From owner-freebsd-isp Sun Nov 19 1:14:36 2000 Delivered-To: freebsd-isp@freebsd.org Received: from grok.example.net (cr479972-a.rct1.bc.wave.home.com [24.113.37.168]) by hub.freebsd.org (Postfix) with ESMTP id 200BA37B479 for ; Sun, 19 Nov 2000 01:14:34 -0800 (PST) Received: by grok.example.net (Postfix, from userid 1000) id A59DF213148; Sun, 19 Nov 2000 01:14:33 -0800 (PST) Date: Sun, 19 Nov 2000 01:14:33 -0800 From: Steve Reid To: Jim Pazarena Cc: freebsd-isp@FreeBSD.ORG Subject: Re: secure server Message-ID: <20001119011433.A34315@grok> References: <10011071522.aa07854@ccstores.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <10011071522.aa07854@ccstores.com>; from Jim Pazarena on Tue, Nov 07, 2000 at 03:22:04PM -0800 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Nov 07, 2000 at 03:22:04PM -0800, Jim Pazarena wrote: > Is it possible to have a plain 'unsecure' apache running on the > server at the same time that a secure-server is also running? I've installed the apache13-modssl port, and it is accessable by both http and https. No need to run a seperate server AFAICS. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 19 9:39:59 2000 Delivered-To: freebsd-isp@freebsd.org Received: from web4603.mail.yahoo.com (web4603.mail.yahoo.com [216.115.105.158]) by hub.freebsd.org (Postfix) with SMTP id B438A37B4C5 for ; Sun, 19 Nov 2000 09:39:56 -0800 (PST) Message-ID: <20001119173956.23583.qmail@web4603.mail.yahoo.com> Received: from [202.152.16.218] by web4603.mail.yahoo.com; Sun, 19 Nov 2000 09:39:56 PST Date: Sun, 19 Nov 2000 09:39:56 -0800 (PST) From: situs situs Subject: dialup with userppp and getty To: freebsd-questions@freebsd.org, freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hi ,.. i want to set up receive incoming call for my freebsd i have error messages from my client (dialup user wih win9*) " computer your dialing in to does not respond to network request check your server type ..." this error messages found when my client verifying username and password .. i'm using freebsd 40R... i want using user ppp and getty to recieve incoming call please.. please.. help me ... please tell me more about stty and ttys cuaa0 __________________________________________________ Do You Yahoo!? Yahoo! Calendar - Get organized for the holidays! http://calendar.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 19 10:47:47 2000 Delivered-To: freebsd-isp@freebsd.org Received: from newcolo.invictanet.co.uk (unknown [62.232.63.118]) by hub.freebsd.org (Postfix) with ESMTP id 04F4437B479 for ; Sun, 19 Nov 2000 10:47:44 -0800 (PST) Received: (from root@localhost) by newcolo.invictanet.co.uk (8.9.3/8.9.3) id SAA27327 for freebsd-isp@freebsd.org; Sun, 19 Nov 2000 18:48:16 GMT (envelope-from martynr) Date: Sun, 19 Nov 2000 18:48:16 GMT From: Martyn Routley Message-Id: <200011191848.SAA27327@newcolo.invictanet.co.uk> To: freebsd-isp@freebsd.org Subject: Apache problem Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Can anyone help with this problem? I have Apache 1.3.12 running on one server with a couple of name based virtual hosts. I have another server running 1.2.x with a lot of name based virtual hosts. I have extracted a chunk of the 1.2.x httpd.conf and added it to the 1.3.12 httpd.conf. When I restart 1.3.12, all I get is this. [Sun Nov 19 18:40:29 2000] [warn] VirtualHost legado.ltd.uk:80 overlaps with VirtualHost www.erc.elec.co.uk:80, the first has precedence, perhaps you need a NameVirtualHost directive [Sun Nov 19 18:40:29 2000] [warn] VirtualHost marchesi.co.uk:80 overlaps with VirtualHost legado.ltd.uk:80, the first has precedence, perhaps you need a NameVirtualHost directive [Sun Nov 19 18:40:29 2000] [warn] VirtualHost completebreaks.co.uk:80 overlaps with VirtualHost marchesi.co.uk:80, the first has precedence, perhaps you need a NameVirtualHost directive [ Yes I do have the appropriate NameVirtualHost directive Martyn Routley ----------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk mailto:info@invictanet.co.uk phone: 0870 7402252 fax: +44 (0)1233 334001 ------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 19 11:12:30 2000 Delivered-To: freebsd-isp@freebsd.org Received: from anaconda.acceleratedweb.net (anaconda.acceleratedweb.net [209.51.164.130]) by hub.freebsd.org (Postfix) with SMTP id 7A3FA37B479 for ; Sun, 19 Nov 2000 11:12:27 -0800 (PST) Received: (qmail 28700 invoked by uid 106); 19 Nov 2000 19:15:06 -0000 Received: from adsl-151-202-94-118.nyc.adsl.bellatlantic.net (HELO sharky) (151.202.94.118) by anaconda.acceleratedweb.net with SMTP; 19 Nov 2000 19:15:06 -0000 From: "Simon" To: "freebsd-isp@freebsd.org" , "Martyn Routley" Date: Sun, 19 Nov 2000 14:16:49 -0500 Reply-To: "Simon" X-Mailer: PMMail 2000 Professional (2.10.2010) For Windows 2000 (5.0.2195) In-Reply-To: <200011191848.SAA27327@newcolo.invictanet.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: Apache problem Message-Id: <20001119191227.7A3FA37B479@hub.freebsd.org> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Name-based virtual config differs between 1.3.x and 1.2.x. See http://httpd.apache.org/docs/vhosts/index.html for details. Basically, you need to add NameVirtualHost directive. -Simon On Sun, 19 Nov 2000 18:48:16 GMT, Martyn Routley wrote: >Can anyone help with this problem? > > >I have Apache 1.3.12 running on one server with a couple of name based >virtual hosts. > >I have another server running 1.2.x with a lot of name based virtual hosts. > >I have extracted a chunk of the 1.2.x httpd.conf and added it to the 1.3.12 >httpd.conf. > >When I restart 1.3.12, all I get is this. >[Sun Nov 19 18:40:29 2000] [warn] VirtualHost legado.ltd.uk:80 overlaps with >VirtualHost www.erc.elec.co.uk:80, the first has precedence, perhaps you >need a NameVirtualHost directive >[Sun Nov 19 18:40:29 2000] [warn] VirtualHost marchesi.co.uk:80 overlaps >with VirtualHost legado.ltd.uk:80, the first has precedence, perhaps you >need a NameVirtualHost directive >[Sun Nov 19 18:40:29 2000] [warn] VirtualHost completebreaks.co.uk:80 >overlaps with VirtualHost marchesi.co.uk:80, the first has precedence, >perhaps you need a NameVirtualHost directive >[ > >Yes I do have the appropriate NameVirtualHost directive > > >Martyn Routley >----------------------------------------------------- >InvictaNet - The Internet in Plain English, Guaranteed >http://www.invictanet.co.uk >mailto:info@invictanet.co.uk >phone: 0870 7402252 >fax: +44 (0)1233 334001 >------------------------------------------------------ > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 19 11:55:25 2000 Delivered-To: freebsd-isp@freebsd.org Received: from avocet.prod.itd.earthlink.net (avocet.prod.itd.earthlink.net [207.217.121.50]) by hub.freebsd.org (Postfix) with ESMTP id 3DD2737B479 for ; Sun, 19 Nov 2000 11:55:22 -0800 (PST) Received: from veager.siteplus.net (1Cust153.tnt9.chattanooga.tn.da.uu.net [63.39.120.153]) by avocet.prod.itd.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id LAA26989; Sun, 19 Nov 2000 11:55:17 -0800 (PST) Date: Sun, 19 Nov 2000 14:54:59 -0500 (EST) From: Jim Weeks To: Martyn Routley Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Apache problem In-Reply-To: <200011191848.SAA27327@newcolo.invictanet.co.uk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I believe constructing your entries something like this will solve your problem. NameVirtualHost 192.168.0.1 # Virtual Hosts ////////////////////////////////////// DocumentRoot /usr/local/www/data/legado ServerName legado.ltd.uk ServerAdmin hostmaster@legado.ltd.uk ServerAlias www.legado.ltd.uk ScriptAlias /cgi-bin/ /usr/local/www/data/cgi-bin/ DocumentRoot /usr/local/www/data/marchesi ServerName marchesi.co.uk ServerAdmin hostmaster@marchesi.co.uk ServerAlias www.marchesi.co.uk ScriptAlias /cgi-bin/ /usr/local/www/data/aoglb/cgi-bin/ ErrorLog /usr/log/marchesi.co.uk-error_log TransferLog /usr/log/marchesi.co.uk-access_log -- Jim Weeks On Sun, 19 Nov 2000, Martyn Routley wrote: > Can anyone help with this problem? > > > I have Apache 1.3.12 running on one server with a couple of name based > virtual hosts. > > I have another server running 1.2.x with a lot of name based virtual hosts. > > I have extracted a chunk of the 1.2.x httpd.conf and added it to the 1.3.12 > httpd.conf. > > When I restart 1.3.12, all I get is this. > [Sun Nov 19 18:40:29 2000] [warn] VirtualHost legado.ltd.uk:80 overlaps with > VirtualHost www.erc.elec.co.uk:80, the first has precedence, perhaps you > need a NameVirtualHost directive > [Sun Nov 19 18:40:29 2000] [warn] VirtualHost marchesi.co.uk:80 overlaps > with VirtualHost legado.ltd.uk:80, the first has precedence, perhaps you > need a NameVirtualHost directive > [Sun Nov 19 18:40:29 2000] [warn] VirtualHost completebreaks.co.uk:80 > overlaps with VirtualHost marchesi.co.uk:80, the first has precedence, > perhaps you need a NameVirtualHost directive > [ > > Yes I do have the appropriate NameVirtualHost directive > > > Martyn Routley > ----------------------------------------------------- > InvictaNet - The Internet in Plain English, Guaranteed > http://www.invictanet.co.uk > mailto:info@invictanet.co.uk > phone: 0870 7402252 > fax: +44 (0)1233 334001 > ------------------------------------------------------ > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 19 14:57:20 2000 Delivered-To: freebsd-isp@freebsd.org Received: from lists01.iafrica.com (lists01.iafrica.com [196.7.0.141]) by hub.freebsd.org (Postfix) with ESMTP id 28C5837B479 for ; Sun, 19 Nov 2000 14:57:15 -0800 (PST) Received: from nwl.fw.uunet.co.za ([196.31.2.162]) by lists01.iafrica.com with esmtp (Exim 3.12 #2) id 13xdOO-0001jl-00; Mon, 20 Nov 2000 00:57:00 +0200 Received: (from nobody@localhost) by nwl.fw.uunet.co.za (8.8.8/8.6.9) id AAA03397; Mon, 20 Nov 2000 00:57:09 +0200 (SAST) Received: by nwl.fw.uunet.co.za via recvmail id 3389; Mon Nov 20 00:56:30 2000 Received: from bofh.fw.uunet.co.za (bofh.fw.uunet.co.za [172.16.3.35]) by kg.fw.uunet.co.za (Postfix) with ESMTP id 9F0F31AEDA; Mon, 20 Nov 2000 00:56:30 +0200 (SAST) Received: from localhost (localhost [127.0.0.1]) by bofh.fw.uunet.co.za (Postfix) with ESMTP id 8CE7B5C3B; Mon, 20 Nov 2000 00:56:24 +0200 (SAST) Date: Mon, 20 Nov 2000 00:56:24 +0200 (SAST) From: Khetan Gajjar X-Sender: khetan@bofh.fw.uunet.co.za To: Randy Smith Cc: freebsd-isp Subject: Re: Remote console into FreeBSD 4.1.1 boxen In-Reply-To: <3A1056F3.70207@amigo.net> Message-ID: X-Cell: +27 82 416 0160 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Around Nov 13, "Randy Smith" wrote : RS> 2) If so, has anyone setup a Lucent PM2 or other box (FreeBSD or RS> whatever) to console into multiple boxes? (I ask about the PM2 because I RS> just happen to have one lying around.) We use this for our routers, but the problem with PC's barfing is that it's little good to you to have the OS logging/visible via the COM port if you can't get to the OS :-( I should be getting some Dell test server kit soon, and they sell something called a DRAC card (it sounds damn expensive - the equivalent of about $900 here in South Africa), but it allows you to create a complete out of band access network (modem, Ethernet, etc) to manage these things out the box. I remember some other hardware add-in device that was a lot cheaper, but it's name/specifications escape me now. The advantage of a add-in card is that you're not dependent on the OS (in case it barfs) - it's almost Sun-like console management. Khetan Gajjar. --- khetan@uunet.co.za * Direct -> +27 21 658 8723 UUNET South Africa * Mobile -> +27 82 416 0105 http://www.uunet.co.za * Info Centre-> 08600 UUNET (88638) System Administration * PGP Key -> kg+details@uunet.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 19 18:26:46 2000 Delivered-To: freebsd-isp@freebsd.org Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by hub.freebsd.org (Postfix) with ESMTP id 1D2EE37B479 for ; Sun, 19 Nov 2000 18:26:44 -0800 (PST) Received: from chimp.simianscience.com (cage.simianscience.com [64.7.134.1]) by smtp1.sentex.ca (8.11.0/8.11.0) with SMTP id eAK2Q7U68889; Sun, 19 Nov 2000 21:26:07 -0500 (EST) From: Mike Tancsa To: eyurtese@turkuamk.fi (Evren Yurtesen) Cc: freebsd-isp@FreeBSD.ORG Subject: Re: any VPN daemon? Date: Sun, 19 Nov 2000 21:26:07 -0500 Message-ID: References: In-Reply-To: X-Mailer: Forte Agent 1.8/32.548 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 18 Nov 2000 10:13:39 -0500, in sentex.lists.freebsd.isp you wrote: >is there any good VPN daemons which supports LAN to LAN >connection in which a modem doesnt get involved?=20 ipsec is built into FreeBSD 4.x and works quite well. ---Mike Mike Tancsa (mdtancsa@sentex.net) =09 Sentex Communications Corp, =09 Waterloo, Ontario, Canada "Given enough time, 100 monkeys on 100 routers=20 could setup a national IP network." (KDW2) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 19 19:12:50 2000 Delivered-To: freebsd-isp@freebsd.org Received: from misery.sdf.com (misery.sdf.com [204.244.213.49]) by hub.freebsd.org (Postfix) with ESMTP id 4607237B479 for ; Sun, 19 Nov 2000 19:12:46 -0800 (PST) Received: from tom (helo=localhost) by misery.sdf.com with local-esmtp (Exim 2.12 #1) id 13xgiN-0002s2-00; Sun, 19 Nov 2000 18:29:51 -0800 Date: Sun, 19 Nov 2000 18:29:48 -0800 (PST) From: Tom Samplonius To: Mike Tancsa Cc: Evren Yurtesen , freebsd-isp@FreeBSD.ORG Subject: Re: any VPN daemon? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 19 Nov 2000, Mike Tancsa wrote: > On 18 Nov 2000 10:13:39 -0500, in sentex.lists.freebsd.isp you wrote: > > >is there any good VPN daemons which supports LAN to LAN > >connection in which a modem doesnt get involved? > > ipsec is built into FreeBSD 4.x and works quite well. Well building IPSec tunnels on FreeBSD 4.x is rather arcane and not very well documented. For instance, there is nothing on how IPSec and ipfw interact. Which subsystem gets the packet first? ipfw or IPSec? Building a system with ipfw, natd and IPSec tunnels isn't an easy thing to do. > ---Mike > Mike Tancsa (mdtancsa@sentex.net) > Sentex Communications Corp, > Waterloo, Ontario, Canada > "Given enough time, 100 monkeys on 100 routers > could setup a national IP network." (KDW2) > Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 19 19:40:25 2000 Delivered-To: freebsd-isp@freebsd.org Received: from cage.simianscience.com (cage.simianscience.com [64.7.134.1]) by hub.freebsd.org (Postfix) with ESMTP id 65BF237B479 for ; Sun, 19 Nov 2000 19:40:19 -0800 (PST) Received: from chimp (fcage [192.168.0.2]) by cage.simianscience.com (8.11.1/8.9.3) with ESMTP id eAK3gLO13672; Sun, 19 Nov 2000 22:42:22 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <4.2.2.20001119221736.0173de98@marble.sentex.net> X-Sender: mdtancsa@marble.sentex.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Sun, 19 Nov 2000 22:39:54 -0500 To: Tom Samplonius From: Mike Tancsa Subject: Re: any VPN daemon? Cc: Evren Yurtesen , freebsd-isp@FreeBSD.ORG In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 06:29 PM 11/19/2000 -0800, Tom Samplonius wrote: > Well building IPSec tunnels on FreeBSD 4.x is rather arcane and not very >well documented. For instance, there is nothing on how IPSec and ipfw >interact. Which subsystem gets the packet first? ipfw or IPSec? >Building a system with ipfw, natd and IPSec tunnels isn't an easy thing to >do. I believe the person said he was using a simple LAN to LAN. I have had good results setting up a few tunnels in the past month or so. What specifically were you trying to find with respect to ipfw ? ipfw add 20 deny log 50 from any to any stops all ipsec data in the tunnel I have setup between the office and at home on my DSL connection. There is not much you need to do to setup the tunnel using dynamic key exchange. Here is a quick setup example. For DSL to work, or where a lot of latency (relative to ethernet) you need to make one small change to the racoon.conf Here is a quick sample config for two machines PPPoE machine's _public_ address on tun0 : 169.1.134.1 PPPoE machine's _private_ address aliased on lo0 : 10.1.2.1 Office Server's _public_ address on fxp0 172.168.93.4 Office Server's _private_ address aliased on lo0 : 10.1.1.1 *Note, if your machine has 2 interfaces, you can of course use the RFC1918 space on it instead. This example assumes you just have the one NIC to play with. #!/bin/sh #PPPoE config ifconfig lo0 10.1.2.1 netmask 255.255.255.0 alias gifconfig gif0 169.1.134.1 172.168.93.4 ifconfig gif0 inet 10.1.2.1 10.1.1.1 netmask 255.255.255.0 setkey -FP setkey -F setkey -c <; Sun, 19 Nov 2000 22:06:33 -0800 (PST) Received: (qmail 21084 invoked from network); 20 Nov 2000 06:06:30 -0000 Received: from abyss.dashit.net (HELO ABYSS) (209.100.22.250) by orion.psknet.com with SMTP; 20 Nov 2000 06:06:30 -0000 From: "Troy Settle" To: "Martyn Routley" Cc: Subject: RE: Apache problem Date: Mon, 20 Nov 2000 01:08:35 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal X-AntiVirus: scanned for viruses by Pulaski Networks (http://www.psknet.com) using AMaViS (http://www.amavis.org) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Better yet, upgrade to 1.3.14, which has some really neat support for named virtual hosts: NameVirtualHost * ServerName domain.com ServerAlias www.domain.com DocumentRoot /some/path OtherDirectives .... I'm liking it because now I don't have to muck around with IPs at all in the apache config. I also like 1.3.14's new config directory support. Instead of a config file, you can have a directory with several files: 0_base_config 1_first_virtual_host 2_second_virtual_host etc... G'luck, -Troy ** -----Original Message----- ** From: owner-freebsd-isp@FreeBSD.ORG ** [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Jim Weeks ** Sent: Sunday, November 19, 2000 2:55 PM ** To: Martyn Routley ** Cc: freebsd-isp@FreeBSD.ORG ** Subject: Re: Apache problem ** ** ** I believe constructing your entries something like this will solve your ** problem. ** ** NameVirtualHost 192.168.0.1 ** ** # Virtual Hosts ////////////////////////////////////// ** ** ** DocumentRoot /usr/local/www/data/legado ** ServerName legado.ltd.uk ** ServerAdmin hostmaster@legado.ltd.uk ** ServerAlias www.legado.ltd.uk ** ScriptAlias /cgi-bin/ /usr/local/www/data/cgi-bin/ ** ** ** ** DocumentRoot /usr/local/www/data/marchesi ** ServerName marchesi.co.uk ** ServerAdmin hostmaster@marchesi.co.uk ** ServerAlias www.marchesi.co.uk ** ScriptAlias /cgi-bin/ /usr/local/www/data/aoglb/cgi-bin/ ** ErrorLog /usr/log/marchesi.co.uk-error_log ** TransferLog /usr/log/marchesi.co.uk-access_log ** ** ** -- ** Jim Weeks ** ** ** On Sun, 19 Nov 2000, Martyn Routley wrote: ** ** > Can anyone help with this problem? ** > ** > ** > I have Apache 1.3.12 running on one server with a couple of name based ** > virtual hosts. ** > ** > I have another server running 1.2.x with a lot of name based ** virtual hosts. ** > ** > I have extracted a chunk of the 1.2.x httpd.conf and added it ** to the 1.3.12 ** > httpd.conf. ** > ** > When I restart 1.3.12, all I get is this. ** > [Sun Nov 19 18:40:29 2000] [warn] VirtualHost legado.ltd.uk:80 ** overlaps with ** > VirtualHost www.erc.elec.co.uk:80, the first has precedence, ** perhaps you ** > need a NameVirtualHost directive ** > [Sun Nov 19 18:40:29 2000] [warn] VirtualHost ** marchesi.co.uk:80 overlaps ** > with VirtualHost legado.ltd.uk:80, the first has precedence, ** perhaps you ** > need a NameVirtualHost directive ** > [Sun Nov 19 18:40:29 2000] [warn] VirtualHost completebreaks.co.uk:80 ** > overlaps with VirtualHost marchesi.co.uk:80, the first has precedence, ** > perhaps you need a NameVirtualHost directive ** > [ ** > ** > Yes I do have the appropriate NameVirtualHost directive ** > ** > ** > Martyn Routley ** > ----------------------------------------------------- ** > InvictaNet - The Internet in Plain English, Guaranteed ** > http://www.invictanet.co.uk ** > mailto:info@invictanet.co.uk ** > phone: 0870 7402252 ** > fax: +44 (0)1233 334001 ** > ------------------------------------------------------ ** > ** > ** > ** > To Unsubscribe: send mail to majordomo@FreeBSD.org ** > with "unsubscribe freebsd-isp" in the body of the message ** > ** ** ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org ** with "unsubscribe freebsd-isp" in the body of the message ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 19 23: 6:28 2000 Delivered-To: freebsd-isp@freebsd.org Received: from bessel.tekniikka.turkuamk.fi (bessel.tekniikka.turkuamk.fi [193.166.133.10]) by hub.freebsd.org (Postfix) with ESMTP id 357FA37B479 for ; Sun, 19 Nov 2000 23:06:24 -0800 (PST) Received: from localhost (eyurtese@localhost) by bessel.tekniikka.turkuamk.fi (8.9.2/8.9.2) with ESMTP id JAA15578; Mon, 20 Nov 2000 09:06:09 +0200 Date: Mon, 20 Nov 2000 09:06:09 +0200 (WET) From: Evren Yurtesen To: Mike Tancsa Cc: Tom Samplonius , Evren Yurtesen , freebsd-isp@FreeBSD.ORG Subject: Re: any VPN daemon? In-Reply-To: <4.2.2.20001119221736.0173de98@marble.sentex.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org so what about the authentication? Evren On Sun, 19 Nov 2000, Mike Tancsa wrote: > At 06:29 PM 11/19/2000 -0800, Tom Samplonius wrote: > > Well building IPSec tunnels on FreeBSD 4.x is rather arcane and not very > >well documented. For instance, there is nothing on how IPSec and ipfw > >interact. Which subsystem gets the packet first? ipfw or IPSec? > >Building a system with ipfw, natd and IPSec tunnels isn't an easy thing to > >do. > > > I believe the person said he was using a simple LAN to LAN. I have had good > results setting up a few tunnels in the past month or so. What specifically > were you trying to find with respect to ipfw ? > > ipfw add 20 deny log 50 from any to any > > stops all ipsec data in the tunnel I have setup between the office and at > home on my DSL connection. > > There is not much you need to do to setup the tunnel using dynamic key > exchange. > > Here is a quick setup example. For DSL to work, or where a lot of latency > (relative to ethernet) you need to make one small change to the racoon.conf > > > Here is a quick sample config for two machines > > > PPPoE machine's _public_ address on tun0 : 169.1.134.1 > PPPoE machine's _private_ address aliased on lo0 : 10.1.2.1 > > Office Server's _public_ address on fxp0 172.168.93.4 > Office Server's _private_ address aliased on lo0 : 10.1.1.1 > > > *Note, if your machine has 2 interfaces, you can of course use the RFC1918 > space on it instead. > This example assumes you just have the one NIC to play with. > > > #!/bin/sh > #PPPoE config > ifconfig lo0 10.1.2.1 netmask 255.255.255.0 alias > gifconfig gif0 169.1.134.1 172.168.93.4 > ifconfig gif0 inet 10.1.2.1 10.1.1.1 netmask 255.255.255.0 > setkey -FP > setkey -F > setkey -c < spdadd 10.1.2.0/24 10.1.1.0/24 any -P out ipsec > esp/tunnel/169.1.134.1-172.168.93.4/require; > spdadd 10.1.1.0/24 10.1.2.0/24 any -P in ipsec > esp/tunnel/172.168.93.4-169.1.134.1/require; > EOF > > > > #!/bin/sh > #server at office config > ifconfig lo0 10.1.1.1 netmask 255.255.255.0 alias > gifconfig gif0 172.168.93.4 169.1.134.1 > ifconfig gif0 inet 10.1.1.1 10.1.2.1 netmask 255.255.255.0 > setkey -FP > setkey -F > setkey -c < spdadd 10.1.1.0/24 10.1.2.0/24 any -P out ipsec > esp/tunnel/172.168.93.4-169.1.134.1/require; > spdadd 10.1.2.0/24 10.1.1.0/24 any -P in ipsec > esp/tunnel/169.1.134.1-172.168.93.4/require; > EOF > > > > The changes I made to the default racoon.conf was simply to increase the > lifetime values > on both ends of the connection. > > e.g. > > @@ -101,8 +101,8 @@ > sainfo anonymous > { > pfs_group 1; > - lifetime time 30 sec; > - lifetime byte 5000 KB; > + lifetime time 3600 sec; > + lifetime byte 25000 KB; > encryption_algorithm 3des ; > authentication_algorithm hmac_sha1; > compression_algorithm deflate ; > > > ---Mike > -------------------------------------------------------------------- > Mike Tancsa, tel +1 519 651 3400 > Network Administration, mike@sentex.net > Sentex Communications www.sentex.net > Cambridge, Ontario Canada www.sentex.net/mike > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 19 23:11:41 2000 Delivered-To: freebsd-isp@freebsd.org Received: from cage.simianscience.com (cage.simianscience.com [64.7.134.1]) by hub.freebsd.org (Postfix) with ESMTP id 7E97F37B479 for ; Sun, 19 Nov 2000 23:11:39 -0800 (PST) Received: from chimp (fcage [192.168.0.2]) by cage.simianscience.com (8.11.1/8.9.3) with ESMTP id eAK7DsO32527; Mon, 20 Nov 2000 02:13:54 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <4.2.2.20001120021001.016e7b98@marble.sentex.net> X-Sender: mdtancsa@marble.sentex.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Mon, 20 Nov 2000 02:11:25 -0500 To: Evren Yurtesen From: Mike Tancsa Subject: Re: any VPN daemon? Cc: freebsd-isp@FreeBSD.ORG In-Reply-To: References: <4.2.2.20001119221736.0173de98@marble.sentex.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 09:06 AM 11/20/2000 +0200, Evren Yurtesen wrote: >so what about the authentication? If you mean for the connection, see the documentation for racoon and ipsec in general. ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Network Administration, mike@sentex.net Sentex Communications www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 20 1:37:30 2000 Delivered-To: freebsd-isp@freebsd.org Received: from icon.icon.bg (icon.bg [62.176.80.58]) by hub.freebsd.org (Postfix) with SMTP id 6AA7137B479 for ; Mon, 20 Nov 2000 01:37:25 -0800 (PST) Received: (qmail 5124 invoked by uid 1144); 20 Nov 2000 09:39:33 -0000 Date: Mon, 20 Nov 2000 11:39:33 +0200 From: Victor Ivanov To: situs situs Cc: freebsd-isp@freebsd.org Subject: Re: dialup with userppp and getty Message-ID: <20001120113933.A4256@icon.icon.bg> References: <20001119173956.23583.qmail@web4603.mail.yahoo.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="uAKRQypu60I7Lcqm" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001119173956.23583.qmail@web4603.mail.yahoo.com>; from cuaa1@yahoo.com on Sun, Nov 19, 2000 at 09:39:56AM -0800 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --uAKRQypu60I7Lcqm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Nov 19, 2000 at 09:39:56AM -0800, situs situs wrote: > hi ,.. > i want to set up receive incoming call for my freebsd > i have error messages from my client (dialup user wih > win9*) > " computer your dialing in to does not respond to > network request > check your server type ..." You should configure your modem first. Depends on the chipset, it can be: 1) a modem which can keep the terminal speed as you configure it, and allow different connection rates. If the modem's buffer is small, this could be bad... 2) a modem which cannot keep the terminal speed different from the connection speed. In this case getty just can't handle it, you need mgetty with its autobauding support. Any kind of modem could be set up to case 2. You should check the modem's manual to see which ATX setting displays 'CONNECT rate' only. I use X3 on Rockwells. For authentication I use radius (/usr/ports/net/radius). The configuration is like in the manual page (man ppp). You really should read it. Also, read the handbook from /usr/share/doc/handbook/, there is a chapter for ppp, receiving connection and etc. > this error messages found when my client verifying > username and password .. > i'm using freebsd 40R... > i want using user ppp and getty to recieve incoming > call > please.. please.. help me ... Help yourself first :) --=20 Players win and Winners play Have a lucky day --uAKRQypu60I7Lcqm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1i iQCVAwUBOhjxU/D9M5lef5W3AQHxSgQAowHGxevyg2EKMN9TiqCvrfHOKQmxWq/N hBHIrwWegvkttVW0QBnfXTBSriDfgvf7eeHDOXjnyXU6uOPfJ6mmfzsMgKdFioKG FzOh9zJ7D5T2kGgBYHao9QWh3Zg04QhlR49KqZsSu7hQdj9pdBoFG3eRzwqPLKxa mPoLD0bnM2M= =3cgY -----END PGP SIGNATURE----- --uAKRQypu60I7Lcqm-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 20 2: 7:27 2000 Delivered-To: freebsd-isp@freebsd.org Received: from jellyfish.codefactory.se (unknown [212.28.197.186]) by hub.freebsd.org (Postfix) with ESMTP id 67F0A37B479 for ; Mon, 20 Nov 2000 02:07:26 -0800 (PST) Received: by jellyfish.codefactory.se (Postfix, from userid 500) id 31B3F103C2; Mon, 20 Nov 2000 11:07:20 +0100 (CET) Date: Mon, 20 Nov 2000 11:07:20 +0100 From: Anders Andersson To: Evren Yurtesen Cc: freebsd-isp@freebsd.org Subject: Re: any VPN daemon? Message-ID: <20001120110720.A942@jellyfish.codefactory.se> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from eyurtese@turkuamk.fi on Sat, Nov 18, 2000 at 05:13:30PM +0200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Nov 18, 2000 at 05:13:30PM +0200, Evren Yurtesen wrote: > is there any good VPN daemons which supports LAN to LAN > connection in which a modem doesnt get involved? Take a look at: /usr/ports/security/racoon/ -- Anders Andersson anders.andersson@codefactory.se CodeFactory AB http://www.codefactory.se/ Office: +46 (0)31 711 99 35 Cell: +46 (0)70 587 53 35 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 20 4:29:22 2000 Delivered-To: freebsd-isp@freebsd.org Received: from hitline.ch (mail.pbe.ch [195.129.74.66]) by hub.freebsd.org (Postfix) with ESMTP id 8407C37B479 for ; Mon, 20 Nov 2000 04:29:17 -0800 (PST) Received: from [195.129.74.2] (HELO [10.10.14.36]) by hitline.ch (CommuniGate Pro SMTP 3.3.2) with ESMTP id 2771922 for freebsd-isp@freebsd.org; Mon, 20 Nov 2000 13:33:25 +0100 Mime-Version: 1.0 X-Sender: moshea%tronic-group.com@mail.com4u.ch Message-Id: Date: Mon, 20 Nov 2000 13:29:06 +0100 To: freebsd-isp@freebsd.org From: Michael O Shea Subject: apache+php+pgsql woes Content-Type: text/plain; charset="iso-8859-1" ; format="flowed" Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi folks, After many hours of hair pulling I am posting to this list for help. I have a Fresh Install of FreeBSD 4.1.1 upon which I installed and built apache1.3.14+php4.0.3pl1 I also have on another Identical FreeBSD box PostGres SQL server running for which I build my Kernel with options, options SYSVSHM #SYSV-style shared memory options SHMMAXPGS=3D320768 options SYSVMSG #SYSV-style message queues options SYSVSEM #SYSV-style semaphores options SHMSEG=3D256 options SEMMNI=3D256 options SEMMNS=3D512 options SEMMNU=3D256 options SEMMAP=3D256 I start postgres with the following flags, postmaster -i -S 65536 -o -F -N 128 -B 256024 I am trying to store my PHPSessions on Postgres and while it runs fine under small load as soon as it gets busy I get the following in the browser, Warning: Unable to connect to PostgreSQL server: connectDBStart() -- socket() failed: errno=3D55 No buffer space available in /mnt/htdocs/www.somedomain.ch/inc/sessionp.php on line 5 Unable to connect to SQL server Sessionp.php is a simple file that does the inserts,selects etc for the session. It is not the culprit as I can also reproduce the error by anyother php/sql file that does inserts. Has anyone come across this before ? Are the buffers for socket connections to postgres and is there any way to increse the value ? I tried connecting to postgres with and without persistant connections but that does not help. Any help would be much appreciated. Thanks in advance. -- Micheal O Shea ----------------------------------------------------- com-o-tronic ag Micheal O Shea, Systems Engineer Gewerbepark CH-5506 M=E4genwil E-Mail micheal@com4u.ch Voice: +41 62 887 3734 =46ax: +41 62 896 1133 Internet: http://www.com4u.ch http://www.ehitline.ch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 20 5:36:46 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.apollo.lv (sp-2.apollo.lv [195.13.160.36]) by hub.freebsd.org (Postfix) with ESMTP id 0858A37B479 for ; Mon, 20 Nov 2000 05:36:43 -0800 (PST) Received: from risc.lv ([10.23.80.46]) by mail.apollo.lv (8.9.3/8.9.3) with ESMTP id PAA15473 for ; Mon, 20 Nov 2000 15:35:35 +0200 Message-ID: <3A19287F.5010209@risc.lv> Date: Mon, 20 Nov 2000 15:34:55 +0200 From: Victor Meirans User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; m18) Gecko/20001108 Netscape6/6.0 X-Accept-Language: en MIME-Version: 1.0 To: freebsd-isp Subject: where to get ld.so ? Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, I'm trying to run setiathome v3.0 on freshly installed FreeBSD 4.1-RELEASE box, and it claims that it needs /usr/libexec/ld.so. Seems that i'm missing something... Could you please point out which package I need? Thanx in advance... Vic. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 20 9:34:38 2000 Delivered-To: freebsd-isp@freebsd.org Received: from misery.sdf.com (misery.sdf.com [204.244.213.49]) by hub.freebsd.org (Postfix) with ESMTP id 5C41237B4CF for ; Mon, 20 Nov 2000 09:34:33 -0800 (PST) Received: from tom (helo=localhost) by misery.sdf.com with local-esmtp (Exim 2.12 #1) id 13xuAK-0003pi-00; Mon, 20 Nov 2000 08:51:36 -0800 Date: Mon, 20 Nov 2000 08:51:34 -0800 (PST) From: Tom Samplonius To: Mike Tancsa Cc: Evren Yurtesen , freebsd-isp@FreeBSD.ORG Subject: Re: any VPN daemon? In-Reply-To: <4.2.2.20001119221736.0173de98@marble.sentex.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 19 Nov 2000, Mike Tancsa wrote: > At 06:29 PM 11/19/2000 -0800, Tom Samplonius wrote: > > Well building IPSec tunnels on FreeBSD 4.x is rather arcane and not very > >well documented. For instance, there is nothing on how IPSec and ipfw > >interact. Which subsystem gets the packet first? ipfw or IPSec? > >Building a system with ipfw, natd and IPSec tunnels isn't an easy thing to > >do. > > I believe the person said he was using a simple LAN to LAN. I have had good > results setting up a few tunnels in the past month or so. What specifically > were you trying to find with respect to ipfw ? What evaluates a packet first? ipfw rules or setkey rules? ... > #!/bin/sh > #PPPoE config > ifconfig lo0 10.1.2.1 netmask 255.255.255.0 alias > gifconfig gif0 169.1.134.1 172.168.93.4 > ifconfig gif0 inet 10.1.2.1 10.1.1.1 netmask 255.255.255.0 > setkey -FP > setkey -F > setkey -c < spdadd 10.1.2.0/24 10.1.1.0/24 any -P out ipsec > esp/tunnel/169.1.134.1-172.168.93.4/require; > spdadd 10.1.1.0/24 10.1.2.0/24 any -P in ipsec > esp/tunnel/172.168.93.4-169.1.134.1/require; > EOF Why are you using gif0? I understand that gif0 is not recommended for IPv4 over IPv4 tunnels. Also, since you are using ipsec tunnels setup via setkey, I don't think gif0. Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 20 10:18:17 2000 Delivered-To: freebsd-isp@freebsd.org Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by hub.freebsd.org (Postfix) with ESMTP id 55E3D37B479 for ; Mon, 20 Nov 2000 10:18:14 -0800 (PST) Received: from simoeon.sentex.net (simeon.sentex.ca [209.112.4.47]) by smtp1.sentex.ca (8.11.0/8.11.0) with ESMTP id eAKIH5t23115; Mon, 20 Nov 2000 13:17:05 -0500 (EST) Message-Id: <5.0.1.4.0.20001120130314.00af46c0@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Version 5.0.1 Date: Mon, 20 Nov 2000 13:11:12 -0500 To: Tom Samplonius From: Mike Tancsa Subject: Re: any VPN daemon? Cc: Evren Yurtesen , freebsd-isp@FreeBSD.ORG In-Reply-To: References: <4.2.2.20001119221736.0173de98@marble.sentex.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 08:51 AM 11/20/00 -0800, Tom Samplonius wrote: >On Sun, 19 Nov 2000, Mike Tancsa wrote: > > > At 06:29 PM 11/19/2000 -0800, Tom Samplonius wrote: > > > Well building IPSec tunnels on FreeBSD 4.x is rather arcane and not > very > > >well documented. For instance, there is nothing on how IPSec and ipfw > > >interact. Which subsystem gets the packet first? ipfw or IPSec? > > >Building a system with ipfw, natd and IPSec tunnels isn't an easy thing to > > >do. > > > > I believe the person said he was using a simple LAN to LAN. I have had > good > > results setting up a few tunnels in the past month or so. What > specifically > > were you trying to find with respect to ipfw ? > > What evaluates a packet first? ipfw rules or setkey rules? It would _appear_ ipfw does first, as I can stop a working ipsec connection with ipfw first, at least when I use the gif tunneling interface. I dont have a tunnel setup currently in transport mode only, but it would be easy enough to test. >... > > #!/bin/sh > > #PPPoE config > > ifconfig lo0 10.1.2.1 netmask 255.255.255.0 alias > > gifconfig gif0 169.1.134.1 172.168.93.4 > > ifconfig gif0 inet 10.1.2.1 10.1.1.1 netmask 255.255.255.0 > > setkey -FP > > setkey -F > > setkey -c < > spdadd 10.1.2.0/24 10.1.1.0/24 any -P out ipsec > > esp/tunnel/169.1.134.1-172.168.93.4/require; > > spdadd 10.1.1.0/24 10.1.2.0/24 any -P in ipsec > > esp/tunnel/172.168.93.4-169.1.134.1/require; > > EOF > > > Why are you using gif0? I understand that gif0 is not recommended for >IPv4 over IPv4 tunnels. Also, since you are using ipsec tunnels setup via >setkey, I don't think gif0. From my understanding the danger with using gif was routing loops. I found it easier to do this way. I agree the documentation is fairly sparse for IPSec, but once you get it running, it does work, and it there is interoperability amongst different vendors implementations. Also, there are more and more books, articles and general resources dealing with IPSec, where as the only other VPN solution that is close to a broad install base I guess is MS PTPTP which has its own issues. What are you using for VPNs ? ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 20 18:26:17 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ms.securenet.net (ms.securenet.net [205.236.147.20]) by hub.freebsd.org (Postfix) with ESMTP id C73BD37B4C5 for ; Mon, 20 Nov 2000 18:26:14 -0800 (PST) Received: from office.securenet.net (office.securenet.net [205.236.147.3]) by ms.securenet.net (8.11.1/8.11.1) with ESMTP id eAL2QDW74861 for ; Mon, 20 Nov 2000 21:26:13 -0500 (EST) Message-Id: <5.0.0.25.2.20001120212158.01f495d8@pop.securenet.net> X-Sender: vandj@pop.securenet.net X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Mon, 20 Nov 2000 21:26:12 -0500 To: freebsd-isp@freebsd.org From: "Jean M. Vandette" Subject: Vlan device in FreeBSD 4.2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Greetings all, I've been trying to get Vlan's to work on 4.2 and would like to know if anyone has gotten this to work and if so how? A short setup lesson would be greatly appreciated I've been trying to get the Vlan's working for a while and still have not succeeded. Yes I have read the ifconfig man page but still seem to be missing something, I get a kernel panic 12 whenever I try to bring up the vlan. Any help from someone who has got this working would be of great help. Thank you in advance Jean M. Vandette To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 20 20:44:37 2000 Delivered-To: freebsd-isp@freebsd.org Received: from cgi.sstar.com (cgi.sstar.com [209.205.176.12]) by hub.freebsd.org (Postfix) with ESMTP id 2BB1A37B4CF for ; Mon, 20 Nov 2000 20:44:36 -0800 (PST) Received: from bluto.jimking.net (root@bluto.jimking.net [216.54.255.8]) by cgi.sstar.com (8.11.0/8.11.0) with ESMTP id eAL4iWs56475 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified OK) for ; Mon, 20 Nov 2000 22:44:35 -0600 (CST) (envelope-from jim@jimking.net) Received: from marble (marble.lgc.com [134.132.228.4]) by bluto.jimking.net (8.11.1/8.11.1) with SMTP id eAL4iUw49286 for ; Mon, 20 Nov 2000 22:44:31 -0600 (CST) (envelope-from jim@jimking.net) Message-ID: <016201c05375$bd52e7a0$04e48486@marble> From: "Jim King" To: Subject: Cyrus IMAP setup Date: Mon, 20 Nov 2000 22:44:30 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Can anybody point me to a good document on setting up Cyrus IMAP with sendmail? I've got it sort of working, but I'm still confused about some stuff and I'm not making much progress reading the docs included with the Cyrus distribution. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 20 21: 6:46 2000 Delivered-To: freebsd-isp@freebsd.org Received: from reef.island.net.au (reef.island.net.au [203.28.142.4]) by hub.freebsd.org (Postfix) with ESMTP id 32BC537B4CF for ; Mon, 20 Nov 2000 21:06:42 -0800 (PST) Received: from hansolo (solo.island.net.au [203.28.142.5]) by reef.island.net.au (8.11.1/8.11.1) with SMTP id eAL55br75803; Tue, 21 Nov 2000 16:05:38 +1100 (EST) Message-ID: <007301c05378$a8581660$088ea8c0@island.net.au> From: "Hugh Blandford" To: "Jim King" , References: <016201c05375$bd52e7a0$04e48486@marble> Subject: Re: Cyrus IMAP setup Date: Tue, 21 Nov 2000 16:05:24 +1100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi Jim, I have this working. I must admit the documentation on the Cyrus website is a bit difficult to find. However there is a good installation document that goes all through this at: http://asg.web.cmu.edu/cyrus/download/imapd/install.html Step 15 deals with Sendmail. If you have done all this, what problems are you still experiencing? Hugh ----- Original Message ----- From: "Jim King" To: Sent: Tuesday, November 21, 2000 3:44 PM Subject: Cyrus IMAP setup > Can anybody point me to a good document on setting up Cyrus IMAP with > sendmail? I've got it sort of working, but I'm still confused about some > stuff and I'm not making much progress reading the docs included with the > Cyrus distribution. > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 21 2: 1:35 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ns.internet.dk (ns.internet.dk [194.19.140.1]) by hub.freebsd.org (Postfix) with ESMTP id 8C8F537B4C5 for ; Tue, 21 Nov 2000 02:01:28 -0800 (PST) Received: (from uucp@localhost) by ns.internet.dk (8.11.1/8.11.1) with UUCP id eALA1MC00964 for freebsd-isp@freebsd.org; Tue, 21 Nov 2000 11:01:22 +0100 (CET) (envelope-from leifn@neland.dk) Received: from localhost (localhost [127.0.0.1]) by arnold.neland.dk (8.11.0/8.11.0) with ESMTP id eAL9krp68621 for ; Tue, 21 Nov 2000 10:46:54 +0100 (CET) (envelope-from leifn@neland.dk) Date: Tue, 21 Nov 2000 10:46:53 +0100 (CET) From: Leif Neland To: freebsd-isp@freebsd.org Subject: intern named asking extern named Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org A client have an internal nameserver, taking care of adresses like pc12.his.dom and hp7.his.dom Then somebody else is running dns for the external adresses, like www.his.dom If the external dns only has a few adresses, I usually on the internal ns say www IN NS ns.external.host. But this client has several subdomains under his.dom, and a creative advertising departement. Is it possible for the internal bind8 first to query its own datafiles, if it doesn't find a name there, then ask the external nameserver before declaring "host not found"? In other words, I want to merge the internal and external adresses, so both can be seen from the inside. Leif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 21 4:41:13 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.sai.co.za (ns1.amandla.co.za [196.33.40.1]) by hub.freebsd.org (Postfix) with ESMTP id 8ACF237B4CF for ; Tue, 21 Nov 2000 04:41:07 -0800 (PST) Received: from fdisk (dave.sai.co.za [196.33.40.17]) by mail.sai.co.za (8.9.3/8.9.3) with SMTP id OAA66818 for ; Tue, 21 Nov 2000 14:41:51 +0200 (SAST) (envelope-from davew@sai.co.za) Message-ID: <003b01c053b8$462a2970$112821c4@sai.co.za> Reply-To: "Dave Wilson" From: "Dave Wilson" To: Subject: Fw: [SQU] IP precedence/header/TOS bits and delay pools Date: Tue, 21 Nov 2000 14:40:47 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi guys, howzit going ? > > We limit all our clients international bandwidth usage based on what package > they purchase from us. i.e. a client pays for a limited 32K of international > bandwidth but has unlimited Local (South African) bandwidth. > We limit the clients International bandwidth based on their subnet range > using a Packeteer Packet shaper. > > When we started selling these "Limit international bandwidth" packages we > had to ditch our transparent Squid proxy, because the proxy would obviously > fetch everything on behalf of the client at what ever bandwidth was > available on our main pipe, and thus the client was not getting limited at > whatever bandwidth was specified for that clients subnet range. > Putting our transparent proxy back would be a really great idea as long as > we can limit the bandwidth which our "bandwidth limited" clients use. > I have seen that delay pools would be perfect for the task, the problem is > that we would have to enter in every local IP range to discriminate between > local and international websites. > At the moment our upstream bandwidth provider "colors" or marks the > TOS/Precedent bit field of all our incoming international traffic, which our > packeteer then picks up and utilizes to discriminate between international > and local traffic. > > Is there any way to patch Squid or use some external utility along with > Squid to recognize TOS/IP precedence fields and make delay pool decisions on > it ? > If this is possible then our transparent proxy will then be implemented > again. ;-) > Thanks. > > > Regards > Dave Wilson > The S.A. Internet > (033) 3456777 > 0825496159 > http://www.sai.co.za > "Who is "General Failure", and what is he doing reading my hard disk ?" > > > > > > -- > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 21 6:29:27 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mcp.csh.rit.edu (mcp.csh.rit.edu [129.21.60.9]) by hub.freebsd.org (Postfix) with ESMTP id 1577837B4D7 for ; Tue, 21 Nov 2000 06:29:24 -0800 (PST) Received: from fury.csh.rit.edu (fury.csh.rit.edu [129.21.60.5]) by mcp.csh.rit.edu (Postfix) with ESMTP id 3EE841AD; Tue, 21 Nov 2000 09:29:18 -0500 (EST) Received: (from jon@localhost) by fury.csh.rit.edu (8.9.3+Sun/8.9.1) id JAA12712; Tue, 21 Nov 2000 09:28:59 -0500 (EST) Date: Tue, 21 Nov 2000 09:28:59 -0500 From: Jon Parise To: Leif Neland Cc: freebsd-isp@freebsd.org Subject: Re: intern named asking extern named Message-ID: <20001121092859.C11896@csh.rit.edu> Mail-Followup-To: Leif Neland , freebsd-isp@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from leifn@neland.dk on Tue, Nov 21, 2000 at 10:46:53AM +0100 X-Operating-System: SunOS 5.7 (sun4u) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Nov 21, 2000 at 10:46:53AM +0100, Leif Neland wrote: > A client have an internal nameserver, taking care of adresses like > pc12.his.dom and hp7.his.dom > > Then somebody else is running dns for the external adresses, like > www.his.dom Which nameserver is the primary authoritative server for the domain? > Is it possible for the internal bind8 first to query its own datafiles, if > it doesn't find a name there, then ask the external nameserver before > declaring "host not found"? Unless I'm not following your setup entirely, you should just be able to add the external nameserver as a "forwarder" for the internal nameserver, e.g.: forwarders { ns.external.dom; } > In other words, I want to merge the internal and external adresses, so > both can be seen from the inside. If you truly need to merge the two sets of addresses, you'll need to look into things like delegation combined with master / slave arrangements. -- Jon Parise (jon@csh.rit.edu) . Rochester Inst. of Technology http://www.csh.rit.edu/~jon/ : Computer Science House Member To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 21 12:25:15 2000 Delivered-To: freebsd-isp@freebsd.org Received: from sun2.siteone.net (ns2.site-one.com [209.246.218.67]) by hub.freebsd.org (Postfix) with ESMTP id 8814137B4C5 for ; Tue, 21 Nov 2000 12:25:11 -0800 (PST) Received: from David (wan104.site-one.com [209.246.218.40]) by sun2.siteone.net (8.9.3/8.9.3) with SMTP id PAA24871 for ; Tue, 21 Nov 2000 15:25:11 -0500 From: "David Lawson" To: Subject: Date: Tue, 21 Nov 2000 15:25:18 -0500 Message-ID: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0030_01C053CF.41212200" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0030_01C053CF.41212200 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Does anyone know of any software I can setup to allow individual users to filter their email at the server level. Thanks, Dave ------=_NextPart_000_0030_01C053CF.41212200 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Does = anyone know of=20 any software I can setup to allow individual users to filter their email = at the=20 server level.
 
 
Thanks,
 
Dave
------=_NextPart_000_0030_01C053CF.41212200-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 21 12:33:30 2000 Delivered-To: freebsd-isp@freebsd.org Received: from grok.example.net (cr479972-a.rct1.bc.wave.home.com [24.113.37.168]) by hub.freebsd.org (Postfix) with ESMTP id 615CC37B4C5 for ; Tue, 21 Nov 2000 12:33:29 -0800 (PST) Received: by grok.example.net (Postfix, from userid 1000) id EFEFA212E29; Tue, 21 Nov 2000 12:33:28 -0800 (PST) Date: Tue, 21 Nov 2000 12:33:28 -0800 From: Steve Reid To: Michael O Shea Cc: freebsd-isp@FreeBSD.ORG Subject: Re: apache+php+pgsql woes Message-ID: <20001121123328.A1190@grok> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: ; from Michael O Shea on Mon, Nov 20, 2000 at 01:29:06PM +0100 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Nov 20, 2000 at 01:29:06PM +0100, Michael O Shea wrote: > I am trying to store my PHPSessions on Postgres and while it runs > fine under small load as soon as it gets busy I get the following in > the browser, > Warning: Unable to connect to PostgreSQL server: connectDBStart() -- > socket() failed: errno=55 No buffer space available in I've seen "No buffer space available" when running out of PCBs and/or sockets. Try `sysctl vm.zone` when that message is appearing and look at the "tcpcb" and "socket" utilization. If it looks like you're bumping against the limit then install a kernel with higher MAXUSERS setting. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 21 13: 6:41 2000 Delivered-To: freebsd-isp@freebsd.org Received: from christel.heitec.net (christel.heitec.net [193.101.232.3]) by hub.freebsd.org (Postfix) with ESMTP id 452E937B4D7 for ; Tue, 21 Nov 2000 13:06:39 -0800 (PST) Received: from tashi.admin.er.heitec.net (paladin.heitec.net [193.101.232.30]) by christel.heitec.net (Postfix) with ESMTP id AD710354855 for ; Tue, 21 Nov 2000 22:12:27 +0100 (CET) Received: by tashi.admin.er.heitec.net (Postfix, from userid 1000) id 8EF721D56; Tue, 21 Nov 2000 22:07:33 +0100 (CET) Date: Tue, 21 Nov 2000 22:07:33 +0100 To: freebsd-isp@FreeBSD.ORG Subject: Re: your mail Message-ID: <20001121220733.H26672@heitec.net> Mail-Followup-To: freebsd-isp@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from dave@siteone.net on Tue, Nov 21, 2000 at 15:25:18 -0500 Organization: Heitec AG From: lenz@heitec.net (Lenz Gschwendtner) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi David, On Tue, 21 Nov 2000, David Lawson wrote: > Does anyone know of any software I can setup to allow individual users to > filter their email at the server level. programs like procmail do that. you can envolve them in a .forward in each users homedir. cheers lenz > > > Thanks, > > Dave -- system/security manager =''' phon +49-9131-877-138 \ c oo --------------------------------------------- \ ----------------------------------------------- ~ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 21 17:37:11 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.westbend.net (ns1.westbend.net [209.224.254.131]) by hub.freebsd.org (Postfix) with ESMTP id 588C537B4D7 for ; Tue, 21 Nov 2000 17:37:09 -0800 (PST) Received: from admin.westbend.net (admin.westbend.net [209.224.254.141]) by mail.westbend.net (8.11.1/8.11.1) with SMTP id eAM1ZlN42262; Tue, 21 Nov 2000 19:37:08 -0600 (CST) (envelope-from hetzels@westbend.net) Message-ID: <004f01c05424$ba3a1b60$8dfee0d1@westbend.net> From: "Scot W. Hetzel" To: "David Lawson" , References: Subject: Re: mail filtering Date: Tue, 21 Nov 2000 19:35:47 -0600 Organization: West Bend Interent MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org From: "David Lawson" > Does anyone know of any software I can setup to allow individual users to > filter their email at the server level. > Besides procmail, you can also use cyrus-imapd's (1.6.x, 2.0.x) builtin sieve filtering language to filter your users email. Additionally, the sieve scripts can be create/modify/delete and upload to the cyrus-imapd server using a web browser: http://24.112.168.35/websieve/ Scot To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 21 18:28:26 2000 Delivered-To: freebsd-isp@freebsd.org Received: from hawk.prod.itd.earthlink.net (hawk.prod.itd.earthlink.net [207.217.120.22]) by hub.freebsd.org (Postfix) with ESMTP id B05CF37B4C5 for ; Tue, 21 Nov 2000 18:28:23 -0800 (PST) Received: from veager.siteplus.net (user-38lc8b2.dialup.mindspring.com [209.86.33.98]) by hawk.prod.itd.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id SAA13704 for ; Tue, 21 Nov 2000 18:28:21 -0800 (PST) Date: Tue, 21 Nov 2000 21:28:19 -0500 (EST) From: Jim Weeks To: freebsd-isp@freebsd.org Subject: /usr/ports/graphics/ImageMagic Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org These things always hit me when I am on my way out of town ;/ I have a request from one of my clients to install /usr/ports/graphics/ImageMagic. At first glance I noticed this port wants Xfree86 installed. I prefer not to install X on a web server. This is a client that is a keeper, and from a profit -> aggravation ratio I think most of you can relate. I am sorry I haven't had time to research this port in depth. So, I wondered if anyone has done this and has any suggestions on the installation. The exclusion of X would be preferred. Thanks, -- Jim Weeks To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 21 18:37:56 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.numachi.com (numachi.numachi.com [198.175.254.2]) by hub.freebsd.org (Postfix) with SMTP id D076037B479 for ; Tue, 21 Nov 2000 18:37:53 -0800 (PST) Received: (qmail 4198 invoked by uid 3001); 22 Nov 2000 02:37:52 -0000 Received: from natto.numachi.com (198.175.254.216) by numachi.numachi.com with SMTP; 22 Nov 2000 02:37:52 -0000 Received: (qmail 32828 invoked by uid 1001); 22 Nov 2000 02:37:52 -0000 Date: Tue, 21 Nov 2000 21:37:52 -0500 From: Brian Reichert To: Jim Weeks Cc: freebsd-isp@freebsd.org Subject: Re: /usr/ports/graphics/ImageMagic Message-ID: <20001121213752.Q26642@numachi.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jim@siteplus.net on Tue, Nov 21, 2000 at 09:28:19PM -0500 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Nov 21, 2000 at 09:28:19PM -0500, Jim Weeks wrote: > These things always hit me when I am on my way out of town ;/ > > I have a request from one of my clients to install > /usr/ports/graphics/ImageMagic. At first glance I noticed this port wants > Xfree86 installed. I prefer not to install X on a web server. This is a > client that is a keeper, and from a profit -> aggravation ratio I think > most of you can relate. This doesn't answer your question one bit, but I feel compelled to say: if you are at all worried about performance, I've found the netpbm tools to be much nicer on a web back-end... And, why _don't_ you want to install X (if you don't want to build ImageMagick form source)? it's just diskspace. Par out the apps you think you don't need, strip all of the suid bits if you're worried. > I am sorry I haven't had time to research this port in depth. So, I > wondered if anyone has done this and has any suggestions on > the installation. The exclusion of X would be preferred. > > Thanks, > > -- > Jim Weeks -- Brian 'you Bastard' Reichert 37 Crystal Ave. #303 Daytime number: (603) 434-6842 Derry NH 03038-1713 USA Intel architecture: the left-hand path To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 21 19: 5:34 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.desktop.com (mail.desktop.com [166.90.128.242]) by hub.freebsd.org (Postfix) with ESMTP id ADC7637B4CF for ; Tue, 21 Nov 2000 19:05:32 -0800 (PST) Received: (from clark@localhost) by mail.desktop.com (8.9.3/8.9.2) id TAA54318; Tue, 21 Nov 2000 19:05:14 -0800 (PST) (envelope-from clark) Date: Tue, 21 Nov 2000 19:05:14 -0800 From: Clark Shishido To: Jim Weeks Cc: freebsd-isp@FreeBSD.ORG Subject: Re: /usr/ports/graphics/ImageMagic Message-ID: <20001121190514.A53765@desktop.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: ; from jim@siteplus.net on Tue, Nov 21, 2000 at 09:28:19PM -0500 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Nov 21, 2000 at 09:28:19PM -0500, Jim Weeks emailed: > These things always hit me when I am on my way out of town ;/ > > I have a request from one of my clients to install > /usr/ports/graphics/ImageMagic. At first glance I noticed this port wants > Xfree86 installed. I prefer not to install X on a web server. This is a > client that is a keeper, and from a profit -> aggravation ratio I think > most of you can relate. > > I am sorry I haven't had time to research this port in depth. So, I > wondered if anyone has done this and has any suggestions on > the installation. The exclusion of X would be preferred. > just take the lib and include directories in /usr/X11R6 from another machine and put it in /usr/X11R6 and ImageMagik will be able to build without the actual X binaries wasting space. we do it all the time. --clark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 21 21: 7:29 2000 Delivered-To: freebsd-isp@freebsd.org Received: from linuxpower.p00t.net (mke-65-25-164-118.wi.rr.com [65.25.164.118]) by hub.freebsd.org (Postfix) with ESMTP id 7E35F37B479 for ; Tue, 21 Nov 2000 21:07:26 -0800 (PST) Received: from localhost (trout@localhost) by linuxpower.p00t.net (8.11.0/8.10.2) with ESMTP id eAM5L8o16585; Tue, 21 Nov 2000 23:21:08 -0600 Date: Tue, 21 Nov 2000 23:21:08 -0600 (CST) From: Tom Duffey To: Jim Weeks Cc: freebsd-isp@FreeBSD.ORG Subject: Re: /usr/ports/graphics/ImageMagic In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Another solution is to just install the XFree86-4-libraries port and then install ImageMagick. Tom Duffey > I have a request from one of my clients to install > /usr/ports/graphics/ImageMagic. At first glance I noticed this port wants > Xfree86 installed. I prefer not to install X on a web server. This is a > client that is a keeper, and from a profit -> aggravation ratio I think > most of you can relate. > > I am sorry I haven't had time to research this port in depth. So, I > wondered if anyone has done this and has any suggestions on > the installation. The exclusion of X would be preferred. > > Thanks, > > -- > Jim Weeks > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 21 23:52:16 2000 Delivered-To: freebsd-isp@freebsd.org Received: from piast.t19.ds.pwr.wroc.pl (piast.t19.ds.pwr.wroc.pl [156.17.215.247]) by hub.freebsd.org (Postfix) with ESMTP id A02A937B4C5 for ; Tue, 21 Nov 2000 23:52:10 -0800 (PST) Received: (from localhost user: 'jorgus', uid#901) by piast.t19.ds.pwr.wroc.pl id ; Wed, 22 Nov 2000 08:51:36 +0100 Date: Wed, 22 Nov 2000 08:51:36 +0100 From: Szymon Juraszczyk To: "Scot W. Hetzel" Cc: David Lawson , freebsd-isp@FreeBSD.ORG Subject: Re: mail filtering Message-ID: <20001122085136.A27936@t19.ds.pwr.wroc.pl> References: <004f01c05424$ba3a1b60$8dfee0d1@westbend.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <004f01c05424$ba3a1b60$8dfee0d1@westbend.net>; from hetzels@westbend.net on Tue, Nov 21, 2000 at 07:35:47PM -0600 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 2000-11-21 at 19:35:47, Scot W. Hetzel wrote: A pewnie, tylko se skompilowaæ trzeba - Debianowcy zawziêcie trzymaj± siê wersji 1.5.x > From: "David Lawson" > > Does anyone know of any software I can setup to allow individual users to > > filter their email at the server level. > > > Besides procmail, you can also use cyrus-imapd's (1.6.x, 2.0.x) builtin > sieve filtering language to filter your users email. > > Additionally, the sieve scripts can be create/modify/delete and upload to > the cyrus-imapd server using a web browser: > > http://24.112.168.35/websieve/ > > Scot > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message Pozdrawiam, -- Szymon Juraszczyk, szymon@ssk.pl Surfland Systemy Komputerowe Sp. z o.o. tel. (071) 373-44-77 w.217, fax 373-54-37 http://www.surfland.com.pl/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 21 23:54:25 2000 Delivered-To: freebsd-isp@freebsd.org Received: from piast.t19.ds.pwr.wroc.pl (piast.t19.ds.pwr.wroc.pl [156.17.215.247]) by hub.freebsd.org (Postfix) with ESMTP id AAC7637B4C5 for ; Tue, 21 Nov 2000 23:54:23 -0800 (PST) Received: (from localhost user: 'jorgus', uid#901) by piast.t19.ds.pwr.wroc.pl id ; Wed, 22 Nov 2000 08:54:01 +0100 Date: Wed, 22 Nov 2000 08:54:01 +0100 From: Szymon Juraszczyk To: "Scot W. Hetzel" Cc: David Lawson , freebsd-isp@FreeBSD.ORG Subject: Re: mail filtering Message-ID: <20001122085401.B27936@t19.ds.pwr.wroc.pl> References: <004f01c05424$ba3a1b60$8dfee0d1@westbend.net> <20001122085136.A27936@t19.ds.pwr.wroc.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001122085136.A27936@t19.ds.pwr.wroc.pl>; from szymon@ssk.pl on Wed, Nov 22, 2000 at 08:51:36AM +0100 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I apologize for accidentaly sending you mail, that was ment to be reply to the man that bounced me your letter. Greetings, -- Szymon Juraszczyk, szymon@ssk.pl Surfland Systemy Komputerowe Sp. z o.o. tel. (071) 373-44-77 w.217, fax 373-54-37 http://www.surfland.com.pl/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 22 3:18:58 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.polytechnic.edu.na (mail.polytechnic.edu.na [196.31.225.2]) by hub.freebsd.org (Postfix) with ESMTP id 2359837B4CF for ; Wed, 22 Nov 2000 03:18:48 -0800 (PST) Received: from ns1.horizon.na ([196.31.225.199] helo=polytechnic.edu.na) by mail.polytechnic.edu.na with esmtp (Exim 3.02 #2) id 13yajY-0005PS-00; Wed, 22 Nov 2000 12:18:48 -0200 Message-ID: <3A1BAB6A.9790A671@polytechnic.edu.na> Date: Wed, 22 Nov 2000 13:18:02 +0200 From: Tim Priebe Reply-To: tim@iafrica.com.na X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 3.4-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: "Jean M. Vandette" Cc: freebsd-isp@freebsd.org Subject: Re: Vlan device in FreeBSD 4.2 References: <5.0.0.25.2.20001120212158.01f495d8@pop.securenet.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It seems someone has introduced a bug to ifconfig, if you do not configure the adapeter before you configure the vlan device, you get a panic. Work around configure the device before you configure the vlan device. Tim. "Jean M. Vandette" wrote: > > Greetings all, > > I've been trying to get Vlan's to work on 4.2 and would like to know > if anyone has gotten this to work and if so how? > > A short setup lesson would be greatly appreciated I've been trying > to get the Vlan's working for a while and still have not succeeded. > Yes I have read the ifconfig man page but still seem to be missing > something, I get a kernel panic 12 whenever I try to bring up the vlan. > > Any help from someone who has got this working would be of great help. > > Thank you in advance > > Jean M. Vandette > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 22 4: 6:57 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.psknet.com (orion.psknet.com [207.198.61.253]) by hub.freebsd.org (Postfix) with SMTP id 9A46E37B4CF for ; Wed, 22 Nov 2000 04:06:51 -0800 (PST) Received: (qmail 41838 invoked from network); 22 Nov 2000 12:06:47 -0000 Received: from abyss.dashit.net (HELO ABYSS) (209.100.22.250) by orion.psknet.com with SMTP; 22 Nov 2000 12:06:47 -0000 From: "Troy Settle" To: , "Jean M. Vandette" Cc: Subject: RE: Vlan device in FreeBSD 4.2 Date: Wed, 22 Nov 2000 07:08:58 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <3A1BAB6A.9790A671@polytechnic.edu.na> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal X-AntiVirus: scanned for viruses by Pulaski Networks (http://www.psknet.com) using AMaViS (http://www.amavis.org) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Would you also call it a bug when your box hangs at boot because you have /usr/local before /usr in /etc/fstab ? Vlan is akin to a sub interface. You gotta bring up the parent before you bring up the child. Perhaps ifconfig could have code added to it to check this and spit out an error message: "hey idiot, you gotta configure the real interface before the virtual one." -Troy ** -----Original Message----- ** From: owner-freebsd-isp@FreeBSD.ORG ** [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Tim Priebe ** Sent: Wednesday, November 22, 2000 6:18 AM ** To: Jean M. Vandette ** Cc: freebsd-isp@freebsd.org ** Subject: Re: Vlan device in FreeBSD 4.2 ** ** ** It seems someone has introduced a bug to ifconfig, if you do not ** configure the adapeter before you configure the vlan device, you get a ** panic. Work around configure the device before you configure the vlan ** device. ** ** Tim. ** ** "Jean M. Vandette" wrote: ** > ** > Greetings all, ** > ** > I've been trying to get Vlan's to work on 4.2 and would like to know ** > if anyone has gotten this to work and if so how? ** > ** > A short setup lesson would be greatly appreciated I've been trying ** > to get the Vlan's working for a while and still have not succeeded. ** > Yes I have read the ifconfig man page but still seem to be missing ** > something, I get a kernel panic 12 whenever I try to bring up the vlan. ** > ** > Any help from someone who has got this working would be of great help. ** > ** > Thank you in advance ** > ** > Jean M. Vandette ** > ** > To Unsubscribe: send mail to majordomo@FreeBSD.org ** > with "unsubscribe freebsd-isp" in the body of the message ** ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org ** with "unsubscribe freebsd-isp" in the body of the message ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 22 8:28:36 2000 Delivered-To: freebsd-isp@freebsd.org Received: from rad3.1stup.com (rad3.1stup.com [209.143.242.34]) by hub.freebsd.org (Postfix) with ESMTP id 1C8EB37B4CF for ; Wed, 22 Nov 2000 08:28:35 -0800 (PST) Received: from veager (ip238.jackson10.ms.pub-ip.psi.net [38.36.61.238]) by rad3.1stup.com (8.10.1/8.10.1) with SMTP id eAMGSI925093; Wed, 22 Nov 2000 08:28:20 -0800 Message-ID: <009801c054a1$3e34f620$ee3d2426@siteplus.net> From: "Jim Weeks" To: Cc: "Tom Duffey" , "Brian Reichert" , "Clark Shishido" References: Subject: Re: /usr/ports/graphics/ImageMagic Date: Wed, 22 Nov 2000 11:28:13 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Tom Duffey pointed out, > Another solution is to just install the XFree86-4-libraries port and then > install ImageMagick. Thanks fellows, I think Tom's idea will work nicely, and should be a little faster than coping files from one of my 56K bound workstation to a collocated server. I also appreciate the insight on netpbm, but the client's script evidently calls for ImageMagick. Jim ________________________________________________________ 1stUp.com - Free the Web Get your free Internet access at http://www.1stUp.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 22 10: 1:11 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.qcislands.net (mail.qcislands.net [209.53.238.6]) by hub.freebsd.org (Postfix) with ESMTP id 9887037B4C5 for ; Wed, 22 Nov 2000 10:01:08 -0800 (PST) Received: from [209.53.238.7] (helo=auth.qcislands.net) by mail.qcislands.net with esmtp (Exim 3.14 #3) id 13yeCi-0004s5-00 for freebsd-isp@freebsd.org; Wed, 22 Nov 2000 10:01:08 -0800 Received: from ccstore by auth.qcislands.net with local (Exim 3.13 #3) id 13yeCh-0004Lk-00 for freebsd-isp@freebsd.org; Wed, 22 Nov 2000 18:01:07 +0000 From: Jim Pazarena To: freebsd-isp@freebsd.org Subject: user email filtering X-Mailer: SCO Shell Date: Wed, 22 Nov 2000 9:48:05 -0800 (PST) Message-ID: <10011220948.aa02950@ccstores.com> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Subject: user email filtering >Date: Tue, 21 Nov 2000 15:25:18 -0500 >From: "David Lawson" >To: >Does anyone know of any software I can setup to allow individual users to >filter their email at the server level. 'exim' MTA delivers directly (without procmail), and permits end users to create there own filtering rules. -- Jim Pazarena mailto:paz@ccstores.com http://www.qcislands.net/paz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 23 8:31:51 2000 Delivered-To: freebsd-isp@freebsd.org Received: from bessel.tekniikka.turkuamk.fi (bessel.tekniikka.turkuamk.fi [193.166.133.10]) by hub.freebsd.org (Postfix) with ESMTP id ADBA437B479 for ; Thu, 23 Nov 2000 08:31:49 -0800 (PST) Received: from localhost (eyurtese@localhost) by bessel.tekniikka.turkuamk.fi (8.9.2/8.9.2) with ESMTP id SAA38460 for ; Thu, 23 Nov 2000 18:31:42 +0200 Date: Thu, 23 Nov 2000 18:31:41 +0200 (WET) From: Evren Yurtesen To: freebsd-isp@freebsd.org Subject: bandwidth usage of pipes Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, Is there any possible way to detect how much bandwidth is used on a pipe of dummynet ? In fact I wonder when I issue ipfw -a list command why the pipes doesnt seem to match any packets ? 02100 0 0 pipe 2 ip from any to any in recv ed0 02200 0 0 pipe 3 ip from any to any out xmit ed0 Evren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 23 13:33:14 2000 Delivered-To: freebsd-isp@freebsd.org Received: from lists01.iafrica.com (lists01.iafrica.com [196.7.0.141]) by hub.freebsd.org (Postfix) with ESMTP id 8BD7837B479 for ; Thu, 23 Nov 2000 13:33:10 -0800 (PST) Received: from nwl.fw.uunet.co.za ([196.31.2.162]) by lists01.iafrica.com with esmtp (Exim 3.12 #2) id 13z3z9-0004MG-00; Thu, 23 Nov 2000 23:32:51 +0200 Received: (from nobody@localhost) by nwl.fw.uunet.co.za (8.8.8/8.6.9) id XAA24098; Thu, 23 Nov 2000 23:33:01 +0200 (SAST) Received: by nwl.fw.uunet.co.za via recvmail id 24090; Thu Nov 23 23:32:47 2000 Received: from bofh.fw.uunet.co.za (bofh.fw.uunet.co.za [172.16.3.35]) by kg.fw.uunet.co.za (Postfix) with ESMTP id B588B1AEBC; Thu, 23 Nov 2000 23:32:47 +0200 (SAST) Received: from localhost (localhost [127.0.0.1]) by bofh.fw.uunet.co.za (Postfix) with ESMTP id E705B5C3E; Thu, 23 Nov 2000 23:32:42 +0200 (SAST) Date: Thu, 23 Nov 2000 23:32:42 +0200 (SAST) From: Khetan Gajjar X-Sender: khetan@bofh.fw.uunet.co.za To: Randy Smith Cc: freebsd-isp Subject: Re: Remote console into FreeBSD 4.1.1 boxen In-Reply-To: Message-ID: X-Cell: +27 82 416 0160 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Around Monday, "Khetan Gajjar" wrote : KG> I remember some other hardware add-in device that was a lot KG> cheaper, but it's name/specifications escape me now. KG> The advantage of a add-in card is that you're not dependent KG> on the OS (in case it barfs) - it's almost Sun-like console KG> management. Found it - the weasel http://www.realweasel.com/intro.html Khetan Gajjar. --- khetan@uunet.co.za * Direct -> +27 21 658 8723 UUNET South Africa * Mobile -> +27 82 416 0105 http://www.uunet.co.za * Info Centre-> 08600 UUNET (88638) Systems Team * PGP Key -> kg+details@uunet.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 23 17:48:29 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ms.securenet.net (ms.securenet.net [205.236.147.20]) by hub.freebsd.org (Postfix) with ESMTP id 4B45737B4CF for ; Thu, 23 Nov 2000 17:48:24 -0800 (PST) Received: from office.securenet.net (office.securenet.net [205.236.147.3]) by ms.securenet.net (8.11.1/8.11.1) with ESMTP id eAO1lcG20586; Thu, 23 Nov 2000 20:47:39 -0500 (EST) Message-Id: <5.0.0.25.2.20001123183756.06cac560@pop.securenet.net> X-Sender: vandj@pop.securenet.net X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Thu, 23 Nov 2000 20:47:37 -0500 To: tim@iafrica.com.na From: "Jean M. Vandette" Subject: Re: Vlan device in FreeBSD 4.2 Cc: freebsd-isp@FreeBSD.ORG In-Reply-To: <3A1BAB6A.9790A671@polytechnic.edu.na> References: <5.0.0.25.2.20001120212158.01f495d8@pop.securenet.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 01:18 PM 22/11/2000 +0200, you wrote: Greetings, Actually I tried that and didn't get the panic but I couldn't get the vlan to work either. If you have the Vlan devices working I would like to see how you have this configured. First I configured persudo-device vlan in the kernel then ifconfig_vlan0="inet 192.168.100.10 netmask 255.255.255.192 vlan 43 vlandev fxp3 I did a couple of tests and my mac number shows up at the remote end of the vlan so I know the packets are getting their (bpf also confirms this) but when the reply comes back I see the packet when doing a dump on the fxp3 device but it seems to go nowhere. I seem to be missing something to tie it all together. Any suggestions or corrections to my configuration above would be of great help. I know I'm not doing something right. Thank you for the reply. Jean M. Vandette >It seems someone has introduced a bug to ifconfig, if you do not >configure the adapeter before you configure the vlan device, you get a >panic. Work around configure the device before you configure the vlan >device. > >Tim. > >"Jean M. Vandette" wrote: > > > > Greetings all, > > > > I've been trying to get Vlan's to work on 4.2 and would like to know > > if anyone has gotten this to work and if so how? > > > > A short setup lesson would be greatly appreciated I've been trying > > to get the Vlan's working for a while and still have not succeeded. > > Yes I have read the ifconfig man page but still seem to be missing > > something, I get a kernel panic 12 whenever I try to bring up the vlan. > > > > Any help from someone who has got this working would be of great help. > > > > Thank you in advance > > > > Jean M. Vandette > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message **John M. Vandette, Consultant vandj@securenet.net** **SecureNet Information Services Inc. Internet Providers** **100 Alexis Nihon Blvd #283 St. Laurent, Quebec, Canada** **"Who does BSD Unix....?" "We do Chucky... We do..."** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 23 21:14:47 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131]) by hub.freebsd.org (Postfix) with ESMTP id 83FC837B4C5 for ; Thu, 23 Nov 2000 21:14:43 -0800 (PST) Received: from localhost (ryan@localhost) by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id XAA34780 for ; Thu, 23 Nov 2000 23:19:04 -0600 (CST) (envelope-from ryan@sasknow.com) Date: Thu, 23 Nov 2000 23:19:04 -0600 (CST) From: Ryan Thompson To: freebsd-isp@freebsd.org Subject: proftpd passive weirdness through firewall Message-ID: Organization: SaskNow Technologies [www.sasknow.com] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi all... As many admins are aware, configuring an FTP server through a firewall can be a major pain. It is a pain I thought I had mastered, though :-) My firewall setup such that I have everything inbound blocked but basic connectivity, and the protocols I wish to enable, including FTP. Outgoing connections are allowed to any network on (almost) any port, as this is not a user machine. Now, a few customers have been complaining that passive mode transfers (and directory listings) do not work, which has enticed me to look into the problem a bit further. We moved to proftpd from wuftpd a while back, and the problem seemed to start around that time. It appears as though, when initiating a transfer, very low port numbers are chosen: Script started on Thu Nov 23 22:55:46 2000 Connected to ftp.sasknow.com. 220 ProFTPD 1.2.0pre10 Server (SaskNow Technologies FTP Server) [ftp.sasknow.com] Name (ftp.sasknow.com:ryan): ryan 331 Password required for ryan. Password: 230 User ryan logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 500 EPSV not understood. 227 Entering Passive Mode (207,195,92,131,15,135). ^C receive aborted. Waiting for remote to finish abort. ftp> passive Passive mode: off; fallback to active mode: off. ftp> ls 200 PORT command successful. 150 Opening ASCII mode data connection for file list. < normal ls output > 226 Transfer complete. ftp> quit 221 Goodbye. Script done on Thu Nov 23 22:56:15 2000 The following is a few snippets of my firewall configuration (not the whole thing, obviously): # Basic connectivity rules ==================================================== # Allow established connections $fwcmd add 600 pass tcp from any to any established # Allow outgoing connections originating from our subnet only $fwcmd add 700 pass tcp from ${sasknow} to any setup # Explicitly block ICMP redirects # $fwcmd add 1000 deny icmp from any to any icmptype 5 # Allow all other ICMP $fwcmd add 1100 pass icmp from any to any # Open default traceroute port on udp only. # The default port range starts at 33434 $fwcmd add 1200 pass udp from any to any 33434-33500 # Individual protocol access ================================================== # Completely open up standard FTP $fwcmd add 9900 pass tcp from any 20 to any $fwcmd add 9901 pass udp from any 20 to any $fwcmd add 9950 pass tcp from any to ${ftp} 21 setup # More inbound protocols allowed.... # Everything else is denied by default! So, anything with a source port of 20 is let through, and control connections can be established on port 21. Standard FTP, therefore, works fine. Many clients nowadays have passive mode on by default, though (or are behind firewalls themselves), and it's passive mode that causes grief! Since all outbound connections are explicitly allowed by rule 0700, why isn't passive mode functional? From my testing, this problem spans more than a dozen different clients on several different networks (many of which are not restricted by a firewall themselves). Disabling the firewall rules, here, of course allows passive mode to work perfectly from anywhere. I've tried playing with the "passive ports" directive in /usr/local/etc/ftpaccess, and explicitly opening up those ports for inbound access, but to no avail. It seems a little strange to have to do this, anyway. Thanks for any suggestions! - Ryan -- Ryan Thompson Network Administrator, Accounts Phone: +1 (306) 664-1161 SaskNow Technologies http://www.sasknow.com #106-380 3120 8th St E Saskatoon, SK S7H 0W2 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 23 21:20:34 2000 Delivered-To: freebsd-isp@freebsd.org Received: from anaconda.acceleratedweb.net (anaconda.acceleratedweb.net [209.51.164.130]) by hub.freebsd.org (Postfix) with SMTP id 8DFAC37B479 for ; Thu, 23 Nov 2000 21:20:30 -0800 (PST) Received: (qmail 22441 invoked by uid 106); 24 Nov 2000 05:24:07 -0000 Received: from adsl-151-202-94-118.nyc.adsl.bellatlantic.net (HELO sharky) (151.202.94.118) by anaconda.acceleratedweb.net with SMTP; 24 Nov 2000 05:24:07 -0000 From: "Simon" To: "freebsd-isp@freebsd.org" , "Ryan Thompson" Date: Fri, 24 Nov 2000 00:24:39 -0500 Reply-To: "Simon" X-Mailer: PMMail 2000 Professional (2.10.2010) For Windows 2000 (5.0.2195) In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: proftpd passive weirdness through firewall Message-Id: <20001124052030.8DFAC37B479@hub.freebsd.org> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org That's a problem with proftpd. You should upgrade to latest release. -Simon On Thu, 23 Nov 2000 23:19:04 -0600 (CST), Ryan Thompson wrote: > >Hi all... > >As many admins are aware, configuring an FTP server through a firewall can >be a major pain. It is a pain I thought I had mastered, though :-) My >firewall setup such that I have everything inbound blocked but basic >connectivity, and the protocols I wish to enable, including FTP. >Outgoing connections are allowed to any network on (almost) any port, as >this is not a user machine. > >Now, a few customers have been complaining that passive mode transfers >(and directory listings) do not work, which has enticed me to look into >the problem a bit further. We moved to proftpd from wuftpd a while back, >and the problem seemed to start around that time. > >It appears as though, when initiating a transfer, very low port numbers >are chosen: > >Script started on Thu Nov 23 22:55:46 2000 >Connected to ftp.sasknow.com. >220 ProFTPD 1.2.0pre10 Server (SaskNow Technologies FTP Server) [ftp.sasknow.com] >Name (ftp.sasknow.com:ryan): ryan >331 Password required for ryan. >Password: >230 User ryan logged in. >Remote system type is UNIX. >Using binary mode to transfer files. >ftp> ls >500 EPSV not understood. >227 Entering Passive Mode (207,195,92,131,15,135). >^C >receive aborted. Waiting for remote to finish abort. >ftp> passive >Passive mode: off; fallback to active mode: off. >ftp> ls >200 PORT command successful. >150 Opening ASCII mode data connection for file list. > >< normal ls output > > >226 Transfer complete. >ftp> quit >221 Goodbye. > >Script done on Thu Nov 23 22:56:15 2000 > > >The following is a few snippets of my firewall configuration (not the >whole thing, obviously): > > ># Basic connectivity rules ==================================================== > ># Allow established connections >$fwcmd add 600 pass tcp from any to any established > ># Allow outgoing connections originating from our subnet only >$fwcmd add 700 pass tcp from ${sasknow} to any setup > ># Explicitly block ICMP redirects ># $fwcmd add 1000 deny icmp from any to any icmptype 5 > ># Allow all other ICMP >$fwcmd add 1100 pass icmp from any to any > ># Open default traceroute port on udp only. ># The default port range starts at 33434 >$fwcmd add 1200 pass udp from any to any 33434-33500 > ># Individual protocol access ================================================== > ># Completely open up standard FTP >$fwcmd add 9900 pass tcp from any 20 to any >$fwcmd add 9901 pass udp from any 20 to any >$fwcmd add 9950 pass tcp from any to ${ftp} 21 setup > > ># More inbound protocols allowed.... > > ># Everything else is denied by default! > >So, anything with a source port of 20 is let through, and control >connections can be established on port 21. Standard FTP, therefore, works >fine. Many clients nowadays have passive mode on by default, though (or >are behind firewalls themselves), and it's passive mode that causes grief! >Since all outbound connections are explicitly allowed by rule 0700, why >isn't passive mode functional? From my testing, this problem spans more >than a dozen different clients on several different networks (many of >which are not restricted by a firewall themselves). Disabling the >firewall rules, here, of course allows passive mode to work perfectly from >anywhere. > >I've tried playing with the "passive ports" directive in >/usr/local/etc/ftpaccess, and explicitly opening up those ports for >inbound access, but to no avail. It seems a little strange to have to do >this, anyway. > >Thanks for any suggestions! > >- Ryan > >-- > Ryan Thompson > Network Administrator, Accounts > Phone: +1 (306) 664-1161 > > SaskNow Technologies http://www.sasknow.com > #106-380 3120 8th St E Saskatoon, SK S7H 0W2 > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 23 21:24:14 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131]) by hub.freebsd.org (Postfix) with ESMTP id 586B937B4D7 for ; Thu, 23 Nov 2000 21:24:07 -0800 (PST) Received: from localhost (ryan@localhost) by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id XAA35384; Thu, 23 Nov 2000 23:28:06 -0600 (CST) (envelope-from ryan@sasknow.com) Date: Thu, 23 Nov 2000 23:28:06 -0600 (CST) From: Ryan Thompson To: Simon Cc: "freebsd-isp@freebsd.org" Subject: Re: proftpd passive weirdness through firewall In-Reply-To: <20001124052030.8DFAC37B479@hub.freebsd.org> Message-ID: Organization: SaskNow Technologies [www.sasknow.com] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Simon wrote to freebsd-isp@freebsd.org and Ryan Thompson: > That's a problem with proftpd. You should upgrade to latest release. > > -Simon Ahhh... I'm glad I didn't spend too much time trying to figure it out, then. :-) Thanks, - Ryan Original Message: > On Thu, 23 Nov 2000 23:19:04 -0600 (CST), Ryan Thompson wrote: > > > > >Hi all... > > > >As many admins are aware, configuring an FTP server through a firewall can > >be a major pain. It is a pain I thought I had mastered, though :-) My > >firewall setup such that I have everything inbound blocked but basic > >connectivity, and the protocols I wish to enable, including FTP. > >Outgoing connections are allowed to any network on (almost) any port, as > >this is not a user machine. > > > >Now, a few customers have been complaining that passive mode transfers > >(and directory listings) do not work, which has enticed me to look into > >the problem a bit further. We moved to proftpd from wuftpd a while back, > >and the problem seemed to start around that time. > > > >It appears as though, when initiating a transfer, very low port numbers > >are chosen: > > > >Script started on Thu Nov 23 22:55:46 2000 > >Connected to ftp.sasknow.com. > >220 ProFTPD 1.2.0pre10 Server (SaskNow Technologies FTP Server) [ftp.sasknow.com] > >Name (ftp.sasknow.com:ryan): ryan > >331 Password required for ryan. > >Password: > >230 User ryan logged in. > >Remote system type is UNIX. > >Using binary mode to transfer files. > >ftp> ls > >500 EPSV not understood. > >227 Entering Passive Mode (207,195,92,131,15,135). > >^C > >receive aborted. Waiting for remote to finish abort. > >ftp> passive > >Passive mode: off; fallback to active mode: off. > >ftp> ls > >200 PORT command successful. > >150 Opening ASCII mode data connection for file list. > > > >< normal ls output > > > > >226 Transfer complete. > >ftp> quit > >221 Goodbye. > > > >Script done on Thu Nov 23 22:56:15 2000 > > > > > >The following is a few snippets of my firewall configuration (not the > >whole thing, obviously): > > > > > ># Basic connectivity rules ==================================================== > > > ># Allow established connections > >$fwcmd add 600 pass tcp from any to any established > > > ># Allow outgoing connections originating from our subnet only > >$fwcmd add 700 pass tcp from ${sasknow} to any setup > > > ># Explicitly block ICMP redirects > ># $fwcmd add 1000 deny icmp from any to any icmptype 5 > > > ># Allow all other ICMP > >$fwcmd add 1100 pass icmp from any to any > > > ># Open default traceroute port on udp only. > ># The default port range starts at 33434 > >$fwcmd add 1200 pass udp from any to any 33434-33500 > > > ># Individual protocol access ================================================== > > > ># Completely open up standard FTP > >$fwcmd add 9900 pass tcp from any 20 to any > >$fwcmd add 9901 pass udp from any 20 to any > >$fwcmd add 9950 pass tcp from any to ${ftp} 21 setup > > > > > ># More inbound protocols allowed.... > > > > > ># Everything else is denied by default! > > > >So, anything with a source port of 20 is let through, and control > >connections can be established on port 21. Standard FTP, therefore, works > >fine. Many clients nowadays have passive mode on by default, though (or > >are behind firewalls themselves), and it's passive mode that causes grief! > >Since all outbound connections are explicitly allowed by rule 0700, why > >isn't passive mode functional? From my testing, this problem spans more > >than a dozen different clients on several different networks (many of > >which are not restricted by a firewall themselves). Disabling the > >firewall rules, here, of course allows passive mode to work perfectly from > >anywhere. > > > >I've tried playing with the "passive ports" directive in > >/usr/local/etc/ftpaccess, and explicitly opening up those ports for > >inbound access, but to no avail. It seems a little strange to have to do > >this, anyway. > > > >Thanks for any suggestions! > > > >- Ryan -- Ryan Thompson Network Administrator, Accounts Phone: +1 (306) 664-1161 SaskNow Technologies http://www.sasknow.com #106-380 3120 8th St E Saskatoon, SK S7H 0W2 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 23 22:21:42 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mtu.ru (ns.mtu.ru [195.34.32.10]) by hub.freebsd.org (Postfix) with ESMTP id 4C47837B4CF; Thu, 23 Nov 2000 22:21:37 -0800 (PST) X-Recipient: freebsd-isp@FreeBSD.ORG Received: from pentium (ppp101-137.dialup.mtu-net.ru [212.188.101.137]) by mtu.ru (Postfix) with ESMTP id 97CBE76F9; Fri, 24 Nov 2000 09:21:33 +0300 (MSK) (envelope-from kulakov@kudesniki.ru) Reply-To: From: "Vladimir I. Kulakov" To: , Subject: DOS atack of hardware problem? Date: Fri, 24 Nov 2000 09:21:32 +0300 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1251 Content-Transfer-Encoding: 7bit Message-Id: <20001124062133.97CBE76F9@mtu.ru> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello! Last week I noticed some strange messages in my log files: fxp0 : device timeout After that the ping bacame unstable, and somtimes the server was unreachable. Our we replugged the server from 100 Mbit/s 3com switch to ordinary 10 Mbit/s hub. It helped. The server started to work fine, but a few days after that the problems appeard again. It seems the network card in our server unpedicably swithes from 100 to 10 Mbits and from half-duplex to full duplex. When we plugged the server to uplink port in our swith, everything is working fine again... Our Ethernet card - Intel Ether Express Pro 100/s Can it be a flud or some kind of DOS-atack or it just a hardware problem? I tried another network card (also Ehter Express 100), but it's getting even worse - the server does not work at all. What is the best way to solve such a problem finally? Many thanks in advance... ----------------------------------------------------- Vladimir I. Kulakov http://www.kudesniki.ru/ VK9-RIPN kulakov@kudesniki.ru 2:5020/779.27@fidonet.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 23 22:41:13 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131]) by hub.freebsd.org (Postfix) with ESMTP id 67A7937B4D7 for ; Thu, 23 Nov 2000 22:41:07 -0800 (PST) Received: from localhost (ryan@localhost) by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id AAA44473; Fri, 24 Nov 2000 00:45:07 -0600 (CST) (envelope-from ryan@sasknow.com) Date: Fri, 24 Nov 2000 00:45:06 -0600 (CST) From: Ryan Thompson To: Simon Cc: "freebsd-isp@freebsd.org" Subject: Re: proftpd passive weirdness through firewall In-Reply-To: <20001124052030.8DFAC37B479@hub.freebsd.org> Message-ID: Organization: SaskNow Technologies [www.sasknow.com] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Simon wrote to freebsd-isp@freebsd.org and Ryan Thompson: > That's a problem with proftpd. You should upgrade to latest release. > > -Simon Hmm... Waiting for a good time of night, I upgraded proftp from 1.2.0pre2 to 1.2.0rc2 (from ports), and I see the same results. I wasn't able to dig up any better information from proftpd's website, and 1.2.0rc2 does indeed look to be the most recent version. (yes, I remembered to kill and restart the daemon :-) When I log in, the version is reported as 1.2.0 (as opposed to the previous 1.2.0pre2), and the timestamps on the executables are all brand new. Any thoughts? > On Thu, 23 Nov 2000 23:19:04 -0600 (CST), Ryan Thompson wrote: > > > > >Hi all... > > > >As many admins are aware, configuring an FTP server through a firewall can > >be a major pain. It is a pain I thought I had mastered, though :-) My > >firewall setup such that I have everything inbound blocked but basic > >connectivity, and the protocols I wish to enable, including FTP. > >Outgoing connections are allowed to any network on (almost) any port, as > >this is not a user machine. > > > >Now, a few customers have been complaining that passive mode transfers > >(and directory listings) do not work, which has enticed me to look into > >the problem a bit further. We moved to proftpd from wuftpd a while back, > >and the problem seemed to start around that time. > > > >It appears as though, when initiating a transfer, very low port numbers > >are chosen: > > > >Script started on Thu Nov 23 22:55:46 2000 > >Connected to ftp.sasknow.com. > >220 ProFTPD 1.2.0pre10 Server (SaskNow Technologies FTP Server) [ftp.sasknow.com] > >Name (ftp.sasknow.com:ryan): ryan > >331 Password required for ryan. > >Password: > >230 User ryan logged in. > >Remote system type is UNIX. > >Using binary mode to transfer files. > >ftp> ls > >500 EPSV not understood. > >227 Entering Passive Mode (207,195,92,131,15,135). > >^C > >receive aborted. Waiting for remote to finish abort. > >ftp> passive > >Passive mode: off; fallback to active mode: off. > >ftp> ls > >200 PORT command successful. > >150 Opening ASCII mode data connection for file list. > > > >< normal ls output > > > > >226 Transfer complete. > >ftp> quit > >221 Goodbye. > > > >Script done on Thu Nov 23 22:56:15 2000 > > > > > >The following is a few snippets of my firewall configuration (not the > >whole thing, obviously): > > > > > ># Basic connectivity rules ==================================================== > > > ># Allow established connections > >$fwcmd add 600 pass tcp from any to any established > > > ># Allow outgoing connections originating from our subnet only > >$fwcmd add 700 pass tcp from ${sasknow} to any setup > > > ># Explicitly block ICMP redirects > ># $fwcmd add 1000 deny icmp from any to any icmptype 5 > > > ># Allow all other ICMP > >$fwcmd add 1100 pass icmp from any to any > > > ># Open default traceroute port on udp only. > ># The default port range starts at 33434 > >$fwcmd add 1200 pass udp from any to any 33434-33500 > > > ># Individual protocol access ================================================== > > > ># Completely open up standard FTP > >$fwcmd add 9900 pass tcp from any 20 to any > >$fwcmd add 9901 pass udp from any 20 to any > >$fwcmd add 9950 pass tcp from any to ${ftp} 21 setup > > > > > ># More inbound protocols allowed.... > > > > > ># Everything else is denied by default! > > > >So, anything with a source port of 20 is let through, and control > >connections can be established on port 21. Standard FTP, therefore, works > >fine. Many clients nowadays have passive mode on by default, though (or > >are behind firewalls themselves), and it's passive mode that causes grief! > >Since all outbound connections are explicitly allowed by rule 0700, why > >isn't passive mode functional? From my testing, this problem spans more > >than a dozen different clients on several different networks (many of > >which are not restricted by a firewall themselves). Disabling the > >firewall rules, here, of course allows passive mode to work perfectly from > >anywhere. > > > >I've tried playing with the "passive ports" directive in > >/usr/local/etc/ftpaccess, and explicitly opening up those ports for > >inbound access, but to no avail. It seems a little strange to have to do > >this, anyway. > > > >Thanks for any suggestions! > > > >- Ryan > > > >-- > > Ryan Thompson > > Network Administrator, Accounts > > Phone: +1 (306) 664-1161 > > > > SaskNow Technologies http://www.sasknow.com > > #106-380 3120 8th St E Saskatoon, SK S7H 0W2 > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-isp" in the body of the message > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > -- Ryan Thompson Network Administrator, Accounts Phone: +1 (306) 664-1161 SaskNow Technologies http://www.sasknow.com #106-380 3120 8th St E Saskatoon, SK S7H 0W2 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 23 22:42: 9 2000 Delivered-To: freebsd-isp@freebsd.org Received: from grok.example.net (cr479972-a.rct1.bc.wave.home.com [24.113.37.168]) by hub.freebsd.org (Postfix) with ESMTP id CACFF37B4D7; Thu, 23 Nov 2000 22:42:06 -0800 (PST) Received: by grok.example.net (Postfix, from userid 1000) id 1F7CD212E29; Thu, 23 Nov 2000 22:42:06 -0800 (PST) Date: Thu, 23 Nov 2000 22:42:05 -0800 From: Steve Reid To: "Vladimir I. Kulakov" Cc: freebsd-isp@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: DOS atack of hardware problem? Message-ID: <20001123224205.A1105@grok> References: <20001124062133.97CBE76F9@mtu.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <20001124062133.97CBE76F9@mtu.ru>; from Vladimir I. Kulakov on Fri, Nov 24, 2000 at 09:21:32AM +0300 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Nov 24, 2000 at 09:21:32AM +0300, Vladimir I. Kulakov wrote: > It seems the network card in our server unpedicably swithes from 100 > to 10 Mbits and from half-duplex to full duplex. Try setting the speed and duplex manually. Like this in rc.conf, but with your real IP and netmask of course: ifconfig_fxp0="inet 192.168.1.2 netmask 255.255.255.0 \ media 100baseTX mediaopt full-duplex" I've seen problems with autonegotiate too. I wouldn't set up a production box without setting this manually. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 23 22:45:23 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131]) by hub.freebsd.org (Postfix) with ESMTP id 0C1D937B4CF for ; Thu, 23 Nov 2000 22:45:18 -0800 (PST) Received: from localhost (ryan@localhost) by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id AAA44758; Fri, 24 Nov 2000 00:49:17 -0600 (CST) (envelope-from ryan@sasknow.com) Date: Fri, 24 Nov 2000 00:49:17 -0600 (CST) From: Ryan Thompson To: Simon Cc: "freebsd-isp@freebsd.org" Subject: Re: proftpd passive weirdness through firewall In-Reply-To: Message-ID: Organization: SaskNow Technologies [www.sasknow.com] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ryan Thompson wrote to Simon: > Simon wrote to freebsd-isp@freebsd.org and Ryan Thompson: > > > That's a problem with proftpd. You should upgrade to latest release. > > > > -Simon > > Hmm... > > Waiting for a good time of night, I upgraded proftp from 1.2.0pre2 to > 1.2.0rc2 (from ports), and I see the same results. I wasn't able to dig > up any better information from proftpd's website, and 1.2.0rc2 does indeed > look to be the most recent version. > > (yes, I remembered to kill and restart the daemon :-) > > When I log in, the version is reported as 1.2.0 (as opposed to the > previous 1.2.0pre2), and the timestamps on the executables are all > brand new. > > Any thoughts? I now also get the syslog alert: Nov 24 00:47:53 ren proftpd[44637]: no modules loaded for `ftp' service As soon as a user is authenticated--never saw that one before. > > On Thu, 23 Nov 2000 23:19:04 -0600 (CST), Ryan Thompson wrote: > > > > > > > >Hi all... > > > > > >As many admins are aware, configuring an FTP server through a firewall can > > >be a major pain. It is a pain I thought I had mastered, though :-) My > > >firewall setup such that I have everything inbound blocked but basic > > >connectivity, and the protocols I wish to enable, including FTP. > > >Outgoing connections are allowed to any network on (almost) any port, as > > >this is not a user machine. > > > > > >Now, a few customers have been complaining that passive mode transfers > > >(and directory listings) do not work, which has enticed me to look into > > >the problem a bit further. We moved to proftpd from wuftpd a while back, > > >and the problem seemed to start around that time. > > > > > >It appears as though, when initiating a transfer, very low port numbers > > >are chosen: > > > > > >Script started on Thu Nov 23 22:55:46 2000 > > >Connected to ftp.sasknow.com. > > >220 ProFTPD 1.2.0pre10 Server (SaskNow Technologies FTP Server) [ftp.sasknow.com] > > >Name (ftp.sasknow.com:ryan): ryan > > >331 Password required for ryan. > > >Password: > > >230 User ryan logged in. > > >Remote system type is UNIX. > > >Using binary mode to transfer files. > > >ftp> ls > > >500 EPSV not understood. > > >227 Entering Passive Mode (207,195,92,131,15,135). > > >^C > > >receive aborted. Waiting for remote to finish abort. > > >ftp> passive > > >Passive mode: off; fallback to active mode: off. > > >ftp> ls > > >200 PORT command successful. > > >150 Opening ASCII mode data connection for file list. > > > > > >< normal ls output > > > > > > >226 Transfer complete. > > >ftp> quit > > >221 Goodbye. > > > > > >Script done on Thu Nov 23 22:56:15 2000 > > > > > > > > >The following is a few snippets of my firewall configuration (not the > > >whole thing, obviously): > > > > > > > > ># Basic connectivity rules ==================================================== > > > > > ># Allow established connections > > >$fwcmd add 600 pass tcp from any to any established > > > > > ># Allow outgoing connections originating from our subnet only > > >$fwcmd add 700 pass tcp from ${sasknow} to any setup > > > > > ># Explicitly block ICMP redirects > > ># $fwcmd add 1000 deny icmp from any to any icmptype 5 > > > > > ># Allow all other ICMP > > >$fwcmd add 1100 pass icmp from any to any > > > > > ># Open default traceroute port on udp only. > > ># The default port range starts at 33434 > > >$fwcmd add 1200 pass udp from any to any 33434-33500 > > > > > ># Individual protocol access ================================================== > > > > > ># Completely open up standard FTP > > >$fwcmd add 9900 pass tcp from any 20 to any > > >$fwcmd add 9901 pass udp from any 20 to any > > >$fwcmd add 9950 pass tcp from any to ${ftp} 21 setup > > > > > > > > ># More inbound protocols allowed.... > > > > > > > > ># Everything else is denied by default! > > > > > >So, anything with a source port of 20 is let through, and control > > >connections can be established on port 21. Standard FTP, therefore, works > > >fine. Many clients nowadays have passive mode on by default, though (or > > >are behind firewalls themselves), and it's passive mode that causes grief! > > >Since all outbound connections are explicitly allowed by rule 0700, why > > >isn't passive mode functional? From my testing, this problem spans more > > >than a dozen different clients on several different networks (many of > > >which are not restricted by a firewall themselves). Disabling the > > >firewall rules, here, of course allows passive mode to work perfectly from > > >anywhere. > > > > > >I've tried playing with the "passive ports" directive in > > >/usr/local/etc/ftpaccess, and explicitly opening up those ports for > > >inbound access, but to no avail. It seems a little strange to have to do > > >this, anyway. > > > > > >Thanks for any suggestions! > > > > > >- Ryan > > > > > >-- > > > Ryan Thompson > > > Network Administrator, Accounts > > > Phone: +1 (306) 664-1161 > > > > > > SaskNow Technologies http://www.sasknow.com > > > #106-380 3120 8th St E Saskatoon, SK S7H 0W2 > > > > > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > > >with "unsubscribe freebsd-isp" in the body of the message > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > -- Ryan Thompson Network Administrator, Accounts Phone: +1 (306) 664-1161 SaskNow Technologies http://www.sasknow.com #106-380 3120 8th St E Saskatoon, SK S7H 0W2 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 23 22:52:20 2000 Delivered-To: freebsd-isp@freebsd.org Received: from anaconda.acceleratedweb.net (anaconda.acceleratedweb.net [209.51.164.130]) by hub.freebsd.org (Postfix) with SMTP id 3D04437B479 for ; Thu, 23 Nov 2000 22:52:14 -0800 (PST) Received: (qmail 43897 invoked by uid 106); 24 Nov 2000 06:55:47 -0000 Received: from adsl-151-202-94-118.nyc.adsl.bellatlantic.net (HELO sharky) (151.202.94.118) by anaconda.acceleratedweb.net with SMTP; 24 Nov 2000 06:55:47 -0000 From: "Simon" To: "Ryan Thompson" Cc: "freebsd-isp@freebsd.org" Date: Fri, 24 Nov 2000 01:56:21 -0500 Reply-To: "Simon" X-Mailer: PMMail 2000 Professional (2.10.2010) For Windows 2000 (5.0.2195) In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: proftpd passive weirdness through firewall Message-Id: <20001124065214.3D04437B479@hub.freebsd.org> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Go to ftp://ftp.stikman.com/pub/proftpd/ and get latest dev version. 1.2.0rc2 is broken too. Yes, they have a broken version listed for download on their site... what can i say. -Simon On Fri, 24 Nov 2000 00:49:17 -0600 (CST), Ryan Thompson wrote: >Ryan Thompson wrote to Simon: > >> Simon wrote to freebsd-isp@freebsd.org and Ryan Thompson: >> >> > That's a problem with proftpd. You should upgrade to latest release. >> > >> > -Simon >> >> Hmm... >> >> Waiting for a good time of night, I upgraded proftp from 1.2.0pre2 to >> 1.2.0rc2 (from ports), and I see the same results. I wasn't able to dig >> up any better information from proftpd's website, and 1.2.0rc2 does indeed >> look to be the most recent version. >> >> (yes, I remembered to kill and restart the daemon :-) >> >> When I log in, the version is reported as 1.2.0 (as opposed to the >> previous 1.2.0pre2), and the timestamps on the executables are all >> brand new. >> >> Any thoughts? > >I now also get the syslog alert: > >Nov 24 00:47:53 ren proftpd[44637]: no modules loaded for `ftp' service > >As soon as a user is authenticated--never saw that one before. > > > > >> > On Thu, 23 Nov 2000 23:19:04 -0600 (CST), Ryan Thompson wrote: >> > >> > > >> > >Hi all... >> > > >> > >As many admins are aware, configuring an FTP server through a firewall can >> > >be a major pain. It is a pain I thought I had mastered, though :-) My >> > >firewall setup such that I have everything inbound blocked but basic >> > >connectivity, and the protocols I wish to enable, including FTP. >> > >Outgoing connections are allowed to any network on (almost) any port, as >> > >this is not a user machine. >> > > >> > >Now, a few customers have been complaining that passive mode transfers >> > >(and directory listings) do not work, which has enticed me to look into >> > >the problem a bit further. We moved to proftpd from wuftpd a while back, >> > >and the problem seemed to start around that time. >> > > >> > >It appears as though, when initiating a transfer, very low port numbers >> > >are chosen: >> > > >> > >Script started on Thu Nov 23 22:55:46 2000 >> > >Connected to ftp.sasknow.com. >> > >220 ProFTPD 1.2.0pre10 Server (SaskNow Technologies FTP Server) [ftp.sasknow.com] >> > >Name (ftp.sasknow.com:ryan): ryan >> > >331 Password required for ryan. >> > >Password: >> > >230 User ryan logged in. >> > >Remote system type is UNIX. >> > >Using binary mode to transfer files. >> > >ftp> ls >> > >500 EPSV not understood. >> > >227 Entering Passive Mode (207,195,92,131,15,135). >> > >^C >> > >receive aborted. Waiting for remote to finish abort. >> > >ftp> passive >> > >Passive mode: off; fallback to active mode: off. >> > >ftp> ls >> > >200 PORT command successful. >> > >150 Opening ASCII mode data connection for file list. >> > > >> > >< normal ls output > >> > > >> > >226 Transfer complete. >> > >ftp> quit >> > >221 Goodbye. >> > > >> > >Script done on Thu Nov 23 22:56:15 2000 >> > > >> > > >> > >The following is a few snippets of my firewall configuration (not the >> > >whole thing, obviously): >> > > >> > > >> > ># Basic connectivity rules ==================================================== >> > > >> > ># Allow established connections >> > >$fwcmd add 600 pass tcp from any to any established >> > > >> > ># Allow outgoing connections originating from our subnet only >> > >$fwcmd add 700 pass tcp from ${sasknow} to any setup >> > > >> > ># Explicitly block ICMP redirects >> > ># $fwcmd add 1000 deny icmp from any to any icmptype 5 >> > > >> > ># Allow all other ICMP >> > >$fwcmd add 1100 pass icmp from any to any >> > > >> > ># Open default traceroute port on udp only. >> > ># The default port range starts at 33434 >> > >$fwcmd add 1200 pass udp from any to any 33434-33500 >> > > >> > ># Individual protocol access ================================================== >> > > >> > ># Completely open up standard FTP >> > >$fwcmd add 9900 pass tcp from any 20 to any >> > >$fwcmd add 9901 pass udp from any 20 to any >> > >$fwcmd add 9950 pass tcp from any to ${ftp} 21 setup >> > > >> > > >> > ># More inbound protocols allowed.... >> > > >> > > >> > ># Everything else is denied by default! >> > > >> > >So, anything with a source port of 20 is let through, and control >> > >connections can be established on port 21. Standard FTP, therefore, works >> > >fine. Many clients nowadays have passive mode on by default, though (or >> > >are behind firewalls themselves), and it's passive mode that causes grief! >> > >Since all outbound connections are explicitly allowed by rule 0700, why >> > >isn't passive mode functional? From my testing, this problem spans more >> > >than a dozen different clients on several different networks (many of >> > >which are not restricted by a firewall themselves). Disabling the >> > >firewall rules, here, of course allows passive mode to work perfectly from >> > >anywhere. >> > > >> > >I've tried playing with the "passive ports" directive in >> > >/usr/local/etc/ftpaccess, and explicitly opening up those ports for >> > >inbound access, but to no avail. It seems a little strange to have to do >> > >this, anyway. >> > > >> > >Thanks for any suggestions! >> > > >> > >- Ryan >> > > >> > >-- >> > > Ryan Thompson >> > > Network Administrator, Accounts >> > > Phone: +1 (306) 664-1161 >> > > >> > > SaskNow Technologies http://www.sasknow.com >> > > #106-380 3120 8th St E Saskatoon, SK S7H 0W2 >> > > >> > > >> > > >> > >To Unsubscribe: send mail to majordomo@FreeBSD.org >> > >with "unsubscribe freebsd-isp" in the body of the message >> > > >> > >> > >> > >> > >> > >> > To Unsubscribe: send mail to majordomo@FreeBSD.org >> > with "unsubscribe freebsd-isp" in the body of the message >> > >> >> > >-- > Ryan Thompson > Network Administrator, Accounts > Phone: +1 (306) 664-1161 > > SaskNow Technologies http://www.sasknow.com > #106-380 3120 8th St E Saskatoon, SK S7H 0W2 > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 23 23:13: 2 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131]) by hub.freebsd.org (Postfix) with ESMTP id 552AF37B4CF for ; Thu, 23 Nov 2000 23:12:59 -0800 (PST) Received: from localhost (ryan@localhost) by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id BAA46607; Fri, 24 Nov 2000 01:16:59 -0600 (CST) (envelope-from ryan@sasknow.com) Date: Fri, 24 Nov 2000 01:16:58 -0600 (CST) From: Ryan Thompson To: Simon Cc: "freebsd-isp@freebsd.org" Subject: Re: proftpd passive weirdness through firewall In-Reply-To: <20001124065214.3D04437B479@hub.freebsd.org> Message-ID: Organization: SaskNow Technologies [www.sasknow.com] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Simon wrote to Ryan Thompson: > Go to ftp://ftp.stikman.com/pub/proftpd/ and get latest dev version. > 1.2.0rc2 is broken too. Yes, they have a broken version listed for > download on their site... what can i say. > > -Simon Ouch! Well... Perhaps in that case, it is time to select a different FTP daemon! I still even have my wu-ftpd config scripts on this machine. wu is a bit limiting, but at least it gets the job done :-) Thanks, - Ryan Maybe they should have spent less time on their logo and more time on development :-) -- Ryan Thompson Network Administrator, Accounts Phone: +1 (306) 664-1161 SaskNow Technologies http://www.sasknow.com #106-380 3120 8th St E Saskatoon, SK S7H 0W2 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 23 23:48:17 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131]) by hub.freebsd.org (Postfix) with ESMTP id 5431237B479 for ; Thu, 23 Nov 2000 23:48:14 -0800 (PST) Received: from localhost (ryan@localhost) by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id BAA49049; Fri, 24 Nov 2000 01:52:36 -0600 (CST) (envelope-from ryan@sasknow.com) Date: Fri, 24 Nov 2000 01:52:36 -0600 (CST) From: Ryan Thompson To: Colin Campbell Cc: freebsd-isp@freebsd.org Subject: Re: proftpd passive weirdness through firewall In-Reply-To: Message-ID: Organization: SaskNow Technologies [www.sasknow.com] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Colin Campbell wrote to Ryan Thompson: > Hi, > > I looked but couldn't see. Where are the rules that allow: > > outgoing from your ip, port > 1023 to any ip, port > 1023 > > for passive to work? > > Colin If you remember my last message, outgoing connections are explicitly allowed. I just disabled proftpd and brought wu-ftpd back into production (proftpd was just moved to production a few months ago on probation). The same problem occurs with wu-ftpd. Again, if I disable the firewall rules, it works. Perhaps it wasn't proftpd at all, but my firewall config. (Easy to explain, since changes occurred to both at around the same time, and users are notoriously slow at reporting problems anyway). If I add the following as a low-numbered rule as a thought experiment: allow tcp from any to ${ftp} 1023-65535 ... it works. However, that rule is rather a violation of a nicely secured firewall config :-) - Ryan -- Ryan Thompson Network Administrator, Accounts Phone: +1 (306) 664-1161 SaskNow Technologies http://www.sasknow.com #106-380 3120 8th St E Saskatoon, SK S7H 0W2 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Nov 24 0: 5:23 2000 Delivered-To: freebsd-isp@freebsd.org Received: from anaconda.acceleratedweb.net (anaconda.acceleratedweb.net [209.51.164.130]) by hub.freebsd.org (Postfix) with SMTP id 2949C37B479 for ; Fri, 24 Nov 2000 00:05:20 -0800 (PST) Received: (qmail 56262 invoked by uid 106); 24 Nov 2000 08:08:57 -0000 Received: from adsl-151-202-94-118.nyc.adsl.bellatlantic.net (HELO sharky) (151.202.94.118) by anaconda.acceleratedweb.net with SMTP; 24 Nov 2000 08:08:57 -0000 From: "Simon" To: "Colin Campbell" , "Ryan Thompson" Cc: "freebsd-isp@freebsd.org" Date: Fri, 24 Nov 2000 03:09:31 -0500 Reply-To: "Simon" X-Mailer: PMMail 2000 Professional (2.10.2010) For Windows 2000 (5.0.2195) In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: proftpd passive weirdness through firewall Message-Id: <20001124080520.2949C37B479@hub.freebsd.org> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ProFTPD still has a passive mode bug. As soon as I saw passive mode + proftpd, i stopped reading your email ;-) -Simon On Fri, 24 Nov 2000 01:52:36 -0600 (CST), Ryan Thompson wrote: >Colin Campbell wrote to Ryan Thompson: > >> Hi, >> >> I looked but couldn't see. Where are the rules that allow: >> >> outgoing from your ip, port > 1023 to any ip, port > 1023 >> >> for passive to work? >> >> Colin > >If you remember my last message, outgoing connections are explicitly >allowed. > >I just disabled proftpd and brought wu-ftpd back into production (proftpd >was just moved to production a few months ago on probation). The same >problem occurs with wu-ftpd. Again, if I disable the firewall rules, it >works. Perhaps it wasn't proftpd at all, but my firewall config. (Easy >to explain, since changes occurred to both at around the same time, and >users are notoriously slow at reporting problems anyway). > >If I add the following as a low-numbered rule as a thought experiment: > > allow tcp from any to ${ftp} 1023-65535 > >... it works. However, that rule is rather a violation of a nicely >secured firewall config :-) > > >- Ryan > >-- > Ryan Thompson > Network Administrator, Accounts > Phone: +1 (306) 664-1161 > > SaskNow Technologies http://www.sasknow.com > #106-380 3120 8th St E Saskatoon, SK S7H 0W2 > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Nov 24 0:30:46 2000 Delivered-To: freebsd-isp@freebsd.org Received: from castle.dreaming.org (castle.dreaming.org [209.146.217.193]) by hub.freebsd.org (Postfix) with ESMTP id 7E06737B479; Fri, 24 Nov 2000 00:30:41 -0800 (PST) Received: from cr592943a (cr592943-a.bloor1.on.wave.home.com [24.156.38.199]) by castle.dreaming.org (8.11.1/8.11.1) with SMTP id eAO8Tjd82928; Fri, 24 Nov 2000 03:29:45 -0500 (EST) (envelope-from mit@mitayai.net) From: "Will Mitayai Keeso Rowe" To: "Steve Reid" , "Vladimir I. Kulakov" Cc: , Subject: RE: DOS atack of hardware problem? Date: Fri, 24 Nov 2000 03:30:54 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20001123224205.A1105@grok> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org has this been known to happen with xl0/3Com 3C509TX? -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Steve Reid Sent: Friday, November 24, 2000 1:42 AM To: Vladimir I. Kulakov Cc: freebsd-isp@FreeBSD.ORG; security@FreeBSD.ORG Subject: Re: DOS atack of hardware problem? On Fri, Nov 24, 2000 at 09:21:32AM +0300, Vladimir I. Kulakov wrote: > It seems the network card in our server unpedicably swithes from 100 > to 10 Mbits and from half-duplex to full duplex. Try setting the speed and duplex manually. Like this in rc.conf, but with your real IP and netmask of course: ifconfig_fxp0="inet 192.168.1.2 netmask 255.255.255.0 \ media 100baseTX mediaopt full-duplex" I've seen problems with autonegotiate too. I wouldn't set up a production box without setting this manually. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Nov 24 4:24:28 2000 Delivered-To: freebsd-isp@freebsd.org Received: from backend1.aha.ru (aqua.zenon.net [213.189.198.209]) by hub.freebsd.org (Postfix) with ESMTP id 9501837B4CF for ; Fri, 24 Nov 2000 04:24:21 -0800 (PST) Received: from [212.11.129.21] (HELO 10.46.97.57) by backend1.aha.ru (CommuniGate Pro SMTP 3.3.1) with ESMTP id 65241; Fri, 24 Nov 2000 15:23:52 +0300 Date: Fri, 24 Nov 2000 15:24:08 +0300 From: "Alexei V. Alexandrov" X-Mailer: The Bat! (v1.36 Beta/10) S/N 15DE81BA Reply-To: "Alexei V. Alexandrov" Organization: ElcomSoft Ltd. X-Priority: 3 (Normal) Message-ID: <6641.001124@elcomsoft.com> To: Ryan Thompson Cc: freebsd-isp@freebsd.org Subject: Re: proftpd passive weirdness through firewall In-reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello Ryan, Friday, November 24, 2000, 8:19:04 AM, you wrote: RT> Hi all... RT> As many admins are aware, configuring an FTP server through a firewall can RT> be a major pain. It is a pain I thought I had mastered, though :-) My RT> firewall setup such that I have everything inbound blocked but basic RT> connectivity, and the protocols I wish to enable, including FTP. RT> Outgoing connections are allowed to any network on (almost) any port, as RT> this is not a user machine. RT> Now, a few customers have been complaining that passive mode transfers RT> (and directory listings) do not work, which has enticed me to look into RT> the problem a bit further. We moved to proftpd from wuftpd a while back, RT> and the problem seemed to start around that time. RT> It appears as though, when initiating a transfer, very low port numbers RT> are chosen: RT> Script started on Thu Nov 23 22:55:46 2000 RT> Connected to ftp.sasknow.com. RT> 220 ProFTPD 1.2.0pre10 Server (SaskNow Technologies FTP Server) [ftp.sasknow.com] RT> Name (ftp.sasknow.com:ryan): ryan RT> 331 Password required for ryan. RT> Password: RT> 230 User ryan logged in. RT> Remote system type is UNIX. RT> Using binary mode to transfer files. ftp>> ls RT> 500 EPSV not understood. RT> 227 Entering Passive Mode (207,195,92,131,15,135). RT> ^C RT> receive aborted. Waiting for remote to finish abort. ftp>> passive RT> Passive mode: off; fallback to active mode: off. ftp>> ls RT> 200 PORT command successful. RT> 150 Opening ASCII mode data connection for file list. RT> < normal ls output > RT> 226 Transfer complete. ftp>> quit RT> 221 Goodbye. RT> Script done on Thu Nov 23 22:56:15 2000 RT> The following is a few snippets of my firewall configuration (not the RT> whole thing, obviously): RT> # Basic connectivity rules ==================================================== RT> # Allow established connections RT> $fwcmd add 600 pass tcp from any to any established RT> # Allow outgoing connections originating from our subnet only RT> $fwcmd add 700 pass tcp from ${sasknow} to any setup RT> # Explicitly block ICMP redirects RT> # $fwcmd add 1000 deny icmp from any to any icmptype 5 RT> # Allow all other ICMP RT> $fwcmd add 1100 pass icmp from any to any RT> # Open default traceroute port on udp only. RT> # The default port range starts at 33434 RT> $fwcmd add 1200 pass udp from any to any 33434-33500 RT> # Individual protocol access ================================================== RT> # Completely open up standard FTP RT> $fwcmd add 9900 pass tcp from any 20 to any RT> $fwcmd add 9901 pass udp from any 20 to any RT> $fwcmd add 9950 pass tcp from any to ${ftp} 21 setup RT> # More inbound protocols allowed.... RT> # Everything else is denied by default! RT> So, anything with a source port of 20 is let through, and control RT> connections can be established on port 21. Standard FTP, therefore, works RT> fine. Many clients nowadays have passive mode on by default, though (or RT> are behind firewalls themselves), and it's passive mode that causes grief! RT> Since all outbound connections are explicitly allowed by rule 0700, why RT> isn't passive mode functional? From my testing, this problem spans more RT> than a dozen different clients on several different networks (many of RT> which are not restricted by a firewall themselves). Disabling the RT> firewall rules, here, of course allows passive mode to work perfectly from RT> anywhere. RT> I've tried playing with the "passive ports" directive in RT> /usr/local/etc/ftpaccess, and explicitly opening up those ports for RT> inbound access, but to no avail. It seems a little strange to have to do RT> this, anyway. Yes. ProFTP daemon has a bug in selecting ports when in passive mode. By default it default to ANY port. This can be controlled applying a patch to it (check the www.proftpd.net and follow the link which points to mod_wrap. Still the patch is only for CVS version.). In my case i did the following. First on the server you run Proftpd set the following options: sysctl -w net.inet.ip.portrange.first=49152 sysctl -w net.inet.ip.portrange.last=65534 This will instruct the kernel to give ports in rage 49152-65534 when a call to bind to port recieves ANY. So this way we know that our FTP server will use ports in this range so you can write a firewalling rule allowing all outbound packets from this port which have connection flag set. Thats all... In my case this works fine. If you have problems cantact me. P.S.: This is a rule fo IPFilter: pass out quick on proto tcp from any to a.b.c.d/32 port 49152 >< 65534 flags S keep state Best regards, Alexei V. Alexandrov | @ ElcomSoft Ltd. | Phone: +7 095 974-11-62 System Administrator | www.elcomsoft.com | Mail: ava@elcomsoft.com ---------------------+-------------------+------------------------- *** It`s always a long day, 86400 doesn`t fit into a short. *** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Nov 24 13: 0:45 2000 Delivered-To: freebsd-isp@freebsd.org Received: from vcnet.com (mail.vcnet.com [209.239.239.15]) by hub.freebsd.org (Postfix) with SMTP id E293837B4C5 for ; Fri, 24 Nov 2000 13:00:43 -0800 (PST) Received: (qmail 76955 invoked by uid 1001); 24 Nov 2000 21:00:43 -0000 Date: Fri, 24 Nov 2000 13:00:43 -0800 From: Jon Rust To: freebsd-isp@freebsd.org Subject: Re: user email filtering Message-ID: <20001124130043.B68275@mail.vcnet.com> Mail-Followup-To: freebsd-isp@freebsd.org References: <10011220948.aa02950@ccstores.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <10011220948.aa02950@ccstores.com>; from paz@ccstores.com on Wed, Nov 22, 2000 at 09:48:05AM -0800 X-Operating-System: http://www.freebsd.org/ Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Nov 22, 2000 at 09:48:05AM -0800, Jim Pazarena wrote: > >Subject: user email filtering > >Date: Tue, 21 Nov 2000 15:25:18 -0500 > >From: "David Lawson" > >To: > > >Does anyone know of any software I can setup to allow individual users to > >filter their email at the server level. > > 'exim' MTA delivers directly (without procmail), and permits end users > to create there own filtering rules. /usr/ports/mail/maildrop jon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Nov 24 13:48:24 2000 Delivered-To: freebsd-isp@freebsd.org Received: from hawk.prod.itd.earthlink.net (hawk.prod.itd.earthlink.net [207.217.120.22]) by hub.freebsd.org (Postfix) with ESMTP id E87DC37B4CF for ; Fri, 24 Nov 2000 13:48:22 -0800 (PST) Received: from veager.siteplus.net (1Cust125.tnt10.chattanooga.tn.da.uu.net [63.22.145.125]) by hawk.prod.itd.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id NAA22527 for ; Fri, 24 Nov 2000 13:48:21 -0800 (PST) Date: Fri, 24 Nov 2000 16:48:07 -0500 (EST) From: Jim Weeks To: freebsd-isp@freebsd.org Subject: LoadModule not adding to list. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have apache 1.3.9 with php3 compiled in running on a 3.4-stable machine. I am trying to upgrade to php4 with /usr/ports/wwwmod_php4. I have added the line LoadModule php4_module libexec/apache/libphp4.so to httpd.conf. I also have a ClearModuleList directive directly followed by an appropriate AddModule list. This is the error I get when HUPing the server. [Fri Nov 24 16:18:16 2000] [notice] SIGHUP received. Attempting to restart [Fri Nov 24 16:18:16 2000] [error] Cannot remove module mod_php4.c: not found in module list [Fri Nov 24 16:18:17 2000] [notice] Apache/1.3.9 (Unix) PHP/3.0.12 FrontPage/4.0.4.3 mod_ssl/2.4.8 OpenSSL/0.9.4 configured -- resuming normal operations I am confused as to how the ClearModuleList is even aware of the mod if it is not loading. What am I missing here? I wanted to run it past a few gurus before rebuilding apache. Thanks, -- Jim Weeks To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Nov 24 18:31:49 2000 Delivered-To: freebsd-isp@freebsd.org Received: from cfdnet.me.tuns.ca (CFDnet.me.TUNS.Ca [134.190.50.164]) by hub.freebsd.org (Postfix) with ESMTP id CB00537B479; Fri, 24 Nov 2000 18:31:43 -0800 (PST) Received: from localhost (freebsd@localhost) by cfdnet.me.tuns.ca (8.9.3/8.9.3) with ESMTP id WAA01002; Fri, 24 Nov 2000 22:27:34 -0400 (AST) (envelope-from freebsd@cfdnet.me.tuns.ca) Date: Fri, 24 Nov 2000 22:27:34 -0400 (AST) From: Theo Bell To: "Vladimir I. Kulakov" Cc: freebsd-isp@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: DOS atack of hardware problem? In-Reply-To: <20001124062133.97CBE76F9@mtu.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I had this problem with a D-Link 530TX card using device vr0. I swapped cards a couple of times to no avail. Finally I changed the network cable and the problem went away. I can't say for sure that is the solution to your problem, but you never know... HTH Theo Bell On Fri, 24 Nov 2000, Vladimir I. Kulakov wrote: > Hello! > > Last week I noticed some strange messages in my log files: > fxp0 : device timeout > > After that the ping bacame unstable, and somtimes the > server was unreachable. > > Our we replugged the server from 100 Mbit/s 3com switch to > ordinary 10 Mbit/s hub. It helped. The server started to work > fine, but a few days after that the problems appeard again. > It seems the network card in our server unpedicably > swithes from 100 to 10 Mbits and from half-duplex to full duplex. > When we plugged the server to uplink port in our swith, everything > is working fine again... > > Our Ethernet card - Intel Ether Express Pro 100/s > > Can it be a flud or some kind of DOS-atack or it just a hardware > problem? I tried another network card (also Ehter Express 100), > but it's getting even worse - the server does not work at all. > > What is the best way to solve such a problem finally? > > Many thanks in advance... > > ----------------------------------------------------- > Vladimir I. Kulakov http://www.kudesniki.ru/ > VK9-RIPN > kulakov@kudesniki.ru > 2:5020/779.27@fidonet.org > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Nov 25 6: 6:19 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.polytechnic.edu.na (mail.polytechnic.edu.na [196.31.225.2]) by hub.freebsd.org (Postfix) with ESMTP id 94F8E37B4CF for ; Sat, 25 Nov 2000 06:06:14 -0800 (PST) Received: from ns1.horizon.na ([196.31.225.199] helo=polytechnic.edu.na) by mail.polytechnic.edu.na with esmtp (Exim 3.02 #2) id 13zimr-0006Yz-00; Sat, 25 Nov 2000 15:06:53 -0200 Message-ID: <3A1FC75F.9BD2D15C@polytechnic.edu.na> Date: Sat, 25 Nov 2000 16:06:23 +0200 From: Tim Priebe Reply-To: tim@iafrica.com.na X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 3.4-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Troy Settle Cc: tim@iafrica.com.na, "Jean M. Vandette" , freebsd-isp@freebsd.org Subject: Re: Vlan device in FreeBSD 4.2 References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Troy Settle wrote: > > Would you also call it a bug when your box hangs at boot because you have > /usr/local before /usr in /etc/fstab ? I would call it a bug if it caused a kernel panic. It does not, it behaves properly, by telling you the problem, and asking you what shell you want to run, so you can fix it. > Vlan is akin to a sub interface. You gotta bring up the parent before you > bring up the child. Perhaps ifconfig could have code added to it to check > this and spit out an error message: "hey idiot, you gotta configure the real > interface before the virtual one." > > -Troy At least as recently as 4.0-RELEASE it behaved in a reasonable manner. It configured the "sub interface" without any panic. The vlan in question was not usable, untill the parent interface was brought up. This caused me a little confusion the first time I tried it, but it was much less of a problem than the kernel panics on more recent systems. Better than an "hey idiot" message would be for ifconfig to check if the parent interface is up before bringing up the child, and if not bring it up. This would eliminate the kernel panic, as well as ensuring the vlan works after it is configured. Tim. > ** -----Original Message----- > ** From: owner-freebsd-isp@FreeBSD.ORG > ** [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Tim Priebe > ** Sent: Wednesday, November 22, 2000 6:18 AM > ** To: Jean M. Vandette > ** Cc: freebsd-isp@freebsd.org > ** Subject: Re: Vlan device in FreeBSD 4.2 > ** > ** > ** It seems someone has introduced a bug to ifconfig, if you do not > ** configure the adapeter before you configure the vlan device, you get a > ** panic. Work around configure the device before you configure the vlan > ** device. > ** > ** Tim. > ** > ** "Jean M. Vandette" wrote: > ** > > ** > Greetings all, > ** > > ** > I've been trying to get Vlan's to work on 4.2 and would like to know > ** > if anyone has gotten this to work and if so how? > ** > > ** > A short setup lesson would be greatly appreciated I've been trying > ** > to get the Vlan's working for a while and still have not succeeded. > ** > Yes I have read the ifconfig man page but still seem to be missing > ** > something, I get a kernel panic 12 whenever I try to bring up the vlan. > ** > > ** > Any help from someone who has got this working would be of great help. > ** > > ** > Thank you in advance > ** > > ** > Jean M. Vandette > ** > > ** > To Unsubscribe: send mail to majordomo@FreeBSD.org > ** > with "unsubscribe freebsd-isp" in the body of the message > ** > ** > ** To Unsubscribe: send mail to majordomo@FreeBSD.org > ** with "unsubscribe freebsd-isp" in the body of the message > ** > ** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message