From owner-freebsd-isp Sun Apr 16 2:37:23 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ns.internet.dk (ns.internet.dk [194.19.140.1]) by hub.freebsd.org (Postfix) with ESMTP id 0863137B78A for ; Sun, 16 Apr 2000 02:37:19 -0700 (PDT) (envelope-from leifn@neland.dk) Received: (from uucp@localhost) by ns.internet.dk (8.9.2/8.9.3) with UUCP id LAA58011 for freebsd-isp@freebsd.org; Sun, 16 Apr 2000 11:37:18 +0200 (CEST) (envelope-from leifn@neland.dk) Received: from localhost (localhost [127.0.0.1]) by arnold.neland.dk (8.9.3/8.9.3) with ESMTP id LAA01732 for ; Sun, 16 Apr 2000 11:37:07 +0200 (CEST) (envelope-from leifn@neland.dk) Date: Sun, 16 Apr 2000 11:37:07 +0200 (CEST) From: Leif Neland To: freebsd-isp@freebsd.org Subject: corporate echelon Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Those who must be obeyed wants to capture all outgoing mail. I've got some ideas, partly based on how Amavis can be set up to scan for certain domains: Set up procmail to be smart host, so all outgoing mail goes through my procmail script. This script then does the filing of the outgoing mail. Then I want to deliver this mail to the _real_ smarthost. (I don't need at the moment to deliver this mail myself, delivering to the real smarthost should do.) Just got this idea: just send this mail to sendmail with another sendmail.cf with the real smarthost. Any other ideas? Leif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Apr 16 4:19:49 2000 Delivered-To: freebsd-isp@freebsd.org Received: from neva.vlink.ru (neva.vlink.ru [195.9.70.8]) by hub.freebsd.org (Postfix) with ESMTP id A272037B8FD for ; Sun, 16 Apr 2000 04:19:44 -0700 (PDT) (envelope-from dsh@neva.vlink.ru) Received: by neva.vlink.ru (Postfix, from userid 1000) id CFB5E9BC08; Sun, 16 Apr 2000 15:19:38 +0400 (MSD) To: freebsd-isp@freebsd.org Subject: jail Mime-Version: 1.0 (generated by tm-edit 1.5) Content-Type: text/plain; charset=US-ASCII From: Denis Shaposhnikov Date: 16 Apr 2000 15:19:38 +0400 Message-ID: <87bt3a5m45.fsf@neva.vlink.ru> Lines: 7 X-Mailer: Gnus v5.6.45/XEmacs 21.1 - "Canyonlands" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Anybody use jail(8)? Can you explain me, how you using it? Can I use jail for executing user's CGI scripts? For creating shell accounts? -- DSS5-RIPE DSS-RIPN 2:550/5068@fidonet 2:550/5069@fidonet mailto:dsh@vlink.ru http://neva.vlink.ru/~dsh Key fingerprint = 46 C8 1B 3B 15 1F 64 B0 38 0B 28 CE B0 75 7B E9 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Apr 17 1: 8:28 2000 Delivered-To: freebsd-isp@freebsd.org Received: from web2105.mail.yahoo.com (web2105.mail.yahoo.com [128.11.68.249]) by hub.freebsd.org (Postfix) with SMTP id EDBA537B825 for ; Mon, 17 Apr 2000 01:08:20 -0700 (PDT) (envelope-from xiyuan@yahoo.com) Received: (qmail 10429 invoked by uid 60001); 17 Apr 2000 08:08:19 -0000 Message-ID: <20000417080819.10428.qmail@web2105.mail.yahoo.com> Received: from [202.101.31.187] by web2105.mail.yahoo.com; Mon, 17 Apr 2000 01:08:19 PDT Date: Mon, 17 Apr 2000 01:08:19 -0700 (PDT) From: xiyuan qian Subject: Re: mail relay problem To: tim@spanner.net Cc: xiyuan@career.com.cn MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="0-1804289383-955958899=:10419" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --0-1804289383-955958899=:10419 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, thanks a lot. but I have no luck to let it work as you told me. So I attach the freebsd.mc file that I used to m4 make my sendmail.cf. Maybe you can check it and help me to find out why! Best regaurds! --xiyuan --- tim@spanner.net wrote: > You should have a /etc/mail/access file, which you > can set up your relay > hosts in. > It is simply a matter of adding your subnet(s) to > the file. > > eg. > > 127.0.0.1 RELAY > 203.54.200 RELAY > > Then: > > makmap hash access.db < access > killall -1 sendmail > > > Tim. > > ----- Original Message ----- > From: xiyuan qian > To: > Sent: Thursday, April 13, 2000 7:46 PM > Subject: mail relay problem > > > > Hi, as an isp, I have many dialer users. My SMTP > serve > > > > run with NO relay denied.So, recently I find > someone > > > > outside my net send many emails with my server. I > > > > think it is time to modify my sendmail.cf. I read > the > > > > www.sendmail.org pages about anti-spam setup. But > when > > > > > > I config my server as it told, that is enable > un-delay > > > > > > by default and add a relay-domain file to > /etc/mail > > > > dir, my dialer users complaied that they can not > send > > > > emails. I can only send out the email right at the > > > > > server. How to solve this ? How can I tell the > endmail > > > > let the dialer users of mine send out the emails > and > > > > deny those who do not belong to my net? > > > > > > Best regaurds! > > > > > > __________________________________________________ > > Do You Yahoo!? > > Send online invitations with Yahoo! Invites. > > http://invites.yahoo.com > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the > message > > > > __________________________________________________ Do You Yahoo!? Send online invitations with Yahoo! Invites. http://invites.yahoo.com --0-1804289383-955958899=:10419 Content-Type: text/plain; name="freebsd.mc" Content-Description: freebsd.mc Content-Disposition: inline; filename="freebsd.mc" divert(-1) # # Copyright (c) 1983 Eric P. Allman # Copyright (c) 1988, 1993 # The Regents of the University of California. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. All advertising materials mentioning features or use of this software # must display the following acknowledgement: # This product includes software developed by the University of # California, Berkeley and its contributors. # 4. Neither the name of the University nor the names of its contributors # may be used to endorse or promote products derived from this software # without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # This is a generic configuration file for 4.4 BSD-based systems. # If you want to customize it, copy it to a name appropriate for your # environment and do the modifications there. # # The best documentation for this .mc file is: # /usr/src/contrib/sendmail/cf/README # divert(0)dnl VERSIONID(`@(#)freebsd.mc $Revision: 1.4 $') OSTYPE(bsd4.4)dnl DOMAIN(generic)dnl FEATURE(relay_based_on_MX)dnl FEATURE(mailertable, `hash -o /etc/mail/mailertable')dnl FEATURE(access_db, hash -o /etc/mail/access')dnl FEATURE(blacklist_recipients)dnl FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')dnl dnl Uncomment to activate Realtime Blackhole List (recommended!) dnl FEATURE(rbl)dnl FEATURE(local_lmtp)dnl define(`LOCAL_MAILER_FLAGS', LOCAL_MAILER_FLAGS`'P)dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw')dnl define(`confNO_RCPT_ACTION', `add-to-undisclosed')dnl define(`confMAX_MIME_HEADER_LENGTH', `256/128')dnl MAILER(local)dnl MAILER(smtp)dnl --0-1804289383-955958899=:10419-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Apr 17 3:13:35 2000 Delivered-To: freebsd-isp@freebsd.org Received: from naiad.eclipse.net.uk (naiad.eclipse.net.uk [195.188.32.29]) by hub.freebsd.org (Postfix) with ESMTP id 0E51637B591 for ; Mon, 17 Apr 2000 03:13:33 -0700 (PDT) (envelope-from stuart@eclipse.net.uk) Received: by naiad.eclipse.net.uk (Postfix, from userid 475) id 4013D14217; Mon, 17 Apr 2000 11:14:18 +0100 (BST) Date: Mon, 17 Apr 2000 11:14:18 +0100 From: Stuart Henderson To: Leif Neland Cc: freebsd-isp@freebsd.org Subject: Re: corporate echelon Message-ID: <20000417111418.R88135@naiad.eclipse.net.uk> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/1.1.2i In-Reply-To: ; from leifn@neland.dk on Sun, Apr 16, 2000 at 11:37:07AM +0200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Apr 16, 2000 at 11:37:07AM +0200, Leif Neland wrote: > Those who must be obeyed wants to capture all outgoing mail. ... > Any other ideas? Using Postfix you can do this by adding "always_bcc = foo@bar.com" to main.cf and issuing a "postfix reload". To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Apr 17 8:48:31 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.futuresoft.com (mail.futuresoft.com [199.165.143.4]) by hub.freebsd.org (Postfix) with ESMTP id B00AF37B8E6 for ; Mon, 17 Apr 2000 08:48:18 -0700 (PDT) (envelope-from sysadmin@futuresoft.com) Received: from mark (mark.futuresoft.com [199.165.143.246]) by mail.futuresoft.com (8.9.3/8.9.3) with SMTP id KAA06882 for ; Mon, 17 Apr 2000 10:45:23 -0500 (CDT) (envelope-from sysadmin@futuresoft.com) Message-Id: <3.0.6.32.20000417104816.008f9be0@futuresoft.com> X-Sender: sysadmin@futuresoft.com (Unverified) X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) Date: Mon, 17 Apr 2000 10:48:16 -0500 To: freebsd-isp@freebsd.org From: Chanandler Boing Subject: DNS pulling records from other DNS Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, I'm using the Name Server on our FreeBSD 4.0 machine. It will be an Internet server, so I've put very few DNS records on it (just the web server, mail, etc. because this machine will eventually be accessable from the Internet.) Another server, the Intranet DNS (sadly, a Microsquash NT 4.0 server running DNS and WINS), has complete records for all the machines in our network. The problem is, when I run nslookup to the FreeBSD Internet server and query names that are not on the it (just on the Intranet server), it gives the intranet record. For example: nslookup internal-client.mydomain.com x.x.x.4 DNS request timed out. timeout was 2 seconds. *** Can't find server name for address x.x.x.x: Timed out *** Default servers are not available Server: UnKnown Address: x.x.x.4 Name: internal-client.mydomain.com Address: x.x.x.204 (I've changed the domain name and IP addresses for this email.) Please, does anyone have any idea what is going wrong with my Internet FreeBSD Name Server? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Apr 17 8:55:11 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.squidge.com (ns0.squidge.com [195.10.252.4]) by hub.freebsd.org (Postfix) with ESMTP id 7993D37B79A for ; Mon, 17 Apr 2000 08:55:04 -0700 (PDT) (envelope-from si@mystery-machine.com) Received: from SimonH ([193.133.98.226]) by mail.squidge.com (8.9.3/8.9.3) with SMTP id RAA29851; Mon, 17 Apr 2000 17:00:35 +0100 (BST) (envelope-from si@mystery-machine.com) Message-ID: <025101bfa885$2dc894e0$210110ac@billco.com> Reply-To: "Simon Holliday" From: "Simon Holliday" To: , "Chanandler Boing" References: <3.0.6.32.20000417104816.008f9be0@futuresoft.com> Subject: Re: DNS pulling records from other DNS Date: Mon, 17 Apr 2000 16:53:34 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-Mimeole: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I'm using the Name Server on our FreeBSD 4.0 machine. It will be an > Internet server, so I've put very few DNS records on it (just the web > server, mail, etc. because this machine will eventually be accessable from > the Internet.) Another server, the Intranet DNS (sadly, a Microsquash NT > 4.0 server running DNS and WINS), has complete records for all the machines > in our network. > > The problem is, when I run nslookup to the FreeBSD Internet server and > query names that are not on the it (just on the Intranet server), it gives > the intranet record. For example: > > nslookup internal-client.mydomain.com x.x.x.4 > DNS request timed out. > timeout was 2 seconds. > *** Can't find server name for address x.x.x.x: Timed out > *** Default servers are not available > Server: UnKnown > Address: x.x.x.4 > > Name: internal-client.mydomain.com > Address: x.x.x.204 you can get your FreeBSD nameserver to forward the DNS records on the NT server by adding the address of your NT server in the "options" part of your named.conf file, eg if your NT server is on 10.0.1.1: options { // your options here forwarders { 10.0.1.1; }; } Si. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Apr 17 10:39:55 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.wanlogistics.net (mail.wanlogistics.net [63.209.114.3]) by hub.freebsd.org (Postfix) with ESMTP id 9CA1D37B94B for ; Mon, 17 Apr 2000 10:39:52 -0700 (PDT) (envelope-from bv@mail.wanlogistics.net) Received: (from bv@localhost) by mail.wanlogistics.net (8.9.3/8.9.3) id MAA39745 for freebsd-isp@freebsd.org; Mon, 17 Apr 2000 12:25:47 -0400 (EDT) (envelope-from bv) Message-Id: <200004171625.MAA39745@mail.wanlogistics.net> Subject: Failover question/idea/hint To: freebsd-isp@freebsd.org Date: Mon, 17 Apr 2000 12:25:47 -0400 (EDT) From: bv@wjv.com Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Reply to: bv@wjv.com X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit An old client of mine is bringing up a portal site. They current have a T1 to their location, but the site is going to be put on a server at our co-location facility - which is inside an OC-48 connected facility. They are going to keep theri T1 and the current site as a development site, but they want to be able to use that site as a fail-over site in case the main site goes down. These are through two different major backbone carriers, and I'm not sure how this could be implemented. NS and mail are FreeBSD, their WebServer is running Mac OS X - and they are going to using Solaris and Oracle as the back-end to the web servers. I can't t see that the round-robin DNS approach would work, but if the primary DNS (located at tha main site) goes down, would that be enough to force it to the secondary name server - which I'm thinking could point to the backup site. Any pointers as to text/documeatnion/man-pages or anything would be appreciated. Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Apr 17 12: 6:28 2000 Delivered-To: freebsd-isp@freebsd.org Received: from federation.addy.com (federation.addy.com [208.11.142.20]) by hub.freebsd.org (Postfix) with ESMTP id 208B437B939 for ; Mon, 17 Apr 2000 12:06:25 -0700 (PDT) (envelope-from jim@federation.addy.com) Received: from localhost (jim@localhost) by federation.addy.com (8.9.3/8.9.3) with ESMTP id PAA25999; Mon, 17 Apr 2000 15:06:07 -0400 (EDT) (envelope-from jim@federation.addy.com) Date: Mon, 17 Apr 2000 15:06:07 -0400 (EDT) From: Jim Sander To: bv@wjv.com Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Failover question/idea/hint In-Reply-To: <200004171625.MAA39745@mail.wanlogistics.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > if the primary DNS (located at tha main site) goes down, would that be > enough to force it to the secondary name server - which I'm thinking > could point to the backup site. One possible problem is that certain internet hosts set up their nameservers to querry the secondary server before the primary... at least one ISP I know of does/did that. Why- I suppose they think it's faster? (and maybe it is...) Don't know how common it is, but it *does* happen. It's not so much a problem as something to keep in mind. In other words, don't set up their DNS box to serve out IP of the "backup" site "ahead of time" unless they want synchronization issues and the like. It's a good strategy, but i don't think it can't be as automatic as one might like- unless you layer something over it, or do something else. -=Jim=- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Apr 17 13:55:23 2000 Delivered-To: freebsd-isp@freebsd.org Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162]) by hub.freebsd.org (Postfix) with SMTP id 97D7637B8E5 for ; Mon, 17 Apr 2000 13:55:19 -0700 (PDT) (envelope-from sthaug@nethelp.no) Received: (qmail 44307 invoked by uid 1001); 17 Apr 2000 20:55:16 +0000 (GMT) To: bv@wjv.com Cc: freebsd-isp@freebsd.org Subject: Re: Failover question/idea/hint From: sthaug@nethelp.no In-Reply-To: Your message of "Mon, 17 Apr 2000 12:25:47 -0400 (EDT)" References: <200004171625.MAA39745@mail.wanlogistics.net> X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Mon, 17 Apr 2000 22:55:16 +0200 Message-ID: <44305.956004916@verdi.nethelp.no> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > An old client of mine is bringing up a portal site. They current have > a T1 to their location, but the site is going to be put on a server > at our co-location facility - which is inside an OC-48 connected facility. > > They are going to keep theri T1 and the current site as a development > site, but they want to be able to use that site as a fail-over site > in case the main site goes down. ... > I can't t see that the round-robin DNS approach would work, but if the > primary DNS (located at tha main site) goes down, would that be enough > to force it to the secondary name server - which I'm thinking could > point to the backup site. If by "primary" and "secondary" you mean the normal DNS master and slave servers (this is the current terminology), it won't work: - The master and the slave(s) are supposed to have the *same* data. The slave(s) fetch a copy of the zone data from the master. - The "rest of the world" do not differentiate between master and slave name servers - all they do is choose one of the *authoritative* name servers. Master and slave(s) are all supposed to be authoritative, of course. To put it another way: As seen from the outside, there is no difference between "primary" and "secondary" name servers! Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Apr 17 19:41: 7 2000 Delivered-To: freebsd-isp@freebsd.org Received: from velvet.sensation.net.au (serial1-2-velvet-brunswick.sensation.net.au [203.20.114.195]) by hub.freebsd.org (Postfix) with ESMTP id 68B4B37BA41 for ; Mon, 17 Apr 2000 19:40:58 -0700 (PDT) (envelope-from rowan@sensation.net.au) Received: from localhost (rowan@localhost) by velvet.sensation.net.au (8.9.3/8.9.3) with ESMTP id MAA80133 for ; Tue, 18 Apr 2000 12:40:57 +1000 (EST) (envelope-from rowan@sensation.net.au) X-Authentication-Warning: velvet.sensation.net.au: rowan owned process doing -bs Date: Tue, 18 Apr 2000 12:40:56 +1000 (EST) From: Rowan Crowe To: freebsd-isp@freebsd.org Subject: Re: Failover question/idea/hint In-Reply-To: <44305.956004916@verdi.nethelp.no> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 17 Apr 2000 sthaug@nethelp.no wrote: > - The "rest of the world" do not differentiate between master and slave > name servers - all they do is choose one of the *authoritative* name > servers. Master and slave(s) are all supposed to be authoritative, of > course. > > To put it another way: As seen from the outside, there is no difference > between "primary" and "secondary" name servers! Right on. With some domain name delegations, the name servers end up being entered into the parent zone file in alpha order, regardless of which order you entered them in... so if I specify: ns4.sensation.net.au primary ns2.sensation.net.au secondary It appears in the global DNS as: IN NS ns2.sensation.net.au. IN NS ns4.sensation.net.au. Cheers. -- Rowan Crowe http://www.rowan.sensation.net.au/ Sensation Internet Services http://info.sensation.net.au/ Melbourne, Australia Phone: +61-3-9388-9260 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 18 2:39:11 2000 Delivered-To: freebsd-isp@freebsd.org Received: from news.lucky.net (news.lucky.net [193.193.193.102]) by hub.freebsd.org (Postfix) with ESMTP id 2E62237B64F for ; Tue, 18 Apr 2000 02:39:06 -0700 (PDT) (envelope-from grisha@kot.poltava.ua) Received: (from mail@localhost) by news.lucky.net (8.Who.Cares/8.Who.Cares) id MNP13464 for freebsd-isp@freebsd.org; Tue, 18 Apr 2000 12:35:20 +0300 (envelope-from grisha@kot.poltava.ua) From: "Alexander A. Grigoriev" To: freebsd-isp@freebsd.org Subject: cucipop with tac_plus authentication Date: 18 Apr 2000 07:13:28 GMT Organization: Solver Ltd. Message-ID: <8dh1uo$hfp$1@www.kot.poltava.ua> X-Trace: www.kot.poltava.ua 956042008 17913 193.193.217.129 (18 Apr 2000 07:13:28 GMT) X-Complaints-To: grisha@kot.poltava.ua User-Agent: tin/pre-1.4-980618 (UNIX) (FreeBSD/2.2.7-RELEASE (i386)) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Lines: 4 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi! Is anybody use cucipop or other POP3 server patched for authentications over tac_plus? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 18 3: 6: 2 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.polytechnic.edu.na (mail.polytechnic.edu.na [196.31.225.2]) by hub.freebsd.org (Postfix) with ESMTP id DE12937BA99 for ; Tue, 18 Apr 2000 03:05:48 -0700 (PDT) (envelope-from tim@polytechnic.edu.na) Received: from [196.31.225.199] (helo=polytechnic.edu.na) by mail.polytechnic.edu.na with esmtp (Exim 3.02 #2) id 12hWMQ-00011c-00; Tue, 18 Apr 2000 09:40:06 -0200 Message-ID: <38FC2CFB.102E40D7@polytechnic.edu.na> Date: Tue, 18 Apr 2000 10:38:03 +0100 From: Tim Priebe X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 3.4-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: bv@wjv.com Cc: freebsd-isp@freebsd.org Subject: Re: Failover question/idea/hint References: <200004171625.MAA39745@mail.wanlogistics.net> <44305.956004916@verdi.nethelp.no> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > An old client of mine is bringing up a portal site. They current have > > a T1 to their location, but the site is going to be put on a server > > at our co-location facility - which is inside an OC-48 connected facility. > > > > They are going to keep theri T1 and the current site as a development > > site, but they want to be able to use that site as a fail-over site > > in case the main site goes down. > ... > > I can't t see that the round-robin DNS approach would work, but if the > > primary DNS (located at tha main site) goes down, would that be enough > > to force it to the secondary name server - which I'm thinking could > > point to the backup site. One apporoch to automatic fail over is to bind the same ip address to the loopback interface of 2 or more systems, at different locations, and to route to them with a dynamic routing protocol. In your situation, it sounds like you would have to use a tunnel from the one site to the other. You would then have redundancy for server failure, but not if your network went down, unless you can have the tunnel implemented some distance from the co-location facility. Tim. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 18 18:54:38 2000 Delivered-To: freebsd-isp@freebsd.org Received: from stingray.ivision.co.uk (avengers.ivision.co.uk [212.25.224.7]) by hub.freebsd.org (Postfix) with ESMTP id 6937D37B621 for ; Tue, 18 Apr 2000 18:54:35 -0700 (PDT) (envelope-from manar@ivision.co.uk) Received: from [212.25.224.17] (helo=pretender2) by stingray.ivision.co.uk with smtp (Exim 2.04 #1) id 12hjhI-00077Z-00 for freebsd-isp@freebsd.org; Wed, 19 Apr 2000 02:54:32 +0100 Message-Id: <3.0.5.32.20000419025527.019cbe40@stingray.ivision.co.uk> X-Sender: manarpop@stingray.ivision.co.uk X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Wed, 19 Apr 2000 02:55:27 +0100 To: freebsd-isp@freebsd.org From: Manar Hussain Subject: Re: Failover question/idea/hint In-Reply-To: <38FC2CFB.102E40D7@polytechnic.edu.na> References: <200004171625.MAA39745@mail.wanlogistics.net> <44305.956004916@verdi.nethelp.no> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org How about decently low DNS cache times and your failover consisting of modifying the DNS to point to the fallback web server if needed. I'm guessing that an hours downtime would not be too bad a thing to contemplate in case of so serious a situation? I.e. a poor man's variant of something like F5's 3DNS (http://www.f5.com/3dns/). Of course you could actually use the 3DNS product. Round robin DNS sounds like a really bad plan as that norm would be for www.yoursite.com to point at both sites and thus your dev site is also live. Manar -- Manar Hussain, Director Email: manar@ivision.co.uk Mobile: (07971) 277821 Internet Vision Tel: 0171 589 4500 60 Albert Court Fax: 0171 589 4522 Prince Consort Road info@ivision.co.uk London. SW7 2BE http://www.ivision.co.uk/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 18 22:14:56 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.wanlogistics.net (mail.wanlogistics.net [63.209.114.3]) by hub.freebsd.org (Postfix) with ESMTP id 9FBC937BBE6 for ; Tue, 18 Apr 2000 22:14:53 -0700 (PDT) (envelope-from bill@mail.wanlogistics.net) Received: (from bill@localhost) by mail.wanlogistics.net (8.9.3/8.9.3) id BAA01389 for freebsd-isp@freebsd.org; Wed, 19 Apr 2000 01:14:52 -0400 (EDT) (envelope-from bill) Message-Id: <200004190514.BAA01389@mail.wanlogistics.net> Subject: Re: Failover question/hint/idea In-Reply-To: To: freebsd-isp@freebsd.org Date: Wed, 19 Apr 2000 01:14:52 -0400 (EDT) From: bill@bilver.com Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Reply to: bill@bilver.com X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sorry for not replying earlier - it was one of those days. Brand new - 14 days old - Cicso 7120 died on me early Tuesday AM. I had said: >> An old client of mine is bringing up a portal site. They current have >> a T1 to their location, but the site is going to be put on a server >> at our co-location facility - which is inside an OC-48 connected facility. > >> They are going to keep theri T1 and the current site as a development >> site, but they want to be able to use that site as a fail-over site >> in case the main site goes down. >... >> I can't t see that the round-robin DNS approach would work, but if the >> primary DNS (located at tha main site) goes down, would that be enough >> to force it to the secondary name server - which I'm thinking could >> point to the backup site. > If by "primary" and "secondary" you mean the normal DNS master and slave > servers (this is the current terminology), it won't work: Actually I was thinking more an an alternate - one listed as secondary but not actually secondary for that one domain. > - The master and the slave(s) are supposed to have the *same* data. The > slave(s) fetch a copy of the zone data from the master. I understand that. I'm sorry for the poor choice of words. I'm usually better at communications than that. :-( > - The "rest of the world" do not differentiate between master and slave > name servers - all they do is choose one of the *authoritative* name > servers. Master and slave(s) are all supposed to be authoritative, of > course. > To put it another way: As seen from the outside, there is no difference > between "primary" and "secondary" name servers! I've seen a commercial product in the Sun arena that appears to be able do this - including round-robin from multiple sites and replacing of failed servers in the series - but I'm trying to find another way to do this to start with. It depends on just how successful the site is. If it takes off then their site on a T1 for backup will only be development and not used as an emergency. Bill -- Bill Vermillion bv@wjv.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 18 22:48:44 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.wanlogistics.net (mail.wanlogistics.net [63.209.114.3]) by hub.freebsd.org (Postfix) with ESMTP id BBA0637B579 for ; Tue, 18 Apr 2000 22:48:41 -0700 (PDT) (envelope-from bill@mail.wanlogistics.net) Received: (from bill@localhost) by mail.wanlogistics.net (8.9.3/8.9.3) id BAA01467 for freebsd-isp@freebsd.org; Wed, 19 Apr 2000 01:48:39 -0400 (EDT) (envelope-from bill) Message-Id: <200004190548.BAA01467@mail.wanlogistics.net> Subject: Re: Failover question/idea/hint To: freebsd-isp@freebsd.org Date: Wed, 19 Apr 2000 01:48:39 -0400 (EDT) From: bill@bilver.com Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Reply to: bill@bilver.com X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit I had said: > > An old client of mine is bringing up a portal site. They current have > > a T1 to their location, but the site is going to be put on a server > > at our co-location facility - which is inside an OC-48 connected facility. > > > > They are going to keep theri T1 and the current site as a development > > site, but they want to be able to use that site as a fail-over site > > in case the main site goes down. > ... > > I can't t see that the round-robin DNS approach would work, but if the > > primary DNS (located at tha main site) goes down, would that be enough > > to force it to the secondary name server - which I'm thinking could > > point to the backup site. > One apporoch to automatic fail over is to bind the same ip address to the > loopback interface of 2 or more systems, at different locations, and to route > to them with a dynamic routing protocol. In your situation, it sounds like you > would have to use a tunnel from the one site to the other. You would then have > redundancy for server failure, but not if your network went down, unless you > can have the tunnel implemented some distance from the co-location facility. Hm. I don't know if this is possible. We ( a friend and myself) are buidling a 'virtual ISP' (I don't know how to actually describe it - but all our equipment is inside a major transport facility where we have leased rack space - and then we are locating customers sites/machines inside our racks - makes sense because big-pipes have 0 mileage distance charges) The idea is a smallish (in comparison to the big guys) ISP with focus only on commercial/industrial type service with people who will respond to calls and keep things running. And what is 'distance' in this era? They are physically located about 50 miles from here but a traceroute goes from Orlando to Dallas to south Florida to East coast Florida. 10 hops at 70ms isn't too bad in this day and age -particulary when you look at the average delays seen at such places at internettrafficreport.com. The current plan is to have redundant servers in the next couple of months if the site gets popular. Given the backbone connections I'm more worried about server failure than network failure. I'm looking for any idea/directions at all. One other reply mentioned about having low times in the DNS so things expire quickly - but that doesn't sound like a proper approach. One of these days I will understand this mess. Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 18 23:11:49 2000 Delivered-To: freebsd-isp@freebsd.org Received: from epsilon.lucida.qc.ca (epsilon.lucida.qc.ca [216.95.146.6]) by hub.freebsd.org (Postfix) with SMTP id 5B29437B619 for ; Tue, 18 Apr 2000 23:11:46 -0700 (PDT) (envelope-from matt@ARPA.MAIL.NET) Received: (qmail 51981 invoked by uid 1000); 19 Apr 2000 06:11:34 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 19 Apr 2000 06:11:34 -0000 Date: Wed, 19 Apr 2000 02:11:31 -0400 (EDT) From: Matt Heckaman X-Sender: matt@epsilon.lucida.qc.ca To: FreeBSD-ISP Subject: credit card handling. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I'm soon expanding to handle credit cards, and for various reasons do not want this process automated. It will be handled manually via a virtual terminal and so forth. What I'm looking for is advice on how to collect and process the information. Currently, our order forms are mailed (to a local account on the same machine) and then processed from there. With our credit card support, we will of course be using an SSL server, which is the easy part. However, I feel that e-mailing in plaintext is a weak link in the scheme. Would there be a way to say, PGP encrypt the data before emailing it locally? Advice appreciated, Matt Heckaman matt@arpa.mail.net http://www.lucida.qc.ca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE4/U4WdMMtMcA1U5ARApLvAKCRVuoIv+3dOeAFl/qzKyMCzNaSMgCdGjd8 BYKHAdXiazxNuUG7EETY4NU= =BI4S -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 19 2:43: 8 2000 Delivered-To: freebsd-isp@freebsd.org Received: from moat.teksupport.net.au (moat.teksupport.net.au [203.17.1.98]) by hub.freebsd.org (Postfix) with ESMTP id 1EFA737BBF0 for ; Wed, 19 Apr 2000 02:43:02 -0700 (PDT) (envelope-from robseco@wizard.teksupport.net.au) Received: from magician.teksupport.net.au (magician.teksupport.net.au [192.168.1.2]) by moat.teksupport.net.au (8.8.8/8.8.8) with SMTP id TAA00390 for ; Wed, 19 Apr 2000 19:42:56 +1000 (EST) (envelope-from robseco@wizard.teksupport.net.au) Message-Id: <3.0.5.32.20000419194214.038e9320@moat-gw.teksupport.net.au> X-Sender: robseco@moat-gw.teksupport.net.au X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Wed, 19 Apr 2000 19:42:14 +1000 To: FreeBSD-ISP From: Rob Secombe Subject: Re: credit card handling. In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, We have a perl script to do this. It basically collects whatever fields you throw at it, sorts them, and optionally encrypts it using pgp, then sends back a reply page. All is controlled by hidden fields in the submitting form. If you are interested email me directly. Cheers Rob Secombe (RS39-AU) Engineering Director Teksupport Pty. Ltd. 7 Warwick Avenue, Springvale, Melbourne Australia 3171 Ph. +61 3 9562 4577 Fx. +61 3 9547 0320 http://www.teksupport.net.au/ rob@secombe.org At 02:11 19-04-00 -0400, Matt Heckaman wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Hello, > >I'm soon expanding to handle credit cards, and for various reasons do not >want this process automated. It will be handled manually via a virtual >terminal and so forth. What I'm looking for is advice on how to collect >and process the information. > >Currently, our order forms are mailed (to a local account on the same >machine) and then processed from there. With our credit card support, we >will of course be using an SSL server, which is the easy part. However, >I feel that e-mailing in plaintext is a weak link in the scheme. Would >there be a way to say, PGP encrypt the data before emailing it locally? > >Advice appreciated, > >Matt Heckaman >matt@arpa.mail.net >http://www.lucida.qc.ca > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.1 (FreeBSD) >Comment: http://www.lucida.qc.ca/pgp > >iD8DBQE4/U4WdMMtMcA1U5ARApLvAKCRVuoIv+3dOeAFl/qzKyMCzNaSMgCdGjd8 >BYKHAdXiazxNuUG7EETY4NU= >=BI4S >-----END PGP SIGNATURE----- > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 19 3: 2:54 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.polytechnic.edu.na (mail.polytechnic.edu.na [196.31.225.2]) by hub.freebsd.org (Postfix) with ESMTP id 5AEA437B551 for ; Wed, 19 Apr 2000 03:02:45 -0700 (PDT) (envelope-from tim@polytechnic.edu.na) Received: from [196.31.225.199] (helo=polytechnic.edu.na) by mail.polytechnic.edu.na with esmtp (Exim 3.02 #2) id 12hsNC-0007Se-00; Wed, 19 Apr 2000 09:10:22 -0200 Message-ID: <38FD7782.C9791923@polytechnic.edu.na> Date: Wed, 19 Apr 2000 10:08:18 +0100 From: Tim Priebe X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 3.4-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: bill@bilver.com Cc: freebsd-isp@freebsd.org Subject: Re: Failover question/idea/hint References: <200004190548.BAA01467@mail.wanlogistics.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org bill@bilver.com wrote: > Reply to: bill@bilver.com > X-Mailer: ELM [version 2.4ME+ PL61 (25)] > MIME-Version: 1.0 > Content-Type: text/plain; charset=US-ASCII > Content-Transfer-Encoding: 7bit > > I had said: > > > > An old client of mine is bringing up a portal site. They current have > > > a T1 to their location, but the site is going to be put on a server > > > at our co-location facility - which is inside an OC-48 connected facility. > > > > > > They are going to keep theri T1 and the current site as a development > > > site, but they want to be able to use that site as a fail-over site > > > in case the main site goes down. > > ... > > > I can't t see that the round-robin DNS approach would work, but if the > > > primary DNS (located at tha main site) goes down, would that be enough > > > to force it to the secondary name server - which I'm thinking could > > > point to the backup site. > > > One apporoch to automatic fail over is to bind the same ip address to the > > loopback interface of 2 or more systems, at different locations, and to route > > to them with a dynamic routing protocol. In your situation, it sounds like you > > would have to use a tunnel from the one site to the other. You would then have > > redundancy for server failure, but not if your network went down, unless you > > can have the tunnel implemented some distance from the co-location facility. > > Hm. I don't know if this is possible. We ( a friend and myself) are buidling > a 'virtual ISP' (I don't know how to actually describe it - but all our > equipment is inside a major transport facility where we have leased > rack space - and then we are locating customers sites/machines inside > our racks - makes sense because big-pipes have 0 mileage distance charges) > > The idea is a smallish (in comparison to the big guys) ISP with > focus only on commercial/industrial type service with people who > will respond to calls and keep things running. > > And what is 'distance' in this era? They are physically located about > 50 miles from here but a traceroute goes from Orlando to Dallas to > south Florida to East coast Florida. 10 hops at 70ms isn't too bad > in this day and age -particulary when you look at the average > delays seen at such places at internettrafficreport.com. > > The current plan is to have redundant servers in the next couple of > months if the site gets popular. Given the backbone connections > I'm more worried about server failure than network failure. > > I'm looking for any idea/directions at all. > > One other reply mentioned about having low times in the DNS so > things expire quickly - but that doesn't sound like a proper approach. > > One of these days I will understand this mess. Do you have any sort of router(s) between you and your "upstream", that are under your control? If so put the tunnel(s) on them. If not will your "upstream" accept dynamic routes from you? If so put 2 or more routers/FreeBSD boxes between thier routers and your clients box(es) (in parrallel for redundancy), add the tunnels from each back to the router or server at the client site, and configure your dynamic routing. If you can not do something like this, then you will have to use DNS. The basic idea of binding the same ip address to the loopback interface of different computers in different locations is used by some isp's to give a single address for proxy servers, no matter which pop you dial in to. If you use dynamic routing for failover in such a case, you just must be certain that you can never have any load balancing happening. Tim. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 19 5:11: 5 2000 Delivered-To: freebsd-isp@freebsd.org Received: from lily.ezo.net (lily.ezo.net [206.102.130.13]) by hub.freebsd.org (Postfix) with ESMTP id 1D3CD37B74D for ; Wed, 19 Apr 2000 05:11:02 -0700 (PDT) (envelope-from jflowers@ezo.net) Received: from lily.ezo.net (jflowers@localhost.ezo.net [127.0.0.1]) by lily.ezo.net (8.8.7/8.8.7) with SMTP id IAA20519; Wed, 19 Apr 2000 08:10:35 -0400 (EDT) Date: Wed, 19 Apr 2000 08:10:34 -0400 (EDT) From: Jim Flowers To: Matt Heckaman Cc: FreeBSD-ISP Subject: Re: credit card handling. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Just install the pgp port and read the documentation. From what I recall you pipe your email output to pgpe and from their to sendmail having sent the public key to the recipent machine previously. Jim Flowers #4 ISP on C|NET, #1 in Ohio On Wed, 19 Apr 2000, Matt Heckaman wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello, > > I'm soon expanding to handle credit cards, and for various reasons do not > want this process automated. It will be handled manually via a virtual > terminal and so forth. What I'm looking for is advice on how to collect > and process the information. > > Currently, our order forms are mailed (to a local account on the same > machine) and then processed from there. With our credit card support, we > will of course be using an SSL server, which is the easy part. However, > I feel that e-mailing in plaintext is a weak link in the scheme. Would > there be a way to say, PGP encrypt the data before emailing it locally? > > Advice appreciated, > > Matt Heckaman > matt@arpa.mail.net > http://www.lucida.qc.ca > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.1 (FreeBSD) > Comment: http://www.lucida.qc.ca/pgp > > iD8DBQE4/U4WdMMtMcA1U5ARApLvAKCRVuoIv+3dOeAFl/qzKyMCzNaSMgCdGjd8 > BYKHAdXiazxNuUG7EETY4NU= > =BI4S > -----END PGP SIGNATURE----- > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 19 5:20:58 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.wanlogistics.net (mail.wanlogistics.net [63.209.114.3]) by hub.freebsd.org (Postfix) with ESMTP id 294BF37B70D for ; Wed, 19 Apr 2000 05:20:55 -0700 (PDT) (envelope-from bv@mail.wanlogistics.net) Received: (from bv@localhost) by mail.wanlogistics.net (8.9.3/8.9.3) id IAA05211 for freebsd-isp@freebsd.org; Wed, 19 Apr 2000 08:20:54 -0400 (EDT) (envelope-from bv) Message-Id: <200004191220.IAA05211@mail.wanlogistics.net> Subject: Failover question/idea/hint To: freebsd-isp@freebsd.org Date: Wed, 19 Apr 2000 08:20:54 -0400 (EDT) From: bv@wjv.com Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Reply to: bv@wjv.com X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Once upon Wed, Apr 19, 2000 at 10:08:18AM +0100, quoth Tim Priebe: > bill@bilver.com wrote: > > Reply to: bill@bilver.com > > X-Mailer: ELM [version 2.4ME+ PL61 (25)] > > MIME-Version: 1.0 > > Content-Type: text/plain; charset=US-ASCII > > Content-Transfer-Encoding: 7bit > > I had said: >>> > An old client of mine is bringing up a portal site. They >>> > current have a T1 to their location, but the site is going >>> > to be put on a server at our co-location facility - which is >>> > inside an OC-48 connected facility. >>> > They are going to keep theri T1 and the current site as a >>> > development site, but they want to be able to use that site as >>> > a fail-over site in case the main site goes down. >> > One apporoch to automatic fail over is to bind the same ip >> > address to the loopback interface of 2 or more systems, at >> > different locations, and to route to them with a dynamic >> > routing protocol. In your situation, it sounds like you would >> > have to use a tunnel from the one site to the other. You would >> > then have redundancy for server failure, but not if your >> > network went down, unless you can have the tunnel implemented >> > some distance from the co-location facility. > > Hm. I don't know if this is possible. ... > > One of these days I will understand this mess. > Do you have any sort of router(s) between you and your "upstream", > that are under your control? If so put the tunnel(s) on them. If > not will your "upstream" accept dynamic routes from you? We have a Cisco 7120 that connects to their Cisco 12000. > If so put 2 or more routers/FreeBSD boxes between thier routers > and your clients box(es) (in parrallel for redundancy), add the > tunnels from each back to the router or server at the client site, > and configure your dynamic routing. If you can not do something > like this, then you will have to use DNS. OK. I put in another net card in one of the BSD boxes yesterday when the 7120 failed (two weeks old). Wound up talking to tech support in Belgium as they were the only one open in the early morning hours. When the replacment Cicso gets in today I can look at that approach. We were going to be using tunneling for the main databases - as they have a Gnat box at their location - and we had planned to do the same at this side - so they could go in to update the databases and keep them secure. > The basic idea of binding the same ip address to the loopback > interface of different computers in different locations is used by > some isp's to give a single address for proxy servers, no matter > which pop you dial in to. If you use dynamic routing for failover > in such a case, you just must be certain that you can never have > any load balancing happening. Thanks - this gives me a new direction in which to look until we get redudant servers. Thanks for the ideas. Bill -- Bill Vermillion bv @ wjv.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 19 7:20:59 2000 Delivered-To: freebsd-isp@freebsd.org Received: from wat-border.sentex.ca (waterloo-hespler.sentex.ca [199.212.135.66]) by hub.freebsd.org (Postfix) with ESMTP id F021F37B596; Wed, 19 Apr 2000 07:20:54 -0700 (PDT) (envelope-from mike@sentex.ca) Received: from vinyl.sentex.ca (vinyl.sentex.ca [209.112.4.14]) by wat-border.sentex.ca (8.9.3/8.9.3) with ESMTP id KAA04823; Wed, 19 Apr 2000 10:20:46 -0400 (EDT) (envelope-from mike@sentex.ca) Received: from simoeon (simeon.sentex.ca [209.112.4.47]) by vinyl.sentex.ca (8.9.3/8.9.3) with SMTP id KAA23095; Wed, 19 Apr 2000 10:20:46 -0400 (EDT) (envelope-from mike@sentex.ca) Message-Id: <3.0.5.32.20000419101655.021df520@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Wed, 19 Apr 2000 10:16:55 -0400 To: questions@freebsd.org From: Mike Tancsa Subject: FreeBSD friendly / clueful ISPs in Hong Kong ? Cc: freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, Does anyone know of any FreeBSD friendly ISPs in Hong Kong that they would recommend ? How about sysadmins there ? A FreeBSD users group ? I am looking potentially for co-location facilities there. Thanks, ---Mike ------------------------------------------------------------------------ Mike Tancsa, tel +1 519 651 3400 Sentex Communications mike@sentex.net Cambridge, Ontario Canada www.sentex.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 19 16:15:57 2000 Delivered-To: freebsd-isp@freebsd.org Received: from inet03.citec.qld.gov.au (inet03.citec.qld.gov.au [203.5.10.10]) by hub.freebsd.org (Postfix) with ESMTP id DA22937BD3B for ; Wed, 19 Apr 2000 16:15:50 -0700 (PDT) (envelope-from sgcccdc@citec.qld.gov.au) Received: by inet03.citec.qld.gov.au; id JAA02896; Thu, 20 Apr 2000 09:15:28 +1000 (EST) Received: from guru.citec.qld.gov.au( 147.132.20.47) by inet03.citec.qld.gov.au via smap (V2.0) id xma029681; Thu, 20 Apr 00 09:13:35 +1000 Received: from localhost (sgcccdc@localhost) by guru.citec.qld.gov.au (8.9.3/8.9.3) with ESMTP id JAA51928; Thu, 20 Apr 2000 09:13:28 +1000 (EST) (envelope-from sgcccdc@citec.qld.gov.au) X-Authentication-Warning: guru.citec.qld.gov.au: sgcccdc owned process doing -bs Date: Thu, 20 Apr 2000 09:13:27 +1000 (EST) From: Colin Campbell To: Jim Flowers Cc: Matt Heckaman , FreeBSD-ISP Subject: Re: credit card handling. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, On Wed, 19 Apr 2000, Jim Flowers wrote: > Just install the pgp port and read the documentation. From what I recall > you pipe your email output to pgpe and from their to sendmail having sent > the public key to the recipent machine previously. Isn't this round the wrong way? By encrypting with your private key anyone with access to your public key can decrypt it. Would it no be better to use the public key of the recipient so that only they can decrypt the message? My understanding of PKI is: - use your private key for signing things to prove who you are. Anyone can use your public key to verify the identity of the sender. - use the recipient's public key for encryption since only they can decrypt the message Colin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 19 17:15:16 2000 Delivered-To: freebsd-isp@freebsd.org Received: from packfish.gateway.net.hk (packfish.gateway.net.hk [202.76.19.16]) by hub.freebsd.org (Postfix) with SMTP id 8FB1037BD4F for ; Wed, 19 Apr 2000 17:15:12 -0700 (PDT) (envelope-from bmf@gateway.net.hk) Received: (qmail 9010 invoked by uid 116); 20 Apr 2000 00:17:36 -0000 Date: Thu, 20 Apr 2000 08:17:36 +0800 (HKT) From: Bo Fussing To: Mike Tancsa Cc: questions@freebsd.org, freebsd-isp@freebsd.org Subject: Re: FreeBSD friendly / clueful ISPs in Hong Kong ? In-Reply-To: <3.0.5.32.20000419101655.021df520@marble.sentex.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I would recommend IOHK (http://www.iohk.com/) as they have a long history of using BSD (BSDI/FreeBSD) - ask for thir GM Mr. SK Pang. Regards, Bo On Wed, 19 Apr 2000, Mike Tancsa wrote: > Hello, > Does anyone know of any FreeBSD friendly ISPs in Hong Kong that they would > recommend ? How about sysadmins there ? A FreeBSD users group ? I am > looking potentially for co-location facilities there. > > Thanks, > > ---Mike > ------------------------------------------------------------------------ > Mike Tancsa, tel +1 519 651 3400 > Sentex Communications mike@sentex.net > Cambridge, Ontario Canada www.sentex.net > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 19 17:50:30 2000 Delivered-To: freebsd-isp@freebsd.org Received: from wizard.teksupport.net.au (wizard.teksupport.net.au [203.17.1.1]) by hub.freebsd.org (Postfix) with ESMTP id 042E237B7FB for ; Wed, 19 Apr 2000 17:50:26 -0700 (PDT) (envelope-from robseco@wizard.teksupport.net.au) Received: from warlock.teksupport.net.au (warlock.teksupport.net.au [203.26.69.3]) by wizard.teksupport.net.au (8.9.3/8.9.3) with SMTP id KAA20794 for ; Thu, 20 Apr 2000 10:50:22 +1000 (EST) Message-ID: <00f601bfaa61$e4caaa60$03451acb@teksupport.net.au> From: "Rob Secombe" To: "FreeBSD-ISP" References: Subject: Re: credit card handling. Date: Thu, 20 Apr 2000 10:46:40 +1000 Organization: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2014.211 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Correct ! You need to encrypt your message (ie credit card transaction) with the recipient's, in this case, the merchant/vendor's public key. The recipient then uses their private key to decrypt the message. Rob. ----- Original Message ----- From: Colin Campbell To: Jim Flowers Cc: Matt Heckaman ; FreeBSD-ISP Sent: Thursday, April 20, 2000 9:13 AM Subject: Re: credit card handling. > Hi, > > On Wed, 19 Apr 2000, Jim Flowers wrote: > > > Just install the pgp port and read the documentation. From what I recall > > you pipe your email output to pgpe and from their to sendmail having sent > > the public key to the recipent machine previously. > > Isn't this round the wrong way? By encrypting with your private key anyone > with access to your public key can decrypt it. Would it no be better to > use the public key of the recipient so that only they can decrypt the > message? > > My understanding of PKI is: > > - use your private key for signing things to prove who you are. Anyone can > use your public key to verify the identity of the sender. > - use the recipient's public key for encryption since only they can > decrypt the message > > Colin > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Apr 21 11: 7: 8 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.numachi.com (numachi.numachi.com [198.175.254.2]) by hub.freebsd.org (Postfix) with SMTP id 871D837B681 for ; Fri, 21 Apr 2000 11:07:02 -0700 (PDT) (envelope-from reichert@numachi.com) Received: (qmail 3578 invoked by uid 1001); 21 Apr 2000 18:07:00 -0000 Date: Fri, 21 Apr 2000 14:07:00 -0400 From: Brian Reichert To: freebsd-mobile@freebsd.org Cc: freebsd-isp@freebsd.org Subject: linksys vs cisco Message-ID: <20000421140700.B3163@numachi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre4i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org (Cross-posted to -mobile and -isp; sorry, I didn't which camp could help...) My situation: I have a laptop that dualboots Win98 and FBSD-4.0. I have a Linksys PCMCIA card that probes as an ed1. The card, in both OSs, works just dandy on several diferent networks. On one particular network, the FreeBSD half won't. Said network has simple topology: on a switched segment, we have umpteen Win98 desktops, and one FBSD-4.0 server. They talk to a Cisco 1600 router. The symptom: the laptop, in FreeBSD mode can talk to all of the hosts, but not to the router. Initial traffic analysis shows that I never get the 'tell' ARP traffic. Bear in mind: rebooting the laptop into Win98, in the same port on the switch, with the same IP address, does generate the expected ARP traffic. The other FreeBSD server can talk to the router just fine. This PCMCIA card comes in several modes (according to the CIS). I've tried all of them; those that work at all don't alleviate the symptom. Before I start researching Cisco-isms, does anyone have any pointers on additional tests, or configuration issues? I can provide any number of details upon request... -- Brian 'you Bastard' Reichert reichert@numachi.com 37 Crystal Ave. #303 Daytime number: (781) 273-4100 x161 Derry NH 03038-1713 USA Intel architecture: the left-hand path To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message