From owner-freebsd-isp@FreeBSD.ORG Sun Jul 9 09:51:54 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 950D616A4DD for ; Sun, 9 Jul 2006 09:51:54 +0000 (UTC) (envelope-from mlmarius@yahoo.com) Received: from web56405.mail.re3.yahoo.com (web56405.mail.re3.yahoo.com [216.252.111.84]) by mx1.FreeBSD.org (Postfix) with SMTP id 3FF5043D72 for ; Sun, 9 Jul 2006 09:51:47 +0000 (GMT) (envelope-from mlmarius@yahoo.com) Received: (qmail 98065 invoked by uid 60001); 9 Jul 2006 09:51:47 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=2EPOOK8JFH8MIjnhhrBYLp32Fq2rKeOkOEqtdANzbB4swpiEocGhOTVDnHo+HqsQ0irvFOvQuB+hL38ot7hwKGGq53x0ee2QJDmaePRdQeUg8o6A6ADnw1DifBoCToiXg6c9J/ys3+1FW3tQZJXT/6bhaOxV7ndh9K/sDH/mgq0= ; Message-ID: <20060709095147.98063.qmail@web56405.mail.re3.yahoo.com> Received: from [89.114.47.9] by web56405.mail.re3.yahoo.com via HTTP; Sun, 09 Jul 2006 02:51:47 PDT Date: Sun, 9 Jul 2006 02:51:47 -0700 (PDT) From: Liviu To: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Freebsd 6.1 traffic shaping problem X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Jul 2006 09:51:54 -0000 Hello . I have set up traffic shaping for my LAN as follows : ext_if="rl0" int_if="rl1" net_dload_realtime="1Kb" metro_dload_realtime="10Kb" net_dload_upperlimit="(512Kb 5000 256Kb)" metro_dload_upperlimit="50Mb" scrub in all altq on $int_if hfsc bandwidth 90Mb queue { ext_download, int_download, def_download } queue int_download bandwidth 88Mb hfsc(upperlimit 88Mb) queue def_download bandwidth 64Kb hfsc(default, upperlimit 64Kb) queue ext_download bandwidth 1Mb hfsc {xd_nake,xd_victor,xd_slash,xd_petre,xd_vera,xd_glontu,xd_razvan,xd_badea\ ,xd_bianca,xd_alina,xd_andrei,xd_alecsan,xd_giginelu,xd_valentin,xd_edi,xd_nicu,xd_kaos,xd_virgild13,xd_sebastian\ ,xd_flo,xd_gxg,xd_cristian,xd_k2,xd_simona,xd_pig,xd_liviupm,xd_carmen,xd_florin,xd_claudiu,xd_felicia,xd_laurentiu\ ,xd_andreiparter,xd_danpm,xd_mari,xd_radud10,xd_adi,xd_gabipm11,xd_slv,xd_alex,xd_john,xd_nicoleta,xd_elena1,xd_aura\ ,xd_valipenes,xd_dabulache,xd_fleoarca,xd_bogdand11,xd_traian,xd_georgiana,xd_gabi4,xd_cheyene,xd_dorupm5,xd_picky\ ,xd_parterd13,xd_radu,xd_florinflo,xd_alica,xd_elena2,xd_cristid12,xd_gelu,xd_flavius,xd_anamaria} queue xd_nake bandwidth 10b hfsc(realtime $net_dload_realtime, upperlimit $net_dload_upperlimit) queue xd_victor bandwidth 10b hfsc(realtime $net_dload_realtime, upperlimit $net_dload_upperlimit) ....... and here are all the other queues ... for download altq on $ext_if hfsc bandwidth 90Mb queue { ext_upload, int_upload, def_upload } queue def_upload bandwidth 64Kb hfsc(default, upperlimit 64Kb) queue int_upload bandwidth 88Mb hfsc(upperlimit 88Mb) queue ext_upload bandwidth 1Mb hfsc {xu_nake,xu_victor,xu_slash,xu_petre,xu_vera,xu_glontu,xu_razvan,xu_badea,xu_bianca\ ,xu_alina,xu_andrei,xu_alecsan,xu_giginelu,xu_valentin,xu_edi,xu_nicu,xu_kaos,xu_virgild13,xu_sebastian,xu_flo,xu_gxg\ ,xu_cristian,xu_k2,xu_simona,xu_pig,xu_liviupm,xu_carmen,xu_florin,xu_claudiu,xu_felicia,xu_laurentiu,xu_andreiparter\ ,xu_danpm,xu_mari,xu_radud10,xu_adi,xu_gabipm11,xu_slv,xu_alex,xu_john,xu_nicoleta,xu_elena1,xu_aura,xu_valipenes\ ,xu_dabulache,xu_fleoarca,xu_bogdand11,xu_traian,xu_georgiana,xu_gabi4,xu_cheyene,xu_dorupm5,xu_picky,xu_parterd13\ ,xu_radu,xu_florinflo,xu_alica,xu_elena2,xu_cristid12,xu_gelu,xu_flavius,xu_anamaria} queue xu_nake bandwidth 10b hfsc(realtime $net_dload_realtime, upperlimit $net_dload_upperlimit) queue xu_victor bandwidth 10b hfsc(realtime $net_dload_realtime, upperlimit $net_dload_upperlimit) #.... and here are all the other queues for upload #at the end of the main pf.conf file i have the redirrection to the queues like this : pass out quick on $int_if from to 89.114.47.0/24 queue int_download pass out quick on $ext_if from 89.114.47.0/24 to queue int_upload anchor extern_download from any to 89.114.47.0/24 anchor extern_upload from 89.114.47.0/24 to any #metropolitan is a table that i get from my ISP and it contains all the subnets that are in their metropolitan area ( i have 100Mb with those that's why i want to separate ) # i have 2 anchor files that i load manually after i start pfctl -f pf.conf . The anchor files look like this : # extern_download : int_if="rl1" pass out quick on $int_if from any to 89.114.47.2 queue xd_nake pass out quick on $int_if from any to 89.114.47.5 queue xd_victor pass out quick on $int_if from any to 89.114.47.6 queue xd_slash # .... all the other queues go here #extern_upload : int_if="rl1" pass in quick on $int_if from 89.114.47.2 to any queue xu_nake pass in quick on $int_if from 89.114.47.5 to any queue xu_victor pass in quick on $int_if from 89.114.47.6 to any queue xu_slash #.... all the other queues go here As you can see i have a queue in witch all the metropolitan traffic goes ( indifferent of the client that the traffic belongs to ) and separate extern queues for eatch client . The problem is : When i first start my home computer and attempt to download from extern , apparently the limitations don't work for a few secconds . ( i can get up the 1Mb download from com while my max queue limit is set up to 512Kb ) . After a few secconds my download rate from extern drops to 0 and it stays that way for another few secconds . After that traffic resumes as intended ( with the limitations that I want ) . ? My question is : how do i make it allocate the right bandwidth from the start ? Some observations : - i have had to modify the queue limit in file altq_hfsc.h because i wasn't able to create more than 64 queues at fisrst #define HFSC_MAX_CLASSES 512 - i am not doing any kind of NAT - even when i exceed my upperlimit the traffic goes to the right queue because i am looking with pftop ( the 8 view witch shows the dequeue rate of my queues ) and i see that my queue is dequeueing at a rate higher than the rate that i've set up ) --------------------------------- How low will we go? Check out Yahoo! Messenger’s low PC-to-Phone call rates. From owner-freebsd-isp@FreeBSD.ORG Tue Jul 11 12:09:09 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id DC4C616A4E0 for ; Tue, 11 Jul 2006 12:09:09 +0000 (UTC) (envelope-from owner-moderators@freebsd.org) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit From: owner-moderators@freebsd.org To: freebsd-isp@freebsd.org Message-ID: Date: Tue, 11 Jul 2006 12:09:09 +0000 Precedence: bulk X-BeenThere: moderators@freebsd.org X-Mailman-Version: 2.1.5 X-List-Administrivia: yes Sender: owner-moderators@freebsd.org Errors-To: owner-moderators@freebsd.org Subject: Your message to moderators awaits moderator approval X-BeenThere: freebsd-isp@freebsd.org List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Jul 2006 12:09:09 -0000 Your mail to 'moderators' with the subject Too busy to go back to school, but need a University Degree to get ahead? Is being held until the list moderator can review it for approval. The reason it is being held: SpamAssassin identified this message as possible spam Either the message will get posted to the list, or you will receive notification of the moderator's decision. If you would like to cancel this posting, please visit the following URL: http://lists.freebsd.org/mailman/confirm/moderators/13371cfb7b88bda061148aaabae289f8f3d5c352 PLEASE NOTE! If you would like to post freely to the list, please subscribe first. If you post from multiple addresses, you can subscribe each address and go into the options page and select 'no mail' for all but one address. This will allow you to post without delay in the future. Sorry for the hassle, but certain immature people made this necessary. From owner-freebsd-isp@FreeBSD.ORG Wed Jul 12 20:51:11 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 74EEA16A582 for ; Wed, 12 Jul 2006 20:51:11 +0000 (UTC) (envelope-from abhi151285@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.168]) by mx1.FreeBSD.org (Postfix) with ESMTP id D1C7A43D45 for ; Wed, 12 Jul 2006 20:51:10 +0000 (GMT) (envelope-from abhi151285@gmail.com) Received: by ug-out-1314.google.com with SMTP id m2so395261uge for ; Wed, 12 Jul 2006 13:51:09 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=OZeQLo7NEQxsJnb3rLQwNKIOnNv4eriM61oS9PSIC3QEHhyTR/0pZgxJuP7jMGDO7SNrVOK3xezkg3M8yPisL/zcwoIZSHyC3ljjggnNtjdFcjYsRFJJ6deRUnTWNqB9z3TAMXAq2JuHeklAw/W62Vi7kqJ4zx5EqbMYk+BZUyE= Received: by 10.67.29.12 with SMTP id g12mr28966ugj; Wed, 12 Jul 2006 13:51:09 -0700 (PDT) Received: by 10.66.218.12 with HTTP; Wed, 12 Jul 2006 13:51:09 -0700 (PDT) Message-ID: <444ac1550607121351x5f544107k24302b10ce819ffa@mail.gmail.com> Date: Thu, 13 Jul 2006 02:21:09 +0530 From: "Abimanyu Gottumukkala" To: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Buidling small freebsd router X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Jul 2006 20:51:11 -0000 Hai friend i want to build small freebsd based router. will u please suggest any tutorials or books From owner-freebsd-isp@FreeBSD.ORG Wed Jul 12 21:26:59 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B90B916A4DD for ; Wed, 12 Jul 2006 21:26:59 +0000 (UTC) (envelope-from ormandj@corenode.com) Received: from zone2.corenode.com (zone2.corenode.com [66.91.129.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id BFDAF43D6A for ; Wed, 12 Jul 2006 21:26:58 +0000 (GMT) (envelope-from ormandj@corenode.com) Received: from corenode.com ([127.0.0.1]) by zone2.corenode.com (Sun Java System Messaging Server 6.2-3.04 (built Jul 15 2005)) with ESMTP id <0J2B0022T7NWXV00@zone2.corenode.com> for freebsd-isp@freebsd.org; Wed, 12 Jul 2006 11:28:44 -1000 (HST) Received: from [132.160.192.10] by zone2.corenode.com (mshttpd); Wed, 12 Jul 2006 11:28:44 -1000 Date: Wed, 12 Jul 2006 11:28:44 -1000 From: "David J. Orman" In-reply-to: <444ac1550607121351x5f544107k24302b10ce819ffa@mail.gmail.com> To: Abimanyu Gottumukkala Message-id: MIME-version: 1.0 X-Mailer: Sun Java(tm) System Messenger Express 6.2-3.04 (built Jul 15 2005) Content-type: text/plain; charset=us-ascii Content-language: en Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: en Priority: normal References: <444ac1550607121351x5f544107k24302b10ce819ffa@mail.gmail.com> Cc: freebsd-isp@freebsd.org Subject: Re: Buidling small freebsd router X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Jul 2006 21:26:59 -0000 #1 - FreeBSD handbook. Once you understand FreeBSD, then move on to PF. Don't bother with the other packet filters unless you have a need to be compatible with ipfw/ipf. #2 - For PF, a lot of the docs are for OpenBSD. This is fine, FreeBSD uses the same PF. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html http://lists.freebsd.org/mailman/listinfo/freebsd-pf http://www.openbsd.org/faq/pf/ #3 - If you need traffic shaping/QoS/etc, ALTQ is what you need. http://www.csl.sony.co.jp/person/kjc/kjc/software.html Have fun! David PS - Some books on firewall design might help you out. :) Sounds like you're just going to be doing basic NAT though, which is a ten minute setup if you read the docs! ----- Original Message ----- From: Abimanyu Gottumukkala Date: Wednesday, July 12, 2006 10:51 am Subject: Buidling small freebsd router > Hai friend i want to build small freebsd based router. will u please > suggest any tutorials or books > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Thu Jul 13 01:46:30 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A19216A4E2 for ; Thu, 13 Jul 2006 01:46:30 +0000 (UTC) (envelope-from maianeto@inf.ufsc.br) Received: from ceres.inf.ufsc.br (ceres.inf.ufsc.br [150.162.60.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 30EDA43D49 for ; Thu, 13 Jul 2006 01:46:28 +0000 (GMT) (envelope-from maianeto@inf.ufsc.br) Received: from localhost (localhost.inf.ufsc.br [127.0.0.1]) by ceres.inf.ufsc.br (Departamento de Informatica e Estatistica (INE/CTC/UFSC)) with ESMTP id 335FB2E073 for ; Wed, 12 Jul 2006 22:46:21 -0300 (BRT) X-Virus-Scanned: amavisd-new at inf.ufsc.br Received: from ceres.inf.ufsc.br ([127.0.0.1]) by localhost (ceres.inf.ufsc.br [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id woXkC6S2BonQ for ; Wed, 12 Jul 2006 22:46:20 -0300 (BRT) Received: from inf.ufsc.br (terra.inf.ufsc.br [150.162.60.10]) by ceres.inf.ufsc.br (Departamento de Informatica e Estatistica (INE/CTC/UFSC)) with ESMTP id 336F12E01E for ; Wed, 12 Jul 2006 22:46:20 -0300 (BRT) Received: from c90038f8.virtua.com.br (c90038f8.virtua.com.br [201.52.56.248]) by webmail.inf.ufsc.br (Horde MIME library) with HTTP; Wed, 12 Jul 2006 22:46:25 -0300 Message-ID: <20060712224625.wn4zb3s9us4ksgws@webmail.inf.ufsc.br> Date: Wed, 12 Jul 2006 22:46:25 -0300 From: Luiz Rodrigues Maia Neto To: freebsd-isp@freebsd.org References: <444ac1550607121351x5f544107k24302b10ce819ffa@mail.gmail.com> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.3) / FreeBSD-5.4 Subject: Re: Buidling small freebsd router X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Jul 2006 01:46:30 -0000 Hi, Maybe you think intersting a look at www.pfsense.org and www.m0n0.ch/wall/ and www.m0n0.ch/bsd/ Other intersting link is http://www.freebsd.org/projects/nanobsd/ -- Luiz Rodrigues Maia Neto Administracao de Redes e Sistemas/Pesquisador ----------------------------------------------------- Windows - Where do you wnat to go tomorrow? Linux - Where do you want to go today? FreeBSD - Are you, guys, ''coming or what? ------------------------------------------------------ Quoting "David J. Orman" : > #1 - FreeBSD handbook. Once you understand FreeBSD, then move on to > PF. Don't bother with the other packet filters unless you have a need > to be compatible with ipfw/ipf. > > #2 - For PF, a lot of the docs are for OpenBSD. This is fine, FreeBSD > uses the same PF. > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html > > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > > http://www.openbsd.org/faq/pf/ > > #3 - If you need traffic shaping/QoS/etc, ALTQ is what you need. > http://www.csl.sony.co.jp/person/kjc/kjc/software.html > > Have fun! > David > > PS - Some books on firewall design might help you out. :) Sounds like > you're just going to be doing basic NAT though, which is a ten minute > setup if you read the docs! > > ----- Original Message ----- > From: Abimanyu Gottumukkala > Date: Wednesday, July 12, 2006 10:51 am > Subject: Buidling small freebsd router > >> Hai friend i want to build small freebsd based router. will u please >> suggest any tutorials or books >> _______________________________________________ >> freebsd-isp@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >> > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Thu Jul 13 15:57:04 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6653B16A4DA for ; Thu, 13 Jul 2006 15:57:04 +0000 (UTC) (envelope-from akachler@telcom.net) Received: from mail.telcom.net (mail.telcom.net [200.62.2.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id E124743D46 for ; Thu, 13 Jul 2006 15:57:03 +0000 (GMT) (envelope-from akachler@telcom.net) Received: from [127.0.0.1] (216-22-121-208.idstelcom.net [216.22.121.208] (may be forged)) by mail.telcom.net (8.13.6/8.13.6) with ESMTP id k6DFxoTO011917 for ; Thu, 13 Jul 2006 11:59:52 -0400 Message-ID: <44B66D42.6030302@telcom.net> Date: Thu, 13 Jul 2006 11:56:50 -0400 From: Arie Kachler Organization: Telcom.Net User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: freebsd-isp@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: compromised machines and entire network health X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: akachler@telcom.net List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Jul 2006 15:57:04 -0000 Hello, In the past several years, we have had a few incidents of servers of customers that are compromised and then flood our entire network and bring down almost everything. The sql slammer worm for example. Is there a solution to this? I know all computers should be kept up to date so this does not happen, but most times customers are not as attentive to patches as we sysadmins are. Assuming that there will always be machines with security issues, is there a way to prevent a compromised computer to bring down an entire network? Any suggestions will be greatly appreciated. Arie Kachler From owner-freebsd-isp@FreeBSD.ORG Thu Jul 13 16:20:39 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 41C5216A4EB for ; Thu, 13 Jul 2006 16:20:39 +0000 (UTC) (envelope-from gary@tbe.net) Received: from kerplunk.tbe.net (kerplunk.tbe.net [209.123.115.134]) by mx1.FreeBSD.org (Postfix) with ESMTP id E9D1643D46 for ; Thu, 13 Jul 2006 16:20:38 +0000 (GMT) (envelope-from gary@tbe.net) Received: by kerplunk.tbe.net (Postfix, from userid 1001) id D65995CAD; Thu, 13 Jul 2006 12:16:16 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by kerplunk.tbe.net (Postfix) with ESMTP id C08F55CAC; Thu, 13 Jul 2006 12:16:16 -0400 (EDT) Date: Thu, 13 Jul 2006 12:16:16 -0400 (EDT) From: "Gary D. Margiotta" To: Arie Kachler In-Reply-To: <44B66D42.6030302@telcom.net> Message-ID: <20060713120423.I63493@kerplunk.tbe.net> References: <44B66D42.6030302@telcom.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-isp@freebsd.org Subject: Re: compromised machines and entire network health X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Jul 2006 16:20:39 -0000 On Thu, 13 Jul 2006, Arie Kachler wrote: > Hello, > > In the past several years, we have had a few incidents of servers of > customers that are compromised and then flood our entire network and bring > down almost everything. The sql slammer worm for example. > > Is there a solution to this? I know all computers should be kept up to date > so this does not happen, but most times customers are not as attentive to > patches as we sysadmins are. > Assuming that there will always be machines with security issues, is there a > way to prevent a compromised computer to bring down an entire network? > > Any suggestions will be greatly appreciated. > > Arie Kachler Firewall each machine, or see if you can do rate limiting on the machines to minimize the amount of traffic each machine can pump out at any given time. You can try to do it at the machine level, or you can look for smart hardware such as smart switches or IDS systems that will do it for you. We limit each port on our switch to 10Mbit (which shouldn't be able to flood the entire network and take it down... maybe slow it up a slight bit, but nothing catastrophic), and we have alarms to trigger when bandwith exceeds a certain threshold for a certain length of time. The port gets shut off if the alarm fires, and the customer is advised of their problem, and is required to fix it before we allow it back on the network. No exceptions. We enforce a policy for customers to patch their machines themselves, or they have us do it for them as a managed service. The customer is responsible for any damages related to any hacks/worms/mistakes, and the machines are removed from the network until they are fixed, either by them or by us standing on a console. If they don't upkeep their systems on their own, we do it for them and charge them for it. If they refuse to pay, we shut off their machine, confiscate their hardware, and go after them for any other time and materials related to the problem. Mostly it doesn't get that far, but you have to be prepared for it with a published policy outlining these types of things. Most customers get the point after they see the initial bill for damages their machine caused, and they just have us manage their systems for them, it's easier (and cheaper) for them, and safer for us, plus they are not responsible for any more damages if a machine we manage has a problem. -Gary From owner-freebsd-isp@FreeBSD.ORG Thu Jul 13 16:29:02 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4964016A4DD for ; Thu, 13 Jul 2006 16:29:02 +0000 (UTC) (envelope-from mark@gaiahost.coop) Received: from biodiesel.gaiahost.coop (biodiesel.gaiahost.coop [64.95.78.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id EE1B443D4C for ; Thu, 13 Jul 2006 16:29:01 +0000 (GMT) (envelope-from mark@gaiahost.coop) Received: from gaiahost.coop (host-64-65-195-19.spr.choiceone.net [::ffff:64.65.195.19]) (AUTH: LOGIN mark@hubcapconsulting.com) by biodiesel.gaiahost.coop with esmtp; Thu, 13 Jul 2006 12:28:58 -0400 id 00638054.44B674CA.00000BBC Received: by gaiahost.coop (sSMTP sendmail emulation); Thu, 13 Jul 2006 12:28:58 -0400 Date: Thu, 13 Jul 2006 12:28:58 -0400 From: Mark Bucciarelli To: Arie Kachler Message-ID: <20060713162858.GC3508@rabbit> Mail-Followup-To: Arie Kachler , freebsd-isp@freebsd.org References: <44B66D42.6030302@telcom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline In-Reply-To: <44B66D42.6030302@telcom.net> User-Agent: Mutt/1.4.2.1i Cc: freebsd-isp@freebsd.org Subject: Re: compromised machines and entire network health X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Jul 2006 16:29:02 -0000 On Thu, Jul 13, 2006 at 11:56:50AM -0400, Arie Kachler wrote: > Is there a solution to this? I know all computers should be > kept up to date so this does not happen, but most times > customers are not as attentive to patches as we sysadmins are. > Assuming that there will always be machines with security > issues, is there a way to prevent a compromised computer to > bring down an entire network? We had a similar issue with a box who's network card went temporarily insane (we think). It's a colocated box, so I don't know for sure. I see two options: (1) If you have root, you could use traffic shaping to limit outgoing traffic volume. Put all customers in jails and don't give them access to the jail host where pf lives. (2) Monitor at the switch level and when a box goes crazy, shut down that port. We are going with option (2) (hence my recent query about smart switches). I'm not sure how/if (1) could work properly. I expect that we could automate (2) if we choose to. -- Mark Bucciarelli GAIA Host Collective, LLC email: mark@gaiahost.coop web: http://www.gaiahost.coop ----------------------------------- ~~~~~~~~~~~~~~~~ "Reliable internet solutions from an environmentally and socially concerned worker collective" ~~~~~~~~~~~~~~~~ From owner-freebsd-isp@FreeBSD.ORG Thu Jul 13 16:37:40 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C51E16A4E0 for ; Thu, 13 Jul 2006 16:37:40 +0000 (UTC) (envelope-from gary@tbe.net) Received: from kerplunk.tbe.net (kerplunk.tbe.net [209.123.115.134]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE79543D70 for ; Thu, 13 Jul 2006 16:37:39 +0000 (GMT) (envelope-from gary@tbe.net) Received: by kerplunk.tbe.net (Postfix, from userid 1001) id 183BD5CAF; Thu, 13 Jul 2006 12:33:18 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by kerplunk.tbe.net (Postfix) with ESMTP id 0E4205CAD; Thu, 13 Jul 2006 12:33:18 -0400 (EDT) Date: Thu, 13 Jul 2006 12:33:17 -0400 (EDT) From: "Gary D. Margiotta" To: Mark Bucciarelli In-Reply-To: <20060713162858.GC3508@rabbit> Message-ID: <20060713122922.L63493@kerplunk.tbe.net> References: <44B66D42.6030302@telcom.net> <20060713162858.GC3508@rabbit> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-isp@freebsd.org, Arie Kachler Subject: Re: compromised machines and entire network health X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Jul 2006 16:37:40 -0000 > I see two options: > > (1) If you have root, you could use traffic shaping to limit > outgoing traffic volume. Put all customers in jails and > don't give them access to the jail host where pf lives. > > (2) Monitor at the switch level and when a box goes crazy, shut > down that port. > > We are going with option (2) (hence my recent query about smart > switches). I'm not sure how/if (1) could work properly. > > I expect that we could automate (2) if we choose to. Problem with #1 is if the machines are not FreeBSD... if a machine is getting wormed, it's most likely a Windoze box. You'd have to take a network-level approach in that case, which is where smart switches come into play. Anything that has a host O/S on it (accessible via telnet or even web interface) should be able to do what you need to traffic shape, or shutdown singular ports if you need. We have Intel series switches which do this, as well as Cisco and other major-vendor switches. You'll pay more for them, but with that cost comes platform-agnostic tools to help manage the network and it's problems, abstracting the O/S from the picture. -Gary From owner-freebsd-isp@FreeBSD.ORG Thu Jul 13 18:11:47 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E7A316A510 for ; Thu, 13 Jul 2006 18:11:47 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 95D8A43D5C for ; Thu, 13 Jul 2006 18:11:46 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id E02B05E20; Thu, 13 Jul 2006 14:11:45 -0400 (EDT) X-Virus-Scanned: amavisd-new at codefab.com Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vSZgXNUtHoDw; Thu, 13 Jul 2006 14:11:45 -0400 (EDT) Received: from [192.168.1.251] (pool-68-161-117-245.ny325.east.verizon.net [68.161.117.245]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pi.codefab.com (Postfix) with ESMTP id B79115C35; Thu, 13 Jul 2006 14:11:44 -0400 (EDT) Message-ID: <44B68CD4.8050701@mac.com> Date: Thu, 13 Jul 2006 14:11:32 -0400 From: Chuck Swiger User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: akachler@telcom.net References: <44B66D42.6030302@telcom.net> In-Reply-To: <44B66D42.6030302@telcom.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: compromised machines and entire network health X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Jul 2006 18:11:47 -0000 Arie Kachler wrote: > In the past several years, we have had a few incidents of servers of > customers that are compromised and then flood our entire network and > bring down almost everything. The sql slammer worm for example. > > Is there a solution to this? Several. Egress filtering on your routers with logging to identify infected machines sooner rather than later is probably the single most useful thing you could do. You could also set up a honeynet or teergrube which will slow down worms and reduce their rate of spread. More complicated solutions involve bandwidth shaping via dummynet or ALTQ, etc. -- -Chuck From owner-freebsd-isp@FreeBSD.ORG Thu Jul 13 23:19:45 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB78E16A4DD for ; Thu, 13 Jul 2006 23:19:45 +0000 (UTC) (envelope-from kwoody@citytel.net) Received: from mail.citytel.net (mail.citytel.net [209.145.111.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7764843D46 for ; Thu, 13 Jul 2006 23:19:45 +0000 (GMT) (envelope-from kwoody@citytel.net) Received: from pop.citytel.net (pop.citytel.net [204.244.98.50]) by mail.citytel.net (Postfix) with ESMTP id 9D28867EC7 for ; Thu, 13 Jul 2006 16:19:44 -0700 (PDT) Date: Thu, 13 Jul 2006 16:19:44 -0700 (PDT) From: Keith Woodworth To: freebsd-isp@freebsd.org Message-ID: <20060713160509.Y59264@pop.citytel.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Password file X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Jul 2006 23:19:45 -0000 Ok, Ive done something dumb. I did this on another server and its been working fine for over a year. A copy of the master.passwd file is copied from server1 to server2. A new master.passwd file is built from this copy on server2, so the files are identical between machines. This happens twice every hour. Server2 is a mail machine running postfix for outgoing mail only and nothing has ever had a problem with this building of password files. FreeBSD 4.10 on both machines. I setup a 4.11 machine a while back and its been acting as a master nameserver. Now I wanted this to be setup as a secondary mail server for outgoing mail as a kind of back up machine. So I built Postfix, same version as the current one running, setup root to ssh in with no passwd. I copied the master.passwd and passwd files to backup copies, copied the master.passwd from server1 and built a new passwd file using pwd_mkdb just as I do on the mail machine. Now Ive got problems. 1) I can not login via ssh, though root can still login, as its setup via key login. 2) Postfix gives me errors now about permission denied over its spool. 3) I'm afraid to restart named as I'm afraid it will be hosed now too. I copied the original files back but still get the same errors. Am I hosed or is there a way to fix this? Ive been doing this on various systems for a while now, but this is the first time its buggered on me. Any ideas? Thanks, Keith From owner-freebsd-isp@FreeBSD.ORG Fri Jul 14 00:45:30 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C463F16A4DA for ; Fri, 14 Jul 2006 00:45:30 +0000 (UTC) (envelope-from ormandj@corenode.com) Received: from zone2.corenode.com (zone2.corenode.com [66.91.129.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id 65B2743D46 for ; Fri, 14 Jul 2006 00:45:30 +0000 (GMT) (envelope-from ormandj@corenode.com) Received: from corenode.com ([127.0.0.1]) by zone2.corenode.com (Sun Java System Messaging Server 6.2-3.04 (built Jul 15 2005)) with ESMTP id <0J2D0089JBITEX00@zone2.corenode.com> for freebsd-isp@freebsd.org; Thu, 13 Jul 2006 14:47:17 -1000 (HST) Received: from [132.160.192.10] by zone2.corenode.com (mshttpd); Thu, 13 Jul 2006 14:47:17 -1000 Date: Thu, 13 Jul 2006 14:47:17 -1000 From: "David J. Orman" In-reply-to: <20060713160509.Y59264@pop.citytel.net> To: Keith Woodworth Message-id: MIME-version: 1.0 X-Mailer: Sun Java(tm) System Messenger Express 6.2-3.04 (built Jul 15 2005) Content-type: text/plain; charset=us-ascii Content-language: en Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: en Priority: normal References: <20060713160509.Y59264@pop.citytel.net> Cc: freebsd-isp@freebsd.org Subject: Re: Password file X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2006 00:45:30 -0000 1 - SSH daemon changes in 4.11 would be my guess 2 - Changed UID/GID for postfix user. You need to chown/chmod the spool directory/contents properly using the new postfix user account UID/GID 3 - No idea. Your best bet is going to be reinstall, it'll be much less painful IMO. Secondly, the way you are handling this, is bad. It may have worked for a long time, but it's not the correct way to go about this. #1 - You should not allow root login via ssh. You should ssh as a normal user and su. This is for all cases, not just automated processes. Bad bad bad. #2 - Although you didn't explain why, it *seems* as if you're copying the master.passwd file/rebuilding your pwdb to make sure user accounts are synched on the machines? If so - no comment, other then stop right now. In this kind of deployment, where you have multiple servers which need to have synchronized user accounts, you need to setup some kind of directory server (LDAP would be most common - OpenLDAP is a free LDAP server.) Then your servers can do authentication via the LDAP store. Virtual users in postfix can be handled the same way. Good luck, David PS - I cannot strongly enough reiterate, the master.passwd copying deal is *really* not the best way to do this, and remote root logins are a bad idea. ----- Original Message ----- From: Keith Woodworth Date: Thursday, July 13, 2006 1:19 pm Subject: Password file > > Ok, Ive done something dumb. > > I did this on another server and its been working fine for over a > year. > A copy of the master.passwd file is copied from server1 to server2. A > new master.passwd file is built from this copy on server2, so the > filesare identical between machines. This happens twice every hour. > > Server2 is a mail machine running postfix for outgoing mail only and > nothing has ever had a problem with this building of password files. > > FreeBSD 4.10 on both machines. > > I setup a 4.11 machine a while back and its been acting as a master > nameserver. Now I wanted this to be setup as a secondary mail > server for > outgoing mail as a kind of back up machine. > > So I built Postfix, same version as the current one running, setup > root to > ssh in with no passwd. I copied the master.passwd and passwd files to > backup copies, copied the master.passwd from server1 and built a new > passwd file using pwd_mkdb just as I do on the mail machine. > > Now Ive got problems. > > 1) I can not login via ssh, though root can still login, as its > setup via > key login. > 2) Postfix gives me errors now about permission denied over its spool. > 3) I'm afraid to restart named as I'm afraid it will be hosed now too. > > I copied the original files back but still get the same errors. Am > I hosed > or is there a way to fix this? > > Ive been doing this on various systems for a while now, but this is > thefirst time its buggered on me. > > Any ideas? > > Thanks, > Keith > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Fri Jul 14 02:05:58 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8ABB916A4DA for ; Fri, 14 Jul 2006 02:05:58 +0000 (UTC) (envelope-from kwoody@citytel.net) Received: from mail.citytel.net (mail.citytel.net [209.145.111.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id 49C6443D49 for ; Fri, 14 Jul 2006 02:05:58 +0000 (GMT) (envelope-from kwoody@citytel.net) Received: from pop.citytel.net (pop.citytel.net [204.244.98.50]) by mail.citytel.net (Postfix) with ESMTP id 2C14467EBA; Thu, 13 Jul 2006 19:05:56 -0700 (PDT) Date: Thu, 13 Jul 2006 19:05:56 -0700 (PDT) From: Keith Woodworth To: "David J. Orman" In-Reply-To: Message-ID: <20060713183330.N59264@pop.citytel.net> References: <20060713160509.Y59264@pop.citytel.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-isp@freebsd.org Subject: Re: Password file X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2006 02:05:58 -0000 On Thu, 13 Jul 2006, David J. Orman wrote: |->1 - SSH daemon changes in 4.11 would be my guess |->2 - Changed UID/GID for postfix user. You need to chown/chmod the spool directory/contents properly using the new postfix user account UID/GID |->3 - No idea. |-> |->Your best bet is going to be reinstall, it'll be much less painful IMO. Secondly, the way you are handling this, is bad. It may have worked for a long time, but it's not the correct way to go about this. |-> |->#1 - You should not allow root login via ssh. You should ssh as a normal user and su. This is for all cases, not just automated processes. Bad bad bad. |-> |->#2 - Although you didn't explain why, it *seems* as if you're copying the master.passwd file/rebuilding your pwdb to make sure user accounts are synched on the machines? If so - no comment, other then stop right now. In this kind of deployment, where you have multiple servers which need to have synchronized user accounts, you need to setup some kind of directory server (LDAP would be most common - OpenLDAP is a free LDAP server.) Then your servers can do authentication via the LDAP store. Virtual users in postfix can be handled the same way. Hi. For ssh, yes that is possible. I was going to do that for postfix, but as I had just recompiled it with pcre about 2 hrs before, I just did a make; make upgrade with postfix and its running again as all perms were good to begin with. As for not being able to ssh in as a user, I used rmuser to delete the user from the password file and added them back and now I can ssh into the server again with those user accounts. My only other issue now is named. I cant just go rmuser root and add root in again. Almost like the process's lost 'state' when I dicked with the passwd file. Dumbass idiot I am, I should know better... Hell, just a simple reboot might fix it...but I'm not ready to try that yet. I know its not a good idea for root logins, but it was one of those temporary things that we just kept around. It is only one server that does this and we have it so only one machine can login as root via wrappers and ACL's. And this is the way user accounts are sync'd between two servers. Not pretty I know and I know not the correct way. But at the time (over a year ago now) it was quick and easy to do. And now that I think about it, I had copied the passwd file first then installed all the other programs. All in all, we will be undergoing a large paradigm shift in the next 3 or 4 months and will need to go to an LDAP type system as we are integrating two very diseperate ISP's into one and will need something like that to make it all work. Thanks for the reply, it was appreciated. Keith From owner-freebsd-isp@FreeBSD.ORG Fri Jul 14 08:56:17 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D137516A4E2 for ; Fri, 14 Jul 2006 08:56:17 +0000 (UTC) (envelope-from bv@bilver.wjv.com) Received: from wjv.com (fl-65-40-24-38.sta.embarqhsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 41AEE43D45 for ; Fri, 14 Jul 2006 08:56:16 +0000 (GMT) (envelope-from bv@bilver.wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by wjv.com (8.13.6/8.13.1) with ESMTP id k6E8u4bQ039231; Fri, 14 Jul 2006 04:56:04 -0400 (EDT) (envelope-from bv@bilver.wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.13.6/8.13.1/Submit) id k6E8twHc039230; Fri, 14 Jul 2006 04:55:58 -0400 (EDT) (envelope-from bv) Date: Fri, 14 Jul 2006 04:55:58 -0400 From: Bill Vermillion To: "David J. Orman" Message-ID: <20060714085558.GB38905@wjv.com> References: <20060713160509.Y59264@pop.citytel.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.11 X-Spam-Status: No, score=-3.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, J_CHICKENPOX_66,SPF_HELO_PASS autolearn=ham version=3.1.3 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on bilver.wjv.com Cc: freebsd-isp@freebsd.org Subject: Re: Password file X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bv@wjv.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2006 08:56:17 -0000 On Thu, Jul 13, 2006 at 14:47 , the murky waters churned and seethed, the dark weeds parted and the water took on the sinister, shifting visage we recognize as David J. Orman. The great maw opened, and the following was heard: > 1 - SSH daemon changes in 4.11 would be my guess 2 - Changed > UID/GID for postfix user. You need to chown/chmod the spool > directory/contents properly using the new postfix user account > UID/GID 3 - No idea. > Your best bet is going to be reinstall, it'll be much less > painful IMO. Secondly, the way you are handling this, is bad. It > may have worked for a long time, but it's not the correct way to > go about this. I think a re-install is probably overkill. It shohld be nothing more than to see which programs are erroring, and then look at the UID/GID of directories and files. I only use sendmail - after it became more civilized back in about 1995 I moved from smail. So I don't know if postfix diddle the password files on reinstall, but I've see programs that do, so it's probably the UID/GID. He could change the directories/programs to match, or change the UID/GID in the new password file to match what they are. > #1 - You should not allow root login via ssh. You should ssh as > a normal user and su. This is for all cases, not just automated > processes. Bad bad bad. In a reply he said removing the user and adding the user fixed it. It might have been related to the stored key files and an remove/re-add would have nuked those files. > #2 - Although you didn't explain why, it *seems* as if you're > copying the master.passwd file/rebuilding your pwdb to make sure > user accounts are synched on the machines? If so - no comment, > other then stop right now. In this kind of deployment, where > you have multiple servers which need to have synchronized user > accounts, you need to setup some kind of directory server (LDAP > would be most common - OpenLDAP is a free LDAP server.) Then > your servers can do authentication via the LDAP store. Virtual > users in postfix can be handled the same way. And he really could edit the files if he took the proper steps. One would be to copy the file to a temporary spot on the new machine, and then run a diff on the files. At that point you know what is going to be changed. Secondly you backup the working password file [master.passwd] so you can put it back if things go wrong. Making sure you can reverse everything you do is the key to keeping systems up and running. And something I learned a long time ago when AT&T stupidly put in a ULIMIT of 1MB by default in their system, where we had to move login to login2, and write a login that set the ULIMIT to reasonable sizes, and then call login2, I learned the hard way to MAKE SURE that when you diddle critical files you always have at LEAST on more root login than the one you are using. Then when you make changes test by logging in on another account. And DO NOT log out your current root login. If you do that you may never get back in have to reinstall. I had remembered the extra login twice, but forgot it the 3rd time. This was an install over a Christmas Holiday, and we got shipped a wrong machine, and I was installing on the original with the idea to get much work done and then backup to tape, and transfer into the new machine when it arrived by overnight, shipping on Dec 26th. And in light if 'if anything can go wrong it will', it turns out when I made tape backups and verified them, the machine was writing NOTHING to tape, and the verify agreed with what it thought it had done. That was the conversion from hell. But if you know the system you should have no fear of editing virtually anything on the system, taking precautions to be able to reverse any changes - which includes making comments in all files you modify with time/date and intials/name. I've learned and have a degree from the School of Hard Knocks since I first migrated to Unix/Xenix systems back in 1983. In a Unix system which you know, only the worst cases - such as major file corruption - should ever require a re-install. > PS - I cannot strongly enough reiterate, the master.passwd > copying deal is *really* not the best way to do this, and remote > root logins are a bad idea. I agree 1000% on the remote root login, but as I stated, being careful and HOW you do it means you can edit your password files with no worry. However just copying without having any way to reverse your actions could be a recipe for disaster as the OP has found out. I've edited SysV password files, used vi to add fields to match the BSD formats, and took the shadow file from a SysV and inserted it into the master.passwd file, and moved the ISP I was working with then from and SGI IRIX environment onto FreeBSD. No problems. The plus was going from IRIX and the Netscape server to FreeBSD [I think it as 2.7 or so at that time] and moving from a 400Mhz MIPS to a 200Mhz Pentium - even with a slower CPU and about 1/2 the memory of the SGIs the performance was dramatically better. The real key is understand the Unix systems as a whole - and with that under your belt you can work on any variant you come across - if you know how to read error mesages and man pages. Bill -- Bill Vermillion - bv @ wjv . com From owner-freebsd-isp@FreeBSD.ORG Fri Jul 14 09:03:10 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A8B1A16A4DD for ; Fri, 14 Jul 2006 09:03:10 +0000 (UTC) (envelope-from freebsd@levsha.org.ua) Received: from expo.ukrweb.net (expo.ukrweb.net [193.125.78.116]) by mx1.FreeBSD.org (Postfix) with ESMTP id 45CD043D45 for ; Fri, 14 Jul 2006 09:03:10 +0000 (GMT) (envelope-from freebsd@levsha.org.ua) Received: from levsha by expo.ukrweb.net with local (Exim 4.52 (FreeBSD)) id 1G1JYb-000JZ5-FI; Fri, 14 Jul 2006 12:01:57 +0300 Date: Fri, 14 Jul 2006 12:01:57 +0300 From: Mykola Dzham To: Abimanyu Gottumukkala Message-ID: <20060714090157.GV9383@expo.ukrweb.net> References: <444ac1550607121351x5f544107k24302b10ce819ffa@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <444ac1550607121351x5f544107k24302b10ce819ffa@mail.gmail.com> X-Operating-System: FreeBSD/5.4-RELEASE-p6 (i386) User-Agent: Mutt/1.5.6i Cc: freebsd-isp@freebsd.org Subject: Re: Buidling small freebsd router X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2006 09:03:10 -0000 Abimanyu Gottumukkala wrote: > Hai friend i want to build small freebsd based router. will u please > suggest any tutorials or books cd /usr/ports/sysutils/tinybsd && make install clean http://www.tinybsd.org/ -- Mykola Dzham, LEFT-(UANIC|RIPE) JID: levsha@jabber.net.ua From owner-freebsd-isp@FreeBSD.ORG Fri Jul 14 14:50:27 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE99C16A4DE for ; Fri, 14 Jul 2006 14:50:27 +0000 (UTC) (envelope-from netsecuredata@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.191]) by mx1.FreeBSD.org (Postfix) with ESMTP id 23DB643D4C for ; Fri, 14 Jul 2006 14:50:26 +0000 (GMT) (envelope-from netsecuredata@gmail.com) Received: by nf-out-0910.google.com with SMTP id p77so195409nfc for ; Fri, 14 Jul 2006 07:50:26 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=OBWf/I6aO06C4gLD5yiTDACCB0QcBIg/Jy4QplJZSRjo7hhOlaH5nFljDCrKQFNTgISD8SzyIPiPeeuoJb1pdWY/d7u03bdNSZqK2KfzKIXCYBJevJsMNqQ7IEAlVUWq+kxLdpemP1fOWqTecsoifgSHkSsalwMKZHdO+r61AU4= Received: by 10.78.158.11 with SMTP id g11mr1633520hue; Fri, 14 Jul 2006 07:50:26 -0700 (PDT) Received: by 10.78.200.18 with HTTP; Fri, 14 Jul 2006 07:50:25 -0700 (PDT) Message-ID: Date: Fri, 14 Jul 2006 09:50:25 -0500 From: "Jorge Evangelista" To: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Bandwith Manager with Mysql X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2006 14:50:27 -0000 Hi guys, I am installing Bandwith Manager of Emerging Technologies, I have installed apache, php-mysql, and mysql, it because BW is manage with Web Interface, but I have been having errors when Bandwitdh Manager try to connect with database. There are some logs. 07/10/06 10:55:30: Cannot Open MySQL Database. Error: Client does not support authentication protocol requested by server; consider upgrading MySQL client 07/10/06 10:56:00: Cannot Open MySQL Database. Error: Client does not support authentication protocol requested by server; consider upgrading MySQL client 07/10/06 10:56:00: Can't Get Statistics for flor2 07/10/06 10:56:00: Can't Get Statistics for SinglePC 07/10/06 10:56:00: Can't Get Statistics for singlepc 07/10/06 10:56:30: Cannot Open MySQL Database. Error: Client does not support authentication protocol requested by server; consider upgrading MySQL client 07/10/06 10:57:00: Cannot Open MySQL Database. Error: Client does not support authentication protocol requested by server; consider upgrading MySQL client 07/10/06 10:57:30: Cannot Open MySQL Database. Error: Client does not support authentication protocol requested by server; consider upgrading MySQL client -- "The network is the computer" From owner-freebsd-isp@FreeBSD.ORG Fri Jul 14 15:10:31 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8743616A516 for ; Fri, 14 Jul 2006 15:10:31 +0000 (UTC) (envelope-from martin.miedema@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7DC9743D55 for ; Fri, 14 Jul 2006 15:10:27 +0000 (GMT) (envelope-from martin.miedema@gmail.com) Received: by nf-out-0910.google.com with SMTP id y25so211209nfb for ; Fri, 14 Jul 2006 08:10:26 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=WtiwNonalOS61lRIl3eUvUE172zY4SRjmHEmIpW5f+Nc5agPZy83axN5isZk7yNZ/HSmymSmBsyoYN5Ac5VwgYJxKCcJY2hnmrJu3ZDKbTLG7DWt7/TqSW2+ui0to8mWpAqf7hRJiaND/5NqZQ4iUuLTooc4bc8qnrlVT9VOaYs= Received: by 10.49.21.8 with SMTP id y8mr2068623nfi; Fri, 14 Jul 2006 08:10:24 -0700 (PDT) Received: from ?10.137.41.178? ( [193.95.172.210]) by mx.gmail.com with ESMTP id v20sm74868nfc.2006.07.14.08.10.23; Fri, 14 Jul 2006 08:10:24 -0700 (PDT) Message-ID: <44B7B456.3000301@gmail.com> Date: Fri, 14 Jul 2006 16:12:22 +0100 From: Martin Miedema User-Agent: Thunderbird 1.5.0.2 (Windows/20060308) MIME-Version: 1.0 To: Jorge Evangelista References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Bandwith Manager with Mysql X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2006 15:10:31 -0000 Jorge Evangelista wrote: > Hi guys, I am installing Bandwith Manager of Emerging Technologies, I > have installed apache, php-mysql, and mysql, it because BW is manage > with Web Interface, but I have been having errors when Bandwitdh > Manager try to connect with database. > There are some logs. > > 07/10/06 10:55:30: Cannot Open MySQL Database. Error: Client does not > support authentication protocol requested by server; consider > upgrading MySQL client > 07/10/06 10:56:00: Cannot Open MySQL Database. Error: Client does not > support authentication protocol requested by server; consider > upgrading MySQL client > 07/10/06 10:56:00: Can't Get Statistics for flor2 > 07/10/06 10:56:00: Can't Get Statistics for SinglePC > 07/10/06 10:56:00: Can't Get Statistics for singlepc > 07/10/06 10:56:30: Cannot Open MySQL Database. Error: Client does not > support authentication protocol requested by server; consider > upgrading MySQL client > 07/10/06 10:57:00: Cannot Open MySQL Database. Error: Client does not > support authentication protocol requested by server; consider > upgrading MySQL client > 07/10/06 10:57:30: Cannot Open MySQL Database. Error: Client does not > support authentication protocol requested by server; consider > upgrading MySQL client > > > Which version of MySQL are you using? The way MySQL hashes password has changes since MySQL 4.1. If you use PHPmyAdmin, you can select to store the password using the old hashing method, that should solve your problem. There is also a way to do this using MySQL directly. Some google-ing should help you out there. From owner-freebsd-isp@FreeBSD.ORG Fri Jul 14 15:19:57 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F40916A4DE for ; Fri, 14 Jul 2006 15:19:57 +0000 (UTC) (envelope-from james@infinityprosports.com) Received: from mail1.infinityprosports.com (mail1.infinityprosports.com [67.18.186.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 069CD43D4C for ; Fri, 14 Jul 2006 15:19:56 +0000 (GMT) (envelope-from james@infinityprosports.com) Received: (qmail 48239 invoked by uid 89); 14 Jul 2006 15:19:56 -0000 Received: from unknown (HELO ?192.168.0.157?) (james@infinityprosports.com@209.189.249.98) by mail1.infinityprosports.com with ESMTPA; 14 Jul 2006 15:19:56 -0000 Message-ID: <44B7B624.1050003@infinityprosports.com> Date: Fri, 14 Jul 2006 10:20:04 -0500 From: James Ryan User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 CC: freebsd-isp@freebsd.org References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Bandwith Manager with Mysql X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2006 15:19:57 -0000 Perhaps you have different MySQL client and server installs... did you install them via ports, packages, or source? What is your output of "pkg_info | grep mysql"? James Jorge Evangelista wrote: > Hi guys, I am installing Bandwith Manager of Emerging Technologies, I > have installed apache, php-mysql, and mysql, it because BW is manage > with Web Interface, but I have been having errors when Bandwitdh > Manager try to connect with database. > There are some logs. > > 07/10/06 10:55:30: Cannot Open MySQL Database. Error: Client does not > support authentication protocol requested by server; consider > upgrading MySQL client > 07/10/06 10:56:00: Cannot Open MySQL Database. Error: Client does not > support authentication protocol requested by server; consider > upgrading MySQL client > 07/10/06 10:56:00: Can't Get Statistics for flor2 > 07/10/06 10:56:00: Can't Get Statistics for SinglePC > 07/10/06 10:56:00: Can't Get Statistics for singlepc > 07/10/06 10:56:30: Cannot Open MySQL Database. Error: Client does not > support authentication protocol requested by server; consider > upgrading MySQL client > 07/10/06 10:57:00: Cannot Open MySQL Database. Error: Client does not > support authentication protocol requested by server; consider > upgrading MySQL client > 07/10/06 10:57:30: Cannot Open MySQL Database. Error: Client does not > support authentication protocol requested by server; consider > upgrading MySQL client > > > From owner-freebsd-isp@FreeBSD.ORG Fri Jul 14 15:37:11 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 58BCA16A4DE for ; Fri, 14 Jul 2006 15:37:11 +0000 (UTC) (envelope-from danial_thom@yahoo.com) Received: from web33304.mail.mud.yahoo.com (web33304.mail.mud.yahoo.com [68.142.206.119]) by mx1.FreeBSD.org (Postfix) with SMTP id E57EB43D46 for ; Fri, 14 Jul 2006 15:37:10 +0000 (GMT) (envelope-from danial_thom@yahoo.com) Received: (qmail 16752 invoked by uid 60001); 14 Jul 2006 15:37:10 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=xSRJgXqYbx6FT5V+1TgcDcsRhPipVpGohHH2SWjTLZnBY6izTCzkmyWmph3hbsY77NkcMVlUIYkAmauFV/cIz/yiCTW0rnogn1sbvOqVRrtdIoLAss999dtR53wvAuYi4zgRuYtQCRUBcU4nkDJFj8EaO7AeV/OxpvB3otJf5+8= ; Message-ID: <20060714153710.16748.qmail@web33304.mail.mud.yahoo.com> Received: from [65.34.182.15] by web33304.mail.mud.yahoo.com via HTTP; Fri, 14 Jul 2006 08:37:10 PDT Date: Fri, 14 Jul 2006 08:37:10 -0700 (PDT) From: Danial Thom To: James Ryan In-Reply-To: <44B7B624.1050003@infinityprosports.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-isp@freebsd.org Subject: Re: Bandwith Manager with Mysql X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: danial_thom@yahoo.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2006 15:37:11 -0000 --- James Ryan wrote: > Perhaps you have different MySQL client and > server installs... did you > install them via ports, packages, or source? > What is your output of > "pkg_info | grep mysql"? > > James > > Jorge Evangelista wrote: > > Hi guys, I am installing Bandwith Manager of > Emerging Technologies, I > > have installed apache, php-mysql, and mysql, > it because BW is manage > > with Web Interface, but I have been having > errors when Bandwitdh > > Manager try to connect with database. > > There are some logs. > > > > 07/10/06 10:55:30: Cannot Open MySQL > Database. Error: Client does not > > support authentication protocol requested by > server; consider > > upgrading MySQL client > > 07/10/06 10:56:00: Cannot Open MySQL > Database. Error: Client does not > > support authentication protocol requested by > server; consider > > upgrading MySQL client > > 07/10/06 10:56:00: Can't Get Statistics for > flor2 > > 07/10/06 10:56:00: Can't Get Statistics for > SinglePC > > 07/10/06 10:56:00: Can't Get Statistics for > singlepc > > 07/10/06 10:56:30: Cannot Open MySQL > Database. Error: Client does not > > support authentication protocol requested by > server; consider > > upgrading MySQL client > > 07/10/06 10:57:00: Cannot Open MySQL > Database. Error: Client does not > > support authentication protocol requested by > server; consider > > upgrading MySQL client > > 07/10/06 10:57:30: Cannot Open MySQL > Database. Error: Client does not > > support authentication protocol requested by > server; consider > > upgrading MySQL client You're running a newer version of mySQL than they support. Maybe you're running 5 and they support 4? DT __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-isp@FreeBSD.ORG Fri Jul 14 15:39:00 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE72516A4E9 for ; Fri, 14 Jul 2006 15:39:00 +0000 (UTC) (envelope-from danial_thom@yahoo.com) Received: from web33310.mail.mud.yahoo.com (web33310.mail.mud.yahoo.com [68.142.206.125]) by mx1.FreeBSD.org (Postfix) with SMTP id 299D443D53 for ; Fri, 14 Jul 2006 15:39:00 +0000 (GMT) (envelope-from danial_thom@yahoo.com) Received: (qmail 85673 invoked by uid 60001); 14 Jul 2006 15:38:59 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=jK+bydA9LF8m1BT0px0uK7S6XbrjFg94ydz4uN181SZ9Kt/GqD3Cf7/raZOfizM1NafW3oBjQjnYTvQ72sYiuv2ePkQxzEwvm3qNk1K5qMQSaAZOCsFU53x/DYYSkLkVz6YS5RG7HpIHqC0jd1pDmtIQOHHShnoF2z7C4gcIBj4= ; Message-ID: <20060714153859.85671.qmail@web33310.mail.mud.yahoo.com> Received: from [65.34.182.15] by web33310.mail.mud.yahoo.com via HTTP; Fri, 14 Jul 2006 08:38:59 PDT Date: Fri, 14 Jul 2006 08:38:59 -0700 (PDT) From: Danial Thom To: Jorge Evangelista , freebsd-isp@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: Subject: Re: Bandwith Manager with Mysql X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: danial_thom@yahoo.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2006 15:39:00 -0000 --- Jorge Evangelista wrote: > Hi guys, I am installing Bandwith Manager of > Emerging Technologies, I > have installed apache, php-mysql, and mysql, it > because BW is manage > with Web Interface, but I have been having > errors when Bandwitdh > Manager try to connect with database. > There are some logs. > > 07/10/06 10:55:30: Cannot Open MySQL Database. > Error: Client does not > support authentication protocol requested by > server; consider > upgrading MySQL client > 07/10/06 10:56:00: Cannot Open MySQL Database. > Error: Client does not > support authentication protocol requested by > server; consider > upgrading MySQL client > 07/10/06 10:56:00: Can't Get Statistics for > flor2 > 07/10/06 10:56:00: Can't Get Statistics for > SinglePC > 07/10/06 10:56:00: Can't Get Statistics for > singlepc > 07/10/06 10:56:30: Cannot Open MySQL Database. > Error: Client does not > support authentication protocol requested by > server; consider > upgrading MySQL client > 07/10/06 10:57:00: Cannot Open MySQL Database. > Error: Client does not > support authentication protocol requested by > server; consider > upgrading MySQL client > 07/10/06 10:57:30: Cannot Open MySQL Database. > Error: Client does not > support authentication protocol requested by > server; consider > upgrading MySQL client They have a Demo CD that will build a complete system with all of the correct software versions, so why are you doing so much work? DT __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-isp@FreeBSD.ORG Fri Jul 14 15:51:53 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F11E716A4DE for ; Fri, 14 Jul 2006 15:51:53 +0000 (UTC) (envelope-from netsecuredata@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2DDBF43D6D for ; Fri, 14 Jul 2006 15:51:50 +0000 (GMT) (envelope-from netsecuredata@gmail.com) Received: by ug-out-1314.google.com with SMTP id m2so845745ugc for ; Fri, 14 Jul 2006 08:51:50 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=WGMroOL1caQ+HdIBmxoyf7H1H+F2edffGkwSPv4F7TOeCS5vjbfh9Yb932FoIT1Ifl6eD+fHPE+sDiJRWFnqNBIL1IgNqj7VClOa0xuLj4CCZ1/BvXy/EmMM088QybDjlbbcaow22eDwdMb8ILR/GyKzkn0Xvm0q0yYF+m5Lieo= Received: by 10.78.177.3 with SMTP id z3mr1742306hue; Fri, 14 Jul 2006 08:51:49 -0700 (PDT) Received: by 10.78.200.18 with HTTP; Fri, 14 Jul 2006 08:51:49 -0700 (PDT) Message-ID: Date: Fri, 14 Jul 2006 10:51:49 -0500 From: "Jorge Evangelista" To: freebsd-isp@freebsd.org In-Reply-To: <44B7B624.1050003@infinityprosports.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <44B7B624.1050003@infinityprosports.com> Subject: Re: Bandwith Manager with Mysql X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2006 15:51:54 -0000 I have install them via ports. mysql-client-5.0.1 Multithreaded SQL database (client) mysql-server-5.0.1 Multithreaded SQL database (server) I have others 2 Server Freebsd run, it have mysql 4.0.16 and other Server 4.0.25, but I did not install it Servers, where I can download packages for these versions, because when I install via ports it can not install version 4. On 7/14/06, James Ryan wrote: > Perhaps you have different MySQL client and server installs... did you > install them via ports, packages, or source? What is your output of > "pkg_info | grep mysql"? > > James > > Jorge Evangelista wrote: > > Hi guys, I am installing Bandwith Manager of Emerging Technologies, I > > have installed apache, php-mysql, and mysql, it because BW is manage > > with Web Interface, but I have been having errors when Bandwitdh > > Manager try to connect with database. > > There are some logs. > > > > 07/10/06 10:55:30: Cannot Open MySQL Database. Error: Client does not > > support authentication protocol requested by server; consider > > upgrading MySQL client > > 07/10/06 10:56:00: Cannot Open MySQL Database. Error: Client does not > > support authentication protocol requested by server; consider > > upgrading MySQL client > > 07/10/06 10:56:00: Can't Get Statistics for flor2 > > 07/10/06 10:56:00: Can't Get Statistics for SinglePC > > 07/10/06 10:56:00: Can't Get Statistics for singlepc > > 07/10/06 10:56:30: Cannot Open MySQL Database. Error: Client does not > > support authentication protocol requested by server; consider > > upgrading MySQL client > > 07/10/06 10:57:00: Cannot Open MySQL Database. Error: Client does not > > support authentication protocol requested by server; consider > > upgrading MySQL client > > 07/10/06 10:57:30: Cannot Open MySQL Database. Error: Client does not > > support authentication protocol requested by server; consider > > upgrading MySQL client > > > > > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > -- "The network is the computer" From owner-freebsd-isp@FreeBSD.ORG Fri Jul 14 16:41:25 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8CA1D16A4DD for ; Fri, 14 Jul 2006 16:41:25 +0000 (UTC) (envelope-from drew@gothambus.com) Received: from mail.gothambus.com (trixie.gbcx.net [204.89.131.138]) by mx1.FreeBSD.org (Postfix) with SMTP id 1951743D66 for ; Fri, 14 Jul 2006 16:41:23 +0000 (GMT) (envelope-from drew@gothambus.com) Received: (qmail 30772 invoked by uid 1024); 14 Jul 2006 16:39:30 -0000 Received: from drew@gothambus.com by mail.gothambus.com by uid 89 with qmail-scanner-1.22-st-qms (spamassassin: 2.64. Clear:RC:1(216.168.140.18):. Processed in 0.037428 secs); 14 Jul 2006 16:39:30 -0000 X-Antivirus-MYDOMAIN-Mail-From: drew@gothambus.com via mail.gothambus.com X-Antivirus-MYDOMAIN: 1.22-st-qms (Clear:RC:1(216.168.140.18):. Processed in 0.037428 secs Process 30768) Received: from 3comvpn.nxgt.com (HELO ?192.168.1.174?) (216.168.140.18) by mail.gothambus.com with SMTP; 14 Jul 2006 16:39:30 -0000 Message-ID: <44B7C92B.6050904@gothambus.com> Date: Fri, 14 Jul 2006 12:41:15 -0400 From: Drew Linsalata User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-isp@freebsd.org References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Bandwith Manager with Mysql X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2006 16:41:25 -0000 Jorge Evangelista wrote: > 07/10/06 10:57:30: Cannot Open MySQL Database. Error: Client does not > support authentication protocol requested by server; consider > upgrading MySQL client You need to change the MySQL password format for the bwmgr user: Connect to your MySQL server: ----------------------------- mysql -h your.sql.host -u root -p Update the password: --------------------- use mysql SET password=OLD_PASSWORD('password') WHERE user='username'; flush privileges; That should get you in. The problem is that your MySQL is too new for the bandwidth manager package. -- Drew Linsalata The Gotham Bus Company, Inc. Dedicated Servers and Colocation Solutions Long Island, New York http://www.gothambus.com From owner-freebsd-isp@FreeBSD.ORG Fri Jul 14 19:56:05 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 30A1116A4DE for ; Fri, 14 Jul 2006 19:56:05 +0000 (UTC) (envelope-from mark@gaiahost.coop) Received: from biodiesel.gaiahost.coop (biodiesel.gaiahost.coop [64.95.78.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id E41C443D45 for ; Fri, 14 Jul 2006 19:56:04 +0000 (GMT) (envelope-from mark@gaiahost.coop) Received: from gaiahost.coop (host-64-65-195-19.spr.choiceone.net [::ffff:64.65.195.19]) (AUTH: LOGIN mark@hubcapconsulting.com) by biodiesel.gaiahost.coop with esmtp; Fri, 14 Jul 2006 15:56:03 -0400 id 007C406D.44B7F6D3.00004982 Received: by gaiahost.coop (sSMTP sendmail emulation); Fri, 14 Jul 2006 15:56:04 -0400 Date: Fri, 14 Jul 2006 15:56:03 -0400 From: Mark Bucciarelli To: freebsd-isp@freebsd.org Message-ID: <20060714195603.GE396@rabbit> Mail-Followup-To: freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: CGI apps in C? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2006 19:56:05 -0000 Anybody using libre C apps for the "standard" cgi tasks? counter, form2mail, poll, survey, simple forum? -- Mark Bucciarelli GAIA Host Collective, LLC email: mark@gaiahost.coop phone: (800) 672-8060 x802 web: http://www.gaiahost.coop ----------------------------------- ~~~~~~~~~~~~~~~~ "Reliable internet solutions from an environmentally and socially concerned worker collective" ~~~~~~~~~~~~~~~~ From owner-freebsd-isp@FreeBSD.ORG Fri Jul 14 20:03:41 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B657716A4DE for ; Fri, 14 Jul 2006 20:03:41 +0000 (UTC) (envelope-from sdrhodus@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id A0BFD43D60 for ; Fri, 14 Jul 2006 20:03:24 +0000 (GMT) (envelope-from sdrhodus@gmail.com) Received: by ug-out-1314.google.com with SMTP id m2so8940uge for ; Fri, 14 Jul 2006 13:03:23 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=p23yZskUAwKkroCb19sByYlEIDNNIVdumWMjVeLyPuagCSzVkecjN+iMi1ACqn9Sxh0adNWj29x0qzXVtOmndYJjw99Hx5rgaievK+io6ZEuma2ChFAVXPeb1uGMHB+iW90S5ZfQiXcyL3EBBoiQeTQik4QmLsrodrPThp0UA08= Received: by 10.78.156.6 with SMTP id d6mr1883276hue; Fri, 14 Jul 2006 13:03:23 -0700 (PDT) Received: by 10.78.143.12 with HTTP; Fri, 14 Jul 2006 13:03:23 -0700 (PDT) Message-ID: Date: Fri, 14 Jul 2006 16:03:23 -0400 From: "David Rhodus" Sender: sdrhodus@gmail.com To: freebsd-isp@freebsd.org In-Reply-To: <20060714195603.GE396@rabbit> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20060714195603.GE396@rabbit> X-Google-Sender-Auth: 7a322a0cc4cd653a Subject: Re: CGI apps in C? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2006 20:03:41 -0000 Some some applications. Why do you ask ? -- David Rhodus | Senior Unix Systems Programmer | drhodus@machdep.com On 7/14/06, Mark Bucciarelli wrote: > Anybody using libre C apps for the "standard" cgi tasks? > > counter, form2mail, poll, survey, simple forum? > > -- > Mark Bucciarelli > GAIA Host Collective, LLC > email: mark@gaiahost.coop > phone: (800) 672-8060 x802 > web: http://www.gaiahost.coop > ----------------------------------- > ~~~~~~~~~~~~~~~~ > "Reliable internet solutions from an environmentally > and socially concerned worker collective" > ~~~~~~~~~~~~~~~~ > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Fri Jul 14 20:22:37 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 17BD816A4DE for ; Fri, 14 Jul 2006 20:22:37 +0000 (UTC) (envelope-from mark@gaiahost.coop) Received: from biodiesel.gaiahost.coop (biodiesel.gaiahost.coop [64.95.78.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id C107C43D46 for ; Fri, 14 Jul 2006 20:22:36 +0000 (GMT) (envelope-from mark@gaiahost.coop) Received: from gaiahost.coop (host-64-65-195-19.spr.choiceone.net [::ffff:64.65.195.19]) (AUTH: LOGIN mark@hubcapconsulting.com) by biodiesel.gaiahost.coop with esmtp; Fri, 14 Jul 2006 16:22:34 -0400 id 007C4061.44B7FD0B.00007AAA Received: by gaiahost.coop (sSMTP sendmail emulation); Fri, 14 Jul 2006 16:22:34 -0400 Date: Fri, 14 Jul 2006 16:22:34 -0400 From: Mark Bucciarelli To: David Rhodus Message-ID: <20060714202233.GF396@rabbit> Mail-Followup-To: David Rhodus , freebsd-isp@freebsd.org References: <20060714195603.GE396@rabbit> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i Cc: freebsd-isp@freebsd.org Subject: Re: CGI apps in C? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2006 20:22:37 -0000 On Fri, Jul 14, 2006 at 04:03:23PM -0400, David Rhodus wrote: > Some applications. Why do you ask ? The more I learn about PHP the less I like it. So I have a bias towards apps in C and C++, but am having a hard time finding any. I just found a little poll app (sonda) but my most pressing need is for a form2mail. Do you have a link to any of the apps you use? Or are you the author? m From owner-freebsd-isp@FreeBSD.ORG Fri Jul 14 21:00:34 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B63016A4E1 for ; Fri, 14 Jul 2006 21:00:34 +0000 (UTC) (envelope-from danial_thom@yahoo.com) Received: from web33307.mail.mud.yahoo.com (web33307.mail.mud.yahoo.com [68.142.206.122]) by mx1.FreeBSD.org (Postfix) with SMTP id 6B79F43D45 for ; Fri, 14 Jul 2006 21:00:33 +0000 (GMT) (envelope-from danial_thom@yahoo.com) Received: (qmail 69941 invoked by uid 60001); 14 Jul 2006 21:00:32 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=cReasUzePTVWxVuQhlNqWkvnOhw6SPg6IsFGfeDAinc93g1bJUPSeIt99LwdeAbMNsRFM+bu4fAVByGnQj+Vqq4Um618QefvpOrdApr9zrFoEqf6XEIYfZIQYvr1PmpsReCvdJ39nt3AyFaZ2ntRyusuoUqzuzUP2JFMgB8iezE= ; Message-ID: <20060714210032.69939.qmail@web33307.mail.mud.yahoo.com> Received: from [65.34.182.15] by web33307.mail.mud.yahoo.com via HTTP; Fri, 14 Jul 2006 14:00:32 PDT Date: Fri, 14 Jul 2006 14:00:32 -0700 (PDT) From: Danial Thom To: Mark Bucciarelli , David Rhodus In-Reply-To: <20060714202233.GF396@rabbit> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-isp@freebsd.org Subject: Re: CGI apps in C? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: danial_thom@yahoo.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2006 21:00:34 -0000 --- Mark Bucciarelli wrote: > On Fri, Jul 14, 2006 at 04:03:23PM -0400, David > Rhodus wrote: > > > Some applications. Why do you ask ? > > The more I learn about PHP the less I like it. > So I have a bias > towards apps in C and C++, but am having a hard > time finding any. > > I just found a little poll app (sonda) but my > most pressing need > is for a form2mail. > > Do you have a link to any of the apps you use? > Or are you the > author? > The first thing you need is a good cgiparse() routine that handles all the GET POST variants, forms, multipart forms, etc. Its a pain in the butt in 'C'. php isn't half bad, and it has all the ugly stuff built in. You might get your clothes a bit cleaner with the rock and stream method, but use the washing machine. In the long run you'll be glad you did. DT __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-isp@FreeBSD.ORG Fri Jul 14 21:17:09 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0714C16A4DA for ; Fri, 14 Jul 2006 21:17:09 +0000 (UTC) (envelope-from mark@gaiahost.coop) Received: from biodiesel.gaiahost.coop (biodiesel.gaiahost.coop [64.95.78.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F8FD43D6D for ; Fri, 14 Jul 2006 21:16:44 +0000 (GMT) (envelope-from mark@gaiahost.coop) Received: from gaiahost.coop (host-64-65-195-19.spr.choiceone.net [::ffff:64.65.195.19]) (AUTH: LOGIN mark@hubcapconsulting.com) by biodiesel.gaiahost.coop with esmtp; Fri, 14 Jul 2006 17:16:42 -0400 id 007A4082.44B809BC.00005F28 Received: by gaiahost.coop (sSMTP sendmail emulation); Fri, 14 Jul 2006 17:16:41 -0400 Date: Fri, 14 Jul 2006 17:16:40 -0400 From: Mark Bucciarelli To: Danial Thom Message-ID: <20060714211640.GG396@rabbit> Mail-Followup-To: Danial Thom , David Rhodus , freebsd-isp@freebsd.org References: <20060714202233.GF396@rabbit> <20060714210032.69939.qmail@web33307.mail.mud.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline In-Reply-To: <20060714210032.69939.qmail@web33307.mail.mud.yahoo.com> User-Agent: Mutt/1.4.2.1i Cc: freebsd-isp@freebsd.org, David Rhodus Subject: Re: CGI apps in C? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2006 21:17:09 -0000 On Fri, Jul 14, 2006 at 02:00:32PM -0700, Danial Thom wrote: > The first thing you need is a good cgiparse() routine that > handles all the GET POST variants, forms, multipart forms, etc. > Its a pain in the butt in 'C'. There's lots of these libs. uncgi is one I like pretty well--just sticks cgi vars into envirnoment. And actually, I found a few form2mail scripts. After posting, I did some proper googling. I'm more worried about things like DOS from a bogus content length header and spam via mail header injection and of course buffer overflows. So I'd still be interested if folks here have scripts they have audited and like. > php isn't half bad, and it has all the ugly stuff built in. You > might get your clothes a bit cleaner with the rock and stream > method, but use the washing machine. In the long run you'll be > glad you did. heh. I think a closer analogy is building a house from stone not sticks. m From owner-freebsd-isp@FreeBSD.ORG Fri Jul 14 22:33:59 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4836916A4DA for ; Fri, 14 Jul 2006 22:33:59 +0000 (UTC) (envelope-from cody@wilkshire.net) Received: from mail.wilkshire.net (mail.wilkshire.net [12.111.120.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC64D43D55 for ; Fri, 14 Jul 2006 22:33:52 +0000 (GMT) (envelope-from cody@wilkshire.net) Received: from localhost (virusproxy4.wilkshire.net [10.10.55.24]) by mail.wilkshire.net (Postfix) with ESMTP id 45440A74C14; Fri, 14 Jul 2006 18:33:51 -0400 (EDT) Received: from mail.wilkshire.net ([10.10.55.20]) by localhost (virusproxy4.wilkshire.net [10.10.55.24]) (amavisd-new, port 10024) with ESMTP id 15666-05; Fri, 14 Jul 2006 18:33:50 -0400 (EDT) Received: from [192.168.1.101] (unknown [163.120.70.84]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wilkshire.net (Postfix) with ESMTP id BC5AEA74B82; Fri, 14 Jul 2006 18:33:49 -0400 (EDT) Message-ID: <44B81BCC.7010201@wilkshire.net> Date: Fri, 14 Jul 2006 18:33:48 -0400 From: Cody Baker User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: Danial Thom , David Rhodus , freebsd-isp@freebsd.org References: <20060714202233.GF396@rabbit> <20060714210032.69939.qmail@web33307.mail.mud.yahoo.com> <20060714211640.GG396@rabbit> In-Reply-To: <20060714211640.GG396@rabbit> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at wilkshire.net Cc: Subject: Re: CGI apps in C? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2006 22:33:59 -0000 If you're concerned about large traffic volume, you should give some serious considerations to mod_perl. It, and select scripts, will remain resident therefore avoiding all of the costly setup imposed by CGI. It's quick, well tested, and a pretty popular option. Popularity may sound trivial, but exploits get fixed in popular apps long before those in obscure ones. It can be a bit memory heavy, but memory is cheap. PHP is cake to program in and pretty useful, but it's SLOW and rather ugly to admin. Thank You, Cody Baker cody@wilkshire.net From owner-freebsd-isp@FreeBSD.ORG Fri Jul 14 23:09:33 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0DF6916A4DD for ; Fri, 14 Jul 2006 23:09:33 +0000 (UTC) (envelope-from ormandj@corenode.com) Received: from zone2.corenode.com (zone2.corenode.com [66.91.129.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id 48FAD43D46 for ; Fri, 14 Jul 2006 23:09:32 +0000 (GMT) (envelope-from ormandj@corenode.com) Received: from corenode.com ([127.0.0.1]) by zone2.corenode.com (Sun Java System Messaging Server 6.2-3.04 (built Jul 15 2005)) with ESMTP id <0J2F009FI1R04X00@zone2.corenode.com> for freebsd-isp@freebsd.org; Fri, 14 Jul 2006 13:11:24 -1000 (HST) Received: from [132.160.192.10] by zone2.corenode.com (mshttpd); Fri, 14 Jul 2006 13:11:24 -1000 Date: Fri, 14 Jul 2006 13:11:24 -1000 From: "David J. Orman" In-reply-to: <44B81BCC.7010201@wilkshire.net> To: Cody Baker Message-id: MIME-version: 1.0 X-Mailer: Sun Java(tm) System Messenger Express 6.2-3.04 (built Jul 15 2005) Content-type: text/plain; charset=us-ascii Content-language: en Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: en Priority: normal References: <20060714202233.GF396@rabbit> <20060714210032.69939.qmail@web33307.mail.mud.yahoo.com> <20060714211640.GG396@rabbit> <44B81BCC.7010201@wilkshire.net> Cc: freebsd-isp@freebsd.org, David Rhodus , Danial Thom Subject: Re: CGI apps in C? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2006 23:09:33 -0000 Just use FastCGI with lighthttpd if you need performance under large amounts of traffic. David ----- Original Message ----- From: Cody Baker Date: Friday, July 14, 2006 12:33 pm Subject: Re: CGI apps in C? > If you're concerned about large traffic volume, you should give some > serious considerations to mod_perl. It, and select scripts, will > remainresident therefore avoiding all of the costly setup imposed > by CGI. > It's quick, well tested, and a pretty popular option. Popularity > maysound trivial, but exploits get fixed in popular apps long > before those > in obscure ones. It can be a bit memory heavy, but memory is > cheap. > PHP is cake to program in and pretty useful, but it's SLOW and rather > ugly to admin. > > Thank You, > > Cody Baker > cody@wilkshire.net > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Sat Jul 15 06:49:26 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DFAC516A4DA for ; Sat, 15 Jul 2006 06:49:26 +0000 (UTC) (envelope-from col-h@optusnet.com.au) Received: from ash25e.internode.on.net (ash25e.internode.on.net [203.16.214.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D2DD43D45 for ; Sat, 15 Jul 2006 06:49:25 +0000 (GMT) (envelope-from col-h@optusnet.com.au) Received: from [10.1.1.99] (ppp244-35.static.internode.on.net [59.167.244.35]) by ash25e.internode.on.net (8.13.6/8.13.5) with ESMTP id k6F6nOU4079566 for ; Sat, 15 Jul 2006 16:19:24 +0930 (CST) (envelope-from col-h@optusnet.com.au) Message-ID: <44B88FF6.6030803@optusnet.com.au> Date: Sat, 15 Jul 2006 16:49:26 +1000 From: Colin House User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: freebsd-isp@freebsd.org References: <44B7B624.1050003@infinityprosports.com> In-Reply-To: <44B7B624.1050003@infinityprosports.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Bandwith Manager with Mysql X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Jul 2006 06:49:27 -0000 James Ryan wrote: > Perhaps you have different MySQL client and server installs... did you > install them via ports, packages, or source? What is your output of > "pkg_info | grep mysql"? > > James > > Jorge Evangelista wrote: >> Hi guys, I am installing Bandwith Manager of Emerging Technologies, I >> have installed apache, php-mysql, and mysql, it because BW is manage >> with Web Interface, but I have been having errors when Bandwitdh >> Manager try to connect with database. >> There are some logs. >> >> 07/10/06 10:55:30: Cannot Open MySQL Database. Error: Client does not >> support authentication protocol requested by server; consider >> upgrading MySQL client >> 07/10/06 10:56:00: Cannot Open MySQL Database. Error: Client does not >> support authentication protocol requested by server; consider >> upgrading MySQL client >> 07/10/06 10:56:00: Can't Get Statistics for flor2 >> 07/10/06 10:56:00: Can't Get Statistics for SinglePC >> 07/10/06 10:56:00: Can't Get Statistics for singlepc >> 07/10/06 10:56:30: Cannot Open MySQL Database. Error: Client does not >> support authentication protocol requested by server; consider >> upgrading MySQL client >> 07/10/06 10:57:00: Cannot Open MySQL Database. Error: Client does not >> support authentication protocol requested by server; consider >> upgrading MySQL client >> 07/10/06 10:57:30: Cannot Open MySQL Database. Error: Client does not >> support authentication protocol requested by server; consider >> upgrading MySQL client >> >> >> > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > If you installed from source you need to rebuild php against the mysql5 libraries. If you installed from ports/packages install php5-mysql-5.1.4. Should do the trick :) From owner-freebsd-isp@FreeBSD.ORG Sat Jul 15 10:05:01 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C37F816A4E1 for ; Sat, 15 Jul 2006 10:05:01 +0000 (UTC) (envelope-from bv@bilver.wjv.com) Received: from wjv.com (fl-65-40-24-38.sta.embarqhsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 94D3943D45 for ; Sat, 15 Jul 2006 10:05:00 +0000 (GMT) (envelope-from bv@bilver.wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by wjv.com (8.13.6/8.13.1) with ESMTP id k6FA4pCw042963; Sat, 15 Jul 2006 06:04:51 -0400 (EDT) (envelope-from bv@bilver.wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.13.6/8.13.1/Submit) id k6FA4jZr042962; Sat, 15 Jul 2006 06:04:45 -0400 (EDT) (envelope-from bv) Date: Sat, 15 Jul 2006 06:04:45 -0400 From: Bill Vermillion To: David Rhodus , freebsd-isp@freebsd.org Message-ID: <20060715100445.GA38120@wjv.com> References: <20060714195603.GE396@rabbit> <20060714202233.GF396@rabbit> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060714202233.GF396@rabbit> Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.11 X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, SPF_HELO_PASS autolearn=ham version=3.1.3 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on bilver.wjv.com Cc: Subject: Re: CGI apps in C? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bv@wjv.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Jul 2006 10:05:01 -0000 At Fri, Jul 14, 2006 at 16:22 , our malformed and occasionally flatulent friend Mark Bucciarelli spewed forth this fount of brain juice: > On Fri, Jul 14, 2006 at 04:03:23PM -0400, David Rhodus wrote: > > Some applications. Why do you ask ? > The more I learn about PHP the less I like it. So I have a bias > towards apps in C and C++, but am having a hard time finding any. One of our main sites got a new developer [??] last year who moved everything from stock html to mambo and php. The sites access went from being in the top 5% of sites in terms of access to the 65-75% range. That developer is now gone and things are being reverted. It seems that security updates to php appear more frequenctly than I'd like to see. Bill -- Bill Vermillion - bv @ wjv . com From owner-freebsd-isp@FreeBSD.ORG Sat Jul 15 18:06:42 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E426916A4DF for ; Sat, 15 Jul 2006 18:06:42 +0000 (UTC) (envelope-from danial_thom@yahoo.com) Received: from web33308.mail.mud.yahoo.com (web33308.mail.mud.yahoo.com [68.142.206.123]) by mx1.FreeBSD.org (Postfix) with SMTP id 28D4743D46 for ; Sat, 15 Jul 2006 18:06:37 +0000 (GMT) (envelope-from danial_thom@yahoo.com) Received: (qmail 18178 invoked by uid 60001); 15 Jul 2006 18:06:37 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=MF+P3tyt6TwO8VjgqU+5CTRzbmSbzQtSSvIj6r04VZFgN9KwbZJBR/bkx//npAJXmJ7DMy1eFoYER+sq+g8yWvXv9bN8C6V/cUxQ2AZ0aUW5kBALtSNGobEDR+oaw7UgiyElKCzk7lbPYQsZuErLEAn3drlv3K+ySamlGgMZ+tE= ; Message-ID: <20060715180637.18176.qmail@web33308.mail.mud.yahoo.com> Received: from [65.34.182.15] by web33308.mail.mud.yahoo.com via HTTP; Sat, 15 Jul 2006 11:06:37 PDT Date: Sat, 15 Jul 2006 11:06:37 -0700 (PDT) From: Danial Thom To: "David J. Orman" , Cody Baker In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-isp@freebsd.org, David Rhodus , Danial Thom Subject: Re: CGI apps in C? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: danial_thom@yahoo.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Jul 2006 18:06:43 -0000 --- "David J. Orman" wrote: > Just use FastCGI with lighthttpd if you need > performance under large amounts of traffic. > > David > > ----- Original Message ----- > From: Cody Baker > Date: Friday, July 14, 2006 12:33 pm > Subject: Re: CGI apps in C? > > > If you're concerned about large traffic > volume, you should give some > > serious considerations to mod_perl. It, and > select scripts, will > > remainresident therefore avoiding all of the > costly setup imposed > > by CGI. > > It's quick, well tested, and a pretty popular > option. Popularity > > maysound trivial, but exploits get fixed in > popular apps long > > before those > > in obscure ones. It can be a bit memory > heavy, but memory is > > cheap. > > PHP is cake to program in and pretty useful, > but it's SLOW and rather > > ugly to admin. > > > > Thank You, > > > > Cody Baker > > cody@wilkshire.net > > > > > > > _______________________________________________ > > freebsd-isp@freebsd.org mailing list > > > PERL for performance. Now thats a new one. DT __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-isp@FreeBSD.ORG Sat Jul 15 18:11:00 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6FC8216A58D for ; Sat, 15 Jul 2006 18:11:00 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from rune.pobox.com (rune.pobox.com [208.210.124.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id EF2D143D45 for ; Sat, 15 Jul 2006 18:10:59 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from rune (localhost [127.0.0.1]) by rune.pobox.com (Postfix) with ESMTP id DE9E37B345; Sat, 15 Jul 2006 14:11:20 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rune.sasl.smtp.pobox.com (Postfix) with ESMTP id 6B7187B32C; Sat, 15 Jul 2006 14:11:18 -0400 (EDT) Received: from lists by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1G1obO-00043Y-Bl; Sat, 15 Jul 2006 19:10:54 +0100 Date: Sat, 15 Jul 2006 19:10:54 +0100 From: Brian Candler To: Mark Bucciarelli Message-ID: <20060715181054.GA15489@uk.tiscali.com> References: <20060714195603.GE396@rabbit> <20060714202233.GF396@rabbit> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060714202233.GF396@rabbit> User-Agent: Mutt/1.4.2.1i Cc: freebsd-isp@freebsd.org, David Rhodus Subject: Re: CGI apps in C? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Jul 2006 18:11:00 -0000 On Fri, Jul 14, 2006 at 04:22:34PM -0400, Mark Bucciarelli wrote: > Do you have a link to any of the apps you use? http://www.muquit.com/muquit/software/Count/Count2.6/Count.html is an example of how *not* to write a C cgi :-( Unfortunately, I had to port it from an old webserver to a new one, for compatibility reasons. The biggest pain with C CGIs is that you simply cannot trust any data provided by the caller, and so you must be very careful about not making any assumptions about the format of data which could cause you to end up making a buffer underflow or overflow. This is in addition to the security checks you would have to do for a perl/php type of CGI (such as making sure that data to construct a filename doesn't contain /../, making sure that HTML and SQL special characters are properly escaped, making sure that if you fork a shell, that shell metacharacters are properly defanged, and so on) Another poster suggested using FastCGI. Whilst FastCGI is an excellent framework for web applications, it does not work well for the sort of 'shared' CGIs you're talking about (formmail, counter etc). That's because generally you want these CGIs to run as the UID of the website which is being accessed - in particular to prevent one site's CGI from being able to modify content in a different site's webspace. FastCGIs are persistent, and so run as whatever UID originally started them. So unless you want a whole bunch of FastCGI process pools running around, one for each website, then a single-shot traditional CGI (which can be run under suexec) is much better. The same issue arises with mod_perl and mod_php, where the applications all run as the webserver's own UID. For a single-shot CGI which is exec'd for each request, a C app has a far lower startup overhead than starting a heavyweight scripting language interpreter like Perl. OTOH, there are many other bottlenecks you may reach on your webserver before CGI requests from counters and formmail become significant at all. Much better to monitor your utilisation and logs carefully. Another thing I did was to modify suexec so that it would fork(), wait4(), and then log the rusage information for each CGI execution. Analysing these logs lets you work out, site by site, which are the CGI hogs. But before you start modifying something as security critical as suexec, you'd better be very sure of your C and Unix. Regards, Brian.