From owner-freebsd-isp Sun Feb 23 4:14: 6 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D7DAD37B401 for ; Sun, 23 Feb 2003 04:14:02 -0800 (PST) Received: from newmail.halenet.com.au (newmail.halenet.com.au [203.55.33.235]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C6C943F3F for ; Sun, 23 Feb 2003 04:14:01 -0800 (PST) (envelope-from timbo@halenet.com.au) Received: (from root@localhost) by newmail.halenet.com.au (8.11.6/8.11.6) id h1NCO2A29419 for freebsd-isp@freebsd.org; Sun, 23 Feb 2003 22:24:02 +1000 (EST) (envelope-from timbo@halenet.com.au) Received: from laptop (customer3-sthe-wireless-mtm.halenet.com.au [61.88.48.23]) by newmail.halenet.com.au (8.11.6/8.11.6) with SMTP id h1NCO0o29367 for ; Sun, 23 Feb 2003 22:24:00 +1000 (EST) (envelope-from timbo@halenet.com.au) Message-ID: <00e501c2db34$ec186800$6500a8c0@halenet.com.au> From: "Tim McCullagh" To: Subject: FreeBSD formating CF disks Date: Sun, 23 Feb 2003 22:13:04 +1000 MIME-Version: 1.0 X-scanner: scanned by Inflex 1.0.10 - (http://pldaniels.com/inflex/) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi All I have seen a number of people are having difficulties getting CF cards to boot when installed in diskless machines that use CF cards to boot memory file systems on the diskless computers. Mainly firewalls and wireless devices use these CF cards I have Ramstar CF cards. The first 4 all worked but the last 12 I have got won't. I know other ISP's having similar problems with other brands. I have spent a heap of time on finding a solution without finding a solution. The only thing I found that may explain what is going on is below. It relates to NetBSD and is possibly the same reason in OpenBSD and FreeBSD. I am not sure how to go about fixing it though. Can anyone tell me where I would find the info or which mailing list I should be using on how to solve this.? TIA Maybe the OpenBSD's and FreeBSD's bootloaders are still affected by a bug which used to affect NetBSD's? Here is the log message for a patch I made to NetBSD: revision 1.9 date: 2002/10/10 18:52:42; author: dyoung; state: Exp; lines: +39 -1 Introduce biosdiskreset(), and call it to reset the disk (with Int 0x13 Function 0) after a read error. This is a requirement mentioned in most BIOS documentation. This answers PR 18591. Incidentally, on the Soekris Engineering net45x1 single-board computer, this fixes a bug where the bootloader corrupts the kernel while loading it from certain varieties of CompactFlash card (especially varieties identified by NetBSD as ). The patch affected sys/arch/i386/stand/lib/bios_disk.S. You might examine the equivalent OpenBSD source file to find out if it does a proper disk reset on read failures. regards Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Feb 23 4:45:19 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 922A737B401 for ; Sun, 23 Feb 2003 04:45:16 -0800 (PST) Received: from mgw1-out.MEIway.com (mgw1.meiway.com [212.73.210.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2820C43FA3 for ; Sun, 23 Feb 2003 04:45:15 -0800 (PST) (envelope-from LConrad@Go2France.com) Received: from VirusGate.MEIway.com (virus-gate.meiway.com [212.73.210.91]) by mgw1-out.MEIway.com (Postfix Relay Hub) with ESMTP id 50F63EF6A6 for ; Sun, 23 Feb 2003 13:33:23 +0100 (CET) Received: from localhost (localhost.meiway.com [127.0.0.1]) by VirusGate.MEIway.com (Postfix) with SMTP id 9D4DC5D009 for ; Sun, 23 Feb 2003 13:48:14 +0100 (CET) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by VirusGate.MEIway.com (Postfix) with ESMTP id 4E19A5D008 for ; Sun, 23 Feb 2003 13:48:14 +0100 (CET) Received: from tx0-go2france-c.Go2France.com [66.64.14.18] by mail.Go2France.com with ESMTP (SMTPD32-6.06) id A671F0200D6; Sun, 23 Feb 2003 14:02:41 +0100 Message-Id: <5.2.0.9.0.20030223061933.03897138@mail.go2france.com> X-Sender: LConrad@Go2France.com@mail.go2france.com X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Sun, 23 Feb 2003 06:45:09 -0600 To: freebsd-isp@freebsd.org From: Len Conrad Subject: Re: Antivirus for Sendmail In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I've been using kavdaemon to scan 300,000 e-mails per day using Exiscan >as the connection to the MTA. It is very stable. confirmed here. One site I installed 2 years for an ISP in NJ runs about 200K msgs/day. solid as rock. other smaller sites report the same. using avcheck as the wrapper. >Letting kavdaemon scan the raw messages also allows it >detect common exploits, like the IFRAME exploit for IE. According to my >stats, kavdaemon blocks more messages with an IFRAME exploit than anything >else I block nearly all of these in postfix body_checks.regexp. while Kaspersky in a dedicated box catches a tiny number. Actually, by blocking "dangerous" attachments in the MX, our setup denies the next-hop Kaspersky nearly all the infectious fun. >I don't use the Kaspersky sendmail integration software, I found it too >expensive (per user licensing), while kavdeamon by itself just requires a >server license. exactly. most bang for the buck. > And here is a big one: no false positives. Most people aren't aware >that we are using kavdaemon. same here, and esp since no self-congratulatory : X-note: this message has been virus scanned by Kaspersky blah blah ... ... to bulk up the headers. Len To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Feb 24 1:54:40 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1E2DC37B401 for ; Mon, 24 Feb 2003 01:54:39 -0800 (PST) Received: from saturn.mics.co.za (saturn.mics.co.za [196.34.165.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3EAEF43F75 for ; Mon, 24 Feb 2003 01:54:36 -0800 (PST) (envelope-from mark@mics.co.za) Received: from root by saturn.mics.co.za with scanned_ok (Exim 3.36 #1) id 18nFKC-000CUO-00 for freebsd-isp@freebsd.org; Mon, 24 Feb 2003 11:55:04 +0200 Received: from opium.co.za ([196.34.165.210]) by saturn.mics.co.za with esmtp (Exim 3.36 #1) id 18nFKB-000CUH-00 for freebsd-isp@freebsd.org; Mon, 24 Feb 2003 11:55:04 +0200 Date: Mon, 24 Feb 2003 11:54:30 +0200 (SAST) From: Mark Bojara X-X-Sender: mark@opium.co.za To: freebsd-isp@freebsd.org Subject: network backup Message-ID: <20030224115314.L326-100000@opium.co.za> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: MICS Online Virus Scanner (virusalert@mics.co.za) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello All, What is a nice network backup for fbsd/linux/windows (fbsd being the server). Ive tried arkeia but found it to have alot of bugs. It has to be something simple for a dumb user to operate (client). Doesnt have to be freeware. Thanks Mark ---------------------------------------------------------------- Running a Level-One Tagline Diagnostic, Captain - Geordi ---------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Feb 24 3:13:30 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 98AAA37B401 for ; Mon, 24 Feb 2003 03:13:29 -0800 (PST) Received: from hermes.if.lt (hermes.if.lt [195.190.141.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id F3C6043FBF for ; Mon, 24 Feb 2003 03:13:26 -0800 (PST) (envelope-from vd@vmunix.lt) Received: from 195.190.141.1 (hermes [195.190.141.1]) by hermes.if.lt (IF DRAUDIMAS mail) with SMTP id 0FD3919801E; Mon, 24 Feb 2003 13:12:45 +0200 (EET) Received: from zeus (zeus.if.lt [195.190.141.3]) by hermes.if.lt (IF DRAUDIMAS mail) with ESMTP id D2D851982F4; Mon, 24 Feb 2003 13:12:41 +0200 (EET) Date: Mon, 24 Feb 2003 13:13:22 +0200 (EET) From: Vaidas Damosevicius To: Mark Bojara Cc: freebsd-isp@freebsd.org Subject: Re: network backup In-Reply-To: <20030224115314.L326-100000@opium.co.za> References: <20030224115314.L326-100000@opium.co.za> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Message-Id: <20030224111241.D2D851982F4@hermes.if.lt> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Hello All, > > What is a nice network backup for fbsd/linux/windows (fbsd being the > server). Ive tried arkeia but found it to have alot of bugs. It has to be > something simple for a dumb user to operate (client). Doesnt have to be > freeware. > Try amanda or afbackup. > Thanks > Mark > vd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Feb 24 3:50:48 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED89137B401 for ; Mon, 24 Feb 2003 03:50:46 -0800 (PST) Received: from saturn.mics.co.za (saturn.mics.co.za [196.34.165.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0FC7C43FAF for ; Mon, 24 Feb 2003 03:50:42 -0800 (PST) (envelope-from mark@mics.co.za) Received: from root by saturn.mics.co.za with scanned_ok (Exim 3.36 #1) id 18nH8Z-000E00-00 for freebsd-isp@freebsd.org; Mon, 24 Feb 2003 13:51:11 +0200 Received: from opium.co.za ([196.34.165.210]) by saturn.mics.co.za with esmtp (Exim 3.36 #1) id 18nH8Z-000Dzm-00; Mon, 24 Feb 2003 13:51:11 +0200 Date: Mon, 24 Feb 2003 13:50:37 +0200 (SAST) From: Mark Bojara X-X-Sender: mark@opium.co.za To: Vaidas Damosevicius Cc: freebsd-isp@freebsd.org Subject: Re: network backup In-Reply-To: <20030224111241.D2D851982F4@hermes.if.lt> Message-ID: <20030224135009.J326-100000@opium.co.za> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: MICS Online Virus Scanner (virusalert@mics.co.za) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org im looking for something more of a gui interface so a dumb user can operate it easily.. any idea's? Chow Mark ---------------------------------------------------------------- "Don't you hate it when your boogers freeze?" -- Calvin ---------------------------------------------------------------- On Mon, 24 Feb 2003, Vaidas Damosevicius wrote: >> Hello All, >> >> What is a nice network backup for fbsd/linux/windows (fbsd being the >> server). Ive tried arkeia but found it to have alot of bugs. It has to be >> something simple for a dumb user to operate (client). Doesnt have to be >> freeware. >> > >Try amanda or afbackup. > >> Thanks >> Mark >> > >vd > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Feb 24 8:25:25 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6057637B405 for ; Mon, 24 Feb 2003 08:25:24 -0800 (PST) Received: from alcatraz.wolfpaw.net (alcatraz.wolfpaw.net [216.194.99.3]) by mx1.FreeBSD.org (Postfix) with SMTP id 2CB7843F75 for ; Mon, 24 Feb 2003 08:25:23 -0800 (PST) (envelope-from admin-lists@wolfpaw.net) Received: (qmail 20984 invoked by uid 0); 24 Feb 2003 16:25:21 -0000 Received: from unknown (HELO wolf) (216.123.201.128) by 0 with SMTP; 24 Feb 2003 16:25:21 -0000 From: "Wolfpaw - Dale Corse" To: Cc: Subject: FW: Netstat byte counters, and IPFW (1 or 2) counters don't match Date: Mon, 24 Feb 2003 09:35:22 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi All, I tried posting this to freebsd-questions, but I have received no reply. So I thought I would try it as a bug (and the ISP list too :), as that is what it appears to be to me. I am not subscribed to this list, so if you could reply directly I would appreciate it :) Anyway .. here is the problem: I can't seem to find a reason for this.. but if I graph the values of fxp0 using netstat -bin, like this: Name Mtu Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll fxp0 1500 00:02:b3:bc:12:7c 3417242 0 232992484 3997590 0 764014344 0 and IPFW-2 rules like this (I also tried ipfw 1, and ipf): 00100 388827 18466235 count ip from any to any in via fxp0 00101 454678 80243192 count ip from any to any out via fxp0 both with the same version of MRTG, the netstat version matches what my provider tells me I am using, but the one using ipfw values is always 50 - 200 kbits/sec off. Does anyone know why? I am stumped :( I have tried using both ipfw 1, and ipfw 2 (counting only layer 3, and only layer 2, and both types (which was way off) of packets).. and I have been unable to solve the problem :( The other odd thing being, it seems to be traffic that is maybe not IP based.. because the graph on the uplink of the Cisco switch behind the firewall in question does not see the traffic ethier.. but the Cisco 6509 in front of it sees it.. :/ Please let me know if you have any ideas :) Thanks in advance :) Dale. -------------------------------- Dale Corse System Administrator Wolfpaw Services Inc. http://www.wolfpaw.net (780) 474-4095 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Feb 24 9:18:21 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D40837B401; Mon, 24 Feb 2003 09:18:18 -0800 (PST) Received: from pop3.psconsult.nl (ps226.psconsult.nl [193.67.147.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 31B9A43F3F; Mon, 24 Feb 2003 09:18:12 -0800 (PST) (envelope-from paul@pop3.psconsult.nl) Received: (from paul@localhost) by pop3.psconsult.nl (8.9.2/8.9.2) id SAA43709; Mon, 24 Feb 2003 18:18:05 +0100 (CET) (envelope-from paul) Date: Mon, 24 Feb 2003 18:18:05 +0100 From: Paul Schenkeveld To: Wolfpaw - Dale Corse Cc: freebsd-bugs@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG Subject: Re: FW: Netstat byte counters, and IPFW (1 or 2) counters don't match Message-ID: <20030224181805.A43509@psconsult.nl> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from admin-lists@wolfpaw.net on Mon, Feb 24, 2003 at 09:35:22AM -0700 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, On Mon, Feb 24, 2003 at 09:35:22AM -0700, Wolfpaw - Dale Corse wrote: > Hi All, > > I tried posting this to freebsd-questions, but I have received no reply. So I thought I would try it as > a bug (and the ISP list too :), as that is what it appears to be to me. I am not subscribed to this list, > so if you could reply directly I would appreciate it :) Anyway .. here is the problem: > > I can't seem to find a reason for this.. but if I graph the values of fxp0 using netstat -bin, like this: > > Name Mtu Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll > fxp0 1500 00:02:b3:bc:12:7c 3417242 0 232992484 3997590 0 764014344 0 > > and IPFW-2 rules like this (I also tried ipfw 1, and ipf): > > 00100 388827 18466235 count ip from any to any in via fxp0 > 00101 454678 80243192 count ip from any to any out via fxp0 > > both with the same version of MRTG, the netstat version matches what my provider tells me I am using, but the > one using ipfw values is always 50 - 200 kbits/sec off. Does anyone know why? I am stumped :( I have tried According to the numbers above, ipfw only counts 7.9% of all input bytes and 10.5% of all output bytes counted by netstat. Could it be that your (32-bit) counters have wrapped around? I can think of there reasons for /small/ differences: - Netstat counts all bytes in the ethernet frame, ipfw probably only sees the IP packet minus ethernet header. - Netstat sees all protocols, ipfw only IP. Other notable protocols that can offset your netstat counters: * CDP (Cisco Discovery Protocol, sent out on every Cisco port unless explicitely disabled in the config of the router/switch) * IPv6 * IPX (are there any Novell servers or PCs with IPX enables in the subnet/broadcast domain). * Netbeui (any PC in the same subnet/broadcast domain with netbeui enabled). It could well be a combination of several of these factors. Make sure both start counting at the same time (or zero both counters simultaneously), look with 'tcpdump -ni not ip' to see all protocols other than IP. After evicting all PCs sending out IPX or Netbeui, kindly asking your switch to not send CDP and taming all connected nodes to not use IPv6 should bring you a bit closer but the simple calculation: ipfw_no_of_bytes + ipfw_no_of_packets * ether_header_size will still not give you thenumber of bytes as IP datagrams may be fragmented and reassembled between the ethernet driver and the IP layer. > using both ipfw 1, and ipfw 2 (counting only layer 3, and only layer 2, and both types (which was way off) of > packets).. and I have been unable to solve the problem :( The other odd thing being, it seems to be traffic that > is maybe not IP based.. because the graph on the uplink of the Cisco switch behind the firewall in question does > not see the traffic ethier.. but the Cisco 6509 in front of it sees it.. :/ > > Please let me know if you have any ideas :) > > Thanks in advance :) > Dale. Hope this helps you. Regards, Paul Schenkeveld, Consultant PSconsult ICT Services BV To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Feb 24 9:50:18 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1E72C37B401 for ; Mon, 24 Feb 2003 09:50:15 -0800 (PST) Received: from alcatraz.wolfpaw.net (alcatraz.wolfpaw.net [216.194.99.3]) by mx1.FreeBSD.org (Postfix) with SMTP id 9D73743FAF for ; Mon, 24 Feb 2003 09:50:13 -0800 (PST) (envelope-from admin-lists@wolfpaw.net) Received: (qmail 25151 invoked by uid 0); 24 Feb 2003 17:50:12 -0000 Received: from unknown (HELO wolf) (216.123.201.128) by 0 with SMTP; 24 Feb 2003 17:50:12 -0000 From: "Wolfpaw - Dale Corse" To: "Paul Schenkeveld" , "Wolfpaw - Dale Corse" Cc: , Subject: RE: FW: Netstat byte counters, and IPFW (1 or 2) counters don't match Date: Mon, 24 Feb 2003 11:00:13 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 In-Reply-To: <20030224181805.A43509@psconsult.nl> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Paul, Thanks for the reply :) I did have a few things to add; >> I can't seem to find a reason for this.. but if I graph the values of fxp0 using netstat -bin, like this: >> >> Name Mtu Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll >> fxp0 1500 00:02:b3:bc:12:7c 3417242 0 232992484 3997590 0 764014344 0 >> >> and IPFW-2 rules like this (I also tried ipfw 1, and ipf): >> >> 00100 388827 18466235 count ip from any to any in via fxp0 >> 00101 454678 80243192 count ip from any to any out via fxp0 >> >> both with the same version of MRTG, the netstat version matches what my provider tells me I am using, but the >> one using ipfw values is always 50 - 200 kbits/sec off. Does anyone know why? I am stumped :( I have tried > According to the numbers above, ipfw only counts 7.9% of all input > bytes and 10.5% of all output bytes counted by netstat. > Could it be that your (32-bit) counters have wrapped around? The ipfw counters are reset every 5 minutes - the netstat ones aren't. I was not aware of a way to zero those without a reboot (which would be bad - the link in question does about 3 - 5 mb/s constantly, people get upset when it goes down :( They seem to be out as I mentioned above contstantly > I can think of there reasons for /small/ differences: > > - Netstat counts all bytes in the ethernet frame, ipfw probably only sees > the IP packet minus ethernet header. Doesn't the new IPFW-2 layer2 count everything, even non-ip traffic? If not, is there a way I can block non-ip traffic from leaving my network .. I see no reason at all that it should be leaving it. I run no applications that should require any of the below protocols. > - Netstat sees all protocols, ipfw only IP. Other notable protocols that > can offset your netstat counters: > * CDP (Cisco Discovery Protocol, sent out on every Cisco port unless > explicitely disabled in the config of the router/switch) Hmm - I totally forgot about CDP - thanks much :) > * IPv6 > * IPX (are there any Novell servers or PCs with IPX enables in the > subnet/broadcast domain). > * Netbeui (any PC in the same subnet/broadcast domain with netbeui > enabled). Again - any ways to forbid these from crossing the gateway to the world? I only run IPv4 and IP based applications (they are all that is allowed), we have nothing that should be using IPX, or (gasp) anything using netbeui enabled, but a customer might without realizing it. > It could well be a combination of several of these factors. Make > sure both start counting at the same time (or zero both counters > simultaneously), look with 'tcpdump -ni not ip' to see all > protocols other than IP. I'll try tcpdump, thanks much :) > After evicting all PCs sending out IPX or Netbeui, kindly asking your > switch to not send CDP and taming all connected nodes to not use IPv6 > should bring you a bit closer but the simple calculation: > > ipfw_no_of_bytes + ipfw_no_of_packets * ether_header_size > > will still not give you thenumber of bytes as IP datagrams may be > fragmented and reassembled between the ethernet driver and the IP > layer. Doesn't ipfw2's layer2 stuff handle this? >> using both ipfw 1, and ipfw 2 (counting only layer 3, and only layer 2, and both types (which was way off) of >> packets).. and I have been unable to solve the problem :( The other odd thing being, it seems to be traffic that >> is maybe not IP based.. because the graph on the uplink of the Cisco switch behind the firewall in question does >> not see the traffic ethier.. but the Cisco 6509 in front of it sees it.. :/ >> >> Please let me know if you have any ideas :) >> >> Thanks in advance :) >> Dale. >Hope this helps you. It has been quite helpful - thanks much :) Sorry about all the questions :( Regards, Dale. -------------------------------- Dale Corse System Administrator Wolfpaw Services Inc. http://www.wolfpaw.net (780) 474-4095 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Feb 24 11: 2:28 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F26537B401; Mon, 24 Feb 2003 11:02:24 -0800 (PST) Received: from pop3.psconsult.nl (ps226.psconsult.nl [193.67.147.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B8E443F93; Mon, 24 Feb 2003 11:02:18 -0800 (PST) (envelope-from paul@pop3.psconsult.nl) Received: (from paul@localhost) by pop3.psconsult.nl (8.9.2/8.9.2) id UAA44959; Mon, 24 Feb 2003 20:02:05 +0100 (CET) (envelope-from paul) Date: Mon, 24 Feb 2003 20:02:05 +0100 From: Paul Schenkeveld To: Wolfpaw - Dale Corse Cc: freebsd-bugs@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG Subject: Re: FW: Netstat byte counters, and IPFW (1 or 2) counters don't match Message-ID: <20030224200205.A44721@psconsult.nl> References: <20030224181805.A43509@psconsult.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from admin-lists@wolfpaw.net on Mon, Feb 24, 2003 at 11:00:13AM -0700 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi dale, First a little request, could you please set your mailer/editor to produce lines no longer than 72 characters? Follow-ups become very unreadable with long lines. On Mon, Feb 24, 2003 at 11:00:13AM -0700, Wolfpaw - Dale Corse wrote: > Hi Paul, > > Thanks for the reply :) I did have a few things to add; > > >> I can't seem to find a reason for this.. but if I graph the values of fxp0 using netstat -bin, like this: > >> > >> Name Mtu Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll > >> fxp0 1500 00:02:b3:bc:12:7c 3417242 0 232992484 3997590 0 764014344 0 > >> > >> and IPFW-2 rules like this (I also tried ipfw 1, and ipf): > >> > >> 00100 388827 18466235 count ip from any to any in via fxp0 > >> 00101 454678 80243192 count ip from any to any out via fxp0 > >> > >> both with the same version of MRTG, the netstat version matches what my provider tells me I am using, but the > >> one using ipfw values is always 50 - 200 kbits/sec off. Does anyone know why? I am stumped :( I have tried > > > According to the numbers above, ipfw only counts 7.9% of all input > > bytes and 10.5% of all output bytes counted by netstat. > > Could it be that your (32-bit) counters have wrapped around? > > The ipfw counters are reset every 5 minutes - the netstat ones aren't. I was not aware > of a way to zero those without a reboot (which would be bad - the link in question does > about 3 - 5 mb/s constantly, people get upset when it goes down :( They seem to be out > as I mentioned above contstantly I seemed to remember a -z option to netstat but I just checked the man page to learn that -z can zero all kinds of netstat counters but not these. Sorry. Opportunity to get ones name engraved in *BSD sources? :-) > > I can think of there reasons for /small/ differences: > > > > - Netstat counts all bytes in the ethernet frame, ipfw probably only sees > > the IP packet minus ethernet header. > > Doesn't the new IPFW-2 layer2 count everything, even non-ip traffic? If not, is there > a way I can block non-ip traffic from leaving my network .. I see no reason at all that > it should be leaving it. I run no applications that should require any of the below protocols. Need to know more about your topology to see where they could come from but if you check with tcpdump at least you know what to look for and perhaps even what generates them. To block non-ip frames, look atr your WS-C6509 docs. I've configured a couple of those some three years ago and saw that they have nice layer-2 filters besides the access-lists you get with the optional layer-3 module. The 6509s I configures run Cisco Cat-OS, not IOS but it seems reasonable that the IOS versions also do layer-2 access-lists. > > - Netstat sees all protocols, ipfw only IP. Other notable protocols that > > can offset your netstat counters: > > * CDP (Cisco Discovery Protocol, sent out on every Cisco port unless > > explicitely disabled in the config of the router/switch) > > Hmm - I totally forgot about CDP - thanks much :) But with your traffic, CDP will not be a big issue. > > * IPv6 > > * IPX (are there any Novell servers or PCs with IPX enables in the > > subnet/broadcast domain). > > * Netbeui (any PC in the same subnet/broadcast domain with netbeui > > enabled). > > Again - any ways to forbid these from crossing the gateway to the world? I only > run IPv4 and IP based applications (they are all that is allowed), we have nothing > that should be using IPX, or (gasp) anything using netbeui enabled, but a customer > might without realizing it. > > > It could well be a combination of several of these factors. Make > > sure both start counting at the same time (or zero both counters > > simultaneously), look with 'tcpdump -ni not ip' to see all > > protocols other than IP. > > I'll try tcpdump, thanks much :) > > > After evicting all PCs sending out IPX or Netbeui, kindly asking your > > switch to not send CDP and taming all connected nodes to not use IPv6 > > should bring you a bit closer but the simple calculation: > > > > ipfw_no_of_bytes + ipfw_no_of_packets * ether_header_size > > > > will still not give you thenumber of bytes as IP datagrams may be > > fragmented and reassembled between the ethernet driver and the IP > > layer. > > Doesn't ipfw2's layer2 stuff handle this? Ipfw2 will see reassembled packets I think. So, if for example a FTP data connection sends a 4096 byte TCP frame, layer-2 will break this up in several fragments depending on the MTU of every link in the path between server and client. Assume the 4K packet is sent over a ethernet link first, you'll see three ethernet frames, 2 of 1500 octets and 1 a bit shorter. If the next link is a gif tunnel with a MTU of 1280, you'll get 5 packets because the two 1500 octet frames get fragmented again. So your next link is a modem link with PPP and a MTU of 296? You'll end up with more than a dozen frames. Each frame has it's own ethernet header when it reaches your FreeBSD box over ethernet. During reassembly all these headers are thrown away. So if I'm right and IPFW2 sees the reassembled packet you can see a big difference in octet counts between the link layer (netstat) and IPFW2 which only sees 4096 bytes.. > >> using both ipfw 1, and ipfw 2 (counting only layer 3, and only layer 2, and both types (which was way off) of > >> packets).. and I have been unable to solve the problem :( The other odd thing being, it seems to be traffic that > >> is maybe not IP based.. because the graph on the uplink of the Cisco switch behind the firewall in question does > >> not see the traffic ethier.. but the Cisco 6509 in front of it sees it.. :/ > >> > >> Please let me know if you have any ideas :) > >> > >> Thanks in advance :) > >> Dale. > > >Hope this helps you. > > It has been quite helpful - thanks much :) Sorry about all the questions :( No problems about the questions. Hopefully my answers help you further. BTW. I've only used ipfw1 and ipfilter so I'm right about ipfw2 and reassembly but it should be documented somewhere or otherwise a simple experiment should reveal the truth. Regards, Paul Schenkeveld, Consultant PSconsult ICT Services BV To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Feb 24 13: 0:57 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D0D1C37B401 for ; Mon, 24 Feb 2003 13:00:56 -0800 (PST) Received: from ints.mail.pike.ru (ints.mail.pike.ru [195.9.45.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2DAA543FB1 for ; Mon, 24 Feb 2003 13:00:55 -0800 (PST) (envelope-from babolo@cicuta.babolo.ru) Received: (qmail 56587 invoked from network); 24 Feb 2003 21:17:27 -0000 Received: from babolo.ru (HELO cicuta.babolo.ru) (194.58.226.160) by ints.mail.pike.ru with SMTP; 24 Feb 2003 21:17:27 -0000 Received: (nullmailer pid 3550 invoked by uid 136); Mon, 24 Feb 2003 21:02:53 -0000 Subject: Re: FW: Netstat byte counters, and IPFW (1 or 2) counters don't match X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1 In-Reply-To: <20030224200205.A44721@psconsult.nl> To: Paul Schenkeveld Date: Tue, 25 Feb 2003 00:02:53 +0300 (MSK) From: "."@babolo.ru Cc: Wolfpaw - Dale Corse , freebsd-bugs@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <1046120573.537458.3549.nullmailer@cicuta.babolo.ru> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Ipfw2 will see reassembled packets I think. IPFW1 worked with IP packet as is (without reassembling) and I will be surprised if IPFW2 does differently. But I do not tested. Just imagine reassembling router :-) (Yes, it possible, but...) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Feb 24 13:50:44 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A37437B401 for ; Mon, 24 Feb 2003 13:50:43 -0800 (PST) Received: from wsdab.retina.ar (wsdab.retina.ar [168.96.1.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 118AA43FAF for ; Mon, 24 Feb 2003 13:50:42 -0800 (PST) (envelope-from dano@phreaker.net) Received: from wsdab.retina.ar (wsdab.retina.ar [168.96.1.10]) by wsdab.retina.ar (8.12.5/8.12.5) with SMTP id h1OLpE1N006417 for ; Mon, 24 Feb 2003 18:51:15 -0300 Date: Mon, 24 Feb 2003 18:51:14 -0300 From: Dano To: freebsd-isp@freebsd.org Subject: news server: swap problem Message-Id: <20030224185114.7e1a4551.dano@phreaker.net> Organization: . X-Mailer: x X-Newsreader: . Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, I have a problem with innd. When it start innd the capacity of swap is filled quickly. $ /news/bin> swapinfo Device 1K-blocks Used Avail Capacity Type /dev/da0s1b 130944 130520 424 100% Interleaved /dev/da1s1b 130944 130588 356 100% Interleaved Total 261888 261108 780 100% $ tail /var/log/messages Feb 24 17:41:20 news /kernel: swap_pager_getswapspace: failed Feb 24 17:42:49 news /kernel: pid 84731 (innd), uid 8, was killed: out of swap space $ ps -axuw USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND news 86723 2.8 44.5 290524 55952 ?? DLs 6:15PM 0:34.71 /news/bin/innd -p4 -r the machine have 256Mb of RAM. I use inn-2.3.4 en FreeBSD 4.7 . Thanks for your help. Dano To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Feb 24 14: 6:57 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D6FC37B401 for ; Mon, 24 Feb 2003 14:06:55 -0800 (PST) Received: from pi.codefab.com (pi.codefab.com [12.38.161.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id A683D43FA3 for ; Mon, 24 Feb 2003 14:06:54 -0800 (PST) (envelope-from cswiger@mac.com) Received: from mac.com (kmfdm.codefab.com [12.38.161.63]) by pi.codefab.com (8.12.7/8.12.7) with ESMTP id h1OM6oSa028783; Mon, 24 Feb 2003 17:06:50 -0500 (EST) Message-ID: <3E5A977A.2000109@mac.com> Date: Mon, 24 Feb 2003 17:06:50 -0500 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021212 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-isp@FreeBSD.ORG Cc: Dano Subject: Re: news server: swap problem References: <20030224185114.7e1a4551.dano@phreaker.net> In-Reply-To: <20030224185114.7e1a4551.dano@phreaker.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=-3.4 required=8.0 tests=IN_REP_TO,NOSPAM_INC,QUOTED_EMAIL_TEXT,REFERENCES, SPAM_PHRASE_00_01,SUBJECT_IS_NEWS,USER_AGENT, USER_AGENT_MOZILLA_UA,X_ACCEPT_LANG version=2.44 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dano wrote: > I have a problem with innd. > When it start innd the capacity of swap is filled quickly. [ ... ] > $ ps -axuw > USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND > news 86723 2.8 44.5 290524 55952 ?? DLs 6:15PM 0:34.71 > /news/bin/innd -p4 -r > > the machine have 256Mb of RAM. > I use inn-2.3.4 en FreeBSD 4.7. "innd -r" means it is trying to renumber the active file; that's not part of your normal startup, right? I'm running inn-2.3.4 as well, but my resource usage-- even after two weeks-- is much smaller: 2-shot# psg inn news 87623 0.0 7.0 46380 18028 ?? Ss 10Feb03 35:04.18 /usr/local/news/bin/innd -p4 news 87624 0.0 0.1 760 324 p0- IN 10Feb03 6:31.65 /bin/sh /usr/local/news/bin/innwatch news 87630 0.0 0.3 4164 824 ?? SN 10Feb03 11:13.67 /usr/local/news/bin/innfeed Anyway, if you have a corrupted active file, this may be causing INN to get confused and leak memory; try doing an "inncheck -v" and look into "man makeactive" or "man makehistory". These are some tools which may help if your active file has problems. -Chuck Chuck Swiger | chuck@codefab.com | All your packets are belong to us. -------------+-------------------+----------------------------------- "The human race's favorite method for being in control of the facts is to ignore them." -Celia Green To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Feb 24 16:51:41 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5620937B401 for ; Mon, 24 Feb 2003 16:51:40 -0800 (PST) Received: from mail.nortenet.pt (mar.nortenet.pt [212.13.32.243]) by mx1.FreeBSD.org (Postfix) with ESMTP id BBD4943F93 for ; Mon, 24 Feb 2003 16:51:38 -0800 (PST) (envelope-from guilherme@nortenet.pt) Received: from parpa (v1-pppS18.nortenet.pt [212.13.32.18]) by mail.nortenet.pt (8.11.1/8.11.1) with SMTP id h1ONnSC28912 for ; Tue, 25 Feb 2003 00:49:29 +0100 Date: Tue, 25 Feb 2003 00:56:36 +0000 From: "Guilherme J. R. Oliveira" To: freebsd-isp@freebsd.org Subject: firewall/nat Web Hosting architecture Message-Id: <20030225005636.4de408d9.guilherme@nortenet.pt> Organization: host-valley.com X-Mailer: Sylpheed version 0.8.6 (GTK+ 1.2.10; i386-portbld-freebsd4.6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi ! I need to create a network serving virtual web hosting (which I'll have 2 public ip's) with these servers: apache, iis, bind, ftpd, sendmail and pop3. It's possible to put all these servers (including the dns) behind a freebsd firewall/nat with 2 nics and 2 switchs to divide 2 networks ? Example: internet | router | firewall&nat | desktop1 -- switch -- | -- switch -- bind,apache,ftpd desktop2 -- -- sendmail,pop3,secondary_bind -- iis,ftpd I think it's possible using -redirect_port and -redirect_address but I shock with 2 (or more) problems: - if the public ip's adress's will be served with bind then it must be installed in the same box as firewall&nat. True ? But I wish that bind stays behind the firewall. - I have only 2 public ip's that must be assigned (i think) to bind and secondary_bind. How can I acess to iis and/or apache server independently from internet ? Thanks. -- mailto:guilherme@nortenet.pt || http://guilherme.host-valley.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Feb 24 23: 0:34 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A3A537B401 for ; Mon, 24 Feb 2003 23:00:31 -0800 (PST) Received: from mx02.uunet.com.na (smtp.corp.uunet.com.na [196.20.7.168]) by mx1.FreeBSD.org (Postfix) with ESMTP id 863C943F85 for ; Mon, 24 Feb 2003 23:00:27 -0800 (PST) (envelope-from rolf@digitaldivide.org.za) Received: from [196.20.19.91] (helo=null) by mx02.uunet.com.na with esmtp (Exim 3.22 #1) id 18nZ4Y-0004zd-00; Tue, 25 Feb 2003 09:00:14 +0200 From: "Rolf Mendelsohn" To: "Guilherme J. R. Oliveira" Date: Tue, 25 Feb 2003 08:59:20 +0200 MIME-Version: 1.0 Subject: Re: firewall/nat Web Hosting architecture Cc: freebsd-isp@freebsd.org Message-ID: <3E5B3068.1066.2DFE64@localhost> In-reply-to: <20030225005636.4de408d9.guilherme@nortenet.pt> X-mailer: Pegasus Mail for Windows (v4.02a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Guilherme, I would question the design below and recommend that you install a third NIC in your FreeBSD firewall and run it like this: internet | firewall / \ -- switch -- --switch-- Desktops Servers This way you Servers Lan is seperate from clients PC's - this is also a more scalable design. The servers LAN should use public IP's If possible & the clients can use Nat from the BSD machine. This is always less troublesome, eespecially if you BIND server is going to be a primary DNS server. If it is impossible to redesign this network then you should do the following: Alias some IP's in /etc/rc.conf: ifconfig_rl0="inet 196.20.13.130 netmask 255.255.255.248" ifconfig_rl0_alias0="inet 196.20.13.136 netmask 0xffffffff" ifconfig_rl0_alias1="inet 196.20.13.137 netmask 0xffffffff" ifconfig_rl0_alias2="inet 196.20.13.138 netmask 0xffffffff" Run natd from a config file: bash-2.05a$ grep natd /etc/rc.conf natd_enable="YES" natd_flags="-f /etc/natd.conf" bash-2.05a$ head -n 4 /etc/natd.conf alias_address 196.20.13.130 #Start internal servers. redirect_address 192.168.3.3 196.20.13.136 redirect_address 192.168.4.3 196.20.13.137 Setup your firewall rules, some general rules for outgoing clients and then a specific per-server ruleset. # 192.168.3.0 - add 12000 allow tcp from any to 192.168.3.3 25 setup Regards, Rolf Mendelsohn On 25 Feb 2003 at 0:56, Guilherme J. R. Oliveira wrote: > > Hi ! > > I need to create a network serving virtual web hosting (which I'll have 2 public ip's) with these servers: apache, iis, bind, ftpd, sendmail and pop3. > It's possible to put all these servers (including the dns) behind a freebsd firewall/nat with 2 nics and 2 switchs to divide 2 networks ? > > > Example: > > internet > | > router > | > firewall&nat > | > desktop1 -- switch -- | -- switch -- bind,apache,ftpd > desktop2 -- -- sendmail,pop3,secondary_bind > -- iis,ftpd > > > I think it's possible using -redirect_port and -redirect_address but I shock with 2 (or more) problems: > > - if the public ip's adress's will be served with bind then it must be installed in the same box as firewall&nat. True ? But I wish that bind stays behind the firewall. > - I have only 2 public ip's that must be assigned (i think) to bind and secondary_bind. How can I acess to iis and/or apache server independently from internet ? > > > > Thanks. > > -- > mailto:guilherme@nortenet.pt || http://guilherme.host-valley.com/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Feb 24 23:17: 3 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7819C37B401 for ; Mon, 24 Feb 2003 23:17:02 -0800 (PST) Received: from misery.sdf.com (misery.sdf.com [207.200.153.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0909343F75 for ; Mon, 24 Feb 2003 23:17:01 -0800 (PST) (envelope-from tom@sdf.com) Received: from tom (helo=localhost) by misery.sdf.com with local-esmtp (Exim 2.12 #1) id 18nYDD-0001Cp-00; Mon, 24 Feb 2003 22:05:07 -0800 Date: Mon, 24 Feb 2003 22:05:06 -0800 (PST) From: Tom Samplonius To: Dano Cc: freebsd-isp@freebsd.org Subject: Re: news server: swap problem In-Reply-To: <20030224185114.7e1a4551.dano@phreaker.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 24 Feb 2003, Dano wrote: > $ /news/bin> swapinfo > Device 1K-blocks Used Avail Capacity Type > /dev/da0s1b 130944 130520 424 100% Interleaved > /dev/da1s1b 130944 130588 356 100% Interleaved > Total 261888 261108 780 100% ... > the machine have 256Mb of RAM. ... In general, you should expect problems if the size of your swap is not at least twice the amount of RAM. The innd memory usage may be normal for the size of your news server, or it could be corruption. IMO, 256MB isn't very much for a news server. You should probably add another 256MB of swap right away. It is possible to create a 256MB file on one of your file systems, and mount it as swap. See "man vnconfig". Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Feb 25 0:23:22 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 15F2E37B406 for ; Tue, 25 Feb 2003 00:23:21 -0800 (PST) Received: from hotmail.com (f135.pav2.hotmail.com [64.4.37.135]) by mx1.FreeBSD.org (Postfix) with ESMTP id 996CF43F3F for ; Tue, 25 Feb 2003 00:23:20 -0800 (PST) (envelope-from second_april@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 25 Feb 2003 00:23:20 -0800 Received: from 63.100.210.139 by pv2fd.pav2.hotmail.msn.com with HTTP; Tue, 25 Feb 2003 08:23:20 GMT X-Originating-IP: [63.100.210.139] From: "Muddassar Zaidi" To: freebsd-isp@freebsd.org Subject: subscribe Date: Tue, 25 Feb 2003 13:23:20 +0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 25 Feb 2003 08:23:20.0392 (UTC) FILETIME=[27B99C80:01C2DCA7] Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 26 6:57:35 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8DEEF37B401 for ; Wed, 26 Feb 2003 06:57:34 -0800 (PST) Received: from mail.gmx.net (pop.gmx.net [213.165.65.60]) by mx1.FreeBSD.org (Postfix) with SMTP id A62D543F3F for ; Wed, 26 Feb 2003 06:57:33 -0800 (PST) (envelope-from centralghetto@gmx.net) Received: (qmail 29631 invoked by uid 0); 26 Feb 2003 14:57:32 -0000 Received: from pD9003A7E.dip.t-dialin.net (HELO ...) (217.0.58.126) by mail.gmx.net (mp009-rz3) with SMTP; 26 Feb 2003 14:57:32 -0000 Date: Wed, 26 Feb 2003 15:57:34 +0100 From: Central Ghetto To: freebsd-isp@freebsd.org Subject: IBM ServeRAID Support X-Mailer: ... User-Agent: ... X-Operating-System: ... Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20030226145733.A62D543F3F@mx1.FreeBSD.org> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hy All, Does anyone know why FreeBSD does not support the IBM ServeRAID Controller's? To 'bad' or not often used? Thx, Jens To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 26 23:32:48 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 12D7D37B401 for ; Wed, 26 Feb 2003 23:32:46 -0800 (PST) Received: from mail.schmut.com (adsl-67-121-114-163.dsl.pltn13.pacbell.net [67.121.114.163]) by mx1.FreeBSD.org (Postfix) with SMTP id C46DE43FEA for ; Wed, 26 Feb 2003 23:32:31 -0800 (PST) (envelope-from mario@schmut.com) Received: (qmail 45374 invoked by uid 0); 19 Feb 2003 18:38:31 -0000 Received: from quack.schmut.com (HELO schmut.com) (192.168.23.98) by snoopy.23.168.192.in-addr.arpa with SMTP; 19 Feb 2003 18:38:31 -0000 Received: from 192.168.23.97 (SquirrelMail authenticated user mario@schmut.com) by webmail.schmut.com with HTTP; Wed, 19 Feb 2003 10:17:29 -0800 (PST) Message-ID: <4512.192.168.23.97.1045678649.squirrel@webmail.schmut.com> Date: Wed, 19 Feb 2003 10:17:29 -0800 (PST) Subject: Re: Symantec Ghost-like app for UFS? From: To: In-Reply-To: <5.1.1.6.2.20030217190503.0626c2d8@globalpc.net> References: <5.1.1.6.2.20030217190503.0626c2d8@globalpc.net> X-Priority: 3 Importance: Normal Cc: X-Mailer: SquirrelMail (version 1.2.9) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org this is what i did on FreeBSD 4.6 and 7 # to dump the entire hard drive onto another one setup the partitions and slices on your new hard drive. i did it this way, but command line works too. * do /stand/sysinstall * post configuration - fdisk - setup the partition * post configuration - label - setup the root and swap slices # then do this for each slice you want to back up [root@quack ~]#mount /dev/ /mountPoint [root@quack ~]#cd /mountPoint [root@quack /mountPoint]#dump 0f - /oldSlice | restore -rf - uh, you might want to do this in single user mode then swap the new hard drive in place of the old one or change your fstab and boot up on it. mario;> --------------------- Do You Schmut!? http://www.schmut.com > > Is there anything out there that resembles Symantec Ghost but works with > FreeBSD partitions? > > Basically I want to be able to transfer a FreeBSD installation from an > old hard drive to a new one without having to reinstall, reconfigure, > etc. > > Thanks > > -Adrian > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 26 23:40:39 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9207937B401 for ; Wed, 26 Feb 2003 23:40:38 -0800 (PST) Received: from saturn.mics.co.za (saturn.mics.co.za [196.34.165.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5595B43F85 for ; Wed, 26 Feb 2003 23:40:36 -0800 (PST) (envelope-from mark@mics.co.za) Received: from root by saturn.mics.co.za with scanned_ok (Exim 3.36 #1) id 18oIfC-0006xS-00 for freebsd-isp@freebsd.org; Thu, 27 Feb 2003 09:41:06 +0200 Received: from opium.co.za ([196.34.165.210]) by saturn.mics.co.za with esmtp (Exim 3.36 #1) id 18oIfC-0006xL-00 for freebsd-isp@FreeBSD.ORG; Thu, 27 Feb 2003 09:41:06 +0200 Date: Thu, 27 Feb 2003 09:40:29 +0200 (SAST) From: Mark Bojara X-X-Sender: mark@opium.co.za To: freebsd-isp@FreeBSD.ORG Subject: mod_jk with tomcat4 Message-ID: <20030227093925.I326-100000@opium.co.za> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: MICS Online Virus Scanner (virusalert@mics.co.za) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello All, I would like to run tomcat4 with mod_jk however mod_jk port does only support tomcat3.. is this possible? Regards Mark Bojara MICS Online - 012-661-9999 ---------------------------------------------------------------- COMMAND: A suggestion made to a computer. ---------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 27 0: 9:43 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9D99A37B401 for ; Thu, 27 Feb 2003 00:09:41 -0800 (PST) Received: from seven.Alameda.net (seven.Alameda.net [64.81.63.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1D82F43F75 for ; Thu, 27 Feb 2003 00:09:41 -0800 (PST) (envelope-from ulf@Alameda.net) Received: by seven.Alameda.net (Postfix, from userid 1000) id C24423A201; Thu, 27 Feb 2003 00:09:40 -0800 (PST) Date: Thu, 27 Feb 2003 00:09:40 -0800 From: Ulf Zimmermann To: Mark Bojara Cc: freebsd-isp@FreeBSD.ORG Subject: Re: mod_jk with tomcat4 Message-ID: <20030227000940.C42651@seven.alameda.net> Reply-To: ulf@Alameda.net References: <20030227093925.I326-100000@opium.co.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20030227093925.I326-100000@opium.co.za>; from mark@mics.co.za on Thu, Feb 27, 2003 at 09:40:29AM +0200 Organization: Alameda Networks, Inc. X-Operating-System: FreeBSD 4.7-RELEASE-p2 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Feb 27, 2003 at 09:40:29AM +0200, Mark Bojara wrote: > Hello All, > > I would like to run tomcat4 with mod_jk however mod_jk port does only > support tomcat3.. is this possible? > > Regards > Mark Bojara > MICS Online - 012-661-9999 > > ---------------------------------------------------------------- > COMMAND: A suggestion made to a computer. > ---------------------------------------------------------------- I haven't looked at the port for mod_jk, but there is the jakarta tomcat connector, which has mod_jk and mod_jk2 in it. pretty simple to compile, just a bitch to find on their website. I have used that mod_jk/jk2 with Apache 1.3.x and 2.x as with Tomcat 3.x and 4.x -- Regards, Ulf. --------------------------------------------------------------------- Ulf Zimmermann, 1525 Pacific Ave., Alameda, CA-94501, #: 510-865-0204 You can find my resume at: http://seven.Alameda.net/~ulf/resume.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 27 4:39:31 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 38FB837B401; Thu, 27 Feb 2003 04:39:29 -0800 (PST) Received: from rebecca.tiscali.nl (rebecca.tiscali.nl [195.241.76.181]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7EE7543FD7; Thu, 27 Feb 2003 04:39:28 -0800 (PST) (envelope-from eric@monkey-online.net) Received: from eric.monkey-online.net (195-241-113-9-mx.xdsl.tiscali.nl [195.241.113.9]) by rebecca.tiscali.nl (Postfix) with ESMTP id 342D243EE22; Thu, 27 Feb 2003 13:39:26 +0100 (MET) Message-Id: <5.2.0.9.0.20030227133549.047684c0@mail.monkey-online.net> X-Sender: eric@mail.monkey-online.net (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Thu, 27 Feb 2003 13:40:53 +0100 To: freebsd-stable@freebsd.org;, freebsd-isp@freebsd.org From: Eric Veraart Subject: Buildworld on RLX Serverblade 1000t takes ages Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, I've got two RLX Serverblades T1000 here with the same specs and the same problem. I installed 4.7-Release on the blades, CVSUPed and am now running a buildworld. This is taking ages. Yesterday I did one of the blades, and it took approximitly 5 hours to complete the build. Now I'm running buildworld on the second blade and it's taking about 2 hours now, and it's still not finished. Here's the output of dmesg -a : Copyright (c) 1992-2002 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.7-RELEASE #0: Wed Oct 9 15:08:34 GMT 2002 root@builder.freebsdmall.com:/usr/obj/usr/src/sys/GENERIC Timecounter "i8254" frequency 1193182 Hz CPU: Transmeta(tm) Crusoe(tm) Processor TM5800 (1000.04-MHz 586-class CPU) Origin = "GenuineTMx86" Id = 0x543 real memory = 1199505408 (1171392K bytes) avail memory = 1160642560 (1133440K bytes) Preloaded elf kernel "kernel" at 0xc050f000. md0: Malloc disk Using $PIR table, 6 entries at 0xc00fdf60 npx0: on motherboard npx0: INT 16 interface pcib0: on motherboard pci0: on pcib0 pci0: (vendor=0x1279, dev=0x0396) at 0.1 pci0: (vendor=0x1279, dev=0x0397) at 0.2 isab0: at device 7.0 on pci0 isa0: on isab0 fxp0: port 0x1000-0x103f mem 0xfeb00000-0xfebfffff,0xfe900000-0xfe900fff irq 11 at device 9 .0 on pci0 fxp0: Ethernet address 00:42:52:00:90:63 inphy0: on miibus0 inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto fxp1: port 0x1040-0x107f mem 0xfec00000-0xfecfffff,0xfe901000-0xfe901fff irq 10 at device 1 0.0 on pci0 fxp1: Ethernet address 00:42:52:00:90:64 inphy1: on miibus1 inphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto fxp2: port 0x1080-0x10bf mem 0xfed00000-0xfedfffff,0xfe902000-0xfe902fff irq 7 at device 11 .0 on pci0 fxp2: Ethernet address 00:42:52:00:90:65 inphy2: on miibus2 inphy2: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto atapci0: port 0x10c0-0x10cf,0x374-0x377,0x170-0x17f,0x3f4-0x3f7,0x1f0-0x1ff irq 14 at dev ice 15.0 on pci0 ata0: at 0x1f0 irq 14 on atapci0 ata1: at 0x170 irq 15 on atapci0 chip1: at device 17.0 on pci0 orm0: