu.net (mg5.xecu.net [216.127.136.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id D211E43D5A for ; Wed, 21 Jul 2004 15:00:36 +0000 (GMT) (envelope-from andy@xecu.net) Received: from localhost (unknown [127.0.0.1]) by mg5.xecu.net (Postfix) with ESMTP id 6FC2A2078F2; Wed, 21 Jul 2004 11:00:29 -0400 (EDT) Received: from mg5.xecu.net ([127.0.0.1]) by localhost (mg5.xecu.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 32455-05; Wed, 21 Jul 2004 11:00:27 -0400 (EDT) Received: from thunder.xecu.net (thunder.xecu.net [216.127.136.208]) by mg5.xecu.net (Postfix) with ESMTP id 48E85207CA8; Wed, 21 Jul 2004 11:00:27 -0400 (EDT) Date: Wed, 21 Jul 2004 11:00:31 -0400 (EDT) From: Andy Dills To: Arie Gerszt In-Reply-To: <000101c46e64$5a59b530$5b01a8c0@i8000> Message-ID: <20040721105931.E13395@thunder.xecu.net> References: <000101c46e64$5a59b530$5b01a8c0@i8000> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at xecu.net cc: freebsd-isp@freebsd.org Subject: Re: Diskusage per User / mysql X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jul 2004 15:00:37 -0000 On Tue, 20 Jul 2004, Arie Gerszt wrote: > Hi > > I know about the tool "quot" to get the diskusage per user. I'd like to > find out, if somebody know about a script, which allows to pipe this > output into a mysql database. This is an excellent opportunity for you to learn perl, as this is maybe a 5-10 line effort. Once learned, it will serve as the glue that makes all of these little tasks trivial. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- From owner-freebsd-isp@FreeBSD.ORG Wed Jul 21 17:40:08 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A17E16A4CE for ; Wed, 21 Jul 2004 17:40:08 +0000 (GMT) Received: from mail.webhosting.cx (mail.webhosting.cx [64.246.44.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id D7D1F43D4C for ; Wed, 21 Jul 2004 17:40:07 +0000 (GMT) (envelope-from calarcon@iracsa.com.mx) X-ClientAddr: 200.78.112.162 Received: from toshibalap (dsl-200-78-112-162.prod-infinitum.com.mx [200.78.112.162]) (authenticated (0 bits)) by mail.webhosting.cx (8.11.6/8.11.6) with ESMTP id i6LHdSg09141 for ; Wed, 21 Jul 2004 19:39:28 +0200 To: freebsd-isp@freebsd.org Date: Wed, 21 Jul 2004 11:39:04 -0600 From: =?iso-8859-15?Q?Carlos_Alarc=F3n?= Organization: Iracsa Content-Type: text/plain; format=flowed; delsp=yes; charset=iso-8859-15 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID: User-Agent: Opera M2/7.50 (Win32, build 3733) Subject: about ipfw rules on bridge boxes X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jul 2004 17:40:08 -0000 hi, i have a freebsd box acting as a bridge on my network, two nics one of them, the external with ip, i use it as traffic shapper, this works great, i can't make yet the squid transparent proxy :(, i think that do it with a bridge it a litle strange but my question is other. Sometimes i want to display messages for my clients i made this before when i was using nat instead bridge, redirecting the ip client to my http server and i had a WEB PAGE that shows the content, this was working fine, but NAT gives me some problems so i use bridge and for me is working better, well now when i want to use this redirection again this just works when i have proxy settings on my clients navigators, when i don't have proxy settings on navigators client the redirection counter rule doesn't match, i dont know why this rule is skipped.. i adjunt my rules. i have my apache listening on port 81, i redirect all the web page request on client 172.16.1.58 and redirect it to my http running on my bridge box fwd 127.0.0.1,81 tcp from 172.16.1.58 to bash-2.05b# ipfw show 00009 0 0 fwd 127.0.0.1,81 tcp from 172.16.1.58 to any dst-port 80 00011 0 0 deny ip from any to any MAC 00:02:2d:08:fd:5c any 00200 0 0 deny ip from any to any MAC any 00:02:2d:5e:0c:e5 00300 270 9646 deny ip from any to any MAC any 00:02:2d:67:42:fa 00400 0 0 deny ip from any to any MAC any 00:02:2d:3d:39:d7 00500 0 0 deny ip from any to any MAC any 00:02:2d:09:81:3c 00600 16084 50790 deny ip from any to any MAC any 00:02:2d:67:51:e3 00900 0 0 check-state 00950 101726 44396164 pipe 2 ip from any to 172.16.1.33 01000 57611 35521514 pipe 1 ip from any to 172.16.1.0/24 01100 54714 5999093 pipe 3 ip from 172.16.1.0/24 to any 01200 640165 234909932 allow tcp from 172.16.1.33 to any setup keep-state 01300 9709 1442183 allow udp from 172.16.1.33 to any keep-state 01400 60327 29747515 allow ip from 172.16.1.33 to any 01500 2730709 1590949972 allow tcp from any to any in via xl1 setup keep-state 01600 121973 43739565 allow udp from any to any in via xl1 keep-state 01700 59348 1840715 allow ip from any to any in via xl1 01800 0 0 allow tcp from any to any dst-port 22 in via xl1 setup keep-state 01900 0 0 allow tcp from any to any dst-port 113 in via xl1 setup keep-state 02000 0 0 allow tcp from any to any dst-port 49152-65535 in via xl1 setup keep-state 02100 322819 86172666 allow udp from any to any dst-port 49152-65535 in via xl0 keep-state 02200 67 3248 allow icmp from any to any icmptypes 8 keep-state 02300 125014 13868628 allow icmp from any to any icmptypes 3 02400 3423 387572 allow icmp from any to any icmptypes 11 02500 11784223 9455880276 allow ip from any to any 65535 35 1564 deny ip from any to any thanks From owner-freebsd-isp@FreeBSD.ORG Thu Jul 22 07:37:51 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ECF8E16A4CE for ; Thu, 22 Jul 2004 07:37:51 +0000 (GMT) Received: from mail.butovo-online.ru (mail.b-o.ru [212.5.78.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4271543D49 for ; Thu, 22 Jul 2004 07:37:51 +0000 (GMT) (envelope-from resident@b-o.ru) Received: from [192.168.91.89] (helo=priv-91-89.butovo-online.ru) by mail.butovo-online.ru with esmtp (Exim 4.24) id 1BnYKE-0004op-4A for freebsd-isp@freebsd.org; Thu, 22 Jul 2004 11:49:10 +0400 Date: Thu, 22 Jul 2004 11:40:04 +0400 From: Andrew Riabtsev X-Mailer: The Bat! (v1.62i) Business X-Priority: 3 (Normal) Message-ID: <75570430.20040722114004@b-o.ru> To: freebsd-isp@freebsd.org In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: about ipfw rules on bridge boxes X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrew Riabtsev List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jul 2004 07:37:52 -0000 Hi Carlos, Wednesday, July 21, 2004, 9:39:04 PM, you wrote: CA> i dont know why this rule is skipped.. i adjunt my rules. CA> i have my apache listening on port 81, i redirect all the web page CA> request on client 172.16.1.58 and redirect it to my http running on my CA> bridge box CA> fwd 127.0.0.1,81 tcp from 172.16.1.58 to 'fwd' and 'divert' rules ignoreing on bridged packets. Andrew mailto:resident@b-o.ru From owner-freebsd-isp@FreeBSD.ORG Fri Jul 23 10:13:51 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2CF3816A4CE for ; Fri, 23 Jul 2004 10:13:51 +0000 (GMT) Received: from ews38.everyware.ch (ews38.espace.everyware.ch [212.71.111.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3DC3543D46 for ; Fri, 23 Jul 2004 10:13:50 +0000 (GMT) (envelope-from dna@everyware.ch) Received: from linux-dna.everyware.ch (linux-dna.everyware.ch [212.71.117.27]) by ews38.everyware.ch (Postfix) with SMTP id 59BE71C6AC for ; Fri, 23 Jul 2004 12:13:48 +0200 (CEST) Date: Fri, 23 Jul 2004 12:13:48 +0200 From: Dimitri Aivaliotis To: freebsd-isp@freebsd.org Message-Id: <20040723121348.553d9e2d@linux-dna.everyware.ch> Organization: EveryWare AG X-Mailer: Sylpheed version 0.9.10claws (GTK+ 1.2.10; i686-pc-linux-gnu) X-Face: 'Pz)c2@Qiu.8=a*>M\B0X)y%#}|a P}TLNYp$B/bI3t")\C\?,$EI.Wgi,BRAd]ksqaF&gdKma/; 3v|nF91@Md6kOdEG'%dIoofV"R\lJKJ JS5 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jul 2004 10:13:51 -0000 Hello, According to HP/Compaq, Google, and the archives a Compaq Insight Manager Agent does not yet exist for FreeBSD. Has anyone any hints on how to get disk activity monitoring out of SNMP without using the agent? I've looked through the standard MIBs, to no avail. (Would ssIORawSent/ssIORawReceived be relevant? If so, how would I specify the block device, if I even could? An snmpwalk showed no ssIORawSent/ssIORawReceived, so I guess the generic kernel doesn't support it. Would it be configurable?) Alternatively, I could ask the driver to show me the activity. I know the ciss driver (for Compaq Smart Array 5i on a DL380) reports information to the logs, and I'll get informed of drive fail states, etc. The driver (to my knowledge) doesn't report on activity, though. Is there a way to turn that on, perhaps? There's two interesting debug levels in /usr/src/sys/dev/ciss/cissvar.h: * 1 - talkative, log major events, but nothing on the I/O path * 2 - noisy, log events on the I/O path Which (if either) would be most helpful, and how would I turn debugging on (looks like a compile-time switch)? How do you DL 380 users out there monitor your disk activity? Do you monitor disk activity? (Note: I'm already monitoring disk capacity, but that unfortunately won't tell me if my disk is thrashing.) System Info: Compaq ProLiant DL380 G3 FreeBSD 5.2.1 net-snmp-5.1.1_5 from ports Thanks, - Dimitri -- Dimitri Aivaliotis EveryWare AG Birmensdorferstrasse 125 8003 Zurich tel: +41 (1) 466 60 00 fax: +41 (1) 466 60 10 From owner-freebsd-isp@FreeBSD.ORG Fri Jul 23 19:46:10 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8BC3916A4CE for ; Fri, 23 Jul 2004 19:46:10 +0000 (GMT) Received: from swisseasy.net (mailhost.swisseasy.net [80.74.132.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E95243D48 for ; Fri, 23 Jul 2004 19:46:09 +0000 (GMT) (envelope-from arie@gerszt.ch) Received: (qmail 56000 invoked by uid 2537); 23 Jul 2004 19:46:07 -0000 Received: from arie@gerszt.ch by atlas.swisseasy.net by uid 89 with qmail-scanner-1.22 (clamscan: 0.70. spamassassin: 2.63. Clear:RC:1(212.41.77.18):. Processed in 1.022274 secs); 23 Jul 2004 19:46:07 -0000 Received: from unknown (HELO i8000) (arie@gerszt.ch@212.41.77.18) by mailhost.swisseasy.net with SMTP; 23 Jul 2004 19:46:06 -0000 From: "Arie Gerszt" To: Date: Fri, 23 Jul 2004 21:45:11 +0200 Message-ID: <000301c470ed$91015440$5b01a8c0@i8000> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Importance: Normal Subject: Apache - reverse proxy with freebsd X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jul 2004 19:46:10 -0000 Hi Currently I am running a standard setup with NameBased Virtualhosts with HTTP 1.1 with a couple of Vhosts. Each has the same public IP. What I would like to do: - assign each vhosts a unique RFC1918 internal address - do some nat / reverse proxy magic on the freebsd box (the webserver itself) - I want to use the same public IP Is there a solution for that? What I could not figure out, how the reverse proxy could distinghish / split up the http 1.1 individual domains to internal ips. Thanks for hints, Arie From owner-freebsd-isp@FreeBSD.ORG Fri Jul 23 22:57:20 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6124D16A4CE for ; Fri, 23 Jul 2004 22:57:20 +0000 (GMT) Received: from helium.webpack.hosteurope.de (helium.webpack.hosteurope.de [217.115.142.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 93CB943D45 for ; Fri, 23 Jul 2004 22:57:19 +0000 (GMT) (envelope-from me@x3k6a2.net) Received: from pd9e46e1a.dip.t-dialin.net ([217.228.110.26] helo=x3k6a2) by helium.webpack.hosteurope.de with asmtp (Exim 4.34) id 1Bo8yb-0001Fp-7h for freebsd-isp@freebsd.org; Sat, 24 Jul 2004 00:57:17 +0200 Date: Sat, 24 Jul 2004 00:57:15 +0200 From: Sebastian Steenbuck X-Mailer: The Bat! (v1.53d) X-Priority: 3 (Normal) Message-ID: <14844052750.20040724005715@x3k6a2.net> To: freebsd-isp@freebsd.org In-Reply-To: <000301c470ed$91015440$5b01a8c0@i8000> References: <000301c470ed$91015440$5b01a8c0@i8000> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-HE-MXrcvd: no Subject: Re: Apache - reverse proxy with freebsd X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Sebastian Steenbuck List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jul 2004 22:57:20 -0000 > What I could not figure out, how the > reverse proxy could distinghish / split up the http 1.1 individual > domains to internal ips. As stated in section 14.23 of RFC 2616 (Hypertext Transfer Protocol -- HTTP/1.1) http://www.faqs.org/rfcs/rfc2616.html >A client MUST include a Host header field in all HTTP/1.1 request > messages e.g. Host: www.w3.org With the host information a reverse proxy can transmit the request to the correct web server. At least this is how I think it is working, I never really touched a thing like this. mfg Sebastian Steenbuck From owner-freebsd-isp@FreeBSD.ORG Sat Jul 24 08:38:09 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8EBD616A4CE for ; Sat, 24 Jul 2004 08:38:09 +0000 (GMT) Received: from mwinf0202.wanadoo.fr (smtp2.wanadoo.fr [193.252.22.29]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A69743D2F for ; Sat, 24 Jul 2004 08:38:09 +0000 (GMT) (envelope-from "") Received: from mwinb0305.me-wanadoo.net (mwinb0305 [172.22.164.27]) by mwinf0202.wanadoo.fr (SMTP Server) with ESMTP id 14689A40010C for ; Sat, 24 Jul 2004 10:38:08 +0200 (CEST) Received: by mwinb0305.me-wanadoo.net (SMTP Server, from userid 1001) id 0C87E1802D; Sat, 24 Jul 2004 10:38:08 +0200 (CEST) Message-ID: Date: Sat, 24 Jul 2004 10:38:08 +0200 X-Sieve: Server Sieve 2.2 From: To: In-Reply-To: <20040724083803.34002A00007B@mwinf0204.wanadoo.fr> Auto-Submitted: auto-replied (vacation) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Subject: Re: Your bill X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Jul 2004 08:38:09 -0000 salut je ne suis pas disponible,ou bien,j'ai pas envie tout simplement de te repondre.retente ta chance un autre jour.(je plaisante)des que je peu je te repond