From owner-freebsd-isp@FreeBSD.ORG Tue Sep 21 07:19:24 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E9B716A4CE for ; Tue, 21 Sep 2004 07:19:24 +0000 (GMT) Received: from mail.act.co.za (mail.act.co.za [196.15.213.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 818D243D4C for ; Tue, 21 Sep 2004 07:19:22 +0000 (GMT) (envelope-from spidey@act.co.za) Received: from localhost.act.co.za ([127.0.0.1] helo=localhost) by mail.act.co.za with esmtp (Exim 4.24; FreeBSD 5.0) id 1C9f29-0000Me-79 for FreeBSD-isp@freebsd.org; Tue, 21 Sep 2004 09:25:53 +0200 Received: from mail.act.co.za ([127.0.0.1]) by localhost (mail.act.co.za [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01370-01 for ; Tue, 21 Sep 2004 09:25:40 +0200 (SAST) Received: from [10.0.1.11] (helo=SPIDEY) by mail.act.co.za with esmtp (Exim 4.24; FreeBSD 5.0) id 1C9f1t-0000MD-8H for FreeBSD-isp@freebsd.org; Tue, 21 Sep 2004 09:25:37 +0200 From: "Spidey Knepscheld" To: Date: Tue, 21 Sep 2004 09:19:02 +0200 Organization: ACT Computers Message-ID: <002d01c49fab$451cb5f0$0b01000a@SPIDEY> MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Importance: Normal X-Virus-Scanned: by amavisd-new at act.co.za Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Exim Amavis problem X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: spidey@act.co.za List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2004 07:19:24 -0000 HI Guys Amavis seems to go into a loop when that happens I can see the following error in the main log : retry not reached for any hosts then I run the following to fix it but it keeps coming back after a few hours : /usr/local/etc/rc.d/amavisd.sh stop /etc/rc.d/exim stop cd /home/var-mirror/ rm -r amavis mkdir amavis chown vscan:vscan amavis chmod o-rwx amavis cd amavis mkdir db chown vscan:vscan db rm -r /var/spool/exim/input rm /var/spool/exim/db/retry* /usr/local/etc/rc.d/amavisd.sh start /etc/rc.d/exim start How can I stop this from happening ? Spidey From owner-freebsd-isp@FreeBSD.ORG Tue Sep 21 07:26:57 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B9CB16A4CE for ; Tue, 21 Sep 2004 07:26:57 +0000 (GMT) Received: from mercury.web.cc (mercury.web.cc [66.132.128.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id E9E4443D5A for ; Tue, 21 Sep 2004 07:26:56 +0000 (GMT) (envelope-from clientcare@mercury.web.cc) Received: from mercury.web.cc (localhost.web.cc [127.0.0.1]) by mercury.web.cc (8.12.10/8.12.8) with ESMTP id i8L7QqIQ083594 for ; Tue, 21 Sep 2004 15:26:52 +0800 (MYT) (envelope-from clientcare@mercury.web.cc) Received: (from clientcare@localhost) by mercury.web.cc (8.12.10/8.12.10/Submit) id i8L7Qqmq083593 for freebsd-isp@freebsd.org; Tue, 21 Sep 2004 15:26:52 +0800 (MYT) Date: Tue, 21 Sep 2004 15:26:52 +0800 (MYT) Message-Id: <200409210726.i8L7Qqmq083593@mercury.web.cc> To: freebsd-isp@freebsd.org Auto-Submitted: auto-replied From: clientcare@web.cc Subject: Auto-reply: We have received your email X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2004 07:26:57 -0000 Dear customer, Thank you for contacting Web.cc Customer Service. We have received your email and our Customer Service team will be responding to you soon. You may also refer to our FAQs at http://www.web.cc/cgi-bin/faq.cgi?source=webcc for more information. Please note our working hours is 0830 to 1730 (GMT +0800) from Monday to Friday and we regret the delay in reply over the non-working hours. Best regards Client Care www.Web.cc Tel: +603.56216799 Fax: +603.56367320 From owner-freebsd-isp@FreeBSD.ORG Tue Sep 21 07:29:49 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2710316A4CE for ; Tue, 21 Sep 2004 07:29:49 +0000 (GMT) Received: from mail.act.co.za (mail.act.co.za [196.15.213.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 361C243D2D for ; Tue, 21 Sep 2004 07:29:48 +0000 (GMT) (envelope-from spidey@act.co.za) Received: from localhost.act.co.za ([127.0.0.1] helo=localhost) by mail.act.co.za with esmtp (Exim 4.24; FreeBSD 5.0) id 1C9fCH-0000XH-LY for FreeBSD-isp@freebsd.org; Tue, 21 Sep 2004 09:36:21 +0200 Received: from mail.act.co.za ([127.0.0.1]) by localhost (mail.act.co.za [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02023-01 for ; Tue, 21 Sep 2004 09:36:13 +0200 (SAST) Received: from [10.0.1.11] (helo=SPIDEY) by mail.act.co.za with esmtp (Exim 4.24; FreeBSD 5.0) id 1C9fC8-0000Wv-FE for FreeBSD-isp@freebsd.org; Tue, 21 Sep 2004 09:36:12 +0200 From: "Spidey Knepscheld" To: Date: Tue, 21 Sep 2004 09:29:35 +0200 Organization: ACT Computers Message-ID: <003201c49fac$bfbde120$0b01000a@SPIDEY> MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Importance: Normal X-Virus-Scanned: by amavisd-new at act.co.za Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Exim X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: spidey@act.co.za List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2004 07:29:49 -0000 Then I get this constantly how can I sort this out 2004-09-21 09:31:30 Connection from 66.94.237.45 refused: too many connections Thank you Spidey From owner-freebsd-isp@FreeBSD.ORG Tue Sep 21 07:39:20 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 088D816A4CE for ; Tue, 21 Sep 2004 07:39:20 +0000 (GMT) Received: from mail.act.co.za (mail.act.co.za [196.15.213.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8CB4D43D2F for ; Tue, 21 Sep 2004 07:39:18 +0000 (GMT) (envelope-from spidey@act.co.za) Received: from localhost.act.co.za ([127.0.0.1] helo=localhost) by mail.act.co.za with esmtp (Exim 4.24; FreeBSD 5.0) id 1C9fLT-0000mU-MG for FreeBSD-isp@freebsd.org; Tue, 21 Sep 2004 09:45:51 +0200 Received: from mail.act.co.za ([127.0.0.1]) by localhost (mail.act.co.za [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02867-06 for ; Tue, 21 Sep 2004 09:45:50 +0200 (SAST) Received: from [10.0.1.11] (helo=SPIDEY) by mail.act.co.za with esmtp (Exim 4.24; FreeBSD 5.0) id 1C9fLS-0000mL-Je for FreeBSD-isp@freebsd.org; Tue, 21 Sep 2004 09:45:50 +0200 From: "Spidey Knepscheld" To: Date: Tue, 21 Sep 2004 09:39:15 +0200 Organization: ACT Computers Message-ID: <004301c49fae$18597be0$0b01000a@SPIDEY> MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Importance: Normal X-Virus-Scanned: by amavisd-new at act.co.za Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Amavis goes into loop X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: spidey@act.co.za List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2004 07:39:20 -0000 HI Guys Amavis seems to go into a loop when that happens I can see the following error in the main log : retry not reached for any hosts then I run the following to fix it but it keeps coming back after a few hours : /usr/local/etc/rc.d/amavisd.sh stop /etc/rc.d/exim stop cd /home/var-mirror/ rm -r amavis mkdir amavis chown vscan:vscan amavis chmod o-rwx amavis cd amavis mkdir db chown vscan:vscan db rm -r /var/spool/exim/input rm /var/spool/exim/db/retry* /usr/local/etc/rc.d/amavisd.sh start /etc/rc.d/exim start How can I stop this from happening ? Spidey From owner-freebsd-isp@FreeBSD.ORG Tue Sep 21 09:22:00 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3B98116A4CE for ; Tue, 21 Sep 2004 09:22:00 +0000 (GMT) Received: from mproxy.gmail.com (rproxy.gmail.com [64.233.170.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id E26A943D53 for ; Tue, 21 Sep 2004 09:21:59 +0000 (GMT) (envelope-from meshbah@gmail.com) Received: by mproxy.gmail.com with SMTP id 74so1400272rnk for ; Tue, 21 Sep 2004 02:21:53 -0700 (PDT) Received: by 10.38.181.68 with SMTP id d68mr1730617rnf; Tue, 21 Sep 2004 02:21:53 -0700 (PDT) Received: by 10.38.76.25 with HTTP; Tue, 21 Sep 2004 02:21:53 -0700 (PDT) Message-ID: Date: Tue, 21 Sep 2004 15:21:53 +0600 From: Meshbah Uddin Ahmed To: freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Howto Filter Mails X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Meshbah Uddin Ahmed List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2004 09:22:00 -0000 hi, i have used Postfix + MailScanner + ClamAV in FreeBSD. All r sucessfully working. but i face a prb, i want to filter mails through subject or body but i cant. whereas i can check mail by header. because i get some mails, which domain i dont want to block, i need to block those by searching a string from body or subject. so, can u pls suggest me, how can i do that. or any idea. thanks meshbah From owner-freebsd-isp@FreeBSD.ORG Tue Sep 21 07:31:24 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9197716A4CE for ; Tue, 21 Sep 2004 07:31:24 +0000 (GMT) Received: from marvin.muc.de (marvin.muc.de [193.149.48.2]) by mx1.FreeBSD.org (Postfix) with SMTP id 8FA3543D39 for ; Tue, 21 Sep 2004 07:31:23 +0000 (GMT) (envelope-from mod-submit@uni-berlin.de) Received: (qmail 41232 invoked by alias); 21 Sep 2004 07:31:22 -0000 Delivered-To: mods-muc-lists-freebsd-isp@moderators.muc.de Received: (qmail 41225 invoked from network); 21 Sep 2004 07:31:22 -0000 Received: from mail.fu-berlin.de (130.133.1.2) by marvin.muc.de with SMTP; 21 Sep 2004 07:31:22 -0000 Received: by Mail.FU-Berlin.DE (Exim 4.42) from curry.zedat.fu-berlin.de ([160.45.10.36]) for muc-lists-freebsd-isp@moderators.muc.de with esmtp id <1C9f7R-0007JM-PR>; Tue, 21 Sep 2004 09:31:21 +0200 Received: by Curry.ZEDAT.FU-Berlin.DE (Smail3.2.0.98) from news.uni-berlin.de with bsmtp id ; Tue, 21 Sep 2004 09:31:21 +0200 (MEST) To: muc-lists-freebsd-isp@moderators.muc.de Path: not-for-mail From: "madunix" Newsgroups: muc.lists.freebsd.isp Date: Tue, 21 Sep 2004 10:29:20 +0200 Lines: 95 Message-ID: <2ra3m2F177e3qU1@uni-berlin.de> X-Orig-X-Trace: news.uni-berlin.de pGEcGZnBWFQXrjiJfGSUGgPbhmj1yU1LgKh+x2nAZDvbRC1qkH X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 X-Mailman-Approved-At: Tue, 21 Sep 2004 11:58:33 +0000 Subject: configure mpd X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2004 07:31:24 -0000 I want to use mpd to build VPN links over the internet to Windows2000 boxes, I installed the 'mpd' system from ports/net/mpd. Then created the following files in /usr/local/etc/mpd/. mpd.conf mpd.links mpd.secret ----------mpd.conf---- default: load pptp0 # Load the pptp session load pptp1 pptp0: new -i ng0 pptp0 pptp0 #Create netgraph device set iface disable on-demand #set iface enable proxy-arp set bundle disable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap #CHAP authentication set link keep-alive 60 180 set ipcp yes vjcomp set ipcp ranges 10.5.1.11/16 0.0.0.0/0 #IP range for connection #set ipcp dns 10.5.1.11 #DNS Server address #set ipcp nbns 10.5.1.11 #NetBIOS Server address #set ipcp ranges 0.0.0.0/0 0.0.0.0/0 set bundle enable compression #Compression and encryption set ccp yes mppc #set ccp yes mpp-e40 set ccp no mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless set bundle yes crypt-reqd ---------mpd.links------------ pptp0: set link type pptp #set pptp self X.Y.Z.W set pptp self 10.5.1.11 set pptp enable incoming set pptp disable originate ----------mpd.secret----- #fred "fred-pw" #joe "foobar" 192.168.1.1 #bob "\x34\"foo\n" 192.168.1.10/24 #sal "yipee" 192.168.1.254 vpn "vpn" * The FreeBSD server: sdcftp# uname -a FreeBSD sdcftp.go.com.jo 5.2-RELEASE FreeBSD 5.2-RELEASE #0: Sun Jan 11 04:21:45 GMT 2004 root@wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386 ifconfig -a (NIC with PUBLIC IP and PRIVATE IP) pcn0: flags=8802 mtu 1500 ether 00:06:29:55:39:eb media: Ethernet autoselect (none) status: no carrier xl0: flags=8843 mtu 1500 options=b inet 10.5.1.11 netmask 0xffff0000 broadcast 10.5.255.255 inet6 fe80::201:2ff:fe75:93cf%xl0 prefixlen 64 scopeid 0x2 inet X.Y.Z.W netmask 0xfffffff0 broadcast 194.165.152.15 ether 00:01:02:75:93:cf media: Ethernet autoselect (100baseTX ) status: active when I run sdcftp# /usr/local/sbin/mpd Multi-link PPP for FreeBSD, by Archie L. Cobbs. Based on iij-ppp, by Toshiharu OHNO. mpd: pid 87373, version 3.18 (root@sdcftp.go.com.jo 17:51 20-Sep-2004) [:] from Client side it gave error VPN connection terminated locally by client Failed to establish coonection .... from the client side i am usinf Cisco VPN client Ver. 4.0.1 for Windows Any input would be really apprecaited. From owner-freebsd-isp@FreeBSD.ORG Tue Sep 21 13:15:19 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D85E16A4CF for ; Tue, 21 Sep 2004 13:15:19 +0000 (GMT) Received: from mail.day-light.net (day-light.net [64.37.72.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4844F43D31 for ; Tue, 21 Sep 2004 13:15:19 +0000 (GMT) (envelope-from john@day-light.com) Received: from w1 (gabriel.day-light.net [69.27.46.22]) by mail.day-light.net (Postfix) with SMTP id 996713529D; Tue, 21 Sep 2004 08:15:18 -0500 (CDT) From: "John Brooks" To: "Meshbah Uddin Ahmed" , Date: Tue, 21 Sep 2004 08:15:18 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Importance: Normal In-Reply-To: Subject: RE: Howto Filter Mails X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: john@day-light.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2004 13:15:19 -0000 man header_checks (includes 'body_checks') -- John Brooks john@day-light.com > -----Original Message----- > From: owner-freebsd-isp@freebsd.org > [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Meshbah Uddin Ahmed > Sent: Tuesday, September 21, 2004 4:22 AM > To: freebsd-isp@freebsd.org > Subject: Howto Filter Mails > > > hi, > > i have used Postfix + MailScanner + ClamAV in FreeBSD. All r > sucessfully working. but i face a prb, i want to filter mails through > subject or body but i cant. whereas i can check mail by header. > > because i get some mails, which domain i dont want to block, i need to > block those by searching a string from body or subject. > > so, can u pls suggest me, how can i do that. or any idea. > > thanks > meshbah > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Tue Sep 21 17:25:30 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B996916A4CE for ; Tue, 21 Sep 2004 17:25:30 +0000 (GMT) Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1FC4243D45 for ; Tue, 21 Sep 2004 17:25:30 +0000 (GMT) (envelope-from mike@coloradosurf.com) Received: from coloradosurf.com ([24.8.243.234]) by comcast.net (sccrmhc12) with ESMTP id <2004092117252901200cvkhde>; Tue, 21 Sep 2004 17:25:29 +0000 Received: from coloradosurf.com (localhost.coloradosurf.com [127.0.0.1]) by coloradosurf.com (8.12.9p2/8.12.9) with ESMTP id i8LHLNjw005254 for ; Tue, 21 Sep 2004 11:25:28 -0600 (MDT) (envelope-from mike@coloradosurf.com) Received: (from mike@localhost) by coloradosurf.com (8.12.9p2/8.12.9/Submit) id i8LHLN38005253 for freebsd-isp@freebsd.org; Tue, 21 Sep 2004 11:21:23 -0600 (MDT) (envelope-from mike) Date: Tue, 21 Sep 2004 11:21:22 -0600 From: Mike Dickerson To: freebsd-isp@freebsd.org Message-ID: <20040921172122.GA5225@coloradosurf.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: smtp load balance solutions X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2004 17:25:30 -0000 I'm looking for an smtp load balancing solution (something software based & open source is key ;) ). I've seen http://www.freebsd.org.hk/html/sgcluster/ and wondered what folks had to say (pro or con). Anyone using this? Any other options? I'd be interested in hearing about non- freebsd ones also (off this list would be best to reduce the noise), but would prefer to stick w/ freebsd solutions. The "ideal" (that I get from my boss) would allow "pass through" if not being balanced (therefore a non-nat or direct relation of external/internal ips). I haven't seen anything that offers this (or have not dug sufficiently through docs). suggestions?? thx, mike From owner-freebsd-isp@FreeBSD.ORG Wed Sep 22 08:16:02 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B50B016A4CE for ; Wed, 22 Sep 2004 08:16:02 +0000 (GMT) Received: from mailbox.wingercom.dk (mailbox.easyspeedy.dk [81.19.240.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A24743D58 for ; Wed, 22 Sep 2004 08:16:02 +0000 (GMT) (envelope-from per@xterm.dk) Received: from mailbox.wingercom.dk (localhost.wingercom.dk [127.0.0.1]) by mailbox.wingercom.dk (Postfix) with SMTP id D9D129325C for ; Wed, 22 Sep 2004 10:20:27 +0200 (CEST) Received: from 62.242.151.142 (SquirrelMail authenticated user per) by mailbox.wingercom.dk with HTTP; Wed, 22 Sep 2004 10:20:27 +0200 (CEST) Message-ID: <53103.62.242.151.142.1095841227.squirrel@mailbox.wingercom.dk> Date: Wed, 22 Sep 2004 10:20:27 +0200 (CEST) From: "Per Engelbrecht" To: X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: funny customers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Sep 2004 08:16:02 -0000 Hi All I'm administering a mid-size serverhosting site and have a problem with customers enabling root passwd in single-user mode. It's the same customers that set up fake payment sites, do serious hacking (i.e. not good, productive hacking) mailspamming and so on. In order to collect information for a criminal case (yes, in some cases we go all the way) I need a way to get into these boxes (mostly FreeBSD's) but I can't think of a way to disable the prompt for root passwd in single-user mode. Know it's a wildcard, but I've been looking at 'set' options under 'boot' and a way to mount the serverdisk on another fbsd installation, but without any luck. Any help would be appreciatet. Thank you. respectfully /per per@xterm.dk From owner-freebsd-isp@FreeBSD.ORG Wed Sep 22 09:40:43 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D7E216A4CE for ; Wed, 22 Sep 2004 09:40:43 +0000 (GMT) Received: from mailbox.wingercom.dk (mailbox.easyspeedy.dk [81.19.240.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2EB0A43D2D for ; Wed, 22 Sep 2004 09:40:43 +0000 (GMT) (envelope-from per@xterm.dk) Received: from mailbox.wingercom.dk (localhost.wingercom.dk [127.0.0.1]) by mailbox.wingercom.dk (Postfix) with SMTP id CEF6493258 for ; Wed, 22 Sep 2004 11:45:13 +0200 (CEST) Received: from 62.242.151.142 (SquirrelMail authenticated user per) by mailbox.wingercom.dk with HTTP; Wed, 22 Sep 2004 11:45:13 +0200 (CEST) Message-ID: <51375.62.242.151.142.1095846313.squirrel@mailbox.wingercom.dk> Date: Wed, 22 Sep 2004 11:45:13 +0200 (CEST) From: "Per Engelbrecht" To: In-Reply-To: <546931695.20040922124354@apollophone.ru> References: <546931695.20040922124354@apollophone.ru> X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: funny customers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Sep 2004 09:40:43 -0000 Hi Alex > >> I'm administering a mid-size serverhosting site and have a problem >> with customers enabling root passwd in single-user mode. >> It's the same customers that set up fake payment sites, do serious >> hacking (i.e. not good, productive hacking) mailspamming and so >> on. > >> In order to collect information for a criminal case (yes, in some >> cases we go all the way) I need a way to get into these boxes >> (mostly >> FreeBSD's) but I can't think of a way to disable the prompt for >> root passwd in single-user mode. > to disable root password checking on single user mode entrance > in /etc/ttys: > change line: >> console none unknown off insecure > to >> console none unknown off secure I know how to enable it, that's not the problem. The problem is the opposit - how do I disable it after I bruce-force the customer off the net and want access to the box ? At first I thought of setting 'chflags' on the /etc/ttys file, but customers can change securelevel as they please = won't help. But right now I need a way to bypass (I don't think it's possible) the single_user mode root login feature. respectfully /per per@xterm.dk > > > if using serial line for access in single user mode, try to change > line >>ttyd0 "/usr/libexec/getty std.9600" dialup on insecure > to >>ttyd0 "/usr/libexec/getty std.9600" dialup on secure > > > > -- > Best regards, > Alex D. Griazin > Apollo Phone network engineer > e-mail: alex@apollophone.ru > ICQ UIN: 22898964 > Phone: +7 (812) 140-5-999 From owner-freebsd-isp@FreeBSD.ORG Wed Sep 22 09:51:27 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F3FC216A4CE for ; Wed, 22 Sep 2004 09:51:26 +0000 (GMT) Received: from smtp.enta.net (smtp.enta.net [195.74.97.230]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8C69843D68 for ; Wed, 22 Sep 2004 09:51:26 +0000 (GMT) (envelope-from steve@enta.net) Received: from [195.74.96.98] (steve2.enta.net [195.74.96.98]) by smtp.enta.net (Postfix) with ESMTP id C135D99F3C; Wed, 22 Sep 2004 11:00:18 +0100 (BST) Message-ID: <41514B1D.2030603@enta.net> Date: Wed, 22 Sep 2004 10:51:25 +0100 From: Steve Lalonde Organization: Entanet International Ltd User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Per Engelbrecht References: <53103.62.242.151.142.1095841227.squirrel@mailbox.wingercom.dk> In-Reply-To: <53103.62.242.151.142.1095841227.squirrel@mailbox.wingercom.dk> X-Enigmail-Version: 0.86.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: funny customers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Sep 2004 09:51:27 -0000 Per Engelbrecht wrote: > Hi All > > I'm administering a mid-size serverhosting site and have a problem with > customers enabling root passwd in single-user mode. > It's the same customers that set up fake payment sites, do serious > hacking (i.e. not good, productive hacking) mailspamming and so on. > > In order to collect information for a criminal case (yes, in some cases > we go all the way) I need a way to get into these boxes (mostly > FreeBSD's) but I can't think of a way to disable the prompt for root > passwd in single-user mode. > Know it's a wildcard, but I've been looking at 'set' options under > 'boot' and a way to mount the serverdisk on another fbsd installation, > but without any luck. > > Any help would be appreciatet. Thank you. > > respectfully > /per > per@xterm.dk > > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" Hi Can you not remove the disk and mount it in an alternate box to get access to the data you need? -- Steve Lalonde RTFM Chief Technical Officer Entanet International Ltd http://www.enta.net/ From owner-freebsd-isp@FreeBSD.ORG Wed Sep 22 10:11:39 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 63B7D16A4CE for ; Wed, 22 Sep 2004 10:11:39 +0000 (GMT) Received: from zephon.secspace.de (zephon.secspace.de [62.75.136.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id E16CB43D2D for ; Wed, 22 Sep 2004 10:11:38 +0000 (GMT) (envelope-from ml@ps102.de) Received: from ariel.office.volker.de (pD9E1C4CB.dip.t-dialin.net [217.225.196.203]) by zephon.secspace.de (Postfix) with ESMTP id 9DFF96EB20; Wed, 22 Sep 2004 12:11:36 +0200 (CEST) Date: Wed, 22 Sep 2004 12:11:59 +0200 From: Volker Kindermann To: "Per Engelbrecht" Message-ID: <20040922121159.0c4e864e@ariel.office.volker.de> In-Reply-To: <53103.62.242.151.142.1095841227.squirrel@mailbox.wingercom.dk> References: <53103.62.242.151.142.1095841227.squirrel@mailbox.wingercom.dk> X-Mailer: Sylpheed-Claws 0.9.12a (GTK+ 1.2.10; i386-portbld-freebsd5.2.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: funny customers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Sep 2004 10:11:39 -0000 Hi Per, > I'm administering a mid-size serverhosting site and have a problem with > customers enabling root passwd in single-user mode. isn't it possible to boot from a livecd (second FreeBSD CD), mount the partitions, do a chroot to the mounted system and reset the password? But be careful: if you want to bring these cases to court you should document each step and should copy the original discs to other disks (make checksums before and after) and work with these other disks. -volker From owner-freebsd-isp@FreeBSD.ORG Wed Sep 22 10:20:06 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 036BF16A4CE for ; Wed, 22 Sep 2004 10:20:06 +0000 (GMT) Received: from hobbit.neveragain.de (neveragain.de [217.69.76.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 169F943D49 for ; Wed, 22 Sep 2004 10:20:05 +0000 (GMT) (envelope-from amf@hobbit.neveragain.de) Received: from hobbit.neveragain.de (amf@localhost [127.0.0.1]) i8MAJvHQ014323 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 22 Sep 2004 12:19:57 +0200 Received: (from amf@localhost) by hobbit.neveragain.de (8.12.11/8.12.11/Debian-5) id i8MAJvnh014322; Wed, 22 Sep 2004 12:19:57 +0200 Date: Wed, 22 Sep 2004 12:19:57 +0200 From: Dennis Koegel To: Per Engelbrecht Message-ID: <20040922101956.GA13687@neveragain.de> References: <546931695.20040922124354@apollophone.ru> <51375.62.242.151.142.1095846313.squirrel@mailbox.wingercom.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <51375.62.242.151.142.1095846313.squirrel@mailbox.wingercom.dk> X-PGP-KeyID: 0D73E19A User-Agent: Mutt/1.5.6+20040722i X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.4 (hobbit.neveragain.de [127.0.0.1]); Wed, 22 Sep 2004 12:19:57 +0200 (CEST) cc: freebsd-isp@freebsd.org Subject: Re: funny customers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Sep 2004 10:20:06 -0000 Hi, On Wed, Sep 22, 2004 at 11:45:13AM +0200, Per Engelbrecht wrote: > But right now I need a way to bypass (I don't think it's possible) the > single_user mode root login feature. Just an idea (as it doesn't work ;) ... A trick known from linux is to boot the kernel with /bin/sh instead of /sbin/init. You'd do "set init_path=/bin/sh" for that in the loader. This would bypass the usual startup and thus you won't be asked for the password. However, i just tried this and it doesn't work. The sh immediately exists and consequently the kernel panics. Don't know what's the problem there... - D. From owner-freebsd-isp@FreeBSD.ORG Wed Sep 22 10:41:10 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3329D16A4CE for ; Wed, 22 Sep 2004 10:41:10 +0000 (GMT) Received: from mproxy.gmail.com (rproxy.gmail.com [64.233.170.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id 69A9243D2F for ; Wed, 22 Sep 2004 10:41:09 +0000 (GMT) (envelope-from meshbah@gmail.com) Received: by mproxy.gmail.com with SMTP id 74so1785789rnk for ; Wed, 22 Sep 2004 03:41:08 -0700 (PDT) Received: by 10.38.6.75 with SMTP id 75mr84732rnf; Wed, 22 Sep 2004 03:41:08 -0700 (PDT) Received: by 10.38.76.25 with HTTP; Wed, 22 Sep 2004 03:41:08 -0700 (PDT) Message-ID: Date: Wed, 22 Sep 2004 16:41:08 +0600 From: Meshbah Uddin Ahmed To: john@day-light.com, freebsd-isp@freebsd.org In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: Subject: Re: Howto Filter Mails X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Meshbah Uddin Ahmed List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Sep 2004 10:41:10 -0000 Dear John, thanks 4 ur help. i tried according to ur instruction. it works little bit. i add a line in main.cf body_checks = pcre:/usr/local/etc/postfix/body_checks then i create a file, name body_checks and add the following line- /^xyz$/ REJECT Mail is Reject in this way, postfix does not send this kind of mail which content is "xyz". but in maillog it shows- SYSERR(root):savemail: cannot save rejected email anywhere On Tue, 21 Sep 2004 09:33:36 -0500, John Brooks wrote: > the name of the file is "header_checks" and it is located in the same > directory that contains all of the postfix config files. "body_checks" > is similar, but it must be created. all of the info needed is located > in either the 'man' page or the 'header_checks' file itself. there are > several 'sample' files included with the postfix documentation that may > be of benefit. > > -- > John Brooks > john@day-light.com From owner-freebsd-isp@FreeBSD.ORG Wed Sep 22 14:30:11 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 535B216A4D3 for ; Wed, 22 Sep 2004 14:30:11 +0000 (GMT) Received: from mailbox.wingercom.dk (mailbox.easyspeedy.dk [81.19.240.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1026243D41 for ; Wed, 22 Sep 2004 14:30:11 +0000 (GMT) (envelope-from per@xterm.dk) Received: from mailbox.wingercom.dk (localhost.wingercom.dk [127.0.0.1]) by mailbox.wingercom.dk (Postfix) with SMTP id A576893201 for ; Wed, 22 Sep 2004 16:34:41 +0200 (CEST) Received: from 62.242.151.142 (SquirrelMail authenticated user per) by mailbox.wingercom.dk with HTTP; Wed, 22 Sep 2004 16:34:41 +0200 (CEST) Message-ID: <63469.62.242.151.142.1095863681.squirrel@mailbox.wingercom.dk> Date: Wed, 22 Sep 2004 16:34:41 +0200 (CEST) From: "Per Engelbrecht" To: In-Reply-To: <41514B1D.2030603@enta.net> References: <41514B1D.2030603@enta.net> X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: funny customers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Sep 2004 14:30:11 -0000 Hi Steve >> >> I'm administering a mid-size serverhosting site and have a problem >> with customers enabling root passwd in single-user mode. >> It's the same customers that set up fake payment sites, do serious >> hacking (i.e. not good, productive hacking) mailspamming and so >> on. >> >> In order to collect information for a criminal case (yes, in some >> cases we go all the way) I need a way to get into these boxes >> (mostly >> FreeBSD's) but I can't think of a way to disable the prompt for >> root passwd in single-user mode. >> Know it's a wildcard, but I've been looking at 'set' options under >> 'boot' and a way to mount the serverdisk on another fbsd >> installation, but without any luck. >> >> Any help would be appreciatet. Thank you. >> > > Can you not remove the disk and mount it in an alternate box to get > access to the data you need? Keeping in mind that alle the data from / down are important, the standard procedure adding_a_disk won't work due to the dd part. A simple mount (finding disk from dmesg) didn't work eighter .. Both running system and disk use UFS2. Maybe I'm overlooking the obvious, but what besides the above would do the trick ? respectfully /per per@xterm.dk > > -- > Steve Lalonde RTFM > Chief Technical Officer > Entanet International Ltd > http://www.enta.net/ > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to > "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Wed Sep 22 14:32:50 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6269616A4CF for ; Wed, 22 Sep 2004 14:32:50 +0000 (GMT) Received: from mailbox.wingercom.dk (mailbox.wingercom.dk [81.19.240.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 19B3D43D2D for ; Wed, 22 Sep 2004 14:32:50 +0000 (GMT) (envelope-from per@xterm.dk) Received: from mailbox.wingercom.dk (localhost.wingercom.dk [127.0.0.1]) by mailbox.wingercom.dk (Postfix) with SMTP id 2696393201 for ; Wed, 22 Sep 2004 16:37:21 +0200 (CEST) Received: from 62.242.151.142 (SquirrelMail authenticated user per) by mailbox.wingercom.dk with HTTP; Wed, 22 Sep 2004 16:37:21 +0200 (CEST) Message-ID: <58378.62.242.151.142.1095863841.squirrel@mailbox.wingercom.dk> Date: Wed, 22 Sep 2004 16:37:21 +0200 (CEST) From: "Per Engelbrecht" To: In-Reply-To: <20040922121159.0c4e864e@ariel.office.volker.de> References: <20040922121159.0c4e864e@ariel.office.volker.de> X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: funny customers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Sep 2004 14:32:50 -0000 Hi Volker > >> I'm administering a mid-size serverhosting site and have a problem >> with customers enabling root passwd in single-user mode. > > isn't it possible to boot from a livecd (second FreeBSD CD), mount > the partitions, do a chroot to the mounted system and reset the > password? Hmm, haven't tried that. I'll get back to you a.s.a.p Volker. > But be careful: if you want to bring these cases to court you > should document each step and should copy the original discs to > other disks (make checksums before and after) and work with these > other disks. The law-stuff are dealt with by others than me, but thank you for this advice(!) respectfully /per per@xterm.dk > > -volker From owner-freebsd-isp@FreeBSD.ORG Wed Sep 22 14:44:56 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 88D0B16A4CE for ; Wed, 22 Sep 2004 14:44:56 +0000 (GMT) Received: from mailbox.wingercom.dk (mailbox.wingercom.dk [81.19.240.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 43CE043D31 for ; Wed, 22 Sep 2004 14:44:56 +0000 (GMT) (envelope-from per@xterm.dk) Received: from mailbox.wingercom.dk (localhost.wingercom.dk [127.0.0.1]) by mailbox.wingercom.dk (Postfix) with SMTP id 29AF0931DF for ; Wed, 22 Sep 2004 16:49:27 +0200 (CEST) Received: from 62.242.151.142 (SquirrelMail authenticated user per) by mailbox.wingercom.dk with HTTP; Wed, 22 Sep 2004 16:49:27 +0200 (CEST) Message-ID: <65077.62.242.151.142.1095864567.squirrel@mailbox.wingercom.dk> Date: Wed, 22 Sep 2004 16:49:27 +0200 (CEST) From: "Per Engelbrecht" To: In-Reply-To: <20040922101956.GA13687@neveragain.de> References: <20040922101956.GA13687@neveragain.de> X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: funny customers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Sep 2004 14:44:56 -0000 Hi Dennis > > On Wed, Sep 22, 2004 at 11:45:13AM +0200, Per Engelbrecht wrote: >> But right now I need a way to bypass (I don't think it's possible) >> the single_user mode root login feature. > > Just an idea (as it doesn't work ;) ... > > A trick known from linux is to boot the kernel with /bin/sh instead > of /sbin/init. You'd do "set init_path=/bin/sh" for that in the > loader. This would bypass the usual startup and thus you won't be > asked for the password. > > However, i just tried this and it doesn't work. The sh immediately > exists and consequently the kernel panics. Don't know what's the > problem there... Hmm .. I'm not sure why, but in FreeBSD both csh (default root shell ... *&#@$!) and sh are linked static and tampering with these from the boot-process through /sbin/init (which is the last part of the boot-process anyway) is something I wouldn't do. Creative thinking though :) Thank you Dennis. respectfully /per per@xterm.dk > > - D. From owner-freebsd-isp@FreeBSD.ORG Wed Sep 22 14:51:26 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A9F6316A4CE for ; Wed, 22 Sep 2004 14:51:26 +0000 (GMT) Received: from ews38.everyware.ch (ews38.espace.everyware.ch [212.71.111.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id B8FA243D1D for ; Wed, 22 Sep 2004 14:51:25 +0000 (GMT) (envelope-from dna@everyware.ch) Received: from linux-dna.everyware.ch (linux-dna.everyware.ch [212.71.117.27]) by ews38.everyware.ch (Postfix) with SMTP id 4758D1C82B; Wed, 22 Sep 2004 16:51:23 +0200 (CEST) Date: Wed, 22 Sep 2004 16:51:22 +0200 From: Dimitri Aivaliotis To: "Per Engelbrecht" Message-Id: <20040922165122.7b0f77cf@linux-dna.everyware.ch> In-Reply-To: <63469.62.242.151.142.1095863681.squirrel@mailbox.wingercom.dk> References: <41514B1D.2030603@enta.net> <63469.62.242.151.142.1095863681.squirrel@mailbox.wingercom.dk> Organization: EveryWare AG X-Mailer: Sylpheed version 0.9.10claws (GTK+ 1.2.10; i686-pc-linux-gnu) X-Face: 'Pz)c2@Qiu.8=a*>M\B0X)y%#}|a P}TLNYp$B/bI3t")\C\?,$EI.Wgi,BRAd]ksqaF&gdKma/; 3v|nF91@Md6kOdEG'%dIoofV"R\lJKJ JS5 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Sep 2004 14:51:26 -0000 On Wed, 22 Sep 2004 16:34:41 +0200 (CEST) "Per Engelbrecht" wrote: > Keeping in mind that alle the data from / down are important, the > standard procedure adding_a_disk won't work due to the dd part. > A simple mount (finding disk from dmesg) didn't work eighter .. > Both running system and disk use UFS2. > > Maybe I'm overlooking the obvious, but what besides the above would do > the trick ? Have you tried dump/restore? (see http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/disks.html#NEW-HUGE-DISK) You'll be wanting the reverse of what's given here, or some variant. 1) Use either a LiveCD, or another FreeBSD box with an extra disk. 2) Use fdisk and disklabel to set-up the extra disk like the one on your customer's machine. 3) Install the disk from the customer's machine. 4) Mount both disks in appropriate places: /dev/(blank)s1a on /mnt/copy/ /dev/(blank)s1f on /mnt/copy/usr /dev/(blank)s1d on /mnt/copy/var and /dev/(cust)s1a on /mnt/customer/ /dev/(cust)s1f on /mnt/customer/usr /dev/(cust)s1d on /mnt/customer/var (adapt to your slice layout and disk device) 5) dump & restore: cd /mnt/copy dump 0af - /mnt/customer/ | restore xf - This will take awhile, depending on the size & speed of each of the disks. Good luck! - Dimitri -- Dimitri Aivaliotis EveryWare AG Birmensdorferstrasse 125 8003 Zurich tel: +41 (1) 466 60 00 fax: +41 (1) 466 60 10 From owner-freebsd-isp@FreeBSD.ORG Wed Sep 22 15:23:15 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4BEE316A4D2 for ; Wed, 22 Sep 2004 15:23:15 +0000 (GMT) Received: from fed1rmmtao10.cox.net (fed1rmmtao10.cox.net [68.230.241.29]) by mx1.FreeBSD.org (Postfix) with ESMTP id 055CF43D3F for ; Wed, 22 Sep 2004 15:23:15 +0000 (GMT) (envelope-from keith@southo.net) Received: from southog2bwobmh ([68.7.164.234]) by fed1rmmtao10.cox.net (InterMail vM.6.01.03.04 201-2131-111-106-20040729) with ESMTP id <20040922152314.DHOI20002.fed1rmmtao10.cox.net@southog2bwobmh> for ; Wed, 22 Sep 2004 11:23:14 -0400 From: "Keith Baldwin" To: Date: Wed, 22 Sep 2004 08:23:19 -0700 Message-ID: <029901c4a0b8$17069330$f501a8c0@southog2bwobmh> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.6626 In-Reply-To: <65077.62.242.151.142.1095864567.squirrel@mailbox.wingercom.dk> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Subject: RE: funny customers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Sep 2004 15:23:15 -0000 Didn't see it posted yet so here. >From http://www.daemonnews.org/200108/security-howto.html in the Local Security section: "Lets begin with /etc/ttys. Open it up in your favorite editor and find = the console line: console none unknown off secure Change "secure" to "insecure", so the user is asked for the root = password when going to single user mode. Be warned this will also make recovering lost root passwords more difficult, But it will prevent someone from = gaining root access to your machine locally provided they do not have a boot = disk." Regards, Keith -----Original Message----- From: owner-freebsd-isp@freebsd.org = [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of Per Engelbrecht Sent: Wednesday, September 22, 2004 7:49 AM To: freebsd-isp@freebsd.org Subject: Re: funny customers Hi Dennis > > On Wed, Sep 22, 2004 at 11:45:13AM +0200, Per Engelbrecht wrote: >> But right now I need a way to bypass (I don't think it's possible) >> the single_user mode root login feature. > > Just an idea (as it doesn't work ;) ... > > A trick known from linux is to boot the kernel with /bin/sh instead > of /sbin/init. You'd do "set init_path=3D/bin/sh" for that in the > loader. This would bypass the usual startup and thus you won't be > asked for the password. > > However, i just tried this and it doesn't work. The sh immediately > exists and consequently the kernel panics. Don't know what's the > problem there... Hmm .. I'm not sure why, but in FreeBSD both csh (default root shell ... *&#@$!) and sh are linked static and tampering with these from the boot-process through /sbin/init (which is the last part of the boot-process anyway) is something I wouldn't do. Creative thinking though :) Thank you Dennis. respectfully /per per@xterm.dk > > - D. _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Thu Sep 23 06:48:17 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9445416A4CE for ; Thu, 23 Sep 2004 06:48:17 +0000 (GMT) Received: from smtp4.wlink.com.np (smtp4.wlink.com.np [202.79.32.87]) by mx1.FreeBSD.org (Postfix) with SMTP id B39A043D2F for ; Thu, 23 Sep 2004 06:48:14 +0000 (GMT) (envelope-from bikrant_ml@wlink.com.np) Received: (qmail 15926 invoked from network); 23 Sep 2004 06:48:11 -0000 Received: from unknown (HELO qmail-scanner.wlink.com.np) (202.79.32.74) by 0 with SMTP; 23 Sep 2004 06:48:11 -0000 Received: (qmail 70579 invoked by uid 1008); 23 Sep 2004 06:48:10 -0000 Received: from bikrant_ml@wlink.com.np by qmail-scanner.wlink.com.np by uid 1002 with qmail-scanner-1.20 (clamscan: 0.60. Clear:RC:1(202.79.32.77):. Processed in 1.983426 secs); 23 Sep 2004 06:48:10 -0000 Received: from smtp2.wlink.com.np (202.79.32.77) by qmail-scanner.wlink.com.np with SMTP; 23 Sep 2004 06:48:08 -0000 Received: (qmail 21880 invoked by uid 516); 23 Sep 2004 06:48:05 -0000 Received: from [202.79.36.168] (HELO bikrant.org.np) by smtp2.wlink.com.np (qmail-smtpd) with SMTP; 23 Sep 2004 06:48:05 -0000 (Thu, 23 Sep 2004 12:33:05 +0545) From: Bikrant Neupane To: freebsd-questions@freebsd.org Date: Thu, 23 Sep 2004 12:33:00 +0545 User-Agent: KMail/1.7 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200409231233.00370.bikrant_ml@wlink.com.np> X-Spam-Check-By: smtp2.wlink.com.np Spam: No ; -4.9 / 5.0 X-Spam-Status: No, hits=-4.9 required=5.0 cc: freebsd-isp@freebsd.org Subject: Ipfw accept rule X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2004 06:48:17 -0000 Hi, When a packet hits "allow | accept | pass | permit" rule the packet is accepted and the search is retiminated at that point. I need to accept the packet but still want the packet to continue travers rules further below. However, once it hits "deny | drop" rule it should be dropped and the search should terminate at that point. Is that possible with IPFW? regards, Bikrant From owner-freebsd-isp@FreeBSD.ORG Thu Sep 23 07:14:38 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D495716A4CE for ; Thu, 23 Sep 2004 07:14:38 +0000 (GMT) Received: from mailbox.wingercom.dk (mailbox.wingercom.dk [81.19.240.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 90E0E43D31 for ; Thu, 23 Sep 2004 07:14:38 +0000 (GMT) (envelope-from per@xterm.dk) Received: from mailbox.wingercom.dk (localhost.wingercom.dk [127.0.0.1]) by mailbox.wingercom.dk (Postfix) with SMTP id D2F61931FA for ; Thu, 23 Sep 2004 09:19:10 +0200 (CEST) Received: from 62.242.151.142 (SquirrelMail authenticated user per) by mailbox.wingercom.dk with HTTP; Thu, 23 Sep 2004 09:19:10 +0200 (CEST) Message-ID: <54027.62.242.151.142.1095923950.squirrel@mailbox.wingercom.dk> Date: Thu, 23 Sep 2004 09:19:10 +0200 (CEST) From: "Per Engelbrecht" To: In-Reply-To: <20040922165122.7b0f77cf@linux-dna.everyware.ch> References: <20040922165122.7b0f77cf@linux-dna.everyware.ch> X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: funny customers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2004 07:14:38 -0000 Hi Dimitri > >> Keeping in mind that alle the data from / down are important, the >> standard procedure adding_a_disk won't work due to the dd part. >> A simple mount (finding disk from dmesg) didn't work eighter .. >> Both running system and disk use UFS2. >> >> Maybe I'm overlooking the obvious, but what besides the above >> would do the trick ? > > Have you tried dump/restore? > > (see > http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/ disks.html#NEW-HUGE-DISK) > > You'll be wanting the reverse of what's given here, or some > variant. > > 1) Use either a LiveCD, or another FreeBSD box with an extra disk. > > 2) Use fdisk and disklabel to set-up the extra disk like the one on > your customer's machine. > > 3) Install the disk from the customer's machine. > > 4) Mount both disks in appropriate places: > > /dev/(blank)s1a on /mnt/copy/ > /dev/(blank)s1f on /mnt/copy/usr > /dev/(blank)s1d on /mnt/copy/var > > and > > /dev/(cust)s1a on /mnt/customer/ > /dev/(cust)s1f on /mnt/customer/usr > /dev/(cust)s1d on /mnt/customer/var > > (adapt to your slice layout and disk device) > > 5) dump & restore: > > cd /mnt/copy > dump 0af - /mnt/customer/ | restore xf - > > This will take awhile, depending on the size & speed of each of the > disks. > > Good luck! (sorry for this late reply, but something came up) First of all I appreciate your thorough answer very much. I'll have a go at the livecd/cd2 first and let you and the rest of you know the result. Thank you. respectfully /per per@xterm.dk > > - Dimitri > > > -- > Dimitri Aivaliotis > EveryWare AG > Birmensdorferstrasse 125 > 8003 Zurich > > tel: +41 (1) 466 60 00 > fax: +41 (1) 466 60 10 > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to > "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Thu Sep 23 07:16:03 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A907116A4CE for ; Thu, 23 Sep 2004 07:16:03 +0000 (GMT) Received: from mailbox.wingercom.dk (mail.julie.gl [81.19.240.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6ABF143D39 for ; Thu, 23 Sep 2004 07:16:03 +0000 (GMT) (envelope-from per@xterm.dk) Received: from mailbox.wingercom.dk (localhost.wingercom.dk [127.0.0.1]) by mailbox.wingercom.dk (Postfix) with SMTP id 08E21931FA for ; Thu, 23 Sep 2004 09:20:33 +0200 (CEST) Received: from 62.242.151.142 (SquirrelMail authenticated user per) by mailbox.wingercom.dk with HTTP; Thu, 23 Sep 2004 09:20:33 +0200 (CEST) Message-ID: <56126.62.242.151.142.1095924033.squirrel@mailbox.wingercom.dk> Date: Thu, 23 Sep 2004 09:20:33 +0200 (CEST) From: "Per Engelbrecht" To: In-Reply-To: References: X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: funny customers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2004 07:16:03 -0000 Hi David > >> But right now I need a way to bypass (I don't think it's possible) >> the single_user mode root login feature. > > > Boot from another disk (cd, floppy, etc), mount the disk, edit the > file, reboot? > > 's what we used to do with bsd/os when such would happen... I'll do that right away. Thank you. respectfully /per per@xterm.dk > > > --- > david raistrick > http://www.netmeister.org/news/learn2quote.html drais@atlasta.net > http://www.expita.com/nomime.html From owner-freebsd-isp@FreeBSD.ORG Thu Sep 23 07:17:42 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A540B16A4D0 for ; Thu, 23 Sep 2004 07:17:42 +0000 (GMT) Received: from cpe3.wifi.albury.net.au (cpe3.wifi.albury.NET.AU [203.42.178.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C77543D54 for ; Thu, 23 Sep 2004 07:17:41 +0000 (GMT) (envelope-from david@albury.net.au) Received: from localhost.alburybf.org (localhost.alburybf.org [127.0.0.1]) i8N7HcTh086857 for ; Thu, 23 Sep 2004 17:17:38 +1000 (EST) (envelope-from david@albury.net.au) Date: Thu, 23 Sep 2004 17:16:14 +1000 (EST) From: David Atkinson X-X-Sender: david@mailgate.alburybf.org To: Bikrant Neupane In-Reply-To: <200409231233.00370.bikrant_ml@wlink.com.np> Message-ID: <20040923165730.E67579@mailgate.alburybf.org> References: <200409231233.00370.bikrant_ml@wlink.com.np> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII ReSent-Date: Thu, 23 Sep 2004 17:17:30 +1000 (EST) Resent-From: David Atkinson Resent-To: freebsd-isp@freebsd.org ReSent-Subject: Re: Ipfw accept rule ReSent-Message-ID: <20040923171730.L67579@mailgate.alburybf.org> Subject: Re: Ipfw accept rule X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2004 07:17:42 -0000 Are you looking for something like count? The whole idea of an allow rule is that once it matches it is assumed that you actually do want that packet and there is no point continuing through the ruleset. If you want to have a general allow rule with a few specific exclusions, add one or two deny rules for the specific cases and then have your more general allow rule. One problem that does occur with this plan is that it becomes very easy to overload your server with lots of rarely matched deny rules. If you find the time in interupt going too high look at constructing some blocks of rules and setup some skipto rules. In the case of blocking (firewalling off) well known sources of spam, a lot of rules can be generated very quickly. As these only apply to port 25 traffic, as skipto can be used to skip these rules for all other traffic. 1000 skipto 2000 tcp from any to any 25 1100 skipto 4000 ip from any to any 2000 deny ip from spammer.com to any ... HTH, David Atkinson On Thu, 23 Sep 2004, Bikrant Neupane wrote: > Hi, > When a packet hits "allow | accept | pass | permit" rule the packet is > accepted and the search is retiminated at that point. > > I need to accept the packet but still want the packet to continue travers > rules further below. However, once it hits "deny | drop" rule it should be > dropped and the search should terminate at that point. Is that possible with > IPFW? > > regards, > Bikrant > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Thu Sep 23 07:21:43 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6155316A4CE for ; Thu, 23 Sep 2004 07:21:43 +0000 (GMT) Received: from mailbox.wingercom.dk (mail.julie.gl [81.19.240.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1365443D48 for ; Thu, 23 Sep 2004 07:21:43 +0000 (GMT) (envelope-from per@xterm.dk) Received: from mailbox.wingercom.dk (localhost.wingercom.dk [127.0.0.1]) by mailbox.wingercom.dk (Postfix) with SMTP id 8CBAD931FC for ; Thu, 23 Sep 2004 09:26:15 +0200 (CEST) Received: from 62.242.151.142 (SquirrelMail authenticated user per) by mailbox.wingercom.dk with HTTP; Thu, 23 Sep 2004 09:26:15 +0200 (CEST) Message-ID: <57012.62.242.151.142.1095924375.squirrel@mailbox.wingercom.dk> Date: Thu, 23 Sep 2004 09:26:15 +0200 (CEST) From: "Per Engelbrecht" To: In-Reply-To: <029901c4a0b8$17069330$f501a8c0@southog2bwobmh> References: <029901c4a0b8$17069330$f501a8c0@southog2bwobmh> X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: RE: funny customers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2004 07:21:43 -0000 Hi Keith >>From http://www.daemonnews.org/200108/security-howto.html in the >>Local > Security section: > > "Lets begin with /etc/ttys. Open it up in your favorite editor and > find the console line: > > console none unknown off secure This one was postet once before, but this is not the problem / I know the procedure for activating it. The problem is undoing it on a "foreign" server where it's activatet. But thank you for your reply. respectfully /per per@xterm.dk > > Change "secure" to "insecure", so the user is asked for the root > password when going to single user mode. Be warned this will also > make recovering lost root passwords more difficult, But it will > prevent someone from gaining root access to your machine locally > provided they do not have a boot disk." > > Regards, > Keith > > > -----Original Message----- > From: owner-freebsd-isp@freebsd.org > [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of Per Engelbrecht > Sent: Wednesday, September 22, 2004 7:49 AM > To: freebsd-isp@freebsd.org > Subject: Re: funny customers > > Hi Dennis > >> >> On Wed, Sep 22, 2004 at 11:45:13AM +0200, Per Engelbrecht wrote: >>> But right now I need a way to bypass (I don't think it's >>> possible) the single_user mode root login feature. >> >> Just an idea (as it doesn't work ;) ... >> >> A trick known from linux is to boot the kernel with /bin/sh >> instead of /sbin/init. You'd do "set init_path=/bin/sh" for that >> in the >> loader. This would bypass the usual startup and thus you won't be >> asked for the password. >> >> However, i just tried this and it doesn't work. The sh immediately >> exists and consequently the kernel panics. Don't know what's the >> problem there... > > Hmm .. I'm not sure why, but in FreeBSD both csh (default root > shell ... *&#@$!) and sh are linked static and tampering with these > from the boot-process through /sbin/init (which is the last part of > the boot-process anyway) is something I wouldn't do. > Creative thinking though :) > Thank you Dennis. > > respectfully > /per > per@xterm.dk > > >> >> - D. > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to > "freebsd-isp-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to > "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Thu Sep 23 07:52:10 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 575C316A4CF for ; Thu, 23 Sep 2004 07:52:10 +0000 (GMT) Received: from smtp4.wlink.com.np (smtp4.wlink.com.np [202.79.32.87]) by mx1.FreeBSD.org (Postfix) with SMTP id D521543D46 for ; Thu, 23 Sep 2004 07:52:05 +0000 (GMT) (envelope-from bikrant_ml@wlink.com.np) Received: (qmail 23968 invoked from network); 23 Sep 2004 07:52:03 -0000 Received: from unknown (HELO qmail-scanner.wlink.com.np) (202.79.32.74) by 0 with SMTP; 23 Sep 2004 07:52:03 -0000 Received: (qmail 64999 invoked by uid 1008); 23 Sep 2004 07:52:03 -0000 Received: from bikrant_ml@wlink.com.np by qmail-scanner.wlink.com.np by uid 1002 with qmail-scanner-1.20 (clamscan: 0.60. Clear:RC:1(202.79.32.77):. Processed in 0.039679 secs); 23 Sep 2004 07:52:03 -0000 Received: from smtp2.wlink.com.np (202.79.32.77) by qmail-scanner.wlink.com.np with SMTP; 23 Sep 2004 07:52:03 -0000 Received: (qmail 26273 invoked by uid 516); 23 Sep 2004 07:52:02 -0000 Received: from [202.79.36.168] (HELO bikrant.org.np) by smtp2.wlink.com.np (qmail-smtpd) with SMTP; 23 Sep 2004 07:52:01 -0000 (Thu, 23 Sep 2004 13:37:01 +0545) From: Bikrant Neupane To: freebsd-isp@freebsd.org Date: Thu, 23 Sep 2004 13:36:57 +0545 User-Agent: KMail/1.7 References: <200409231233.00370.bikrant_ml@wlink.com.np> <20040923165730.E67579@mailgate.alburybf.org> In-Reply-To: <20040923165730.E67579@mailgate.alburybf.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200409231336.57405.bikrant_ml@wlink.com.np> X-Spam-Check-By: smtp2.wlink.com.np Spam: No ; -4.9 / 5.0 X-Spam-Status: No, hits=-4.9 required=5.0 cc: David Atkinson cc: freebsd-questions@freebsd.org Subject: Re: Ipfw accept rule X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2004 07:52:10 -0000 Thanks for the reply. Well I am not looking for the count rule. Actually I have some other situation. I am trying to implement b/w shaping using ipfw. And i am trying to include mac address based filtering in it as well. As long as I don't implement ipfw in ether (net.link.ether.ipfw=0/1) pkts hit the rule only once and I get the b/w as specified in the IPFW pipe syntax. However when I enable ipfw in ether all the pkts hits the matching rule twice. and as a result I get half of the b/w to what has been specified in ipfw pipe. This is normal (as mentiontioned in ipfw man page) since pkt traversal is doubled when IPFW is enabed in ether. Any way I can get the desired output by multiplyin/dividing the b/w value by 2. But that won't look neat :) Here is my rule set: #skip dependind the pkt layer 01000 322 14780 skipto 10000 ip from any to any layer2 in via xl0 01100 200 93204 skipto 20000 ip from any to any not layer2 #rule num 10000 to 20000 allocated for layer2 filtering #for mac filter: allow only listed mac to send traffic 10000 39 1780 allow ip from any to any MAC any 00:00:0e:84:00:83 in via xl0 #default deny all mac coming in from xl0 19997 284 13046 deny ip from any to any MAC any any in via xl0 #rule above 20,000 alocated for !layer2 filtering #general firewall rule 20100 0 0 allow ip from any to any via lo0 20150 72 6448 allow ip from me to any out 20200 75 45356 count ip from any to any in via em0 20250 56 2240 count ip from any to any out via em0 #traffic shaping 35000 0 0 pipe 200 ip from any to 202.79.45.253 out via xl0 35001 0 0 pipe 201 ip from 202.79.45.253 to any out via em0 35002 0 0 allow ip from any to 202.79.45.253 35003 0 0 allow ip from 202.79.45.253 to any 35004 324 485880 pipe 202 ip from any to 202.79.45.254 out via xl0 35005 302 12080 pipe 203 ip from 202.79.45.254 to any out via em0 35006 163 244440 allow ip from any to 202.79.45.254 35007 151 6040 allow ip from 202.79.45.254 to any #default deny 65530 25 1138 deny log ip from any to any 65535 29604 21352015 allow ip from any to any regards, Bikrant On Thursday 23 September 2004 13:01, David Atkinson wrote: > Are you looking for something like count? The whole idea of an allow rule > is that once it matches it is assumed that you actually do want that > packet and there is no point continuing through the ruleset. If you want > to have a general allow rule with a few specific exclusions, add one or > two deny rules for the specific cases and then have your more general > allow rule. One problem that does occur with this plan is that it becomes > very easy to overload your server with lots of rarely matched deny rules. > If you find the time in interupt going too high look at constructing some > blocks of rules and setup some skipto rules. In the case of blocking > (firewalling off) well known sources of spam, a lot of rules can be > generated very quickly. As these only apply to port 25 traffic, as skipto > can be used to skip these rules for all other traffic. > > 1000 skipto 2000 tcp from any to any 25 > 1100 skipto 4000 ip from any to any > 2000 deny ip from spammer.com to any > ... > > HTH, > David Atkinson > > On Thu, 23 Sep 2004, Bikrant Neupane wrote: > > Hi, > > When a packet hits "allow | accept | pass | permit" rule the packet is > > accepted and the search is retiminated at that point. > > > > I need to accept the packet but still want the packet to continue travers > > rules further below. However, once it hits "deny | drop" rule it should > > be dropped and the search should terminate at that point. Is that > > possible with IPFW? > > > > regards, > > Bikrant > > > > > > _______________________________________________ > > freebsd-isp@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Thu Sep 23 08:10:37 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8418416A4CE; Thu, 23 Sep 2004 08:10:37 +0000 (GMT) Received: from ims01.stf.nus.edu.sg (ims01.stf.nus.edu.sg [137.132.14.208]) by mx1.FreeBSD.org (Postfix) with ESMTP id D06C843D5C; Thu, 23 Sep 2004 08:10:36 +0000 (GMT) (envelope-from bikrant_ml@wlink.com.np) Received: from mail pickup service by ims01.stf.nus.edu.sg with Microsoft SMTPSVC; Thu, 23 Sep 2004 16:10:33 +0800 Received: from isv03.stf.nus.edu.sg ([137.132.14.18]) by ims01.stf.nus.edu.sg with Microsoft SMTPSVC(5.0.2195.6713); Thu, 23 Sep 2004 14:49:05 +0800 Received: from mx2.fanmail.com ([216.180.38.177]) by isv03.stf.nus.edu.sg with InterScan Messaging Security Suite; Thu, 23 Sep 2004 14:49:05 +0800 Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119])by ; Thu, 23 Sep 2004 01:31:23 -0500 (CDT) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18])by mx2.freebsd.org (Postfix) with ESMTPid 7747156503; Thu, 23 Sep 2004 owner-freebsd-questions@freebsd.org) Received: from hub.freebsd.org (localhost [127.0.0.1])by hub.freebsd.org (Postfix) with ESMTPid B615316A500; Thu, 23 Sep 2004 06:48:24 +0000 (GMT) Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])by hub.freebsd.org (Postfix) with ESMTP id 5443116A4CEfor ;Thu, 23 Sep 2004 06:48:20 +0000 (GMT) Received: from smtp4.wlink.com.np (smtp4.wlink.com.np [202.79.32.87])by mx1.FreeBSD.org (Postfix) with SMTP id 6912E43D1Ffor ;Thu, 23 Sep 2004 06:48:17 +0000 (GMT)(envelope-from bikrant_ml@wlink.com.np) Received: (qmail 15929 invoked from network); 23 Sep 2004 06:48:14 -0000 Received: from unknown (HELO qmail-scanner.wlink.com.np) (202.79.32.74) by 0 with SMTP; 23 Sep 2004 06:48:14 -0000 Received: (qmail 70622 invoked by uid 1008); 23 Sep 2004 06:48:11 -0000 Received: from bikrant_ml@wlink.com.np by qmail-scanner.wlink.com.np by uid1002 with qmail-scanner-1.20 (clamscan: 0.60. Clear:RC:1(202.79.32.77):. Processed in 1.708401 secs); 23 Sep 2004 06:48:10 -0000 Received: from smtp2.wlink.com.np (202.79.32.77) by qmail-scanner.wlink.com.np with SMTP; 23 Sep 2004 06:48:08 -0000 Received: (qmail 21880 invoked by uid 516); 23 Sep 2004 06:48:05 -0000 Received: from [202.79.36.168] (HELO bikrant.org.np) by smtp2.wlink.com.np(qmail-smtpd) with SMTP; 23 Sep 2004 06:48:05 -0000 (Thu, 23 Sep 2004 12:33:05+0545) From: Bikrant Neupane To: freebsd-questions@freebsd.org Date: Thu, 23 Sep 2004 12:33:00 +0545 User-Agent: KMail/1.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200409231233.00370.bikrant_ml@wlink.com.np> X-Spam-Check-By: smtp2.wlink.com.np Spam: No ; -4.9 / 5.0 X-Spam-Status: No, hits=-4.9 required=5.0 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Sender: owner-freebsd-questions@freebsd.org Errors-To: owner-freebsd-questions@freebsd.org X-imss-version: 2.8 X-imss-result: Passed X-imss-scores: Clean:99.90000 C:49 M:0 S:5 R:5 X-imss-settings: Baseline:3 C:1 M:1 S:1 R:1 (0.5000 0.5000) X-OriginalArrivalTime: 23 Sep 2004 06:49:05.0784 (UTC) FILETIME=[6B40E780:01C4A139] cc: freebsd-isp@freebsd.org Subject: Ipfw accept rule X-BeenThere: freebsd-isp@freebsd.org List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2004 08:10:37 -0000 Hi, When a packet hits "allow | accept | pass | permit" rule the packet is accepted and the search is retiminated at that point. I need to accept the packet but still want the packet to continue travers rules further below. However, once it hits "deny | drop" rule it should be dropped and the search should terminate at that point. Is that possible with IPFW? regards, Bikrant _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Thu Sep 23 11:14:46 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DBC1216A4CE for ; Thu, 23 Sep 2004 11:14:45 +0000 (GMT) Received: from mail.act.co.za (mail.act.co.za [196.15.213.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3A9E843D58 for ; Thu, 23 Sep 2004 11:14:44 +0000 (GMT) (envelope-from spidey@act.co.za) Received: from localhost.act.co.za ([127.0.0.1] helo=localhost) by mail.act.co.za with esmtp (Exim 4.24; FreeBSD 5.0) id 1CARf2-0007oE-3y for FreeBSD-isp@freebsd.org; Thu, 23 Sep 2004 13:21:16 +0200 Received: from mail.act.co.za ([127.0.0.1]) by localhost (mail.act.co.za [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29627-07 for ; Thu, 23 Sep 2004 13:21:14 +0200 (SAST) Received: from [10.0.1.11] (helo=SPIDEY) by mail.act.co.za with esmtp (Exim 4.24; FreeBSD 5.0) id 1CARf0-0007o2-KF for FreeBSD-isp@freebsd.org; Thu, 23 Sep 2004 13:21:14 +0200 From: "Spidey Knepscheld" To: Date: Thu, 23 Sep 2004 13:14:34 +0200 Organization: ACT Computers Message-ID: <000b01c4a15e$8320d020$0b01000a@SPIDEY> MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 X-Virus-Scanned: by amavisd-new at act.co.za Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Administrator X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: spidey@act.co.za List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2004 11:14:46 -0000 Hi Guy Like I think the majority of you know I ask quite a few silly questions concerning my FreeBSD Servers.I own a small ISP in South Africa and my Administrator is becoming more and more unavailable due to other responsibilities.I try to learn how everything fits together but at a very slow rate.Do anyone of you perhaps know of a company in South Africa that can maintain my setup for me.I know of a few companies that support Linux Red hat but I don't want to go that route I came from Red hat to FreeBSD and believe me I don't want to go back. Please if anyone of you know of something like this I know this not an ordinary question for the group but perhaps.... Thank you Spidey From owner-freebsd-isp@FreeBSD.ORG Thu Sep 23 16:44:45 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3F53716A4CE for ; Thu, 23 Sep 2004 16:44:45 +0000 (GMT) Received: from tyberius.abccom.bc.ca (tyberius.abccom.bc.ca [204.239.167.97]) by mx1.FreeBSD.org (Postfix) with SMTP id 8A0BC43D48 for ; Thu, 23 Sep 2004 16:44:44 +0000 (GMT) (envelope-from jon@abccom.bc.ca) Received: (qmail 78820 invoked by uid 1000); 23 Sep 2004 16:44:37 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 23 Sep 2004 16:44:37 -0000 Date: Thu, 23 Sep 2004 09:44:37 -0700 (PDT) From: Jon Simola To: Bikrant Neupane In-Reply-To: <200409231336.57405.bikrant_ml@wlink.com.np> Message-ID: <20040923091609.K60082-100000@tyberius.abccom.bc.ca> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org Subject: Re: Ipfw accept rule X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2004 16:44:45 -0000 On Thu, 23 Sep 2004, Bikrant Neupane wrote: > Here is my rule set: > > #skip dependind the pkt layer > 01000 322 14780 skipto 10000 ip from any to any layer2 in via xl0 > 01100 200 93204 skipto 20000 ip from any to any not layer2 > > #rule num 10000 to 20000 allocated for layer2 filtering > #for mac filter: allow only listed mac to send traffic > 10000 39 1780 allow ip from any to any MAC any 00:00:0e:84:00:83 in via > xl0 > #default deny all mac coming in from xl0 > 19997 284 13046 deny ip from any to any MAC any any in via xl0 If this is layer2 filtering, where are the layer2 tags in the ipfw rule? And if this is the extent of your layer 2, then don't forget an allow/deny default for layer2 packets (allow ip from any to any layer2). Also, you're only checking your layer2 on a specific interface, perhaps you only have one. I've got something like: 00010 skipto 32000 ip from any to any not layer2 00050 deny ip from any to any MAC any 00:30:da:00:00:00/24 layer2 in 00055 count ip from any to any MAC any 00:0b:db:1d:63:56 layer2 in // sniffing for traffic 03100 allow ip from any to any layer2 // bandwidth monitoring pipes 32003 pipe 3 ip from any to any src-ip 10.10.66.0/24 in recv em1 32004 pipe 4 ip from any to any dst-ip 10.10.66.0/24 out xmit em1 65534 allow ip from any to any 65535 deny ip from any to any --- Jon Simola | "In the near future - corporate networks Systems Administrator | reach out to the stars, electrons and light ABC Communications | flow throughout the universe." -- GITS From owner-freebsd-isp@FreeBSD.ORG Thu Sep 23 18:24:36 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 272F916A4CE for ; Thu, 23 Sep 2004 18:24:36 +0000 (GMT) Received: from asum.kodu.ee (asum.kodu.ee [212.27.241.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9EE9A43D58 for ; Thu, 23 Sep 2004 18:24:34 +0000 (GMT) (envelope-from juhani@kernel.ee) Received: from [192.168.1.9] (panic.kernel.ee [212.27.241.3]) by asum.kodu.ee (8.12.9p2/8.12.8) with ESMTP id i8NIOUNC065672 for ; Thu, 23 Sep 2004 21:24:30 +0300 (EEST) (envelope-from juhani@kernel.ee) Message-ID: <415314D6.3070803@kernel.ee> Date: Thu, 23 Sep 2004 21:24:22 +0300 From: Juhani Tali User-Agent: Mozilla Thunderbird 0.7.3 (X11/20040824) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new Subject: how can I redirect? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2004 18:24:36 -0000 Hi The idea is to redirect all "unknown" clients attempts to visit web to a local web servers page. So I made a small test setup on my own box natd -reverse -proxy_only -redirect_port tcp x.x.x.17:80 194.106.96.98:80 ipfw add 400 divert natd all from any to 194.106.96.98 where the x.x.x.17:80 hosts a "you are closed" web page and 194.106.96.98 is just a popular web page. Without -reverse I can see the "popular web page", with it nothing. Juhani From owner-freebsd-isp@FreeBSD.ORG Thu Sep 23 19:15:39 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3035516A4CE; Thu, 23 Sep 2004 19:15:39 +0000 (GMT) Received: from FoxSurfer.Com (dns1.foxsurfer.com [69.90.8.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id B834643D49; Thu, 23 Sep 2004 19:15:38 +0000 (GMT) (envelope-from daemon@foxchat.net) Received: from [24.172.9.74] (zapper@rrcs-24-172-9-74.midsouth.biz.rr.com [24.172.9.74]) by FoxSurfer.Com (8.12.11/8.12.11) with ESMTP id i8NJFYBT082528 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO); Thu, 23 Sep 2004 15:15:34 -0400 (EDT) (envelope-from daemon@foxchat.net) From: NetAdmin To: Bikrant Neupane In-Reply-To: <200409231233.00370.bikrant_ml@wlink.com.np> References: <200409231233.00370.bikrant_ml@wlink.com.np> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-Ds3IyowJG+KMm9rlHelP" Message-Id: <1095966936.877.38.camel@foxdaemon.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Thu, 23 Sep 2004 15:15:36 -0400 X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: freebsd-isp@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: Ipfw accept rule X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2004 19:15:39 -0000 --=-Ds3IyowJG+KMm9rlHelP Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Here are my dummy net rules. Not sure if they are exactly work or not but they keep my kids from using all the upstream bandwidth. If anyone has a better way, please by all means let me know. The only thing I'm not sure of, is where it goes in the rule set. Here is where I have mine and how it is set up. Hope this helps. case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then ${fwcmd} add divert natd all from any to any via ${natd_interface} fi ;; esac ${fwcmd} add skipto 20000 ip from any to any bridged #---------------------- DUMMYNET Config -------------------------- # ${fwcmd} add pipe 1 { tcp or udp } from ${iip1} to any 80-65000 ${fwcmd} pipe 1 config mask src-ip 0xffffff00 bw 384Kbit/s queue 20Kbytes # ${fwcmd} add pipe 2 ip from ${iip1} to any out ${fwcmd} pipe 2 config mask src-ip 0xffffff00 bw 1024Kbit/s queue 20Kbytes # ${fwcmd} add pipe 3 ip from any to ${iip1} in ${fwcmd} pipe 3 config mask dst-ip 0xffffff00 bw 1024Kbit/s queue 20Kbytes ${iip1} =3D 192.168.1.0/24 I used "whatmask" in /usr/ports/net-mgmt/whatmask to help figure out what the netmask was for my subnet in case you use a different subnet than I. On Thu, 2004-09-23 at 02:48, Bikrant Neupane wrote: > Hi, > When a packet hits "allow | accept | pass | permit" rule the packet is=20 > accepted and the search is retiminated at that point.=20 >=20 > I need to accept the packet but still want the packet to continue travers= =20 > rules further below. However, once it hits "deny | drop" rule it should b= e=20 > dropped and the search should terminate at that point. Is that possible w= ith=20 > IPFW? >=20 > regards, > Bikrant >=20 >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" --=20 NetAdmin for the FoxChat.Net IRC Network. The FoxSurfer Group --=-Ds3IyowJG+KMm9rlHelP Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBUyDYNirmlL8R/7sRAj/RAJ9j2DOqMVDZRjqKllIWcqRvAoH5UACfXqsD B4Mndu2cwRAzUfqoAHRUGxg= =PyUB -----END PGP SIGNATURE----- --=-Ds3IyowJG+KMm9rlHelP-- From owner-freebsd-isp@FreeBSD.ORG Fri Sep 24 06:21:16 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDBEA16A4CF for ; Fri, 24 Sep 2004 06:21:15 +0000 (GMT) Received: from smtp4.wlink.com.np (smtp4.wlink.com.np [202.79.32.87]) by mx1.FreeBSD.org (Postfix) with SMTP id 7906643D5D for ; Fri, 24 Sep 2004 06:21:07 +0000 (GMT) (envelope-from bikrant_ml@wlink.com.np) Received: (qmail 36112 invoked from network); 24 Sep 2004 06:21:02 -0000 Received: from unknown (HELO qmail-scanner.wlink.com.np) (202.79.32.74) by 0 with SMTP; 24 Sep 2004 06:21:02 -0000 Received: (qmail 13010 invoked by uid 1008); 24 Sep 2004 06:21:01 -0000 Received: from bikrant_ml@wlink.com.np by qmail-scanner.wlink.com.np by uid 1002 with qmail-scanner-1.20 (clamscan: 0.60. Clear:RC:1(202.79.32.77):. Processed in 0.165703 secs); 24 Sep 2004 06:21:01 -0000 Received: from smtp2.wlink.com.np (202.79.32.77) by qmail-scanner.wlink.com.np with SMTP; 24 Sep 2004 06:21:01 -0000 Received: (qmail 5823 invoked by uid 516); 24 Sep 2004 06:21:01 -0000 Received: from [202.79.36.168] (HELO bikrant.org.np) by smtp2.wlink.com.np (qmail-smtpd) with SMTP; 24 Sep 2004 06:21:00 -0000 (Fri, 24 Sep 2004 12:06:00 +0545) From: Bikrant Neupane To: freebsd-isp@freebsd.org Date: Fri, 24 Sep 2004 12:05:53 +0545 User-Agent: KMail/1.7 References: <20040923091609.K60082-100000@tyberius.abccom.bc.ca> In-Reply-To: <20040923091609.K60082-100000@tyberius.abccom.bc.ca> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200409241205.53812.bikrant_ml@wlink.com.np> X-Spam-Check-By: smtp2.wlink.com.np Spam: No ; -4.9 / 5.0 X-Spam-Status: No, hits=-4.9 required=5.0 cc: NetAdmin cc: freebsd-questions@freebsd.org Subject: Re: Ipfw accept rule X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Sep 2004 06:21:16 -0000 On Thursday 23 September 2004 22:29, Jon Simola wrote: > On Thu, 23 Sep 2004, Bikrant Neupane wrote: > > Here is my rule set: > > > > #skip dependind the pkt layer > > 01000 322 14780 skipto 10000 ip from any to any layer2 in via xl0 > > 01100 200 93204 skipto 20000 ip from any to any not layer2 > > > > #rule num 10000 to 20000 allocated for layer2 filtering > > #for mac filter: allow only listed mac to send traffic > > 10000 39 1780 allow ip from any to any MAC any 00:00:0e:84:00:83 > > in via xl0 > > #default deny all mac coming in from xl0 > > 19997 284 13046 deny ip from any to any MAC any any in via xl0 > > If this is layer2 filtering, where are the layer2 tags in the ipfw rule? > And if this is the extent of your layer 2, then don't forget an allow/deny > default for layer2 packets (allow ip from any to any layer2). Also, you're > only checking your layer2 on a specific interface, perhaps you only have > one. > > I've got something like: > 00010 skipto 32000 ip from any to any not layer2 > 00050 deny ip from any to any MAC any 00:30:da:00:00:00/24 layer2 in > 00055 count ip from any to any MAC any 00:0b:db:1d:63:56 layer2 in // > sniffing for traffic 03100 allow ip from any to any layer2 > // bandwidth monitoring pipes > 32003 pipe 3 ip from any to any src-ip 10.10.66.0/24 in recv em1 > 32004 pipe 4 ip from any to any dst-ip 10.10.66.0/24 out xmit em1 > 65534 allow ip from any to any > 65535 deny ip from any to any > Well, I have no problem with the MAC filtering rules. Only problem that I am having is that the pkts hit the matching rule twice = as=20 a result I get only half of the b/w than that specified in ipfw pipe comman= d. 35004 =A0 324 =A0 485880 pipe 202 ip from any to 202.79.45.254 out via xl0 35005 =A0 302 =A0 =A012080 pipe 203 ip from 202.79.45.254 to any out via em0 Isn't there a way to construct rules such that matching pkts hit the rule o= nly=20 once? regards, Bikrant > > --- > Jon Simola | "In the near future - corporate networks > Systems Administrator | reach out to the stars, electrons and > light ABC Communications | flow throughout the universe." -- GITS > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Fri Sep 24 10:03:29 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E9FE916A4CE for ; Fri, 24 Sep 2004 10:03:28 +0000 (GMT) Received: from smtp4.wlink.com.np (smtp4.wlink.com.np [202.79.32.87]) by mx1.FreeBSD.org (Postfix) with SMTP id 1D03943D41 for ; Fri, 24 Sep 2004 10:03:25 +0000 (GMT) (envelope-from bikrant_ml@wlink.com.np) Received: (qmail 65787 invoked from network); 24 Sep 2004 10:03:19 -0000 Received: from unknown (HELO qmail-scanner.wlink.com.np) (202.79.32.74) by 0 with SMTP; 24 Sep 2004 10:03:19 -0000 Received: (qmail 51682 invoked by uid 1008); 24 Sep 2004 10:03:18 -0000 Received: from bikrant_ml@wlink.com.np by qmail-scanner.wlink.com.np by uid 1002 with qmail-scanner-1.20 (clamscan: 0.60. Clear:RC:1(202.79.32.77):. Processed in 0.061565 secs); 24 Sep 2004 10:03:18 -0000 Received: from smtp2.wlink.com.np (202.79.32.77) by qmail-scanner.wlink.com.np with SMTP; 24 Sep 2004 10:03:18 -0000 Received: (qmail 20511 invoked by uid 516); 24 Sep 2004 10:03:18 -0000 Received: from [202.79.36.168] (HELO bikrant.org.np) by smtp2.wlink.com.np (qmail-smtpd) with SMTP; 24 Sep 2004 10:03:17 -0000 (Fri, 24 Sep 2004 15:48:17 +0545) From: Bikrant Neupane To: dima <_pppp@mail.ru> Date: Fri, 24 Sep 2004 15:48:13 +0545 User-Agent: KMail/1.7 References: <20040923091609.K60082-100000@tyberius.abccom.bc.ca> <200409241205.53812.bikrant_ml@wlink.com.np> <1096018919.654.3.camel@pppp> In-Reply-To: <1096018919.654.3.camel@pppp> MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200409241548.14313.bikrant_ml@wlink.com.np> X-Spam-Check-By: smtp2.wlink.com.np Spam: No ; -4.9 / 5.0 X-Spam-Status: No, hits=-4.9 required=5.0 cc: freebsd-isp@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: Ipfw accept rule X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Sep 2004 10:03:29 -0000 On Friday 24 September 2004 15:26, dima wrote: > =F7 =D0=D4, 24.09.2004, =D7 10:20, Bikrant Neupane =D0=C9=DB=C5=D4: > > On Thursday 23 September 2004 22:29, Jon Simola wrote: > > > On Thu, 23 Sep 2004, Bikrant Neupane wrote: > > > > Here is my rule set: > > > > > > > > #skip dependind the pkt layer > > > > 01000 322 14780 skipto 10000 ip from any to any layer2 in via > > > > xl0 01100 200 93204 skipto 20000 ip from any to any not layer2 > > > > > > > > #rule num 10000 to 20000 allocated for layer2 filtering > > > > #for mac filter: allow only listed mac to send traffic > > > > 10000 39 1780 allow ip from any to any MAC any > > > > 00:00:0e:84:00:83 in via xl0 > > > > #default deny all mac coming in from xl0 > > > > 19997 284 13046 deny ip from any to any MAC any any in via xl0 > > > > > > If this is layer2 filtering, where are the layer2 tags in the ipfw > > > rule? And if this is the extent of your layer 2, then don't forget an > > > allow/deny default for layer2 packets (allow ip from any to any > > > layer2). Also, you're only checking your layer2 on a specific > > > interface, perhaps you only have one. > > > > > > I've got something like: > > > 00010 skipto 32000 ip from any to any not layer2 > > > 00050 deny ip from any to any MAC any 00:30:da:00:00:00/24 layer2 in > > > 00055 count ip from any to any MAC any 00:0b:db:1d:63:56 layer2 in // > > > sniffing for traffic 03100 allow ip from any to any layer2 > > > // bandwidth monitoring pipes > > > 32003 pipe 3 ip from any to any src-ip 10.10.66.0/24 in recv em1 > > > 32004 pipe 4 ip from any to any dst-ip 10.10.66.0/24 out xmit em1 > > > 65534 allow ip from any to any > > > 65535 deny ip from any to any > > > > Well, I have no problem with the MAC filtering rules. > > Only problem that I am having is that the pkts hit the matching rule > > twice as a result I get only half of the b/w than that specified in ipfw > > pipe command. > > > > > > 35004 324 485880 pipe 202 ip from any to 202.79.45.254 out via xl0 > > 35005 302 12080 pipe 203 ip from 202.79.45.254 to any out via em0 > > > > Isn't there a way to construct rules such that matching pkts hit the ru= le > > only once? > > $ man ipfw > [skip] > pipe pipe_nr > Pass packet to a dummynet(4) ``pipe'' (for bandwidth limitation, > delay, etc.). See the TRAFFIC SHAPER (DUMMYNET) CONFIGURATION > Section for further information. The search terminates; however, > on exit from the pipe and if the sysctl(8) variable > net.inet.ip.fw.one_pass is not set, the packet is passed again to > the firewall code starting from the next rule. > [skip] # sysctl -a net.inet.ip.fw.one_pass net.inet.ip.fw.one_pass: 1 It is by default 1. I tried with 0 as well Bikrant > $ From owner-freebsd-isp@FreeBSD.ORG Fri Sep 24 15:37:47 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A499016A4CF for ; Fri, 24 Sep 2004 15:37:47 +0000 (GMT) Received: from tyberius.abccom.bc.ca (tyberius.abccom.bc.ca [204.239.167.97]) by mx1.FreeBSD.org (Postfix) with SMTP id 3006B43D53 for ; Fri, 24 Sep 2004 15:37:47 +0000 (GMT) (envelope-from jon@abccom.bc.ca) Received: (qmail 8380 invoked by uid 1000); 24 Sep 2004 15:37:39 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 24 Sep 2004 15:37:39 -0000 Date: Fri, 24 Sep 2004 08:37:38 -0700 (PDT) From: Jon Simola To: Bikrant Neupane In-Reply-To: <200409241548.14313.bikrant_ml@wlink.com.np> Message-ID: <20040924083040.N60082-100000@tyberius.abccom.bc.ca> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: Ipfw accept rule X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Sep 2004 15:37:47 -0000 On Fri, 24 Sep 2004, Bikrant Neupane wrote: > > > Well, I have no problem with the MAC filtering rules. > > > Only problem that I am having is that the pkts hit the matching rule > > > twice as a result I get only half of the b/w than that specified in ipfw > > > pipe command. Yes, the packets will hit the pipe twice. Once at layer2 and once at layer3. You're not stopping the packets from passing through a pipe simply by leaving out a "layer2" from the rule. ether_input -> ipfw -> ip_input -> ipfw -> network stack > > > Isn't there a way to construct rules such that matching pkts hit the rule > > > only once? Write your ruleset appropriately, or stick "not layer2" on your pipe rules. --- Jon Simola | "In the near future - corporate networks Systems Administrator | reach out to the stars, electrons and light ABC Communications | flow throughout the universe." -- GITS From owner-freebsd-isp@FreeBSD.ORG Fri Sep 24 18:43:21 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7391816A4EF for ; Fri, 24 Sep 2004 18:43:21 +0000 (GMT) Received: from mail.save-ferris.com (ip-69-33-104-67.nyc.megapath.net [69.33.104.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4718E43D41 for ; Fri, 24 Sep 2004 18:43:21 +0000 (GMT) (envelope-from jromero@save-ferris.com) Received: by mail.save-ferris.com (Postfix, from userid 1002) id 7E97817066; Fri, 24 Sep 2004 14:43:08 -0400 (EDT) Received: from 192.168.100.2 (unknown [192.168.100.3]) by mail.save-ferris.com (Postfix) with ESMTP id 8607B17064 for ; Fri, 24 Sep 2004 14:43:07 -0400 (EDT) Received: from 192.168.100.119 (SquirrelMail authenticated user jromero); by new.host.name with HTTP; Fri, 24 Sep 2004 14:43:07 -0400 (EDT) Message-ID: <3546.192.168.100.119.1096051387.squirrel@192.168.100.119> Date: Fri, 24 Sep 2004 14:43:07 -0400 (EDT) From: jromero@save-ferris.com To: freebsd-isp@freebsd.org User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on ws1.save-ferris.com X-Spam-Status: No, hits=0.3 required=3.0 tests=NO_REAL_NAME autolearn=no version=2.64 X-Spam-Level: Subject: freeBSD 5.X SMP --> QUAD XEON SCALABILITY QUESTION X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Sep 2004 18:43:21 -0000 Posted to freebsd-smp but didn't get too many replies, so I apologize for cross posting ahead of time. Need to configure groupware server and multiprotocol wireless proxy for aproximatly 2500 accounts. Application is heavily multi threaded and willrequire alot of CPU power. The OS will be FreeBSD 5.x Thinking of going with ServerWorks* Grand Champion HE quad xeon server board. Has anyone had any SMP experience with quad xeon systems on freebsd 5.x??? I'm curious to know if anyone experienced any major technical stumbling blocks. I guess I also want to know how well Freebsd 5.x will scale on a 4 proc. Will freeBSD 5.x utilize a quad xeon board as efficiently as linux2.6??? system. Thanks, JR