From owner-freebsd-isp@FreeBSD.ORG Sun Nov 16 02:00:22 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C65016A4F3 for ; Sun, 16 Nov 2003 02:00:22 -0800 (PST) Received: from srv1.cosmo-project.de (srv1.cosmo-project.de [213.83.6.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id 13CF443FAF for ; Sun, 16 Nov 2003 02:00:20 -0800 (PST) (envelope-from andreas@klemm.apsfilter.org) Received: from srv1.cosmo-project.de (localhost [IPv6:::1]) hAGA0At2076671 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sun, 16 Nov 2003 11:00:10 +0100 (CET) (envelope-from andreas@klemm.apsfilter.org) Received: (from uucp@localhost)hAGA099o076670; Sun, 16 Nov 2003 11:00:09 +0100 (CET) (envelope-from andreas@klemm.apsfilter.org) Received: from titan.klemm.apsfilter.org (localhost.klemm.apsfilter.org [127.0.0.1]) by klemm.apsfilter.org (8.12.10/8.12.9) with ESMTP id hAG9wcrJ057930; Sun, 16 Nov 2003 10:58:38 +0100 (CET) (envelope-from andreas@titan.klemm.apsfilter.org) Received: (from andreas@localhost)hAG9wbiu057920; Sun, 16 Nov 2003 10:58:37 +0100 (CET) (envelope-from andreas) Date: Sun, 16 Nov 2003 10:58:37 +0100 From: Andreas Klemm To: Eric Anderson Message-ID: <20031116095837.GB43167@titan.klemm.apsfilter.org> References: <20031113224321.GA44854@titan.klemm.apsfilter.org> <3FB4F01D.8020008@centtech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3FB4F01D.8020008@centtech.com> X-Operating-System: FreeBSD 5.1-CURRENT X-Disclaimer: A free society is one where it is safe to be unpopular User-Agent: Mutt/1.5.4i cc: freebsd-isp@freebsd.org Subject: Re: someone using openldap for ~3500 windows user for authentication ? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Nov 2003 10:00:22 -0000 On Fri, Nov 14, 2003 at 09:09:17AM -0600, Eric Anderson wrote: > Andreas Klemm wrote: > > >Would like to ask some questions about this if somebody > >has made experiences with this ... > > > Are you planning on using Samba as a PDC for authentication, or did you > have another way? Currently I only know little, how people plan to do it. >From my understanding they want to move away from NT4 PDC/BDC concept to a more open standard (->LDAP). >From what I read they need for windows clients to authenticate a Windows directory server (Meta Directory it was called in 2002 and should be in developement at that time, dunno if this product name still applies), since Windows clients cannt communicate directly with a LDAP server for authentication purposes. I assume this Directory Server can be substituded by samba. I assume samba can talk to LDAP server. But I don't know exactly ... And I dunno that other things they plan, that maybe require the M$ directory server and which Samba still can't perform. I was not at the customer at the meeting, I only have it from hearsay of the consultant who was there ... I'm currently only digging for informations, what pitfalls are involved with such a migration. Andreas /// -- Andreas Klemm - Powered by FreeBSD 5.1-CURRENT Need a magic printfilter today ? -> http://www.apsfilter.org/ From owner-freebsd-isp@FreeBSD.ORG Sun Nov 16 03:34:25 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 309AA16A4CE for ; Sun, 16 Nov 2003 03:34:25 -0800 (PST) Received: from imhotep.yuckfou.org (cust.89.117.adsl.cistron.nl [195.64.89.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 32FBC43F75 for ; Sun, 16 Nov 2003 03:34:23 -0800 (PST) (envelope-from nivo+sender+a5063a@yuckfou.org) Received: from localhost (localhost [127.0.0.1]) by imhotep.yuckfou.org (Postfix) with ESMTP id E15311D2 for ; Sun, 16 Nov 2003 12:35:02 +0100 (CET) Received: from imhotep.yuckfou.org ([127.0.0.1]) by localhost (imhotep.yuckfou.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 76081-03 for ; Sun, 16 Nov 2003 12:35:00 +0100 (CET) Received: by imhotep.yuckfou.org (Postfix, from userid 1000) id 18D0D1BB; Sun, 16 Nov 2003 12:35:00 +0100 (CET) Received: from yuckfou.org (turbata-xp [192.168.2.236]) by localhost.yuckfou.org (tmda-ofmipd) with ESMTP; Sun, 16 Nov 2003 12:34:54 +0100 (CET) Message-ID: <3FB760B5.9070306@yuckfou.org> Date: Sun, 16 Nov 2003 12:34:13 +0100 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030912 Thunderbird/0.3a X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-isp@freebsd.org References: <009b01c3ab94$9b2aaa80$110d3ad4@VAHOXP> In-Reply-To: <009b01c3ab94$9b2aaa80$110d3ad4@VAHOXP> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit From: Nils Vogels X-Delivery-Agent: TMDA/0.88 (Decidedly) X-TMDA-Fingerprint: YKSLnID6RADc3+LrCl23KGQXJaI X-Virus-Scanned: by amavisd-new at yuckfou.org Subject: Re: About DNS (BIND) with Database X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Nils Vogels List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Nov 2003 11:34:25 -0000 Vahric MUHTARYAN wrote: >Hi Everybody , > >Are anybody use BIND with Mysql database (BIND DNS 9 server which >supports a MySQL backend ) any suggstion ?!!! Do you it's working stable >or not ?! > >Port name: bind9-sdb-mysql-9.2.2_1 > > I have this in working order and haven't experienced any isses with it, however my nameserver only serves a few domains at current, so I cannot tell you how it will react under stress. HTH & HAND Nils. From owner-freebsd-isp@FreeBSD.ORG Sat Nov 15 18:42:58 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 158C016A4CE for ; Sat, 15 Nov 2003 18:42:58 -0800 (PST) Received: from n3.grp.scd.yahoo.com (n3.grp.scd.yahoo.com [66.218.66.86]) by mx1.FreeBSD.org (Postfix) with SMTP id 09CDE43FB1 for ; Sat, 15 Nov 2003 18:42:55 -0800 (PST) sentto-2726228-1254-1068950572-freebsd-isp=freebsd.org@returns.groups.yahoo.com) X-eGroups-Return: sentto-2726228-1254-1068950572-freebsd-isp=freebsd.org@returns.groups.yahoo.com Received: from [66.218.67.197] by n3.grp.scd.yahoo.com with NNFMP; 16 Nov 2003 02:42:52 -0000 X-Sender: jshen@it.swin.edu.au X-Apparently-To: semanticweb@yahoogroups.com Received: (qmail 74839 invoked from network); 16 Nov 2003 02:42:51 -0000 Received: from unknown (66.218.66.167) by m4.grp.scd.yahoo.com with QMQP; 16 Nov 2003 02:42:51 -0000 Received: from unknown (HELO it.swin.edu.au) (136.186.5.30) by mta6.grp.scd.yahoo.com with SMTP; 16 Nov 2003 02:42:50 -0000 Received: (qmail 21729 invoked from network); 16 Nov 2003 02:42:47 -0000 Received: from jshen-pc.it.swin.edu.au (HELO JSHENPC) (136.186.7.155) by venus.it.swin.edu.au with RC4-MD5 encrypted SMTP; 16 Nov 2003 02:42:47 -0000 To: "'mbxian'" , Message-ID: <002001c3abeb$51a11000$9b07ba88@JSHENPC> X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-AntiVirus: scanned for viruses by AMaViS From: "Jun Shen" X-Originating-IP: 136.186.5.30 MIME-Version: 1.0 Mailing-List: list semanticweb@yahoogroups.com; contact semanticweb-owner@yahoogroups.com Delivered-To: mailing list semanticweb@yahoogroups.com Precedence: bulk Date: Sun, 16 Nov 2003 13:42:47 +1100 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Sun, 16 Nov 2003 04:57:33 -0800 Subject: RE: [semanticweb] agent on the semantic web X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Nov 2003 02:42:58 -0000 I'm not sure whether Petri net based system is available or capable in SWWS area, but the following paper is great. S. Narayanan and S. McIlraith (2003). "Analysis and simulation of Web services." Computer Networks 42(5): 675-693 Cheers Jun Shen CICEC-Swinburne Univ. -----Original Message----- From: mbxian [mailto:mbxian@163.net] Sent: Sunday, 16 November 2003 1:11 AM To: semanticweb@yahoogroups.com Subject: [semanticweb] agent on the semantic web i want to know 1)if semantic web service can be view as agent behaviors and semantic web can be intelligent web ,what should we do for these agents and services? 2)is there any system that include petri nets for semantic web (services)? ------------------------ Yahoo! Groups Sponsor ---------------------~--> Buy Ink Cartridges or Refill Kits for your HP, Epson, Canon or Lexmark Printer at MyInks.com. Free s/h on orders $50 or more to the US & Canada. http://www.c1tracking.com/l.asp?cid=5511 http://us.click.yahoo.com/mOAaAA/3exGAA/qnsNAA/9rHolB/TM ---------------------------------------------------------------------~-> To unsubscribe from this group, send an email to: semanticweb-unsubscribe@yahoogroups.com Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ ------------------------ Yahoo! Groups Sponsor ---------------------~--> Buy Ink Cartridges or Refill Kits for your HP, Epson, Canon or Lexmark Printer at MyInks.com. Free s/h on orders $50 or more to the US & Canada. http://www.c1tracking.com/l.asp?cid=5511 http://us.click.yahoo.com/mOAaAA/3exGAA/qnsNAA/9rHolB/TM ---------------------------------------------------------------------~-> To unsubscribe from this group, send an email to: semanticweb-unsubscribe@yahoogroups.com Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ From owner-freebsd-isp@FreeBSD.ORG Sun Nov 16 11:12:27 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABA0916A4CE; Sun, 16 Nov 2003 11:12:27 -0800 (PST) Received: from mizar.origin-it.net (mizar.origin-it.net [194.8.96.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1358C43FE1; Sun, 16 Nov 2003 11:12:25 -0800 (PST) (envelope-from helge.oldach@atosorigin.com) Received: from matar.hbg.de.int.atosorigin.com (dehsfw3e.origin-it.net [194.8.96.68])hAGJBgUQ093146 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 16 Nov 2003 20:11:42 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: from galaxy.hbg.de.ao-srv.com (galaxy.hbg.de.ao-srv.com [161.89.20.4])ESMTP id hAGJBg35069203; Sun, 16 Nov 2003 20:11:42 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: (from hmo@localhost) by galaxy.hbg.de.ao-srv.com (8.9.3p2/8.9.3/hmo30mar03) id UAA25957; Sun, 16 Nov 2003 20:11:37 +0100 (MET) Message-Id: <200311161911.UAA25957@galaxy.hbg.de.ao-srv.com> In-Reply-To: <20031115182409.GA2001@blossom.cjclark.org> from "Crist J. Clark" at "Nov 15, 2003 7:24: 9 pm" To: cjclark@alum.mit.edu Date: Sun, 16 Nov 2003 20:11:36 +0100 (MET) From: Helge Oldach X-Address: Atos Origin GmbH, Friesenstraße 13, D-20097 Hamburg, Germany X-Phone: +49 40 7886 7464, Fax: +49 40 7886 9464, Mobile: +49 160 4782517 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org cc: freebsd-ipfw@freebsd.org cc: vgoupil@alis.com cc: freebsd-net@freebsd.org Subject: Re: IPSec VPN & NATD (problem with alias_address vs redirect_addr ess) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Nov 2003 19:12:27 -0000 Crist J. Clark: >On Sat, Nov 15, 2003 at 07:54:40AM +0100, Oldach, Helge wrote: >> From: Crist J. Clark [mailto:cristjc@comcast.net] >> > Two different ESP end points behind many-to-one NAT connected to >> > a single ESP end point on the other side of the NAT? I'd be very >> > curious to get the documentation on how they are cheating to get >> > that to work. >> You have posted a reference already. W2k SP4 supports UDP >> encapsulation of IPSec. And yes, it works fine, and reliably. >> Further, all of Cisco's and Checkpoints VPN gear support >> IPSec-over-UDP as well. This alone is >70% market share. >Oh, yeah, I know of UDP or TCP encapsulation tricks that work. I have >dealt with several of these implementations too. I thought that you >were implying that there were working NAT implementations that could >deal with ESP in these circumstances. Apologies... I am actually jumping between loosely related topics somewhat. In fact both Cisco and Checkpoint also support many-to-one NAT for ESP and AH protocols. One can indeed have multiple internal VPN devices hidden behind a single public address, and talking to the same outside VPN gateway - without requiring that the VPN devices themselves to tricks to work around NAT (such as UDP encapsulation). As we add Cisco routers (requiring a pretty recent IOS) here, the market share is potentially even higher. To add, there are all sorts of other drafts that amend IPSec functionality (such as XAUTH and Mode Config which are also pretty widely deployed in VPN remote access scenarios) that are missing. FreeBSD lacks features deployed in the market, when acting as a VPN endpoint, as well as when acting as a NAT device in the VPN packet flow. Either is a pity, unfortunately. I am not complaining; I am just stating that we're behind. But FreeS/WAN is in no better shape. Helge From owner-freebsd-isp@FreeBSD.ORG Sun Nov 16 11:37:22 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E75E716A4CE; Sun, 16 Nov 2003 11:37:22 -0800 (PST) Received: from complx.LF.net (complx.LF.net [212.9.190.63]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2716E43FCB; Sun, 16 Nov 2003 11:37:22 -0800 (PST) (envelope-from lists@complx.LF.net) Received: from lists by complx.LF.net with local (Exim 4.14) id 1ALSi0-000KJC-PE; Sun, 16 Nov 2003 20:37:20 +0100 Date: Sun, 16 Nov 2003 20:37:20 +0100 From: Kurt Jaeger To: freebsd-ipfw@freebsd.org, freebsd-isp@freebsd.org, freebsd-net@freebsd.org Message-ID: <20031116193720.GA61630@complx.LF.net> References: <20031115182409.GA2001@blossom.cjclark.org> <200311161911.UAA25957@galaxy.hbg.de.ao-srv.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200311161911.UAA25957@galaxy.hbg.de.ao-srv.com> Subject: Re: IPSec VPN & NATD (problem with alias_address vs redirect_addr ess) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Nov 2003 19:37:23 -0000 Hi! > FreeBSD lacks features deployed in the market, when acting as a VPN > endpoint, as well as when acting as a NAT device in the VPN packet flow. > Either is a pity, unfortunately. > > I am not complaining; I am just stating that we're behind. But FreeS/WAN > is in no better shape. Who would be willing/capable to add this to the code, if someone else (maybe LF.net?) would pay for the expense ? -- MfG/Best regards, Kurt Jaeger 17 years to go ! LF.net GmbH fon +49 711 90074-23 pi@LF.net Ruppmannstr. 27 fax +49 711 90074-33 D-70565 Stuttgart mob +49 171 3101372 From owner-freebsd-isp@FreeBSD.ORG Sun Nov 16 12:03:02 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A266716A4CE; Sun, 16 Nov 2003 12:03:02 -0800 (PST) Received: from figg.securenet.com.au (ns2.isecure.com.au [202.125.4.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id E530643FE9; Sun, 16 Nov 2003 12:02:59 -0800 (PST) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: from iron.securenet.com.au (iron.isecure.com.au [202.125.4.94] (may be forged))hAGK2wN5020199; Mon, 17 Nov 2003 07:02:58 +1100 Received: (from uucp@localhost) by iron.securenet.com.au (8.12.6/8.12.6) id hAGK2wrY002982; Mon, 17 Nov 2003 07:02:58 +1100 (EST) Received: from nodnsquery(10.11.3.10) by iron.securenet.com.au via csmap (V6.0) id srcAAA9Jay0f; Mon, 17 Nov 03 07:02:57 +1100 Received: from vmail.aipo.gov.au (localhost [127.0.0.1]) id hAGK2vQ0027001; Mon, 17 Nov 2003 07:02:57 +1100 Received: from stan.aipo.gov.au (wf-153.aipo.gov.au [192.168.1.153]) by vmail.aipo.gov.au (8.12.6/8.12.6) with ESMTP id hAGK2uZM072979; Mon, 17 Nov 2003 07:02:56 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: from stan.aipo.gov.au (localhost [127.0.0.1]) by stan.aipo.gov.au (8.12.9p2/8.12.8) with ESMTP id hAGK30AR000269; Mon, 17 Nov 2003 07:03:01 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: (from anwsmh@localhost) by stan.aipo.gov.au (8.12.9p2/8.12.8/Submit) id hAGK2xIN000268; Mon, 17 Nov 2003 07:02:59 +1100 (EST) X-Authentication-Warning: stan.aipo.gov.au: anwsmh set sender to anwsmh@IPAustralia.Gov.AU using -f Date: Mon, 17 Nov 2003 07:02:59 +1100 From: Stanley Hopcroft To: Andreas Klemm Message-ID: <20031117070255.B228@IPAustralia.Gov.AU> References: <20031113224321.GA44854@titan.klemm.apsfilter.org> <3FB4F01D.8020008@centtech.com> <20031116095837.GB43167@titan.klemm.apsfilter.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20031116095837.GB43167@titan.klemm.apsfilter.org>; from andreas@freebsd.org on Sun, Nov 16, 2003 at 10:58:37AM +0100 cc: freebsd-isp@freebsd.org Subject: Re: someone using openldap for ~3500 windows user for authentication ? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Nov 2003 20:03:02 -0000 Dear Sir, You may be better served by asking such questions on the Samba-TNG list, since, IIRC, LDAP backend authentication is one of their strengths/interests. (Low volume list and developer willingness to deal with boundary cases). Yours sincerely. -- ------------------------------------------------------------------------ Stanley Hopcroft ------------------------------------------------------------------------ '...No man is an island, entire of itself; every man is a piece of the continent, a part of the main. If a clod be washed away by the sea, Europe is the less, as well as if a promontory were, as well as if a manor of thy friend's or of thine own were. Any man's death diminishes me, because I am involved in mankind; and therefore never send to know for whom the bell tolls; it tolls for thee...' from Meditation 17, J Donne. From owner-freebsd-isp@FreeBSD.ORG Sun Nov 16 19:29:20 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D21716A4CE for ; Sun, 16 Nov 2003 19:29:20 -0800 (PST) Received: from mail.arc.net.my (nagano.arc.net.my [203.115.225.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id A373943FB1 for ; Sun, 16 Nov 2003 19:29:18 -0800 (PST) (envelope-from nick@arc.net.my) Received: from roponggi (roppongi.arc.net.my [203.115.225.83]) by mail.arc.net.my (iPlanet Messaging Server 5.1 Patch 1 (built Jun 6 2002)) with SMTP id <0HOH00M4H7P0E7@mail.arc.net.my> for freebsd-isp@freebsd.org; Mon, 17 Nov 2003 11:15:00 +0800 (SGT) Date: Mon, 17 Nov 2003 11:09:48 +0800 From: Nick Kraal To: freebsd-isp@freebsd.org Message-id: <00a201c3acb8$42c87820$53e173cb@arc.net.my> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Mailer: Microsoft Outlook Express 6.00.2800.1158 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7BIT X-Priority: 3 X-MSMail-priority: Normal Subject: Login restrictions X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Nick Kraal List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 03:29:20 -0000 I am trying to create shell accounts on a FreeBSD box for guests to access our network as an entry point. I need to restrict these guest so they do not roam freely, get too itchy and install stuff and play around. All they need to do is to ssh to the box to then telnet into our corporate network, that is all. ACLs on the corporate router permit access only from this box. So how do we do this: 1. Jail- how-to's on this are not that clear and seem to be centric around BIND installations. 2. chroot- again how-to's for this are poor and recommend jail instead -go to point #1. 3. restricted shell- still finding this, somewhat like the nologin/noshell shell. Much appreciated if there are some pointers to good how-to's. I am more partial to a chroot environment being slightly more simpler to implement. Thanks in advance. -nick/ From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 02:45:19 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2138816A4CE for ; Mon, 17 Nov 2003 02:45:19 -0800 (PST) Received: from ptb-mailc05.plus.net (ptb-mailc05.plus.net [212.159.14.211]) by mx1.FreeBSD.org (Postfix) with ESMTP id 47AC643FB1 for ; Mon, 17 Nov 2003 02:45:17 -0800 (PST) (envelope-from simong@desktop-guardian.com) Received: from [81.174.227.186] (helo=desktop-guardian.com) by ptb-mailc05.plus.net with smtp (Exim 4.12) id 1ALgse-0002EA-00 for freebsd-isp@freebsd.org; Mon, 17 Nov 2003 10:45:16 +0000 Received: (qmail 59650 invoked by uid 1006); 17 Nov 2003 10:45:50 -0000 Received: from simong@desktop-guardian.com by dtg25 by uid 82 with qmail-scanner-1.16 (clamscan: 0.54. spamassassin: 2.55. Clear:. Processed in 9.267253 secs); 17 Nov 2003 10:45:50 -0000 Received: from unknown (HELO dtg17) (192.168.0.17) by 192.168.0.25 with SMTP; 17 Nov 2003 10:45:38 -0000 Message-ID: <095f01c3acf7$b7569430$1100a8c0@dtg17> From: "Simon Gray" To: "Vahric MUHTARYAN" , References: <009b01c3ab94$9b2aaa80$110d3ad4@VAHOXP> Date: Mon, 17 Nov 2003 10:44:02 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: About DNS (BIND) with Database X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 10:45:19 -0000 > Are anybody use BIND with Mysql database (BIND DNS 9 server which > supports a MySQL backend ) any suggstion ?!!! Do you it's working stable > or not ?! > > Port name: bind9-sdb-mysql-9.2.2_1 My i suggest giving MyDNS a look (http://mydns.bboy.net/) MyDNS is a free DNS server for UNIX implemented from scratch and designed to serve records directly from an SQL database (currently either MySQL or PostgreSQL). Easy to setup, easy to use. I've been using it a while, seems to work well. (doesn't however include a resolver/cache, however these should be seperate from your name servers with the host files anyway - bind/tinydns could be run on a seperate machine for a resolver without any problems). /usr/ports/dns/mydns/ Hope this helps, Simon From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 03:45:59 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4404C16A4CE for ; Mon, 17 Nov 2003 03:45:59 -0800 (PST) Received: from smtp.doruk.net.tr (smtp.doruk.net.tr [212.58.5.248]) by mx1.FreeBSD.org (Postfix) with ESMTP id A556443FE0 for ; Mon, 17 Nov 2003 03:45:57 -0800 (PST) (envelope-from vahric@doruk.net.tr) Received: from VAHOXP (vahric.doruk.net.tr [212.58.13.17]) by smtp.doruk.net.tr (8.12.8/8.12.8) with ESMTP id hAHBuQCp001125; Mon, 17 Nov 2003 13:56:26 +0200 From: "Vahric MUHTARYAN" To: Date: Mon, 17 Nov 2003 13:45:04 +0200 Message-ID: <022801c3ad00$3e57e9e0$110d3ad4@VAHOXP> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-reply-to: <095f01c3acf7$b7569430$1100a8c0@dtg17> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: RE: About DNS (BIND) with Database X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 11:45:59 -0000 Hi , How many domains are you handling with it ?! and How long do you use MyDNS ?! And Do you say I have to use two seperate DNS server for solving other domains instead MyDNS server handled domains ?! I mean I will add domains to MyDNS and My customers will use to resolve something different DNS Servers ?! Thanks Vahric -----Original Message----- From: Simon Gray [mailto:simong@desktop-guardian.com] Sent: Monday, November 17, 2003 12:44 PM To: Vahric MUHTARYAN; freebsd-isp@freebsd.org Subject: Re: About DNS (BIND) with Database > Are anybody use BIND with Mysql database (BIND DNS 9 server which > supports a MySQL backend ) any suggstion ?!!! Do you it's working stable > or not ?! > > Port name: bind9-sdb-mysql-9.2.2_1 My i suggest giving MyDNS a look (http://mydns.bboy.net/) MyDNS is a free DNS server for UNIX implemented from scratch and designed to serve records directly from an SQL database (currently either MySQL or PostgreSQL). Easy to setup, easy to use. I've been using it a while, seems to work well. (doesn't however include a resolver/cache, however these should be seperate from your name servers with the host files anyway - bind/tinydns could be run on a seperate machine for a resolver without any problems). /usr/ports/dns/mydns/ Hope this helps, Simon From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 04:17:14 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 05E9616A4CE for ; Mon, 17 Nov 2003 04:17:14 -0800 (PST) Received: from ptb-mailc05.plus.net (ptb-mailc05.plus.net [212.159.14.211]) by mx1.FreeBSD.org (Postfix) with ESMTP id C7D5443FBD for ; Mon, 17 Nov 2003 04:17:12 -0800 (PST) (envelope-from simong@desktop-guardian.com) Received: from [81.174.227.186] (helo=desktop-guardian.com) by ptb-mailc05.plus.net with smtp (Exim 4.12) id 1ALiJb-000G9k-00 for freebsd-isp@freebsd.org; Mon, 17 Nov 2003 12:17:11 +0000 Received: (qmail 60601 invoked by uid 1006); 17 Nov 2003 12:17:46 -0000 Received: from simong@desktop-guardian.com by dtg25 by uid 82 with qmail-scanner-1.16 (clamscan: 0.54. spamassassin: 2.55. Clear:. Processed in 10.045202 secs); 17 Nov 2003 12:17:46 -0000 Received: from unknown (HELO dtg17) (192.168.0.17) by 192.168.0.25 with SMTP; 17 Nov 2003 12:17:34 -0000 Message-ID: <0a1301c3ad04$8e8151a0$1100a8c0@dtg17> From: "Simon Gray" To: "Vahric MUHTARYAN" References: <022801c3ad00$3e57e9e0$110d3ad4@VAHOXP> Date: Mon, 17 Nov 2003 12:15:57 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 cc: freebsd-isp@freebsd.org Subject: Re: About DNS (BIND) with Database X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 12:17:14 -0000 > How many domains are you handling with it ?! and How long do you > use MyDNS ?! Well i'm just using it on a box at home for 4 or 5 domains, however a friend of mine at a local isp is currently running about 1100 domains without any problems mydns itself isn't the bottleneck the database server is. There's no reason why you couldn't run a few million domains from it. > And Do you say I have to use two seperate DNS server for solving > other domains instead MyDNS server handled domains ?! I mean I will add > domains to MyDNS and My customers will use to resolve something > different DNS Servers ?! MyDNS does not include recursive name service, nor a resolver library. It is primarily designed for organizations with many zones and/or resource records who desire the ability to perform real-time dynamic updates on their DNS data via MySQL. Well you should keep your dns cache/resolver seperate from your dns servers have a look at >> http://cr.yp.to/djbdns/separation.html << Simon From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 04:52:44 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4EC2C16A4CE for ; Mon, 17 Nov 2003 04:52:44 -0800 (PST) Received: from hotmail.com (bay8-f7.bay8.hotmail.com [64.4.27.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id A14B243FD7 for ; Mon, 17 Nov 2003 04:52:43 -0800 (PST) (envelope-from unixtools@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 17 Nov 2003 04:52:43 -0800 Received: from 203.199.109.165 by by8fd.bay8.hotmail.msn.com with HTTP; Mon, 17 Nov 2003 12:52:43 GMT X-Originating-IP: [203.199.109.165] X-Originating-Email: [unixtools@hotmail.com] From: "Sunil Sunder Raj" To: freebsd-isp@freebsd.org Date: Mon, 17 Nov 2003 18:22:43 +0530 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 17 Nov 2003 12:52:43.0500 (UTC) FILETIME=[B127EAC0:01C3AD09] Subject: Find data transfer on a particular port X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 12:52:44 -0000 Hi, How does one find the data transfer on a particular port. You can find the data transfer on the whole server. But how to calculate which service/port is transferring the data. Regards SSR _________________________________________________________________ Enjoy shopping online? Get this e credit card. http://server1.msn.co.in/features/amex/ It cuts cost & adds value! From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 05:00:10 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9B10816A4CE for ; Mon, 17 Nov 2003 05:00:10 -0800 (PST) Received: from smtp-ft6.fr.colt.net (smtp-ft6.fr.colt.net [213.41.78.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id C1A6B43FE9 for ; Mon, 17 Nov 2003 05:00:07 -0800 (PST) (envelope-from nanard@tou.nu) Received: from orion (noc-bes.adm.fr.colt.net [195.68.1.120]) by smtp-ft6.fr.colt.net with SMTP id hAHD05415690; Mon, 17 Nov 2003 14:00:05 +0100 Message-ID: <01ae01c3ad0a$b8c25e90$51fd210a@orion> From: "nanard" To: "Sunil Sunder Raj" , References: Date: Mon, 17 Nov 2003 14:00:05 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Subject: Re: Find data transfer on a particular port X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 13:00:10 -0000 Hi, For instance, to know who is connected to port 993/tcp(IMAPS), you can use "lsof": crysto# lsof -ni |grep imaps inetd 276 root 4u IPv4 0xccb15b80 0t0 TCP 10.1.1.5:imaps (LISTEN) imapd 20016 root 0u IPv4 0xccb142c0 0t0 TCP 10.1.1.5:imaps->192.168.10.42:3194 (ESTABLISHED) imapd 20016 root 1u IPv4 0xccb142c0 0t0 TCP 10.1.1.5:imaps->192.168.10.42:3194 (ESTABLISHED) You have the name of the process (imapd) and the PID (20016) of the connexion. Regards, ----- Original Message ----- From: "Sunil Sunder Raj" To: Sent: Monday, November 17, 2003 1:52 PM Subject: Find data transfer on a particular port > Hi, > > How does one find the data transfer on a particular port. You can find the > data transfer on the whole server. But how to calculate which service/port > is transferring the data. > > Regards > SSR > > _________________________________________________________________ > Enjoy shopping online? Get this e credit card. > http://server1.msn.co.in/features/amex/ It cuts cost & adds value! > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 05:04:19 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED67516A4CE for ; Mon, 17 Nov 2003 05:04:19 -0800 (PST) Received: from home.irrelevant.org (dsl-217-155-238-246.zen.co.uk [217.155.238.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id 76E6B43FBF for ; Mon, 17 Nov 2003 05:04:17 -0800 (PST) (envelope-from simond@irrelevant.org) Received: from [62.244.179.195] (helo=[192.168.195.58]) by home.irrelevant.org with asmtp (TLSv1:AES256-SHA:256) (Exim 4.24; FreeBSD 4.9) id 1ALj38-000HHk-EE; Mon, 17 Nov 2003 13:04:14 +0000 From: Simon Dick To: Vahric MUHTARYAN In-Reply-To: <022801c3ad00$3e57e9e0$110d3ad4@VAHOXP> References: <022801c3ad00$3e57e9e0$110d3ad4@VAHOXP> Content-Type: text/plain Message-Id: <1069074217.677.35.camel@laptop.irrelevant.org> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Mon, 17 Nov 2003 13:03:37 +0000 Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: RE: About DNS (BIND) with Database X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 13:04:20 -0000 MyDNS doesn't do recursive lookups so yes, you will need a seperate name server for that. My work has been using MyDNS for over a year now and we're hosting over 50k domains with it with no problems, we use a replicated MySQL setup to run more than one name server with a local db for speed. Hope that helps somewhat. On Mon, 2003-11-17 at 11:45, Vahric MUHTARYAN wrote: > Hi , > > How many domains are you handling with it ?! and How long do you > use MyDNS ?! > > And Do you say I have to use two seperate DNS server for solving > other domains instead MyDNS server handled domains ?! I mean I will add > domains to MyDNS and My customers will use to resolve something > different DNS Servers ?! > > Thanks > Vahric > > -----Original Message----- > From: Simon Gray [mailto:simong@desktop-guardian.com] > Sent: Monday, November 17, 2003 12:44 PM > To: Vahric MUHTARYAN; freebsd-isp@freebsd.org > Subject: Re: About DNS (BIND) with Database > > > Are anybody use BIND with Mysql database (BIND DNS 9 server which > > supports a MySQL backend ) any suggstion ?!!! Do you it's working > stable > > or not ?! > > > > Port name: bind9-sdb-mysql-9.2.2_1 > > > My i suggest giving MyDNS a look (http://mydns.bboy.net/) > > > MyDNS is a free DNS server for UNIX implemented from scratch and > designed to > serve records directly from an SQL database (currently either MySQL or > PostgreSQL). > > > Easy to setup, easy to use. > I've been using it a while, seems to work well. (doesn't however include > a > resolver/cache, however these should be seperate from your name servers > with > the host files anyway - bind/tinydns could be run on a seperate machine > for > a resolver without any problems). > > /usr/ports/dns/mydns/ > > Hope this helps, > > Simon > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 05:09:33 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BEF9016A4CE for ; Mon, 17 Nov 2003 05:09:33 -0800 (PST) Received: from hotmail.com (bay8-f3.bay8.hotmail.com [64.4.27.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 018AE43FE9 for ; Mon, 17 Nov 2003 05:09:26 -0800 (PST) (envelope-from unixtools@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 17 Nov 2003 05:09:25 -0800 Received: from 203.199.109.165 by by8fd.bay8.hotmail.msn.com with HTTP; Mon, 17 Nov 2003 13:09:25 GMT X-Originating-IP: [203.199.109.165] X-Originating-Email: [unixtools@hotmail.com] From: "Sunil Sunder Raj" To: nanard@tou.nu Date: Mon, 17 Nov 2003 18:39:25 +0530 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 17 Nov 2003 13:09:25.0792 (UTC) FILETIME=[06918A00:01C3AD0C] cc: freebsd-isp@freebsd.org Subject: Re: Find data transfer on a particular port X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 13:09:33 -0000 Hi, >From mrtg I come to know that my server X is transferring Y mbit/s. But When I get into the server, how do I know which service/port is transferring maximum data. Regards SSR >From: "nanard" >To: "Sunil Sunder Raj" , >Subject: Re: Find data transfer on a particular port >Date: Mon, 17 Nov 2003 14:00:05 +0100 > >Hi, > >For instance, to know who is connected to port 993/tcp(IMAPS), you can use >"lsof": > >crysto# lsof -ni |grep imaps >inetd 276 root 4u IPv4 0xccb15b80 0t0 TCP >10.1.1.5:imaps >(LISTEN) >imapd 20016 root 0u IPv4 0xccb142c0 0t0 TCP >10.1.1.5:imaps->192.168.10.42:3194 (ESTABLISHED) >imapd 20016 root 1u IPv4 0xccb142c0 0t0 TCP >10.1.1.5:imaps->192.168.10.42:3194 (ESTABLISHED) > >You have the name of the process (imapd) and the PID (20016) of the >connexion. > >Regards, > >----- Original Message ----- >From: "Sunil Sunder Raj" >To: >Sent: Monday, November 17, 2003 1:52 PM >Subject: Find data transfer on a particular port > > > > Hi, > > > > How does one find the data transfer on a particular port. You can find >the > > data transfer on the whole server. But how to calculate which >service/port > > is transferring the data. > > > > Regards > > SSR > > > > _________________________________________________________________ > > Enjoy shopping online? Get this e credit card. > > http://server1.msn.co.in/features/amex/ It cuts cost & adds value! > > > > _______________________________________________ > > freebsd-isp@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > _________________________________________________________________ Garfield on your mobile. Download now. http://server1.msn.co.in/sp03/gprs/ How cool can life get? From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 06:09:59 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 67D9916A4CE for ; Mon, 17 Nov 2003 06:09:59 -0800 (PST) Received: from smtp.doruk.net.tr (smtp.doruk.net.tr [212.58.5.248]) by mx1.FreeBSD.org (Postfix) with ESMTP id D5CB743FD7 for ; Mon, 17 Nov 2003 06:09:57 -0800 (PST) (envelope-from vahric@doruk.net.tr) Received: from VAHOXP (vahric.doruk.net.tr [212.58.13.17]) by smtp.doruk.net.tr (8.12.8/8.12.8) with ESMTP id hAHEKVNc028374; Mon, 17 Nov 2003 16:20:31 +0200 From: "Vahric MUHTARYAN" To: Date: Mon, 17 Nov 2003 16:09:07 +0200 Message-ID: <029b01c3ad14$5e53b080$110d3ad4@VAHOXP> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-reply-to: <1069074217.677.35.camel@laptop.irrelevant.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: RE: About DNS (BIND) with Database X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 14:09:59 -0000 Ok , I want to test it if possible Could you check my design .. Bind9 ( name server x.x.x.2) Mydns x.x.x.3 ( database ) Bind9 ( name server x.x.x.1) Bind9 ( secondary ) in this environment ; My customers will use x.x.x.2 and x.x.x.1 for recursive query to solve local Domains and other domains which out side of us... and when customers want to register (take) new domain name they will give a dns server x.x.x.3-Mydns .. And which one is better using secondary bind9 or replicated Mydns ... Vahric -----Original Message----- From: Simon Dick [mailto:simond@irrelevant.org] Sent: Monday, November 17, 2003 3:04 PM To: Vahric MUHTARYAN Cc: freebsd-isp@freebsd.org Subject: RE: About DNS (BIND) with Database MyDNS doesn't do recursive lookups so yes, you will need a seperate name server for that. My work has been using MyDNS for over a year now and we're hosting over 50k domains with it with no problems, we use a replicated MySQL setup to run more than one name server with a local db for speed. Hope that helps somewhat. On Mon, 2003-11-17 at 11:45, Vahric MUHTARYAN wrote: > Hi , > > How many domains are you handling with it ?! and How long do you > use MyDNS ?! > > And Do you say I have to use two seperate DNS server for solving > other domains instead MyDNS server handled domains ?! I mean I will add > domains to MyDNS and My customers will use to resolve something > different DNS Servers ?! > > Thanks > Vahric > > -----Original Message----- > From: Simon Gray [mailto:simong@desktop-guardian.com] > Sent: Monday, November 17, 2003 12:44 PM > To: Vahric MUHTARYAN; freebsd-isp@freebsd.org > Subject: Re: About DNS (BIND) with Database > > > Are anybody use BIND with Mysql database (BIND DNS 9 server which > > supports a MySQL backend ) any suggstion ?!!! Do you it's working > stable > > or not ?! > > > > Port name: bind9-sdb-mysql-9.2.2_1 > > > My i suggest giving MyDNS a look (http://mydns.bboy.net/) > > > MyDNS is a free DNS server for UNIX implemented from scratch and > designed to > serve records directly from an SQL database (currently either MySQL or > PostgreSQL). > > > Easy to setup, easy to use. > I've been using it a while, seems to work well. (doesn't however include > a > resolver/cache, however these should be seperate from your name servers > with > the host files anyway - bind/tinydns could be run on a seperate machine > for > a resolver without any problems). > > /usr/ports/dns/mydns/ > > Hope this helps, > > Simon > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 06:21:24 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 99C3816A4CE for ; Mon, 17 Nov 2003 06:21:24 -0800 (PST) Received: from home.irrelevant.org (dsl-217-155-238-246.zen.co.uk [217.155.238.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id 91CDE43FDD for ; Mon, 17 Nov 2003 06:21:22 -0800 (PST) (envelope-from simond@irrelevant.org) Received: from [62.244.179.195] (helo=[192.168.195.58]) by home.irrelevant.org with asmtp (TLSv1:AES256-SHA:256) (Exim 4.24; FreeBSD 4.9) id 1ALkFk-000HSW-UT; Mon, 17 Nov 2003 14:21:21 +0000 From: Simon Dick To: Vahric MUHTARYAN In-Reply-To: <029b01c3ad14$5e53b080$110d3ad4@VAHOXP> References: <029b01c3ad14$5e53b080$110d3ad4@VAHOXP> Content-Type: text/plain Message-Id: <1069078843.677.48.camel@laptop.irrelevant.org> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Mon, 17 Nov 2003 14:20:43 +0000 Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: RE: About DNS (BIND) with Database X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 14:21:24 -0000 That looks as though it should work as all bind will do is do a normal DNS lookup via MyDNS if they ask for one of your own domains. As to which one is better for secondary, the drawback with bind that I found is that you have to rewrite it's ascii config file and reload it to add or remove domains, with MyDNS you can just add or delete entries. MyDNS does allow AXFR to a bind slave though so either will work, you may just want to reload your bind slave config every so often to catch additions and removals of domains. (I do replication personally as it effectively acts as a free backup of the SQL database too :) On Mon, 2003-11-17 at 14:09, Vahric MUHTARYAN wrote: > Ok , I want to test it if possible Could you check my design .. > > > Bind9 ( name server x.x.x.2) > Mydns x.x.x.3 ( > database ) > Bind9 ( name server x.x.x.1) > Bind9 ( > secondary ) > > in this environment ; > > My customers will use x.x.x.2 and x.x.x.1 for recursive query > to solve local Domains and other domains which out side of us... and > when customers want to register (take) new domain name they will give a > dns server x.x.x.3-Mydns .. > > And which one is better using secondary bind9 or replicated > Mydns ... > > Vahric > > > -----Original Message----- > From: Simon Dick [mailto:simond@irrelevant.org] > Sent: Monday, November 17, 2003 3:04 PM > To: Vahric MUHTARYAN > Cc: freebsd-isp@freebsd.org > Subject: RE: About DNS (BIND) with Database > > MyDNS doesn't do recursive lookups so yes, you will need a seperate name > server for that. My work has been using MyDNS for over a year now and > we're hosting over 50k domains with it with no problems, we use a > replicated MySQL setup to run more than one name server with a local db > for speed. > > Hope that helps somewhat. > > On Mon, 2003-11-17 at 11:45, Vahric MUHTARYAN wrote: > > Hi , > > > > How many domains are you handling with it ?! and How long do you > > use MyDNS ?! > > > > And Do you say I have to use two seperate DNS server for solving > > other domains instead MyDNS server handled domains ?! I mean I will > add > > domains to MyDNS and My customers will use to resolve something > > different DNS Servers ?! > > > > Thanks > > Vahric > > > > -----Original Message----- > > From: Simon Gray [mailto:simong@desktop-guardian.com] > > Sent: Monday, November 17, 2003 12:44 PM > > To: Vahric MUHTARYAN; freebsd-isp@freebsd.org > > Subject: Re: About DNS (BIND) with Database > > > > > Are anybody use BIND with Mysql database (BIND DNS 9 server which > > > supports a MySQL backend ) any suggstion ?!!! Do you it's working > > stable > > > or not ?! > > > > > > Port name: bind9-sdb-mysql-9.2.2_1 > > > > > > My i suggest giving MyDNS a look (http://mydns.bboy.net/) > > > > > > MyDNS is a free DNS server for UNIX implemented from scratch and > > designed to > > serve records directly from an SQL database (currently either MySQL or > > PostgreSQL). > > > > > > Easy to setup, easy to use. > > I've been using it a while, seems to work well. (doesn't however > include > > a > > resolver/cache, however these should be seperate from your name > servers > > with > > the host files anyway - bind/tinydns could be run on a seperate > machine > > for > > a resolver without any problems). > > > > /usr/ports/dns/mydns/ > > > > Hope this helps, > > > > Simon > > > > _______________________________________________ > > freebsd-isp@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > > From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 06:40:48 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA5F416A4CF for ; Mon, 17 Nov 2003 06:40:48 -0800 (PST) Received: from smtp.doruk.net.tr (smtp.doruk.net.tr [212.58.5.248]) by mx1.FreeBSD.org (Postfix) with ESMTP id A42F543FD7 for ; Mon, 17 Nov 2003 06:40:46 -0800 (PST) (envelope-from vahric@doruk.net.tr) Received: from VAHOXP (vahric.doruk.net.tr [212.58.13.17]) by smtp.doruk.net.tr (8.12.8/8.12.8) with ESMTP id hAHEpKNc000786; Mon, 17 Nov 2003 16:51:20 +0200 From: "Vahric MUHTARYAN" To: Date: Mon, 17 Nov 2003 16:39:57 +0200 Message-ID: <02a501c3ad18$abeea530$110d3ad4@VAHOXP> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-reply-to: <1069078843.677.48.camel@laptop.irrelevant.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: RE: About DNS (BIND) with Database X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 14:40:49 -0000 Do you have better idea for design or Could you tell your design ?! -----Original Message----- From: Simon Dick [mailto:simond@irrelevant.org] Sent: Monday, November 17, 2003 4:21 PM To: Vahric MUHTARYAN Cc: freebsd-isp@freebsd.org Subject: RE: About DNS (BIND) with Database That looks as though it should work as all bind will do is do a normal DNS lookup via MyDNS if they ask for one of your own domains. As to which one is better for secondary, the drawback with bind that I found is that you have to rewrite it's ascii config file and reload it to add or remove domains, with MyDNS you can just add or delete entries. MyDNS does allow AXFR to a bind slave though so either will work, you may just want to reload your bind slave config every so often to catch additions and removals of domains. (I do replication personally as it effectively acts as a free backup of the SQL database too :) On Mon, 2003-11-17 at 14:09, Vahric MUHTARYAN wrote: > Ok , I want to test it if possible Could you check my design .. > > > Bind9 ( name server x.x.x.2) > Mydns x.x.x.3 ( > database ) > Bind9 ( name server x.x.x.1) > Bind9 ( > secondary ) > > in this environment ; > > My customers will use x.x.x.2 and x.x.x.1 for recursive query > to solve local Domains and other domains which out side of us... and > when customers want to register (take) new domain name they will give a > dns server x.x.x.3-Mydns .. > > And which one is better using secondary bind9 or replicated > Mydns ... > > Vahric > > > -----Original Message----- > From: Simon Dick [mailto:simond@irrelevant.org] > Sent: Monday, November 17, 2003 3:04 PM > To: Vahric MUHTARYAN > Cc: freebsd-isp@freebsd.org > Subject: RE: About DNS (BIND) with Database > > MyDNS doesn't do recursive lookups so yes, you will need a seperate name > server for that. My work has been using MyDNS for over a year now and > we're hosting over 50k domains with it with no problems, we use a > replicated MySQL setup to run more than one name server with a local db > for speed. > > Hope that helps somewhat. > > On Mon, 2003-11-17 at 11:45, Vahric MUHTARYAN wrote: > > Hi , > > > > How many domains are you handling with it ?! and How long do you > > use MyDNS ?! > > > > And Do you say I have to use two seperate DNS server for solving > > other domains instead MyDNS server handled domains ?! I mean I will > add > > domains to MyDNS and My customers will use to resolve something > > different DNS Servers ?! > > > > Thanks > > Vahric > > > > -----Original Message----- > > From: Simon Gray [mailto:simong@desktop-guardian.com] > > Sent: Monday, November 17, 2003 12:44 PM > > To: Vahric MUHTARYAN; freebsd-isp@freebsd.org > > Subject: Re: About DNS (BIND) with Database > > > > > Are anybody use BIND with Mysql database (BIND DNS 9 server which > > > supports a MySQL backend ) any suggstion ?!!! Do you it's working > > stable > > > or not ?! > > > > > > Port name: bind9-sdb-mysql-9.2.2_1 > > > > > > My i suggest giving MyDNS a look (http://mydns.bboy.net/) > > > > > > MyDNS is a free DNS server for UNIX implemented from scratch and > > designed to > > serve records directly from an SQL database (currently either MySQL or > > PostgreSQL). > > > > > > Easy to setup, easy to use. > > I've been using it a while, seems to work well. (doesn't however > include > > a > > resolver/cache, however these should be seperate from your name > servers > > with > > the host files anyway - bind/tinydns could be run on a seperate > machine > > for > > a resolver without any problems). > > > > /usr/ports/dns/mydns/ > > > > Hope this helps, > > > > Simon > > > > _______________________________________________ > > freebsd-isp@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > > From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 07:18:39 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 45EC816A4CE for ; Mon, 17 Nov 2003 07:18:39 -0800 (PST) Received: from home.irrelevant.org (dsl-217-155-238-246.zen.co.uk [217.155.238.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id ED59643FB1 for ; Mon, 17 Nov 2003 07:18:37 -0800 (PST) (envelope-from simond@irrelevant.org) Received: from [62.244.179.195] (helo=[192.168.195.58]) by home.irrelevant.org with asmtp (TLSv1:AES256-SHA:256) (Exim 4.24; FreeBSD 4.9) id 1ALl9A-000HdG-6m; Mon, 17 Nov 2003 15:18:36 +0000 From: Simon Dick To: Vahric MUHTARYAN In-Reply-To: <02a501c3ad18$abeea530$110d3ad4@VAHOXP> References: <02a501c3ad18$abeea530$110d3ad4@VAHOXP> Content-Type: text/plain Message-Id: <1069082279.677.100.camel@laptop.irrelevant.org> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Mon, 17 Nov 2003 15:17:59 +0000 Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: RE: About DNS (BIND) with Database X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 15:18:39 -0000 How we do it is to have one master database which we have set as a replication master, this then replicates out to both ns0 and ns1 where it's read only, then we run MyDNS on each reading from the database running on the local machine. This way you can make changes to the zone data in the central database and every slave database automatically gets updated with the new data with no problems. We do have a couple of separate recursive bind servers on our network too on seperate servers (not needed, just the way it happened here) On Mon, 2003-11-17 at 14:39, Vahric MUHTARYAN wrote: > Do you have better idea for design or Could you tell your design ?! > > -----Original Message----- > From: Simon Dick [mailto:simond@irrelevant.org] > Sent: Monday, November 17, 2003 4:21 PM > To: Vahric MUHTARYAN > Cc: freebsd-isp@freebsd.org > Subject: RE: About DNS (BIND) with Database > > That looks as though it should work as all bind will do is do a normal > DNS lookup via MyDNS if they ask for one of your own domains. > > As to which one is better for secondary, the drawback with bind that I > found is that you have to rewrite it's ascii config file and reload it > to add or remove domains, with MyDNS you can just add or delete entries. > MyDNS does allow AXFR to a bind slave though so either will work, you > may just want to reload your bind slave config every so often to catch > additions and removals of domains. > > (I do replication personally as it effectively acts as a free backup of > the SQL database too :) > > On Mon, 2003-11-17 at 14:09, Vahric MUHTARYAN wrote: > > Ok , I want to test it if possible Could you check my design .. > > > > > > Bind9 ( name server x.x.x.2) > > Mydns x.x.x.3 ( > > database ) > > Bind9 ( name server x.x.x.1) > > Bind9 ( > > secondary ) > > > > in this environment ; > > > > My customers will use x.x.x.2 and x.x.x.1 for recursive query > > to solve local Domains and other domains which out side of us... and > > when customers want to register (take) new domain name they will give > a > > dns server x.x.x.3-Mydns .. > > > > And which one is better using secondary bind9 or replicated > > Mydns ... > > > > Vahric > > > > > > -----Original Message----- > > From: Simon Dick [mailto:simond@irrelevant.org] > > Sent: Monday, November 17, 2003 3:04 PM > > To: Vahric MUHTARYAN > > Cc: freebsd-isp@freebsd.org > > Subject: RE: About DNS (BIND) with Database > > > > MyDNS doesn't do recursive lookups so yes, you will need a seperate > name > > server for that. My work has been using MyDNS for over a year now and > > we're hosting over 50k domains with it with no problems, we use a > > replicated MySQL setup to run more than one name server with a local > db > > for speed. > > > > Hope that helps somewhat. > > > > On Mon, 2003-11-17 at 11:45, Vahric MUHTARYAN wrote: > > > Hi , > > > > > > How many domains are you handling with it ?! and How long do you > > > use MyDNS ?! > > > > > > And Do you say I have to use two seperate DNS server for solving > > > other domains instead MyDNS server handled domains ?! I mean I will > > add > > > domains to MyDNS and My customers will use to resolve something > > > different DNS Servers ?! > > > > > > Thanks > > > Vahric > > > > > > -----Original Message----- > > > From: Simon Gray [mailto:simong@desktop-guardian.com] > > > Sent: Monday, November 17, 2003 12:44 PM > > > To: Vahric MUHTARYAN; freebsd-isp@freebsd.org > > > Subject: Re: About DNS (BIND) with Database > > > > > > > Are anybody use BIND with Mysql database (BIND DNS 9 server which > > > > supports a MySQL backend ) any suggstion ?!!! Do you it's working > > > stable > > > > or not ?! > > > > > > > > Port name: bind9-sdb-mysql-9.2.2_1 > > > > > > > > > My i suggest giving MyDNS a look (http://mydns.bboy.net/) > > > > > > > > > MyDNS is a free DNS server for UNIX implemented from scratch and > > > designed to > > > serve records directly from an SQL database (currently either MySQL > or > > > PostgreSQL). > > > > > > > > > Easy to setup, easy to use. > > > I've been using it a while, seems to work well. (doesn't however > > include > > > a > > > resolver/cache, however these should be seperate from your name > > servers > > > with > > > the host files anyway - bind/tinydns could be run on a seperate > > machine > > > for > > > a resolver without any problems). > > > > > > /usr/ports/dns/mydns/ > > > > > > Hope this helps, > > > > > > Simon > > > > > > _______________________________________________ > > > freebsd-isp@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > > > To unsubscribe, send any mail to > "freebsd-isp-unsubscribe@freebsd.org" > > > > > > > > > From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 07:20:25 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B661816A4CE for ; Mon, 17 Nov 2003 07:20:25 -0800 (PST) Received: from ptb-mailc04.plus.net (ptb-mailc04.plus.net [212.159.14.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id A987743FCB for ; Mon, 17 Nov 2003 07:20:24 -0800 (PST) (envelope-from simong@desktop-guardian.com) Received: from [81.174.227.186] (helo=desktop-guardian.com) by ptb-mailc04.plus.net with smtp (Exim 4.12) id 1ALlAt-000Jhg-00 for freebsd-isp@freebsd.org; Mon, 17 Nov 2003 15:20:23 +0000 Received: (qmail 62941 invoked by uid 1006); 17 Nov 2003 15:20:59 -0000 Received: from simong@desktop-guardian.com by dtg25 by uid 82 with qmail-scanner-1.16 (clamscan: 0.54. spamassassin: 2.55. Clear:. Processed in 11.21497 secs); 17 Nov 2003 15:20:59 -0000 Received: from unknown (HELO dtg17) (192.168.0.17) by 192.168.0.25 with SMTP; 17 Nov 2003 15:20:40 -0000 Message-ID: <0b3a01c3ad1e$2224d850$1100a8c0@dtg17> From: "Simon Gray" To: "Vahric MUHTARYAN" References: <029b01c3ad14$5e53b080$110d3ad4@VAHOXP> Date: Mon, 17 Nov 2003 15:19:00 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 cc: freebsd-isp@freebsd.org Subject: Re: About DNS (BIND) with Database X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 15:20:25 -0000 > Bind9 ( name server x.x.x.2) > Mydns x.x.x.3 ( > database ) > Bind9 ( name server x.x.x.1) > Bind9 ( > secondary ) > > in this environment ; personally i wouldn't use bind, its had a bad security history. tinydns/djbdns would be my prefered method. As for your design, seems ok but replication is definatly the easier way - No generating horrible bind confs/zone files :/ From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 07:49:57 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8DA5116A4CE for ; Mon, 17 Nov 2003 07:49:57 -0800 (PST) Received: from ptb-mailc05.plus.net (ptb-mailc05.plus.net [212.159.14.211]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F19F43F93 for ; Mon, 17 Nov 2003 07:49:56 -0800 (PST) (envelope-from simong@desktop-guardian.com) Received: from [81.174.227.186] (helo=desktop-guardian.com) by ptb-mailc05.plus.net with smtp (Exim 4.12) id 1ALldT-000Gym-00 for freebsd-isp@freebsd.org; Mon, 17 Nov 2003 15:49:55 +0000 Received: (qmail 63431 invoked by uid 1006); 17 Nov 2003 15:50:28 -0000 Received: from simong@desktop-guardian.com by dtg25 by uid 82 with qmail-scanner-1.16 (clamscan: 0.54. spamassassin: 2.55. Clear:. Processed in 16.262914 secs); 17 Nov 2003 15:50:28 -0000 Received: from unknown (HELO dtg17) (192.168.0.17) by 192.168.0.25 with SMTP; 17 Nov 2003 15:50:03 -0000 Message-ID: <0b5a01c3ad22$3d5a5790$1100a8c0@dtg17> From: "Simon Gray" To: "Joshua Sahala" References: Date: Mon, 17 Nov 2003 15:48:25 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 cc: freebsd-isp@freebsd.org Subject: Re: About DNS (BIND) with Database X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 15:49:57 -0000 > beware the tiny/djbdns licensing and software incompatibility > > his software works ONLY with his other software (so you have to > use his logging tools for his dns servers). the licensing is also > a bit 'out there' wrt bsd-like licenses (his are quite restrictive) > so choose your poison carefully. i use bind, and have used bind > for many years, without issue. if you architect your environment > and your server 'correctly' you will find that it is a well > performing, scalable, and rather secure beast ;) This is true. Not allowed to distribute binary copies etc.. If your existing setup works and you're happy with it why change? Personally I have to say having used both I prefer the way djb does things, his programs are generally designed with security in mind plus his arrogance makes me laugh :) (completely off the subject) Some amusing articles of Bernstein vs everyone else Brad Knowles's slander - http://cr.yp.to/djbdns/knowles.html Bernstein v. United States - http://cr.yp.to/export.html Simon From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 12:36:57 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 37C0A16A4CE for ; Mon, 17 Nov 2003 12:36:57 -0800 (PST) Received: from smtp3.sentex.ca (smtp3.sentex.ca [64.7.153.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id D7E3443FB1 for ; Mon, 17 Nov 2003 12:36:55 -0800 (PST) (envelope-from damian@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by smtp3.sentex.ca (8.12.9p2/8.12.9) with ESMTP id hAHKaox3057528 for ; Mon, 17 Nov 2003 15:36:50 -0500 (EST) (envelope-from damian@sentex.net) Received: from pegmatite.sentex.ca (pegmatite.sentex.ca [192.168.42.92]) by lava.sentex.ca (8.12.9p2/8.12.9) with ESMTP id hAHKasUq001078 for ; Mon, 17 Nov 2003 15:36:54 -0500 (EST) (envelope-from damian@sentex.net) Received: by pegmatite.sentex.ca (Postfix, from userid 1001) id 22377171D2; Mon, 17 Nov 2003 15:36:41 -0500 (EST) Date: Mon, 17 Nov 2003 15:36:41 -0500 From: Damian Gerow To: isp@freebsd.org Message-ID: <20031117203641.GG98840@sentex.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-GPG-Key-Id: 0xB841F142 X-GPG-Fingerprint: C7C1 E1D1 EC06 7C86 AF7C 57E6 173D 9CF6 B841 F142 X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . User-Agent: Mutt/1.5.4i X-Virus-Scanned: by amavisd-new Subject: Daily/weekly/monthly output aggregation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 20:36:57 -0000 I 'read' roots e-mail on only a handful of systems (~50, I'd say). Already, mornings are dragging on. Especially Monday mornings. And there's at least that again out there that I would *like* to start reading, but I just don't have the time for it. I have a couple of ideas for a periodic status output aggregation system, but before I try to re-invent the wheel, what do other people do with root's e-mail? Read it individually? Parse it, and only pass on the interesting tidbits? Flat out ignore it, and use other utilities to check system sanity? (I've pondered doing this last one many a time.) TIA. - Damian From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 12:41:04 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A502816A4CE for ; Mon, 17 Nov 2003 12:41:04 -0800 (PST) Received: from complx.LF.net (complx.LF.net [212.9.190.63]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA96C43F85 for ; Mon, 17 Nov 2003 12:41:03 -0800 (PST) (envelope-from lists@complx.LF.net) Received: from lists by complx.LF.net with local (Exim 4.14) id 1ALqBC-000Om2-3Y; Mon, 17 Nov 2003 21:41:02 +0100 Date: Mon, 17 Nov 2003 21:41:02 +0100 From: Kurt Jaeger To: Damian Gerow Message-ID: <20031117204102.GI61630@complx.LF.net> References: <20031117203641.GG98840@sentex.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031117203641.GG98840@sentex.net> cc: isp@freebsd.org Subject: Re: Daily/weekly/monthly output aggregation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 20:41:04 -0000 Hi! On Mon, Nov 17, 2003 at 03:36:41PM -0500, Damian Gerow wrote: > I 'read' roots e-mail on only a handful of systems (~50, I'd say). Same here. > I have a couple of ideas for a periodic status output aggregation system, > but before I try to re-invent the wheel, what do other people do with root's > e-mail? Read it individually? Parse it, and only pass on the interesting > tidbits? Flat out ignore it, and use other utilities to check system > sanity? (I've pondered doing this last one many a time.) We plan to replace the mailed output by centrally collecting the results and defining some sort of "needs action" output. But, well, we're not yet there. We need a solution, as well. -- MfG/Best regards, Kurt Jaeger 17 years to go ! LF.net GmbH fon +49 711 90074-23 pi@LF.net Ruppmannstr. 27 fax +49 711 90074-33 D-70565 Stuttgart mob +49 171 3101372 From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 12:46:01 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D4FE516A4CE for ; Mon, 17 Nov 2003 12:46:01 -0800 (PST) Received: from ext-ch1gw-3.online-age.net (ext-ch1gw-3.online-age.net [216.34.191.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B34843FAF for ; Mon, 17 Nov 2003 12:46:00 -0800 (PST) (envelope-from lapinski@crd.ge.com) Received: from int-ch1gw-5.online-age.net (int-ch1gw-5 [3.159.232.69]) id hAHKiubG017158; Mon, 17 Nov 2003 15:44:56 -0500 (EST) Received: from crdns.crd.ge.com (localhost [127.0.0.1]) id hAHKitwD028650; Mon, 17 Nov 2003 15:44:55 -0500 (EST) Received: from xbh01crdge.crd.ge.com (xbh01crdge.crd.ge.com [3.159.72.22]) by crdns.crd.ge.com (8.11.6p2/8.11.6) with ESMTP id hAHKisC03871; Mon, 17 Nov 2003 15:44:54 -0500 (EST) Received: by xbh01crdge.crd.ge.com with Internet Mail Service (5.5.2653.19) id ; Mon, 17 Nov 2003 15:44:54 -0500 Message-ID: From: "Lapinski, Michael (Research)" To: "'Kurt Jaeger'" , Damian Gerow Date: Mon, 17 Nov 2003 15:44:52 -0500 X-Mailer: Internet Mail Service (5.5.2653.19) cc: isp@freebsd.org Subject: RE: Daily/weekly/monthly output aggregation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 20:46:02 -0000 This isnt ideal nor fool proof. The way I deal with it is by the size of the message, day in day out the messages are usually +- a few bytes different in size when things go normal. Maybe write something that flags messages smaller or larger then the daily average of the runs... -mtl -------------------------------------------------- Michael Lapinski Computer Scientist GE Research -----Original Message----- From: Kurt Jaeger [mailto:lists@complx.LF.net] Sent: Monday, November 17, 2003 3:41 PM To: Damian Gerow Cc: isp@freebsd.org Subject: Re: Daily/weekly/monthly output aggregation Hi! On Mon, Nov 17, 2003 at 03:36:41PM -0500, Damian Gerow wrote: > I 'read' roots e-mail on only a handful of systems (~50, I'd say). Same here. > I have a couple of ideas for a periodic status output aggregation > system, but before I try to re-invent the wheel, what do other people > do with root's e-mail? Read it individually? Parse it, and only pass > on the interesting tidbits? Flat out ignore it, and use other > utilities to check system sanity? (I've pondered doing this last one > many a time.) We plan to replace the mailed output by centrally collecting the results and defining some sort of "needs action" output. But, well, we're not yet there. We need a solution, as well. -- MfG/Best regards, Kurt Jaeger 17 years to go ! LF.net GmbH fon +49 711 90074-23 pi@LF.net Ruppmannstr. 27 fax +49 711 90074-33 D-70565 Stuttgart mob +49 171 3101372 _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 12:55:56 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B806416A4CE for ; Mon, 17 Nov 2003 12:55:56 -0800 (PST) Received: from smtp3.sentex.ca (smtp3.sentex.ca [64.7.153.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3BCD643FA3 for ; Mon, 17 Nov 2003 12:55:51 -0800 (PST) (envelope-from damian@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by smtp3.sentex.ca (8.12.9p2/8.12.9) with ESMTP id hAHKtkx3062303 for ; Mon, 17 Nov 2003 15:55:46 -0500 (EST) (envelope-from damian@sentex.net) Received: from pegmatite.sentex.ca (pegmatite.sentex.ca [192.168.42.92]) by lava.sentex.ca (8.12.9p2/8.12.9) with ESMTP id hAHKtoUq001186 for ; Mon, 17 Nov 2003 15:55:50 -0500 (EST) (envelope-from damian@sentex.net) Received: by pegmatite.sentex.ca (Postfix, from userid 1001) id 43C4B171D2; Mon, 17 Nov 2003 15:55:37 -0500 (EST) Date: Mon, 17 Nov 2003 15:55:37 -0500 From: Damian Gerow To: isp@freebsd.org Message-ID: <20031117205537.GJ98840@sentex.net> Mail-Followup-To: isp@freebsd.org References: <20031117203641.GG98840@sentex.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031117203641.GG98840@sentex.net> X-GPG-Key-Id: 0xB841F142 X-GPG-Fingerprint: C7C1 E1D1 EC06 7C86 AF7C 57E6 173D 9CF6 B841 F142 X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . User-Agent: Mutt/1.5.4i X-Virus-Scanned: by amavisd-new Subject: Re: Daily/weekly/monthly output aggregation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 20:55:56 -0000 I've already received a handful of responses, private and public, to this posting. Which leads me to believe that: a) People reading isp@freebsd.org have nothing better to do with their time. Or: b) This is a pretty big problem that nothing has addressed yet. Running on the assumption that the answer is tending towards option b, I'll poke around, and see if I can find anything that may be in use. If not, I'll send some notes to those who have offered help, and start working on something relatively soon. - Damian From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 12:57:35 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 80A2516A4CE for ; Mon, 17 Nov 2003 12:57:35 -0800 (PST) Received: from www6.web2010.com (www6.web2010.com [216.157.5.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 97F8B43FBD for ; Mon, 17 Nov 2003 12:57:34 -0800 (PST) (envelope-from MLandman@face2interface.com) Received: from delliver.face2interface.com (dialup-wash-129-203.thebiz.net [64.30.129.203] (may be forged)) by www6.web2010.com (8.12.10/8.9.0) with ESMTP id hAHKu1p6023551; Mon, 17 Nov 2003 15:56:02 -0500 (EST) Message-Id: <6.0.0.22.0.20031117154856.01b4eb58@pop.face2interface.com> X-Sender: face@pop.face2interface.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Mon, 17 Nov 2003 15:56:12 -0500 To: Kurt Jaeger , Damian Gerow From: Marty Landman In-Reply-To: <20031117204102.GI61630@complx.LF.net> References: <20031117203641.GG98840@sentex.net> <20031117204102.GI61630@complx.LF.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed cc: isp@freebsd.org Subject: Re: Daily/weekly/monthly output aggregation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 20:57:35 -0000 At 03:41 PM 11/17/2003, Kurt Jaeger wrote: >We plan to replace the mailed output by centrally collecting the >results and defining some sort of "needs action" output. As a developer I'd like to throw my 2 cents in; although this stmt may come as no news to anyone else imho the issue is what to parse out as significant. With the underlined caveat that once you make (what's in essence then) a policy decision about what system output is significant enough to pass along to the admin as worthy of review the danger is in everything that /isn't/ passed along. At least now you've got the gnawing feeling that you're behind in reading the stuff; once you implement a system to decide what's worth reading you've gotten rid of that guilt pang. Should that evolve into a sense of false security - well I can only speculate how many server crashes could've been avoided if not for feelings of false security. I have my own thoughts about how something like this could be done, but it's based more on my experience as a developer than as a sysadmin, and tbh I have no experience as an isp owner. Marty Landman Face 2 Interface Inc 845-679-9387 Sign On Required: Web membership software for your site Make a Website: http://face2interface.com/Home/Demo.shtml From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 13:04:36 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 62B4A16A4CE for ; Mon, 17 Nov 2003 13:04:36 -0800 (PST) Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F59F43FE5 for ; Mon, 17 Nov 2003 13:04:28 -0800 (PST) (envelope-from LConrad@Go2France.com) Received: from VirusGate.MEIway.com (virus-gate.meiway.com [212.73.210.91]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id F3BC7EF438 for ; Mon, 17 Nov 2003 22:04:26 +0100 (CET) (envelope-from LConrad@Go2France.com) Received: from localhost (localhost.meiway.com [127.0.0.1]) by VirusGate.MEIway.com (Postfix) with SMTP id 44E465D009 for ; Mon, 17 Nov 2003 22:09:53 +0100 (CET) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by VirusGate.MEIway.com (Postfix) with ESMTP id C3F9E5D008 for ; Mon, 17 Nov 2003 22:09:52 +0100 (CET) Received: from tx0.Go2France.com [24.242.169.51] by mail.Go2France.com with ESMTP (SMTPD32-6.06) id AB395C4F0078; Mon, 17 Nov 2003 22:18:49 +0100 Message-Id: <6.0.1.1.2.20031117145927.0486af80@mail.go2france.com> X-Sender: LConrad@Go2France.com@mail.go2france.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.1.1 Date: Mon, 17 Nov 2003 15:03:59 -0600 To: freebsd-isp@freebsd.org From: Len Conrad In-Reply-To: <0b3a01c3ad1e$2224d850$1100a8c0@dtg17> References: <029b01c3ad14$5e53b080$110d3ad4@VAHOXP> <0b3a01c3ad1e$2224d850$1100a8c0@dtg17> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: About DNS (BIND) with Database X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 21:04:36 -0000 >personally i wouldn't use bind, its had a bad security history. YEP, and it is VERY OLD HISTORY, but it goes back 3 years. So what's your gripe about security vulnerabilities in BIND since early 2001? If you don't have any concrete, recent examples, then stop the FUD. There are reasons some people don't want to use BIND, but security isn't one of them. Len _____________________________________________________________________ http://MenAndMice.com/DNS-training: St Louis; Atlanta; Orlando; San Jose IMGate.MEIway.com: anti-spam gateway, effective on 1000's of sites, free From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 13:09:53 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2470816A4CE for ; Mon, 17 Nov 2003 13:09:53 -0800 (PST) Received: from smtp3.sentex.ca (smtp3.sentex.ca [64.7.153.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 595FC43FBD for ; Mon, 17 Nov 2003 13:09:49 -0800 (PST) (envelope-from damian@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by smtp3.sentex.ca (8.12.9p2/8.12.9) with ESMTP id hAHL9ix3066026 for ; Mon, 17 Nov 2003 16:09:44 -0500 (EST) (envelope-from damian@sentex.net) Received: from pegmatite.sentex.ca (pegmatite.sentex.ca [192.168.42.92]) by lava.sentex.ca (8.12.9p2/8.12.9) with ESMTP id hAHL9mUq001284 for ; Mon, 17 Nov 2003 16:09:48 -0500 (EST) (envelope-from damian@sentex.net) Received: by pegmatite.sentex.ca (Postfix, from userid 1001) id 5726D171D3; Mon, 17 Nov 2003 16:09:35 -0500 (EST) Date: Mon, 17 Nov 2003 16:09:35 -0500 From: Damian Gerow To: isp@freebsd.org Message-ID: <20031117210935.GK98840@sentex.net> Mail-Followup-To: isp@freebsd.org References: <20031117203641.GG98840@sentex.net> <20031117204102.GI61630@complx.LF.net> <6.0.0.22.0.20031117154856.01b4eb58@pop.face2interface.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6.0.0.22.0.20031117154856.01b4eb58@pop.face2interface.com> X-GPG-Key-Id: 0xB841F142 X-GPG-Fingerprint: C7C1 E1D1 EC06 7C86 AF7C 57E6 173D 9CF6 B841 F142 X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . User-Agent: Mutt/1.5.4i X-Virus-Scanned: by amavisd-new Subject: Re: Daily/weekly/monthly output aggregation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 21:09:53 -0000 Thus spake Marty Landman (MLandman@face2interface.com) [17/11/03 15:57]: > As a developer I'd like to throw my 2 cents in; although this stmt may come > as no news to anyone else imho the issue is what to parse out as > significant. With the underlined caveat that once you make (what's in > essence then) a policy decision about what system output is significant > enough to pass along to the admin as worthy of review the danger is in > everything that /isn't/ passed along. Developer input is what I need at this point -- I have done development work in the past, but I very quickly moved into sysadmin work. > At least now you've got the gnawing feeling that you're behind in reading > the stuff; once you implement a system to decide what's worth reading I put 'read' in quotes, because I usually give each one a ten-second once-over. 75% of the time, that's good enough, but I have missed more than a couple of problems that I shouldn't have. > you've gotten rid of that guilt pang. Should that evolve into a sense of > false security - well I can only speculate how many server crashes could've > been avoided if not for feelings of false security. Being security-concious, this is a big concern. Hence, my paper-napkin draft of what needs to be done: Everything gets stored in a SQL database, since it is the cure to any and every computing problem that has ever been introduced. Store a table of hostnames, and whether or not they are active. When we run the report generator, we can check to see if a hostname did *not* check in. If not, we send an alert. Each report is mailed to an address, that pipes the message to a program. This program would break each report down into its already-labelled sections, and store it *verbatim* in the database. This makes looking up past reports much, much easier. The report generator would be run via a cron job. The idea at this point is to: - make sure all currently active servers have checked in, with the appropriate reports - detect any new servers that checked in - do, essentially, a diff against today and yesterday for each host (also do a diff against today and last week, when necessary) - if no changes, pring a 'Host OK' status - otherwise, print a line for every change. The output of this would be one e-mail, that would be sent out however you want it to be sent out. I already have bigger ideas for this (i.e. paging if more that 'root/toor' found with userid zero, paging if known hosts did not check in/unknown hosts did check in, collision/error rate jumps too high, etc.), but I'd like to avoid feature creap for now. Any thoughts/suggestions/comments? From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 13:12:48 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD46716A4CF for ; Mon, 17 Nov 2003 13:12:48 -0800 (PST) Received: from mail.vineyard.net (k1.vineyard.net [204.17.195.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 372AE43F3F for ; Mon, 17 Nov 2003 13:12:47 -0800 (PST) (envelope-from ericx_lists@vineyard.net) Received: from localhost (loopback [127.0.0.1]) by mail.vineyard.net (Postfix) with ESMTP id 88B7E9384D; Mon, 17 Nov 2003 16:06:48 -0500 (EST) Received: from mail.vineyard.net ([127.0.0.1]) by localhost (king1.vineyard.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 25531-06; Mon, 17 Nov 2003 16:06:48 -0500 (EST) Received: from fortiva (fortiva.vineyard.net [204.17.195.104]) by mail.vineyard.net (Postfix) with SMTP id 08C6592A0F; Mon, 17 Nov 2003 16:06:48 -0500 (EST) Message-ID: <005701c3ad4e$9dcd2ef0$68c311cc@fortiva> From: "Eric W. Bates" To: "Damian Gerow" References: <20031117203641.GG98840@sentex.net> Date: Mon, 17 Nov 2003 16:06:06 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: base64 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Virus-Scanned: by AMaViS at Vineyard.NET cc: freebsd-isp@freebsd.org Subject: Re: Daily/weekly/monthly output aggregation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 21:12:48 -0000 V2UgdXNlIGh5cGVybWFpbCAoaW4gcG9ydHM6IHd3dy9oeXBlcm1haWwpLiAgV2UgcnVuIGh5cGVy bWFpbCBuaWdodGx5IG91dCBvZiBwZXJpb2RpYy4gIEFsbCBvdXIgbG9nZ2luZyBtZXNzYWdlcyBh cmUgdmFyaW91c2x5IHNlbnQgdG8gYSBzcGVjaWFsIGFkZHJlc3Mgd2hpY2ggd3JpdGVzIG91dCBk aXJlY3RseSB0byBhbiBtYm94IHdpdGhpbiBoeXBlcm1haWwncyByZWFjaC4gIEl0IG1ha2VzIGZv ciBhIG5pY2VseSBzb3J0ZWQgbGlzdC4NCg0KLS0tLS0gT3JpZ2luYWwgTWVzc2FnZSAtLS0tLSAN CkZyb206ICJEYW1pYW4gR2Vyb3ciIDxkYW1pYW5Ac2VudGV4Lm5ldD4NClRvOiA8aXNwQGZyZWVi c2Qub3JnPg0KU2VudDogTW9uZGF5LCBOb3ZlbWJlciAxNywgMjAwMyAzOjM2IFBNDQpTdWJqZWN0 OiBEYWlseS93ZWVrbHkvbW9udGhseSBvdXRwdXQgYWdncmVnYXRpb24NCg0KDQo+IEkgJ3JlYWQn IHJvb3RzIGUtbWFpbCBvbiBvbmx5IGEgaGFuZGZ1bCBvZiBzeXN0ZW1zICh+NTAsIEknZCBzYXkp LiAgQWxyZWFkeSwNCj4gbW9ybmluZ3MgYXJlIGRyYWdnaW5nIG9uLiAgRXNwZWNpYWxseSBNb25k YXkgbW9ybmluZ3MuICBBbmQgdGhlcmUncyBhdCBsZWFzdA0KPiB0aGF0IGFnYWluIG91dCB0aGVy ZSB0aGF0IEkgd291bGQgKmxpa2UqIHRvIHN0YXJ0IHJlYWRpbmcsIGJ1dCBJIGp1c3QgZG9uJ3QN Cj4gaGF2ZSB0aGUgdGltZSBmb3IgaXQuDQo+IA0KPiBJIGhhdmUgYSBjb3VwbGUgb2YgaWRlYXMg Zm9yIGEgcGVyaW9kaWMgc3RhdHVzIG91dHB1dCBhZ2dyZWdhdGlvbiBzeXN0ZW0sDQo+IGJ1dCBi ZWZvcmUgSSB0cnkgdG8gcmUtaW52ZW50IHRoZSB3aGVlbCwgd2hhdCBkbyBvdGhlciBwZW9wbGUg ZG8gd2l0aCByb290J3MNCj4gZS1tYWlsPyAgUmVhZCBpdCBpbmRpdmlkdWFsbHk/ICBQYXJzZSBp dCwgYW5kIG9ubHkgcGFzcyBvbiB0aGUgaW50ZXJlc3RpbmcNCj4gdGlkYml0cz8gIEZsYXQgb3V0 IGlnbm9yZSBpdCwgYW5kIHVzZSBvdGhlciB1dGlsaXRpZXMgdG8gY2hlY2sgc3lzdGVtDQo+IHNh bml0eT8gIChJJ3ZlIHBvbmRlcmVkIGRvaW5nIHRoaXMgbGFzdCBvbmUgbWFueSBhIHRpbWUuKQ0K PiANCj4gVElBLg0KPiANCj4gICAtIERhbWlhbg0KPiBfX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fXw0KPiBmcmVlYnNkLWlzcEBmcmVlYnNkLm9yZyBtYWlsaW5n IGxpc3QNCj4gaHR0cDovL2xpc3RzLmZyZWVic2Qub3JnL21haWxtYW4vbGlzdGluZm8vZnJlZWJz ZC1pc3ANCj4gVG8gdW5zdWJzY3JpYmUsIHNlbmQgYW55IG1haWwgdG8gImZyZWVic2QtaXNwLXVu c3Vic2NyaWJlQGZyZWVic2Qub3JnIg0KPiA= From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 13:17:41 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A9A816A4CF for ; Mon, 17 Nov 2003 13:17:41 -0800 (PST) Received: from k2.ma.krakow.pl (k2.ma.krakow.pl [195.205.243.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id E8CE943F85 for ; Mon, 17 Nov 2003 13:17:38 -0800 (PST) (envelope-from miki@ceti.pl) Received: from hermes.dom (host-ip194-227.crowley.pl [62.111.227.194]) by k2.ma.krakow.pl (8.12.10/8.12.10) with ESMTP id hAHLHV4Q028750 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 17 Nov 2003 22:17:36 +0100 Received: from hermes.dom (localhost [127.0.0.1]) by hermes.dom (8.12.10/8.12.10) with ESMTP id hAHLHLWs000622 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 17 Nov 2003 22:17:23 +0100 Received: from localhost (miki@localhost) by hermes.dom (8.12.10/8.12.10/Submit) with ESMTP id hAHLHKGT000619 for ; Mon, 17 Nov 2003 22:17:20 +0100 X-Authentication-Warning: hermes.dom: miki owned process doing -bs Date: Mon, 17 Nov 2003 22:17:19 +0100 (CET) From: Mikolaj Rydzewski X-X-Sender: miki@hermes.dom To: isp@freebsd.org In-Reply-To: Message-ID: References: X-PGP-Fingerprint: 40 96 CB 86 5B 22 AF A3 A1 12 B5 11 24 12 05 E0 X-PGP-PublicKey: http://ceti.pl/~miki/pubkey.txt X-Phone: +48(502)502483 X-GG: 4185132 X-ICQ: 14597472 X-nic-hdl: MR5431-RIPE MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: Daily/weekly/monthly output aggregation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 21:17:41 -0000 On Mon, 17 Nov 2003, Lapinski, Michael (Research) wrote: > The way I deal with it is by the size of the message, > day in day out the messages are usually +- a few bytes > different in size when things go normal. Maybe write > something that flags messages smaller or larger then > the daily average of the runs... Hello, Why don't you like the idea: no output means no errors? Just create your periodic scripts to produce no output when everything is fine. Cron will not mail you anything what has produced no results. Just to get the idea. I know, it isn't fool proof; there are more secure ways to do this, etc. But it works ;-) #!/bin/sh log=`mktemp /tmp/.log.XXXXXX` # ... perform your stuff, i.e. /usr/local/sbin/backup > $log 2>&1 if [ $? -ne 0 ]; then cat $log fi rm -f $log -- Mikolaj Rydzewski http://ceti.pl/~miki/ PGP KeyID: e17c4bd5 There are three kinds of people: men, women and unix. From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 13:24:34 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9517D16A4CE for ; Mon, 17 Nov 2003 13:24:34 -0800 (PST) Received: from smtp3.sentex.ca (smtp3.sentex.ca [64.7.153.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 47F7F43FEA for ; Mon, 17 Nov 2003 13:24:31 -0800 (PST) (envelope-from damian@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by smtp3.sentex.ca (8.12.9p2/8.12.9) with ESMTP id hAHLOQx3069735 for ; Mon, 17 Nov 2003 16:24:26 -0500 (EST) (envelope-from damian@sentex.net) Received: from pegmatite.sentex.ca (pegmatite.sentex.ca [192.168.42.92]) by lava.sentex.ca (8.12.9p2/8.12.9) with ESMTP id hAHLOUUq001357 for ; Mon, 17 Nov 2003 16:24:30 -0500 (EST) (envelope-from damian@sentex.net) Received: by pegmatite.sentex.ca (Postfix, from userid 1001) id 565E7171D3; Mon, 17 Nov 2003 16:24:17 -0500 (EST) Date: Mon, 17 Nov 2003 16:24:17 -0500 From: Damian Gerow To: isp@freebsd.org Message-ID: <20031117212417.GL98840@sentex.net> Mail-Followup-To: isp@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-GPG-Key-Id: 0xB841F142 X-GPG-Fingerprint: C7C1 E1D1 EC06 7C86 AF7C 57E6 173D 9CF6 B841 F142 X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . User-Agent: Mutt/1.5.4i X-Virus-Scanned: by amavisd-new Subject: Re: Daily/weekly/monthly output aggregation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 21:24:34 -0000 Thus spake Mikolaj Rydzewski (miki@ceti.pl) [17/11/03 16:20]: > Why don't you like the idea: no output means no errors? Just create your > periodic scripts to produce no output when everything is fine. Cron will > not mail you anything what has produced no results. What if someone hacks into your server, and just turns off periodic mailings? From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 13:36:15 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE17316A4CE for ; Mon, 17 Nov 2003 13:36:15 -0800 (PST) Received: from www6.web2010.com (www6.web2010.com [216.157.5.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id D516D43FDD for ; Mon, 17 Nov 2003 13:36:14 -0800 (PST) (envelope-from MLandman@face2interface.com) Received: from delliver.face2interface.com (dialup-wash-129-203.thebiz.net [64.30.129.203] (may be forged)) by www6.web2010.com (8.12.10/8.9.0) with ESMTP id hAHLZwp6017927; Mon, 17 Nov 2003 16:36:00 -0500 (EST) Message-Id: <6.0.0.22.0.20031117163136.03573098@pop.face2interface.com> X-Sender: face@pop.face2interface.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Mon, 17 Nov 2003 16:36:10 -0500 To: Damian Gerow , isp@freebsd.org From: Marty Landman In-Reply-To: <20031117210935.GK98840@sentex.net> References: <20031117203641.GG98840@sentex.net> <20031117204102.GI61630@complx.LF.net> <6.0.0.22.0.20031117154856.01b4eb58@pop.face2interface.com> <20031117210935.GK98840@sentex.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: Daily/weekly/monthly output aggregation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 21:36:15 -0000 At 04:09 PM 11/17/2003, Damian Gerow wrote: >The report generator would be run via a cron job. The idea at this point is >to: > > - make sure all currently active servers have checked in, with the > appropriate reports > - detect any new servers that checked in > - do, essentially, a diff against today and yesterday for each host > (also do a diff against today and last week, when necessary) > - if no changes, pring a 'Host OK' status > - otherwise, print a line for every change. > >The output of this would be one e-mail, that would be sent out however you >want it to be sent out. Since I'm not an experienced sysadmin yet (have installed fbsd a week ago Saturday ready to configure for development work) I don't know why you'd need anything more than Mikolaj Rydzewski's posted script. Albeit your design appears more of a how to deal with the expected issues.... Marty Landman Face 2 Interface Inc 845-679-9387 Sign On Required: Web membership software for your site Make a Website: http://face2interface.com/Home/Demo.shtml From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 13:49:55 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8274B16A4CE for ; Mon, 17 Nov 2003 13:49:55 -0800 (PST) Received: from smtp3.sentex.ca (smtp3.sentex.ca [64.7.153.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C07443F3F for ; Mon, 17 Nov 2003 13:49:54 -0800 (PST) (envelope-from damian@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by smtp3.sentex.ca (8.12.9p2/8.12.9) with ESMTP id hAHLnnx3076215 for ; Mon, 17 Nov 2003 16:49:49 -0500 (EST) (envelope-from damian@sentex.net) Received: from pegmatite.sentex.ca (pegmatite.sentex.ca [192.168.42.92]) by lava.sentex.ca (8.12.9p2/8.12.9) with ESMTP id hAHLnrUq001449 for ; Mon, 17 Nov 2003 16:49:53 -0500 (EST) (envelope-from damian@sentex.net) Received: by pegmatite.sentex.ca (Postfix, from userid 1001) id 067F5171D3; Mon, 17 Nov 2003 16:49:39 -0500 (EST) Date: Mon, 17 Nov 2003 16:49:39 -0500 From: Damian Gerow To: isp@freebsd.org Message-ID: <20031117214939.GO98840@sentex.net> Mail-Followup-To: isp@freebsd.org References: <20031117203641.GG98840@sentex.net> <20031117204102.GI61630@complx.LF.net> <6.0.0.22.0.20031117154856.01b4eb58@pop.face2interface.com> <20031117210935.GK98840@sentex.net> <6.0.0.22.0.20031117163136.03573098@pop.face2interface.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6.0.0.22.0.20031117163136.03573098@pop.face2interface.com> X-GPG-Key-Id: 0xB841F142 X-GPG-Fingerprint: C7C1 E1D1 EC06 7C86 AF7C 57E6 173D 9CF6 B841 F142 X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . User-Agent: Mutt/1.5.4i X-Virus-Scanned: by amavisd-new Subject: Re: Daily/weekly/monthly output aggregation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 21:49:55 -0000 Thus spake Marty Landman (MLandman@face2interface.com) [17/11/03 16:36]: > Since I'm not an experienced sysadmin yet (have installed fbsd a week ago > Saturday ready to configure for development work) I don't know why you'd > need anything more than Mikolaj Rydzewski's posted script. Albeit your > design appears more of a how to deal with the expected issues.... There's a difference between the system output, and your own script outputs. I can read my own script outputs just fine, and generally write the scripts to produce as little output as possible, but I don't want to have to patch every single system we've got to re-write how the system periodic scripts are run. From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 14:15:24 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2783816A4CE for ; Mon, 17 Nov 2003 14:15:24 -0800 (PST) Received: from k2.ma.krakow.pl (k2.ma.krakow.pl [195.205.243.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id ADBE743FE0 for ; Mon, 17 Nov 2003 14:15:21 -0800 (PST) (envelope-from miki@ceti.pl) Received: from hermes.dom (host-ip194-227.crowley.pl [62.111.227.194]) by k2.ma.krakow.pl (8.12.10/8.12.10) with ESMTP id hAHMFI4Q029958 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 17 Nov 2003 23:15:21 +0100 Received: from hermes.dom (localhost [127.0.0.1]) by hermes.dom (8.12.10/8.12.10) with ESMTP id hAHME2Ws000832 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 17 Nov 2003 23:14:03 +0100 Received: from localhost (miki@localhost) by hermes.dom (8.12.10/8.12.10/Submit) with ESMTP id hAHME2M2000829 for ; Mon, 17 Nov 2003 23:14:02 +0100 X-Authentication-Warning: hermes.dom: miki owned process doing -bs Date: Mon, 17 Nov 2003 23:14:01 +0100 (CET) From: Mikolaj Rydzewski X-X-Sender: miki@hermes.dom To: isp@freebsd.org In-Reply-To: <20031117212417.GL98840@sentex.net> Message-ID: References: <20031117212417.GL98840@sentex.net> X-PGP-Fingerprint: 40 96 CB 86 5B 22 AF A3 A1 12 B5 11 24 12 05 E0 X-PGP-PublicKey: http://ceti.pl/~miki/pubkey.txt X-Phone: +48(502)502483 X-GG: 4185132 X-ICQ: 14597472 X-nic-hdl: MR5431-RIPE MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: Daily/weekly/monthly output aggregation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 22:15:24 -0000 On Mon, 17 Nov 2003, Damian Gerow wrote: > Thus spake Mikolaj Rydzewski (miki@ceti.pl) [17/11/03 16:20]: > > Why don't you like the idea: no output means no errors? Just create your > > periodic scripts to produce no output when everything is fine. Cron will > > not mail you anything what has produced no results. > > What if someone hacks into your server, and just turns off periodic > mailings? So he is able to spoof output of anything. -- Mikolaj Rydzewski http://ceti.pl/~miki/ PGP KeyID: e17c4bd5 There are three kinds of people: men, women and unix. From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 14:22:03 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C159216A4CE for ; Mon, 17 Nov 2003 14:22:03 -0800 (PST) Received: from smtp3.sentex.ca (smtp3.sentex.ca [64.7.153.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 657AB43F3F for ; Mon, 17 Nov 2003 14:22:02 -0800 (PST) (envelope-from damian@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by smtp3.sentex.ca (8.12.9p2/8.12.9) with ESMTP id hAHMLvx3083406 for ; Mon, 17 Nov 2003 17:21:57 -0500 (EST) (envelope-from damian@sentex.net) Received: from pegmatite.sentex.ca (pegmatite.sentex.ca [192.168.42.92]) by lava.sentex.ca (8.12.9p2/8.12.9) with ESMTP id hAHMM1Uq001602 for ; Mon, 17 Nov 2003 17:22:01 -0500 (EST) (envelope-from damian@sentex.net) Received: by pegmatite.sentex.ca (Postfix, from userid 1001) id 695E3171D3; Mon, 17 Nov 2003 17:21:48 -0500 (EST) Date: Mon, 17 Nov 2003 17:21:48 -0500 From: Damian Gerow To: isp@freebsd.org Message-ID: <20031117222148.GP98840@sentex.net> Mail-Followup-To: isp@freebsd.org References: <20031117212417.GL98840@sentex.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-GPG-Key-Id: 0xB841F142 X-GPG-Fingerprint: C7C1 E1D1 EC06 7C86 AF7C 57E6 173D 9CF6 B841 F142 X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . User-Agent: Mutt/1.5.4i X-Virus-Scanned: by amavisd-new Subject: Re: Daily/weekly/monthly output aggregation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 22:22:03 -0000 ) Thus spake Mikolaj Rydzewski (miki@ceti.pl) [17/11/03 17:16]: > > Thus spake Mikolaj Rydzewski (miki@ceti.pl) [17/11/03 16:20]: > > > Why don't you like the idea: no output means no errors? Just create your > > > periodic scripts to produce no output when everything is fine. Cron will > > > not mail you anything what has produced no results. > > > > What if someone hacks into your server, and just turns off periodic > > mailings? > > So he is able to spoof output of anything. Yes, but it's considerably more difficult to spoof something than to just turn it off. What about these options: - something in your mail system dies, and the mail can't make it out of the box - the alias for root is removed - a poorly written script trashes all the messages, so nothing is mailed There's any number of reasons just *not* mailing anything is a bad idea -- it's better to send a note that says, 'Hey, everything checked out okay.' So long as everything *did* check out okay. From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 14:52:35 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5DBEC16A4CE for ; Mon, 17 Nov 2003 14:52:35 -0800 (PST) Received: from franky.speednet.com.au (franky.speednet.com.au [203.57.65.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD1F443FCB for ; Mon, 17 Nov 2003 14:52:33 -0800 (PST) (envelope-from andyf@speednet.com.au) Received: from hewey.af.speednet.com.au (udsl-3-062.QLD.dft.com.au [202.168.108.62])hAHMqWZ6015594; Tue, 18 Nov 2003 09:52:32 +1100 (EST) (envelope-from andyf@speednet.com.au) Received: from hewey.af.speednet.com.au (hewey.af.speednet.com.au [172.22.2.1])hAHMqVUR039304; Tue, 18 Nov 2003 08:52:31 +1000 (EST) (envelope-from andyf@speednet.com.au) Date: Tue, 18 Nov 2003 08:52:31 +1000 (EST) From: Andy Farkas X-X-Sender: andyf@hewey.af.speednet.com.au To: Damian Gerow In-Reply-To: <20031117205537.GJ98840@sentex.net> Message-ID: <20031118084808.E30811@hewey.af.speednet.com.au> References: <20031117203641.GG98840@sentex.net> <20031117205537.GJ98840@sentex.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: isp@freebsd.org Subject: Re: Daily/weekly/monthly output aggregation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 22:52:35 -0000 Damian Gerow wrote: > b) This is a pretty big problem that nothing has addressed yet. periodic(8) can be told to send its output to a file. 'man periodic.conf' says: dir_output (path or list) What to do with the output of the scripts envoked from the directory dir. If this variable is set to an absolute path name, output is logged to that file, otherwise it is taken as one or more space separated email addresses and mailed to those users. If this variable is not set or is empty, output is sent to standard output. For an unattended machine, suitable values for daily_output, weekly_output, and monthly_output might be ``/var/log/daily.log'', ``/var/log/weekly.log'', and ``/var/log/monthly.log'' respectively, as newsyslog(8) will rotate these files (if they exists) at the appropriate times. So, in conjunction with newsyslogd, the problem has been "addressed". -- :{ andyf@speednet.com.au Andy Farkas System Administrator Speednet Communications http://www.speednet.com.au/ From owner-freebsd-isp@FreeBSD.ORG Mon Nov 17 15:02:34 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 150E016A4CF for ; Mon, 17 Nov 2003 15:02:34 -0800 (PST) Received: from www6.web2010.com (www6.web2010.com [216.157.5.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 228E243FDF for ; Mon, 17 Nov 2003 15:02:33 -0800 (PST) (envelope-from MLandman@face2interface.com) Received: from delliver.face2interface.com (dialup-wash-129-203.thebiz.net [64.30.129.203] (may be forged)) by www6.web2010.com (8.12.10/8.9.0) with ESMTP id hAHN2Hp6009113; Mon, 17 Nov 2003 18:02:18 -0500 (EST) Message-Id: <6.0.0.22.0.20031117175255.030d6420@pop.face2interface.com> X-Sender: face@pop.face2interface.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Mon, 17 Nov 2003 18:02:28 -0500 To: Damian Gerow , isp@freebsd.org From: Marty Landman In-Reply-To: <20031117214939.GO98840@sentex.net> References: <20031117203641.GG98840@sentex.net> <20031117204102.GI61630@complx.LF.net> <6.0.0.22.0.20031117154856.01b4eb58@pop.face2interface.com> <20031117210935.GK98840@sentex.net> <6.0.0.22.0.20031117163136.03573098@pop.face2interface.com> <20031117214939.GO98840@sentex.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: Daily/weekly/monthly output aggregation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 23:02:34 -0000 At 04:49 PM 11/17/2003, Damian Gerow wrote: >There's a difference between the system output, and your own script outputs. :) -- newbie that I am I understand totally >I can read my own script outputs just fine, and generally write the scripts >to produce as little output as possible, but I don't want to have to patch >every single system we've got to re-write how the system periodic scripts >are run. Damian I now see your point about stuffing this into a DB; if you can categorize it into an enum or even set and normalized particularly here where it may be bound to grow and grow (and grow) seems like it could then be harvested into a quick daily admin summary email via cron to tell you stuff like # exceptions in past 24 hrs chart of exceptions sources breakdown by criticality assignment e.g. inetd > apache > ftpd You could even have detailed report links embedded in the email or at least on the admin control panel. Hmm, this is starting to sound a like product. Marty Landman Face 2 Interface Inc 845-679-9387 Sign On Required: Web membership software for your site Make a Website: http://face2interface.com/Home/Demo.shtml From owner-freebsd-isp@FreeBSD.ORG Tue Nov 18 01:43:17 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5677116A4CE for ; Tue, 18 Nov 2003 01:43:17 -0800 (PST) Received: from mail.tcworks.net (mail.tcworks.net [216.61.218.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 71E6343FE0 for ; Tue, 18 Nov 2003 01:43:15 -0800 (PST) (envelope-from ccook@tcworks.net) Received: from tcworks.net (stp.tcworks.net [216.61.218.6]) by mail.tcworks.net (8.12.6/8.12.6) with ESMTP id hAI9XwrM079832; Tue, 18 Nov 2003 03:33:58 -0600 (CST) Sender: xcess@mail.tcworks.net Message-ID: <3FB9EA77.FE1F1398@tcworks.net> Date: Tue, 18 Nov 2003 03:46:31 -0600 From: Chris Cook X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.2 i386) X-Accept-Language: en MIME-Version: 1.0 To: Marty Landman References: <20031117203641.GG98840@sentex.net> <20031117204102.GI61630@complx.LF.net> <6.0.0.22.0.20031117154856.01b4eb58@pop.face2interface.com> <20031117210935.GK98840@sentex.net> <6.0.0.22.0.20031117163136.03573098@pop.face2interface.com> <6.0.0.22.0.20031117175255.030d6420@pop.face2interface.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-RAVMilter-Version: 8.4.1(snapshot 20020920) (mail.tcworks.net) X-Spam-Status: No, hits=0.0 required=7.0 tests=none autolearn=no version=2.60 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on mail.tcworks.net cc: Damian Gerow cc: isp@freebsd.org Subject: Re: Daily/weekly/monthly output aggregation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2003 09:43:17 -0000 Not that this probably matters too much but I wanted to let you all know I am in the same exact boat... that is wanting to have perodic output in a quick, easy to read summary with details available of course. It is painful having to read the root emails sometimes :) -- Chris o----< ccook@tcworks.net >------------------------------------o |Chris Cook - Admin |TCWORKS.NET - http://www.tcworks.net | |The Computer Works ISP |FreeBSD - http://www.freebsd.org | o-------------------------------------------------------------o Marty Landman wrote: > > At 04:49 PM 11/17/2003, Damian Gerow wrote: > > >There's a difference between the system output, and your own script outputs. > > :) -- newbie that I am I understand totally > > >I can read my own script outputs just fine, and generally write the scripts > >to produce as little output as possible, but I don't want to have to patch > >every single system we've got to re-write how the system periodic scripts > >are run. > > Damian I now see your point about stuffing this into a DB; if you can > categorize it into an enum or even set and normalized particularly here > where it may be bound to grow and grow (and grow) seems like it could then > be harvested into a quick daily admin summary email via cron to tell you > stuff like > > # exceptions in past 24 hrs > chart of exceptions sources > breakdown by criticality assignment e.g. inetd > apache > ftpd > > You could even have detailed report links embedded in the email or at least > on the admin control panel. Hmm, this is starting to sound a like product. > From owner-freebsd-isp@FreeBSD.ORG Tue Nov 18 03:54:15 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 299CE16A4CE for ; Tue, 18 Nov 2003 03:54:15 -0800 (PST) Received: from webmail.emre.de (webmail.emre.de [194.8.203.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE7A243FCB for ; Tue, 18 Nov 2003 03:54:13 -0800 (PST) (envelope-from info@emre.de) Received: by webmail.emre.de (Postfix, from userid 80) id A1F4B3A23E; Tue, 18 Nov 2003 12:54:10 +0100 (CET) Received: from sys-125.netcologne.de (sys-125.netcologne.de [194.8.193.125]) by webmail.emre.de (Horde) with HTTP for ; Tue, 18 Nov 2003 12:54:09 +0100 Message-ID: <1069156449.717eee7648c72@webmail.emre.de> Date: Tue, 18 Nov 2003 12:54:09 +0100 From: Emre Bastuz To: freebsd-isp@FreeBSD.ORG MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) 4.0-cvs Subject: Traffic Shaping for NNTP on Username-basis X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2003 11:54:15 -0000 Hi, as you all know there are quite some providers out there that offer access t= o their newsservers based on a traffic or bandwidth specific fee. I was just wondering how such a service can be implemented? Does any of you have an idea how the concept with a username/password and a shaping based upon traffic/bandwidth works? I suppose there is some kind of backend (RDBMS, LDAP) that has the shaping parameters associated with a certain account. In how far can this be combine= d with an OS (preferably FreeBSD) to limit the access? Or maybe the routers connecting the servers to the internet are doing the shaping? I=B4m really curious how this all works :) Any hints/links/docs/ideas will be greatly appreciated. Thanks, Emre -- http://www.emre.de UIN: 561260 PGP Key ID: 0xAFAC77FD I don't see why some people even HAVE cars. -- Calvin ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From owner-freebsd-isp@FreeBSD.ORG Tue Nov 18 04:36:55 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 646DC16A4CE for ; Tue, 18 Nov 2003 04:36:55 -0800 (PST) Received: from ptb-mailc05.plus.net (ptb-mailc05.plus.net [212.159.14.211]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2D1AE43FAF for ; Tue, 18 Nov 2003 04:36:53 -0800 (PST) (envelope-from simong@desktop-guardian.com) Received: from [81.174.227.186] (helo=desktop-guardian.com) by ptb-mailc05.plus.net with smtp (Exim 4.12) id 1AM56B-0002XQ-00 for freebsd-isp@freebsd.org; Tue, 18 Nov 2003 12:36:52 +0000 Received: (qmail 78679 invoked by uid 1006); 18 Nov 2003 12:37:39 -0000 Received: from simong@desktop-guardian.com by dtg25 by uid 82 with qmail-scanner-1.16 (clamscan: 0.54. spamassassin: 2.55. Clear:. Processed in 10.729639 secs); 18 Nov 2003 12:37:39 -0000 Received: from unknown (HELO dtg17) (192.168.0.17) by 192.168.0.25 with SMTP; 18 Nov 2003 12:37:26 -0000 Message-ID: <010101c3add0$7c2bbd70$1100a8c0@dtg17> From: "Simon Gray" To: "Len Conrad" References: <029b01c3ad14$5e53b080$110d3ad4@VAHOXP> <0b3a01c3ad1e$2224d850$1100a8c0@dtg17> <6.0.1.1.2.20031117145927.0486af80@mail.go2france.com> Date: Tue, 18 Nov 2003 12:35:44 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 cc: freebsd-isp@freebsd.org Subject: Re: About DNS (BIND) with Database X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2003 12:36:55 -0000 > >personally i wouldn't use bind, its had a bad security history. > > YEP, and it is VERY OLD HISTORY, but it goes back 3 years. > So what's your gripe about security vulnerabilities in BIND since early 2001? > If you don't have any concrete, recent examples, then stop the FUD. > There are reasons some people don't want to use BIND, but security isn't > one of them. My apologies if this thread has hit a nerve, I wasn't picking at anyone. I'm just giving my point of view. The history may be old in terms of computing, but I won't how many vulnerable systems are still out there? System admins that may not even know how to upgrade or even know that the vulns exist. bind advisories: http://www.cert.org/advisories/CA-2002-19.html http://www.cert.org/advisories/CA-2001-02.html http://www.cert.org/advisories/CA-1999-14.html Plus http://www.isc.org/products/BIND/bind-security.html isn't a very good track record is it? Track records are pretty much all you have to go on with software, unless you audit all the code yourself. If people want to use bind or any other package, they do so at their choice. I'm just saying in my opinion I think there are better alternative. If you're happy using bind, use bind. If you're happy with windows 95, use it. Simon From owner-freebsd-isp@FreeBSD.ORG Tue Nov 18 04:52:42 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 050C316A4CE for ; Tue, 18 Nov 2003 04:52:42 -0800 (PST) Received: from smtp.doruk.net.tr (smtp.doruk.net.tr [212.58.5.248]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A39343F85 for ; Tue, 18 Nov 2003 04:52:37 -0800 (PST) (envelope-from vahric@doruk.net.tr) Received: from VAHOXP (vahric.doruk.net.tr [212.58.13.17]) by smtp.doruk.net.tr (8.12.8/8.12.8) with ESMTP id hAID37gN027344; Tue, 18 Nov 2003 15:03:08 +0200 From: "Vahric MUHTARYAN" To: Date: Tue, 18 Nov 2003 14:51:28 +0200 Message-ID: <042001c3add2$b101d2d0$110d3ad4@VAHOXP> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-reply-to: <010101c3add0$7c2bbd70$1100a8c0@dtg17> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal cc: LConrad@Go2France.com Subject: RE: About DNS (BIND) with Database X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2003 12:52:42 -0000 Thanks for your helps guys _! Please don't upset yourselfs Everybody have well-knows or likes some programs or application instead of other one. Those are their choices ?! Thanks for all opinions again .... I will setup Mydns in short while and inform yours ... Vahric -----Original Message----- From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of Simon Gray Sent: Tuesday, November 18, 2003 2:36 PM To: Len Conrad Cc: freebsd-isp@freebsd.org Subject: Re: About DNS (BIND) with Database > >personally i wouldn't use bind, its had a bad security history. > > YEP, and it is VERY OLD HISTORY, but it goes back 3 years. > So what's your gripe about security vulnerabilities in BIND since early 2001? > If you don't have any concrete, recent examples, then stop the FUD. > There are reasons some people don't want to use BIND, but security isn't > one of them. My apologies if this thread has hit a nerve, I wasn't picking at anyone. I'm just giving my point of view. The history may be old in terms of computing, but I won't how many vulnerable systems are still out there? System admins that may not even know how to upgrade or even know that the vulns exist. bind advisories: http://www.cert.org/advisories/CA-2002-19.html http://www.cert.org/advisories/CA-2001-02.html http://www.cert.org/advisories/CA-1999-14.html Plus http://www.isc.org/products/BIND/bind-security.html isn't a very good track record is it? Track records are pretty much all you have to go on with software, unless you audit all the code yourself. If people want to use bind or any other package, they do so at their choice. I'm just saying in my opinion I think there are better alternative. If you're happy using bind, use bind. If you're happy with windows 95, use it. Simon _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Tue Nov 18 05:25:37 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 818C016A4CE for ; Tue, 18 Nov 2003 05:25:37 -0800 (PST) Received: from complx.LF.net (complx.LF.net [212.9.190.63]) by mx1.FreeBSD.org (Postfix) with ESMTP id B9A9C43F3F for ; Tue, 18 Nov 2003 05:25:36 -0800 (PST) (envelope-from lists@complx.LF.net) Received: from lists by complx.LF.net with local (Exim 4.14) id 1AM5rM-0001Vp-1y; Tue, 18 Nov 2003 14:25:36 +0100 Date: Tue, 18 Nov 2003 14:25:36 +0100 From: Kurt Jaeger To: Emre Bastuz Message-ID: <20031118132536.GJ61630@complx.LF.net> References: <1069156449.717eee7648c72@webmail.emre.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1069156449.717eee7648c72@webmail.emre.de> cc: freebsd-isp@FreeBSD.ORG Subject: Re: Traffic Shaping for NNTP on Username-basis X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2003 13:25:37 -0000 Hi! > I suppose there is some kind of backend (RDBMS, LDAP) that has the shaping > parameters associated with a certain account. In how far can this be combined > with an OS (preferably FreeBSD) to limit the access? I know of a nntp proxy solution based on a perl programm. They probably can also code traffic shaping into their system. Ask info@open.com.au for details. (reader.lf.net runs this code, very nice 8-) -- MfG/Best regards, Kurt Jaeger 17 years to go ! LF.net GmbH fon +49 711 90074-23 pi@LF.net Ruppmannstr. 27 fax +49 711 90074-33 D-70565 Stuttgart mob +49 171 3101372 From owner-freebsd-isp@FreeBSD.ORG Tue Nov 18 07:01:28 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 14D0116A4CE for ; Tue, 18 Nov 2003 07:01:28 -0800 (PST) Received: from bilver.wjv.com (user38.net339.fl.sprint-hsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8136643FE1 for ; Tue, 18 Nov 2003 07:01:24 -0800 (PST) (envelope-from bv@bilver.wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by bilver.wjv.com (8.12.10/8.12.10) with ESMTP id hAIF1MDW088538 for ; Tue, 18 Nov 2003 10:01:22 -0500 (EST) (envelope-from bv@bilver.wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.12.10/8.12.10/Submit) id hAIF1Mn8088537 for freebsd-isp@freebsd.org; Tue, 18 Nov 2003 10:01:22 -0500 (EST) (envelope-from bv) Date: Tue, 18 Nov 2003 10:01:22 -0500 From: Bill Vermillion To: freebsd-isp@freebsd.org Message-ID: <20031118150122.GE88161@wjv.com> References: <029b01c3ad14$5e53b080$110d3ad4@VAHOXP> <0b3a01c3ad1e$2224d850$1100a8c0@dtg17> <6.0.1.1.2.20031117145927.0486af80@mail.go2france.com> <010101c3add0$7c2bbd70$1100a8c0@dtg17> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <010101c3add0$7c2bbd70$1100a8c0@dtg17> Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on bilver.wjv.com Subject: Re: About DNS (BIND) with Database X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: bv@wjv.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2003 15:01:28 -0000 On Tue, Nov 18, 2003 at 12:35 , Simon Gray exclaimed "Las Cucarachas entran, Pero no puede en salir", and then rambled on saying with: > > >personally i wouldn't use bind, its had a bad security history. > > YEP, and it is VERY OLD HISTORY, but it goes back 3 years. > > So what's your gripe about security vulnerabilities in BIND > > since early 2001? If you don't have any concrete, recent > > examples, then stop the FUD. There are reasons some people > > don't want to use BIND, but security isn't one of them. > My apologies if this thread has hit a nerve, I wasn't picking > at anyone. I'm just giving my point of view. > The history may be old in terms of computing, but I won't how > many vulnerable systems are still out there? System admins that > may not even know how to upgrade or even know that the vulns > exist. > bind advisories: > http://www.cert.org/advisories/CA-2002-19.html > http://www.cert.org/advisories/CA-2001-02.html > http://www.cert.org/advisories/CA-1999-14.html > Plus http://www.isc.org/products/BIND/bind-security.html isn't > a very good track record is it? Not as bad as other utilities out there. Since this is an ISP list I would think that all here keep things up to date. The worst problem in BIND is not in the above list and it was sometime before the last one there. In Linux systems the vulnerability gave the cracker root access. In FreeBSD systems DIND just stopped running > Track records are pretty much all you have to go on with > software, unless you audit all the code yourself. And monitor the security lists is pretty much a requirement for anyone at an ISP. Vulnerabilites occur everywhere. > If people want to use bind or any other package, they do so at > Itheir choice. 'm just saying in my opinion I think there are > Ibetter alternative. > If you're happy using bind, use bind. If you're happy with > windows 95, use it. Happy with Win95. I got fed up with the restriction and very poor performance of DOS 2.0 - which looked good on paper - that after 6 months I parted out my IBM and moved to Unix and have never looked back. I do have MS systems to use when I need to - probably 2 or 3 times a week for short periods - but 99% its' on a *n*x system. I learned early :-) Bill -- Bill Vermillion - bv @ wjv . com From owner-freebsd-isp@FreeBSD.ORG Tue Nov 18 14:40:32 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1F48B16A4CE; Tue, 18 Nov 2003 14:40:32 -0800 (PST) Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0B04243FEA; Tue, 18 Nov 2003 14:40:28 -0800 (PST) (envelope-from cristjc@comcast.net) Received: from blossom.cjclark.org (12-234-156-182.client.attbi.com[12.234.156.182]) by comcast.net (rwcrmhc13) with ESMTP id <2003111822402701500ovt06e>; Tue, 18 Nov 2003 22:40:27 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.9p2/8.12.8) with ESMTP id hAIMeksb010901; Tue, 18 Nov 2003 14:40:46 -0800 (PST) (envelope-from cristjc@comcast.net) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.9p2/8.12.9/Submit) id hAIMeiC5010900; Tue, 18 Nov 2003 14:40:44 -0800 (PST) (envelope-from cristjc@comcast.net) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to cristjc@comcast.net using -f Date: Tue, 18 Nov 2003 14:40:44 -0800 From: "Crist J. Clark" To: Helge Oldach Message-ID: <20031118224044.GA10828@blossom.cjclark.org> References: <20031115182409.GA2001@blossom.cjclark.org> <200311161911.UAA25957@galaxy.hbg.de.ao-srv.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200311161911.UAA25957@galaxy.hbg.de.ao-srv.com> User-Agent: Mutt/1.4.1i X-URL: http://people.freebsd.org/~cjc/ cc: freebsd-isp@freebsd.org cc: freebsd-ipfw@freebsd.org cc: vgoupil@alis.com cc: freebsd-net@freebsd.org Subject: Re: IPSec VPN & NATD (problem with alias_address vs redirect_addr ess) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: cjclark@alum.mit.edu List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2003 22:40:32 -0000 On Sun, Nov 16, 2003 at 08:11:36PM +0100, Helge Oldach wrote: > Crist J. Clark: > >On Sat, Nov 15, 2003 at 07:54:40AM +0100, Oldach, Helge wrote: > >> From: Crist J. Clark [mailto:cristjc@comcast.net] > >> > Two different ESP end points behind many-to-one NAT connected to > >> > a single ESP end point on the other side of the NAT? I'd be very > >> > curious to get the documentation on how they are cheating to get > >> > that to work. > >> You have posted a reference already. W2k SP4 supports UDP > >> encapsulation of IPSec. And yes, it works fine, and reliably. > >> Further, all of Cisco's and Checkpoints VPN gear support > >> IPSec-over-UDP as well. This alone is >70% market share. > >Oh, yeah, I know of UDP or TCP encapsulation tricks that work. I have > >dealt with several of these implementations too. I thought that you > >were implying that there were working NAT implementations that could > >deal with ESP in these circumstances. > > Apologies... I am actually jumping between loosely related topics > somewhat. > > In fact both Cisco and Checkpoint also support many-to-one NAT for ESP > and AH protocols. One can indeed have multiple internal VPN devices > hidden behind a single public address, and talking to the same outside > VPN gateway - without requiring that the VPN devices themselves to > tricks to work around NAT (such as UDP encapsulation). You can't use AH with NAT. (period) The whole point of AH is to detect someone tampering with the packet. NAT tampers with the packet. If you can do NAT, AH is broken. As for ESP, Cisco uses a trick. Their implementation, 'spi-matching,' ...is available only for endpoints that choose SPIs according to the predictive algorithm implemented in Cisco IOS Release 12.2(15)T. I am not aware of this algorithm being published anywhere. If it is freely distributed, we could add that support if there was a call for it. As for Checkpoint, I couldn't find any documentation of this ability and from my experience using NG FP2, this doesn't work. It did not NAT ESP at all, not even for one client behind NAT. If this is a new feature in AI or if there is a hidden knob to activate it, I would appreciate a pointer. > To add, there are all sorts of other drafts that amend IPSec > functionality (such as XAUTH and Mode Config which are also pretty > widely deployed in VPN remote access scenarios) that are missing. That's IKE which is really a whole separate beast. The open source IKE daemons are definately not chock full of bleeding edge or vendor-specific features. And the racoon documentation... But all of these IKE extensions are only useful if the vendors using them publish what they are actually doing with them. Reverse engineering this stuff can be really painful since you can't see the data on the wire. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org From owner-freebsd-isp@FreeBSD.ORG Wed Nov 19 00:40:32 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6725616A4CE for ; Wed, 19 Nov 2003 00:40:32 -0800 (PST) Received: from light.sdf.com (light.sdf.com [207.200.153.231]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB71C43FDD for ; Wed, 19 Nov 2003 00:40:30 -0800 (PST) (envelope-from tom@sdf.com) Received: from tom (helo=localhost) by light.sdf.com with local-esmtp (Exim 4.22) id 1AMNxb-000Euv-Bj; Wed, 19 Nov 2003 00:45:15 -0800 Date: Wed, 19 Nov 2003 00:45:15 -0800 (PST) From: Tom To: Emre Bastuz In-Reply-To: <1069156449.717eee7648c72@webmail.emre.de> Message-ID: <20031119004341.T84301@light.sdf.com> References: <1069156449.717eee7648c72@webmail.emre.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@FreeBSD.ORG Subject: Re: Traffic Shaping for NNTP on Username-basis X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2003 08:40:32 -0000 On Tue, 18 Nov 2003, Emre Bastuz wrote: > Hi, > > as you all know there are quite some providers out there that offer access to > their newsservers based on a traffic or bandwidth specific fee. > > I was just wondering how such a service can be implemented? It is done at the application layer, not the OS. If you download some of the News software packages, you will see that it is fairly typical feature. Look into Typhoon. It used to be available for FreeBSD, but Highwind dropped support because they had threading issues. Tom From owner-freebsd-isp@FreeBSD.ORG Wed Nov 19 02:10:24 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C34416A4CE for ; Wed, 19 Nov 2003 02:10:24 -0800 (PST) Received: from opium.co.za (opium.co.za [196.34.165.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7636343FBF for ; Wed, 19 Nov 2003 02:10:23 -0800 (PST) (envelope-from mark@opium.co.za) Received: from mark (helo=localhost) by opium.co.za with local-esmtp (Exim 4.22) id 1AMPHp-0000pR-Qg for freebsd-isp@FreeBSD.ORG; Wed, 19 Nov 2003 12:10:13 +0200 Date: Wed, 19 Nov 2003 12:10:13 +0200 (SAST) From: Mark Bojara X-X-Sender: mark@opium.co.za To: freebsd-isp@FreeBSD.ORG Message-ID: <20031119120925.B53101@opium.co.za> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: mark Subject: USB ISDN modems X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2003 10:10:24 -0000 Hello All, Wich USB ISDN modems are supported in FreeBSD? Maybe im blind but i dont see it on http://www.freebsd.org/relnotes/4-STABLE/hardware/i386/x27.html#USB Thanks Mark From owner-freebsd-isp@FreeBSD.ORG Wed Nov 19 07:23:00 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7591016A4CE for ; Wed, 19 Nov 2003 07:23:00 -0800 (PST) Received: from websites.i-p-d.nl (websites.i-p-d.nl [217.18.64.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F33A43FE0 for ; Wed, 19 Nov 2003 07:22:59 -0800 (PST) (envelope-from danny@i-p-d.nl) Received: from danny (4.ipdhosting.nl [217.18.64.204]) by websites.i-p-d.nl (8.12.10/8.12.5) with ESMTP id hAJFN0Ff057010 for ; Wed, 19 Nov 2003 16:23:00 +0100 (CET) (envelope-from danny@i-p-d.nl) From: danny@i-p-d.nl To: freebsd-isp@FreeBSD.ORG Date: Wed, 19 Nov 2003 16:23:06 +0100 MIME-Version: 1.0 Message-ID: <3FBB98EA.16121.4A29EB@localhost> Priority: normal X-mailer: Pegasus Mail for Windows (v4.12a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Subject: any other hd-copiers than dd X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2003 15:23:00 -0000 Does anyone know a (3rd party) program to do a drivecopy other than dd. If you have errors on a harddisk, dd will stop. Thanx ! Met vriendelijke groeten, Danny Zwegers Unix SysAdmin (Spec:Domains) IPD Hosting & Design BV ------------------- WWW Hosting --------------------- http://www.i-p-d.nl Tel: 0165-571675 http://www.ipdhosting.com Fax: 0165-571710 http://www.domeinhosting.com Email: danny@i-p-d.nl http://www.secure.nl ------------------- WWW Design --------------------- From owner-freebsd-isp@FreeBSD.ORG Wed Nov 19 07:43:13 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F337616A4CE for ; Wed, 19 Nov 2003 07:43:12 -0800 (PST) Received: from mx1.clickcom.com (mx2.clickcom.com [209.198.22.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2628E43FBD for ; Wed, 19 Nov 2003 07:43:12 -0800 (PST) (envelope-from jsmailing@clickcom.com) Received: from aesop (calefaction.clickcom.com [209.198.22.19]) by mx1.clickcom.com (email) with ESMTP id 3AE8C146028; Wed, 19 Nov 2003 10:15:05 -0500 (EST) From: "John Straiton" To: Date: Wed, 19 Nov 2003 10:07:16 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 Thread-index: AcOuGIHACiDFFmM+TcW9Wk/436kamQ== Message-Id: <20031119151505.3AE8C146028@mx1.clickcom.com> Subject: Dual Ethernet NIC w/ failover X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2003 15:43:13 -0000 Greets! I have seen a number of posts regarding support of the dual ethernet cards, however I haven't seen a lot of posts regarding the availability of dual ethernet cards with working failover software... I have a couple of the Intel 10/100/1000's on hand but it appears that the software they use only comes in a linux binary. I'm a bit leary of trying to shoehorn it into working with the linux binary compatibility (assuming I could) since the whole purpose of having a dual ethernet NIC is to take variables *out* of the networking. I'm looking to try to hook a 5.1-R machine up to two separate switches that connect to the same core and run spanning tree so that a failure in either a switch or a network cable would automagically fail over to the other port at the same IP. Does anyone have any suggestions on dual gigabit NICs that they have been able to get into switch-failover mode? John Straiton jks@ clickcom.com Clickcom, Inc 704-365-9970x101 From owner-freebsd-isp@FreeBSD.ORG Wed Nov 19 08:55:11 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EEEA016A4CE for ; Wed, 19 Nov 2003 08:55:11 -0800 (PST) Received: from phuket.psconsult.nl (ps226.psconsult.nl [213.222.19.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 29B2A43F93 for ; Wed, 19 Nov 2003 08:55:10 -0800 (PST) (envelope-from paul@phuket.psconsult.nl) Received: from phuket.psconsult.nl (localhost [127.0.0.1]) by phuket.psconsult.nl (8.12.6p3/8.12.6) with ESMTP id hAJGt8GB094910 for ; Wed, 19 Nov 2003 17:55:08 +0100 (CET) (envelope-from paul@phuket.psconsult.nl) Received: (from paul@localhost) by phuket.psconsult.nl (8.12.6p3/8.12.6/Submit) id hAJGt8ij094909 for freebsd-isp@freebsd.org; Wed, 19 Nov 2003 17:55:08 +0100 (CET) Date: Wed, 19 Nov 2003 17:55:08 +0100 From: Paul Schenkeveld To: freebsd-isp@freebsd.org Message-ID: <20031119165508.GA94796@psconsult.nl> Mail-Followup-To: freebsd-isp@freebsd.org References: <3FBB98EA.16121.4A29EB@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3FBB98EA.16121.4A29EB@localhost> User-Agent: Mutt/1.5.4i Subject: Re: any other hd-copiers than dd X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2003 16:55:12 -0000 On Wed, Nov 19, 2003 at 04:23:06PM +0100, danny@i-p-d.nl wrote: > Does anyone know a (3rd party) program to do a drivecopy other than dd. If you have > errors on a harddisk, dd will stop. Try dd conv=noerror ... See dd(1). > Thanx ! > > Met vriendelijke groeten, > > Danny Zwegers > Unix SysAdmin (Spec:Domains) > IPD Hosting & Design BV Paul Schenkeveld, Consultant PSconsult ICT Services BV, Houten, NL From owner-freebsd-isp@FreeBSD.ORG Wed Nov 19 09:40:39 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 791A916A4D0 for ; Wed, 19 Nov 2003 09:40:39 -0800 (PST) Received: from mail.lambdabroadband.com (mail.lambdabroadband.com [81.17.78.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 90EC643FA3 for ; Wed, 19 Nov 2003 09:40:37 -0800 (PST) (envelope-from sb.mailinglist@lambdabroadband.com) Received: from blackbox ([81.17.78.11]) by mail.lambdabroadband.com (Kerio MailServer 5.7.1) for freebsd-isp@freebsd.org; Wed, 19 Nov 2003 17:36:59 +0000 Message-ID: <009101c3aec4$40b606c0$0b4e1151@blackbox> From: "Colin Watson" To: Date: Wed, 19 Nov 2003 17:40:41 -0000 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Connecting subnet over PPP X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Colin Watson List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2003 17:40:39 -0000 Hi, I am using the userland ppp with pppoe daemon to setup a pppoe server = to authenticate incoming clients. I want to route a /29 subnet = (81.19.79.24/29) to a client. Now I authenticate via a radius server, = which frames the IP, Protocol, and route attributes: Framed-Protocol =3D PPP Framed-IP-Address =3D 81.19.79.25 Framed-Route =3D 81.19.79.24/29 81.19.79.25 1 This appears to assign the connection without problem, and the machines = on the clients side of the network, when assigned one of the subnet's = IP's have no issue pinging out to all hosts. However, when a remote PC = attempts to access one of the public IP's - i.e. ping it - this fails. = The FreeBSD Gateway / PPPoE Server shows lots of ARP unable to resolve = messages - I presume this means it cannot find a mac address for the = client. I have checked the routing table - netstat -ran, and an entry is = created for the subnet in question (via the returned radius attributes): = Internet Dest: Gateway: Flags: Refs: Use: Netif: Expire:=20 81.19.79.24/29 81.19.79.25 UGSc 1 147 tun0=20 81.19.79.25 81.19.78.1 UH 0 256 tun0 81.19.79.25 00:05:5b:71.. UHLS2 0 0 ste1 A tcpdump of 'ste0' (the PPPoE Daemon Interface) from an IP the clients = subnet pinging out, shows that the replies are occuring: 17:29:28.984831 PPPoE [ses 0x1b] 81.17.78.25 > 81.17.78.34: icmp: echo = request 17:29:28.984831 PPPoE [ses 0x1b] 81.17.78.34 > 81.17.78.25: icmp: echo = reply However, if this role is reversed, and a remote IP - in this case = 81.17.78.34 (on a different /27 (32->63) network) attempts to ping a PC = on the client network:=20 17:37:45.214386 PPPoE [ses 0x1b] 81.17.78.34 > 81.17.78.25: icmp: echo = request 17:37:45.221413 PPPoE [ses 0x1b] 81.17.78.34 > 81.17.78.25: icmp: echo = request 17:37:45.223422 PPPoE [ses 0x1b] 81.17.78.34 > 81.17.78.25: icmp: echo = request 17:37:45.321455 PPPoE [ses 0x1b] 81.17.78.34 > 81.17.78.25: icmp: echo = request 17:37:45.623212 PPPoE [ses 0x1b] 81.17.78.34 > 81.17.78.25: icmp: echo = request The client uses a D-Link Router which is set to allow all traffic - It = is of course possible this is misconfigured, however I would like to = know if this configuration *should* be working, or if I have made some = grevious error somewhere, which is preventing the traffic reaching the = clients network. Many Thanks Colin Watson. =20 From owner-freebsd-isp@FreeBSD.ORG Wed Nov 19 09:40:45 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92BB316A4CF for ; Wed, 19 Nov 2003 09:40:45 -0800 (PST) Received: from ns2.gigguardian.com (ns2.gigguardian.com [216.52.21.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7016543FD7 for ; Wed, 19 Nov 2003 09:40:44 -0800 (PST) (envelope-from vhm3@gigguardian.com) Received: from gigguardian.com (www@localhost.gigguardian.com [127.0.0.1]) by ns2.gigguardian.com (8.12.8/8.12.6) with SMTP id hAJI1x4n082618; Wed, 19 Nov 2003 10:01:59 -0800 (PST) (envelope-from vhm3@gigguardian.com) Received: from ip103.palm-valley.sfo.interquest.net ([216.195.235.103]) (SquirrelMail authenticated user vhm3) by webmail.gigguardian.com with HTTP; Wed, 19 Nov 2003 10:02:00 -0800 (PST) Message-ID: <23310.216.195.235.103.1069264920.squirrel@webmail.gigguardian.com> Date: Wed, 19 Nov 2003 10:02:00 -0800 (PST) From: "Chip McClure" To: In-Reply-To: <20031119151505.3AE8C146028@mx1.clickcom.com> References: <20031119151505.3AE8C146028@mx1.clickcom.com> X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.8) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-isp@freebsd.org Subject: Re: Dual Ethernet NIC w/ failover X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2003 17:40:45 -0000 John Straiton said: Hello John, Although I didn't do this for any gigabit nic's, it should work the same, no less. I worte up a small shell script, that pings the gateway device. If the ping fails, the shell script de-configures the primary interface of that card, and configures the secondary interface, assuming the identity of the 1st interface. she shell script also write a value to a text file, as to which is the active interface, so it knows to revert back, if the secondary were to fail. This script was added into the cron job, to run every minute. Chip > Greets! > I have seen a number of posts regarding support of the dual ethernet > cards, however I haven't seen a lot of posts regarding the availability > of dual ethernet cards with working failover software... I have a couple > of the Intel 10/100/1000's on hand but it appears that the software they > use only comes in a linux binary. I'm a bit leary of trying to shoehorn > it into working with the linux binary compatibility (assuming I could) > since the whole purpose of having a dual ethernet NIC is to take > variables *out* of the networking. > I'm looking to try to hook a 5.1-R machine up to two separate > switches that connect to the same core and run spanning tree so that a > failure in either a switch or a network cable would automagically fail > over to the other port at the same IP. > Does anyone have any suggestions on dual gigabit NICs that they have > been able to get into switch-failover mode? > > John Straiton > jks@ clickcom.com > Clickcom, Inc > 704-365-9970x101 > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" ----- Chip McClure Sr. Unix Administrator GigGuardian, Inc. http://www.gigguardian.com/ ----- From owner-freebsd-isp@FreeBSD.ORG Wed Nov 19 09:43:40 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A2D1116A4CE for ; Wed, 19 Nov 2003 09:43:40 -0800 (PST) Received: from mail.lambdabroadband.com (mail.lambdabroadband.com [81.17.78.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id A32FA43FAF for ; Wed, 19 Nov 2003 09:43:38 -0800 (PST) (envelope-from sb.mailinglist@lambdabroadband.com) Received: from blackbox ([81.17.78.11]) by mail.lambdabroadband.com (Kerio MailServer 5.7.1) for freebsd-isp@freebsd.org; Wed, 19 Nov 2003 17:40:02 +0000 Message-ID: <00a401c3aec4$ae3fddb0$0b4e1151@blackbox> From: "Colin Watson" To: Date: Wed, 19 Nov 2003 17:43:45 -0000 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Connecting subnet over PPP X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Colin Watson List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2003 17:43:40 -0000 Please disregard the first message - it was incomplete. ----------------------------- Hi, I am using the userland ppp with pppoe daemon to setup a pppoe server = to authenticate incoming clients. I want to route a /29 subnet = (81.19.79.24/29) to a client. Now I authenticate via a radius server, = which frames the IP, Protocol, and route attributes: Framed-Protocol =3D PPP Framed-IP-Address =3D 81.19.79.25 Framed-Route =3D 81.19.79.24/29 81.19.79.25 1 This appears to assign the connection without problem, and the machines = on the clients side of the network, when assigned one of the subnet's = IP's have no issue pinging out to all hosts. However, when a remote PC = attempts to access one of the public IP's - i.e. ping it - this fails. = The FreeBSD Gateway / PPPoE Server shows lots of ARP unable to resolve = messages - I presume this means it cannot find a mac address for the = client. I have checked the routing table - netstat -ran, and an entry is = created for the subnet in question (via the returned radius attributes): = Internet Dest: Gateway: Flags: Refs: Use: Netif: Expire:=20 81.19.79.24/29 81.19.79.25 UGSc 1 147 tun0=20 81.19.79.25 81.19.78.1 UH 0 256 tun0 81.19.79.25 00:05:5b:71.. UHLS2 0 0 ste1 A tcpdump of 'ste0' (the PPPoE Daemon Interface) from an IP the clients = subnet pinging out, shows that the replies are occuring: 17:29:28.984831 PPPoE [ses 0x1b] 81.19.79.25 > 81.19.79.34: icmp: echo = request 17:29:28.984831 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo = reply However, if this role is reversed, and a remote IP - in this case = 81.19.79.34 (on a different /27 (32->63) network) attempts to ping a PC = on the client network:=20 17:37:45.214386 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo = request 17:37:45.221413 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo = request 17:37:45.223422 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo = request 17:37:45.321455 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo = request 17:37:45.623212 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo = request The client uses a D-Link Router which is set to allow all traffic - It = is of course possible this is misconfigured, however I would like to = know if this configuration *should* be working, or if I have made some = grevious error somewhere, which is preventing the traffic reaching the = clients network. Many Thanks Colin Watson. =20 From owner-freebsd-isp@FreeBSD.ORG Wed Nov 19 10:15:33 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 84D1C16A4CE for ; Wed, 19 Nov 2003 10:15:33 -0800 (PST) Received: from mx1.clickcom.com (mx2.clickcom.com [209.198.22.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4FFC643FDD for ; Wed, 19 Nov 2003 10:15:31 -0800 (PST) (envelope-from jsmailing@clickcom.com) Received: from aesop (calefaction.clickcom.com [209.198.22.19]) by mx1.clickcom.com (email) with ESMTP id E6061146C67; Wed, 19 Nov 2003 13:15:29 -0500 (EST) From: "John Straiton" To: "'Chip McClure'" Date: Wed, 19 Nov 2003 13:07:48 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 Thread-index: AcOuxEa7cwAETsipQpOSNjIY60n66gAAGBiw In-Reply-To: <23310.216.195.235.103.1069264920.squirrel@webmail.gigguardian.com> Message-Id: <20031119181529.E6061146C67@mx1.clickcom.com> cc: freebsd-isp@freebsd.org Subject: RE: Dual Ethernet NIC w/ failover X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2003 18:15:33 -0000 I had thought about that as a possibility. My thought was if I created like a /dev/ether0 and then symlink'ed it to /dev/fxp0, in the event of a failure, I could just change the link over to fxp1 and my firewall rules, dhcpd configurations, et al would still work since they were just reference the symlink (assuming I can do something oddball like that). I was just hoping that someone with more skill than I had put together a more fluid means of all this happening.. Thanks, John > -----Original Message----- > From: Chip McClure [mailto:vhm3@gigguardian.com] > Sent: Wednesday, November 19, 2003 1:02 PM > To: jsmailing@clickcom.com > Cc: freebsd-isp@freebsd.org > Subject: Re: Dual Ethernet NIC w/ failover > > John Straiton said: > > Hello John, > > Although I didn't do this for any gigabit nic's, it should > work the same, no less. > > I worte up a small shell script, that pings the gateway > device. If the ping fails, the shell script de-configures the > primary interface of that card, and configures the secondary > interface, assuming the identity of the 1st interface. she > shell script also write a value to a text file, as to which > is the active interface, so it knows to revert back, if the > secondary were to fail. This script was added into the cron > job, to run every minute. > > Chip > > > Greets! > > I have seen a number of posts regarding support of the > dual ethernet > > cards, however I haven't seen a lot of posts regarding the > > availability of dual ethernet cards with working failover > software... > > I have a couple of the Intel 10/100/1000's on hand but it > appears that > > the software they use only comes in a linux binary. I'm a > bit leary of > > trying to shoehorn it into working with the linux binary > compatibility > > (assuming I could) since the whole purpose of having a dual > ethernet > > NIC is to take variables *out* of the networking. > > I'm looking to try to hook a 5.1-R machine up to two separate > > switches that connect to the same core and run spanning > tree so that a > > failure in either a switch or a network cable would > automagically fail > > over to the other port at the same IP. > > Does anyone have any suggestions on dual gigabit NICs > that they have > > been able to get into switch-failover mode? > > > > John Straiton > > jks@ clickcom.com > > Clickcom, Inc > > 704-365-9970x101 > > > > > > _______________________________________________ > > freebsd-isp@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > > To unsubscribe, send any mail to > "freebsd-isp-unsubscribe@freebsd.org" > > > ----- > Chip McClure > Sr. Unix Administrator > GigGuardian, Inc. > > http://www.gigguardian.com/ > ----- > > > From owner-freebsd-isp@FreeBSD.ORG Wed Nov 19 23:09:55 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D572916A4CE for ; Wed, 19 Nov 2003 23:09:55 -0800 (PST) Received: from franky.speednet.com.au (franky.speednet.com.au [203.57.65.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C71843FA3 for ; Wed, 19 Nov 2003 23:09:54 -0800 (PST) (envelope-from andyf@speednet.com.au) Received: from hewey.af.speednet.com.au (udsl-3-062.QLD.dft.com.au [202.168.108.62])hAK79pRZ089756; Thu, 20 Nov 2003 18:09:51 +1100 (EST) (envelope-from andyf@speednet.com.au) Received: from hewey.af.speednet.com.au (hewey.af.speednet.com.au [172.22.2.1])hAK79mUR063967; Thu, 20 Nov 2003 17:09:51 +1000 (EST) (envelope-from andyf@speednet.com.au) Date: Thu, 20 Nov 2003 17:09:48 +1000 (EST) From: Andy Farkas X-X-Sender: andyf@hewey.af.speednet.com.au To: Paul Schenkeveld In-Reply-To: <20031119165508.GA94796@psconsult.nl> Message-ID: <20031120170532.H62945@hewey.af.speednet.com.au> References: <3FBB98EA.16121.4A29EB@localhost> <20031119165508.GA94796@psconsult.nl> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org Subject: Re: any other hd-copiers than dd X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 07:09:55 -0000 Paul Schenkeveld wrote: > On Wed, Nov 19, 2003 at 04:23:06PM +0100, danny@i-p-d.nl wrote: > > Does anyone know a (3rd party) program to do a drivecopy other than dd. If you have > > errors on a harddisk, dd will stop. > > Try dd conv=noerror ... 'noerror,sync' if you know you have bad blocks. > > See dd(1). > -- :{ andyf@speednet.com.au Andy Farkas System Administrator Speednet Communications http://www.speednet.com.au/ From owner-freebsd-isp@FreeBSD.ORG Thu Nov 20 02:22:41 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 22F5D16A4CE for ; Thu, 20 Nov 2003 02:22:41 -0800 (PST) Received: from smtp.datapro.co.za (mail.uskonet.com [196.3.164.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6BDF143F93 for ; Thu, 20 Nov 2003 02:22:38 -0800 (PST) (envelope-from etienne@unix.za.org) Received: from madcow (unknown [196.35.242.87]) by smtp.datapro.co.za (Postfix) with ESMTP id CA734189A80 for ; Thu, 20 Nov 2003 12:22:35 +0200 (SAST) Content-Type: text/plain; charset="us-ascii" From: Etienne Ledoux To: freebsd-isp@freebsd.org Date: Thu, 20 Nov 2003 12:23:35 +0200 User-Agent: KMail/1.4.3 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200311201223.35255.etienne@unix.za.org> Subject: pop3 timeout problems. X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 10:22:41 -0000 Greetings, I've recently changed/upgraded our mailserver to a new enviroment. I'm using postfix, courier-imap on my mailservers and I keep the mailboxe= s on=20 a shared nfs drive. Since the move we have been having a few complaints a= bout=20 timeouts while downloading mail via pop3. These timeouts would occur on small and large mailboxes, with only a few=20 messages in them. The client has a diginet line which isn't saturated. Th= e=20 connection would start out ok and then it just slows down to a grinding h= alt=20 and eventually times out. One thing we have noticed is that all the=20 complaints are coming from users using Windows XP. We have tested downloa= ding=20 from the same windows xp machine using outlook and outlook express and th= e=20 same thing would happen. But if we downloaded the same mailbox from a=20 different machine using windows 98 on the same lan using the same diginet= =20 connection the mail downloads quickly without a problem (we also tried=20 different network cables). We have other clients experiancing the exact s= ame=20 problem and they are also windows xp users on diginet lines. I mount the nfs share from my bsd boxes using the -r=3D8192,-w=3D8192 opt= ion. The servers are handling allot of mail daily but aren't under extreme hea= vy=20 load. I haven't tried lowering the MTU and I haven't tried another pop3 server = yet.=20 But this will be my next steps to try and solve the problem. Could this be a problem with windows xp (why wasn't it a problem before I= did=20 the move ?) What could be causing this ? Any ideas, suggestions ? What can I do to try and fix this. tx. e. From owner-freebsd-isp@FreeBSD.ORG Thu Nov 20 04:35:57 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1519C16A4CE for ; Thu, 20 Nov 2003 04:35:57 -0800 (PST) Received: from mail.tcworks.net (mail.tcworks.net [216.61.218.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1C6DB43FE0 for ; Thu, 20 Nov 2003 04:35:56 -0800 (PST) (envelope-from ccook@tcworks.net) Received: from tcworks.net (stp.tcworks.net [216.61.218.6]) by mail.tcworks.net (8.12.6/8.12.6) with ESMTP id hAKCQkle090577 for ; Thu, 20 Nov 2003 06:26:46 -0600 (CST) Sender: xcess@mail.tcworks.net Message-ID: <3FBCB5EF.3AD2E1EF@tcworks.net> Date: Thu, 20 Nov 2003 06:39:11 -0600 From: Chris Cook X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.2 i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-RAVMilter-Version: 8.4.1(snapshot 20020920) (mail.tcworks.net) X-Spam-Status: No, hits=0.0 required=7.0 tests=none autolearn=no version=2.60 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on mail.tcworks.net Subject: script to change user's group? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 12:35:57 -0000 Is there a command line way to change the group that a user belongs to? We would like to automatically change a user's group when they become past due on their account. The only way I know how to do this is chpass. If I knew of a command line way I could write a script. Thanks, -- Chris o----< ccook@tcworks.net >------------------------------------o |Chris Cook - Admin |TCWORKS.NET - http://www.tcworks.net | |The Computer Works ISP |FreeBSD - http://www.freebsd.org | o-------------------------------------------------------------o From owner-freebsd-isp@FreeBSD.ORG Thu Nov 20 04:45:18 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A652D16A4CE for ; Thu, 20 Nov 2003 04:45:18 -0800 (PST) Received: from sianna.shopkeeper.de (sianna.shopkeeper.de [217.17.196.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 068BC43FD7 for ; Thu, 20 Nov 2003 04:45:16 -0800 (PST) (envelope-from sklauder@trimind.de) Received: from avalon.dobu.local (p5088733A.dip.t-dialin.net [80.136.115.58]) (authenticated bits=128) by sianna.shopkeeper.de (8.12.9/8.12.6) with ESMTP id hAKCjDe8071341; Thu, 20 Nov 2003 13:45:13 +0100 (CET) (envelope-from sklauder@trimind.de) Received: from avalon.dobu.local (localhost.dobu.local [127.0.0.1]) by avalon.dobu.local (8.12.9p2/8.12.5) with ESMTP id hAKCjCID007516; Thu, 20 Nov 2003 13:45:12 +0100 (CET) (envelope-from sklauder@avalon.dobu.local) Received: (from sklauder@localhost) by avalon.dobu.local (8.12.9p2/8.12.9/Submit) id hAKCjC1N007515; Thu, 20 Nov 2003 13:45:12 +0100 (CET) (envelope-from sklauder) Date: Thu, 20 Nov 2003 13:45:12 +0100 From: Sascha Klauder To: Chris Cook Message-ID: <20031120124512.GA7492@trimind.de> References: <3FBCB5EF.3AD2E1EF@tcworks.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3FBCB5EF.3AD2E1EF@tcworks.net> User-Agent: Mutt/1.4.1i cc: freebsd-isp@freebsd.org Subject: Re: script to change user's group? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 12:45:18 -0000 On Thu, Nov 20, 2003 at 06:39:11AM -0600, Chris Cook wrote: > Is there a command line way to change the group that a user belongs to? > We would like to automatically change a user's group when they become > past due on their account. The only way I know how to do this is > chpass. If I knew of a command line way I could write a script. Check out the pw(8) command. Cheers, -sascha From owner-freebsd-isp@FreeBSD.ORG Thu Nov 20 04:48:43 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D4B216A4CE for ; Thu, 20 Nov 2003 04:48:43 -0800 (PST) Received: from mail.tcworks.net (mail.tcworks.net [216.61.218.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6BAFC43FE3 for ; Thu, 20 Nov 2003 04:48:42 -0800 (PST) (envelope-from ccook@tcworks.net) Received: from tcworks.net (stp.tcworks.net [216.61.218.6]) by mail.tcworks.net (8.12.6/8.12.6) with ESMTP id hAKCdXle096124; Thu, 20 Nov 2003 06:39:33 -0600 (CST) Sender: xcess@mail.tcworks.net Message-ID: <3FBCB8EE.DF5EFE2A@tcworks.net> Date: Thu, 20 Nov 2003 06:51:58 -0600 From: Chris Cook X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.2 i386) X-Accept-Language: en MIME-Version: 1.0 To: Sascha Klauder References: <3FBCB5EF.3AD2E1EF@tcworks.net> <20031120124512.GA7492@trimind.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-RAVMilter-Version: 8.4.1(snapshot 20020920) (mail.tcworks.net) X-Spam-Status: No, hits=0.0 required=7.0 tests=none autolearn=no version=2.60 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on mail.tcworks.net cc: freebsd-isp@freebsd.org Subject: Re: script to change user's group? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 12:48:43 -0000 Sascha Klauder wrote: > > On Thu, Nov 20, 2003 at 06:39:11AM -0600, Chris Cook wrote: > > Is there a command line way to change the group that a user belongs to? > > We would like to automatically change a user's group when they become > > past due on their account. The only way I know how to do this is > > chpass. If I knew of a command line way I could write a script. > > Check out the pw(8) command. > OK, that was an incredibly stupid question. Ha! Thanks. -- Chris o----< ccook@tcworks.net >------------------------------------o |Chris Cook - Admin |TCWORKS.NET - http://www.tcworks.net | |The Computer Works ISP |FreeBSD - http://www.freebsd.org | o-------------------------------------------------------------o From owner-freebsd-isp@FreeBSD.ORG Thu Nov 20 09:30:48 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E70916A4D3 for ; Thu, 20 Nov 2003 09:30:48 -0800 (PST) Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id AC2A943FCB for ; Thu, 20 Nov 2003 09:30:46 -0800 (PST) (envelope-from LConrad@Go2France.com) Received: from VirusGate.MEIway.com (virus-gate.meiway.com [212.73.210.91]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 0AD33EF42C for ; Thu, 20 Nov 2003 18:30:44 +0100 (CET) (envelope-from LConrad@Go2France.com) Received: from localhost (localhost.meiway.com [127.0.0.1]) by VirusGate.MEIway.com (Postfix) with SMTP id 0BF055D009 for ; Thu, 20 Nov 2003 18:36:16 +0100 (CET) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by VirusGate.MEIway.com (Postfix) with ESMTP id 975B85D008 for ; Thu, 20 Nov 2003 18:36:15 +0100 (CET) Received: from tx0.Go2France.com [24.242.169.51] by mail.Go2France.com with ESMTP (SMTPD32-6.06) id AD8E65690120; Thu, 20 Nov 2003 18:44:46 +0100 Message-Id: <6.0.1.1.2.20031118084120.08cd68c8@mail.go2france.com> X-Sender: LConrad@Go2France.com@mail.go2france.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.1.1 Date: Thu, 20 Nov 2003 11:30:03 -0600 To: freebsd-isp@freebsd.org From: Len Conrad In-Reply-To: <010101c3add0$7c2bbd70$1100a8c0@dtg17> References: <029b01c3ad14$5e53b080$110d3ad4@VAHOXP> <0b3a01c3ad1e$2224d850$1100a8c0@dtg17> <6.0.1.1.2.20031117145927.0486af80@mail.go2france.com> <010101c3add0$7c2bbd70$1100a8c0@dtg17> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: About DNS (BIND) with Database X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 17:30:48 -0000 >My apologies if this thread has hit a nerve, I wasn't picking at anyone. I'm >just giving my point of view. And I was giving you mine on your FUD. >The history may be old in terms of computing, but I won't how many >vulnerable systems are still out there? but at this point, running a vulnerable BIND 2 or 3+ years old is not really BIND's fault, nor a reason to recommend against running current BIND8, and esp BIND9 which has NO history of (exploited) vulnerabilities, >System admins that may not even know how to upgrade or even know that the >vulns exist. Then they aren't "sys admins", but jerks. >Plus http://www.isc.org/products/BIND/bind-security.html isn't a very good >track record is it? The charter of ISC is to implement the ALL of RFCs for DNS in BIND8 and 9, so as the RFCs move along, so does BIND, with inevitable bugs. Fixing of the infrequent problems has been extremely fast over the past 3 years. Other DNS software can cherry pick the DNS features they want to (or can) implement and blow off the rest, or push some political agenda. >If people want to use bind or any other package, they do so at their choice. >I'm just saying in my opinion I think there are better alternative. nothing wrong with that, but your reason against choosing BIND, an old security record, was wrong. >If you're happy using bind, use bind. If you're happy with windows 95, use >it. thanks, great advice, the list is grateful. And, if you're happy recommending _against_ something, do it accurately. Trotting out 3+ year old CERT/SANS advisories as reasons for not using current software is BS. Len _____________________________________________________________________ http://MenAndMice.com/DNS-training: Atlanta; Orlando; San Jose IMGate.MEIway.com: anti-spam gateway, effective on 1000's of sites, free From owner-freebsd-isp@FreeBSD.ORG Thu Nov 20 12:21:28 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4AF8B16A4CE for ; Thu, 20 Nov 2003 12:21:28 -0800 (PST) Received: from imhotep.yuckfou.org (cust.89.117.adsl.cistron.nl [195.64.89.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id A701543FAF for ; Thu, 20 Nov 2003 12:21:24 -0800 (PST) (envelope-from nivo+sender+a5063a@yuckfou.org) Received: from localhost (localhost [127.0.0.1]) by imhotep.yuckfou.org (Postfix) with ESMTP id EF5A3228 for ; Thu, 20 Nov 2003 21:22:02 +0100 (CET) Received: from imhotep.yuckfou.org ([127.0.0.1]) by localhost (imhotep.yuckfou.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27660-03 for ; Thu, 20 Nov 2003 21:22:02 +0100 (CET) Received: by imhotep.yuckfou.org (Postfix, from userid 1000) id 95259225; Thu, 20 Nov 2003 21:22:02 +0100 (CET) Received: from yuckfou.org (turbata-xp [192.168.2.236]) by localhost.yuckfou.org (tmda-ofmipd) with ESMTP; Thu, 20 Nov 2003 21:21:58 +0100 (CET) Message-ID: <3FBD223F.2070202@yuckfou.org> Date: Thu, 20 Nov 2003 21:21:19 +0100 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030912 Thunderbird/0.3a X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-isp@freebsd.org References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit From: Nils Vogels X-Delivery-Agent: TMDA/0.88 (Decidedly) X-TMDA-Fingerprint: y/SJIWtexNFDsvpLcG8mzhZ41LM X-Virus-Scanned: by amavisd-new at yuckfou.org Subject: Re: Find data transfer on a particular port X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Nils Vogels List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 20:21:28 -0000 Sunil Sunder Raj wrote: > Hi, > >> From mrtg I come to know that my server X is transferring Y mbit/s. >> But When > > I get into the server, how do I know which service/port is > transferring maximum data. > > Regards > SSR Consider using tools such as trafshow, ethereal, ntop, and various others listed in /usr/ports/net HTH & HAND From owner-freebsd-isp@FreeBSD.ORG Thu Nov 20 12:54:59 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9EDEC16A4CE for ; Thu, 20 Nov 2003 12:54:59 -0800 (PST) Received: from munk.nu (mail.munk.nu [213.152.51.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2461643F75 for ; Thu, 20 Nov 2003 12:54:56 -0800 (PST) (envelope-from munk@munk.nu) Received: from munk by munk.nu with local (Exim 4.24; FreeBSD) id 1AMvpG-00032h-31 for freebsd-isp@freebsd.org; Thu, 20 Nov 2003 20:54:54 +0000 Date: Thu, 20 Nov 2003 20:54:54 +0000 From: Jez Hancock To: freebsd-isp@freebsd.org Message-ID: <20031120205454.GA11290@users.munk.nu> Mail-Followup-To: freebsd-isp@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i Sender: User Munk Subject: Re: Find data transfer on a particular port X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 20:54:59 -0000 On Mon, Nov 17, 2003 at 06:39:25PM +0530, Sunil Sunder Raj wrote: > Hi, > >From mrtg I come to know that my server X is transferring Y mbit/s. But > >When > I get into the server, how do I know which service/port is transferring > maximum data. You could set ipfw up to count the traffic to/from those ports on which servers run. -- Jez Hancock - System Administrator / PHP Developer http://munk.nu/ From owner-freebsd-isp@FreeBSD.ORG Thu Nov 20 16:41:18 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C11D216A4CE for ; Thu, 20 Nov 2003 16:41:18 -0800 (PST) Received: from newcolo.invictanet.co.uk (newcolo.invictanet.co.uk [213.48.153.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5161A43FAF for ; Thu, 20 Nov 2003 16:41:17 -0800 (PST) (envelope-from support@invictanet.co.uk) Received: from verna ([80.88.196.129]) (authenticated) by newcolo.invictanet.co.uk (8.11.1/8.11.1) with ESMTP id hAL0fEt81315 for ; Fri, 21 Nov 2003 00:41:15 GMT From: "InvictaNet Customer Support" To: "Freebsd Isp List" Date: Fri, 21 Nov 2003 00:41:14 -0000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: merging 2 passwd files X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2003 00:41:18 -0000 Can anyone help? I am merging 2 existing servers into one new server. Can anyone suggest a way I can merge the 2 master.passwd files without duplicating uid's? Martyn Routley ----------------------------------------------------------------- InvictaWiz - The Internet in Plain English, Guaranteed http://www.invictawiz.com martyn@invictawiz.com phone: 08707 440180 fax: 08707 440181 Ask us about our online Antivirus and Junk mail scanning service. Ask us how you could save money on your telephone bill. ----------------------------------------------------------------- From owner-freebsd-isp@FreeBSD.ORG Thu Nov 20 21:26:36 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 75D1116A4CE for ; Thu, 20 Nov 2003 21:26:36 -0800 (PST) Received: from util.inch.com (ns.inch.com [216.223.192.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5639C43F75 for ; Thu, 20 Nov 2003 21:26:35 -0800 (PST) (envelope-from scott@inch.com) Received: from DellBSD.inch.com (DellBSD.inch.com [216.223.192.89]) hAL5QX5o033682 for ; Fri, 21 Nov 2003 00:26:34 -0500 (EST) (envelope-from scott@inch.com) Received: by DellBSD.inch.com (Postfix, from userid 1000) id 1182A5D91; Fri, 21 Nov 2003 00:26:33 -0500 (EST) Date: Fri, 21 Nov 2003 00:26:33 -0500 From: Scott Lambert To: Freebsd Isp List Message-ID: <20031121052632.GA27853@DellBSD.inch.com> Mail-Followup-To: Freebsd Isp List References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.4i Subject: Re: merging 2 passwd files X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2003 05:26:36 -0000 On Fri, Nov 21, 2003 at 12:41:14AM -0000, InvictaNet Customer Support wrote: > Can anyone help? > I am merging 2 existing servers into one new server. > Can anyone suggest a way I can merge the 2 master.passwd files without > duplicating uid's? This part of the merge two hosts problem, I have solved. It's the "make the historically different and incompatible web configs work together" part that is slowing me down. I'll probably give up and run completely seperate web servers but I've been trying to avoid that. I want to bring them inline with current best practices. Anyway, I have a script called rsync_passwd.sh that I've been tweaking. I just went through and "generic-ized" it so that I could post it. So something could be broken. There was a lot of search and replace used. http://www.lambertfam.org/~lambert/scripts/rsync_passwd.sh -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org From owner-freebsd-isp@FreeBSD.ORG Fri Nov 21 06:14:37 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 28D3D16A4CF for ; Fri, 21 Nov 2003 06:14:37 -0800 (PST) Received: from smtp-ft4.fr.colt.net (smtp-ft4.fr.colt.net [213.41.78.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id A8FA843FDD for ; Fri, 21 Nov 2003 06:14:35 -0800 (PST) (envelope-from nanard@tou.nu) Received: from orion (noc-bes.adm.fr.colt.net [195.68.1.120]) by smtp-ft4.fr.colt.net with SMTP id hALEEXH12589 for ; Fri, 21 Nov 2003 15:14:34 +0100 Message-ID: <02e701c3b039$caaebea0$51fd210a@orion> From: "nanard" To: Date: Fri, 21 Nov 2003 15:14:34 +0100 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Connecting to VPN Concentrator X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2003 14:14:37 -0000 Hi, Is there some way to connect FreeBSD to VPN concentrator (Cisco3000) ?. I found a page about it : http://www.unix-ag.uni-kl.de/~massar/vpnc/ But it works only for Linux/NetBSD/SunOS but not yet FreeBSD. Thanks in advance. Nicolas From owner-freebsd-isp@FreeBSD.ORG Fri Nov 21 06:30:39 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A0D416A4CE for ; Fri, 21 Nov 2003 06:30:39 -0800 (PST) Received: from otter3.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 89B5243FD7 for ; Fri, 21 Nov 2003 06:30:38 -0800 (PST) (envelope-from anderson@centtech.com) Received: from centtech.com (neutrino.centtech.com [10.177.171.220]) by otter3.centtech.com (8.12.3/8.12.3) with ESMTP id hALEUb6T030269; Fri, 21 Nov 2003 08:30:38 -0600 (CST) (envelope-from anderson@centtech.com) Message-ID: <3FBE2185.1040204@centtech.com> Date: Fri, 21 Nov 2003 08:30:29 -0600 From: Eric Anderson User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: nanard References: <02e701c3b039$caaebea0$51fd210a@orion> In-Reply-To: <02e701c3b039$caaebea0$51fd210a@orion> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: Connecting to VPN Concentrator X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2003 14:30:39 -0000 nanard wrote: >Hi, > >Is there some way to connect FreeBSD to VPN concentrator (Cisco3000) ?. > >I found a page about it : >http://www.unix-ag.uni-kl.de/~massar/vpnc/ >But it works only for Linux/NetBSD/SunOS but not yet FreeBSD. > > In a previous email to this list, I thought you were asking how to connect FreeBSD and windows clients to a VPN server (of any kind, possibly FreeBSD)? If that's what you want, I can help you with that.. Eric -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology All generalizations are false, including this one. ------------------------------------------------------------------ From owner-freebsd-isp@FreeBSD.ORG Fri Nov 21 07:49:08 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B7FEF16A4CF for ; Fri, 21 Nov 2003 07:49:08 -0800 (PST) Received: from smtp-ft4.fr.colt.net (smtp-ft4.fr.colt.net [213.41.78.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id 638B743FE3 for ; Fri, 21 Nov 2003 07:49:05 -0800 (PST) (envelope-from nanard@tou.nu) Received: from orion (noc-bes.adm.fr.colt.net [195.68.1.120]) by smtp-ft4.fr.colt.net with SMTP id hALFn1H13780; Fri, 21 Nov 2003 16:49:01 +0100 Message-ID: <030d01c3b046$fcaf92f0$51fd210a@orion> From: "nanard" To: "Eric Anderson" References: <02e701c3b039$caaebea0$51fd210a@orion> <3FBE2185.1040204@centtech.com> Date: Fri, 21 Nov 2003 16:49:02 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 cc: freebsd-isp@freebsd.org Subject: Re: Connecting to VPN Concentrator X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2003 15:49:08 -0000 Hi Eric, > In a previous email to this list, I thought you were asking how to > connect FreeBSD and windows clients to a VPN server (of any kind, > possibly FreeBSD)? If that's what you want, I can help you with that.. Yes, i installed a VPN server on FreeBSD 4.9 with MPD. (and SaMBa in a jail of the server for the VPN user only). I managed to connect Windows users to it. But I didn't manage to connect FreeBSD client to it (using pptp-client). The connexion works but nothing go though the tunnel (i did nothing in ipf) and after 170 sec, the client close the connexion. (i think because of idle ?). Maybe there is something wrong with my route. I don't know But now, i ve a VPN concentrator server (CISCO 3000) and i've some clients who would like to connect from FreeBSD. I don't know if it s possible so, i m asking now here. For my last question in this list, i m open to know how do you use mpd as client to connect FreeBSD to FreeBSD MPD server. Thanks in advance. Nicolas OS: FreeBSD 4.9 Configuration of the FreeBSD client : crysto$ cat /etc/ppp/ppp.conf TEST: set authname nanard set authkey ****** set timeout 0 set ifaddr 0 0 add 192.168.0.142/24 HISADDR alias enable yes When i launch : # pptp XX.YY.ZZ.AA TEST tun0: flags=8051 mtu 1498 inet 192.168.0.142 --> XX.YY.ZZ.AA netmask 0xffffffff Opened by PID 24918 $ ping 192.168.0.142 PING 192.168.0.142 (192.168.0.142): 56 data bytes ping: sendto: No route to host ping: sendto: No route to host ^C In log of FreeBSD client: In /var/log/pptp.log Nov 20 14:23:46 crysto ppp[80154]: Phase: Using interface: tun0 Nov 20 14:23:46 crysto ppp[80154]: Phase: deflink: Created in closed state Nov 20 14:23:46 crysto ppp[80154]: Warning: The alias command is deprecated Nov 20 14:23:46 crysto ppp[80154]: Phase: PPP Started (direct mode). Nov 20 14:23:46 crysto ppp[80154]: Phase: bundle: Establish Nov 20 14:23:46 crysto ppp[80154]: Phase: deflink: closed -> opening Nov 20 14:23:46 crysto ppp[80154]: Phase: deflink: Connected! Nov 20 14:23:46 crysto ppp[80154]: Phase: deflink: opening -> carrier Nov 20 14:23:47 crysto ppp[80154]: Phase: deflink: carrier -> lcp Nov 20 14:23:47 crysto ppp[80154]: Phase: Unexpected chap input - dropped ! Nov 20 14:23:53 crysto last message repeated 3 times Nov 20 14:23:54 crysto ppp[80154]: Phase: bundle: Authenticate Nov 20 14:23:54 crysto ppp[80154]: Phase: deflink: his = CHAP 0x81, mine = none Nov 20 14:23:54 crysto ppp[80154]: Phase: Chap Input: CHALLENGE (16 bytes) Nov 20 14:23:54 crysto ppp[80154]: Phase: Chap Output: RESPONSE (nanard) Nov 20 14:23:54 crysto ppp[80154]: Phase: Chap Input: SUCCESS (S=E1F1FE8196608716C90AEA4015D20E9D4CF864D8) Nov 20 14:23:54 crysto ppp[80154]: Phase: deflink: lcp -> open Nov 20 14:23:54 crysto ppp[80154]: Phase: bundle: Network Nov 20 14:26:40 crysto ppp[80154]: Phase: Signal 15, terminate. Nov 20 14:26:40 crysto ppp[80154]: Phase: Signal 15, terminate. Nov 20 14:26:40 crysto ppp[80154]: Phase: deflink: read (0): Got zero bytes Nov 20 14:26:40 crysto ppp[80154]: Phase: deflink: open -> lcp Nov 20 14:26:40 crysto ppp[80154]: Phase: bundle: Terminate Nov 20 14:26:40 crysto ppp[80154]: Phase: deflink: Disconnected! Nov 20 14:26:40 crysto ppp[80154]: Phase: deflink: Connect time: 174 secs: 665 octets in, 666 octets out Nov 20 14:26:40 crysto ppp[80154]: Phase: deflink: 18 packets in, 16 packets out Nov 20 14:26:40 crysto ppp[80154]: Phase: total 7 bytes/sec, peak 208 bytes/sec on Thu Nov 20 14:23:54 2003 Nov 20 14:26:40 crysto ppp[80154]: Phase: deflink: lcp -> closed Nov 20 14:26:40 crysto ppp[80154]: Phase: bundle: Dead Nov 20 14:26:40 crysto ppp[80154]: Phase: PPP Terminated (normal). Nov 21 16:03:07 crysto ppp[24918]: Phase: Using interface: tun0 Nov 21 16:03:07 crysto ppp[24918]: Phase: deflink: Created in closed state Nov 21 16:03:07 crysto ppp[24918]: Warning: The alias command is deprecated Nov 21 16:03:07 crysto ppp[24918]: Phase: PPP Started (direct mode). Nov 21 16:03:07 crysto ppp[24918]: Phase: bundle: Establish Nov 21 16:03:07 crysto ppp[24918]: Phase: deflink: closed -> opening Nov 21 16:03:07 crysto ppp[24918]: Phase: deflink: Connected! Nov 21 16:03:07 crysto ppp[24918]: Phase: deflink: opening -> carrier Nov 21 16:03:08 crysto ppp[24918]: Phase: deflink: carrier -> lcp Nov 21 16:03:08 crysto ppp[24918]: Phase: Unexpected chap input - dropped ! Nov 21 16:03:13 crysto last message repeated 3 times Nov 21 16:03:15 crysto ppp[24918]: Phase: bundle: Authenticate Nov 21 16:03:15 crysto ppp[24918]: Phase: deflink: his = CHAP 0x81, mine = none Nov 21 16:03:15 crysto ppp[24918]: Phase: Chap Input: CHALLENGE (16 bytes) Nov 21 16:03:15 crysto ppp[24918]: Phase: Chap Output: RESPONSE (nanard) Nov 21 16:03:15 crysto ppp[24918]: Phase: Chap Input: SUCCESS (S=9749F42989AFAEB5922F86A515C6C42C4C3DAAC3) Nov 21 16:03:15 crysto ppp[24918]: Phase: deflink: lcp -> open Nov 21 16:03:15 crysto ppp[24918]: Phase: bundle: Network crysto# netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 10.0.0.138 UGSc 18 20 dc0 10/24 link#1 UC 3 0 dc0 10.0.0.4 00:a0:cc:da:6a:7f UHLW 0 5 lo0 10.0.0.5 00:a0:cc:da:6a:7f UHLW 1 17 lo0 => 10.0.0.5/32 link#1 UC 1 0 dc0 10.0.0.7/32 link#1 UC 0 0 dc0 10.0.0.8/32 link#1 UC 0 0 dc0 10.0.0.138 00:08:21:b8:c2:14 UHLW 16 0 dc0 715 10.0.0.255 ff:ff:ff:ff:ff:ff UHLWb 3 49 dc0 127.0.0.1 127.0.0.1 UH 0 45 lo0 192.168.0 XX.YY.ZZ.AA UGSc 0 3 tun0 192.168.1 link#1 UC 0 0 dc0 195.68.88.112/29 link#1 UC 0 0 dc0 XX.YY.ZZ.AA 192.168.0.142 UH 2 1 tun0 When it deconnect : Nov 21 16:05:06 crysto ppp[24918]: Phase: Signal 15, terminate. Nov 21 16:05:06 crysto ppp[24918]: Phase: Signal 15, terminate. Nov 21 16:05:06 crysto ppp[24918]: Phase: deflink: read (0): Got zero bytes Nov 21 16:05:06 crysto ppp[24918]: Phase: deflink: open -> lcp Nov 21 16:05:06 crysto ppp[24918]: Phase: bundle: Terminate Nov 21 16:05:06 crysto ppp[24918]: Phase: deflink: Disconnected! Nov 21 16:05:06 crysto ppp[24918]: Phase: deflink: Connect time: 119 secs: 696 octets in, 661 octets out Nov 21 16:05:06 crysto ppp[24918]: Phase: deflink: 18 packets in, 16 packets out Nov 21 16:05:06 crysto ppp[24918]: Phase: total 11 bytes/sec, peak 212 bytes/sec on Fri Nov 21 16:03:15 2003 Nov 21 16:05:06 crysto ppp[24918]: Phase: deflink: lcp -> closed Nov 21 16:05:06 crysto ppp[24918]: Phase: bundle: Dead Nov 21 16:05:06 crysto ppp[24918]: Phase: PPP Terminated (normal). > > Eric > > -- > ------------------------------------------------------------------ > Eric Anderson Systems Administrator Centaur Technology > All generalizations are false, including this one. > ------------------------------------------------------------------ > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Fri Nov 21 13:06:55 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8ACF516A4CE for ; Fri, 21 Nov 2003 13:06:55 -0800 (PST) Received: from otter3.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1169D43FB1 for ; Fri, 21 Nov 2003 13:06:54 -0800 (PST) (envelope-from anderson@centtech.com) Received: from centtech.com (neutrino.centtech.com [10.177.171.220]) by otter3.centtech.com (8.12.3/8.12.3) with ESMTP id hALL6q6T085878; Fri, 21 Nov 2003 15:06:53 -0600 (CST) (envelope-from anderson@centtech.com) Message-ID: <3FBE7E62.50207@centtech.com> Date: Fri, 21 Nov 2003 15:06:42 -0600 From: Eric Anderson User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: nanard References: <02e701c3b039$caaebea0$51fd210a@orion> <3FBE2185.1040204@centtech.com> <030d01c3b046$fcaf92f0$51fd210a@orion> In-Reply-To: <030d01c3b046$fcaf92f0$51fd210a@orion> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: Connecting to VPN Concentrator X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2003 21:06:55 -0000 nanard wrote: >Hi Eric, > > > >>In a previous email to this list, I thought you were asking how to >>connect FreeBSD and windows clients to a VPN server (of any kind, >>possibly FreeBSD)? If that's what you want, I can help you with that.. >> >> > >Yes, i installed a VPN server on FreeBSD 4.9 with MPD. (and SaMBa in a jail >of the server for the VPN user only). > >I managed to connect Windows users to it. >But I didn't manage to connect FreeBSD client to it (using pptp-client). >The connexion works but nothing go though the tunnel (i did nothing in ipf) >and after 170 sec, the client close the connexion. >(i think because of idle ?). Maybe there is something wrong with my route. >I don't know > > I put my config blurbs below.. maybe that will help.. if not, let me know.. >But now, i ve a VPN concentrator server (CISCO 3000) and i've some clients >who would like to connect from FreeBSD. >I don't know if it s possible so, i m asking now here. > > I believe it is, but I'm not sure that mpd will do it.. I think the Cisco's use IPSEC, not pptp.. >For my last question in this list, i m open to know how do you use mpd as >client to connect FreeBSD to FreeBSD MPD server. > >Thanks in advance. > >Nicolas > >OS: FreeBSD 4.9 > >Configuration of the FreeBSD client : > >crysto$ cat /etc/ppp/ppp.conf >TEST: > set authname nanard > set authkey ****** > set timeout 0 > set ifaddr 0 0 > add 192.168.0.142/24 HISADDR > alias enable yes > > ppp.conf? Hmm.. I use mpd.conf on my client.. (shown below) >When i launch : > ># pptp XX.YY.ZZ.AA TEST > is pptp a command for you? I don't have that command.. > >tun0: flags=8051 mtu 1498 > inet 192.168.0.142 --> XX.YY.ZZ.AA netmask 0xffffffff > Opened by PID 24918 > >$ ping 192.168.0.142 >PING 192.168.0.142 (192.168.0.142): 56 data bytes >ping: sendto: No route to host >ping: sendto: No route to host >^C > > > [..snip..] Ok, here's my configuration for the server: /usr/local/etc/mpd/mpd.conf: (10.x.y.50 is the internal IP of the vpn server, and 10.x.y.100/101 are the IPs that are assigned to the vpn connections once established) ##################### default: load client0 load client1 client0: new -i ng0 pptp0 pptp0 set ipcp ranges 10.x.y.50/32 10.x.y.100/32 load pptp_standard client1: new -i ng1 pptp1 pptp1 set ipcp ranges 10.x.y.50/32 10.x.y.101/32 load pptp_standard pptp_standard: set iface disable on-demand set iface enable proxy-arp set iface idle 3600 set iface mtu 1400 set bundle disable multilink set bundle yes crypt-reqd set bundle enable compression set link no pap chap set link enable chap set link keep-alive 60 600 set link mtu 1400 set ipcp yes vjcomp set ipcp dns 10.x.y.5 10.x.y.6 #nbns is for the WINs numbers for windows users set ipcp nbns 10.x.y.7 10.x.y.8 set ccp yes mppc set ccp enable mpp-compress set ccp yes mpp-e40 set ccp yes mpp-e56 set ccp yes mpp-e128 set ccp yes mpp-stateless ##################### /usr/local/etc/mpd/mpd.links: (xxx.yyy.zzz.123 is my external IP on the FreeBSD VPN server) ##################### pptp0: set link type pptp set pptp self xxx.yyy.zzz.123 set pptp enable incoming set pptp disable originate pptp1: set link type pptp set pptp self xxx.yyy.zzz.123 set pptp enable incoming set pptp disable originate ##################### /usr/local/mpd/mpd.secret: ##################### username "mypassword" And on my client: default: load work work: new -i ng1 ms-pptp work set log +pptp +pptp2 +pptp3 +lcp +auth set ipcp ranges 0.0.0.0/0 0.0.0.0/0 set ipcp yes vjcomp set ipcp dns 10.x.y.5 10.x.y.6 set ipcp enable req-pri-dns req-sec-dns set link disable chap pap set link accept chap set link yes acfcomp protocomp set iface idle 0 set bundle enable multilink set bundle yes crypt-reqd set bundle enable compression #set link enable no-orig-auth set link keep-alive 60 600 set ccp yes mppc set ccp enable mpp-compress set ccp yes mpp-e40 set ccp yes mpp-e56 set ccp yes mpp-e128 set ccp yes mpp-stateless set iface route 10.x.y.0/24 set iface route 10.x.z.0/24 set bundle authname "username" set bundle password "mypassword" set iface disable on-demand set link max-redial 9 set iface mtu 1400 open iface Then to start the connection, I run: # mpd work Once the connection is made, you should be running.. Eric -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology All generalizations are false, including this one. ------------------------------------------------------------------ From owner-freebsd-isp@FreeBSD.ORG Fri Nov 21 13:25:02 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9FBDD16A4D0 for ; Fri, 21 Nov 2003 13:25:02 -0800 (PST) Received: from crystunix.com (crystunix.com [195.68.88.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id C73DB43FE5 for ; Fri, 21 Nov 2003 13:25:00 -0800 (PST) (envelope-from nanard@crystunix.com) Received: from [192.168.1.2] (port=3392 helo=thot) by crystunix.com with esmtp (Exim) id 1ANImW-00017y-1p; Fri, 21 Nov 2003 22:25:36 +0100 Message-ID: <00df01c3b075$e4f29070$0201a8c0@thot> From: "nanard" To: "Eric Anderson" References: <02e701c3b039$caaebea0$51fd210a@orion><3FBE2185.1040204@centtech.com> <030d01c3b046$fcaf92f0$51fd210a@orion> <3FBE7E62.50207@centtech.com> Date: Fri, 21 Nov 2003 22:20:19 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Scanner: Crysto-ClamAV cc: freebsd-isp@freebsd.org Subject: Re: Connecting to VPN Concentrator X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2003 21:25:02 -0000 Hi Eric, Ok i ve the same configuration on my FreeBSD server. But on the FreeBSD client, i was using pptp: crysto# pkg_info|grep pptp pptpclient-1.3.1 PPTP client for establishing a VPN link with an NT server So, now, i m trying to connect the client with MPD. But i didn't find the public adress of the VPN server in the mpd.conf. > And on my client: > default: > load work > > work: > new -i ng1 ms-pptp work > set log +pptp +pptp2 +pptp3 +lcp +auth > set ipcp ranges 0.0.0.0/0 0.0.0.0/0 > set ipcp yes vjcomp > set ipcp dns 10.x.y.5 10.x.y.6 > set ipcp enable req-pri-dns req-sec-dns > set link disable chap pap > set link accept chap > set link yes acfcomp protocomp > set iface idle 0 > set bundle enable multilink > set bundle yes crypt-reqd > set bundle enable compression > #set link enable no-orig-auth > set link keep-alive 60 600 > set ccp yes mppc > set ccp enable mpp-compress > set ccp yes mpp-e40 > set ccp yes mpp-e56 > set ccp yes mpp-e128 > set ccp yes mpp-stateless > set iface route 10.x.y.0/24 > set iface route 10.x.z.0/24 > set bundle authname "username" > set bundle password "mypassword" > set iface disable on-demand > set link max-redial 9 > set iface mtu 1400 > open iface > > > Then to start the connection, I run: > # mpd work > > Once the connection is made, you should be running.. Where do you specify xxx.yyy.zzz.123 in the mpd configuration of the freebsd client ? mpd.links ? Thanks in advance. Regards, Nicolas ----- Original Message ----- From: "Eric Anderson" To: "nanard" Cc: Sent: Friday, November 21, 2003 10:06 PM Subject: Re: Connecting to VPN Concentrator > nanard wrote: > > >Hi Eric, > > > > > > > >>In a previous email to this list, I thought you were asking how to > >>connect FreeBSD and windows clients to a VPN server (of any kind, > >>possibly FreeBSD)? If that's what you want, I can help you with that.. > >> > >> > > > >Yes, i installed a VPN server on FreeBSD 4.9 with MPD. (and SaMBa in a jail > >of the server for the VPN user only). > > > >I managed to connect Windows users to it. > >But I didn't manage to connect FreeBSD client to it (using pptp-client). > >The connexion works but nothing go though the tunnel (i did nothing in ipf) > >and after 170 sec, the client close the connexion. > >(i think because of idle ?). Maybe there is something wrong with my route. > >I don't know > > > > > I put my config blurbs below.. maybe that will help.. if not, let me know.. > > >But now, i ve a VPN concentrator server (CISCO 3000) and i've some clients > >who would like to connect from FreeBSD. > >I don't know if it s possible so, i m asking now here. > > > > > I believe it is, but I'm not sure that mpd will do it.. I think the > Cisco's use IPSEC, not pptp.. > > >For my last question in this list, i m open to know how do you use mpd as > >client to connect FreeBSD to FreeBSD MPD server. > > > >Thanks in advance. > > > >Nicolas > > > >OS: FreeBSD 4.9 > > > >Configuration of the FreeBSD client : > > > >crysto$ cat /etc/ppp/ppp.conf > >TEST: > > set authname nanard > > set authkey ****** > > set timeout 0 > > set ifaddr 0 0 > > add 192.168.0.142/24 HISADDR > > alias enable yes > > > > > ppp.conf? Hmm.. I use mpd.conf on my client.. (shown below) > > >When i launch : > > > ># pptp XX.YY.ZZ.AA TEST > > > is pptp a command for you? I don't have that command.. > > > > >tun0: flags=8051 mtu 1498 > > inet 192.168.0.142 --> XX.YY.ZZ.AA netmask 0xffffffff > > Opened by PID 24918 > > > >$ ping 192.168.0.142 > >PING 192.168.0.142 (192.168.0.142): 56 data bytes > >ping: sendto: No route to host > >ping: sendto: No route to host > >^C > > > > > > > [..snip..] > > Ok, here's my configuration for the server: > /usr/local/etc/mpd/mpd.conf: (10.x.y.50 is the internal IP of the vpn > server, and 10.x.y.100/101 are the IPs that are assigned to the vpn > connections once established) > ##################### > default: > load client0 > load client1 > > client0: > new -i ng0 pptp0 pptp0 > set ipcp ranges 10.x.y.50/32 10.x.y.100/32 > load pptp_standard > > client1: > new -i ng1 pptp1 pptp1 > set ipcp ranges 10.x.y.50/32 10.x.y.101/32 > load pptp_standard > > pptp_standard: > set iface disable on-demand > set iface enable proxy-arp > set iface idle 3600 > set iface mtu 1400 > set bundle disable multilink > set bundle yes crypt-reqd > set bundle enable compression > set link no pap chap > set link enable chap > set link keep-alive 60 600 > set link mtu 1400 > set ipcp yes vjcomp > set ipcp dns 10.x.y.5 10.x.y.6 > #nbns is for the WINs numbers for windows users > set ipcp nbns 10.x.y.7 10.x.y.8 > set ccp yes mppc > set ccp enable mpp-compress > set ccp yes mpp-e40 > set ccp yes mpp-e56 > set ccp yes mpp-e128 > set ccp yes mpp-stateless > ##################### > > /usr/local/etc/mpd/mpd.links: > (xxx.yyy.zzz.123 is my external IP on the FreeBSD VPN server) > ##################### > pptp0: > set link type pptp > set pptp self xxx.yyy.zzz.123 > set pptp enable incoming > set pptp disable originate > > pptp1: > set link type pptp > set pptp self xxx.yyy.zzz.123 > set pptp enable incoming > set pptp disable originate > ##################### > > /usr/local/mpd/mpd.secret: > ##################### > username "mypassword" > > And on my client: > default: > load work > > work: > new -i ng1 ms-pptp work > set log +pptp +pptp2 +pptp3 +lcp +auth > set ipcp ranges 0.0.0.0/0 0.0.0.0/0 > set ipcp yes vjcomp > set ipcp dns 10.x.y.5 10.x.y.6 > set ipcp enable req-pri-dns req-sec-dns > set link disable chap pap > set link accept chap > set link yes acfcomp protocomp > set iface idle 0 > set bundle enable multilink > set bundle yes crypt-reqd > set bundle enable compression > #set link enable no-orig-auth > set link keep-alive 60 600 > set ccp yes mppc > set ccp enable mpp-compress > set ccp yes mpp-e40 > set ccp yes mpp-e56 > set ccp yes mpp-e128 > set ccp yes mpp-stateless > set iface route 10.x.y.0/24 > set iface route 10.x.z.0/24 > set bundle authname "username" > set bundle password "mypassword" > set iface disable on-demand > set link max-redial 9 > set iface mtu 1400 > open iface > > > Then to start the connection, I run: > # mpd work > > Once the connection is made, you should be running.. > > Eric > > > > > -- > ------------------------------------------------------------------ > Eric Anderson Systems Administrator Centaur Technology > All generalizations are false, including this one. > ------------------------------------------------------------------ > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Fri Nov 21 13:41:16 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9DD9916A4CE for ; Fri, 21 Nov 2003 13:41:16 -0800 (PST) Received: from otter3.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id AB96D43F85 for ; Fri, 21 Nov 2003 13:41:15 -0800 (PST) (envelope-from anderson@centtech.com) Received: from centtech.com (neutrino.centtech.com [10.177.171.220]) by otter3.centtech.com (8.12.3/8.12.3) with ESMTP id hALLfB6T091857; Fri, 21 Nov 2003 15:41:11 -0600 (CST) (envelope-from anderson@centtech.com) Message-ID: <3FBE866C.4050501@centtech.com> Date: Fri, 21 Nov 2003 15:41:00 -0600 From: Eric Anderson User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: nanard References: <02e701c3b039$caaebea0$51fd210a@orion><3FBE2185.1040204@centtech.com> <030d01c3b046$fcaf92f0$51fd210a@orion> <3FBE7E62.50207@centtech.com> <00df01c3b075$e4f29070$0201a8c0@thot> In-Reply-To: <00df01c3b075$e4f29070$0201a8c0@thot> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: Connecting to VPN Concentrator X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2003 21:41:16 -0000 nanard wrote: >Hi Eric, > >Ok i ve the same configuration on my FreeBSD server. > >But on the FreeBSD client, i was using pptp: > >crysto# pkg_info|grep pptp >pptpclient-1.3.1 PPTP client for establishing a VPN link with an NT >server > > >So, now, i m trying to connect the client with MPD. > >But i didn't find the public adress of the VPN server in the mpd.conf. > Woops! > >Where do you specify xxx.yyy.zzz.123 in the mpd configuration of the freebsd >client ? mpd.links ? > > yes - I forgot to attach that part! Here it is: /usr/local/mpd/mpd.links: ###################### work: set link type pptp set pptp peer xxx.yyy.zzz.123 set pptp enable originate outcall ###################### That should do it.. Eric -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology All generalizations are false, including this one. ------------------------------------------------------------------ From owner-freebsd-isp@FreeBSD.ORG Fri Nov 21 14:28:18 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A46A116A4CE for ; Fri, 21 Nov 2003 14:28:18 -0800 (PST) Received: from wind.mindcry.org (nat-gr.wmis.net [216.109.194.252]) by mx1.FreeBSD.org (Postfix) with ESMTP id CA27543F93 for ; Fri, 21 Nov 2003 14:28:17 -0800 (PST) (envelope-from david@wind.mindcry.org) Received: by wind.mindcry.org (Postfix, from userid 1001) id 3F1EA443A; Fri, 21 Nov 2003 17:28:17 -0500 (EST) Date: Fri, 21 Nov 2003 17:28:17 -0500 From: David To: freebsd-isp@freebsd.org Message-ID: <20031121222817.GD19888@phobia.ms> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.5.1i Subject: huge email system X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2003 22:28:18 -0000 Hello - We need to build a stable, redundant, and speedy email system that will last for a few years. We need to handle about 500,000 emails per day. We have about 30,000 users, so we need a lot of storage. Our current plan was to implement the following. 2 SMTP only servers. 3 NFS servers with RAID and SCSI 2 POP3 servers. But that leads us to questions such as - - what would be the best way to authenticate? - would the NFS servers need gig nic's? or dual bonded 100Mbit cards? - what smtp server and what pop3 server to use (we want to use Maildir) - what raid level? Any suggestions on how to implement an email system to handle the load stated above would be greatly appreciated. Thanks David From owner-freebsd-isp@FreeBSD.ORG Fri Nov 21 16:07:40 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A83016A4CE for ; Fri, 21 Nov 2003 16:07:40 -0800 (PST) Received: from bilver.wjv.com (user38.net339.fl.sprint-hsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id CD8DD43F85 for ; Fri, 21 Nov 2003 16:07:38 -0800 (PST) (envelope-from bv@bilver.wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by bilver.wjv.com (8.12.10/8.12.10) with ESMTP id hAM07bm7052444 for ; Fri, 21 Nov 2003 19:07:37 -0500 (EST) (envelope-from bv@bilver.wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.12.10/8.12.10/Submit) id hAM07btS052443 for freebsd-isp@freebsd.org; Fri, 21 Nov 2003 19:07:37 -0500 (EST) (envelope-from bv) Date: Fri, 21 Nov 2003 19:07:37 -0500 From: Bill Vermillion To: freebsd-isp@freebsd.org Message-ID: <20031122000737.GA52323@wjv.com> References: <20031121222817.GD19888@phobia.ms> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031121222817.GD19888@phobia.ms> Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on bilver.wjv.com Subject: Re: huge email system X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: bv@wjv.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2003 00:07:40 -0000 They all laughed on Fri, Nov 21, 2003 at 17:28 when David said: > Hello - > We need to build a stable, redundant, and speedy email system > that will last for a few years. We need to handle about 500,000 > emails per day. We have about 30,000 users, so we need a lot of > storage. 30,000 users with only 500,000 emails per day. I say that based on running a small ISP with a few hundred users and see large mail volume. All are business accounts. I'll let others comment on the rest, but I think 500,000 emails per day may be underestimating things. That's only 20 emails per user per day. As to last a few years - who knows. In the past year I've seen such an overall increase in mail volume that now I'm looking to get new servers with more CPU power. It's not disk size that is the problem but the in-coming and out-going traffic that is killing the CPU. Bill -- Bill Vermillion - bv @ wjv . com From owner-freebsd-isp@FreeBSD.ORG Fri Nov 21 16:43:00 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7944916A4CF for ; Fri, 21 Nov 2003 16:43:00 -0800 (PST) Received: from mail.mi.celestial.com (dagney.celestial.com [192.136.111.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id BAD9643FA3 for ; Fri, 21 Nov 2003 16:42:59 -0800 (PST) (envelope-from bill@celestial.com) Received: by mail.mi.celestial.com (Postfix, from userid 203) id 4943C11F1AF; Fri, 21 Nov 2003 16:42:59 -0800 (PST) Date: Fri, 21 Nov 2003 16:42:59 -0800 From: Bill Campbell To: freebsd-isp@freebsd.org Message-ID: <20031122004259.GA91375@alexis.mi.celestial.com> Mail-Followup-To: freebsd-isp@freebsd.org References: <20031121222817.GD19888@phobia.ms> <20031122000737.GA52323@wjv.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031122000737.GA52323@wjv.com> User-Agent: Mutt/1.4.1i Subject: Re: huge email system X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd@celestial.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2003 00:43:00 -0000 On Fri, Nov 21, 2003, Bill Vermillion wrote: >They all laughed on Fri, Nov 21, 2003 at 17:28 when David said: > >> Hello - > >> We need to build a stable, redundant, and speedy email system >> that will last for a few years. We need to handle about 500,000 >> emails per day. We have about 30,000 users, so we need a lot of >> storage. > >30,000 users with only 500,000 emails per day. I say that based on >running a small ISP with a few hundred users and see large mail >volume. All are business accounts. > >I'll let others comment on the rest, but I think 500,000 emails per >day may be underestimating things. That's only 20 emails per user >per day. I don't think that's far off. We have a customer who's a regional ISP with about 2,000 dialup customers, and they average about 13,000 e-mails in and out in a 24 hour period. That's handled easily on a 550MhZ PIII with 128MB of RAM running Caldera eServer 2.3 Linux, and a load average of about 0.33. They're running postfix and courier-imap for the e-mail. This same system is running a fair number of web sites on apache as well. This machine has been running non-stop since October 2000 (hence the old version of Linux), rebooting only for power failures and equipment moves. Our main mail server here handles far fewer incoming mail messages, but delivers about 35,000 outgoing messages daily for several technical mailing lists, and it's a secondary MX server for most of our customers. It's running on an even older machine, a 350MhZ Pentium II running Caldera OpenLinux 2.3. The machine it replaced handled similar mail loads from 1995 through 2000, running on a Pentium 90 with SCO OpenServer. >As to last a few years - who knows. In the past year I've seen >such an overall increase in mail volume that now I'm looking to get >new servers with more CPU power. It's not disk size that is the >problem but the in-coming and out-going traffic that is killing the >CPU. Running programs like spamassassin will be a major factor. Checking for worms that attack the Microsoft virus, Windows, can be done very efficiently if one looks only for executable attachments. It gets a bit more expensive if one runs wormware such as McAfee's uvscan to pick up things like Word and Excell macro worms. Bill -- INTERNET: bill@Celestial.COM Bill Campbell; Celestial Software LLC UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ ``If you make yourselves sheep, the wolves will eat you'' -- Benjamin Franklin From owner-freebsd-isp@FreeBSD.ORG Fri Nov 21 16:50:55 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9AE9316A4CE for ; Fri, 21 Nov 2003 16:50:55 -0800 (PST) Received: from bilver.wjv.com (user38.net339.fl.sprint-hsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A65743FE0 for ; Fri, 21 Nov 2003 16:50:54 -0800 (PST) (envelope-from bv@bilver.wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by bilver.wjv.com (8.12.10/8.12.10) with ESMTP id hAM0oqm7052908 for ; Fri, 21 Nov 2003 19:50:52 -0500 (EST) (envelope-from bv@bilver.wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.12.10/8.12.10/Submit) id hAM0oqgr052907 for freebsd-isp@freebsd.org; Fri, 21 Nov 2003 19:50:52 -0500 (EST) (envelope-from bv) Date: Fri, 21 Nov 2003 19:50:52 -0500 From: Bill Vermillion To: freebsd-isp@freebsd.org Message-ID: <20031122005052.GA52761@wjv.com> References: <20031122000737.GA52323@wjv.com> <20031122001428.7253B1071DE@mail.eaznet.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031122001428.7253B1071DE@mail.eaznet.com> Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on bilver.wjv.com Subject: Re: huge email system X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: bv@wjv.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2003 00:50:55 -0000 Ashes to ashes, and DOS to DOS EAZNet - Eddie Fry was heard to say on or about Fri, Nov 21, 2003 at 17:24 : > I agree Bill. We have about 1200 customers and we are FILTERING over > 30k/day. So we probably receive 35k. I only have about 300 - but we are niche market - only business accounts - and some are high traffic. Then there is a ton of spam directed to a website we have. I just checked of this instant [approx 20 minutes to 8PM EST] and starting the maillog at 1AM I have rejected 72601 email for bogus names at that domain. It's one of those names that comes up #1 on google based on it's name alone, and during the height of the dot.com craze the owner was offered $250,000 for the name. $10,000 cash and the rest in stock. I roll the maillog at 1AM and in the past week the biggest log came in at 433K lines. Many mail take 2 entries in the log but many dont. Each log runs 70-80MB day. Those logs are at least twice as large as they were just 6 months ago. Some of the clients move a LOT of mail daily. If I had 30,000 user like the ones I have now I'd figure on about 250,000,000 emails daily :-) Bill -- Bill Vermillion - bv @ wjv . com From owner-freebsd-isp@FreeBSD.ORG Fri Nov 21 17:05:21 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB5A216A4CE for ; Fri, 21 Nov 2003 17:05:20 -0800 (PST) Received: from bilver.wjv.com (user38.net339.fl.sprint-hsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2D57143FCB for ; Fri, 21 Nov 2003 17:05:19 -0800 (PST) (envelope-from bv@bilver.wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by bilver.wjv.com (8.12.10/8.12.10) with ESMTP id hAM15Hm7053108 for ; Fri, 21 Nov 2003 20:05:17 -0500 (EST) (envelope-from bv@bilver.wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.12.10/8.12.10/Submit) id hAM15HoL053107 for freebsd-isp@freebsd.org; Fri, 21 Nov 2003 20:05:17 -0500 (EST) (envelope-from bv) Date: Fri, 21 Nov 2003 20:05:17 -0500 From: Bill Vermillion To: freebsd-isp@freebsd.org Message-ID: <20031122010517.GB52761@wjv.com> References: <20031121222817.GD19888@phobia.ms> <20031122000737.GA52323@wjv.com> <20031122004259.GA91375@alexis.mi.celestial.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031122004259.GA91375@alexis.mi.celestial.com> Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on bilver.wjv.com Subject: Re: huge email system X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: bv@wjv.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2003 01:05:21 -0000 Bill Campbell, the prominent pundit, on Fri, Nov 21, 2003 at 16:42 while half mumbling, half-witicized: > On Fri, Nov 21, 2003, Bill Vermillion wrote: > >They all laughed on Fri, Nov 21, 2003 at 17:28 when David said: > >> Hello - > >> We need to build a stable, redundant, and speedy email system > >> that will last for a few years. We need to handle about 500,000 > >> emails per day. We have about 30,000 users, so we need a lot of > >> storage. > >30,000 users with only 500,000 emails per day. I say that based on > >running a small ISP with a few hundred users and see large mail > >volume. All are business accounts. > >I'll let others comment on the rest, but I think 500,000 emails per > >day may be underestimating things. That's only 20 emails per user > >per day. > I don't think that's far off. We have a customer who's a > regional ISP with about 2,000 dialup customers, and they average > about 13,000 e-mails in and out in a 24 hour period. That's > handled easily on a 550MhZ PIII with 128MB of RAM running > Caldera eServer 2.3 Linux, and a load average of about 0.33. > They're running postfix and courier-imap for the e-mail. This > same system is running a fair number of web sites on apache > as well. This machine has been running non-stop since October > 2000 (hence the old version of Linux), rebooting only for power > failures and equipment moves. Interesting. Maybe because we don't have any dialups at all and have all business accounts, that's why the mail flow is larger. We stopped selling DSL when the ISP we were building for a client inside OUR ISP decided it wasn't worth it. > Our main mail server here handles far fewer incoming mail > messages, but delivers about 35,000 outgoing messages daily > for several technical mailing lists, and it's a secondary MX > server for most of our customers. It's running on an even older > machine, a 350MhZ Pentium II running Caldera OpenLinux 2.3. The > machine it replaced handled similar mail loads from 1995 through > 2000, running on a Pentium 90 with SCO OpenServer. I know the machine since you were doing tertiary MX for this account when I only had dial up and the locals were shaky. > >As to last a few years - who knows. In the past year I've seen > >such an overall increase in mail volume that now I'm looking to get > >new servers with more CPU power. It's not disk size that is the > >problem but the in-coming and out-going traffic that is killing the > >CPU. > Running programs like spamassassin will be a major factor. > Checking for worms that attack the Microsoft virus, Windows, > can be done very efficiently if one looks only for executable > attachments. It gets a bit more expensive if one runs wormware > such as McAfee's uvscan to pick up things like Word and Excell > macro worms. Believe it or not we are not running spam filters, but just block major spam sending sites. The reason is that with at least two clients - and insurance agency and a private investigation agency we don't want to be held responsible for rejecting something that could be very important. They know this up front and filter at their location so they can be SURE nothing important is missed. The investigation agency just put in two T1 lines. Once for voice and one for their web site where they exchange HUGE graphics. But they opted to keep us running their mail for them. One very high tech engineering firm split into 3 separate divisions with one moving to New Jersey. They still keep mail with us, so we are an anomoly - with extremely close customer support. We charge more for this but customers are happy. Bill -- Bill Vermillion - bv @ wjv . com From owner-freebsd-isp@FreeBSD.ORG Fri Nov 21 22:36:45 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 319E416A4CF for ; Fri, 21 Nov 2003 22:36:45 -0800 (PST) Received: from dino.dnsalias.com (h24-80-253-172.vc.shawcable.net [24.80.253.172]) by mx1.FreeBSD.org (Postfix) with SMTP id DA67B43FDD for ; Fri, 21 Nov 2003 22:36:41 -0800 (PST) (envelope-from stephen@dino.dnsalias.com) Received: (qmail 31014 invoked from network); 22 Nov 2003 06:36:40 -0000 Received: from unknown (HELO anakin.) (192.168.2.4) by dino.dnsalias.com with SMTP; 22 Nov 2003 06:36:40 -0000 Received: (from stephen@localhost) by anakin. (8.11.6/8.11.6) id hAM6ZsK30178; Fri, 21 Nov 2003 22:35:54 -0800 From: "Stephen J. Bevan" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16319.970.22297.204715@anakin.> Date: Fri, 21 Nov 2003 22:35:54 -0800 To: cjclark@alum.mit.edu In-Reply-To: <20031114201246.GA62521@blossom.cjclark.org> References: <20031114163654.GB61960@blossom.cjclark.org> <200311141722.SAA19138@galaxy.hbg.de.ao-srv.com> <20031114201246.GA62521@blossom.cjclark.org> X-Mailer: VM 7.07 under Emacs 21.2.1 cc: freebsd-isp@freebsd.org cc: freebsd-ipfw@freebsd.org cc: Helge Oldach cc: vgoupil@alis.com cc: freebsd-net@freebsd.org Subject: Re: IPSec VPN & NATD (problem with alias_address vs redirect_address) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2003 06:36:45 -0000 Crist J. Clark writes: > Two different ESP end points behind many-to-one NAT connected to a > single ESP end point on the other side of the NAT? I'd be very curious > to get the documentation on how they are cheating to get that to work. A cheat is to use the sequence number in the ESP header to matchup the SPI on the inbound packet with the SPI on the outbound packet. This only works if the NAT box doesn't have multiple ESP connections all starting at the same time (otherwise there would obviously be no way to tell which outbound SPI a packet with ESP sequence number 1 should match). A workaround for that is to have the NAT box delay the IKE negotiation for one connection if another one has not completed and resulted in traffic being sent. It all has a bit of a bad smell to it but then NAT isn't exactly sweet smelling either. From owner-freebsd-isp@FreeBSD.ORG Sat Nov 22 04:22:00 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 97E0B16A4CE for ; Sat, 22 Nov 2003 04:22:00 -0800 (PST) Received: from ns2.wananchi.com (ns2.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5477D43FF2 for ; Sat, 22 Nov 2003 04:21:58 -0800 (PST) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.24 #1 (FreeBSD 4.9)) id 1ANWlu-0003D0-TV by authid for ; Sat, 22 Nov 2003 15:21:54 +0300 Date: Sat, 22 Nov 2003 15:21:54 +0300 From: Odhiambo Washington To: freebsd-isp@freebsd.org Message-ID: <20031122122154.GC38904@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="/e2eDi0V/xtL+Mc8" Content-Disposition: inline X-Disclaimer: Any views expressed in this message,where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.4i (2003-03-19) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. X-Uptime: 3:20PM up 2 days, 21:30, 3 users, load averages: 4.30, 4.06, 4.01 User-Agent: Mutt/1.5.4i Subject: Installing apache2 on FreeBSD 5.1-REL X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2003 12:22:00 -0000 --/e2eDi0V/xtL+Mc8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi all, I am going nuts because apache2 wouldn't install at all. It always ends with an error and I believe this is not FreeBSD problem, or is it? TIA for any pointers. /shared/usr/ports/www/apache21/work/httpd-2.0.48/srclib/apr/libtool --silent --mode=compile cc -I/usr/local/include -mcpu=pentiumpro -D_REENTRANT -D_THREAD_SAFE -DAP_HAVE_DESIGNATED_INITIALIZER -I/usr/local/include -I/shared/usr/ports/www/apache21/work/httpd-2.0.48/srclib/apr/include -I/shared/usr/ports/www/apache21/work/httpd-2.0.48/srclib/apr-util/include -I/usr/local/include -I. -I/shared/usr/ports/www/apache21/work/httpd-2.0.48/os/unix -I/shared/usr/ports/www/apache21/work/httpd-2.0.48/server/mpm/prefork -I/shared/usr/ports/www/apache21/work/httpd-2.0.48/modules/http -I/shared/usr/ports/www/apache21/work/httpd-2.0.48/modules/filters -I/shared/usr/ports/www/apache21/work/httpd-2.0.48/modules/proxy -I/shared/usr/ports/www/apache21/work/httpd-2.0.48/include -I/usr/include/openssl -I/shared/usr/ports/www/apache21/work/httpd-2.0.48/modules/dav/main -prefer-pic -c mod_alias.c && touch mod_alias.slo mod_alias.c:99: syntax error before "alias_module" mod_alias.c: In function `try_alias_list': mod_alias.c:332: `AP_MAX_REG_MATCH' undeclared (first use in this function) mod_alias.c:332: (Each undeclared identifier is reported only once mod_alias.c:332: for each function it appears in.) *** Error code 1 Stop in /shared/usr/ports/www/apache21/work/httpd-2.0.48/modules/mappers. *** Error code 1 Stop in /shared/usr/ports/www/apache21/work/httpd-2.0.48/modules/mappers. *** Error code 1 Stop in /shared/usr/ports/www/apache21/work/httpd-2.0.48/modules. *** Error code 1 Stop in /shared/usr/ports/www/apache21/work/httpd-2.0.48. *** Error code 1 Stop in /shared/usr/ports/www/apache21/work/httpd-2.0.48. *** Error code 1 Stop in /shared/usr/ports/www/apache21. -Wash http://www.netmeister.org/news/learn2quote.html -- |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 + If you keep anything long enough, you can throw it away. --/e2eDi0V/xtL+Mc8 Content-Type: application/x-pkcs7-signature Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIIIpQYJKoZIhvcNAQcCoIIIljCCCJICAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC BikwggLiMIICS6ADAgECAgMK3KkwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMCWkExJTAj BgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQ ZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTAzMTAwNDA4MzU0MloXDTA0MTAwMzA4 MzU0MlowQzEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEgMB4GCSqGSIb3DQEJ ARYRd2FzaEB3YW5hbmNoaS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDj LEll50c7ieFwNjBB+zKmFlkslzsR/Dl/uSuDZppsXrbF50H0rnUr5sjOUyy/I8Y/d1lEBIl9 pnCGZEZRpgnZYaEoy3epi9G2xU/UyT5sNQ3M0Oub5LtiahXCWTVQUYut7d972O3QeTXBqvJN uUHnijthdBZ575N9n6niGrXSTJkZieIYc3TU7APlAf1c4B7n+ye62fRqceRPmYO9675wIT+V rTLuXSlAMzOiuNMKD4fiEZ5JwxnshnOyfjpLJg78ISjl86YYhvwHMnOOQI1hfrndhi9dR4tj xJ01UA7PReoRPEVbq/r/hHtAKj7t/nMC4J1ExEBEqTdREFjQMYffAgMBAAGjQTA/MBEGCWCG SAGG+EIBAQQEAwIFoDAcBgNVHREEFTATgRF3YXNoQHdhbmFuY2hpLmNvbTAMBgNVHRMBAf8E AjAAMA0GCSqGSIb3DQEBBAUAA4GBAApA1MhFESmSeJeNrNeIPOZRyZ1Zpcwy81Wyh88A0I2v ZZamU2QRP+sbz+lwfxVdSImCZ7foOQYj9bemCrGmVhHN3uiiyWVUudD8INpH9pJmrDiWFlrZ HzHXK1CpXrHbjnC8Qx91ibhYrqdvSWaKA7TfKadFIqe+gLgB3JHTD/JAMIIDPzCCAqigAwIB AgIBDTANBgkqhkiG9w0BAQUFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4g Q2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEo MCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhh d3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVl bWFpbEB0aGF3dGUuY29tMB4XDTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkG A1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNV BAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDEpjxVc1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9R zgHU5VAKMNcCY1osiRVwjt3J8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4H v0CAAmTXp6a7n2XRxSpUhQ9IBH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB /wQIMAYBAf8CAQAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1Ro YXd0ZVBlcnNvbmFsRnJlZW1haWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAc MRowGAYDVQQDExFQcml2YXRlTGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oL LswNo2asZw9/r6y+whehQ5aUnX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsA xRoLgnSeJVCUYsfbJ3FXJY3dqZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwh GTXeJLHTHUb/XV9lTzGCAkQwggJAAgEBMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG cmVlbWFpbCBJc3N1aW5nIENBAgMK3KkwCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJ KoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wMzExMjIxMjIxNTRaMCMGCSqGSIb3DQEJBDEW BBRtUbhchDOBw+i6VDRHnImbz+ed+zBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4G CCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDAN BgkqhkiG9w0BAQEFAASCAQCIOJOsN307+8+4Y3WImPUeZ+/zUTBuOyASlavP6Ydw8Db34C2A Be95ouWaN9Y7w991m4dxFKSw1KLxn0SEyFcTSqZMM4E/DqjOC54OXaD/jE8ZE1wcgMYVIsVY dNrFWKtFoM3MdFtDqjf75xzOnenrvWy6vrHEqWWo0QbNIPgTyi+uIUJ343BTpantaivpXKj7 JByRhCE1tY2osE8rfqty8eYgHY3FUeuRqOUVhy2/qzQFOTxFTMVvflK6t+9K27k64zYCWIF4 goAIOqdzhGwuaSffkXoxhiRjAbzhOA3RapqZWiPVAdjuNYTMOCg1/TCUzzXXX0ExeuviuCaS MWLC --/e2eDi0V/xtL+Mc8-- From owner-freebsd-isp@FreeBSD.ORG Sat Nov 22 04:42:27 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C589416A4CE for ; Sat, 22 Nov 2003 04:42:27 -0800 (PST) Received: from cultdeadsheep.org (charon.cultdeadsheep.org [80.65.226.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6414543F75 for ; Sat, 22 Nov 2003 04:42:25 -0800 (PST) (envelope-from sheepkiller@cultdeadsheep.org) Received: (qmail 12241 invoked by uid 85); 22 Nov 2003 13:42:23 +0100 Received: from sheepkiller@cultdeadsheep.org by goofy.cultdeadsheep.org by uid 82 with qmail-scanner-1.20rc2 ( Clear:RC:1:. Processed in 0.061003 secs); 22 Nov 2003 12:42:23 -0000 Received: from persephone.cultdeadsheep.org (192.168.0.8) by goofy.cultdeadsheep.org with SMTP; 22 Nov 2003 13:42:22 +0100 Received: (qmail 994 invoked from network); 22 Nov 2003 13:43:03 +0100 Received: from unknown (HELO lucifer.cultdeadsheep.org) (192.168.0.2) by persephone.cultdeadsheep.org with DES-CBC3-SHA encrypted SMTP; 22 Nov 2003 13:43:03 +0100 Date: Sat, 22 Nov 2003 13:42:30 +0100 From: Clement Laforet To: Odhiambo Washington Message-Id: <20031122134230.2464b10b.sheepkiller@cultdeadsheep.org> In-Reply-To: <20031122122154.GC38904@ns2.wananchi.com> References: <20031122122154.GC38904@ns2.wananchi.com> Organization: tH3 cUlt 0f tH3 d3@d sH33p X-Mailer: Sylpheed version 0.9.7 (GTK+ 1.2.10; i386-portbld-freebsd5.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: Installing apache2 on FreeBSD 5.1-REL X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2003 12:42:27 -0000 On Sat, 22 Nov 2003 15:21:54 +0300 Odhiambo Washington wrote: > Hi all, > > I am going nuts because apache2 wouldn't install at all. It always > ends with an error and I believe this is not FreeBSD problem, or is > it? > > TIA for any pointers. You surely installed an older version by hand. I had the same problem when I rewrote the port. Remove all apache headers in /usr/local/include/ clem apr.h apr_version.h apr_user.h apr_time.h apr_thread_rwlock.h apr_thread_proc.h apr_thread_mutex.h apr_thread_cond.h apr_tables.h apr_support.h apr_strings.h apr_signal.h apr_shm.h apr_ring.h apr_proc_mutex.h apr_portable.h apr_pools.h apr_poll.h apr_network_io.h apr_mmap.h apr_lib.h apr_inherit.h apr_hash.h apr_global_mutex.h apr_getopt.h apr_general.h apr_fnmatch.h apr_file_io.h apr_file_info.h apr_errno.h apr_env.h apr_dso.h apr_compat.h apr_atomic.h apr_allocator.h apr_want.h apr_anylock.h apu_version.h apu_compat.h apu.h apr_xml.h apr_xlate.h apr_uuid.h apr_uri.h apr_strmatch.h apr_sha1.h apr_sdbm.h apr_rmm.h apr_reslist.h apr_queue.h apr_optional_hooks.h apr_optional.h apr_md5.h apr_md4.h apr_ldap_url.h apr_ldap.h apr_hooks.h apr_dbm.h apr_date.h apr_buckets.h apr_base64.h apu_want.h ap_compat.h util_time.h util_script.h util_md5.h util_ldap.h util_filter.h util_ebcdic.h util_charset.h util_cfgtree.h scoreboard.h rfc1413.h pcreposix.h mpm_common.h httpd.h http_vhost.h http_request.h http_protocol.h http_main.h http_log.h http_core.h http_connection.h http_config.h ap_release.h ap_regkey.h ap_provider.h ap_mpm.h ap_mmn.h ap_listen.h ap_config_layout.h ap_config_auto.h ap_config.h util_xml.h os.h mpm_default.h mpm.h mod_dav.h mod_include.h mod_cgi.h mod_log_config.h mod_core.h mod_proxy.h ssl_util_table.h ssl_util_ssl.h ssl_toolkit_compat.h ssl_expr_parse.h ssl_expr.h mod_ssl.h pcre.h unixd.h From owner-freebsd-isp@FreeBSD.ORG Sat Nov 22 05:26:27 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D898716A4CE for ; Sat, 22 Nov 2003 05:26:27 -0800 (PST) Received: from crystunix.com (crystunix.com [195.68.88.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id C573F43FB1 for ; Sat, 22 Nov 2003 05:26:25 -0800 (PST) (envelope-from nanard@crystunix.com) Received: from [192.168.1.2] (port=3192 helo=thot ident=nanard) by crystunix.com with esmtp (Exim) id 1ANXmw-00054p-Mq; Sat, 22 Nov 2003 14:27:02 +0100 Message-ID: <007601c3b0fc$31952150$0201a8c0@thot> From: "nanard" To: "Eric Anderson" References: <02e701c3b039$caaebea0$51fd210a@orion><3FBE2185.1040204@centtech.com><030d01c3b046$fcaf92f0$51fd210a@orion> <3FBE7E62.50207@centtech.com><00df01c3b075$e4f29070$0201a8c0@thot> <3FBE866C.4050501@centtech.com> Date: Sat, 22 Nov 2003 14:26:09 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Scanner: Crysto-ClamAV cc: freebsd-isp@freebsd.org Subject: Re: Connecting to VPN Concentrator X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2003 13:26:28 -0000 Ok i added this configuration in my /usr/local/etc/mpd/mpd.links on FreeBSD client. Now, i ve this: work: set link type pptp set pptp peer XX.YY.ZZ.AA set pptp enable originate outcall in /usr/local/etc/mpd/mpd.conf : work: new -i ng1 ms-pptp work set log +pptp +pptp2 +pptp3 +lcp +auth set ipcp ranges 0.0.0.0/0 0.0.0.0/0 set ipcp yes vjcomp set ipcp dns xxxxxxx xxxxxxx set ipcp enable req-pri-dns req-sec-dns set link disable chap pap set link accept chap set link yes acfcomp protocomp set iface idle 0 set bundle enable multilink set bundle yes crypt-reqd set bundle enable compression #set link enable no-orig-auth set link keep-alive 60 600 set ccp yes mppc set ccp enable mpp-compress set ccp no mpp-e40 set ccp no mpp-e56 set ccp yes mpp-e128 set ccp yes mpp-stateless set iface route 192.168.0.0/24 set bundle authname "nanard" set bundle password "xxxxxxx" set iface disable on-demand set link max-redial 9 set iface mtu 1400 open iface ( can i specify IP of the client somewhere here ? On serveur MPD i ve this in /usr/local/etc/mpd/mpd.secret nanard xxxxx 192.168.0.142) When i launched mpd on the CLIENT: crysto# mpd work Multi-link PPP for FreeBSD, by Archie L. Cobbs. Based on iij-ppp, by Toshiharu OHNO. mpd: pid 4760, version 3.15 (root@xxxxxxxxx 11:48 17-Nov-2003) [ms-pptp] ppp node is "mpd4760-ms-pptp" [ms-pptp] using interface ng1 Usage: set login [authname] [ms-pptp] IPCP: peer address cannot be zero [ms-pptp] IFACE: Open event [ms-pptp] IPCP: Open event [ms-pptp] IPCP: state change Initial --> Starting [ms-pptp] IPCP: LayerStart [ms-pptp:work] [ms-pptp] bundle: OPEN event in state CLOSED [ms-pptp] opening link "work"... [work] link: OPEN event [work] LCP: Open event [work] LCP: state change Initial --> Starting [work] LCP: LayerStart [work] device: OPEN event in state DOWN pptp0: connecting to XX.YY.ZZ.AA:1723 [work] device is now in state OPENING pptp0: connected to XX.YY.ZZ.AA:1723 pptp0: attached to connection with XX.YY.ZZ.AA:1723 pptp0-0: outgoing call connected at 64000 bps [work] PPTP call successful [work] device: UP event in state OPENING [work] device is now in state UP [work] link: UP event [work] link: origination is local [work] LCP: Up event [work] LCP: state change Starting --> Req-Sent [work] LCP: phase shift DEAD --> ESTABLISH [work] LCP: SendConfigReq #1 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM b8b5d670 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f [work] LCP: SendConfigReq #2 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM b8b5d670 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f [work] LCP: SendConfigReq #3 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM b8b5d670 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f [work] LCP: SendConfigReq #4 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM b8b5d670 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f [work] LCP: SendConfigReq #5 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM b8b5d670 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f [work] LCP: SendConfigReq #6 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM b8b5d670 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f [work] LCP: SendConfigReq #7 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM b8b5d670 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f [work] LCP: SendConfigReq #8 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM b8b5d670 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f [work] LCP: SendConfigReq #9 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM b8b5d670 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f pptp0: got StopCtrlConnRequest: reason=local shutdown pptp0: killing connection with XX.YY.ZZ.AA:1723 pptp0-0: killing channel [work] PPTP call terminated [work] device: DOWN event in state UP [work] device is now in state DOWN [work] link: DOWN event [work] LCP: Down event [work] LCP: state change Req-Sent --> Starting [work] LCP: phase shift ESTABLISH --> DEAD [work] device: OPEN event in state DOWN [work] pausing 7 seconds before open [work] device is now in state DOWN [work] device: OPEN event in state DOWN [work] pausing 1 seconds before open [work] device is now in state DOWN [work] device: OPEN event in state DOWN pptp0: connecting to XX.YY.ZZ.AA:1723 [work] device is now in state OPENING pptp0: connected to XX.YY.ZZ.AA:1723 pptp0: attached to connection with XX.YY.ZZ.AA:1723 pptp0-0: outgoing call connected at 64000 bps [work] PPTP call successful [work] device: UP event in state OPENING [work] device is now in state UP [work] link: UP event [work] link: origination is local [work] LCP: Up event [work] LCP: state change Starting --> Req-Sent [work] LCP: phase shift DEAD --> ESTABLISH [work] LCP: SendConfigReq #10 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM 8baaa980 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f [work] LCP: SendConfigReq #11 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM 8baaa980 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f [work] LCP: SendConfigReq #12 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM 8baaa980 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f [work] LCP: SendConfigReq #13 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM 8baaa980 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f [work] LCP: SendConfigReq #14 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM 8baaa980 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f [work] LCP: SendConfigReq #15 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM 8baaa980 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f [work] LCP: SendConfigReq #16 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM 8baaa980 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f [work] LCP: SendConfigReq #17 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM 8baaa980 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f [work] LCP: SendConfigReq #18 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM 8baaa980 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f pptp0: got StopCtrlConnRequest: reason=local shutdown pptp0: killing connection with XX.YY.ZZ.AA:1723 pptp0-0: killing channel [work] PPTP call terminated [work] device: DOWN event in state UP [work] device is now in state DOWN [work] link: DOWN event [work] LCP: Down event [work] LCP: state change Req-Sent --> Starting [work] LCP: phase shift ESTABLISH --> DEAD [work] device: OPEN event in state DOWN [work] pausing 7 seconds before open [work] device is now in state DOWN [work] device: OPEN event in state DOWN [work] pausing 1 seconds before open [work] device is now in state DOWN On MPD server, i ve this log: (bb.cc.dd.ff is ip of FreeBSD client) Nov 21 22:57:41 chaos mpd: mpd: PPTP connection from bb.cc.dd.ff:3337 Nov 21 22:57:41 chaos mpd: pptp0: attached to connection with bb.cc.dd.ff::3337 Nov 21 22:57:41 chaos mpd: [pptp0] IFACE: Open event Nov 21 22:57:41 chaos mpd: [pptp0] IPCP: Open event Nov 21 22:57:41 chaos mpd: [pptp0] IPCP: state change Initial --> Starting Nov 21 22:57:41 chaos mpd: [pptp0] IPCP: LayerStart Nov 21 22:57:41 chaos mpd: [pptp0] IPCP: Open event Nov 21 22:57:41 chaos mpd: [pptp0] bundle: OPEN event in state CLOSED Nov 21 22:57:41 chaos mpd: [pptp0] opening link "pptp0"... Nov 21 22:57:41 chaos mpd: [pptp0] link: OPEN event Nov 21 22:57:41 chaos mpd: [pptp0] LCP: Open event Nov 21 22:57:41 chaos mpd: [pptp0] LCP: state change Initial --> Starting Nov 21 22:57:41 chaos mpd: [pptp0] LCP: LayerStart Nov 21 22:57:41 chaos mpd: [pptp0] device: OPEN event in state DOWN Nov 21 22:57:41 chaos mpd: [pptp0] attaching to peer's outgoing call Nov 21 22:57:41 chaos mpd: [pptp0] device is now in state OPENING Nov 21 22:57:41 chaos mpd: [pptp0] device: UP event in state OPENING Nov 21 22:57:41 chaos mpd: [pptp0] device is now in state UP Nov 21 22:57:41 chaos mpd: [pptp0] link: UP event Nov 21 22:57:41 chaos mpd: [pptp0] link: origination is remote Nov 21 22:57:41 chaos mpd: [pptp0] LCP: Up event Nov 21 22:57:41 chaos mpd: [pptp0] LCP: state change Starting --> Req-Sent Nov 21 22:57:41 chaos mpd: [pptp0] LCP: phase shift DEAD --> ESTABLISH Nov 21 22:57:41 chaos mpd: [pptp0] LCP: SendConfigReq #1 Nov 21 22:57:41 chaos mpd: ACFCOMP Nov 21 22:57:41 chaos mpd: PROTOCOMP Nov 21 22:57:41 chaos mpd: MRU 1500 Nov 21 22:57:41 chaos mpd: MAGICNUM d9c4ad40 Nov 21 22:57:41 chaos mpd: AUTHPROTO CHAP MSOFTv2 Nov 21 22:57:42 chaos mpd: [pptp0] LCP: rec'd Configure Request #1 link 0 (Req-Sent) Nov 21 22:57:42 chaos mpd: ACFCOMP Nov 21 22:57:42 chaos mpd: PROTOCOMP Nov 21 22:57:42 chaos mpd: MRU 1500 Nov 21 22:57:42 chaos mpd: MAGICNUM b8b5d670 Nov 21 22:57:42 chaos mpd: MP MRRU 1600 Nov 21 22:57:42 chaos mpd: MP SHORTSEQ Nov 21 22:57:42 chaos mpd: ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f Nov 21 22:57:42 chaos mpd: [pptp0] LCP: SendConfigRej #1 Nov 21 22:57:42 chaos mpd: MP MRRU 1600 Nov 21 22:57:42 chaos mpd: MP SHORTSEQ Nov 21 22:57:43 chaos mpd: [pptp0] LCP: SendConfigReq #2 Nov 21 22:57:43 chaos mpd: ACFCOMP Nov 21 22:57:43 chaos mpd: PROTOCOMP Nov 21 22:57:43 chaos mpd: MRU 1500 Nov 21 22:57:43 chaos mpd: MAGICNUM d9c4ad40 Nov 21 22:57:43 chaos mpd: AUTHPROTO CHAP MSOFTv2 Nov 21 22:57:44 chaos mpd: [pptp0] LCP: rec'd Configure Request #2 link 0 (Req-Sent) Nov 21 22:57:44 chaos mpd: ACFCOMP Nov 21 22:57:44 chaos mpd: PROTOCOMP Nov 21 22:57:44 chaos mpd: MRU 1500 Nov 21 22:57:44 chaos mpd: MAGICNUM b8b5d670 Nov 21 22:57:44 chaos mpd: MP MRRU 1600 Nov 21 22:57:44 chaos mpd: MP SHORTSEQ Nov 21 22:57:44 chaos mpd: ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f Nov 21 22:57:44 chaos mpd: [pptp0] LCP: SendConfigRej #2 Nov 21 22:57:44 chaos mpd: MP MRRU 1600 Nov 21 22:57:44 chaos mpd: MP SHORTSEQ Nov 21 22:57:46 chaos mpd: [pptp0] LCP: SendConfigReq #3 Nov 21 22:57:46 chaos mpd: ACFCOMP Nov 21 22:57:46 chaos mpd: PROTOCOMP Nov 21 22:57:46 chaos mpd: MRU 1500 Nov 21 22:57:46 chaos mpd: MAGICNUM d9c4ad40 Nov 21 22:57:46 chaos mpd: AUTHPROTO CHAP MSOFTv2 Nov 21 22:57:48 chaos mpd: [pptp0] LCP: SendConfigReq #4 Nov 21 22:57:48 chaos mpd: ACFCOMP Nov 21 22:57:48 chaos mpd: PROTOCOMP Nov 21 22:57:48 chaos mpd: MRU 1500 Nov 21 22:57:48 chaos mpd: MAGICNUM d9c4ad40 Nov 21 22:57:48 chaos mpd: AUTHPROTO CHAP MSOFTv2 Nov 21 22:57:50 chaos mpd: [pptp0] LCP: SendConfigReq #5 Nov 21 22:57:50 chaos mpd: ACFCOMP Nov 21 22:57:50 chaos mpd: PROTOCOMP Nov 21 22:57:50 chaos mpd: MRU 1500 Nov 21 22:57:50 chaos mpd: MAGICNUM d9c4ad40 Nov 21 22:57:50 chaos mpd: AUTHPROTO CHAP MSOFTv2 Nov 21 22:57:52 chaos mpd: [pptp0] LCP: SendConfigReq #6 Nov 21 22:57:52 chaos mpd: ACFCOMP Nov 21 22:57:52 chaos mpd: PROTOCOMP Nov 21 22:57:52 chaos mpd: MRU 1500 Nov 21 22:57:52 chaos mpd: MAGICNUM d9c4ad40 Nov 21 22:57:52 chaos mpd: AUTHPROTO CHAP MSOFTv2 Nov 21 22:57:52 chaos mpd: [pptp0] LCP: rec'd Configure Request #6 link 0 (Req-Sent) Nov 21 22:57:52 chaos mpd: ACFCOMP Nov 21 22:57:52 chaos mpd: PROTOCOMP Nov 21 22:57:52 chaos mpd: MRU 1500 Nov 21 22:57:52 chaos mpd: MAGICNUM b8b5d670 Nov 21 22:57:52 chaos mpd: MP MRRU 1600 Nov 21 22:57:52 chaos mpd: MP SHORTSEQ Nov 21 22:57:52 chaos mpd: ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f Nov 21 22:57:52 chaos mpd: [pptp0] LCP: SendConfigRej #6 Nov 21 22:57:52 chaos mpd: MP MRRU 1600 Nov 21 22:57:52 chaos mpd: MP SHORTSEQ Nov 21 22:57:54 chaos mpd: [pptp0] LCP: SendConfigReq #7 Nov 21 22:57:54 chaos mpd: ACFCOMP Nov 21 22:57:54 chaos mpd: PROTOCOMP Nov 21 22:57:54 chaos mpd: MRU 1500 Nov 21 22:57:54 chaos mpd: MAGICNUM d9c4ad40 Nov 21 22:57:54 chaos mpd: AUTHPROTO CHAP MSOFTv2 Nov 21 22:57:54 chaos mpd: [pptp0] LCP: rec'd Configure Request #7 link 0 (Req-Sent) Nov 21 22:57:54 chaos mpd: ACFCOMP Nov 21 22:57:54 chaos mpd: PROTOCOMP Nov 21 22:57:54 chaos mpd: MRU 1500 Nov 21 22:57:54 chaos mpd: MAGICNUM b8b5d670 Nov 21 22:57:54 chaos mpd: MP MRRU 1600 Nov 21 22:57:54 chaos mpd: MP SHORTSEQ Nov 21 22:57:54 chaos mpd: ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f Nov 21 22:57:54 chaos mpd: [pptp0] LCP: SendConfigRej #7 Nov 21 22:57:54 chaos mpd: MP MRRU 1600 Nov 21 22:57:54 chaos mpd: MP SHORTSEQ Nov 21 22:57:56 chaos mpd: [pptp0] LCP: SendConfigReq #8 Nov 21 22:57:56 chaos mpd: ACFCOMP Nov 21 22:57:56 chaos mpd: PROTOCOMP Nov 21 22:57:56 chaos mpd: MRU 1500 Nov 21 22:57:56 chaos mpd: MAGICNUM d9c4ad40 Nov 21 22:57:56 chaos mpd: AUTHPROTO CHAP MSOFTv2 Nov 21 22:57:56 chaos mpd: [pptp0] LCP: rec'd Configure Request #8 link 0 (Req-Sent) Nov 21 22:57:56 chaos mpd: ACFCOMP Nov 21 22:57:56 chaos mpd: PROTOCOMP Nov 21 22:57:56 chaos mpd: MRU 1500 Nov 21 22:57:56 chaos mpd: MAGICNUM b8b5d670 Nov 21 22:57:56 chaos mpd: MP MRRU 1600 Nov 21 22:57:56 chaos mpd: MP SHORTSEQ Nov 21 22:57:56 chaos mpd: ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f Nov 21 22:57:56 chaos mpd: [pptp0] LCP: SendConfigRej #8 Nov 21 22:57:56 chaos mpd: MP MRRU 1600 Nov 21 22:57:56 chaos mpd: MP SHORTSEQ Nov 21 22:57:58 chaos mpd: [pptp0] LCP: SendConfigReq #9 Nov 21 22:57:58 chaos mpd: ACFCOMP Nov 21 22:57:58 chaos mpd: PROTOCOMP Nov 21 22:57:58 chaos mpd: MRU 1500 Nov 21 22:57:58 chaos mpd: MAGICNUM d9c4ad40 Nov 21 22:57:58 chaos mpd: AUTHPROTO CHAP MSOFTv2 Nov 21 22:57:58 chaos mpd: [pptp0] LCP: rec'd Configure Request #9 link 0 (Req-Sent) Nov 21 22:57:58 chaos mpd: ACFCOMP Nov 21 22:57:58 chaos mpd: PROTOCOMP Nov 21 22:57:58 chaos mpd: MRU 1500 Nov 21 22:57:58 chaos mpd: MAGICNUM b8b5d670 Nov 21 22:57:58 chaos mpd: MP MRRU 1600 Nov 21 22:57:58 chaos mpd: MP SHORTSEQ Nov 21 22:57:58 chaos mpd: ENDPOINTDISC [802.1] 00 a0 cc da 6a 7f Nov 21 22:57:58 chaos mpd: [pptp0] LCP: not converging Nov 21 22:57:58 chaos mpd: [pptp0] LCP: parameter negotiation failed Nov 21 22:57:58 chaos mpd: [pptp0] LCP: state change Req-Sent --> Stopped Nov 21 22:57:58 chaos mpd: [pptp0] LCP: LayerFinish Nov 21 22:57:58 chaos mpd: [pptp0] device: CLOSE event in state UP Nov 21 22:57:58 chaos mpd: pptp0-0: clearing call Nov 21 22:57:58 chaos mpd: pptp0-0: killing channel Nov 21 22:57:58 chaos mpd: [pptp0] PPTP call terminated Nov 21 22:57:58 chaos mpd: pptp0: closing connection with bb.cc.dd.ff::3337 Nov 21 22:57:58 chaos mpd: [pptp0] device is now in state CLOSING Nov 21 22:57:58 chaos mpd: [pptp0] device: DOWN event in state CLOSING Nov 21 22:57:58 chaos mpd: [pptp0] device is now in state DOWN Nov 21 22:57:58 chaos mpd: [pptp0] link: DOWN event Nov 21 22:57:58 chaos mpd: [pptp0] LCP: Down event Nov 21 22:57:58 chaos mpd: [pptp0] LCP: state change Stopped --> Starting Nov 21 22:57:58 chaos mpd: [pptp0] LCP: phase shift ESTABLISH --> DEAD Nov 21 22:57:58 chaos mpd: [pptp0] LCP: LayerStart Nov 21 22:57:58 chaos mpd: [pptp0] device: DOWN event in state DOWN Nov 21 22:57:58 chaos mpd: [pptp0] device is now in state DOWN Nov 21 22:57:58 chaos mpd: [pptp0] link: DOWN event Nov 21 22:57:58 chaos mpd: [pptp0] LCP: Down event Nov 21 22:57:58 chaos mpd: [pptp0] device: OPEN event in state DOWN Nov 21 22:57:58 chaos mpd: [pptp0] pausing 9 seconds before open Nov 21 22:57:58 chaos mpd: [pptp0] device is now in state DOWN Nov 21 22:57:58 chaos mpd: [pptp0] device: OPEN event in state DOWN Nov 21 22:57:58 chaos mpd: [pptp0] device is now in state DOWN Nov 21 22:57:58 chaos mpd: [pptp0] device: OPEN event in state DOWN Nov 21 22:57:58 chaos mpd: [pptp0] device is now in state DOWN Nov 21 22:57:58 chaos mpd: pptp0: killing connection with bb.cc.dd.ff::3337 Configuration of the FreeBSD server: default: load pptp0 load pptp1 pptp0: new -i ng0 pptp0 pptp0 set ipcp ranges XX.YY.ZZ.AA/32 192.168.0.0/24 load allusr0 pptp1: new -i ng1 pptp1 pptp1 set ipcp ranges XX.YY.ZZ.AA/32 192.168.0.0/24 load allusr0 allusr0: set iface disable on-demand set iface enable proxy-arp set iface mtu 1260 set iface route 192.168.0.0/24 set iface up-script /root/relance.sh set bundle disable multilink set bundle enable compression set bundle yes crypt-reqd set bundle enable crypt-reqd #set link mru 1400 set link deny chap-msv1 set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 60 300 set link latency 0 set ipcp yes vjcomp set ipcp dns xxxxxxx set ccp yes mppc set ccp no mpp-e40 set ccp no mpp-e56 set ccp yes mpp-e128 set ccp yes mpp-stateless in mpd.links of the server: pptp0: set link type pptp set pptp self XX.YY.ZZ.AA set pptp enable incoming set pptp disable originate set pptp enable originate set pptp enable always-ack pptp1: set link type pptp set pptp self XX.YY.ZZ.AA set pptp enable incoming set pptp enable originate set pptp enable always-ack in mpd.secret nanard xxxxxxxx 192.168.0.142 Thanks for help. Nicolas ----- Original Message ----- From: "Eric Anderson" To: "nanard" Cc: Sent: Friday, November 21, 2003 10:41 PM Subject: Re: Connecting to VPN Concentrator > nanard wrote: > > >Hi Eric, > > > >Ok i ve the same configuration on my FreeBSD server. > > > >But on the FreeBSD client, i was using pptp: > > > >crysto# pkg_info|grep pptp > >pptpclient-1.3.1 PPTP client for establishing a VPN link with an NT > >server > > > > > >So, now, i m trying to connect the client with MPD. > > > >But i didn't find the public adress of the VPN server in the mpd.conf. > > > Woops! > > > > >Where do you specify xxx.yyy.zzz.123 in the mpd configuration of the freebsd > >client ? mpd.links ? > > > > > yes - I forgot to attach that part! > Here it is: > /usr/local/mpd/mpd.links: > ###################### > work: > set link type pptp > set pptp peer xxx.yyy.zzz.123 > set pptp enable originate outcall > ###################### > > That should do it.. > > Eric > > -- > ------------------------------------------------------------------ > Eric Anderson Systems Administrator Centaur Technology > All generalizations are false, including this one. > ------------------------------------------------------------------ > > > From owner-freebsd-isp@FreeBSD.ORG Sat Nov 22 06:49:30 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 89DD916A4CE for ; Sat, 22 Nov 2003 06:49:30 -0800 (PST) Received: from Shenton.org (23.ebbed1.client.atlantech.net [209.190.235.35]) by mx1.FreeBSD.org (Postfix) with SMTP id C696A43FDD for ; Sat, 22 Nov 2003 06:49:27 -0800 (PST) (envelope-from chris@Shenton.Org) Received: (qmail 93735 invoked by uid 1001); 22 Nov 2003 14:50:28 -0000 To: David References: <20031121222817.GD19888@phobia.ms> From: Chris Shenton Date: Sat, 22 Nov 2003 09:50:28 -0500 In-Reply-To: <20031121222817.GD19888@phobia.ms> (david@madcoders.com's message of "Fri, 21 Nov 2003 17:28:17 -0500") Message-ID: <86fzggihjf.fsf@PECTOPAH.shenton.org> User-Agent: Gnus/5.1002 (Gnus v5.10.2) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-isp@freebsd.org Subject: Re: huge email system X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2003 14:49:30 -0000 David writes: > We need to build a stable, redundant, and speedy email system that > will last for a few years. We need to handle about 500,000 emails > per day. We have about 30,000 users, so we need a lot of storage. > > Our current plan was to implement the following. > 2 SMTP only servers. > 3 NFS servers with RAID and SCSI > 2 POP3 servers. > > But that leads us to questions such as - > - what would be the best way to authenticate? > - would the NFS servers need gig nic's? or dual bonded 100Mbit cards? > - what smtp server and what pop3 server to use (we want to use Maildir) > - what raid level? I'm finishing something like that now. My design goals were No single points of failure, 1GB server-stored email SMTP+STARTTLS and SMTPS, IMAPS and IMAP + STARTTLS. It's over-designed for our population but the servers aren't the expensive part; I believe it could scale to handle 100K users. I'm replacing a sendmail-based system that's exceptionally hard to fix because there are multiple single points of failure and no one wants downtime. I did the prototype on FreeBSD but the client preferred Solaris for their production systems. I'm using qmail with the excellent qmail-ldap patch suite from www.nrg4u.com, plus courier-imap. OpenLDAP is used for authentication and other user information (quotas, account status, etc). I'm using a pair of F5 load balancers in the front to detect up/down services. This will also allow us to add servers if needs demand it; I like being able to add small cheap boxes incrementally rather than forklift upgrades of big iron. Behind them are a few Netra V210 for SMTP[S], IMAP[S], POPS and soon webmail (SqWebMail). Each box has a read-only LDAP replica. Another V210 runs the LDAP master, which replicates to the four mail servers. Each V210 comes with quad gigabit ethernet: one interface to the load balancer, two (redundancy) to backend switches on the NFS server, and one for an administrative/monitoring network. We bought a NetApp for the mail store; it is currently our one single point of failure but NetApp has a great reputation for reliability; we bought a used unit and saved about 70%. (NetApp uses RAID4 internally so disks can be added to a volume on the fly). NetApp's "snapshot" facility gives us restores from stupid user errors -- tape backup/restore for this much data would be a nightmare. (Qmail's Maildir format is NFS safe but it sounds like you already know that :-) If my client didn't demand Solaris, I would have preferred FreeBSD. I would like to try using the Apple Xserve RAID box since it's 2.5TB for $11K. FC-attach it to a pair of FreeBSD boxes which serve it out as NFS, use the FreeBSD-5.x "snapshot" feature for NetApp-style backup/restore. Service boxes like above, cheaply scalable by adding more. I like F5 balancers because you can heavily customize the application layer health monitoring -- e.g., do a query on the LDAP master and check for a sane response. But they're not cheap. Round-Robin DNS isn't gonna avoid dead services and Windows clients aren't any good at re-trying failed connections. So I don't have a suggestion on an inexpensive balancer; I'd be interested in hearing ideas. As I mentioned above, our NetApp is the only single point of failure. To get more space later on we can get a second unit then buy the (pricey) clustering software to remove that SPoF. Some other folks have talked about anti-virus/spam issues -- very good discussion. I am using qmail-ldap's recent integration of qmail-smtp-viruscan which is a very fast block of MS executable attachments; not foolproof but highly effective with little load. We're considering going with some commercial spam/virus blocking appliance but haven't decided yet; I'm trying to keep the qmail-ldap system from getting any more complicated. If, however, we integrate something into our mail servers, we might have to add another box or two to handle the increased load but it's not that expensive with small boxes. As I mentioned, I'm running all services on all boxes, rather than separating SMTP from POP as you suggest; if this turns out to be a bad idea, I can change the services around simply by re-defining the service pools on the load balancer. From owner-freebsd-isp@FreeBSD.ORG Sat Nov 22 11:44:00 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 64FCA16A4CE for ; Sat, 22 Nov 2003 11:44:00 -0800 (PST) Received: from mail.vineyard.net (k1.vineyard.net [204.17.195.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4E86643FBF for ; Sat, 22 Nov 2003 11:43:59 -0800 (PST) (envelope-from ericx_lists@vineyard.net) Received: from localhost (loopback [127.0.0.1]) by mail.vineyard.net (Postfix) with ESMTP id 27D0C93D18; Sat, 22 Nov 2003 14:43:13 -0500 (EST) Received: from mail.vineyard.net ([127.0.0.1]) by localhost (king1.vineyard.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 69594-04; Sat, 22 Nov 2003 14:43:12 -0500 (EST) Received: from alice (alice.ericx.net [204.128.227.62]) by mail.vineyard.net (Postfix) with SMTP id D757D93D17; Sat, 22 Nov 2003 14:43:12 -0500 (EST) Message-ID: <036a01c3b131$617d95c0$3ee380cc@alice> From: "Eric W. Bates" To: References: <20031121222817.GD19888@phobia.ms> <20031122000737.GA52323@wjv.com> Date: Sat, 22 Nov 2003 14:46:53 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Virus-Scanned: by AMaViS at Vineyard.NET cc: freebsd-isp@freebsd.org Subject: Re: huge email system X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2003 19:44:00 -0000 Yah, with spam and viruses, we get more than 100/user/day. ----- Original Message ----- From: "Bill Vermillion" To: Sent: Friday, November 21, 2003 7:07 PM Subject: Re: huge email system > They all laughed on Fri, Nov 21, 2003 at 17:28 when David said: > > > Hello - > > > We need to build a stable, redundant, and speedy email system > > that will last for a few years. We need to handle about 500,000 > > emails per day. We have about 30,000 users, so we need a lot of > > storage. > > 30,000 users with only 500,000 emails per day. I say that based on > running a small ISP with a few hundred users and see large mail > volume. All are business accounts. > > I'll let others comment on the rest, but I think 500,000 emails per > day may be underestimating things. That's only 20 emails per user > per day. > > As to last a few years - who knows. In the past year I've seen > such an overall increase in mail volume that now I'm looking to get > new servers with more CPU power. It's not disk size that is the > problem but the in-coming and out-going traffic that is killing the > CPU. > > Bill > -- > Bill Vermillion - bv @ wjv . com > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >