From owner-freebsd-isp Sun Feb 8 16:59:55 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA03733 for freebsd-isp-outgoing; Sun, 8 Feb 1998 16:59:55 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from terminus.galaxia.com (dave@terminus.galaxia.com [204.255.210.97]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA03727 for ; Sun, 8 Feb 1998 16:59:52 -0800 (PST) (envelope-from dave@galaxia.com) Received: from localhost (dave@localhost) by terminus.galaxia.com (8.8.5/8.8.5) with SMTP id TAA06209 for ; Sun, 8 Feb 1998 19:59:48 -0500 (EST) Date: Sun, 8 Feb 1998 19:59:48 -0500 (EST) From: "David H. Brierley" To: freebsd-isp@FreeBSD.ORG Subject: Need help with radius authentication Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I can't decide if I'm missing something basic or what. I'm trying to set up the radius software so that it uses the unix password file to authenticate the users. It works fine if the user is running a unix box but does not work if the user is running Windows 95. Since most of our users are running W95 this is obviously a major problem. Everything works fine if I define the user in the "users" file in the radius directory but I don't want to do that because I want to allow the users to easily change their passwords by connecting to the main server. If you are successfully using unix password authentication for your dial up users, would you please let me know the following: - what radius software are you using? (Livingston or Merit) - what magic did you put in your configuration files? - if you are using Livingston portmaster boxes, did you have to do any configuration changes on the PM? -- David H. Brierley dave@galaxia.com or dave@aiconnect.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Feb 8 17:15:50 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA05548 for freebsd-isp-outgoing; Sun, 8 Feb 1998 17:15:50 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from cedb.dpcsys.com (cedb.dpcsys.com [206.16.184.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA05538 for ; Sun, 8 Feb 1998 17:15:48 -0800 (PST) (envelope-from dan@dpcsys.com) Received: from localhost (dan@localhost) by cedb.dpcsys.com (8.8.5/8.8.2) with SMTP id BAA03489; Mon, 9 Feb 1998 01:15:56 GMT Date: Sun, 8 Feb 1998 17:15:56 -0800 (PST) From: Dan Busarow To: "David H. Brierley" cc: freebsd-isp@FreeBSD.ORG Subject: Re: Need help with radius authentication In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 8 Feb 1998, David H. Brierley wrote: > If you are successfully using unix password authentication for your > dial up users, would you please let me know the following: > > - what radius software are you using? (Livingston or Merit) Livingston, still at 1.x > - what magic did you put in your configuration files? None DEFAULT Password = "UNIX" User-Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Address = 255.255.255.254, Framed-Netmask = 255.255.255.255, Framed-Routing = None, Framed-Compression = Van-Jacobsen-TCP-IP, Framed-MTU = 1500 > - if you are using Livingston portmaster boxes, did you have to > do any configuration changes on the PM? Not that I know of or remember. Login type is set to Login/Network for the ports. What version of ComOS do you have? Dan -- Dan Busarow 714 443 4172 DPC Systems / Beach.Net dan@dpcsys.com Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Feb 8 23:03:30 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA23810 for freebsd-isp-outgoing; Sun, 8 Feb 1998 23:03:30 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from barney.webace.com.au ([203.25.160.154]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA23782; Sun, 8 Feb 1998 23:03:21 -0800 (PST) (envelope-from jasonm@barney.webace.com.au) Received: from localhost (jasonm@localhost) by barney.webace.com.au (8.8.5/8.8.5) with SMTP id PAA03110; Mon, 9 Feb 1998 15:14:54 +0800 (WST) Date: Mon, 9 Feb 1998 15:14:53 +0800 (WST) From: Jason McKay To: questions@FreeBSD.ORG cc: isp@FreeBSD.ORG Subject: Please help - session limits Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, We are running FreeBSD 2.2.2-RELEASE and are about to setup an ISP. We want our users to have a limit of 2 hours per day. Therefore, we need a program that will disconnect members of a group after 2 hours and leave them off until the next day. We tried idled, but it doesn't do the job .. the refuse period only works after they have exceed their session limit .. The program we require has to remember any time they have used earlier with in that day. Therefore, if the user has been on for 30 mins in the morning, they can only have 90 mins later in that day. We would be very greatful for any help. Thank you, Jason McKay To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Feb 9 01:07:25 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA21900 for freebsd-isp-outgoing; Mon, 9 Feb 1998 01:07:25 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA21837; Mon, 9 Feb 1998 01:07:10 -0800 (PST) (envelope-from danny@panda.hilink.com.au) Received: (from danny@localhost) by panda.hilink.com.au (8.8.5/8.8.5) id UAA23980; Mon, 9 Feb 1998 20:06:55 +1100 (EST) Date: Mon, 9 Feb 1998 20:06:55 +1100 (EST) From: "Daniel O'Callaghan" To: Jason McKay cc: questions@FreeBSD.ORG, isp@FreeBSD.ORG Subject: Re: Please help - session limits In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 9 Feb 1998, Jason McKay wrote: > We are running FreeBSD 2.2.2-RELEASE and are about to setup an ISP. We Upgrade to 2.2-980208-SNAP or similar. > want our users to have a limit of 2 hours per day. Therefore, we need a > program that will disconnect members of a group after 2 hours and > leave them off until the next day. You need to do this in /etc/ppp/ip-up, if you are using PAP authentication, or intend to. A perl script ip-up can take the ppp tty, look up the user who is logged in, run some other program (ac(1)??) to see if they have been on too long today, and boot them off if so. A similar perl script can be run from cron to see if any users need to be disconnected. You'll probably need to use pppd from 2.2.5 or later. Danny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Feb 9 09:22:44 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA08861 for freebsd-isp-outgoing; Mon, 9 Feb 1998 09:22:44 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mail.westbend.net (ns1.westbend.net [207.217.224.194]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA08855 for ; Mon, 9 Feb 1998 09:22:42 -0800 (PST) (envelope-from hetzels@westbend.net) Received: from admin (admin.westbend.net [207.217.224.195]) by mail.westbend.net (8.8.8/8.8.7) with SMTP id LAA00181 for ; Mon, 9 Feb 1998 11:22:40 -0600 (CST) (envelope-from hetzels@westbend.net) Message-ID: <001401bd357e$dadfe6a0$c3e0d9cf@admin.westbend.net> From: "Scot W. Hetzel" To: "FreeBSD-ISP" Subject: Re: logging messages to remote host w/syslogd Date: Mon, 9 Feb 1998 11:19:18 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----Original Message----- From: Jan Koum To: Scot W. Hetzel Cc: FreeBSD-ISP Date: Sunday, February 08, 1998 12:26 AM Subject: Re: logging messages to remote host w/syslogd > > >On Sun, 8 Feb 1998, Scot W. Hetzel wrote: > >>I am experiencing a problem with the syslogd. For some unknown reason it >>will not accept messages from remote hosts. I have read the man pages and >>searched the archives but no help. >> >>On hostA, I have made the following change to rc.conf so that it can accept >>remote messages: >> >>syslog_syslogd_enable="YES" # Run syslog daemon (or NO). > ^^^^^^^^^^^^^^^^^^^ > Shouldn't this be just `` syslogd_enable="YES" '' ? Copied & pasted it from my rc.conf, after I had typed the "syslog_", it is in fact "syslogd_enable" in my rc.conf. > Also, try starting it with "-d" -- debug mode, and do "ps ax | >grep syslog" to see which flags it really has. > After I put it into debug mode, I found the problem. If I just use just the host ipaddress then it doesn't work (ie -a 10.0.0.196). But if I use the netmask (ie -a 10.0.0.196/32, or -a 10.0.0.192/26) then messages are logged. I then tried the PM3, and found that I have to set the port to use (i.e. -a 10.0.0.206/32:\* or -a 10.0.0.206/32:1023) as the PM3 use a different port to send its syslog messages from to port 514 on the logging host. Thanks for the hint. Scot To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Feb 9 10:32:37 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA19725 for freebsd-isp-outgoing; Mon, 9 Feb 1998 10:32:37 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from super-g.inch.com (super-g.com [207.240.140.161]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA19710 for ; Mon, 9 Feb 1998 10:32:33 -0800 (PST) (envelope-from spork@super-g.com) Received: from localhost (localhost [127.0.0.1]) by super-g.inch.com (8.8.8/8.8.5) with SMTP id NAA04203; Mon, 9 Feb 1998 13:32:20 -0500 (EST) Date: Mon, 9 Feb 1998 13:32:20 -0500 (EST) From: spork X-Sender: spork@super-g.inch.com To: "Darrin R. Woods" cc: isp@FreeBSD.ORG Subject: Re: spammer problem - help! In-Reply-To: <3.0.32.19980206093450.006933b0@netgazer.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org FWIW, we are all autobouncing mail from this guy to "fraud@uu.net" with the ticket number we were given. We've called uu.net a few times about this and been promised that the account would be cancelled, but it's been a few weeks now, and the guy still seems to be active. He was vulnerable to "teardrop" at one point, but he/she seems to have fixed that... If anyone would like to jump on the ticket number we are using to complain about this chronic spammer, it is: (UU653810) Thanks, Charles Sprickman spork@super-g.com ---- "I'm not a prophet or a stone-age man Just a mortal with potential of a superman I'm living on" -DB On Fri, 6 Feb 1998, Darrin R. Woods wrote: > I have had a problem over the last month or so of someone using our > mailer-daemon to send spam email to myself as well as users on our net. > > My sendmail is running on freebsd and I've applied all of the spammer > patches that I can find. I've even added the hostname in the spammer db > file but our system still accepts mail from him. > > How can I keep this guy and others from forging mail and making it look as > though it is coming from my mailer-daemon? > > Here is the header from one he sent to my email address yesterday: > > --------------------------------------------------------- > Return-Path: anitb@mail.t-1net.com > Received: from mail.t-1net.com (root@1Cust182.tnt2.stafford.tx.da.uu.net > [208.252.105.182]) by netgazer.net (8.8.5/8.7.3) with ESMTP id KAA03003 for > ; Thu, 5 Feb 1998 10:22:21 GMT > Date: Thu, 5 Feb 1998 09:41:31 -0600 > Message-Id: <199802051541.JAA02876@mail.t-1net.com> > From: MAILER-DAEMON@netgazer.net > Subject: Low Cost Advertising > X-UIDL: 6a53b1fd94536b2343668e60c04444de > ---------------------------------------------------------- > > > Thanks, in advance, and yes I have sent email to abuse@uu.net. > > > Darrin R. Woods dwoods@netgazer.com > Director Operations Emeritus > Netgazer Solutions, Inc. > > "UNiX IS user friendly. It's just particular > about who it's friends are" > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Feb 9 19:56:20 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA06593 for freebsd-isp-outgoing; Mon, 9 Feb 1998 19:56:20 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from dingo.cdrom.com (dingo.cdrom.com [204.216.28.145]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA06584 for ; Mon, 9 Feb 1998 19:56:18 -0800 (PST) (envelope-from mike@dingo.cdrom.com) Received: from dingo.cdrom.com (localhost [127.0.0.1]) by dingo.cdrom.com (8.8.8/8.8.5) with ESMTP id TAA06848 for ; Mon, 9 Feb 1998 19:56:10 -0800 (PST) Message-Id: <199802100356.TAA06848@dingo.cdrom.com> Date: Mon, 09 Feb 1998 19:56:08 -0800 From: Mike Smith Subject: Large system backups; recommendations for devices & strategies? Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org To: undisclosed-recipients:; ------- Blind-Carbon-Copy X-Mailer: exmh version 2.0zeta 7/24/97 To: hackers@freebsd.org reply-to: hackers@freebsd.org Subject: Large system backups; recommendations for devices & strategies? Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 09 Feb 1998 19:56:08 -0800 From: Mike Smith (Please pardon the crosspost to -isp; I'm looking for comments from people with experience administering backup strategies for largish networks, and I suspect some of you lurk there.) I'm looking for recommendations for both backup devices and backup strategies for a network of about six systems and perhaps 50GB of data. Ultimately, I'd like something that can run more or less unattended, modulo media changes, etc. (ie. I expect using Amanda or similar.) I'd be interested in hearing from anyone that's been involved in setting up and/or operating such a backup system, as well as perhaps being interested in doing something similar for the FreeBSD project. - -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\ msmith@cdrom.com ------- End of Blind-Carbon-Copy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Feb 10 01:59:49 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA22227 for freebsd-isp-outgoing; Tue, 10 Feb 1998 01:59:49 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from relay01.indigo.ie (relay01.indigo.ie [194.125.133.225]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id BAA22219 for ; Tue, 10 Feb 1998 01:59:46 -0800 (PST) (envelope-from judgea@indigo.ie) Message-Id: <199802100959.BAA22219@hub.freebsd.org> Received: (qmail 26480 messnum 238140 invoked from network[194.125.133.235/relay-mgr.indigo.ie]); 10 Feb 1998 09:59:45 -0000 Received: from relay-mgr.indigo.ie (HELO indigo.ie) (194.125.133.235) by relay01.indigo.ie (qp 26480) with SMTP; 10 Feb 1998 09:59:45 -0000 To: Mike Smith Cc: isp@FreeBSD.ORG Subject: Re: Large system backups; recommendations for devices & strategies? In-reply-to: Message from Mike Smith dated today at 19:56. From: Alan Judge Date: Tue, 10 Feb 1998 09:59:45 +0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org We're running amanda onto a DLT7000 and are very happy. We're currently backing up around 35GB of data from 16 systems (mix of PCs running FreeBSD, Suns, and a NetApp filer). Given that the DLT7000 can hold maybe 70GB compressed and that amanda will stagger full dumps when needed, we have plenty of room to grow as long as we don't create too many huge file systems. The only problem, if you can call it that, it providing data fast enough for the DLT7000, which can write to tape at upwards of 7MB/sec. We use two 9GB drives ccded together to provide a dump staging area for amanda, allowing it to run dumps in parallel. This would be less of an issue if we didn't have a few old 10Mb ethernet Suns. Everything works entirely automatically. All I do is change tape once a day. We used to use amanda on a Sun feeding two Exabyte 8505XL, which didn't work half as nicely. Apart from anything else, the DLT is a much nicer drive. Alan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Feb 10 08:05:43 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA17923 for freebsd-isp-outgoing; Tue, 10 Feb 1998 08:05:43 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from teligent.se (iservern.teligent.se [194.17.198.3]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA17896 for ; Tue, 10 Feb 1998 08:05:37 -0800 (PST) (envelope-from jakob@teligent.se) Received: from datorn.teligent.se (datorn.teligent.se [192.168.2.31]) by teligent.se (8.7/8.6.12) with SMTP id RAA29418 for ; Tue, 10 Feb 1998 17:04:49 +0100 Date: Tue, 10 Feb 1998 17:07:30 +0100 (CET) From: Jakob Alvermark To: isp@FreeBSD.ORG Subject: Passwords.. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by hub.freebsd.org id IAA17904 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello. Is it possible to convert DES-encrypted passwords to MD5-encrypted passwords? (linux to FreeBSD) How can linux use DES passwords outside the states? (Is linux breaking the law?) /Jakob Alvermark ------------------------------------------------------- Teligent AB, P.O. Box 213, S-149 23 Nynäshamn, Sweden Telephone +46-(0)8 520 660 00 * Fax +46-(0)8 520 193 36 Direct +46-(0)8 520 660 32 * GSM +46-(0)70 792 16 57 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Feb 10 08:45:19 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA25717 for freebsd-isp-outgoing; Tue, 10 Feb 1998 08:45:19 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from support.euronet.nl (support.euronet.nl [194.134.32.134]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA25699 for ; Tue, 10 Feb 1998 08:45:12 -0800 (PST) (envelope-from beng@euronet.nl) Received: (from beng@localhost) by support.euronet.nl (8.8.5/8.6.12) id RAA04045 for isp@freebsd.org; Tue, 10 Feb 1998 17:44:40 +0100 (CET) Message-Id: <199802101644.RAA04045@support.euronet.nl> Subject: Re: Passwords.. In-Reply-To: from Jakob Alvermark at "Feb 10, 98 05:07:30 pm" To: isp@FreeBSD.ORG Date: Tue, 10 Feb 1998 17:44:40 +0100 (CET) From: Benjamin Gras X-Bad-Religion: Rules X-Mailer: ELM [version 2.4ME+ PL31H (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi there, > Is it possible to convert DES-encrypted passwords to MD5-encrypted > passwords? (linux to FreeBSD) Don't count on it. Those functions (hashing functions) are designed with the primary goal in mind being irreversibility, so a conversion (short of brute force reversing) would depend on an obscure relation between the two functions, allowing a conversion without reversing. The establishment of the unlikelyhood of this Feature is left as an exercise to the (really patient) reader :). > How can linux use DES passwords outside the states? (Is linux breaking the > law?) Last I heard the DES-based password crypt(3) function is exportable because DES isn't used as a cipher but as a hashing function. There's an important difference, which you're encountering right now.. As for a practical solution (I'd say): Why not make FreeBSD use the DES-based passwords, and patch login(1) to hash (using MD5-style) the password when you've verified the plaintext entered password is correct (by hashing it DES-style as login(1) will do), writing it back into the (master.) passwd file? This way you can do the conversion, in a way.. =Ben To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Feb 10 08:52:25 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA27001 for freebsd-isp-outgoing; Tue, 10 Feb 1998 08:52:25 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from xenu.denverweb.net (xenu.denverweb.net [199.45.153.14]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA26920 for ; Tue, 10 Feb 1998 08:52:03 -0800 (PST) (envelope-from bminazzi@w3page.com) Received: from orion (blaine@sdn-ts-004coauroP13.dialsprint.net [206.133.160.80]) by xenu.denverweb.net (8.8.8/8.6.12) with SMTP id JAA12880; Tue, 10 Feb 1998 09:53:25 -0700 (MST) Message-ID: <34E088FE.773EB75F@w3page.com> Date: Tue, 10 Feb 1998 10:06:06 -0700 From: Blaine Minazzi Organization: What, me organized? X-Mailer: Mozilla 3.01 (X11; I; Linux 2.0.32 i486) MIME-Version: 1.0 To: Jakob Alvermark CC: isp@FreeBSD.ORG Subject: Re: Passwords.. References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jakob Alvermark wrote: > > Hello. > > Is it possible to convert DES-encrypted passwords to MD5-encrypted > passwords? (linux to FreeBSD) > How can linux use DES passwords outside the states? (Is linux breaking the > law?) > > /Jakob Alvermark > You can use DES outside the US, _IF_ you obtain it outside the US. You just cannot obtain it inside the US, then export it, because some of our politicians are stupid assholes that beleive that only the US has encryption technology. You can take a book detailing the entire theory, complete with source code examples outside the US, but, take the actual software, and go to jail.... Do not look for logic in this. there is none. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Feb 10 10:27:38 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA15352 for freebsd-isp-outgoing; Tue, 10 Feb 1998 10:27:38 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from home.dragondata.com (toasty@home.dragondata.com [204.137.237.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA15347 for ; Tue, 10 Feb 1998 10:27:35 -0800 (PST) (envelope-from toasty@home.dragondata.com) Received: (from toasty@localhost) by home.dragondata.com (8.8.5/8.8.5) id MAA04930 for isp@freebsd.org; Tue, 10 Feb 1998 12:27:33 -0600 (CST) From: Kevin Day Message-Id: <199802101827.MAA04930@home.dragondata.com> Subject: Large httpd log files To: isp@FreeBSD.ORG Date: Tue, 10 Feb 1998 12:27:33 -0600 (CST) X-Mailer: ELM [version 2.4ME+ PL31 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org All of my customer www traffic is logged to a single file. My customers want access to real-time stats, however, analog takes 20+ minutes to analyze the log file towards the end of the month. (We erase the log file on the 1st of the month). This makes analog's form/cgi interface completely useless as their web browsers time out before they ever see the report. Does anyone here have any solutions to something like this that they've worked out? Is it possible to make each user's traffic log to their own file, without having to add a httpd.conf entry for each user? Kevin Day DragonData To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Feb 10 10:50:50 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA18530 for freebsd-isp-outgoing; Tue, 10 Feb 1998 10:50:50 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from s02.admin.cantv.net (s02.admin.cantv.net [161.196.66.41]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA18524 for ; Tue, 10 Feb 1998 10:50:48 -0800 (PST) (envelope-from lem@cantv.net) Received: from lemtop.cantv.net (workstation-6.lido.cantv.net.57.196.161.in-addr.arpa [161.196.57.8] (may be forged)) by s02.admin.cantv.net (8.8.8/8.8.8) with SMTP id OAA07936; Tue, 10 Feb 1998 14:49:41 -0400 (GMT-0400) Message-Id: <3.0.5.32.19980210144909.00911430@pop.cantv.net> X-Sender: lem@pop.cantv.net X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Tue, 10 Feb 1998 14:49:09 -0400 To: Kevin Day From: =?iso-8859-1?Q?=22Luis_E=2E_Mu=F1oz=22?= Subject: Re: Large httpd log files Cc: isp@FreeBSD.ORG In-Reply-To: <199802101827.MAA04930@home.dragondata.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:27 PM 10/02/1998 -0600, Kevin Day wrote: >Is it possible to make each user's traffic log to their own file, without >having to add a httpd.conf entry for each user? If you're using apache, you can place the 'LogFile' (sp?) entries inside the VirtualHost definition. In that way, access logs for the virtual host will go to the corresponding file. We've been using this for more than 18 months and it works very well. Best regards. -lem To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Feb 10 10:51:25 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA18603 for freebsd-isp-outgoing; Tue, 10 Feb 1998 10:51:25 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from nak.myhouse.com (nak.myhouse.com [209.70.45.162]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA18585 for ; Tue, 10 Feb 1998 10:51:19 -0800 (PST) (envelope-from zoonie@myhouse.com) Received: from localhost (zoonie@localhost) by nak.myhouse.com (8.8.8/8.8.7) with SMTP id NAA10540 for ; Tue, 10 Feb 1998 13:50:48 -0500 (EST) (envelope-from zoonie@myhouse.com) X-Authentication-Warning: nak.myhouse.com: zoonie owned process doing -bs Date: Tue, 10 Feb 1998 13:50:48 -0500 (EST) From: zoonie To: isp@FreeBSD.ORG Subject: Re: Large httpd log files In-Reply-To: <199802101827.MAA04930@home.dragondata.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org what you need to do is create an analog configuration file for each customer that specifies what directory the output is written to and what log file to read in. you also need to setup your web sever so that the log files for each virtual domain goes to a different file/directory. when running analog you then specify which configuration file to read and this will generate a report based on the logfile specified in the config file. all of this works assuming that each customer has his own domain and a virtual web sever is setup for the customer. if you don't have this type of setup you could put together a perl script that will split up the log file into multiple files for each customer and run against that (the perl script is an idea because as far as i know you can't direct the log output for each user to a different file unless the user has a virtual domain configured and i don't ever remember seeing anything stating that you could if there isn't a virtual domain). another thing that might help if you can't split up the logs for each customer is the dns caching that version 2 of analog does. this will shorten the time that analog takes to generate a report if the same sites are hitting the web site over and over again. if a bunch of new sites hit it then the DNS lookup has to be done and report generation will take longer..... On Tue, 10 Feb 1998, Kevin Day wrote: > > All of my customer www traffic is logged to a single file. > > My customers want access to real-time stats, however, analog takes 20+ > minutes to analyze the log file towards the end of the month. (We erase the > log file on the 1st of the month). > > This makes analog's form/cgi interface completely useless as their web > browsers time out before they ever see the report. > > Does anyone here have any solutions to something like this that they've > worked out? > > Is it possible to make each user's traffic log to their own file, without > having to add a httpd.conf entry for each user? > > Kevin Day > DragonData > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Feb 10 13:39:57 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA20050 for freebsd-isp-outgoing; Tue, 10 Feb 1998 13:39:57 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA20042 for ; Tue, 10 Feb 1998 13:39:52 -0800 (PST) (envelope-from danny@panda.hilink.com.au) Received: (from danny@localhost) by panda.hilink.com.au (8.8.5/8.8.5) id IAA29729; Wed, 11 Feb 1998 08:39:36 +1100 (EST) Date: Wed, 11 Feb 1998 08:39:34 +1100 (EST) From: "Daniel O'Callaghan" To: Benjamin Gras cc: isp@FreeBSD.ORG Subject: Re: Passwords.. In-Reply-To: <199802101644.RAA04045@support.euronet.nl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 10 Feb 1998, Benjamin Gras wrote: > As for a practical solution (I'd say): > Why not make FreeBSD use the DES-based passwords, and patch login(1) to > hash (using MD5-style) the password when you've verified the plaintext > entered password is correct (by hashing it DES-style as login(1) will do), > writing it back into the (master.) passwd file? This way you can do the > conversion, in a way.. Why bother? If you just want Linux passwords readable by FreeBSD, install the DES kit from ftp.internat.freebsd.org and use both DES and MD5 on FreeBSD. Danny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Feb 10 23:44:22 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA09884 for freebsd-isp-outgoing; Tue, 10 Feb 1998 23:44:22 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from bert.club-web.com (bert.club-web.com [207.176.196.11]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA09876 for ; Tue, 10 Feb 1998 23:44:13 -0800 (PST) (envelope-from mark@club-web.com) Received: from mark.club-web.com (dial-101.club-web.com [207.176.196.21]) by bert.club-web.com (8.8.8/8.8.6) with SMTP id CAA00809; Wed, 11 Feb 1998 02:18:57 -0500 (EST) From: "Mark Segal" To: "Kevin Day" , Subject: Re: Large httpd log files Date: Wed, 11 Feb 1998 02:12:17 -0500 Message-ID: <01bd36bc$62f64460$0201010a@mark.club-web.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.1712.3 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.1712.3 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Yup it's quite simple... There are two things you must do. Firstly, in your virtual host directive in your httpd.conf make sure you define different logs for every virtual domain. like so. DocumentRoot /usr/home/yourname/public_html/ ServerName www.yourname.com ErrorLog logs/yourname-error_log TransferLog logs/yourname-access_log RefererLog logs/yourname-referer_log AgentLog logs/yourname-agent_log Secondly, you must configure analog to use those files instead.. i found the config files a pain so i just recompile it each time (now a script).. just change the file locations in the analhead.h -- Mark Segal mark@club-web.com System Admin > >All of my customer www traffic is logged to a single file. > >My customers want access to real-time stats, however, analog takes 20+ >minutes to analyze the log file towards the end of the month. (We erase the >log file on the 1st of the month). > >This makes analog's form/cgi interface completely useless as their web >browsers time out before they ever see the report. > >Does anyone here have any solutions to something like this that they've >worked out? > >Is it possible to make each user's traffic log to their own file, without >having to add a httpd.conf entry for each user? > >Kevin Day >DragonData > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Feb 10 23:45:22 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA09959 for freebsd-isp-outgoing; Tue, 10 Feb 1998 23:45:22 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from teligent.se (iservern.teligent.se [194.17.198.3]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA09953 for ; Tue, 10 Feb 1998 23:45:15 -0800 (PST) (envelope-from jakob@teligent.se) Received: from datorn.teligent.se (datorn.teligent.se [192.168.2.31]) by teligent.se (8.7/8.6.12) with SMTP id IAA16975; Wed, 11 Feb 1998 08:44:04 +0100 Date: Wed, 11 Feb 1998 07:44:54 +0100 (CET) From: Jakob Alvermark To: "Daniel O'Callaghan" cc: Benjamin Gras , isp@FreeBSD.ORG Subject: Re: Passwords.. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by hub.freebsd.org id XAA09955 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 11 Feb 1998, Daniel O'Callaghan wrote: > On Tue, 10 Feb 1998, Benjamin Gras wrote: > > > As for a practical solution (I'd say): > > Why not make FreeBSD use the DES-based passwords, and patch login(1) to > > hash (using MD5-style) the password when you've verified the plaintext > > entered password is correct (by hashing it DES-style as login(1) will do), > > writing it back into the (master.) passwd file? This way you can do the > > conversion, in a way.. > > Why bother? If you just want Linux passwords readable by FreeBSD, > install the DES kit from ftp.internat.freebsd.org and use both DES and > MD5 on FreeBSD. So it's possible to use both DES and MD5 password concurrently? Is someone breaking the law if I get the DES kit from ftp.internat.freebsd.org? /Jakob Alvermark ------------------------------------------------------- Teligent AB, P.O. Box 213, S-149 23 Nynäshamn, Sweden Telephone +46-(0)8 520 660 00 * Fax +46-(0)8 520 193 36 Direct +46-(0)8 520 660 32 * GSM +46-(0)70 792 16 57 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 01:27:40 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA22432 for freebsd-isp-outgoing; Wed, 11 Feb 1998 01:27:40 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA22424 for ; Wed, 11 Feb 1998 01:27:33 -0800 (PST) (envelope-from danny@panda.hilink.com.au) Received: (from danny@localhost) by panda.hilink.com.au (8.8.5/8.8.5) id UAA04890; Wed, 11 Feb 1998 20:27:17 +1100 (EST) Date: Wed, 11 Feb 1998 20:27:16 +1100 (EST) From: "Daniel O'Callaghan" To: Jakob Alvermark cc: Benjamin Gras , isp@FreeBSD.ORG Subject: Re: Passwords.. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 11 Feb 1998, Jakob Alvermark wrote: > > Why bother? If you just want Linux passwords readable by FreeBSD, > > install the DES kit from ftp.internat.freebsd.org and use both DES and > > MD5 on FreeBSD. > So it's possible to use both DES and MD5 password concurrently? Yes. > Is someone breaking the law if I get the DES kit from > ftp.internat.freebsd.org? Well, if you were in France, possibly, since you can't use any encryption there, but note that as said before, the password routine is a *hashing* function, not a cryption function. It is designed for identification purposes, not privacy. In fact, it is legal to export from the USA a binary which only does identification style hashing using crypt, and which cannot be used for privacy. This is how Solaris, DEC Unix, AIX, IRIX etc all ship outside the USA with DES passwords. The international versions of commercial OSs do not include the crypt(1) command which can be used for encrypting a message for later decryption. Unix encrypted passwords can't be decrypted. The problem with FreeBSD's DES is that it comes with source code which includes routines for en/de-cryption, not just password hashing. So, people outside the USA should fetch the DES software from ftp.internat.freebsd.org, which is in South Africa. This version is maintained independently of the USA version, and was written from scratch outside the USA, so no-one can be accused of exporting it from the USA. The descrypt libraries in FreeBSD 2.2 and higher support MD5 passwords, and will use whatever algorithm is appropriate by looking at the first two characters of the encrypted password. Cheers, Danny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 05:49:03 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA09177 for freebsd-isp-outgoing; Wed, 11 Feb 1998 05:49:03 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from federation.addy.com (federation.addy.com [207.239.68.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA09172; Wed, 11 Feb 1998 05:48:57 -0800 (PST) (envelope-from fbsdlist@federation.addy.com) Received: from localhost (fbsdlist@localhost) by federation.addy.com (8.8.5/8.6.12) with SMTP id IAA07664; Wed, 11 Feb 1998 08:48:41 -0500 (EST) Date: Wed, 11 Feb 1998 08:48:40 -0500 (EST) From: Cliff Addy To: questions@FreeBSD.ORG, isp@FreeBSD.ORG Subject: FreeBSD firewall questions Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org We're looking to use FreeBSD to build a firewall and bandwidth monitor for our network, the new box will sit between our ethernet hub and the router leading to the internet. We need it to go as smoothly as possible, so I'd like to tap the wisdom of those who may have done this before. - I think we have to change the default gateway of all our systems to the firewall box, is that correct? Currently, they use the router. - We have 4 class C networks in our internal systems. Let's assume we assign 100.100.100.100 to the "inside" nic on the firewall box and 100.100.100.101 to the "outside" nic, while the router's ip is 100.100.100.1. Does this routing on the firewall box look right? - set static network routes to the internal class C networks route add -net 100.100.100.0 -interface 100.100.100.100 route add -net 100.100.101.0 -interface 100.100.100.100 route add -net 100.100.102.0 -interface 100.100.100.100 route add -net 100.100.103.0 -interface 100.100.100.100 - set a static route to the router's ip address route add 100.100.100.1 100.100.100.101 or does this need to be route add 100.100.100.1 -interface 100.100.100.101 - set the default gateway to the router's ip in rc.conf defaultrouter="100.100.100.1" - In order to connect the outside nic of the firewall directly to the router, don't we need a "special" cable, the cat-5 equivalent of a null-modem cable? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 07:05:06 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA17701 for freebsd-isp-outgoing; Wed, 11 Feb 1998 07:05:06 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA17685 for ; Wed, 11 Feb 1998 07:05:02 -0800 (PST) (envelope-from muditha@seychelles.net) Received: from breadfruit.seychelles.net (breadfruit.seychelles.net [202.84.227.4]) by freefall.freebsd.org (8.8.8/8.8.5) with ESMTP id GAA00618 for ; Wed, 11 Feb 1998 06:33:27 -0800 (PST) Received: from Atlas.seychelles.net ([202.84.227.21]) by breadfruit.seychelles.net (8.8.2/8.8.2) with SMTP id OAA18259 for ; Wed, 11 Feb 1998 14:38:04 GMT Message-ID: <34E1B3E2.26F4@seychelles.net> Date: Wed, 11 Feb 1998 18:21:22 +0400 From: Muditha Reply-To: muditha@seychelles.net X-Mailer: Mozilla 3.01 (Win95; I) MIME-Version: 1.0 To: freebsd-isp@freebsd.com Subject: Software & server for transactions Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, A client of mine ( tour operator ) is interested in doing online booking etc. Hence they are interested in payments & credit card transactions online. I am interested in finding out the kind of software and the best platform to do this job. Any help or directions would be appreciated. Thank you. -- --------------------- Muditha Gunatilake Atlas Seychelles Ltd Phone:+248 304060 Fax :+248 324565 email: muditha@seychelles.net mbh3gpa@afs.mcc.ac.uk muditha@creole.seychelles.net :-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 07:07:24 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA17966 for freebsd-isp-outgoing; Wed, 11 Feb 1998 07:07:24 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.238.120.3]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA17961 for ; Wed, 11 Feb 1998 07:07:22 -0800 (PST) (envelope-from paulo@nlink.com.br) Received: from localhost (paulo@localhost) by mirage.nlink.com.br (8.8.8/8.8.5) with SMTP id LAA00711 for ; Wed, 11 Feb 1998 11:59:31 -0300 (EST) Date: Wed, 11 Feb 1998 11:59:31 -0300 (EST) From: Paulo Fragoso To: freebsd-isp@FreeBSD.ORG Subject: TX motherborad Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I try to install FreeBSD 2.2.5 in a new motherboard whith TX chipset. This kernel not found sio0 and sio1. Are there any solution? Paulo. " ... Overall we've found FreeBSD to excel in performace, stability, technical support, and of course price. Two years after discovering FreeBSD, we have yet to find a reason why we switch to anything else" -David Filo, Yahoo! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 08:52:49 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA02204 for freebsd-isp-outgoing; Wed, 11 Feb 1998 08:52:49 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from breadfruit.seychelles.net (breadfruit.seychelles.net [202.84.227.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA02179 for ; Wed, 11 Feb 1998 08:52:25 -0800 (PST) (envelope-from muditha@seychelles.net) Received: from Atlas.seychelles.net ([202.84.227.21]) by breadfruit.seychelles.net (8.8.2/8.8.2) with SMTP id QAA19845 for ; Wed, 11 Feb 1998 16:53:47 GMT Message-ID: <34E1D3AF.1213@seychelles.net> Date: Wed, 11 Feb 1998 20:37:03 +0400 From: Muditha Reply-To: muditha@seychelles.net X-Mailer: Mozilla 3.01 (Win95; I) MIME-Version: 1.0 To: isp@FreeBSD.ORG Subject: Software & server for transactions Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, A client of mine ( tour operator ) is interested in doing online booking etc. Hence they are interested in payments & credit card transactions online. I am interested in finding out the kind of software and the best platform to do this job. Any help or directions would be appreciated. Thank you. -- --------------------- Muditha Gunatilake Atlas Seychelles Ltd Phone:+248 304060 Fax :+248 324565 email: muditha@seychelles.net mbh3gpa@afs.mcc.ac.uk muditha@creole.seychelles.net :-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 09:15:37 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA05346 for freebsd-isp-outgoing; Wed, 11 Feb 1998 09:15:37 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA05341 for ; Wed, 11 Feb 1998 09:15:36 -0800 (PST) (envelope-from rwaldura@LIGOS.COM) Received: from orange.ligos.com (orange.ligos.com [207.238.131.187]) by freefall.freebsd.org (8.8.8/8.8.5) with SMTP id JAA23619 for ; Wed, 11 Feb 1998 09:15:32 -0800 (PST) Received: (qmail 4284 invoked from network); 11 Feb 1998 17:15:25 -0000 Received: from unknown (HELO server.ligos.com) (192.168.1.2) by orange.ligos.com with SMTP; 11 Feb 1998 17:15:25 -0000 Received: by server.ligos.com with Internet Mail Service (5.0.1458.49) id <1WNGWKPD>; Wed, 11 Feb 1998 09:09:59 -0800 Message-ID: <9141909996F1D011B8FF00A0C95A661B0B6530@server.ligos.com> From: Renaud Waldura To: "'muditha@seychelles.net'" , freebsd-isp@freebsd.com Subject: RE: Software & server for transactions Date: Wed, 11 Feb 1998 09:09:58 -0800 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org CyberCash, www.cybercash.com is what you want. It's a transaction software. I'm not sure it runs on FreeBSD though, but Linux, BSDI, Sun, HP, etc. are all supported. Hint: you could have got an answer in 2 minutes by looking the mailing-list archives at www.freebsd.org/search.html. It's really convenient. --Renaud > -----Original Message----- > From: Muditha [SMTP:muditha@seychelles.net] > Sent: Wednesday, February 11, 1998 6:21 AM > To: freebsd-isp@freebsd.com > Subject: Software & server for transactions > > Hi, > > A client of mine ( tour operator ) is interested in doing online > booking > etc. Hence they are interested in payments & credit card transactions > online. I am interested in finding out the kind of software and the > best > platform to do this job. Any help or directions would be appreciated. > > Thank you. > -- > --------------------- > Muditha Gunatilake > Atlas Seychelles Ltd > > Phone:+248 304060 > Fax :+248 324565 > email: muditha@seychelles.net > mbh3gpa@afs.mcc.ac.uk > muditha@creole.seychelles.net > :-) > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 09:24:54 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA06497 for freebsd-isp-outgoing; Wed, 11 Feb 1998 09:24:54 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mojo.calyx.net (mojo.calyx.net [208.132.136.2]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id JAA06462 for ; Wed, 11 Feb 1998 09:24:26 -0800 (PST) (envelope-from lists@mojo.calyx.net) Message-Id: <199802111724.JAA06462@hub.freebsd.org> Received: (qmail 23323 invoked from network); 11 Feb 1998 17:16:52 -0000 Received: from kwesi.calyx.net (208.132.136.100) by mojo.calyx.net with SMTP; 11 Feb 1998 17:16:52 -0000 X-Sender: lists@calyx.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0 Date: Wed, 11 Feb 1998 12:15:08 -0500 To: Mike Smith From: Nicholas Merrill Subject: Re: Large system backups; recommendations for devices & strategies? Cc: freebsd-isp@FreeBSD.ORG In-Reply-To: <199802100356.TAA06848@dingo.cdrom.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 07:56 PM 2/9/98 -0800, Mike Smith wrote: >I'm looking for recommendations for both backup devices and backup >strategies for a network of about six systems and perhaps 50GB of >data. Ultimately, I'd like something that can run more or less >unattended, modulo media changes, etc. (ie. I expect using Amanda or >similar.) I am using a Sony SDT 7000 DAT drive and a 20GB DEC DLT2000 Digital Linear Tape drive with BRU (www.estinc.com). I am very pleased with the results. BRU is the greatest backup utility for UNIX I've ever had the pleasure of using. It's roughly based on tar I think but it does SO MUCH more in terms of making sure your data is not corrupted. I would highly recommend that people look into BRU and DLT drives. There's no better way that I've been exposed to for backing up UNIX boxes Nick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 09:29:42 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA07105 for freebsd-isp-outgoing; Wed, 11 Feb 1998 09:29:42 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from CTNet2.createtech.com (CTNet2.createtech.com [209.48.208.12]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA07095 for ; Wed, 11 Feb 1998 09:29:38 -0800 (PST) (envelope-from kim@createtech.com) Received: (from smtp@localhost) by CTNet2.createtech.com (8.8.7/8.8.5) id LAA18751 for ; Wed, 11 Feb 1998 11:28:07 -0600 (CST) Received: from x56.createtech.com(209.48.208.56), claiming to be "createtech.com" via SMTP by pop.createtech.com, id smtpd018736; Wed Feb 11 11:28:04 1998 Message-ID: <34E1DF57.9DB9FAE8@createtech.com> Date: Wed, 11 Feb 1998 11:26:47 -0600 From: Kim Shrier X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: freebsd-isp@FreeBSD.ORG Subject: Re: Software & server for transactions References: <9141909996F1D011B8FF00A0C95A661B0B6530@server.ligos.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Renaud Waldura wrote: > > CyberCash, www.cybercash.com is what you want. It's a transaction > software. I'm not sure it runs on FreeBSD though, but Linux, BSDI, Sun, > HP, etc. are all supported. > CyberCash is supported on FreeBSD. -- Kim Shrier - kim@createtech.com Director of Development - CreateTech, Inc. voice 214-748-2233 - fax 214-748-3377 www.createtech.com - Custom Internet Solutions. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 09:47:35 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA09498 for freebsd-isp-outgoing; Wed, 11 Feb 1998 09:47:35 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from CTNet2.createtech.com (CTNet2.createtech.com [209.48.208.12]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA09293 for ; Wed, 11 Feb 1998 09:44:47 -0800 (PST) (envelope-from kim@createtech.com) Received: (from smtp@localhost) by CTNet2.createtech.com (8.8.7/8.8.5) id LAA19635 for ; Wed, 11 Feb 1998 11:43:18 -0600 (CST) Received: from x56.createtech.com(209.48.208.56), claiming to be "createtech.com" via SMTP by pop.createtech.com, id smtpd019632; Wed Feb 11 11:43:14 1998 Message-ID: <34E1E2E5.1BB4A27E@createtech.com> Date: Wed, 11 Feb 1998 11:41:57 -0600 From: Kim Shrier X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: freebsd-isp@FreeBSD.ORG Subject: Re: Large system backups; recommendations for devices & strategies? References: <199802111724.JAA06462@hub.freebsd.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Nicholas Merrill wrote: > > At 07:56 PM 2/9/98 -0800, Mike Smith wrote: > > >I'm looking for recommendations for both backup devices and backup > >strategies for a network of about six systems and perhaps 50GB of > >data. Ultimately, I'd like something that can run more or less > >unattended, modulo media changes, etc. (ie. I expect using Amanda or > >similar.) > > I am using a Sony SDT 7000 DAT drive and a 20GB DEC DLT2000 Digital Linear > Tape drive with BRU (www.estinc.com). > > I am very pleased with the results. BRU is the greatest backup utility for > UNIX > I've ever had the pleasure of using. It's roughly based on tar I think but > it does > SO MUCH more in terms of making sure your data is not corrupted. > > I would highly recommend that people look into BRU and DLT drives. There's > no better way that I've been exposed to for backing up UNIX boxes > > Nick > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message We also use BRU to backup our FreeBSD systems and I agree that it is the best backup utility for UNIX. We back up three servers to another machine that has a 7GB hard disk. This happens at 3:00 a.m. when system activity is at a minimum. We then back up the 7GB hard disk to a 2GB DDS tape during the day when there is someone present to change tapes. I am currently trying to get approval to put a 21GB hard disk in the backup machine and replace the DDS drive with an Exabyte Mammoth (20GB) drive. -- Kim Shrier - kim@createtech.com Director of Development - CreateTech, Inc. voice 214-748-2233 - fax 214-748-3377 www.createtech.com - Custom Internet Solutions. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 13:40:22 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA27057 for freebsd-isp-outgoing; Wed, 11 Feb 1998 13:40:22 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from farpoint-comm.dyn.ml.org ([205.174.97.200]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA27050 for ; Wed, 11 Feb 1998 13:40:08 -0800 (PST) (envelope-from falerin@farpoint-comm.dyn.ml.org) Received: from localhost (falerin@localhost) by farpoint-comm.dyn.ml.org (8.8.5/8.8.5) with SMTP id QAA00294 for ; Wed, 11 Feb 1998 16:39:13 -0500 (EST) Date: Wed, 11 Feb 1998 16:38:59 -0500 (EST) From: Farpoint Admin To: isp@FreeBSD.ORG Subject: Repartitioning a harddisk Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org My harddisk is a quantum fireball st3.2a Originally 2 of the 3 gig on the disk were dedicated to win95 and only 1 was dedicated to freeBSD. Recently we decided to change it and had no end of trouble. I successfully repartioned the disk. But fail miserably when attempting to run newfs on the resulting partition wd0s3 though it strangely reports in disklabel when i run disklabel -r wd0s3 as wd0s1. I can not find a valid type in disktab to even remotely come close to labeling it... and under label the working partition reports absolutely nothing. So the question is: How do I give FreeBSD a new partition on a disk with a partition already dedicated to FreeBSD? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 13:42:05 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA27231 for freebsd-isp-outgoing; Wed, 11 Feb 1998 13:42:05 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA27159; Wed, 11 Feb 1998 13:41:38 -0800 (PST) (envelope-from danny@panda.hilink.com.au) Received: (from danny@localhost) by panda.hilink.com.au (8.8.5/8.8.5) id IAA06255; Thu, 12 Feb 1998 08:41:01 +1100 (EST) Date: Thu, 12 Feb 1998 08:41:01 +1100 (EST) From: "Daniel O'Callaghan" To: Cliff Addy cc: questions@FreeBSD.ORG, isp@FreeBSD.ORG Subject: Re: FreeBSD firewall questions In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 11 Feb 1998, Cliff Addy wrote: > - I think we have to change the default gateway of all our systems to the > firewall box, is that correct? Currently, they use the router. Correct. > - We have 4 class C networks in our internal systems. Let's assume we > assign 100.100.100.100 to the "inside" nic on the firewall box and > 100.100.100.101 to the "outside" nic, while the router's ip is > 100.100.100.1. Does this routing on the firewall box look right? > > - set static network routes to the internal class C networks > route add -net 100.100.100.0 -interface 100.100.100.100 > route add -net 100.100.101.0 -interface 100.100.100.100 > route add -net 100.100.102.0 -interface 100.100.100.100 > route add -net 100.100.103.0 -interface 100.100.100.100 If they are all contiguous, starting on a multiple of 4, why not just use a netmask of 255.255.252.0? > - set a static route to the router's ip address > route add 100.100.100.1 100.100.100.101 > > or does this need to be > route add 100.100.100.1 -interface 100.100.100.101 Don't know what this is for. How many nics are you putting in the FreeBSD box. It is starting to sound like 1. I have had conversations with two others about this so of layout, and you are really better off getting it right to start with. For starters, I bet you don't have 1000 machines on your local ethernet cable. 3 of those class Cs are for virtual webservers? Then you should put the addresses as aliases on lo0 of the web machine, and add a route to the network via that machine as a gateway. > - set the default gateway to the router's ip in rc.conf > defaultrouter="100.100.100.1" > > - In order to connect the outside nic of the firewall directly to the > router, don't we need a "special" cable, the cat-5 equivalent of a > null-modem cable? So you do have 2 nics. Are you intending on using an entire class C for the link between the FreeBSD box and the router? Please draw an ascii diagram of your intended network layout, with machines and services. List the current IP addresses on the network, and use the real numbers, not 100.100.100.x, please. Then I'll be able to give you a more comprehensive answer. Danny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 13:49:07 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA28276 for freebsd-isp-outgoing; Wed, 11 Feb 1998 13:49:07 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from pacman.redwoodsoft.com (pacman.redwoodsoft.com [207.181.199.182]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id NAA28261 for ; Wed, 11 Feb 1998 13:49:01 -0800 (PST) (envelope-from dnelson@pacman.redwoodsoft.com) Received: (qmail 14001 invoked by uid 1000); 11 Feb 1998 21:51:57 -0000 Date: Wed, 11 Feb 1998 13:51:57 -0800 (PST) From: Dru Nelson To: Farpoint Admin cc: isp@FreeBSD.ORG Subject: Re: Repartitioning a harddisk In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Are you an ISP? On Wed, 11 Feb 1998, Farpoint Admin wrote: > My harddisk is a quantum fireball st3.2a > Originally 2 of the 3 gig on the disk were dedicated to win95 and only 1 > was dedicated to freeBSD. Recently we decided to change it and had no end > of trouble. > I successfully repartioned the disk. But fail miserably when attempting to > run newfs on the resulting partition wd0s3 though it strangely reports in > disklabel when i run disklabel -r wd0s3 as wd0s1. > I can not find a valid type in disktab to even remotely come close to > labeling it... and under label the working partition reports absolutely > nothing. > So the question is: How do I give FreeBSD a new partition on a disk > with a partition already dedicated to FreeBSD? > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 14:12:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA01354 for freebsd-isp-outgoing; Wed, 11 Feb 1998 14:12:21 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mail.ruhrgebiet.individual.net (in-ruhr.ruhr.de [141.39.224.38]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA01342; Wed, 11 Feb 1998 14:12:15 -0800 (PST) (envelope-from bs@devnull.ruhr.de) Received: (from admin@localhost) by mail.ruhrgebiet.individual.net (8.8.5-r-beta/8.8.5) with UUCP id WAA24004; Wed, 11 Feb 1998 22:52:58 +0100 (MET) Received: from rm.devnull.ruhr.de [192.168.22.75] by devnull.ruhr.de with smtp (Exim 1.73 #1) id 0y2jq1-0000IP-00; Wed, 11 Feb 1998 22:37:01 +0100 Received: from bs by rm.devnull.ruhr.de with local (Exim 1.73 #1) id 0y2juS-0000AS-00; Wed, 11 Feb 1998 22:41:36 +0100 To: Cliff Addy Cc: questions@FreeBSD.ORG, isp@FreeBSD.ORG Subject: Re: FreeBSD firewall questions References: Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit From: Benedikt Stockebrand Date: 11 Feb 1998 22:41:35 +0100 In-Reply-To: Cliff Addy's message of "Wed, 11 Feb 1998 08:48:40 -0500 (EST)" Message-ID: <87en19vmy8.fsf@devnull.ruhr.de> Lines: 88 X-Mailer: Gnus v5.5/XEmacs 20.3 - "Vatican City" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Cliff Addy writes: > - I think we have to change the default gateway of all our systems to the > firewall box, is that correct? Currently, they use the router. Yes, if you mean the internal address of the firewall/router box, but... > - We have 4 class C networks in our internal systems. Let's assume we > assign 100.100.100.100 to the "inside" nic on the firewall box and > 100.100.100.101 to the "outside" nic, while the router's ip is > 100.100.100.1. Does this routing on the firewall box look right? Not really. A router is usually connected to two (or more) networks. What you're doing right now is connect it twice to the same network 100.100.100.* at least from the IP address point of view, which is not exactly your intention. You'll need several networks: Network 1: Between your ISP/NSP and your router. Network 2: Between your router and your packet filter. Network 3-n: Your internal network(s). Possibly you have a perimeter/DMZ network with application proxies and/or outbound servers like FTP or WWW servers. The important thing is that you use Network 3-n addresses within Network 2. No good. You may consider spending a whole class C network for that, use a NAT/RFC1918 network address (192.168.*.*) or subnet one of your networks 3-n and use one of the subnets for the net between router and packet filter. The first solution is the "clean" one, but may require another registered class C, so it's not exactly perfect. The second solution should work fine if your router lets you use those NAT addresses. The third is a bit tricky; I wouldn't consider it unless the other two solutions didn't work. If you try, make sure you get the network and broadcast addresses right. And of course there's always the solution I missed... > - set static network routes to the internal class C networks > route add -net 100.100.100.0 -interface 100.100.100.100 > route add -net 100.100.101.0 -interface 100.100.100.100 > route add -net 100.100.102.0 -interface 100.100.100.100 > route add -net 100.100.103.0 -interface 100.100.100.100 You can probably simplify things if you use a specific netmask. This may speed things up a bit. Try something like # route add -net 100.100.100.0 -netmask 255.255.251.0 \ -interface 100.100.100.100 (not tested and I'm a bit out of practice with the syntax, so YMMV). > - set a static route to the router's ip address > route add 100.100.100.1 100.100.100.101 > > or does this need to be > route add 100.100.100.1 -interface 100.100.100.101 This is where things get messy because you're overriding the network route(s) above with a host route. The most ugly part about it is that internal machines can't reach the router itself anymore --- they can send things through it, but they can't even ping it to see if it's up. They'll always complain about a "host is down" or similar. Sorry I can't really tell about the proper routing syntax --- it's been about three or four years that I've last done anything serious about this on FreeBSD (and then we used dynamic routing). > - In order to connect the outside nic of the firewall directly to the > router, don't we need a "special" cable, the cat-5 equivalent of a > null-modem cable? You can use a proper hub instead. It is also possible to build a null-hub cable, but I don't remember which wires to cross. Sorry, maybe some hardware fraggle knows? Ben -- Ben(edikt)? Stockebrand Runaway ping.de Admin---Never Ever Trust Old Friends My name and email address are not to be added to any list used for advertising purposes. Any sender of unsolicited advertisement e-mail to this address im- plicitly agrees to pay a DM 500 fee to the recipient for proofreading services. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 15:05:33 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA09921 for freebsd-isp-outgoing; Wed, 11 Feb 1998 15:05:33 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from home.dragondata.com (toasty@home.dragondata.com [204.137.237.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA09885 for ; Wed, 11 Feb 1998 15:05:16 -0800 (PST) (envelope-from toasty@home.dragondata.com) Received: (from toasty@localhost) by home.dragondata.com (8.8.5/8.8.5) id RAA05162 for isp@freebsd.org; Wed, 11 Feb 1998 17:05:11 -0600 (CST) From: Kevin Day Message-Id: <199802112305.RAA05162@home.dragondata.com> Subject: Access lists To: isp@FreeBSD.ORG Date: Wed, 11 Feb 1998 17:05:11 -0600 (CST) X-Mailer: ELM [version 2.4ME+ PL31 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This really has little to do with FreeBSD, but more towards ISP's... 1) If you're not filtering your outgoing packets with router access lists, a firewall, or anything else. Please do. Make sure packets from your class C (or whatever else you may have) are the only things getting out. This would effectively stop spoofing from 90% of its sources. 2) You improve your own security by quite a bit by filtering what comes in to you. Don't let your router accept packets that look like they're form your class C, from the wrong side of the net, don't accept any packets from 127.*.*.*, or any broadcast addresses... If you've got a cisco, here's a sample configuration. interface Serial0 ip access-group 101 in ip access-group 102 out ! no access-list 102 no access-list 101 access-list 101 deny ip 204.137.237.0 0.0.0.255 any ! replace 204.137.237.0 with your class C address. I fyou dont' have a class ! C, you'll have to change the netmask that follows it. access-list 101 deny ip 127.0.0.0 0.255.255.255 any ! Don't let people spoof the loopback addresses. access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any !Don't let people spoof, or otherwise use 'internal/test' IP's. access-list 101 deny ip any 0.0.0.255 255.255.255.0 access-list 101 deny ip any 0.0.0.0 255.255.255.0 ! Don't let people use .255 or .0 addresses. access-list 101 permit ip any any access-list 102 permit ip 204.137.237.0 0.0.0.255 any !Only let my IP range out, nothing more. access-list 102 deny ip any any For those of you not convinced that each of those are needed, here's a report after only 2 days of use. Extended IP access list 101 deny ip 204.137.237.0 0.0.0.255 any (3479 matches) deny ip 127.0.0.0 0.255.255.255 any (494 matches) deny ip 10.0.0.0 0.255.255.255 any (896 matches) deny ip 172.16.0.0 0.15.255.255 any (154 matches) deny ip 192.168.0.0 0.0.255.255 any (1326 matches) deny ip any 0.0.0.255 255.255.255.0 (2 matches) deny ip any 0.0.0.0 255.255.255.0 (1 match) permit ip any any (62379930 matches) Does anyone have any suggestions for any other lines to add? If you don't know your way around a Cisco's config, don't blindly go adding things. :) Have your Cisco guru do it, rather than killing me later. :) This e-mail comes form frustration out of people spoofing like crazy lately. :) Kevin Day DragonData To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 19:12:39 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA18656 for freebsd-isp-outgoing; Wed, 11 Feb 1998 19:12:39 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mail-ftp.nordicdms.com (mail-ftp.nordicdms.com [208.1.210.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA18637; Wed, 11 Feb 1998 19:12:27 -0800 (PST) (envelope-from walton@nordicdms.com) Received: from mail-ftp (mail-ftp.nordicdms.com [208.1.210.10]) by mail-ftp.nordicdms.com (Post.Office MTA v3.1 release PO205e ID# 0-0U10L2S100) with SMTP id AAA244; Wed, 11 Feb 1998 19:12:19 -0800 From: walton@nordicdms.com (Dave Walton) Organization: Nordic Entertainment Worldwide To: Benedikt Stockebrand , questions@FreeBSD.ORG, isp@FreeBSD.ORG, fbsdlist@federation.addy.com Date: Wed, 11 Feb 1998 19:12:19 -800 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: FreeBSD firewall questions Reply-to: walton@nordicdms.com References: Cliff Addy's message of "Wed, 11 Feb 1998 08:48:40 -0500 (EST)" In-reply-to: <87en19vmy8.fsf@devnull.ruhr.de> Message-ID: <19980212031219899.AAA244@mail-ftp.nordicdms.com> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 11 Feb 98 at 22:41, Benedikt Stockebrand wrote: > Cliff Addy writes: > > > - In order to connect the outside nic of the firewall directly to the > > router, don't we need a "special" cable, the cat-5 equivalent of a > > null-modem cable? > > You can use a proper hub instead. It is also possible to build a > null-hub cable, but I don't remember which wires to cross. Sorry, > maybe some hardware fraggle knows? Standard cable: 1 ----- 1 2 ----- 2 3 ----- 3 6 ----- 6 (1,2) -> (1,2) should be a twisted pair, as should (3,6) -> (3,6). Crossover cable: 1 ----- 3 2 ----- 6 3 ----- 1 6 ----- 2 (1,2) -> (3,6) should be a twisted pair, as should (3,6) -> (1,2). If you are using 4-pair cable (and you probably are), you can hook up 4 ----- 4 5 ----- 5 7 ----- 7 8 ----- 8 for both setups. Dave (Hey, what's a fraggle??) ---------------------------------------------------------------------- Dave Walton Webmaster, Postmaster Nordic Entertainment Worldwide walton@nordicdms.com http://www.nordicdms.com ---------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 20:13:26 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA26385 for freebsd-isp-outgoing; Wed, 11 Feb 1998 20:13:26 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mixcom.mixcom.com (mixcom.mixcom.com [198.137.186.100]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id UAA26372 for ; Wed, 11 Feb 1998 20:13:20 -0800 (PST) (envelope-from mountin.man@mixcom.com) Received: by mixcom.mixcom.com (8.6.12/2.2) id WAA28601; Wed, 11 Feb 1998 22:13:35 -0600 Received: from dial193-32.mixcom.com(207.250.193.32) by mixcom.mixcom.com via smap (V1.3) id sma028580; Wed Feb 11 22:13:10 1998 Message-Id: <3.0.3.32.19980211220728.0072c48c@198.137.186.100> X-Sender: mmttnn@198.137.186.100 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 11 Feb 1998 22:07:28 -0600 To: "Mark Segal" , "Kevin Day" , From: "Jeffrey J. Mountin" Subject: Re: Large httpd log files In-Reply-To: <01bd36bc$62f64460$0201010a@mark.club-web.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 02:12 AM 2/11/98 -0500, Mark Segal wrote: >Yup it's quite simple... There are two things you must do. > >Firstly, in your virtual host directive in your httpd.conf make sure you >define different logs for every virtual domain. like so. > > >DocumentRoot /usr/home/yourname/public_html/ >ServerName www.yourname.com >ErrorLog logs/yourname-error_log >TransferLog logs/yourname-access_log >RefererLog logs/yourname-referer_log >AgentLog logs/yourname-agent_log > > >Secondly, you must configure analog to use those files instead.. i found the >config files a pain so i just recompile it each time (now a script).. just >change the file locations in the analhead.h Recompile Analog each time? Why? Simpler and faster to run a loop for *log and 'analog +a $logfile' with a simple shell or PERL script. I had 3 versions. One with full hosts on, the second with full hosts off for sites with more hits, and another for full hosts that would do directory stats deeper for the personal sites. A flat file is used for each site to get the values for the site, recipient, type of report, etc. The original post used one big log which could either be parsed or just run Analog for a directory report and give the totals, but personally I'd rather use the virtual host directive. Customers also like when they can have their own error page another reason for using virtual. ErrorDocument 404 /error.html Otherwise the servers plain generic is used and you give the customer that warm, fuzzy feeling. ;) Jeff Mountin - Unix Systems TCP/IP networking mountin.man@mixcom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 20:45:23 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA29794 for freebsd-isp-outgoing; Wed, 11 Feb 1998 20:45:23 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from bert.club-web.com (bert.club-web.com [207.176.196.11]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA29786 for ; Wed, 11 Feb 1998 20:45:14 -0800 (PST) (envelope-from mark@club-web.com) Received: from mark.club-web.com (dial-103.club-web.com [207.176.196.23]) by bert.club-web.com (8.8.8/8.8.6) with SMTP id XAA06817; Wed, 11 Feb 1998 23:35:59 -0500 (EST) From: "Mark Segal" To: "Kevin Day" , , "Jeffrey J. Mountin" Subject: Re: Large httpd log files Date: Wed, 11 Feb 1998 23:28:56 -0500 Message-ID: <01bd376e$bb3fe920$0201010a@mark.club-web.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.1712.3 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.1712.3 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >>Secondly, you must configure analog to use those files instead.. i found the >>config files a pain so i just recompile it each time (now a script).. just >>change the file locations in the analhead.h > >Recompile Analog each time? Why? > >Simpler and faster to run a loop for *log and 'analog +a $logfile' with a simple shell or PERL script. > >I had 3 versions. One with full hosts on, the second with full hosts off for sites with more hits, and another for full hosts that would do directory stats deeper for the personal sites. A flat file is used for each site to get the values for the site, recipient, type of report, etc. > > >The original post used one big log which could either be parsed or just run Analog for a directory report and give the totals, but personally I'd rather use the virtual host directive. Customers also like when they can have their own error page another reason for using virtual. > >ErrorDocument 404 /error.html > >Otherwise the servers plain generic is used and you give the customer that warm, fuzzy feeling. ;) :).... i agree. but, changing 4 log files.. the title.. and the location url under the title.. it just becomes a pain in the ass.. mark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 21:23:20 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA04313 for freebsd-isp-outgoing; Wed, 11 Feb 1998 21:23:20 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mixcom.mixcom.com (mixcom.mixcom.com [198.137.186.100]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id VAA04303 for ; Wed, 11 Feb 1998 21:23:18 -0800 (PST) (envelope-from mountin.man@mixcom.com) Received: by mixcom.mixcom.com (8.6.12/2.2) id XAA07546; Wed, 11 Feb 1998 23:25:00 -0600 Received: from dial193-11.mixcom.com(207.250.193.11) by mixcom.mixcom.com via smap (V1.3) id smaa07535; Wed Feb 11 23:24:50 1998 Message-Id: <3.0.3.32.19980211231827.0073c174@198.137.186.100> X-Sender: mmttnn@198.137.186.100 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 11 Feb 1998 23:18:27 -0600 To: "Mark Segal" , "Kevin Day" , From: "Jeffrey J. Mountin" Subject: Re: Large httpd log files In-Reply-To: <01bd376e$bb3fe920$0201010a@mark.club-web.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 11:28 PM 2/11/98 -0500, Mark Segal wrote: >:).... i agree. but, changing 4 log files.. the title.. and the location >url under the title.. it just becomes a pain in the ass.. By changing are you talking about when you add a new site or the reporting? Either can be scripted so you just enter the domain once, but a few more entries would be needed for the reporting. Hell I even scripted the DNS entries. ;) My default was just the access log. I'd turn error logging on as a temporary thing. The agent and refer logs were another option, which are mostly lost with an "average" customer. And a really rare webmaster wants the raw log, which we made an option with or without the Analog report. Almost as rare as those knowing the word "demograhpics" are. :O Jeff Mountin - Unix Systems TCP/IP networking mountin.man@mixcom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 21:23:20 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA04316 for freebsd-isp-outgoing; Wed, 11 Feb 1998 21:23:20 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mixcom.mixcom.com (mixcom.mixcom.com [198.137.186.100]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id VAA04298 for ; Wed, 11 Feb 1998 21:23:16 -0800 (PST) (envelope-from mountin.man@mixcom.com) Received: by mixcom.mixcom.com (8.6.12/2.2) id XAA07544; Wed, 11 Feb 1998 23:25:00 -0600 Received: from dial193-11.mixcom.com(207.250.193.11) by mixcom.mixcom.com via smap (V1.3) id sma007535; Wed Feb 11 23:24:49 1998 Message-Id: <3.0.3.32.19980211230733.0072d2c8@198.137.186.100> X-Sender: mmttnn@198.137.186.100 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 11 Feb 1998 23:07:33 -0600 To: Kevin Day , isp@FreeBSD.ORG From: "Jeffrey J. Mountin" Subject: Re: Access lists In-Reply-To: <199802112305.RAA05162@home.dragondata.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 05:05 PM 2/11/98 -0600, Kevin Day wrote: > >This really has little to do with FreeBSD, but more towards ISP's... > >1) If you're not filtering your outgoing packets with router access lists, a >firewall, or anything else. Please do. Make sure packets from your class C >(or whatever else you may have) are the only things getting out. Some think of the incoming to protect their network, but forget about the friendly-neighbor part and don't filter outgoing. >2) You improve your own security by quite a bit by filtering what comes in >to you. Don't let your router accept packets that look like they're form >your class C, from the wrong side of the net, don't accept any packets from >127.*.*.*, or any broadcast addresses... > >If you've got a cisco, here's a sample configuration. > >interface Serial0 > ip access-group 101 in > ip access-group 102 out >! >no access-list 102 >no access-list 101 > >access-list 101 deny ip 204.137.237.0 0.0.0.255 any >! replace 204.137.237.0 with your class C address. I fyou dont' have a class >! C, you'll have to change the netmask that follows it. > >access-list 101 deny ip 127.0.0.0 0.255.255.255 any >! Don't let people spoof the loopback addresses. > >access-list 101 deny ip 10.0.0.0 0.255.255.255 any >access-list 101 deny ip 172.16.0.0 0.15.255.255 any >access-list 101 deny ip 192.168.0.0 0.0.255.255 any >!Don't let people spoof, or otherwise use 'internal/test' IP's. > >access-list 101 deny ip any 0.0.0.255 255.255.255.0 >access-list 101 deny ip any 0.0.0.0 255.255.255.0 >! Don't let people use .255 or .0 addresses. >access-list 101 permit ip any any > > >access-list 102 permit ip 204.137.237.0 0.0.0.255 any >!Only let my IP range out, nothing more. > >access-list 102 deny ip any any A good start, but blocking sensitive ports or those that should be internal only, like NFS: acce 100 deny tcp any any eq 520 log acce 100 deny udp any any eq 520 log acce 100 deny tcp any any eq 2049 log acce 100 deny udp any any eq 2049 log acce 100 deny tcp any any eq 111 log acce 100 deny udp any any eq 111 log (uucp has to come through SMTP and the proxy handling it) acce 100 deny udp any any eq 1645 log acce 100 deny udp any any eq 1646 log Not to mention telnet ports to the routers and such, SNMP, NIS (if in use), syslog, etc. Also a good idea to only allow SMTP to either you mail server(s) or hub(s), so they don't decide to relay off say your web server. DNS zone transfers should only be allowed from trusted servers: acce 100 permit tcp any eq 53 >For those of you not convinced that each of those are needed, here's a >report after only 2 days of use. I saw a lot for 2049 and 520. Before it was filtered an NFS attack all but killed one server. Load of 100+ and it was rebooted, after a long time logging in, typing, and waiting for a response. >Does anyone have any suggestions for any other lines to add? Sure. Fine the incoming filter at the router is coming along, but what about dial-in users? Not good to let dial-in have access to some ports and often overlooked. If you don't use something, get it out of inetd.conf, fer gossake. Oh, your dial-in equipment should prevent spoofing and block ports locally that you don't want them accessing as well. To be an even better "neighbor" the outgoing could prevent sensitive ports as well as spoofing. Don't see any reason to let the dangerous 3 (512, 513, 514) out of the network and wonder why anyone would allow them inbound. Same for RADIUS, NIS, etc, but one could also have the if they don't bother, f' em. Now what about spamming. This could very well piss off users that dial-in elsewhere as well. Besides allowing incoming SMTP to only the server(s) that you want used. Dial-in users could be forced to only use local SMTP servers, preventing relaying off other servers for spamming. Along with blocking relay this is something that should be used, but may meet a lot of resistance in an ISP environment. Never did it myself, but very seriously though of doing so. >If you don't know your way around a Cisco's config, don't blindly go adding >things. :) Have your Cisco guru do it, rather than killing me later. :) Order is important as well. With some tweaking a 'estab' can tighten things even more, but takes some thought for an ISP filter. >This e-mail comes form frustration out of people spoofing like crazy lately. >:) Just the glorified baby-sitting involved when running an ISP. I'm more ruthless dealing with a private network now. Either way I have large filters. ;) Jeff Mountin - Unix Systems TCP/IP networking mountin.man@mixcom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 22:42:12 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA14417 for freebsd-isp-outgoing; Wed, 11 Feb 1998 22:42:12 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from alpha.thebestisp.com (alpha.thebestisp.com [204.220.33.11]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA14410 for ; Wed, 11 Feb 1998 22:42:10 -0800 (PST) (envelope-from joe@thebestisp.com) Received: from subzero.thebestisp.com (subzero.thebestisp.com [204.220.33.178]) by alpha.thebestisp.com (8.8.7/8.8.7) with SMTP id AAA13844 for ; Thu, 12 Feb 1998 00:47:57 -0600 (CST) From: "Joe" To: Subject: Fw: FreeBSD firewall questions Date: Wed, 11 Feb 1998 23:54:22 -0600 Message-ID: <01bd377a$aaa63900$b221dccc@subzero.thebestisp.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.1712.3 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.1712.3 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org IF YOU DO NOT NEED TO CONNECT MORE THAN TWO COMPUTERS DO NOT USE A HUB! (did the caps get your 'tension?) the reasons are simple 1 a hub costs money and if you were into spending money you wouldn't be using freebsd you'd be dealing (and spending a fortune for the same or less effect) with a Microsoft or comperable product. And second you can't expect to get better that 60%(+-) ie: 6Mbps rather than 10Mbps throughput so you are paying for latency and collissions..Just my two cents.. -----Original Message----- From: Dave Walton To: Benedikt Stockebrand ; questions@FreeBSD.ORG ; isp@FreeBSD.ORG ; fbsdlist@federation.addy.com Date: Wednesday, February 11, 1998 9:22 PM Subject: Re: FreeBSD firewall questions On 11 Feb 98 at 22:41, Benedikt Stockebrand wrote: > Cliff Addy writes: > > > - In order to connect the outside nic of the firewall directly to the > > router, don't we need a "special" cable, the cat-5 equivalent of a > > null-modem cable? > > You can use a proper hub instead. It is also possible to build a > null-hub cable, but I don't remember which wires to cross. Sorry, > maybe some hardware fraggle knows? Standard cable: 1 ----- 1 2 ----- 2 3 ----- 3 6 ----- 6 (1,2) -> (1,2) should be a twisted pair, as should (3,6) -> (3,6). Crossover cable: 1 ----- 3 2 ----- 6 3 ----- 1 6 ----- 2 (1,2) -> (3,6) should be a twisted pair, as should (3,6) -> (1,2). If you are using 4-pair cable (and you probably are), you can hook up 4 ----- 4 5 ----- 5 7 ----- 7 8 ----- 8 for both setups. Dave (Hey, what's a fraggle??) ---------------------------------------------------------------------- Dave Walton Webmaster, Postmaster Nordic Entertainment Worldwide walton@nordicdms.com http://www.nordicdms.com ---------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 23:08:22 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA17142 for freebsd-isp-outgoing; Wed, 11 Feb 1998 23:08:22 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from biggusdiskus.flyingfox.com (biggusdiskus.flyingfox.com [205.162.1.28]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA17137 for ; Wed, 11 Feb 1998 23:08:19 -0800 (PST) (envelope-from jas@flyingfox.com) Received: (from jas@localhost) by biggusdiskus.flyingfox.com (8.8.5/8.8.5) id XAA03963; Wed, 11 Feb 1998 23:09:56 -0800 (PST) Date: Wed, 11 Feb 1998 23:09:56 -0800 (PST) From: Jim Shankland Message-Id: <199802120709.XAA03963@biggusdiskus.flyingfox.com> To: joe@thebestisp.com Subject: Re: Fw: FreeBSD firewall questions Cc: freebsd-isp@FreeBSD.ORG Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > And second [with a hub] you can't expect to get better that 60%(+-) > ie: 6Mbps rather than 10Mbps throughput so you are paying for latency > and collissions.. Woops. Crap detector just went off. You should actually try this out; do your two hosts that get 10 Mb/s throughput on a point-to-point cable get 6 Mb/s throughput when those two hosts (only) are connected through a hub? If so, throw the hub into the trashcan and get another. You're right, though, that a hub is unnecessary to connect two hosts point-to-point. And if the interface cards support it, you can run the point-to-point line in full-duplex; for that matter, with 10/100 cards running $60 or less, at 100 Mb/s. 100 Mb hub and switch prices are dropping fast, but they're not yet down to a trivial level. Jim Shankland Flying Fox Computer Systems, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 23:22:01 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA18924 for freebsd-isp-outgoing; Wed, 11 Feb 1998 23:22:01 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA18879 for ; Wed, 11 Feb 1998 23:21:56 -0800 (PST) (envelope-from danny@panda.hilink.com.au) Received: (from danny@localhost) by panda.hilink.com.au (8.8.5/8.8.5) id SAA09182; Thu, 12 Feb 1998 18:21:45 +1100 (EST) Date: Thu, 12 Feb 1998 18:21:45 +1100 (EST) From: "Daniel O'Callaghan" To: Jim Shankland cc: joe@thebestisp.com, freebsd-isp@FreeBSD.ORG Subject: Re: Fw: FreeBSD firewall questions In-Reply-To: <199802120709.XAA03963@biggusdiskus.flyingfox.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 11 Feb 1998, Jim Shankland wrote: > You're right, though, that a hub is unnecessary to connect two hosts > point-to-point. And if the interface cards support it, you can run > the point-to-point line in full-duplex; for that matter, with > 10/100 cards running $60 or less, at 100 Mb/s. 100 Mb hub and switch > prices are dropping fast, but they're not yet down to a trivial level. And if the two computers are right next to each other, why not use coax? It seems to have gone out of fashion, somewhat, but it still works. Danny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 23:22:43 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA19055 for freebsd-isp-outgoing; Wed, 11 Feb 1998 23:22:43 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from alpha.thebestisp.com (alpha.thebestisp.com [204.220.33.11]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA19049 for ; Wed, 11 Feb 1998 23:22:40 -0800 (PST) (envelope-from joe@thebestisp.com) Received: from subzero.thebestisp.com (subzero.thebestisp.com [204.220.33.178]) by alpha.thebestisp.com (8.8.7/8.8.7) with SMTP id BAA14028 for ; Thu, 12 Feb 1998 01:28:27 -0600 (CST) From: "Joe" To: Subject: Re: Fw: FreeBSD firewall questions Date: Thu, 12 Feb 1998 00:34:51 -0600 Message-ID: <01bd3780$52b0c520$b221dccc@subzero.thebestisp.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.1712.3 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.1712.3 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org well you should try some big transfers ie: 100+megs and see that you will not get any better than maybe 75% even with a high end hub like intels or baystack even there the latency alone would be severly higher that a dcd and you would surelly get more collissions than with a dcd.. and the $40-$60 hubs that SMC/Linksys/etc put out I would be suprised if you get better that 5Mbps but through a switch sure you will push near 10 and with dcd even a POS nic card will get you by at near cap. I do use all intel pro100b nic's and through our local switched network I get solid 90+Mbps throughput. but not through the hubs even the managed baystack that we put out in larger networks only gets 65-70Mbps on a 100Mbps hub and that is due to collisions and the backdown time and latency in general. And some of the baystack 10Mbps push 80% but no better. At any rate take a look at your hubs how many of the that have util. meters go over 60-70%?? and call and ask the manufacturer "What is the best util. I will get?" ask about a 10Mbps because they will want to sell you a 100Mbps.. :-) -----Original Message----- From: Jim Shankland To: joe@thebestisp.com Cc: freebsd-isp@freebsd.org Date: Thursday, February 12, 1998 1:14 AM Subject: Re: Fw: FreeBSD firewall questions > And second [with a hub] you can't expect to get better that 60%(+-) > ie: 6Mbps rather than 10Mbps throughput so you are paying for latency > and collissions.. Woops. Crap detector just went off. You should actually try this out; do your two hosts that get 10 Mb/s throughput on a point-to-point cable get 6 Mb/s throughput when those two hosts (only) are connected through a hub? If so, throw the hub into the trashcan and get another. You're right, though, that a hub is unnecessary to connect two hosts point-to-point. And if the interface cards support it, you can run the point-to-point line in full-duplex; for that matter, with 10/100 cards running $60 or less, at 100 Mb/s. 100 Mb hub and switch prices are dropping fast, but they're not yet down to a trivial level. Jim Shankland Flying Fox Computer Systems, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 23:35:52 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA20510 for freebsd-isp-outgoing; Wed, 11 Feb 1998 23:35:52 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from agora.rdrop.com (0@agora.rdrop.com [199.2.210.241]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA20505 for ; Wed, 11 Feb 1998 23:35:50 -0800 (PST) (envelope-from batie@agora.rdrop.com) Received: (from batie@localhost) by agora.rdrop.com (8.8.5/8.8.5) id XAA02120; Wed, 11 Feb 1998 23:35:44 -0800 (PST) Message-ID: <19980211233544.27735@agora.rdrop.com> Date: Wed, 11 Feb 1998 23:35:44 -0800 From: Alan Batie To: "Daniel O'Callaghan" Cc: Jim Shankland , joe@thebestisp.com, freebsd-isp@FreeBSD.ORG Subject: Re: Fw: FreeBSD firewall questions References: <199802120709.XAA03963@biggusdiskus.flyingfox.com> Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-md5; boundary=YZ5djTAD1cGYuMQK X-Mailer: Mutt 0.88 In-Reply-To: ; from Daniel O'Callaghan on Thu, Feb 12, 1998 at 06:21:45PM +1100 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --YZ5djTAD1cGYuMQK Content-Type: text/plain; charset=us-ascii On Thu, Feb 12, 1998 at 06:21:45PM +1100, Daniel O'Callaghan wrote: > And if the two computers are right next to each other, why not use coax? > It seems to have gone out of fashion, somewhat, but it still works. At least it does if you wiggle the connectors just right... -- Alan Batie ______ www.rdrop.com/users/batie Me batie@agora.rdrop.com \ / www.qrd.org The Triangle PGPFP DE 3C 29 17 C0 49 7A \ / www.pgpi.com The Weird Numbers 27 40 A5 3C 37 4A DA 52 B9 \/ www.anti-spam.net NO SPAM! --YZ5djTAD1cGYuMQK Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNOKmT4v4wNua7QglAQHOCgP/a/aW3AHmvRbtOtnMvcodPJ1HFokd/hmJ ejHTLnT0TwBbMM9+CkJk0Eqe3EciogFYH3Niwv59ogVB3F0m+Bm2SkAy4i8f2R+i i6fOdlxodwj3T5CS81jzye/b7Kh+9UZXv3pO5x+GKQIsjFXyIbsoOD7PctT0slyM zNvT9xUC6Kg= =t8oK -----END PGP SIGNATURE----- --YZ5djTAD1cGYuMQK-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Feb 11 23:58:34 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA23348 for freebsd-isp-outgoing; Wed, 11 Feb 1998 23:58:34 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from shell.futuresouth.com (shell.futuresouth.com [207.141.254.20]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA23343 for ; Wed, 11 Feb 1998 23:58:28 -0800 (PST) (envelope-from tim@shell.futuresouth.com) Received: (from tim@localhost) by shell.futuresouth.com (8.8.8/8.8.8) id BAA07797; Thu, 12 Feb 1998 01:58:26 -0600 (CST) Message-ID: <19980212015825.52447@futuresouth.com> Date: Thu, 12 Feb 1998 01:58:25 -0600 From: Tim Tsai To: freebsd-isp@FreeBSD.ORG Subject: FreeBSD based web server farm design References: <01bd3780$52b0c520$b221dccc@subzero.thebestisp.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.88 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Suppose I am building a web server farm with the following characteristics: 1) Mostly (if not all) FreeBSD based 2) Capable of serving thousands of domains what would be some of the better approaches? The designs would assume DNS round-robin balancing. design 1: get something like a NetApp or build a kickass FreeBSD NFS server and all web servers would mount the NFS server. Problem - may run into NFS locking issues if FreeBSD is the NFS server. NFS server scalability may be an issue. design 2: replicate all data on all servers. Problem - storage scalability may be a problem. Data coherency problem. design 3: split domains into multiple machines. Problem - no redundancy or load balancing. Obviously we can use a mixture of techniques outline above - but from a design complexity point of view I am wondering if any of them would be good enough. Also, would something like Squid help in this scenario? I know Squid can act as an accelerator, but how well can it act as a transparent accelerator for thousands of domains? Thanks, Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 00:07:35 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA25219 for freebsd-isp-outgoing; Thu, 12 Feb 1998 00:07:35 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from alpha.thebestisp.com (alpha.thebestisp.com [204.220.33.11]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA25194 for ; Thu, 12 Feb 1998 00:07:32 -0800 (PST) (envelope-from joe@thebestisp.com) Received: from subzero.thebestisp.com (subzero.thebestisp.com [204.220.33.178]) by alpha.thebestisp.com (8.8.7/8.8.7) with SMTP id CAA14301 for ; Thu, 12 Feb 1998 02:13:21 -0600 (CST) From: "Joe" To: Subject: Fw: FreeBSD firewall questions Date: Thu, 12 Feb 1998 01:19:43 -0600 Message-ID: <01bd3786$9751aea0$b221dccc@subzero.thebestisp.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.1712.3 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.1712.3 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Feb 12, 1998 at 06:21:45PM +1100, Daniel O'Callaghan wrote: >> And if the two computers are right next to each other, why not use coax? >> It seems to have gone out of fashion, somewhat, but it still works. >At least it does if you wiggle the connectors just right... Very good... :-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 00:52:47 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA29851 for freebsd-isp-outgoing; Thu, 12 Feb 1998 00:52:47 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from proxy.unpar.ac.id (proxy.unpar.ac.id [167.205.206.55]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA29839 for ; Thu, 12 Feb 1998 00:52:34 -0800 (PST) (envelope-from 1193016@student.unpar.ac.id) Received: from student.unpar.ac.id (student.unpar.ac.id [167.205.206.58]) by proxy.unpar.ac.id (8.8.5/8.8.5) with ESMTP id PAA21395; Thu, 12 Feb 1998 15:37:21 +0700 (JAVT) Received: from localhost (1193016@localhost) by student.unpar.ac.id (8.8.5/8.8.5.D) with SMTP id PAA11130; Thu, 12 Feb 1998 15:52:13 +0700 (JAVT) Date: Thu, 12 Feb 1998 15:52:13 +0700 (JAVT) From: Thomas Wahyudi <1193016@student.unpar.ac.id> To: Paulo Fragoso cc: freebsd-isp@FreeBSD.ORG Subject: Re: TX motherborad In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 11 Feb 1998, Paulo Fragoso wrote: >Hi, >I try to install FreeBSD 2.2.5 in a new motherboard whith TX chipset. >This kernel not found sio0 and sio1. Are there any solution? > >Paulo. Have you try, in BIOS, to set sio0 and sio1 to manual not auto ? Best regard, from #### # Thomas Wahyudi # # # # 1193016@student.unpar.ac.id # ## ## http://student.unpar.ac.id/~1193016 -=-=-=-=-=PARAHYANGAN UNIVERSITY=-=-=-=-=-=- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 05:38:12 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA28166 for freebsd-isp-outgoing; Thu, 12 Feb 1998 05:38:12 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mixcom.mixcom.com (mixcom.mixcom.com [198.137.186.100]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id FAA28146 for ; Thu, 12 Feb 1998 05:38:10 -0800 (PST) (envelope-from mountin.man@mixcom.com) Received: by mixcom.mixcom.com (8.6.12/2.2) id HAA21120; Thu, 12 Feb 1998 07:39:56 -0600 Received: from dial193-15.mixcom.com(207.250.193.15) by mixcom.mixcom.com via smap (V1.3) id sma021105; Thu Feb 12 07:39:34 1998 Message-Id: <3.0.3.32.19980212073351.007362f0@198.137.186.100> X-Sender: mmttnn@198.137.186.100 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Thu, 12 Feb 1998 07:33:51 -0600 To: Jim Shankland From: "Jeffrey J. Mountin" Subject: Re: Fw: FreeBSD firewall questions Cc: freebsd-isp@FreeBSD.ORG In-Reply-To: <199802120709.XAA03963@biggusdiskus.flyingfox.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 11:09 PM 2/11/98 -0800, Jim Shankland wrote: >Woops. Crap detector just went off. > >You should actually try this out; do your two hosts that get 10 Mb/s >throughput on a point-to-point cable get 6 Mb/s throughput when those >two hosts (only) are connected through a hub? If so, throw the hub >into the trashcan and get another. Latency for a switch depends on if it does store/forward or cut and/or some adaptive method. >You're right, though, that a hub is unnecessary to connect two hosts >point-to-point. And if the interface cards support it, you can run >the point-to-point line in full-duplex; for that matter, with >10/100 cards running $60 or less, at 100 Mb/s. 100 Mb hub and switch >prices are dropping fast, but they're not yet down to a trivial level. The Intel Pro100B can be had for about $45 + s/h and a Cisco 1912 with 8 - 10bT and 1 - 100bT run under $1100 and the 2808 with 8 - 10/100 ports is a bit more than $1600. Not trivial, but their still dropping. It might not be a switch, but the price is trivial for a plain 4 port 10/100 hub from D-Link for $89. Jeff Mountin - Unix Systems TCP/IP networking mountin.man@mixcom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 05:38:43 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA28225 for freebsd-isp-outgoing; Thu, 12 Feb 1998 05:38:43 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mixcom.mixcom.com (mixcom.mixcom.com [198.137.186.100]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id FAA28218 for ; Thu, 12 Feb 1998 05:38:40 -0800 (PST) (envelope-from mountin.man@mixcom.com) Received: by mixcom.mixcom.com (8.6.12/2.2) id HAA21185; Thu, 12 Feb 1998 07:40:26 -0600 Received: from dial193-15.mixcom.com(207.250.193.15) by mixcom.mixcom.com via smap (V1.3) id sma021178; Thu Feb 12 07:40:17 1998 Message-Id: <3.0.3.32.19980212073434.00732070@198.137.186.100> X-Sender: mmttnn@198.137.186.100 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Thu, 12 Feb 1998 07:34:34 -0600 To: "Daniel O'Callaghan" From: "Jeffrey J. Mountin" Subject: Re: Fw: FreeBSD firewall questions Cc: freebsd-isp@FreeBSD.ORG In-Reply-To: References: <199802120709.XAA03963@biggusdiskus.flyingfox.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 06:21 PM 2/12/98 +1100, Daniel O'Callaghan wrote: >And if the two computers are right next to each other, why not use coax? >It seems to have gone out of fashion, somewhat, but it still works. Just one piece of coax in a collision domain drops the potential throughput, so unless the network is lightly loaded. Once I lost the last coax NIC things were _much_ better. I'd avoid coax like a traffic jam. It's out of fashion for a reason. Jeff Mountin - Unix Systems TCP/IP networking mountin.man@mixcom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 06:31:27 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA03786 for freebsd-isp-outgoing; Thu, 12 Feb 1998 06:31:27 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from federation.addy.com (federation.addy.com [207.239.68.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA03779 for ; Thu, 12 Feb 1998 06:31:24 -0800 (PST) (envelope-from fbsdlist@federation.addy.com) Received: from localhost (fbsdlist@localhost) by federation.addy.com (8.8.5/8.6.12) with SMTP id JAA13653 for ; Thu, 12 Feb 1998 09:31:20 -0500 (EST) Date: Thu, 12 Feb 1998 09:31:19 -0500 (EST) From: Cliff Addy To: freebsd-isp@FreeBSD.ORG Subject: Re: FreeBSD firewall questions Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thanks for all the input, guys, it was *very* enlightening. However, I think I've come up with a *much* simpler answer that works because of the way we're set up here. The firewall machine is named odo, the router is wormhole, and my test server is tribble. All I did (in the brief experiment I tried) was to tell odo his default route is wormhole. Then I changed tribble's default route from wormhole to odo. Now, running a traceroute to freebsd.org, I get 1 odo.addy.com (207.239.68.128) 0.556 ms 0.416 ms 0.411 ms 2 wormhole.addy.com (207.239.68.1) 2.288 ms 2.161 ms 3.084 ms 3 206.181.190.29 (206.181.190.29) 5.363 ms 3.590 ms 3.281 ms 4 atl2-core2-h4-0.atlas.digex.net (165.117.52.1) 12.520 ms 49.487 ms . . etc. If I read this right, all outgoing traffic is now being routed through odo and I can manipulate traffic with all my nifty tools. Of course, the one drawback I can see is that all traffic is transmitted on the ethernet segment twice, but I can live with that. The only thing left would seem to be that I need to set wormhole to route inbound traffic to odo, but I'm sure I can figure out how to do that. Even if I can't, the real purpose of all this is to measure and meter outbound traffic, anyway. My one concern is: what if odo dies? Can I set up the other FreeBSD machines to "fallback" to wormhole if odo cannot be contacted? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 07:49:42 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA11927 for freebsd-isp-outgoing; Thu, 12 Feb 1998 07:49:42 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mercury.jorsm.com (mercury.jorsm.com [207.112.128.9]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA11904 for ; Thu, 12 Feb 1998 07:49:37 -0800 (PST) (envelope-from jeff@mercury.jorsm.com) Received: from localhost (jeff@localhost) by mercury.jorsm.com (8.8.7/8.8.7) with SMTP id JAA14107 for ; Thu, 12 Feb 1998 09:49:35 -0600 (CST) Date: Thu, 12 Feb 1998 09:49:34 -0600 (CST) From: Jeff Lynch Reply-To: Jeff Lynch To: freebsd-isp@FreeBSD.ORG Subject: Re: FreeBSD firewall questions In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 12 Feb 1998, Cliff Addy wrote: > The firewall machine is named odo, the router is wormhole, and my test > server is tribble. All I did (in the brief experiment I tried) was to tell > odo his default route is wormhole. Then I changed tribble's default route > from wormhole to odo. Now, running a traceroute to freebsd.org, I get [snip] > > My one concern is: what if odo dies? Can I set up the other FreeBSD > machines to "fallback" to wormhole if odo cannot be contacted? On tribble from cron: #!/bin/sh loss=` /sbin/ping -c2 -q mercury | grep "packet loss" | awk '{print $7}' | tr -d '%'` if [ $loss -gt 0 ] then route delete wormhole route add default 206.181.190.29 fi Putting the routing back in when wormhole comes back is left as an exercise to the reader. ========================================================================= Jeffrey A. Lynch, President JORSM Internet email: jeff@jorsm.com Northwest Indiana's Full-Service Provider Voice: (219)322-2180 927 Sheffield Avenue, Dyer, IN 46311 Autoresponse: info@jorsm.com http://www.jorsm.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 07:58:31 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA13881 for freebsd-isp-outgoing; Thu, 12 Feb 1998 07:58:31 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mercury.jorsm.com (mercury.jorsm.com [207.112.128.9]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA13861 for ; Thu, 12 Feb 1998 07:58:28 -0800 (PST) (envelope-from jeff@mercury.jorsm.com) Received: from localhost (jeff@localhost) by mercury.jorsm.com (8.8.7/8.8.7) with SMTP id JAA14822 for ; Thu, 12 Feb 1998 09:58:27 -0600 (CST) Date: Thu, 12 Feb 1998 09:58:26 -0600 (CST) From: Jeff Lynch Reply-To: Jeff Lynch To: freebsd-isp@FreeBSD.ORG Subject: OOPS! Re: FreeBSD firewall questions In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 12 Feb 1998, Jeff Lynch wrote: > On Thu, 12 Feb 1998, Cliff Addy wrote: > > > The firewall machine is named odo, the router is wormhole, and my test > > server is tribble. All I did (in the brief experiment I tried) was to tell > > odo his default route is wormhole. Then I changed tribble's default route > > from wormhole to odo. Now, running a traceroute to freebsd.org, I get > [snip] > > > > My one concern is: what if odo dies? Can I set up the other FreeBSD > > machines to "fallback" to wormhole if odo cannot be contacted? > > On tribble from cron: > > #!/bin/sh > loss=` /sbin/ping -c2 -q mercury | grep "packet loss" | awk '{print $7}' | ^^^^^^^ make that ping -c2 -q odo cut and paste error > tr -d '%'` > if [ $loss -gt 0 ] > then > route delete wormhole make that route delete odo > route add default 206.181.190.29 make that route add default wormhole > fi > > Putting the routing back in when wormhole comes back is left as > an exercise to the reader. > > ========================================================================= > Jeffrey A. Lynch, President JORSM Internet > email: jeff@jorsm.com Northwest Indiana's Full-Service Provider > Voice: (219)322-2180 927 Sheffield Avenue, Dyer, IN 46311 > Autoresponse: info@jorsm.com http://www.jorsm.com > --jeff "correcting his own mistakes" lynch ========================================================================= Jeffrey A. Lynch, President JORSM Internet email: jeff@jorsm.com Northwest Indiana's Full-Service Provider Voice: (219)322-2180 927 Sheffield Avenue, Dyer, IN 46311 Autoresponse: info@jorsm.com http://www.jorsm.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 08:04:46 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA15197 for freebsd-isp-outgoing; Thu, 12 Feb 1998 08:04:46 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mail.ruhrgebiet.individual.net (in-ruhr.ruhr.de [141.39.224.38]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA15188 for ; Thu, 12 Feb 1998 08:04:40 -0800 (PST) (envelope-from bs@devnull.ruhr.de) Received: (from admin@localhost) by mail.ruhrgebiet.individual.net (8.8.5-r-beta/8.8.5) with UUCP id QAA17172; Thu, 12 Feb 1998 16:56:10 +0100 (MET) Received: from rm.devnull.ruhr.de [192.168.22.75] by devnull.ruhr.de with smtp (Exim 1.73 #1) id 0y30no-0000RF-00; Thu, 12 Feb 1998 16:43:52 +0100 Received: from bs by rm.devnull.ruhr.de with local (Exim 1.73 #1) id 0y30sN-0000Fp-00; Thu, 12 Feb 1998 16:48:35 +0100 To: "Joe" Cc: Subject: Re: Fw: FreeBSD firewall questions References: <01bd377a$aaa63900$b221dccc@subzero.thebestisp.com> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit From: Benedikt Stockebrand Date: 12 Feb 1998 16:48:35 +0100 In-Reply-To: "Joe"'s message of "Wed, 11 Feb 1998 23:54:22 -0600" Message-ID: <8767mkbz8s.fsf@devnull.ruhr.de> Lines: 39 X-Mailer: Gnus v5.5/XEmacs 20.3 - "Vatican City" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Joe" writes: > IF YOU DO NOT NEED TO CONNECT MORE THAN TWO COMPUTERS DO NOT USE A HUB! (did > the caps get your 'tension?) the reasons are simple 1 a hub costs money Point taken. But OTOH a hub lets you plug in a third box into that physical network, and in some situations that can be quite handy. Anyway, I didn't say that a hub was a "better" solution than a null-hub cable. > and > if you were into spending money you wouldn't be using freebsd you'd be > dealing (and spending a fortune for the same or less effect) with a > Microsoft or comperable product. Nothing compares to M$... ok, let's stop this... > And second you can't expect to get better > that 60%(+-) ie: 6Mbps rather than 10Mbps throughput so you are paying for > latency and collissions..Just my two cents.. This depends on the bandwidth your outbound connection has. Here in Krautland a 2Mbit/s line is still pretty much upper standard, so under these circumstances even a lowly 10 Mbit/s 10Base2 or 10BaseT wouldn't be seriously loaded. As far as latency goes: How much latency is caused by a hub (opposed to a switch, which is too expensive anyway) and will it be noticeable if all data is subsequently sent across a long distance connection? Ben -- Ben(edikt)? Stockebrand Runaway ping.de Admin---Never Ever Trust Old Friends My name and email address are not to be added to any list used for advertising purposes. Any sender of unsolicited advertisement e-mail to this address im- plicitly agrees to pay a DM 500 fee to the recipient for proofreading services. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 08:04:53 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA15252 for freebsd-isp-outgoing; Thu, 12 Feb 1998 08:04:53 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mail.ruhrgebiet.individual.net (in-ruhr.ruhr.de [141.39.224.38]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA15192; Thu, 12 Feb 1998 08:04:44 -0800 (PST) (envelope-from bs@devnull.ruhr.de) Received: (from admin@localhost) by mail.ruhrgebiet.individual.net (8.8.5-r-beta/8.8.5) with UUCP id QAA17171; Thu, 12 Feb 1998 16:56:10 +0100 (MET) Received: from rm.devnull.ruhr.de [192.168.22.75] by devnull.ruhr.de with smtp (Exim 1.73 #1) id 0y30Ml-0000O5-00; Thu, 12 Feb 1998 16:15:55 +0100 Received: from bs by rm.devnull.ruhr.de with local (Exim 1.73 #1) id 0y30RJ-0000Dz-00; Thu, 12 Feb 1998 16:20:37 +0100 To: questions@FreeBSD.ORG, isp@FreeBSD.ORG Subject: Re: FreeBSD firewall questions References: <87en19vmy8.fsf@devnull.ruhr.de> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit From: Benedikt Stockebrand Date: 12 Feb 1998 16:20:36 +0100 In-Reply-To: Benedikt Stockebrand's message of "11 Feb 1998 22:41:35 +0100" Message-ID: <877m70c0jf.fsf@devnull.ruhr.de> Lines: 66 X-Mailer: Gnus v5.5/XEmacs 20.3 - "Vatican City" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Benedikt Stockebrand writes: > # route add -net 100.100.100.0 -netmask 255.255.251.0 \ > -interface 100.100.100.100 Danny O'Callahan is right: Make that netmask 255.255.252.0 instead of ...251... > (not tested and I'm a bit out of practice with the syntax, so YMMV). oh yes, and I was bl**dy tired, too. > This is where things get messy because you're overriding the network > route(s) above with a host route. The most ugly part about it is that > internal machines can't reach the router itself anymore --- they can > send things through it, but they can't even ping it to see if it's > up. They'll always complain about a "host is down" or similar. One more addendum: If you *really* want to do this you might consider using a proxy arp kludge. I'd still recommend against it, though. I've just dug through my assorted docs to see if there's any good starting point about this issue. Here's what I've found: Craig Hunt, TCP/IP Network Administration ("Crab Book"). O'Reilly & Associates, 1992 I've only got the old edition and it seems to miss the more advanced aspects like VLSM and CIDR. Good starting point though. W. Richard Stevens, TCP/IP Illustrated Vol. I Addison-Wesley, 1994 This one deals with the protocol side of the problem in depth. Unfortunately not in one chapter but spread around a bit. And it doesn't deal with the Un*x side of it. Recommended if you really want to find out about the internals of the TCP/IP stack. Otherwise you may try the gated docs, but I don't have them around so I can't check --- YMMV. > maybe some hardware fraggle knows? Since Dave Walton asked what fraggles are: Apparently the name "fraggle" comes from the Jim Henson "Fraggles" show. They're a bunch of nice but sometimes slightly childish beings (at least that's what I've been told). The "hardware fraggles" are the ones running around with soldering irons and wirecutters. Ben -- Ben(edikt)? Stockebrand Runaway ping.de Admin---Never Ever Trust Old Friends My name and email address are not to be added to any list used for advertising purposes. Any sender of unsolicited advertisement e-mail to this address im- plicitly agrees to pay a DM 500 fee to the recipient for proofreading services. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 08:35:49 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA19861 for freebsd-isp-outgoing; Thu, 12 Feb 1998 08:35:49 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from barney.webace.com.au ([203.25.160.154]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA19833; Thu, 12 Feb 1998 08:35:42 -0800 (PST) (envelope-from jasonm@barney.webace.com.au) Received: from localhost (jasonm@localhost) by barney.webace.com.au (8.8.5/8.8.5) with SMTP id AAA04535; Fri, 13 Feb 1998 00:47:20 +0800 (WST) Date: Fri, 13 Feb 1998 00:47:20 +0800 (WST) From: Jason McKay To: questions@FreeBSD.ORG cc: isp@FreeBSD.ORG Subject: Restrictions by Time Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I'm currently setting up an ISP for a friend ... He wishes to go about things abit differently when it comes to users restrictions. We don't want any session limits or daily limits, but this is what we do require: Each group of the FreeBSD system has different login periods, for example, group A can only login between 6am and midnight ... if they pass that period, the system will disconnect them. If anyone knows of some utility which can enforce this, we would be very greatful. Thank you, Jason McKay. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 08:55:01 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA22522 for freebsd-isp-outgoing; Thu, 12 Feb 1998 08:55:01 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mail.boisfrancs.qc.ca (mail.boisfrancs.qc.ca [207.253.52.5]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA22513 for ; Thu, 12 Feb 1998 08:54:59 -0800 (PST) (envelope-from xenub@boisfrancs.qc.ca) Received: from gateway (ppp133.boisfrancs.qc.ca [207.253.52.133]) by mail.boisfrancs.qc.ca (8.8.5/8.8.5) with SMTP id LAA28829 for ; Thu, 12 Feb 1998 11:55:04 -0500 (EST) Message-Id: <199802121655.LAA28829@mail.boisfrancs.qc.ca> X-Sender: xenub@boisfrancs.qc.ca X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0 Date: Thu, 12 Feb 1998 11:56:07 -0500 To: isp@FreeBSD.ORG From: Louis-Philippe Alain Subject: How can I protect me server? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, First I would like to know if there's ways to stop (ar at least decrease) my users from nuking and flooding on IRC? It seem that in our little town here (only two ISPs), there's a new "fashion" which is nuking and flooding and to do "takeovers" on IRC. So, is there a way to stop our users to do such things? The other question is how can I protect my server from mailbomb? Once, one of our users did a mailbomb to a bad email adress so every of the 1500 emails he sent bonced back to the mailer-daemon which is aliases to two adresses. How could I protect my server from such incident? Any redirection to documents or web sites which could answer to my questions would be really appreciated. Louis-Philippe Alain Internet Bois-Francs To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 09:01:26 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA23812 for freebsd-isp-outgoing; Thu, 12 Feb 1998 09:01:26 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from gatekeeper.tsc.tdk.com (root@gatekeeper.tsc.tdk.com [207.113.159.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA23806 for ; Thu, 12 Feb 1998 09:01:24 -0800 (PST) (envelope-from gdonl@tsc.tdk.com) Received: from sunrise.gv.tsc.tdk.com (root@sunrise.gv.tsc.tdk.com [192.168.241.191]) by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id JAA25051; Thu, 12 Feb 1998 09:00:18 -0800 (PST) (envelope-from gdonl@tsc.tdk.com) Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194]) by sunrise.gv.tsc.tdk.com (8.8.5/8.8.5) with ESMTP id JAA14927; Thu, 12 Feb 1998 09:00:17 -0800 (PST) Received: (from gdonl@localhost) by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id JAA20432; Thu, 12 Feb 1998 09:00:15 -0800 (PST) From: Don Lewis Message-Id: <199802121700.JAA20432@salsa.gv.tsc.tdk.com> Date: Thu, 12 Feb 1998 09:00:15 -0800 In-Reply-To: Benedikt Stockebrand "Re: Fw: FreeBSD firewall questions" (Feb 12, 4:48pm) X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95) To: Benedikt Stockebrand , "Joe" Subject: Re: Fw: FreeBSD firewall questions Cc: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Feb 12, 4:48pm, Benedikt Stockebrand wrote: } Subject: Re: Fw: FreeBSD firewall questions } As far as latency goes: How much latency is caused by a hub (opposed } to a switch, which is too expensive anyway) and will it be noticeable } if all data is subsequently sent across a long distance connection? >From my reading of the 802.3 repeater spec, the maximum delay through a 100Mbit Class II repeater is 84 bit times. Add about 25 for a Class I repeater. I don't have a copy of the 10Mbit spec, but I would expect the number of bit times to be quite a bit less. I'd expect that using a hub would cause a slight increase in the collision rate (depending on how well the NIC and driver can send back to back packets with the minimum interpacket gap, and the overall traffic pattern), and a slight increase in the size of the runt frames generated by collisions. If adding a hub causes a big change in throughput, one of the first places I'd look is at the NICs. To really track down the problem, you really need to examine the bits they fly past ... --- Truck To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 10:16:32 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA04495 for freebsd-isp-outgoing; Thu, 12 Feb 1998 10:16:32 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from darius.concentric.net (darius.concentric.net [207.155.184.79]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA04490 for ; Thu, 12 Feb 1998 10:16:30 -0800 (PST) (envelope-from jasonc@concentric.net) Received: from newman.concentric.net (newman.concentric.net [207.155.184.71]) by darius.concentric.net (8.8.8/(98/01/20 5.9)) id NAA19830; Thu, 12 Feb 1998 13:16:27 -0500 (EST) [1-800-745-2747 The Concentric Network] Received: from K6-200.concentric.net (ts005d04.lan-mi.concentric.net [206.173.98.112]) by newman.concentric.net (8.8.8) id NAA22444; Thu, 12 Feb 1998 13:16:25 -0500 (EST) Message-Id: <199802121816.NAA22444@newman.concentric.net> From: "Jason" To: "Alan Batie" , "Daniel O'Callaghan" Cc: "Jim Shankland" , , Subject: Re: Fw: FreeBSD firewall questions Date: Thu, 12 Feb 1998 13:07:17 -0500 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Maybe you should consider getting better connectors. Mine never have that trouble. I guess you have to make them right the first time is all. What ever happened to thinet these days. I see more Type I and coax anymore. I like it because you can connect as many computers are you need on one line. Works for my mini lan here. ---------- > From: Alan Batie > To: Daniel O'Callaghan > Cc: Jim Shankland ; joe@thebestisp.com; freebsd-isp@FreeBSD.ORG > Subject: Re: Fw: FreeBSD firewall questions > Date: Thursday, February 12, 1998 2:35 AM > > On Thu, Feb 12, 1998 at 06:21:45PM +1100, Daniel O'Callaghan wrote: > > And if the two computers are right next to each other, why not use coax? > > It seems to have gone out of fashion, somewhat, but it still works. > > At least it does if you wiggle the connectors just right... > > -- > Alan Batie ______ www.rdrop.com/users/batie Me > batie@agora.rdrop.com \ / www.qrd.org The Triangle > PGPFP DE 3C 29 17 C0 49 7A \ / www.pgpi.com The Weird Numbers > 27 40 A5 3C 37 4A DA 52 B9 \/ www.anti-spam.net NO SPAM! > Jason Cribbins jasonc@concentric.net ICQ 756273 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 10:19:18 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA05146 for freebsd-isp-outgoing; Thu, 12 Feb 1998 10:19:18 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from CTNet2.createtech.com (CTNet2.createtech.com [209.48.208.12]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA05123 for ; Thu, 12 Feb 1998 10:19:13 -0800 (PST) (envelope-from kim@createtech.com) Received: (from smtp@localhost) by CTNet2.createtech.com (8.8.7/8.8.5) id MAA05039 for ; Thu, 12 Feb 1998 12:17:31 -0600 (CST) Received: from x56.createtech.com(209.48.208.56), claiming to be "createtech.com" via SMTP by pop.createtech.com, id smtpd005036; Thu Feb 12 12:17:23 1998 Message-ID: <34E33C6A.19CC6688@createtech.com> Date: Thu, 12 Feb 1998 12:16:10 -0600 From: Kim Shrier X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: freebsd-isp@FreeBSD.ORG Subject: Re: Large system backups; recommendations for devices & strategies? References: <199802111724.JAA06462@hub.freebsd.org> <199802121801.MAA04156@CTNet2.createtech.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Nicholas Merrill wrote: > ... > > >I am currently trying to get approval to put a 21GB hard disk in the > >backup machine and replace the DDS drive with an Exabyte Mammoth (20GB) > >drive. > > Kim - look into DLT - it rules :) > > Nick I have looked at both the DLT4000 and the Exabyte Mammoth. I can get both for the same price. The media costs about the same. Both drives are SCSI. However, the transfer rate (according to the specs) is twice as fast for the Mammoth and the MTBF numbers are better. Does anybody have any experience with the Mammoth? -- Kim Shrier - kim@createtech.com Director of Development - CreateTech, Inc. voice 214-748-2233 - fax 214-748-3377 www.createtech.com - Custom Internet Solutions. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 10:32:54 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA07866 for freebsd-isp-outgoing; Thu, 12 Feb 1998 10:32:54 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from horst.bfd.com (horst.bfd.com [204.160.242.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA07846 for ; Thu, 12 Feb 1998 10:32:44 -0800 (PST) (envelope-from ejs@bfd.com) Received: from harlie.bfd.com (bastion.bfd.com [204.160.242.14]) by horst.bfd.com (8.8.8/8.8.8) with SMTP id KAA10997; Thu, 12 Feb 1998 10:32:33 -0800 (PST) (envelope-from ejs@bfd.com) Date: Thu, 12 Feb 1998 10:32:30 -0800 (PST) From: "Eric J. Schwertfeger" To: Mark Segal cc: Kevin Day , isp@FreeBSD.ORG, "Jeffrey J. Mountin" Subject: Re: Large httpd log files In-Reply-To: <01bd376e$bb3fe920$0201010a@mark.club-web.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 11 Feb 1998, Mark Segal wrote: > :).... i agree. but, changing 4 log files.. the title.. and the location > url under the title.. it just becomes a pain in the ass.. What part is a pain in the ass? setting up apache? As far as analog goes, just set up a seperate analog config file for each virtual host, then all you have to specify the config file on the command line, or in the HTML form, is which easier than specifiying all the other stuff. In the HTML, I just use this for realtime stats

Select the Server you want reports for

Where each config file specifies the log files, error logs, logo, title, and link. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 10:37:13 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA08279 for freebsd-isp-outgoing; Thu, 12 Feb 1998 10:37:13 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from george.arc.nasa.gov (george.arc.nasa.gov [128.102.194.142]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA08273 for ; Thu, 12 Feb 1998 10:37:10 -0800 (PST) (envelope-from lamaster@george.arc.nasa.gov) From: lamaster@george.arc.nasa.gov Received: (from lamaster@localhost) by george.arc.nasa.gov (8.8.7/8.8.7) id KAA16165 for freebsd-isp@FreeBSD.ORG; Thu, 12 Feb 1998 10:32:58 -0800 (PST) Date: Thu, 12 Feb 1998 10:32:58 -0800 (PST) Message-Id: <199802121832.KAA16165@george.arc.nasa.gov> To: freebsd-isp@FreeBSD.ORG Subject: Re: Fw: FreeBSD firewall questions Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org mountin.man@mixcom.com wrote: >> At 06:21 PM 2/12/98 +1100, Daniel O'Callaghan wrote: >> >And if the two computers are right next to each other, why not use coax? >> >It seems to have gone out of fashion, somewhat, but it still works. >> >> Just one piece of coax in a collision domain drops the >> potential throughput, so unless the network is lightly loaded. >> Once I lost the last coax NIC things were _much_ better. >> >> I'd avoid coax like a traffic jam. >> >> It's out of fashion for a reason. I know this is nitpicking, but, by "coax" I assume you mean "thin ethernet", "thin-net", whatever. Thick coax worked just fine for me, much better than 10baseT when it first came out, or trying to use 10baseT on older wiring. A clean thick ethernet coax installation was no problem - except that it is expensive/time-consuming to install, and, worse, to modify. However, 10baseT became very reliable about four years ago, and, on a good cat-5 installation, is very nice, as everyone knows. I agree that thin-net should be avoided like the plague. I never had anything but trouble with it, even for short distances. I was surprised to see it still being promoted for cheap home/small-office installations, as I observed in an electronics store a few nights ago. Especially now that you can get inexpensive, small 10baseT hubs (but only for about the last year or so has the price really come down) from several vendors. Today, there is absolutely no reason to use anything other than 10baseT (or 100baseT) on new installations. Always use level-5 wiring. [And, I would recommend eliminating *all* the thin-net coax from existing installations.] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 13:01:37 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA00714 for freebsd-isp-outgoing; Thu, 12 Feb 1998 13:01:37 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mail.ruhrgebiet.individual.net (in-ruhr.ruhr.de [141.39.224.38]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA00706 for ; Thu, 12 Feb 1998 13:01:34 -0800 (PST) (envelope-from bs@devnull.ruhr.de) Received: (from admin@localhost) by mail.ruhrgebiet.individual.net (8.8.5-r-beta/8.8.5) with UUCP id VAA20072; Thu, 12 Feb 1998 21:34:16 +0100 (MET) Received: from rm.devnull.ruhr.de [192.168.22.75] by devnull.ruhr.de with smtp (Exim 1.73 #1) id 0y312B-0000W0-00; Thu, 12 Feb 1998 16:58:43 +0100 Received: from bs by rm.devnull.ruhr.de with local (Exim 1.73 #1) id 0y316k-0000Hv-00; Thu, 12 Feb 1998 17:03:26 +0100 To: Cliff Addy Cc: freebsd-isp@FreeBSD.ORG Subject: Re: FreeBSD firewall questions References: Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit From: Benedikt Stockebrand Date: 12 Feb 1998 17:03:26 +0100 In-Reply-To: Cliff Addy's message of "Thu, 12 Feb 1998 09:31:19 -0500 (EST)" Message-ID: <874t24byk1.fsf@devnull.ruhr.de> Lines: 29 X-Mailer: Gnus v5.5/XEmacs 20.3 - "Vatican City" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Cliff Addy writes: > Even if I can't, the real purpose of all this is to measure and meter > outbound traffic, anyway. Hmm, you could've told us before :-) Depending on what you want to do in particular it might have been easiest to make odo use promiscuous mode on its interface and stay out of the way. > My one concern is: what if odo dies? Can I set up the other FreeBSD > machines to "fallback" to wormhole if odo cannot be contacted? I'm not sure about this, but maybe you can do that with different route metrics alone. In the long run proper dynamic routing is probably the best approach, either with routed(8) from the distribution or gated from the ports collection. Ben -- Ben(edikt)? Stockebrand Runaway ping.de Admin---Never Ever Trust Old Friends My name and email address are not to be added to any list used for advertising purposes. Any sender of unsolicited advertisement e-mail to this address im- plicitly agrees to pay a DM 500 fee to the recipient for proofreading services. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 13:34:40 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA06762 for freebsd-isp-outgoing; Thu, 12 Feb 1998 13:34:40 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from MindBender.serv.net (mindbender.serv.net [205.153.153.98]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA06736 for ; Thu, 12 Feb 1998 13:34:35 -0800 (PST) (envelope-from michaelv@MindBender.serv.net) Received: from localhost.HeadCandy.com (localhost.HeadCandy.com [127.0.0.1]) by MindBender.serv.net (8.8.8/8.7.3) with SMTP id JAA09875; Thu, 12 Feb 1998 09:35:29 -0800 (PST) Message-Id: <199802121735.JAA09875@MindBender.serv.net> X-Authentication-Warning: MindBender.serv.net: localhost.HeadCandy.com [127.0.0.1] didn't use HELO protocol To: Louis-Philippe Alain cc: isp@FreeBSD.ORG Subject: Re: How can I protect me server? In-reply-to: Your message of Thu, 12 Feb 98 11:56:07 -0500. <199802121655.LAA28829@mail.boisfrancs.qc.ca> Date: Thu, 12 Feb 1998 09:35:00 -0800 From: "Michael L. VanLoon -- HeadCandy.com" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >First I would like to know if there's ways to stop (ar at least decrease) >my users from nuking and flooding on IRC? It seem that in our little town >here (only two ISPs), there's a new "fashion" which is nuking and flooding >and to do "takeovers" on IRC. So, is there a way to stop our users to do >such things? There's nothing new about that. It's what made IRC lame several years ago. Welcome to the chaos. ----------------------------------------------------------------------------- Michael L. VanLoon mvanloon@exmsft.com michaelv@MindBender.serv.net Contract software development for Windows NT, Windows 95 and Unix. Windows NT and Unix server development in C++ and C. --< Free your mind and your machine -- NetBSD free un*x >-- NetBSD working ports: 386+PC, Mac 68k, Amiga, Atari 68k, HP300, Sun3, Sun4/4c/4m, DEC MIPS, DEC Alpha, PC532, VAX, MVME68k, arm32... NetBSD ports in progress: PICA, others... ----------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 15:54:54 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA02315 for freebsd-isp-outgoing; Thu, 12 Feb 1998 15:54:54 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: (from jmb@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA02288; Thu, 12 Feb 1998 15:54:49 -0800 (PST) (envelope-from jmb) From: "Jonathan M. Bresler" Message-Id: <199802122354.PAA02288@hub.freebsd.org> Subject: Re: Fw: FreeBSD firewall questions In-Reply-To: <01bd377a$aaa63900$b221dccc@subzero.thebestisp.com> from Joe at "Feb 11, 98 11:54:22 pm" To: joe@thebestisp.com (Joe) Date: Thu, 12 Feb 1998 15:54:48 -0800 (PST) Cc: freebsd-isp@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Joe wrote: > IF YOU DO NOT NEED TO CONNECT MORE THAN TWO COMPUTERS DO NOT USE A HUB! (did > the caps get your 'tension?) the reasons are simple 1 a hub costs money and > if you were into spending money you wouldn't be using freebsd you'd be > dealing (and spending a fortune for the same or less effect) with a > Microsoft or comperable product. And second you can't expect to get better > that 60%(+-) ie: 6Mbps rather than 10Mbps throughput so you are paying for > latency and collissions..Just my two cents.. shhhhh.,......dont tell that to my linksys pcmcia 10baset card, smc 8 port ethernet hub, and smc pci card. i am getting over 9Mbps over utp. jmb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 16:30:13 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA08949 for freebsd-isp-outgoing; Thu, 12 Feb 1998 16:30:13 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from alpha.thebestisp.com (alpha.thebestisp.com [204.220.33.11]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA08826 for ; Thu, 12 Feb 1998 16:29:56 -0800 (PST) (envelope-from joe@thebestisp.com) Received: from subzero.thebestisp.com (subzero.thebestisp.com [204.220.33.178]) by alpha.thebestisp.com (8.8.7/8.8.7) with SMTP id SAA18033 for ; Thu, 12 Feb 1998 18:36:03 -0600 (CST) From: "Joe" To: Subject: Re: Fw: FreeBSD firewall questions Date: Thu, 12 Feb 1998 17:41:58 -0600 Message-ID: <01bd380f$cf1581c0$b221dccc@subzero.thebestisp.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.1712.3 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.1712.3 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org understood however all I here all day is speed.. speed.. speed.. and yes most of the connections are over a T1 or Maybe a T3 so the biggest hit would never use more than about 1/3 of a 100Mbps line but still in theory... -----Original Message----- From: Benedikt Stockebrand To: Joe Cc: freebsd-isp@FreeBSD.ORG Date: Thursday, February 12, 1998 10:32 AM Subject: Re: Fw: FreeBSD firewall questions "Joe" writes: > IF YOU DO NOT NEED TO CONNECT MORE THAN TWO COMPUTERS DO NOT USE A HUB! (did > the caps get your 'tension?) the reasons are simple 1 a hub costs money Point taken. But OTOH a hub lets you plug in a third box into that physical network, and in some situations that can be quite handy. Anyway, I didn't say that a hub was a "better" solution than a null-hub cable. > and > if you were into spending money you wouldn't be using freebsd you'd be > dealing (and spending a fortune for the same or less effect) with a > Microsoft or comperable product. Nothing compares to M$... ok, let's stop this... > And second you can't expect to get better > that 60%(+-) ie: 6Mbps rather than 10Mbps throughput so you are paying for > latency and collissions..Just my two cents.. This depends on the bandwidth your outbound connection has. Here in Krautland a 2Mbit/s line is still pretty much upper standard, so under these circumstances even a lowly 10 Mbit/s 10Base2 or 10BaseT wouldn't be seriously loaded. As far as latency goes: How much latency is caused by a hub (opposed to a switch, which is too expensive anyway) and will it be noticeable if all data is subsequently sent across a long distance connection? Ben -- Ben(edikt)? Stockebrand Runaway ping.de Admin---Never Ever Trust Old Friends My name and email address are not to be added to any list used for advertising purposes. Any sender of unsolicited advertisement e-mail to this address im- plicitly agrees to pay a DM 500 fee to the recipient for proofreading services. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 19:41:11 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA09819 for freebsd-isp-outgoing; Thu, 12 Feb 1998 19:41:11 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from sabre.goldsword.com (sabre.goldsword.com [199.170.202.32]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA09789 for ; Thu, 12 Feb 1998 19:40:55 -0800 (PST) (envelope-from jfarmer@sabre.goldsword.com) Received: (from jfarmer@localhost) by sabre.goldsword.com (8.8.8/8.8.8) id WAA07798; Thu, 12 Feb 1998 22:36:36 -0500 (EST) Date: Thu, 12 Feb 1998 22:36:36 -0500 (EST) From: "John T. Farmer" Message-Id: <199802130336.WAA07798@sabre.goldsword.com> To: batie@agora.rdrop.com, danny@panda.hilink.com.au Subject: Re: Fw: FreeBSD firewall questions Cc: freebsd-isp@FreeBSD.ORG, jas@flyingfox.com, jfarmer@goldsword.com, joe@thebestisp.com Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Wed, 11 Feb 1998 23:35:44 -0800 Alan Batie said: >On Thu, Feb 12, 1998 at 06:21:45PM +1100, Daniel O'Callaghan wrote: >> And if the two computers are right next to each other, why not use coax? >> It seems to have gone out of fashion, somewhat, but it still works. > >At least it does if you wiggle the connectors just right... Why? Properly installed coax (10base-2 for the newcomers) can and will work just fine. The original part of "sword-net" (what I call our internal network when I want to tweek someone...) is coax. Not a bit of problem in 4+ years of continuous operation. Now the new parts are cat 5 10base-T (easier to install, move equipment, etc.). I have clients with 10base2 nets (large ones!) that have been in use 6 or more years without noticable problems. Heck, they finally replaced some 10base10 (original Ethernet with vampire taps) segments in the last year or so! (Went to fiber for the distances...) John (Sometimes the old tech is the working tech...) ------------------------------------------------------------------------- John T. Farmer Proprietor, GoldSword Systems jfarmer@goldsword.com Public Internet Access in East Tennessee dial-in (423)470-9953 for info, e-mail to info@goldsword.com Network Design, Internet Services & Servers, Consulting To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 19:48:24 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA10926 for freebsd-isp-outgoing; Thu, 12 Feb 1998 19:48:24 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from sabre.goldsword.com (sabre.goldsword.com [199.170.202.32]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA10917 for ; Thu, 12 Feb 1998 19:48:21 -0800 (PST) (envelope-from jfarmer@sabre.goldsword.com) Received: (from jfarmer@localhost) by sabre.goldsword.com (8.8.8/8.8.8) id WAA07752; Thu, 12 Feb 1998 22:18:37 -0500 (EST) Date: Thu, 12 Feb 1998 22:18:37 -0500 (EST) From: "John T. Farmer" Message-Id: <199802130318.WAA07752@sabre.goldsword.com> To: freebsd-isp@FreeBSD.ORG, joe@thebestisp.com Subject: Re: Fw: FreeBSD firewall questions Cc: jfarmer@goldsword.com Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 11 Feb 1998 23:54:22 -0600 "Joe" said: >IF YOU DO NOT NEED TO CONNECT MORE THAN TWO COMPUTERS DO NOT USE A HUB! (did >the caps get your 'tension?) the reasons are simple 1 a hub costs money and >if you were into spending money you wouldn't be using freebsd you'd be >dealing (and spending a fortune for the same or less effect) with a >Microsoft or comperable product. And second you can't expect to get better >that 60%(+-) ie: 6Mbps rather than 10Mbps throughput so you are paying for >latency and collissions..Just my two cents.. > Where shall I begin? 1. I don't use FreeBSD because it's cheap, I use it because it is the best tool for the work I do. 2. Hubs are not very expensive. A basic 4 or 8 port hub is less than $100 (even DataComm Warehouse has a 3com for <$100!!) 3. 2 computers wired through a cross-over cable _WILL_NOT_ achieve any greater throughput than _the_same_two_computers_ connected through a hub. If you need, we can step through the math. (But not tonight, I have a headache...) 4. In almost every instance that one of my client's have installed a cross-over cable between two Ethernet devices, they have ended up replacing it shortly with a hub. Why? If you have two machines wired together, soon there will be a reason to be able to connect up the laptop from work, or Junior's PC, or... For a Firewall/Router type of setup, I still recommend a small hub. Makes it easier to locate external services (outside web ftp, etc.) between the outside router and the firewall. E'nuff Said? John ------------------------------------------------------------------------- John T. Farmer Proprietor, GoldSword Systems jfarmer@goldsword.com Public Internet Access in East Tennessee dial-in (423)470-9953 for info, e-mail to info@goldsword.com Network Design, Internet Services & Servers, Consulting To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 20:18:28 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA14396 for freebsd-isp-outgoing; Thu, 12 Feb 1998 20:18:28 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from sabre.goldsword.com (sabre.goldsword.com [199.170.202.32]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA14382 for ; Thu, 12 Feb 1998 20:18:20 -0800 (PST) (envelope-from jfarmer@sabre.goldsword.com) Received: (from jfarmer@localhost) by sabre.goldsword.com (8.8.8/8.8.8) id WAA07886; Thu, 12 Feb 1998 22:52:11 -0500 (EST) Date: Thu, 12 Feb 1998 22:52:11 -0500 (EST) From: "John T. Farmer" Message-Id: <199802130352.WAA07886@sabre.goldsword.com> To: isp@FreeBSD.ORG, xenub@boisfrancs.qc.ca Subject: Re: How can I protect me server? Cc: jfarmer@goldsword.com Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 12 Feb 1998 11:56:07 -0500 Louis-Philippe Alain said: > First I would like to know if there's ways to stop (ar at least decrease) >my users from nuking and flooding on IRC? It seem that in our little town >here (only two ISPs), there's a new "fashion" which is nuking and flooding >and to do "takeovers" on IRC. So, is there a way to stop our users to do >such things? > > The other question is how can I protect my server from mailbomb? Once, one >of our users did a mailbomb to a bad email adress so every of the 1500 >emails he sent bonced back to the mailer-daemon which is aliases to two >adresses. How could I protect my server from such incident? > >Any redirection to documents or web sites which could answer to my >questions would be really appreciated. I don;t really have a decent answer to either of these activities if I assume that you want to keep the (l)user that does such things. If you don't mind them going to the other ISP, then point out that certain actions are prohibited by the AUP (You do have one in place, don't you?) and that you will terminate their accounts if they do it again.... Let them learn some maturity... John (very little patience today...) ------------------------------------------------------------------------- John T. Farmer Proprietor, GoldSword Systems jfarmer@goldsword.com Public Internet Access in East Tennessee dial-in (423)470-9953 for info, e-mail to info@goldsword.com Network Design, Internet Services & Servers, Consulting To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 22:21:44 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA29487 for freebsd-isp-outgoing; Thu, 12 Feb 1998 22:21:44 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from dream.future.net (root@future.net [204.130.134.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA29436 for ; Thu, 12 Feb 1998 22:21:34 -0800 (PST) (envelope-from tomthai@future.net) Received: from dream.future.net (tomthai@future.net [204.130.134.1]) by dream.future.net (8.8.6/8.8.6) with SMTP id AAA28203; Fri, 13 Feb 1998 00:15:34 -0600 (CST) Date: Fri, 13 Feb 1998 00:15:33 -0600 (CST) From: "Tom T. Thai" To: "Eric J. Schwertfeger" cc: Mark Segal , Kevin Day , isp@FreeBSD.ORG, "Jeffrey J. Mountin" Subject: Re: Large httpd log files In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org where can I get this analog animal? On Thu, 12 Feb 1998, Eric J. Schwertfeger wrote: > On Wed, 11 Feb 1998, Mark Segal wrote: > > > :).... i agree. but, changing 4 log files.. the title.. and the location > > url under the title.. it just becomes a pain in the ass.. > > What part is a pain in the ass? setting up apache? As far as analog goes, > just set up a seperate analog config file for each virtual host, then all > you have to specify the config file on the command line, or in the HTML > form, is which easier than specifiying all the other stuff. > > In the HTML, I just use this for realtime stats > >

Select the Server you want reports for

> > > Where each config file specifies the log files, error logs, logo, title, > and link. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > .............. .................................... Thomas T. Thai Infomedia Interactive Communications tom@iic.net TEL 612.376.9090 * FAX 612.376.9087 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 22:26:08 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA00663 for freebsd-isp-outgoing; Thu, 12 Feb 1998 22:26:08 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mixcom.mixcom.com (mixcom.mixcom.com [198.137.186.100]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id WAA00649 for ; Thu, 12 Feb 1998 22:26:05 -0800 (PST) (envelope-from mountin.man@mixcom.com) Received: by mixcom.mixcom.com (8.6.12/2.2) id AAA24558; Fri, 13 Feb 1998 00:27:52 -0600 Received: from dial193-41.mixcom.com(207.250.193.41) by mixcom.mixcom.com via smap (V1.3) id smaa24551; Fri Feb 13 00:27:45 1998 Message-Id: <3.0.3.32.19980213000314.006916e4@198.137.186.100> X-Sender: mmttnn@198.137.186.100 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Fri, 13 Feb 1998 00:03:14 -0600 To: freebsd-isp@FreeBSD.ORG From: "Jeffrey J. Mountin" Subject: Re: Fw: FreeBSD firewall questions In-Reply-To: <199802121832.KAA16165@george.arc.nasa.gov> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:32 AM 2/12/98 -0800, lamaster@george.arc.nasa.gov wrote: >I know this is nitpicking, but, by "coax" I assume you mean >"thin ethernet", "thin-net", whatever. Thick coax worked >just fine for me, much better than 10baseT when it first >came out, or trying to use 10baseT on older wiring. I'd expect it from you. ;) It was thin-net. >A clean thick ethernet coax installation was no problem - >except that it is expensive/time-consuming to install, >and, worse, to modify. Never say nor heard of any thick-net use in my experience. >However, 10baseT became very reliable about four years ago, >and, on a good cat-5 installation, is very nice, as everyone >knows. I agree that thin-net should be avoided like the >plague. I never had anything but trouble with it, even for >short distances. I was surprised to see it still being promoted >for cheap home/small-office installations, as I observed in an >electronics store a few nights ago. Especially now that you can >get inexpensive, small 10baseT hubs (but only for about the last >year or so has the price really come down) from several vendors. Then it became reliable before I started networking about 3 years ago. I'll admit thin-net is easy to set up, as someone mentioned, and a number of people I know use it at home. Mostly I'd guess because most places will give it away. Not to mention a hub is not needed and they don't know how to may a cross cable for only 2 systems. FWIW, I have worked with large coax, but only for radio applications. One of the few that would solder both the center _and_ shield on a PL-259. >Today, there is absolutely no reason to use anything other >than 10baseT (or 100baseT) on new installations. Always use >level-5 wiring. [And, I would recommend eliminating *all* >the thin-net coax from existing installations.] Amen! Jeff Mountin - Unix Systems TCP/IP networking mountin.man@mixcom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 22:29:30 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA01470 for freebsd-isp-outgoing; Thu, 12 Feb 1998 22:29:30 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mixcom.mixcom.com (mixcom.mixcom.com [198.137.186.100]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id WAA01465 for ; Thu, 12 Feb 1998 22:29:28 -0800 (PST) (envelope-from mountin.man@mixcom.com) Received: by mixcom.mixcom.com (8.6.12/2.2) id AAA24565; Fri, 13 Feb 1998 00:27:52 -0600 Received: from dial193-41.mixcom.com(207.250.193.41) by mixcom.mixcom.com via smap (V1.3) id smab24551; Fri Feb 13 00:27:46 1998 Message-Id: <3.0.3.32.19980213002105.00737ccc@198.137.186.100> X-Sender: mmttnn@198.137.186.100 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Fri, 13 Feb 1998 00:21:05 -0600 To: "John T. Farmer" , freebsd-isp@FreeBSD.ORG, joe@thebestisp.com From: "Jeffrey J. Mountin" Subject: Re: Fw: FreeBSD firewall questions In-Reply-To: <199802130318.WAA07752@sabre.goldsword.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:18 PM 2/12/98 -0500, John T. Farmer wrote: > >On Wed, 11 Feb 1998 23:54:22 -0600 "Joe" said: >>IF YOU DO NOT NEED TO CONNECT MORE THAN TWO COMPUTERS DO NOT USE A HUB! (did >>the caps get your 'tension?) the reasons are simple 1 a hub costs money and >>if you were into spending money you wouldn't be using freebsd you'd be >>dealing (and spending a fortune for the same or less effect) with a >>Microsoft or comperable product. And second you can't expect to get better >>that 60%(+-) ie: 6Mbps rather than 10Mbps throughput so you are paying for >>latency and collissions..Just my two cents.. >> > >Where shall I begin? > >1. I don't use FreeBSD because it's cheap, I use it because it > is the best tool for the work I do. I'll add to your response on this bit of flame bait. I'm working with Sun and Irix machines and could care less that they run more commercial apps and are worth a few hundred thousand dollars. Even without any ports added, FBSD has far more to offer and is much easier to tweak for security. Not to mention I don't get dizzy from all the really odd sym-links. How many NT machines are run from command line? From what I hear it can be done. One has to wonder when even MS doesn't run NT for everything, but uses Solaris on Sparcs. Cost had nothing to do with my choice of dropping BSDi for FreeBSD, especially when I was receiving paid for updates for over a year and they collected dust, excepting the one server that wasn't converted for hardware reasons or lack thereof. IMHO, FBSD blows 'em all away for ISP related servers. >2. Hubs are not very expensive. A basic 4 or 8 port hub is less > than $100 (even DataComm Warehouse has a 3com for <$100!!) Paid $80 for my 8 port Netgear (buget part of Bay, FYI) from DataComm. >3. 2 computers wired through a cross-over cable _WILL_NOT_ > achieve any greater throughput than _the_same_two_computers_ > connected through a hub. If you need, we can step through the > math. (But not tonight, I have a headache...) Interestingly a friend had a problem with 2 identical cards using a cross and for some reason support would not help him until he had a hub. He asked and I said they were shoveling s--- his way. >4. In almost every instance that one of my client's have installed > a cross-over cable between two Ethernet devices, they have ended > up replacing it shortly with a hub. Why? If you have two > machines wired together, soon there will be a reason to be > able to connect up the laptop from work, or Junior's PC, or... Nothing like having a cross cable handy for a quick xfer. > For a Firewall/Router type of setup, I still recommend a small > hub. Makes it easier to locate external services (outside web > ftp, etc.) between the outside router and the firewall. Yes they are and since setup counts for much on a switch, it's more secure regardless. Jeff Mountin - Unix Systems TCP/IP networking mountin.man@mixcom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 22:31:22 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA01701 for freebsd-isp-outgoing; Thu, 12 Feb 1998 22:31:22 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mixcom.mixcom.com (mixcom.mixcom.com [198.137.186.100]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id WAA01693 for ; Thu, 12 Feb 1998 22:31:20 -0800 (PST) (envelope-from mountin.man@mixcom.com) Received: by mixcom.mixcom.com (8.6.12/2.2) id AAA25000; Fri, 13 Feb 1998 00:32:25 -0600 Received: from dial193-41.mixcom.com(207.250.193.41) by mixcom.mixcom.com via smap (V1.3) id sma024992; Fri Feb 13 00:32:08 1998 Message-Id: <3.0.3.32.19980213002626.007398bc@198.137.186.100> X-Sender: mmttnn@198.137.186.100 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Fri, 13 Feb 1998 00:26:26 -0600 To: "Tom T. Thai" From: "Jeffrey J. Mountin" Subject: Re: Large httpd log files Cc: isp@FreeBSD.ORG In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:15 AM 2/13/98 -0600, Tom T. Thai wrote: >where can I get this analog animal? http://www.statslab.cam.ac.uk/~sret1/analog And it's a port (and package?). Somewhere, since I've been using it for quite a while and get the source direct. Read the HTML docs since there are quite a few options, but the defaults are a good for most. Jeff Mountin - Unix Systems TCP/IP networking mountin.man@mixcom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 23:00:02 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA06309 for freebsd-isp-outgoing; Thu, 12 Feb 1998 23:00:02 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from alpha.thebestisp.com (alpha.thebestisp.com [204.220.33.11]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA06290 for ; Thu, 12 Feb 1998 23:00:00 -0800 (PST) (envelope-from joe@thebestisp.com) Received: from subzero.thebestisp.com (subzero.thebestisp.com [204.220.33.178]) by alpha.thebestisp.com (8.8.7/8.8.7) with SMTP id BAA18599 for ; Fri, 13 Feb 1998 01:06:23 -0600 (CST) From: "Joe" To: Subject: Re: Fw: FreeBSD firewall questions Date: Fri, 13 Feb 1998 00:12:08 -0600 Message-ID: <01bd3846$509bdce0$b221dccc@subzero.thebestisp.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.1712.3 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.1712.3 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org OK... For starters I am not on this group to knock FreeBSD that would be STUPID. I use FreeBSD and that is why I am on here. As for the hub things I concead defeat and am going to try some more testing. The thing is that I have 3com and SMC hubs here along with a few assorted others and have always had them top out at about 6Mbps with every card I have tried (and yes the cables are wired correctly) so at any rate I was not trying to start anything and I sincerely thought that the information I was giving was correct. Also several months ago I spoke with a "tech" at 3com about there officeconnect 10Mbps hub and that is initialy where this theory (the 60%) began for me. But while I am on this what is the "best" nic? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 23:27:42 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA09905 for freebsd-isp-outgoing; Thu, 12 Feb 1998 23:27:42 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from korin.warman.org.pl (korin.nask.waw.pl [148.81.160.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA09890 for ; Thu, 12 Feb 1998 23:27:35 -0800 (PST) (envelope-from abial@korin.warman.org.pl) Received: from localhost (abial@localhost) by korin.warman.org.pl (8.8.8/8.8.5) with SMTP id IAA24996 for ; Fri, 13 Feb 1998 08:29:37 +0100 (CET) Date: Fri, 13 Feb 1998 08:29:36 +0100 (CET) From: Andrzej Bialecki To: freebsd-isp@FreeBSD.ORG Subject: Working examples of dialin server Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi! As some of you know, I'm preparing the next release of PicoBSD (one floppy version of FreeBSD). I am releasing also the tools that allow to build your own version, with your own set of programs and utilities. Standard distribution contains two basic types of the floppy: one is intended for dialup access, the second is intended as simple router replacement. Each type of floppy has editable configuration (editable /etc on the floppy), but after initial startup is unmounted and can be removed. This is IMHO important characteristic, as it makes the floppy almost read-only, while still allowing to change its configuration without rebuilding. I'd like to add the third pre-canned configuration: dialin server. I'd like it to cover the most common case (which is...?), using the most common solutions (which are...?), with hooks to add the less common but important features (which are....?). :-)) Unfortunately, as you can see above, my experience in this particular area is nil. I am sure some of you have already gained this experience, and could perhaps help me with the following: * I need a couple of working examples of dialin server, including relevant pieces of various config files (I know, I could study man pages, and I will, but with my experience in this the risk of screwing something would be too big) * I need answers for the above questions: what is the most common case of a small, beginning ISP? What hardware and software configuration would be most appropriate here? (I know this is highly relative, but some opinions would help me to decide what configuration to support out-of-the-box) * which way should I go: include ijppp or kernel PPP by default? Include support for SLIP? * should I leave getty by default or use mgetty instead? * should I include gated instead of routed by default? * should I include support for multiport comm cards (which ones?), or leave it as optional? * Hmmm.. suport for RADIUS and/or TACACS+ (is there any?) * and many, many more issues, which I'm probably unaware of at the moment... :-)) For those of small faith :-) - probably _all_ of the above I could fit on the floppy together, but I'd rather make the best use of space on it and not include things which are rarely used. I'd be very grateful if someone can share his knowledge with me - I hope it will benefit many others later. Thanks in advance. Andrzej Bialecki PS. This one thing withholds the release now. The rest of things is ready, and it works MUCH better than the previous release. ---------------------+--------------------------------------------------------- abial@warman.org.pl | if(halt_per_mth > 0) { fetch("http://www.freebsd.org") } Research & Academic | "Be open-minded, but don't let your brains to fall out." Network in Poland | All of the above (and more) is just my personal opinion. ---------------------+--------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Feb 12 23:53:40 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA14874 for freebsd-isp-outgoing; Thu, 12 Feb 1998 23:53:40 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA14845 for ; Thu, 12 Feb 1998 23:53:33 -0800 (PST) (envelope-from danny@panda.hilink.com.au) Received: (from danny@localhost) by panda.hilink.com.au (8.8.5/8.8.5) id SAA11975; Fri, 13 Feb 1998 18:53:12 +1100 (EST) Date: Fri, 13 Feb 1998 18:53:12 +1100 (EST) From: "Daniel O'Callaghan" To: Joe cc: freebsd-isp@FreeBSD.ORG Subject: Re: Fw: FreeBSD firewall questions In-Reply-To: <01bd3846$509bdce0$b221dccc@subzero.thebestisp.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 13 Feb 1998, Joe wrote: > had them top out at about 6Mbps with every card I have tried (and yes the Not using ne2000 clones by any chance? > began for me. But while I am on this what is the "best" nic? Intel EtherexpressPro 10/100 is very good and well supported on FreeBSD. The TULIP cards - de driver - DE21x4x chipset are also good, but there are so many variations that it is possible to get one which has problems with the driver. I have de cards from Alloy, an Australian manufacturer, and they easily achieve 10 Mbps transfer rates on my network (which happens to be thin-net 10-Base-2). I'll be buying more Alloy cards. Danny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 03:26:45 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id DAA12955 for freebsd-isp-outgoing; Fri, 13 Feb 1998 03:26:45 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from ns2.cetlink.net (root@ns2.cetlink.net [209.54.54.20]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA12950 for ; Fri, 13 Feb 1998 03:26:43 -0800 (PST) (envelope-from jak@cetlink.net) Received: from exit1.i485.net (ts1-cltnc-41.cetlink.net [209.54.58.41]) by ns2.cetlink.net (8.8.5/8.8.5) with SMTP id GAA05800; Fri, 13 Feb 1998 06:26:15 -0500 (EST) From: jak@cetlink.net (John Kelly) To: "John T. Farmer" Cc: batie@agora.rdrop.com, danny@panda.hilink.com.au, freebsd-isp@FreeBSD.ORG, jas@flyingfox.com, jfarmer@goldsword.com, joe@thebestisp.com Subject: Re: Fw: FreeBSD firewall questions Date: Fri, 13 Feb 1998 12:26:46 GMT Message-ID: <34e43a60.243152@mail.cetlink.net> References: <199802130336.WAA07798@sabre.goldsword.com> In-Reply-To: <199802130336.WAA07798@sabre.goldsword.com> X-Mailer: Forte Agent 1.01/16.397 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id DAA12951 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 12 Feb 1998 22:36:36 -0500 (EST), "John T. Farmer" wrote: >I have clients with 10base2 nets (large ones!) that have been in use 6 >or more years without noticable problems. Coax works for me too. I had some trouble in the beginning until I realized the terminators I bought from CompUSA were flaky. After replacing them with better quality terminators, no more problems. I get 1,000 kbps throughput between two machines when no other traffic is on the wire, using SMC Ultra cards. I even have some SMC coax hubs. I had never heard of coax hubs until I found them on auction at Onsale. They were dirt cheap so I plan to use them with coax as my network grows. -- The day of the proprietary OS is over. Long live free software. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 03:40:47 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id DAA13869 for freebsd-isp-outgoing; Fri, 13 Feb 1998 03:40:47 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from ns2.cetlink.net (root@ns2.cetlink.net [209.54.54.20]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA13864 for ; Fri, 13 Feb 1998 03:40:45 -0800 (PST) (envelope-from jak@cetlink.net) Received: from exit1.i485.net (ts1-cltnc-41.cetlink.net [209.54.58.41]) by ns2.cetlink.net (8.8.5/8.8.5) with SMTP id GAA08700; Fri, 13 Feb 1998 06:40:31 -0500 (EST) From: jak@cetlink.net (John Kelly) To: Andrzej Bialecki Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Working examples of dialin server Date: Fri, 13 Feb 1998 12:41:02 GMT Message-ID: <34e53f10.1443374@mail.cetlink.net> References: In-Reply-To: X-Mailer: Forte Agent 1.01/16.397 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id DAA13865 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 13 Feb 1998 08:29:36 +0100 (CET), Andrzej Bialecki wrote: >* which way should I go: include ijppp or kernel PPP by default? I like kernel PPPD because it's common to other platforms too. -- The day of the proprietary OS is over. Long live free software. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 03:55:26 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id DAA14550 for freebsd-isp-outgoing; Fri, 13 Feb 1998 03:55:26 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mail.creative.net.au (mail.creative.net.au [203.56.168.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA14539 for ; Fri, 13 Feb 1998 03:55:20 -0800 (PST) (envelope-from adrian@mail.creative.net.au) Received: from mail.creative.net.au (localhost.creative.net.au [127.0.0.1]) by mail.creative.net.au (8.8.5/8.7) with ESMTP id TAA07033; Fri, 13 Feb 1998 19:53:02 +0800 (WST) Message-Id: <199802131153.TAA07033@mail.creative.net.au> To: abial@nask.pl Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Fw: Working examples of dialin server In-reply-to: Your message of "Fri, 13 Feb 1998 22:51:33 +1100." <01bd3875$bb08ff20$14b816cb@weirdnotebook.fl.net.au> Date: Fri, 13 Feb 1998 19:53:01 +0800 From: Adrian Chadd Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Forwarded from a friend because I'm not on -isp :) >>I'd like to add the third pre-canned configuration: dialin server. I'd >>like it to cover the most common case (which is...?), using the most >>common solutions (which are...?), with hooks to add the less common but >>important features (which are....?). :-)) Okay. Firstly - been there, done this.. but slightly differently :) >>* I need answers for the above questions: what is the most common case of >> a small, beginning ISP? What hardware and software configuration would >> be most appropriate here? (I know this is highly relative, but some >> opinions would help me to decide what configuration to support >> out-of-the-box) >>* which way should I go: include ijppp or kernel PPP by default? Include >> support for SLIP? I personally use kernel ppp. I've found that when running lots of ppp sessions (say, 192?) .. kernel ppp seems a lot more processor-friendly and RAM-friendly than iijppp. >>* should I leave getty by default or use mgetty instead? I use mgetty, however getty AFAIK will work. Danny O'Connor (?)'s pppkit has a modified getty that supports PAP. >>* should I include gated instead of routed by default? Yes. GateD is nice. I've found the OSPF and BGP support makes it nicer to interoperate with other equipemnt and pull peverted things off with (like ISDNs hooked up to stallion cards running BGP over..) Some term servers (annexes?) Don't talk OSPF, so RIP is used there.. and gated does it too nicely. >>* should I include support for multiport comm cards (which ones?), or >> leave it as optional? Well, You'd have to have support for some of them. Although if people are compiling their own kernels, they can simply add in what card they need. >>* Hmmm.. suport for RADIUS and/or TACACS+ (is there any?) I've taken a publicly avaliable pppd/radius implementation called portslave, FreeBSDized it (the joys of linux specific code..) and improvied it to support in/out byte accounting, Framed-IP-Address and Framed-Route tags both on normal UNIX logins, and PAP logins. It has its own getty replacement that knows about radius too.. >>* and many, many more issues, which I'm probably unaware of at the >> moment... :-)) >> >>For those of small faith :-) - probably _all_ of the above I could fit on >>the floppy together, but I'd rather make the best use of space on it and >>not include things which are rarely used. It does fit .. just. Well, it did last time I tried.. it was over a year ago. I'm avalible next week to spend a few days with PicoBSD and make it terminal server ready. Anyone else got any comments? Adrian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 04:09:15 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id EAA17700 for freebsd-isp-outgoing; Fri, 13 Feb 1998 04:09:15 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA17694 for ; Fri, 13 Feb 1998 04:09:11 -0800 (PST) (envelope-from danny@panda.hilink.com.au) Received: (from danny@localhost) by panda.hilink.com.au (8.8.5/8.8.5) id XAA12455; Fri, 13 Feb 1998 23:08:39 +1100 (EST) Date: Fri, 13 Feb 1998 23:08:39 +1100 (EST) From: "Daniel O'Callaghan" To: John Kelly cc: Andrzej Bialecki , freebsd-isp@FreeBSD.ORG Subject: Re: Working examples of dialin server In-Reply-To: <34e53f10.1443374@mail.cetlink.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 13 Feb 1998, John Kelly wrote: > On Fri, 13 Feb 1998 08:29:36 +0100 (CET), Andrzej Bialecki > wrote: > > >* which way should I go: include ijppp or kernel PPP by default? > > I like kernel PPPD because it's common to other platforms too. For a heaviliy used server, I've found that pppd also places less load on the system, because of the fewer kernel/userland context switches. Danny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 04:13:42 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id EAA18033 for freebsd-isp-outgoing; Fri, 13 Feb 1998 04:13:42 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA18028 for ; Fri, 13 Feb 1998 04:13:38 -0800 (PST) (envelope-from danny@panda.hilink.com.au) Received: (from danny@localhost) by panda.hilink.com.au (8.8.5/8.8.5) id XAA12465; Fri, 13 Feb 1998 23:13:17 +1100 (EST) Date: Fri, 13 Feb 1998 23:13:17 +1100 (EST) From: "Daniel O'Callaghan" To: Adrian Chadd cc: abial@nask.pl, freebsd-isp@FreeBSD.ORG Subject: Re: Fw: Working examples of dialin server In-Reply-To: <199802131153.TAA07033@mail.creative.net.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > >>* should I leave getty by default or use mgetty instead? > > I use mgetty, however getty AFAIK will work. > Danny O'Connor (?)'s pppkit has a modified getty that supports PAP. O'Callaghan! And the getty which supports ppp is standard in 2.2.5 and above. mgetty is nice in that if the machine is in a stupid state DTR may still be high but mgetty won't answer the phone. mgetty also convinces the modem to talk at the right speed, something that getty doesn't. I use getty, but I'm seriously considering moving to mgetty. > >>* Hmmm.. suport for RADIUS and/or TACACS+ (is there any?) > > I've taken a publicly avaliable pppd/radius implementation called portslave, > FreeBSDized it (the joys of linux specific code..) and improvied it to support > in/out byte accounting, Framed-IP-Address and Framed-Route tags both on normal > UNIX logins, and PAP logins. It has its own getty replacement that knows about > radius too.. My colleague is working on pppd with radius with a view to committing it to -current, and making a package for 2.2+ I'd like to get a hold of what you have so we can make our submission more comprehensive. Thanks, Danny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 05:19:44 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA24203 for freebsd-isp-outgoing; Fri, 13 Feb 1998 05:19:44 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from absinthe.i3inc.com (Absinthe.i3inc.com [209.31.147.194]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA24198 for ; Fri, 13 Feb 1998 05:19:41 -0800 (PST) (envelope-from chris@absinthe.i3inc.com) Received: (from chris@localhost) by absinthe.i3inc.com (8.7.2/8.7.2) id IAA11442; Fri, 13 Feb 1998 08:19:00 -0500 (EST) To: Adrian Chadd Cc: abial@nask.pl, freebsd-isp@FreeBSD.ORG Subject: Re: Fw: Working examples of dialin server References: <199802131153.TAA07033@mail.creative.net.au> From: Chris Shenton Date: 13 Feb 1998 08:18:59 -0500 In-Reply-To: Adrian Chadd's message of Fri, 13 Feb 1998 19:53:01 +0800 Message-ID: <87g1lnk5h8.fsf@absinthe.i3inc.com> Lines: 5 X-Mailer: Gnus v5.5/Emacs 20.2 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Adrian Chadd writes: > Anyone else got any comments? Supporting "mdp" would be cool. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 06:47:12 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA03315 for freebsd-isp-outgoing; Fri, 13 Feb 1998 06:47:12 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mixcom.mixcom.com (mixcom.mixcom.com [198.137.186.100]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id GAA03308 for ; Fri, 13 Feb 1998 06:47:10 -0800 (PST) (envelope-from mountin.man@mixcom.com) Received: by mixcom.mixcom.com (8.6.12/2.2) id IAA28321; Fri, 13 Feb 1998 08:48:56 -0600 Received: from dial193-23.mixcom.com(207.250.193.23) by mixcom.mixcom.com via smap (V1.3) id sma028211; Fri Feb 13 08:48:37 1998 Message-Id: <3.0.3.32.19980213084256.006916e4@198.137.186.100> X-Sender: mmttnn@198.137.186.100 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Fri, 13 Feb 1998 08:42:56 -0600 To: "Joe" , From: "Jeffrey J. Mountin" Subject: Re: Fw: FreeBSD firewall questions In-Reply-To: <01bd3846$509bdce0$b221dccc@subzero.thebestisp.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:12 AM 2/13/98 -0600, Joe wrote: >OK... For starters I am not on this group to knock FreeBSD that would be >STUPID. I use FreeBSD and that is why I am on here. As for the hub things I >concead defeat and am going to try some more testing. The thing is that I >have 3com and SMC hubs here along with a few assorted others and have always >had them top out at about 6Mbps with every card I have tried (and yes the >cables are wired correctly) so at any rate I was not trying to start >anything and I sincerely thought that the information I was giving was >correct. Also several months ago I spoke with a "tech" at 3com about there >officeconnect 10Mbps hub and that is initialy where this theory (the 60%) >began for me. But while I am on this what is the "best" nic? Then you shouldn't have said something about not wanting to pay. :/ AFAIK, 6 Mbps is the max, but not all NICs/hubs work the same under load. Intel EtherXpress Pro 100. No numbers, but I did test collision rates over periods of time with other cards and this one always performed better. Some time after this David Greenman explained why. Jeff Mountin - Unix Systems TCP/IP networking mountin.man@mixcom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 07:34:18 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA09149 for freebsd-isp-outgoing; Fri, 13 Feb 1998 07:34:18 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from www3.shellnet.co.uk (www3.shellnet.co.uk [194.129.209.14]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA09082 for ; Fri, 13 Feb 1998 07:34:10 -0800 (PST) (envelope-from ircadmin@shellnet.co.uk) Received: from mailhost.shellnet.co.uk (mailhost.shellnet.co.uk [194.129.209.3]) by www3.shellnet.co.uk (8.8.7/8.8.8) with SMTP id PAA03912 for ; Fri, 13 Feb 1998 15:32:52 GMT Received: by mailhost.shellnet.co.uk with MERCUR-SMTP/POP3-Server (v2.10) for at Fri, 13 Feb 98 15:32:43 +0000 From: "Steven Fletcher (Shellnet IRC administrator)" To: Subject: RADIUS for BSDi running under FreeBSD Date: Fri, 13 Feb 1998 15:34:51 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Importance: Normal Message-Id: <98021315324314200@mailhost.shellnet.co.uk> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear gurus..... I am trying swap all of my dial up users over to a RADIUS authentication system so that we no longer need to have 150 users on our Windows NT box (Service Pack 3 + RRAS with a Hotfix). I installed and ran Livingston RADIUS 2.0.1 for BSDi onto my FreeBSD v2-2-5 box and then proceeded to make the following entry into my /etc/raddb/users file: dud Password = "dud", Service-Type = Framed-User, Framed-Protocol = PPP Then I proceeded to configure my NT box to use the RADIUS authentcation system (it's running RAS and allowing it to accept clear text passwords. By dialing up with a Windows 95 computer (set to not "Require Encrypted Passwords") we saw the NT box talking to the BSD box as follows: Fri Feb 13 13:45:14 1998: [1270] radrecv: Request from host code=1, id=2, length=82 Fri Feb 13 13:45:14 1998: [1270] User-Name = "dud" Fri Feb 13 13:45:14 1998: [1270] CHAP-Challenge = "Yb\201\365\301~\024\221\220Z\341\320\2058\275\001" Fri Feb 13 13:45:14 1998: [1270] CHAP-Password = "" Fri Feb 13 13:45:14 1998: [1270] NAS-Port = 0 Fri Feb 13 13:45:14 1998: [1270] Framed-Protocol = PPP Fri Feb 13 13:45:14 1998: [1270] NAS-Identifier = "" Fri Feb 13 13:45:14 1998: [1303] Sending Reject of id 2 to () And then the NT box then drops the connection. Has anyone _ever_ got UN*X RADIUS to work with an NT client - if anyone can help I'd be most grateful - or would it be possible for somone to forward some configuration files ? Thanks in Advance; Steven Fletcher - Shellnet ircadmin@shellnet.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 07:53:01 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA11312 for freebsd-isp-outgoing; Fri, 13 Feb 1998 07:53:01 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from sabre.goldsword.com (sabre.goldsword.com [199.170.202.32]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA11036 for ; Fri, 13 Feb 1998 07:50:12 -0800 (PST) (envelope-from jfarmer@sabre.goldsword.com) Received: (from jfarmer@localhost) by sabre.goldsword.com (8.8.8/8.8.8) id KAA09287; Fri, 13 Feb 1998 10:41:54 -0500 (EST) Date: Fri, 13 Feb 1998 10:41:54 -0500 (EST) From: "John T. Farmer" Message-Id: <199802131541.KAA09287@sabre.goldsword.com> To: freebsd-isp@FreeBSD.ORG, joe@thebestisp.com Subject: Re: Fw: FreeBSD firewall questions Cc: jfarmer@goldsword.com Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 13 Feb 1998 00:12:08 -0600 "Joe" said: >OK... For starters I am not on this group to knock FreeBSD that would be >STUPID. I use FreeBSD and that is why I am on here. As for the hub things I >concead defeat and am going to try some more testing. The thing is that I >have 3com and SMC hubs here along with a few assorted others and have always >had them top out at about 6Mbps with every card I have tried (and yes the >cables are wired correctly) so at any rate I was not trying to start >anything and I sincerely thought that the information I was giving was >correct. Also several months ago I spoke with a "tech" at 3com about there >officeconnect 10Mbps hub and that is initialy where this theory (the 60%) >began for me. But while I am on this what is the "best" nic? No offense taken :^> Actually, after I went to bed, I realized that there is one mode in where a cross-over cable would increase performance. However, it is dependant on the capability of the two devices to "max-out" the number of packets/second & the packet sizes. Twisted-pair Ethernet was based on the physical configuration of 10base10 where the collision-detect & jabber circuity is located in the transceiver _at_the_baseband wire. (that's what the AUI port is for, cabling from device to transceiver). In twisted-pair, circuity for collision & jabber detect is _in_the_hub_, so in theory, the two devices with a crossover cable would never see collisions. This is how full-duplex is/was added easily to 10baseT, there are 2 channels between the device and the "collision domain or space." In the special case of a cross-over cable, the collision space collapses to null. In theory, the maximun throughput would then be limited only by the Ethernet specifications for packet size & the required inter-packet "gap." Note: this is only in theory, and in any case, the gain would be on the order of 0.001% Regarding your 6Mbps throughput, I would check into the packet sizes and what the actuall maximum throughput of the NICs you were using. (Note: I _have_ in the past been able pump 10Mbps through Ethernet using a dedicated PC (DOS & special s/w). As to your other questions, I like the Intel cards for FreeBSD systems. I've also used 3com 3C5xx cards in several types of systems with good success. John ------------------------------------------------------------------------- John T. Farmer Proprietor, GoldSword Systems jfarmer@goldsword.com Public Internet Access in East Tennessee dial-in (423)470-9953 for info, e-mail to info@goldsword.com Network Design, Internet Services & Servers, Consulting To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 09:29:29 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA23049 for freebsd-isp-outgoing; Fri, 13 Feb 1998 09:29:29 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from carmen.broder.com (carmen.broder.com [207.77.64.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA23036 for ; Fri, 13 Feb 1998 09:29:27 -0800 (PST) (envelope-from lazaro_cubas@broder.com) Received: (from uucp@localhost) by carmen.broder.com (8.8.8/8.7.3) id JAA22329 for ; Fri, 13 Feb 1998 09:29:26 -0800 (PST) Received: from chief.broder.com(10.10.13.3) by carmen.broder.com via smap (V1.3) id sma022321; Fri Feb 13 09:29:15 1998 Received: from broder.com (lcubasB.broder.com [10.10.65.173]) by chief.broder.com (8.8.8/8.8.5) with ESMTP id JAA14268 for ; Fri, 13 Feb 1998 09:29:15 -0800 (PST) Message-ID: <34E48366.3D8FC617@broder.com> Date: Fri, 13 Feb 1998 09:31:21 -0800 From: Lazaro Cubas X-Mailer: Mozilla 4.04 (Macintosh; I; PPC) MIME-Version: 1.0 To: freebsd-isp@FreeBSD.ORG Subject: unsubscribe Content-Type: text/plain; charset=us-ascii; x-mac-type="54455854"; x-mac-creator="4D4F5353" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org unsubscribe freebsd-isp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 11:39:14 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA19693 for freebsd-isp-outgoing; Fri, 13 Feb 1998 11:39:14 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from netgazer.net (netgazer.net [209.83.225.63]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA19675 for ; Fri, 13 Feb 1998 11:39:08 -0800 (PST) (envelope-from dwoods@netgazer.com) Received: from dwoods.rch.mci.com ([166.32.137.45]) by netgazer.net (8.8.5/8.7.3) with SMTP id NAA06553 for ; Fri, 13 Feb 1998 13:46:54 GMT Message-Id: <3.0.32.19980213133416.0069a384@netgazer.net> X-Sender: dwoods@netgazer.net X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 13 Feb 1998 13:38:59 -0600 To: isp@FreeBSD.ORG From: "Darrin R. Woods" Subject: BIND question Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Another question for the 'collective'. We seem to be having a problem with some of the websites that we host not having a 'dns entry'. I have tried accessing the same sites and pinging them from an account within MCI Corporate and have had absolutely no problem getting to them. The problem only seems to be certain sites and only from certain ISPs. I have tried setting my nslookup server to some of these ISPs and when I try and do a lookup with debug, I just get: timeout (5 secs) timeout (10 secs) ... We are running BIND 8.1 on FBSD systems. I am running out of ideas and customers are getting pissed because people from some large ISPs can't get to their website. Any ideas appreciated. Thanks in advance. Darrin R. Woods dwoods@netgazer.com Director Operations Emeritus Netgazer Solutions, Inc. "UNiX IS user friendly. It's just particular about who it's friends are" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 11:40:43 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA19925 for freebsd-isp-outgoing; Fri, 13 Feb 1998 11:40:43 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from freefall.pipeline.ch (freefall.pipeline.ch [195.134.128.40]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA19913 for ; Fri, 13 Feb 1998 11:40:40 -0800 (PST) (envelope-from andre@pipeline.ch) Received: from pipeline.ch ([195.134.128.41]) by freefall.pipeline.ch (Netscape Mail Server v2.02) with ESMTP id AAA273; Fri, 13 Feb 1998 20:38:49 +0100 Message-ID: <34E4A171.4EC6840C@pipeline.ch> Date: Fri, 13 Feb 1998 20:39:29 +0100 From: "IBS / Andre Oppermann" Organization: Internet Business Solutions Ltd. (AG) X-Mailer: Mozilla 4.03 [en] (WinNT; U) MIME-Version: 1.0 To: "Steven Fletcher (Shellnet IRC administrator)" CC: freebsd-isp@FreeBSD.ORG Subject: Re: RADIUS for BSDi running under FreeBSD References: <98021315324314200@mailhost.shellnet.co.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Steven Fletcher (Shellnet IRC administrator) wrote: > > Dear gurus..... > > I am trying swap all of my dial up users over to a RADIUS authentication > system so that we no longer need to have 150 users on our Windows NT box I did the same some weeks ago with some boxes, much better now. > (Service Pack 3 + RRAS with a Hotfix). I installed and ran Livingston RADIUS > 2.0.1 for BSDi onto my FreeBSD v2-2-5 box and then proceeded to make the > following entry into my /etc/raddb/users file: > > dud Password = "dud", > Service-Type = Framed-User, > Framed-Protocol = PPP looks good... > Then I proceeded to configure my NT box to use the RADIUS authentcation > system (it's running RAS and allowing it to accept clear text passwords. By > dialing up with a Windows 95 computer (set to not "Require Encrypted > Passwords") we saw the NT box talking to the BSD box as follows: > > Fri Feb 13 13:45:14 1998: [1270] radrecv: Request from host code=1, > id=2, length=82 > Fri Feb 13 13:45:14 1998: [1270] User-Name = "dud" > Fri Feb 13 13:45:14 1998: [1270] CHAP-Challenge = > "Yb\201\365\301~\024\221\220Z\341\320\2058\275\001" > Fri Feb 13 13:45:14 1998: [1270] CHAP-Password = "" > Fri Feb 13 13:45:14 1998: [1270] NAS-Port = 0 > Fri Feb 13 13:45:14 1998: [1270] Framed-Protocol = PPP > Fri Feb 13 13:45:14 1998: [1270] NAS-Identifier = "" > Fri Feb 13 13:45:14 1998: [1303] Sending Reject of id 2 to > () > > And then the NT box then drops the connection. You have to tweak the Registry. Delete the SPAP and CHAP keys in /HKEY_LOCAL_MACHINE/SYSTEM/CURRENTCONTROLSET/SERVICES/RASMAN/PPP/ (and yes, do it again every time you have changed somthing on your box) The RADIUS server can't handle the SPAP/CHAP encryption (MS-specific). > Has anyone _ever_ got UN*X RADIUS to work with an NT client - if anyone can > help I'd be most grateful - or would it be possible for somone to forward > some configuration files ? -- Andre Oppermann CEO / Geschaeftsfuehrer Internet Business Solutions Ltd. (AG) Hardstrasse 235, 8005 Zurich, Switzerland Fon +41 1 277 75 75 / Fax +41 1 277 75 77 http://www.pipeline.ch ibs@pipeline.ch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 11:55:01 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA23823 for freebsd-isp-outgoing; Fri, 13 Feb 1998 11:55:01 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from freefall.pipeline.ch (intranet.pipeline.ch [195.134.128.66]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA23716 for ; Fri, 13 Feb 1998 11:54:38 -0800 (PST) (envelope-from andre@pipeline.ch) Received: from pipeline.ch ([195.134.128.41]) by freefall.pipeline.ch (Netscape Mail Server v2.02) with ESMTP id AAA213; Fri, 13 Feb 1998 20:52:42 +0100 Message-ID: <34E4A4B2.DE11C1B0@pipeline.ch> Date: Fri, 13 Feb 1998 20:53:22 +0100 From: "IBS / Andre Oppermann" Organization: Internet Business Solutions Ltd. (AG) X-Mailer: Mozilla 4.03 [en] (WinNT; U) MIME-Version: 1.0 To: "Darrin R. Woods" CC: isp@FreeBSD.ORG Subject: Re: BIND question References: <3.0.32.19980213133416.0069a384@netgazer.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Darrin R. Woods wrote: > > Another question for the 'collective'. > > We seem to be having a problem with some of the websites that we host not > having a 'dns entry'. > > I have tried accessing the same sites and pinging them from an account > within MCI Corporate and have had absolutely no problem getting to them. > > The problem only seems to be certain sites and only from certain ISPs. I > have tried setting my nslookup server to some of these ISPs and when I try > and do a lookup with debug, I just get: > > timeout (5 secs) > timeout (10 secs) > ... Can you provide a little bit more information about the affected domains/ip-addresses. It's really hard to find a solution when I don't have anything to test. > We are running BIND 8.1 on FBSD systems. I am running out of ideas and > customers are getting pissed because people from some large ISPs can't get > to their website. -- Andre Oppermann CEO / Geschaeftsfuehrer Internet Business Solutions Ltd. (AG) Hardstrasse 235, 8005 Zurich, Switzerland Fon +41 1 277 75 75 / Fax +41 1 277 75 77 http://www.pipeline.ch ibs@pipeline.ch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 12:30:15 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA01305 for freebsd-isp-outgoing; Fri, 13 Feb 1998 12:30:15 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from netgazer.net (netgazer.net [209.83.225.63]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA01285 for ; Fri, 13 Feb 1998 12:30:09 -0800 (PST) (envelope-from dwoods@netgazer.com) Received: from dwoods.rch.mci.com ([166.32.137.45]) by netgazer.net (8.8.5/8.7.3) with SMTP id OAA07848 for ; Fri, 13 Feb 1998 14:38:00 GMT Message-Id: <3.0.32.19980213142831.006a0fb0@netgazer.net> X-Sender: dwoods@netgazer.net X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 13 Feb 1998 14:30:04 -0600 To: isp@FreeBSD.ORG From: "Darrin R. Woods" Subject: BIND question followup.. Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org To add a little more info to my last question: All the websites resolv correctly from within our domain/ip range. They also resolv correctly for anyone that sets their DNS on their pc/mac to one of ours. Someone suggested a possible problem with the fact that the 'name' that Internic knows our DNS machines by is actually a CNAME to the machine. Acknowledging that it might be the problem I changed the hostname to the *NIC name and changed the appropriate the dns records to reflect that, but I cant see that it has helped anything. The main website that we are getting the biggest complaints on is "www.auctiondepottx.com" which is one of several virtual websites at 209.83.225.63. We're not doing any type of flat out ip blocking with a firewall, and the problem seems to be intermittent. One other user was getting complaints (with a different website) and tried hitting their website (www.cityofmesquite.com) from 10 different local providers within a 30 minute time period. Only one of the providers had a problem getting to the site, so it was hard for us to say it was our fault. If it is something that we have configured incorrectly I want to get it fixed, if it is something else outside of our control I would like to know about it just so that I have a definitive answer to give our customers. As always, thanks in advance. Darrin R. Woods dwoods@netgazer.com Director Operations Emeritus Netgazer Solutions, Inc. "UNiX IS user friendly. It's just particular about who it's friends are" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 12:31:35 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA01493 for freebsd-isp-outgoing; Fri, 13 Feb 1998 12:31:35 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mail.ruhrgebiet.individual.net (in-ruhr.ruhr.de [141.39.224.38]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA01479 for ; Fri, 13 Feb 1998 12:31:32 -0800 (PST) (envelope-from bs@devnull.ruhr.de) Received: (from admin@localhost) by mail.ruhrgebiet.individual.net (8.8.5-r-beta/8.8.5) with UUCP id UAA05378; Fri, 13 Feb 1998 20:41:53 +0100 (MET) Received: from rm.devnull.ruhr.de [192.168.22.75] by devnull.ruhr.de with smtp (Exim 1.73 #1) id 0y3Lka-0000P2-00; Fri, 13 Feb 1998 15:05:56 +0100 Received: from bs by rm.devnull.ruhr.de with local (Exim 1.73 #1) id 0y3LpK-0000Ed-00; Fri, 13 Feb 1998 15:10:50 +0100 To: Louis-Philippe Alain Cc: isp@FreeBSD.ORG Subject: Re: How can I protect me server? References: <199802121655.LAA28829@mail.boisfrancs.qc.ca> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit From: Benedikt Stockebrand Date: 13 Feb 1998 15:10:49 +0100 In-Reply-To: Louis-Philippe Alain's message of "Thu, 12 Feb 1998 11:56:07 -0500" Message-ID: <8790rf4mty.fsf@devnull.ruhr.de> Lines: 30 X-Mailer: Gnus v5.5/XEmacs 20.3 - "Vatican City" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Louis-Philippe, I think the real problem is *your* attitude towards your users. No offense intended, but if you don't stop your users from doing this sort of nonsense you'll be blamed and have to face the consequences. If any user does things like mail bombing (or junk mailing), IP spoofing or whatever you better get rid of him/her ASAP. Otherwise trouble will get continuously worse. What I recommend: - Write an AUP (acceptable use policy) if you don't have one yet. Starting points for this are the periodic postings in news.newusers.questions and news.admin.policy (?) among others. - Make that AUP public among your users. - Shoot on sight, i.e. cancel contracts on any serious offense. - Make sure your attitude gets widely known. That may bring the usable part of your user population to their senses. Ben -- Ben(edikt)? Stockebrand Runaway ping.de Admin---Never Ever Trust Old Friends My name and email address are not to be added to any list used for advertising purposes. Any sender of unsolicited advertisement e-mail to this address im- plicitly agrees to pay a DM 500 fee to the recipient for proofreading services. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 12:44:06 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA03844 for freebsd-isp-outgoing; Fri, 13 Feb 1998 12:44:06 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from freefall.pipeline.ch (intranet.pipeline.ch [195.134.128.66]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA03838 for ; Fri, 13 Feb 1998 12:44:04 -0800 (PST) (envelope-from andre@pipeline.ch) Received: from pipeline.ch ([195.134.128.41]) by freefall.pipeline.ch (Netscape Mail Server v2.02) with ESMTP id AAA347; Fri, 13 Feb 1998 21:42:01 +0100 Message-ID: <34E4B042.BAEFA74F@pipeline.ch> Date: Fri, 13 Feb 1998 21:42:42 +0100 From: "IBS / Andre Oppermann" Organization: Internet Business Solutions Ltd. (AG) X-Mailer: Mozilla 4.03 [en] (WinNT; U) MIME-Version: 1.0 To: "Darrin R. Woods" CC: isp@FreeBSD.ORG Subject: Re: BIND question followup.. References: <3.0.32.19980213142831.006a0fb0@netgazer.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Darrin R. Woods wrote: > > To add a little more info to my last question: -snip- > The main website that we are getting the biggest complaints on is > "www.auctiondepottx.com" which is one of several virtual websites at > 209.83.225.63. Found the problem: You should update the serial number. Currently the other nameserver assume that it's (old) information is still correct. I'll send you the complete zone-check by private mail. AUCTIONDEPOTTX.COM 86400 IN SOA babs.netgazer.net dwoods.netgazer.com ( 1 ;serial (version) *** WARNING *** Serial 1 , use format yyyymmddvv yyyy : year mm : month dd : day vv : version 10800 ;refresh period (3 hours) 3600 ;retry interval (1 hour) 604800 ;expire time (1 week) 86400 ;default ttl (1 day) -- Andre Oppermann CEO / Geschaeftsfuehrer Internet Business Solutions Ltd. (AG) Hardstrasse 235, 8005 Zurich, Switzerland Fon +41 1 277 75 75 / Fax +41 1 277 75 77 http://www.pipeline.ch ibs@pipeline.ch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 13:05:09 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA07127 for freebsd-isp-outgoing; Fri, 13 Feb 1998 13:05:09 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from luke.cpl.net ([209.150.92.68]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA07117 for ; Fri, 13 Feb 1998 13:05:00 -0800 (PST) (envelope-from shawn@luke.cpl.net) Received: from localhost (shawn@localhost) by luke.cpl.net (8.8.8/8.6.12) with SMTP id NAA06347; Fri, 13 Feb 1998 13:03:01 -0800 (PST) Date: Fri, 13 Feb 1998 13:03:00 -0800 (PST) From: Shawn Ramsey To: "Darrin R. Woods" cc: isp@FreeBSD.ORG Subject: Re: BIND question followup.. In-Reply-To: <3.0.32.19980213142831.006a0fb0@netgazer.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > All the websites resolv correctly from within our domain/ip range. They > also resolv correctly for anyone that sets their DNS on their pc/mac to one > of ours. > > Someone suggested a possible problem with the fact that the 'name' that > Internic knows our DNS machines by is actually a CNAME to the machine. > Acknowledging that it might be the problem I changed the hostname to the > *NIC name and changed the appropriate the dns records to reflect that, but > I cant see that it has helped anything. > > The main website that we are getting the biggest complaints on is > "www.auctiondepottx.com" which is one of several virtual websites at > 209.83.225.63. > > We're not doing any type of flat out ip blocking with a firewall, and the > problem seems to be intermittent. > > One other user was getting complaints (with a different website) and tried > hitting their website (www.cityofmesquite.com) from 10 different local > providers within a 30 minute time period. Only one of the providers had a > problem getting to the site, so it was hard for us to say it was our fault. > > If it is something that we have configured incorrectly I want to get it > fixed, if it is something else outside of our control I would like to know > about it just so that I have a definitive answer to give our customers. > > As always, thanks in advance. The domain www.auctiondepottx.com resolves differently with reverse than forward. Reverse resolves to netgazer.net. This could be your problem... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 13:10:35 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA08324 for freebsd-isp-outgoing; Fri, 13 Feb 1998 13:10:35 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from proxyb2-atm.san.rr.com (proxyb2-atm.san.rr.com [204.210.0.11]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA08301 for ; Fri, 13 Feb 1998 13:10:21 -0800 (PST) (envelope-from Studded@san.rr.com) Received: from san.rr.com (dt050ndd.san.rr.com [204.210.31.221]) by proxyb2.san.rr.com (8.8.7/8.8.8) with ESMTP id MAA00556; Fri, 13 Feb 1998 12:57:49 -0800 (PST) Message-ID: <34E4B3CA.110375AB@san.rr.com> Date: Fri, 13 Feb 1998 12:57:46 -0800 From: Studded Organization: Triborough Bridge and Tunnel Authority X-Mailer: Mozilla 4.04 [en] (X11; I; FreeBSD 2.2.5-STABLE-0213 i386) MIME-Version: 1.0 To: "Darrin R. Woods" CC: isp@FreeBSD.ORG Subject: Re: BIND question References: <3.0.32.19980213133416.0069a384@netgazer.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Darrin R. Woods wrote: > We seem to be having a problem with some of the websites that we host not > having a 'dns entry'. It's virtually impossible to debug DNS problems without knowing the hostnames you're having problems with, and the names/addresses of your dns'. > The problem only seems to be certain sites and only from certain ISPs. I > have tried setting my nslookup server Nslookup is not really a good diagnostic tool for dns problems. > We are running BIND 8.1 on FBSD systems. I hope you mean 8.1.1? > I am running out of ideas and > customers are getting pissed because people from some large ISPs can't get > to their website. Understandable. Try providing more details and we'll try to help. My first suggestion would be that there is probably an error in the zone file(s) for the domains you're having problems with. Try upping the serial number on one of those zones, and doing 'kill -1 ; tail -f /var/log/named.log'. This should show you where the error is. If you don't see the error doing it that way, try tail'ing the log in one window and -hup'ing in another. Good luck, Doug -- *** Chief Operations Officer, DALnet IRC network *** *** Proud operator, designer and maintainer of the world's largest *** Internet Relay Chat server. 5,328 clients and still growing. *** Try spider.dal.net on ports 6662-4 (Powered by FreeBSD) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 13:37:37 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA13573 for freebsd-isp-outgoing; Fri, 13 Feb 1998 13:37:37 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from s02.admin.cantv.net (s02.admin.cantv.net [161.196.66.41]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA13564 for ; Fri, 13 Feb 1998 13:37:29 -0800 (PST) (envelope-from lem@cantv.net) Received: from lemtop.cantv.net (workstation-6.lido.cantv.net.57.196.161.in-addr.arpa [161.196.57.8] (may be forged)) by s02.admin.cantv.net (8.8.8/8.8.8) with SMTP id QAA18477; Fri, 13 Feb 1998 16:53:01 -0400 (GMT-0400) Message-Id: <3.0.5.32.19980213165231.0093ab80@pop.cantv.net> X-Sender: lem@pop.cantv.net X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Fri, 13 Feb 1998 16:52:31 -0400 To: "Darrin R. Woods" From: =?iso-8859-1?Q?=22Luis_E=2E_Mu=F1oz=22?= Subject: Re: BIND question followup.. Cc: isp@FreeBSD.ORG In-Reply-To: <3.0.32.19980213142831.006a0fb0@netgazer.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 02:30 PM 13/02/1998 -0600, Darrin R. Woods wrote: [snip] >If it is something that we have configured incorrectly I want to get it >fixed, if it is something else outside of our control I would like to know >about it just so that I have a definitive answer to give our customers. Just out of curiosity, can you ping the nameservers who are unable to resolv your names from a host with problems? This might very well be a routing issue. -lem To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 14:15:08 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA20754 for freebsd-isp-outgoing; Fri, 13 Feb 1998 14:15:08 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA20747 for ; Fri, 13 Feb 1998 14:15:04 -0800 (PST) (envelope-from danny@panda.hilink.com.au) Received: (from danny@localhost) by panda.hilink.com.au (8.8.5/8.8.5) id JAA15551; Sat, 14 Feb 1998 09:14:54 +1100 (EST) Date: Sat, 14 Feb 1998 09:14:54 +1100 (EST) From: "Daniel O'Callaghan" To: "Darrin R. Woods" cc: isp@FreeBSD.ORG Subject: Re: BIND question followup.. In-Reply-To: <3.0.32.19980213142831.006a0fb0@netgazer.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 13 Feb 1998, Darrin R. Woods wrote: > All the websites resolv correctly from within our domain/ip range. They > also resolv correctly for anyone that sets their DNS on their pc/mac to one > of ours. But what about outside? You have broken the first rule of forward DNS resolution - you have both primary and secondary on your own site. This is a no-no, because it means that if some has a problem reaching you, they can't even resolve your name - they just get a DNS timeout, eventually with 'server failed' or similar error. Do your company a favour and get a couple of secondaries in different parts of the world; at least such that they don't use the same Internet backbone provider as you. Ask on this list for secondary swaps. > The main website that we are getting the biggest complaints on is > "www.auctiondepottx.com" which is one of several virtual websites at > 209.83.225.63. Is it the busiest site on your server? > One other user was getting complaints (with a different website) and tried > hitting their website (www.cityofmesquite.com) from 10 different local > providers within a 30 minute time period. Only one of the providers had a > problem getting to the site, so it was hard for us to say it was our fault. Get this person to test your reachability with ping. Ask the failing provider to test reachability from their nameserver to yours. /* Daniel O'Callaghan */ /* HiLink Internet danny@hilink.com.au */ /* FreeBSD - works hard, plays hard... danny@freebsd.org */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 14:34:19 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA22728 for freebsd-isp-outgoing; Fri, 13 Feb 1998 14:34:19 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from marlin.corp.gulf.net (root@marlin.corp.gulf.net [198.69.72.17]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA22709 for ; Fri, 13 Feb 1998 14:34:05 -0800 (PST) (envelope-from tbackman@corp.gulf.net) Received: from marlin.corp.gulf.net (tbackman@marlin.corp.gulf.net [206.105.61.2]) by marlin.corp.gulf.net (8.8.8/8.8.5) with SMTP id QAA19895; Fri, 13 Feb 1998 16:28:29 -0600 (CST) Date: Fri, 13 Feb 1998 16:28:29 -0600 (CST) From: Todd Backman To: "Darrin R. Woods" cc: isp@FreeBSD.ORG Subject: Re: BIND question In-Reply-To: <3.0.32.19980213133416.0069a384@netgazer.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org BGP problem? On Fri, 13 Feb 1998, Darrin R. Woods wrote: > Another question for the 'collective'. > > We seem to be having a problem with some of the websites that we host not > having a 'dns entry'. > > I have tried accessing the same sites and pinging them from an account > within MCI Corporate and have had absolutely no problem getting to them. > > The problem only seems to be certain sites and only from certain ISPs. I > have tried setting my nslookup server to some of these ISPs and when I try > and do a lookup with debug, I just get: > > timeout (5 secs) > timeout (10 secs) > ... > > We are running BIND 8.1 on FBSD systems. I am running out of ideas and > customers are getting pissed because people from some large ISPs can't get > to their website. > > Any ideas appreciated. Thanks in advance. > > > Darrin R. Woods dwoods@netgazer.com > Director Operations Emeritus > Netgazer Solutions, Inc. > > "UNiX IS user friendly. It's just particular > about who it's friends are" > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > ===================================================================== Todd Backman (tbackman@corp.gulf.net) Dial-Up Access Support Team Leader Systems/POP Administration Gulf Coast Internet Company 1-800-444-INET To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 15:09:59 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA28603 for freebsd-isp-outgoing; Fri, 13 Feb 1998 15:09:59 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from cedb.dpcsys.com (cedb.dpcsys.com [206.16.184.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA28595 for ; Fri, 13 Feb 1998 15:09:54 -0800 (PST) (envelope-from dan@dpcsys.com) Received: from localhost (dan@localhost) by cedb.dpcsys.com (8.8.5/8.8.2) with SMTP id XAA11801; Fri, 13 Feb 1998 23:09:57 GMT Date: Fri, 13 Feb 1998 15:09:57 -0800 (PST) From: Dan Busarow To: "Darrin R. Woods" cc: isp@FreeBSD.ORG Subject: Re: BIND question followup.. In-Reply-To: <3.0.32.19980213142831.006a0fb0@netgazer.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 13 Feb 1998, Darrin R. Woods wrote: > The main website that we are getting the biggest complaints on is > "www.auctiondepottx.com" which is one of several virtual websites at > 209.83.225.63. ^^^^^^^^^^^^^^^^^^^^^^ The post noting that you have a serial number of 1 is probably the primary source of complaints. But if you are running non IP based virtual hosts you will be seeing lots of other complaints. I turned on agent logs for a few days cause I would like to start using CSS more. Close to a third of our hits are from Mozilla2. Can't do CSS for sure and I don't think it handles non IP based virtual hosts either. Dan -- Dan Busarow 714 443 4172 DPC Systems / Beach.Net dan@dpcsys.com Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 15:42:10 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA05234 for freebsd-isp-outgoing; Fri, 13 Feb 1998 15:42:10 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from luke.cpl.net (luke.cpl.net [209.150.73.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA05203 for ; Fri, 13 Feb 1998 15:42:00 -0800 (PST) (envelope-from shawn@luke.cpl.net) Received: from localhost (shawn@localhost) by luke.cpl.net (8.8.8/8.6.12) with SMTP id PAA00472; Fri, 13 Feb 1998 15:20:32 -0800 (PST) Date: Fri, 13 Feb 1998 15:20:32 -0800 (PST) From: Shawn Ramsey To: Dan Busarow cc: isp@FreeBSD.ORG Subject: Re: BIND question followup.. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > The post noting that you have a serial number of 1 is probably > the primary source of complaints. But if you are running > non IP based virtual hosts you will be seeing lots of other > complaints. I turned on agent logs for a few days cause I > would like to start using CSS more. Close to a third of our > hits are from Mozilla2. Can't do CSS for sure and I don't think > it handles non IP based virtual hosts either. What is CSS? I do believe however that Mozilla 2.0 can handle non ip based virtual hosts. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 15:45:17 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA05728 for freebsd-isp-outgoing; Fri, 13 Feb 1998 15:45:17 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from cedb.dpcsys.com (cedb.dpcsys.com [206.16.184.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA05705 for ; Fri, 13 Feb 1998 15:45:10 -0800 (PST) (envelope-from dan@dpcsys.com) Received: from localhost (dan@localhost) by cedb.dpcsys.com (8.8.5/8.8.2) with SMTP id XAA12231; Fri, 13 Feb 1998 23:45:07 GMT Date: Fri, 13 Feb 1998 15:45:07 -0800 (PST) From: Dan Busarow To: Shawn Ramsey cc: isp@FreeBSD.ORG Subject: Re: BIND question followup.. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 13 Feb 1998, Shawn Ramsey wrote: > What is CSS? I do believe however that Mozilla 2.0 can handle non ip based > virtual hosts. Cascading Style Sheets. Really cool stuff IMO. Anyone have access to a Netscape 2 client to see if it'll work with nonIP virtuals? Dan -- Dan Busarow 714 443 4172 DPC Systems / Beach.Net dan@dpcsys.com Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 18:53:38 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA12368 for freebsd-isp-outgoing; Fri, 13 Feb 1998 18:53:38 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mail.mjhb.com (mail.mjhb.com [204.254.69.26]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA12351 for ; Fri, 13 Feb 1998 18:53:33 -0800 (PST) (envelope-from marty@mjhb.com) Received: from orion.asc-net.com (orion.asc-net.com [204.254.69.19]) by mail.mjhb.com (8.8.7/8.8.7) with SMTP id SAA06453; Fri, 13 Feb 1998 18:53:28 -0800 (PST) (envelope-from marty@mjhb.com) Date: Fri, 13 Feb 1998 18:53:28 -0800 (Pacific Standard Time) From: Marty Bower To: Dan Busarow cc: isp@FreeBSD.ORG Subject: Re: BIND question followup.. In-Reply-To: Message-ID: X-mailer: Pine/3.96 (WinNT; I) Organization: Martin J. H. Bower (http://mjhb.com) X-X-Sender: marty@mail.mjhb.com MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 13 Feb 1998, Dan Busarow wrote: > Close to a third of our hits are from Mozilla2. Can't do CSS for sure > and I don't think it handles non IP based virtual hosts either. NS/2 does indeed support non-IP vhosts. http://emmet.mjhb.com is an example; if your browser doesn't send the "host:" header, then you'll see the "this space intentionally left blank" page from the "default" server on that IP#. -- Marty Bower | marty@mjhb.com | http://mjhb.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 20:01:16 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA21794 for freebsd-isp-outgoing; Fri, 13 Feb 1998 20:01:16 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mail.creative.net.au (mail.creative.net.au [203.56.168.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA21782 for ; Fri, 13 Feb 1998 20:01:00 -0800 (PST) (envelope-from adrian@mail.creative.net.au) Received: from mail.creative.net.au (localhost.creative.net.au [127.0.0.1]) by mail.creative.net.au (8.8.5/8.7) with ESMTP id MAA09805 for ; Sat, 14 Feb 1998 12:00:50 +0800 (WST) Message-Id: <199802140400.MAA09805@mail.creative.net.au> To: freebsd-isp@FreeBSD.ORG Subject: FreeBSD radiusified pppd.. Date: Sat, 14 Feb 1998 12:00:49 +0800 From: Adrian Chadd Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'll tar it up, cut some of the custom code out and get it out for FTP by Monday. Sheesh, I didn't think the demand was so high for something like this.. :) Adrian -- Adrian Chadd | "I used to be thin, handsome and smart. | Then I discovered UNIX." | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Feb 13 20:35:54 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA25039 for freebsd-isp-outgoing; Fri, 13 Feb 1998 20:35:54 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from fly.HiWAAY.net (root@fly.HiWAAY.net [208.147.154.56]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA25033 for ; Fri, 13 Feb 1998 20:35:52 -0800 (PST) (envelope-from dkelly@nospam.hiwaay.net) Received: from nospam.hiwaay.net (tnt3-115.HiWAAY.net [208.147.146.115]) by fly.HiWAAY.net (8.8.8/8.8.6) with ESMTP id WAA20186 for ; Fri, 13 Feb 1998 22:35:48 -0600 (CST) Received: from localhost (localhost [127.0.0.1]) by nospam.hiwaay.net (8.8.8/8.8.4) with ESMTP id WAA14534 for ; Fri, 13 Feb 1998 22:22:09 -0600 (CST) Message-Id: <199802140422.WAA14534@nospam.hiwaay.net> X-Mailer: exmh version 2.0.1 12/23/97 To: freebsd-isp@FreeBSD.ORG From: David Kelly Subject: Re: Fw: FreeBSD firewall questions In-reply-to: Message from "John T. Farmer" of "Thu, 12 Feb 1998 22:18:37 EST." <199802130318.WAA07752@sabre.goldsword.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 13 Feb 1998 22:22:09 -0600 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org John T. Farmer wrties: > > 2. Hubs are not very expensive. A basic 4 or 8 port hub is less > than $100 (even DataComm Warehouse has a 3com for <$100!!) Broke down last week when I saw SVEC 8-port hubs with 10base2 BNC too at http://www.onsale.com for $39.95. Bid for one (of 27 in that auction) and got it. $10 for UPS ground shipping wasn't as good a deal. No exhaustive definitive testing, but it appears to function as claimed. -- David Kelly N4HHE, dkelly@nospam.hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Feb 14 03:11:33 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id DAA06174 for freebsd-isp-outgoing; Sat, 14 Feb 1998 03:11:33 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from www3.shellnet.co.uk (www3.shellnet.co.uk [194.129.209.14]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA06168 for ; Sat, 14 Feb 1998 03:11:30 -0800 (PST) (envelope-from ircadmin@shellnet.co.uk) Received: from mailhost.shellnet.co.uk (mailhost.shellnet.co.uk [194.129.209.3]) by www3.shellnet.co.uk (8.8.7/8.8.8) with SMTP id LAA06594 for ; Sat, 14 Feb 1998 11:11:12 GMT Received: by mailhost.shellnet.co.uk with MERCUR-SMTP/POP3-Server (v2.10) for at Sat, 14 Feb 98 11:09:41 +0000 From: "Steven Fletcher (Shellnet IRC administrator)" To: "IBS / Andre Oppermann" Cc: Subject: RE: RADIUS for BSDi running under FreeBSD Date: Sat, 14 Feb 1998 11:11:54 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal Importance: Normal In-Reply-To: <34E4A171.4EC6840C@pipeline.ch> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Message-Id: <98021411094149200@mailhost.shellnet.co.uk> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of IBS / Andre Oppermann > Sent: 13 February 1998 19:39 > To: Steven Fletcher (Shellnet IRC administrator) > Cc: freebsd-isp@FreeBSD.ORG > Subject: Re: RADIUS for BSDi running under FreeBSD > > > Steven Fletcher (Shellnet IRC administrator) wrote: > > > > Dear gurus..... > > > > I am trying swap all of my dial up users over to a RADIUS authentication > > system so that we no longer need to have 150 users on our Windows NT box > > I did the same some weeks ago with some boxes, much better now. > Oh, thank you thank you thank you ! Now - radius authenticates the user and we can browse from the Dial up client, but 2 questions remain; here is a log of what I mean: ============================================================================ ===================== bash# /etc/radiusd -x Sat Feb 14 10:56:58 1998: [207] /etc/radiusd: Livingston RADIUS 2.0.1 97/5/22 NDBM NOSHADOW PASSCHANGE bsdi flat_users Sat Feb 14 10:56:58 1998: [207] using udp port 1645 for RADIUS Sat Feb 14 10:56:58 1998: [207] using udp port 1646 for RADIUS accounting Sat Feb 14 10:56:58 1998: [207] updated client cache with 1 clients Sat Feb 14 10:57:04 1998: [208] radrecv: Request from host code=4, id=1, length=26 Sat Feb 14 10:57:04 1998: [208] Acct-Status-Type = 7 Sat Feb 14 10:57:04 1998: [208] Sending Accounting-Response for id 1 to () Sat Feb 14 10:58:44 1998: [207] radrecv: Request from host code=1, id=2, length=63 Sat Feb 14 10:58:44 1998: [207] User-Name = "dud" Sat Feb 14 10:58:44 1998: [207] Password = "\371\345\273\033\347=\205\306\267c\262\270\241\333D\251" Sat Feb 14 10:58:44 1998: [207] NAS-Port = 0 Sat Feb 14 10:58:44 1998: [207] Framed-Protocol = PPP Sat Feb 14 10:58:44 1998: [207] received unknown attribute 32 * OK; Is attribute 32 NAS-Identifier, and considering there seemed to be no problems with connecting, and that the Win 95 Dial up client could web browse, do I need to add it to the dictionary ? Sat Feb 14 10:58:44 1998: [210] Sending Accept of id 2 to () Sat Feb 14 10:58:44 1998: [210] Service-Type = Framed-User Sat Feb 14 10:58:44 1998: [210] Framed-Protocol = PPP Sat Feb 14 10:58:45 1998: [208] radrecv: Request from host code=4, id=3, length=58 Sat Feb 14 10:58:45 1998: [208] Acct-Status-Type = Start Sat Feb 14 10:58:45 1998: [208] Acct-Session-Id = "22669" Sat Feb 14 10:58:45 1998: [208] User-Name = "dud" Sat Feb 14 10:58:45 1998: [208] NAS-Port = 0 Sat Feb 14 10:58:45 1998: [208] received unknown attribute 32 * Again; do I need to add attribute 32 ? Sat Feb 14 10:58:45 1998: [208] Framed-Protocol = PPP Sat Feb 14 10:58:45 1998: [208] accounting: client sent accounting-request with invalid request authenticator * What is an invalid request authenticator ? Sat Feb 14 10:58:45 1998: [208] Sending Accounting-Response for id 3 to () Sat Feb 14 10:59:20 1998: [208] radrecv: Request from host code=4, id=4, length=58 Sat Feb 14 10:59:20 1998: [208] Acct-Status-Type = Stop Sat Feb 14 10:59:20 1998: [208] Acct-Session-Id = "22669" Sat Feb 14 10:59:20 1998: [208] User-Name = "dud" Sat Feb 14 10:59:20 1998: [208] NAS-Port = 0 Sat Feb 14 10:59:20 1998: [208] received unknown attribute 32 * Again, 32 :) Sat Feb 14 10:59:20 1998: [208] Framed-Protocol = PPP Sat Feb 14 10:59:20 1998: [208] accounting: client sent accounting-request with invalid request authenticator * Again, invalid request authenticator ? Sat Feb 14 10:59:20 1998: [208] Sending Accounting-Response for id 4 to () ============================================================================ ===================== It seems to me that these are trivial errors, but as I am not quite sure yet what they mean. I would be extremely grateful to anyone who could provide any help here. On another branch - Can Radius (or does it already) manage to stop multiple logins ? Thanks for your time and your marvelous help, Steven Fletcher - Shellnet. steven@shellnet.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Feb 14 07:51:39 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA04554 for freebsd-isp-outgoing; Sat, 14 Feb 1998 07:51:39 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from servidor.exsocom.com.mx (servidor.exsocom.com.mx [200.34.46.130]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA04549; Sat, 14 Feb 1998 07:51:36 -0800 (PST) (envelope-from agalindo@servidor.exsocom.com.mx) Received: from servidor.exsocom.com.mx.exsocom.com.mx (direccion.exsocom.com.mx [200.34.46.131]) by servidor.exsocom.com.mx (8.8.7/8.8.5) with SMTP id JAA14947; Sat, 14 Feb 1998 09:58:55 -0600 (CST) Message-Id: <1.5.4.32.19980214155709.009eef1c@exsocom.com.mx> X-Sender: agalindo@exsocom.com.mx X-Mailer: Windows Eudora Light Version 1.5.4 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Sat, 14 Feb 1998 09:57:09 -0600 To: freebsd-hackers@FreeBSD.ORG From: Alejandro Galindo Subject: ipfw rule for permit http access Cc: freebsd-isp@FreeBSD.ORG Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, i installed an ipfirewall with the packet filter (ipfw), i need permit the conection to my http server, and i have the next rules: ipfw add pass tcp from any >1023 to 200.43.1.1 80 ipfw add pass tcp from 200.43.1.1 80 to any >1023 but the external clients cant access to my Web server. Can you indicate me if the rules are ok? or, what rules can i do? Thanks in advanced ---------------------------------------------------------------------------- | , , | | /( )` | | \ \___ / | | | /- _ `-/ ' | | (/\/ \ \ /\ | | ExSoCom Dgo. MEXICO / / | ` \ | | O O ) / | | | `-^--'`< ' | | (_.) _ ) / | | Alejandro Galindo Chairez `.___/` / | | Tel: (52 18) 179177 `-----' / | | Fax: (52 18) 179177 <----. __ / __ \ | | <----|====O)))==) \) /==== | | e-mail alejandro.galindo@exsocom.com.mx <----' `--' `.__,' \ | | | | | | http://www.exsocom.com.mx \ / /\| | ______( (_ / \______/ | | ,' ,-----' | | | a FreeBSD user `--{__________) | ---------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Feb 14 15:42:41 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA12663 for freebsd-isp-outgoing; Sat, 14 Feb 1998 15:42:41 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from pcpsj.pfcs.com (harlan.fred.net [205.252.219.31]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA12620 for ; Sat, 14 Feb 1998 15:42:33 -0800 (PST) (envelope-from Harlan.Stenn@pfcs.com) Received: from mumps.pfcs.com [192.52.69.11] (HELO mumps.pfcs.com) by pcpsj.pfcs.com (8.8.8/8.8.8) via ESMTP id for ; Sat, 14 Feb 1998 18:21:45 -0500 (EST) Received: from localhost [127.0.0.1] (HELO localhost) by mumps.pfcs.com (8.8.8/8.8.8) via SMTP id for ; Sat, 14 Feb 1998 15:21:43 -0800 (PST) X-Authentication-Warning: mumps.pfcs.com: localhost [127.0.0.1] didn't use HELO protocol To: freebsd-isp@FreeBSD.ORG Subject: Web maintenance interface to sendmail's virtusertable? Date: Sat, 14 Feb 1998 18:21:42 -0500 Message-ID: <26210.887498502@mumps.pfcs.com> From: Harlan Stenn Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Can somebody point me to a web interface that will let end users, domain administrators, and a "root" equivalent perform suitably delineated updates to sendmail's virtusertable? H To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Feb 14 15:51:32 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA13934 for freebsd-isp-outgoing; Sat, 14 Feb 1998 15:51:32 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from sabre.goldsword.com (sabre.goldsword.com [199.170.202.32]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA13917 for ; Sat, 14 Feb 1998 15:51:17 -0800 (PST) (envelope-from jfarmer@sabre.goldsword.com) Received: (from jfarmer@localhost) by sabre.goldsword.com (8.8.8/8.8.8) id NAA03324; Sat, 14 Feb 1998 13:01:25 -0500 (EST) Date: Sat, 14 Feb 1998 13:01:25 -0500 (EST) From: "John T. Farmer" Message-Id: <199802141801.NAA03324@sabre.goldsword.com> To: dkelly@hiwaay.net, freebsd-isp@FreeBSD.ORG Subject: Re: Fw: FreeBSD firewall questions Cc: jfarmer@goldsword.com Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 13 Feb 1998 22:22:09 -0600 David Kelly said: >Broke down last week when I saw SVEC 8-port hubs with 10base2 BNC too at >http://www.onsale.com for $39.95. Bid for one (of 27 in that auction) >and got it. $10 for UPS ground shipping wasn't as good a deal. No >exhaustive definitive testing, but it appears to function as claimed. Sheesh! And I thought the $129 each I paid for a couple of Maxtech hubs at Datacomm 3 years ago was cheap! The electronics used in a base 10baseT hub have standardized to the level that basic PC chipsets have, even cheap "run of the mill" ones are fairly decent. Of course, for mission-critial hubs, I still stick with the "big guys" if only for the monitoring & stablity. I use one of the Maxtechs on my build & test bench, the other is for the household network. (What your house _isn't_ wired with cat-5?) John ------------------------------------------------------------------------- John T. Farmer Proprietor, GoldSword Systems jfarmer@goldsword.com Public Internet Access in East Tennessee Office: (423)691-6498 for info, e-mail to info@goldsword.com Network Design, Internet Services & Servers, Consulting To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Feb 14 18:41:42 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA07187 for freebsd-isp-outgoing; Sat, 14 Feb 1998 18:41:42 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from voltage.net (voltage.net [208.15.104.65]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA07180 for ; Sat, 14 Feb 1998 18:41:39 -0800 (PST) (envelope-from sward@voltage.net) Received: from arky.voltage.net (arky.voltage.net [208.15.104.72]) by voltage.net (8.8.8/8.8.8) with SMTP id UAA08645 for ; Sat, 14 Feb 1998 20:37:57 -0600 (CST) Message-Id: <199802150237.UAA08645@voltage.net> X-Sender: sward@mail.voltage.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0 Date: Sat, 14 Feb 1998 20:36:29 -0600 To: freebsd-isp@FreeBSD.ORG From: Susie Ward Subject: Re: Fw: FreeBSD firewall questions In-Reply-To: <199802141801.NAA03324@sabre.goldsword.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 01:01 PM 2/14/98 -0500, John T. Farmer wrote: >Sheesh! And I thought the $129 each I paid for a couple of Maxtech >hubs at Datacomm 3 years ago was cheap! 3 years ago that *was* cheap ;) Susie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message