From owner-freebsd-isp@FreeBSD.ORG Sun Apr 13 05:31:37 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF0E137B401 for ; Sun, 13 Apr 2003 05:31:37 -0700 (PDT) Received: from Shenton.org (23.ebbed1.client.atlantech.net [209.190.235.35]) by mx1.FreeBSD.org (Postfix) with SMTP id 8FE2743F3F for ; Sun, 13 Apr 2003 05:31:34 -0700 (PDT) (envelope-from chris@Shenton.Org) Received: (qmail 57427 invoked by uid 1000); 13 Apr 2003 12:31:33 -0000 To: Adrian Pavlykevych References: <0AF1BBDF1218F14E9B4CCE414744E70F07DE8D@exchange.wanglobal.net> <3E967F79.8060200@polynet.lviv.ua> From: Chris Shenton Date: 13 Apr 2003 08:31:33 -0400 In-Reply-To: <3E967F79.8060200@polynet.lviv.ua> Message-ID: <87y92ey3x6.fsf@Pectopah.shenton.org> Lines: 24 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-isp@freebsd.org Subject: Re: RADIUS/Active Directory and Mailserver. X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Apr 2003 12:31:38 -0000 Adrian Pavlykevych writes: > qmail-ldap http://www.nrg4u.com > Courier-MTA http://www.courier-mta.org > > Both can use LDAP to get information about virtual users, so you can > query AD for it. You'll probably need to extend AD schema to fit all > necessary attributes though. > > Sendmail does LDAP too, but I'm not sure about its feature-completeness. There's a chapter in the new O'Reilly book _LDAP System Administration_ on integrating sendmail, postfix and exim with LDAP. That chapter is online at: http://www.oreilly.com/catalog/ldapsa/chapter/ch07.pdf Some folks on another list have complained that the book doesn't have enough Admin, or that it collects info available elsewhere, but I am finding it helpful. I'm setting up qmail-ldap with an OpenLDAP directory, BTW, and unfortunately there's no qmail-ldap chapter. But the concepts are helpful. From owner-freebsd-isp@FreeBSD.ORG Sun Apr 13 11:58:05 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7DC5737B401 for ; Sun, 13 Apr 2003 11:58:05 -0700 (PDT) Received: from mail.nortenet.pt (mar.nortenet.pt [212.13.32.243]) by mx1.FreeBSD.org (Postfix) with ESMTP id A572B43F85 for ; Sun, 13 Apr 2003 11:58:03 -0700 (PDT) (envelope-from guilherme@nortenet.pt) Received: from nortenet.pt (p078-53.netc.pt [213.30.21.78]) by mail.nortenet.pt (8.11.1/8.11.1) with ESMTP id h3DIuas19240 for ; Sun, 13 Apr 2003 19:56:37 +0100 Message-ID: <3E99B32D.9040102@nortenet.pt> Date: Sun, 13 Apr 2003 19:57:49 +0100 From: "Guilherme J. R. Oliveira" Organization: VianaVirtual.com User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3) Gecko/20030404 X-Accept-Language: pt, pt-br, en, en-us MIME-Version: 1.0 To: FreeBSD-ISP Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Central NIS & NFS X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Apr 2003 18:58:05 -0000 Hi. I will configure a webhosting network that will serve PHP and ASP pages. PHP pages will be served from a freebsd server and that's it ! For the ASP server, I want that w2k authenticate to freebsd and then the ASP webpage will be retrivied in freebsd to IIS. So I want a central server for logins and files in FreeBSD that w2k can acess. I've searched google and I think the best way to do this is using NIS+NFS. W2k authenticates using NIS and if it's requested an ASP web page it will be served by IIS using the ASP files in nfs/FreeBSD. So it comes another problem: nis+nfs clients to w2k ... It seems that Microsoft as a product called "Services for Unix" in http://www.microsoft.com/windows/sfu/default.asp that have these clients. Anyone tried this ? It's stable ? Other possibility (if i understand right) is to use Samba as Active Directory to authenticate logins and serve the files by shares. Is this possible and stable in Samba ? Other possibility is CHilisoft ASP but it's not current as it only support ASP 3.0 and I will need .NET too. Ao this option is discarded. Opinions ? Thanks ! From owner-freebsd-isp@FreeBSD.ORG Sun Apr 13 14:53:22 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A96E37B401; Sun, 13 Apr 2003 14:53:22 -0700 (PDT) Received: from amour.ath.cx (p62.246.200.221.tisdip.tiscali.de [62.246.200.221]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2963B43F75; Sun, 13 Apr 2003 14:53:21 -0700 (PDT) (envelope-from amour@amour.ath.cx) Received: from amour.ath.cx (amour@localhost.ath.cx [127.0.0.1]) by amour.ath.cx (8.12.9/8.12.9) with ESMTP id h3DLrJxU066168; Sun, 13 Apr 2003 23:53:19 +0200 (CEST) (envelope-from amour@amour.ath.cx) Received: from localhost (amour@localhost) by amour.ath.cx (8.12.9/8.12.9/Submit) with ESMTP id h3DLrIIB066165; Sun, 13 Apr 2003 23:53:19 +0200 (CEST) Date: Sun, 13 Apr 2003 23:53:18 +0200 (CEST) From: Alexander To: freebsd-questions@freebsd.org Message-ID: <20030413233019.S65387-100000@amour.ath.cx> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org cc: freebsd-net@freebsd.org Subject: "pipe sharing program", something like cbq X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Apr 2003 21:53:22 -0000 Hello ! I'm looking a program that can do the following stuff: If I have 5 clients, each of them with 64k pipe and all of them share a 256k pipe. And at a certain time some of the clients are using their full 64k capacity and the others are using not pretty much (like just browsing sites or just idling), so the program should notice that and get some from the 64k pipe of each idler and share it through the rest of active users. thanks P.S. Please include my email when replying, thanks From owner-freebsd-isp@FreeBSD.ORG Sun Apr 13 15:02:13 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5EB1C37B401 for ; Sun, 13 Apr 2003 15:02:13 -0700 (PDT) Received: from kurdistan.ath.cx (adsl-64-169-155-173.dsl.chic01.pacbell.net [64.169.155.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id 61A0E43F3F for ; Sun, 13 Apr 2003 15:02:12 -0700 (PDT) (envelope-from sereciya@kurdistan.ath.cx) Received: from kurdistan.ath.cx (ns1 [127.0.0.1]) by kurdistan.ath.cx (8.12.8/8.12.6) with ESMTP id h3DM2704047122 for ; Sun, 13 Apr 2003 15:02:12 -0700 (PDT) (envelope-from sereciya@kurdistan.ath.cx) Received: (from sereciya@localhost) by kurdistan.ath.cx (8.12.8/8.12.6/Submit) id h3DM22mM047121 for freebsd-isp@freebsd.org; Sun, 13 Apr 2003 15:02:02 -0700 (PDT) Date: Sun, 13 Apr 2003 15:02:02 -0700 From: =?unknown-8bit?Q?S=EAr=EAciya_Kurdistan=EE?= To: freebsd-isp@freebsd.org Message-ID: <20030413220202.GC44865@kurdistan.ath.cx> References: <20030413233019.S65387-100000@amour.ath.cx> Mime-Version: 1.0 Content-Type: text/plain; charset=unknown-8bit Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20030413233019.S65387-100000@amour.ath.cx> User-Agent: Mutt/1.4i Subject: Re: "pipe sharing program", something like cbq X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Apr 2003 22:02:13 -0000 Hello, Cross-posting is frowned upon, please don't do it! > I'm looking a program that can do the following stuff: > > If I have 5 clients, each of them with 64k pipe and all of them share a > 256k pipe. And at a certain time some of the clients are using their full > 64k capacity and the others are using not pretty much (like just browsing > sites or just idling), so the program should notice that and get some from > the 64k pipe of each idler and share it through the rest of active users. I'm not sure what you mean, but you'll need to use ipfw + dummynet. A sample configuration would be: ipfw pipe 1 config bw 64Kbit/s noerror ...or... depends on what "k" you mean ipfw pipe 1 config bw 64Kbyte/s noerror ipfw pipe 2 config bw 64Kbyte/s noerror ... ipfw add pipe 1 host1 to any ipfw add pipe 2 host2 to any ... ... Hope that helps. -- +--------------------------------------------------------------+ | Welat xwe ava nake, dest bidin hevdu, pist nedin tu dijminî | | Riya azadiyê ne hêsan e, hêviya xwe bernedin, dema me | | nêzîk e. | | | | Hevaltî bi kesên du rû nekin, hevaltî bi hevdu ra bikin | | Ne ji hevaltiya wan kesên pêxwas û rû dirêj, ne bi wan | | kesên xwînperest, ne jî ji yên din. | | | | -$êrêciya Kurdistanî | +--------------------------------------------------------------+ translation provided on request: sereciya@kurdistan.ath.cx From owner-freebsd-isp@FreeBSD.ORG Sun Apr 13 15:04:33 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6DB5237B401; Sun, 13 Apr 2003 15:04:33 -0700 (PDT) Received: from relay.boerde.de (relay.boerde.de [213.187.87.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id B72B243FA3; Sun, 13 Apr 2003 15:04:32 -0700 (PDT) (envelope-from shauwn@relay.boerde.de) Received: by relay.boerde.de (Postfix, from userid 639) id 3AAE9139A3; Mon, 14 Apr 2003 00:04:31 +0200 (MEST) Received: from localhost (localhost [127.0.0.1]) by relay.boerde.de (Postfix) with ESMTP id 2F51D139A1; Mon, 14 Apr 2003 00:04:31 +0200 (MEST) Date: Mon, 14 Apr 2003 00:04:31 +0200 (MEST) From: Frank Reppin To: Alexander In-Reply-To: <20030413233019.S65387-100000@amour.ath.cx> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org cc: freebsd-net@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: "pipe sharing program", something like cbq X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Frank.Reppin@boerde.de List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Apr 2003 22:04:33 -0000 On Sun, 13 Apr 2003, Alexander wrote: > Hello ! hi, > > I'm looking a program that can do the following stuff: > > If I have 5 clients, each of them with 64k pipe and all of them share a > 256k pipe. And at a certain time some of the clients are using their full > 64k capacity and the others are using not pretty much (like just browsing > sites or just idling), so the program should notice that and get some from > the 64k pipe of each idler and share it through the rest of active users. ALTQD: http://www.csl.sony.co.jp/~kjc/software.html#ALTQ should fulfil your needs. You can define classes within CBQ and those classes can borrow 'unused' bandwidth from their respective parentclasses. Best regards, Frank Reppin From owner-freebsd-isp@FreeBSD.ORG Sun Apr 13 17:23:29 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 20E3637B401 for ; Sun, 13 Apr 2003 17:23:29 -0700 (PDT) Received: from jhs.muc.de (pD950EEF7.dip.t-dialin.net [217.80.238.247]) by mx1.FreeBSD.org (Postfix) with ESMTP id ECD1843FA3 for ; Sun, 13 Apr 2003 17:23:26 -0700 (PDT) (envelope-from jhs@berklix.com) Received: from flip.jhs.private (flip.jhs.private [192.168.91.24]) by jhs.muc.de (8.11.6/8.11.6) with ESMTP id h3E0NVv81852; Mon, 14 Apr 2003 02:23:31 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from flip.jhs.private (localhost [127.0.0.1]) by flip.jhs.private (8.11.6/8.11.6) with ESMTP id h3E0N5D92224; Mon, 14 Apr 2003 02:23:20 +0200 (CEST) (envelope-from jhs@flip.jhs.private) Message-Id: <200304140023.h3E0N5D92224@flip.jhs.private> To: FreeBSD ISP List In-Reply-To: Message from Jez Hancock of "Sat, 12 Apr 2003 14:38:37 BST." <20030412133836.GA52054@users.munk.nu> Date: Mon, 14 Apr 2003 02:23:05 +0200 From: "Julian H. Stacey" cc: jez.hancock@munk.nu Subject: Re: Serial line fbsd installation with no CD X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2003 00:23:29 -0000 Jez Hancock wrote: > Hi all, > > I have two colocated servers in the US and I'm in the UK. I need to install > FreeBSD 4.8 from scratch across a serial connection that exists between the > two servers. The current OS are FreeBSD 4.6.2 and as such I am unable to > adequately make world to the latest STABLE release. > > Further I do not have the option of installing from a CDROM installed on > the server. Has anyone been in a similar situation and if so how did you > resolve the problem? > > Thanks in advance, > Jez I often do remote upgrades. Tip, practice locally first, knowing if you have to push reset, you've failed :-) There's a web page on this on http://www.freebsd.org I believe, but here are 2 ways, must be other too: 1) NFS export a file system & do a remote install from a good 4.8 local to a remote sub directory on 4.6.2 file system, then move in to place as below in (3) setenv DESTDIR /host/remote/usr1/new4.8 cd /usr/src/etc; make distribdirs ; cd ..; make install That way will frighten some people who are keen on security (though you could EG have ipfw on remote blocking all but your IP for NFS, (I'm thinking of doing that for some of mine for other reasons) 2) On local 4.8 host do approx: (note this is Not exact, you need to think what your doing, to avoid shooting in foot, but I do similar it all the time & it works for me, though I've probably forgotten to include something, so think & take great care :-). su setenv DESTDIR /usr1/new mkdir /usr1/new cd /usr/src/etc; make distrib-dirs ; cd ..; make install cd /sys/i386/conf;config -r GENERIC;cd ../../compile/GENERIC;make depend;make;make install cd /usr1/new tar zcf ../new.tgz . ftp remote put new.tgz ((3) as common follow up to (1) & (2)) rlogin or ssh remote su cd /usr1/new tar zxf new.tgz mkdir /old /new /usr/old /usr/new /var/old /var/new echo block logins, and kick users off now. echo backup what you value mv /var/* /var/old/ mv var/* /var cd usr rmdir * csh foreach i ( * ) mv /usr/$i /usr/old/$i mv $i /usr end cd .. cp `which mv` / cp `which reboot` / rm -rf etc dev proc mnt sys tmp foreach i ( * ) /mv /$i /old/$i /mv $i / end /old/bin/ls / # make sure you have a new kernel & new modules /reboot su ; mergemaster recompile stuff for /usr/local & /usr/X11R6 (your old packages can be seen by ls /var/old/db/pkg) echo wait till happy all is ok rm -rf /old /*/old chflags -R noschg /old /*/old rm -rf /old /*/old - Julian Stacey Freelance Systems Engineer, Unix & Net Consultant, Munich. Ihr Rauchen => mein allergischer Kopfschmerz ! Schnupftabak probieren. From owner-freebsd-isp@FreeBSD.ORG Mon Apr 14 08:50:43 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3711637B407 for ; Mon, 14 Apr 2003 08:50:43 -0700 (PDT) Received: from users.munk.nu (213-152-51-194.dsl.eclipse.net.uk [213.152.51.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 800E043FA3 for ; Mon, 14 Apr 2003 08:50:41 -0700 (PDT) (envelope-from munk@users.munk.nu) Received: from users.munk.nu (munk@localhost [127.0.0.1]) by users.munk.nu (8.12.9/8.12.8) with ESMTP id h3EFquJ0004534 for ; Mon, 14 Apr 2003 16:52:56 +0100 (BST) (envelope-from munk@users.munk.nu) Received: (from munk@localhost) by users.munk.nu (8.12.9/8.12.8/Submit) id h3EFquwO004533 for freebsd-isp@freebsd.org; Mon, 14 Apr 2003 16:52:56 +0100 (BST) Date: Mon, 14 Apr 2003 16:52:56 +0100 From: Jez Hancock To: freebsd-isp@freebsd.org Message-ID: <20030414155256.GA1608@users.munk.nu> Mail-Followup-To: freebsd-isp@freebsd.org References: <20030412141313.GB58220@wjv.com> <20030412153736.GA53356@users.munk.nu> <20030412184738.GA52650@wjv.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030412184738.GA52650@wjv.com> User-Agent: Mutt/1.4.1i Subject: Re: Serial line fbsd installation with no CD X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2003 15:50:43 -0000 Hi again Bill, On Sat, Apr 12, 2003 at 02:47:39PM -0400, Bill Vermillion wrote: > > The problem was with ipfw2 and in general it's just the fact > > this is currently not a production server and we'd rather have > > a fresh install of 4.8 (the NOC currently installs 4.6.2 for > > some reason and it might become the case that they'll start > > installing 4.8 by default when they answer us - negating the > > need for a solution to the subject question:). > > Ah - so it's a company that does more than just put the server in > place and does install too. I'm not used to that as about the only > help I'd get in the colo is a 'helping hands' if needed - but I'm > only 1/2 hour away. It's basically a top-tier tranport provider > who provides facilities for anyting you'd want - but is not > a colo of the 'we provide everything you need'. > > We have our own racks and do all our own work - the only thing the > NOC does is give us connectivity. Different perception on my part. > > If I have a problem one of us [small company] goes and changes the > machines ourselves, or accompanies one our clients while they > change their own machine. Security is strict so we have to arrange > for anyone else to get into the building. To be honest I feel that this is synonymous to the setup of our NOC. I'm actually only a 'coadmin' - in the sense that I do not talk to the network op centre, my 'admin' 'boss' does (lots of 's). It's incredibly frustrating that the cost of colocation in the UK (where I am) and in AUS (where my friend is) is so high and as such we have to colocate in US where bandwidth is much more reasonably priced. > > My plan was to install a stock 4.8 system and immediately cvsup > > to STABLE. Perhaps as you mention it would be better to stay > > with 4.7-RELEASE until 4.8 is out of it's infancy. > > I run stable on my personal machine and a backup machine but never > going beyond a patch-level release for production units. Yes this tip is appreciated and as such we will probably track 4.7-RELEASE on the production and 4.8-STABLE on the dev servers. > > Hopefully the NOC support will get moving on providing at least a 4.7 > > CD for installation. > > With our totally local appoach we've pullled a couple of systems > from 'national' providers who just didn't understand small custom > individual attention. I think we might actually qualify as one > of the smallest ISPs in existance :-) We're small but we've seen > others in the same facility disappear. :) > But having machine with connections not less that 100Mbs running > for a few hundred feet before it gets onto a global 10Gbs backbone > does have it's advantages. Yikes that's some pipe. Still waiting for news on the availability of 4.7-RELEASE CDs in the NOC, I can well see me mailing a disk off to them :) Thanks again, Jez From owner-freebsd-isp@FreeBSD.ORG Mon Apr 14 08:59:01 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 35EE437B401 for ; Mon, 14 Apr 2003 08:59:01 -0700 (PDT) Received: from users.munk.nu (213-152-51-194.dsl.eclipse.net.uk [213.152.51.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 241BE43F93 for ; Mon, 14 Apr 2003 08:59:00 -0700 (PDT) (envelope-from munk@users.munk.nu) Received: from users.munk.nu (munk@localhost [127.0.0.1]) by users.munk.nu (8.12.9/8.12.8) with ESMTP id h3EG1HJ0004670 for ; Mon, 14 Apr 2003 17:01:17 +0100 (BST) (envelope-from munk@users.munk.nu) Received: (from munk@localhost) by users.munk.nu (8.12.9/8.12.8/Submit) id h3EG1Hrg004669 for freebsd-isp@freebsd.org; Mon, 14 Apr 2003 17:01:17 +0100 (BST) Date: Mon, 14 Apr 2003 17:01:17 +0100 From: Jez Hancock To: FreeBSD ISP List Message-ID: <20030414160117.GB1608@users.munk.nu> Mail-Followup-To: FreeBSD ISP List References: <20030412133836.GA52054@users.munk.nu> <200304140023.h3E0N5D92224@flip.jhs.private> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200304140023.h3E0N5D92224@flip.jhs.private> User-Agent: Mutt/1.4.1i Subject: Re: Serial line fbsd installation with no CD X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2003 15:59:01 -0000 Hi Julian, Thanks for your reply. On Mon, Apr 14, 2003 at 02:23:05AM +0200, Julian H. Stacey wrote: > I often do remote upgrades. Tip, practice locally first, knowing if > you have to push reset, you've failed :-) Yes in general this is the idea we had for having one dev and one production box, practise on the dev box first. Right now it's not a huge issue, we're a bunch of web application developers who were looking for a home, hence the colo servers. However we plan to extend the network to provide webhosting solutions geared specifically towards the web application developer market - a no fuss no limitations (within reason) solution for developers who know what they want if you will. With this in mind we will be much more strict about the uptime and upgrading of the production server, and in general keep track of the latest STABLE branch on the dev machine (perhaps perhaps keeping the source for the production server on the dev machine up to date as well in case of security updates to the production level source tree (will be 4.7-RELEASE I think). > There's a web page on this on http://www.freebsd.org I believe, > but here are 2 ways, must be other too: > 1) NFS export a file system & do a remote install from a good 4.8 local > to a remote sub directory on 4.6.2 file system, then move in to > place as below in (3) > setenv DESTDIR /host/remote/usr1/new4.8 > cd /usr/src/etc; make distribdirs ; cd ..; make install > That way will frighten some people who are keen on security > (though you could EG have ipfw on remote blocking all but your IP for > NFS, (I'm thinking of doing that for some of mine for other reasons) Yes this is what I was thinking in my last paragraph above, use NFS to install security affected parts of the 4.7-RELEASE tree (ie sendmail) which have been ready built on the dev machine. > 2) On local 4.8 host do approx: (note this is Not exact, you need > to think what your doing, to avoid shooting in foot, but I do similar > it all the time & it works for me, though I've probably forgotten > to include something, so think & take great care :-). :) > su > setenv DESTDIR /usr1/new > mkdir /usr1/new > cd /usr/src/etc; make distrib-dirs ; cd ..; make install > cd /sys/i386/conf;config -r GENERIC;cd ../../compile/GENERIC;make depend;make;make install > cd /usr1/new > tar zcf ../new.tgz . > ftp remote > put new.tgz > > ((3) as common follow up to (1) & (2)) > rlogin or ssh remote > su > cd /usr1/new > tar zxf new.tgz > mkdir /old /new /usr/old /usr/new /var/old /var/new > echo block logins, and kick users off now. > echo backup what you value > mv /var/* /var/old/ > mv var/* /var > cd usr > rmdir * > csh > foreach i ( * ) > mv /usr/$i /usr/old/$i > mv $i /usr > end > cd .. > cp `which mv` / > cp `which reboot` / > rm -rf etc dev proc mnt sys tmp > foreach i ( * ) > /mv /$i /old/$i > /mv $i / > end > /old/bin/ls / # make sure you have a new kernel & new modules > /reboot > su ; mergemaster > recompile stuff for /usr/local & /usr/X11R6 (your old packages > can be seen by ls /var/old/db/pkg) > echo wait till happy all is ok > rm -rf /old /*/old > chflags -R noschg /old /*/old > rm -rf /old /*/old Much appreciate, thanks Julian. Hopefully we'll never have to go to this extent since we'll be tracking 4.7-RELEASE (only security patches will need applying with luck). Nice to see how others do things though! Thanks and kind regards, Jez From owner-freebsd-isp@FreeBSD.ORG Mon Apr 14 11:01:24 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0E78E37B401 for ; Mon, 14 Apr 2003 11:01:24 -0700 (PDT) Received: from ms.securenet.net (ms.securenet.net [205.236.147.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B65143F85 for ; Mon, 14 Apr 2003 11:01:23 -0700 (PDT) (envelope-from vandj@securenet.net) Received: from 127.0.0.1 (localhost.securenet.net [127.0.0.1]) by dummy.domain.name (Postfix) with SMTP id 381C1264DCA for ; Mon, 14 Apr 2003 14:09:41 -0400 (EDT) Received: from office.securenet.net (office.securenet.net [205.236.147.3]) by ms.securenet.net (Postfix) with ESMTP id 0AD49264DDF for ; Mon, 14 Apr 2003 14:09:41 -0400 (EDT) Message-Id: <5.2.0.9.0.20030414135649.02a71398@pop.securenet.net> X-Sender: vandj@pop.securenet.net X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Mon, 14 Apr 2003 14:01:40 -0400 To: freebsd-isp@freebsd.org From: "Jean M. Vandette" Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Kernel Bug question X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2003 18:01:24 -0000 Greetings all, We have had one of our mail servers running 4.8-STABLE reboot every few hours The following messages were found in the /var/log/messages >Apr 13 13:19:20 ms /kernel: panic: malloc: wrong bucket >Apr 13 13:19:20 ms /kernel: >Apr 13 13:19:20 ms /kernel: syncing disks... 75 27 27 27 27 27 27 27 41 3 >3 3 3 3 3 3 8 3 3 3 3 3 3 3 6 3 3 3 3 3 3 3 3 3 3 3 3 3 3 > >Apr 14 06:33:52 ms /kernel: panic: malloc: lost data >Apr 14 06:33:52 ms /kernel: >Apr 14 06:33:52 ms /kernel: syncing disks... 73 16 16 16 16 16 16 16 28 5 >5 5 5 5 5 5 9 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 >Apr 14 06:33:52 ms /kernel: giving up on 1 buffers Looks like a part of the kernel using data that it doesn't own, ie. a kernel bug Anyone else seen this type of message and better still have you found a fix? Jean M. Vandette **John M. Vandette, Consultant vandj@securenet.net** **SecureNet Information Services Inc. Internet Providers** **100 Alexis Nihon Blvd #283 St. Laurent, Quebec, Canada** **"Who does BSD Unix....?" "We do Chucky... We do..."** From owner-freebsd-isp@FreeBSD.ORG Mon Apr 14 11:06:17 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF07F37B401 for ; Mon, 14 Apr 2003 11:06:17 -0700 (PDT) Received: from mailbox.univie.ac.at (mailbox.univie.ac.at [131.130.1.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id B68F643FBD for ; Mon, 14 Apr 2003 11:06:16 -0700 (PDT) (envelope-from l.ertl@univie.ac.at) Received: from korben (adslle.cc.univie.ac.at [131.130.102.11]) by mailbox.univie.ac.at (8.12.2/8.12.2) with ESMTP id h3EI620p051050; Mon, 14 Apr 2003 20:06:10 +0200 Date: Mon, 14 Apr 2003 20:05:05 +0200 (=?ISO-8859-1?Q?Westeurop=E4ische_Sommerzeit?=) From: Lukas Ertl To: "Jean M. Vandette" In-Reply-To: <5.2.0.9.0.20030414135649.02a71398@pop.securenet.net> Message-ID: References: <5.2.0.9.0.20030414135649.02a71398@pop.securenet.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE X-DCC-ZID-Univie-Metrics: mx1 4241; Body=2 Fuz1=2 Fuz2=2 cc: freebsd-isp@freebsd.org Subject: Re: Kernel Bug question X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2003 18:06:18 -0000 On Mon, 14 Apr 2003, Jean M. Vandette wrote: > >Apr 13 13:19:20 ms /kernel: panic: malloc: wrong bucket > >Apr 13 13:19:20 ms /kernel: > >Apr 13 13:19:20 ms /kernel: syncing disks... 75 27 27 27 27 27 27 27 41 = 3 > >3 3 3 3 3 3 8 3 3 3 3 3 3 3 6 3 3 3 3 3 3 3 3 3 3 3 3 3 3 > > > >Apr 14 06:33:52 ms /kernel: panic: malloc: lost data > >Apr 14 06:33:52 ms /kernel: > >Apr 14 06:33:52 ms /kernel: syncing disks... 73 16 16 16 16 16 16 16 28 = 5 > >5 5 5 5 5 5 9 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 > >Apr 14 06:33:52 ms /kernel: giving up on 1 buffers > > Looks like a part of the kernel using data that it doesn't own, ie. a > kernel bug > Anyone else seen this type of message and better still have you found a f= ix? You should probably build a debug kernel and get a core dump by setting dumpdev in /etc/rc.conf. Then you can try to debug the kernel with gdb (or at least send the output of the backtrace). regards, le --=20 Lukas Ertl eMail: l.ertl@univie.ac.at UNIX-Systemadministrator Tel.: (+43 1) 4277-14073 Zentraler Informatikdienst (ZID) Fax.: (+43 1) 4277-9140 der Universit=E4t Wien http://mailbox.univie.ac.at/~le/ From owner-freebsd-isp@FreeBSD.ORG Mon Apr 14 12:15:20 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 191B837B443 for ; Mon, 14 Apr 2003 12:15:20 -0700 (PDT) Received: from pop3.psconsult.nl (ps227.psconsult.nl [213.222.19.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA8D643FB1 for ; Mon, 14 Apr 2003 12:15:18 -0700 (PDT) (envelope-from paul@pop3.psconsult.nl) Received: (from paul@localhost) by pop3.psconsult.nl (8.9.2/8.9.2) id VAA11570; Mon, 14 Apr 2003 21:15:14 +0200 (CEST) (envelope-from paul) Date: Mon, 14 Apr 2003 21:15:14 +0200 From: Paul Schenkeveld To: "Arie J. Gerszt" Message-ID: <20030414211513.A11204@psconsult.nl> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from arie@gerszt.ch on Sun, Apr 13, 2003 at 09:32:55PM +0100 cc: freebsd-isp@freebsd.org Subject: Re: WG: serial oob (modem management) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2003 19:15:20 -0000 Hi Arie, On Sun, Apr 13, 2003 at 09:32:55PM +0100, Arie J. Gerszt wrote: > Hi Paul > > I managed with mgetty to get a login prompt, with 9600. But after typing > several commands > it seems to hang, the connection is still established but the terminal > doesn't show any > typed characters. > > What would you think? If it works for a few commands and then stops, it usually has to do something with flow control if it's a normal serial line. I don't know the gnokii port (and have no hardware to test it) so I don't know if gnokii supports any kind of flow control and how. So the only suggestion I have here is to start with flow control completely switched off in mgetty. It's been several years ago that I configured mgetty for the last time but basically you are looking for something like -crtscrt to switch off hardware flow control and -ixon to disable software flow control. After switching flow control off see how far you get. Does the connection persist? You might loose characters now if one side is too fast for the other, don't worry (yet) first make sure the connection doesn't hang any more. BTW, also pay attention to flow control at the other end of the connection and make sure it's either correct (ie. the terminal or terminal emulation must exactly match the modem it's connected to or switched off). If you get a connection that doesn't hang anymore, you have to start configuring flow control. Always make sure that every two layers talking to each other have exactly the same idea about it. Hardware flow control uses an extra pair of wired in the serial cable and only spans a connection between two pieces of hardware directly connected together using a cable (ie. the computer and modem on one side of the connection). Software flow control (XON/XOFF) works by sending in-band data between two sides and can either communicate between the computer and the modem it is directly connected to (if the modem and computer are both set up to use flow control) or between the two computers at the far end (if both modems are set up to transparently pass XON and XOFF characters without interpretation). One more thing, always make sure that on every single connection (ie. terminal to modem1, modem1 to modem2 and modem2 to computer) the number of bits per character, the stop bits and parity bits match exactly. A mismatch in parity setting for instance could lead to the XOFF being delivered correctly halting the data but the XON being ignored because of the wrong parity bit and thus effectively freezing the connection permanently. > Regards, > Arie Good luck! Paul Schenkeveld, Consultant PSconsult ICT Services BV > -----Ursprungliche Nachricht----- > Von: owner-freebsd-isp@freebsd.org > [mailto:owner-freebsd-isp@freebsd.org]Im Auftrag von Paul Schenkeveld > Gesendet: Samstag, 12. April 2003 08:36 > An: Kurt Jaeger > Cc: freebsd-isp@freebsd.org > Betreff: Re: serial oob (modem management) > > > Hi All, > > On Fri, Apr 11, 2003 at 12:07:23PM +0200, Kurt Jaeger wrote: > > Hi! > > > > > > i want to add a serial console with a cellular mobile phone to my > freebsd > > > > boxes. > > > > [...] > > > Not so sure about what you are after, but I *THINK* you will need to > build > > > ports/comms/gnokii > > > and then run gnokiid. That should give you a "normal" serial /modem > interface > > > to the phone. > > > > The problem is probably the other way round ? > > > > How does one call the mobile phone in such a way that it accepts the > > call and acts like a serial modem to the computer ? > > > > A normal serial line on a nokia can be used as an outdial modem. > > The problem is: How to use it for a dial*in* ? > > First see if the Nokia allows setting up the modem to auto answer > the call. In Hayes lingo one would send > > ATs0=2 > > where 2 is the number of rings after which the modem auto answers, > 0 meaning don't answer automatically. > > If this doesn't work, see if the modem tells you when a call comes > in, usually with the message RING (you can tell this by using tip > or cu to get an interactive session to the modem and then dial the > number of the Nokia from another line). > > If the Nokia shows the RING message you can still have your > auto-answer by using the mgetty+sendfax port. > > > -- > > MfG/Best regards, Kurt Jaeger 17 years to > go ! > > LF.net GmbH fon +49 711 90074-23 pi@LF.net > > Ruppmannstr. 27 fax +49 711 90074-33 > > D-70565 Stuttgart mob +49 171 3101372 > > Good luck! > > Paul Schenkeveld, Consultant > PSconsult ICT Services BV From owner-freebsd-isp@FreeBSD.ORG Mon Apr 14 20:38:10 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 06E8F37B401 for ; Mon, 14 Apr 2003 20:38:10 -0700 (PDT) Received: from bilver.wjv.com (user38.net339.fl.sprint-hsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id C060743FAF for ; Mon, 14 Apr 2003 20:38:08 -0700 (PDT) (envelope-from bv@wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by bilver.wjv.com (8.12.9/8.12.9) with ESMTP id h3F3c3h5037664 for ; Mon, 14 Apr 2003 23:38:04 -0400 (EDT) (envelope-from bv@wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.12.9/8.12.9/Submit) id h3F3c3BJ037663 for freebsd-isp@freebsd.org; Mon, 14 Apr 2003 23:38:03 -0400 (EDT) Date: Mon, 14 Apr 2003 23:38:02 -0400 From: Bill Vermillion To: freebsd-isp@freebsd.org Message-ID: <20030415033802.GB36985@wjv.com> References: <20030412141313.GB58220@wjv.com> <20030412153736.GA53356@users.munk.nu> <20030412184738.GA52650@wjv.com> <20030414155256.GA1608@users.munk.nu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030414155256.GA1608@users.munk.nu> Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.1i X-Spam-Status: No, hits=-2.8 required=5.0 tests=IN_REP_TO,NOSPAM_INC,QUOTED_EMAIL_TEXT,REFERENCES, SPAM_PHRASE_02_03,USER_AGENT,USER_AGENT_MUTT,US_DOLLARS_3 version=2.43 Subject: Re: Serial line fbsd installation with no CD X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: bv@wjv.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Apr 2003 03:38:10 -0000 While Jez Hancock was trying to figure out why data written to /dev/null on Mon, Apr 14, 2003 at 16:52 was not readable, he gave up and decided to grace us with this: > Hi again Bill, > On Sat, Apr 12, 2003 at 02:47:39PM -0400, Bill Vermillion wrote: > > > The problem was with ipfw2 and in general it's just the fact > > > this is currently not a production server and we'd rather have > > > a fresh install of 4.8 (the NOC currently installs 4.6.2 for > > > some reason and it might become the case that they'll start > > > installing 4.8 by default when they answer us - negating the > > > need for a solution to the subject question:). > > Ah - so it's a company that does more than just put the server in > > place and does install too. I'm not used to that as about the only > > help I'd get in the colo is a 'helping hands' if needed - but I'm > > only 1/2 hour away. It's basically a top-tier tranport provider > > who provides facilities for anyting you'd want - but is not > > a colo of the 'we provide everything you need'. > > We have our own racks and do all our own work - the only thing the > > NOC does is give us connectivity. Different perception on my part. > > If I have a problem one of us [small company] goes and changes the > > machines ourselves, or accompanies one our clients while they > > change their own machine. Security is strict so we have to arrange > > for anyone else to get into the building. > To be honest I feel that this is synonymous to the setup of our NOC. > I'm actually only a 'coadmin' - in the sense that I do not talk > to the network op centre, my 'admin' 'boss' does (lots of 's). Hm. We're small - but dedicated - and we both worked in highly time sensitive businesses - the broadcast industry - so we know the value of down time. However even though we are small we have rack-space in the Level3 facility in Orlando. We got it when it first came up and before they put the current minimum useage in place. Our customers - few as they are - love us. > It's incredibly frustrating that the cost of colocation in the UK > (where I am) and in AUS (where my friend is) is so high and as > such we have to colocate in US where bandwidth is much more reasonably > priced. And could you give an example of what those costs are? I'm curious as to the rates around the world. > > But having machine with connections not less that 100Mbs running > > for a few hundred feet before it gets onto a global 10Gbs backbone > > does have it's advantages. > Yikes that's some pipe. It's a communications facility and now that the bloom is off the dot.com boom of a few years ago so much they sell is dark fibre. I asked a tech installing equipment in a cage behind our rack how much it was worth. Her comment was "I'm not sure but the one almost like it in Miami cost $14,000,000" OC192 equipment is not cheap. The backup generator is a 1,250,000W monster behind the building - with a 6000 gallon tank of diesel fuei. I've seen many colos but never one like L3. One client who hosts exclusively on Macs but a new Xrack in last week to augment his other server. > Still waiting for news on the availability of 4.7-RELEASE CDs in the > NOC, I can well see me mailing a disk off to them :) Usually follows by about 3-4 weeks judging from the past. Bill -- Bill Vermillion - bv @ wjv . com From owner-freebsd-isp@FreeBSD.ORG Tue Apr 15 04:05:09 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA9A237B401; Tue, 15 Apr 2003 04:05:09 -0700 (PDT) Received: from bastix.tunix.nl (bastix.tunix.nl [193.79.201.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 16D2A43FCB; Tue, 15 Apr 2003 04:05:08 -0700 (PDT) (envelope-from rene@tunix.nl) Received: (from root@localhost) by bastix.tunix.nl (8.9.3c/8.6.12) id NAA33012; Tue, 15 Apr 2003 13:05:20 +0200 (CEST) Received: by bastix.tunix.nl (TUNIX txp2/smap) id sma032160; Tue, 15 Apr 03 13:04:01 +0200 Date: Tue, 15 Apr 2003 13:03:56 +0200 Mime-Version: 1.0 (Apple Message framework v552) Content-Type: text/plain; charset=US-ASCII; format=flowed From: Rene de Vries To: freebsd-isp@freebsd.org, freebsd-hardware@freebsd.org Content-Transfer-Encoding: 7bit Message-Id: X-Mailer: Apple Mail (2.552) Subject: Hardware Crypto support (RSA acceleration) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Apr 2003 11:05:10 -0000 Hello, For an SSL based application we are using the Rainbow CryptoSwift (a PCI card with RSA acceleration). This works fine on FreeBSD 4.1, but as we upgraded to FreeBSD 4.7 the driver panics the kernel. We asked Rainbow for a driver update, but they told us that FreeBSD 4.7 drivers are not available. Rainbow used to mention FreeBSD as a supported OS, but in the meantime they removed all references to FreeBSD... Does anyone have an idea on either a replacement card or (even better) fixes for the Rainbow drivers? Thanks! Rene -- Rene de Vries TUNIX Internet Security & Training From owner-freebsd-isp@FreeBSD.ORG Tue Apr 15 04:15:11 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB8FD37B49C for ; Tue, 15 Apr 2003 04:15:11 -0700 (PDT) Received: from mx1.dev.itouchnet.net (itouchlabs.com [196.15.188.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id E6BB943F85 for ; Tue, 15 Apr 2003 04:15:08 -0700 (PDT) (envelope-from bvi@itouchlabs.com) Received: from nobody by mx1.dev.itouchnet.net with scanned_ok (Exim 3.35 #1) id 195ORk-000PVe-00 for freebsd-isp@freebsd.org; Tue, 15 Apr 2003 13:17:52 +0200 X-TLS: TLSv1:RC4-MD5:128 lair.moria.org -> mx1.dev.itouchnet.net Received: from lair.moria.org ([196.15.188.23] helo=Beastie) by mx1.dev.itouchnet.net with esmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 195ORi-000PVM-00; Tue, 15 Apr 2003 13:17:51 +0200 Message-ID: <005301c30340$1fdc08d0$0b01a8c0@Beastie> From: "Barry Irwin" To: "Rene de Vries" , , References: Date: Tue, 15 Apr 2003 13:14:00 +0200 Organization: iTouch Labs MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Checked: This message has been scanned for any virusses and unauthorized attachments. X-iScan-ID: 98056-1050405471-05502@unconfigured version $Name: REL_2_0_4 $ Subject: Re: Hardware Crypto support (RSA acceleration) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Apr 2003 11:15:12 -0000 Hi All On a somewhat related topic, is anyone aware of the status of support for the on-board Crypto Engines on the range of Intel 10/100 and Gigabit cards? Regards, Barry -- Barry Irwin bvi@itouchlabs.com Tel: +27214875178 Systems Administrator: Networks And Security iTouch Technology iTouch TAS http://www.itouchlabs.com Mobile: +27824457210 ----- Original Message ----- From: "Rene de Vries" To: ; Sent: Tuesday, April 15, 2003 1:03 PM Subject: Hardware Crypto support (RSA acceleration) > Hello, > > For an SSL based application we are using the Rainbow CryptoSwift (a > PCI card with RSA acceleration). This works fine on FreeBSD 4.1, but as > we upgraded to FreeBSD 4.7 the driver panics the kernel. > We asked Rainbow for a driver update, but they told us that FreeBSD 4.7 > drivers are not available. Rainbow used to mention FreeBSD as a > supported OS, but in the meantime they removed all references to > FreeBSD... > Does anyone have an idea on either a replacement card or (even better) > fixes for the Rainbow drivers? > > Thanks! > > Rene > -- > Rene de Vries > TUNIX Internet Security & Training > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > From owner-freebsd-isp@FreeBSD.ORG Tue Apr 15 04:34:35 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 94FCC37B401; Tue, 15 Apr 2003 04:34:35 -0700 (PDT) Received: from mail.svenskabutiker.se (ns.svenskabutiker.se [212.247.101.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4A64443FCB; Tue, 15 Apr 2003 04:34:34 -0700 (PDT) (envelope-from martin@mullet.se) Received: from mullet.se (h118n1fls31o985.telia.com [213.65.16.118]) by mail.svenskabutiker.se (Postfix) with ESMTP id 70A381F05; Tue, 15 Apr 2003 13:34:31 +0200 (CEST) Message-ID: <3E9BEE67.50009@mullet.se> Date: Tue, 15 Apr 2003 13:35:03 +0200 From: Martin Nilsson User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312 X-Accept-Language: sv, en-us, en MIME-Version: 1.0 To: Rene de Vries References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit cc: freebsd-isp@freebsd.org cc: freebsd-hardware@freebsd.org Subject: Re: Hardware Crypto support (RSA acceleration) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Apr 2003 11:34:35 -0000 Hi, I've tried to make the old cswift driver from Rainbow work with modern FreeBSD:s. The problem is that Rainbow (at least their channel manager for northern Europe) is very uncooperative and does not understand that I want to help them (and myself) to get their drivers to work with modern FreeBSD versions. I have managed to get part of the source code for the driver from them but I think that some of the .h files that I have only found in the LinuxAPI are too old. I'm able to compile and run the driver on 4.8 but the communication between their binary-only library and the driver seems to be somewhat out of whack, as the accelerators are always reported to be busy. If you could pester the european office for FreeBSD support, I think that my next request for help in digging up source files will have better chances to be successful. This is the last reply I got from them: > For us to come up with what you require, the cost to bear for you on > top of the purchase of any board would be of $7000 - $10000. All I asked for was source for the driver together with a libswift.so that was the same version as the source. I think that $10000 is a bit to much to spend on two $50 cards from ebay. I have been swamped with other work the last month, so this project have been stalled since I got the above response on 24/3. /Martin Rene de Vries wrote: > Hello, > > For an SSL based application we are using the Rainbow CryptoSwift (a PCI > card with RSA acceleration). This works fine on FreeBSD 4.1, but as we > upgraded to FreeBSD 4.7 the driver panics the kernel. > We asked Rainbow for a driver update, but they told us that FreeBSD 4.7 > drivers are not available. Rainbow used to mention FreeBSD as a > supported OS, but in the meantime they removed all references to FreeBSD... > Does anyone have an idea on either a replacement card or (even better) > fixes for the Rainbow drivers? > > Thanks! > > Rene > -- > Rene de Vries > TUNIX Internet Security & Training > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" -- Martin Nilsson, CTO & Founder, Mullet Scandinavia AB, Malmö, SWEDEN E-mail: martin@mullet.se, Phone: +46-(0)708-606170, http://www.mullet.se Our business is well engineered servers optimized for FreeBSD and Linux. From owner-freebsd-isp@FreeBSD.ORG Tue Apr 15 05:15:36 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6818537B401; Tue, 15 Apr 2003 05:15:36 -0700 (PDT) Received: from bastix.tunix.nl (bastix.tunix.nl [193.79.201.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 712E943FBD; Tue, 15 Apr 2003 05:15:34 -0700 (PDT) (envelope-from rene@tunix.nl) Received: (from root@localhost) by bastix.tunix.nl (8.9.3c/8.6.12) id OAA56983; Tue, 15 Apr 2003 14:15:46 +0200 (CEST) Received: by bastix.tunix.nl (TUNIX txp2/smap) id sma056200; Tue, 15 Apr 03 14:14:33 +0200 Date: Tue, 15 Apr 2003 14:14:27 +0200 Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v552) To: Martin Nilsson From: Rene de Vries In-Reply-To: <3E9BEE67.50009@mullet.se> Message-Id: Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.552) cc: freebsd-isp@freebsd.org cc: freebsd-hardware@freebsd.org Subject: Re: Hardware Crypto support (RSA acceleration) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Apr 2003 12:15:36 -0000 Martin, We already contacted Rainbow and they've sent us probable the same stuff they sent you. What they sent us were some drivers (version 2.0.5 and 2.1.5) which were incomplete and nonfunctional with the 2.1.0 libraries. They also offered us to pay for the driver (same amount of money as in your offer). In short we were disappointed in the level of support we got from Rainbow. Rene On Tuesday, Apr 15, 2003, at 13:35 Europe/Amsterdam, Martin Nilsson wrote: > I've tried to make the old cswift driver from Rainbow work with modern > FreeBSD:s. The problem is that Rainbow (at least their channel manager > for northern Europe) is very uncooperative and does not understand > that I want to help them (and myself) to get their drivers to work > with modern FreeBSD versions. I have managed to get part of the source > code for the driver from them but I think that some of the .h files > that I have only found in the LinuxAPI are too old. > > I'm able to compile and run the driver on 4.8 but the communication > between their binary-only library and the driver seems to be somewhat > out of whack, as the accelerators are always reported to be busy. > > If you could pester the european office for FreeBSD support, I think > that my next request for help in digging up source files will have > better chances to be successful. > > This is the last reply I got from them: > > For us to come up with what you require, the cost to bear for you on > > top of the purchase of any board would be of $7000 - $10000. > > All I asked for was source for the driver together with a libswift.so > that was the same version as the source. I think that $10000 is a bit > to much to spend on two $50 cards from ebay. > > I have been swamped with other work the last month, so this project > have been stalled since I got the above response on 24/3. > > /Martin > > Rene de Vries wrote: >> For an SSL based application we are using the Rainbow CryptoSwift (a >> PCI card with RSA acceleration). This works fine on FreeBSD 4.1, but >> as we upgraded to FreeBSD 4.7 the driver panics the kernel. >> We asked Rainbow for a driver update, but they told us that FreeBSD >> 4.7 drivers are not available. Rainbow used to mention FreeBSD as a >> supported OS, but in the meantime they removed all references to >> FreeBSD... >> Does anyone have an idea on either a replacement card or (even >> better) fixes for the Rainbow drivers? -- Rene de Vries TUNIX Internet Security & Training From owner-freebsd-isp@FreeBSD.ORG Tue Apr 15 09:19:29 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1AB6E37B401 for ; Tue, 15 Apr 2003 09:19:29 -0700 (PDT) Received: from gisp.dk (62.79.61.146.adsl.aboes.worldonline.dk [62.79.61.146]) by mx1.FreeBSD.org (Postfix) with SMTP id 14A7643FA3 for ; Tue, 15 Apr 2003 09:19:27 -0700 (PDT) (envelope-from msb@gisp.dk) Received: (qmail 22001 invoked by uid 85); 15 Apr 2003 16:29:07 -0000 Received: from msb@gisp.dk by server.gisp.dk by uid 82 with qmail-scanner-1.16 (clamscan: 0.54. spamassassin: 2.53. Clear:. Processed in 0.161047 secs); 15 Apr 2003 16:29:07 -0000 Received: from unknown (HELO mrwinslows) (192.168.1.4) by 192.168.1.2 with SMTP; 15 Apr 2003 16:29:06 -0000 Message-ID: <009e01c3036a$c94ded50$0401a8c0@mrwinslows> From: "Msb" To: References: Date: Tue, 15 Apr 2003 18:19:27 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Subject: Trafic control X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Apr 2003 16:19:29 -0000 Hi I am interested in monitoring the traffic on some of the services on my FreeBSD server. Mail: Qmail + courier imap as imap server. ---- Any input on monitoring the SMTP, imap, and incomming mail traffic per user? Web Apache Apache seems to log the requests made, but not the actual amount of bytes transfered - eg. if i start downloading a 1 gig file an cancel immediatly it will still show up as 1 gig in the log file. Any inputs on how to do this? From owner-freebsd-isp@FreeBSD.ORG Tue Apr 15 10:03:37 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E9EC037B418 for ; Tue, 15 Apr 2003 10:03:37 -0700 (PDT) Received: from mx0.gmx.net (mx0.gmx.de [213.165.64.100]) by mx1.FreeBSD.org (Postfix) with SMTP id 6BE5543FA3 for ; Tue, 15 Apr 2003 10:03:36 -0700 (PDT) (envelope-from haribeau@gmx.de) Received: (qmail 30529 invoked by uid 0); 15 Apr 2003 17:03:35 -0000 Date: Tue, 15 Apr 2003 19:03:35 +0200 (MEST) From: haribeau@gmx.de To: "Msb" MIME-Version: 1.0 References: <009e01c3036a$c94ded50$0401a8c0@mrwinslows> X-Priority: 3 (Normal) X-Authenticated-Sender: #0000301651@gmx.net X-Authenticated-IP: [212.202.194.75] Message-ID: <18673.1050426215@www59.gmx.net> X-Mailer: WWW-Mail 1.6 (Global Message Exchange) X-Flags: 0001 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit cc: freebsd-isp@freebsd.org Subject: Re: Trafic control X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Apr 2003 17:03:38 -0000 Hi, a realname might extremely increase your chances of getting answers > I am interested in monitoring the traffic on some of the services on my > FreeBSD server. > > Mail: > > Qmail + courier imap as imap server. user based traffic evaluation is one of the most ugly things qmail offers > ---- > Any input on monitoring the SMTP, imap, and incomming mail traffic per > user? use mailfront (www.untroubled.org). There you get the necessary logs (not sure about courier imap which offers the necessary info itsself imho). The mailfront logs are way easyer to evaluate than stock qmail logs. Things like smtp-auth and user-based accounting is even impossible with the standard smtp-auth patches. With mailfront it works like a charme. hth /ch -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage! From owner-freebsd-isp@FreeBSD.ORG Tue Apr 15 11:40:51 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 875DF37B401; Tue, 15 Apr 2003 11:40:51 -0700 (PDT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id B950A43F85; Tue, 15 Apr 2003 11:40:50 -0700 (PDT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (IDENT:brdavis@localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.12.9/8.12.3) with ESMTP id h3FIelTk001205; Tue, 15 Apr 2003 11:40:47 -0700 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.12.9/8.12.3/Submit) id h3FIelBR001201; Tue, 15 Apr 2003 11:40:47 -0700 Date: Tue, 15 Apr 2003 11:40:47 -0700 From: Brooks Davis To: Rene de Vries Message-ID: <20030415184047.GB11967@Odin.AC.HMC.Edu> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="i9LlY+UWpKt15+FH" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.4i X-Virus-Scanned: by amavisd-milter (http://amavis.org/) on odin.ac.hmc.edu cc: freebsd-isp@freebsd.org cc: freebsd-hardware@freebsd.org Subject: Re: Hardware Crypto support (RSA acceleration) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Apr 2003 18:40:51 -0000 --i9LlY+UWpKt15+FH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 15, 2003 at 01:03:56PM +0200, Rene de Vries wrote: > Hello, >=20 > For an SSL based application we are using the Rainbow CryptoSwift (a=20 > PCI card with RSA acceleration). This works fine on FreeBSD 4.1, but as= =20 > we upgraded to FreeBSD 4.7 the driver panics the kernel. > We asked Rainbow for a driver update, but they told us that FreeBSD 4.7= =20 > drivers are not available. Rainbow used to mention FreeBSD as a=20 > supported OS, but in the meantime they removed all references to=20 > FreeBSD... > Does anyone have an idea on either a replacement card or (even better)=20 > fixes for the Rainbow drivers? It depends on what performance the Rainbow hardware has. Soekris Engineering (http://www.soekris.com/) has a hifn card that might work on the low end. If you need more performance, there are broadcom based cards from Interface Master (http://www.interfacemasters.com/products/index.html) and apparently also from Sun. These cost around $1k. I've orderd some on the Interface Masters cards, but haven't got them yet (I'm not actually sure if purchasing has places the PO yet). -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --i9LlY+UWpKt15+FH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+nFIuXY6L6fI4GtQRAochAJ0d/vY3odoI3bHlRVIeCc282tDHNACfQD/7 +Dc/8XqSv9JvPhdpv1sl/8s= =wAXV -----END PGP SIGNATURE----- --i9LlY+UWpKt15+FH-- From owner-freebsd-isp@FreeBSD.ORG Tue Apr 15 12:01:38 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDB0C37B401; Tue, 15 Apr 2003 12:01:38 -0700 (PDT) Received: from doc.metva.com.au (c16477.brasd1.vic.optusnet.com.au [210.49.152.96]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2454E43FAF; Tue, 15 Apr 2003 12:01:37 -0700 (PDT) (envelope-from enno@doc.metva.com.au) Received: by doc.metva.com.au (Postfix, from userid 1003) id B2A81D78CAF; Wed, 16 Apr 2003 05:01:40 +1000 (EST) Date: Wed, 16 Apr 2003 05:01:40 +1000 From: Enno Davids To: Brooks Davis Message-ID: <20030415190140.GB97289@doc.metva.com.au> References: <20030415184047.GB11967@Odin.AC.HMC.Edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030415184047.GB11967@Odin.AC.HMC.Edu> User-Agent: Mutt/1.4i cc: freebsd-isp@freebsd.org cc: Rene de Vries cc: freebsd-hardware@freebsd.org Subject: Re: Hardware Crypto support (RSA acceleration) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Apr 2003 19:01:39 -0000 On Tue, Apr 15, 2003 at 11:40:47AM -0700, Brooks Davis wrote: |On Tue, Apr 15, 2003 at 01:03:56PM +0200, Rene de Vries wrote: |> Hello, |> |> For an SSL based application we are using the Rainbow CryptoSwift (a |> PCI card with RSA acceleration). This works fine on FreeBSD 4.1, but as |> we upgraded to FreeBSD 4.7 the driver panics the kernel. |> We asked Rainbow for a driver update, but they told us that FreeBSD 4.7 |> drivers are not available. Rainbow used to mention FreeBSD as a |> supported OS, but in the meantime they removed all references to |> FreeBSD... |> Does anyone have an idea on either a replacement card or (even better) |> fixes for the Rainbow drivers? | |It depends on what performance the Rainbow hardware has. |Soekris Engineering (http://www.soekris.com/) has a hifn |card that might work on the low end. If you need more |performance, there are broadcom based cards from Interface Master |(http://www.interfacemasters.com/products/index.html) and apparently |also from Sun. These cost around $1k. The older card from Sun _is_ the cryptoswift, although they occasionally seem reluctant to say so. Not sure who they source their more recent crypto card from. Enno. From owner-freebsd-isp@FreeBSD.ORG Tue Apr 15 12:09:11 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BF6637B401; Tue, 15 Apr 2003 12:09:11 -0700 (PDT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id C679343FBD; Tue, 15 Apr 2003 12:09:10 -0700 (PDT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (IDENT:brdavis@localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.12.9/8.12.3) with ESMTP id h3FJ8tTk007255; Tue, 15 Apr 2003 12:08:55 -0700 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.12.9/8.12.3/Submit) id h3FJ8t51007254; Tue, 15 Apr 2003 12:08:55 -0700 Date: Tue, 15 Apr 2003 12:08:55 -0700 From: Brooks Davis To: Enno Davids Message-ID: <20030415190855.GD11967@Odin.AC.HMC.Edu> References: <20030415184047.GB11967@Odin.AC.HMC.Edu> <20030415190140.GB97289@doc.metva.com.au> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="5gxpn/Q6ypwruk0T" Content-Disposition: inline In-Reply-To: <20030415190140.GB97289@doc.metva.com.au> User-Agent: Mutt/1.5.4i X-Virus-Scanned: by amavisd-milter (http://amavis.org/) on odin.ac.hmc.edu cc: Brooks Davis cc: freebsd-isp@freebsd.org cc: Rene de Vries cc: freebsd-hardware@freebsd.org Subject: Re: Hardware Crypto support (RSA acceleration) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Apr 2003 19:09:11 -0000 --5gxpn/Q6ypwruk0T Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Apr 16, 2003 at 05:01:40AM +1000, Enno Davids wrote: > The older card from Sun _is_ the cryptoswift, although they occasionally > seem reluctant to say so. Not sure who they source their more recent cryp= to > card from. I saw a patch a week or so ago to add Sun PCI IDs to the ubsec(4) driver. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --5gxpn/Q6ypwruk0T Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+nFjDXY6L6fI4GtQRAhU5AJ9iM+JVb9GA7vCG828L/oPnsA0H1ACdEFBS BSNyqBNxW/Hmp49qkDBFsLg= =qnBb -----END PGP SIGNATURE----- --5gxpn/Q6ypwruk0T-- From owner-freebsd-isp@FreeBSD.ORG Wed Apr 16 00:35:22 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D8BF37B401 for ; Wed, 16 Apr 2003 00:35:22 -0700 (PDT) Received: from mailspool.ops.uunet.co.za (mailspool.ops.uunet.co.za [196.7.0.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id A516643FD7 for ; Wed, 16 Apr 2003 00:35:19 -0700 (PDT) (envelope-from alan@arb.za.net) Received: from mojo.abn.cpt1.za.uu.net ([196.30.73.32]) by mailspool.ops.uunet.co.za with esmtp (Exim 3.36 #1) id 195hRi-000GDC-00; Wed, 16 Apr 2003 09:35:06 +0200 Date: Wed, 16 Apr 2003 09:35:03 +0200 (SAST) From: Alan Kemp X-X-Sender: alan@mojo.abn.cpt1.za.uu.net To: Msb In-Reply-To: <009e01c3036a$c94ded50$0401a8c0@mrwinslows> Message-ID: <20030416093255.C14725@mojo.abn.cpt1.za.uu.net> References: <009e01c3036a$c94ded50$0401a8c0@mrwinslows> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org Subject: Re: Trafic control X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Alan Kemp List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2003 07:35:22 -0000 On Tue, 15 Apr 2003, Msb wrote: > Web > Apache > > Apache seems to log the requests made, but not the actual amount of bytes > transfered - eg. if i start downloading a 1 gig file an cancel immediatly it > will still show up as 1 gig in the log file. You can use mod_watch for apache http://www.snert.com/Software/mod_watch/ regards -- Alan From owner-freebsd-isp@FreeBSD.ORG Wed Apr 16 02:21:56 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E14A37B405 for ; Wed, 16 Apr 2003 02:21:56 -0700 (PDT) Received: from ksemat.co.ug (ping.mtn.co.ug [212.88.97.58]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD17D43F75 for ; Wed, 16 Apr 2003 02:21:45 -0700 (PDT) (envelope-from ksemat@ksemat.co.ug) Received: by ksemat.co.ug (Postfix, from userid 1000) id A1F12FF83; Wed, 16 Apr 2003 12:21:01 +0300 (EAT) Received: from localhost (localhost [127.0.0.1]) by ksemat.co.ug (Postfix) with ESMTP id 53CBDFF80; Wed, 16 Apr 2003 12:21:01 +0300 (EAT) Date: Wed, 16 Apr 2003 12:21:01 +0300 (EAT) From: Noah K Sematimba To: George Georgalis In-Reply-To: <20030411180733.GA20256@trot.local> Message-ID: <20030416121945.M1252@ksemat.co.ug> References: <5.2.0.9.0.20030305230242.00a18200@mail.hub.org> <001801c2e3df$28a02030$fc5807ca@mosm1> <20030411180733.GA20256@trot.local> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@FreeBSD.ORG Subject: Re: multiple SSL key's on one IP several Vhosts... X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2003 09:21:56 -0000 > It's from May 1999, but looks possible since different certs are bing > used for different IP/domains; however I have the feeling apache will > choke on the second ssl IP. Has anyone used a similar setup or have > comments? works fine. I was using apache-modssl in my case. Noah. From owner-freebsd-isp@FreeBSD.ORG Wed Apr 16 02:28:27 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A7E637B401 for ; Wed, 16 Apr 2003 02:28:27 -0700 (PDT) Received: from ksemat.co.ug (ping.mtn.co.ug [212.88.97.58]) by mx1.FreeBSD.org (Postfix) with ESMTP id C8A6843F3F for ; Wed, 16 Apr 2003 02:28:14 -0700 (PDT) (envelope-from ksemat@ksemat.co.ug) Received: by ksemat.co.ug (Postfix, from userid 1000) id 1B1D2FF83; Wed, 16 Apr 2003 12:27:41 +0300 (EAT) Received: from localhost (localhost [127.0.0.1]) by ksemat.co.ug (Postfix) with ESMTP id 16ADBFF80; Wed, 16 Apr 2003 12:27:41 +0300 (EAT) Date: Wed, 16 Apr 2003 12:27:41 +0300 (EAT) From: Noah K Sematimba To: Jez Hancock In-Reply-To: <20030412184948.GA55944@users.munk.nu> Message-ID: <20030416122448.E1252@ksemat.co.ug> References: <20030412133836.GA52054@users.munk.nu> <20030412163921.GC77466@kurdistan.ath.cx> <20030412174239.GB99027@kurdistan.ath.cx> <20030412184948.GA55944@users.munk.nu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=unknown-8bit Content-Transfer-Encoding: QUOTED-PRINTABLE cc: FreeBSD ISP List Subject: Re: Serial line fbsd installation with no CD X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2003 09:28:27 -0000 > > On Sat, Apr 12, 2003 at 10:42:39AM -0700, S=EAr=EAciya Kurdistan=EE wrote= : > > > I have a feeling the process of updating the source might have been f= lawed and > > > also I have a sneaking suspicion that I left out IPFW2 from make.conf= at the time. > > > (IPFW2 was is currently the main problem which we want to be using fo= r traffic > > > shaping and prioritizing). > > > > If you're wanting to use IPFW2, don't forget to have "options IPFW2" = in the > > kernel config and "IPFW2=3Dtrue" in your /etc/make.conf Good luck! > Ack - it looks like this is the problem after all I'd missed out IPFW=3Dt= rue from > /etc/make.conf :( > > I'll rebuild with this and see how it goes. > > Thanks! incidentally I just did a build from 4.6.2 CDs and then used cvsup to upgrade to 4.8-STABLE and I simply used the usual procedure except that I decided to skip going into single user mode. I simply run: make -j4 buildworld make buildkernel KERNCONF=3DSOMEKERNEL make installkernel KERNCONF=3DSOMEKERNEL make installworld reboot mergemaster reboot Noah. From owner-freebsd-isp@FreeBSD.ORG Wed Apr 16 06:40:46 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 984C837B404 for ; Wed, 16 Apr 2003 06:40:46 -0700 (PDT) Received: from users.munk.nu (213-152-51-194.dsl.eclipse.net.uk [213.152.51.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id CFF3E43F75 for ; Wed, 16 Apr 2003 06:40:42 -0700 (PDT) (envelope-from munk@users.munk.nu) Received: from users.munk.nu (munk@localhost [127.0.0.1]) by users.munk.nu (8.12.9/8.12.8) with ESMTP id h3GDhEJ0052192 for ; Wed, 16 Apr 2003 14:43:14 +0100 (BST) (envelope-from munk@users.munk.nu) Received: (from munk@localhost) by users.munk.nu (8.12.9/8.12.8/Submit) id h3GDhDnT052191 for freebsd-isp@freebsd.org; Wed, 16 Apr 2003 14:43:13 +0100 (BST) Date: Wed, 16 Apr 2003 14:43:13 +0100 From: Jez Hancock To: freebsd-isp@freebsd.org Message-ID: <20030416134313.GA51960@users.munk.nu> Mail-Followup-To: freebsd-isp@freebsd.org References: <20030412141313.GB58220@wjv.com> <20030412153736.GA53356@users.munk.nu> <20030412184738.GA52650@wjv.com> <20030414155256.GA1608@users.munk.nu> <20030415033802.GB36985@wjv.com> Mime-Version: 1.0 Content-Type: text/plain; charset=unknown-8bit Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20030415033802.GB36985@wjv.com> User-Agent: Mutt/1.4.1i Subject: Re: Serial line fbsd installation with no CD X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2003 13:40:47 -0000 Hi, On Mon, Apr 14, 2003 at 11:38:02PM -0400, Bill Vermillion wrote: > > To be honest I feel that this is synonymous to the setup of our NOC. > > I'm actually only a 'coadmin' - in the sense that I do not talk > > to the network op centre, my 'admin' 'boss' does (lots of 's). > > Hm. We're small - but dedicated - and we both worked in highly > time sensitive businesses - the broadcast industry - so we know the > value of down time. > > However even though we are small we have rack-space in the Level3 > facility in Orlando. We got it when it first came up and before > they put the current minimum useage in place. Our customers - few > as they are - love us. Sounds like a decent setup - we're investigating alternative hosting at the moment, found a disturbing ammount of unswitched udp traffic whilst looking at trafshow output - seems to be from a number of halflife gaming servers on the same subnet as our servers. At first I thought we were being used as a relay by a logging bot one of the users was using, but on further inspection it just looks like broadcast traffic. Another reason to move :) > > It's incredibly frustrating that the cost of colocation in the UK > > (where I am) and in AUS (where my friend is) is so high and as > > such we have to colocate in US where bandwidth is much more reasonably > > priced. > > And could you give an example of what those costs are? I'm curious > as to the rates around the world. Well I did some minimal research (can anyone in the UK pass me some bookmarks!?!), and I found: http://www.donhost.co.uk/ ( http://www.donhost.co.uk/products/dedicatedunix.html ) from £90-380GBP 1Gb tx included, £10GBP per extra 1Gb tx I've just done a quick grep of my uk.freebsd.org mbox from 2002 and found this: http://www.blackcatnetworks.co.uk/prices-colo.shtml Colocation One off setup fee £100 Regular colo £50/month OR £500/year 1U, 10GB traffic/month Extra traffic £5/GB/month Low Bandwidth Colo £360/year (note only payable yearly) 1U, 5GB traffic/month Extra traffic £5/GB/month High Bandwidth Colo £150/month OR £1700/year 2U, 80GB traffic/month Extra traffic £2/GB/month Cost per extra U used £15/month One off fee for serial console access £50 Dedicated server Minimum spec: Celeron 1.2GHz, 80GB HD, 256MB RAM £100/month OR £1000/year One off dedicated server setup fee £200 Includes serial console which sounds very decent. Actually very happy I found that one, I might mail them :) > > Yikes that's some pipe. > > It's a communications facility and now that the bloom is off the > dot.com boom of a few years ago so much they sell is dark fibre. > I asked a tech installing equipment in a cage behind our rack how > much it was worth. Her comment was "I'm not sure but the one > almost like it in Miami cost $14,000,000" OC192 equipment is not > cheap. The backup generator is a 1,250,000W monster behind the > building - with a 6000 gallon tank of diesel fuei. I've seen many > colos but never one like L3. lol - if they ever need to leave planet earth quickly, you just need a match eh? All the best, Jez From owner-freebsd-isp@FreeBSD.ORG Wed Apr 16 06:48:03 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 05C1637B401 for ; Wed, 16 Apr 2003 06:48:03 -0700 (PDT) Received: from users.munk.nu (213-152-51-194.dsl.eclipse.net.uk [213.152.51.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6B70243F93 for ; Wed, 16 Apr 2003 06:48:01 -0700 (PDT) (envelope-from munk@users.munk.nu) Received: from users.munk.nu (munk@localhost [127.0.0.1]) by users.munk.nu (8.12.9/8.12.8) with ESMTP id h3GDoYJ0052431 for ; Wed, 16 Apr 2003 14:50:34 +0100 (BST) (envelope-from munk@users.munk.nu) Received: (from munk@localhost) by users.munk.nu (8.12.9/8.12.8/Submit) id h3GDoYtt052430 for freebsd-isp@freebsd.org; Wed, 16 Apr 2003 14:50:34 +0100 (BST) Date: Wed, 16 Apr 2003 14:50:34 +0100 From: Jez Hancock To: FreeBSD ISP List Message-ID: <20030416135034.GA52319@users.munk.nu> Mail-Followup-To: FreeBSD ISP List References: <20030412133836.GA52054@users.munk.nu> <20030412163921.GC77466@kurdistan.ath.cx> <20030412174239.GB99027@kurdistan.ath.cx> <20030412184948.GA55944@users.munk.nu> <20030416122448.E1252@ksemat.co.ug> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030416122448.E1252@ksemat.co.ug> User-Agent: Mutt/1.4.1i Subject: Re: Serial line fbsd installation with no CD X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2003 13:48:03 -0000 Hi Noah, On Wed, Apr 16, 2003 at 12:27:41PM +0300, Noah K Sematimba wrote: > incidentally I just did a build from 4.6.2 CDs and then used cvsup to > upgrade to 4.8-STABLE and I simply used the usual procedure except that I > decided to skip going into single user mode. Yes I think I missed out a line from my /etc/make.conf for ipfw2, this was the only problem ;( Thanks for the input Jez From owner-freebsd-isp@FreeBSD.ORG Wed Apr 16 07:15:32 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E2C137B401 for ; Wed, 16 Apr 2003 07:15:32 -0700 (PDT) Received: from mail.coastal.com (mail.coastal.com [216.54.15.151]) by mx1.FreeBSD.org (Postfix) with SMTP id 216C843F75 for ; Wed, 16 Apr 2003 07:15:31 -0700 (PDT) (envelope-from andrew@coastal.com) Received: (qmail 22287 invoked from network); 16 Apr 2003 14:15:30 -0000 Received: from mailgw.coastal.com (HELO NAV-1.coastal.internal) (216.54.15.141) by mail.coastal.com with SMTP; 16 Apr 2003 14:15:30 -0000 Received: from www.coastal.internal ([10.0.0.120]) by NAV-1.coastal.internal (NAVGW 2.5.2.12) with SMTP id M2003041610152425292 for ; Wed, 16 Apr 2003 10:15:24 -0400 Received: (qmail 54328 invoked from network); 16 Apr 2003 14:16:55 -0000 Received: from unknown (HELO exchange-1.coastal.internal) (10.0.0.8) by 10.0.0.120 with SMTP; 16 Apr 2003 14:16:55 -0000 Received: by exchange-1.coastal.internal with Internet Mail Service (5.5.2653.19) id ; Wed, 16 Apr 2003 10:15:12 -0400 Message-ID: From: Andrew Lewis To: freebsd-isp@FreeBSD.ORG Date: Wed, 16 Apr 2003 10:15:11 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Subject: RE: multiple SSL key's on one IP several Vhosts... X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2003 14:15:32 -0000 Just to be clear on what I'm reading... Apache is listening on a single IP, ports 443 and 80. Apache hosts multiple http sites with name based virtual hosts Apache also hosts multiple https sites with their own certificates (www.domain1.com and www.domain2.com) as name based virtual hosts. (seamlessly) I understood this to be an impossible task with https servers, based on the key exchange process. Am I reading that apache does this just fine? If so I know some developers who will be thrilled. > -----Original Message----- > From: Noah K Sematimba [mailto:ksemat@ksemat.co.ug] > Sent: Wednesday, April 16, 2003 5:21 AM > To: George Georgalis > Cc: freebsd-isp@FreeBSD.ORG > Subject: Re: multiple SSL key's on one IP several Vhosts... > > > > > It's from May 1999, but looks possible since different > certs are bing > > used for different IP/domains; however I have the feeling > apache will > > choke on the second ssl IP. Has anyone used a similar setup or have > > comments? > > works fine. I was using apache-modssl in my case. > > Noah. > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Wed Apr 16 07:29:47 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BCADB37B401 for ; Wed, 16 Apr 2003 07:29:47 -0700 (PDT) Received: from doc.metva.com.au (c16477.brasd1.vic.optusnet.com.au [210.49.152.96]) by mx1.FreeBSD.org (Postfix) with ESMTP id A88CB43F75 for ; Wed, 16 Apr 2003 07:29:44 -0700 (PDT) (envelope-from enno@doc.metva.com.au) Received: by doc.metva.com.au (Postfix, from userid 1003) id 2CCBED78CAF; Thu, 17 Apr 2003 00:29:47 +1000 (EST) Date: Thu, 17 Apr 2003 00:29:46 +1000 From: Enno Davids To: Andrew Lewis Message-ID: <20030416142946.GA83092@doc.metva.com.au> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i cc: freebsd-isp@freebsd.org Subject: Re: multiple SSL key's on one IP several Vhosts... X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2003 14:29:48 -0000 On Wed, Apr 16, 2003 at 10:15:11AM -0400, Andrew Lewis wrote: |Just to be clear on what I'm reading... | |Apache is listening on a single IP, ports 443 and 80. |Apache hosts multiple http sites with name based virtual hosts |Apache also hosts multiple https sites with their own certificates |(www.domain1.com and www.domain2.com) as name based virtual hosts. | |(seamlessly) | |I understood this to be an impossible task with https servers, based on the |key exchange process. | |Am I reading that apache does this just fine? If so I know some developers |who will be thrilled. No. He's fairly clear that different IP addresses are involved. i.e. we're talking about old style IP based virtual hosts not name based virtual hosts. Enno. |> -----Original Message----- |> From: Noah K Sematimba [mailto:ksemat@ksemat.co.ug] |> Sent: Wednesday, April 16, 2003 5:21 AM |> To: George Georgalis |> Cc: freebsd-isp@FreeBSD.ORG |> Subject: Re: multiple SSL key's on one IP several Vhosts... |> |> |> |> > It's from May 1999, but looks possible since different |> certs are bing |> > used for different IP/domains; however I have the feeling |> apache will |> > choke on the second ssl IP. Has anyone used a similar setup or have |> > comments? |> |> works fine. I was using apache-modssl in my case. |> |> Noah. |> _______________________________________________ |> freebsd-isp@freebsd.org mailing list |> http://lists.freebsd.org/mailman/listinfo/freebsd-isp |> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" |> |_______________________________________________ |freebsd-isp@freebsd.org mailing list |http://lists.freebsd.org/mailman/listinfo/freebsd-isp |To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Wed Apr 16 07:34:33 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 22ABF37B401 for ; Wed, 16 Apr 2003 07:34:33 -0700 (PDT) Received: from web1.nexusinternetsolutions.net (web1.nexusinternetsolutions.net [206.47.131.12]) by mx1.FreeBSD.org (Postfix) with SMTP id 21CC943F3F for ; Wed, 16 Apr 2003 07:34:32 -0700 (PDT) (envelope-from dave@hawk-systems.com) Received: (qmail 46444 invoked from network); 16 Apr 2003 14:34:30 -0000 Received: from unknown (HELO ws1) (24.157.103.51) by web1.nexusinternetsolutions.net with SMTP; 16 Apr 2003 14:34:30 -0000 From: "Dave [Hawk-Systems]" To: "Andrew Lewis" , Date: Wed, 16 Apr 2003 10:34:30 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Subject: RE: multiple SSL key's on one IP several Vhosts... X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2003 14:34:33 -0000 >Just to be clear on what I'm reading... > >Apache is listening on a single IP, ports 443 and 80. >Apache hosts multiple http sites with name based virtual hosts >Apache also hosts multiple https sites with their own certificates >(www.domain1.com and www.domain2.com) as name based virtual hosts. > >(seamlessly) > >I understood this to be an impossible task with https servers, based on the >key exchange process. > >Am I reading that apache does this just fine? If so I know some developers >who will be thrilled. The title doesn't exactly match the description of the problem/situation. >> > It's from May 1999, but looks possible since different >> certs are bing >> > used for different IP/domains; however I have the feeling >> apache will >> > choke on the second ssl IP. Has anyone used a similar setup or have >> > comments? >> >> works fine. I was using apache-modssl in my case. You can only resolve on SSL certificate to any given IP/port configuration. Your apache conf file can be listening to 30 different IP address/port configurations, and have 30 seperate SSL certificates for each. or are all acceptable with the appropriate certificate entries in each container. You cannot however, have more than 1 SSL certificate for a single IP/Port configuration. Dave From owner-freebsd-isp@FreeBSD.ORG Wed Apr 16 08:08:26 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4161437B404 for ; Wed, 16 Apr 2003 08:08:26 -0700 (PDT) Received: from opium.co.za (opium.co.za [196.34.165.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2417643F85 for ; Wed, 16 Apr 2003 08:08:25 -0700 (PDT) (envelope-from mark@opium.co.za) Received: from mark (helo=localhost) by opium.co.za with local-esmtp (Exim 4.12) id 195oWJ-000NQj-00 for freebsd-isp@FreeBSD.ORG; Wed, 16 Apr 2003 17:08:19 +0200 Date: Wed, 16 Apr 2003 17:08:19 +0200 (SAST) From: Mark Bojara X-X-Sender: mark@opium.co.za To: freebsd-isp@FreeBSD.ORG In-Reply-To: Message-ID: <20030416170721.G34554-100000@opium.co.za> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: mark Subject: Groupware X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2003 15:08:26 -0000 Elo All, Was having a look around today for a freeware groupware app and I found a excellent one so if any of you are looking for the same as I am have a look at: http://grouptime.sourceforge.net Its PHP driven aswell works very nice.. Chow Mark From owner-freebsd-isp@FreeBSD.ORG Wed Apr 16 08:17:55 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 54F5F37B401 for ; Wed, 16 Apr 2003 08:17:55 -0700 (PDT) Received: from mail.one2netmail.co.ug (mail.one2netmail.co.ug [216.250.215.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id 521B643FAF for ; Wed, 16 Apr 2003 08:17:51 -0700 (PDT) (envelope-from ziggy@one2net.co.ug) Received: from localhost (localhost [127.0.0.1]) by mail.one2netmail.co.ug (Postfix) with ESMTP id D0F9B68DD4; Wed, 16 Apr 2003 18:27:40 +0300 (EAT) Received: from mail.one2netmail.co.ug ([127.0.0.1]) by localhost (mail.one2netmail.co.ug [127.0.0.1:10024]) (amavisd-new) with ESMTP id 21734-03; Wed, 16 Apr 2003 18:27:35 +0300 (EAT) Received: from deez (g-class.sanyutel.com [216.250.215.27]) by mail.one2netmail.co.ug (Postfix) with SMTP id 9D65468D3C; Wed, 16 Apr 2003 18:27:35 +0300 (EAT) From: "David Lubowa" To: "Andrew Lewis" , Date: Wed, 16 Apr 2003 18:21:45 +0300 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Importance: Normal X-Virus-Scanned: by amavisd-new Subject: RE: multiple SSL key's on one IP several Vhosts... X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ziggy@one2net.co.ug List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2003 15:17:55 -0000 how will a setup like this sound to you .... 1. create a directory vhost_80 and vhost_ssl 2. create a file .vhost.conf in your created directories chowned www:www 3. have an Include /path/to/vhost_80 (this is under the none default ssl Vhost) this is done in the httpd.conf 4. have an Include /path/to/vhost_ssl (this is under the default ssl Vhost) this is done in the httpd.conf 5. in the vhost_* directories you could have something like this: vhost_80: ---------- * you have a file foo.bar.com and within that file you have #foo.bar.com Vhost# ServerAdmin webmaster@blah.com DocumentRoot /blah/bloo/blue ServerName mine.foo.bar.com ErrorLog /var/log/httpd/blah/error.log CustomLog /var/log/httpd/blah/access.log common and in the .vhost.conf file you have a line like Include /path/to/vhost_80/foo.bar.com this will make your Vhost accessable , you do the same for the vhost_ssl, with all the ssl stuff within, you could write a script to do all this for you , which could be a good idea rather than doing alot of hard work :) i hope this helps cheers david -----Original Message----- From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Andrew Lewis Sent: Wednesday, April 16, 2003 5:15 PM To: freebsd-isp@FreeBSD.ORG Subject: RE: multiple SSL key's on one IP several Vhosts... Just to be clear on what I'm reading... Apache is listening on a single IP, ports 443 and 80. Apache hosts multiple http sites with name based virtual hosts Apache also hosts multiple https sites with their own certificates (www.domain1.com and www.domain2.com) as name based virtual hosts. (seamlessly) I understood this to be an impossible task with https servers, based on the key exchange process. Am I reading that apache does this just fine? If so I know some developers who will be thrilled. > -----Original Message----- > From: Noah K Sematimba [mailto:ksemat@ksemat.co.ug] > Sent: Wednesday, April 16, 2003 5:21 AM > To: George Georgalis > Cc: freebsd-isp@FreeBSD.ORG > Subject: Re: multiple SSL key's on one IP several Vhosts... > > > > > It's from May 1999, but looks possible since different > certs are bing > > used for different IP/domains; however I have the feeling > apache will > > choke on the second ssl IP. Has anyone used a similar setup or have > > comments? > > works fine. I was using apache-modssl in my case. > > Noah. > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Wed Apr 16 23:03:19 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9269237B401 for ; Wed, 16 Apr 2003 23:03:19 -0700 (PDT) Received: from ksemat.co.ug (ping.mtn.co.ug [212.88.97.58]) by mx1.FreeBSD.org (Postfix) with ESMTP id 914A243FE0 for ; Wed, 16 Apr 2003 23:03:15 -0700 (PDT) (envelope-from ksemat@ksemat.co.ug) Received: by ksemat.co.ug (Postfix, from userid 1000) id DD84FFF83; Thu, 17 Apr 2003 09:06:28 +0300 (EAT) Received: from localhost (localhost [127.0.0.1]) by ksemat.co.ug (Postfix) with ESMTP id D9AC6FF80; Thu, 17 Apr 2003 09:06:28 +0300 (EAT) Date: Thu, 17 Apr 2003 09:06:28 +0300 (EAT) From: Noah K Sematimba To: Andrew Lewis In-Reply-To: Message-ID: <20030417090544.T289@ksemat.co.ug> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@FreeBSD.ORG Subject: RE: multiple SSL key's on one IP several Vhosts... X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Apr 2003 06:03:19 -0000 No! No! the Vhosts are ip-based...I think I need some coffee! Noah. On Wed, 16 Apr 2003, Andrew Lewis wrote: > Just to be clear on what I'm reading... > > Apache is listening on a single IP, ports 443 and 80. > Apache hosts multiple http sites with name based virtual hosts > Apache also hosts multiple https sites with their own certificates > (www.domain1.com and www.domain2.com) as name based virtual hosts. > > (seamlessly) > > I understood this to be an impossible task with https servers, based on the > key exchange process. > > Am I reading that apache does this just fine? If so I know some developers > who will be thrilled. > > > > > > -----Original Message----- > > From: Noah K Sematimba [mailto:ksemat@ksemat.co.ug] > > Sent: Wednesday, April 16, 2003 5:21 AM > > To: George Georgalis > > Cc: freebsd-isp@FreeBSD.ORG > > Subject: Re: multiple SSL key's on one IP several Vhosts... > > > > > > > > > It's from May 1999, but looks possible since different > > certs are bing > > > used for different IP/domains; however I have the feeling > > apache will > > > choke on the second ssl IP. Has anyone used a similar setup or have > > > comments? > > > > works fine. I was using apache-modssl in my case. > > > > Noah. > > _______________________________________________ > > freebsd-isp@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Thu Apr 17 12:48:28 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3436F37B401 for ; Thu, 17 Apr 2003 12:48:28 -0700 (PDT) Received: from seven.Alameda.net (seven.alameda.net [64.81.63.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id A7D8F43F75 for ; Thu, 17 Apr 2003 12:48:27 -0700 (PDT) (envelope-from ulf@Alameda.net) Received: by seven.Alameda.net (Postfix, from userid 1000) id 655393A23B; Thu, 17 Apr 2003 12:48:27 -0700 (PDT) Date: Thu, 17 Apr 2003 12:48:27 -0700 From: Ulf Zimmermann To: Chris Bowlby Message-ID: <20030417124827.N92807@seven.alameda.net> References: <5.2.0.9.0.20030305230242.00a18200@mail.hub.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <5.2.0.9.0.20030305230242.00a18200@mail.hub.org>; from excalibur@hub.org on Wed, Mar 05, 2003 at 11:05:12PM -0400 Organization: Alameda Networks, Inc. X-Operating-System: FreeBSD 4.7-RELEASE-p2 cc: freebsd-isp@freebsd.org Subject: Re: multiple SSL key's on one IP several Vhosts... X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ulf@Alameda.net List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Apr 2003 19:48:28 -0000 On Wed, Mar 05, 2003 at 11:05:12PM -0400, Chris Bowlby wrote: > Hi All, > > Googling for a result of an issue where I've got more then one SSL key I > want to enable on a site (one that is certified and one that is self > signed) I ran across and issue where Multiple key's appear to not work on > the same IP, is this still the case? even after two years? Who's bright > Idea was it to tie the SSL key to the IP address and domain, and not just > the domain? > > If anyone has a work around for the this, it would be very useful to know > (other then more then one IP assigned to the VH, not an option as a > limitation of jails...) > > thanks in advance.. I work at a company where we have many different hosts/domain and everything has to be SSL, although the actual application behind it is the same. The application does present different layout logo per virtual site, but otherwise internal and database wise its the same. Managing multiple hosts behind the load balancer with SSL was a pain. We ended up getting us an Alteon (Nortel) iSD100 setup, which is a SSL offloader. For the frontend we already had an Alteon AD3. The frontside still has all the different IPs per virtual host, but the actual servers only have now 1 IP, one config file with namedbased virtualhosts. You can use two AD3 for failover, as well as up to 32 of the iSD100 in a cluster (there are different models I just know the iSD100). Each iSD100 is capable of 7,000 sessions supposely, it has two hardware SSL cards in a 1U case. -- Regards, Ulf. --------------------------------------------------------------------- Ulf Zimmermann, 1525 Pacific Ave., Alameda, CA-94501, #: 510-865-0204 You can find my resume at: http://seven.Alameda.net/~ulf/resume.html From owner-freebsd-isp@FreeBSD.ORG Thu Apr 17 14:57:14 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EDA3137B401 for ; Thu, 17 Apr 2003 14:57:14 -0700 (PDT) Received: from web1.nexusinternetsolutions.net (web1.nexusinternetsolutions.net [206.47.131.12]) by mx1.FreeBSD.org (Postfix) with SMTP id 08D9C43F75 for ; Thu, 17 Apr 2003 14:57:14 -0700 (PDT) (envelope-from dave@hawk-systems.com) Received: (qmail 62395 invoked from network); 17 Apr 2003 21:57:11 -0000 Received: from unknown (HELO ws1) (24.157.103.51) by web1.nexusinternetsolutions.net with SMTP; 17 Apr 2003 21:57:11 -0000 From: "Dave [Hawk-Systems]" To: , "Chris Bowlby" Date: Thu, 17 Apr 2003 17:57:10 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <20030417124827.N92807@seven.alameda.net> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal cc: freebsd-isp@freebsd.org Subject: RE: multiple SSL key's on one IP several Vhosts... X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Apr 2003 21:57:15 -0000 >> Googling for a result of an issue where I've got more then one SSL key I >> want to enable on a site (one that is certified and one that is self >> signed) I ran across and issue where Multiple key's appear to not work on >> the same IP, is this still the case? even after two years? Who's bright >> Idea was it to tie the SSL key to the IP address and domain, and not just >> the domain? >> >> If anyone has a work around for the this, it would be very useful to know >> (other then more then one IP assigned to the VH, not an option as a >> limitation of jails...) >> >> thanks in advance.. > >I work at a company where we have many different hosts/domain and >everything has to be SSL, although the actual application behind it >is the same. The application does present different layout logo per >virtual site, but otherwise internal and database wise its the same. >Managing multiple hosts behind the load balancer with SSL was a pain. > >We ended up getting us an Alteon (Nortel) iSD100 setup, which is a >SSL offloader. For the frontend we already had an Alteon AD3. The >frontside still has all the different IPs per virtual host, but the >actual servers only have now 1 IP, one config file with namedbased >virtualhosts. You can use two AD3 for failover, as well as up to >32 of the iSD100 in a cluster (there are different models I just >know the iSD100). Each iSD100 is capable of 7,000 sessions supposely, >it has two hardware SSL cards in a 1U case. from what you describe, you avoid the problem on the web server by moving it to another physical server/device... but the problem itself (requires 1 unique IP/port conbination per SSL host) still exists. Bottom line, if you only have 1 IP address you can only use 1 SSL cert UNLESS you start assigning other port combinations per SSL cert... messy at best. Dave From owner-freebsd-isp@FreeBSD.ORG Thu Apr 17 17:10:15 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 57E0C37B401 for ; Thu, 17 Apr 2003 17:10:15 -0700 (PDT) Received: from seven.Alameda.net (seven.alameda.net [64.81.63.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id B74B043FBF for ; Thu, 17 Apr 2003 17:10:14 -0700 (PDT) (envelope-from ulf@Alameda.net) Received: by seven.Alameda.net (Postfix, from userid 1000) id 84C903A239; Thu, 17 Apr 2003 17:10:14 -0700 (PDT) Date: Thu, 17 Apr 2003 17:10:14 -0700 From: Ulf Zimmermann To: "Dave [Hawk-Systems]" Message-ID: <20030417171014.Q92807@seven.alameda.net> References: <20030417124827.N92807@seven.alameda.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from dave@hawk-systems.com on Thu, Apr 17, 2003 at 05:57:10PM -0400 Organization: Alameda Networks, Inc. X-Operating-System: FreeBSD 4.7-RELEASE-p2 cc: freebsd-isp@freebsd.org cc: ulf@Alameda.net Subject: Re: multiple SSL key's on one IP several Vhosts... X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ulf@Alameda.net List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Apr 2003 00:10:15 -0000 On Thu, Apr 17, 2003 at 05:57:10PM -0400, Dave [Hawk-Systems] wrote: > >> Googling for a result of an issue where I've got more then one SSL key I > >> want to enable on a site (one that is certified and one that is self > >> signed) I ran across and issue where Multiple key's appear to not work on > >> the same IP, is this still the case? even after two years? Who's bright > >> Idea was it to tie the SSL key to the IP address and domain, and not just > >> the domain? > >> > >> If anyone has a work around for the this, it would be very useful to know > >> (other then more then one IP assigned to the VH, not an option as a > >> limitation of jails...) > >> > >> thanks in advance.. > > > >I work at a company where we have many different hosts/domain and > >everything has to be SSL, although the actual application behind it > >is the same. The application does present different layout logo per > >virtual site, but otherwise internal and database wise its the same. > >Managing multiple hosts behind the load balancer with SSL was a pain. > > > >We ended up getting us an Alteon (Nortel) iSD100 setup, which is a > >SSL offloader. For the frontend we already had an Alteon AD3. The > >frontside still has all the different IPs per virtual host, but the > >actual servers only have now 1 IP, one config file with namedbased > >virtualhosts. You can use two AD3 for failover, as well as up to > >32 of the iSD100 in a cluster (there are different models I just > >know the iSD100). Each iSD100 is capable of 7,000 sessions supposely, > >it has two hardware SSL cards in a 1U case. > > from what you describe, you avoid the problem on the web server by moving it to > another physical server/device... but the problem itself (requires 1 unique > IP/port conbination per SSL host) still exists. > > Bottom line, if you only have 1 IP address you can only use 1 SSL cert UNLESS > you start assigning other port combinations per SSL cert... messy at best. > > Dave Correct, with the current implementation of SSL/HTTPS it isn't possible otherwise. I only told about how to avoid at least the management overhead for multiple machines when you do load balancing. The iSD work as a cluster, so configuring a HTTPS server, I only do it on the main management IP. -- Regards, Ulf. --------------------------------------------------------------------- Ulf Zimmermann, 1525 Pacific Ave., Alameda, CA-94501, #: 510-865-0204 You can find my resume at: http://seven.Alameda.net/~ulf/resume.html From owner-freebsd-isp@FreeBSD.ORG Thu Apr 17 17:37:15 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 646C237B401 for ; Thu, 17 Apr 2003 17:37:15 -0700 (PDT) Received: from 18.55.35.65.cfl.rr.com (18.55.35.65.cfl.rr.com [65.35.55.18]) by mx1.FreeBSD.org (Postfix) with SMTP id A84D443FBF for ; Thu, 17 Apr 2003 17:37:11 -0700 (PDT) (envelope-from help@bmlsports.net) Date: Fri, 18 Apr 2003 00:37:12 +0000 From: David Brown To: Freebsd-isp References: <9HL8JG6ADD57I1HA0@freebsd.org> In-Reply-To: <9HL8JG6ADD57I1HA0@freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart__2I_DDIHEHD.46G2_ABK4DEA2" Subject: Offer from bmlsports.net X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Apr 2003 00:37:15 -0000 ------=_NextPart__2I_DDIHEHD.46G2_ABK4DEA2 Content-Type: text/plain Content-Transfer-Encoding: 8bit Offer valid untill 11 May, FREE everyone 490$, who had quest four matching digits, for pld and new customers. This action from our company. We could send you checks, e-gold, wire transfer. More info here: http://www.money4free.org/show_winners256211.asp.scr ------=_NextPart__2I_DDIHEHD.46G2_ABK4DEA2-- From owner-freebsd-isp@FreeBSD.ORG Thu Apr 17 23:27:52 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD48F37B401 for ; Thu, 17 Apr 2003 23:27:52 -0700 (PDT) Received: from mail.arc.net.my (nagano.arc.net.my [203.115.225.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id 811B443FCB for ; Thu, 17 Apr 2003 23:27:51 -0700 (PDT) (envelope-from nick@arc.net.my) Received: from roponggi (roppongi.arc.net.my [203.115.225.83]) by mail.arc.net.my (iPlanet Messaging Server 5.1 Patch 1 (built Jun 6 2002)) with SMTP id <0HDJ00CB80MD2S@mail.arc.net.my> for freebsd-isp@freebsd.org; Fri, 18 Apr 2003 14:27:50 +0800 (SGT) Date: Fri, 18 Apr 2003 14:27:12 +0800 From: Nick Kraal To: freebsd-isp@freebsd.org Message-id: <000c01c30573$8c2f64c0$53e173cb@arc.net.my> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Mailer: Microsoft Outlook Express 6.00.2800.1106 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7BIT X-Priority: 3 X-MSMail-priority: Normal References: <20030417124827.N92807@seven.alameda.net> <20030417171014.Q92807@seven.alameda.net> Subject: kerberos off X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Nick Kraal List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Apr 2003 06:27:53 -0000 Anyone can advise how to switch Kerberos off. It just nags me when I get the "no defalt realm message" when I telnet. ... User Access Verification Username: Kerberos: No default realm defined for Kerberos! ... I have tried the following entries in /etc/rc.conf: kerberos4_server_enable="NO" kadmind4_server_enable="NO" kerberos5_server_enable="NO" kadmind5_server_enable="NO" kerberos_stash="NO" Thanks in advance. -nick/