From owner-freebsd-isp@FreeBSD.ORG Sun Feb 22 05:43:52 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4323E16A4CE; Sun, 22 Feb 2004 05:43:52 -0800 (PST) Received: from mail.zvezda.number.ru (unknown [213.247.150.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0792E43D1D; Sun, 22 Feb 2004 05:43:52 -0800 (PST) (envelope-from blacksir@number.ru) Received: from host212-5-99-220.izmaylovo.ru ([212.5.99.220] helo=blacksir) by mail.zvezda.number.ru with smtp (Exim) id 1AuttZ-000IBn-Px; Sun, 22 Feb 2004 16:43:45 +0300 From: "Vasenin Alexander aka BlackSir" To: "Gleb Smirnoff" , "Julian Elischer" Date: Sun, 22 Feb 2004 16:43:40 +0300 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20040221235815.GA62385@cell.sick.ru> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Importance: Normal X-Spam-Score: -100.0 (---------------------------------------------------) X-Spam-Report: Spam detection software, running on the system "inet.zvezda.number.ru", hasmessageblock similar future email. If you have any questions, see the administrator of that system for details. Content preview: Yep... But it not so obvious for man like me, who thought just a week ago that netgraph is something beetween net & graphics... like MRTG LOL Another question: Is is possible that apologise, that this would require divert implemented as netgraph node? So... I [...] Content analysis details: (-100.0 points, 5.0 required) pts rule name description -------------------------------------------------- -100 USER_IN_WHITELIST From: address is in the user's white-list cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: freebsd-net@freebsd.org Subject: RE: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2004 13:43:52 -0000 Yep... But it not so obvious for man like me, who thought just a week ago that netgraph is something beetween net & graphics... like MRTG LOL Another question: Is is possible that ng_netflow take packets _after_ they are diverted by natd? I apologise, that this would require divert implemented as netgraph node? So... I have no idea how this would work with ipfw ruleset... Any ideas? > -----Original Message----- > From: owner-freebsd-isp@freebsd.org > [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Gleb Smirnoff > Sent: Sunday, February 22, 2004 2:58 AM > To: Julian Elischer > Cc: freebsd-isp@freebsd.org; Bjoern A. Zeeb; Vasenin Alexander aka > BlackSir; freebsd-net@freebsd.org > Subject: Re: ng_netflow: testers are welcome > Is it possible to make port dependant on kernel module > shipped with base system? How? > For example sysutils/ips is not dependant on ipfw. It is obvious > that ipfw is required for it, as well as in case of netgraph > and ng_netflow. From owner-freebsd-isp@FreeBSD.ORG Sun Feb 22 08:32:17 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D410716A4CE; Sun, 22 Feb 2004 08:32:17 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id E13E743D1D; Sun, 22 Feb 2004 08:32:15 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1MGVoQE066230 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 22 Feb 2004 19:31:51 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1MGVe6q066229; Sun, 22 Feb 2004 19:31:40 +0300 (MSK) Date: Sun, 22 Feb 2004 19:31:40 +0300 From: Gleb Smirnoff To: Vasenin Alexander aka BlackSir Message-ID: <20040222163140.GA66213@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Vasenin Alexander aka BlackSir , Julian Elischer , freebsd-isp@freebsd.org, "Bjoern A. Zeeb" , freebsd-net@freebsd.org References: <20040221235815.GA62385@cell.sick.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.6i cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: Julian Elischer cc: freebsd-net@freebsd.org Subject: Re: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2004 16:32:18 -0000 On Sun, Feb 22, 2004 at 04:43:40PM +0300, Vasenin Alexander aka BlackSir wrote: V> Yep... But it not so obvious for man like me, who thought just a week ago V> that netgraph is something beetween net & graphics... like MRTG V> LOL V> V> Another question: V> Is is possible that ng_netflow take packets _after_ they are diverted by V> natd? I apologise, that this would require divert implemented as netgraph V> node? So... I have no idea how this would work with ipfw ruleset... Any V> ideas? The only known workaround is connecting ng_netflow to hook "upper" on inner interface of masquerading router. Any better ideas are welcome. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-isp@FreeBSD.ORG Sun Feb 22 15:17:42 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E1DBB16A4CE; Sun, 22 Feb 2004 15:17:42 -0800 (PST) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id D76F743D1D; Sun, 22 Feb 2004 15:17:42 -0800 (PST) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([24.7.73.28]) by comcast.net (rwcrmhc11) with ESMTP id <2004022223173801300dbfk1e>; Sun, 22 Feb 2004 23:17:42 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id PAA52472; Sun, 22 Feb 2004 15:17:38 -0800 (PST) Date: Sun, 22 Feb 2004 15:17:38 -0800 (PST) From: Julian Elischer To: Vasenin Alexander aka BlackSir In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: Gleb Smirnoff cc: freebsd-net@freebsd.org Subject: RE: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2004 23:17:43 -0000 you can open a divert socket as a netgraph node by openning a ksocket node with protocol 'divert'. On Sun, 22 Feb 2004, Vasenin Alexander aka BlackSir wrote: > Yep... But it not so obvious for man like me, who thought just a week ago > that netgraph is something beetween net & graphics... like MRTG > LOL > > Another question: > Is is possible that ng_netflow take packets _after_ they are diverted by > natd? I apologise, that this would require divert implemented as netgraph > node? So... I have no idea how this would work with ipfw ruleset... Any > ideas? > > > -----Original Message----- > > From: owner-freebsd-isp@freebsd.org > > [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Gleb Smirnoff > > Sent: Sunday, February 22, 2004 2:58 AM > > To: Julian Elischer > > Cc: freebsd-isp@freebsd.org; Bjoern A. Zeeb; Vasenin Alexander aka > > BlackSir; freebsd-net@freebsd.org > > Subject: Re: ng_netflow: testers are welcome > > > Is it possible to make port dependant on kernel module > > shipped with base system? How? > > For example sysutils/ips is not dependant on ipfw. It is obvious > > that ipfw is required for it, as well as in case of netgraph > > and ng_netflow. > > From owner-freebsd-isp@FreeBSD.ORG Mon Feb 23 02:43:36 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0CF2916A4CE; Mon, 23 Feb 2004 02:43:36 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3BFCC43D39; Mon, 23 Feb 2004 02:43:35 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1NAhNQE070002 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 23 Feb 2004 13:43:24 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1NAhMq0070001; Mon, 23 Feb 2004 13:43:22 +0300 (MSK) Date: Mon, 23 Feb 2004 13:43:22 +0300 From: Gleb Smirnoff To: Julian Elischer Message-ID: <20040223104322.GA69982@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Julian Elischer , Vasenin Alexander aka BlackSir , freebsd-isp@freebsd.org, "Bjoern A. Zeeb" , freebsd-net@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.6i cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: Vasenin Alexander aka BlackSir cc: freebsd-net@freebsd.org Subject: Re: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 10:43:36 -0000 On Sun, Feb 22, 2004 at 03:17:38PM -0800, Julian Elischer wrote: J> you can open a divert socket as a netgraph node by openning a ksocket J> node with protocol 'divert'. I didn't think of ng_ksocket as a divert socket. Thanks for pointing me at this! Really one can use "ipfw tee" to pass demasqueraded traffic to ng_netflow. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-isp@FreeBSD.ORG Mon Feb 23 04:30:35 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E1E716A4CF for ; Mon, 23 Feb 2004 04:30:35 -0800 (PST) Received: from gualeguaychu.gov.ar (host105.200-117-43.telecom.net.ar [200.117.43.105]) by mx1.FreeBSD.org (Postfix) with ESMTP id C1DD643D1F for ; Mon, 23 Feb 2004 04:30:34 -0800 (PST) (envelope-from rjpereyra@gualeguaychu.gov.ar) Received: by gualeguaychu.gov.ar (Postfix, from userid 1061) id 96F05437B; Mon, 23 Feb 2004 09:31:08 -0300 (ART) Date: Mon, 23 Feb 2004 09:31:08 -0300 From: Roberto Pereyra To: freebsd-isp@freebsd.org Message-ID: <20040223123108.GB1220@gualeguaychu.gov.ar> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Subject: dialup questions again X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 12:30:35 -0000 Hi I want to setup a dialup freebsd 5.2 server. My setup is: ---INTERNET---------| GATEWAY |-------------|DIALUP SERVER| -----|----192.160.0.171 192.169.0.1 192.168.0.170 |----192.168.0.172 |----192.168.0.173 8 lines My ppp.conf is: default: pap: set debug phase lcp chat set timeout 0 set debug phase lcp chat enable pap set ifaddr 192.168.0.1 192.168.0.171-192.168.0.178 255.255.255.0 enable proxy accept dns set dns 192.168.0.1 load server set radius /etc/radius.conf I have enable the eight lines in my /etc/ttys ttyd0 "/usr/local/sbin/mgetty -s 115200" dialup on secure ttyd1 "/usr/local/sbin/mgetty -s 115200" dialup on secure ...... Some questions: I must enable pseudo-device tun 1 1 must be 8 or this setup is automatic for freebsd 5.2 ? Is my ppp.conf rigth ? Is the "set ifaddr ...." line rigth ? I have in both sides USR 56K and not have more than 32k with analog lines. How can I have more speed ? Thanks in advance roberto From owner-freebsd-isp@FreeBSD.ORG Mon Feb 23 06:31:49 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 02EB316A4CF for ; Mon, 23 Feb 2004 06:31:49 -0800 (PST) Received: from gualeguaychu.gov.ar (host105.200-117-43.telecom.net.ar [200.117.43.105]) by mx1.FreeBSD.org (Postfix) with ESMTP id B717F43D1D for ; Mon, 23 Feb 2004 06:31:47 -0800 (PST) (envelope-from rjpereyra@gualeguaychu.gov.ar) Received: by gualeguaychu.gov.ar (Postfix, from userid 1061) id 6730A41BE; Mon, 23 Feb 2004 11:32:18 -0300 (ART) Date: Mon, 23 Feb 2004 11:32:17 -0300 From: Roberto Pereyra To: JJB Message-ID: <20040223143217.GA3531@gualeguaychu.gov.ar> References: <20040223115715.GA1220@gualeguaychu.gov.ar> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i cc: freebsd-isp@freebsd.org Subject: Re: dialup question X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 14:31:49 -0000 Hi Thanks for your help. I use FBSD 5.2 because I use the Moxa Smartio C168H/PCI (8 ports). Older version not have this device support. Thanks for your help again roberto On Mon, Feb 23, 2004 at 09:06:35AM -0500, JJB wrote: > What you have diagramed is not an dialout configuration but an > dialin setup. Like in you want to be able to have 8 different > people call the modems attached to your 192.168.0.170(dialup server) > and then share the single internet connection. > This is an legacy ISP configuration. > > You made this statement > 'I have in both sides USR 56K and not have more than 32k with > analog lines. > How can I have more speed ?' > > To me that means your config files are working, so what you really > want to know is why is 33.6 the max speed you can achieve? That is > simple question to answer. 33.6 is max speed on analog voice phone > system because of the line voltage used by the phone company on the > 2 copper wires used for each phone line circuit. You phone company's > voice phone network is based on the USA phone Company technical > model. We have that 33.6 max speed also. Some countries use the old > British phone Company technical model which uses higher line voltage > and can get 128.0 speeds using 56K modem at both ends. That does not > sound like you. There is nothing you can do at your end to increase > that speed. > > To get 56K speeds your phone company phone service delivery network > must be using fiber optics digital lines through out their total > distribution system and the ISP must have an t1 or e1 digital line > connected to their system for their customers to call in and connect > through. What you are trying to do is how ISP's in the early 1990's > did things before the USA phone companies invested and installed > digital equipment through out their networks. > > You are using FBSD 5.2 and that is an very big mistake. 5.2 is > created from the development source code branch, and is only > intended for the people who development kernel code. It's really an > test system which is not intended for general public production use. > Much of the internal code is experimental. You should really be > using 4.9 which is generated from the stable source code branch and > is the current production version intended for general public use. > > If you are having problems getting all callin lines to work at same > time, then describe in greater detail what the symptoms are. > > > > > > > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Roberto > Pereyra > Sent: Monday, February 23, 2004 6:57 AM > To: freebsd-questions@freebsd.org > Subject: dialup question > > Hi > > I want to setup a dialup freebsd 5.2 server. > > My setup is: > > ---INTERNET---------| GATEWAY |-------------|DIALUP > SERVER| -----|----192.160.0.171 > 192.169.0.1 192.168.0.170 > |----192.168.0.172 > > |----192.168.0.173 > 8 > lines > My ppp.conf is: > > default: > pap: > set debug phase lcp chat > set timeout 0 set debug phase lcp chat > enable pap > set ifaddr 192.168.0.1 192.168.0.171-192.168.0.178 > 255.255.255.0 > enable proxy > accept dns > set dns 192.168.0.1 > load server > set radius /etc/radius.conf > > I have enable the eight lines in my /etc/ttys > > ttyd0 "/usr/local/sbin/mgetty -s 115200" dialup on secure > ttyd1 "/usr/local/sbin/mgetty -s 115200" dialup on secure > ...... > > > Some question: > > I must enable > > pseudo-device tun 1 > > 1 must be 8 or this setup is automatic for freebsd 5.2 ? > > Is my ppp.conf rigth ? > > Is the "set ifaddr ...." line rigth ? > > I have in both sides USR 56K and not have more than 32k with analog > lines. How can I have more speed ? > > Thanks in advance > > roberto > > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Mon Feb 23 11:32:59 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB8BD16A4CE; Mon, 23 Feb 2004 11:32:59 -0800 (PST) Received: from mail.zvezda.number.ru (unknown [213.247.150.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F37143D1D; Mon, 23 Feb 2004 11:32:59 -0800 (PST) (envelope-from blacksir@number.ru) Received: from host212-5-99-220.izmaylovo.ru ([212.5.99.220] helo=blacksir) by mail.zvezda.number.ru with smtp (Exim) id 1AvLow-000GiU-Q9; Mon, 23 Feb 2004 22:32:50 +0300 From: "Vasenin Alexander aka BlackSir" To: "Gleb Smirnoff" , "Julian Elischer" Date: Mon, 23 Feb 2004 22:32:42 +0300 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20040223104322.GA69982@cell.sick.ru> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Importance: Normal X-Spam-Score: -100.0 (---------------------------------------------------) X-Spam-Report: Spam detection software, running on the system "inet.zvezda.number.ru", hasmessageblock similar future email. If you have any questions, see the administrator of that system for details.with inet/rawip/divert hook connected to ng_netflow iface0 hook (mkpeer netflow: ksocket iface0 inet/raw/divert), then "msg netflow: setdlt { iface=0 dlt }" (Raw ip instead of ethernet), then "msg divert: bind inet/0.0.0.0:8888". And after all add ipfw rule "tee 8888 ip from any better, before it). But there is bug in "ipfw tee" - packets is alwaysso denied by ipfw before tee rule). Maybe there is way to use 'divert'? I've tried - packets going to divert socket,then ng_netflow... and never come back... Actually I'm not quite understand mechanism of returning from divert - ng_ksocket have only one hook... [...] Content analysis details: (-100.0 points, 5.0 required) pts rule name description -------------------------------------------------- -100 USER_IN_WHITELIST From: address is in the user's white-list cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: freebsd-net@freebsd.org Subject: RE: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 19:33:00 -0000 YES! IT WORKS! All I've need - just create ksocket with inet/rawip/divert hook connected to ng_netflow iface0 hook (mkpeer netflow: ksocket iface0 inet/raw/divert), then "msg netflow: setdlt { iface=0 dlt=12 }" (Raw ip instead of ethernet), then "msg divert: bind inet/0.0.0.0:8888". And after all add ipfw rule "tee 8888 ip from any to any in"(One may need "via $oif") instead of final allow (or, better, before it). But there is bug in "ipfw tee" - packets is always immediately accepted instead of continue going through the ruleset, so tee must be the last rule(So, ng_netflow never see packets that denied by ipfw before tee rule). Maybe there is way to use 'divert'? I've tried - packets going to divert socket,then ng_netflow... and never come back... Actually I'm not quite understand mechanism of returning from divert - ng_ksocket have only one hook... Great thanks to Julian & Gleb & all who helped! 2Gleb: It would be pleasure for me to write a little example based on our discussion for README if you need. Vasenin Alexander aka BlackSir > -----Original Message----- > From: owner-freebsd-isp@freebsd.org > [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Gleb Smirnoff > Sent: Monday, February 23, 2004 1:43 PM > To: Julian Elischer > Cc: freebsd-isp@freebsd.org; Bjoern A. Zeeb; Vasenin Alexander aka > BlackSir; freebsd-net@freebsd.org > Subject: Re: ng_netflow: testers are welcome > On Sun, Feb 22, 2004 at 03:17:38PM -0800, Julian Elischer wrote: > J> you can open a divert socket as a netgraph node by openning a ksocket > J> node with protocol 'divert'. > Really one can use "ipfw tee" to pass demasqueraded traffic to > ng_netflow. From owner-freebsd-isp@FreeBSD.ORG Mon Feb 23 11:47:16 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EFDC016A4CE; Mon, 23 Feb 2004 11:47:16 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1642543D2D; Mon, 23 Feb 2004 11:47:16 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1NJknQE072686 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 23 Feb 2004 22:46:49 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1NJkmr2072685; Mon, 23 Feb 2004 22:46:49 +0300 (MSK) Date: Mon, 23 Feb 2004 22:46:48 +0300 From: Gleb Smirnoff To: Vasenin Alexander aka BlackSir Message-ID: <20040223194648.GB72475@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Vasenin Alexander aka BlackSir , Julian Elischer , freebsd-isp@freebsd.org, "Bjoern A. Zeeb" , freebsd-net@freebsd.org References: <20040223104322.GA69982@cell.sick.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.6i cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: Julian Elischer cc: freebsd-net@freebsd.org Subject: Re: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 19:47:17 -0000 On Mon, Feb 23, 2004 at 10:32:42PM +0300, Vasenin Alexander aka BlackSir wrote: V> But there is bug in "ipfw tee" - packets is always immediately accepted V> instead of continue going through the ruleset, so tee must be the last V> rule(So, ng_netflow never see packets that denied by ipfw before tee rule). V> Maybe there is way to use 'divert'? I've tried - packets going to divert V> socket,then ng_netflow... and never come back... Actually I'm not quite V> understand mechanism of returning from divert - ng_ksocket have only one V> hook... This behavior of "ipfw tee" is even mentioned in BUGS. However there have been posted a fix in kern/61259. I have not tested it, you can try. Another way of solving "ipfw tee" problem would be writing a netgraph node with 2 hooks, first one sends received data back into itself and a copy towards second hook. ng_ksocket with divert should be connected to first hook, and ng_netflow to second one. You can call this node ng_echotee :) :))) When I typed it, I've understood that this behavior can be achieved combining ng_tee and ng_echo from base system. Really netgraph rocks! V> 2Gleb: It would be pleasure for me to write a little example based on our V> discussion for README if you need. I'd be glad if you show me your current netgraph setup script. Surely I can reproduce it myself, but live example would be better than imaginary. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-isp@FreeBSD.ORG Mon Feb 23 15:48:03 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F37A616A4CE; Mon, 23 Feb 2004 15:48:02 -0800 (PST) Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id A9AB543D1F; Mon, 23 Feb 2004 15:48:02 -0800 (PST) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([24.7.73.28]) by comcast.net (sccrmhc11) with ESMTP id <2004022323475901100oigcve>; Mon, 23 Feb 2004 23:48:01 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id PAA67529; Mon, 23 Feb 2004 15:47:57 -0800 (PST) Date: Mon, 23 Feb 2004 15:47:55 -0800 (PST) From: Julian Elischer To: Vasenin Alexander aka BlackSir In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: Gleb Smirnoff cc: freebsd-net@freebsd.org Subject: RE: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 23:48:03 -0000 On Mon, 23 Feb 2004, Vasenin Alexander aka BlackSir wrote: > YES! IT WORKS! > All I've need - just create ksocket with inet/rawip/divert hook connected to > ng_netflow iface0 hook (mkpeer netflow: ksocket iface0 inet/raw/divert), > then "msg netflow: setdlt { iface=0 dlt=12 }" (Raw ip instead of ethernet), > then "msg divert: bind inet/0.0.0.0:8888". And after all add ipfw rule "tee > 8888 ip from any to any in"(One may need "via $oif") instead of final allow > (or, better, before it). > But there is bug in "ipfw tee" - packets is always immediately accepted > instead of continue going through the ruleset, so tee must be the last > rule(So, ng_netflow never see packets that denied by ipfw before tee rule). > Maybe there is way to use 'divert'? I've tried - packets going to divert > socket,then ng_netflow... and never come back... Actually I'm not quite > understand mechanism of returning from divert - ng_ksocket have only one > hook... Ok, THEORETICALLY, the sockaddr of the packet read from a divert socket has a 'port number' set to the ipfw rule that caused the diversion. i.e. if you do a recvfrom() the port number of the sender address should include the rule number of the diversion.. when you do a "sendto()" into a divert socket, the port number in the destination addr is supposed to be a rule number AFTER WHICH processing should restart.. in other words teh packet is injected into teh IP stack, and when it enters ipfw it should IMMEDIATLY do a "skipto NNN+1" where NNN is the last rule numbe ryou want to skip over.. if you get a sockaddr with port 8686 becasue it was diverted by rule 8686 then re-using that sockaddr should ensure that processing in the ipfw list should start at teh first rule number AFTER 8686. This used to work but I have not tried it for some time and it may have been broken in ipfw2, as I never tested it.. natd is supposed to do this.. Since you can not do a "sendto()" in netgraph, you have to have done a "connect" on the socket to set the port number ahead of time.. Other things are also in the sockaddr.. in the 8 "unused" bytes of the sockaddr we "hide" the incoming interface name (for example) netgraph cannot change that but it should not need this as it has the actual mbufs and can just set th eiface pointer in the packet header.. (assuming divert doesn't clear it.. once again, you'll need to look at the code). > > Great thanks to Julian & Gleb & all who helped! > 2Gleb: It would be pleasure for me to write a little example based on our > discussion for README if you need. > Vasenin Alexander aka BlackSir > > > -----Original Message----- > > From: owner-freebsd-isp@freebsd.org > > [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Gleb Smirnoff > > Sent: Monday, February 23, 2004 1:43 PM > > To: Julian Elischer > > Cc: freebsd-isp@freebsd.org; Bjoern A. Zeeb; Vasenin Alexander aka > > BlackSir; freebsd-net@freebsd.org > > Subject: Re: ng_netflow: testers are welcome > > > On Sun, Feb 22, 2004 at 03:17:38PM -0800, Julian Elischer wrote: > > J> you can open a divert socket as a netgraph node by openning a ksocket > > J> node with protocol 'divert'. > > > Really one can use "ipfw tee" to pass demasqueraded traffic to > > ng_netflow. > > From owner-freebsd-isp@FreeBSD.ORG Mon Feb 23 15:50:43 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F3C616A4CE; Mon, 23 Feb 2004 15:50:43 -0800 (PST) Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id B8E8F43D1D; Mon, 23 Feb 2004 15:50:42 -0800 (PST) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([24.7.73.28]) by comcast.net (sccrmhc12) with ESMTP id <20040223235041012009h34ve>; Mon, 23 Feb 2004 23:50:41 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id PAA67580; Mon, 23 Feb 2004 15:50:40 -0800 (PST) Date: Mon, 23 Feb 2004 15:50:39 -0800 (PST) From: Julian Elischer To: Gleb Smirnoff In-Reply-To: <20040223194648.GB72475@cell.sick.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: Vasenin Alexander aka BlackSir cc: freebsd-net@freebsd.org Subject: Re: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 23:50:43 -0000 > :))) When I typed it, I've understood that this behavior can be achieved > combining ng_tee and ng_echo from base system. Really netgraph rocks! > please remeber this next time someone tries to have it deleted from the system :-) From owner-freebsd-isp@FreeBSD.ORG Mon Feb 23 16:44:33 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A532916A4CE for ; Mon, 23 Feb 2004 16:44:33 -0800 (PST) Received: from ns1.unixmexico.net (ns1.unixmexico.net [69.10.138.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E7F943D2F for ; Mon, 23 Feb 2004 16:44:33 -0800 (PST) (envelope-from nbari@unixmexico.com) Received: (qmail 49578 invoked by uid 85); 24 Feb 2004 00:46:24 -0000 Received: from nbari@unixmexico.com by ns1.unixmexico.net by uid 82 with qmail-scanner-1.16 (hbedv: 6.22.0.1/6.22.0.6. Clear:. Processed in 0.364711 secs); 24 Feb 2004 00:46:24 -0000 Received: from ns1.unixmexico.net (HELO mail.unixmexico.com) ([69.10.138.161]) (envelope-sender ) by ns1.unixmexico.net (qmail-ldap-1.03) with SMTP for ; 24 Feb 2004 00:46:23 -0000 Received: from 200.57.40.53 (SquirrelMail authenticated user nbari@unixmexico.com) by mail.unixmexico.com with HTTP; Mon, 23 Feb 2004 18:46:24 -0600 (CST) Message-ID: <1480.200.57.40.53.1077583584.squirrel@mail.unixmexico.com> Date: Mon, 23 Feb 2004 18:46:24 -0600 (CST) From: =?iso-8859-1?Q?Nicol=E1s_de_Bari_Embr=EDz_G._R.?= To: freebsd-isp@freebsd.org User-Agent: SquirrelMail/1.4.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: ftp Redirect problems using RDR X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 00:44:33 -0000 Hi all. I am having some problems redirecting a ftp using rrd, i am using ipfilter and ipnat my ipnat.rules on Server 1 file has some thing like: map fxp0 192.168.50.1/24 -> 148.243.246.2/32 portmap tcp/udp auto map fxp0 192.168.50.1/24 -> 148.243.246.2/32 rdr fxp0 148.243.246.2/32 port 21 -> 192.168.60.1/32 port 21024 My net is something like: server 1 server 2 148.243.246.2 200.50.59.30 --------- --------------------------- | FreBSD | <----IPSEC tunnel---> | FTP (pureftp port 11021) | --------- --------------------------- 192.168.50.1 192.168.60.1 | | | | ----- ----- | NAT | | NAT | ----- ----- | | 192.168.50.0/24 192.168.60.0/24 I want to redirect ftp connections on server 1 (port 21) to server 2 (port 11021) so when a user, ftp to 148.243.246.2 he gets redirected to server 200.50.59.30, but using the IPSEC tunnel. ftp 148.243.246.2 port 21 ----> redirect to 192.168.60.1 port 11021 right now the IPSEC tunnel works fine i can ping an see machines from 192.168.50.0/24 to 192.168.60.0/24 Any idea on how could i fix this ? both servers are using FreeBSD 4.9-STABLE -- nbari@unixmexico.com key ID 1EF56FDC -- nbari@unixmexico.com key ID 1EF56FDC From owner-freebsd-isp@FreeBSD.ORG Mon Feb 23 23:30:13 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 146BE16A4CE; Mon, 23 Feb 2004 23:30:13 -0800 (PST) Received: from rms04.rommon.net (rms04.rommon.net [212.54.2.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id B745843D1D; Mon, 23 Feb 2004 23:30:11 -0800 (PST) (envelope-from pete@he.iki.fi) Received: from he.iki.fi (h81.vuokselantie10.fi [193.64.42.129]) by rms04.rommon.net (8.12.9p1/8.12.9) with ESMTP id i1O7T4cM018854; Tue, 24 Feb 2004 09:29:09 +0200 (EET) (envelope-from pete@he.iki.fi) Message-ID: <403AFD52.7030508@he.iki.fi> Date: Tue, 24 Feb 2004 09:29:22 +0200 From: Petri Helenius User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Julian Elischer References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: Gleb Smirnoff cc: Vasenin Alexander aka BlackSir cc: freebsd-net@freebsd.org Subject: Re: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 07:30:13 -0000 Julian Elischer wrote: > > > >please remeber this next time someone tries to have it deleted from the >system :-) > > > I tried to google for such a discussion but fortunately couldnīt find any. Why somebody would want to take away netgraph? Pete From owner-freebsd-isp@FreeBSD.ORG Mon Feb 23 23:47:09 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0026416A4CE; Mon, 23 Feb 2004 23:47:08 -0800 (PST) Received: from mail.zvezda.number.ru (unknown [213.247.150.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8207E43D1F; Mon, 23 Feb 2004 23:47:08 -0800 (PST) (envelope-from blacksir@number.ru) Received: from host212-5-99-220.izmaylovo.ru ([212.5.99.220] helo=blacksir) by mail.zvezda.number.ru with smtp (Exim) id 1AvXHC-000C4G-Tk; Tue, 24 Feb 2004 10:46:46 +0300 From: "Vasenin Alexander aka BlackSir" To: "Gleb Smirnoff" Date: Tue, 24 Feb 2004 10:46:44 +0300 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20040223194648.GB72475@cell.sick.ru> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 X-Spam-Score: -100.0 (---------------------------------------------------) X-Spam-Report: Spam detection software, running on the system "inet.zvezda.number.ru", hasmessageblock similar future email. If you have any questions, see the administrator of that system for details. Content preview: > Content analysis details: (-100.0 points, 5.0 required) pts rule name description -------------------------------------------------- -100 USER_IN_WHITELIST From: address is in the user's white-list cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: Julian Elischer cc: freebsd-net@freebsd.org Subject: RE: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 07:47:09 -0000 > -----Original Message----- > From: owner-freebsd-isp@freebsd.org > [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Gleb Smirnoff > Sent: Monday, February 23, 2004 10:47 PM > To: Vasenin Alexander aka BlackSir > Cc: freebsd-isp@freebsd.org; Bjoern A. Zeeb; Julian Elischer; > freebsd-net@freebsd.org > Subject: Re: ng_netflow: testers are welcome > I'd be glad if you show me your current netgraph setup script. Surely > I can reproduce it myself, but live example would be better than > imaginary. Here it is(latest version - 'echotee'): ---cut--- # Create ng_tee node mkpeer . tee dummy left name .dummy tee # Create ng_netflow node mkpeer tee: netflow left2right iface0 name tee:.left2right netflow msg netflow: setifindex { iface=0 index=1 } msg netflow: setdlt { iface=0 dlt=12 } # Create ng_ksocket for exporting netflow data mkpeer netflow: ksocket export inet/dgram/udp name netflow:.export export_ksocket msg export_ksocket: connect inet/127.0.0.1:8000 # Create ng_echo node for returning data from divert socket mkpeer tee: echo right echo_hook name tee:.right echo # Destroy dummy hook rmhook dummy # Create divert ng_ksocket mkpeer tee: ksocket left inet/raw/divert name tee:.left divert_ksocket msg divert_ksocket: bind inet/0.0.0.0:8888 ---cut--- This config assumes that packets needed to catch via ng_netflow is simply diverted by ipfw rule: divert 8888 ip from any to any in - or something like that Seems everything works fine! (I'm using ipfw2 in 4.9) Packets going throught divert and reinjected in ipfw ;-) but I've not tested this in production yet... Thanks again! Vasenin Alexander aka BlackSir From owner-freebsd-isp@FreeBSD.ORG Tue Feb 24 00:33:09 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C974516A4CE; Tue, 24 Feb 2004 00:33:09 -0800 (PST) Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [204.127.202.64]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F31043D1D; Tue, 24 Feb 2004 00:33:07 -0800 (PST) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([24.7.73.28]) by comcast.net (sccrmhc13) with ESMTP id <2004022408330501600d0g7ne>; Tue, 24 Feb 2004 08:33:06 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id AAA72329; Tue, 24 Feb 2004 00:33:05 -0800 (PST) Date: Tue, 24 Feb 2004 00:33:03 -0800 (PST) From: Julian Elischer To: Petri Helenius In-Reply-To: <403AFD52.7030508@he.iki.fi> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: Gleb Smirnoff cc: Vasenin Alexander aka BlackSir cc: freebsd-net@freebsd.org Subject: Re: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 08:33:09 -0000 On Tue, 24 Feb 2004, Petri Helenius wrote: > Julian Elischer wrote: >=20 > > =20 > > > > > >please remeber this next time someone tries to have it deleted from the > >system :-) > > > > =20 > > > I tried to google for such a discussion but fortunately couldn=B4t find= =20 > any. Why somebody would want to take away netgraph? It's my impression that there are some of the "old school" who don't like the feel of it.. >=20 > Pete >=20 >=20 From owner-freebsd-isp@FreeBSD.ORG Tue Feb 24 01:02:12 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E2C516A4CE; Tue, 24 Feb 2004 01:02:12 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id C34EA43D1F; Tue, 24 Feb 2004 01:02:11 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1O91qQE076624 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 24 Feb 2004 12:01:53 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1O91q3r076623; Tue, 24 Feb 2004 12:01:52 +0300 (MSK) Date: Tue, 24 Feb 2004 12:01:52 +0300 From: Gleb Smirnoff To: Vasenin Alexander aka BlackSir Message-ID: <20040224090152.GD76272@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Vasenin Alexander aka BlackSir , freebsd-isp@freebsd.org, "Bjoern A. Zeeb" , Julian Elischer , freebsd-net@freebsd.org References: <20040223194648.GB72475@cell.sick.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.6i cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: Julian Elischer cc: freebsd-net@freebsd.org Subject: Re: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 09:02:12 -0000 On Tue, Feb 24, 2004 at 10:46:44AM +0300, Vasenin Alexander aka BlackSir wrote: V> > I'd be glad if you show me your current netgraph setup script. Surely V> > I can reproduce it myself, but live example would be better than V> > imaginary. V> V> Here it is(latest version - 'echotee'): Thanks for netgraph setup script. Could you please also send important parts of your firewall config, where packets are diverted towards netgraph? It is important to divert only _incoming_ traffic on _particular_ interface, otherwise netflow exports will contain some incorrect data. V> This config assumes that packets needed to catch via ng_netflow is simply V> diverted by ipfw rule: V> divert 8888 ip from any to any in - or something like that V> Seems everything works fine! (I'm using ipfw2 in 4.9) Packets going throught V> divert and reinjected in ipfw ;-) V> but I've not tested this in production yet... And also it is important to check that ng_ksocket reinjects packet into the ipfw with rule number set (see Julian's mail). -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-isp@FreeBSD.ORG Tue Feb 24 02:25:31 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5788116A4CE; Tue, 24 Feb 2004 02:25:31 -0800 (PST) Received: from mail.zvezda.number.ru (unknown [213.247.150.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1429D43D1D; Tue, 24 Feb 2004 02:25:31 -0800 (PST) (envelope-from blacksir@number.ru) Received: from host212-5-99-220.izmaylovo.ru ([212.5.99.220] helo=blacksir) by mail.zvezda.number.ru with smtp (Exim) id 1AvZkW-000MY0-0T; Tue, 24 Feb 2004 13:25:12 +0300 From: "Vasenin Alexander aka BlackSir" To: "Gleb Smirnoff" Date: Tue, 24 Feb 2004 13:25:08 +0300 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20040224090152.GD76272@cell.sick.ru> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 X-Spam-Score: -100.0 (---------------------------------------------------) X-Spam-Report: Spam detection software, running on the system "inet.zvezda.number.ru", hasmessageblock similar future email. If you have any questions, see the administrator of that system for details. Content preview: I'm sorry, my mistake, seems like they are not reinjected on my test system - they are acceped :-( I'll continue to dig in the evening and post the results closer to local night... BlackSir > Content analysis details: (-100.0 points, 5.0 required) pts rule name description -------------------------------------------------- -100 USER_IN_WHITELIST From: address is in the user's white-list cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: Julian Elischer cc: freebsd-net@freebsd.org Subject: RE: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 10:25:31 -0000 I'm sorry, my mistake, seems like they are not reinjected on my test system - they are acceped :-( I'll continue to dig in the evening and post the results closer to local night... BlackSir > -----Original Message----- > From: owner-freebsd-isp@freebsd.org > [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Gleb Smirnoff > Sent: Tuesday, February 24, 2004 12:02 PM > To: Vasenin Alexander aka BlackSir > Cc: freebsd-isp@freebsd.org; Bjoern A. Zeeb; Julian Elischer; > freebsd-net@freebsd.org > Subject: Re: ng_netflow: testers are welcome > And also it is important to check that ng_ksocket reinjects packet > into the ipfw with rule number set (see Julian's mail). From owner-freebsd-isp@FreeBSD.ORG Tue Feb 24 06:26:21 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F232916A4CE for ; Tue, 24 Feb 2004 06:26:20 -0800 (PST) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 196ED43D1D for ; Tue, 24 Feb 2004 06:26:20 -0800 (PST) (envelope-from pons@gmx.li) Received: (qmail 21124 invoked by uid 65534); 24 Feb 2004 14:26:18 -0000 Received: from unknown (HELO pons) (194.165.152.7) by mail.gmx.net (mp022) with SMTP; 24 Feb 2004 15:26:18 +0100 X-Authenticated: #2607275 Message-ID: <003501c3fae2$3207c9f0$0503050a@sdc.com.jo> From: "Pons" To: References: <20040223123108.GB1220@gualeguaychu.gov.ar> Date: Tue, 24 Feb 2004 16:26:28 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: ipfw X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 14:26:21 -0000 Can I post the following ..... if I am in wrong list please ignore it and sorry again. I have configured a FreeBSD 5.1 rel box 2 NIC's (Ext.ip/Int.ip) with ipfw/natd/squid the setup is working /etc/rc.conf --------------------//----------------------- gateway_enable="YES" inetd_enable="YES" linux_enable="YES" moused_enable="YES" usbd_enable="YES" natd_enable="YES" natd_interface="rl1" natd_flags="-s -u -m" firewall_enable="YES" firewall_logging_enable="YES" firewall_quiet="NO" #firewall_type="open" firewall_script="/etc/rc.ipfw" #firewall_type="/etc/ipfw.rules" snmpd_enable="YES" tcp_extensions="NO" tcp_drop_synfin="YES" tcp_keepalive="YES" icmp_drop_redirect="YES" icmp_log_redirect="YES" sshd_enable="YES" update_motd="NO" My Kernel conf ---------------------------------//------------------- options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPDIVERT #divert sockets options IPFIREWALL_VERBOSE_LIMIT=100 #options IPFIREWALL_DEFAULT_TO_ACCEPT options RANDOM_IP_ID options DUMMYNET options IPFIREWALL_FORWARD options TCP_DROP_SYNFIN options IPSTEALTH #options "ICMP_BANDLIM" My Rule Set /etc/rc.ipfw --------------------//---------------------- # This file is a modified version of /etc/rc.firewall. # # Maintained by: D. O'Connor # Modified: 7/18/2000. # # Suck in the configuration variables. if [ -r /etc/defaults/rc.conf ]; then . /etc/defaults/rc.conf source_rc_confs elif [ -r /etc/rc.conf ]; then . /etc/rc.conf fi if [ -n "${1}" ]; then firewall_type="${1}" fi # Firewall program fwcmd="/sbin/ipfw" # Outside interface network and netmask and ip oif="rl1" onet="f.g.h.0" omask="255.255.255.240" oip="f.g.h.k" # Inside interface network and netmask and ip iif="rl0" inet="a.b.0.0" imask="255.255.0.0" iip="1.2.3.4" # My ISP's DNS servers dns1="X.Y.W.Z" dns2="A.B.C.D" # Flush previous rules ${fwcmd} -f flush # Allow loopbacks, deny imposters ${fwcmd} add 100 pass all from any to any via lo0 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 # If you're using 'options BRIDGE', uncomment the following line to pass ARP #${fwcmd} add 300 pass udp from 0.0.0.0 2054 to 0.0.0.0 # Stop spoofing ${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif} ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif} # Stop RFC1918 nets on the outside interface ${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif} ${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif} ${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif} # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1, # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E) # on the outside interface ${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif} ${fwcmd} add deny all from any to 169.254.0.0/16 via ${oif} ${fwcmd} add deny all from any to 192.0.2.0/24 via ${oif} ${fwcmd} add deny all from any to 224.0.0.0/4 via ${oif} ${fwcmd} add deny all from any to 240.0.0.0/4 via ${oif} # Network Address Translation. This rule is placed here deliberately # so that it does not interfere with the surrounding address-checking # rules. If for example one of your internal LAN machines had its IP # address set to 192.0.2.1 then an incoming packet for it after being # translated by natd(8) would match the `deny' rule above. Similarly # an outgoing packet originated from it before being translated would # match the `deny' rule below. ${fwcmd} add divert natd all from any to any via ${natd_interface} # Stop RFC1918 nets on the outside interface ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif} ${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif} ${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif} # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1, # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E) # on the outside interface ${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif} ${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif} ${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif} #Freebsd Install anleitungen http://freebsd.mountpoint.net ${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif} ${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif} # Allow established connections with minimal overhead ${fwcmd} add pass tcp from any to any established # Allow IP fragments to pass through ${fwcmd} add pass all from any to any frag ### TCP RULES # HTTP - Allow access to our web server ${fwcmd} add pass tcp from any to any 80 setup #${fwcmd} add deny tcp from any to any 80 setup #${fwcmd} add pass tcp from any to any 80 setup # HTTP - Deny access to our web server #${fwcmd} add deny tcp from any to any 80 setup # SMTP - Allow access to sendmail for incoming e-mail ${fwcmd} add pass tcp from any to any 25 setup # FTP - Allow incoming data channel for outgoing connections, # reject & log all incoming control connections ${fwcmd} add pass tcp from any 20 to any 1024-65535 setup ${fwcmd} add deny log tcp from any to any 21 in via ${oif} setup # SSH Login - Allow & Log all incoming ${fwcmd} add pass log tcp from any to any 22 in via ${oif} setup # IDENT - Reset incoming connections ${fwcmd} add reset tcp from any to any 113 in via ${oif} setup # Reject&Log all setup of incoming connections from the outside ${fwcmd} add deny log tcp from any to any in via ${oif} setup # Allow setup of any other TCP connection ${fwcmd} add pass tcp from any to any setup ### UDP RULES # DNS - Allow queries out in the world ${fwcmd} add pass udp from any to ${dns1} 53 ${fwcmd} add pass udp from any to ${dns2} 53 ${fwcmd} add pass udp from ${dns1} 53 to any ${fwcmd} add pass udp from ${dns2} 53 to any # SMB - Allow local traffic ${fwcmd} add pass udp from any to any 137-139 via ${iif} # SYSLOG - Allow machines on inside net to log to us. ${fwcmd} add pass log udp from any to any 514 via ${iif} # NTP - Allow queries out in the world ${fwcmd} add pass udp from any 123 to any 123 via ${oif} ${fwcmd} add pass udp from any 123 to any via ${iif} ${fwcmd} add pass udp from any to any 123 via ${iif} # TRACEROUTE - Allow outgoing ${fwcmd} add pass udp from any to any 33434-33523 out via ${oif} ### ICMP RULES # ICMP packets # Allow all ICMP packets on internal interface ${fwcmd} add pass icmp from any to any via ${iif} # Allow outgoing pings ${fwcmd} add pass icmp from any to any icmptypes 8 out via ${oif} ${fwcmd} add pass icmp from any to any icmptypes 0 in via ${oif} # Allow Destination Unreachable, Source Quench, Time # Exceeded, and Bad Header ${fwcmd} add pass icmp from any to any icmptypes 3,4,11,12 via ${oif} # Deny the rest of them ${fwcmd} add deny icmp from any to any ### MISCELLANEOUS REJECT RULES # Reject broadcasts from outside interface ${fwcmd} add 63000 deny ip from any to 0.0.0.255:0.0.0.255 in via ${oif} # Reject&Log SMB connections on outside interface ${fwcmd} add 64000 deny log udp from any to any 137-139 via ${oif} # Reject&Log all other connections from outside interface ${fwcmd} add 65000 deny log ip from any to any via ${oif} # Everything else is denied by default, unless the # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel # config file. ------------//--------------- /etc/sysctl.conf # Uncomment this to prevent users from seeing information about processes that # are being run under another UID. #security.bsd.see_other_uids=0 net.inet.ip.forwarding=1 1.I want implement more security in my rules. I want to improve my Security rule sets in rc.ipfw If any one have any comments about it 2. I am running proxy server squid on the same box which is running IPFW... I want my client access the HTTP only through the proxy and and deny access for people who is not using the proxy setting proxy_ip_X.X.X.X:3128 in the IExplorer in my firewall i am allowing the following # HTTP - Allow access to our web server ${fwcmd} add pass tcp from any to any 80 setup How Can I implement this? 3. I'm intrested in blocking kazaa/P2P trafic with IPFW any help in this issue 4. what should i include in /etc/sysctl.conf against DoS attack , spoof ..etc 5. I want to allow only one specific IP (5.6.7.8) to manage the box by accessing it via ssh only Thanks From owner-freebsd-isp@FreeBSD.ORG Tue Feb 24 09:25:55 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F33E16A4CE for ; Tue, 24 Feb 2004 09:25:55 -0800 (PST) Received: from SRV-07.radiobras.local (unknown [200.252.42.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8AC0243D31 for ; Tue, 24 Feb 2004 09:25:51 -0800 (PST) (envelope-from wendel@radiobras.gov.br) Received: from WENDEL (200-101-099-012.bsace7034.t.brasiltelecom.net.br [200.101.99.12]) by SRV-07.radiobras.local with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 15KNWGXS; Tue, 24 Feb 2004 14:24:47 -0300 X-Mailer: Ultrafunk Popcorn release 1.65 (09-Feb-2004) X-URL: http://www.ultrafunk.com/products/popcorn/ X-Priority: 3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=iso-8859-1 Date: Tue, 24 Feb 2004 14:25:20 -0300 From: wendelmaques To: pons@gmx.li, freebsd-isp@freebsd.org Organization: radiobras Message-Id: <20040224172551.8AC0243D31@mx1.FreeBSD.org> Subject: Re: ipfw X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 17:25:55 -0000 > 3. I'm intrested in blocking kazaa/P2P trafic with IPFW > any help in this issue Don't block kazaa ports, it will use another port, instead, use some type of QoS to limit bandwidth linke this: # TORTURING KAZAA USERS, (ö) /sbin/ipfw add pipe 5 tcp from any 1214 to any in via de0 /sbin/ipfw pipe 5 config bw 1Kbit/s queue 10 *** I'm not using sofisticated rules like your but work fine for me take a look ate: http://www.dotpix.com.br/~wendel/rc.d/ wendel From owner-freebsd-isp@FreeBSD.ORG Tue Feb 24 16:39:53 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8183916A4CE for ; Tue, 24 Feb 2004 16:39:53 -0800 (PST) Received: from morpheus.mind.net (morpheus.mind.net [69.9.130.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5870A43D1D for ; Tue, 24 Feb 2004 16:39:53 -0800 (PST) (envelope-from jfox@morpheus.mind.net) Received: from morpheus.mind.net (localhost [127.0.0.1]) by morpheus.mind.net (8.12.8p2/8.12.8) with ESMTP id i1P0dpCT041164; Tue, 24 Feb 2004 16:39:51 -0800 (PST) (envelope-from jfox@morpheus.mind.net) Received: (from jfox@localhost) by morpheus.mind.net (8.12.8p2/8.12.8/Submit) id i1P0do1t041163; Tue, 24 Feb 2004 16:39:50 -0800 (PST) Date: Tue, 24 Feb 2004 16:39:50 -0800 From: John Fox To: freebsd-isp@freebsd.org Message-ID: <20040225003950.GL213@mind.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Quip: Fly the white flag of war! Subject: FrontPage conversion X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 00:39:53 -0000 Hello, We've got a clunky old FreeBSD 2.2.2 machine hosting approximately 30 FrontPage sites (FrontPage version 3). We want to move them to a more modern FreeBSD 4.X system, (running FrontPage version 4.0 or 5.0 (preference being 5.0)) but we're sure that there have been finicky changes in file formats and such between versions, in fact, someone else in the department has confirmed this. So we're wondering -- we can't be the first people to have this problem, and thus it is that I ask you folks, has anyone here had to deal with this situation? Are there any tips for moving/upgrading these sites? Thank you, -John -- +---------------------------------------------------------------------------+ | John Fox | System Administrator | InfoStructure | +---------------------------------------------------------------------------+ | I used to trust the media to tell me the truth, tell us the truth | | But now I've seen the payoffs everywhere I look | | Who can you trust when everyone's a crook? | | -- Queensryche, "Revolution Calling" | +---------------------------------------------------------------------------+ From owner-freebsd-isp@FreeBSD.ORG Tue Feb 24 18:24:54 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3C64616A4CE for ; Tue, 24 Feb 2004 18:24:54 -0800 (PST) Received: from mail1.txucom.net (mail1.txucom.net [207.70.175.20]) by mx1.FreeBSD.org (Postfix) with SMTP id E28AC43D1F for ; Tue, 24 Feb 2004 18:24:53 -0800 (PST) (envelope-from bob@buckhorn.net) Received: (qmail 24162 invoked from network); 25 Feb 2004 02:24:52 -0000 Received: from lfkn-adsl-dhcp-net1-197.txucom.net (HELO tardis.buckhorn.net) ([207.70.145.197]) (envelope-sender ) by mail1.txucom.net (qmail-ldap-1.03) with SMTP for ; 25 Feb 2004 02:24:52 -0000 Received: from buckhorn.net (localhost.buckhorn.net [127.0.0.1]) by tardis.buckhorn.net (Postfix) with ESMTP id 325FB1B8F85; Tue, 24 Feb 2004 20:24:49 -0600 (CST) Message-ID: <403C0770.10901@buckhorn.net> Date: Tue, 24 Feb 2004 20:24:48 -0600 From: Bob Martin User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: John Fox References: <20040225003950.GL213@mind.net> In-Reply-To: <20040225003950.GL213@mind.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: FrontPage conversion X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 02:24:54 -0000 John, There are 2 game plans for this. You can upgrade apache, and then install mod_frontpage on the old system. Tell the new Front Page to upgrade the existing sites, then move to the new server. Build the new box, move the sites, then install mod_frontpage, and upgrade the existing sites. Either way, make backups, and read the FP server docs. I've personally had good luck with both methods, but prefer the second, mostly because I don't alter the "know good" installation. By the way, run the latest 1.3.x (currently 1.3.29) apache, and if you didn't already know it, Front Page is a real apache mod now, so you don't have to jump through hoops to build it. Bob Martin John Fox wrote: > Hello, > > We've got a clunky old FreeBSD 2.2.2 machine hosting approximately > 30 FrontPage sites (FrontPage version 3). > > We want to move them to a more modern FreeBSD 4.X system, (running > FrontPage version 4.0 or 5.0 (preference being 5.0)) but we're sure > that there have been finicky changes in file formats and such between > versions, in fact, someone else in the department has confirmed this. > > So we're wondering -- we can't be the first people to have this > problem, and thus it is that I ask you folks, has anyone here had to > deal with this situation? Are there any tips for moving/upgrading > these sites? > > Thank you, > > -John > -- > +---------------------------------------------------------------------------+ > | John Fox | System Administrator | InfoStructure | > +---------------------------------------------------------------------------+ > | I used to trust the media to tell me the truth, tell us the truth | > | But now I've seen the payoffs everywhere I look | > | Who can you trust when everyone's a crook? | > | -- Queensryche, "Revolution Calling" | > +---------------------------------------------------------------------------+ > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Tue Feb 24 19:58:51 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E4F8516A4CE for ; Tue, 24 Feb 2004 19:58:50 -0800 (PST) Received: from tower.berklix.org (bsd.bsn.com [194.221.32.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 118EB43D1D for ; Tue, 24 Feb 2004 19:58:48 -0800 (PST) (envelope-from jhs@flat.berklix.net) Received: from js.berklix.net (pD9E4DA04.dip.t-dialin.net [217.228.218.4]) (authenticated bits=0) by tower.berklix.org (8.12.9p2/8.12.9) with ESMTP id i1P3wfgN063501; Wed, 25 Feb 2004 04:58:43 +0100 (CET) (envelope-from jhs@flat.berklix.net) Received: from fire.jhs.private (fire.jhs.private [192.168.91.41]) by js.berklix.net (8.12.9p2/8.12.9) with ESMTP id i1P3wdlI027944; Wed, 25 Feb 2004 04:58:39 +0100 (CET) (envelope-from jhs@flat.berklix.net) Received: from fire.jhs.private (localhost [127.0.0.1]) by fire.jhs.private (8.12.9p2/8.12.9) with ESMTP id i1P3wcrM004092; Wed, 25 Feb 2004 04:58:38 +0100 (CET) (envelope-from jhs@fire.jhs.private) Received: (from jhs@localhost) by fire.jhs.private (8.12.9p2/8.12.9/Submit) id i1P3wZeC004091; Wed, 25 Feb 2004 04:58:35 +0100 (CET) (envelope-from jhs) Date: Wed, 25 Feb 2004 04:58:35 +0100 (CET) Message-Id: <200402250358.i1P3wZeC004091@fire.jhs.private> To: freebsd-isp@freebsd.org, jhs@berklix.com From: "Julian Stacey" Organization: http://berklix.com/~jhs/ Fcc: sent-mail User-agent: EXMH http://beedub.com/exmh/ on FreeBSD http://freebsd.org cc: ewinter@ewinter.org cc: np@bsn.com Subject: ftpd loop hole ? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 03:58:51 -0000 Hi freebsd-isp@ people, CC np@bsn.com, ewinter@ewinter.org Has anyone else seen an exploit of standard ftpd on 4.9-RELEASE ? Some bandwidth thief uploaded videos to my ~ftp/ for bootleggers to download. How to stop a repeat occurence ? There's very few people have logins on this machine, & I trust the people, & most of them aren't even competent to achieve an intrusion. It was probably not an inside job. This was my 4.9 config: /etc/master.passwd ftp:*:14:5::0:0:Anonymous FTP tower.berklix:/usr1/ftp:/sbin/nologin ~ftp/passwd (not sure if file needed ?) # root:*:0:0:Charlie &:/root:/bin/csh toor:*:0:0:Bourne-again Superuser:/root: daemon:*:1:1:Owner of many system processes:/root:/sbin/nologin operator:*:2:5:System &:/:/sbin/nologin bin:*:3:7:Binaries Commands and Source,,,:/:/sbin/nologin tty:*:4:65533:Tty Sandbox:/:/sbin/nologin kmem:*:5:65533:KMem Sandbox:/:/sbin/nologin games:*:7:13:Games pseudo-user:/usr/games:/sbin/nologin news:*:8:8:News Subsystem:/:/sbin/nologin man:*:9:9:Mister Man Pages:/usr/share/man:/sbin/nologin ftp:*:14:5:Anonymous FTP Admin:/var/ftp:/nonexistent last changed to ftp:*:14:5:Anonymous FTP Admin:/var/ftp:/sbin/nologin /etc/ftpusers did not contain a line "ftp" (neither does /usr/src/etc/ftpusers) mine does now - my idea now is to split the ftpd functionality: - Try harder to block anon ftp writes to this machine (only allow local users to ftp upload ( & maybe to an mdconfig'd mini FS of just 50M or so)) - later run a read only anon ftpd on another machine. /etc/inetd.conf ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l -l telnet stream tcp nowait root /usr/libexec/telnetd telnetd shell stream tcp nowait root /usr/libexec/rshd rshd login stream tcp nowait root /usr/libexec/rlogind rlogind ntalk dgram udp wait tty:tty /usr/libexec/ntalkd ntalkd tftp dgram udp wait nobody /usr/libexec/tftpd tftpd -l /pub/tftp/ncd /pub/bootp /usr/X11R6/lib/X11/fonts finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s I didnt have -r on ftpd because a few people on that host have genuine stuff to upload occasionally. The telnet shell login are there for emergencies & the use of a couple of cluless MS users, but people with root privs use ssh (unless maybe on same local ethernet segment, during rescue/ upgrade periods) /etc/hosts.equiv Potential loophole to IP spoofing, so I've stripped it of names, & will go to ssh/shosts.equiv /usr/local/etc/rc.d has: apache.sh* apache.sh-dist cyrus_pwcheck.sh* cyrus_sasl1* saslauthd1.sh* I haven't enabled apache for data upload, just download (& not from ftp area) >From man ftpd I can see & have added: -M Prevent anonymous users from creating directories. ~ftp was UID=ftp, 755, is now uid=0 555 (per man ftpd) ~ftp/etc & ~ftp/pub similarly checked/fixed Anthing else I've missed ? Would I be better using some other ftpd from ports/ rather than /usr/src ? - Julian Stacey. Unix C & Net Services Consultant - Munich. http://berklix.com Mail me in Ascii text/plain: Html + Mime is dumped as Spam. Schnupftabak probieren: Ihr Rauchen = mein allergischer Kopfschmerz ! Software patents ? vampires would approve ! http://berklix.com/patents/ From owner-freebsd-isp@FreeBSD.ORG Tue Feb 24 23:34:32 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 919CE16A4CE for ; Tue, 24 Feb 2004 23:34:32 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id A297643D1F for ; Tue, 24 Feb 2004 23:34:31 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1P7XnQE083334 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 25 Feb 2004 10:33:50 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1P7XlLE083333; Wed, 25 Feb 2004 10:33:48 +0300 (MSK) Date: Wed, 25 Feb 2004 10:33:47 +0300 From: Gleb Smirnoff To: Julian Stacey Message-ID: <20040225073347.GA83247@cell.sick.ru> References: <200402250358.i1P3wZeC004091@fire.jhs.private> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <200402250358.i1P3wZeC004091@fire.jhs.private> User-Agent: Mutt/1.5.6i cc: freebsd-isp@freebsd.org cc: jhs@berklix.com cc: ewinter@ewinter.org cc: np@bsn.com Subject: Re: ftpd loop hole ? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 07:34:32 -0000 On Wed, Feb 25, 2004 at 04:58:35AM +0100, Julian Stacey wrote: J> Some bandwidth thief uploaded videos to my ~ftp/ for bootleggers to download. ... J> /etc/master.passwd J> ftp:*:14:5::0:0:Anonymous FTP tower.berklix:/usr1/ftp:/sbin/nologin ... J> /etc/inetd.conf J> ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l -l With configuration described above, you have got an anonymous ftp login. J> >From man ftpd I can see & have added: J> -M Prevent anonymous users from creating directories. I do not see this in your inetd.conf. Since you have "-l -l", you can obtain all needed information from log files. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-isp@FreeBSD.ORG Wed Feb 25 03:15:12 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF77816A4CF for ; Wed, 25 Feb 2004 03:15:12 -0800 (PST) Received: from mailout01.sul.t-online.com (mailout01.sul.t-online.com [194.25.134.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id 38F3743D1D for ; Wed, 25 Feb 2004 03:15:12 -0800 (PST) (envelope-from Alexander@Leidinger.net) Received: from fwd11.aul.t-online.de by mailout01.sul.t-online.com with smtp id 1Avx0B-0003bm-04; Wed, 25 Feb 2004 12:14:55 +0100 Received: from Andro-Beta.Leidinger.net (rAlAC-ZBoeYK54YqLMcG08h3pxZn0udW0-8vDnnhZsBAz2IRL3gkww@[80.131.119.223]) by fmrl11.sul.t-online.com with esmtp id 1Avwzw-0NXseG0; Wed, 25 Feb 2004 12:14:40 +0100 Received: from Magellan.Leidinger.net (Magellan.Leidinger.net [192.168.1.1]) i1PBEdOU024820; Wed, 25 Feb 2004 12:14:39 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from Magellan.Leidinger.net (netchild@localhost [127.0.0.1]) i1PBEcHp011728; Wed, 25 Feb 2004 12:14:38 +0100 (CET) (envelope-from Alexander@Leidinger.net) Date: Wed, 25 Feb 2004 12:14:38 +0100 From: Alexander Leidinger To: "Julian Stacey" Message-Id: <20040225121438.45571550@Magellan.Leidinger.net> In-Reply-To: <200402250358.i1P3wZeC004091@fire.jhs.private> References: <200402250358.i1P3wZeC004091@fire.jhs.private> X-Mailer: Sylpheed version 0.9.9claws (GTK+ 1.2.10; i386-portbld-freebsd5.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Seen: false X-ID: rAlAC-ZBoeYK54YqLMcG08h3pxZn0udW0-8vDnnhZsBAz2IRL3gkww@t-dialin.net cc: freebsd-isp@freebsd.org cc: ewinter@ewinter.org cc: np@bsn.com Subject: Re: ftpd loop hole ? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 11:15:13 -0000 On Wed, 25 Feb 2004 04:58:35 +0100 (CET) "Julian Stacey" wrote: > Hi freebsd-isp@ people, CC np@bsn.com, ewinter@ewinter.org > > Has anyone else seen an exploit of standard ftpd on 4.9-RELEASE ? I haven't, but this doesn't mean there can't be one lurking around. > Some bandwidth thief uploaded videos to my ~ftp/ for bootleggers to download. > > How to stop a repeat occurence ? There's very few people have > logins on this machine, & I trust the people, & most of them aren't even > competent to achieve an intrusion. It was probably not an inside job. [config] It depends on the configuration. You had a ftp user and the ftpd wasn't configured to disallow anonymous logins. If the server depends upon the use of anonymous logins, and those guests have to be allowed to upload data and download the same data, there's nothing you can do about it. If you don't need anonymous - access, remove the ftp user - read access, use the -O option - write access, use an appropriate chmod command Bye, Alexander. -- I will be available to get hired in April 2004. http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7 From owner-freebsd-isp@FreeBSD.ORG Wed Feb 25 04:16:26 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2F84116A4DC for ; Wed, 25 Feb 2004 04:16:26 -0800 (PST) Received: from mail011.syd.optusnet.com.au (mail011.syd.optusnet.com.au [211.29.132.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E66F43D31 for ; Wed, 25 Feb 2004 04:16:25 -0800 (PST) (envelope-from tfrank@optushome.com.au) Received: from marvin.home.local (c211-28-241-189.eburwd5.vic.optusnet.com.au [211.28.241.189])i1PCGM102716; Wed, 25 Feb 2004 23:16:22 +1100 Received: by marvin.home.local (Postfix, from userid 1001) id 49EB3333; Wed, 25 Feb 2004 23:16:21 +1100 (EST) Date: Wed, 25 Feb 2004 23:16:20 +1100 From: Tony Frank To: Roberto Pereyra Message-ID: <20040225121620.GC26059@marvin.home.local> References: <20040223123108.GB1220@gualeguaychu.gov.ar> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040223123108.GB1220@gualeguaychu.gov.ar> User-Agent: Mutt/1.4.2.1i cc: freebsd-isp@freebsd.org Subject: Re: dialup questions again X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 12:16:26 -0000 On Mon, Feb 23, 2004 at 09:31:08AM -0300, Roberto Pereyra wrote: > Hi > > I want to setup a dialup freebsd 5.2 server. > > My setup is: > > ---INTERNET---------| GATEWAY |-------------|DIALUP SERVER| -----|----192.160.0.171 > 192.169.0.1 192.168.0.170 |----192.168.0.172 > |----192.168.0.173 > 8 lines > My ppp.conf is: > > default: > pap: > set debug phase lcp chat > set timeout 0 set debug phase lcp chat > enable pap > set ifaddr 192.168.0.1 192.168.0.171-192.168.0.178 255.255.255.0 > enable proxy > accept dns > set dns 192.168.0.1 > load server > set radius /etc/radius.conf > > I have enable the eight lines in my /etc/ttys > > ttyd0 "/usr/local/sbin/mgetty -s 115200" dialup on secure > ttyd1 "/usr/local/sbin/mgetty -s 115200" dialup on secure > ...... My setup for /etc/ttys is: # Serial terminals # The 'dialup' keyword identifies dialin lines to login, fingerd etc. # Mgetty lines - replace dialup getty cuaa0 "/usr/local/sbin/mgetty" unknown on insecure cuaa1 "/usr/local/sbin/mgetty" unknown on insecure ttyd0 "/usr/libexec/getty std.115200" dialup off ttyd1 "/usr/libexec/getty std.115200" dialup off ttyd2 "/usr/libexec/getty std.115200" dialup off ttyd3 "/usr/libexec/getty std.115200" dialup off Note that the mgetty is using cuaa0/cuaa1 instead of ttyd0/ttyd1. I'm not sure if this made a different for me, but this is how mgetty installed by default. In my case I set the speed in the mgetty configuration file. > Some questions: > > I must enable > > pseudo-device tun 1 > > 1 must be 8 or this setup is automatic for freebsd 5.2 ? The number is automatic, just "pseudo-device tun" should be sufficient. > Is my ppp.conf rigth ? It looks fine. Does it work for you? > Is the "set ifaddr ...." line rigth ? Does it work when you test it? > I have in both sides USR 56K and not have more than 32k with analog lines. How can I have more speed ? You may be able to get up to 33600 both ways with analog lines but no more. For 56k operation one end must be digital. In that case downstream is 56k and upstream is 33600 (max) Regards, Tony From owner-freebsd-isp@FreeBSD.ORG Tue Feb 24 22:00:23 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3904E16A4CF for ; Tue, 24 Feb 2004 22:00:23 -0800 (PST) Received: from cal.cmc.net.in (unknown [203.197.96.133]) by mx1.FreeBSD.org (Postfix) with ESMTP id B44C743D1F for ; Tue, 24 Feb 2004 22:00:18 -0800 (PST) (envelope-from dharmesh@pun.cmc.net.in) Received: from bom.cmc.net.in (bom.cmc.net.in [192.168.22.5]) by cal.cmc.net.in (8.11.7+Sun/8.10.2) with ESMTP id i1P63N310805 for ; Wed, 25 Feb 2004 11:33:25 +0530 (IST) Received: from bom.cmc.net.in (bom [192.168.22.5]) by bom.cmc.net.in (8.9.3+Sun/8.9.1) with SMTP id LAA27678 for ; Wed, 25 Feb 2004 11:33:47 +0530 (IST) Received: from pun.cmc.net.in ([192.168.69.2]) by bom.cmc.net.in (NAVGW 2.5.1.6) with SMTP id M2004022511334430087 for ; Wed, 25 Feb 2004 11:33:45 +0530 Received: from dharmeshk ([192.168.69.189]) by pun.cmc.net.in (8.11.2/8.11.2) with SMTP id i1P69rG15290 for ; Wed, 25 Feb 2004 11:40:09 +0530 Message-ID: <002501c3fb64$42266620$bd45a8c0@cmcltd.com> From: "Kiyawat Dharmesh" To: Date: Wed, 25 Feb 2004 11:27:08 +0530 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 X-Mailman-Approved-At: Wed, 25 Feb 2004 05:20:48 -0800 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: decrypt a file in unix X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 06:00:23 -0000 HI On HP UNIX system I have encryted a file by mistake and forgot the key. Is there any way by which I can get the original file back? Pls help me. Thanking you in anticipation. Regards, Dharmesh Kiyawat =20 From owner-freebsd-isp@FreeBSD.ORG Wed Feb 25 05:36:20 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 326C716A4CE for ; Wed, 25 Feb 2004 05:36:20 -0800 (PST) Received: from otter3.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE8B843D2D for ; Wed, 25 Feb 2004 05:36:19 -0800 (PST) (envelope-from anderson@centtech.com) Received: from centtech.com (neutrino.centtech.com [10.177.171.220]) by otter3.centtech.com (8.12.3/8.12.3) with ESMTP id i1PDaJE8054958; Wed, 25 Feb 2004 07:36:19 -0600 (CST) (envelope-from anderson@centtech.com) Message-ID: <403CA4B0.8080208@centtech.com> Date: Wed, 25 Feb 2004 07:35:44 -0600 From: Eric Anderson User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040205 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Kiyawat Dharmesh References: <002501c3fb64$42266620$bd45a8c0@cmcltd.com> In-Reply-To: <002501c3fb64$42266620$bd45a8c0@cmcltd.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: decrypt a file in unix X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 13:36:20 -0000 Kiyawat Dharmesh wrote: > HI > On HP UNIX system I have encryted a file by mistake and forgot the key. > Is there any way by which I can get the original file back? > Pls help me. This is really the wrong list for this question - freebsd-questions or (maybe) freebsd-security would have been more appropriate - assuming you are trying to decrypt on FreeBSD and not HP-UX (since, after all, this is a FreeBSD list, not and HP list). However, if you are asking what I think you are asking, then I'm sorry to say that you probably won't be able to get the data back - since that is the whole idea of encryption in the first place. Depending on what algorithm you used to encrypt the data, there is a slim possibility that you would be able to find a way to brute force it, but I wouldn't count on it. Good luck Eric -- ------------------------------------------------------------------ Eric Anderson Sr. Systems Administrator Centaur Technology Today is the tomorrow you worried about yesterday. ------------------------------------------------------------------ From owner-freebsd-isp@FreeBSD.ORG Wed Feb 25 05:43:37 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3CA5F16A4CE for ; Wed, 25 Feb 2004 05:43:37 -0800 (PST) Received: from cah.talon.net (cah.talon.net [199.224.105.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id A0C9243D2F for ; Wed, 25 Feb 2004 05:43:36 -0800 (PST) (envelope-from ssj@scottah.com) Received: from media1 ([207.230.143.240]) by cah.talon.net (8.12.10/8.12.9) with ESMTP id i1PDdc2B011071 for ; Wed, 25 Feb 2004 08:39:39 -0500 (EST) (envelope-from ssj@scottah.com) Message-Id: <200402251339.i1PDdc2B011071@cah.talon.net> From: "Scott St. John" To: Date: Wed, 25 Feb 2004 08:43:20 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Thread-Index: AcP7pVTHx6lkQAFcSXuexRzZMhB0kw== Subject: Conversion to FreeBSD from Linux X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 13:43:37 -0000 I have been searching the net for a simple answer and I will continue to look, but if anyone has a link, please pass it along. Two years ago I converted my BSDi password file to Linux with a simple script to replace fields. For obvious reasons I want to move back to FreeBSD, but of course I need to convert the Linux passwd file of 2,000+ users to FreeBSD. Any links will be appreciated! Thank you, -Scott From owner-freebsd-isp@FreeBSD.ORG Wed Feb 25 06:08:07 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9B65C16A4CE for ; Wed, 25 Feb 2004 06:08:07 -0800 (PST) Received: from wjv.com (user38.net339.fl.sprint-hsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 09EE543D31 for ; Wed, 25 Feb 2004 06:08:07 -0800 (PST) (envelope-from bv@bilver.wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by wjv.com (8.12.10/8.12.10) with ESMTP id i1PE84gT007383 for ; Wed, 25 Feb 2004 09:08:04 -0500 (EST) (envelope-from bv@bilver.wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.12.10/8.12.10/Submit) id i1PE84HZ007382 for freebsd-isp@freebsd.org; Wed, 25 Feb 2004 09:08:04 -0500 (EST) (envelope-from bv) Date: Wed, 25 Feb 2004 09:08:03 -0500 From: Bill Vermillion To: freebsd-isp@freebsd.org Message-ID: <20040225140803.GD55351@wjv.com> References: <200402251339.i1PDdc2B011071@cah.talon.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200402251339.i1PDdc2B011071@cah.talon.net> Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.6i X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.61 X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on bilver.wjv.com Subject: Re: Conversion to FreeBSD from Linux X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: bv@wjv.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 14:08:07 -0000 While stranded on the shoulder of the Information Superhiway and trying to flag down some passing bytes Scott St. John said "Bits don't fail me now", and continued with: > I have been searching the net for a simple answer and I will > continue to look, but if anyone has a link, please pass it > along. > Two years ago I converted my BSDi password file to Linux with a > simple script to replace fields. For obvious reasons I want to > move back to FreeBSD, but of course I need to convert the Linux > passwd file of 2,000+ users to FreeBSD. > Any links will be appreciated! If you don't find any scripts I found it was not that difficult with vi, a little editing, and the using the cut and paste unix utilities. It's basically putting the appropriate parts from /etc/passwd and /etc/shadow, adding the two extra fields for BSD, and then running the vipw on the completed file. Since it was a one-time thing for me, but it was Irix to BSD and the file format on both Irix and Linux passwords were the same, I figured I could do it manually editing rather than take the time to write a script. Bill -- Bill Vermillion - bv @ wjv . com From owner-freebsd-isp@FreeBSD.ORG Wed Feb 25 06:13:57 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC28F16A4CE for ; Wed, 25 Feb 2004 06:13:57 -0800 (PST) Received: from joseph.outreachnetworks.com (joseph.outreachnetworks.com [65.196.249.147]) by mx1.FreeBSD.org (Postfix) with SMTP id 6FFEA43D41 for ; Wed, 25 Feb 2004 06:13:57 -0800 (PST) (envelope-from elh@outreachnetworks.com) Received: (qmail 15196 invoked from network); 25 Feb 2004 14:13:56 -0000 Received: from joseph.outreachnetworks.com (HELO preacher.outreachnetworks.com) (65.196.249.147) by joseph.outreachnetworks.com with SMTP; 25 Feb 2004 14:13:56 -0000 Received: by preacher.outreachnetworks.com (sSMTP sendmail emulation); Wed, 25 Feb 2004 09:13:56 -0500 Date: Wed, 25 Feb 2004 09:13:56 -0500 From: "Eric L. Howard" To: freebsd-isp@freebsd.org Message-ID: <20040225141355.GA1519@outreachnetworks.com> Mail-Followup-To: freebsd-isp@freebsd.org References: <200402251339.i1PDdc2B011071@cah.talon.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200402251339.i1PDdc2B011071@cah.talon.net> X-Favorite-Scripture: Romans 8:18 X-Theocratic-Rule-Advocate: http://www.crossmovement.com X-Registered-Secret-Agent: Agent Double-Naught Seven X-Operating-System: Linux 2.4.22-mywin4lin User-Agent: Mutt/1.5.4i Subject: Re: Conversion to FreeBSD from Linux X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 14:13:58 -0000 At a certain time, now past [Feb.25.2004-08:43:20AM -0500], ssj@scottah.com spake thusly: > I have been searching the net for a simple answer and I will continue to > look, but if anyone has a link, please pass it along. > > Two years ago I converted my BSDi password file to Linux with a simple > script to replace fields. For obvious reasons I want to move back to > FreeBSD, but of course I need to convert the Linux passwd file of 2,000+ > users to FreeBSD. > > Any links will be appreciated! man pwconv on Linux and Google/BSD[0] for linux password. ~elh 0. http://www.google.com/bsd -- Eric L. Howard e l h @ o u t r e a c h n e t w o r k s . c o m ------------------------------------------------------------------------ www.OutreachNetworks.com 313.297.9900 ------------------------------------------------------------------------ JabberID: elh@jabber.org Advocate of the Theocratic Rule From owner-freebsd-isp@FreeBSD.ORG Wed Feb 25 06:30:17 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3FCC416A4CE for ; Wed, 25 Feb 2004 06:30:17 -0800 (PST) Received: from xyzzy.wireless.snsonline.net (210-18-214-108.cust.iexec.net.au [210.18.214.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4E16743D1D for ; Wed, 25 Feb 2004 06:30:16 -0800 (PST) (envelope-from msergeant@snsonline.net) Received: from xyzzy.wireless.snsonline.net (localhost [127.0.0.1]) i1PEUD8L004117; Thu, 26 Feb 2004 00:30:13 +1000 (EST) (envelope-from msergeant@snsonline.net) Received: (from msergeant@localhost)i1PEUBRP004116; Thu, 26 Feb 2004 00:30:11 +1000 (EST) (envelope-from msergeant@snsonline.net) X-Authentication-Warning: xyzzy.wireless.snsonline.net: msergeant set sender to msergeant@snsonline.net using -f From: Mark Sergeant To: "Eric L. Howard" In-Reply-To: <20040225141355.GA1519@outreachnetworks.com> References: <200402251339.i1PDdc2B011071@cah.talon.net> <20040225141355.GA1519@outreachnetworks.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-wEHfKFCkK6E2tKds8ovl" Organization: SNSOnline Technical Services Message-Id: <1077719411.1351.6.camel@localhost> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Thu, 26 Feb 2004 00:30:11 +1000 cc: freebsd-isp@freebsd.org Subject: Re: Conversion to FreeBSD from Linux X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 14:30:17 -0000 --=-wEHfKFCkK6E2tKds8ovl Content-Type: text/plain Content-Transfer-Encoding: quoted-printable -- Begin perl script -- #!/usr/bin/perl -w use AcctInfo; my $acct =3D new AcctInfo; my @realusers =3D $acct->GetNonSystemUsers; umask(066); $pwfile =3D "/tmp/temppasswd"; open(PWFILE, ">$pwfile") || die "Unable to open $pwfile"; foreach $user (@realusers) { $acct->SetUser($user); $acct->cache; $passwd =3D $acct->GetPassword; $uid =3D $acct->GetUid; $gid =3D $acct->GetGid; $realname =3D $acct->GetRealName; $homedir =3D $acct->GetHomeDir; $shell =3D $acct->GetShell; # Get rid of extraneous , used in Solaris gcos field. ($realname,$junk) =3D split(/,/, $realname); # Output data in bsd password format. print PWFILE $user . ":" . $passwd . ":" . $uid . ":" . $gid . "::0:0:" . $realname . ":" . $homedir . ":" . $shell . "\n"; } close(PWFILE); exit; -- End perl script Should work well enough on linux as well. ohh and of course if you intend to use it more than once drop in some error checking / catching, something to remove the system accounts and of course "use strict" Cheers, Mark On Thu, 2004-02-26 at 00:13, Eric L. Howard wrote: > At a certain time, now past [Feb.25.2004-08:43:20AM -0500], ssj@scottah.c= om spake thusly: > > I have been searching the net for a simple answer and I will continue t= o > > look, but if anyone has a link, please pass it along. > >=20 > > Two years ago I converted my BSDi password file to Linux with a simple > > script to replace fields. For obvious reasons I want to move back to > > FreeBSD, but of course I need to convert the Linux passwd file of 2,000= + > > users to FreeBSD. > >=20 > > Any links will be appreciated! >=20 > man pwconv on Linux and Google/BSD[0] for linux password. >=20 > ~elh >=20 > 0. http://www.google.com/bsd --=20 Mark Sergeant SNSOnline Technical Services --=-wEHfKFCkK6E2tKds8ovl Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAPLFybS4ZEpHb8t0RAoiEAJwO83DUt1ippN9c8rzEWgPV+xqjhgCfagtv PhULxc7+Q5+D73Npv/gdIAE= =HPMp -----END PGP SIGNATURE----- --=-wEHfKFCkK6E2tKds8ovl-- From owner-freebsd-isp@FreeBSD.ORG Wed Feb 25 09:51:57 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 31A5816A4CE for ; Wed, 25 Feb 2004 09:51:57 -0800 (PST) Received: from cah.talon.net (cah.talon.net [199.224.105.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id AB8BB43D1F for ; Wed, 25 Feb 2004 09:51:56 -0800 (PST) (envelope-from ssj@scottah.com) Received: from cah.talon.net (localhost.talon.net [127.0.0.1]) by cah.talon.net (8.12.10/8.12.9) with ESMTP id i1PHm02B012427; Wed, 25 Feb 2004 12:48:00 -0500 (EST) (envelope-from ssj@scottah.com) Received: from localhost (ssj@localhost) by cah.talon.net (8.12.10/8.12.9/Submit) with ESMTP id i1PHm0r2012424; Wed, 25 Feb 2004 12:48:00 -0500 (EST) (envelope-from ssj@scottah.com) X-Authentication-Warning: cah.talon.net: ssj owned process doing -bs Date: Wed, 25 Feb 2004 12:48:00 -0500 (EST) From: "Scott St. John" X-X-Sender: ssj@cah.talon.net To: Bill Vermillion In-Reply-To: <20040225140803.GD55351@wjv.com> Message-ID: <20040225124650.J12422@cah.talon.net> References: <200402251339.i1PDdc2B011071@cah.talon.net> <20040225140803.GD55351@wjv.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org Subject: Re: Conversion to FreeBSD from Linux X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 17:51:57 -0000 On Wed, 25 Feb 2004, Bill Vermillion wrote: > If you don't find any scripts I found it was not that difficult > with vi, a little editing, and the using the cut and paste unix > utilities. It's basically putting the appropriate parts > from /etc/passwd and /etc/shadow, adding the two extra fields for > BSD, and then running the vipw on the completed file. > Since it was a one-time thing for me, but it was Irix to BSD and > the file format on both Irix and Linux passwords were the same, I > figured I could do it manually editing rather than take the time to > write a script. Bill- Thanks for the info, I might try this, what do I have to loose? This will be a one time conversion as well since I will not be using Linux any longer for email, etc. So it will be once, done and all new users will be added directly on the machine. Thanks! -Scott From owner-freebsd-isp@FreeBSD.ORG Wed Feb 25 09:53:17 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 283B016A4CE for ; Wed, 25 Feb 2004 09:53:17 -0800 (PST) Received: from cah.talon.net (cah.talon.net [199.224.105.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id C5A5043D41 for ; Wed, 25 Feb 2004 09:53:16 -0800 (PST) (envelope-from ssj@scottah.com) Received: from cah.talon.net (localhost.talon.net [127.0.0.1]) by cah.talon.net (8.12.10/8.12.9) with ESMTP id i1PHnL2B012445; Wed, 25 Feb 2004 12:49:21 -0500 (EST) (envelope-from ssj@scottah.com) Received: from localhost (ssj@localhost) by cah.talon.net (8.12.10/8.12.9/Submit) with ESMTP id i1PHnKXc012442; Wed, 25 Feb 2004 12:49:21 -0500 (EST) (envelope-from ssj@scottah.com) X-Authentication-Warning: cah.talon.net: ssj owned process doing -bs Date: Wed, 25 Feb 2004 12:49:20 -0500 (EST) From: "Scott St. John" X-X-Sender: ssj@cah.talon.net To: Mark Sergeant In-Reply-To: <1077719411.1351.6.camel@localhost> Message-ID: <20040225124811.Q12422@cah.talon.net> References: <200402251339.i1PDdc2B011071@cah.talon.net> <1077719411.1351.6.camel@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org Subject: Re: Conversion to FreeBSD from Linux X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 17:53:17 -0000 Mark- I take it I run this directly on the BSD machine? I will give it a try and let you know how it works out. I will remove the system accounts from the Linux passwd file before I run the script. THANK YOU! -Scott On Thu, 26 Feb 2004, Mark Sergeant wrote: > -- Begin perl script -- > -- End perl script > > Should work well enough on linux as well. ohh and of course if you > intend to use it more than once drop in some error checking / catching, > something to remove the system accounts and of course "use strict" From owner-freebsd-isp@FreeBSD.ORG Wed Feb 25 15:24:29 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6461716A4CE for ; Wed, 25 Feb 2004 15:24:29 -0800 (PST) Received: from xyzzy.wireless.snsonline.net (office-fw.iexec.net.au [210.18.210.230]) by mx1.FreeBSD.org (Postfix) with ESMTP id 649B143D2F for ; Wed, 25 Feb 2004 15:24:28 -0800 (PST) (envelope-from msergeant@snsonline.net) Received: from xyzzy.wireless.snsonline.net (localhost [127.0.0.1]) i1PNOR1O092451; Thu, 26 Feb 2004 09:24:27 +1000 (EST) (envelope-from msergeant@snsonline.net) Received: (from msergeant@localhost)i1PNOMoM092449; Thu, 26 Feb 2004 09:24:22 +1000 (EST) (envelope-from msergeant@snsonline.net) X-Authentication-Warning: xyzzy.wireless.snsonline.net: msergeant set sender to msergeant@snsonline.net using -f From: Mark Sergeant To: "Scott St. John" In-Reply-To: <20040225124811.Q12422@cah.talon.net> References: <200402251339.i1PDdc2B011071@cah.talon.net> <20040225141355.GA1519@outreachnetworks.com> <20040225124811.Q12422@cah.talon.net> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-XiZ9qB0QRm1L4fgTmhOm" Organization: SNSOnline Technical Services Message-Id: <1077751462.1159.4.camel@localhost> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Thu, 26 Feb 2004 09:24:22 +1000 cc: freebsd-isp@freebsd.org Subject: Re: Conversion to FreeBSD from Linux X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 23:24:29 -0000 --=-XiZ9qB0QRm1L4fgTmhOm Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2004-02-26 at 03:49, Scott St. John wrote: > Mark- >=20 > I take it I run this directly on the BSD machine? I will give it a try > and let you know how it works out. I will remove the system accounts fro= m > the Linux passwd file before I run the script. >=20 Run this script on the linux machine, then edit the output file to get rid of the system accounts, once that is done scp that file across to the bsd machine and you could simply cat filename >> /etc/master.passwd && pwd_mkdb /etc/master.passwd . The reason this has to be run on the linux machine is due to how it grabs the system accounts. Cheers, Mark > THANK YOU! >=20 > -Scott > On Thu, 26 Feb 2004, Mark Sergeant wrote: >=20 > > -- Begin perl script -- > > -- End perl script > > > > Should work well enough on linux as well. ohh and of course if you > > intend to use it more than once drop in some error checking / catching, > > something to remove the system accounts and of course "use strict" --=20 Mark Sergeant SNSOnline Technical Services --=-XiZ9qB0QRm1L4fgTmhOm Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAPS6mbS4ZEpHb8t0RAvJeAJ4ilNBjOxLKWN21rtrW7WG0zrbYvgCeM3Wu rLYfbLM24XGiMGhudc/ijU4= =ttKW -----END PGP SIGNATURE----- --=-XiZ9qB0QRm1L4fgTmhOm-- From owner-freebsd-isp@FreeBSD.ORG Thu Feb 26 03:32:24 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7669B16A4CE for ; Thu, 26 Feb 2004 03:32:24 -0800 (PST) Received: from gualeguaychu.gov.ar (host165.200-117-41.telecom.net.ar [200.117.41.165]) by mx1.FreeBSD.org (Postfix) with ESMTP id D022943D1D for ; Thu, 26 Feb 2004 03:32:23 -0800 (PST) (envelope-from rjpereyra@gualeguaychu.gov.ar) Received: by gualeguaychu.gov.ar (Postfix, from userid 1061) id 757D4477D; Thu, 26 Feb 2004 08:32:34 -0300 (ART) Date: Thu, 26 Feb 2004 08:32:33 -0300 From: Roberto Pereyra To: Mark Sergeant Message-ID: <20040226113233.GA30713@gualeguaychu.gov.ar> References: <200402251339.i1PDdc2B011071@cah.talon.net> <20040225141355.GA1519@outreachnetworks.com> <20040225124811.Q12422@cah.talon.net> <1077751462.1159.4.camel@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1077751462.1159.4.camel@localhost> User-Agent: Mutt/1.4i cc: "Scott St. John" cc: freebsd-isp@freebsd.org Subject: Re: Conversion to FreeBSD from Linux X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 11:32:24 -0000 Hi ! Read http://www.openbsd.org/faq/faq9.html#passwd Is for Openbsd but works with FreeBSD. Roberto On Thu, Feb 26, 2004 at 09:24:22AM +1000, Mark Sergeant wrote: > On Thu, 2004-02-26 at 03:49, Scott St. John wrote: > > Mark- > > > > I take it I run this directly on the BSD machine? I will give it a try > > and let you know how it works out. I will remove the system accounts from > > the Linux passwd file before I run the script. > > > > Run this script on the linux machine, then edit the output file to get > rid of the system accounts, once that is done scp that file across to > the bsd machine and you could simply cat filename >> /etc/master.passwd > && pwd_mkdb /etc/master.passwd . The reason this has to be run on the > linux machine is due to how it grabs the system accounts. > > Cheers, > > Mark > > > THANK YOU! > > > > -Scott > > > On Thu, 26 Feb 2004, Mark Sergeant wrote: > > > > > -- Begin perl script -- > > > -- End perl script > > > > > > Should work well enough on linux as well. ohh and of course if you > > > intend to use it more than once drop in some error checking / catching, > > > something to remove the system accounts and of course "use strict" > -- > Mark Sergeant > SNSOnline Technical Services From owner-freebsd-isp@FreeBSD.ORG Thu Feb 26 05:34:01 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A677A16A4CE for ; Thu, 26 Feb 2004 05:34:01 -0800 (PST) Received: from mail.gmx.net (pop.gmx.net [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id D5DC043D31 for ; Thu, 26 Feb 2004 05:34:00 -0800 (PST) (envelope-from turbo23@gmx.net) Received: (qmail 431 invoked by uid 65534); 26 Feb 2004 13:33:59 -0000 Received: from bert.mlan.solnet.ch (HELO bert.mlan.solnet.ch) (212.101.1.83) by mail.gmx.net (mp027) with SMTP; 26 Feb 2004 14:33:59 +0100 X-Authenticated: #627573 Date: Thu, 26 Feb 2004 14:33:50 +0100 From: Thomas Vogt To: freebsd-isp@freebsd.org Message-Id: <20040226143350.24a35dc1@bert.mlan.solnet.ch> X-Mailer: Sylpheed version 0.9.9claws (GTK+ 1.2.10; i386-portbld-freebsd5.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: p2p traffic X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 13:34:01 -0000 Hello I'm thinking about the p2p network problem. P2p creates a lot of traffic. I don't care if my backbone is full but not only with p2p traffic. Atm I do some queueing with dummynet for the well known p2p ports. But this looks not sufficient. Is there another, perhaps better solution to decrease the p2p traffic? Blocking is no alternative. Another problem is that new p2p clients uses port 80. So it's very difficult to reconize the p2p traffic. regards Thomas Vogt From owner-freebsd-isp@FreeBSD.ORG Thu Feb 26 06:22:11 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D1D2416A4CE for ; Thu, 26 Feb 2004 06:22:11 -0800 (PST) Received: from mail.gmx.net (pop.gmx.net [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id EC4E643D2D for ; Thu, 26 Feb 2004 06:22:10 -0800 (PST) (envelope-from turbo23@gmx.net) Received: (qmail 9966 invoked by uid 65534); 26 Feb 2004 14:22:09 -0000 Received: from bert.mlan.solnet.ch (HELO bert.mlan.solnet.ch) (212.101.1.83) by mail.gmx.net (mp001) with SMTP; 26 Feb 2004 15:22:09 +0100 X-Authenticated: #627573 Date: Thu, 26 Feb 2004 15:22:00 +0100 From: Thomas Vogt To: "::::Carlos:::Ariel:::Canta::::::::" Message-Id: <20040226152200.4d3efb04@bert.mlan.solnet.ch> In-Reply-To: References: <20040226143350.24a35dc1@bert.mlan.solnet.ch> X-Mailer: Sylpheed version 0.9.9claws (GTK+ 1.2.10; i386-portbld-freebsd5.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: p2p traffic X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 14:22:11 -0000 Hi Carlos Thats sounds nice. But as far as I know Altq does not work with our intel gigabit ethernet cards (em0). But thanks for your information. regards Thomas On Thu, 26 Feb 2004 10:52:46 -0300 "::::Carlos:::Ariel:::Canta::::::::" wrote: > I'm work in a ISP in Argentina, and we limit the P2p traffic with a > FreeBSD 4.8+bridge+altq. It a very good solution for us. > > > Carlos Canta > > On Thu, 26 Feb 2004 14:33:50 +0100, Thomas Vogt > wrote: > > > Hello > > > > I'm thinking about the p2p network problem. P2p creates a lot of > > traffic. I don't care if my backbone is full but not only with p2p > > traffic. Atm I do some queueing with dummynet for the well known p2p > > ports. But this looks not sufficient. Is there another, perhaps > > better solution to decrease the p2p traffic? Blocking is no > > alternative. Another problem is that new p2p clients uses port 80. > > So it's very difficult to reconize the p2p traffic. > > > > regards > > Thomas Vogt > > _______________________________________________ > > freebsd-isp@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > > To unsubscribe, send any mail to > > "freebsd-isp-unsubscribe@freebsd.org" > > > > > > -- > Carlos Ariel Canta > Dto. Tecnico Redynet S.R.L > From owner-freebsd-isp@FreeBSD.ORG Thu Feb 26 08:01:33 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 88C1F16A4CE for ; Thu, 26 Feb 2004 08:01:33 -0800 (PST) Received: from netlinkers.net (micro3.micro-mania.net [209.137.243.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1218D43D1F for ; Thu, 26 Feb 2004 08:01:33 -0800 (PST) (envelope-from navan@netlinkers.net) Received: from netlinkers.net [206.54.119.52] by netlinkers.net with ESMTP (SMTPD32-6.06) id A8CC13BC00F8; Thu, 26 Feb 2004 09:03:24 -0700 Message-ID: <403E1833.7040101@netlinkers.net> Date: Thu, 26 Feb 2004 09:00:51 -0700 From: Navan Carson User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-isp@freebsd.org References: <20040226143350.24a35dc1@bert.mlan.solnet.ch> In-Reply-To: <20040226143350.24a35dc1@bert.mlan.solnet.ch> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: p2p traffic X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 16:01:33 -0000 Thomas Vogt wrote: > I'm thinking about the p2p network problem. P2p creates a lot of > traffic. I don't care if my backbone is full but not only with p2p > traffic. Atm I do some queueing with dummynet for the well known p2p > ports. But this looks not sufficient. Is there another, perhaps better > solution to decrease the p2p traffic? Blocking is no alternative. > Another problem is that new p2p clients uses port 80. So it's very > difficult to reconize the p2p traffic. Try the method describe in the following article: http://www.holland-consulting.net/tech/imblock.html You also have your usage policy. Forbid it in all of the packages that you offer. If customers really want this, create an package that covers the additional cost that you will incur. From owner-freebsd-isp@FreeBSD.ORG Thu Feb 26 11:52:00 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B29D16A4CE for ; Thu, 26 Feb 2004 11:52:00 -0800 (PST) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 9822143D2F for ; Thu, 26 Feb 2004 11:51:59 -0800 (PST) (envelope-from turbo23@gmx.net) Received: (qmail 2588 invoked by uid 65534); 26 Feb 2004 19:51:58 -0000 Received: from 253.catv107.lgt01.lan.ch (EHLO gmx.net) (62.204.107.253) by mail.gmx.net (mp005) with SMTP; 26 Feb 2004 20:51:58 +0100 X-Authenticated: #627573 Message-ID: <403E4F68.9040908@gmx.net> Date: Thu, 26 Feb 2004 20:56:24 +0100 From: Thomas Vogt User-Agent: Mozilla Thunderbird 0.5b (Windows/20040215) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Navan Carson References: <20040226143350.24a35dc1@bert.mlan.solnet.ch> <403E1833.7040101@netlinkers.net> In-Reply-To: <403E1833.7040101@netlinkers.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: p2p traffic X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 19:52:00 -0000 Hi Navan Navan Carson wrote: > Thomas Vogt wrote: > >> I'm thinking about the p2p network problem. P2p creates a lot of >> traffic. I don't care if my backbone is full but not only with p2p >> traffic. Atm I do some queueing with dummynet for the well known p2p >> ports. But this looks not sufficient. Is there another, perhaps better >> solution to decrease the p2p traffic? Blocking is no alternative. >> Another problem is that new p2p clients uses port 80. So it's very >> difficult to reconize the p2p traffic. > > > Try the method describe in the following article: > http://www.holland-consulting.net/tech/imblock.html > > You also have your usage policy. Forbid it in all of the packages that > you offer. If customers really want this, create an package that covers > the additional cost that you will incur. Thnx. Well this solution will not work for me. Since the bandwidth is already payed, I've interested to fill my backbone with traffic :-). The problems are more during the peak time. If no other customer uses http, nntp, vpn... then I don't care about p2p traffic. But I saw that the p2p traffic is growing rapidly. Much more than any other traffic. So at the moment I do queuing with ipfw/dummynet without any problem. This works fine untile the p2p clients are starting to use port 80 more often. This makes it very difficult for filtering. So I'm looking for a solution for this specified problem. Frist I thought about snort. But I'm not sure if this works very well with gigabit backbones. regards Thomas Vogt From owner-freebsd-isp@FreeBSD.ORG Thu Feb 26 13:20:51 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 511CA16A4CE for ; Thu, 26 Feb 2004 13:20:51 -0800 (PST) Received: from cah.talon.net (cah.talon.net [199.224.105.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id B80C543D1F for ; Thu, 26 Feb 2004 13:20:50 -0800 (PST) (envelope-from ssj@scottah.com) Received: from media1 (dyan.talon.net [199.224.105.47]) by cah.talon.net (8.12.10/8.12.9) with ESMTP id i1QLGj2C021748; Thu, 26 Feb 2004 16:16:49 -0500 (EST) (envelope-from ssj@scottah.com) Message-Id: <200402262116.i1QLGj2C021748@cah.talon.net> From: "Scott St. John" To: "'Roberto Pereyra'" , "'Mark Sergeant'" Date: Thu, 26 Feb 2004 16:20:38 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <20040226113233.GA30713@gualeguaychu.gov.ar> Thread-Index: AcP8W6ztmLzZe1uyTA66SpGGxI0t9AAUfZ3Q cc: freebsd-isp@freebsd.org Subject: RE: Conversion to FreeBSD from Linux X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 21:20:51 -0000 Ah! Worked like a charm! FreeBSD here I come! Thank you to everyone on the list for your help. This should be in evangelism, but I will share it here. We are a small ISP that was on BSDi up until 2 years ago. When the old Pentium 100, 64 meg of ram mail server crashed I went to Linux because we had IBM Netfinity machines and BSD would not work with the RAID controller at the time. Keep in mind this old P100 handled over 2,000 email accounts, secondary DNS, radius, webmail and user home pages. It was a great machine and ran for 6 years! Went with RH 7.2 on a Dual P3 700 Mhz machine with 2 gigs of ram and it has been a nightmare ever since! Load averages over 30 several times a day, backup DNS often fails, etc. So I got some new servers from ASA and was bound and determined to move back to BSD. Thanks to everyone on the list I will be able to do that and I am sure I will sleep better at night and my users will be happier :) -Scott > -----Original Message----- > From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org] > On Behalf Of Roberto Pereyra > Sent: Thursday, February 26, 2004 6:33 AM > To: Mark Sergeant > Cc: Scott St. John; freebsd-isp@freebsd.org > Subject: Re: Conversion to FreeBSD from Linux > > Hi ! > > Read http://www.openbsd.org/faq/faq9.html#passwd > > Is for Openbsd but works with FreeBSD. > > Roberto > > > > > > > On Thu, Feb 26, 2004 at 09:24:22AM +1000, Mark Sergeant wrote: > > On Thu, 2004-02-26 at 03:49, Scott St. John wrote: > > > Mark- > > > > > > I take it I run this directly on the BSD machine? I will give it a > try > > > and let you know how it works out. I will remove the system accounts > from > > > the Linux passwd file before I run the script. > > > > > > > Run this script on the linux machine, then edit the output file to get > > rid of the system accounts, once that is done scp that file across to > > the bsd machine and you could simply cat filename >> /etc/master.passwd > > && pwd_mkdb /etc/master.passwd . The reason this has to be run on the > > linux machine is due to how it grabs the system accounts. > > > > Cheers, > > > > Mark > > > > > THANK YOU! > > > > > > -Scott > > > > > On Thu, 26 Feb 2004, Mark Sergeant wrote: > > > > > > > -- Begin perl script -- > > > > -- End perl script > > > > > > > > Should work well enough on linux as well. ohh and of course if you > > > > intend to use it more than once drop in some error checking / > catching, > > > > something to remove the system accounts and of course "use strict" > > -- > > Mark Sergeant > > SNSOnline Technical Services > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Fri Feb 27 00:23:37 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0BA4C16A4CE for ; Fri, 27 Feb 2004 00:23:37 -0800 (PST) Received: from snow.fingers.co.za (snow.fingers.co.za [196.7.148.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id D0F2043D39 for ; Fri, 27 Feb 2004 00:23:31 -0800 (PST) (envelope-from fingers@fingers.co.za) Received: by snow.fingers.co.za (Postfix, from userid 1001) id 5E3E911476; Fri, 27 Feb 2004 10:23:25 +0200 (SAST) Received: from localhost (localhost [127.0.0.1]) by snow.fingers.co.za (Postfix) with ESMTP id 55CA211474 for ; Fri, 27 Feb 2004 10:23:25 +0200 (SAST) Date: Fri, 27 Feb 2004 10:23:25 +0200 (SAST) From: fingers To: freebsd-isp@freebsd.org In-Reply-To: <20040121114502.GC17802@cell.sick.ru> Message-ID: <20040227102010.O41530@snow.fingers.co.za> References: <20040121114502.GC17802@cell.sick.ru> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 08:23:37 -0000 hi has anyone experienced reboots while setting this up? this is what I'm using with ngctl: mkpeer fxp0: tee lower right name fxp0:lower tee0 connect fxp0: tee0: upper left mkpeer tee0: netflow right2left iface0 name tee0:right2left netflow0 connect tee0: netflow0: left2right iface1 msg netflow0: setifindex { iface=0 index=1 } msg netflow0: setifindex { iface=1 index=2 } mkpeer netflow0: ksocket export inet/dgram/udp name netflow0:export nfexport msg nfexport: connect inet/127.0.0.1:2255 the following were present in a 'kldstat': netgraph.ko ng_netflow.ko ng_socket.ko ng_tee.ko ng_ether.ko ng_ksocket.ko no real logs of any sort. just a reboot... Regards --Rob From owner-freebsd-isp@FreeBSD.ORG Fri Feb 27 00:32:40 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDC1A16A4CF for ; Fri, 27 Feb 2004 00:32:40 -0800 (PST) Received: from snow.fingers.co.za (snow.fingers.co.za [196.7.148.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 630EB43D39 for ; Fri, 27 Feb 2004 00:32:40 -0800 (PST) (envelope-from fingers@fingers.co.za) Received: by snow.fingers.co.za (Postfix, from userid 1001) id 5C22711476; Fri, 27 Feb 2004 10:32:39 +0200 (SAST) Received: from localhost (localhost [127.0.0.1]) by snow.fingers.co.za (Postfix) with ESMTP id 5A86A11474 for ; Fri, 27 Feb 2004 10:32:39 +0200 (SAST) Date: Fri, 27 Feb 2004 10:32:39 +0200 (SAST) From: fingers To: freebsd-isp@freebsd.org In-Reply-To: <20040227102010.O41530@snow.fingers.co.za> Message-ID: <20040227103203.P41530@snow.fingers.co.za> References: <20040121114502.GC17802@cell.sick.ru> <20040227102010.O41530@snow.fingers.co.za> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 08:32:41 -0000 sorry, I should have included: box was 5.2-RELEASE. tried upping to 5.2.1-RELEASE but still same problem (re-installed ng_netflow after the upgrade) From owner-freebsd-isp@FreeBSD.ORG Fri Feb 27 00:35:57 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3410A16A4CE for ; Fri, 27 Feb 2004 00:35:57 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5800843D2F for ; Fri, 27 Feb 2004 00:35:56 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1R8ZeQE097608 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 27 Feb 2004 11:35:40 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1R8Zdwk097607; Fri, 27 Feb 2004 11:35:39 +0300 (MSK) Date: Fri, 27 Feb 2004 11:35:39 +0300 From: Gleb Smirnoff To: fingers Message-ID: <20040227083539.GA97550@cell.sick.ru> References: <20040121114502.GC17802@cell.sick.ru> <20040227102010.O41530@snow.fingers.co.za> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20040227102010.O41530@snow.fingers.co.za> User-Agent: Mutt/1.5.6i cc: freebsd-isp@freebsd.org Subject: Re: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 08:35:57 -0000 Dear fingers, the routing API has changed since 5.1 and release 0.2.1 crashes on CURRENT. To fix this you should get netflow.c rev 1.7 from anonymous CVS (or WebCVS) on http://SourceForge.net/projects/ng-netflow. Surely this will be fixed in next release, which I'm planning next week. On Fri, Feb 27, 2004 at 10:23:25AM +0200, fingers wrote: f> hi f> f> has anyone experienced reboots while setting this up? f> f> this is what I'm using with ngctl: f> f> mkpeer fxp0: tee lower right f> name fxp0:lower tee0 f> connect fxp0: tee0: upper left f> mkpeer tee0: netflow right2left iface0 f> name tee0:right2left netflow0 f> f> connect tee0: netflow0: left2right iface1 f> msg netflow0: setifindex { iface=0 index=1 } f> msg netflow0: setifindex { iface=1 index=2 } f> mkpeer netflow0: ksocket export inet/dgram/udp f> name netflow0:export nfexport f> msg nfexport: connect inet/127.0.0.1:2255 f> f> the following were present in a 'kldstat': f> f> netgraph.ko f> ng_netflow.ko f> ng_socket.ko f> ng_tee.ko f> ng_ether.ko f> ng_ksocket.ko f> f> no real logs of any sort. just a reboot... f> f> Regards f> f> --Rob f> _______________________________________________ f> freebsd-isp@freebsd.org mailing list f> http://lists.freebsd.org/mailman/listinfo/freebsd-isp f> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-isp@FreeBSD.ORG Fri Feb 27 02:04:07 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B427416A4CE for ; Fri, 27 Feb 2004 02:04:07 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id C47DE43D1D for ; Fri, 27 Feb 2004 02:04:06 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1RA3vQE098077 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 27 Feb 2004 13:03:57 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1RA3sAT098076; Fri, 27 Feb 2004 13:03:55 +0300 (MSK) Date: Fri, 27 Feb 2004 13:03:54 +0300 From: Gleb Smirnoff To: fingers Message-ID: <20040227100354.GA98027@cell.sick.ru> References: <20040121114502.GC17802@cell.sick.ru> <20040227102010.O41530@snow.fingers.co.za> <20040227083539.GA97550@cell.sick.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20040227083539.GA97550@cell.sick.ru> User-Agent: Mutt/1.5.6i cc: freebsd-isp@freebsd.org Subject: Re: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 10:04:07 -0000 On Fri, Feb 27, 2004 at 11:35:39AM +0300, Gleb Smirnoff wrote: T> Dear fingers, T> T> the routing API has changed since 5.1 and release 0.2.1 crashes T> on CURRENT. To fix this you should get netflow.c rev 1.7 from T> anonymous CVS (or WebCVS) on http://SourceForge.net/projects/ng-netflow. SF.net hasn't yet synchronized its anonCVS with development CVS. I've already received two complaints about crashing, so I'll post patch here. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE Index: netflow.c =================================================================== RCS file: /cvsroot/ng-netflow/ng_netflow/ng_netflow/netflow.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- netflow.c 14 Feb 2004 22:26:31 -0000 1.6 +++ netflow.c 24 Feb 2004 19:10:24 -0000 1.7 @@ -31,11 +31,11 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: netflow.c,v 1.6 2004/02/14 22:26:31 glebius Exp $ + * $Id: netflow.c,v 1.7 2004/02/24 19:10:24 glebius Exp $ */ static const char rcs_id[] = - "@(#) $Id: netflow.c,v 1.6 2004/02/14 22:26:31 glebius Exp $"; + "@(#) $Id: netflow.c,v 1.7 2004/02/24 19:10:24 glebius Exp $"; #include #include @@ -204,15 +204,6 @@ fle->i_ifx = iface->info.if_index; - /* The problem is that rtalloc() family returns cloned host - * route, which does not have mask at all. We will try to look - * for mask in the rt_parent route, from which this host route - * was cloned. Sometime this fails, particularly when destination - * is local. - * XXX: we must look for better way to implement route lookups. - * May be try to dig into radix ourselves? - */ - /* First we do route table lookup on destination address. So we can * fill in out_ifx, dst_mask, nexthop, and dst_as in future releases. */ @@ -221,15 +212,14 @@ sin->sin_len = sizeof(*sin); sin->sin_family = AF_INET; sin->sin_addr = fle->r.r_dst; - rtalloc(&ro); +#ifdef RTF_PRCLONING /* disappeared in CURRENT */ + rtalloc_ign(&ro, RTF_CLONING|RTF_PRCLONING); +#else + rtalloc_ign(&ro, RTF_CLONING); +#endif if (ro.ro_rt != NULL) { struct rtentry *rt = ro.ro_rt; - /* This is cloned route, use its parent */ - if (ro.ro_rt->rt_flags & RTF_WASCLONED && - ro.ro_rt->rt_parent) - rt = ro.ro_rt->rt_parent; - fle->o_ifx = rt->rt_ifp->if_index; if (rt->rt_flags & RTF_GATEWAY && @@ -244,7 +234,7 @@ /* Give up. We can't determine mask :( */ fle->dst_mask = 32; - rtfree(ro.ro_rt); + RTFREE(ro.ro_rt); } /* Do route lookup on source address, to fill @@ -256,14 +246,14 @@ sin->sin_len = sizeof(*sin); sin->sin_family = AF_INET; sin->sin_addr = fle->r.r_src; - rtalloc(&ro); +#ifdef RTF_PRCLONING /* disappeared in CURRENT */ + rtalloc_ign(&ro, RTF_CLONING|RTF_PRCLONING); +#else + rtalloc_ign(&ro, RTF_CLONING); +#endif if (ro.ro_rt != NULL) { struct rtentry *rt = ro.ro_rt; - if (ro.ro_rt->rt_flags & RTF_WASCLONED && - ro.ro_rt->rt_parent) - rt = ro.ro_rt->rt_parent; - if (rt_mask(rt)) fle->src_mask = bit_count(((struct sockaddr_in *)rt_mask(rt))->sin_addr.s_addr); @@ -271,7 +261,7 @@ /* Give up. We can't determine mask :( */ fle->src_mask = 32; - rtfree(ro.ro_rt); + RTFREE(ro.ro_rt); } return (0); From owner-freebsd-isp@FreeBSD.ORG Fri Feb 27 10:26:13 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 56ED916A525 for ; Fri, 27 Feb 2004 10:26:13 -0800 (PST) Received: from telcommail.net (mail.telcom.net [200.80.13.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC2F243D39 for ; Fri, 27 Feb 2004 10:26:12 -0800 (PST) (envelope-from akachler@telcom.net) Received: from telcom.net (host203.216.22.121.telcom.net [216.22.121.203] (may be forged)) by telcommail.net (8.12.10/8.12.10) with ESMTP id i1RILoM9045826 for ; Fri, 27 Feb 2004 13:21:51 -0500 (EST) Message-ID: <403F8B75.4010903@telcom.net> Date: Fri, 27 Feb 2004 13:24:53 -0500 From: Arie Kachler User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: re: p2p traffic X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 18:26:13 -0000 Thomas, I don't know of a FreeBSD-based solution to this problem. But Packeteer makes devices that do what you're looking for. See http://www.packeteer.com/prod-sol/products/packetseeker.cfm. Hope it helps. Arie Kachler >Hello > >I'm thinking about the p2p network problem. P2p creates a lot of >traffic. I don't care if my backbone is full but not only with p2p >traffic. Atm I do some queueing with dummynet for the well known p2p >ports. But this looks not sufficient. Is there another, perhaps better >solution to decrease the p2p traffic? Blocking is no alternative. >Another problem is that new p2p clients uses port 80. So it's very >difficult to reconize the p2p traffic. > >regards >Thomas Vogt > From owner-freebsd-isp@FreeBSD.ORG Fri Feb 27 12:54:03 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B92D16A4CE for ; Fri, 27 Feb 2004 12:54:03 -0800 (PST) Received: from mordrede.visionsix.com (mordrede.visionsix.com [65.202.119.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 82BCC43D31 for ; Fri, 27 Feb 2004 12:54:00 -0800 (PST) (envelope-from lists@visionsix.com) Received: from vsis169 (unverified [65.202.119.169]) by mordrede.visionsix.com for ; Fri, 27 Feb 2004 14:53:57 -0600 Message-ID: <07aa01c3fd73$ce2e40f0$df0a0a0a@visionsix.net> From: "Lewis Watson" To: Date: Fri, 27 Feb 2004 14:53:51 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: FreeBSD 4.9 and perl LWP... X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 20:54:03 -0000 Hi folks, I have a client trying to run a perl script on our web server. FreeBSD 4.9 w/ Apache 1.3.29/ modphp/ SSL. They are getting this error in the httpd errorlog .... Can't locate LWP/Simple.pm in @INC (@INC contains: /usr/local/lib/perl5/site_perl/5.005/i386-freebsd /usr/local/lib/perl5/site_perl/5.005 /usr/local/lib/perl5/site_perl/5.005/i386-freebsd /usr/local/lib/perl5/site_perl/5.005 . /usr/libdata/perl/5.00503/mach /usr/libdata/perl/5.00503) All I could find by googling is that this perl module is generally supposed to be installed by default and there was another post where two people were troubleshooting Perl putting modules in wrong places.. http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&th=c30fb8d16921fc3b&rnum=7 Can someone provide some insight on how to resolve this problem? Thanks! Thanks! From owner-freebsd-isp@FreeBSD.ORG Fri Feb 27 13:17:19 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB3DA16A4CF for ; Fri, 27 Feb 2004 13:17:19 -0800 (PST) Received: from mordrede.visionsix.com (mordrede.visionsix.com [65.202.119.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 54E7743D2D for ; Fri, 27 Feb 2004 13:17:19 -0800 (PST) (envelope-from lists@visionsix.com) Received: from vsis169 (unverified [65.202.119.169]) by mordrede.visionsix.com (Vircom SMTPRS 3.0.273) with SMTP id ; Fri, 27 Feb 2004 15:17:18 -0600 Message-ID: <07b201c3fd77$10fce2d0$df0a0a0a@visionsix.net> From: "Lewis Watson" To: "Lewis Watson" , References: <07aa01c3fd73$ce2e40f0$df0a0a0a@visionsix.net> Date: Fri, 27 Feb 2004 15:17:12 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: FreeBSD 4.9 and perl LWP... X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 21:17:19 -0000 > Hi folks, > I have a client trying to run a perl script on our web server. FreeBSD 4.9 > w/ Apache 1.3.29/ modphp/ SSL. > > They are getting this error in the httpd errorlog .... > > Can't locate LWP/Simple.pm in @INC (@INC contains: > /usr/local/lib/perl5/site_perl/5.005/i386-freebsd > /usr/local/lib/perl5/site_perl/5.005 > /usr/local/lib/perl5/site_perl/5.005/i386-freebsd > /usr/local/lib/perl5/site_perl/5.005 . /usr/libdata/perl/5.00503/mach > /usr/libdata/perl/5.00503) For some reason it was not installed, I did a make make install for p5-www and now all is okee dokee. Lewis From owner-freebsd-isp@FreeBSD.ORG Fri Feb 27 13:36:10 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0933D16A4CF for ; Fri, 27 Feb 2004 13:36:10 -0800 (PST) Received: from mg3.xecu.net (mg3.xecu.net [216.127.136.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id B23C843D2F for ; Fri, 27 Feb 2004 13:36:09 -0800 (PST) (envelope-from andy@xecu.net) Received: by mg3.xecu.net (Postfix, from userid 1003) id 8FA193DAEDF; Fri, 27 Feb 2004 16:36:08 -0500 (EST) Received: from thunder.xecu.net (thunder.xecu.net [216.127.136.208]) by mg3.xecu.net (Postfix) with ESMTP id 5C4A73DAE8C; Fri, 27 Feb 2004 16:36:08 -0500 (EST) Date: Fri, 27 Feb 2004 16:36:05 -0500 (EST) From: Andy Dills To: Lewis Watson In-Reply-To: <07aa01c3fd73$ce2e40f0$df0a0a0a@visionsix.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@FreeBSD.ORG Subject: Re: FreeBSD 4.9 and perl LWP... X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 21:36:10 -0000 On Fri, 27 Feb 2004, Lewis Watson wrote: > Hi folks, > I have a client trying to run a perl script on our web server. FreeBSD 4.9 > w/ Apache 1.3.29/ modphp/ SSL. > > They are getting this error in the httpd errorlog .... > > Can't locate LWP/Simple.pm in @INC (@INC contains: > /usr/local/lib/perl5/site_perl/5.005/i386-freebsd > /usr/local/lib/perl5/site_perl/5.005 > /usr/local/lib/perl5/site_perl/5.005/i386-freebsd > /usr/local/lib/perl5/site_perl/5.005 . /usr/libdata/perl/5.00503/mach > /usr/libdata/perl/5.00503) > > All I could find by googling is that this perl module is generally > supposed to be installed by default and there was another post where two > people were troubleshooting Perl putting modules in wrong places.. > > http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&th=c30fb8d16921fc3b&rnum=7 > > Can someone provide some insight on how to resolve this problem? I see you solved your problem, but I'll offer you a bit of empowering wisdom. Perl doesn't ship with a ton of modules that are commonly used. However, adding them can be super trivial. For instance, you could have accomplished this entire task by doing: perl -MCPAN -e shell And in the shell: install LWP It's similar in concept to /usr/ports, except that it doesn't keep the metadata on your filesystem. Good luck, Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- From owner-freebsd-isp@FreeBSD.ORG Sat Feb 28 11:19:47 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F1E9A16A4CE for ; Sat, 28 Feb 2004 11:19:46 -0800 (PST) Received: from cah.talon.net (cah.talon.net [199.224.105.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6471F43D1D for ; Sat, 28 Feb 2004 11:19:46 -0800 (PST) (envelope-from ssj@scottah.com) Received: from www.scottah.com (localhost.talon.net [127.0.0.1]) by cah.talon.net (8.12.10/8.12.9) with ESMTP id i1SJFb2B041398 for ; Sat, 28 Feb 2004 14:15:37 -0500 (EST) (envelope-from ssj@scottah.com) From: "Scott St. John" To: freebsd-isp@freebsd.org Date: Sat, 28 Feb 2004 14:15:37 -0500 Message-Id: <20040228191105.M42305@scottah.com> X-Mailer: Open WebMail 2.10 20030617 X-OriginatingIP: 68.54.132.230 (ssj) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Subject: Final conversion questions X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Feb 2004 19:19:47 -0000 Thanks to help from this list I am proud to say that tonight I will be moving our mail server from Linux/Sendmail to FreeBSD/Postfix! The user passwd file has been converted and we are ready to rock, but I have a few questions before I begin tonight. I plan to copy the users home directories over, does anyone have a script that will go through the home directories and correctly set the ownership of the directories once they are copied over? Example, user Fred has a home dir on the old machine, I copy over the files to the BSD box, I need to chown -R fred:users to his home directory. I could do it by hand, but I am sure there has to be a script out there to do something similar? Second question, I want to make sure ALL files are copied over from the home directories and I think I have the syntax wrong to get the files, I want the .procmailrc files to transfer over. Thanks in advance! -Scott From owner-freebsd-isp@FreeBSD.ORG Sat Feb 28 11:53:02 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A4FF416A4DA for ; Sat, 28 Feb 2004 11:53:02 -0800 (PST) Received: from mail9.txucom.net (mail9.txucom.net [207.70.175.251]) by mx1.FreeBSD.org (Postfix) with SMTP id 441B543D2D for ; Sat, 28 Feb 2004 11:53:02 -0800 (PST) (envelope-from bob@buckhorn.net) Received: (qmail 23220 invoked from network); 28 Feb 2004 19:53:01 -0000 Received: from lfkn-adsl-dhcp-net1-197.txucom.net (HELO tardis.buckhorn.net) ([207.70.145.197]) (envelope-sender ) by mail9.txucom.net (qmail-ldap-1.03) with SMTP for ; 28 Feb 2004 19:53:01 -0000 Received: from buckhorn.net (localhost.buckhorn.net [127.0.0.1]) by tardis.buckhorn.net (Postfix) with ESMTP id F13E01B8F85; Sat, 28 Feb 2004 13:53:12 -0600 (CST) Message-ID: <4040F1A8.1070108@buckhorn.net> Date: Sat, 28 Feb 2004 13:53:12 -0600 From: Bob Martin User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Scott St. John" References: <20040228191105.M42305@scottah.com> In-Reply-To: <20040228191105.M42305@scottah.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: Final conversion questions X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Feb 2004 19:53:02 -0000 Scott, I haven't followed this thread closely enough, but from what you're saying, it sounds like you have a NFS connection between the 2 boxen. That being the case, and since the UID/GID's are the same on both boxen (IIRC you moved the Linux accounts to the BSD box), the following command will get all of the files, and maintain the permissions: cp -pRP / Thanks to help from this list I am proud to say that tonight I will be > moving our mail server from Linux/Sendmail to FreeBSD/Postfix! The user > passwd file has been converted and we are ready to rock, but I have a few > questions before I begin tonight. > > I plan to copy the users home directories over, does anyone have a script > that will go through the home directories and correctly set the ownership of > the directories once they are copied over? Example, user Fred has a home > dir on the old machine, I copy over the files to the BSD box, I need to > chown -R fred:users to his home directory. I could do it by hand, but I am > sure there has to be a script out there to do something similar? > > Second question, I want to make sure ALL files are copied over from the home > directories and I think I have the syntax wrong to get the files, I want > the .procmailrc files to transfer over. > > Thanks in advance! > > -Scott > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Sat Feb 28 13:23:23 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6434A16A4CE for ; Sat, 28 Feb 2004 13:23:23 -0800 (PST) Received: from cah.talon.net (cah.talon.net [199.224.105.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id D0DC443D1F for ; Sat, 28 Feb 2004 13:23:22 -0800 (PST) (envelope-from ssj@scottah.com) Received: from www.scottah.com (localhost.talon.net [127.0.0.1]) by cah.talon.net (8.12.10/8.12.9) with ESMTP id i1SLJC2B041879; Sat, 28 Feb 2004 16:19:12 -0500 (EST) (envelope-from ssj@scottah.com) From: "Scott St. John" To: Bob Martin Date: Sat, 28 Feb 2004 16:19:12 -0500 Message-Id: <20040228211439.M89441@scottah.com> In-Reply-To: <4040F1A8.1070108@buckhorn.net> References: <20040228191105.M42305@scottah.com> <4040F1A8.1070108@buckhorn.net> X-Mailer: Open WebMail 2.10 20030617 X-OriginatingIP: 68.54.132.230 (scott) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 cc: freebsd-isp@freebsd.org Subject: Re: Final conversion questions X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Feb 2004 21:23:23 -0000 Bob- I do not have a NFS connection between the two boxes, I am using scp to transfer files between the Linux and the new FreebSD boxes. I used John The Ripper to merge my passwd and shadow files and then used some awk scripts from the OpenBSD site to format, then create my new passwd file for BSD. I am almost sure the UID/GID will NOT be the same since BSD starts at a different # than Linux where my first UID is 1000. If you have it, it sounds like the perl script would be the better trick since it would check the passwd file instead of assuming the UID/GID were the same. Thanks! -Scott On Sat, 28 Feb 2004 13:53:12 -0600, Bob Martin wrote > Scott, > I haven't followed this thread closely enough, but from what you're > saying, it sounds like you have a NFS connection between the 2 boxen. > That being the case, and since the UID/GID's are the same on both boxen > (IIRC you moved the Linux accounts to the BSD box), the following > command will get all of the files, and maintain the permissions: > > cp -pRP / > If the UID/GID's have changed, then this command will fix them for you: > (Note, this assumes you use bash as your shell) > cd /home > for a in `ls -1 /home`;do chown -R $a:users $a;done > > That command does assume that you have a 1 to 1 relationship between > home directories and usernames. If not, let me know and I'll find my > little perl script that reads /etc/passwd and sets the permissions. From owner-freebsd-isp@FreeBSD.ORG Sat Feb 28 19:40:07 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 050DE16A4CE for ; Sat, 28 Feb 2004 19:40:07 -0800 (PST) Received: from mg1.xecu.net (mg1.xecu.net [216.127.136.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id C85CA43D1D for ; Sat, 28 Feb 2004 19:40:06 -0800 (PST) (envelope-from andy@xecu.net) Received: from localhost (unknown [127.0.0.1]) by mg1.xecu.net (Postfix) with ESMTP id 3DFE367F29; Sat, 28 Feb 2004 22:40:06 -0500 (EST) Received: from mg1.xecu.net ([127.0.0.1]) by localhost (mg1.xecu.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 70463-05; Sat, 28 Feb 2004 22:40:05 -0500 (EST) Received: from thunder.xecu.net (thunder.xecu.net [216.127.136.208]) by mg1.xecu.net (Postfix) with ESMTP id 8623567F13; Sat, 28 Feb 2004 22:40:05 -0500 (EST) Date: Sat, 28 Feb 2004 22:40:00 -0500 (EST) From: Andy Dills To: "Scott St. John" In-Reply-To: <20040228191105.M42305@scottah.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at xecu.net cc: freebsd-isp@freebsd.org Subject: Re: Final conversion questions X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Feb 2004 03:40:07 -0000 On Sat, 28 Feb 2004, Scott St. John wrote: > Thanks to help from this list I am proud to say that tonight I will be > moving our mail server from Linux/Sendmail to FreeBSD/Postfix! The user > passwd file has been converted and we are ready to rock, but I have a few > questions before I begin tonight. > > I plan to copy the users home directories over, does anyone have a script > that will go through the home directories and correctly set the ownership of > the directories once they are copied over? Example, user Fred has a home > dir on the old machine, I copy over the files to the BSD box, I need to > chown -R fred:users to his home directory. I could do it by hand, but I am > sure there has to be a script out there to do something similar? > > Second question, I want to make sure ALL files are copied over from the home > directories and I think I have the syntax wrong to get the files, I want > the .procmailrc files to transfer over. If the uid/gids remain the same from the other system, just make a tar of your users directory. tar cf /bigfs/users.tar /users That addresses both issues, in terms of preserving permissions and getting every file. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- From owner-freebsd-isp@FreeBSD.ORG Sat Feb 28 20:10:31 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 39DDB16A4CF for ; Sat, 28 Feb 2004 20:10:31 -0800 (PST) Received: from dhumketu.homeunix.net (dialpool-210-214-66-81.maa.sify.net [210.214.66.81]) by mx1.FreeBSD.org (Postfix) with SMTP id D5FB843D2D for ; Sat, 28 Feb 2004 20:10:17 -0800 (PST) (envelope-from freebsd@dhumketu.cjb.net) Received: (qmail 2190 invoked by uid 1000); 29 Feb 2004 04:10:04 -0000 Date: Sun, 29 Feb 2004 09:40:04 +0530 From: Shantanoo To: "Scott St. John" Message-ID: <20040229041004.GA2158@dhumketu.homeunix.net> References: <20040228191105.M42305@scottah.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040228191105.M42305@scottah.com> User-Agent: Mutt/1.4i Organization: Hmmm... I dunno X-OS: FreeBSD 4.9-STABLE i386 cc: freebsd-isp@freebsd.org Subject: Re: Final conversion questions X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Feb 2004 04:10:31 -0000 +++ Scott St. John [freebsd] [28-02-04 14:15 -0500]: | Thanks to help from this list I am proud to say that tonight I will be | moving our mail server from Linux/Sendmail to FreeBSD/Postfix! The user | passwd file has been converted and we are ready to rock, but I have a few | questions before I begin tonight. | | I plan to copy the users home directories over, does anyone have a script | that will go through the home directories and correctly set the ownership of | the directories once they are copied over? Example, user Fred has a home | dir on the old machine, I copy over the files to the BSD box, I need to | chown -R fred:users to his home directory. I could do it by hand, but I am | sure there has to be a script out there to do something similar? tar -cvf test.tar then tar -xvpf | | Second question, I want to make sure ALL files are copied over from the home | directories and I think I have the syntax wrong to get the files, I want | the .procmailrc files to transfer over. i think dotfiles are included while you tar. Shantanoo | | Thanks in advance! | | -Scott | | | ------------------------------ From owner-freebsd-isp@FreeBSD.ORG Sat Feb 28 22:41:32 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9CBD216A4CE for ; Sat, 28 Feb 2004 22:41:32 -0800 (PST) Received: from mail16.txucom.net (mail16.txucom.net [207.70.175.47]) by mx1.FreeBSD.org (Postfix) with SMTP id 6863543D1D for ; Sat, 28 Feb 2004 22:41:32 -0800 (PST) (envelope-from bob@buckhorn.net) Received: (qmail 1543 invoked from network); 29 Feb 2004 06:41:31 -0000 Received: from lfkn-adsl-dhcp-net1-197.txucom.net (HELO tardis.buckhorn.net) ([207.70.145.197]) (envelope-sender ) by mail16.txucom.net (qmail-ldap-1.03) with SMTP for ; 29 Feb 2004 06:41:31 -0000 Received: from buckhorn.net (localhost.buckhorn.net [127.0.0.1]) by tardis.buckhorn.net (Postfix) with ESMTP id 96FF11B8F85; Sun, 29 Feb 2004 00:42:01 -0600 (CST) Message-ID: <404189B9.6040801@buckhorn.net> Date: Sun, 29 Feb 2004 00:42:01 -0600 From: Bob Martin User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Scott St. John" References: <20040228191105.M42305@scottah.com> <4040F1A8.1070108@buckhorn.net> <20040228211439.M89441@scottah.com> In-Reply-To: <20040228211439.M89441@scottah.com> Content-Type: multipart/mixed; boundary="------------040709050703010304040203" cc: freebsd-isp@freebsd.org Subject: Re: Final conversion questions X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Feb 2004 06:41:32 -0000 This is a multi-part message in MIME format. --------------040709050703010304040203 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Scott, After you move the directories, use the attached perl script (run as root). Use the -r option to scp, and you'll get all files, including . files. Bob Martin Scott St. John wrote: > Bob- > > I do not have a NFS connection between the two boxes, I am using scp to > transfer files between the Linux and the new FreebSD boxes. I used John The > Ripper to merge my passwd and shadow files and then used some awk scripts > from the OpenBSD site to format, then create my new passwd file for BSD. I > am almost sure the UID/GID will NOT be the same since BSD starts at a > different # than Linux where my first UID is 1000. > > If you have it, it sounds like the perl script would be the better trick > since it would check the passwd file instead of assuming the UID/GID were > the same. > > Thanks! > > -Scott > > On Sat, 28 Feb 2004 13:53:12 -0600, Bob Martin wrote > >>Scott, >>I haven't followed this thread closely enough, but from what you're >>saying, it sounds like you have a NFS connection between the 2 boxen. >>That being the case, and since the UID/GID's are the same on both boxen >>(IIRC you moved the Linux accounts to the BSD box), the following >>command will get all of the files, and maintain the permissions: >> >>cp -pRP /> >>If the UID/GID's have changed, then this command will fix them for you: >>(Note, this assumes you use bash as your shell) >>cd /home >>for a in `ls -1 /home`;do chown -R $a:users $a;done >> >>That command does assume that you have a 1 to 1 relationship between >>home directories and usernames. If not, let me know and I'll find my >>little perl script that reads /etc/passwd and sets the permissions. > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" --------------040709050703010304040203 Content-Type: text/plain; name="HomePerms.pl" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="HomePerms.pl" #!/usr/bin/perl $Home = "/home"; open(PASSWD, '/etc/passwd') or die("Can't open password: $!\n"); while () { chomp; ($login, $passwd, $uid, $gid, $gcos, $home, $shell) = split(/:/); system("chown -R $uid:$gid $home") or die("Error: $!\n"); print "$login, $uid, $gid, $home\n"; } --------------040709050703010304040203--