From owner-freebsd-isp Sun Jun 24 2:53:13 2001 Delivered-To: freebsd-isp@freebsd.org Received: from geminix.geminix.org (geminix.geminix.org [194.42.85.242]) by hub.freebsd.org (Postfix) with ESMTP id A605F37B401 for ; Sun, 24 Jun 2001 02:53:08 -0700 (PDT) (envelope-from gemini@geminix.org) Received: from geminix.geminix.org ([194.42.85.242] helo=geminix.org) by geminix.geminix.org with esmtp (Exim 3.22 #1) id 15E6ZF-0001na-00; Sun, 24 Jun 2001 11:52:33 +0200 Message-ID: <3B35B861.F900818A@geminix.org> Date: Sun, 24 Jun 2001 11:52:33 +0200 From: Uwe Doering Organization: Private UNIX Site X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Alan Clegg Cc: Stanley Hopcroft , freebsd-isp@FreeBSD.ORG Subject: Re: E-mail to SMS and vice versa References: <10F29E27A956D511B0940050DA8D86A908F586@chat.dagupan.com> <20010612143756.H99062@IPAustralia.Gov.AU> <200106120452.f5C4qkX01292@xyzzy.intranet.snsonline.net> <20010620063339.B74428@diskfarm.firehouse.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Alan Clegg wrote: > > Unless the network is lying to me again, Mark Sergeant said: > > > The best luck I had was gnokki with a spare 5110 and data cable. > > For those searching, it's actually Gnokii. Looks cool. If nobody else is, > I may make this my first port. ;-) Just to spare you some unnecessary work, there already is a gnokii port in the FreeBSD ports collection. Haven't tried it, yet, but found it in my ports INDEX file. So, hope you haven't started, yet. Uwe -- Uwe Doering Berlin, Germany To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 25 0: 0:35 2001 Delivered-To: freebsd-isp@freebsd.org Received: from kermit.netivity.nl (wc-68.r-195-85-144.essentkabel.com [195.85.144.68]) by hub.freebsd.org (Postfix) with ESMTP id EF94937B40A; Mon, 25 Jun 2001 00:00:29 -0700 (PDT) (envelope-from enriko.groen@netivity.nl) Received: by KERMIT with Internet Mail Service (5.5.2650.21) id ; Mon, 25 Jun 2001 09:00:28 +0200 Message-ID: <510EAC2065C0D311929200A0247252622F787C@NETIVITY-FS> From: Enriko Groen To: 'alexus' , freebsd-security@FreeBSD.ORG, freebsd-isp@freebsd.org Subject: RE: disable traceroute to my host Date: Mon, 25 Jun 2001 09:00:18 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > -----Original Message----- > From: alexus [mailto:ml@db.nexgen.com] > > is it possible to disable using ipfw so people won't be able > to traceroute > me? You could with IPfilter which has a fastroute option which will not lower the hopcount. However I think this will only work if you use this feature on a firewall. -- Enriko Groen, Hosting manager -------------------------------------------------------- netivity bv www.netivity.nl enriko.groen@netivity.nl 038 - 850 1000 van nagellstraat 4 8011 eb zwolle -------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 25 7:32:49 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hotmail.com (oe19.pav1.hotmail.com [64.4.30.123]) by hub.freebsd.org (Postfix) with ESMTP id A94E137B407; Mon, 25 Jun 2001 07:32:40 -0700 (PDT) (envelope-from karen_zheng21@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 25 Jun 2001 07:32:40 -0700 X-Originating-IP: [216.95.234.119] From: "Karen@hotmail" To: , Subject: RIP not running due to UDPchecksum disabled Date: Mon, 25 Jun 2001 10:37:27 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0021_01C0FD62.D41AEA90" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Message-ID: X-OriginalArrivalTime: 25 Jun 2001 14:32:40.0363 (UTC) FILETIME=[B01D57B0:01C0FD83] Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0021_01C0FD62.D41AEA90 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I've installed GateD 3.6 on FreeBSD 4.2 (PC), I've set the system = variables as follow: sysctl -w net.inet.ip.forwarding =3D1 sysctl -w net.inet.udp.checksum =3D1 the /etc/gated.conf is as follows: kzheng# cat /etc/gated.conf rip yes { nobroadcast ; }; however, when I started GateD with gdc, and made GateD dump core: gdc COREDUMP I found in /var/tmp/gated.core sum message about RIP not running due to = UDPchecksums DISABLED: Target_Build^@RIP^@^@^@^@^@^@^@^@^@^@^@^@^@rip_init: UDP checksums = *DISABLED* in kernel; RIP disab led^@=F2dp^@route^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@= rip_init: is routed or an old copy of gated running? ... I tried several times and couldn't figure out what was going wrong. = Could you help me out of the problem? Thanks a lot. Karen ------=_NextPart_000_0021_01C0FD62.D41AEA90 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

I've installed GateD 3.6 on FreeBSD 4.2 = (PC), I've=20 set the system variables as follow:

sysctl -w=20 net.inet.ip.forwarding =3D1

sysctl -w=20 net.inet.udp.checksum =3D1

the /etc/gated.conf is as follows:

    kzheng# cat=20 /etc/gated.conf
    rip yes=20 {
            = nobroadcast=20 ;
           =20 };

however, when I started GateD with gdc, and made GateD dump = core:

gdc COREDUMP

I found in /var/tmp/gated.core sum message about RIP not running = due to=20 UDPchecksums DISABLED:

Target_Build^@RIP^@^@^@^@^@^@^@^@^@^@^@^@^@rip_init: UDP = checksums=20 *DISABLED* in kernel; RIP=20 disab
led^@=F2dp^@route^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^= @^@^@^@^@rip_init:=20 is routed or an old
copy of gated running?

...

I tried several times and couldn't figure out what was going wrong. = Could=20 you help me out of the problem? Thanks a lot.

Karen

------=_NextPart_000_0021_01C0FD62.D41AEA90-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 25 12:22:45 2001 Delivered-To: freebsd-isp@freebsd.org Received: from db.nexgen.com (db.nexgen.com [64.81.208.78]) by hub.freebsd.org (Postfix) with SMTP id 5C09A37B407 for ; Mon, 25 Jun 2001 12:22:40 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 13720 invoked from network); 25 Jun 2001 19:23:28 -0000 Received: from localhost.nexgen.com (HELO book) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 25 Jun 2001 19:23:28 -0000 Message-ID: <006e01c0fdac$3be0e2d0$9865fea9@book> From: "alexus" To: "Brooks Davis" Cc: , References: <006a01c0fb6b$2d64d830$9865fea9@book> <20010622160443.A29783@Odin.AC.HMC.Edu> Subject: Re: disable traceroute to my host Date: Mon, 25 Jun 2001 15:22:54 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org i understand that i only will be able to "hide" my last hop for eveyrone and not every others;) ----- Original Message ----- From: "Brooks Davis" To: "alexus" Cc: ; Sent: Friday, June 22, 2001 7:04 PM Subject: Re: disable traceroute to my host To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 25 12:32:35 2001 Delivered-To: freebsd-isp@freebsd.org Received: from db.nexgen.com (db.nexgen.com [64.81.208.78]) by hub.freebsd.org (Postfix) with SMTP id 0BC2537B40A for ; Mon, 25 Jun 2001 12:32:29 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 13858 invoked from network); 25 Jun 2001 19:33:17 -0000 Received: from localhost.nexgen.com (HELO book) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 25 Jun 2001 19:33:17 -0000 Message-ID: <00bc01c0fdad$9ac03070$9865fea9@book> From: "alexus" To: "valence" Cc: , References: Subject: Re: disable traceroute to my host Date: Mon, 25 Jun 2001 15:32:43 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org thank you i'll take a look at that ----- Original Message ----- From: "valence" To: "alexus" Cc: ; Sent: Saturday, June 23, 2001 1:20 PM Subject: Re: disable traceroute to my host http://www.lovric.net/antiroute On Fri, 22 Jun 2001, alexus wrote: ญญป is it possible to disable using ipfw so people won't be able to traceroute ญญป me? ญญป ญญป ญญป ญญป To Unsubscribe: send mail to majordomo@FreeBSD.org ญญป with "unsubscribe freebsd-isp" in the body of the message ญญป To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 25 12:40:26 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail1.home.nl (mail1.home.nl [213.51.129.225]) by hub.freebsd.org (Postfix) with ESMTP id CCFAA37B401 for ; Mon, 25 Jun 2001 12:40:22 -0700 (PDT) (envelope-from nascar24@home.nl) Received: from testuser ([213.51.193.168]) by mail1.home.nl (InterMail vM.4.01.03.00 201-229-121) with SMTP id <20010625194021.OUI22865.mail1.home.nl@testuser> for ; Mon, 25 Jun 2001 21:40:21 +0200 Message-ID: <014001c0fdaa$cd50b4e0$0900a8c0@testuser> From: "Marcel Dijk" Cc: References: <00bc01c0fdad$9ac03070$9865fea9@book> Subject: webalizer Date: Mon, 25 Jun 2001 21:12:39 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org (i hope this is the correct mailing list) Hello, I have installed Webalizer and it's producing some nice reports. But I have one problem. I want to show these reports to the world via my site. But when I place a link to webalizer genereated index.html the user sees a FORBIDDEN 403 error in their browser. What permissions do I have to set so that they can see them? And how do I do that. TIA, Marcel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 25 12:50:39 2001 Delivered-To: freebsd-isp@freebsd.org Received: from db.nexgen.com (db.nexgen.com [64.81.208.78]) by hub.freebsd.org (Postfix) with SMTP id 8C44537B407 for ; Mon, 25 Jun 2001 12:50:31 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 14140 invoked from network); 25 Jun 2001 19:51:19 -0000 Received: from localhost.nexgen.com (HELO book) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 25 Jun 2001 19:51:19 -0000 Message-ID: <017a01c0fdb0$1ff51240$9865fea9@book> From: "alexus" To: "Igor Podlesny" Cc: , References: <006a01c0fb6b$2d64d830$9865fea9@book> <13760134158.20010623111308@morning.ru> Subject: Re: disable traceroute to my host Date: Mon, 25 Jun 2001 15:50:45 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org thanks a lot for this whole explanation, i appreciate everyone on the list for taking time to explain how basics works.. i'm trying to read books, manuals, internet for all those things but not everything makes sense, although when real person explains it helps me a lot better thanks everyone ----- Original Message ----- From: "Igor Podlesny" To: "alexus" Cc: ; Sent: Saturday, June 23, 2001 12:13 AM Subject: Re: disable traceroute to my host > > > is it possible to disable using ipfw so people won't be able to traceroute > > me? > > Yes, of course. > > You should know how do traceroute-like utilities work. > > The knowledge can be easily extracted from a lot of sources, for e.g. > from Internet, cause you seem to be connected ;) but, it also should > be mentioned that man pages coming with FreeBSD (I guess as well as > with other *NIX-likes OSes) also describe the algo. > > so man traceroute says, that it uses udp ports starting with 33434 and > goes up with every new hop. but this could be easily changed with -p > option. Besides, windows' tracert works using icmp proto, so the > decision isn't here. It lies in what does the box do when answering to > them. It does send 'time exceeded in-transit' icmp message cause TTL > value is set too low to let the packet jump forward. So it is the > answer -- you should disallow it with your ipfw. for e.g. using such > syntax: > > deny icmp from any to any icmptype 11 > > (yeah, you should carefully think about whether or not to use ANY > cause if you're box is a gateway other people will notice your > cutting-edge knowledge cause it will hide not only your host ;) > > This is not the end, alas. unix traceroute will wait for port unreach > icmp so after meeting, it stops and displays the end-point of your > trace. Windows' tracert will wait for normal icmp-echo-reply for the > same purpose. So if you also wish to hide the end point, you need to > disallow this also. I bet you can figure out the way how by yourself, > now. > > P.S. there are also other ways (even more elegant) of doing that in > practice... they called 'stealth routing' and can be implemented via > FreeBSD kernel mechanism (sysctl + built-in kernel support) or with > ipf (ipfilter) > > read the man pages, man, they are freely available... > > -- > Igor mailto:poige@morning.ru > http://poige.nm.ru > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 25 12:53:34 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.tcworks.net (mail.tcworks.net [216.61.218.4]) by hub.freebsd.org (Postfix) with ESMTP id 3B62E37B405 for ; Mon, 25 Jun 2001 12:53:29 -0700 (PDT) (envelope-from ccook@tcworks.net) Received: from tcworks.net (staind.tcworks.net [216.61.218.6]) by mail.tcworks.net (8.10.2/8.10.2) with ESMTP id f5PJk9t93804; Mon, 25 Jun 2001 14:46:09 -0500 (CDT) Message-ID: <3B37978B.9D54A0CB@tcworks.net> Date: Mon, 25 Jun 2001 14:56:59 -0500 From: Chris Cook X-Mailer: Mozilla 4.72 [en] (X11; I; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Marcel Dijk Cc: freebsd-isp@FreeBSD.ORG Subject: Re: webalizer References: <00bc01c0fdad$9ac03070$9865fea9@book> <014001c0fdaa$cd50b4e0$0900a8c0@testuser> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is the wrong list. I will however try to help, this could be a number of things (improperly configured Apache, perms, etc...). Make sure that the index.html file you are trying to view is not owned by root, make sure the owner is the same as your httpd owner. /Chris Marcel Dijk wrote: > > (i hope this is the correct mailing list) > > Hello, > > I have installed Webalizer and it's producing some nice reports. But I have > one problem. I want to show these reports to the world via my site. But when > I place a link to webalizer genereated index.html the user sees a FORBIDDEN > 403 error in their browser. > > What permissions do I have to set so that they can see them? And how do I do > that. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 25 12:55:56 2001 Delivered-To: freebsd-isp@freebsd.org Received: from db.nexgen.com (db.nexgen.com [64.81.208.78]) by hub.freebsd.org (Postfix) with SMTP id CCEA637B407 for ; Mon, 25 Jun 2001 12:55:39 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 14256 invoked from network); 25 Jun 2001 19:56:28 -0000 Received: from localhost.nexgen.com (HELO book) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 25 Jun 2001 19:56:28 -0000 Message-ID: <01a401c0fdb0$d790b3f0$9865fea9@book> From: "alexus" To: "Jewfish" , "Igor Podlesny" Cc: , References: <006a01c0fb6b$2d64d830$9865fea9@book> <13760134158.20010623111308@morning.ru> <3B34EEC8.9010606@jewfish.net> Subject: Re: disable traceroute to my host Date: Mon, 25 Jun 2001 15:55:53 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_01A1_01C0FD8F.505F08D0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_01A1_01C0FD8F.505F08D0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable is there any place on internet where all protocols desicrbed .. like = icmp and all types of icmps? i'd love to read about that ----- Original Message -----=20 From: Jewfish=20 To: Igor Podlesny=20 Cc: alexus ; freebsd-security@FreeBSD.ORG ; freebsd-isp@FreeBSD.ORG=20 Sent: Saturday, June 23, 2001 3:32 PM Subject: Re: disable traceroute to my host These are the rules I have come up with on my own firewall to disable = tracerouting and pinging (something which might not be for everybody), = but allows me to traceroute and pring from the host and recieve all the = responses: allow icmp from any to any in recv ep0 icmptype 0,3,11,14,16,18 allow icmp from any to any out xmit ep0 icmptype 8 ep0 being, of course, my external interface. This seems to qork quite = well for me. Some other ideas were brought up about denying the = "time-to-live-exceeded" icmptype (11) because of packets that may take a = long time to reach the host. However, this is the easiest method I = could come up with using firewall rules. Obviously, these rules also deny ping traffic, which is not = recommended for everyone. However, I have recently gotten a lot of ping = floods, so I enacted this (possibly on a temporary basis) to deal with = this, while still allowing me to ping out (icmptype 8) and recieve the = replies (icmptype 0). James Igor Podlesny wrote: is it possible to disable using ipfw so people won't be able to = tracerouteme? Yes, of course.You should know how do traceroute-like utilities work.The = knowledge can be easily extracted from a lot of sources, for e.g.from = Internet, cause you seem to be connected ;) but, it also shouldbe = mentioned that man pages coming with FreeBSD (I guess as well aswith = other *NIX-likes OSes) also describe the algo.so man traceroute says, = that it uses udp ports starting with 33434 andgoes up with every new = hop. but this could be easily changed with -poption. Besides, windows' = tracert works using icmp proto, so thedecision isn't here. It lies = in what does the box do when answering tothem. It does send 'time = exceeded in-transit' icmp message cause TTLvalue is set too low to = let the packet jump forward. So it is theanswer -- you should disallow = it with your ipfw. for e.g. using suchsyntax:deny icmp from any to any = icmptype 11(yeah, you shou! ld carefully think about whether or not to use ANYcause if you're = box is a gateway other people will notice yourcutting-edge = knowledge cause it will hide not only your host ;)This is not the end, = alas. unix traceroute will wait for port unreachicmp so after = meeting, it stops and displays the end-point of yourtrace. Windows' = tracert will wait for normal icmp-echo-reply for thesame purpose. So = if you also wish to hide the end point, you need todisallow this also. = I bet you can figure out the way how by yourself,now.P.S. there are = also other ways (even more elegant) of doing that inpractice... they = called 'stealth routing' and can be implemented viaFreeBSD kernel = mechanism (sysctl + built-in kernel support) or withipf (ipfilter)read = the man pages, man, they are freely available... ------=_NextPart_000_01A1_01C0FD8F.505F08D0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

is there any place on internet where all protocols = desicrbed=20 .. like icmp and all types of icmps? i'd love to read about=20 that

----- Original Message -----

From:=20 Jewfish=20

To: Igor Podlesny

Cc: alexus ; freebsd-security@FreeBSD.ORG= ;=20 freebsd-isp@FreeBSD.ORG =

Sent: Saturday, June 23, 2001 = 3:32=20 PM

Subject: Re: disable traceroute = to my=20 host

These are the rules I have come up with on my own = firewall to=20 disable tracerouting and pinging (something which might not be for = everybody),=20 but allows me to traceroute and pring from the host and recieve all = the=20 responses:

allow icmp from any to any in recv ep0 icmptype=20 0,3,11,14,16,18
allow icmp from any to any out xmit ep0 icmptype=20 8

ep0 being, of course, my external interface. This seems = to qork=20 quite well for me. Some other ideas were brought up about = denying the=20 "time-to-live-exceeded" icmptype (11) because of packets that may take = a long=20 time to reach the host. However, this is the easiest method I = could come=20 up with using firewall rules.

Obviously, these rules also deny = ping=20 traffic, which is not recommended for everyone. However, I have = recently=20 gotten a lot of ping floods, so I enacted this (possibly on a = temporary basis)=20 to deal with this, while still allowing me to ping out (icmptype 8) = and=20 recieve the replies (icmptype 0).

James

Igor Podlesny = wrote:

is it possible to disable =
using ipfw so people won't be able to =
traceroute
me?


Yes, =
of course.

You should know how do traceroute-like utilities =
work.

The  knowledge can be easily extracted from a lot of =
sources, for e.g.
from  Internet,  cause you seem to be connected ;) =
but, it also should
be  mentioned  that  man pages coming with =
FreeBSD (I guess as well as
with other *NIX-likes OSes) also describe =
the algo.

so man traceroute says, that it uses udp ports starting =
with 33434 and
goes  up  with every new hop. but this could be easily =
changed with -p
option.  Besides,  windows'  tracert  works  using  =
icmp proto, so the
decision isn't here. It lies in what does the box =
do when answering to
them.  It  does send 'time exceeded in-transit' =
icmp message cause TTL
value  is  set  too  low  to let the packet =
jump forward. So it is the
answer  --  you should disallow it with =
your ipfw. for e.g. using such
syntax:

deny icmp from any to =
any icmptype 11

(yeah,  you  shou!
 ld  carefully  think  about whether or not to use ANY
cause  if  =
you're  box  is  a  gateway  other  people will notice =
your
cutting-edge knowledge cause it will hide not only your host =
;)

This  is not the end, alas. unix traceroute will wait for port =
unreach
icmp  so  after  meeting,  it stops and displays the =
end-point of your
trace.  Windows'  tracert will wait for normal =
icmp-echo-reply for the
same  purpose.  So if you also wish to hide =
the end point, you need to
disallow  this also. I bet you can figure =
out the way how by yourself,
now.

P.S.  there  are  also other =
ways (even more elegant) of doing that in
practice...  they  called =
'stealth routing' and can be implemented via
FreeBSD  kernel  =
mechanism  (sysctl + built-in kernel support) or with
ipf =
(ipfilter)

read the man pages, man, they are freely =
available...

------=_NextPart_000_01A1_01C0FD8F.505F08D0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 25 12:56:28 2001 Delivered-To: freebsd-isp@freebsd.org Received: from db.nexgen.com (db.nexgen.com [64.81.208.78]) by hub.freebsd.org (Postfix) with SMTP id 2CC5037B409 for ; Mon, 25 Jun 2001 12:56:07 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 14281 invoked from network); 25 Jun 2001 19:56:55 -0000 Received: from localhost.nexgen.com (HELO book) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 25 Jun 2001 19:56:55 -0000 Message-ID: <01ae01c0fdb0$e7eb8fe0$9865fea9@book> From: "alexus" To: "Brian" , "Jewfish" , "Igor Podlesny" Cc: , References: <006a01c0fb6b$2d64d830$9865fea9@book> <13760134158.20010623111308@morning.ru> <3B34EEC8.9010606@jewfish.net> <003d01c0fc30$053716a0$3324200a@sonicboom.org> Subject: Re: disable traceroute to my host Date: Mon, 25 Jun 2001 15:56:21 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_01AB_01C0FD8F.60AF3660" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_01AB_01C0FD8F.60AF3660 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable well basically i wanted to block all traceroute .. wither its windows or = unix ----- Original Message -----=20 From: Brian=20 To: Jewfish ; Igor Podlesny=20 Cc: alexus ; freebsd-security@FreeBSD.ORG ; freebsd-isp@FreeBSD.ORG=20 Sent: Saturday, June 23, 2001 6:01 PM Subject: Re: disable traceroute to my host Arent u leaving out some details, like for example windows tracert is = icmp based, whereas unix traces are udp.. Bri ----- Original Message -----=20 From: Jewfish=20 To: Igor Podlesny=20 Cc: alexus ; freebsd-security@FreeBSD.ORG ; freebsd-isp@FreeBSD.ORG=20 Sent: Saturday, June 23, 2001 12:32 PM Subject: Re: disable traceroute to my host These are the rules I have come up with on my own firewall to = disable tracerouting and pinging (something which might not be for = everybody), but allows me to traceroute and pring from the host and = recieve all the responses: allow icmp from any to any in recv ep0 icmptype 0,3,11,14,16,18 allow icmp from any to any out xmit ep0 icmptype 8 ep0 being, of course, my external interface. This seems to qork = quite well for me. Some other ideas were brought up about denying the = "time-to-live-exceeded" icmptype (11) because of packets that may take a = long time to reach the host. However, this is the easiest method I = could come up with using firewall rules. Obviously, these rules also deny ping traffic, which is not = recommended for everyone. However, I have recently gotten a lot of ping = floods, so I enacted this (possibly on a temporary basis) to deal with = this, while still allowing me to ping out (icmptype 8) and recieve the = replies (icmptype 0). James Igor Podlesny wrote: is it possible to disable using ipfw so people won't be able to = tracerouteme? Yes, of course.You should know how do traceroute-like utilities work.The = knowledge can be easily extracted from a lot of sources, for e.g.from = Internet, cause you seem to be connected ;) but, it also shouldbe = mentioned that man pages coming with FreeBSD (I guess as well aswith = other *NIX-likes OSes) also describe the algo.so man traceroute says, = that it uses udp ports starting with 33434 andgoes up with every new = hop. but this could be easily changed with -poption. Besides, windows' = tracert works using icmp proto, so thedecision isn't here. It lies = in what does the box do when answering tothem. It does send 'time = exceeded in-transit' icmp message cause TTLvalue is set too low to = let the packet jump forward. So it is theanswer -- you should disallow = it with your ipfw. for e.g. using suchsyntax:deny icmp from any to any = icmptype 11(yeah, you shou! ld carefully think about whether or not to use ANYcause if you're = box is a gateway other people will notice yourcutting-edge = knowledge cause it will hide not only your host ;)This is not the end, = alas. unix traceroute will wait for port unreachicmp so after = meeting, it stops and displays the end-point of yourtrace. Windows' = tracert will wait for normal icmp-echo-reply for thesame purpose. So = if you also wish to hide the end point, you need todisallow this also. = I bet you can figure out the way how by yourself,now.P.S. there are = also other ways (even more elegant) of doing that inpractice... they = called 'stealth routing' and can be implemented viaFreeBSD kernel = mechanism (sysctl + built-in kernel support) or withipf (ipfilter)read = the man pages, man, they are freely available... ------=_NextPart_000_01AB_01C0FD8F.60AF3660 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

well basically i wanted to block all traceroute .. = wither its=20 windows or unix

----- Original Message -----
From:=20 Brian
To: Jewfish ; Igor Podlesny

Cc: alexus ; freebsd-security@FreeBSD.ORG= ;=20 freebsd-isp@FreeBSD.ORG =

Sent: Saturday, June 23, 2001 = 6:01=20 PM

Subject: Re: disable traceroute = to my=20 host

Arent u leaving out some details, = like for=20 example windows tracert is icmp based, whereas unix traces are=20 udp..

Bri

----- Original Message -----
From:=20 Jewfish=20
To: Igor Podlesny

Cc: alexus ; freebsd-security@FreeBSD.ORG= =20 ; freebsd-isp@FreeBSD.ORG =

Sent: Saturday, June 23, 2001 = 12:32=20 PM

Subject: Re: disable = traceroute to my=20 host

These are the rules I have come up with on my own = firewall to=20 disable tracerouting and pinging (something which might not be for=20 everybody), but allows me to traceroute and pring from the host and = recieve=20 all the responses:

allow icmp from any to any in recv ep0 = icmptype=20 0,3,11,14,16,18
allow icmp from any to any out xmit ep0 icmptype=20 8

ep0 being, of course, my external interface. This = seems to=20 qork quite well for me. Some other ideas were brought up about = denying=20 the "time-to-live-exceeded" icmptype (11) because of packets that = may take a=20 long time to reach the host. However, this is the easiest = method I=20 could come up with using firewall rules.

Obviously, these = rules also=20 deny ping traffic, which is not recommended for everyone. = However, I=20 have recently gotten a lot of ping floods, so I enacted this = (possibly on a=20 temporary basis) to deal with this, while still allowing me to ping = out=20 (icmptype 8) and recieve the replies (icmptype = 0).

James

Igor=20 Podlesny wrote:

is it possible to disable = using ipfw so people won't be able to = traceroute
me?

Yes, = of course.

You should know how do traceroute-like utilities = work.

The knowledge can be easily extracted from a lot of = sources, for e.g.
from Internet, cause you seem to be connected ;) = but, it also should
be mentioned that man pages coming with = FreeBSD (I guess as well as
with other *NIX-likes OSes) also describe = the algo.

so man traceroute says, that it uses udp ports starting = with 33434 and
goes up with every new hop. but this could be easily = changed with -p
option. Besides, windows' tracert works using = icmp proto, so the
decision isn't here. It lies in what does the box = do when answering to
them. It does send 'time exceeded in-transit' = icmp message cause TTL
value is set too low to let the packet = jump forward. So it is the
answer -- you should disallow it with = your ipfw. for e.g. using such
syntax:

deny icmp from any to = any icmptype 11

(yeah, you shou! ld carefully think about whether or not to use ANY
cause if = you're box is a gateway other people will notice = your
cutting-edge knowledge cause it will hide not only your host = ;)

This is not the end, alas. unix traceroute will wait for port = unreach
icmp so after meeting, it stops and displays the = end-point of your
trace. Windows' tracert will wait for normal = icmp-echo-reply for the
same purpose. So if you also wish to hide = the end point, you need to
disallow this also. I bet you can figure = out the way how by yourself,
now.

P.S. there are also other = ways (even more elegant) of doing that in
practice... they called = 'stealth routing' and can be implemented via
FreeBSD kernel = mechanism (sysctl + built-in kernel support) or with
ipf = (ipfilter)

read the man pages, man, they are freely = available...

------=_NextPart_000_01AB_01C0FD8F.60AF3660-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 25 13: 6:14 2001 Delivered-To: freebsd-isp@freebsd.org Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162]) by hub.freebsd.org (Postfix) with SMTP id CB7A537B401 for ; Mon, 25 Jun 2001 13:06:09 -0700 (PDT) (envelope-from sthaug@nethelp.no) Received: (qmail 90035 invoked by uid 1001); 25 Jun 2001 20:06:07 +0000 (GMT) To: ml@db.nexgen.com Cc: freebsd-security@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG Subject: Re: disable traceroute to my host From: sthaug@nethelp.no In-Reply-To: Your message of "Mon, 25 Jun 2001 15:55:53 -0400" References: <01a401c0fdb0$d790b3f0$9865fea9@book> X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Mon, 25 Jun 2001 22:06:07 +0200 Message-ID: <90033.993499567@verdi.nethelp.no> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > is there any place on internet where all protocols desicrbed .. like icmp and all types of icmps? i'd love to read about that www.rfc-editor.org is a good place to start. Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 25 13:10: 9 2001 Delivered-To: freebsd-isp@freebsd.org Received: from db.nexgen.com (db.nexgen.com [64.81.208.78]) by hub.freebsd.org (Postfix) with SMTP id F414C37B406 for ; Mon, 25 Jun 2001 13:10:00 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 14599 invoked from network); 25 Jun 2001 20:10:49 -0000 Received: from localhost.nexgen.com (HELO book) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 25 Jun 2001 20:10:49 -0000 Message-ID: <027401c0fdb2$d8d7ef10$9865fea9@book> From: "alexus" To: Cc: , References: <01a401c0fdb0$d790b3f0$9865fea9@book> <90033.993499567@verdi.nethelp.no> Subject: Re: disable traceroute to my host Date: Mon, 25 Jun 2001 16:10:14 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org thank you ----- Original Message ----- From: To: Cc: ; Sent: Monday, June 25, 2001 4:06 PM Subject: Re: disable traceroute to my host > > is there any place on internet where all protocols desicrbed .. like icmp and all types of icmps? i'd love to read about that > > www.rfc-editor.org > > is a good place to start. > > Steinar Haug, Nethelp consulting, sthaug@nethelp.no > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 25 14:39: 5 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.cableaz.com (mail.cableaz.com [63.241.154.20]) by hub.freebsd.org (Postfix) with ESMTP id 778EC37B406 for ; Mon, 25 Jun 2001 14:39:02 -0700 (PDT) (envelope-from jeremy@cableaz.com) Received: from caz ([63.241.150.19]) by mail.cableaz.com (Build 101 8.9.3/NT-8.9.3) with SMTP id OAA03717 for ; Mon, 25 Jun 2001 14:14:53 -0700 Message-ID: <001301c0fdbd$261f36c0$1396f13f@caz> From: "Jeremy Buckner" Cc: Subject: Web Interface for adduser Date: Mon, 25 Jun 2001 14:23:55 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 Disposition-Notification-To: "Jeremy Buckner" X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hey all, quick question.. I have a new mail\web server running 4.3. Everything is cool there but I was wondering if there was some sort of html interface (or something else) that would allow my help desk techs to add and remove users ONLY without having to ssh into the box and su to root. I think about the latter and my mind spins with the potential security risks. Can anyone help? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 25 14:42:29 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ns.sysr.com (ns.sysr.com [208.178.138.1]) by hub.freebsd.org (Postfix) with ESMTP id 5944337B40D for ; Mon, 25 Jun 2001 14:42:27 -0700 (PDT) (envelope-from cblevins@sysr.com) Received: from localhost (cblevins@localhost) by ns.sysr.com (8.11.1/8.9.2) with ESMTP id f5PLU6920760; Mon, 25 Jun 2001 17:30:07 -0400 (EDT) (envelope-from cblevins@sysr.com) Date: Mon, 25 Jun 2001 17:30:06 -0400 (EDT) From: Carol Blevins To: Jeremy Buckner Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Web Interface for adduser In-Reply-To: <001301c0fdbd$261f36c0$1396f13f@caz> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org webmin may do the trick http://www.webmin.com/webmin ************************************** * It is a little known fact that the * * Y1K bug caused the dark ages. * ************************************** On Mon, 25 Jun 2001, Jeremy Buckner wrote: > Hey all, quick question.. I have a new mail\web server > running 4.3. Everything is cool there but I was wondering if > there was some sort of html interface (or something else) > that would allow my help desk techs to add and remove users > ONLY without having to ssh into the box and su to root. I > think about the latter and my mind spins with the potential > security risks. Can anyone help? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 25 15: 5:44 2001 Delivered-To: freebsd-isp@freebsd.org Received: from wolf.ncia.net (wolf.ncia.net [207.140.8.22]) by hub.freebsd.org (Postfix) with ESMTP id C8E5737B415 for ; Mon, 25 Jun 2001 15:05:35 -0700 (PDT) (envelope-from rjtaylor@ncia.net) Received: from localhost (rjtaylor@localhost) by wolf.ncia.net (8.11.3/8.11.3) with ESMTP id f5PM5Yj19107; Mon, 25 Jun 2001 18:05:34 -0400 Date: Mon, 25 Jun 2001 18:05:33 -0400 (EDT) From: Ryan Taylor To: Cc: Jeremy Buckner Subject: Re: Web Interface for adduser In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > On Mon, 25 Jun 2001, Jeremy Buckner wrote: > > > Hey all, quick question.. I have a new mail\web server > > running 4.3. Everything is cool there but I was wondering if > > there was some sort of html interface (or something else) > > that would allow my help desk techs to add and remove users > > ONLY without having to ssh into the box and su to root. I > > think about the latter and my mind spins with the potential > > security risks. Can anyone help? > > > On Mon, 25 Jun 2001, Carol Blevins wrote: > > webmin may do the trick http://www.webmin.com/webmin > > ************************************** > * It is a little known fact that the * > * Y1K bug caused the dark ages. * > ************************************** > You might also try using sudo (ports/security/sudo/) to allow specific techs to execute only certain programs as root: "sudo adduser", "sudo rmuser". RJ --------------------- Ryan J. Taylor Systems/Network Administrator NCIA rj@ncia.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 25 15: 9:10 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smtp.pace.edu (ntutil.pace.edu [205.232.111.9]) by hub.freebsd.org (Postfix) with ESMTP id A245D37B406 for ; Mon, 25 Jun 2001 15:09:07 -0700 (PDT) (envelope-from js43064n@pace.edu) Received: from stmail.pace.edu (205.232.111.7:3626) by smtp.pace.edu (LSMTP for Windows NT v1.1b) with SMTP id <0.A8A70BE9@smtp.pace.edu>; Mon, 25 Jun 2001 18:09:08 -0400 Date: Mon, 25 Jun 2001 18:09:06 -0400 Message-Id: <200106251809.AA724893880@stmail.pace.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii From: "Jonathan Slivko" Reply-To: X-Sender: To: "Jeremy Buckner" Cc: Subject: Re: Web Interface for adduser X-Mailer: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org While sudo/webmin are good options, it's always a nice (and personal touch) to have a shell script to do that for you. It really shouldn't be that difficult, just create a webform hooked up into a database which remotely adds users every 5 minutes or so, and you should be set. While I have not done this personally, I can further discuss what I believe to be a workable idea in private if anyone is interested. --Jonathan _____________________________________________ Jonathan M. Slivko Technical Support, Black Lotus Communications http://www.blacklotus.net -- check us out! _____________________________________________ ---------- Original Message ---------------------------------- From: "Jeremy Buckner" Date: Mon, 25 Jun 2001 14:23:55 -0700 >Hey all, quick question.. I have a new mail\web server >running 4.3. Everything is cool there but I was wondering if >there was some sort of html interface (or something else) >that would allow my help desk techs to add and remove users >ONLY without having to ssh into the box and su to root. I >think about the latter and my mind spins with the potential >security risks. Can anyone help? > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > ______________________________________________________________________ Sent via the Pace University Mail system at stmail.pace.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 25 16:11:48 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.cableaz.com (mail.cableaz.com [63.241.154.20]) by hub.freebsd.org (Postfix) with ESMTP id 655CA37B401 for ; Mon, 25 Jun 2001 16:11:42 -0700 (PDT) (envelope-from jeremy@cableaz.com) Received: from caz ([63.241.150.19]) by mail.cableaz.com (Build 101 8.9.3/NT-8.9.3) with SMTP id QAA04911; Mon, 25 Jun 2001 16:02:38 -0700 Message-ID: <001501c0fdcc$33b305a0$1396f13f@caz> From: "Jeremy Buckner" To: "Carol Blevins" Cc: References: Subject: Re: Web Interface for adduser Date: Mon, 25 Jun 2001 16:11:43 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 Disposition-Notification-To: "Jeremy Buckner" X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org OMG! That is exactly what I wanted...THank You! thank you! thank you! It's up and running like a champ. JB ----- Original Message ----- From: "Carol Blevins" To: "Jeremy Buckner" Cc: Sent: Monday, June 25, 2001 2:30 PM Subject: Re: Web Interface for adduser > webmin may do the trick http://www.webmin.com/webmin > > ************************************** > * It is a little known fact that the * > * Y1K bug caused the dark ages. * > ************************************** > > On Mon, 25 Jun 2001, Jeremy Buckner wrote: > > > Hey all, quick question.. I have a new mail\web server > > running 4.3. Everything is cool there but I was wondering if > > there was some sort of html interface (or something else) > > that would allow my help desk techs to add and remove users > > ONLY without having to ssh into the box and su to root. I > > think about the latter and my mind spins with the potential > > security risks. Can anyone help? > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 25 18:54: 0 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bilver.wjv.com (dhcp-1-220.n01.orldfl01.us.ra.verio.net [157.238.210.220]) by hub.freebsd.org (Postfix) with ESMTP id 2C0D837B401 for ; Mon, 25 Jun 2001 18:53:48 -0700 (PDT) (envelope-from bill@bilver.wjv.com) Received: (from bill@localhost) by bilver.wjv.com (8.11.1/8.11.1) id f5Q1rk512072; Mon, 25 Jun 2001 21:53:46 -0400 (EDT) (envelope-from bill) Date: Mon, 25 Jun 2001 21:53:45 -0400 From: Bill Vermillion To: freebsd-isp@freebsd.org Cc: Jeremy Buckner Subject: Re: Web Interface for adduser Message-ID: <20010625215345.C11888@wjv.com> Reply-To: bv@wjv.com References: <200106251809.AA724893880@stmail.pace.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200106251809.AA724893880@stmail.pace.edu>; from js43064n@pace.edu on Mon, Jun 25, 2001 at 06:09:06PM -0400 Organization: W.J.Vermillion / Orlando - Winter Park Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Jun 25, 2001 at 06:09:06PM -0400, Jonathan Slivko thus sprach: > While sudo/webmin are good options, it's always a nice (and > personal touch) to have a shell script to do that for you. It > really shouldn't be that difficult, just create a webform hooked > up into a database which remotely adds users every 5 minutes or > so, and you should be set. While I have not done this personally, > I can further discuss what I believe to be a workable idea in > private if anyone is interested. --Jonathan I put up Webmin solely for one purpose, for the office staff to add new mail accounts to a system. The people I was working with were putting full-time connected Ethernet connections in college dorms, and there was a lot of grunt work. However they still screwed some things up. I guess it's ok if you want to do things Webmin's way, but I had so many things set up differntly I disable EVERYTHING execpt adduser for the others, and I kept up my other methods for handling things. I did NOT care for the way it handled DNS. I highly commented all my files so you could take the files and map the network and a tar of the namedb directory was a bit over 1MB, so I may have been the exception. Just go carefully with it, and make sure it is doing thing the way you want them done. > > _____________________________________________ > Jonathan M. Slivko > Technical Support, Black Lotus Communications > http://www.blacklotus.net -- check us out! > _____________________________________________ > > > > > ---------- Original Message ---------------------------------- > From: "Jeremy Buckner" > Date: Mon, 25 Jun 2001 14:23:55 -0700 > > >Hey all, quick question.. I have a new mail\web server > >running 4.3. Everything is cool there but I was wondering if > >there was some sort of html interface (or something else) > >that would allow my help desk techs to add and remove users > >ONLY without having to ssh into the box and su to root. I > >think about the latter and my mind spins with the potential > >security risks. Can anyone help? > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-isp" in the body of the message > > > > > ______________________________________________________________________ > Sent via the Pace University Mail system at stmail.pace.edu > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 26 2:55:48 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by hub.freebsd.org (Postfix) with ESMTP id C44AA37B405 for ; Tue, 26 Jun 2001 02:55:44 -0700 (PDT) (envelope-from LConrad@Go2France.com) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 6FC6016B23 for ; Tue, 26 Jun 2001 11:55:42 +0200 (CEST) Received: from IBM-HIRXKN66F0W.Go2France.com [195.115.185.184] by mail.Go2France.com with ESMTP (SMTPD32-6.06) id ADF8AF0C0124; Tue, 26 Jun 2001 12:03:36 +0200 Message-Id: <5.1.0.14.0.20010626115526.03d31ca0@mail.Go2France.com> X-Sender: LConrad@Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 26 Jun 2001 11:56:37 +0200 To: freebsd-isp@freebsd.org From: Len Conrad Subject: Re: disable traceroute to my host In-Reply-To: <01a401c0fdb0$d790b3f0$9865fea9@book> References: <006a01c0fb6b$2d64d830$9865fea9@book> <13760134158.20010623111308@morning.ru> <3B34EEC8.9010606@jewfish.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >is there any place on internet where all protocols desicrbed .. like icmp >and all types of icmps? i'd love to read about that www.networksorcery.com has a very nice cross-indexed RFC library. Len http://MenAndMice.com/DNS-training http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 26 7:22:15 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smtp1.amigo.net (smtp1.amigo.net [209.94.64.30]) by hub.freebsd.org (Postfix) with ESMTP id 8349437B405 for ; Tue, 26 Jun 2001 07:22:09 -0700 (PDT) (envelope-from randys@amigo.net) Received: from amigo.net (billing.amigo.net [209.94.67.250]) by smtp1.amigo.net (8.11.2/8.11.2) with ESMTP id f5QENn450630 for ; Tue, 26 Jun 2001 08:23:50 -0600 (MDT) (envelope-from randys@amigo.net) Message-ID: <3B389AC5.1040102@amigo.net> Date: Tue, 26 Jun 2001 08:23:01 -0600 From: Randy Smith Organization: Amigo.Net User-Agent: Mozilla/5.0 (X11; U; FreeBSD 4.3-STABLE i386; en-US; rv:0.9.1+) Gecko/20010525 X-Accept-Language: en-us MIME-Version: 1.0 To: freebsd-isp@freebsd.org Subject: Re: Web Interface for adduser References: <200106251809.AA724893880@stmail.pace.edu> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Jonathan Slivko wrote: > While sudo/webmin are good options, it's always a nice (and > personal touch) to have a shell script to do that for you. It > really shouldn't be that difficult, just create a webform hooked > up into a database which remotely adds users every 5 minutes or > so, and you should be set. While I have not done this personally, > I can further discuss what I believe to be a workable idea in > private if anyone is interested. --Jonathan I have done a similar thing to get my billing server to automatically create accounts on my mail server. I works reasonably well and my clients understand when I tell that it will be a few minutes before the system updates. Let me know privatly, if you want a copy of the script. Randy > > _____________________________________________ > Jonathan M. Slivko > Technical Support, Black Lotus Communications > http://www.blacklotus.net -- check us out! > _____________________________________________ > > > > > ---------- Original Message ---------------------------------- > From: "Jeremy Buckner" > Date: Mon, 25 Jun 2001 14:23:55 -0700 > > >>Hey all, quick question.. I have a new mail\web server >>running 4.3. Everything is cool there but I was wondering if >>there was some sort of html interface (or something else) >>that would allow my help desk techs to add and remove users >>ONLY without having to ssh into the box and su to root. I >>think about the latter and my mind spins with the potential >>security risks. Can anyone help? >> >> >>To Unsubscribe: send mail to majordomo@FreeBSD.org >>with "unsubscribe freebsd-isp" in the body of the message >> >> > > > ______________________________________________________________________ > Sent via the Pace University Mail system at stmail.pace.edu > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > -- Randy Smith Amigo.Net Systems Administrator 1-719-589-6100 x 4185 http://www.amigo.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 26 7:33:38 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mx0.gmx.net (mx0.gmx.net [213.165.64.100]) by hub.freebsd.org (Postfix) with SMTP id 2618537B407 for ; Tue, 26 Jun 2001 07:33:34 -0700 (PDT) (envelope-from Harald.Schmalzbauer@gmx.de) Received: (qmail 25818 invoked by uid 0); 26 Jun 2001 14:33:32 -0000 Date: Tue, 26 Jun 2001 16:33:32 +0200 (MEST) From: Harald Schmalzbauer To: freebsd-isp@FreeBSD.ORG MIME-Version: 1.0 Subject: DNS and gTLD-servers X-Priority: 3 (Normal) X-Authenticated-Sender: #0000301138@gmx.net X-Authenticated-IP: [195.27.12.70] Message-ID: <11051.993566012@www33.gmx.net> X-Mailer: WWW-Mail 1.5 (Global Message Exchange) X-Flags: 0001 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hallo all, I have a little problem understanding how the gTLD servers get their entries. In particular, my records are wrong. When I look to the whois database from networksolutions I get my correct NS IPs. But when I query A.GTLD-Servers.net I get old IPs which aren't correct. So where is the updating process broken?? I have a local registrar for my domains and he updated the whois database correctly. Also the nameserver which connected me once give the correct NS IPs. But a fresh lookup to gTLD doesn't work. I can't imagine that there is a person typing the NS IPs into the gTLD database. I think this is done by a robot. But why isn't it working then? The update was made one month ago, so I think it's no matter of time. Can anyone please explain this procedure to me? Thank you, -Harry belenus GmbH Harald Schmalzbauer IT-Engineer Tel: +49 (89) 21979-120 Fax: +49 (89) 21979-111 www.belenus.com _____________________ / Am Fenster rumhไngen? / Als Pinguin abtauchen? / Rennen wie der Teufel? -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net -- GMX Tipp: Machen Sie Ihr Hobby zu Geld bei unserem Partner 1&1! http://profiseller.de/info/index.php3?ac=OM.PS.PS003K00596T0409a To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 26 7:47:26 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by hub.freebsd.org (Postfix) with ESMTP id 4242237B406 for ; Tue, 26 Jun 2001 07:47:22 -0700 (PDT) (envelope-from LConrad@Go2France.com) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 9256E16B1C for ; Tue, 26 Jun 2001 16:47:20 +0200 (CEST) Received: from IBM-HIRXKN66F0W.Go2France.com [195.115.185.184] by mail.Go2France.com with ESMTP (SMTPD32-6.06) id A24FCF110124; Tue, 26 Jun 2001 16:55:11 +0200 Message-Id: <5.1.0.14.0.20010626163623.034b9ec0@mail.Go2France.com> X-Sender: LConrad@Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 26 Jun 2001 16:48:17 +0200 To: freebsd-isp@freebsd.org From: Len Conrad Subject: Re: DNS and gTLD-servers In-Reply-To: <11051.993566012@www33.gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >I have a little problem understanding how the gTLD servers get their >entries. They get it from the xTLD registrars based on the data taken from the domain registration. TLD resource records for anydomain look like: ;delegation data einekleinedomain.de. NS ns1.harald.de. einekleinedomain.de. NS ns2.harald.de. ; ;glue records aka "additional section" in DNS UDP packet ns1.harald.de. A ip.ad.re.ss ns2.harald.de. A ip.ad.re.ss > In particular, my records are wrong. fix em mit der registrar >When I look to the whois database from networksolutions I get my correct NS >IPs. ok, but thatดs an admin database, not a DNS, as you know. >But when I query A.GTLD-Servers.net I get old IPs which aren't correct. Then jump on your registrar with the discprepancy. Maybe he hasnดt uploaded them at all, or is just slow. >So where is the updating process broken?? I have a local registrar Thatดs where der fehler ist, and where you have to fix it. >for my domains and he updated the whois database correctly. He then has a formal, authorized process for updating the parent zone, via the parentดs registry or NIC or whatever. >Also the nameserver which connected me once give the correct NS IPs. But a >fresh lookup to gTLD doesn't work. The only valid delegation data is whatดs in and start with, top down, from the xTLDดs. Everything else is wishful thinking >I can't imagine that there is a person typing the NS IPs into the gTLD >database. well, there isnดt. They use computers. :))) >I think this is done by a robot. But why isn't it working then? only your registrar can help you. >The update was made one month ago, so I think it's no matter of time. yep, way too long. somethingดs upgef@cked. Len http://MenAndMice.com/DNS-training http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 26 10:22:18 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pendragon.tacni.net (mail.tacni.net [216.178.136.165]) by hub.freebsd.org (Postfix) with SMTP id EC62137B409 for ; Tue, 26 Jun 2001 10:22:15 -0700 (PDT) (envelope-from needo@cerebro.superhero.org) Received: (qmail 11265 invoked by alias); 26 Jun 2001 17:22:05 -0000 Received: from unknown (HELO cerebro.superhero.org) (216.201.173.186) by ns2.sohos.net with SMTP; 26 Jun 2001 17:22:05 -0000 Received: (qmail 11876 invoked by uid 1000); 26 Jun 2001 17:22:11 -0000 Date: Tue, 26 Jun 2001 12:22:11 -0500 From: Erich Zigler To: freebsd-isp@freebsd.org Subject: Alphanumeric paging with Mobilecomm Message-ID: <20010626122210.A11806@superhero.org> Mail-Followup-To: Erich Zigler , freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-Eric-Conspiracy: There is no conspiracy. X-Jacob: Hi Jacob! X-Shane: Hi Shane! Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I currently have a Mobilecomm pager. I was wondering if anyone had a script or something of that nature that I could have the monitoring system call so that if a machine went down that I would be paged. Any help would be greatly appreciated. Thank you. -- Erich Zigler To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 26 17:50:34 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.plug.cx (unix-gw.gihs.sa.edu.au [203.63.40.115]) by hub.freebsd.org (Postfix) with ESMTP id 5A8B937B401 for ; Tue, 26 Jun 2001 17:50:31 -0700 (PDT) (envelope-from andrew.reid@plug.cx) Received: from percible.alfred.cx (firewall.gihs.sa.edu.au [192.168.1.1]) by mail.plug.cx (Postfix) with ESMTP id 575B02B7DE for ; Wed, 27 Jun 2001 10:41:44 +0000 (GMT) Subject: Username-based Routing/Filtering From: Andrew Reid To: freebsd-isp@freebsd.org Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/0.10.99 (Preview Release) Date: 27 Jun 2001 10:11:16 +0930 Message-Id: <993602477.1681.11.camel@percible.alfred.cx> Mime-Version: 1.0 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello All, I'm a bit of a FreeBSD convert after using Linux for years, so I'm a bit unclear of the capabilities of FreeBSD in some circumstances. A feature of Linux 2.4 is that you can route/firewall/filter based on the username. For example, if I log in as 'andrew' to my machine, I get to go out to the wide-world via the Microwave link with no restrictions. If I log on as 'someotheruser' I'm shunted out a modem link. My question: Can FreeBSD route based on a username? Will IPFW/IPF filter based on username? Obviously, this is only going to work if the user is logged onto the local workstation. Can someone please clarify this for me? TIA! - andrew -- void signature () { cout << "Andrew Reid -- andrew.reid@plug.cx" << endl ; cout << "Cell: +61 401 946 813" << endl; cout << "Quidquid latine dictum sit, altum viditur" << endl; } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 26 17:52:41 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.tcworks.net (mail.tcworks.net [216.61.218.4]) by hub.freebsd.org (Postfix) with ESMTP id 3C38437B405 for ; Tue, 26 Jun 2001 17:52:38 -0700 (PDT) (envelope-from ccook@tcworks.net) Received: from tcworks.net (staind.tcworks.net [216.61.218.6]) by mail.tcworks.net (8.10.2/8.10.2) with ESMTP id f5R0jHt77195; Tue, 26 Jun 2001 19:45:17 -0500 (CDT) Message-ID: <3B392F2C.4385BC46@tcworks.net> Date: Tue, 26 Jun 2001 19:56:12 -0500 From: Chris Cook X-Mailer: Mozilla 4.72 [en] (X11; I; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Andrew Reid Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Username-based Routing/Filtering References: <993602477.1681.11.camel@percible.alfred.cx> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I believe you will probably want to use jail for this: "man jail". Andrew Reid wrote: > > Hello All, > > I'm a bit of a FreeBSD convert after using Linux for years, so I'm a bit > unclear of the capabilities of FreeBSD in some circumstances. > > A feature of Linux 2.4 is that you can route/firewall/filter based on > the username. > > For example, if I log in as 'andrew' to my machine, I get to go out to > the wide-world via the Microwave link with no restrictions. If I log on > as 'someotheruser' I'm shunted out a modem link. > > My question: > > Can FreeBSD route based on a username? > Will IPFW/IPF filter based on username? > > Obviously, this is only going to work if the user is logged onto the > local workstation. > > Can someone please clarify this for me? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 26 18:34:56 2001 Delivered-To: freebsd-isp@freebsd.org Received: from backup.dagupan.com (www.psysc.org.ph [206.101.69.5]) by hub.freebsd.org (Postfix) with ESMTP id 831DE37B401 for ; Tue, 26 Jun 2001 18:34:54 -0700 (PDT) (envelope-from francisv@dagupan.com) Received: by chat.dagupan.com with Internet Mail Service (5.5.2653.19) id ; Wed, 27 Jun 2001 09:34:47 +0800 Message-ID: <10F29E27A956D511B0940050DA8D86A908F5E5@chat.dagupan.com> From: francisv@dagupan.com To: isp@freebsd.org Subject: Rate limiting for hosted websites Date: Wed, 27 Jun 2001 09:34:37 +0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Is there a toolkit/service for FreeBSD to limit the bandwidth of Apache-hosted websites? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 26 18:35:22 2001 Delivered-To: freebsd-isp@freebsd.org Received: from thehousleys.net (frenchknot.ne.mediaone.net [24.147.224.201]) by hub.freebsd.org (Postfix) with ESMTP id EA9CD37B405 for ; Tue, 26 Jun 2001 18:35:16 -0700 (PDT) (envelope-from jim@thehousleys.net) Received: (from root@localhost) by thehousleys.net (8.11.3/8.11.2) id f5R1Xn233898; Tue, 26 Jun 2001 21:33:49 -0400 (EDT) (envelope-from jim@thehousleys.net) Received: from thehousleys.net (baby.int.thehousleys.net [192.168.0.24]) (authenticated) by thehousleys.net (8.11.3/8.11.3) with ESMTP id f5R1Xlp33887; Tue, 26 Jun 2001 21:33:47 -0400 (EDT) (envelope-from jim@thehousleys.net) Message-ID: <3B3937F2.BD942A74@thehousleys.net> Date: Tue, 26 Jun 2001 21:33:38 -0400 From: James Housley X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Andrew Reid Cc: freebsd-isp@freebsd.org Subject: Re: Username-based Routing/Filtering References: <993602477.1681.11.camel@percible.alfred.cx> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms032279418B728DFCBA677129" X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a cryptographically signed message in MIME format. --------------ms032279418B728DFCBA677129 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Andrew Reid wrote: > > Hello All, > > I'm a bit of a FreeBSD convert after using Linux for years, so I'm a bit > unclear of the capabilities of FreeBSD in some circumstances. > > A feature of Linux 2.4 is that you can route/firewall/filter based on > the username. > > For example, if I log in as 'andrew' to my machine, I get to go out to > the wide-world via the Microwave link with no restrictions. If I log on > as 'someotheruser' I'm shunted out a modem link. > > My question: > > Can FreeBSD route based on a username? > Will IPFW/IPF filter based on username? > man 8 ipfw IPFW can do routing based on UID or GID. What you do from there is up to you, but it is able to be done. Jim -- /"\ ASCII Ribbon Campaign . \ / - NO HTML/RTF in e-mail . X - NO Word docs in e-mail . / \ ----------------------------------------------------------------- jeh@FreeBSD.org http://www.FreeBSD.org The Power to Serve jim@TheHousleys.Net http://www.TheHousleys.net --------------------------------------------------------------------- Unix is very user-friendly. It's just picky who its friends are. --------------ms032279418B728DFCBA677129 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIIBwYJKoZIhvcNAQcCoIIH+DCCB/QCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC BdgwggK8MIICJaADAgECAgMDTCIwDQYJKoZIhvcNAQEEBQAwgZQxCzAJBgNVBAYTAlpBMRUw EwYDVQQIEwxXZXN0ZXJuIENhcGUxFDASBgNVBAcTC0R1cmJhbnZpbGxlMQ8wDQYDVQQKEwZU aGF3dGUxHTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25h bCBGcmVlbWFpbCBSU0EgMTk5OS45LjE2MB4XDTAwMDkyMTE1NDAyOVoXDTAxMDkyMTE1NDAy OVowXjEQMA4GA1UEBBMHSG91c2xleTEOMAwGA1UEKhMFSmFtZXMxFjAUBgNVBAMTDUphbWVz IEhvdXNsZXkxIjAgBgkqhkiG9w0BCQEWE2ppbUB0aGVob3VzbGV5cy5uZXQwgZ8wDQYJKoZI hvcNAQEBBQADgY0AMIGJAoGBAMvwiLzwK732uOEUqWh2yKZpO/Vz5Yfq1xn0uOxi7CZbxZRH RoNbMOOpjOKR8k8jsK9q92SERm/BQ7bpc9Hc6+n0/TpYMKBJWnpt95cm2yyHnycgHd3LJ9QP vUzvI8umjXhBMKDa32OPPEIcrqTpnf3cQTyyIjNtDJOda+cgmo4NAgMBAAGjUTBPMB4GA1Ud EQQXMBWBE2ppbUB0aGVob3VzbGV5cy5uZXQwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSI q/Fgg2ZV9ORYx0YdwGG9I9fDjDANBgkqhkiG9w0BAQQFAAOBgQBVuNZlfOrMlcz0XsGClvQu M/EusYBvbiVqwXu5HC0Gt/6JMxnK8jeYlXYTB0TO9KFreF4GvtlvOWic9gFzSUpUVssVrvZq scrmY0f9LsFq34RAftDQhqVVnCEpyLdLRRwLuisQUUtm/H/Ux89ur8m1ocwalf9CI4rlup3B owRvGTCCAxQwggJ9oAMCAQICAQswDQYJKoZIhvcNAQEEBQAwgdExCzAJBgNVBAYTAlpBMRUw EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhh d3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNp b24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJ ARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw05OTA5MTYxNDAxNDBaFw0wMTA5 MTUxNDAxNDBaMIGUMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRQwEgYD VQQHEwtEdXJiYW52aWxsZTEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0 ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDE5OTkuOS4xNjCB nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAs2lal9TQFgt6tcVd6SGcI3LNEkxL937Px/vK ciT0QlKsV5Xje2F6F4Tn/XI5OJS06u1lp5IGXr3gZfYZu5R5dkw+uWhwdYQc9BF0ALwFLE8J AxcxzPRB1HLGpl3iiESwiy7ETfHw1oU+bPOVlHiRfkDpnNGNFVeOwnPlMN5G9U8CAwEAAaM3 MDUwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAWgBRyScJzNMZV9At2coF+d/SH58ay DjANBgkqhkiG9w0BAQQFAAOBgQBrxlnpMfrptuyxA9jfcnL+kWBI6sZV3XvwZ47GYXDnbcKl N9idtxcoVgWL3Vx1b8aRkMZsZnET0BB8a5FvhuAhNi3B1+qyCa3PLW3Gg1Kb+7v+nIed/Lfp dJLkXJeu/H6syg1vcnpnLGtz9Yb5nfUAbvQdB86dnoJjKe+TCX5V3jGCAfcwggHzAgEBMIGc MIGUMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRQwEgYDVQQHEwtEdXJi YW52aWxsZTEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNl czEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDE5OTkuOS4xNgIDA0wiMAkGBSsO AwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDEw NjI3MDEzMzQxWjAjBgkqhkiG9w0BCQQxFgQUu9wg99Z+gqQhvJGNnDGblgnnfGAwUgYJKoZI hvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwBwYFKw4DAgcwDQYIKoZI hvcNAwICAUAwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEgYDH3KVkEI/1RIIl6uaE iRt4xZ3fMwJ2tk4kQxtE9Z4r0arWtxZ7suRMDOpbpzvt5OKwPwDuvof6mZbTKtCV3+YGYaOI 21TQFsHAgC+85ug2fdwM1qvyMYmzZmAZgVJkDG5m0E5unlYY0PUJVzPE3F0dlkkZm5CRbsUr 4l7Rb1kLcQ== --------------ms032279418B728DFCBA677129-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 26 18:40:51 2001 Delivered-To: freebsd-isp@freebsd.org Received: from anaconda.acceleratedweb.net (anaconda.acceleratedweb.net [209.51.164.130]) by hub.freebsd.org (Postfix) with SMTP id 4751C37B405 for ; Tue, 26 Jun 2001 18:40:47 -0700 (PDT) (envelope-from simon@optinet.com) Received: (qmail 12937 invoked by uid 106); 27 Jun 2001 01:41:35 -0000 Received: from 66-65-36-21.nyc.rr.com (HELO sharky) (66.65.36.21) by anaconda.acceleratedweb.net with SMTP; 27 Jun 2001 01:41:35 -0000 From: "Simon" To: "francisv@dagupan.com" , "isp@freebsd.org" Date: Tue, 26 Jun 2001 21:40:58 -0400 Reply-To: "Simon" X-Mailer: PMMail 2000 Professional (2.10.2010) For Windows 2000 (5.0.2195) In-Reply-To: <10F29E27A956D511B0940050DA8D86A908F5E5@chat.dagupan.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: Rate limiting for hosted websites Message-Id: <20010627014047.4751C37B405@hub.freebsd.org> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You can either use an apache module, go to http://modules.apache.org/search and search for "throttle" or you can use dummynet (man dummynet), which I recommend as its more efficient. -Simon On Wed, 27 Jun 2001 09:34:37 +0800, francisv@dagupan.com wrote: >Hi, > >Is there a toolkit/service for FreeBSD to limit the bandwidth of >Apache-hosted websites? > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 26 18:43:12 2001 Delivered-To: freebsd-isp@freebsd.org Received: from thehousleys.net (frenchknot.ne.mediaone.net [24.147.224.201]) by hub.freebsd.org (Postfix) with ESMTP id 96BD137B405 for ; Tue, 26 Jun 2001 18:43:08 -0700 (PDT) (envelope-from jim@thehousleys.net) Received: (from root@localhost) by thehousleys.net (8.11.3/8.11.2) id f5R1h7b34197; Tue, 26 Jun 2001 21:43:07 -0400 (EDT) (envelope-from jim@thehousleys.net) Received: from thehousleys.net (baby.int.thehousleys.net [192.168.0.24]) (authenticated) by thehousleys.net (8.11.3/8.11.3) with ESMTP id f5R1h5p34186; Tue, 26 Jun 2001 21:43:05 -0400 (EDT) (envelope-from jim@thehousleys.net) Message-ID: <3B393A29.778A3553@thehousleys.net> Date: Tue, 26 Jun 2001 21:43:05 -0400 From: James Housley X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: francisv@dagupan.com Cc: isp@freebsd.org Subject: Re: Rate limiting for hosted websites References: <10F29E27A956D511B0940050DA8D86A908F5E5@chat.dagupan.com> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms25CFE0C40D4EF0D679BC297E" X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a cryptographically signed message in MIME format. --------------ms25CFE0C40D4EF0D679BC297E Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit francisv@dagupan.com wrote: > > Hi, > > Is there a toolkit/service for FreeBSD to limit the bandwidth of > Apache-hosted websites? > There are two different things you can look at. There is mod_throttle in ports/www. The other option "man 8 ipfw" and read the "TRAFFIC SHAPER CONFIGURATION" section. Jim -- /"\ ASCII Ribbon Campaign . \ / - NO HTML/RTF in e-mail . X - NO Word docs in e-mail . / \ ----------------------------------------------------------------- jeh@FreeBSD.org http://www.FreeBSD.org The Power to Serve jim@TheHousleys.Net http://www.TheHousleys.net --------------------------------------------------------------------- "Eagles may soar, but weasels don't get sucked into jet engines" -- Anon --------------ms25CFE0C40D4EF0D679BC297E Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIIBwYJKoZIhvcNAQcCoIIH+DCCB/QCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC BdgwggK8MIICJaADAgECAgMDTCIwDQYJKoZIhvcNAQEEBQAwgZQxCzAJBgNVBAYTAlpBMRUw EwYDVQQIEwxXZXN0ZXJuIENhcGUxFDASBgNVBAcTC0R1cmJhbnZpbGxlMQ8wDQYDVQQKEwZU aGF3dGUxHTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25h bCBGcmVlbWFpbCBSU0EgMTk5OS45LjE2MB4XDTAwMDkyMTE1NDAyOVoXDTAxMDkyMTE1NDAy OVowXjEQMA4GA1UEBBMHSG91c2xleTEOMAwGA1UEKhMFSmFtZXMxFjAUBgNVBAMTDUphbWVz IEhvdXNsZXkxIjAgBgkqhkiG9w0BCQEWE2ppbUB0aGVob3VzbGV5cy5uZXQwgZ8wDQYJKoZI hvcNAQEBBQADgY0AMIGJAoGBAMvwiLzwK732uOEUqWh2yKZpO/Vz5Yfq1xn0uOxi7CZbxZRH RoNbMOOpjOKR8k8jsK9q92SERm/BQ7bpc9Hc6+n0/TpYMKBJWnpt95cm2yyHnycgHd3LJ9QP vUzvI8umjXhBMKDa32OPPEIcrqTpnf3cQTyyIjNtDJOda+cgmo4NAgMBAAGjUTBPMB4GA1Ud EQQXMBWBE2ppbUB0aGVob3VzbGV5cy5uZXQwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSI q/Fgg2ZV9ORYx0YdwGG9I9fDjDANBgkqhkiG9w0BAQQFAAOBgQBVuNZlfOrMlcz0XsGClvQu M/EusYBvbiVqwXu5HC0Gt/6JMxnK8jeYlXYTB0TO9KFreF4GvtlvOWic9gFzSUpUVssVrvZq scrmY0f9LsFq34RAftDQhqVVnCEpyLdLRRwLuisQUUtm/H/Ux89ur8m1ocwalf9CI4rlup3B owRvGTCCAxQwggJ9oAMCAQICAQswDQYJKoZIhvcNAQEEBQAwgdExCzAJBgNVBAYTAlpBMRUw EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhh d3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNp b24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJ ARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw05OTA5MTYxNDAxNDBaFw0wMTA5 MTUxNDAxNDBaMIGUMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRQwEgYD VQQHEwtEdXJiYW52aWxsZTEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0 ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDE5OTkuOS4xNjCB nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAs2lal9TQFgt6tcVd6SGcI3LNEkxL937Px/vK ciT0QlKsV5Xje2F6F4Tn/XI5OJS06u1lp5IGXr3gZfYZu5R5dkw+uWhwdYQc9BF0ALwFLE8J AxcxzPRB1HLGpl3iiESwiy7ETfHw1oU+bPOVlHiRfkDpnNGNFVeOwnPlMN5G9U8CAwEAAaM3 MDUwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAWgBRyScJzNMZV9At2coF+d/SH58ay DjANBgkqhkiG9w0BAQQFAAOBgQBrxlnpMfrptuyxA9jfcnL+kWBI6sZV3XvwZ47GYXDnbcKl N9idtxcoVgWL3Vx1b8aRkMZsZnET0BB8a5FvhuAhNi3B1+qyCa3PLW3Gg1Kb+7v+nIed/Lfp dJLkXJeu/H6syg1vcnpnLGtz9Yb5nfUAbvQdB86dnoJjKe+TCX5V3jGCAfcwggHzAgEBMIGc MIGUMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRQwEgYDVQQHEwtEdXJi YW52aWxsZTEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNl czEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDE5OTkuOS4xNgIDA0wiMAkGBSsO AwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDEw NjI3MDE0MzA1WjAjBgkqhkiG9w0BCQQxFgQUy4PqsZ7hPiWjmhZQfBfOaKXz8nwwUgYJKoZI hvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwBwYFKw4DAgcwDQYIKoZI hvcNAwICAUAwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEgYANQGy4JJEfulaODwME 71MEtv/Z+U76bJ3ex8roo6Io18K2Wvuyk/BGxOD/FrRdknnXsgZIqKNPelSsSRxUHoJlmpG4 vS01YcfKwIDH39HDj45IIVPDxM7UHbZvtQFi/YiNkUsOMqtg+mwaCXR7NGXGGi9YTA7uAtUk fkFomGNJXg== --------------ms25CFE0C40D4EF0D679BC297E-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 26 19:20:15 2001 Delivered-To: freebsd-isp@freebsd.org Received: from roulen-gw.morning.ru (roulen-gw.morning.ru [195.161.98.242]) by hub.freebsd.org (Postfix) with ESMTP id 21C0437B405 for ; Tue, 26 Jun 2001 19:20:12 -0700 (PDT) (envelope-from poige@morning.ru) Received: from NIC1 (seven.ld [192.168.11.7]) by roulen-gw.morning.ru (Postfix) with ESMTP id 729A925; Wed, 27 Jun 2001 10:20:10 +0800 (KRAST) Date: Wed, 27 Jun 2001 10:20:27 +0700 From: Igor Podlesny X-Mailer: The Bat! (v1.52 Beta/7) UNREG / CD5BF9353B3B7091 Organization: Morning Network X-Priority: 3 (Normal) Message-ID: <8402634307.20010627102027@morning.ru> To: Andrew Reid Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Username-based Routing/Filtering In-Reply-To: <993602477.1681.11.camel@percible.alfred.cx> References: <993602477.1681.11.camel@percible.alfred.cx> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Hello All, > I'm a bit of a FreeBSD convert after using Linux for years, so I'm a bit > unclear of the capabilities of FreeBSD in some circumstances. > A feature of Linux 2.4 is that you can route/firewall/filter based on > the username. man 8 ipfw /gid /uid P.S. Do people want somebody told them "man xxx"? > For example, if I log in as 'andrew' to my machine, I get to go out to > the wide-world via the Microwave link with no restrictions. If I log on > as 'someotheruser' I'm shunted out a modem link. > My question: > Can FreeBSD route based on a username? > Will IPFW/IPF filter based on username? > Obviously, this is only going to work if the user is logged onto the > local workstation. > Can someone please clarify this for me? > TIA! > - andrew -- Igor mailto:poige@morning.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 26 19:38: 0 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.plug.cx (unix-gw.gihs.sa.edu.au [203.63.40.115]) by hub.freebsd.org (Postfix) with ESMTP id 7B3C537B401 for ; Tue, 26 Jun 2001 19:37:58 -0700 (PDT) (envelope-from andrew.reid@plug.cx) Received: from percible.alfred.cx (firewall.gihs.sa.edu.au [192.168.1.1]) by mail.plug.cx (Postfix) with ESMTP id E6BB52B7DE; Wed, 27 Jun 2001 11:53:07 +0000 (GMT) Subject: Re: Rate limiting for hosted websites From: Andrew Reid To: francisv@dagupan.com Cc: isp@freebsd.org In-Reply-To: <10F29E27A956D511B0940050DA8D86A908F5E5@chat.dagupan.com> References: <10F29E27A956D511B0940050DA8D86A908F5E5@chat.dagupan.com> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/0.10.99 (Preview Release) Date: 27 Jun 2001 11:26:08 +0930 Message-Id: <993606969.1681.14.camel@percible.alfred.cx> Mime-Version: 1.0 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 27 Jun 2001 09:34:37 +0800, francisv@dagupan.com wrote: > Is there a toolkit/service for FreeBSD to limit the bandwidth of > Apache-hosted websites? There is a bandwidth throttling module for Apache, or you could use IPFW, assuming they're not Name-based hosts, I'd imagine. - andrew -- void signature () { cout << "Andrew Reid -- andrew.reid@plug.cx" << endl ; cout << "Cell: +61 401 946 813" << endl; cout << "Quidquid latine dictum sit, altum viditur" << endl; } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 26 19:45:41 2001 Delivered-To: freebsd-isp@freebsd.org Received: from backup.dagupan.com (www.psysc.org.ph [206.101.69.5]) by hub.freebsd.org (Postfix) with ESMTP id EAB8A37B406 for ; Tue, 26 Jun 2001 19:45:37 -0700 (PDT) (envelope-from francisv@dagupan.com) Received: by chat.dagupan.com with Internet Mail Service (5.5.2653.19) id ; Wed, 27 Jun 2001 10:45:29 +0800 Message-ID: <10F29E27A956D511B0940050DA8D86A908F5EA@chat.dagupan.com> From: francisv@dagupan.com To: jim@thehousleys.net Cc: isp@freebsd.org Subject: RE: Rate limiting for hosted websites Date: Wed, 27 Jun 2001 10:45:21 +0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thanks! -----Original Message----- From: James Housley [mailto:jim@thehousleys.net] Sent: Wednesday, June 27, 2001 9:43 AM To: francisv@dagupan.com Cc: isp@freebsd.org Subject: Re: Rate limiting for hosted websites francisv@dagupan.com wrote: > > Hi, > > Is there a toolkit/service for FreeBSD to limit the bandwidth of > Apache-hosted websites? > There are two different things you can look at. There is mod_throttle in ports/www. The other option "man 8 ipfw" and read the "TRAFFIC SHAPER CONFIGURATION" section. Jim -- /"\ ASCII Ribbon Campaign . \ / - NO HTML/RTF in e-mail . X - NO Word docs in e-mail . / \ ----------------------------------------------------------------- jeh@FreeBSD.org http://www.FreeBSD.org The Power to Serve jim@TheHousleys.Net http://www.TheHousleys.net --------------------------------------------------------------------- "Eagles may soar, but weasels don't get sucked into jet engines" -- Anon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 27 2:56: 9 2001 Delivered-To: freebsd-isp@freebsd.org Received: from backup.dagupan.com (www.psysc.org.ph [206.101.69.5]) by hub.freebsd.org (Postfix) with ESMTP id 1A28437B401 for ; Wed, 27 Jun 2001 02:56:06 -0700 (PDT) (envelope-from francisv@dagupan.com) Received: by chat.dagupan.com with Internet Mail Service (5.5.2653.19) id ; Wed, 27 Jun 2001 17:55:57 +0800 Message-ID: <10F29E27A956D511B0940050DA8D86A908F5EE@chat.dagupan.com> From: francisv@dagupan.com To: isp@freebsd.org Subject: Tcp_wrappers? Date: Wed, 27 Jun 2001 17:55:55 +0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, I'm just wondering what happened to Wietse's tcp wrappers on FreeBSD 4.3-STABLE systems -- I could not find it! I went to the ports tree to manually install it but I was barred by the system because it was already part of the base system :/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 27 4:42: 5 2001 Delivered-To: freebsd-isp@freebsd.org Received: from atlas.rccn.net (atlas.rccn.net [193.136.7.1]) by hub.freebsd.org (Postfix) with SMTP id 1E0D137B405 for ; Wed, 27 Jun 2001 04:41:57 -0700 (PDT) (envelope-from jpsp@fccn.pt) Received: (qmail 44108 invoked from network); 27 Jun 2001 11:41:55 -0000 Received: from dhcp20.fccn.pt (HELO jpsp) (193.136.7.220) by atlas.rccn.net with SMTP; 27 Jun 2001 11:41:55 -0000 Message-ID: <078501c0fefe$4a803b80$dc0788c1@jpsp> From: =?iso-8859-1?Q?Jo=E3o_Pagaime?= To: Subject: RIP and 2 NICs - redundancy? Date: Wed, 27 Jun 2001 12:42:48 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello all, I would like my servers to have two NICs and be able to switch from one to other if there's something wrong with IP connectivity to the world (not the presence or absense of physical link) on one interface. On the subject IP networks I have available, the routers annouce the default route through RIP. The host has a RIP process and thatดs all working fine: it does acquire a working default route automatically. The host has 2 NICs with 2 different IP address from the same network. So, in practice, it has 2 routes to the same gateway, but only one is in use at a given particular time. The problem is: If I disconnect the NIC thatดs being used to reach the gateway, and after a while, the host doesn't begin to prefer to use the other NIC... The problem, I suspect, is that the routes continue to reach the RIP process (through the working NIC) and it doesnดt really care from what NIC does the information come from, and so, it doesn't introduce a penality (by timing out) on the route of the "broken" NIC. Any ideias? Thanks for your time, Joใo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 27 8:12:57 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ns2.sysadmin-inc.com (ns2.sysadmin-inc.com [209.16.228.145]) by hub.freebsd.org (Postfix) with SMTP id 2B65437B401 for ; Wed, 27 Jun 2001 08:12:52 -0700 (PDT) (envelope-from peter@sysadmin-inc.com) Received: (qmail 75961 invoked by alias); 27 Jun 2001 15:12:50 -0000 Received: from unknown (HELO 98wkst) (10.10.1.70) by ns2.sysadmin-inc.com with SMTP; 27 Jun 2001 15:12:50 -0000 From: "Peter Brezny" To: "Igor Podlesny" Cc: Subject: RE: Username-based Routing/Filtering Date: Wed, 27 Jun 2001 11:12:05 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <8402634307.20010627102027@morning.ru> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yes, I want someone to tell me man 'xxx' 'cause sometimes I just don't know where to look, and I'd rather get that than nothing! Peter Brezny SysAdmin Services Inc. -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Igor Podlesny Sent: Tuesday, June 26, 2001 11:20 PM To: Andrew Reid Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Username-based Routing/Filtering > Hello All, > I'm a bit of a FreeBSD convert after using Linux for years, so I'm a bit > unclear of the capabilities of FreeBSD in some circumstances. > A feature of Linux 2.4 is that you can route/firewall/filter based on > the username. man 8 ipfw /gid /uid P.S. Do people want somebody told them "man xxx"? > For example, if I log in as 'andrew' to my machine, I get to go out to > the wide-world via the Microwave link with no restrictions. If I log on > as 'someotheruser' I'm shunted out a modem link. > My question: > Can FreeBSD route based on a username? > Will IPFW/IPF filter based on username? > Obviously, this is only going to work if the user is logged onto the > local workstation. > Can someone please clarify this for me? > TIA! > - andrew -- Igor mailto:poige@morning.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 27 8:34:35 2001 Delivered-To: freebsd-isp@freebsd.org Received: from trinity.magpage.com (trinity.magpage.com [216.155.0.8]) by hub.freebsd.org (Postfix) with ESMTP id 352B837B406 for ; Wed, 27 Jun 2001 08:34:32 -0700 (PDT) (envelope-from dfrazier@magpage.com) Received: from magpage.com (dfrazier@poomba.magpage.com [216.155.24.136]) by trinity.magpage.com (8.11.3/8.11.3) with ESMTP id f5RFYM749400; Wed, 27 Jun 2001 11:34:22 -0400 (EDT) Message-ID: <3B39FCFB.66DF666D@magpage.com> Date: Wed, 27 Jun 2001 11:34:19 -0400 From: Daniel Frazier X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: francisv@dagupan.com Cc: isp@FreeBSD.ORG Subject: Re: Tcp_wrappers? References: <10F29E27A956D511B0940050DA8D86A908F5EE@chat.dagupan.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-RRT-Status: UNKNOWN Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org francisv@dagupan.com wrote: > > Hi all, > > I'm just wondering what happened to Wietse's tcp wrappers on FreeBSD > 4.3-STABLE systems -- I could not find it! I went to the ports tree to > manually install it but I was barred by the system because it was already > part of the base system :/ > man inetd.conf tcp-wrappers *is* part of the base system and is enabled by default for services run by inetd by the inetd_flags line in /etc/defaults/rc.conf. For services not run thru inetd, like sshd, tcp-wrappers support is generally there by default, assuming the daemon was compiled with libwrap support. check out man sshd. What all this means is that you can usually just configure /etc/hosts.allow and the services you include will be wrapped. hope this helps... -- ---------------------------------------------------------------------- Daniel Frazier Tel: 302-239-5900 Ext. 231 Systems Administrator Fax: 302-239-3909 MAGPAGE, We Power the Internet WWW: http://www.magpage.com/ "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, Historical Review of Pennsylvania, 1759. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 27 9:23: 1 2001 Delivered-To: freebsd-isp@freebsd.org Received: from imo-m06.mx.aol.com (imo-m06.mx.aol.com [64.12.136.161]) by hub.freebsd.org (Postfix) with ESMTP id 2C89037B406 for ; Wed, 27 Jun 2001 09:22:58 -0700 (PDT) (envelope-from Bsdguru@aol.com) Received: from Bsdguru@aol.com by imo-m06.mx.aol.com (mail_out_v31.6.) id y.c5.12a84e3f (25308); Wed, 27 Jun 2001 12:17:40 -0400 (EDT) From: Bsdguru@aol.com Message-ID: Date: Wed, 27 Jun 2001 12:17:40 EDT Subject: Re: Rate limiting for hosted websites To: andrew.reid@plug.cx, freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 5.0 for Windows sub 139 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In a message dated 06/26/2001 10:38:10 PM Eastern Daylight Time, andrew.reid@plug.cx writes: > > Is there a toolkit/service for FreeBSD to limit the bandwidth of > > Apache-hosted websites? > For industrial strength tasks etinc has software which will limit bandwidth, keep stats in a database and generate billing reports. www.etinc.com bryan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 27 9:52:17 2001 Delivered-To: freebsd-isp@freebsd.org Received: from sys.heron.com.pl (sys.heron.com.pl [195.117.24.6]) by hub.freebsd.org (Postfix) with ESMTP id ACB4C37B407 for ; Wed, 27 Jun 2001 09:51:58 -0700 (PDT) (envelope-from robert@heron.pl) Received: from chalupa ([212.244.96.252]) by sys.heron.com.pl (8.9.3/8.9.3/rchk1.22) with SMTP id SAA72269 for ; Wed, 27 Jun 2001 18:56:06 +0200 (CEST) Message-Id: <3.0.2.32.20010627185240.00d3b300@sys.heron.pl> X-Sender: heron@sys.heron.pl X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.2 (32) Date: Wed, 27 Jun 2001 18:52:40 +0200 To: freebsd-isp@freebsd.org From: Robert Heron Subject: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org subscribe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 27 9:58: 7 2001 Delivered-To: freebsd-isp@freebsd.org Received: from sys.heron.com.pl (sys.heron.com.pl [195.117.24.6]) by hub.freebsd.org (Postfix) with ESMTP id 1EDA937B401; Wed, 27 Jun 2001 09:58:00 -0700 (PDT) (envelope-from robert@heron.pl) Received: from chalupa ([212.244.96.252]) by sys.heron.com.pl (8.9.3/8.9.3/rchk1.22) with SMTP id TAA72497; Wed, 27 Jun 2001 19:02:20 +0200 (CEST) Message-Id: <3.0.2.32.20010627185854.00c8df00@sys.heron.pl> X-Sender: heron@sys.heron.pl X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.2 (32) Date: Wed, 27 Jun 2001 18:58:54 +0200 To: freebsd-isp@freebsd.org, freebsd-questions@freebsd.org From: Robert Heron Subject: admin software Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I am looking for software that allows to manage virtual WWW servers, e-mails, aliases, accounts etc. on a FreeBSD internet server. The management should be possible via a WWW interface. It can be a commercial or free software. Could you recommend something interesting? Robert To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 27 10: 7: 1 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail200.swst.com (mail200.swst.com [199.34.16.18]) by hub.freebsd.org (Postfix) with ESMTP id 70C9037B406; Wed, 27 Jun 2001 10:06:52 -0700 (PDT) (envelope-from RClark@swst.com) Received: from assentor1.swst.com (assentor.swst.com [209.51.28.15]) by mail200.swst.com (8.10.2/8.10.2) with ESMTP id f5RH6oF02156; Wed, 27 Jun 2001 12:06:50 -0500 (CDT) Received: from sws_excg3.swst.com (unverified) by assentor1.swst.com (Content Technologies SMTPRS 2.0.15) with ESMTP id ; Wed, 27 Jun 2001 12:07:09 -0500 Received: by sws-excg3.swst.com with Internet Mail Service (5.5.2654.52) id ; Wed, 27 Jun 2001 12:07:11 -0500 Message-Id: From: Ronnie Clark To: "'Robert Heron'" , freebsd-isp@freebsd.org, freebsd-questions@freebsd.org Subject: RE: admin software Date: Wed, 27 Jun 2001 12:04:08 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2654.52) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Have you tried Webmin? This is a total WWW based admin tool that will manage Apache, Sendmail, DNS, Samba, etc. Thank you, Ronnie Clark -----Original Message----- From: Robert Heron [mailto:robert@heron.pl] Sent: Wednesday, June 27, 2001 11:59 AM To: freebsd-isp@FreeBSD.ORG; freebsd-questions@FreeBSD.ORG Subject: admin software Hi, I am looking for software that allows to manage virtual WWW servers, e-mails, aliases, accounts etc. on a FreeBSD internet server. The management should be possible via a WWW interface. It can be a commercial or free software. Could you recommend something interesting? Robert To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 27 14: 7:20 2001 Delivered-To: freebsd-isp@freebsd.org Received: from cx175057-a.ocnsd1.sdca.home.com (cx175057-a.ocnsd1.sdca.home.com [24.13.23.40]) by hub.freebsd.org (Postfix) with ESMTP id EB86137B401 for ; Wed, 27 Jun 2001 14:07:18 -0700 (PDT) (envelope-from bri@sonicboom.org) Received: from localhost (bri@localhost) by cx175057-a.ocnsd1.sdca.home.com (8.11.1/8.11.1) with ESMTP id f5RL7Iu42182 for ; Wed, 27 Jun 2001 14:07:18 -0700 (PDT) (envelope-from bri@sonicboom.org) Date: Wed, 27 Jun 2001 14:07:18 -0700 (PDT) From: Brian X-X-Sender: To: Subject: dual cpu mobos Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Anyone have an opinion on any of the ASUS CUV4X-D or DLS models, or any other multicpu boards?? Brian "Sonic" Whalen Success = Preparation + Opportunity To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 27 14:31: 8 2001 Delivered-To: freebsd-isp@freebsd.org Received: from rhea.worldonline.nl (rhea.worldonline.nl [195.241.48.139]) by hub.freebsd.org (Postfix) with ESMTP id 7969537B401 for ; Wed, 27 Jun 2001 14:31:04 -0700 (PDT) (envelope-from eric@monkey-online.net) Received: from monkey-online.net (unknown [195.241.113.9]) by rhea.worldonline.nl (Postfix) with ESMTP id 56253383EB for ; Wed, 27 Jun 2001 23:30:31 +0200 (MET DST) Message-ID: <3B3A51A1.D800E977@monkey-online.net> Date: Wed, 27 Jun 2001 23:35:29 +0200 From: Eric Veraart X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Subject: Admin user in all groups Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, I manage a server for a webdesign company. For every client (domain) I made a group, ie company.com has the group company. All users of the client were added to that group, and all the files from the websites were writable for that group, so everyone could make changes to the site. Now the webdesign company wants to log-in with one admin user and be able to make updates to all sites, instead of keeping all the passwords of the primary webmasters of the sites. But now when you log-in through SSH it gives: "sshd: admin is in too many groups, using first 16" Anyone got a solution? A secondairy problem is that the users were added as an anonymous user to ProFTPd, so the can't go out of their own dir. But the sites are under the user dirs of the primary webmasters of those sites. I tried to symlink, but somehow Anon FTP wouldn't follow that out of their own root. Maybe there's one simple solution to both of the problems. I would like to hear your comments/ideas. Greetings, Eric To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 27 14:57:46 2001 Delivered-To: freebsd-isp@freebsd.org Received: from inet03.citec.qld.gov.au (inet03.citec.qld.gov.au [203.5.10.10]) by hub.freebsd.org (Postfix) with ESMTP id 2528D37B401 for ; Wed, 27 Jun 2001 14:57:41 -0700 (PDT) (envelope-from sgcccdc@citec.qld.gov.au) Received: by inet03.citec.qld.gov.au; id HAA07901; Thu, 28 Jun 2001 07:57:38 +1000 (EST) Received: from citecub.citec.qld.gov.au( 131.242.4.98) by inet03.citec.qld.gov.au via smap (V2.0) id xma007875; Thu, 28 Jun 01 07:57:33 +1000 Received: from guru.citec.qld.gov.au by citecub.citec.qld.gov.au (SMI-8.6/SMI-SVR4) id HAA23499; Thu, 28 Jun 2001 07:57:29 +1000 Received: from localhost (sgcccdc@localhost) by guru.citec.qld.gov.au (8.9.3/8.9.3) with ESMTP id HAA98011; Thu, 28 Jun 2001 07:57:28 +1000 (EST) (envelope-from sgcccdc@citec.qld.gov.au) X-Authentication-Warning: guru.citec.qld.gov.au: sgcccdc owned process doing -bs Date: Thu, 28 Jun 2001 07:57:28 +1000 (EST) From: Colin Campbell To: Eric Veraart Cc: Subject: Re: Admin user in all groups In-Reply-To: <3B3A51A1.D800E977@monkey-online.net> Message-ID: