From owner-freebsd-isp Sun Nov 11 9:51: 5 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.bg (ns.mail.bg [212.91.166.100]) by hub.freebsd.org (Postfix) with SMTP id 05FD737B41C for ; Sun, 11 Nov 2001 09:51:02 -0800 (PST) Received: (qmail 8302 invoked by uid 102); 4 Nov 2001 11:10:10 -0000 To: freebsd-isp@FreeBSD.ORG Subject: radpppd Message-ID: <1004872210.3be52212cb4dc@mail.bg> Date: Sun, 04 Nov 2001 13:10:10 +0200 (EET) From: nik_n@mail.bg References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1251 Content-Transfer-Encoding: 8bit User-Agent: mail.bG web interface 2.22 X-Originating-IP: 62.176.113.130 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I am new user of radius,Can you send me exsample of /etc/radius.conf. I want to use radpppd to auth my users with raius on FreeBSD 4.4. But now there is a problem with my radius when users connect to my modem there is an error: pap login failure!!! My pppd is not looking for radius server. How to make it work ? Please Help me. Thanks. ______________________________________ Íàïðàâåòå ñè ÁÅÇÏËÀÒÍÀ åëåêòðîííà ïîùà íà àäðåñ www.mail.bg èìà POP3 12MB SMS --mail.bG-Áúëãàðñêàòà-áåçïëàòíà-ïîùà-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 11 13:29:34 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.away.net (away.net [208.194.163.2]) by hub.freebsd.org (Postfix) with ESMTP id 37A9037B416 for ; Sun, 11 Nov 2001 13:29:32 -0800 (PST) Received: (from driz@localhost) by mail.away.net (8.11.6/8.11.6) id fABLTPV52497 for freebsd-isp@FreeBSD.ORG; Sun, 11 Nov 2001 16:29:25 -0500 (EST) (envelope-from driz) Date: Sun, 11 Nov 2001 16:29:24 -0500 From: David Friedman To: freebsd-isp@FreeBSD.ORG Subject: Re: 2.1.7 FreeBSD Message-ID: <20011111162924.A52144@mail> Mail-Followup-To: freebsd-isp@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from kwoody@citytel.net on Fri, Nov 09, 2001 at 12:53:49PM -0800 X-Info: http://www.away.net/ X-Uptime: 4:18PM up 16 days, 18:20, 3 users, load averages: 0.19, 0.12, 0.07 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * Keith Woodworth (kwoody@citytel.net) wrote: > > Folks...weve had a 2.1.7 machine colo'd here for a few years (3 days shy > of 500 days of uptime) and most of that time it has not had a > monitor/keyboard plugged into it. (just ssh in all the time) > > Few weeks ago I rearranged the equipment room and plugged in a > keyboard/monitor but the console wont respond to keyboard. Last time I > used a keyboard on this machine was probably about a year ago to change > the IP of the NIC and a few other things. Unplugged the keyboard and its > sat in the corner and hummed away ever since. Even then it had at least > 200 days of uptime w/no keyboard plugged in before I made the IP change. > > Is there a process I can maybe HUP to get to the keyboar to work? Or do I > need a complete reboot? > > THanks, > Keith > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message Do you remember if the keyboard was plugged in when you initially booted the machine up? It's not generally a good idea to plug the keyboard in while the computer is on. I suggest shutting down first. (No, I'm not aware of any process to HUP to get it to work.) -- David Friedman - http://www.away.net/ Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" BSD: "Are you guys coming or what?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 11 14:49:28 2001 Delivered-To: freebsd-isp@freebsd.org Received: from inet03.citec.qld.gov.au (inet03.citec.qld.gov.au [203.5.10.10]) by hub.freebsd.org (Postfix) with ESMTP id A51F337B420 for ; Sun, 11 Nov 2001 14:49:21 -0800 (PST) Received: by inet03.citec.qld.gov.au; id IAA29785; Mon, 12 Nov 2001 08:49:19 +1000 (EST) Received: from citecub.citec.qld.gov.au( 131.242.4.98) by inet03.citec.qld.gov.au via smap (V2.0) id xma029445; Mon, 12 Nov 01 08:49:07 +1000 Received: from guru.citec.qld.gov.au by citecub.citec.qld.gov.au (SMI-8.6/SMI-SVR4) id IAA15866; Mon, 12 Nov 2001 08:49:07 +1000 Received: from localhost (sgcccdc@localhost) by guru.citec.qld.gov.au (8.9.3/8.9.3) with ESMTP id IAA72963; Mon, 12 Nov 2001 08:49:07 +1000 (EST) (envelope-from sgcccdc@citec.qld.gov.au) X-Authentication-Warning: guru.citec.qld.gov.au: sgcccdc owned process doing -bs Date: Mon, 12 Nov 2001 08:49:06 +1000 (EST) From: Colin Campbell To: Randy Smith Cc: Subject: Re: Router questions In-Reply-To: <200111091622.fA9GMr114063@smtp1.amigo.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, On Fri, 9 Nov 2001, Randy Smith wrote: > What did I miss that is preventing me from getting across the fbsd router? Your setup on fbsd looks okay to me. However, you haven't given any information about gw1 and gw2. Do their netmasks match that of fbsd? Do they have appropriate routes? gw1 must have a route back to 192.168.69.52/30 via fbsd's .50 interface. Similarly gw2 needs either a default route via fbsd's .53 address (plus correct netmask) or an explicit route to 192.168.48/30, again via fbsd's .53 address. Colin -- Colin Campbell Unix Support/Postmaster/Hostmaster CITEC +61 7 3006 4710 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 11 16:19:10 2001 Delivered-To: freebsd-isp@freebsd.org Received: from femail4.sdc1.sfba.home.com (femail4.sdc1.sfba.home.com [24.0.95.84]) by hub.freebsd.org (Postfix) with ESMTP id 87FB237B417 for ; Sun, 11 Nov 2001 16:19:06 -0800 (PST) Received: from veager.jwweeks.com ([65.14.122.116]) by femail4.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20011112001906.RQSS11207.femail4.sdc1.sfba.home.com@veager.jwweeks.com>; Sun, 11 Nov 2001 16:19:06 -0800 Date: Sun, 11 Nov 2001 19:19:01 -0500 (EST) From: Jim Weeks X-Sender: jim@veager.jwweeks.com To: David Friedman Cc: freebsd-isp@FreeBSD.ORG Subject: Re: 2.1.7 FreeBSD In-Reply-To: <20011111162924.A52144@mail> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I will pose this as a question since I don't know for sure whether this would work, maybe someone could verify. If you had a specific keymap entry in /etc/rc.conf, would running /etc/netstart reset the keyboard? I use netstart to reread rc.conf pretty often, and I have my keymap specified as keymap="/usr/share/syscons/keymaps/us.iso.kbd". I just haven't ever had a problem with the keyboard becoming inoperable. -- Jim Weeks On Sun, 11 Nov 2001, David Friedman wrote: > * Keith Woodworth (kwoody@citytel.net) wrote: > > > > Folks...weve had a 2.1.7 machine colo'd here for a few years (3 days shy > > of 500 days of uptime) and most of that time it has not had a > > monitor/keyboard plugged into it. (just ssh in all the time) > > > > Few weeks ago I rearranged the equipment room and plugged in a > > keyboard/monitor but the console wont respond to keyboard. Last time I > > used a keyboard on this machine was probably about a year ago to change > > the IP of the NIC and a few other things. Unplugged the keyboard and its > > sat in the corner and hummed away ever since. Even then it had at least > > 200 days of uptime w/no keyboard plugged in before I made the IP change. > > > > Is there a process I can maybe HUP to get to the keyboar to work? Or do I > > need a complete reboot? > > > > THanks, > > Keith > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > Do you remember if the keyboard was plugged in when you initially > booted the machine up? > > It's not generally a good idea to plug the keyboard in while > the computer is on. I suggest shutting down first. > > (No, I'm not aware of any process to HUP to get it to work.) > -- > David Friedman - http://www.away.net/ > > Windows: "Where do you want to go today?" > Linux: "Where do you want to go tomorrow?" > BSD: "Are you guys coming or what?" > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 12 2:34:48 2001 Delivered-To: freebsd-isp@freebsd.org Received: from sanyu1.sanyutel.com (sanyu1.sanyutel.com [216.250.215.14]) by hub.freebsd.org (Postfix) with ESMTP id 4AE3637B405 for ; Mon, 12 Nov 2001 02:34:42 -0800 (PST) Received: from localhost (ksemat@localhost) by sanyu1.sanyutel.com (8.11.3/) with ESMTP id fACAaJj02414; Mon, 12 Nov 2001 13:36:20 +0300 X-Authentication-Warning: sanyu1.sanyutel.com: ksemat owned process doing -bs Date: Mon, 12 Nov 2001 13:36:18 +0300 (EAT) From: X-X-Sender: To: Jim Weeks Cc: David Friedman , Subject: Re: 2.1.7 FreeBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I noticed that when freebsd is booting even before it loads the kernel it detects for the presence of a keyboard. And those times when I have booted it without a keyboard and later needed it, I have had to inset the keyboard and then reboot in order for freebsd to start using the keyboard. Noah. On Sun, 11 Nov 2001, Jim Weeks wrote: > I will pose this as a question since I don't know for sure whether this > would work, maybe someone could verify. > > If you had a specific keymap entry in /etc/rc.conf, would > running /etc/netstart reset the keyboard? I use netstart to reread > rc.conf pretty often, and I have my keymap specified as > keymap="/usr/share/syscons/keymaps/us.iso.kbd". I just haven't ever had a > problem with the keyboard becoming inoperable. > > -- > Jim Weeks > > > On Sun, 11 Nov 2001, David Friedman wrote: > > > * Keith Woodworth (kwoody@citytel.net) wrote: > > > > > > Folks...weve had a 2.1.7 machine colo'd here for a few years (3 days shy > > > of 500 days of uptime) and most of that time it has not had a > > > monitor/keyboard plugged into it. (just ssh in all the time) > > > > > > Few weeks ago I rearranged the equipment room and plugged in a > > > keyboard/monitor but the console wont respond to keyboard. Last time I > > > used a keyboard on this machine was probably about a year ago to change > > > the IP of the NIC and a few other things. Unplugged the keyboard and its > > > sat in the corner and hummed away ever since. Even then it had at least > > > 200 days of uptime w/no keyboard plugged in before I made the IP change. > > > > > > Is there a process I can maybe HUP to get to the keyboar to work? Or do I > > > need a complete reboot? > > > > > > THanks, > > > Keith > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-isp" in the body of the message > > > > Do you remember if the keyboard was plugged in when you initially > > booted the machine up? > > > > It's not generally a good idea to plug the keyboard in while > > the computer is on. I suggest shutting down first. > > > > (No, I'm not aware of any process to HUP to get it to work.) > > -- > > David Friedman - http://www.away.net/ > > > > Windows: "Where do you want to go today?" > > Linux: "Where do you want to go tomorrow?" > > BSD: "Are you guys coming or what?" > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 12 8:29:40 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smarthost-2.mail.telinco.net (smarthost-2.mail.telinco.net [212.1.128.91]) by hub.freebsd.org (Postfix) with ESMTP id 7358A37B416 for ; Mon, 12 Nov 2001 08:29:38 -0800 (PST) Received: from pilchards.telinco.net ([212.1.128.253] helo=loki.uk.intranet) by smarthost-2.mail.telinco.net with esmtp (Exim 3.22 #1) id 163Jxp-0007fA-00 for freebsd-isp@FreeBSD.ORG; Mon, 12 Nov 2001 16:29:37 +0000 Received: from there (localhost.localdomain [127.0.0.1]) by loki.uk.intranet (8.11.6/8.11.6) with SMTP id fACCDIs17827; Mon, 12 Nov 2001 12:13:18 GMT Message-Id: <200111121213.fACCDIs17827@loki.uk.intranet> Content-Type: text/plain; charset="iso-8859-1" From: Andrew Stothard To: Keith Woodworth , freebsd-isp@FreeBSD.ORG Subject: Re: 2.1.7 FreeBSD Date: Mon, 12 Nov 2001 12:13:18 +0000 X-Mailer: KMail [version 1.3.1] Cc: kwoody@citytel.net References: In-Reply-To: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Friday 09 November 2001 8:53 pm, Keith Woodworth wrote: > Folks...weve had a 2.1.7 machine colo'd here for a few years (3 days shy > of 500 days of uptime) and most of that time it has not had a > monitor/keyboard plugged into it. (just ssh in all the time) One thing you could try to get local access without rebooting would be to change /etc/ttys so there was a getty attached to one of the serial ports. On 4.x and 3.x you would edit the line for ttyd0 and change the "off" to "on" (I'm not sure if it would work on 2.1.7) and then run "init q". Then you could just plug a terminal into the right serial port. While it doesn't solve the keyboard problem this would give you local access to the server to change it's IP address without requiring a reboot. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 12 11: 4:22 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hawk-systems.com (hawk-systems.com [161.58.152.235]) by hub.freebsd.org (Postfix) with ESMTP id 90C5537B405 for ; Mon, 12 Nov 2001 11:04:16 -0800 (PST) Received: from cr159591a (cr159591-a.pr1.on.wave.home.com [24.102.18.54]) by hawk-systems.com (8.11.6) id fACJ4Fw77651 for ; Mon, 12 Nov 2001 12:04:15 -0700 (MST) From: "Dave VanAuken" To: Subject: SETQUOTA generates GETQUOTA(username) - Invalid Argument Date: Mon, 12 Nov 2001 14:06:08 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org We use scripts and interfaces to manage user quotas on our servers. Recently had this break on one of our web servers. --- svr4# setquota -g -f /usr -bh52000 -bs50000 -ih10000 -is9000 user1 setquota : GETQUOTA(mjsd) - Invalid argument --- No idea why it isn't functioning as designed. Quotas are enabled in the kernel, set on that partition, and workin correctly. Using "edquota" we can still properly edit the quotas manually, this doesn't solve our need for command line add/update of quotas though. Is there a syntax error in my usage that I am just not seeing? Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 12 12:33:38 2001 Delivered-To: freebsd-isp@freebsd.org Received: from relay1.sfo.com (relay1.sfo.com [209.159.128.250]) by hub.freebsd.org (Postfix) with ESMTP id 4764337B416 for ; Mon, 12 Nov 2001 12:33:36 -0800 (PST) Received: from zarathustra.sfo.com (oak-026.sfo.com [209.159.150.26]) by relay1.sfo.com (8.9.2/8.9.2/SFO.r.04) with ESMTP id MAA13517 for ; Mon, 12 Nov 2001 12:33:34 -0800 (PST) Message-Id: <5.1.0.14.2.20011112114828.037c94b0@pop.sfo.com> X-Sender: sommers@pop.sfo.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 12 Nov 2001 12:32:57 -0800 To: freebsd-isp@freebsd.org From: William Sommers Subject: Re: 2.1.7 FreeBSD In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 01:36 PM 11/12/01 +0300, ksemat@wawa.eahd.or.ug wrote: > I noticed that when freebsd is booting even before it loads the > kernel it detects for the presence of a keyboard. And those times > when I have booted it without a keyboard and later needed it, I have > had to inset the keyboard and then reboot in order for freebsd to > start using the keyboard. Er, I don't think that's quite right -- I believe (though could be wrong) that the detection of a keyboard does not occur prior to the kernel probes at all unless it's been explicitly specified during the bootstrap (e.g. '-P' flag is set in /boot.config for serial console switch functionality). What you may be seeing is the effect of GENERIC's default setting, which calls for a kernel probe for presence of a keyboard. If it is found, the driver is loaded -- if not found, then no keyboard driver is loaded. I've no idea why this behavior was chosen as default: device atkbd0 at atkbdc? irq 1 flags 0x1 So, remove the '0x1' FAIL_IF_NO_KBD flag to force a load: device atkbd0 at atkbdc? irq 1 and you'll have greater flexibility in that regard. (None of which helps the original poster of course... 2.x was a looooong time ago.) -wfs To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 12 12:53:18 2001 Delivered-To: freebsd-isp@freebsd.org Received: from sasami.jurai.net (sasami.jurai.net [64.0.106.45]) by hub.freebsd.org (Postfix) with ESMTP id 173D037B405 for ; Mon, 12 Nov 2001 12:53:15 -0800 (PST) Received: from localhost (winter@localhost) by sasami.jurai.net (8.9.3/8.8.7) with ESMTP id PAA62565; Mon, 12 Nov 2001 15:53:06 -0500 (EST) Date: Mon, 12 Nov 2001 15:53:05 -0500 (EST) From: "Matthew N. Dodd" To: Dave VanAuken Cc: freebsd-isp@FreeBSD.ORG Subject: Re: SETQUOTA generates GETQUOTA(username) - Invalid Argument In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 12 Nov 2001, Dave VanAuken wrote: > We use scripts and interfaces to manage user quotas on our servers. Recently > had this break on one of our web servers. > > --- > svr4# setquota -g -f /usr -bh52000 -bs50000 -ih10000 -is9000 user1 > setquota : GETQUOTA(mjsd) - Invalid argument > --- > > No idea why it isn't functioning as designed. I notice you're invoking it with the '-g' flag but specifying a user? -- | Matthew N. Dodd | '78 Datsun 280Z | '75 Volvo 164E | FreeBSD/NetBSD | | winter@jurai.net | 2 x '84 Volvo 245DL | ix86,sparc,pmax | | http://www.jurai.net/~winter | For Great Justice! | ISO8802.5 4ever | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 12 12:57:19 2001 Delivered-To: freebsd-isp@freebsd.org Received: from home.cg.nu (home.cg.nu [213.196.2.115]) by hub.freebsd.org (Postfix) with ESMTP id 065FC37B405 for ; Mon, 12 Nov 2001 12:57:17 -0800 (PST) Received: from pruts (netfreak.xs4all.nl [213.84.69.96]) by home.cg.nu (Postfix) with ESMTP id 82C1E158FE5 for ; Mon, 12 Nov 2001 21:57:08 +0100 (CET) From: "Henk Wevers" To: Subject: Small HOWTO on a qmail-ldap mailtoaster Date: Mon, 12 Nov 2001 21:56:58 +0100 Message-ID: <000e01c16bbc$955f29b0$02010a0a@pruts> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I just did make a small HOWTO on a mailtoaster with Postfix frondend and a qmail-ldap backend. http://freebsd.cg.nu/postfixqmail-ldap.html Maybe this small howto is useful to somebody. Henk Wevers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 12 14:13: 8 2001 Delivered-To: freebsd-isp@freebsd.org Received: from shack.mine.nu (dsl94029.dyndsl.nettally.com [199.44.94.29]) by hub.freebsd.org (Postfix) with ESMTP id 7A14237B405 for ; Mon, 12 Nov 2001 14:13:03 -0800 (PST) Received: by shack.mine.nu (Postfix, from userid 2901) id D6BFD7D; Mon, 12 Nov 2001 17:12:05 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by shack.mine.nu (Postfix) with ESMTP id D37B125; Mon, 12 Nov 2001 17:12:05 -0500 (EST) Date: Mon, 12 Nov 2001 17:12:05 -0500 (EST) From: Tyler To: "Matthew N. Dodd" Cc: Dave VanAuken , Subject: Re: SETQUOTA generates GETQUOTA(username) - Invalid Argument In-Reply-To: Message-ID: <20011112171142.C2946-100000@shack.mine.nu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I had that problem once and doing quotaon -a fixed it. Tyler - Owner/Administrator Shack Networks - XeraNet Web Services http://shack.mine.nu - http://www.xeranet.org On Mon, 12 Nov 2001, Matthew N. Dodd wrote: > On Mon, 12 Nov 2001, Dave VanAuken wrote: > > We use scripts and interfaces to manage user quotas on our servers. Recently > > had this break on one of our web servers. > > > > --- > > svr4# setquota -g -f /usr -bh52000 -bs50000 -ih10000 -is9000 user1 > > setquota : GETQUOTA(mjsd) - Invalid argument > > --- > > > > No idea why it isn't functioning as designed. > > I notice you're invoking it with the '-g' flag but specifying a user? > > -- > | Matthew N. Dodd | '78 Datsun 280Z | '75 Volvo 164E | FreeBSD/NetBSD | > | winter@jurai.net | 2 x '84 Volvo 245DL | ix86,sparc,pmax | > | http://www.jurai.net/~winter | For Great Justice! | ISO8802.5 4ever | > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 12 15:31:48 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hawk-systems.com (hawk-systems.com [161.58.152.235]) by hub.freebsd.org (Postfix) with ESMTP id 8268237B417 for ; Mon, 12 Nov 2001 15:31:45 -0800 (PST) Received: from cr159591a (cr159591-a.pr1.on.wave.home.com [24.102.18.54]) by hawk-systems.com (8.11.6) id fACNVg516872; Mon, 12 Nov 2001 16:31:42 -0700 (MST) From: dave@hawk-systems.com (Dave) To: "Matthew N. Dodd" Cc: Subject: RE: SETQUOTA generates GETQUOTA(username) - Invalid Argument Date: Mon, 12 Nov 2001 18:33:37 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The primary users are set up as user:group user1:user1 and additional accounts or users under the main account set up as user:group user2:user1 since the primary account holder is the one paying the bill, the quota is on his (group) usage Dave >-----Original Message----- >From: owner-freebsd-isp@FreeBSD.ORG >[mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Matthew N. Dodd >Sent: Monday, November 12, 2001 3:53 PM >To: Dave VanAuken >Cc: freebsd-isp@FreeBSD.ORG >Subject: Re: SETQUOTA generates GETQUOTA(username) - Invalid Argument > > >On Mon, 12 Nov 2001, Dave VanAuken wrote: >> We use scripts and interfaces to manage user quotas on our servers. Recently >> had this break on one of our web servers. >> >> --- >> svr4# setquota -g -f /usr -bh52000 -bs50000 -ih10000 -is9000 user1 >> setquota : GETQUOTA(mjsd) - Invalid argument >> --- >> >> No idea why it isn't functioning as designed. > >I notice you're invoking it with the '-g' flag but specifying a user? > >-- >| Matthew N. Dodd | '78 Datsun 280Z | '75 Volvo 164E | FreeBSD/NetBSD | >| winter@jurai.net | 2 x '84 Volvo 245DL | ix86,sparc,pmax | >| http://www.jurai.net/~winter | For Great Justice! | ISO8802.5 4ever | > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 12 15:32: 3 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hawk-systems.com (hawk-systems.com [161.58.152.235]) by hub.freebsd.org (Postfix) with ESMTP id 72F0C37B419 for ; Mon, 12 Nov 2001 15:31:56 -0800 (PST) Received: from cr159591a (cr159591-a.pr1.on.wave.home.com [24.102.18.54]) by hawk-systems.com (8.11.6) id fACNVi516878; Mon, 12 Nov 2001 16:31:44 -0700 (MST) From: dave@hawk-systems.com (Dave) To: "Tyler" , "Matthew N. Dodd" Cc: "Dave VanAuken" , Subject: RE: SETQUOTA generates GETQUOTA(username) - Invalid Argument Date: Mon, 12 Nov 2001 18:33:39 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20011112171142.C2946-100000@shack.mine.nu> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Bingo... must have reset during a reboot or been halted? sometime. Couldn't see the forest for the trees... much appreciated. Dave >-----Original Message----- >From: owner-freebsd-isp@FreeBSD.ORG >[mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Tyler >Sent: Monday, November 12, 2001 5:12 PM >To: Matthew N. Dodd >Cc: Dave VanAuken; freebsd-isp@FreeBSD.ORG >Subject: Re: SETQUOTA generates GETQUOTA(username) - Invalid Argument > > >I had that problem once and doing quotaon -a fixed it. > > Tyler - Owner/Administrator > Shack Networks - XeraNet Web Services >http://shack.mine.nu - http://www.xeranet.org > >On Mon, 12 Nov 2001, Matthew N. Dodd wrote: > >> On Mon, 12 Nov 2001, Dave VanAuken wrote: >> > We use scripts and interfaces to manage user quotas on our >servers. Recently >> > had this break on one of our web servers. >> > >> > --- >> > svr4# setquota -g -f /usr -bh52000 -bs50000 -ih10000 -is9000 user1 >> > setquota : GETQUOTA(mjsd) - Invalid argument >> > --- >> > >> > No idea why it isn't functioning as designed. >> >> I notice you're invoking it with the '-g' flag but specifying a user? >> >> -- >> | Matthew N. Dodd | '78 Datsun 280Z | '75 Volvo 164E | FreeBSD/NetBSD | >> | winter@jurai.net | 2 x '84 Volvo 245DL | ix86,sparc,pmax | >> | http://www.jurai.net/~winter | For Great Justice! | ISO8802.5 4ever | >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-isp" in the body of the message >> > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 13 4:28:56 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web20104.mail.yahoo.com (web20104.mail.yahoo.com [216.136.226.41]) by hub.freebsd.org (Postfix) with SMTP id DB6A337B445 for ; Tue, 13 Nov 2001 04:28:48 -0800 (PST) Message-ID: <20011113122848.68215.qmail@web20104.mail.yahoo.com> Received: from [193.227.212.160] by web20104.mail.yahoo.com via HTTP; Tue, 13 Nov 2001 13:28:48 CET Date: Tue, 13 Nov 2001 13:28:48 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: Nat Gateway Firewall rules To: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello all,I'm in this situation: Internet | | +---------+ |fBSD Nat | | Gw | +---------+ | | +-----+ | |Http | | |Proxy| | +-----+ | | | | | LAN |DMZ +-------+ +-------|Web srv| | +-------+ | +--------+ +-------|Smtp srv| |pop3 | +--------+ The internal LAN goes on Internet only for http,ftp. The Lan also goes on the Dmz to use the Web srv & smtp,pop3. The Web,smtp,pop3 are accessible from Internet by clients. I must provide a strong Firewall set of rules on the nat, where can I find some docs to do such a thing? ______________________________________________________________________ Abbonati a Yahoo! ADSL con Atlanet! Naviga su Internet ad alta velocità, e senza limiti di tempo! Per saperne di più vai alla pagina http://adsl.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 13 7:49:13 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.day-light.net (dle.day-light.net [64.37.72.2]) by hub.freebsd.org (Postfix) with ESMTP id 6B12F37B405 for ; Tue, 13 Nov 2001 07:49:10 -0800 (PST) Received: from w1 (118-203.bestdsl.net [216.162.118.203]) by mail.day-light.net (Postfix) with SMTP id 894BC43E52; Tue, 13 Nov 2001 09:49:04 -0600 (CST) Reply-To: From: "John Brooks" To: "'Fabrizio Ravazzini'" , Subject: RE: Nat Gateway Firewall rules Date: Tue, 13 Nov 2001 09:49:10 -0600 Message-ID: <000401c16c5a$c30f49a0$1505010a@daylight.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <20011113122848.68215.qmail@web20104.mail.yahoo.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Try these: http://www.obfuscation.org/ipf/ http://geodsoft.com/howto/harden/ -- John Brooks Email: john@stlbsd.org -----Original Message----- ...snip... I must provide a strong Firewall set of rules on the nat, where can I find some docs to do such a thing? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 13 9:18:32 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web20102.mail.yahoo.com (web20102.mail.yahoo.com [216.136.226.39]) by hub.freebsd.org (Postfix) with SMTP id B320337B405 for ; Tue, 13 Nov 2001 09:18:27 -0800 (PST) Message-ID: <20011113171827.77688.qmail@web20102.mail.yahoo.com> Received: from [62.11.71.109] by web20102.mail.yahoo.com via HTTP; Tue, 13 Nov 2001 18:18:27 CET Date: Tue, 13 Nov 2001 18:18:27 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: RE: Nat Gateway Firewall rules To: john@day-light.com Cc: freebsd-isp@freebsd.org In-Reply-To: <000401c16c5a$c30f49a0$1505010a@daylight.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org many thanks for help,now I've tought to another problem, I've read on the FreebSD Handbook (cap17.11-Nat) and the natd manual page that with the option -redirect_address, if I have for example a www server I can redirect the traffic to this server wich is on the internal Lan or also to another machine with public Ip. But the problem is: if I have two or more web servers in the lan or also out of the Lan which they must be reached from the internet how can I redirect with natd? Because with natd I can redirect (I understood) only one machine for one service. Shortly the scheme: INTERNET | |PublicIP1 +---------+ | NAT | |Firewall | +---------+ PublicIP2 +----+ | | +------+ |WWW1|--------+ +-----+-----| WWW2 | +----+ | +------+ PublicIp3 | or InternalLan1 |DNS Thanks,bye --- John Brooks ha scritto: > Try these: > > http://www.obfuscation.org/ipf/ > > http://geodsoft.com/howto/harden/ > > -- > John Brooks > Email: john@stlbsd.org > > -----Original Message----- > > ...snip... > > I must provide a strong Firewall set of rules on the > nat, where can I find some docs to do such a thing? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message ______________________________________________________________________ Abbonati a Yahoo! ADSL con Atlanet! Naviga su Internet ad alta velocità, e senza limiti di tempo! Per saperne di più vai alla pagina http://adsl.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 13 9:28:25 2001 Delivered-To: freebsd-isp@freebsd.org Received: from blacklamb.mykitchentable.net (ekgr-dsl5-t183.citlink.net [207.173.250.183]) by hub.freebsd.org (Postfix) with ESMTP id 96B3337B417 for ; Tue, 13 Nov 2001 09:28:17 -0800 (PST) Received: from tagalong (unknown [165.107.42.205]) by blacklamb.mykitchentable.net (Postfix) with SMTP id 882FAEE547; Tue, 13 Nov 2001 09:29:00 -0800 (PST) Message-ID: <014b01c16c68$91889310$cd2a6ba5@lc.ca.gov> From: "Drew Tomlinson" To: "Fabrizio Ravazzini" , Cc: References: <20011113171827.77688.qmail@web20102.mail.yahoo.com> Subject: Re: Nat Gateway Firewall rules Date: Tue, 13 Nov 2001 09:27:55 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Fabrizio Ravazzini" To: Cc: Sent: Tuesday, November 13, 2001 9:18 AM Subject: RE: Nat Gateway Firewall rules > many thanks for help,now I've tought to another > problem, I've read on the FreebSD Handbook > (cap17.11-Nat) and the natd manual page that with the > option -redirect_address, if I have for example a www > server I can redirect the traffic to this server wich > is on the internal Lan or also to another machine with > public Ip. > But the problem is: if I have two or more web servers > in the lan or also out of the Lan which they must be > reached from the internet how can I redirect with > natd? The only way I know is to connect to them via different ports. In other words, tell NAT that requests on port 80 get redirected to WWW1:80 and requests on port 8080 get reidrected to WWW2:80. Then to connect to WWW2, you would put http://WWW2:8080 in your web browser. HTH, Drew > Because with natd I can redirect (I understood) only > one machine for one service. > Shortly the scheme: > > INTERNET > | > |PublicIP1 > +---------+ > | NAT | > |Firewall | > +---------+ PublicIP2 > +----+ | | +------+ > |WWW1|--------+ +-----+-----| WWW2 | > +----+ | +------+ > PublicIp3 | > or InternalLan1 |DNS > > > Thanks,bye > > > --- John Brooks ha scritto: > Try > these: > > > > http://www.obfuscation.org/ipf/ > > > > http://geodsoft.com/howto/harden/ > > > > -- > > John Brooks > > Email: john@stlbsd.org > > > > -----Original Message----- > > > > ...snip... > > > > I must provide a strong Firewall set of rules on the > > nat, where can I find some docs to do such a thing? > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the > message > > ______________________________________________________________________ > > Abbonati a Yahoo! ADSL con Atlanet! > Naviga su Internet ad alta velocità, e senza limiti di tempo! > Per saperne di più vai alla pagina http://adsl.yahoo.it > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 13 9:28:45 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web20106.mail.yahoo.com (web20106.mail.yahoo.com [216.136.226.43]) by hub.freebsd.org (Postfix) with SMTP id 60BBB37B419 for ; Tue, 13 Nov 2001 09:28:34 -0800 (PST) Message-ID: <20011113172833.16267.qmail@web20106.mail.yahoo.com> Received: from [62.11.71.109] by web20106.mail.yahoo.com via HTTP; Tue, 13 Nov 2001 18:28:33 CET Date: Tue, 13 Nov 2001 18:28:33 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: RE: Nat Gateway Firewall rules To: Fabrizio Ravazzini Cc: freebsd-isp@freebsd.org In-Reply-To: <20011113171827.77688.qmail@web20102.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --- Fabrizio Ravazzini ha scritto: > many thanks for help,now I've tought to another > problem, I've read on the FreebSD Handbook > (cap17.11-Nat) and the natd manual page that with > the > option -redirect_address, if I have for example a > www > server I can redirect the traffic to this server > wich > is on the internal Lan or also to another machine > with > public Ip. > But the problem is: if I have two or more web > servers > in the lan or also out of the Lan which they must be > reached from the internet how can I redirect with > natd? > Because with natd I can redirect (I understood) only > one machine for one service. > Shortly the scheme: > OPS!! the correct scheme is this(With the router) INTERNET | | |Public Ip0 _____|_________ | Router CISCO | +------+--------+ | |PublicIP1 +---------+ | NAT | |Firewall | +---------+ PublicIP2 +----+ | | +------+ |WWW1|--------+ +-----+-----| WWW2 | +----+ | +------+ PublicIp3 | or InternalLan1 |DNS Thanks,bye > > --- John Brooks ha scritto: > > Try > these: > > > > http://www.obfuscation.org/ipf/ > > > > http://geodsoft.com/howto/harden/ > > > > -- > > John Brooks > > Email: john@stlbsd.org > > > > -----Original Message----- > > > > ...snip... > > > > I must provide a strong Firewall set of rules on > the > > nat, where can I find some docs to do such a > thing? > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the > message > > ______________________________________________________________________ > > Abbonati a Yahoo! ADSL con Atlanet! > Naviga su Internet ad alta velocità, e senza limiti > di tempo! > Per saperne di più vai alla pagina > http://adsl.yahoo.it > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message ______________________________________________________________________ Abbonati a Yahoo! ADSL con Atlanet! Naviga su Internet ad alta velocità, e senza limiti di tempo! Per saperne di più vai alla pagina http://adsl.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 13 9:33:56 2001 Delivered-To: freebsd-isp@freebsd.org Received: from manor.msen.com (manor.msen.com [148.59.4.66]) by hub.freebsd.org (Postfix) with ESMTP id ED03A37B405 for ; Tue, 13 Nov 2001 09:33:52 -0800 (PST) Received: (from wayne@localhost) by manor.msen.com (8.9.3/8.9.3) id MAA14730 for freebsd-isp@FreeBSD.ORG; Tue, 13 Nov 2001 12:33:52 -0500 (EST) (envelope-from wayne) Date: Tue, 13 Nov 2001 12:33:52 -0500 From: "Michael R. Wayne" To: freebsd-isp@FreeBSD.ORG Subject: Re: 2.1.7 FreeBSD Message-ID: <20011113123351.Y67008@staff.msen.com> References: <200111121213.fACCDIs17827@loki.uk.intranet> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <200111121213.fACCDIs17827@loki.uk.intranet>; from andys@telinco.net on Mon, Nov 12, 2001 at 12:13:18PM +0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org With all the issues surrounding keyboards, it would be REALLY useful to have a command to tell the kernel to just enable the keyboard now no matter what. /\/\ \/\/ On Mon, Nov 12, 2001 at 12:13:18PM +0000, Andrew Stothard wrote: > On Friday 09 November 2001 8:53 pm, Keith Woodworth wrote: > > Folks...weve had a 2.1.7 machine colo'd here for a few years (3 days shy > > of 500 days of uptime) and most of that time it has not had a > > monitor/keyboard plugged into it. (just ssh in all the time) > > One thing you could try to get local access without rebooting would be to > change /etc/ttys so there was a getty attached to one of the serial ports. On > 4.x and 3.x you would edit the line for ttyd0 and change the "off" to "on" > (I'm not sure if it would work on 2.1.7) and then run "init q". Then you > could just plug a terminal into the right serial port. > > While it doesn't solve the keyboard problem this would give you local access > to the server to change it's IP address without requiring a reboot. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 13 9:41:52 2001 Delivered-To: freebsd-isp@freebsd.org Received: from qmail.broadbandip.net (s01.wave-speed.net [204.1.106.4]) by hub.freebsd.org (Postfix) with SMTP id E046B37B405 for ; Tue, 13 Nov 2001 09:41:44 -0800 (PST) Received: (qmail 13606 invoked by uid 7770); 13 Nov 2001 17:41:44 -0000 Received: from nat-gw.gecinc.com (HELO travisl) (204.27.124.229) by s01.wave-speed.net with SMTP; 13 Nov 2001 17:41:44 -0000 From: "Travis L. Leuthauser" To: "Fabrizio Ravazzini" Cc: Subject: RE: Nat Gateway Firewall rules Date: Tue, 13 Nov 2001 11:41:44 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20011113172833.16267.qmail@web20106.mail.yahoo.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Why not assign all public IP's to the FreeBSD gateway and then forward port requests to internal boxes based on IP/port combinations. Like such: INTERNET | | |Public Ip0 _____|_________ | Router CISCO | +------+--------+ | |PublicIP1,PublicIP2,PublicIp3 +---------+ | NAT | |Firewall | +---------+ DMZLan1 +----+ | | +------+ |WWW1|--------+ +-----+-----| WWW2 | +----+ | +------+ | InternalLan1 |DNS (DMZLan2) Then do your forwarding like so: PublicIP2:80 --> DMZLan1:80 PublicIP2:53 --> DMZLan2:53 PublicIP3:80 --> InternalLan1:80 and so on. Hope this helps, Travis L. Leuthauser -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Fabrizio Ravazzini Sent: Tuesday, November 13, 2001 11:29 AM To: Fabrizio Ravazzini Cc: freebsd-isp@freebsd.org Subject: RE: Nat Gateway Firewall rules --- Fabrizio Ravazzini ha scritto: > many thanks for help,now I've tought to another > problem, I've read on the FreebSD Handbook > (cap17.11-Nat) and the natd manual page that with > the > option -redirect_address, if I have for example a > www > server I can redirect the traffic to this server > wich > is on the internal Lan or also to another machine > with > public Ip. > But the problem is: if I have two or more web > servers > in the lan or also out of the Lan which they must be > reached from the internet how can I redirect with > natd? > Because with natd I can redirect (I understood) only > one machine for one service. > Shortly the scheme: > OPS!! the correct scheme is this(With the router) INTERNET | | |Public Ip0 _____|_________ | Router CISCO | +------+--------+ | |PublicIP1 +---------+ | NAT | |Firewall | +---------+ PublicIP2 +----+ | | +------+ |WWW1|--------+ +-----+-----| WWW2 | +----+ | +------+ PublicIp3 | or InternalLan1 |DNS Thanks,bye > > --- John Brooks ha scritto: > > Try > these: > > > > http://www.obfuscation.org/ipf/ > > > > http://geodsoft.com/howto/harden/ > > > > -- > > John Brooks > > Email: john@stlbsd.org > > > > -----Original Message----- > > > > ...snip... > > > > I must provide a strong Firewall set of rules on > the > > nat, where can I find some docs to do such a > thing? > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the > message > > ______________________________________________________________________ > > Abbonati a Yahoo! ADSL con Atlanet! > Naviga su Internet ad alta velocità, e senza limiti > di tempo! > Per saperne di più vai alla pagina > http://adsl.yahoo.it > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message ______________________________________________________________________ Abbonati a Yahoo! ADSL con Atlanet! Naviga su Internet ad alta velocità, e senza limiti di tempo! Per saperne di più vai alla pagina http://adsl.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 13 9:43:15 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web20108.mail.yahoo.com (web20108.mail.yahoo.com [216.136.226.45]) by hub.freebsd.org (Postfix) with SMTP id 7D05437B405 for ; Tue, 13 Nov 2001 09:43:09 -0800 (PST) Message-ID: <20011113174309.7867.qmail@web20108.mail.yahoo.com> Received: from [62.11.71.109] by web20108.mail.yahoo.com via HTTP; Tue, 13 Nov 2001 18:43:09 CET Date: Tue, 13 Nov 2001 18:43:09 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: Re: Nat Gateway Firewall rules To: Drew Tomlinson Cc: freebsd-isp@freebsd.org In-Reply-To: <014b01c16c68$91889310$cd2a6ba5@lc.ca.gov> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ups! thanks but what a pity, but the option -alias_address or -target_address? Can they help me? --- Drew Tomlinson ha scritto: > ----- Original Message ----- > From: "Fabrizio Ravazzini" > To: > Cc: > Sent: Tuesday, November 13, 2001 9:18 AM > Subject: RE: Nat Gateway Firewall rules > > > > many thanks for help,now I've tought to another > > problem, I've read on the FreebSD Handbook > > (cap17.11-Nat) and the natd manual page that with > the > > option -redirect_address, if I have for example a > www > > server I can redirect the traffic to this server > wich > > is on the internal Lan or also to another machine > with > > public Ip. > > But the problem is: if I have two or more web > servers > > in the lan or also out of the Lan which they must > be > > reached from the internet how can I redirect with > > natd? > > The only way I know is to connect to them via > different ports. In other > words, tell NAT that requests on port 80 get > redirected to WWW1:80 and > requests on port 8080 get reidrected to WWW2:80. > Then to connect to > WWW2, you would put http://WWW2:8080 in your web > browser. > > HTH, > > Drew > > > Because with natd I can redirect (I understood) > only > > one machine for one service. > > Shortly the scheme: > > > > INTERNET > > | > > |PublicIP1 > > +---------+ > > | NAT | > > |Firewall | > > +---------+ PublicIP2 > > +----+ | | +------+ > > |WWW1|--------+ +-----+-----| WWW2 | > > +----+ | +------+ > > PublicIp3 | > > or InternalLan1 |DNS > > > > > > Thanks,bye > > > > > > --- John Brooks ha scritto: > > Try > > these: > > > > > > http://www.obfuscation.org/ipf/ > > > > > > http://geodsoft.com/howto/harden/ > > > > > > -- > > > John Brooks > > > Email: john@stlbsd.org > > > > > > -----Original Message----- > > > > > > ...snip... > > > > > > I must provide a strong Firewall set of rules on > the > > > nat, where can I find some docs to do such a > thing? > > > > > > > > > To Unsubscribe: send mail to > majordomo@FreeBSD.org > > > with "unsubscribe freebsd-isp" in the body of > the > > message > > > > > ______________________________________________________________________ > > > > Abbonati a Yahoo! ADSL con Atlanet! > > Naviga su Internet ad alta velocità, e senza > limiti di tempo! > > Per saperne di più vai alla pagina > http://adsl.yahoo.it > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the > message > > > > > ______________________________________________________________________ Abbonati a Yahoo! ADSL con Atlanet! Naviga su Internet ad alta velocità, e senza limiti di tempo! Per saperne di più vai alla pagina http://adsl.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 13 9:48:21 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web20102.mail.yahoo.com (web20102.mail.yahoo.com [216.136.226.39]) by hub.freebsd.org (Postfix) with SMTP id 2EE5C37B417 for ; Tue, 13 Nov 2001 09:48:10 -0800 (PST) Message-ID: <20011113174810.81828.qmail@web20102.mail.yahoo.com> Received: from [62.11.71.109] by web20102.mail.yahoo.com via HTTP; Tue, 13 Nov 2001 18:48:10 CET Date: Tue, 13 Nov 2001 18:48:10 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: RE: Nat Gateway Firewall rules To: "Travis L. Leuthauser" Cc: freebsd-isp@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ok ok, I got it, great, that's what I want. But How can I assign PublicIp1,2,3 to the gateway. I give more ip's to the same eth card on the gateway or I have to play with the router? --- "Travis L. Leuthauser" ha scritto: > Why not assign all public IP's to the FreeBSD > gateway and then forward port > requests to internal boxes based on IP/port > combinations. Like such: > > INTERNET > | > | > |Public Ip0 > _____|_________ > | Router CISCO | > +------+--------+ > | > |PublicIP1,PublicIP2,PublicIp3 > +---------+ > | NAT | > |Firewall | > +---------+ DMZLan1 > +----+ | | +------+ > |WWW1|--------+ +-----+-----| WWW2 | > +----+ | +------+ > | > InternalLan1 |DNS (DMZLan2) > > Then do your forwarding like so: > > PublicIP2:80 --> DMZLan1:80 > PublicIP2:53 --> DMZLan2:53 > PublicIP3:80 --> InternalLan1:80 > and so on. > > Hope this helps, > > Travis L. Leuthauser > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of > Fabrizio Ravazzini > Sent: Tuesday, November 13, 2001 11:29 AM > To: Fabrizio Ravazzini > Cc: freebsd-isp@freebsd.org > Subject: RE: Nat Gateway Firewall rules > > > --- Fabrizio Ravazzini ha > scritto: > many thanks for help,now I've tought to > another > > problem, I've read on the FreebSD Handbook > > (cap17.11-Nat) and the natd manual page that with > > the > > option -redirect_address, if I have for example a > > www > > server I can redirect the traffic to this server > > wich > > is on the internal Lan or also to another machine > > with > > public Ip. > > But the problem is: if I have two or more web > > servers > > in the lan or also out of the Lan which they must > be > > reached from the internet how can I redirect with > > natd? > > Because with natd I can redirect (I understood) > only > > one machine for one service. > > Shortly the scheme: > > > OPS!! the correct scheme is this(With the router) > > > INTERNET > | > | > |Public Ip0 > _____|_________ > | Router CISCO | > +------+--------+ > | > |PublicIP1 > +---------+ > | NAT | > |Firewall | > +---------+ PublicIP2 > +----+ | | +------+ > |WWW1|--------+ +-----+-----| WWW2 | > +----+ | +------+ > PublicIp3 | > or InternalLan1 |DNS > > > Thanks,bye > > > > > --- John Brooks ha scritto: > > > Try > > these: > > > > > > http://www.obfuscation.org/ipf/ > > > > > > http://geodsoft.com/howto/harden/ > > > > > > -- > > > John Brooks > > > Email: john@stlbsd.org > > > > > > -----Original Message----- > > > > > > ...snip... > > > > > > I must provide a strong Firewall set of rules on > > the > > > nat, where can I find some docs to do such a > > thing? > > > > > > > > > To Unsubscribe: send mail to > majordomo@FreeBSD.org > > > with "unsubscribe freebsd-isp" in the body of > the > > message > > > > > ______________________________________________________________________ > > > > Abbonati a Yahoo! ADSL con Atlanet! > > Naviga su Internet ad alta velocità, e senza > limiti > > di tempo! > > Per saperne di più vai alla pagina > > http://adsl.yahoo.it > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the > message > > ______________________________________________________________________ > > Abbonati a Yahoo! ADSL con Atlanet! > Naviga su Internet ad alta velocità, e senza limiti > di tempo! > Per saperne di più vai alla pagina > http://adsl.yahoo.it > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the > message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message ______________________________________________________________________ Abbonati a Yahoo! ADSL con Atlanet! Naviga su Internet ad alta velocità, e senza limiti di tempo! Per saperne di più vai alla pagina http://adsl.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 13 9:52: 5 2001 Delivered-To: freebsd-isp@freebsd.org Received: from qmail.broadbandip.net (s01.wave-speed.net [204.1.106.4]) by hub.freebsd.org (Postfix) with SMTP id 8E8AB37B418 for ; Tue, 13 Nov 2001 09:51:56 -0800 (PST) Received: (qmail 14262 invoked by uid 7770); 13 Nov 2001 17:51:56 -0000 Received: from nat-gw.gecinc.com (HELO travisl) (204.27.124.229) by s01.wave-speed.net with SMTP; 13 Nov 2001 17:51:56 -0000 From: "Travis L. Leuthauser" To: "Fabrizio Ravazzini" Cc: Subject: RE: Nat Gateway Firewall rules Date: Tue, 13 Nov 2001 11:51:55 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20011113174810.81828.qmail@web20102.mail.yahoo.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm making the assumption that all of your public IP's are in the same subnet. That being the case, you would setup PublicIP2 and PublicIP3 as aliases to your ethernet card.. ifconfig xl0 inet PublicIP2 netmask 255.255.255.255 alias ifconfig xl0 inet PublicIP3 netmask 255.255.255.255 alias ^^^ replace w/ whatever your external ethernet card driver is. Travis L. Leuthauser -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Fabrizio Ravazzini Sent: Tuesday, November 13, 2001 11:48 AM To: Travis L. Leuthauser Cc: freebsd-isp@freebsd.org Subject: RE: Nat Gateway Firewall rules Ok ok, I got it, great, that's what I want. But How can I assign PublicIp1,2,3 to the gateway. I give more ip's to the same eth card on the gateway or I have to play with the router? --- "Travis L. Leuthauser" ha scritto: > Why not assign all public IP's to the FreeBSD > gateway and then forward port > requests to internal boxes based on IP/port > combinations. Like such: > > INTERNET > | > | > |Public Ip0 > _____|_________ > | Router CISCO | > +------+--------+ > | > |PublicIP1,PublicIP2,PublicIp3 > +---------+ > | NAT | > |Firewall | > +---------+ DMZLan1 > +----+ | | +------+ > |WWW1|--------+ +-----+-----| WWW2 | > +----+ | +------+ > | > InternalLan1 |DNS (DMZLan2) > > Then do your forwarding like so: > > PublicIP2:80 --> DMZLan1:80 > PublicIP2:53 --> DMZLan2:53 > PublicIP3:80 --> InternalLan1:80 > and so on. > > Hope this helps, > > Travis L. Leuthauser > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of > Fabrizio Ravazzini > Sent: Tuesday, November 13, 2001 11:29 AM > To: Fabrizio Ravazzini > Cc: freebsd-isp@freebsd.org > Subject: RE: Nat Gateway Firewall rules > > > --- Fabrizio Ravazzini ha > scritto: > many thanks for help,now I've tought to > another > > problem, I've read on the FreebSD Handbook > > (cap17.11-Nat) and the natd manual page that with > > the > > option -redirect_address, if I have for example a > > www > > server I can redirect the traffic to this server > > wich > > is on the internal Lan or also to another machine > > with > > public Ip. > > But the problem is: if I have two or more web > > servers > > in the lan or also out of the Lan which they must > be > > reached from the internet how can I redirect with > > natd? > > Because with natd I can redirect (I understood) > only > > one machine for one service. > > Shortly the scheme: > > > OPS!! the correct scheme is this(With the router) > > > INTERNET > | > | > |Public Ip0 > _____|_________ > | Router CISCO | > +------+--------+ > | > |PublicIP1 > +---------+ > | NAT | > |Firewall | > +---------+ PublicIP2 > +----+ | | +------+ > |WWW1|--------+ +-----+-----| WWW2 | > +----+ | +------+ > PublicIp3 | > or InternalLan1 |DNS > > > Thanks,bye > > > > > --- John Brooks ha scritto: > > > Try > > these: > > > > > > http://www.obfuscation.org/ipf/ > > > > > > http://geodsoft.com/howto/harden/ > > > > > > -- > > > John Brooks > > > Email: john@stlbsd.org > > > > > > -----Original Message----- > > > > > > ...snip... > > > > > > I must provide a strong Firewall set of rules on > > the > > > nat, where can I find some docs to do such a > > thing? > > > > > > > > > To Unsubscribe: send mail to > majordomo@FreeBSD.org > > > with "unsubscribe freebsd-isp" in the body of > the > > message > > > > > ______________________________________________________________________ > > > > Abbonati a Yahoo! ADSL con Atlanet! > > Naviga su Internet ad alta velocità, e senza > limiti > > di tempo! > > Per saperne di più vai alla pagina > > http://adsl.yahoo.it > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the > message > > ______________________________________________________________________ > > Abbonati a Yahoo! ADSL con Atlanet! > Naviga su Internet ad alta velocità, e senza limiti > di tempo! > Per saperne di più vai alla pagina > http://adsl.yahoo.it > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the > message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message ______________________________________________________________________ Abbonati a Yahoo! ADSL con Atlanet! Naviga su Internet ad alta velocità, e senza limiti di tempo! Per saperne di più vai alla pagina http://adsl.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 13 9:56: 9 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web20107.mail.yahoo.com (web20107.mail.yahoo.com [216.136.226.44]) by hub.freebsd.org (Postfix) with SMTP id 870E937B416 for ; Tue, 13 Nov 2001 09:55:36 -0800 (PST) Message-ID: <20011113175536.44670.qmail@web20107.mail.yahoo.com> Received: from [62.11.71.109] by web20107.mail.yahoo.com via HTTP; Tue, 13 Nov 2001 18:55:36 CET Date: Tue, 13 Nov 2001 18:55:36 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: RE: Nat Gateway Firewall rules To: "Travis L. Leuthauser" Cc: freebsd-isp@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thanks a lot,Tomorrow morning I'll try. Best regards --- "Travis L. Leuthauser" ha scritto: > I'm making the assumption that all of your public > IP's are in the same > subnet. That being the case, you would setup > PublicIP2 and PublicIP3 as > aliases to your ethernet card.. > > ifconfig xl0 inet PublicIP2 netmask 255.255.255.255 > alias > ifconfig xl0 inet PublicIP3 netmask 255.255.255.255 > alias > ^^^ replace w/ whatever your external > ethernet card driver is. > > Travis L. Leuthauser > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of > Fabrizio Ravazzini > Sent: Tuesday, November 13, 2001 11:48 AM > To: Travis L. Leuthauser > Cc: freebsd-isp@freebsd.org > Subject: RE: Nat Gateway Firewall rules > > > Ok ok, I got it, great, that's what I want. > But How can I assign PublicIp1,2,3 to the gateway. > I give more ip's to the same eth card on the gateway > or I have to play with the router? > > --- "Travis L. Leuthauser" ha > scritto: > Why not assign all public IP's to the > FreeBSD > > gateway and then forward port > > requests to internal boxes based on IP/port > > combinations. Like such: > > > > INTERNET > > | > > | > > |Public Ip0 > > _____|_________ > > | Router CISCO | > > +------+--------+ > > | > > |PublicIP1,PublicIP2,PublicIp3 > > +---------+ > > | NAT | > > |Firewall | > > +---------+ DMZLan1 > > +----+ | | +------+ > > |WWW1|--------+ +-----+-----| WWW2 | > > +----+ | +------+ > > | > > InternalLan1 |DNS (DMZLan2) > > > > Then do your forwarding like so: > > > > PublicIP2:80 --> DMZLan1:80 > > PublicIP2:53 --> DMZLan2:53 > > PublicIP3:80 --> InternalLan1:80 > > and so on. > > > > Hope this helps, > > > > Travis L. Leuthauser > > > > -----Original Message----- > > From: owner-freebsd-isp@FreeBSD.ORG > > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of > > Fabrizio Ravazzini > > Sent: Tuesday, November 13, 2001 11:29 AM > > To: Fabrizio Ravazzini > > Cc: freebsd-isp@freebsd.org > > Subject: RE: Nat Gateway Firewall rules > > > > > > --- Fabrizio Ravazzini ha > > scritto: > many thanks for help,now I've tought to > > another > > > problem, I've read on the FreebSD Handbook > > > (cap17.11-Nat) and the natd manual page that > with > > > the > > > option -redirect_address, if I have for example > a > > > www > > > server I can redirect the traffic to this server > > > wich > > > is on the internal Lan or also to another > machine > > > with > > > public Ip. > > > But the problem is: if I have two or more web > > > servers > > > in the lan or also out of the Lan which they > must > > be > > > reached from the internet how can I redirect > with > > > natd? > > > Because with natd I can redirect (I understood) > > only > > > one machine for one service. > > > Shortly the scheme: > > > > > OPS!! the correct scheme is this(With the router) > > > > > > INTERNET > > | > > | > > |Public Ip0 > > _____|_________ > > | Router CISCO | > > +------+--------+ > > | > > |PublicIP1 > > +---------+ > > | NAT | > > |Firewall | > > +---------+ PublicIP2 > > +----+ | | +------+ > > |WWW1|--------+ +-----+-----| WWW2 | > > +----+ | +------+ > > PublicIp3 | > > or InternalLan1 |DNS > > > > > > Thanks,bye > > > > > > > > --- John Brooks ha scritto: > > > > > Try > > > these: > > > > > > > > http://www.obfuscation.org/ipf/ > > > > > > > > http://geodsoft.com/howto/harden/ > > > > > > > > -- > > > > John Brooks > > > > Email: john@stlbsd.org > > > > > > > > -----Original Message----- > > > > > > > > ...snip... > > > > > > > > I must provide a strong Firewall set of rules > on > > > the > > > > nat, where can I find some docs to do such a > > > thing? > > > > > > > > > > > > To Unsubscribe: send mail to > > majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-isp" in the body of > > the > > > message > > > > > > > > > ______________________________________________________________________ > > > > > > Abbonati a Yahoo! ADSL con Atlanet! > > > Naviga su Internet ad alta velocità, e senza > > limiti > > > di tempo! > > > Per saperne di più vai alla pagina > > > http://adsl.yahoo.it > > > > > > To Unsubscribe: send mail to > majordomo@FreeBSD.org > > > with "unsubscribe freebsd-isp" in the body of > the > > message > > > > > ______________________________________________________________________ > > > > Abbonati a Yahoo! ADSL con Atlanet! > > Naviga su Internet ad alta velocità, e senza > limiti > > di tempo! > > Per saperne di più vai alla pagina > > http://adsl.yahoo.it > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the > > message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the > message > > ______________________________________________________________________ > > Abbonati a Yahoo! ADSL con Atlanet! > === message truncated === ______________________________________________________________________ Abbonati a Yahoo! ADSL con Atlanet! Naviga su Internet ad alta velocità, e senza limiti di tempo! Per saperne di più vai alla pagina http://adsl.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 13 10: 1: 5 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mta01-srv.alltel.net (mta01.alltel.net [166.102.165.143]) by hub.freebsd.org (Postfix) with ESMTP id 5C59037B416 for ; Tue, 13 Nov 2001 10:01:01 -0800 (PST) Received: from laptop.lambertfam.org ([166.102.201.85]) by mta01-srv.alltel.net with ESMTP id <20011113180100.YIWG7145.mta01-srv.alltel.net@laptop.lambertfam.org> for ; Tue, 13 Nov 2001 12:01:00 -0600 Received: by laptop.lambertfam.org (Postfix, from userid 1000) id 141B128B09; Tue, 13 Nov 2001 13:00:55 -0500 (EST) Date: Tue, 13 Nov 2001 13:00:55 -0500 From: Scott Lambert To: freebsd-isp@FreeBSD.ORG Subject: Re: 2.1.7 FreeBSD Message-ID: <20011113130055.A20495@laptop.lambertfam.org> Mail-Followup-To: freebsd-isp@FreeBSD.ORG References: <200111121213.fACCDIs17827@loki.uk.intranet> <20011113123351.Y67008@staff.msen.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011113123351.Y67008@staff.msen.com>; from wayne@staff.msen.com on Tue, Nov 13, 2001 at 12:33:52PM -0500 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Nov 13, 2001 at 12:33:52PM -0500, Michael R. Wayne wrote: > With all the issues surrounding keyboards, it would be REALLY useful > to have a command to tell the kernel to just enable the keyboard > now no matter what. I had one machine where the BIOS would apparantly remove the keyboard interface if there was not a keyboard connected at POST time. -- Scott Lambert KC5MLE Unix SysAdmin -- Looking for work. lambert@lambertfam.org http://www.lambertfam.org/~lambert/resume.html 2.5 years Sr. SysAdmin experience with FreeBSD in small & medium size ISPs. The last 5 months have included exposure to Solaris 7, True64 5, and Linux. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 13 12: 3:23 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ady.warpnet.ro (ady.warpnet.ro [217.156.25.2]) by hub.freebsd.org (Postfix) with ESMTP id 8806237B416 for ; Tue, 13 Nov 2001 12:03:20 -0800 (PST) Received: from localhost (ady@localhost) by ady.warpnet.ro (8.9.3/8.9.3) with ESMTP id VAA03298 for ; Tue, 13 Nov 2001 21:53:14 +0200 (EET) (envelope-from ady@warpnet.ro) Date: Tue, 13 Nov 2001 21:53:13 +0200 (EET) From: Adrian Penisoara To: freebsd-isp@FreeBSD.ORG Subject: Forcing sendmail to react to quota limits Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I'm using 4.4-STABLE (sendmail 8.11.6) and I'm having a hard time with user quotas. For example for users that have reached their quota limits sendmail correctly doesn't deliver any new mail to their mailboxes but instead it queues it in the mail spool which grows to fill the entire fs. How can I make sendmail refuse messages for accounts that have their quota limit reached ? Thank you very much, Ady (@warpnet.ro) _______________________________________________________________________ | Programming in BASIC causes brain damage. | | (Edsger Wybe Dijkstra) | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 13 13: 4:28 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ady.warpnet.ro (ady.warpnet.ro [217.156.25.2]) by hub.freebsd.org (Postfix) with ESMTP id B3BE337B41A for ; Tue, 13 Nov 2001 13:04:10 -0800 (PST) Received: from localhost (ady@localhost) by ady.warpnet.ro (8.9.3/8.9.3) with ESMTP id WAA05766 for ; Tue, 13 Nov 2001 22:54:04 +0200 (EET) (envelope-from ady@warpnet.ro) Date: Tue, 13 Nov 2001 22:54:03 +0200 (EET) From: Adrian Penisoara To: freebsd-isp@FreeBSD.ORG Subject: Re: Forcing sendmail to react to quota limits In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Responding to my own question: in /etc/mail/.mc insert just _before_ "MAILER(local)": define(`LOCAL_MAILER_ARGS', `mail.local -lb') then "make install" in /etc/mail. Take care to have in /etc/make.conf a line like this: SENDMAIL_MC=/etc/mail/.mc See mail.local(8) for the meaning of -b flag. Yours, Ady (@warpnet.ro) _______________________________________________________________________ | Programming in BASIC causes brain damage. | | (Edsger Wybe Dijkstra) | On Tue, 13 Nov 2001, Adrian Penisoara wrote: > Hi, > > I'm using 4.4-STABLE (sendmail 8.11.6) and I'm having a hard time with > user quotas. For example for users that have reached their quota limits > sendmail correctly doesn't deliver any new mail to their mailboxes but > instead it queues it in the mail spool which grows to fill the entire fs. > > How can I make sendmail refuse messages for accounts that have their > quota limit reached ? > > Thank you very much, > Ady (@warpnet.ro) > _______________________________________________________________________ > | Programming in BASIC causes brain damage. | > | (Edsger Wybe Dijkstra) | > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 13 18:32:55 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail1.tor.primus.ca (mail.tor.primus.ca [216.254.136.21]) by hub.freebsd.org (Postfix) with ESMTP id 3DBC437B416 for ; Tue, 13 Nov 2001 18:32:53 -0800 (PST) Received: from dialin-135-111.hamilton.primus.ca ([209.90.135.111]) by mail1.tor.primus.ca with esmtp (Exim 2.11 #1) id 163ptQ-0003zd-05 for freebsd-isp@FreeBSD.ORG; Tue, 13 Nov 2001 21:35:13 -0500 Date: Tue, 13 Nov 2001 21:32:54 -0500 (EST) From: Jason Hunt X-X-Sender: leth@lethargic.dyndns.org To: freebsd-isp@FreeBSD.ORG Subject: Re: 2.1.7 FreeBSD In-Reply-To: <20011113123351.Y67008@staff.msen.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Do realize that this is more of a hardware issue than software. My experience with keyboards on PC's is like this; For AT keyboards (the bigger, older ones) the keyboard will not work if you boot the machine without a keyboard. As well, the keyboard will not work if you unplug it and plug it back in, it will not work. I have been told that this is not true, but I have never seen the opposite of what I described to have happened. For PS2 keyboards (the smaller, news ones, that have the same connectors as PS2 mice) it will depend on the motherboard. With some [cheaper it seems] motherboards, the keyboard will not work if the machine is booted without a keyboard or if the keyboard is unplugged and re-inserted. With other [more expensive?] motherboards the keyboard works as normal if it is plugged in after the machine is booted, or if it is removed and re-inserted. The BIOS setting for if the machine should give an error on boot without a keyboard MAY have an effect on this, but I have never really cared too much. :) In my experience, Asus motherboards always let me unplug the keyboard and plug it in later. Gigabit and some other weird ones always seem to not recognize when the keyboard has been plugged in after the machine is booted. Mice are quite similar it seems as well. Just my two cents. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 14 5:39: 9 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hawk-systems.com (hawk-systems.com [161.58.152.235]) by hub.freebsd.org (Postfix) with ESMTP id 2C1E937B405 for ; Wed, 14 Nov 2001 05:39:05 -0800 (PST) Received: from cr159591a (cr159591-a.pr1.on.wave.home.com [24.102.18.54]) by hawk-systems.com (8.11.6) id fAEDd2Z95312; Wed, 14 Nov 2001 06:39:03 -0700 (MST) From: dave@hawk-systems.com (Dave) To: "Jason Hunt" , Subject: RE: 2.1.7 FreeBSD Date: Wed, 14 Nov 2001 08:41:13 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org To resolve this infrequent but annoying issue, we ended up installing a kvm switch for each bank of servers. Not the best solution from a cost perspective... but prevents any reboots just to gain access to keyboard and mouse for working on the system. KVM switch sends the keyboard and mouse signal when a reboot occurs, and you can plug the actual keybrd, mouse, and monitor into the KVM switch when they are needed to service servers in the rack. Dave >-----Original Message----- >From: owner-freebsd-isp@FreeBSD.ORG >[mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Jason Hunt >Sent: Tuesday, November 13, 2001 9:33 PM >To: freebsd-isp@FreeBSD.ORG >Subject: Re: 2.1.7 FreeBSD > > >Do realize that this is more of a hardware issue than software. My >experience with keyboards on PC's is like this; > >For AT keyboards (the bigger, older ones) the keyboard will not work if >you boot the machine without a keyboard. As well, the keyboard will not >work if you unplug it and plug it back in, it will not work. I have been >told that this is not true, but I have never seen the opposite of what I >described to have happened. > >For PS2 keyboards (the smaller, news ones, that have the same connectors >as PS2 mice) it will depend on the motherboard. With some [cheaper it >seems] motherboards, the keyboard will not work if the machine is booted >without a keyboard or if the keyboard is unplugged and re-inserted. With >other [more expensive?] motherboards the keyboard works as normal if it is >plugged in after the machine is booted, or if it is removed and >re-inserted. The BIOS setting for if the machine should give an error on >boot without a keyboard MAY have an effect on this, but I have never >really cared too much. :) > >In my experience, Asus motherboards always let me unplug the keyboard and >plug it in later. Gigabit and some other weird ones always seem to not >recognize when the keyboard has been plugged in after the machine is >booted. > >Mice are quite similar it seems as well. > >Just my two cents. > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 14 7: 2:10 2001 Delivered-To: freebsd-isp@freebsd.org Received: from tsunami.acidpit.org (tsunami.acidpit.org [206.190.163.234]) by hub.freebsd.org (Postfix) with ESMTP id 76E6837B417 for ; Wed, 14 Nov 2001 07:02:05 -0800 (PST) Received: (from rch@localhost) by tsunami.acidpit.org (8.11.3/8.11.3) id fAEF24J48020 for freebsd-isp@FreeBSD.ORG; Wed, 14 Nov 2001 10:02:04 -0500 (EST) (envelope-from rch@acidpit.org) Date: Wed, 14 Nov 2001 10:02:03 -0500 From: Robert Hough To: freebsd-isp@FreeBSD.ORG Subject: cucipop + file locking Message-ID: <20011114100203.A48002@acidpit.org> Mail-Followup-To: freebsd-isp@FreeBSD.ORG Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Question to anyone using cucipop out there, sorry it's not exactly a FreeBSD related question. Just curious as to what locking methods people are using out there, and if there is a good place to understand what each method is good for. If too terribly off-topic, please just reply off list. Thanks. -- Robert Hough (rch@acidpit.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 14 21:32:36 2001 Delivered-To: freebsd-isp@freebsd.org Received: from infiniteloop.ca (infiniteloop.ca [216.126.86.53]) by hub.freebsd.org (Postfix) with ESMTP id 8D3D137B416 for ; Wed, 14 Nov 2001 21:32:33 -0800 (PST) Received: from mia.samurai.com (xtreme9-251.aci.on.ca [209.50.83.251]) by infiniteloop.ca (Postfix) with ESMTP id 6C1881C9 for ; Thu, 15 Nov 2001 00:32:11 -0500 (EST) Message-Id: <5.1.0.14.2.20011115002937.02913920@home.samurai.com> X-Sender: (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 15 Nov 2001 00:30:58 -0500 To: freebsd-isp@freebsd.org From: Blake Crosby Subject: Source Based Routing Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm sorry if this is off topic, nor is directed at the wrong list. I have cable and DSL. I want to use cable for most of my traffic, as it is cheaper. But I want to use DSL for incoming SMTP connections, because DSL provider allows me to run an SMTP server (cable provider forbids it) and gives me a permanent IP. I don't want to have to use someone else's mail server as a gateway to mine. The cable provider will not let me send packets back to the Internet with the source address of my DSL IP. This causes a problem when a remote site tries to connect to DSL IP port 25, but the reply packets get sent out the default route of cable. How can I make packets for a TCP connection from the DSL IP, go out the DSL interface, no matter what the IP of the other end of the TCP connection is? There used to a be a FreeBSD port called brouted which I think might let me do it, but I can't find it anywhere now (apparently it had security flaws). Blake Crosby dev@samurai.com http://www.blakecrosby.com "It's good to see that you haven't lost your talent for saying something so completely outrageously false it defies any possible retort." - Mike Hodnett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 14 21:46:25 2001 Delivered-To: freebsd-isp@freebsd.org Received: from misery.sdf.com (misery.sdf.com [207.200.153.226]) by hub.freebsd.org (Postfix) with ESMTP id E6B5F37B416 for ; Wed, 14 Nov 2001 21:46:22 -0800 (PST) Received: from tom (helo=localhost) by misery.sdf.com with local-esmtp (Exim 2.12 #1) id 164EpN-0006Z8-00; Wed, 14 Nov 2001 21:12:41 -0800 Date: Wed, 14 Nov 2001 21:12:40 -0800 (PST) From: Tom Samplonius To: Blake Crosby Cc: freebsd-isp@freebsd.org Subject: Re: Source Based Routing In-Reply-To: <5.1.0.14.2.20011115002937.02913920@home.samurai.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 15 Nov 2001, Blake Crosby wrote: > I have cable and DSL. I want to use cable for most of my traffic, as it > is cheaper. But I want to use DSL for incoming SMTP connections, ... FAQ: ipfw allows you to do policy based routing. Instead of the usual destination based routing, you can set the gateway based on any field ipfw can match. Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 14 21:51:15 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.day-light.net (dle.day-light.net [64.37.72.2]) by hub.freebsd.org (Postfix) with ESMTP id 65CC537B405 for ; Wed, 14 Nov 2001 21:51:11 -0800 (PST) Received: from w1 (118-203.bestdsl.net [216.162.118.203]) by mail.day-light.net (Postfix) with SMTP id 7370A43E52; Wed, 14 Nov 2001 23:51:10 -0600 (CST) Reply-To: From: "John Brooks" To: "'Blake Crosby'" , Subject: RE: Source Based Routing Date: Wed, 14 Nov 2001 23:51:17 -0600 Message-ID: <000401c16d99$8ef79a60$1505010a@daylight.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 In-Reply-To: <5.1.0.14.2.20011115002937.02913920@home.samurai.com> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm curious, besides spamming, why would you want to do this? How much outbound SMTP does it take to make it "cheaper"? -- John Brooks Email: john@stlbsd.org -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Blake Crosby Sent: Wednesday, November 14, 2001 11:31 PM To: freebsd-isp@freebsd.org Subject: Source Based Routing I'm sorry if this is off topic, nor is directed at the wrong list. I have cable and DSL. I want to use cable for most of my traffic, as it is cheaper. But I want to use DSL for incoming SMTP connections, because DSL provider allows me to run an SMTP server (cable provider forbids it) and gives me a permanent IP. I don't want to have to use someone else's mail server as a gateway to mine. The cable provider will not let me send packets back to the Internet with the source address of my DSL IP. This causes a problem when a remote site tries to connect to DSL IP port 25, but the reply packets get sent out the default route of cable. How can I make packets for a TCP connection from the DSL IP, go out the DSL interface, no matter what the IP of the other end of the TCP connection is? There used to a be a FreeBSD port called brouted which I think might let me do it, but I can't find it anywhere now (apparently it had security flaws). Blake Crosby dev@samurai.com http://www.blakecrosby.com "It's good to see that you haven't lost your talent for saying something so completely outrageously false it defies any possible retort." - Mike Hodnett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 14 21:58:29 2001 Delivered-To: freebsd-isp@freebsd.org Received: from misery.sdf.com (misery.sdf.com [207.200.153.226]) by hub.freebsd.org (Postfix) with ESMTP id 043BC37B417 for ; Wed, 14 Nov 2001 21:58:25 -0800 (PST) Received: from tom (helo=localhost) by misery.sdf.com with local-esmtp (Exim 2.12 #1) id 164F0p-0006ac-00; Wed, 14 Nov 2001 21:24:31 -0800 Date: Wed, 14 Nov 2001 21:24:29 -0800 (PST) From: Tom Samplonius To: John Brooks Cc: 'Blake Crosby' , freebsd-isp@freebsd.org Subject: RE: Source Based Routing In-Reply-To: <000401c16d99$8ef79a60$1505010a@daylight.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The issue is for incoming SMTP. Incoming mail connections go to the DSL IP. Problem: Return traffic gets routing via the routing table, so which gateway (DSL or Cable) do you point your default route to? If you point to Cable, your responses won't get back to the SMTP sender and you will get no e-mail. If you set it to the DSL gateway, STMP receiving will work, but you won't use the Cable link at all. Answer: ipfw fwd. The problem and the solution are both FAQs. Tom On Wed, 14 Nov 2001, John Brooks wrote: > I'm curious, besides spamming, why would you want to do this? How much > outbound SMTP does it take to make it "cheaper"? > > -- > John Brooks > Email: john@stlbsd.org > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Blake Crosby > Sent: Wednesday, November 14, 2001 11:31 PM > To: freebsd-isp@freebsd.org > Subject: Source Based Routing > > > I'm sorry if this is off topic, nor is directed at the wrong list. > > I have cable and DSL. I want to use cable for most of my traffic, as it > is cheaper. But I want to use DSL for incoming SMTP connections, > because DSL provider allows me to run an SMTP server (cable provider > forbids it) and gives me a permanent IP. I don't want to have to use > someone else's mail server as a gateway to mine. > > The cable provider will not let me send packets back to the Internet > with the source address of my DSL IP. This causes a problem when a > remote site tries to connect to DSL IP port 25, but the reply packets > get sent out the default route of cable. > > How can I make packets for a TCP connection from the DSL IP, go out the > DSL interface, no matter what the IP of the other end of the TCP > connection is? > > There used to a be a FreeBSD port called brouted which I think might let > me do it, but I can't find it anywhere now (apparently it had security > flaws). > > > Blake Crosby > dev@samurai.com > http://www.blakecrosby.com > > "It's good to see that you haven't > lost your talent for saying something > so completely outrageously false > it defies any possible retort." > - Mike Hodnett > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 14 22: 4:35 2001 Delivered-To: freebsd-isp@freebsd.org Received: from infiniteloop.ca (infiniteloop.ca [216.126.86.53]) by hub.freebsd.org (Postfix) with ESMTP id 7789E37B416 for ; Wed, 14 Nov 2001 22:04:33 -0800 (PST) Received: from mia.samurai.com (xtreme9-251.aci.on.ca [209.50.83.251]) by infiniteloop.ca (Postfix) with ESMTP id A75631C6; Thu, 15 Nov 2001 01:04:32 -0500 (EST) Message-Id: <5.1.0.14.2.20011115010314.02a19008@home.samurai.com> X-Sender: (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 15 Nov 2001 01:04:05 -0500 To: Tom Samplonius From: Blake Crosby Subject: Re: Source Based Routing Cc: freebsd-isp@freebsd.org In-Reply-To: References: <5.1.0.14.2.20011115002937.02913920@home.samurai.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ahhh yes.. apologies. I assumed ipfw hasn't changed since FreeBSD 3.0 - sorry 'bout that. Blake At 09:12 PM 2001/11/14 -0800, Tom Samplonius wrote: >On Thu, 15 Nov 2001, Blake Crosby wrote: > > > I have cable and DSL. I want to use cable for most of my traffic, as it > > is cheaper. But I want to use DSL for incoming SMTP connections, >... > > FAQ: ipfw allows you to do policy based routing. Instead of the usual >destination based routing, you can set the gateway based on any field ipfw >can match. > >Tom > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 14 22:10:37 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.day-light.net (dle.day-light.net [64.37.72.2]) by hub.freebsd.org (Postfix) with ESMTP id 1BDF437B405 for ; Wed, 14 Nov 2001 22:10:35 -0800 (PST) Received: from w1 (118-203.bestdsl.net [216.162.118.203]) by mail.day-light.net (Postfix) with SMTP id 606F243E52; Thu, 15 Nov 2001 00:10:34 -0600 (CST) Reply-To: From: "John Brooks" To: "'Tom Samplonius'" Cc: "'Blake Crosby'" , Subject: RE: Source Based Routing Date: Thu, 15 Nov 2001 00:10:38 -0600 Message-ID: <000501c16d9c$44a0d000$1505010a@daylight.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 In-Reply-To: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thanks... should be able to do the same with ipfilter/ipnat -- John Brooks Email: john@stlbsd.org -----Original Message----- From: Tom Samplonius Sent: Wednesday, November 14, 2001 11:24 PM Subject: RE: Source Based Routing The issue is for incoming SMTP. Incoming mail connections go to the DSL IP. Problem: Return traffic gets routing via the routing table, so which gateway (DSL or Cable) do you point your default route to? If you point to Cable, your responses won't get back to the SMTP sender and you will get no e-mail. If you set it to the DSL gateway, STMP receiving will work, but you won't use the Cable link at all. Answer: ipfw fwd. The problem and the solution are both FAQs. Tom On Wed, 14 Nov 2001, John Brooks wrote: > I'm curious ... why would you want to do this? ... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 15 0:41:36 2001 Delivered-To: freebsd-isp@freebsd.org Received: from kermit.netivity.nl (wc-68.r-195-85-144.essentkabel.com [195.85.144.68]) by hub.freebsd.org (Postfix) with ESMTP id B326137B405 for ; Thu, 15 Nov 2001 00:41:26 -0800 (PST) Received: by KERMIT with Internet Mail Service (5.5.2653.19) id ; Thu, 15 Nov 2001 09:41:24 +0100 Message-ID: <510EAC2065C0D311929200A02472526237A505@NETIVITY-FS> From: Enriko Groen To: 'Blake Crosby' , freebsd-isp@freebsd.org Subject: RE: Source Based Routing Date: Thu, 15 Nov 2001 09:41:19 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I tried to do this with ipfilter, but never managed to get it working. Lately I found a packaged called brouted which should do source-based routing. Still have to check and try it. Let me hear when you succeed succesfully! -----Original Message----- From: Blake Crosby [mailto:dev@samurai.com] Sent: Thursday, November 15, 2001 6:31 AM To: freebsd-isp@freebsd.org Subject: Source Based Routing I'm sorry if this is off topic, nor is directed at the wrong list. I have cable and DSL. I want to use cable for most of my traffic, as it is cheaper. But I want to use DSL for incoming SMTP connections, because DSL provider allows me to run an SMTP server (cable provider forbids it) and gives me a permanent IP. I don't want to have to use someone else's mail server as a gateway to mine. The cable provider will not let me send packets back to the Internet with the source address of my DSL IP. This causes a problem when a remote site tries to connect to DSL IP port 25, but the reply packets get sent out the default route of cable. How can I make packets for a TCP connection from the DSL IP, go out the DSL interface, no matter what the IP of the other end of the TCP connection is? There used to a be a FreeBSD port called brouted which I think might let me do it, but I can't find it anywhere now (apparently it had security flaws). Blake Crosby dev@samurai.com http://www.blakecrosby.com "It's good to see that you haven't lost your talent for saying something so completely outrageously false it defies any possible retort." - Mike Hodnett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 15 2:13:55 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web20105.mail.yahoo.com (web20105.mail.yahoo.com [216.136.226.42]) by hub.freebsd.org (Postfix) with SMTP id AB2F837B405 for ; Thu, 15 Nov 2001 02:13:46 -0800 (PST) Message-ID: <20011115101346.11165.qmail@web20105.mail.yahoo.com> Received: from [195.223.20.3] by web20105.mail.yahoo.com via HTTP; Thu, 15 Nov 2001 11:13:46 CET Date: Thu, 15 Nov 2001 11:13:46 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: RE: Nat Gateway Firewall rules & ipf To: "Travis L. Leuthauser" Cc: freebsd-isp@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello,finally we've done the Nat/firewall between our Lan and the Internet with natd & ipfw. We've read somewhere that we can do the same thing using ipnat & ipfilter (as is in openbsd), the question is, why someone did so? is ipnat/ipf faster than natd/ipfw ? or also ipf more "secure" than ipfw? We question this because our Lan is composed of about 200 machines, so some extra speed would be appreciated. thanks --- "Travis L. Leuthauser" ha scritto: > I'm making the assumption that all of your public > IP's are in the same > subnet. That being the case, you would setup > PublicIP2 and PublicIP3 as > aliases to your ethernet card.. > > ifconfig xl0 inet PublicIP2 netmask 255.255.255.255 > alias > ifconfig xl0 inet PublicIP3 netmask 255.255.255.255 > alias > ^^^ replace w/ whatever your external > ethernet card driver is. > > Travis L. Leuthauser > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of > Fabrizio Ravazzini > Sent: Tuesday, November 13, 2001 11:48 AM > To: Travis L. Leuthauser > Cc: freebsd-isp@freebsd.org > Subject: RE: Nat Gateway Firewall rules > > > Ok ok, I got it, great, that's what I want. > But How can I assign PublicIp1,2,3 to the gateway. > I give more ip's to the same eth card on the gateway > or I have to play with the router? > > --- "Travis L. Leuthauser" ha > scritto: > Why not assign all public IP's to the > FreeBSD > > gateway and then forward port > > requests to internal boxes based on IP/port > > combinations. Like such: > > > > INTERNET > > | > > | > > |Public Ip0 > > _____|_________ > > | Router CISCO | > > +------+--------+ > > | > > |PublicIP1,PublicIP2,PublicIp3 > > +---------+ > > | NAT | > > |Firewall | > > +---------+ DMZLan1 > > +----+ | | +------+ > > |WWW1|--------+ +-----+-----| WWW2 | > > +----+ | +------+ > > | > > InternalLan1 |DNS (DMZLan2) > > > > Then do your forwarding like so: > > > > PublicIP2:80 --> DMZLan1:80 > > PublicIP2:53 --> DMZLan2:53 > > PublicIP3:80 --> InternalLan1:80 > > and so on. > > > > Hope this helps, > > > > Travis L. Leuthauser > > > > -----Original Message----- > > From: owner-freebsd-isp@FreeBSD.ORG > > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of > > Fabrizio Ravazzini > > Sent: Tuesday, November 13, 2001 11:29 AM > > To: Fabrizio Ravazzini > > Cc: freebsd-isp@freebsd.org > > Subject: RE: Nat Gateway Firewall rules > > > > > > --- Fabrizio Ravazzini ha > > scritto: > many thanks for help,now I've tought to > > another > > > problem, I've read on the FreebSD Handbook > > > (cap17.11-Nat) and the natd manual page that > with > > > the > > > option -redirect_address, if I have for example > a > > > www > > > server I can redirect the traffic to this server > > > wich > > > is on the internal Lan or also to another > machine > > > with > > > public Ip. > > > But the problem is: if I have two or more web > > > servers > > > in the lan or also out of the Lan which they > must > > be > > > reached from the internet how can I redirect > with > > > natd? > > > Because with natd I can redirect (I understood) > > only > > > one machine for one service. > > > Shortly the scheme: > > > > > OPS!! the correct scheme is this(With the router) > > > > > > INTERNET > > | > > | > > |Public Ip0 > > _____|_________ > > | Router CISCO | > > +------+--------+ > > | > > |PublicIP1 > > +---------+ > > | NAT | > > |Firewall | > > +---------+ PublicIP2 > > +----+ | | +------+ > > |WWW1|--------+ +-----+-----| WWW2 | > > +----+ | +------+ > > PublicIp3 | > > or InternalLan1 |DNS > > > > > > Thanks,bye > > > > > > > > --- John Brooks ha scritto: > > > > > Try > > > these: > > > > > > > > http://www.obfuscation.org/ipf/ > > > > > > > > http://geodsoft.com/howto/harden/ > > > > > > > > -- > > > > John Brooks > > > > Email: john@stlbsd.org > > > > > > > > -----Original Message----- > > > > > > > > ...snip... > > > > > > > > I must provide a strong Firewall set of rules > on > > > the > > > > nat, where can I find some docs to do such a > > > thing? > > > > > > > > > > > > To Unsubscribe: send mail to > > majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-isp" in the body of > > the > > > message > > > > > > > > > ______________________________________________________________________ > > > > > > Abbonati a Yahoo! ADSL con Atlanet! > > > Naviga su Internet ad alta velocità, e senza > > limiti > > > di tempo! > > > Per saperne di più vai alla pagina > > > http://adsl.yahoo.it > > > > > > To Unsubscribe: send mail to > majordomo@FreeBSD.org > > > with "unsubscribe freebsd-isp" in the body of > the > > message > > > > > ______________________________________________________________________ > > > > Abbonati a Yahoo! ADSL con Atlanet! > > Naviga su Internet ad alta velocità, e senza > limiti > > di tempo! > > Per saperne di più vai alla pagina > > http://adsl.yahoo.it > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the > > message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the > message > > ______________________________________________________________________ > > Abbonati a Yahoo! ADSL con Atlanet! > === message truncated === ______________________________________________________________________ Abbonati a Yahoo! ADSL con Atlanet! Naviga su Internet ad alta velocità, e senza limiti di tempo! Per saperne di più vai alla pagina http://adsl.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 15 7:15:36 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pitr.tuxinternet.com (pitr.tuxinternet.com [208.32.175.113]) by hub.freebsd.org (Postfix) with ESMTP id DC80537B416 for ; Thu, 15 Nov 2001 07:15:33 -0800 (PST) Received: (from hugme@localhost) by pitr.tuxinternet.com (8.11.0/8.11.0) id fAFBRNR08280 for freebsd-isp@freebsd.org; Thu, 15 Nov 2001 11:27:23 GMT (envelope-from hugme) Date: Thu, 15 Nov 2001 11:27:23 +0000 From: Hug Me To: freebsd-isp@freebsd.org Subject: configruing X Message-ID: <20011115112723.O98312@pitr.tuxinternet.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ok, 2 computers, we will call one client and one host I am bringinging up X on the client like this: # X -query host on the host I am doing this: xdm -debug 9 -server "client:0 foreign" the debug is spitting out this: Before XOpenDisplay(192.168.0.179:0.0) Xlib: connection to "192.168.0.179:0.0" refused by server Xlib: Client is not authorized to connect to Server After XOpenDisplay(192.168.0.179:0.0) OpenDisplay failed 0 (Undefined error: 0) on "192.168.0.179:0.0" I would think this would be a problem with /etc/X11/xdm/Xaccess however in that file there is one line uncommented: * #any host can get a login window where else can I look? what could I be doing wrong? -- ************************************************* hugme hugme@hugme.org http://www.hugme.org http://www.atlantacon.org PGP Public key: http://www.hugme.org/mykey.pgp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 15 9:27:28 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pitr.tuxinternet.com (pitr.tuxinternet.com [208.32.175.113]) by hub.freebsd.org (Postfix) with ESMTP id 94E5437B416 for ; Thu, 15 Nov 2001 09:27:23 -0800 (PST) Received: (from hugme@localhost) by pitr.tuxinternet.com (8.11.0/8.11.0) id fAFDdDi08769 for freebsd-isp@FreeBSD.ORG; Thu, 15 Nov 2001 13:39:13 GMT (envelope-from hugme) Date: Thu, 15 Nov 2001 13:39:13 +0000 From: Hug Me To: freebsd-isp@FreeBSD.ORG Subject: Re: configruing X Message-ID: <20011115133913.R98312@pitr.tuxinternet.com> References: <20011115112723.O98312@pitr.tuxinternet.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011115112723.O98312@pitr.tuxinternet.com>; from hugme@hugme.org on Thu, Nov 15, 2001 at 11:27:23AM +0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org after 2 days of wrestling with these servers I figured out the problem. the reverse name entry for the client didn't have a '.' after it. ok, I feel REALLY stupid now. it's working great. On Thu, Nov 15, 2001 at 11:27:23AM +0000, Hug Me wrote: > > ok, 2 computers, we will call one client and one host > > I am bringinging up X on the client like this: > > # X -query host > > on the host I am doing this: > > xdm -debug 9 -server "client:0 foreign" > > the debug is spitting out this: > > Before XOpenDisplay(192.168.0.179:0.0) > Xlib: connection to "192.168.0.179:0.0" refused by server > Xlib: Client is not authorized to connect to Server > After XOpenDisplay(192.168.0.179:0.0) > OpenDisplay failed 0 (Undefined error: 0) on "192.168.0.179:0.0" > > > I would think this would be a problem with /etc/X11/xdm/Xaccess > however in that file there is one line uncommented: > > * #any host can get a login window > > > where else can I look? what could I be doing wrong? > > > > -- > > > ************************************************* > > hugme hugme@hugme.org > http://www.hugme.org http://www.atlantacon.org > > PGP Public key: > http://www.hugme.org/mykey.pgp > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message -- ************************************************* hugme hugme@hugme.org http://www.hugme.org http://www.atlantacon.org PGP Public key: http://www.hugme.org/mykey.pgp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 15 9:38:51 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bilver.wjv.com (spdsl-033.wanlogistics.net [63.209.115.33]) by hub.freebsd.org (Postfix) with ESMTP id CEA3037B416 for ; Thu, 15 Nov 2001 09:38:47 -0800 (PST) Received: (from bv@localhost) by bilver.wjv.com (8.11.6/8.11.6) id fAFHcYO34486; Thu, 15 Nov 2001 12:38:34 -0500 (EST) (envelope-from bv) Date: Thu, 15 Nov 2001 12:38:34 -0500 From: Bill Vermillion To: Hug Me Cc: freebsd-isp@FreeBSD.ORG Subject: Re: configruing X Message-ID: <20011115123834.A34328@wjv.com> Reply-To: bv@wjv.com References: <20011115112723.O98312@pitr.tuxinternet.com> <20011115133913.R98312@pitr.tuxinternet.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011115133913.R98312@pitr.tuxinternet.com>; from hugme@hugme.org on Thu, Nov 15, 2001 at 01:39:13PM +0000 Organization: W.J.Vermillion / Orlando - Winter Park Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Nov 15, 2001 at 01:39:13PM +0000, Hug Me thus spoke: > > after 2 days of wrestling with these servers I figured out the > problem. the reverse name entry for the client didn't have a '.' > after it. Got to /usr/ports/net/nslint and compile that. It will catch mistakes like that. > ok, I feel REALLY stupid now. It was a learning experience. Now you will never do that again. > > > it's working great. > > > > On Thu, Nov 15, 2001 at 11:27:23AM +0000, Hug Me wrote: > > > > ok, 2 computers, we will call one client and one host > > > > I am bringinging up X on the client like this: > > > > # X -query host > > > > on the host I am doing this: > > > > xdm -debug 9 -server "client:0 foreign" > > > > the debug is spitting out this: > > > > Before XOpenDisplay(192.168.0.179:0.0) > > Xlib: connection to "192.168.0.179:0.0" refused by server > > Xlib: Client is not authorized to connect to Server > > After XOpenDisplay(192.168.0.179:0.0) > > OpenDisplay failed 0 (Undefined error: 0) on "192.168.0.179:0.0" > > > > > > I would think this would be a problem with /etc/X11/xdm/Xaccess > > however in that file there is one line uncommented: > > > > * #any host can get a login window > > > > > > where else can I look? what could I be doing wrong? > > > > > > > > -- > > > > > > ************************************************* > > > > hugme hugme@hugme.org > > http://www.hugme.org http://www.atlantacon.org > > > > PGP Public key: > > http://www.hugme.org/mykey.pgp > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > -- > > > ************************************************* > > hugme hugme@hugme.org > http://www.hugme.org http://www.atlantacon.org > > PGP Public key: > http://www.hugme.org/mykey.pgp > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 15 20: 3:57 2001 Delivered-To: freebsd-isp@freebsd.org Received: from spyros.hermans.ca (h24-65-98-68.ed.shawcable.net [24.65.98.68]) by hub.freebsd.org (Postfix) with ESMTP id 7407737B405 for ; Thu, 15 Nov 2001 20:03:53 -0800 (PST) Received: from otidan (otidan.inside [192.168.32.100]) by spyros.hermans.ca (Postfix) with ESMTP id 372D72F9C39; Thu, 15 Nov 2001 21:03:49 -0700 (MST) From: "Jamie Hermans" To: "'Blake Crosby'" , Subject: RE: Source Based Routing Date: Thu, 15 Nov 2001 21:04:25 -0700 Organization: hermans.ca Message-ID: <000001c16e53$c79e0f10$6420a8c0@otidan> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3311 In-Reply-To: <5.1.0.14.2.20011115002937.02913920@home.samurai.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG] On Behalf Of Blake Crosby > Sent: November 14, 2001 10:31 pm > To: freebsd-isp@freebsd.org > Subject: Source Based Routing > > How can I make packets for a TCP connection from the > DSL IP, go out the DSL interface, no matter what the > IP of the other end of the TCP connection is? I used to have a similar situation ... this is a stripped down version of my /etc/rc.firewall at the time: # Setup system for firewall service. fwcmd="/sbin/ipfw -q" # Flush out the list before we begin. ${fwcmd} -f flush # Interface to nat nat="ep0" # Only in rare cases do you want to change these rules ${fwcmd} add 100 pass all from any to any via lo0 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 # Outside (cable) interface IP configuration oifc="ep0" oipc=`/sbin/ifconfig ${oifc} | /usr/bin/awk '/inet / { print $2 }'` obcc=`/sbin/ifconfig ${oifc} | /usr/bin/awk '/inet / { print $6 }'` omaskc=`/sbin/ifconfig ${oifc} | /usr/bin/awk '/inet / { print $4 }'` # Outside (dsl) interface IP configuration oifd="ed0" oipd="xxx.xxx.xxx.xxx" obcd="xxx.xxx.xxx.255" omaskd="255.255.255.0" onetd="xxx.xxx.xxx.0" ogwd="xxx.xxx.xxx.xxx" # Inside (private) interface IP configuration iif="fxp0" iip="192.xxx.xx.1" ibc="192.xxx.xx.255" imask="255.255.255.0" inet="192.xxx.xx.0" igw="192.xxx.xx.1" # Packet shuffling for dual-homed connection ${fwcmd} add fwd ${ogwd} ip from ${oipd} to any # Network Address Translation. ${fwcmd} add divert natd all from any to any via ${nat} To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Nov 16 0:44:29 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web20106.mail.yahoo.com (web20106.mail.yahoo.com [216.136.226.43]) by hub.freebsd.org (Postfix) with SMTP id A890237B416 for ; Fri, 16 Nov 2001 00:44:18 -0800 (PST) Message-ID: <20011116084418.31914.qmail@web20106.mail.yahoo.com> Received: from [195.223.20.3] by web20106.mail.yahoo.com via HTTP; Fri, 16 Nov 2001 09:44:18 CET Date: Fri, 16 Nov 2001 09:44:18 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: natd/ipfw VS ipnat/ipf To: freebsd-isp@freebsd.org In-Reply-To: <20011115101346.11165.qmail@web20105.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello,we've done a Nat/firewall between our 2 Lan and the Internet with natd & ipfw. We've read somewhere that we can do the same thing using ipnat & ipfilter (as is in openbsd), the question is, why someone did so? is ipnat/ipf faster than natd/ipfw ? or also ipf more "secure" than ipfw? We question this because our 2 Lan are composed of about 200 machines, so some extra speed would be appreciated. thanks INTERNET | | |Public Ip0 _____|_________ | Router CISCO | +------+--------+ | |PublicIP1 +---------+ | NAT | |Firewall | +---------+ | |________LAN2 192.168.1.x | LAN1 10.0.0.x ______________________________________________________________________ Abbonati a Yahoo! ADSL con Atlanet! Naviga su Internet ad alta velocità, e senza limiti di tempo! Per saperne di più vai alla pagina http://adsl.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Nov 16 22:37:24 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smtp21.singnet.com.sg (smtp21.singnet.com.sg [165.21.101.201]) by hub.freebsd.org (Postfix) with ESMTP id 8BC2237B416 for ; Fri, 16 Nov 2001 22:37:21 -0800 (PST) Received: from HALLSTATT (ad202.166.12.85.magix.com.sg [202.166.12.85]) by smtp21.singnet.com.sg (8.11.6/8.11.6) with SMTP id fAH6chX12640 for ; Sat, 17 Nov 2001 14:38:44 +0800 Message-ID: <007a01c16f32$5c736980$550ca6ca@HALLSTATT> From: "Yew Jin CHUA" To: Subject: Date: Sat, 17 Nov 2001 14:37:42 +0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0077_01C16F75.6A535EF0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0077_01C16F75.6A535EF0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable subscribe freebsd-isp ------=_NextPart_000_0077_01C16F75.6A535EF0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
subscribe = freebsd-isp
------=_NextPart_000_0077_01C16F75.6A535EF0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Nov 17 0:47:35 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web20105.mail.yahoo.com (web20105.mail.yahoo.com [216.136.226.42]) by hub.freebsd.org (Postfix) with SMTP id 0F13137B416 for ; Sat, 17 Nov 2001 00:47:20 -0800 (PST) Message-ID: <20011117084719.96349.qmail@web20105.mail.yahoo.com> Received: from [62.11.70.64] by web20105.mail.yahoo.com via HTTP; Sat, 17 Nov 2001 09:47:19 CET Date: Sat, 17 Nov 2001 09:47:19 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: RE: natd/ipfw VS ipnat/ipf To: john@day-light.com Cc: freebsd-isp@freebsd.org, freebsd-cluster@freebsd.org In-Reply-To: <000401c16eaa$56275b00$1505010a@daylight.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thanks for the reply,in you opinion is there a way to make my firewall/nat clusterized? For example, if one machine goes down another takes the service? I looked at balance.soundforge.net & vqalive (inter7.com) but I'm afraid of security issues of that two software. I'm asking because we are building only one machine as nat/fw and If this one goes down for any reason, it will be a complete "blackout" for our two lan. Any suggestions? best regards Fabrizio --- John Brooks ha scritto: > In my opinion a hardened OpenBSD firewall would be > more secure. Speed is > dependent upon many factors: hardware, kernel > recompile, rulesets, etc. > I use only FreeBSD on all of my clients servers, > likewise I only use > OpenBSD for firewalls (of which I'm building 4 in > the next week or so). > A firewall should be a single purpose dedicated > machine stripped of all > software not directly required for that purpose. > Take a look at > http://geodsoft.com/howto/harden/ > > Hope that helps... > > -- > John Brooks > Email: john@stlbsd.org > > > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of > Fabrizio Ravazzini > Sent: Friday, November 16, 2001 2:44 AM > To: freebsd-isp@freebsd.org > Subject: natd/ipfw VS ipnat/ipf > > > Hello,we've done a Nat/firewall between our > 2 Lan and the Internet with natd & ipfw. > We've read somewhere that we can do the same thing > using ipnat & ipfilter (as is in openbsd), the > question is, why someone did so? is ipnat/ipf > faster than natd/ipfw ? or also ipf more "secure" > than ipfw? > We question this because our 2 Lan are composed of > about 200 machines, so some extra speed would be > appreciated. > thanks > > INTERNET > | > | > |Public Ip0 > _____|_________ > | Router CISCO | > +------+--------+ > | > |PublicIP1 > +---------+ > | NAT | > |Firewall | > +---------+ > | |________LAN2 192.168.1.x > | > LAN1 > 10.0.0.x > > ______________________________________________________________________ > > Abbonati a Yahoo! ADSL con Atlanet! > Naviga su Internet ad alta velocità, e senza limiti > di tempo! > Per saperne di più vai alla pagina > http://adsl.yahoo.it > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the > message > ______________________________________________________________________ Abbonati a Yahoo! ADSL con Atlanet! Naviga su Internet ad alta velocità, e senza limiti di tempo! Per saperne di più vai alla pagina http://adsl.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Nov 17 6:44:41 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.day-light.net (dle.day-light.net [64.37.72.2]) by hub.freebsd.org (Postfix) with ESMTP id E756437B41A; Sat, 17 Nov 2001 06:44:21 -0800 (PST) Received: from w1 (118-203.bestdsl.net [216.162.118.203]) by mail.day-light.net (Postfix) with SMTP id 84F8643E52; Sat, 17 Nov 2001 08:44:19 -0600 (CST) Reply-To: From: "John Brooks" To: "'Fabrizio Ravazzini'" Cc: , Subject: RE: natd/ipfw VS ipnat/ipf Date: Sat, 17 Nov 2001 08:43:43 -0600 Message-ID: <000601c16f76$5b8bd7c0$1505010a@daylight.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 In-Reply-To: <20011117084719.96349.qmail@web20105.mail.yahoo.com> Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org That's a question I best leave for those more knowledgable than me. ;-) -- John Brooks Email: john@stlbsd.org -----Original Message----- From: Fabrizio Ravazzini [mailto:freefabri@yahoo.it] Sent: Saturday, November 17, 2001 2:47 AM To: john@day-light.com Cc: freebsd-isp@freebsd.org; freebsd-cluster@freebsd.org Subject: RE: natd/ipfw VS ipnat/ipf Thanks for the reply,in you opinion is there a way to make my firewall/nat clusterized? For example, if one machine goes down another takes the service? I looked at balance.soundforge.net & vqalive (inter7.com) but I'm afraid of security issues of that two software. I'm asking because we are building only one machine as nat/fw and If this one goes down for any reason, it will be a complete "blackout" for our two lan. Any suggestions? best regards Fabrizio --- John Brooks ha scritto: > In my opinion a hardened OpenBSD firewall would be > more secure. Speed is > dependent upon many factors: hardware, kernel > recompile, rulesets, etc. > I use only FreeBSD on all of my clients servers, > likewise I only use > OpenBSD for firewalls (of which I'm building 4 in > the next week or so). > A firewall should be a single purpose dedicated > machine stripped of all > software not directly required for that purpose. > Take a look at > http://geodsoft.com/howto/harden/ > > Hope that helps... > > -- > John Brooks > Email: john@stlbsd.org > > > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of > Fabrizio Ravazzini > Sent: Friday, November 16, 2001 2:44 AM > To: freebsd-isp@freebsd.org > Subject: natd/ipfw VS ipnat/ipf > > > Hello,we've done a Nat/firewall between our > 2 Lan and the Internet with natd & ipfw. > We've read somewhere that we can do the same thing > using ipnat & ipfilter (as is in openbsd), the > question is, why someone did so? is ipnat/ipf > faster than natd/ipfw ? or also ipf more "secure" > than ipfw? > We question this because our 2 Lan are composed of > about 200 machines, so some extra speed would be > appreciated. > thanks > > INTERNET > | > | > |Public Ip0 > _____|_________ > | Router CISCO | > +------+--------+ > | > |PublicIP1 > +---------+ > | NAT | > |Firewall | > +---------+ > | |________LAN2 192.168.1.x > | > LAN1 > 10.0.0.x > > ______________________________________________________________________ > > Abbonati a Yahoo! ADSL con Atlanet! > Naviga su Internet ad alta velocità, e senza limiti > di tempo! > Per saperne di più vai alla pagina > http://adsl.yahoo.it > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the > message > ______________________________________________________________________ Abbonati a Yahoo! ADSL con Atlanet! Naviga su Internet ad alta velocità, e senza limiti di tempo! Per saperne di più vai alla pagina http://adsl.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Nov 17 23:46:46 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ns2.wananchi.com (ns2.wananchi.com [212.49.74.4]) by hub.freebsd.org (Postfix) with ESMTP id 9B14537B416 for ; Sat, 17 Nov 2001 23:46:38 -0800 (PST) Received: from wash by ns2.wananchi.com with local (Exim 3.33 #1) id 165Mdk-000M4E-00; Sun, 18 Nov 2001 10:45:20 +0300 Date: Sun, 18 Nov 2001 10:45:20 +0300 From: Odhiambo Washington To: Exim Users Cc: freebsd-isp@freebsd.org Subject: Exim + Virtual POP accounts Message-ID: <20011118104520.B81675@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , Exim Users , freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="17pEHd4RhPHOinZp" Content-Disposition: inline User-Agent: Mutt/1.3.23i X-Disclaimer: Any views expressed in this message,where not explicitly attributed otherwise, are mine alone!. X-Fortune: If at first you don't succeed, redefine success. X-Operating-System: FreeBSD 4.4-STABLE i386 X-Best-Window-Manager: XFCE X-Mailer: Mutt http://www.mutt.org/ X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. X-Uptime: 10:28AM up 8 days, 18:20, 1 user, load averages: 0.06, 0.06, 0.06 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --17pEHd4RhPHOinZp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello list-ers, I am looking at setting up virtual mailboxes but I must first seek advise because I've never had a go at it. If this is a FAQ somewhere I'll just be as glad to head there. This is going to be my first attempt at this, on a FreeBSD platform. At the moment I handle virtual domains in two ways: Scene 1: *@domain1.com: mailboxX Those e-mails are picked using a server like MDaemon, which then sorts out the e-mails using the local accounts created on it. I have no problem with this one so far. Scene 2: wash@wash.com: wash marc@wash.com: marc those two are delivered to /var/mail/$local_part where in this case the local part is a valid account on my main server - mail.wananchi.com. This is what I may have to change. Please read on. Now what I'd like to do is this: If I host a virtual domain called virtual.dom, I want mail for that domain to be delivered to /var/virtdomains/$domain/$local_part so that mail for marc@virtual.com is stored in /var/mail/virtual.dom/marc. Marc should then be able to login as marc@virtual.dom in order to pick his e-mails. This whole scenario should still leave me with the freedom to have marc@wananchi.com whose mail is in /var/mail/marc and who logs in simply as marc. At a higher level, I also need to handle aliases for these virtual domains, separate from my main aliases file. I hope that I am making my point clearly and not blubbing, no? Sometimes language barrier makes us fall short of putting the main issue clearly ;) Is that scenario possible? Are there MUAs (even web based) that are capable of being used in that kind of setup? vm-pop3d seems to be one of the POP3 daemons that can do this but I've never tested it. Again, how do I authenticate these virtual users? Since my adduser.pl script in FreeBSD creates homes in /home/username and mailbox in /var/mail/username..... I'm confused about all this but I am sure people have done it. This is my plea for their help. I sincerely trust that someone can advise me on this - the steps they took, even a mini-howto from personal notes. One major question is how to get separate passwd files for the virtual-domain users and the main system users.How do you add your users? I'm looking at this from the FreeBSD perspective. Thanking you in advance. -Wash -- Anything free is worth what you pay for it. --17pEHd4RhPHOinZp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE792cQn7LIsuxjem8RApaAAKCZ/dxEEiuqdEtNNB/4gJAcE68GIgCfQf/3 tn7vQBV16lMjDvuOg3CH6VE= =9wKv -----END PGP SIGNATURE----- --17pEHd4RhPHOinZp-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message