From owner-freebsd-isp@FreeBSD.ORG Sun Oct 26 06:32:17 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 166D416A4B3 for ; Sun, 26 Oct 2003 06:32:17 -0800 (PST) Received: from ns1.unixmexico.net (ns1.unixmexico.net [69.10.138.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id AB78B43F93 for ; Sun, 26 Oct 2003 06:32:15 -0800 (PST) (envelope-from nbari@unixmexico.com) Received: (qmail 45491 invoked by uid 85); 26 Oct 2003 14:34:55 -0000 Received: from nbari@unixmexico.com by ns1.unixmexico.net by uid 82 with qmail-scanner-1.16 (hbedv: 6.22.0.1/6.22.0.6. Clear:. Processed in 0.312166 secs); 26 Oct 2003 14:34:55 -0000 Received: from ns1.unixmexico.net (HELO mail.unixmexico.com) ([69.10.138.161]) (envelope-sender ) by ns1.unixmexico.net (qmail-ldap-1.03) with SMTP for ; 26 Oct 2003 14:34:55 -0000 Received: from 148.243.211.1 (SquirrelMail authenticated user nbari@unixmexico.com) by mail.unixmexico.com with HTTP; Sun, 26 Oct 2003 08:34:55 -0600 (CST) Message-ID: <14699.148.243.211.1.1067178895.squirrel@mail.unixmexico.com> Date: Sun, 26 Oct 2003 08:34:55 -0600 (CST) From: nbari@unixmexico.com To: freebsd-isp@freebsd.org User-Agent: SquirrelMail/1.4.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: proftpd (virtual users) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Oct 2003 14:32:17 -0000 Hello. I want to use proftpd for multiple users (virtual users), i host more than 50 domains and want to have a home for each domain. Right now I'm making tests with mod_ldap but the problem is that the ftp protocol don't work like apache when setting virtual domains by DNS. What i would like to have is just one system user called vftp (uid 201) and a group vftp (gid 201) and to have all the users on /home/vftp/sites/* but to allow or disable access for certain groups or users to some domains. For example if i have vdomain1 i would like that group1 could access to the home of vdomain1 bot not to access to other vdomains. This an idea of what i am trying to do, any idea, comment or suggestion on how to best do this stuff?? Basically what i don't want is to authenticate users against the /etc/master.password and no to have a lot of system users. regards. From owner-freebsd-isp@FreeBSD.ORG Sun Oct 26 06:56:34 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 59A2A16A4B3 for ; Sun, 26 Oct 2003 06:56:34 -0800 (PST) Received: from ns1.unixmexico.net (ns1.unixmexico.net [69.10.138.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0D5C743FCB for ; Sun, 26 Oct 2003 06:56:33 -0800 (PST) (envelope-from nbari@unixmexico.com) Received: (qmail 46017 invoked by uid 85); 26 Oct 2003 14:59:17 -0000 Received: from nbari@unixmexico.com by ns1.unixmexico.net by uid 82 with qmail-scanner-1.16 (hbedv: 6.22.0.1/6.22.0.6. Clear:. Processed in 0.250067 secs); 26 Oct 2003 14:59:17 -0000 Received: from ns1.unixmexico.net (HELO mail.unixmexico.com) ([69.10.138.161]) (envelope-sender ) by ns1.unixmexico.net (qmail-ldap-1.03) with SMTP for ; 26 Oct 2003 14:59:17 -0000 Received: from 148.243.211.1 (SquirrelMail authenticated user nbari@unixmexico.com) by mail.unixmexico.com with HTTP; Sun, 26 Oct 2003 08:59:17 -0600 (CST) Message-ID: <10632.148.243.211.1.1067180357.squirrel@mail.unixmexico.com> Date: Sun, 26 Oct 2003 08:59:17 -0600 (CST) From: nbari@unixmexico.com To: freebsd-isp@freebsd.org User-Agent: SquirrelMail/1.4.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: proftpd or pure-ftpd (virtual users / domains) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Oct 2003 14:56:34 -0000 Sorry for this second post I forgot to say that I am trying also to to this with pure-ftpd so what do you recomend best. regards ---------------- Hello. I want to use proftpd for multiple users (virtual users), i host more than 50 domains and want to have a home for each domain. Right now I'm making tests with mod_ldap but the problem is that the ftp protocol don't work like apache when setting virtual domains by DNS. What i would like to have is just one system user called vftp (uid 201) and a group vftp (gid 201) and to have all the users on /home/vftp/sites/* but to allow or disable access for certain groups or users to some domains. For example if i have vdomain1 i would like that group1 could access to the home of vdomain1 bot not to access to other vdomains. This an idea of what i am trying to do, any idea, comment or suggestion on how to best do this stuff?? Basically what i don't want is to authenticate users against the /etc/master.password and no to have a lot of system users. regards. From owner-freebsd-isp@FreeBSD.ORG Sun Oct 26 07:56:50 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9106B16A4B3 for ; Sun, 26 Oct 2003 07:56:50 -0800 (PST) Received: from landm.net (ssh.landm.net [65.194.193.77]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6BDE043FBF for ; Sun, 26 Oct 2003 07:56:49 -0800 (PST) (envelope-from lvaldeon@landm.net) Received: (qmail 8784 invoked by uid 510); 26 Oct 2003 15:55:14 -0000 Received: from unknown (HELO landm) (213.97.105.79) by svr1.landm.net with SMTP; 26 Oct 2003 15:55:14 -0000 Date: Sun, 26 Oct 2003 16:56:24 +0100 From: =?ISO-8859-1?B?THVjYXMgVmFsZGXzbg==?= X-Mailer: The Bat! (v1.62r) Personal X-Priority: 3 (Normal) Message-ID: <695479483.20031026165624@landm.net> To: nbari@unixmexico.com In-Reply-To: <10632.148.243.211.1.1067180357.squirrel@mail.unixmexico.com> References: <10632.148.243.211.1.1067180357.squirrel@mail.unixmexico.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-isp@freebsd.org Subject: Re: proftpd or pure-ftpd (virtual users / domains) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: =?ISO-8859-1?B?THVjYXMgVmFsZGXzbg==?= List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Oct 2003 15:56:50 -0000 Hi nbari, Use pureftpd with chroot users. Compile with this option and finsh Dir with . Example: /home/vftp/sites/domain1/./ I am pureftpd happy user :) Lucas ---------------------------------------- Sunday, October 26, 2003, 3:59:17 PM, you wrote: nuc> Sorry for this second post I forgot to say that nuc> I am trying also to to this with pure-ftpd nuc> so what do you recomend best. nuc> regards nuc> ---------------- nuc> Hello. nuc> I want to use proftpd for multiple users (virtual users), i host more than nuc> 50 domains and want to have a home for each domain. nuc> Right now I'm making tests with mod_ldap but the problem is that the ftp nuc> protocol don't work like apache when setting virtual domains by DNS. nuc> What i would like to have is just one system user called vftp (uid 201) nuc> and a group vftp (gid 201) and to have all the users on /home/vftp/sites/* nuc> but to allow or disable access for certain groups or users to some nuc> domains. nuc> For example if i have vdomain1 i would like that group1 could access to nuc> the home of vdomain1 bot not to access to other vdomains. nuc> This an idea of what i am trying to do, any idea, comment or suggestion on nuc> how to best do this stuff?? nuc> Basically what i don't want is to authenticate users against the nuc> /etc/master.password and no to have a lot of system users. nuc> regards. nuc> _______________________________________________ nuc> freebsd-isp@freebsd.org mailing list nuc> http://lists.freebsd.org/mailman/listinfo/freebsd-isp nuc> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Mon Oct 27 05:26:52 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B602816A4B3 for ; Mon, 27 Oct 2003 05:26:52 -0800 (PST) Received: from nexusinternetsolutions.net (nx1.nexusinternetsolutions.net [206.47.131.10]) by mx1.FreeBSD.org (Postfix) with SMTP id BBB8C43FA3 for ; Mon, 27 Oct 2003 05:26:51 -0800 (PST) (envelope-from dave@nexusinternetsolutions.net) Received: (qmail 74506 invoked from network); 27 Oct 2003 13:26:50 -0000 Received: from unknown (HELO ws1) (65.49.236.97) by nx1.nexusinternetsolutions.net with SMTP; 27 Oct 2003 13:26:50 -0000 From: "Dave [Nexus]" To: Date: Mon, 27 Oct 2003 08:26:49 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: restoring dumps from crashed drive X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Oct 2003 13:26:52 -0000 recently had an unfotunate incident where a hard drive crashed after only 8 months of service. Total loss of data on the drive even after sending it in to a recovery company. At first, though annoying, it ddn't seem like a big deal since we had been religiously dumping the partitions each nigh, and had a recent 0 level dump as early as the night before. I did however find that restoring the server to its previous glory using these dumps wasn't a simple matter. The server was a 4.3 installation with the odd patch here and there to fix critical problems that came up since then. Since it was a production server, it was alway too risky to cvsup and rebuildthe entire world and risk having various data applications fail because of changes. We had boot disks, and the thought was to build a base installation, mount the backup drive(secondary hard drive), then simply run restore over the various partitions. Some of the problems we ran into were; - unable to copy various system files, kernel, etc... - restore being unable to find files and trees referred to by symbolic link (which at first I figured would be solved by simply running it twice once the files were there to be linked to) - and other peculiarities. Bottom line is we ended up ditching it, installing a 4.8, cvsup to 4.9, then rebuilding the server by hand, and copying user data over. We are still trying to get database files restored which are problematic because of the massive changes in the various MySQL and PostgreSQL since previous versions. Aside from the nice dump/restore examples, does anyone have a real world situation where they could discuss the proceedures they did to restore a server from backup, assuming total loss of the primary drive. For the type of hosting we are doing, having a backup that can be restored within 12-24 hours is sufficient, which is why we went this route in the first place. If dump/restore cannot handle a complete server, we have to look at alternatives. Appreciate any comments or feedback on this. Dave From owner-freebsd-isp@FreeBSD.ORG Mon Oct 27 05:49:43 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 07C9E16A4B3 for ; Mon, 27 Oct 2003 05:49:43 -0800 (PST) Received: from bilver.wjv.com (user38.net339.fl.sprint-hsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id BBB2343F85 for ; Mon, 27 Oct 2003 05:49:41 -0800 (PST) (envelope-from bv@bilver.wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by bilver.wjv.com (8.12.10/8.12.9) with ESMTP id h9RDndVl035828; Mon, 27 Oct 2003 08:49:39 -0500 (EST) (envelope-from bv@bilver.wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.12.10/8.12.9/Submit) id h9RDndCt035827; Mon, 27 Oct 2003 08:49:39 -0500 (EST) (envelope-from bv) Date: Mon, 27 Oct 2003 08:49:39 -0500 From: Bill Vermillion To: "Dave [Nexus]" Message-ID: <20031027134939.GA35680@wjv.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on bilver.wjv.com cc: freebsd-isp@freebsd.org Subject: Re: restoring dumps from crashed drive X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: bv@wjv.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Oct 2003 13:49:43 -0000 Shakespeare wrote plays and sonnets which will last an eternity, but on Mon, Oct 27, 2003 at 08:26 , Dave [Nexus] wrote: > recently had an unfotunate incident where a hard drive crashed > after only 8 months of service. Total loss of data on the drive > even after sending it in to a recovery company. > At first, though annoying, it ddn't seem like a big deal since > we had been religiously dumping the partitions each nigh, and > had a recent 0 level dump as early as the night before. I did > however find that restoring the server to its previous glory > using these dumps wasn't a simple matter. ..... [more gory details deleted-wjv] > We had boot disks, and the thought was to build a base > installation, mount the backup drive(secondary hard drive), > then simply run restore over the various partitions. Some of > the problems we ran into were; - unable to copy various system > files, kernel, etc... - restore being unable to find files and > trees referred to by symbolic link (which at first I figured > would be solved by simply running it twice once the files were > there to be linked to) - and other peculiarities. .... > Aside from the nice dump/restore examples, does anyone have a > real world situation where they could discuss the proceedures > they did to restore a server from backup, assuming total loss > of the primary drive. For the type of hosting we are doing, > having a backup that can be restored within 12-24 hours is > sufficient, which is why we went this route in the first place. > If dump/restore cannot handle a complete server, we have to > look at alternatives. Coming from commercail Unix systems I've never been a large fan of dump restore but having my clients use commercial super-tar programs [called that because they handle devs, and things that used to faily] that also have full verify restore too. Tapes are done automatically and then the tape rewinds and does a bit-level verify of tape againt current HD contents. Complete reports get mailed after each one - with any files that failed - and a notation of how many files were not verified since contents had changed since backup. On the Linux and SCO machines [but not on the BSD] there is also a utility to build boot disks to be able to restore onto a fresh drive from tape after loading only two disks. The program I used [and to keep things clean I must admit I am a dealer for it] is called Lone-Tar. There are free demos at Cactus.com. On the machine as the IPS [a colo facility] I use rsync to backup the important data and var to get the database. But I never get about 2 OS revs behind so I haven't had the problem you expressed. I got spoiled about 1990 using a program from alt souces that did bit level verifies and then the commercial programs started using that. I've seen more than one instance where backups wouldn't restore because the backup failed for some reason or other. None of that helps you now, but I'd strongly recommend a program like that as you can put everything back just the way it was - until you get to the point where new hardware makes a complete identical restore impossible - eg new controllers, NICs, etc. Bill -- Bill Vermillion - bv @ wjv . com From owner-freebsd-isp@FreeBSD.ORG Mon Oct 27 06:41:18 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 922D416A4B3 for ; Mon, 27 Oct 2003 06:41:18 -0800 (PST) Received: from web1.nexusinternetsolutions.net (web1.nexusinternetsolutions.net [206.47.131.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 92FFD43FA3 for ; Mon, 27 Oct 2003 06:41:17 -0800 (PST) (envelope-from dave@hawk-systems.com) Received: (qmail 23017 invoked by uid 89); 27 Oct 2003 14:41:28 -0000 Received: from unknown (HELO ws1) (65.49.236.97) by web1.nexusinternetsolutions.net with SMTP; 27 Oct 2003 14:41:28 -0000 From: "Dave [Hawk-Systems]" To: Date: Mon, 27 Oct 2003 09:41:16 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <20031027134939.GA35680@wjv.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal cc: freebsd-isp@freebsd.org Subject: RE: restoring dumps from crashed drive X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Oct 2003 14:41:18 -0000 >Coming from commercail Unix systems I've never been a large >fan of dump restore but having my clients use commercial >super-tar programs [called that because they handle devs, and >things that used to faily] that also have full verify restore too. I am gettin gthe impression that dump is more of a file archiver rather than a true system backup utility. >On the machine as the IPS [a colo facility] I use rsync to backup >the important data and var to get the database. But I never get >about 2 OS revs behind so I haven't had the problem you expressed. a noted shortcoming on our part. it wasn't broken so we didn't try to fix (aside from a few patches), which evidently came back to haunt us when a repair of this magnitute was required. >I got spoiled about 1990 using a program from alt souces that >did bit level verifies and then the commercial programs started >using that. I've seen more than one instance where backups >wouldn't restore because the backup failed for some reason or >other. None of that helps you now, but I'd strongly recommend >a program like that as you can put everything back just the way it >was - until you get to the point where new hardware makes a >complete identical restore impossible - eg new controllers, NICs, >etc. The dissapointment (or misunderstanding on my part of what dump/restore could handle) is that the hardware was identical, including the new hard drive make/model. Absolutely nothing had changed, it just didn't seem up to the task of restoring over a basic file system. one of those "never know if it works untill you have a disaster"... well we had one, and it didn't. Dave From owner-freebsd-isp@FreeBSD.ORG Mon Oct 27 07:09:11 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C8ACB16A4BF for ; Mon, 27 Oct 2003 07:09:11 -0800 (PST) Received: from bilver.wjv.com (user38.net339.fl.sprint-hsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3571E43FCB for ; Mon, 27 Oct 2003 07:09:08 -0800 (PST) (envelope-from bv@bilver.wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by bilver.wjv.com (8.12.10/8.12.9) with ESMTP id h9RF96Vl036730; Mon, 27 Oct 2003 10:09:06 -0500 (EST) (envelope-from bv@bilver.wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.12.10/8.12.9/Submit) id h9RF96c2036729; Mon, 27 Oct 2003 10:09:06 -0500 (EST) (envelope-from bv) Date: Mon, 27 Oct 2003 10:09:06 -0500 From: Bill Vermillion To: "Dave [Hawk-Systems]" Message-ID: <20031027150906.GA36540@wjv.com> References: <20031027134939.GA35680@wjv.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on bilver.wjv.com cc: freebsd-isp@freebsd.org Subject: Re: restoring dumps from crashed drive X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: bv@wjv.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Oct 2003 15:09:11 -0000 On Mon, Oct 27, 2003 at 09:41 , Dave [Hawk-Systems] showing utter disregard for spell-checkers gave us this: > >Coming from commercail Unix systems I've never been a large > >fan of dump restore but having my clients use commercial > >super-tar programs [called that because they handle devs, and > >things that used to faily] that also have full verify restore too. > I am gettin gthe impression that dump is more of a file > archiver rather than a true system backup utility. Dump is ancient - and while touted as a backup many wont trust it. Note the BUGS section of the FreeBSD man page. "Fewer than 32 read errors on the file system are ignored". That bothers me because I'm of the mind set you show know every error and the make a determination whether they are important or safely ignore. > >On the machine as the IPS [a colo facility] I use rsync to backup > >the important data and var to get the database. But I never get > >about 2 OS revs behind so I haven't had the problem you expressed. > a noted shortcoming on our part. it wasn't broken so we didn't > try to fix (aside from a few patches), which evidently came > back to haunt us when a repair of this magnitute was required. You can't be blamed for that. Many people do consider dump broken, and that's why alternatives emereged. I'm probalby more aware of things like this as being an SA for hire for small businesses and have been around several differing Unix systems. > >I got spoiled about 1990 using a program from alt souces that > >did bit level verifies and then the commercial programs started > >using that. I've seen more than one instance where backups > >wouldn't restore because the backup failed for some reason or > >other. None of that helps you now, but I'd strongly recommend > >a program like that as you can put everything back just the way it > >was - until you get to the point where new hardware makes a > >complete identical restore impossible - eg new controllers, NICs, > >etc. > The dissapointment (or misunderstanding on my part of what > dump/restore could handle) is that the hardware was identical, > including the new hard drive make/model. Absolutely nothing had > changed, it just didn't seem up to the task of restoring over a > basic file system. The one thing you did not know was that the tape backup [I'm assuming tape] was completely successful. If tape and you ran a typical verify on the tape afterward - all that basically does [or did on the one I'm used to] was to verify the checksums on the headers. But if data was mis-read from the HD or it got corrupted in transit from the HD to the electronics on the tape drive, the bad data will be written and a checksum for that will added to the end of the block, and you will wrongly assume that the data is OK as the checksum matched. That's why I started using bit-level verifies. And that was from about 1990 where many small systems still backed up to floppies. I go far enough back with these wee beasts to remember that HW wasn't as reliable as it is now. Today's HW often gives a false sense of security as it fails so often. > one of those "never know if it works untill you have a > onedisaster"... well we had , and it didn't. Well you are luckier than those who had a disaster and then couldn't survive the data loss. I had one client whom I could NOT get to take tapes off site - figuring they were safe in his office. One day after a pretty bad experience with lightning, losing a lot of terminal and a multi-port disaster - he read his insurance policy again to see what was covered and found that his business-interuption insurance would not cover any financial loss because of data loss >IF< there were no off-site backups. OTOH another former client called last spring after a disastrous fire. The ONLY data he had was a month old backup of the *n*x system database programs and data that someone had made on a PC. All the filenames were changed to the 8.3 format. For many files that was okay - but there were many processing tables with longer names, which also called other processing tables. The HD's were NOT recoverable I was told - his current HW people had recommended a major company - but everything was pretty well destroyed. I told him that it would take a minium of 100-150 hours of my time to look at the tables, determine the original names, and rebuild it all back to it was the day of the backup. Add that to the HW costs, and he decided it was not worth it and called it a total loss. If the people had made the backup via a proper transfer to MS machine and built an ISO image he would have been ok - but that data loss was made non-recoverable by people not understanding how to make backups that might need to be restored. Sorry you went through this - but at least now you know how to make sure it never happens again. Bill -- Bill Vermillion - bv @ wjv . com From owner-freebsd-isp@FreeBSD.ORG Mon Oct 27 07:24:19 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC79F16A4B3 for ; Mon, 27 Oct 2003 07:24:19 -0800 (PST) Received: from flash.mipk-kspu.kharkov.ua (flash.mipk-kspu.kharkov.ua [194.44.157.113]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E5AB43F75 for ; Mon, 27 Oct 2003 07:23:47 -0800 (PST) (envelope-from artem@mipk.kharkiv.edu) Received: from mipk.kharkiv.edu (rainbow.mipk-kspu.kharkov.ua [192.168.9.241]) h9RFLE5p071444; Mon, 27 Oct 2003 17:21:29 +0200 (EET) (envelope-from artem@mipk.kharkiv.edu) Message-ID: <3F9D37E9.1020105@mipk.kharkiv.edu> Date: Mon, 27 Oct 2003 17:21:13 +0200 From: "Artyom V. Viklenko" Organization: IIAT NTU "KhPI" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 X-Accept-Language: ru, uk, en MIME-Version: 1.0 To: "Dave [Nexus]" References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: restoring dumps from crashed drive X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Oct 2003 15:24:20 -0000 Dave [Nexus] wrote: > recently had an unfotunate incident where a hard drive crashed after only 8 > months of service. Total loss of data on the drive even after sending it in to a > recovery company. > .... > > We had boot disks, and the thought was to build a base installation, mount the > backup drive(secondary hard drive), then simply run restore over the various > partitions. Some of the problems we ran into were; > - unable to copy various system files, kernel, etc... > - restore being unable to find files and trees referred to by symbolic link > (which at first I figured would be solved by simply running it twice once the > files were there to be linked to) > - and other peculiarities. If you have another system, you can try to install new disk into this system, prepare slices, partitions and make new blank filesystems. Make it bootable. Then, using restore, extract content of your level 0 dumps (and maybe higher levels - if you need) to newly created filesystems. Such rescue system can be any kind of 4.x FreeBSD. Then, move new disk to the target machine and boot it up. If you haven't another system, try to use livefs CD-ROM (#2). Some times ago I made replacement of hard drive in one of my systems. But instead of dumps, I'v used real data from old drive. Then I remove old disk and setup new disk as a primary boot disk. All works fine. The only thing which can occurs - problems with multiboot configs (i.e. FreeBSD and Windows 9x) due to LBA configuration problems on some motherboards/BIOSes an HDDs. But it's not an issue in you situation. Hope this helps! -- Sincerely yours, Artyom V. Viklenko. ====================================================== System Administrator artem@mipk.kharkiv.edu ------------------------------------------------------ IIAT NTU "KhPI" 21, Frunze Str., Kharkov Ukraine 61002 Phone: +380 (572) 400026 Fax: +380 (572) 474062 ====================================================== From owner-freebsd-isp@FreeBSD.ORG Mon Oct 27 07:34:01 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B5BB16A4BF for ; Mon, 27 Oct 2003 07:34:01 -0800 (PST) Received: from mx0.dmpriest.net.uk (mx0.dmpriest.net.uk [62.13.128.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 949F843FBF for ; Mon, 27 Oct 2003 07:33:59 -0800 (PST) (envelope-from kpielorz@tdx.co.uk) Received: from raptor ([62.13.130.13]) by mx0.dmpriest.net.uk (8.11.6/8.11.6/Kp) with ESMTP id h9RFVQt01755; Mon, 27 Oct 2003 15:31:26 GMT Date: Mon, 27 Oct 2003 15:34:09 +0000 From: Karl Pielorz To: "Dave [Hawk-Systems]" Message-ID: <284454859.1067268849@raptor> In-Reply-To: References: X-Mailer: Mulberry/3.1.0b8 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline cc: freebsd-isp@freebsd.org Subject: RE: restoring dumps from crashed drive X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Oct 2003 15:34:01 -0000 --On 27 October 2003 09:41 -0500 "Dave [Hawk-Systems]" wrote: > The dissapointment (or misunderstanding on my part of what dump/restore > could handle) is that the hardware was identical, including the new hard > drive make/model. Absolutely nothing had changed, it just didn't seem up > to the task of restoring over a basic file system. > > one of those "never know if it worksuntill you have a disaster"... well > we had one, and it didn't. You know you should really test this stuff, before finding out it doesn't work for a 'live system' problem? :) We've used dump here for ages - and we've tested it (and continue to test it every now and again by getting a spare machine together and doing a full restore to it) - as well as testing the actual dumped data. I'm not saying just because it works for us, it's perfect, or always going to work - but just to let you know, there are some people out there using it, for whom it does actually work :-) Regards, Karl From owner-freebsd-isp@FreeBSD.ORG Mon Oct 27 08:42:35 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1281016A4B3 for ; Mon, 27 Oct 2003 08:42:35 -0800 (PST) Received: from mail.egation.com (frhemail.colo.egation.com [216.218.216.14]) by mx1.FreeBSD.org (Postfix) with SMTP id 2A2D943FA3 for ; Mon, 27 Oct 2003 08:42:34 -0800 (PST) (envelope-from david@mail.egation.com) Received: (qmail 96977 invoked by uid 0); 27 Oct 2003 16:42:33 -0000 Received: from frecnocpc2.noc.egation.com (66.220.15.53) by frhemail.colo.egation.com with SMTP; 27 Oct 2003 16:42:33 -0000 Received: from frecnocpc2.noc.egation.com (localhost [127.0.0.1]) h9RGgWpX000404 for ; Mon, 27 Oct 2003 08:42:32 -0800 (PST) (envelope-from david@frecnocpc2.noc.egation.com) Received: (from david@localhost)h9RGgPwa000403 for freebsd-isp@freebsd.org; Mon, 27 Oct 2003 08:42:25 -0800 (PST) (envelope-from david) Date: Mon, 27 Oct 2003 08:42:25 -0800 From: David Wolfskill To: freebsd-isp@freebsd.org Message-ID: <20031027164225.GA361@frecnocpc2.noc.egation.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i Subject: Re: restoring dumps from crashed drive X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Oct 2003 16:42:35 -0000 On Mon, Oct 27, 2003 at 08:26:49AM -0500, Dave [Nexus] wrote: > recently had an unfotunate incident where a hard drive crashed after only 8 > months of service. Total loss of data on the drive even after sending it in to a > recovery company. >... > We had boot disks, and the thought was to build a base installation, mount the > backup drive(secondary hard drive), then simply run restore over the various > partitions. Some of the problems we ran into were; > - unable to copy various system files, kernel, etc... > - restore being unable to find files and trees referred to by symbolic link > (which at first I figured would be solved by simply running it twice once the > files were there to be linked to) > - and other peculiarities. > Bottom line is we ended up ditching it, installing a 4.8, cvsup to 4.9, then > rebuilding the server by hand, and copying user data over. We are still trying > to get database files restored which are problematic because of the massive > changes in the various MySQL and PostgreSQL since previous versions. The above list of modes of failure strike me as unexpected, at best. > Aside from the nice dump/restore examples, does anyone have a real world > situation where they could discuss the proceedures they did to restore a server > from backup, assuming total loss of the primary drive. Certainly. By its nature, dump requires a nearly incestuous relationship with the type of file system it's reading; on the other hand, if the file system has capabilities that more general utilities (e.g. tar or cpio) may not be aware of -- such as "flags"( cf. "man chflags"), a more file system- specific tool is appropriate to use. My backups at home are done with dump (transported via ssh); I have recovered from failed boot drives on a couple of FreeBSD systems and a Solaris (2.6) system via those backups. For the FreeBSD systems, I set them up to boot from either slice 1 or slice 2 (so I have both / and /usr on those slices, and /var and "everything else" -- including swap -- on the 3rd slice). In these cases, I do a minimal install on slice 2, boot from slice 2, then restore to slice 1. In the case of the Solaris system, I still had a flaky, but marginally-servicable, disk drive from which I could boot, while I put the new drive in the other position (this was on a SPARCstation 5) and partition the new drive, created the file systems, then restored the data. The reason for setting up the FreeBSD systems to boot from either of 2 slices, however, is not to facilitate such recovery (though it does do that); rather, it is to make fairly frequent upgrades (while preserving an ability to fall back to a reasonably well-known system). I use a "dump | restore" pipeline to copy the file systems from the active slice to the inactive one, then boot from the newly-wwritten slice. I then do the "make installkernel && mergemaster -p && make installworld && mergemaster" sequence in-place on the (now-active) slice -- I use a different (and faster) machine to do the builds, both for the world (including the sendmail configs) and the kernels. (I note, too, that I typically have /usr mounted read-only except during upgrades. I tried mounting / read-only a few years ago, but seem to recall ssh having significant problems with that ... and since a couple of the boxes I care about run headless, breaking the ability to use ssh to access them wasn't exactly high on my list of "fun things to do." Despite that, / doesn't tend to be a very active file system on boxes I run -- except during upgrades, of course.) Since I track -STABLE on my laptop (thus getting a "feel" for just how "stable" it is for my usage), I tend to do these upgrades -- at home -- about every couple of weeks or so. (If there are circumstances that justify a more frequent schedule, such as problems with SSL, I'll do that; if it is my perception that -STABLE isn't suitably "stable" for my use, I'll hold off for a week or so.) I confess that I have yet to implement that (or a similar) scheme here at work, though the new machines I've put into production do get set up to support it. But I just got started here.... :-} So I'm sorry to read of your "tale of woe," but find myself puzzled as to how that happened. I cannot help but recommend, though, that anyone doing (or planning) backups actually *test* the ability to use those backups from time to time. Peace, david -- David H. Wolfskill david@egation.com From owner-freebsd-isp@FreeBSD.ORG Mon Oct 27 09:21:02 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D3B4016A4B3 for ; Mon, 27 Oct 2003 09:21:02 -0800 (PST) Received: from mail.one2net.co.ug (mx2.one2net.co.ug [81.199.88.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id D078243F85 for ; Mon, 27 Oct 2003 09:20:59 -0800 (PST) (envelope-from www@mail.one2net.co.ug) Received: from www by mail.one2net.co.ug with local (Exim 4.24; FreeBSD 4.9) id 1AEB5D-000GKt-2U; Mon, 27 Oct 2003 20:23:11 +0300 Received: from 81.199.88.5 (SquirrelMail authenticated user pokui@one2net.co.ug) by mail.one2net.co.ug with HTTP; Mon, 27 Oct 2003 20:23:11 +0300 (EAT) Message-ID: <1251.81.199.88.5.1067275391.squirrel@mail.one2net.co.ug> In-Reply-To: <20031027164225.GA361@frecnocpc2.noc.egation.com> References: <20031027164225.GA361@frecnocpc2.noc.egation.com> Date: Mon, 27 Oct 2003 20:23:11 +0300 (EAT) From: "Patrick J Okui" To: "David Wolfskill" User-Agent: SquirrelMail/1.4.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Sender: World Wide Web Owner cc: freebsd-isp@freebsd.org Subject: Re: restoring dumps from crashed drive X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Oct 2003 17:21:03 -0000 David Wolfskill said: > On Mon, Oct 27, 2003 at 08:26:49AM -0500, Dave [Nexus] wrote: [snip ..] >> Aside from the nice dump/restore examples, does anyone have a real >> world >> situation where they could discuss the proceedures they did to restore a >> server >> from backup, assuming total loss of the primary drive. > [snip ..] speaking of backup systems, does anyone have any experience with something like Bacula (http://www.bacula.org/) it claims to have a server-client arch, the server being run on Linux/FreeBSD/Solaris and the client on all the above plus winbloze. I'm just testing it... anyone who knows anything about it (or systems like this)? cheers, Patrick. From owner-freebsd-isp@FreeBSD.ORG Mon Oct 27 18:02:53 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7CF9C16A4CE for ; Mon, 27 Oct 2003 18:02:53 -0800 (PST) Received: from areandor.numenor.net (areandor.numenor.net [69.55.237.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id E54A243FE5 for ; Mon, 27 Oct 2003 18:02:52 -0800 (PST) (envelope-from mentat@numenor.net) Received: from mentat by areandor.numenor.net with local (Exim 3.36 #1) id 1AEJBv-000KIv-00; Mon, 27 Oct 2003 18:02:39 -0800 Date: Mon, 27 Oct 2003 18:02:39 -0800 From: Nathan Kay To: "Eric W. Bates" Message-ID: <20031028020239.GA74323@numenor.net> References: <0ac901c393ea$4bc1ac80$68c311cc@fortiva> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <0ac901c393ea$4bc1ac80$68c311cc@fortiva> cc: freebsd-isp@freebsd.org Subject: Re: consequences of migrating to maildir storage system X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2003 02:02:53 -0000 On Thu, Oct 16, 2003 at 09:34:56AM -0400, Eric W. Bates wrote: > Anyone have unfortunate experiences as a consequence of converting > mail storage from flat file (mbox) to maildir? I'm concerned that the > increase in the number of files might cause problems with replication > (we use rsync), backup or even just running out of inodes. The two issues that I've seen with maildir and large mail environments are both file system related. First, watch your inodes, you may find yourself eating them up quickly. As noted already in the thread, newfs options can solve this issue. The other thing to watch out for, depending on your userbase and usage patterns is lost space from files smaller that your block size. That is to say, if your file system block size is 16k, and most of the email messages are 1k, that's 15k per message (on average) that you've lost, unless the file system is doing things to avoid it. Also, if you're using a network file system that pre-fetches file and directory attributes, you may eventually want to look into what your cache miss rates are for that. Depending on the usage patterns, pre-fetching file and directory attributes for network mounted file systems that are storing maildirs can be either a very good thing, or a very bad thing. Depends on your cache miss rates. -- Nathan Kay Numenorean Networks http://www.numenor.net PGP Public Key: http://www.numenor.net/~mentat/pgp.asc "Unix is like a Vorlon: It's incredibly powerful, gives terse, cryptic answers, and has a lot of things going on in the background." From owner-freebsd-isp@FreeBSD.ORG Tue Oct 28 08:36:20 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8AA7D16A4CE for ; Tue, 28 Oct 2003 08:36:20 -0800 (PST) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.89]) by mx1.FreeBSD.org (Postfix) with ESMTP id 879C743FDF for ; Tue, 28 Oct 2003 08:36:19 -0800 (PST) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin07-en2 [10.13.10.152]) by smtpout.mac.com (Xserve/MantshX 2.0) with ESMTP id h9SGaJ9D003870 for ; Tue, 28 Oct 2003 08:36:19 -0800 (PST) Received: from mac.com (dpvc-68-161-244-25.ny325.east.verizon.net [68.161.244.25]) (authenticated bits=0) by mac.com (Xserve/smtpin07/MantshX 3.0) with ESMTP id h9SGaICQ029399 for ; Tue, 28 Oct 2003 08:36:18 -0800 (PST) Date: Tue, 28 Oct 2003 11:36:17 -0500 Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v552) From: Charles Swiger To: freebsd-isp@freebsd.org Content-Transfer-Encoding: 7bit In-Reply-To: <20031028020239.GA74323@numenor.net> Message-Id: X-Mailer: Apple Mail (2.552) Subject: Re: consequences of migrating to maildir storage system X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2003 16:36:20 -0000 On Monday, October 27, 2003, at 09:02 PM, Nathan Kay wrote: > That is to say, if your file system block size is 16k, and most > of the email messages are 1k, that's 15k per message (on average) that > you've lost, unless the file system is doing things to avoid it. Your thoughts are good, but note that the Unix FFS can break a 16K file system block size into eight 2K 'fragments', per "man inode": Addresses stored in inodes are capable of addressing fragments of `blocks'. File system blocks of at most size MAXBSIZE can be optionally broken into 2, 4, or 8 pieces, each of which is addressable; these pieces may be DEV_BSIZE, or some multiple of a DEV_BSIZE unit. Large files consist of exclusively large data blocks. To avoid undue wasted disk space, the last data block of a small file is allocated as only as many fragments of a large block as are necessary. The file sys- tem format retains only a single pointer to such a fragment, which is a piece of a single large block that has been divided. Also, the amount of "wasted" disk space due to intrinsic fragmentation (ie, due to the fact that files are stored in blocks leaving unused bytes after EOF) can be estimated as [ 0.5 * frag_size * number_of_files ]. -- -Chuck From owner-freebsd-isp@FreeBSD.ORG Wed Oct 29 12:15:44 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D67516A4CE; Wed, 29 Oct 2003 12:15:44 -0800 (PST) Received: from srv00.el.com.br (srv00.el.com.br [200.179.165.123]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0D96E43FAF; Wed, 29 Oct 2003 12:15:43 -0800 (PST) (envelope-from npd@el.com.br) Received: from intranet.el.com.br (srv00.el.com.br [200.179.165.123]) by srv00.el.com.br (elsmtp) with SMTP id E7CEF70E4C; Wed, 29 Oct 2003 18:15:39 -0200 (BRST) Received: from 172.72.12.252 (SquirrelMail authenticated user npd) by intranet.el.com.br with HTTP; Wed, 29 Oct 2003 18:15:40 -0200 (BRST) Message-ID: <1545.172.72.12.252.1067458540.squirrel@intranet.el.com.br> Date: Wed, 29 Oct 2003 18:15:40 -0200 (BRST) From: "Nucleo de Pesquisa e Desenvolvimento" To: freebsd-net@freebsd.org User-Agent: SquirrelMail/1.4.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal cc: freebsd-isp@freebsd.org Subject: IPSEC in tunnel mode ( possible? ) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Oct 2003 20:15:44 -0000 Hi everyone, I know it is kind an off-topic question but maybe another network admin have already faced the following: client--[__ipsec__]--gw--[__ip__]--internet I, trying to secure a wireless link, want to have my clients using ipsec on the segment between the gateway gw and the machine itself even when the traffic is to the internet and not only to the gateway ( what works fine in transport mode anyway ). The clients are windows machines. Accordingly to Microsoft 252735 tunnel is possible when a windows is acting as a gateway, not our scenario where machines are only clients... Any one could point me to some url or send me keywords I should look for please? If things wonŽt work with ipsec IŽll do it with MPD... but I still should have ask it here. Thanks in advance ( and sorry for the cross posting ), -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Paiva, Gilson de Domingos Martins mailto:npd@el.com.br Brazil http://www.el.com.br/ E&L Producoes de Software http://www.FreeBSD.org/ FreeBSD: The Power to Serve =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From owner-freebsd-isp@FreeBSD.ORG Wed Oct 29 14:15:36 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D52E616A4D1; Wed, 29 Oct 2003 14:15:36 -0800 (PST) Received: from aragorn.summit.net.au (aragorn.summit.net.au [203.221.180.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id A5FF143FF3; Wed, 29 Oct 2003 14:15:35 -0800 (PST) (envelope-from lachlan@fatpanda.net) Received: from 127.0.0.1 (localhost [127.0.0.1]) by mail.summit.net.au (Postfix) with SMTP id 62B7414D41; Thu, 30 Oct 2003 09:15:30 +1100 (EST) Received: from felix (project.summit.net.au [218.185.87.4]) by aragorn.summit.net.au (Postfix) with SMTP id 7027714CF2; Thu, 30 Oct 2003 09:15:29 +1100 (EST) From: "Lachlan" To: "Nucleo de Pesquisa e Desenvolvimento" , Date: Thu, 30 Oct 2003 09:15:32 +1100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <1545.172.72.12.252.1067458540.squirrel@intranet.el.com.br> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Content-Transfer-Encoding: quoted-printable cc: freebsd-isp@freebsd.org Subject: RE: IPSEC in tunnel mode ( possible? ) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Oct 2003 22:15:37 -0000 I'm not sure if my guess is correct. But instead of using windows over ipsec, i would use 2 FreeBSD boxes. eg, Client Host -- [ipsec on bsd] -- (( wirless )) -- [ipsec on bsd to decrypt] -- (( internet )) Not sure if that's what you're trying to do, was a little hard to understand. If that is the case, there is a nice article on freebsd diary that covers this pretty well. http://www.freebsddiary.org/ipsec.php Regards, Lachlan -----Original Message----- From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Nucleo de Pesquisa e Desenvolvimento Sent: Thursday, October 30, 2003 7:16 AM To: freebsd-net@freebsd.org Cc: freebsd-isp@freebsd.org Subject: IPSEC in tunnel mode ( possible? ) Hi everyone, I know it is kind an off-topic question but maybe another network admi= n have already faced the following: client--[__ipsec__]--gw--[__ip__]--internet I, trying to secure a wireless link, want to have my clients using ipsec on the segment between the gateway gw and the machine itself even when the traffic is to the internet and not only to the gateway ( what works fine in transport mode anyway ). The clients are windows machines. Accordingly to Microsoft 252735 tunnel is possible when a windows is acting as a gateway, not our scenario where machines are only clients... Any one could point me to some url or send me keywords I should look for please? If things won=B4t work with ipsec I=B4ll do it with MPD... bu= t I still should have ask it here. Thanks in advance ( and sorry for the cross posting ), -- =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D Paiva, Gilson de Domingos Martins mailto:npd@el.com.br Brazil http://www.el.com.br/ E&L Producoes de Software http://www.FreeBSD.org/ FreeBSD: The Power to Serve =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D-=3D- _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Wed Oct 29 14:28:06 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6566F16A4CE for ; Wed, 29 Oct 2003 14:28:06 -0800 (PST) Received: from srv00.el.com.br (srv00.el.com.br [200.179.165.123]) by mx1.FreeBSD.org (Postfix) with ESMTP id 31BF343FEC for ; Wed, 29 Oct 2003 14:28:05 -0800 (PST) (envelope-from npd@el.com.br) Received: from intranet.el.com.br (srv00.el.com.br [200.179.165.123]) by srv00.el.com.br (elsmtp) with SMTP id D917C70E37 for ; Wed, 29 Oct 2003 20:28:02 -0200 (BRST) Received: from 172.72.12.252 (SquirrelMail authenticated user npd) by intranet.el.com.br with HTTP; Wed, 29 Oct 2003 20:28:02 -0200 (BRST) Message-ID: <1679.172.72.12.252.1067466482.squirrel@intranet.el.com.br> Date: Wed, 29 Oct 2003 20:28:02 -0200 (BRST) From: "Nucleo de Pesquisa e Desenvolvimento" To: freebsd-isp@freebsd.org User-Agent: SquirrelMail/1.4.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: Re: Re: IPSEC in tunnel mode ( possible? ) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Oct 2003 22:28:06 -0000 You got my point Lachlan, youŽre right. Having another FBSD box at the client side would really solve my challenge. If I canŽt get windows doing it right by itself IŽm already considering your idea. Thanks!!! Original message was: I'm not sure if my guess is correct. But instead of using windows over ipsec, i would use 2 FreeBSD boxes. eg, Client Host -- [ipsec on bsd] -- (( wirless )) -- [ipsec on bsd to decrypt] -- (( internet )) Not sure if that's what you're trying to do, was a little hard to understand. If that is the case, there is a nice article on freebsd diary that covers this pretty well. http://www.freebsddiary.org/ipsec.php Regards, Lachlan -----Original Message----- From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Nucleo de Pesquisa e Desenvolvimento Sent: Thursday, October 30, 2003 7:16 AM To: freebsd-net@freebsd.org Cc: freebsd-isp@freebsd.org Subject: IPSEC in tunnel mode ( possible? ) Hi everyone, I know it is kind an off-topic question but maybe another network admin have already faced the following: client--[__ipsec__]--gw--[__ip__]--internet I, trying to secure a wireless link, want to have my clients using ipsec on the segment between the gateway gw and the machine itself even when the traffic is to the internet and not only to the gateway ( what works fine in transport mode anyway ). The clients are windows machines. Accordingly to Microsoft 252735 tunnel is possible when a windows is acting as a gateway, not our scenario where machines are only clients... Any one could point me to some url or send me keywords I should look for please? If things wonŽt work with ipsec IŽll do it with MPD... but I still should have ask it here. Thanks in advance ( and sorry for the cross posting ), -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Paiva, Gilson de Domingos Martins mailto:npd@el.com.br Brazil http://www.el.com.br/ E&L Producoes de Software http://www.FreeBSD.org/ FreeBSD: The Power to Serve =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Wed Oct 29 15:44:49 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DAE6C16A4CE for ; Wed, 29 Oct 2003 15:44:49 -0800 (PST) Received: from taka.swcp.com (taka.swcp.com [198.59.115.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2CDC243FE5 for ; Wed, 29 Oct 2003 15:44:48 -0800 (PST) (envelope-from deichert@wrench.com) Received: from yagi.swcp.com (yagi.swcp.com [216.184.2.43]) by taka.swcp.com (8.12.9/8.12.9) with ESMTP id h9TNijGq080410 for ; Wed, 29 Oct 2003 16:44:45 -0700 (MST) Received: from localhost (deichert@localhost) by yagi.swcp.com (8.8.8/8.8.7) with ESMTP id XAA26766 for ; Wed, 29 Oct 2003 23:44:45 GMT X-Authentication-Warning: yagi.swcp.com: deichert owned process doing -bs Date: Wed, 29 Oct 2003 16:44:45 -0700 (MST) From: Diana Eichert X-Sender: deichert@yagi.swcp.com To: freebsd-isp@freebsd.org In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on kaimen.swcp.com X-Spam-Status: No, hits=0.0 required=10.0 tests=none autolearn=no version=2.60 X-Spam-Level: Subject: Re: just tried to upgrade my testbed RADIUS 4.8 server to 4.9RC3 X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Oct 2003 23:44:50 -0000 On Tue, 21 Oct 2003, Diana Eichert wrote: > and I get the dreaded message > > Write failure on transfer! (wrote -1 bytes of xxxxx bytes) Hmmm, as a follow-up toi my own message, apparently there were some corrupted files on the 4.9RC3 ISO I downloaded. I downloaded the RC4 ISO and the install went smoothly.