From owner-freebsd-isp Mon Mar 10 1:34:33 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9B53A37B401 for ; Mon, 10 Mar 2003 01:34:32 -0800 (PST) Received: from mx0.dmpriest.net.uk (mx0.dmpriest.net.uk [62.13.128.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id EF35543F93 for ; Mon, 10 Mar 2003 01:34:30 -0800 (PST) (envelope-from kpielorz@tdx.co.uk) Received: from cat (kpielorz.dmpriest.net.uk [62.13.130.13]) by mx0.dmpriest.net.uk (8.11.6/8.11.6/Kp) with ESMTP id h2A9Xvl82935 for ; Mon, 10 Mar 2003 09:33:57 GMT Date: Mon, 10 Mar 2003 09:34:42 +0000 From: Karl Pielorz To: freebsd-isp@freebsd.org Subject: G.703 / SDH E3 card under FreeBSD? Message-ID: <593820348.1047288882@cat> X-Mailer: Mulberry/3.0.0 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi All, I've been looking to find a decent (i.e. supported) G.703 SDH/E3 card that can run under FreeBSD. Through searching the net, and the archives - I've seen a small number bandied about, most of the articles I found related to companies that have either moved without trace, or gone for good... Can anyone recomend any 'current' cards that would work? - If there are any? I've seen some like the Etinc card - but this would need additional kit in front of it to go from SDH to HSSI, which I was trying to avoid. I'm starting to get a nasty feeling there isn't anything around that'll do this at the moment :( -Karl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Mar 10 3:26: 7 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C0FD37B401 for ; Mon, 10 Mar 2003 03:26:05 -0800 (PST) Received: from mail.trident-uk.co.uk (mail.trident-uk.co.uk [81.3.89.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D72743F75 for ; Mon, 10 Mar 2003 03:26:04 -0800 (PST) (envelope-from jamie@tridentmicrosystems.co.uk) Received: from localhost (localhost.pe.trident-uk.co.uk [127.0.0.1]) by mail.trident-uk.co.uk (Postfix) with ESMTP id AE0CC1017 for ; Mon, 10 Mar 2003 11:25:13 +0000 (GMT) Received: from jamieheckford (wrkstn-74.pe.trident-uk.co.uk [192.168.100.74]) by mail.trident-uk.co.uk (Postfix) with ESMTP id 02F791024 for ; Mon, 10 Mar 2003 11:25:13 +0000 (GMT) Reply-To: From: "Jamie Heckford" To: Subject: Cisco PIX 501 (3DES) to FreeBSD VPN Gateway Date: Mon, 10 Mar 2003 11:23:18 -0000 Organization: Trident Microsystems Ltd. Message-ID: <014001c2e6f7$73095fe0$4a64a8c0@jamieheckford> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi All, I am wondering if it is possible to setup a Cisco PIX 501 (3DES) to talk to a FreeBSD VPN Gateway. The VPN gateway currently runs MPD-Netgraph and Poptop to provide access to all Win XX series clients. What I am wondering is it possible to setup IPSec / racoon combo on the FreeBSD system so the PIX 501 can connect to it ok. The role of the PIX 501 at the remote end will be to send all non-local traffic out to the internet and VPN destined routes over the VPN connection. Has anyone had any experience with this? Any comments or suggestions? Google did not seem to wield to many useful results. Any help greatly appreciated as usual :) Cheers, -- Jamie Heckford Network Manager Trident Microsystems Ltd. jamie@tridentmicrosystems.co.uk t: +44(0)1737-780790 f: +44(0)1737-771908 w: http://www.tridentmicrosystems.co.uk/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Mar 10 4: 0:28 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A37D37B401 for ; Mon, 10 Mar 2003 04:00:26 -0800 (PST) Received: from mx1.dev.itouchnet.net (devco.net [196.15.188.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4EC8443F85 for ; Mon, 10 Mar 2003 04:00:22 -0800 (PST) (envelope-from bvi@itouchlabs.com) Received: from nobody by mx1.dev.itouchnet.net with scanned_ok (Exim 3.35 #1) id 18sLyA-000Piu-00 for freebsd-isp@freebsd.org; Mon, 10 Mar 2003 14:01:26 +0200 Received: from devco.net ([196.15.188.2] helo=Beastie) by mx1.dev.itouchnet.net with esmtp (Exim 3.35 #1) id 18sLy9-000Pic-00; Mon, 10 Mar 2003 14:01:25 +0200 Message-ID: <018a01c2e6fc$187c1f90$4508a8c0@Beastie> From: "Barry Irwin" To: , References: <014001c2e6f7$73095fe0$4a64a8c0@jamieheckford> Subject: Re: Cisco PIX 501 (3DES) to FreeBSD VPN Gateway Date: Mon, 10 Mar 2003 13:56:33 +0200 Organization: iTouch Labs MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Checked: This message has been scanned for any virusses and unauthorized attachments. X-iScan-ID: 98878-1047297686-03335@unconfigured version $Name: REL_2_0_4 $ Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have had success setting up IPSEC connections to Cisco PIX equipment from my Freebsd systems. Only hiccup I noticed, is that in some cases where the psk was >8 chars things broke. Other than that nothing out of the ordinary for either the setkey or racoon configs. Barry ----- Original Message ----- From: "Jamie Heckford" To: Sent: Monday, March 10, 2003 1:23 PM Subject: Cisco PIX 501 (3DES) to FreeBSD VPN Gateway > Hi All, > > I am wondering if it is possible to setup a Cisco PIX 501 (3DES) to talk > to a FreeBSD VPN Gateway. > > The VPN gateway currently runs MPD-Netgraph and Poptop to provide access > to all Win XX series clients. > > What I am wondering is it possible to setup IPSec / racoon combo on the > FreeBSD system so the PIX 501 can connect to it ok. > > The role of the PIX 501 at the remote end will be to send all non-local > traffic out to the internet and VPN destined routes over the VPN > connection. > > Has anyone had any experience with this? Any comments or suggestions? > Google did not seem to wield to many useful results. > > Any help greatly appreciated as usual :) > > Cheers, > > -- > Jamie Heckford > Network Manager > Trident Microsystems Ltd. > jamie@tridentmicrosystems.co.uk > > t: +44(0)1737-780790 > f: +44(0)1737-771908 > w: http://www.tridentmicrosystems.co.uk/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Mar 10 4:33:29 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7005737B401 for ; Mon, 10 Mar 2003 04:33:28 -0800 (PST) Received: from mail.trident-uk.co.uk (mail.trident-uk.co.uk [81.3.89.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A52543F85 for ; Mon, 10 Mar 2003 04:33:27 -0800 (PST) (envelope-from jamie@tridentmicrosystems.co.uk) Received: from localhost (localhost.pe.trident-uk.co.uk [127.0.0.1]) by mail.trident-uk.co.uk (Postfix) with ESMTP id 00E4F1031; Mon, 10 Mar 2003 12:32:29 +0000 (GMT) Received: from jamieheckford (wrkstn-74.pe.trident-uk.co.uk [192.168.100.74]) by mail.trident-uk.co.uk (Postfix) with ESMTP id 495B4101B; Mon, 10 Mar 2003 12:32:28 +0000 (GMT) Reply-To: From: "Jamie Heckford" To: "'Barry Irwin'" Cc: Subject: RE: Cisco PIX 501 (3DES) to FreeBSD VPN Gateway Date: Mon, 10 Mar 2003 12:30:33 -0000 Organization: Trident Microsystems Ltd. Message-ID: <014e01c2e700$d83bf720$4a64a8c0@jamieheckford> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 In-Reply-To: <018a01c2e6fc$187c1f90$4508a8c0@Beastie> X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I have had success setting up IPSEC connections to Cisco PIX > equipment from my Freebsd systems. Only hiccup I noticed, is > that in some cases where the psk was >8 chars things broke. > Other than that nothing out of the ordinary for either the > setkey or racoon configs. > Hi Barry, Thanks for the quick response. Did you configure in a similar method to http://www.freebsd.org/doc/en_US.ISO8859-1/articles/checkpoint/index.htm l ??? Cheers, Jamie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Mar 10 4:47:45 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B86B37B401 for ; Mon, 10 Mar 2003 04:47:43 -0800 (PST) Received: from mx1.dev.itouchnet.net (devco.net [196.15.188.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 93D1243FAF for ; Mon, 10 Mar 2003 04:47:41 -0800 (PST) (envelope-from bvi@itouchlabs.com) Received: from nobody by mx1.dev.itouchnet.net with scanned_ok (Exim 3.35 #1) id 18sMhz-0001Oa-00 for freebsd-isp@freebsd.org; Mon, 10 Mar 2003 14:48:47 +0200 Received: from devco.net ([196.15.188.2] helo=Beastie) by mx1.dev.itouchnet.net with esmtp (Exim 3.35 #1) id 18sMhy-0001OI-00; Mon, 10 Mar 2003 14:48:46 +0200 Message-ID: <020e01c2e702$b61fbf80$4508a8c0@Beastie> From: "Barry Irwin" To: Cc: References: <014e01c2e700$d83bf720$4a64a8c0@jamieheckford> Subject: Re: Cisco PIX 501 (3DES) to FreeBSD VPN Gateway Date: Mon, 10 Mar 2003 14:43:20 +0200 Organization: iTouch Labs MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Checked: This message has been scanned for any virusses and unauthorized attachments. X-iScan-ID: 5362-1047300527-88118@unconfigured version $Name: REL_2_0_4 $ Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'd say fiarly similar. the couple of problems I had were resolved by the otherside updating their pix firmware. Really is just a case of deciding on what settings are going to be used by both sides, configuring , and then hoping for the best. Barry ----- Original Message ----- From: "Jamie Heckford" To: "'Barry Irwin'" Cc: Sent: Monday, March 10, 2003 2:30 PM Subject: RE: Cisco PIX 501 (3DES) to FreeBSD VPN Gateway > > I have had success setting up IPSEC connections to Cisco PIX > > equipment from my Freebsd systems. Only hiccup I noticed, is > > that in some cases where the psk was >8 chars things broke. > > Other than that nothing out of the ordinary for either the > > setkey or racoon configs. > > > > Hi Barry, > > Thanks for the quick response. Did you configure in a similar method to > http://www.freebsd.org/doc/en_US.ISO8859-1/articles/checkpoint/index.htm > l ??? > > Cheers, > > Jamie > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Mar 10 4:51: 0 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 02D8D37B404 for ; Mon, 10 Mar 2003 04:50:59 -0800 (PST) Received: from psknet.com (voyager.psknet.com [63.171.251.15]) by mx1.FreeBSD.org (Postfix) with SMTP id E7C8143FCB for ; Mon, 10 Mar 2003 04:50:57 -0800 (PST) (envelope-from troy@psknet.com) Received: (qmail 22549 invoked by uid 85); 10 Mar 2003 12:47:38 -0000 Received: from troy@psknet.com by voyager.psknet.com with qmail-scanner-1.02 (uvscan: v4.1.40/v4100. . Clean. Processed in 0.778773 secs); 10 Mar 2003 12:47:38 -0000 Received: from pool-141-152-68-63.roa.east.verizon.net (HELO abyss) (141.152.68.63) by voyager.psknet.com with SMTP; 10 Mar 2003 12:47:37 -0000 From: "Troy Settle" To: Subject: Mail Storage Reccomendations (3Ware vs Adaptec vs ....) Date: Mon, 10 Mar 2003 07:51:37 -0500 Message-ID: <002201c2e703$cabdcdf0$aa8ffea9@abyss> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org All, My current mail storage server is a C600 w/512MB and ~54GB of RAID5 (amr0, Series 466). The machine (and drives) are coming up on 3 years of age, and I'm ready to replace it. Performance has been acceptable, but not stellar. The question of the day, is do I build a 3ware RAID5 solution (with like 7*40GB drives of RAID5 and a hot spare), or do I stick with SCSI with something like a Supermicro server (http://www.supermicro.com/PRODUCT/SUPERServer/SuperServer6021H.htm) with an Adaptec U160 0-channel RAID controller and 5*36GB and a hot spare. Besides NFS, this machine will also be running a MySQL server with 1 or 2 very small databases (for storing the vpopmail database). Comments? How well does the Adaptec stuff work? I've used their 2940 controllers, but never their RAID stuff. If I should stay away from Adaptec, what other solutions are reccomended for U160 or U320 RAID5? How well does the 3Ware controller work in terms of hot-swap-ability and automatic rebuilds of a failed drive? Will swapping and/or a rebuild require a reboot of the machine? Also, with a 3Ware controller, am I still tying up the CPU on disk IO? Or does this behave more like a SCSI solution at this point? TIA, -- Troy Settle Pulaski Networks http://www.psknet.com 540.994.4254 ~ 866.477.5638 Pulaski Chamber 2002 Small Business Of The Year To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Mar 10 5: 5:54 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 58F7837B401 for ; Mon, 10 Mar 2003 05:05:52 -0800 (PST) Received: from mail.trident-uk.co.uk (mail.trident-uk.co.uk [81.3.89.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id A621C43F75 for ; Mon, 10 Mar 2003 05:05:51 -0800 (PST) (envelope-from jamie@tridentmicrosystems.co.uk) Received: from localhost (localhost.pe.trident-uk.co.uk [127.0.0.1]) by mail.trident-uk.co.uk (Postfix) with ESMTP id 2A0DD1031; Mon, 10 Mar 2003 13:05:01 +0000 (GMT) Received: from jamieheckford (wrkstn-74.pe.trident-uk.co.uk [192.168.100.74]) by mail.trident-uk.co.uk (Postfix) with ESMTP id 878A4100F; Mon, 10 Mar 2003 13:05:00 +0000 (GMT) Reply-To: From: "Jamie Heckford" To: "'Troy Settle'" , Subject: RE: Mail Storage Reccomendations (3Ware vs Adaptec vs ....) Date: Mon, 10 Mar 2003 13:03:05 -0000 Organization: Trident Microsystems Ltd. Message-ID: <014f01c2e705$63d436e0$4a64a8c0@jamieheckford> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 In-Reply-To: <002201c2e703$cabdcdf0$aa8ffea9@abyss> X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > The question of the day, is do I build a 3ware RAID5 solution > (with like 7*40GB drives of RAID5 and a hot spare), or do I > stick with SCSI with something like a Supermicro server > (http://www.supermicro.com/PRODUCT/SUPERServer/SuperServer6021H.htm) > with an Adaptec U160 0-channel RAID controller and 5*36GB and > a hot spare. > > Besides NFS, this machine will also be running a MySQL server > with 1 or 2 very small databases (for storing the vpopmail database). > > Comments? > > How well does the Adaptec stuff work? I've used their 2940 > controllers, but never their RAID stuff. If I should stay > away from Adaptec, what other solutions are reccomended for > U160 or U320 RAID5? > One solution I used (once upin a time) was to build 2x huge SCSI RAID5 servers. They had Mylex cards (can't remember the model - but they had a nice amount of cache). These acted as NFS servers for pretty much everything (Bar MySQL tables). Mail was nice and speedy, however it were only doing around the 30Gig a day (SMTP) traffic mark, don't know what your usage is. The reason I built two of them was to rsync between the two around 1am (GigE on the NFS servers). Then if one of my machines and data was lost, I at least had some form of on-site backup. If one of the machines were lost, simply shutdown and swap the drives. Of course this depends on your budget, but you should be able to make do with one of these sort of machines, you have the RAID5 there for your data which is the important things. In regards to adaptec RAID cards, I only tried one of the AAA cards, which had flaky support at the time, so don't know much about them im afraid. Cheers, Jamie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Mar 10 7:21:57 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1832337B401 for ; Mon, 10 Mar 2003 07:21:56 -0800 (PST) Received: from pop015.verizon.net (pop015pub.verizon.net [206.46.170.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id 37BDD43FA3 for ; Mon, 10 Mar 2003 07:21:55 -0800 (PST) (envelope-from cswiger@mac.com) Received: from mac.com ([129.44.42.236]) by pop015.verizon.net (InterMail vM.5.01.05.27 201-253-122-126-127-20021220) with ESMTP id <20030310152154.WSPN14460.pop015.verizon.net@mac.com> for ; Mon, 10 Mar 2003 09:21:54 -0600 Message-ID: <3E6CAD90.8080701@mac.com> Date: Mon, 10 Mar 2003 10:21:52 -0500 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3b) Gecko/20030210 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-isp@FreeBSD.ORG Subject: Re: Mail Storage Reccomendations (3Ware vs Adaptec vs ....) References: <002201c2e703$cabdcdf0$aa8ffea9@abyss> In-Reply-To: <002201c2e703$cabdcdf0$aa8ffea9@abyss> X-Enigmail-Version: 0.73.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at pop015.verizon.net from [129.44.42.236] at Mon, 10 Mar 2003 09:21:54 -0600 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Troy Settle wrote: > My current mail storage server is a C600 w/512MB and ~54GB of RAID5 > (amr0, Series 466). The machine (and drives) are coming up on 3 years > of age, and I'm ready to replace it. Performance has been acceptable, > but not stellar. That may well be due to using RAID-5, which has poor write performance. Try a RAID-10 config instead, although without more info, it's hard to say what the bottleneck really is... -Chuck To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Mar 10 8:29:24 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D4A8337B404 for ; Mon, 10 Mar 2003 08:29:22 -0800 (PST) Received: from web1.nexusinternetsolutions.net (web1.nexusinternetsolutions.net [206.47.131.12]) by mx1.FreeBSD.org (Postfix) with SMTP id E6ADD43F3F for ; Mon, 10 Mar 2003 08:29:21 -0800 (PST) (envelope-from dave@hawk-systems.com) Received: (qmail 25602 invoked from network); 10 Mar 2003 16:29:20 -0000 Received: from unknown (HELO ws1) (24.157.103.51) by web1.nexusinternetsolutions.net with SMTP; 10 Mar 2003 16:29:20 -0000 From: "Dave [Hawk-Systems]" To: Subject: preconfiguring servers / changing IP addresses Date: Mon, 10 Mar 2003 11:29:19 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org We are configuring a bunch (8) of servers for installation in the datacenter. The setup at the office uses an entirely seperate IP block than the datacenter. Is there an easy way to configure the servers with the IP address informatin for the office, than change all the IP addresses once it is installed in the datacenter (without hunting down all the specific IP addresses littered thruout the system in djbdns, qmail, etc...). We are also going to be moving servers from one datacenter to another next month and will be running into a similar problem, having to ensure that all IP addresses that are on the servers are changed/updated. Any high-speed method of accomplishing this or is it dig and replace for each server? Thanks Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Mar 10 8:53:23 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 85F3037B401 for ; Mon, 10 Mar 2003 08:53:22 -0800 (PST) Received: from pop015.verizon.net (pop015pub.verizon.net [206.46.170.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9C9A443FBD for ; Mon, 10 Mar 2003 08:53:21 -0800 (PST) (envelope-from cswiger@mac.com) Received: from mac.com ([129.44.42.236]) by pop015.verizon.net (InterMail vM.5.01.05.27 201-253-122-126-127-20021220) with ESMTP id <20030310165320.XOGY14460.pop015.verizon.net@mac.com> for ; Mon, 10 Mar 2003 10:53:20 -0600 Message-ID: <3E6CC2FE.3070606@mac.com> Date: Mon, 10 Mar 2003 11:53:18 -0500 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3b) Gecko/20030210 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-isp@FreeBSD.ORG Subject: Re: preconfiguring servers / changing IP addresses References: In-Reply-To: X-Enigmail-Version: 0.73.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at pop015.verizon.net from [129.44.42.236] at Mon, 10 Mar 2003 10:53:20 -0600 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dave [Hawk-Systems] wrote: > We are configuring a bunch (8) of servers for installation in the datacenter. > The setup at the office uses an entirely seperate IP block than the datacenter. > Is there an easy way to configure the servers with the IP address informatin for > the office, than change all the IP addresses once it is installed in the > datacenter (without hunting down all the specific IP addresses littered thruout > the system in djbdns, qmail, etc...). /etc/rc.conf and /etc/hosts contain most of the data which would change, although if you've installed other software that depends on the hosts IP address, you'll have to deal with that in addition, yourself. > We are also going to be moving servers from one datacenter to another next month > and will be running into a similar problem, having to ensure that all IP > addresses that are on the servers are changed/updated. > > Any high-speed method of accomplishing this or is it dig and replace for each > server? You can use scp to push a common /etc/hosts file, and can make minor changes to the /etc/rc.conf file per machine without much effort. It would be reasonable to renetwork these 8 machines by hand in less than 10 minutes; is that "high-speed"? -Chuck To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Mar 10 9:39:36 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03AA337B401 for ; Mon, 10 Mar 2003 09:39:36 -0800 (PST) Received: from usenet.isot.com (usenet.isot.com [63.161.224.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 06AFC43FB1 for ; Mon, 10 Mar 2003 09:39:35 -0800 (PST) (envelope-from freebsd@isot.com) Received: (from www@localhost) by usenet.isot.com (8.11.6/8.11.6) id h2AHiSH13133 for freebsd-isp@FreeBSD.ORG; Mon, 10 Mar 2003 11:44:28 -0600 (CST) (envelope-from freebsd@isot.com) X-Authentication-Warning: usenet.isot.com: www set sender to freebsd@isot.com using -f Received: from 63.161.239.70 ( [63.161.239.70]) as user freebsd@isot.com by webmail.isot.com with HTTP; Mon, 10 Mar 2003 11:44:28 -0600 Message-ID: <1047318268.3e6ccefc26243@webmail.isot.com> Date: Mon, 10 Mar 2003 11:44:28 -0600 From: itchibahn Reply-To: song@isot.com To: freebsd-isp@FreeBSD.ORG Subject: Upgrading from 3.3 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.1-cvs X-Originating-IP: 63.161.239.70 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I currently have FBSD 3.3-TABLE and wanting to upgrade. I've searched for docs but could't find real helpful info. Is there anything I should be aware of (besides a good backup) before upgrading from 3.3 to 4.7? Can I just use sysinstall to upgrade? ------------------------------------------------- This mail sent through ISOT. To find out more about ISOT, visit http://isot.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Mar 10 21:55: 2 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A7BE37B401 for ; Mon, 10 Mar 2003 21:55:00 -0800 (PST) Received: from ruminary.org (chiku.ruminary.org [216.218.185.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9B9B243F75 for ; Mon, 10 Mar 2003 21:54:58 -0800 (PST) (envelope-from clark@ruminary.org) Received: by ruminary.org (Postfix, from userid 1000) id 62CFD22E19; Mon, 10 Mar 2003 21:54:58 -0800 (PST) Date: Mon, 10 Mar 2003 21:54:58 -0800 From: clark shishido To: Troy Settle Cc: freebsd-isp@freebsd.org Subject: Re: Mail Storage Reccomendations (3Ware vs Adaptec vs ....) Message-ID: <20030311055458.GA79510@ruminary.org> References: <002201c2e703$cabdcdf0$aa8ffea9@abyss> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <002201c2e703$cabdcdf0$aa8ffea9@abyss> User-Agent: Mutt/1.4i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Mar 10, 2003 at 07:51:37AM -0500, Troy Settle wrote: > > The question of the day, is do I build a 3ware RAID5 solution (with like > 7*40GB drives of RAID5 and a hot spare), or do I stick with SCSI with > something like a Supermicro server > (http://www.supermicro.com/PRODUCT/SUPERServer/SuperServer6021H.htm) > with an Adaptec U160 0-channel RAID controller and 5*36GB and a hot > spare. > > > Comments? > I would stick with IDE RAIDs with a SCSI host interface. Call me conservative, but I prefer not having to rely on *any* driver for my storage systems. I looked at 3ware and their switching technology looks enticing but I ended up comparing an Infortrend, IFT-6300, a Promise, UltraTrak 8000, and a DynamicNetworkFactory, Datamax 14000. I currently have 2 Datamax units installed and I'm happy with their performance so far. --clark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Mar 10 23:40:32 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 611A637B404 for ; Mon, 10 Mar 2003 23:40:31 -0800 (PST) Received: from exhsto1.se.dataphone.com (exhsto1.se.dataphone.com [212.37.6.239]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9046143FAF for ; Mon, 10 Mar 2003 23:40:29 -0800 (PST) (envelope-from patrik.forsberg@dataphone.net) X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: Upgrading from 3.3 Date: Tue, 11 Mar 2003 08:40:27 +0100 Message-ID: <8F69143C0B1A9F4D95AFC58CF69877E5013D0FA2@exhsto1.se.dataphone.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Upgrading from 3.3 Thread-Index: AcLnLAqr0RtNpAXwS+29xzeduNWemAAdLSmA From: "Patrik Forsberg" To: , Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Hi, I currently have FBSD 3.3-TABLE and wanting to upgrade. =20 > I've searched for=20 > docs but could't find real helpful info. >=20 > Is there anything I should be aware of (besides a good backup) before=20 > upgrading from 3.3 to 4.7? Can I just use sysinstall to upgrade? >=20 Hi, Check the "UPDATING" file after you've done a complete cvsup of the sources, it will tell you the procedure for upgrading from 3.x to 4.x. It works ;) Regards, Patrik To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Mar 11 1: 4:49 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A47337B401 for ; Tue, 11 Mar 2003 01:04:48 -0800 (PST) Received: from hemligt.net (loki.ulovligt.net [129.142.164.58]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8932F43FCB for ; Tue, 11 Mar 2003 01:04:46 -0800 (PST) (envelope-from skl@securehosting.dk) Received: from bigchief ([195.249.47.43]) by hemligt.net ([129.142.164.58]) with SMTP (MDaemon.PRO.v6.5.2.R) for ; Tue, 11 Mar 2003 10:04:44 +0100 Message-ID: <009801c2e7ad$5d3afaa0$2b32a8c0@hemligt.net> From: =?iso-8859-1?Q?S=F8ren_Klintrup?= To: References: <87CAE486F1968A4B823A6CEEB23B8D8D738194@hermes2.intranet.eurotrust.dk> Subject: Re: Upgrading from 3.3 Date: Tue, 11 Mar 2003 10:05:23 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Authenticated-Sender: securehosting@hemligt.net X-Lookup-Warning: SMTP connection lookup on 195.249.47.43 does not match 195.249.47.43 X-MDRemoteIP: 195.249.47.43 X-Return-Path: skl@securehosting.dk X-MDaemon-Deliver-To: freebsd-isp@freebsd.org Reply-To: skl@securehosting.dk Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org itchibahn wrote: > Hi, I currently have FBSD 3.3-TABLE and wanting to upgrade. I've > searched for docs but could't find real helpful info. > > Is there anything I should be aware of (besides a good backup) before > upgrading from 3.3 to 4.7? Can I just use sysinstall to upgrade? a sysinstall upgrade SHOULD work (have not tried), however if you want to do it the buildworld/installworld way you cannot just do a complete update. One way to do the upgrade is do a sysinstall binary upgrade to get all your binary files/libs up to date, and then do a buildworld/kernel/installworld - finishing up with a mergemaster Always remember to read UPDATING in /usr/src after doing a cvsup - this should work just fine. If the machine is important and you don't want to "risk" it - you can upgrade each minor version one at a time (ie 4.2->4.3 etc etc) doing buildworlds and reading UPDATING each time tracking every change - this is the "safe" way to do it, especially if you aren't too sure how to do the update :-) Greetings, Søren Klintrup To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Mar 11 1:26:21 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3192237B401 for ; Tue, 11 Mar 2003 01:26:20 -0800 (PST) Received: from flash.mipk-kspu.kharkov.ua (flash.mipk-kspu.kharkov.ua [194.44.157.113]) by mx1.FreeBSD.org (Postfix) with ESMTP id DCEDF43FB1 for ; Tue, 11 Mar 2003 01:26:15 -0800 (PST) (envelope-from artem@mipk-kspu.kharkov.ua) Received: from mipk-kspu.kharkov.ua (rainbow.mipk-kspu.kharkov.ua [192.168.9.241]) by flash.mipk-kspu.kharkov.ua (8.12.6/8.12.6) with ESMTP id h2B9OH61086393 for ; Tue, 11 Mar 2003 11:24:17 +0200 (EET) (envelope-from artem@mipk-kspu.kharkov.ua) Message-ID: <3E6DAB3F.9000605@mipk-kspu.kharkov.ua> Date: Tue, 11 Mar 2003 11:24:15 +0200 From: "Artyom V. Viklenko" Organization: IIAT NTU "KhPI" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826 X-Accept-Language: ru, uk, en MIME-Version: 1.0 Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Upgrading from 3.3 References: <87CAE486F1968A4B823A6CEEB23B8D8D738194@hermes2.intranet.eurotrust.dk> <009801c2e7ad$5d3afaa0$2b32a8c0@hemligt.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Søren Klintrup wrote: > itchibahn wrote: > >>Hi, I currently have FBSD 3.3-TABLE and wanting to upgrade. I've >>searched for docs but could't find real helpful info. >> >>Is there anything I should be aware of (besides a good backup) before >>upgrading from 3.3 to 4.7? Can I just use sysinstall to upgrade? > > > a sysinstall upgrade SHOULD work (have not tried), however if you want to do > it the buildworld/installworld way you cannot just do a complete update. > > One way to do the upgrade is do a sysinstall binary upgrade to get all your > binary files/libs up to date, and then do a buildworld/kernel/installworld - > finishing up with a mergemaster > > Always remember to read UPDATING in /usr/src after doing a cvsup - this > should work just fine. > > If the machine is important and you don't want to "risk" it - you can > upgrade each minor version one at a time (ie 4.2->4.3 etc etc) doing > buildworlds and reading UPDATING each time tracking every change - this is > the "safe" way to do it, especially if you aren't too sure how to do the > update :-) This is wery long procedure... And what about additional packages? They all should be reinstalled/updated. IMHO, much better would be to install new system and merge configuration into it from old one. This was my scenario many-many months ago ( move from 3.3-RELEASE to 4.1.1-RELEASE ). -- Sincerely yours, Artyom V. Viklenko. ====================================================== System Administrator artem@mipk-kspu.kharkov.ua ------------------------------------------------------ IIAT NTU "KhPI" 21, Frunze Str., Kharkov Ukraine 61002 Phone: +380 (572) 400026 Fax: +380 (572) 474062 ====================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Mar 11 1:47: 6 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A5B2837B401 for ; Tue, 11 Mar 2003 01:47:05 -0800 (PST) Received: from relay.kiev.sovam.com (relay.kiev.sovam.com [212.109.32.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F90A43F93 for ; Tue, 11 Mar 2003 01:47:04 -0800 (PST) (envelope-from dimitry@al.org.ua) Received: from [212.109.32.116] (helo=dimitry.kiev.sovam.com) by relay.kiev.sovam.com with esmtp (Exim 3.36 #5) id 18sgLd-000I7t-00; Tue, 11 Mar 2003 11:47:01 +0200 From: Dmitry Alyabyev Reply-To: dimitry@al.org.ua To: "Troy Settle" , Subject: Re: Mail Storage Reccomendations (3Ware vs Adaptec vs ....) Date: Tue, 11 Mar 2003 11:47:01 +0200 User-Agent: KMail/1.5 References: <002201c2e703$cabdcdf0$aa8ffea9@abyss> In-Reply-To: <002201c2e703$cabdcdf0$aa8ffea9@abyss> X-NCC-RegID: ua.svitonline MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200303111147.01478.dimitry@al.org.ua> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Monday 10 March 2003 14:51, Troy Settle wrote: > How well does the Adaptec stuff work? I've used their 2940 controllers, > but never their RAID stuff. If I should stay away from Adaptec, what > other solutions are reccomended for U160 or U320 RAID5? I can't say about 3Ware but according to experience with Adaptec 21xx RAID cards I would say they are _extremely_ slow in case of RAID5. RAID 0,1,10 works well and stable -- Dimitry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Mar 11 6:18:21 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C03337B404 for ; Tue, 11 Mar 2003 06:18:19 -0800 (PST) Received: from hermes.pressenter.com (hermes.pressenter.com [209.224.20.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1405E43F3F for ; Tue, 11 Mar 2003 06:18:17 -0800 (PST) (envelope-from nospam@hiltonbsd.com) Received: from [209.224.20.79] (helo=daggar.sbgnet.net) by hermes.pressenter.com with smtp (Exim 3.16 #1) id 18skZy-0004Ic-00; Tue, 11 Mar 2003 08:18:07 -0600 Date: Tue, 11 Mar 2003 08:18:19 -0600 From: Stephen Hilton To: Cc: , Subject: Re: Upgrading from 3.3 Message-Id: <20030311081819.0e7e28c2.nospam@hiltonbsd.com> In-Reply-To: <3E6DAB3F.9000605@mipk-kspu.kharkov.ua> References: <87CAE486F1968A4B823A6CEEB23B8D8D738194@hermes2.intranet.eurotrust.dk> <009801c2e7ad$5d3afaa0$2b32a8c0@hemligt.net> <3E6DAB3F.9000605@mipk-kspu.kharkov.ua> X-Mailer: Sylpheed version 0.8.10 (GTK+ 1.2.10; i386-portbld-freebsd4.8) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 11 Mar 2003 11:24:15 +0200 "Artyom V. Viklenko" wrote: [snip] > This is wery long procedure... And what about additional packages? > They all should be reinstalled/updated. IMHO, much better would be > to install new system and merge configuration into it from old one. > This was my scenario many-many months ago ( move from 3.3-RELEASE to > 4.1.1-RELEASE ). I agreee with Artyom on this one :-) To properly go from 3.3 to 4.X the best process would be a fresh install. If another hard drive is available I would pull the 3.3 HD, install 4.X on the new hard drive, then add the 3.3 drive back as a second drive and mount the partitions as several read-only volumes. At this point you can then merge your changes onto the newer system, but are also able to go back at any point to the 3.3 drive by swapping cables. If down time is an issue, than get/borrow a second machine and get the new HD setup and software installed and tuned, then swap the drives between the "setup" machine and the "production" machine. The src update process can be done in several steps, but there is going to be a lot of "cruft" from the 3.3 system left over when you are done. Regards, Stephen Hilton nospam@hiltonbsd.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Mar 11 6:39:57 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 17CDF37B401 for ; Tue, 11 Mar 2003 06:39:56 -0800 (PST) Received: from bilver.wjv.com (user38.net339.fl.sprint-hsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id DBC3D43F3F for ; Tue, 11 Mar 2003 06:39:54 -0800 (PST) (envelope-from bv@wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by bilver.wjv.com (8.12.6/8.12.6) with ESMTP id h2BEdg1K073878 for ; Tue, 11 Mar 2003 09:39:43 -0500 (EST) (envelope-from bv@wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.12.6/8.12.6/Submit) id h2BEdaVo073876 for freebsd-isp@freebsd.org; Tue, 11 Mar 2003 09:39:37 -0500 (EST) Date: Tue, 11 Mar 2003 09:39:36 -0500 From: Bill Vermillion To: freebsd-isp@freebsd.org Subject: Re: Upgrading from 3.3 Message-ID: <20030311143936.GD72647@wjv.com> Reply-To: bv@wjv.com References: <8F69143C0B1A9F4D95AFC58CF69877E5013D0FA2@exhsto1.se.dataphone.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8F69143C0B1A9F4D95AFC58CF69877E5013D0FA2@exhsto1.se.dataphone.com> Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.1i X-Spam-Status: No, hits=-3.2 required=5.0 tests=IN_REP_TO,NOSPAM_INC,QUOTED_EMAIL_TEXT,REFERENCES, SPAM_PHRASE_00_01,USER_AGENT,USER_AGENT_MUTT version=2.43 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Mar 11, 2003 at 08:40 , while denying his reply is spam, Patrik Forsberg prattled on endlessly saying: > > Hi, I currently have FBSD 3.3-TABLE and wanting to upgrade. > > I've searched for > > docs but could't find real helpful info. > > > > Is there anything I should be aware of (besides a good backup) before > > upgrading from 3.3 to 4.7? Can I just use sysinstall to upgrade? > > > Hi, Check the "UPDATING" file after you've done a complete cvsup of the > sources, it will tell you the procedure for upgrading from 3.x to 4.x. > It works ;) And he needs to note that carefully including the extra steps. In particular the building with -NOPERL and the mknod parts. The upgrade from 3.x to a 4.x works IF you follow the steps exactly. Once you get past 4.0 things are quite easy. I did the 3>4 and it took the longest of all because of the extra steps. Follow UPDATING EXACTLY. Bill -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Mar 11 7:56:19 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5253037B401 for ; Tue, 11 Mar 2003 07:56:18 -0800 (PST) Received: from usenet.isot.com (usenet.isot.com [63.161.224.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6EB4B43F75 for ; Tue, 11 Mar 2003 07:56:17 -0800 (PST) (envelope-from freebsd@isot.com) Received: (from www@localhost) by usenet.isot.com (8.11.6/8.11.6) id h2BG1Bx15138; Tue, 11 Mar 2003 10:01:11 -0600 (CST) (envelope-from freebsd@isot.com) X-Authentication-Warning: usenet.isot.com: www set sender to freebsd@isot.com using -f Received: from 63.161.239.70 ( [63.161.239.70]) as user freebsd@isot.com by webmail.isot.com with HTTP; Tue, 11 Mar 2003 10:01:11 -0600 Message-ID: <1047398471.3e6e084729d15@webmail.isot.com> Date: Tue, 11 Mar 2003 10:01:11 -0600 From: itchibahn Reply-To: song@isot.com To: Stephen Hilton Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Upgrading from 3.3 References: <87CAE486F1968A4B823A6CEEB23B8D8D738194@hermes2.intranet.eurotrust.dk> <009801c2e7ad$5d3afaa0$2b32a8c0@hemligt.net> <3E6DAB3F.9000605@mipk-kspu.kharkov.ua> <20030311081819.0e7e28c2.nospam@hiltonbsd.com> In-Reply-To: <20030311081819.0e7e28c2.nospam@hiltonbsd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.1-cvs X-Originating-IP: 63.161.239.70 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I appreciate all the valuable advices from everyone. This machine with 3.3 is my radius server running Ascend radius, and down time is a very big issue. I've just finished building a server with 4.7 and hoped to merge the configuration using NFS. And then change the IP's to let new server take over. My concern with this is that, I can't find much information on this Ascend radius which was setup by someone else several years ago. And not sure if just copying /usr/local/etc/raddb directory, /usr/local/sbin/builddbm and radiusd.dbm, and passwd file would work. Regardless, I'm gonna try it this weekend to see the result. And if that doesn't work, I'll duplicate the hard drive into this new server and then try to upgrade it as some suggested. ------------------------------------------------- This mail sent through ISOT. To find out more about ISOT, visit http://isot.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Mar 11 10: 2:18 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB06337B401 for ; Tue, 11 Mar 2003 10:02:16 -0800 (PST) Received: from mg2.xecu.net (mg2.xecu.net [216.127.136.223]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3EBA343F3F for ; Tue, 11 Mar 2003 10:02:16 -0800 (PST) (envelope-from andy@xecu.net) Received: by mg2.xecu.net (Postfix, from userid 1003) id 6233D392729; Tue, 11 Mar 2003 13:02:13 -0500 (EST) Received: from thunder.xecu.net (thunder.xecu.net [216.127.136.208]) by mg2.xecu.net (Postfix) with ESMTP id 2011E392924; Tue, 11 Mar 2003 13:02:13 -0500 (EST) Date: Tue, 11 Mar 2003 13:02:12 -0500 (EST) From: Andy Dills To: song@isot.com Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Upgrading from 3.3 In-Reply-To: <1047398471.3e6e084729d15@webmail.isot.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 11 Mar 2003, itchibahn wrote: > My concern with this is that, I can't find much information on this Ascend > radius which was setup by someone else several years ago. And not sure if > just copying /usr/local/etc/raddb directory, /usr/local/sbin/builddbm and > radiusd.dbm, and passwd file would work. It would be EXTREMELY worth your while to get familiar with it. There are many more powerful strains of radius than the Ascend radius, but it's perfectly acceptable. However, if you provide dialup internet service, radius is the single most important service you run. So, given the simplicity of Ascend radius (contrasted to Radiator, which can do nearly anything possible), it would be worth two hours to learn the ins and outs to prevent serious problems down the road. Just a suggestion... Andy xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Andy Dills 301-682-9972 Xecunet, LLC www.xecu.net xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Dialup * Webhosting * E-Commerce * High-Speed Access To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Mar 11 10:12: 7 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E73337B401 for ; Tue, 11 Mar 2003 10:12:06 -0800 (PST) Received: from jive.SoftHome.net (jive.SoftHome.net [66.54.152.27]) by mx1.FreeBSD.org (Postfix) with SMTP id 7ED8D43F85 for ; Tue, 11 Mar 2003 10:12:05 -0800 (PST) (envelope-from alhakeem@softhome.net) Received: (qmail 20322 invoked by uid 417); 11 Mar 2003 18:12:05 -0000 Received: from shunt-smtp-out-0 (HELO softhome.net) (172.16.3.12) by shunt-smtp-out-0 with SMTP; 11 Mar 2003 18:12:05 -0000 Received: from laptop ([80.193.230.16]) by softhome.net with esmtp; Tue, 11 Mar 2003 11:12:04 -0700 From: "Abdul Hakeem" To: equipment-l@wisp-equipment.net, freebsd-isp@freebsd.org Subject: RE: Data Modem for Digital Audio Broadcast Date: Tue, 11 Mar 2003 18:11:00 -0000 Message-ID: <011c01c2e7f9$928a3800$10e6c150@laptop> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <002101c2e7ee$914a6600$6b00a8c0@corporate.pyramatrix.com> Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello All, I am toying with the idea of a wireless service provided via the data port of a "DAB" digital audio broadcast radio. Does anyone has any info. Of an uplink/downlink device and a data modem and drivers for the serial port on the digital radios. Cheers, Abdul Hakeem To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Mar 11 15:57:19 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 694F337B401 for ; Tue, 11 Mar 2003 15:57:17 -0800 (PST) Received: from hexagon.stack.nl (hexagon.stack.nl [131.155.140.144]) by mx1.FreeBSD.org (Postfix) with ESMTP id 59C8643FEC for ; Tue, 11 Mar 2003 15:57:16 -0800 (PST) (envelope-from dean@dragon.stack.nl) Received: by hexagon.stack.nl (Postfix, from userid 65534) id 7628C1C6F; Wed, 12 Mar 2003 00:57:15 +0100 (CET) Received: from dragon.stack.nl (dragon.stack.nl [2001:610:1108:5011:207:e9ff:fe09:230]) by hexagon.stack.nl (Postfix) with ESMTP id 8436F1C6D; Wed, 12 Mar 2003 00:57:14 +0100 (CET) Received: by dragon.stack.nl (Postfix, from userid 1600) id 75D985F16B; Wed, 12 Mar 2003 00:57:14 +0100 (CET) Date: Wed, 12 Mar 2003 00:57:14 +0100 From: Dean Strik To: Troy Settle Cc: freebsd-isp@freebsd.org Subject: Re: Mail Storage Reccomendations (3Ware vs Adaptec vs ....) Message-ID: <20030311235714.GA27853@dragon.stack.nl> References: <002201c2e703$cabdcdf0$aa8ffea9@abyss> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <002201c2e703$cabdcdf0$aa8ffea9@abyss> X-Editor: VIM Rulez! http://www.vim.org/ X-MUD: Outerspace - telnet://mud.stack.nl:3333 X-Really: Yes User-Agent: Mutt/1.5.3i X-Spam-Status: No, hits=-32.8 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES, REPLY_WITH_QUOTES,USER_AGENT_MUTT version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Troy Settle wrote: > My current mail storage server is a C600 w/512MB and ~54GB of RAID5 > (amr0, Series 466). The machine (and drives) are coming up on 3 years > of age, and I'm ready to replace it. Performance has been acceptable, > but not stellar. > > The question of the day, is do I build a 3ware RAID5 solution (with like > 7*40GB drives of RAID5 and a hot spare), or do I stick with SCSI with > something like a Supermicro server > (http://www.supermicro.com/PRODUCT/SUPERServer/SuperServer6021H.htm) > with an Adaptec U160 0-channel RAID controller and 5*36GB and a hot > spare. > > Besides NFS, this machine will also be running a MySQL server with 1 or > 2 very small databases (for storing the vpopmail database). Whoa. "Besides NFS". So you export the mailboxes to other hosts? That's an important difference. Anyway, if disk performance is a problem, I'd go with SCSI RAID10: high performance read, good performance write. RAID5 means a performance penalty, even in hardware. With RAID10, even software RAID would give acceptable performance: software RAID is mostly expensive with RAID5. U320 SCSI probably isn't worth it. If possible, make the sytem disks (and swap) independent from the mail storage disks. Of course make sure that your NFS link is good. If you export the mailboxes to NFS, and the clients are not running FreeBSD, but e.g. Solaris, you may have a low performance NFS link because of differences in window sizes. You may need to tweak a lot then. Even when running FreeBSD, setting readahead and blocksizes in NFS mount options is advised. But note: NFS performance means tweaking. How does the mail get delivered to the mailboxes? I strongly advise against delivering over NFS. Put your sendmail/postfix/* logfiles on another disk than the storage files. How do clients access the mail storage? Do they use IMAP or POP3 to a machine which mounts the files over NFS? Consider cutting out the middle man: run IMAP/POP3 service on the storage machine if possible. Make sure you know where the bottleneck is. The MySQL server should not have a big impact. Unless the machine also works as a relay (avoid the storage/relay combination when possible), the databases are not big and not that often queried. If this would pose a problem, consider making regular dumps of the databases to standard Berkeley/*DBM files and using those in your daemons. On ATA controllers: the 3ware vs. Mylex is almost a holy war. In archives and on google you can find many experiences, but often contradicting. I have no personal experience with these. CPU should however not really be the problem. -- Dean C. Strik Eindhoven University of Technology dean@stack.nl | dean@ipnet6.org | http://www.ipnet6.org/ "This isn't right. This isn't even wrong." -- Wolfgang Pauli To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Mar 12 4: 8: 9 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8EB9C37B401 for ; Wed, 12 Mar 2003 04:08:05 -0800 (PST) Received: from psknet.com (voyager.psknet.com [63.171.251.15]) by mx1.FreeBSD.org (Postfix) with SMTP id 6DC4643FB1 for ; Wed, 12 Mar 2003 04:08:04 -0800 (PST) (envelope-from troy@psknet.com) Received: (qmail 99503 invoked by uid 85); 12 Mar 2003 12:04:30 -0000 Received: from troy@psknet.com by voyager.psknet.com with qmail-scanner-1.02 (uvscan: v4.1.40/v4100. . Clean. Processed in 0.899203 secs); 12 Mar 2003 12:04:30 -0000 Received: from pool-141-152-68-63.roa.east.verizon.net (HELO abyss) (141.152.68.63) by voyager.psknet.com with SMTP; 12 Mar 2003 12:04:29 -0000 From: "Troy Settle" To: Subject: RE: Mail Storage Reccomendations (3Ware vs Adaptec vs ....) Date: Wed, 12 Mar 2003 07:08:02 -0500 Message-ID: <000601c2e890$08c973f0$aa8ffea9@abyss> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 In-Reply-To: <20030311235714.GA27853@dragon.stack.nl> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > -----Original Message----- > From: Dean Strik [mailto:dean@stack.nl] > Sent: Tuesday, March 11, 2003 6:57 PM > To: Troy Settle > Cc: freebsd-isp@freebsd.org > Subject: Re: Mail Storage Reccomendations (3Ware vs Adaptec vs ....) > > > Troy Settle wrote: > > > > Besides NFS, this machine will also be running a MySQL > > server with 1 or 2 very small databases (for storing the > > vpopmail database). > > Whoa. "Besides NFS". So you export the mailboxes to other > hosts? That's an important difference. Yeah, I suppose it is for those folks who are still stuck on mbox-style mail storage. For those who have seen the light of Maildir/, the difference isn't that signifigant. I've been doing mail storage over NFS with woefully under-powered machines (celerons) for 2 years now without serious issue (except reading .cdb files over NFS). > Anyway, if disk performance is a problem, I'd > go with SCSI RAID10: high performance read, good performance write. > RAID5 means a performance penalty, even in hardware. With RAID10, > even software RAID would give acceptable performance: software RAID is > mostly expensive with RAID5. U320 SCSI probably isn't worth it. I never said that disk performance was a problem. Any admin would be stupid not to be concerned, but at my current volumes, I'd have decent storage performance with a Vinum RAID5 running on a P2 w/ATA66 drives. Anyways, I'm on UW SCSI now, and will be going up to U160. I've thought about U320, but agree that it's probably not worth it at the current volume of mail that I'm pushing. The cost of disks isn't a huge issue, in fact I'll probably end up with U320 disks. The actual controller I get will simply depend on the final solution I end up with. It's likely that I'll just go with the box w/onboard U160 and a ZCR solution. > If possible, make the sytem disks (and swap) independent from the mail > storage disks. The only processes on the server will sshd and mysqld, save for when I log in. The only major I/O will be with the NFS mounts. The box will be configured without softupdates, and with at least 2GB of RAM, MySQL should have plenty of room to play. Everything related to email will be FreeBSD. SMTP/POP/IMAP will be spread across a couple boxes. Webmail will be on a box by itself (because SquirrelMail/php/apache combo seems to have some resource issues). > > Of course make sure that your NFS link is good. If you export the > mailboxes to NFS, and the clients are not running FreeBSD, but e.g. > Solaris, you may have a low performance NFS link because of > differences > in window sizes. You may need to tweak a lot then. Even when running > FreeBSD, setting readahead and blocksizes in NFS mount options is > advised. But note: NFS performance means tweaking. > > How does the mail get delivered to the mailboxes? I strongly advise > against delivering over NFS. Put your sendmail/postfix/* logfiles on > another disk than the storage files. Just say NO to sendmail, Postfix is a possibility, but Qmail is my MTA of choice at the moment. I want the mailstore to be once-removed from the 'net. By creating a SAN, I feel that I'm reducing the potential security risks while decreasing the complexity of administering everything. > > How do clients access the mail storage? Do they use IMAP or POP3 to a > machine which mounts the files over NFS? Consider cutting out > the middle > man: run IMAP/POP3 service on the storage machine if > possible. Make sure > you know where the bottleneck is. Most use POP3, but there are a growing number of people who are using Webmail (IMAP). The only bottleneck I have right now, is the resource issues with Squirrelmail/PHP/Apache combo. I fully expect that a pair of XP1800 boxes to run all SMTP/POP3/IMAP/Anti-Virus functions will last me until I outgrow the ~100-150GB that my storage server will end up having (I've actually already decided to go with the SCSI solution). > > The MySQL server should not have a big impact. Unless the machine also > works as a relay (avoid the storage/relay combination when possible), > the databases are not big and not that often queried. If this > would pose > a problem, consider making regular dumps of the databases to standard > Berkeley/*DBM files and using those in your daemons. As for avoiding the "storage/relay" combination, this is already the plan. I'm building a STORAGE server, not an SMTP server. The queue will be handled on a WD JB disk (8MB cache), which is fast enough for my purposes (SMTP and Anti-Virus), and cheap enough that I can let it get torn up. When the time comes, my SMTP/AV processes will be running on Dual XEON boxes w/scanning taking place on an md(4) device for sure. Currently, authentication and verification takes place from from cdb files and/or flat-files, which works fine in terms of performance, but has certain limitations in terms of administrivia. For many reasons, I want to move all authentication to a central database. My billing software (Platypus) will add/remove/suspend/alter accounts via ODBC connection to the MySQL server. This will serve for the authentication of RADIUS/POP3/IMAP/SMTP, which will end up being 1000's of requests per minute, but shouldn't present a signifigant load on the box. If necessary, I can always move the MySQL database to a separate server. Radius Accounting, while important, is a non-critical process for me right now, and will be handled by another MySQL server (with a single ata100 drive). Before you ask, I have considered LDAP, but I'm not comfortable enough with it that I feel I can use it in a production environment. Quite frankly, the few times I've tried to set it up, I got nowhere, even though I've followed at least 2 different How-To docs to the letter multiple times. > > On ATA controllers: the 3ware vs. Mylex is almost a holy war. In > archives and on google you can find many experiences, but often > contradicting. I have no personal experience with these. CPU should > however not really be the problem. Actually, I've already decided to go with the SCSI solution. Both will cost me $3-4k, and while ATA disks are half the cost, they seem to need replacement 3x as often. In the long run, I feel that I'll be better off with a SCSI solution for this project. Also, it looks like the final configuration will be a 108GB of RAID0+1, though I may break down and get 73GB drives instead, giving me 221GB. -- Troy Settle Pulaski Networks http://www.psknet.com 540.994.4254 ~ 866.477.5638 Pulaski Chamber 2002 Small Business Of The Year To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Mar 12 11:32:37 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D6E2637B401 for ; Wed, 12 Mar 2003 11:32:36 -0800 (PST) Received: from vineyard.net (k1.vineyard.net [204.17.195.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A46343FA3 for ; Wed, 12 Mar 2003 11:32:34 -0800 (PST) (envelope-from ericx@vineyard.net) Received: from fortiva (fortiva.vineyard.net [204.17.195.104]) by vineyard.net (Postfix) with SMTP id 4FC3A917E4 for ; Wed, 12 Mar 2003 14:32:33 -0500 (EST) Message-ID: <013f01c2e8ce$130e3380$68c311cc@vineyard.net> From: "Eric W. Bates" To: Subject: hooking twe events Date: Wed, 12 Mar 2003 14:32:09 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I really don't want to bother Mr. Smith... Anyone know how to hook possible events from the 3Ware twe devices? I want to rig an alarm to notice a disk failure. The kernel will send messages to syslog; so I suppose I can write something to tail /var/log/kernel; but I think it would be much better to be able to query status from the device. Is there a way to do this? Thanks for your time. --- Eric W. Bates To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Mar 12 15:26:25 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC7EF37B401 for ; Wed, 12 Mar 2003 15:26:23 -0800 (PST) Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F74643F85 for ; Wed, 12 Mar 2003 15:26:23 -0800 (PST) (envelope-from mike@sentex.net) Received: from house (cage.simianscience.com [64.7.134.1]) by smtp1.sentex.ca (8.12.8/8.12.6) with SMTP id h2CNQPhS027357; Wed, 12 Mar 2003 18:26:25 -0500 (EST) (envelope-from mike@sentex.net) From: Mike Tancsa To: "Eric W. Bates" Cc: freebsd-isp@freebsd.org Subject: Re: hooking twe events Date: Wed, 12 Mar 2003 18:24:46 -0500 Message-ID: References: In-Reply-To: X-Mailer: Forte Agent 1.8/32.548 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Whats wrong with using the 3dmd program to monitor the arrays (/usr/ports/sysutils/3dm/) ? It will do exactly what you describe = below. ---Mike On Wed, 12 Mar 2003 14:32:09 -0500, in sentex.lists.freebsd.isp you = wrote: >Anyone know how to hook possible events from the 3Ware twe devices? > >I want to rig an alarm to notice a disk failure. The kernel will send >messages to syslog; so I suppose I can write something to tail >/var/log/kernel; but I think it would be much better to be able to query >status from the device. Is there a way to do this? > >Thanks for your time. > >--- >Eric W. Bates > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message Mike Tancsa (mike@sentex.net)=09 http://www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Mar 12 16:15:40 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 959EC37B401 for ; Wed, 12 Mar 2003 16:15:39 -0800 (PST) Received: from notus.primus.ca (mail.tor.primus.ca [216.254.136.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E4C4443F93 for ; Wed, 12 Mar 2003 16:15:38 -0800 (PST) (envelope-from leth@lethargic.dyndns.org) Received: from dialin-163-145.tor.primus.ca ([216.254.163.145] helo=lethargic.dyndns.org) by notus.primus.ca with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 3.36 #3) id 18tGNe-00070V-0A; Wed, 12 Mar 2003 19:15:31 -0500 Received: from lethargic.dyndns.org (leth@localhost [127.0.0.1]) by lethargic.dyndns.org (8.12.6/8.12.6) with ESMTP id h2D0FZEG096055; Wed, 12 Mar 2003 19:15:36 -0500 (EST) (envelope-from leth@lethargic.dyndns.org) Received: (from leth@localhost) by lethargic.dyndns.org (8.12.6/8.12.6/Submit) id h2D0FW0W096054; Wed, 12 Mar 2003 19:15:32 -0500 (EST) Date: Wed, 12 Mar 2003 19:15:32 -0500 From: Jason Hunt To: Dmitry Alyabyev Cc: Troy Settle , freebsd-isp@FreeBSD.ORG Subject: Re: Mail Storage Reccomendations (3Ware vs Adaptec vs ....) Message-ID: <20030313001532.GA96009@lethargic.dyndns.org> References: <002201c2e703$cabdcdf0$aa8ffea9@abyss> <200303111147.01478.dimitry@al.org.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200303111147.01478.dimitry@al.org.ua> User-Agent: Mutt/1.4i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Mar 11, 2003 at 11:47:01AM +0200, Dmitry Alyabyev wrote: > > I can't say about 3Ware but according to experience with Adaptec 21xx RAID > cards I would say they are _extremely_ slow in case of RAID5. > RAID 0,1,10 works well and stable > I found the 21xx's to be *alright* using RAID-5. Rebuilding is especially slow. A customer at work has a RAID-5 array with four 36GB drives plus a hotspare, giving them just over 100GB of space. Rebuilding takes approximatly four hours. According to the Adaptec knowledge base (Article ID 2077), the 21xx series is slower than other cards (it mentions the 32xx and 34xx series) due to the lack of a co-processor for performing XOR operations. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Mar 12 23:18:44 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0E53D37B401 for ; Wed, 12 Mar 2003 23:18:43 -0800 (PST) Received: from relay.kiev.sovam.com (relay.kiev.sovam.com [212.109.32.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0690A43FB1 for ; Wed, 12 Mar 2003 23:18:42 -0800 (PST) (envelope-from dimitry@al.org.ua) Received: from [212.109.32.116] (helo=dimitry.kiev.sovam.com) by relay.kiev.sovam.com with esmtp (Exim 3.36 #5) id 18tMzA-0006Cd-00; Thu, 13 Mar 2003 09:18:40 +0200 From: Dmitry Alyabyev Reply-To: dimitry@al.org.ua To: Jason Hunt Subject: Re: Mail Storage Reccomendations (3Ware vs Adaptec vs ....) Date: Thu, 13 Mar 2003 09:18:39 +0200 User-Agent: KMail/1.5 Cc: Troy Settle , freebsd-isp@FreeBSD.ORG References: <002201c2e703$cabdcdf0$aa8ffea9@abyss> <200303111147.01478.dimitry@al.org.ua> <20030313001532.GA96009@lethargic.dyndns.org> In-Reply-To: <20030313001532.GA96009@lethargic.dyndns.org> X-NCC-RegID: ua.svitonline MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200303130918.39407.dimitry@al.org.ua> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thursday 13 March 2003 02:15, Jason Hunt wrote: > On Tue, Mar 11, 2003 at 11:47:01AM +0200, Dmitry Alyabyev wrote: > > I can't say about 3Ware but according to experience with Adaptec 21xx > > RAID cards I would say they are _extremely_ slow in case of RAID5. > > RAID 0,1,10 works well and stable > > I found the 21xx's to be *alright* using RAID-5. Rebuilding is > especially slow. A customer at work has a RAID-5 array with four 36GB > drives plus a hotspare, giving them just over 100GB of space. > Rebuilding takes approximatly four hours. According to the Adaptec > knowledge base (Article ID 2077), the 21xx series is slower than other > cards (it mentions the 32xx and 34xx series) due to the lack of a > co-processor for performing XOR operations. when I wrote that I meant not rebuild time but access (especially writing time). in this case adaptec 21xx seems to be slowly than many other RAID-5 cards I seen. -- Dimitry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Mar 13 10:43:44 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E4BA37B401 for ; Thu, 13 Mar 2003 10:43:43 -0800 (PST) Received: from mail.westbend.net (ns1.westbend.net [216.47.253.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id BDBF043F93 for ; Thu, 13 Mar 2003 10:43:42 -0800 (PST) (envelope-from hetzels@westbend.net) Received: from ADMIN00 (WBIw005.westbend.net [216.47.253.25]) by mail.westbend.net (8.12.8/8.12.8) with SMTP id h2DIhbZZ032092 for ; Thu, 13 Mar 2003 12:43:37 -0600 (CST) (envelope-from hetzels@westbend.net) Message-ID: <013f01c2e990$751b6fd0$19fd2fd8@westbend.net> From: "Scot Hetzel" To: "FreeBSD-ISP" Subject: FrontPage Extentions on FreeBSD-Alpha Date: Thu, 13 Mar 2003 12:42:55 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Virus-Scanned: by amavisd-milter (http://amavis.org/) X-Spam-Status: No, hits=0.7 required=8.0 tests=SPAM_PHRASE_00_01,TO_LOCALPART_EQ_REAL,USER_AGENT_OE version=2.43 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I maintain the www/apache13-fp and www/frontpage ports, they are supposed to work on FreeBSD-Alpha as they install the Digital Unix (Tru64) Frontpage Extentions binaries. I have an FreeBSD-Alpha user who is trying to get these ports working on his Alpha (5.0-RELEASE), but he is getting errors when the fp_install.sh script attempts to install the FP root web. Will chown web to www as part of install. Will chgrp web to www as part of install. exception system: exiting due to internal error: out of memory trying to allocate exception system resources Abort trap ERROR: / installation failed. Hit enter to continue Exiting due to an error! Please fix the error and try again. His Alpha system is configured with 1G swap and 512M RAM. He did a kldstat -v and it shows that he has the osf1.ko module loaded. He also has the osf1_base port installed (which may/may not be needed by the port). Is anyone using one of these port combinations on FreeBSD-Alpha: www/apache13-fp + www/frontpage www/apache13[-modssl] + www/mod_frontpage + www/frontpage Scot To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Mar 14 3:52:17 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D7ACB37B401; Fri, 14 Mar 2003 03:52:14 -0800 (PST) Received: from prime.gushi.org (prime.gushi.org [65.125.228.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 31E9543F3F; Fri, 14 Mar 2003 03:52:14 -0800 (PST) (envelope-from danm@prime.gushi.org) Received: from localhost (danm@localhost.com [127.0.0.1] (may be forged)) by prime.gushi.org (8.12.8/8.12.8) with ESMTP id h2EBr75L070699; Fri, 14 Mar 2003 06:53:07 -0500 (EST) Date: Fri, 14 Mar 2003 06:53:07 -0500 (EST) From: "Dan Mahoney, System Admin" To: questions@freebsd.org, Subject: DNS Proxying based on source address Message-ID: <20030314031614.J60636-100000@prime.gushi.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, I'm doing a project where I want users on a wireless lan to be routed to a single, wildcard A record, where they will be forced to input some registration information, and then allowed out into the real world. Some nice folks at southwestern university have already written a project that does this called "NetReg" but they are requiring a reboot of the client machine and changes to the DHCP lease file. (which will be stopped and started while the client reboots) (re:any potentia lecture on wi-fi security, I know there's risks that can be done with mac-spoofing, but let's assume I'm aware of them). Let's also make sure we know this is in the dealer's room at a convention where you have a lot of pissed off dealers who can't sell their stuff to a lot of people if this doesn't work, so it's in everyone's best interest not to tamper with it. Let's even assume I'm bringing a 24 port switch just in case something stupid DOES happen. Back to our story...) My solution is a bit more elegant, I think, but I'm stuck on one part. Upon bootup, a person is given a DNS server on the local net. The DNS server is configured with a single wildcard record that returns the reg server for any address. everything else is blocked by the default ipfw rule. If they feel like trying to go to a site by ip, then they run into the issue I'm having. As far as they know, trying to reach anywhere will yield nothing, because unassigned addresses will be firewalled from all but the netreg server. (I'm running this on a gateway machine). They can access the registration page on the netreg machine, and once they register, the ipfw rules for their machine are added, and a static mac-based lease for the ip they were assigned is added in dhcpd.conf (which receives periodic reboots, every 30 minutes or so, instead of every minute with the netreg solution). I'm going to have the netreg server add a rule like so: ipfw add 100 fwd 192.168.1.2,53 any from to <192.168.1.1:53> .1 and .2 are ips on the same interface (the one internal to the LAN). Since these are on the local machine, the .2 dns server will still see the original address, and will reply directly. This will cause them to magically now receive "normal" DNS replies, instead of the "bogus" ones. At least in theory. **Now here's the issue.** Assuming I can get all this to work, if bob's windows pc sends a request to 192.168.1.1, and 192.168.1.2 answers, will the machine ignore it? If so, how do I rewrite the source address on the outbound reply packets? The same thing goes with http traffic. I'd love to thwart anyone trying to access a site via IP in teh same manner, but if they try to go to http://google's.ip.address, will their machine pay any attention if a reply comes back from my local http server on 192.168.1.1? I know in a corporate lan scenario where you have a webserver with an internal ip and an external ip, you run two different dns servers on two different interfaces. I guess what I need is a DNS server that will proxy requests to either of two other DNS servers based on the machine making the query. **big question** Would adding a second address to the loopback device to the system (and only having the rules fwd to those addresses) solve the source-ip dilemma? (at least for the DNS, for the http the machine is still expecting a reply from some ip that is blocked). Is there any way you all can think of to have the server return a page when the user tries to access a site via IP (ala a transparent proxy). Any ideas, guys? I know this may be too complicated for the freebsd-questions list. I'm corssposting this to isp- for that reason. -- "You're a thucking reyer!" -Richard Bozzello, who believed tongue piercing was painless. --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Mar 14 4:35:34 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 336FF37B404 for ; Fri, 14 Mar 2003 04:35:34 -0800 (PST) Received: from hotmail.com (oe70.law8.hotmail.com [216.33.240.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6F1443FAF for ; Fri, 14 Mar 2003 04:35:33 -0800 (PST) (envelope-from a_3shmaoy@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 14 Mar 2003 04:35:33 -0800 X-Originating-IP: [62.139.12.164] From: "3mr 3shmaoy" <3shmaoy@acm.org> To: Subject: Date: Fri, 14 Mar 2003 14:37:08 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1256" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Message-ID: X-OriginalArrivalTime: 14 Mar 2003 12:35:33.0576 (UTC) FILETIME=[34D3FC80:01C2EA26] Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org auth 6968524a unsubscribe freebsd-isp amostafa@misrnet.com.eg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Mar 14 7:10:57 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 01C0437B401; Fri, 14 Mar 2003 07:10:56 -0800 (PST) Received: from srv.flncs.com (srv.flncs.com [12.27.148.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6476C43FB1; Fri, 14 Mar 2003 07:10:53 -0800 (PST) (envelope-from moti@flncs.com) Message-ID: <3E71F13F.3010204@flncs.com> Date: Fri, 14 Mar 2003 10:11:59 -0500 From: Moti Levy User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030210 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-question@freebsd.org, freebsd-isp@freebsd.org Subject: Isp "control panel " ? Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi , I have a small server that's slowly becoming a lot of work ... i set it up and friends started using it for web hosting . i need to provide them with a control panel so that they can do what they want and leave me alone :-) currently i run : apache + php + postgresql proftpd postfix + cyrus-imap + spamassassin + procmail bind i dont care switching to others ( eg, postgres -> mysql ) if needed. i do need to provide the following functions: 1.add virtual hosts to apapche and proftpd 2.add mailbox to imap & postfix 3.add dns entries 4.modify tables and databse entries I looked at ispman ( www.ispman.org ) and it looks like what i need . is there a similar app for freebsd ? thanks Moti To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Mar 14 7:23:39 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3835437B401; Fri, 14 Mar 2003 07:23:38 -0800 (PST) Received: from sccrmhc01.attbi.com (sccrmhc01.attbi.com [204.127.202.61]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7BFB843F93; Fri, 14 Mar 2003 07:23:37 -0800 (PST) (envelope-from fearow@attbi.com) Received: from god.woofcat.com (12-251-110-17.client.attbi.com[12.251.110.17]) by sccrmhc01.attbi.com (sccrmhc01) with SMTP id <2003031415233600100gruioe>; Fri, 14 Mar 2003 15:23:36 +0000 Date: Fri, 14 Mar 2003 09:23:20 -0600 From: Anti To: Moti Levy Cc: freebsd-question@freebsd.org, freebsd-isp@freebsd.org Subject: Re: Isp "control panel " ? Message-Id: <20030314092320.4c504e7e.fearow@attbi.com> In-Reply-To: <3E71F13F.3010204@flncs.com> References: <3E71F13F.3010204@flncs.com> Organization: Woofcat X-Mailer: Sylpheed version 0.8.10 (GTK+ 1.2.10; i386-portbld-freebsd5.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 14 Mar 2003 10:11:59 -0500 Moti Levy wrote: > > Hi , > I have a small server that's slowly becoming a lot of work ... > i set it up and friends started using it for web hosting . > i need to provide them with a control panel so that they can do what > they want and leave me alone :-) > currently i run : > > apache + php + postgresql > proftpd > postfix + cyrus-imap + spamassassin + procmail > bind > > i dont care switching to others ( eg, postgres -> mysql ) if needed. > i do need to provide the following functions: > 1.add virtual hosts to apapche and proftpd > 2.add mailbox to imap & postfix > 3.add dns entries > 4.modify tables and databse entries > > I looked at ispman ( www.ispman.org ) and it looks like what i need . > is there a similar app for freebsd ? > thanks > Moti the sysutils/webmin and sysutils/usermin ports are the best free solution imo... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Mar 14 7:25: 7 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5523F37B401; Fri, 14 Mar 2003 07:25:06 -0800 (PST) Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 681D243FBD; Fri, 14 Mar 2003 07:25:05 -0800 (PST) (envelope-from fearow@attbi.com) Received: from god.woofcat.com (12-251-110-17.client.attbi.com[12.251.110.17]) by rwcrmhc52.attbi.com (rwcrmhc52) with SMTP id <2003031415250405200qnijae>; Fri, 14 Mar 2003 15:25:04 +0000 Date: Fri, 14 Mar 2003 09:24:48 -0600 From: Anti To: Moti Levy Cc: freebsd-questions@freebsd.org, freebsd-isp@freebsd.org Subject: Re: Isp "control panel " ? Message-Id: <20030314092448.142f3f20.fearow@attbi.com> In-Reply-To: <3E71F13F.3010204@flncs.com> References: <3E71F13F.3010204@flncs.com> Organization: Woofcat X-Mailer: Sylpheed version 0.8.10 (GTK+ 1.2.10; i386-portbld-freebsd5.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 14 Mar 2003 10:11:59 -0500 Moti Levy wrote: > > Hi , > I have a small server that's slowly becoming a lot of work ... > i set it up and friends started using it for web hosting . > i need to provide them with a control panel so that they can do what > they want and leave me alone :-) > currently i run : > > apache + php + postgresql > proftpd > postfix + cyrus-imap + spamassassin + procmail > bind > > i dont care switching to others ( eg, postgres -> mysql ) if needed. > i do need to provide the following functions: > 1.add virtual hosts to apapche and proftpd > 2.add mailbox to imap & postfix > 3.add dns entries > 4.modify tables and databse entries > > I looked at ispman ( www.ispman.org ) and it looks like what i need . > is there a similar app for freebsd ? > thanks > Moti the sysutils/webmin and sysutils/usermin ports are the best free solution imo... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Mar 14 7:44:29 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F225B37B401; Fri, 14 Mar 2003 07:44:25 -0800 (PST) Received: from skyweb.ca (smtp-1.vancouver.ipapp.com [216.152.192.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C6B643FAF; Fri, 14 Mar 2003 07:44:24 -0800 (PST) (envelope-from mjohnston@skyweb.ca) Received: from mjohnston ([209.5.243.50]) by smtp-1.vancouver.ipapp.com ; Fri, 14 Mar 2003 07:44:08 -0800 From: "Mark Johnston" To: "'Dan Mahoney, System Admin'" Cc: , Subject: Re: DNS Proxying based on source address Date: Fri, 14 Mar 2003 09:49:42 -0600 Message-ID: <002b01c2ea41$5465b280$be0fa8c0@MJOHNSTON> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-Reply-To: <20030314031614.J60636-100000@prime.gushi.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dan Mahoney, System Admin wrote: > > I'm doing a project where I want users on a wireless lan to be routed > to a single, wildcard A record, where they will be forced to input > some registration information, and then allowed out into the real > world. Some nice folks at southwestern university have already > written a project that does this called "NetReg" but they are > requiring a reboot of the client machine and changes to the DHCP lease > file. (which will be stopped and started while the client reboots) [much snipped] I'm assuming here that what you want is a system allowing people to register and get access, but you don't want to have them change their IP address between when they first boot and when they go live. That introduces a bit of complication to the matter - read on. > **big question** > > Would adding a second address to the loopback device to the system > (and only having the rules fwd to those addresses) solve the source-ip > dilemma? (at least for the DNS, for the http the machine is still > expecting a reply from some ip that is blocked). Is there any way you > all can think of to have the server return a page when the user tries > to access a site via IP (ala a transparent proxy). It sounds like transparent "proxying" is exactly what you want. Here's my take on a solution for you - some parts of it I've tested for a similar scheme, some parts are speculation. First off, please reread the paragraph of ipfw(8) starting with "fwd ipaddr[,port]", just for reference. I'd start with an ipfw rule like the following, on the gateway: ipfw add 65000 fwd $GATEWAY tcp from $INTERNAL to any That grabs all incoming TCP traffic and redirects it to your own box. This part I've tested before, in conjunction with Apache - any web request, no matter the destination IP, will get a response from your httpd. Other TCP traffic will hit your box and receive a RST or no response, depending on your firewall rules. If you want to get fancy, you can listen for other protocols and send custom messages. Once you've got that rule into place, it's pretty straightforward to add rules to allow/NAT/whatever traffic on an IP-by-IP basis for hosts that you want to let out: ipfw add 64900 allow tcp from $REGISTERED_IP to any and so on. You can decide what you want to do for DNS; my testing used BIND 9's views and ACLs to serve all requests from unregistered IPs with the same answer for any A query, but just leaving UDP wide open seems all right to me. Even if people are able to look up names, they can't make any TCP connections. Remember here that you haven't got any security; it's trivial to sniff the network, find someone that has already registered, and take over their IP. Not much you can do about that except implement a tunnelling protocol or do some tricks with ipfw2's layer 2 filtering (which still doesn't help against the dedicated attacker that will change his or her MAC address.) For a basic registration-required scheme, though, it seems pretty sound. Hope this is fairly clear - good luck with your setup. Mark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Mar 14 7:48:21 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 500D737B404 for ; Fri, 14 Mar 2003 07:48:17 -0800 (PST) Received: from alcatraz.wolfpaw.net (alcatraz.wolfpaw.net [216.194.99.3]) by mx1.FreeBSD.org (Postfix) with SMTP id CC58B43FB1 for ; Fri, 14 Mar 2003 07:48:14 -0800 (PST) (envelope-from admin-lists@wolfpaw.net) Received: (qmail 29109 invoked by uid 0); 14 Mar 2003 15:48:12 -0000 Received: from unknown (HELO wolf) (216.123.201.128) by 0 with SMTP; 14 Mar 2003 15:48:12 -0000 From: "Wolfpaw - Dale Corse" To: "Dan Mahoney, System Admin" , , Subject: RE: DNS Proxying based on source address Date: Fri, 14 Mar 2003 08:59:38 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 In-Reply-To: <20030314031614.J60636-100000@prime.gushi.org> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Hi all, > > I'm doing a project where I want users on a wireless lan to > be routed to a > single, wildcard A record, where they will be forced to input some > registration information, and then allowed out into the > real world. Some > nice folks at southwestern university have already written > a project that > does this called "NetReg" but they are requiring a reboot > of the client > machine and changes to the DHCP lease file. (which will be > stopped and > started while the client reboots) > > (re:any potentia lecture on wi-fi security, I know there's > risks that can > be done with mac-spoofing, but let's assume I'm aware of > them). Let's > also make sure we know this is in the dealer's room at a > convention where > you have a lot of pissed off dealers who can't sell their > stuff to a lot > of people if this doesn't work, so it's in everyone's best > interest not to > tamper with it. Let's even assume I'm bringing a 24 port > switch just in > case something stupid DOES happen. Back to our story...) > > My solution is a bit more elegant, I think, but I'm stuck > on one part. > > Upon bootup, a person is given a DNS server on the local > net. The DNS > server is configured with a single wildcard record that > returns the reg > server for any address. everything else is blocked by the > default ipfw > rule. > > If they feel like trying to go to a site by ip, then they > run into the > issue I'm having. > > As far as they know, trying to reach anywhere will yield > nothing, because > unassigned addresses will be firewalled from all but the > netreg server. > (I'm running this on a gateway machine). They can access > the registration > page on the netreg machine, and once they register, the > ipfw rules for > their machine are added, and a static mac-based lease for > the ip they were > assigned is added in dhcpd.conf (which receives periodic > reboots, every 30 > minutes or so, instead of every minute with the netreg solution). > > I'm going to have the netreg server add a rule like so: > > ipfw add 100 fwd 192.168.1.2,53 any from to > <192.168.1.1:53> > > .1 and .2 are ips on the same interface (the one internal > to the LAN). > Since these are on the local machine, the .2 dns server > will still see the > original address, and will reply directly. This will cause them to > magically now receive "normal" DNS replies, instead of the > "bogus" ones. > > At least in theory. > > **Now here's the issue.** > > Assuming I can get all this to work, if bob's windows pc > sends a request > to 192.168.1.1, and 192.168.1.2 answers, will the machine > ignore it? If > so, how do I rewrite the source address on the outbound > reply packets? > > The same thing goes with http traffic. I'd love to thwart > anyone trying > to access a site via IP in teh same manner, but if they try to go to > http://google's.ip.address, will their machine pay any > attention if a > reply comes back from my local http server on 192.168.1.1? > > I know in a corporate lan scenario where you have a > webserver with an > internal ip and an external ip, you run two different dns > servers on two > different interfaces. I guess what I need is a DNS server > that will proxy > requests to either of two other DNS servers based on the > machine making > the query. > > **big question** > > Would adding a second address to the loopback device to the > system (and > only having the rules fwd to those addresses) solve the > source-ip dilemma? > (at least for the DNS, for the http the machine is still > expecting a reply > from some ip that is blocked). Is there any way you all > can think of to > have the server return a page when the user tries to access > a site via IP > (ala a transparent proxy). > > Any ideas, guys? > > I know this may be too complicated for the > freebsd-questions list. I'm > corssposting this to isp- for that reason. I setup a wireless ISP once, and what we did was used IPFW to block any IP that wasn't assigned to a customer, which also means, their assignment was static. This has a few benefits: A) Customers love static IP's.. or any geeky ones anyway :) B) No security issues C) There is no way around it.. if your IP isn't allowed to go out.. your screwed. Not as elegant as DHCP, and a bit more to maintain, but not really all that bad if you wrote a few php scripts :) Just my 2 cents :) Dale -------------------------------- Dale Corse System Administrator Wolfpaw Services Inc. http://www.wolfpaw.net (780) 474-4095 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Mar 14 8:14:27 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C939D37B404 for ; Fri, 14 Mar 2003 08:14:23 -0800 (PST) Received: from wycliffe.covenant.edu (zwingli.covenant.edu [66.255.16.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id A110843FA3 for ; Fri, 14 Mar 2003 08:14:22 -0800 (PST) (envelope-from tracy@covenant.edu) Content-Class: urn:content-classes:message Subject: RE: DNS Proxying based on source address MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Fri, 14 Mar 2003 11:14:20 -0500 X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: DNS Proxying based on source address Thread-Index: AcLqQKrvC/826C0KSSOlGuttVZUoYQAAz7Ug From: "Tracy, John" To: "Mark Johnston" , , Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org It would be nice to implement such a system with some sort of = expiring... such as ten minutes of inactivity or some variable like = that. Would you use the counters in IPFW somehow to count... or = something? We're trying to do just the same thing with a new wireless = LAN we're installing for students... IE students boot up, get an IP. No = matter what URL they try to access, they get a registration page to = which they must authenticate. Upon authenticating, their workstation is = allowed access out through the gateway (or IPFW box). Then, after some = period of inactivity, or a power off that registration is automatically = killed and to get back online, they must reauthenticate. There's a commercial product called BlueSocket which does this. It costs = $7500 for their basic box... but doesn't offer any real benefits over = the scenario above--and it's limited to 100 active registrations. -John > -----Original Message----- > From: Mark Johnston [SMTP:mjohnston@skyweb.ca] > Sent: Friday, March 14, 2003 10:50 AM > To: 'Dan Mahoney, System Admin' > Cc: questions@freebsd.org; isp@freebsd.org > Subject: Re: DNS Proxying based on source address >=20 > Dan Mahoney, System Admin wrote: > >=20 > > I'm doing a project where I want users on a wireless lan to be = routed > > to a single, wildcard A record, where they will be forced to input > > some registration information, and then allowed out into the real > > world. Some nice folks at southwestern university have already > > written a project that does this called "NetReg" but they are > > requiring a reboot of the client machine and changes to the DHCP = lease > > file. (which will be stopped and started while the client reboots) >=20 > [much snipped] >=20 > I'm assuming here that what you want is a system allowing people to > register and get access, but you don't want to have them change their = IP > address between when they first boot and when they go live. That > introduces a bit of complication to the matter - read on. >=20 > > **big question** > >=20 > > Would adding a second address to the loopback device to the system > > (and only having the rules fwd to those addresses) solve the = source-ip > > dilemma? (at least for the DNS, for the http the machine is still > > expecting a reply from some ip that is blocked). Is there any way = you > > all can think of to have the server return a page when the user = tries > > to access a site via IP (ala a transparent proxy). >=20 > It sounds like transparent "proxying" is exactly what you want. = Here's > my take on a solution for you - some parts of it I've tested for a > similar scheme, some parts are speculation. >=20 > First off, please reread the paragraph of ipfw(8) starting with "fwd > ipaddr[,port]", just for reference. >=20 > I'd start with an ipfw rule like the following, on the gateway: >=20 > ipfw add 65000 fwd $GATEWAY tcp from $INTERNAL to any >=20 > That grabs all incoming TCP traffic and redirects it to your own box. > This part I've tested before, in conjunction with Apache - any web > request, no matter the destination IP, will get a response from your > httpd. Other TCP traffic will hit your box and receive a RST or no > response, depending on your firewall rules. If you want to get fancy, > you can listen for other protocols and send custom messages. >=20 > Once you've got that rule into place, it's pretty straightforward to = add > rules to allow/NAT/whatever traffic on an IP-by-IP basis for hosts = that > you want to let out: >=20 > ipfw add 64900 allow tcp from $REGISTERED_IP to any >=20 > and so on. =20 >=20 > You can decide what you want to do for DNS; my testing used BIND 9's > views and ACLs to serve all requests from unregistered IPs with the = same > answer for any A query, but just leaving UDP wide open seems all right > to me. Even if people are able to look up names, they can't make any > TCP connections. >=20 > Remember here that you haven't got any security; it's trivial to = sniff>=20 > the network, find someone that has already registered, and take over > their IP. Not much you can do about that except implement a = tunnelling > protocol or do some tricks with ipfw2's layer 2 filtering (which still > doesn't help against the dedicated attacker that will change his or = her > MAC address.) For a basic registration-required scheme, though, it > seems pretty sound. >=20 > Hope this is fairly clear - good luck with your setup. >=20 > Mark >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Mar 14 8:28:42 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D907537B401 for ; Fri, 14 Mar 2003 08:28:39 -0800 (PST) Received: from skyweb.ca (smtp-1.vancouver.ipapp.com [216.152.192.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3566443FA3 for ; Fri, 14 Mar 2003 08:28:39 -0800 (PST) (envelope-from mjohnston@skyweb.ca) Received: from mjohnston ([209.5.243.50]) by smtp-1.vancouver.ipapp.com ; Fri, 14 Mar 2003 08:28:34 -0800 From: "Mark Johnston" To: "'Tracy, John'" Cc: "'Dan Mahoney, System Admin'" , Subject: Re: DNS Proxying based on source address Date: Fri, 14 Mar 2003 10:34:08 -0600 Message-ID: <005001c2ea47$895398d0$be0fa8c0@MJOHNSTON> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Tracy, John wrote: > It would be nice to implement such a system with some sort of > expiring... such as ten minutes of inactivity or some > variable like that. Would you use the counters in IPFW > somehow to count... or something? We're trying to do just the > same thing with a new wireless LAN we're installing for > students... IE students boot up, get an IP. No matter what > URL they try to access, they get a registration page to which > they must authenticate. Upon authenticating, their > workstation is allowed access out through the gateway (or > IPFW box). Then, after some period of inactivity, or a power > off that registration is automatically killed and to get back > online, they must reauthenticate. Yes, you could easily do exactly that. No need to worry about counters, though; try ipfw -t show. The dates are the last time the rule was matched. Just check it from cron with the granularity you want, and remove the rule if the date's too old. > There's a commercial product called BlueSocket which does > this. It costs $7500 for their basic box... but doesn't offer > any real benefits over the scenario above--and it's limited > to 100 active registrations. I'm not sure I'd say that it offers no benefits. Bluesocket claims to implement IPSec and PPTP along with authentication, whereas in the scheme I described there is essentially no security at all. Of course, you could implement a secure scheme using encryption and authentication with a little more effort. Whether that much effort is worthwhile is up to your particular situation. Mark > > -John > > > It sounds like transparent "proxying" is exactly what you > want. Here's > > my take on a solution for you - some parts of it I've tested for a > > similar scheme, some parts are speculation. > > > > First off, please reread the paragraph of ipfw(8) starting with "fwd > > ipaddr[,port]", just for reference. > > > > I'd start with an ipfw rule like the following, on the gateway: > > > > ipfw add 65000 fwd $GATEWAY tcp from $INTERNAL to any > > > > That grabs all incoming TCP traffic and redirects it to > your own box. > > This part I've tested before, in conjunction with Apache - any web > > request, no matter the destination IP, will get a response from your > > httpd. Other TCP traffic will hit your box and receive a RST or no > > response, depending on your firewall rules. If you want to > get fancy, > > you can listen for other protocols and send custom messages. > > > > Once you've got that rule into place, it's pretty > straightforward to add > > rules to allow/NAT/whatever traffic on an IP-by-IP basis > for hosts that > > you want to let out: > > > > ipfw add 64900 allow tcp from $REGISTERED_IP to any > > > > and so on. > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Mar 14 11:59:25 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B3D1B37B401 for ; Fri, 14 Mar 2003 11:59:20 -0800 (PST) Received: from prime.gushi.org (prime.gushi.org [65.125.228.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id A739843FCB for ; Fri, 14 Mar 2003 11:59:19 -0800 (PST) (envelope-from danm@prime.gushi.org) Received: from localhost (danm@localhost.com [127.0.0.1] (may be forged)) by prime.gushi.org (8.12.8/8.12.8) with ESMTP id h2EK0D5L001149; Fri, 14 Mar 2003 15:00:14 -0500 (EST) Date: Fri, 14 Mar 2003 15:00:13 -0500 (EST) From: "Dan Mahoney, System Admin" To: Mark Johnston Cc: "'Tracy, John'" , Subject: Re: DNS Proxying based on source address In-Reply-To: <005001c2ea47$895398d0$be0fa8c0@MJOHNSTON> Message-ID: <20030314133430.D39684-100000@prime.gushi.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 14 Mar 2003, Mark Johnston wrote: Well, okay, you've overlooked the basic issue I'm having with all of this. DNS uses UDP. UDP is connectionless. With ipfw fwd on tcp, the KERNEL is handling the connection, so for smtp, which I do on 2525 via this same mechanism, as far as I understand it it's client-->local machine port 2525-->kernel-->local machine 25 and the responses go: local machine (whatever port it's responding on, not 25)-->kernel-->local machine's initial connection response port-->client The kernel handles both sides of this transparently, again, as I understand it. Because it's on the same machine, and is a persistent connection, the sendmail on port 25 still sees the original source address, and the kernel handles sending it back out on the original response port for the port 2525 connection. Easy enough... Now, with UDP, where there's no connection it's Local host port 53 - - - > some alias ip port 53 - - - > (and again, this machine will see the original ip of the client as the source). reasonable, and what we want. But because there's no in-place connection, I STRONGLY SUSPECT that the responses will go more like alias ip port 53 - - - > client machine. this is the kicker, and the question I was asking about. Won't most clients ignore the udp traffic if it's coming from an ip they didn't make the request of? Remember, these are both reachable ip addresses bound to ed0 or whatnot. Would I need not only an: ipfw add fwd 192.168.1.2,53 from authorizedclientip/32 to mainip:32 but also some means of rewriting the source address of those reply packets? There's a couple ways I can do this: 1) Have NEITHER bind listen on a "real" ip, instead having them both listen on the loopback, on aliases, on port 53. This somehow "feels" like it would work best, since neither dns server is more "real" than the other. 2) Have one dns server (the "dumb" one), listen on the main IP, and the other listen somewhere else. A different port on the main ip feels more feasible than another real ip on the same box. Thing is, I would really LIKE if both ips were world-accessable, transparently. (the real one would be handed off via dhcp afterwards, keeping firewall rules simpler). Hrmmm, I just looked at bind 9's views option (I've been playing with bind 8 previously). Problem is, this would require a named HUP every time this happened if my response were to include ip addresses inside a views statement. Being able to add an ipfw rule and accomplish the same makes it instantanous. Not that I'm horribly concerned that named can't HUP itself in under a second. We're not talking about a large amount of zone files here. Those are my thoughts. Has anyone here successfully proxied DNS using ipfw fwd? -Dan > Tracy, John wrote: > > It would be nice to implement such a system with some sort of > > expiring... such as ten minutes of inactivity or some > > variable like that. Would you use the counters in IPFW > > somehow to count... or something? We're trying to do just the > > same thing with a new wireless LAN we're installing for > > students... IE students boot up, get an IP. No matter what > > URL they try to access, they get a registration page to which > > they must authenticate. Upon authenticating, their > > workstation is allowed access out through the gateway (or > > IPFW box). Then, after some period of inactivity, or a power > > off that registration is automatically killed and to get back > > online, they must reauthenticate. > > Yes, you could easily do exactly that. No need to worry about counters, > though; try ipfw -t show. The dates are the last time the rule was > matched. Just check it from cron with the granularity you want, and > remove the rule if the date's too old. > > > There's a commercial product called BlueSocket which does > > this. It costs $7500 for their basic box... but doesn't offer > > any real benefits over the scenario above--and it's limited > > to 100 active registrations. > > I'm not sure I'd say that it offers no benefits. Bluesocket claims to > implement IPSec and PPTP along with authentication, whereas in the > scheme I described there is essentially no security at all. Of course, > you could implement a secure scheme using encryption and authentication > with a little more effort. Whether that much effort is worthwhile is > up to your particular situation. > > Mark > > > > > -John > > > > > It sounds like transparent "proxying" is exactly what you > > want. Here's > > > my take on a solution for you - some parts of it I've tested for a > > > similar scheme, some parts are speculation. > > > > > > First off, please reread the paragraph of ipfw(8) starting with "fwd > > > ipaddr[,port]", just for reference. > > > > > > I'd start with an ipfw rule like the following, on the gateway: > > > > > > ipfw add 65000 fwd $GATEWAY tcp from $INTERNAL to any > > > > > > That grabs all incoming TCP traffic and redirects it to > > your own box. > > > This part I've tested before, in conjunction with Apache - any web > > > request, no matter the destination IP, will get a response from your > > > httpd. Other TCP traffic will hit your box and receive a RST or no > > > response, depending on your firewall rules. If you want to > > get fancy, > > > you can listen for other protocols and send custom messages. > > > > > > Once you've got that rule into place, it's pretty > > straightforward to add > > > rules to allow/NAT/whatever traffic on an IP-by-IP basis > > for hosts that > > > you want to let out: > > > > > > ipfw add 64900 allow tcp from $REGISTERED_IP to any > > > > > > and so on. > > > > -- "I wish the Real World would just stop hassling me!" -Matchbox 20, Real World, off the album "Yourself or Someone Like You" --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Mar 14 12:23:16 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B76137B401 for ; Fri, 14 Mar 2003 12:23:13 -0800 (PST) Received: from skyweb.ca (smtp-1.vancouver.ipapp.com [216.152.192.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C92E43FAF for ; Fri, 14 Mar 2003 12:23:12 -0800 (PST) (envelope-from mjohnston@skyweb.ca) Received: from mjohnston ([209.5.243.50]) by smtp-1.vancouver.ipapp.com ; Fri, 14 Mar 2003 12:23:07 -0800 From: "Mark Johnston" To: "'Dan Mahoney, System Admin'" Cc: "'Tracy, John'" , Subject: Re: DNS Proxying based on source address Date: Fri, 14 Mar 2003 14:28:40 -0600 Message-ID: <005901c2ea68$4d4633e0$be0fa8c0@MJOHNSTON> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-Reply-To: <20030314133430.D39684-100000@prime.gushi.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Well, okay, you've overlooked the basic issue I'm having with > all of this. Yes, that was deliberate. I was trying to solve your problem rather than answer your question. :) From what I understand of your situation, messing around with DNS isn't necessary. Most things that people will want to do require TCP, so it seems reasonable to allow unrestricted UDP access. For instance, when an unregistered user boots up and heads to a web site, they'll resolve its real IP address, but the browser will still wind up with the registration page. The security hole involved in permitting UDP traffic seems comparable to the security hole inherent in the idea of trusting local users based on IP address. [snip] > reasonable, and what we want. But because there's no in-place > connection, I STRONGLY SUSPECT that the responses will go more like > > alias ip port 53 - - - > client machine. I'm afraid I don't have a spare box to test your suspicion on at the moment; you are probably better placed to find out for sure one way or another than I am. I only tested it personally using TCP. [snip] > this is the kicker, and the question I was asking about. Won't most > clients ignore the udp traffic if it's coming from an ip they didn't > make the request of? Remember, these are both reachable ip addresses > bound to ed0 or whatnot. Would I need not only an: > > ipfw add fwd 192.168.1.2,53 from authorizedclientip/32 to mainip:32 > > but also some means of rewriting the source address of those reply > packets? Yes, DNS clients should ignore traffic they didn't specifically request. The response needs to come from the same port and address that the request was addressed to. [snip] > Those are my thoughts. Has anyone here successfully proxied DNS using > ipfw fwd? I have not tried this; if you're bent on using fwd on your DNS traffic, some testing should clear up your questions regarding ports and IPs. Mark > > > > It sounds like transparent "proxying" is exactly what you > > > want. Here's > > > > my take on a solution for you - some parts of it I've > tested for a > > > > similar scheme, some parts are speculation. > > > > > > > > First off, please reread the paragraph of ipfw(8) > starting with "fwd > > > > ipaddr[,port]", just for reference. > > > > > > > > I'd start with an ipfw rule like the following, on the gateway: > > > > > > > > ipfw add 65000 fwd $GATEWAY tcp from $INTERNAL to any > > > > > > > > That grabs all incoming TCP traffic and redirects it to > > > your own box. > > > > This part I've tested before, in conjunction with > Apache - any web > > > > request, no matter the destination IP, will get a > response from your > > > > httpd. Other TCP traffic will hit your box and receive > a RST or no > > > > response, depending on your firewall rules. If you want to > > > get fancy, > > > > you can listen for other protocols and send custom messages. > > > > > > > > Once you've got that rule into place, it's pretty > > > straightforward to add > > > > rules to allow/NAT/whatever traffic on an IP-by-IP basis > > > for hosts that > > > > you want to let out: > > > > > > > > ipfw add 64900 allow tcp from $REGISTERED_IP to any > > > > > > > > and so on. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Mar 14 12:37:46 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BBA4F37B401 for ; Fri, 14 Mar 2003 12:37:42 -0800 (PST) Received: from prime.gushi.org (prime.gushi.org [65.125.228.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0E8B943FA3 for ; Fri, 14 Mar 2003 12:37:42 -0800 (PST) (envelope-from danm@prime.gushi.org) Received: from localhost (danm@localhost.com [127.0.0.1] (may be forged)) by prime.gushi.org (8.12.8/8.12.8) with ESMTP id h2EKaN5L004036; Fri, 14 Mar 2003 15:36:23 -0500 (EST) Date: Fri, 14 Mar 2003 15:36:22 -0500 (EST) From: "Dan Mahoney, System Admin" To: "Tracy, John" Cc: Mark Johnston , Subject: RE: DNS Proxying based on source address In-Reply-To: Message-ID: <20030314151419.R39684-100000@prime.gushi.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 14 Mar 2003, Tracy, John wrote: > It would be nice to implement such a system with some sort of > expiring... such as ten minutes of inactivity or some variable like > that. Would you use the counters in IPFW somehow to count... or > something? We're trying to do just the same thing with a new wireless > LAN we're installing for students... IE students boot up, get an IP. No > matter what URL they try to access, they get a registration page to > which they must authenticate. Upon authenticating, their workstation is > allowed access out through the gateway (or IPFW box). Then, after some > period of inactivity, or a power off that registration is automatically > killed and to get back online, they must reauthenticate. You could use the counters, you could also do periodic pings so if they shut down, they're logged out. You could even do periodic arpings so that you're sure people aren't jumping macs on you. It's all written in perl, which makes it easily extensible. The system you're talking about was the one I found designed by the people at southwestern university. Similar systems exist, just search for "netreg" in google and you'll be rewarded. -Dan > > There's a commercial product called BlueSocket which does this. It costs $7500 for their basic box... but doesn't offer any real benefits over the scenario above--and it's limited to 100 active registrations. > > -John > > > -----Original Message----- > > From: Mark Johnston [SMTP:mjohnston@skyweb.ca] > > Sent: Friday, March 14, 2003 10:50 AM > > To: 'Dan Mahoney, System Admin' > > Cc: questions@freebsd.org; isp@freebsd.org > > Subject: Re: DNS Proxying based on source address > > > > Dan Mahoney, System Admin wrote: > > > > > > I'm doing a project where I want users on a wireless lan to be routed > > > to a single, wildcard A record, where they will be forced to input > > > some registration information, and then allowed out into the real > > > world. Some nice folks at southwestern university have already > > > written a project that does this called "NetReg" but they are > > > requiring a reboot of the client machine and changes to the DHCP lease > > > file. (which will be stopped and started while the client reboots) > > > > [much snipped] > > > > I'm assuming here that what you want is a system allowing people to > > register and get access, but you don't want to have them change their IP > > address between when they first boot and when they go live. That > > introduces a bit of complication to the matter - read on. > > > > > **big question** > > > > > > Would adding a second address to the loopback device to the system > > > (and only having the rules fwd to those addresses) solve the source-ip > > > dilemma? (at least for the DNS, for the http the machine is still > > > expecting a reply from some ip that is blocked). Is there any way you > > > all can think of to have the server return a page when the user tries > > > to access a site via IP (ala a transparent proxy). > > > > It sounds like transparent "proxying" is exactly what you want. Here's > > my take on a solution for you - some parts of it I've tested for a > > similar scheme, some parts are speculation. > > > > First off, please reread the paragraph of ipfw(8) starting with "fwd > > ipaddr[,port]", just for reference. > > > > I'd start with an ipfw rule like the following, on the gateway: > > > > ipfw add 65000 fwd $GATEWAY tcp from $INTERNAL to any > > > > That grabs all incoming TCP traffic and redirects it to your own box. > > This part I've tested before, in conjunction with Apache - any web > > request, no matter the destination IP, will get a response from your > > httpd. Other TCP traffic will hit your box and receive a RST or no > > response, depending on your firewall rules. If you want to get fancy, > > you can listen for other protocols and send custom messages. > > > > Once you've got that rule into place, it's pretty straightforward to add > > rules to allow/NAT/whatever traffic on an IP-by-IP basis for hosts that > > you want to let out: > > > > ipfw add 64900 allow tcp from $REGISTERED_IP to any > > > > and so on. > > > > You can decide what you want to do for DNS; my testing used BIND 9's > > views and ACLs to serve all requests from unregistered IPs with the same > > answer for any A query, but just leaving UDP wide open seems all right > > to me. Even if people are able to look up names, they can't make any > > TCP connections. > > > > Remember here that you haven't got any security; it's trivial to sniff> > > the network, find someone that has already registered, and take over > > their IP. Not much you can do about that except implement a tunnelling > > protocol or do some tricks with ipfw2's layer 2 filtering (which still > > doesn't help against the dedicated attacker that will change his or her > > MAC address.) For a basic registration-required scheme, though, it > > seems pretty sound. > > > > Hope this is fairly clear - good luck with your setup. > > > > Mark > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > -- "If you aren't going to try something, then we might as well just be friends." "We can't have that now, can we?" -SK & Dan Mahoney, December 9, 1998 --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Mar 14 15:30: 5 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F41F337B401; Fri, 14 Mar 2003 15:30:03 -0800 (PST) Received: from blue.centerone.com (blue.centerone.com [204.133.183.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id F115943FBD; Fri, 14 Mar 2003 15:30:02 -0800 (PST) (envelope-from rf-list@centerone.com) Received: from DELIVERANCE-XP.centerone.com (ppp-168-253-13-42.den1.ip.ricochet.net [168.253.13.42]) by blue.centerone.com (8.9.3/8.9.3) with ESMTP id QAA04533; Fri, 14 Mar 2003 16:39:55 -0700 Message-Id: <5.1.0.14.2.20030314161848.0319f870@mail.centerone.com> X-Sender: rf-list@mail.centerone.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 14 Mar 2003 16:21:09 -0700 To: Moti Levy , freebsd-question@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG From: Ralph Forsythe Subject: Re: Isp "control panel " ? In-Reply-To: <3E71F13F.3010204@flncs.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org FWIW I have been having nothing but strange issues with ISPman on FreeBSD. It's definitely a linux-borne application, but some have made it work on FBSD. I tried, I give up. It's pissing me off. After looking into webmin, the only feature it doesn't have that I want is a central LDAP database (that's just neat!), but it does about a hundred things more that I want, that I'm not getting with ISPman. And it formally supports FreeBSD as well. I'm going to install it this weekend (blowing away everything on the box and starting over) and will report back with a brief writeup and notes, etc. - Ralph At 10:11 AM 3/14/2003 -0500, Moti Levy wrote: >Hi , >I have a small server that's slowly becoming a lot of work ... >i set it up and friends started using it for web hosting . >i need to provide them with a control panel so that they can do what they >want and leave me alone :-) >currently i run : > >apache + php + postgresql >proftpd >postfix + cyrus-imap + spamassassin + procmail >bind > >i dont care switching to others ( eg, postgres -> mysql ) if needed. >i do need to provide the following functions: >1.add virtual hosts to apapche and proftpd >2.add mailbox to imap & postfix >3.add dns entries >4.modify tables and databse entries > >I looked at ispman ( www.ispman.org ) and it looks like what i need . >is there a similar app for freebsd ? >thanks >Moti > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Mar 15 2: 4:50 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA14437B420 for ; Sat, 15 Mar 2003 02:04:18 -0800 (PST) Received: from 211-189-139-167.rev.krline.net (211-189-139-167.rev.krline.net [211.189.139.167]) by mx1.FreeBSD.org (Postfix) with SMTP id CA94E43FDD for ; Sat, 15 Mar 2003 02:04:14 -0800 (PST) (envelope-from sender@refill.co.kr) Received: from zOA (unverified [211.235.237.59]) by 211-189-139-167.rev.krline.net (EMWAC SMTPRS 0.83) with SMTP id ; Sat, 15 Mar 2003 06:54:55 +0900 Message-ID: Subject: =?ks_c_5601-1987?Q?(=B1=A4=B0=ED)=C0=FA=B7=C5=C7=D1_=C7=C1=B8=B0=C5=CD_=C5=E4=B3=CA_=BC=EE=C7=CE=B8=F4_REFILL=2ECO=2EKR__@?= From: "=?ks_c_5601-1987?Q?REFILL=2ECO=2EKR?=" Date: Sat, 15 Mar 2003 06:54:55 +0900 To: "=?ks_c_5601-1987?Q?freebsd-isp@freebsd=2Eorg?=" X-Priority: 3 X-MSMail-Priority: Normal Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Mailer: JMail 4.3.1 by Dimac Content-Type: text/html X-Antirelay: Good relay from local net1 211.235.237.1/26 'Kiologic Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org DQo8aHRtbD4NCjxoZWFkPg0KPHRpdGxlPrTrx9G5zrG5ILTrx6UguK7Hyrvn wMzGriA6Ojo6Ojo6Ojo6IFJlZmlsbC5jby5rcjwvdGl0bGU+DQo8bWV0YSBo dHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsg Y2hhcnNldD1ldWMta3IiPg0KPHN0eWxlIHR5cGU9InRleHQvY3NzIj4NCjwh LS0NCi5ub21fdHh0IHsgIGZvbnQtZmFtaWx5OiAitbi/8iI7IGZvbnQtc2l6 ZTogMTJweDsgbGluZS1oZWlnaHQ6IG5vcm1hbDsgY29sb3I6ICNBNUE1QTV9 DQotLT4NCjwvc3R5bGU+DQo8L2hlYWQ+DQoNCjxib2R5IGJnY29sb3I9IiNG RkZGRkYiIGxlZnRtYXJnaW49IjAiIHRvcG1hcmdpbj0iMCIgbWFyZ2lud2lk dGg9IjAiIG1hcmdpbmhlaWdodD0iMCI+DQo8YnI+DQo8dGFibGUgd2lkdGg9 IjYwMCIgYm9yZGVyPSIwIiBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9 IjAiIGFsaWduPSJjZW50ZXIiPg0KPHRyPg0KPHRkIHdpZHRoPSIxIiBiZ2Nv bG9yPSIjQzZDNkM2Ij48aW1nIHNyYz0iaHR0cDovL3d3dy5yZWZpbGwuY28u a3IvbWFpbC9uZXdzbGV0dGVyL2ltYWdlcy9ibGFuay5naWYiPjwvdGQ+DQo8 dGQgd2lkdGg9IjU5OCI+DQo8dGFibGUgd2lkdGg9IjU5OCIgYm9yZGVyPSIw IiBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiPg0KPHRyPg0KPHRk IGNvbHNwYW49IjIiPjxpbWcgc3JjPSJodHRwOi8vd3d3LnJlZmlsbC5jby5r ci9tYWlsL25ld3NsZXR0ZXIvaW1hZ2VzL2Jhcl90b3AuZ2lmIiB3aWR0aD0i NTk4IiBoZWlnaHQ9IjIxIj48L3RkPg0KPC90cj4NCjx0cj4NCjx0ZD48YSBo cmVmPSJodHRwOi8vd3d3LnJlZmlsbC5jby5rci9pbmRleC5hc3AiIHRhcmdl dD0iX2JsYW5rIj48aW1nIHNyYz0iaHR0cDovL3d3dy5yZWZpbGwuY28ua3Iv bWFpbC9uZXdzbGV0dGVyL2ltYWdlcy9sb2dvLmdpZiIgd2lkdGg9IjE3MiIg aGVpZ2h0PSI1NiIgYm9yZGVyPSIwIj48L2E+PC90ZD4NCjx0ZD48YSBocmVm PSJodHRwOi8vd3d3LnJlZmlsbC5jby5rci9odG1sL1Byb1RvbmVyTGlzdC5h c3A/aW1nY2hrPTIiIHRhcmdldD0iX2JsYW5rIj48aW1nIHNyYz0iaHR0cDov L3d3dy5yZWZpbGwuY28ua3IvbWFpbC9uZXdzbGV0dGVyL2ltYWdlcy9iX3No b3BwaW5nLmdpZiIgd2lkdGg9IjEzOSIgaGVpZ2h0PSI1NiIgYWxpZ249InJp Z2h0IiBib3JkZXI9IjAiPjwvYT48L3RkPg0KPC90cj4NCjx0cj4NCjx0ZCBj b2xzcGFuPSIyIj48aW1nIHNyYz0iaHR0cDovL3d3dy5yZWZpbGwuY28ua3Iv bWFpbC9uZXdzbGV0dGVyL2ltYWdlcy9iYW5fbWFpbi5qcGciIHdpZHRoPSI1 OTgiIGhlaWdodD0iMTk1Ij48YnI+DQo8aW1nIHNyYz0iaHR0cDovL3d3dy5y ZWZpbGwuY28ua3IvbWFpbC9uZXdzbGV0dGVyL2ltYWdlcy9leHAuZ2lmIiB3 aWR0aD0iNTk4IiBoZWlnaHQ9IjQ5Ij48L3RkPg0KPC90cj4NCjx0ciBhbGln bj0iY2VudGVyIj4NCjx0ZCBjb2xzcGFuPSIyIj4NCjx0YWJsZSB3aWR0aD01 MjQgYm9yZGVyPTAgY2VsbHBhZGRpbmc9MCBjZWxsc3BhY2luZz0wPg0KPHRy Pg0KPHRkPjxhIGhyZWY9Imh0dHA6Ly93d3cucmVmaWxsLmNvLmtyL2h0bWwv UHJvVG9uZXJMaXN0LmFzcD9pbWdjaGs9MiIgdGFyZ2V0PSJfYmxhbmsiPjxp bWcgc3JjPSJodHRwOi8vd3d3LnJlZmlsbC5jby5rci9tYWlsL25ld3NsZXR0 ZXIvaW1hZ2VzL2JyYW5kXzAxLmdpZiIgd2lkdGg9MTAxIGhlaWdodD01NiBh bHQ9IiIgYm9yZGVyPSIwIj48L2E+PC90ZD4NCjx0ZD48YSBocmVmPSJodHRw Oi8vd3d3LnJlZmlsbC5jby5rci9odG1sL1Byb1RvbmVyTGlzdC5hc3A/aW1n Y2hrPTImYW1wO0NhdGVnb3J5PVQmYW1wO1NlbGVjdENvbXBhbnk9JUJCJUVG JUJDJUJBIiB0YXJnZXQ9Il9ibGFuayI+PGltZyBzcmM9Imh0dHA6Ly93d3cu cmVmaWxsLmNvLmtyL21haWwvbmV3c2xldHRlci9pbWFnZXMvYnJhbmRfMDIu Z2lmIiB3aWR0aD0xMDkgaGVpZ2h0PTU2IGFsdD0iIiBib3JkZXI9IjAiPjwv YT48L3RkPg0KPHRkPjxhIGhyZWY9Imh0dHA6Ly93d3cucmVmaWxsLmNvLmty L2h0bWwvUHJvVG9uZXJMaXN0LmFzcD9pbWdjaGs9MiZhbXA7Q2F0ZWdvcnk9 VCZhbXA7U2VsZWN0Q29tcGFueT0lQzUlQTUlQjQlRDAlQkQlQkEiIHRhcmdl dD0iX2JsYW5rIj48aW1nIHNyYz0iaHR0cDovL3d3dy5yZWZpbGwuY28ua3Iv bWFpbC9uZXdzbGV0dGVyL2ltYWdlcy9icmFuZF8wMy5naWYiIHdpZHRoPTEx NiBoZWlnaHQ9NTYgYWx0PSIiIGJvcmRlcj0iMCI+PC9hPjwvdGQ+DQo8dGQ+ PGEgaHJlZj0iaHR0cDovL3d3dy5yZWZpbGwuY28ua3IvaHRtbC9Qcm9Ub25l ckxpc3QuYXNwP2ltZ2Noaz0yJmFtcDtDYXRlZ29yeT1UJmFtcDtTZWxlY3RD b21wYW55PSVCRCVDNSVCNSVCNSVCOCVBRSVDNCVEQSIgdGFyZ2V0PSJfYmxh bmsiPjxpbWcgc3JjPSJodHRwOi8vd3d3LnJlZmlsbC5jby5rci9tYWlsL25l d3NsZXR0ZXIvaW1hZ2VzL2JyYW5kXzA0LmdpZiIgd2lkdGg9OTkgaGVpZ2h0 PTU2IGFsdD0iIiBib3JkZXI9IjAiPjwvYT48L3RkPg0KPHRkPjxhIGhyZWY9 Imh0dHA6Ly93d3cucmVmaWxsLmNvLmtyL2h0bWwvUHJvVG9uZXJMaXN0LmFz cD9pbWdjaGs9MiZhbXA7Q2F0ZWdvcnk9VCZhbXA7U2VsZWN0Q29tcGFueT1F UFNPTi8lQkIlRUYlQkElQjgiIHRhcmdldD0iX2JsYW5rIj48aW1nIHNyYz0i aHR0cDovL3d3dy5yZWZpbGwuY28ua3IvbWFpbC9uZXdzbGV0dGVyL2ltYWdl cy9icmFuZF8wNS5naWYiIHdpZHRoPTk5IGhlaWdodD01NiBhbHQ9IiIgYm9y ZGVyPSIwIj48L2E+PC90ZD4NCjwvdHI+DQo8dHI+DQo8dGQ+PGEgaHJlZj0i aHR0cDovL3d3dy5yZWZpbGwuY28ua3IvaHRtbC9Qcm9Ub25lckxpc3QuYXNw P2ltZ2Noaz0yJmFtcDtDYXRlZ29yeT1UJmFtcDtTZWxlY3RDb21wYW55PSVD MSVBNiVCNyVDRiVCRCVCQSIgdGFyZ2V0PSJfYmxhbmsiPjxpbWcgc3JjPSJo dHRwOi8vd3d3LnJlZmlsbC5jby5rci9tYWlsL25ld3NsZXR0ZXIvaW1hZ2Vz L2JyYW5kXzA2LmdpZiIgd2lkdGg9MTAxIGhlaWdodD00MCBhbHQ9IiIgYm9y ZGVyPSIwIj48L2E+PC90ZD4NCjx0ZD48YSBocmVmPSJodHRwOi8vd3d3LnJl ZmlsbC5jby5rci9odG1sL1Byb1RvbmVyTGlzdC5hc3A/aW1nY2hrPTImYW1w O0NhdGVnb3J5PVQmYW1wO1NlbGVjdENvbXBhbnk9TEciIHRhcmdldD0iX2Js YW5rIj48aW1nIHNyYz0iaHR0cDovL3d3dy5yZWZpbGwuY28ua3IvbWFpbC9u ZXdzbGV0dGVyL2ltYWdlcy9icmFuZF8wNy5naWYiIHdpZHRoPTEwOSBoZWln aHQ9NDAgYWx0PSIiIGJvcmRlcj0iMCI+PC9hPjwvdGQ+DQo8dGQ+PGEgaHJl Zj0iaHR0cDovL3d3dy5yZWZpbGwuY28ua3IvaHRtbC9Qcm9Ub25lckxpc3Qu YXNwP2ltZ2Noaz0yJmFtcDtDYXRlZ29yeT1UJmFtcDtTZWxlY3RDb21wYW55 PSVDNCVCMyVCMyVFRCIgdGFyZ2V0PSJfYmxhbmsiPjxpbWcgc3JjPSJodHRw Oi8vd3d3LnJlZmlsbC5jby5rci9tYWlsL25ld3NsZXR0ZXIvaW1hZ2VzL2Jy YW5kXzA4LmdpZiIgd2lkdGg9MTE2IGhlaWdodD00MCBhbHQ9IiIgYm9yZGVy PSIwIj48L2E+PC90ZD4NCjx0ZD48YSBocmVmPSJodHRwOi8vd3d3LnJlZmls bC5jby5rci9odG1sL1Byb1RvbmVyTGlzdC5hc3A/aW1nY2hrPTImYW1wO0Nh dGVnb3J5PVQmYW1wO1NlbGVjdENvbXBhbnk9JUMxJUE2JUMwJUNGJUMxJUE0 JUI5JUQwIiB0YXJnZXQ9Il9ibGFuayI+PGltZyBzcmM9Imh0dHA6Ly93d3cu cmVmaWxsLmNvLmtyL21haWwvbmV3c2xldHRlci9pbWFnZXMvYnJhbmRfMDku Z2lmIiB3aWR0aD05OSBoZWlnaHQ9NDAgYWx0PSIiIGJvcmRlcj0iMCI+PC9h PjwvdGQ+DQo8dGQ+PGEgaHJlZj0iaHR0cDovL3d3dy5yZWZpbGwuY28ua3Iv aHRtbC9Qcm9Ub25lckxpc3QuYXNwP2ltZ2Noaz0yJmFtcDtDYXRlZ29yeT1U JmFtcDtTZWxlY3RDb21wYW55PSVCMSVFMiVDNSVCOCIgdGFyZ2V0PSJfYmxh bmsiPjxpbWcgc3JjPSJodHRwOi8vd3d3LnJlZmlsbC5jby5rci9tYWlsL25l d3NsZXR0ZXIvaW1hZ2VzL2JyYW5kXzEwLmdpZiIgd2lkdGg9OTkgaGVpZ2h0 PTQwIGFsdD0iIiBib3JkZXI9IjAiPjwvYT48L3RkPg0KPC90cj4NCjwvdGFi bGU+DQo8L3RkPg0KPC90cj4NCjx0cj4NCjx0ZCBjb2xzcGFuPSIyIj48aW1n IHNyYz0iaHR0cDovL3d3dy5yZWZpbGwuY28ua3IvbWFpbC9uZXdzbGV0dGVy L2ltYWdlcy9iYXJfZG90LmdpZiIgd2lkdGg9IjU5OCIgaGVpZ2h0PSIxNyI+ PC90ZD4NCjwvdHI+DQo8dHIgYWxpZ249ImNlbnRlciI+DQo8dGQgY29sc3Bh bj0iMiI+DQo8dGFibGUgd2lkdGg9IjU3MiIgYm9yZGVyPSIwIiBjZWxsc3Bh Y2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiIGhlaWdodD0iOTAiPg0KPHRyPg0K PHRkPjxhIGhyZWY9Imh0dHA6Ly93d3cucmVmaWxsLmNvLmtyL2h0bWwvcHJv bWlzZS5hc3AiIHRhcmdldD0iX2JsYW5rIj48aW1nIHNyYz0iaHR0cDovL3d3 dy5yZWZpbGwuY28ua3IvbWFpbC9uZXdzbGV0dGVyL2ltYWdlcy9iYW5fc3Vi MDEuZ2lmIiB3aWR0aD0iMTkxIiBoZWlnaHQ9Ijc1IiBib3JkZXI9IjAiPjwv YT48L3RkPg0KPHRkPjxhIGhyZWY9Imh0dHA6Ly93d3cucmVmaWxsLmNvLmty L2h0bWwvcG9wdXBfcmVjeWNsZS5odG0iIHRhcmdldD0iX2JsYW5rIj48aW1n IHNyYz0iaHR0cDovL3d3dy5yZWZpbGwuY28ua3IvbWFpbC9uZXdzbGV0dGVy L2ltYWdlcy9iYW5fc3ViMDIuZ2lmIiB3aWR0aD0iMTkwIiBoZWlnaHQ9Ijc1 IiBib3JkZXI9IjAiPjwvYT48L3RkPg0KPHRkPjxpbWcgc3JjPSJodHRwOi8v d3d3LnJlZmlsbC5jby5rci9tYWlsL25ld3NsZXR0ZXIvaW1hZ2VzL2Jhbl9z dWIwMy5naWYiIHdpZHRoPSIxOTEiIGhlaWdodD0iNzUiPjwvdGQ+DQo8L3Ry Pg0KPC90YWJsZT4NCjwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkIGNvbHNwYW49 IjIiPjxpbWcgc3JjPSJodHRwOi8vd3d3LnJlZmlsbC5jby5rci9tYWlsL25l d3NsZXR0ZXIvaW1hZ2VzL2Jhcl9kb3QuZ2lmIiB3aWR0aD0iNTk4IiBoZWln aHQ9IjE3Ij48L3RkPg0KPC90cj4NCjx0cj4NCjx0ZCBjb2xzcGFuPSIyIj48 aW1nIHNyYz0iaHR0cDovL3d3dy5yZWZpbGwuY28ua3IvbWFpbC9uZXdzbGV0 dGVyL2ltYWdlcy90X2NhcnRvb24uZ2lmIiB3aWR0aD0iMTYzIiBoZWlnaHQ9 IjIxIj48L3RkPg0KPC90cj4NCjx0ciBhbGlnbj0iY2VudGVyIj4NCjx0ZCBj b2xzcGFuPSIyIj4NCjx0YWJsZSB3aWR0aD01MTggYm9yZGVyPTAgY2VsbHBh ZGRpbmc9MCBjZWxsc3BhY2luZz0wPg0KPHRyPg0KPHRkPjxpbWcgc3JjPSJo dHRwOi8vd3d3LnJlZmlsbC5jby5rci9tYWlsL25ld3NsZXR0ZXIvaW1hZ2Vz L2NhcnRvb25fMDEuZ2lmIiB3aWR0aD0yNzUgaGVpZ2h0PTIxNiBhbHQ9IiI+ PC90ZD4NCjx0ZD48aW1nIHNyYz0iaHR0cDovL3d3dy5yZWZpbGwuY28ua3Iv bWFpbC9uZXdzbGV0dGVyL2ltYWdlcy9jYXJ0b29uXzAyLmdpZiIgd2lkdGg9 MjQzIGhlaWdodD0yMTYgYWx0PSIiPjwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRk PjxpbWcgc3JjPSJodHRwOi8vd3d3LnJlZmlsbC5jby5rci9tYWlsL25ld3Ns ZXR0ZXIvaW1hZ2VzL2NhcnRvb25fMDMuZ2lmIiB3aWR0aD0yNzUgaGVpZ2h0 PTIxMiBhbHQ9IiI+PC90ZD4NCjx0ZD48aW1nIHNyYz0iaHR0cDovL3d3dy5y ZWZpbGwuY28ua3IvbWFpbC9uZXdzbGV0dGVyL2ltYWdlcy9jYXJ0b29uXzA0 LmdpZiIgd2lkdGg9MjQzIGhlaWdodD0yMTIgYWx0PSIiPjwvdGQ+DQo8L3Ry Pg0KPHRyPg0KPHRkPjxpbWcgc3JjPSJodHRwOi8vd3d3LnJlZmlsbC5jby5r ci9tYWlsL25ld3NsZXR0ZXIvaW1hZ2VzL2NhcnRvb25fMDUuZ2lmIiB3aWR0 aD0yNzUgaGVpZ2h0PTE5MSBhbHQ9IiI+PC90ZD4NCjx0ZD48aW1nIHNyYz0i aHR0cDovL3d3dy5yZWZpbGwuY28ua3IvbWFpbC9uZXdzbGV0dGVyL2ltYWdl cy9jYXJ0b29uXzA2LmdpZiIgd2lkdGg9MjQzIGhlaWdodD0xOTEgYWx0PSIi PjwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkPjxpbWcgc3JjPSJodHRwOi8vd3d3 LnJlZmlsbC5jby5rci9tYWlsL25ld3NsZXR0ZXIvaW1hZ2VzL2NhcnRvb25f MDcuZ2lmIiB3aWR0aD0yNzUgaGVpZ2h0PTE4NiBhbHQ9IiI+PC90ZD4NCjx0 ZD48aW1nIHNyYz0iaHR0cDovL3d3dy5yZWZpbGwuY28ua3IvbWFpbC9uZXdz bGV0dGVyL2ltYWdlcy9jYXJ0b29uXzA4LmdpZiIgd2lkdGg9MjQzIGhlaWdo dD0xODYgYWx0PSIiPjwvdGQ+DQo8L3RyPg0KPC90YWJsZT4NCjwvdGQ+DQo8 L3RyPg0KPHRyPg0KPHRkIGNvbHNwYW49IjIiPjxpbWcgc3JjPSJodHRwOi8v d3d3LnJlZmlsbC5jby5rci9tYWlsL25ld3NsZXR0ZXIvaW1hZ2VzL2Jhcl9k b3QuZ2lmIiB3aWR0aD0iNTk4IiBoZWlnaHQ9IjE3Ij48L3RkPg0KPC90cj4N Cjx0ciBhbGlnbj0iY2VudGVyIj4NCjx0ZCBjb2xzcGFuPSIyIj4NCjx0YWJs ZSB3aWR0aD0iNTc4IiBib3JkZXI9IjAiIGNlbGxzcGFjaW5nPSIwIiBjZWxs cGFkZGluZz0iMTAiPg0KPHRyPg0KPHRkIHdpZHRoPSI0NzQiIHZhbGlnbj0i dG9wIiBjbGFzcz0ibm9tX3R4dCI+waS6uMXrvcW6ziCxx7DtILvnx9cguf23 /CDBpg0KNTDBtr+hIMDHsMXHz7+pIMGmuPG/oSAosaSw7Sm287DtIMelseLH 0SCxpLDtuN7Az8DMuOcsILHNx8/AxyC43sDPwda80rTCIMClILytx87B3yC+ y7DUILXIILDNwMy45ywgZU1haWwNCsHWvNIgv9y/oSCxzcfPwMcgvu62sMfR IMGkuri1tSCwocH2sO0gwNbB9iC+ysC4tM8gvsi9ycfPvcOx5iC52bb4tM+0 2S4gursguN7Az8C6ILnfvNvA/L/rILjewM/A08C4t84sIL/4xKENCr7KwLi9 w7jpIFu89r3FsMW6zl0gufbGsMC7IENsaWNrIMfYIMHWvLy/5C48YnI+PGJy Pg0KSWYgeW91IHdvdWxkIGxpa2UgdG8gYmUgcmVtb3ZlZCBmcm9tIGFueSBv ZiBvdXIgZGlzdHJpYnV0aW9uIGxpc3RzLCBwbGVhc2UgY2xpY2sgJ1JFRlVT RScuIEl0IHdpbGwgYmUgaGFuZGxlZCBwcm9tcHRseS4gVGhhbmsgeW91LiA8 YSBocmVmPSJodHRwOi8vd3d3LnJlZmlsbC5jby5rci9tYWlsL25ld3NsZXR0 ZXIvMDMwMnJlamVjdC5hc3A/TWFpbE51bT1mcmVlYnNkLWlzcEBmcmVlYnNk Lm9yZyIgdGFyZ2V0PSJfYmxhbmsiPltSRUZVU0VdPC9hPg0KPC90ZD4NCjx0 ZCB3aWR0aD0iNjQiIGFsaWduPSJjZW50ZXIiPjxhIGhyZWY9Imh0dHA6Ly93 d3cucmVmaWxsLmNvLmtyL21haWwvbmV3c2xldHRlci8wMzAycmVqZWN0LmFz cD9NYWlsTnVtPWZyZWVic2QtaXNwQGZyZWVic2Qub3JnIiB0YXJnZXQ9Il9i bGFuayI+PGltZyBzcmM9Imh0dHA6Ly93d3cucmVmaWxsLmNvLmtyL21haWwv bmV3c2xldHRlci9pbWFnZXMvYl9ub21haWwuZ2lmIiB3aWR0aD0iNjAiIGhl aWdodD0iNjAiIGJvcmRlcj0iMCI+PC9hPjwvdGQ+DQo8L3RyPg0KPC90YWJs ZT4NCjwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkIGNvbHNwYW49IjIiPjxpbWcg c3JjPSJodHRwOi8vd3d3LnJlZmlsbC5jby5rci9tYWlsL25ld3NsZXR0ZXIv aW1hZ2VzL2Jhcl9kb3QuZ2lmIiB3aWR0aD0iNTk4IiBoZWlnaHQ9IjE3Ij48 L3RkPg0KPC90cj4NCjx0ciBhbGlnbj0iY2VudGVyIj4NCjx0ZCBjb2xzcGFu PSIyIj4NCjx0YWJsZSB3aWR0aD0iNTc4IiBib3JkZXI9IjAiIGNlbGxzcGFj aW5nPSIwIiBjZWxscGFkZGluZz0iMTAiPg0KPHRyPg0KPHRkIHdpZHRoPSIy MjciIHZhbGlnbj0idG9wIiBjbGFzcz0ibm9tX3R4dCI+PGI+odggsO2wtCC8 rbrxvbogua7AxyA6IDAyLTMyODEtNzc3NyA8L2I+PC90ZD4NCjx0ZCB3aWR0 aD0iMzExIiBhbGlnbj0icmlnaHQiIGNsYXNzPSJub21fdHh0Ij5Db3B5cmln aHQgMTk5MS0yMDAyLiBGdXRlY2ggY28sLkx0ZC4gQWxsIHJpZ2h0IHJlc2Vy dmVkLjwvdGQ+DQo8L3RyPg0KPC90YWJsZT4NCjwvdGQ+DQo8L3RyPg0KPHRy Pjx0ZCBjb2xzcGFuPSIyIiBoZWlnaHQ9IjEiIGJnY29sb3I9IiNDNkM2QzYi PjxpbWcgc3JjPSJodHRwOi8vd3d3LnJlZmlsbC5jby5rci9tYWlsL25ld3Ns ZXR0ZXIvaW1hZ2VzL2JsYW5rLmdpZiI+PC90ZD48L3RyPg0KPC90YWJsZT4N CjwvdGQ+DQo8dGQgd2lkdGg9IjEiIGJnY29sb3I9IiNDNkM2QzYiPjxpbWcg c3JjPSJodHRwOi8vd3d3LnJlZmlsbC5jby5rci9tYWlsL25ld3NsZXR0ZXIv aW1hZ2VzL2JsYW5rLmdpZiI+PC90ZD4NCjwvdHI+DQo8L3RhYmxlPg0KPGJy Pg0KPC9ib2R5Pg0KPC9odG1sPg0K To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message