From owner-freebsd-isp Sun Apr 7 13:24:29 2002 Delivered-To: freebsd-isp@freebsd.org Received: from acs.sk (acs.sk [212.89.229.4]) by hub.freebsd.org (Postfix) with ESMTP id 13CEC37B404; Sun, 7 Apr 2002 13:24:14 -0700 (PDT) Received: from th (dial-46.zutom.sk [212.89.231.56]) by acs.sk (8.11.6/8.11.6) with ESMTP id g37KOOU78139; Sun, 7 Apr 2002 22:24:25 +0200 (CEST) (envelope-from tomas@hodan.sk) From: "Tomas Hodan" To: Cc: , Subject: Moxa C101 Date: Sun, 7 Apr 2002 22:19:29 +0200 Message-ID: <000a01c1de71$898c2b60$38e759d4@th> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000B_01C1DE82.4D14FB60" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_000B_01C1DE82.4D14FB60 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hi all, is the moxa c101/isa (HD64570) supersync board supported? Thanks, tomas ------=_NextPart_000_000B_01C1DE82.4D14FB60 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi = all,

is the moxa c101/isa = (HD64570) supersync board supported? =

Thanks,

toma= s

------=_NextPart_000_000B_01C1DE82.4D14FB60-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Apr 7 14:38:39 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mailsrv.amplex.net (mailsrv.amplex.net [65.165.120.194]) by hub.freebsd.org (Postfix) with ESMTP id 0AA0B37B41C for ; Sun, 7 Apr 2002 14:38:36 -0700 (PDT) Received: from mark2000 (65-165-120-247.amplex.net [65.165.120.247]) (authenticated (0 bits)) by mailsrv.amplex.net (8.11.6/8.11.6) with ESMTP id g37LaPt59243 (using TLSv1/SSLv3 with cipher RC4-MD5 (128 bits) verified NO) for ; Sun, 7 Apr 2002 17:36:25 -0400 (EDT) From: "Mark Radabaugh" To: Subject: RE: Which SMTP server best for outlook? Date: Sun, 7 Apr 2002 17:38:35 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <20020405141600.A8325@mufuf.trident-uk.co.uk> Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Does anyone know the best SMTP server to use that interacts the > best with outlook 97? > None - Outlook 97 is awful. Microsoft didn't even bother trying to fix it - you could (can?) upgrade for free to Outlook98 which is at least workable. Mark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Apr 8 4:33: 1 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mail.tiscalinet.it (mail-2.tiscalinet.it [195.130.225.148]) by hub.freebsd.org (Postfix) with ESMTP id 178A037B416 for ; Mon, 8 Apr 2002 04:32:54 -0700 (PDT) Received: from [217.133.241.9] (217.133.241.9) by mail.tiscalinet.it (5.5.057) id 3CAC0469001A2659 for freebsd-isp@freebsd.org; Mon, 8 Apr 2002 13:32:52 +0200 Received: (qmail 1270 invoked by uid 1000); 8 Apr 2002 11:32:44 -0000 Date: Mon, 8 Apr 2002 13:32:44 +0200 From: Francesco Casadei To: Adam Kujawski - Amplex Support Cc: freebsd-isp@freebsd.org Subject: Re: kern.ngroups Message-ID: <20020408133244.A1153@goku.kasby> References: <5.1.0.14.0.20020402143726.02469128@pop3.amplex.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="7AUc2qLy4jB3hD7Z" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <5.1.0.14.0.20020402143726.02469128@pop3.amplex.net>; from adamkuj@amplex.net on Tue, Apr 02, 2002 at 03:10:52PM -0500 X-Operating-System: FreeBSD 4.5-STABLE i386 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --7AUc2qLy4jB3hD7Z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 02, 2002 at 03:10:52PM -0500, Adam Kujawski - Amplex Support wr= ote: > On a FreeBSD 4.4 system, I want to increase the value of kern.ngroups. >=20 > I've setup /etc/sysctl.conf to set the value, but it doesn't work -- dmes= g=20 > reports back "oid 'kern.ngroups' is read only". I tried to override the= =20 > default value by putting "options NGROUPS_MAX=3D256" in my kernel config = and=20 > recompiling, but it fails with "unknown option "NGROUPS_MAX"". >=20 > Do I have to modify the value in the source code to get this to work? The= =20 > value is set in /usr/src/sys/sys/syslimits.h. If I make the change there,= =20 > do I just have to rebuild the kernel, or do I have to 'make world' to get= =20 > the new value to work? >=20 > Thanks, > Adam >=20 >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message >=20 > end of the original message kern.ngroups is not changeable, i.e. you can not change the value once the kernel is loaded. Try to put kern.ngroups=3D"256" in /boot/loader.conf and restart the system. Not sure it would work, but it's worth to try. Francesco Casadei --=20 You can download my public key from http://digilander.iol.it/fcasadei/ or retrieve it from a keyserver (pgpkeys.mit.edu, wwwkeys.pgp.net, ...) Key fingerprint is: 1671 9A23 ACB4 520A E7EE 00B0 7EC3 375F 164E B17B --7AUc2qLy4jB3hD7Z Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8sX/cfsM3XxZOsXsRAhivAKDU3ioNWBj62wtMEIkQBJn9VGqFPgCePJhW fN1BI6eRk+BqGgStOVPLqmk= =eFfV -----END PGP SIGNATURE----- --7AUc2qLy4jB3hD7Z-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Apr 8 9:51:39 2002 Delivered-To: freebsd-isp@freebsd.org Received: from zibbi.icomtek.csir.co.za (zibbi.icomtek.csir.co.za [146.64.24.58]) by hub.freebsd.org (Postfix) with ESMTP id DC71337B419; Mon, 8 Apr 2002 09:51:30 -0700 (PDT) Received: (from jhay@localhost) by zibbi.icomtek.csir.co.za (8.11.6/8.11.6) id g38GoxF57492; Mon, 8 Apr 2002 18:50:59 +0200 (SAT) (envelope-from jhay) From: John Hay Message-Id: <200204081650.g38GoxF57492@zibbi.icomtek.csir.co.za> Subject: Re: Moxa C101 In-Reply-To: <000a01c1de71$898c2b60$38e759d4@th> from Tomas Hodan at "Apr 7, 2002 10:19:29 pm" To: tomas@hodan.sk (Tomas Hodan) Date: Mon, 8 Apr 2002 18:50:59 +0200 (SAT) Cc: freebsd-isp@FreeBSD.ORG, freebsd-net@FreeBSD.ORG, freebsd-question@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > is the moxa c101/isa (HD64570) supersync board supported? I don't know if there is a driver for the card, but there are 2 drivers that drive cards based on the HD64570 chip. They are ar(4) and sr(4). Maybe one of them are close enough or if you can get info on the card, maybe one of them can be adjusted to support it. John -- John Hay -- John.Hay@icomtek.csir.co.za / jhay@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 9 0: 2:23 2002 Delivered-To: freebsd-isp@freebsd.org Received: from hanoi.cronyx.ru (hanoi.cronyx.ru [144.206.181.53]) by hub.freebsd.org (Postfix) with ESMTP id F009637B417 for ; Tue, 9 Apr 2002 00:02:12 -0700 (PDT) Received: by hanoi.cronyx.ru id KAA16556 for freebsd-isp@FreeBSD.ORG.checked; (8.9.3/vak/2.1) Tue, 9 Apr 2002 10:59:02 +0400 (MSD) (envelope-from rik@cronyx.ru) Received: from cronyx.ru by hanoi.cronyx.ru with ESMTP id KAA16472; (8.9.3/vak/2.1) Tue, 9 Apr 2002 10:56:55 +0400 (MSD) (envelope-from rik@cronyx.ru) Message-ID: <3CB291F1.8060903@cronyx.ru> Date: Tue, 09 Apr 2002 11:02:09 +0400 From: Roman Kurakin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: en-us MIME-Version: 1.0 To: John Hay Cc: Tomas Hodan , freebsd-isp@FreeBSD.ORG, freebsd-net@FreeBSD.ORG, freebsd-question@FreeBSD.ORG Subject: Re: Moxa C101 References: <200204081650.g38GoxF57492@zibbi.icomtek.csir.co.za> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, If you want sync/async cards look at: http://www.cronyx.ru/hardware/sigma22.html http://www.cronyx.ru/hardware/taupci.html Best regards, Roman Kurakin John Hay wrote: >> >>is the moxa c101/isa (HD64570) supersync board supported? >> > >I don't know if there is a driver for the card, but there are 2 drivers >that drive cards based on the HD64570 chip. They are ar(4) and sr(4). >Maybe one of them are close enough or if you can get info on the card, >maybe one of them can be adjusted to support it. > >John > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 9 0: 4:26 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mail.voljatel.si (mail.voljatel.si [217.72.64.15]) by hub.freebsd.org (Postfix) with ESMTP id EEA4937B416 for ; Tue, 9 Apr 2002 00:04:19 -0700 (PDT) Received: from pxna.hide.voljatel.si (pehta.voljatel.si [217.72.64.8]) by mail.voljatel.si (Postfix) with SMTP id 2517653501 for ; Tue, 9 Apr 2002 09:04:05 +0200 (CEST) Date: Tue, 9 Apr 2002 09:06:58 +0200 From: Damir Horvat To: freebsd-isp@freebsd.org Subject: /proc filesystem Message-Id: <20020409090658.6a4c29b7.damir@voljatel.si> Organization: Voljatel telekomunikacije d.d. X-Mailer: Sylpheed version 0.7.2 (GTK+ 1.2.10; i386-portbld-freebsd4.4) X-Operating-System: home brewed unix Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi! I'm writing a daemon which will search for specific IP addres on a 1 second basis. Is there some other way to find this (trough /proc filesystem maybe) then issuing ifconfig eevry second? thanks, damir -- ................................. Damir Horvat System administrator VOLJATEL telekomunikacije d.d. Smartinska 106 SI-1000 Ljubljana Slovenia . Tel. +386.(0)1.5875 832 Fax. +386.(0)1.5875 899 www.voljatel.si E-mail: damir.horvat@voljatel.si ................................. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 9 4:14:41 2002 Delivered-To: freebsd-isp@freebsd.org Received: from hitit.bimel.com.tr (hitit.bimel.com.tr [212.175.97.140]) by hub.freebsd.org (Postfix) with ESMTP id 1953A37B419 for ; Tue, 9 Apr 2002 04:14:38 -0700 (PDT) Received: (from root@localhost) by hitit.bimel.com.tr (8.11.6/8.11.6) id g39BGd839335 for freebsd-isp@freebsd.org; Tue, 9 Apr 2002 14:16:39 +0300 (EEST) (envelope-from simsek@bimel.com.tr) Received: from localhost (simsek@localhost) by hitit.bimel.com.tr (8.11.6/8.11.6av) with ESMTP id g39BGXc39325 for ; Tue, 9 Apr 2002 14:16:37 +0300 (EEST) (envelope-from simsek@bimel.com.tr) X-Authentication-Warning: hitit.bimel.com.tr: simsek owned process doing -bs Date: Tue, 9 Apr 2002 14:16:33 +0300 (EEST) From: Baris Simsek To: freebsd-isp@freebsd.org Subject: SSI Message-ID: <20020409141524.V39153-100000@hitit.bimel.com.tr> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org is it security hole open SSI support to customers? thx... Baris Simsek - UNIX Sys. Adm. - Bimel Elektronik - (+90312) 4342245 http://acikkod.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 9 4:53:44 2002 Delivered-To: freebsd-isp@freebsd.org Received: from pikachu.sys.atl.earthlink.net (pikachu.sys.atl.earthlink.net [199.174.117.37]) by hub.freebsd.org (Postfix) with ESMTP id 3771737B419 for ; Tue, 9 Apr 2002 04:53:41 -0700 (PDT) Received: (from poirierg@localhost) by pikachu.sys.atl.earthlink.net (8.11.1/8.11.1) id g39Brev33767 for freebsd-isp@freebsd.org; Tue, 9 Apr 2002 07:53:40 -0400 (EDT) (envelope-from poirierg) Date: Tue, 9 Apr 2002 07:53:40 -0400 (EDT) From: Greg Poirier Message-Id: <200204091153.g39Brev33767@pikachu.sys.atl.earthlink.net> To: freebsd-isp@freebsd.org Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org subscribe freebsd-isp poirierg@corp.earthlink.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 9 5: 4:26 2002 Delivered-To: freebsd-isp@freebsd.org Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by hub.freebsd.org (Postfix) with ESMTP id 6089237B405 for ; Tue, 9 Apr 2002 05:04:22 -0700 (PDT) Received: from house (cage.simianscience.com [64.7.134.1]) by smtp1.sentex.ca (8.12.2/8.12.2) with SMTP id g39C4Kvc095617; Tue, 9 Apr 2002 08:04:20 -0400 (EDT) (envelope-from mike@sentex.net) From: Mike Tancsa To: Sean Ellis Cc: freebsd-isp@freebsd.org Subject: Re: mod_frontpage Date: Tue, 09 Apr 2002 08:04:55 -0400 Message-ID: References: <5560710466.20020405071043@telus.net> In-Reply-To: <5560710466.20020405071043@telus.net> X-Mailer: Forte Agent 1.8/32.548 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org IIRC, do the following 1) Install apache13-modssl with --enable-suexec in the Makefile 2) Install mod_frontpage as normal. If it barfs at the "You need a = patched httpd", give it a dummy version to destroy, but I think installing via = the port avoids the issue. Either way, dont let it mangle your httpd daemon. 3) add=20 =46rontPageEnable =46rontpageAdminEnable to httpd.conf when needed. ---Mike On Fri, 5 Apr 2002 07:10:43 -0800, in sentex.lists.freebsd.isp you wrote: >Hello, > > Hello, I'm having trouble getting mod_frontpage to work properly > after installing apache13-ssl, mod_frontpage, and frontpage from > ports onto my 4.5-STABLE machine. > > I followed the instructions in the pkg-message, and I have some > functionality (ie. I got the site administration pages going), but > I can't seem to authenticate from a frontpage(98?) client. To get > as far as I am I've had to make edits to my httpd.conf file that > are not mentioned in the pkg-message suggestions. > > Does this installation need tweaking vis a vis the default > encryption on passwords as I have seen references to? Any input, > or useful links gratefully appreciated, Mike Tancsa (mdtancsa@sentex.net) =09 Sentex Communications Corp, =09 Waterloo, Ontario, Canada "Given enough time, 100 monkeys on 100 routers=20 could setup a national IP network." (KDW2) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 9 16:33:25 2002 Delivered-To: freebsd-isp@freebsd.org Received: from bs2.com.br (mayra.bs2.com.br [200.203.159.62]) by hub.freebsd.org (Postfix) with SMTP id BC34E37B419 for ; Tue, 9 Apr 2002 16:33:19 -0700 (PDT) Received: (qmail 18811 invoked by uid 1000); 5 Apr 2002 19:33:10 -0000 Received: from unknown (HELO aline.bs2.com.br) (200.203.159.61) by mayra.bs2.com.br with SMTP; 5 Apr 2002 19:33:10 -0000 Date: Fri, 5 Apr 2002 16:33:11 -0300 (BRT) From: "Giovanni P. Tirloni" To: freebsd-isp@freebsd.org Subject: [OT] All-in-one server Message-ID: <20020405161516.S90510-100000@aline.bs2.com.br> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I know my question isn=B4t very related to FreeBSD but if someone can help me here I would be very grateful :-) I want to build a FreeBSD server for a small ISP and this server should run the following services (with sugestion): .o SMTP (postfix) .o POP3 (?) .o IMAP (?) .o HTTP (apache) .o FTP (proftpd) .o DNS (bind9) .o RADIUS (freeRADIUS) .o DATABASE (MySQL) I would like to find a solution (even if something new needs to be coded to glue them all together) that would centralize everything around MySQL to make it easy to manage, but I'm not sure which programs (for each service) would best fit in this situation. I found some HOWTOs for postfix/cyrus/mysql but I don=B4t know about radius. If someone has any experience and would like to share it'd be great. I plan to write an HOWTO if I get this working. I=B4m a bit lost and trying to find a path to follow right now. Planning this whole thing doesn=B4t look that easy :) Thanks in advance, -- Giovanni P. Tirloni To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 9 16:59:38 2002 Delivered-To: freebsd-isp@freebsd.org Received: from cagelink.com (dsl94006.dyndsl.nettally.com [199.44.94.6]) by hub.freebsd.org (Postfix) with ESMTP id 075A337B405 for ; Tue, 9 Apr 2002 16:59:34 -0700 (PDT) Received: by cagelink.com (Postfix, from userid 1001) id AC48A173; Tue, 9 Apr 2002 20:04:53 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by cagelink.com (Postfix) with ESMTP id A8EB583; Tue, 9 Apr 2002 20:04:53 -0400 (EDT) Date: Tue, 9 Apr 2002 20:04:53 -0400 (EDT) From: Tyler To: "Giovanni P. Tirloni" Cc: Subject: Re: [OT] All-in-one server In-Reply-To: <20020405161516.S90510-100000@aline.bs2.com.br> Message-ID: <20020409200326.S75522-100000@cagelink.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ICRADIUS uses a web-interface and a MySQL backend. Running everything on one server is going to be very tasking on the server, by the time you spend the money on the hardware your going to need to make it all run without laggings alot you could probably buy 2 servers of less power and break the daemons up on seperate servers. On Fri, 5 Apr 2002, Giovanni P. Tirloni wrote: > Hi, > > I know my question isn=B4t very related to FreeBSD but if someone can > help me here I would be very grateful :-) > > I want to build a FreeBSD server for a small ISP and this server > should run the following services (with sugestion): > > .o SMTP (postfix) > .o POP3 (?) > .o IMAP (?) > .o HTTP (apache) > .o FTP (proftpd) > .o DNS (bind9) > .o RADIUS (freeRADIUS) > .o DATABASE (MySQL) > > I would like to find a solution (even if something new needs to be > coded to glue them all together) that would centralize everything > around MySQL to make it easy to manage, but I'm not sure which > programs (for each service) would best fit in this situation. > > I found some HOWTOs for postfix/cyrus/mysql but I don=B4t know about > radius. If someone has any experience and would like to share it'd be > great. I plan to write an HOWTO if I get this working. > > I=B4m a bit lost and trying to find a path to follow right now. > Planning this whole thing doesn=B4t look that easy :) > > Thanks in advance, > > -- > Giovanni P. Tirloni > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 9 17:16:24 2002 Delivered-To: freebsd-isp@freebsd.org Received: from cultdeadsheep.org (charon.cultdeadsheep.org [80.65.226.72]) by hub.freebsd.org (Postfix) with SMTP id 1A0ED37B405 for ; Tue, 9 Apr 2002 17:16:17 -0700 (PDT) Received: (qmail 21992 invoked from network); 10 Apr 2002 00:16:15 -0000 Received: from unknown (HELO satan.cultdeadsheep.org) (192.168.0.4) by goofy.cultdeadsheep.org with SMTP; 10 Apr 2002 00:16:15 -0000 Date: Wed, 10 Apr 2002 02:16:15 +0200 From: Clement Laforet To: "Giovanni P. Tirloni" Cc: freebsd-isp@freebsd.org Subject: Re: [OT] All-in-one server Message-Id: <20020410021615.7ed5a995.sheepkiller@cultdeadsheep.org> In-Reply-To: <20020405161516.S90510-100000@aline.bs2.com.br> References: <20020405161516.S90510-100000@aline.bs2.com.br> Organization: tH3 cUlt 0f tH3 d3@d sH33p X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i386-portbld-freebsd5.0) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 5 Apr 2002 16:33:11 -0300 (BRT) "Giovanni P. Tirloni" wrote: Hi, I was working, few monthes ago, on a similar project. Here what I used (it makes me think I should find my notes... one day maybe...). It was designed to be scalable, easy to rescue and to maintain. Mail service can manage easily 10,000 mailings lists, 50,000 pop accounts, supporting multidomains and multiples services. I used single UID account for mail services and on for mass web hosting. Some users got a real UID to provide suEXEC CGI and some apaches hacks. I had to patch courier-IMAP to provide a more secure way to auth. (replacing strcpy to strncpy) To permit some users to use SSH or SFTP, I had to install pam-mysql. - SMTP : qmail + vpopmail (you can add : qmail-admin + vqadmin) - POP3, POP3s, IMAP, IMAPs : courier-imap [pacthed] - FTP : proftpd + module MySQL - HTTP : Apache + mod_auth_mysql (+ mod_v2h) - DNS : bind 8.x + MySQL support + Apache frontend (not very useful) - RADIUS : none ;) - DATABASE : MySQL ;o) I also used a private DNS to provide scalability, because it was planned to have 2 more servers. One filer and one for MySQL. It was very usefull, since MySQL database's migration took only 2 hours, including replication. It needs some PHP/CGI dev, but I find this solutions cool for a small server :) that's all :) Maybe my advice won't help you ;) (i don't hope so) clem PS : sorry "for my english", I didn't write or speak english for a time ;) > Hi, > > I know my question isn�t very related to FreeBSD but if someone can > help me here I would be very grateful :-) > > I want to build a FreeBSD server for a small ISP and this server > should run the following services (with sugestion): > > .o SMTP (postfix) > .o POP3 (?) > .o IMAP (?) > .o HTTP (apache) > .o FTP (proftpd) > .o DNS (bind9) > .o RADIUS (freeRADIUS) > .o DATABASE (MySQL) > > I would like to find a solution (even if something new needs to be > coded to glue them all together) that would centralize everything > around MySQL to make it easy to manage, but I'm not sure which > programs (for each service) would best fit in this situation. > > I found some HOWTOs for postfix/cyrus/mysql but I don�t know about > radius. If someone has any experience and would like to share it'd be > great. I plan to write an HOWTO if I get this working. > > I�m a bit lost and trying to find a path to follow right now. > Planning this whole thing doesn�t look that easy :) > > Thanks in advance, > > -- > Giovanni P. Tirloni > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 9 18:29:12 2002 Delivered-To: freebsd-isp@freebsd.org Received: from firehouse.net (dsl-64-130-18-61.telocity.com [64.130.18.61]) by hub.freebsd.org (Postfix) with SMTP id 5888F37B417 for ; Tue, 9 Apr 2002 18:29:07 -0700 (PDT) Received: (qmail 18478 invoked by uid 85); 10 Apr 2002 01:28:59 -0000 Date: Tue, 9 Apr 2002 21:28:58 -0400 From: Alan Clegg To: Tyler Cc: "Giovanni P. Tirloni" , freebsd-isp@freebsd.org Subject: Re: [OT] All-in-one server Message-ID: <20020409212857.B13517@shell.wetworks.org> References: <20020405161516.S90510-100000@aline.bs2.com.br> <20020409200326.S75522-100000@cagelink.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="H+4ONPRPur6+Ovig" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020409200326.S75522-100000@cagelink.com>; from tjr@cagelink.com on Tue, Apr 09, 2002 at 08:04:53PM -0400 X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --H+4ONPRPur6+Ovig Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Unless the network is lying to me again, Tyler said:=20 > ICRADIUS uses a web-interface and a MySQL backend.=20 =46rom the port Makefile: FORBIDDEN=3D "Remotely exploitable buffer overflow" AlanC --H+4ONPRPur6+Ovig Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8s5VZyJP8xSfQVdsRAqzHAKCeYzFNqjdoChLQd9OqW7cLX7RV2ACgqvdE xXy3gwwbw7c8kBQYY/OVOmw= =RwUN -----END PGP SIGNATURE----- --H+4ONPRPur6+Ovig-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 9 19:14:33 2002 Delivered-To: freebsd-isp@freebsd.org Received: from pendragon.tacni.net (radius.tacni.net [64.247.218.2]) by hub.freebsd.org (Postfix) with SMTP id A6E8C37B404 for ; Tue, 9 Apr 2002 19:13:21 -0700 (PDT) Received: (qmail 44060 invoked by alias); 10 Apr 2002 02:13:16 -0000 Received: from unknown (HELO there) (216.201.213.69) by tacni.net with SMTP; 10 Apr 2002 02:13:16 -0000 Content-Type: text/plain; charset="iso-8859-1" From: Erich Zigler To: freebsd-isp@freebsd.org Subject: Re: [OT] All-in-one server Date: Tue, 9 Apr 2002 21:13:25 -0500 X-Mailer: KMail [version 1.3.2] References: <20020405161516.S90510-100000@aline.bs2.com.br> In-Reply-To: <20020405161516.S90510-100000@aline.bs2.com.br> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20020410021321.A6E8C37B404@hub.freebsd.org> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Friday 05 April 2002 01:33 pm, you wrote: > I know my question isn�t very related to FreeBSD but if someone can > help me here I would be very grateful :-) > I want to build a FreeBSD server for a small ISP and this server > should run the following services (with sugestion): > .o SMTP (postfix) > .o POP3 (?) > .o IMAP (?) > .o HTTP (apache) > .o FTP (proftpd) > .o DNS (bind9) > .o RADIUS (freeRADIUS) > .o DATABASE (MySQL) > I would like to find a solution (even if something new needs to be > coded to glue them all together) that would centralize everything > around MySQL to make it easy to manage, but I'm not sure which > programs (for each service) would best fit in this situation. > I found some HOWTOs for postfix/cyrus/mysql but I don�t know about > radius. If someone has any experience and would like to share it'd be > great. I plan to write an HOWTO if I get this working. > I�m a bit lost and trying to find a path to follow right now. > Planning this whole thing doesn�t look that easy :) If you throw in billing you could use Freeside. http://www.sisd.com/freeside/ -- Porting is for people for people who can't write new software. -- Linus Torvalds To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 10 0: 4:15 2002 Delivered-To: freebsd-isp@freebsd.org Received: from pmbmail.wandata.com (pmbmail.wandata.com [196.25.220.5]) by hub.freebsd.org (Postfix) with SMTP id A110A37B400 for ; Wed, 10 Apr 2002 00:04:08 -0700 (PDT) Received: (qmail 26048 invoked from network); 10 Apr 2002 07:04:04 -0000 Received: from moleman.za.net (HELO wandata.com) (196.25.220.190) by pmbmail.wandata.com with SMTP; 10 Apr 2002 07:04:04 -0000 Message-ID: <3CB3E3E4.1080306@wandata.com> Date: Wed, 10 Apr 2002 09:04:04 +0200 From: Allen Versfeld User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.9) Gecko/20020402 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Subject: Digi multioprt adapter Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi. I"m tring to set up a small BSD box as a dial-in server for a number of users, using a Digi Acceleport Xem adapter, and an 8em attached giving 8 additional serial ports. I have added the following lines to my kernel config, but am having limited success. device dgm0 at isa? port 0x324 iomem 0xd0000 options COM_MULTIPORT device sio2 at isa? port 0x2a0 flags 0x701 device sio3 at isa? port 0x2a8 flags 0x701 device sio4 at isa? port 0x2b0 flags 0x701 device sio5 at isa? port 0x2b8 flags 0x701 device sio6 at isa? port 0x2c0 flags 0x701 device sio7 at isa? port 0x2c8 flags 0x701 device sio8 at isa? port 0x2d0 flags 0x701 device sio9 at isa? port 0x2d8 flags 0x701 When I reboot with this kernel, dmesg shows me that the dgm device loaded succesfully, but none of the ports. Since I'm rather new to this, does anybody have some advice? -- Allen Versfeld Wandata To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 10 4:53:40 2002 Delivered-To: freebsd-isp@freebsd.org Received: from cagelink.com (dsl94006.dyndsl.nettally.com [199.44.94.6]) by hub.freebsd.org (Postfix) with ESMTP id 87E8437B404 for ; Wed, 10 Apr 2002 04:53:34 -0700 (PDT) Received: by cagelink.com (Postfix, from userid 1001) id 23EB7173; Wed, 10 Apr 2002 07:59:02 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by cagelink.com (Postfix) with ESMTP id 2069E83; Wed, 10 Apr 2002 07:59:02 -0400 (EDT) Date: Wed, 10 Apr 2002 07:59:02 -0400 (EDT) From: Tyler To: Alan Clegg Cc: "Giovanni P. Tirloni" , Subject: Re: [OT] All-in-one server In-Reply-To: <20020409212857.B13517@shell.wetworks.org> Message-ID: <20020410075427.E77771-100000@cagelink.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I don't use it so I wouldn't know about any exploits, but the newest version is 0.18.1 and I dunno what version is in ports. On Tue, 9 Apr 2002, Alan Clegg wrote: > Unless the network is lying to me again, Tyler said: > > > ICRADIUS uses a web-interface and a MySQL backend. > > From the port Makefile: > > FORBIDDEN= "Remotely exploitable buffer overflow" > > AlanC > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 10 5: 2:41 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mailport.inet.tele.dk (mailport.inet.tele.dk [193.88.13.66]) by hub.freebsd.org (Postfix) with ESMTP id B6E4E37B405 for ; Wed, 10 Apr 2002 05:02:27 -0700 (PDT) Received: from mailsweeper.int.tele.dk (mailsweeper.int.tele.dk [10.0.0.19]) by mailport.inet.tele.dk (Postfix) with ESMTP id 890CE9B6C for ; Wed, 10 Apr 2002 14:02:26 +0200 (CEST) Received: from veers.int.tele.dk (unverified) by mailsweeper.int.tele.dk (Content Technologies SMTPRS 4.2.5) with ESMTP id for ; Wed, 10 Apr 2002 14:02:49 +0200 Received: by veers.int.tele.dk with Internet Mail Service (5.5.2650.21) id <1MS17XZT>; Wed, 10 Apr 2002 14:02:34 +0200 Message-ID: From: =?iso-8859-1?Q?J=F8rgen_Letager_Hansen?= To: freebsd-isp@freebsd.org Subject: RE: [OT] All-in-one server Date: Wed, 10 Apr 2002 14:03:10 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org xtradius is also in the ports and easy to use together with mysql (have to add an externel appl. called radauth) (freeradius and xtradius both come from cistron) Regards, Jorgen Letager Hansen > -----Original Message----- > From: Tyler [mailto:tjr@cagelink.com] > Sent: 10. april 2002 13:59 > To: Alan Clegg > Cc: Giovanni P. Tirloni; freebsd-isp@freebsd.org > Subject: Re: [OT] All-in-one server > > > I don't use it so I wouldn't know about any exploits, but the newest > version is 0.18.1 and I dunno what version is in ports. > > On Tue, 9 Apr 2002, Alan Clegg wrote: > > > Unless the network is lying to me again, Tyler said: > > > > > ICRADIUS uses a web-interface and a MySQL backend. > > > > From the port Makefile: > > > > FORBIDDEN= "Remotely exploitable buffer overflow" > > > > AlanC > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 10 5: 3: 7 2002 Delivered-To: freebsd-isp@freebsd.org Received: from nelly.internal.irrelevant.org (irrelevant.demon.co.uk [158.152.220.121]) by hub.freebsd.org (Postfix) with ESMTP id D42DD37B41B for ; Wed, 10 Apr 2002 05:02:42 -0700 (PDT) Received: from simond by nelly.internal.irrelevant.org with local (Exim 3.35 #1) id 16vGmh-0002sB-00; Wed, 10 Apr 2002 13:01:07 +0100 Date: Wed, 10 Apr 2002 13:01:07 +0100 From: Simon Dick To: Tyler Cc: Alan Clegg , "Giovanni P. Tirloni" , freebsd-isp@freebsd.org Subject: Re: [OT] All-in-one server Message-ID: <20020410120107.GG2686@irrelevant.org> References: <20020409212857.B13517@shell.wetworks.org> <20020410075427.E77771-100000@cagelink.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020410075427.E77771-100000@cagelink.com> User-Agent: Mutt/1.3.28i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org 0.18.1 On Wed, Apr 10, 2002 at 07:59:02AM -0400, Tyler wrote: > I don't use it so I wouldn't know about any exploits, but the newest > version is 0.18.1 and I dunno what version is in ports. > > On Tue, 9 Apr 2002, Alan Clegg wrote: > > > Unless the network is lying to me again, Tyler said: > > > > > ICRADIUS uses a web-interface and a MySQL backend. > > > > From the port Makefile: > > > > FORBIDDEN= "Remotely exploitable buffer overflow" > > > > AlanC > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > -- Simon Dick simond@irrelevant.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 10 5:22: 1 2002 Delivered-To: freebsd-isp@freebsd.org Received: from atlantis.dp.ua (atlantis.dp.ua [193.108.46.1]) by hub.freebsd.org (Postfix) with ESMTP id 0215B37B405 for ; Wed, 10 Apr 2002 05:21:55 -0700 (PDT) Received: from localhost (dmitry@localhost) by atlantis.dp.ua (8.11.1/8.11.1) with ESMTP id g3ACLfs74310 for ; Wed, 10 Apr 2002 15:21:42 +0300 (EEST) (envelope-from dmitry@atlantis.dp.ua) Date: Wed, 10 Apr 2002 15:21:40 +0300 (EEST) From: Dmitry Pryanishnikov To: Subject: Re: [OT] All-in-one server In-Reply-To: <20020410075427.E77771-100000@cagelink.com.lucky.freebsd.isp> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello! On Wed, 10 Apr 2002, Tyler wrote: > I don't use it so I wouldn't know about any exploits, but the newest > version is 0.18.1 and I dunno what version is in ports. > > On Tue, 9 Apr 2002, Alan Clegg wrote: > > > Unless the network is lying to me again, Tyler said: > > > > > ICRADIUS uses a web-interface and a MySQL backend. > > > > From the port Makefile: > > > > FORBIDDEN= "Remotely exploitable buffer overflow" IMHO, one can safely use it if he guard RADIUS UDP ports (old pair 1646/1646, new 1812/1813) against side traffic using the firewall. Don't forget about IP address spoofing: receive packets only from NASes and filter out such a packets on all other interfaces (including clients, of course!). Sincerely, Dmitry Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 10 6:30: 8 2002 Delivered-To: freebsd-isp@freebsd.org Received: from taka.swcp.com (taka.swcp.com [198.59.115.12]) by hub.freebsd.org (Postfix) with ESMTP id E71B037B41A for ; Wed, 10 Apr 2002 06:30:04 -0700 (PDT) Received: from inago.swcp.com (inago.swcp.com [198.59.115.17]) by taka.swcp.com (8.12.2/8.12.2) with ESMTP id g3ADU40O079299 for ; Wed, 10 Apr 2002 07:30:04 -0600 (MDT) Received: from localhost (deichert@localhost) by inago.swcp.com (8.8.7/8.8.7) with ESMTP id HAA15490 for ; Wed, 10 Apr 2002 07:30:04 -0600 (MDT) X-Authentication-Warning: inago.swcp.com: deichert owned process doing -bs Date: Wed, 10 Apr 2002 07:30:03 -0600 (MDT) From: Diana Eichert X-Sender: deichert@inago.swcp.com To: freebsd-isp@FreeBSD.ORG Subject: RE: [OT] All-in-one server In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 10 Apr 2002, [iso-8859-1] J=F8rgen Letager Hansen wrote: > xtradius is also in the ports and easy to use together with mysql (have t= o > add an externel appl. called radauth) >=20 > (freeradius and xtradius both come from cistron) >=20 > Regards, >=20 > Jorgen Letager Hansen I use xtradius with PostgreSQL, works well in our environment. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 10 8:34:25 2002 Delivered-To: freebsd-isp@freebsd.org Received: from hitit.bimel.com.tr (hitit.bimel.com.tr [212.175.97.140]) by hub.freebsd.org (Postfix) with ESMTP id BA3DB37B404 for ; Wed, 10 Apr 2002 08:34:17 -0700 (PDT) Received: (from root@localhost) by hitit.bimel.com.tr (8.11.6/8.11.6) id g3AFa9D74528 for freebsd-isp@freebsd.org; Wed, 10 Apr 2002 18:36:09 +0300 (EEST) (envelope-from simsek@bimel.com.tr) Received: from localhost (simsek@localhost) by hitit.bimel.com.tr (8.11.6/8.11.6av) with ESMTP id g3AFa6a74519 for ; Wed, 10 Apr 2002 18:36:08 +0300 (EEST) (envelope-from simsek@bimel.com.tr) X-Authentication-Warning: hitit.bimel.com.tr: simsek owned process doing -bs Date: Wed, 10 Apr 2002 18:36:06 +0300 (EEST) From: Baris Simsek To: freebsd-isp@freebsd.org Subject: VHost SSL Message-ID: <20020410183111.D73825-100000@hitit.bimel.com.tr> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org i got a SSL cert. I installed everything. i want to use this cert. for virtual hosts. My config file like this: Port 443 SSLEngine on ServerAdmin ..... ServerName ..... SSLCertificateFile ... SSLCertificateKeyFile ... I added these entries for each vhost. If i connect to any vhost, i went to first vhost in config file. I cannot connect other vhosts. What is the problem? thx. Baris Simsek - UNIX Sys. Adm. - Bimel Elektronik - (+90312) 4342245 http://acikkod.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 10 8:39: 9 2002 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.imach.com (barbwire.iMach.com [206.127.77.82]) by hub.freebsd.org (Postfix) with ESMTP id 06CAD37B400 for ; Wed, 10 Apr 2002 08:39:02 -0700 (PDT) Received: from localhost (forrestc@localhost) by workhorse.imach.com (8.11.6/8.11.6) with ESMTP id g3A9X8F15388; Wed, 10 Apr 2002 09:33:09 GMT (envelope-from forrestc@imach.com) Date: Wed, 10 Apr 2002 09:33:08 +0000 (GMT) From: "Forrest W. Christian" To: Baris Simsek Cc: freebsd-isp@FreeBSD.ORG Subject: Re: VHost SSL In-Reply-To: <20020410183111.D73825-100000@hitit.bimel.com.tr> Message-ID: <20020410093242.Y15357-100000@workhorse.imach.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You need a separate cert and IP address for each virtual server. On Wed, 10 Apr 2002, Baris Simsek wrote: > Date: Wed, 10 Apr 2002 18:36:06 +0300 (EEST) > From: Baris Simsek > To: freebsd-isp@FreeBSD.ORG > Subject: VHost SSL > > i got a SSL cert. I installed everything. i want to use this > cert. for virtual hosts. My config file like this: > > > Port 443 > SSLEngine on > ServerAdmin ..... > ServerName ..... > SSLCertificateFile ... > SSLCertificateKeyFile ... > > > I added these entries for each vhost. If i connect to any vhost, i went to > first vhost in config file. I cannot connect other vhosts. What is the > problem? > > thx. > > Baris Simsek - UNIX Sys. Adm. - Bimel Elektronik - (+90312) 4342245 > http://acikkod.org/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 10 9: 7:17 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mail.tcworks.net (mail.tcworks.net [216.61.218.4]) by hub.freebsd.org (Postfix) with ESMTP id 595E937B417 for ; Wed, 10 Apr 2002 09:07:10 -0700 (PDT) Received: from tcworks.net (staind.tcworks.net [216.61.218.6]) by mail.tcworks.net (8.10.2/8.10.2) with ESMTP id g3AG2n660112; Wed, 10 Apr 2002 11:02:49 -0500 (CDT) Message-ID: <3CB462E4.9A49AD38@tcworks.net> Date: Wed, 10 Apr 2002 11:05:56 -0500 From: Chris Cook X-Mailer: Mozilla 4.72 [en] (X11; I; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Baris Simsek , freebsd-isp@freebsd.org Subject: Re: VHost SSL References: <20020410183111.D73825-100000@hitit.bimel.com.tr> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You cannot use virtual hosts with SSL, each host must have their own IP address... -- Chris o----< ccook@tcworks.net >------------------------------------o |Chris Cook - Admin |TCWORKS.NET - http://www.tcworks.net | |The Computer Works ISP |FreeBSD - http://www.freebsd.org | o-------------------------------------------------------------o Baris Simsek wrote: > > i got a SSL cert. I installed everything. i want to use this > cert. for virtual hosts. My config file like this: > > > Port 443 > SSLEngine on > ServerAdmin ..... > ServerName ..... > SSLCertificateFile ... > SSLCertificateKeyFile ... > > > I added these entries for each vhost. If i connect to any vhost, i went to > first vhost in config file. I cannot connect other vhosts. What is the > problem? > > thx. > > Baris Simsek - UNIX Sys. Adm. - Bimel Elektronik - (+90312) 4342245 > http://acikkod.org/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 10 9:54:29 2002 Delivered-To: freebsd-isp@freebsd.org Received: from taka.swcp.com (taka.swcp.com [198.59.115.12]) by hub.freebsd.org (Postfix) with ESMTP id E55A437B417 for ; Wed, 10 Apr 2002 09:54:26 -0700 (PDT) Received: from inago.swcp.com (inago.swcp.com [198.59.115.17]) by taka.swcp.com (8.12.2/8.12.2) with ESMTP id g3AGsQ0O088215 for ; Wed, 10 Apr 2002 10:54:26 -0600 (MDT) Received: from localhost (deichert@localhost) by inago.swcp.com (8.8.7/8.8.7) with ESMTP id KAA22487 for ; Wed, 10 Apr 2002 10:54:26 -0600 (MDT) X-Authentication-Warning: inago.swcp.com: deichert owned process doing -bs Date: Wed, 10 Apr 2002 10:54:25 -0600 (MDT) From: Diana Eichert X-Sender: deichert@inago.swcp.com To: freebsd-isp@FreeBSD.ORG Subject: Re: VHost SSL In-Reply-To: <3CB462E4.9A49AD38@tcworks.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 10 Apr 2002, Chris Cook wrote: > You cannot use virtual hosts with SSL, each host must have their own IP > address... > > -- > Chris Hmmm, I seem to recall a thread where this was discussed before. There is away to do this if you have other SSL enabled servers listening on other ports besides 443. YMMV To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 10 10:46:12 2002 Delivered-To: freebsd-isp@freebsd.org Received: from smtp1.amigo.net (smtp1.amigo.net [209.94.64.30]) by hub.freebsd.org (Postfix) with ESMTP id 57EF337B400 for ; Wed, 10 Apr 2002 10:46:00 -0700 (PDT) Received: from stalker.amigo.net (billing.amigo.net [209.94.67.250]) by smtp1.amigo.net (8.11.4/8.11.4) with ESMTP id g3AHomB73829; Wed, 10 Apr 2002 11:50:48 -0600 (MDT) (envelope-from randys@amigo.net) Date: Wed, 10 Apr 2002 11:44:25 -0600 (MDT) From: Randy Smith X-X-Sender: randy@stalker.amigo.net To: Chris Cook Cc: Baris Simsek , "freebsd-isp@freebsd.org" Subject: Re: VHost SSL In-Reply-To: <3CB462E4.9A49AD38@tcworks.net> Message-ID: <20020410114313.P18489-100000@stalker.amigo.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You can use SSL on IP-based virtual hosts but you cannot use it on name-based vhosts. Of course, each vhost will need it's own address. -- Randy Smith Amigo.Net Systems Administrator 1-719-589-6100 x 4185 http://www.amigo.net/ On Wed, 10 Apr 2002, Chris Cook wrote: > You cannot use virtual hosts with SSL, each host must have their own IP > address... > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 10 11:14:36 2002 Delivered-To: freebsd-isp@freebsd.org Received: from germanium.xtalwind.net (germanium.xtalwind.net [205.160.242.5]) by hub.freebsd.org (Postfix) with ESMTP id 39F0637B417 for ; Wed, 10 Apr 2002 11:14:32 -0700 (PDT) Received: from localhost (localhost.xtalwind.net [127.0.0.1]) by germanium.xtalwind.net (8.12.2/8.12.1) with ESMTP id g3AIEOBV031327; Wed, 10 Apr 2002 14:14:29 -0400 (EDT) Date: Wed, 10 Apr 2002 14:14:24 -0400 (EDT) From: jack To: Allen Versfeld Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Digi multioprt adapter In-Reply-To: <3CB3E3E4.1080306@wandata.com> Message-ID: <20020410140205.V30362-100000@germanium.xtalwind.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Today Allen Versfeld wrote: > I have added the following lines to my kernel config, but am having > limited success. > > > device > dgm0 at isa? port 0x324 iomem 0xd0000 You don't need any of the following options or devices, sio(4) isn't involved. > options > COM_MULTIPORT > device > sio2 at isa? port 0x2a0 flags 0x701 [snip] > device > sio9 at isa? port 0x2d8 flags 0x701 The Xem uses the ttyM and cuaM devices. Run `MAKEDEV ttyM0' and `MAKEDEV cuaM0' ttyM0a0 thru ttyM0a7 will be the first eight ports on the first expantion box of the first card. Same for cuaM0a0 thru cuaM0a8. > When I reboot with this kernel, dmesg shows me that the dgm device > loaded succesfully, but none of the ports. Only the number of ports will be shown, not the individual ports. Again, this is NOT the same as sio(4). -------------------------------------------------------------------------- Jack O'Neill Systems Administrator / Systems Analyst jack@germanium.xtalwind.net Crystal Wind Communications, Inc. Finger jack@germanium.xtalwind.net for my PGP key. PGP Key fingerprint = F6 C4 E6 D4 2F 15 A7 67 FD 09 E9 3C 5F CC EB CD enriched, vcard, HTML messages > /dev/null -------------------------------------------------------------------------- A Microsoft Certified Systems Engineer is to computing what a McDonalds Certified Food Specialist is to fine cuisine. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 10 13: 2:59 2002 Delivered-To: freebsd-isp@freebsd.org Received: from cagelink.com (dsl94006.dyndsl.nettally.com [199.44.94.6]) by hub.freebsd.org (Postfix) with ESMTP id CE13E37B41A for ; Wed, 10 Apr 2002 13:02:44 -0700 (PDT) Received: by cagelink.com (Postfix, from userid 1001) id 53E3A17A; Wed, 10 Apr 2002 16:08:15 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by cagelink.com (Postfix) with ESMTP id 502F4177; Wed, 10 Apr 2002 16:08:15 -0400 (EDT) Date: Wed, 10 Apr 2002 16:08:15 -0400 (EDT) From: Tyler To: Chris Cook Cc: Baris Simsek , Subject: Re: VHost SSL In-Reply-To: <3CB462E4.9A49AD38@tcworks.net> Message-ID: <20020410160804.H79310-100000@cagelink.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have 3-4 SSL Vhosts so its very possible. On Wed, 10 Apr 2002, Chris Cook wrote: > You cannot use virtual hosts with SSL, each host must have their own IP > address... > > -- > Chris > > o----< ccook@tcworks.net >------------------------------------o > |Chris Cook - Admin |TCWORKS.NET - http://www.tcworks.net | > |The Computer Works ISP |FreeBSD - http://www.freebsd.org | > o-------------------------------------------------------------o > > > Baris Simsek wrote: > > > > i got a SSL cert. I installed everything. i want to use this > > cert. for virtual hosts. My config file like this: > > > > > > Port 443 > > SSLEngine on > > ServerAdmin ..... > > ServerName ..... > > SSLCertificateFile ... > > SSLCertificateKeyFile ... > > > > > > I added these entries for each vhost. If i connect to any vhost, i went to > > first vhost in config file. I cannot connect other vhosts. What is the > > problem? > > > > thx. > > > > Baris Simsek - UNIX Sys. Adm. - Bimel Elektronik - (+90312) 4342245 > > http://acikkod.org/ > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 10 13:38: 3 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mailout01.sul.t-online.com (mailout01.sul.t-online.com [194.25.134.80]) by hub.freebsd.org (Postfix) with ESMTP id 772A837B416 for ; Wed, 10 Apr 2002 13:37:57 -0700 (PDT) Received: from fwd08.sul.t-online.de by mailout01.sul.t-online.com with smtp id 16vObw-0000aH-08; Wed, 10 Apr 2002 22:22:32 +0200 Received: from idefix.local (320080844193-0001@[217.80.84.87]) by fmrl08.sul.t-online.com with smtp id 16vObr-117Y36C; Wed, 10 Apr 2002 22:22:27 +0200 Received: (nullmailer pid 60800 invoked by uid 1000); Wed, 10 Apr 2002 19:22:28 -0000 Date: Wed, 10 Apr 2002 21:22:28 +0200 From: Clemens Hermann To: Tyler Cc: Chris Cook , Baris Simsek , freebsd-isp@freebsd.org Subject: Re: VHost SSL Message-ID: <20020410212228.A60767@idefix.local> Mail-Followup-To: Clemens Hermann , Tyler , Chris Cook , Baris Simsek , freebsd-isp@freebsd.org References: <3CB462E4.9A49AD38@tcworks.net> <20020410160804.H79310-100000@cagelink.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020410160804.H79310-100000@cagelink.com> von Tyler am 10.Apr.2002 um 16:08:15 (-0400) X-Mailer: Mutt 1.2.5.1i (FreeBSD 4.5-RELEASE-p2 i386) X-Sender: 320080844193-0001@t-dialin.net Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Am 10.04.2002 um 16:08:15 schrieb Tyler: Hi, > I have 3-4 SSL Vhosts so its very possible. Cris probably ment the right thing: it is not possible to use more than one name-based vhosts with ssl. The reason is that ssl takes place before the http-protocol comes into play. It *is* on the other hand possible to use IP-based vhosts with ssl. As mentioned, one can also use different ports to run more than 1 ssl-vhost on one IP but this might not be the best solution one could think of. greetz /ch > On Wed, 10 Apr 2002, Chris Cook wrote: > > > You cannot use virtual hosts with SSL, each host must have their own IP > > address... > > > > -- > > Chris > > > > o----< ccook@tcworks.net >------------------------------------o > > |Chris Cook - Admin |TCWORKS.NET - http://www.tcworks.net | > > |The Computer Works ISP |FreeBSD - http://www.freebsd.org | > > o-------------------------------------------------------------o -- "Contrary to popular belief, Unix is user friendly. It just happens to be selective about who it makes friends with." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 10 17: 0:13 2002 Delivered-To: freebsd-isp@freebsd.org Received: from xyzzy.intranet.snsonline.net (dhcp.looksmart.com.au [202.53.47.178]) by hub.freebsd.org (Postfix) with ESMTP id 619DE37B419 for ; Wed, 10 Apr 2002 17:00:04 -0700 (PDT) Received: (from sarge@localhost) by xyzzy.intranet.snsonline.net (8.11.6/8.11.6) id g3ANxbF00564; Thu, 11 Apr 2002 09:59:37 +1000 (EST) (envelope-from msergeant@looksmart.net) X-Authentication-Warning: xyzzy.intranet.snsonline.net: sarge set sender to msergeant@looksmart.net using -f Subject: Re: VHost SSL From: Mark Sergeant To: Tyler Cc: Chris Cook , Baris Simsek , freebsd-isp@FreeBSD.ORG In-Reply-To: <20020410160804.H79310-100000@cagelink.com> References: <20020410160804.H79310-100000@cagelink.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Mailer: Ximian Evolution 1.0.3 Date: 11 Apr 2002 09:59:31 +1000 Message-Id: <1018483171.415.3.camel@xyzzy.intranet.snsonline.net> Mime-Version: 1.0 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org using apache-modssl you can only have one certificate per ip address but are able to have multiple virtual hosts on that 1 ip address, the unfortunate thing is they will all be using 1 certificate and thus will alert the user that the certificate is invalid. Cheers, Mark On Thu, 2002-04-11 at 06:08, Tyler wrote: > I have 3-4 SSL Vhosts so its very possible. >=20 > On Wed, 10 Apr 2002, Chris Cook wrote: >=20 > > You cannot use virtual hosts with SSL, each host must have their own IP > > address... > > > > -- > > Chris > > > > o----< ccook@tcworks.net >------------------------------------o > > |Chris Cook - Admin |TCWORKS.NET - http://www.tcworks.net | > > |The Computer Works ISP |FreeBSD - http://www.freebsd.org | > > o-------------------------------------------------------------o > > > > > > Baris Simsek wrote: > > > > > > i got a SSL cert. I installed everything. i want to use this > > > cert. for virtual hosts. My config file like this: > > > > > > > > > Port 443 > > > SSLEngine on > > > ServerAdmin ..... > > > ServerName ..... > > > SSLCertificateFile ... > > > SSLCertificateKeyFile ... > > > > > > > > > I added these entries for each vhost. If i connect to any vhost, i we= nt to > > > first vhost in config file. I cannot connect other vhosts. What is th= e > > > problem? > > > > > > thx. > > > > > > Baris Simsek - UNIX Sys. Adm. - Bimel Elektronik - (+90312) 4342245 > > > http://acikkod.org/ > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-isp" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message >=20 --=20 Mark Sergeant Senior Unix Systems Administrator =20 L=F4=F4kSmart International Pty. Ltd. Level 5/388 Lonsdale Street Melbourne, VIC, 3000 Australia=20 P. (03) 9648 2201=20 F. (03) 9648 2244=20 http://www.looksmart.com.au The referring document contains privileged and confidential information. If you are not the intended recipient you must not copy, distribute or take action with regards to the content, we request that you notify LookSmart International Pty. Ltd. immediately and remove all traces of this document.=20 Any views expressed in this message are those of the individual sender, except where they are specifically stated to be the views of LookSmart=20 International Pty. Ltd. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 10 17: 7:52 2002 Delivered-To: freebsd-isp@freebsd.org Received: from inet03.citec.qld.gov.au (inet03.citec.qld.gov.au [203.5.10.10]) by hub.freebsd.org (Postfix) with ESMTP id ADCB637B404 for ; Wed, 10 Apr 2002 17:07:44 -0700 (PDT) Received: by inet03.citec.qld.gov.au; id KAA00763; Thu, 11 Apr 2002 10:07:40 +1000 (EST) Received: from citecub.citec.qld.gov.au( 131.242.4.98) by inet03.citec.qld.gov.au via smap (V2.0) id xma000497; Thu, 11 Apr 02 10:07:33 +1000 Received: from guru.citec.qld.gov.au by citecub.citec.qld.gov.au (SMI-8.6/SMI-SVR4) id KAA15095; Thu, 11 Apr 2002 10:07:30 +1000 Received: from localhost (sgcccdc@localhost) by guru.citec.qld.gov.au (8.9.3/8.9.3) with ESMTP id KAA08169; Thu, 11 Apr 2002 10:07:28 +1000 (EST) (envelope-from sgcccdc@citec.qld.gov.au) X-Authentication-Warning: guru.citec.qld.gov.au: sgcccdc owned process doing -bs Date: Thu, 11 Apr 2002 10:07:28 +1000 (EST) From: Colin Campbell To: Chris Cook Cc: Baris Simsek , Subject: Re: VHost SSL In-Reply-To: <3CB462E4.9A49AD38@tcworks.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, On Wed, 10 Apr 2002, Chris Cook wrote: > You cannot use virtual hosts with SSL, each host must have their own IP > address... Correct. That's because there's a chicken-and-egg problem. VHOSTS work by the HTTP request including a "Host:" header. The browser connects to the IP address of the web server. The web server reads the HTTP headers and discovers which VHOST is being accessed. It can then consult its config to find where all the VHOST config data is. With SSL you need to know which certificate to use to decode the HTTP header so you can find which VHOST is being accessed. Clearly this is not possible - you cannot decode the packet without knowing which VHOST's certificate to use and you can't get the certificate without decoding the packet. Just thought I'd try and explain why. Colin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 10 17:47: 1 2002 Delivered-To: freebsd-isp@freebsd.org Received: from aurora.siteplus.com (aurora.siteplus.com [66.129.2.160]) by hub.freebsd.org (Postfix) with ESMTP id 937DE37B405 for ; Wed, 10 Apr 2002 17:46:56 -0700 (PDT) Received: from veager.jwweeks.com (pcp01076331pcs.midval01.tn.comcast.net [68.59.219.194]) by aurora.siteplus.com (8.9.3/8.9.3) with ESMTP id UAA96085; Wed, 10 Apr 2002 20:45:51 -0400 (EDT) (envelope-from jim@jwweeks.com) Date: Wed, 10 Apr 2002 20:45:46 -0400 (EDT) From: jim To: Mark Sergeant Cc: Tyler , Chris Cook , Baris Simsek , freebsd-isp@FreeBSD.ORG Subject: Re: VHost SSL In-Reply-To: <1018483171.415.3.camel@xyzzy.intranet.snsonline.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 11 Apr 2002, Mark Sergeant wrote: > using apache-modssl you can only have one certificate per ip address but > are able to have multiple virtual hosts on that 1 ip address, the > unfortunate thing is they will all be using 1 certificate and thus will > alert the user that the certificate is invalid. This is a much used method to get around this problem, and one that is supported by most shopping cart software. Normal the cart script, or any script for that matter, hands the client off to the secure URL during the passing of sensitive data only (i.e. credit card info). Example: https://securesite.net/ = /usr/local/www/securesite/ http://commonsite.net/ = /usr/local/www/commonsite/ Secure link to commonsite.net from within /usr/local/www/securesite/: https://securesite.net/commonsite/ = ln -s /usr/local/www/commonsite/ /usr/local/www/securesite/commonsite/ = /usr/local/www/commonsite/ Maybe a scenario you can put to use. Regards, -- Jim Weeks To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 10 20:20:27 2002 Delivered-To: freebsd-isp@freebsd.org Received: from boreas.primus.ca (mail.tor.primus.ca [216.254.136.21]) by hub.freebsd.org (Postfix) with ESMTP id 5CD6937B404 for ; Wed, 10 Apr 2002 20:20:22 -0700 (PDT) Received: from dialin-135-212.hamilton.primus.ca ([209.90.135.212]) by boreas.primus.ca with esmtp (Exim 3.33 #16) id 16vUyg-0002TR-0A; Wed, 10 Apr 2002 23:10:27 -0400 Date: Wed, 10 Apr 2002 23:20:11 -0400 (EDT) From: Jason Hunt X-X-Sender: leth@lethargic.dyndns.org To: freebsd-isp@FreeBSD.ORG Cc: "Giovanni P. Tirloni" , Tyler , Alan Clegg Subject: Re: [OT] All-in-one server In-Reply-To: <20020410075427.E77771-100000@cagelink.com> Message-ID: <20020410225902.L9968-100000@lethargic.dyndns.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 10 Apr 2002, Tyler wrote: > I don't use it so I wouldn't know about any exploits, but the newest > version is 0.18.1 and I dunno what version is in ports. > ICRADIUS *IS* vulnerable to the said CERT advisory. This was discussed on the ICRADIUS mailing list. The lateast I saw was that a patch is being worked on and it will be in the next release. I don't know when this wiil be, but they havn't had one since June (July?). However, it is always best to do packet filtering on the RADIUS ports so that only your NASes and proxies are allowed to reach your server. A few other opinions about RADIUS servers: XTRADIUS is really nice because you set up system scripts that pass back reutrn codes to decide if a user is valid. Accounting information is also done this way. One other RADIUS server to mention is OpenRADIUS. It seems to be in the early stages of development, but looks very promising. It has a similar concept to XTRADIUS. I recommend checking them out if you are looking for major flexibility. It may or may not have any advantages over XTRADIUS, I am not sure. If you are new to RADIUS and whatnot, and you would like something "SQLable", then I would personally recommend ICRADIUS. The main reason is because it has two attributes, "Monthly-Time-Limit" and "Total-Time-Limit" which most others do not have. (ie: Cistron, Ascend, and any other 'flat-file' RADIUS servers) This is possible because it is all SQL-based. You can also do this with XTRADIUS or OpenRADIUS, but would require a lot of your own handywork. It depends how much time and expertise you have for everything. Just my two cents. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Apr 11 4:22:57 2002 Delivered-To: freebsd-isp@freebsd.org Received: from ns2.wananchi.com (ns2.wananchi.com [62.8.64.4]) by hub.freebsd.org (Postfix) with ESMTP id A4BA637B41A for ; Thu, 11 Apr 2002 04:22:44 -0700 (PDT) Received: from wash by ns2.wananchi.com with local (Exim 3.35 #1 (FreeBSD)) id 16vce6-0004c0-00 for ; Thu, 11 Apr 2002 14:21:42 +0300 Date: Thu, 11 Apr 2002 14:21:42 +0300 From: Odhiambo Washington To: freebsd-isp@freebsd.org Subject: CUSTOM BUILT SERVERS Message-ID: <20020411112142.GE90954@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.25i X-Disclaimer: Any views expressed in this message,where not explicitly attributed otherwise, are mine alone!. X-Fortune: If little green men land in your back yard, hide any little green women you've got in the house. -- Mike Harding, "The Armchair Anarchist's Almanac" X-Operating-System: FreeBSD 4.5-STABLE i386 X-Best-Window-Manager: XFCE X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. X-Uptime: 2:02PM up 32 days, 21:53, 2 users, load averages: 0.14, 0.16, 0.19 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hiya, I work for an ISP and one of the needs that we see arising is the need to have a good number of staff being able to at least act as operators for our core systems. I'm looking at a situation where e-mail accounts can be added by Customer Service Staff, the small things can be done by them and so I can dedicate my time on other things, like R&D. The Sysadmin should only come in when there is a major issue. Currently I run a few FreeBSD boxes here and 2 RedHed boxes, each with some applications to handle. We're stuck with Redhat boxes because of Oracle/EXTENT RBS (I'm sure some of you know about RBS). The FreeBSD boxes are my darlings - HTTP,DNS, POP, SMTP, Proxy, etc. I'm currently having a secanrio where I have a couple hundred virtual domains which I serve using Apache (Webmail), TPOP3D (POP3), EXIM and MySQL. It's a whole bandwagon of apps but it works for me. Now OTOH I have these Customer Service staff whom I want to be able to operate these services. You know what that means also in terms of security! My boss wants me to do at least 4 hrs a day R&D so I have to shed off some ofmy work. Many of you out there must have come across these custom server. I am also willing to pay for it. I am ready to discuss this with anyone. The important thing is this is something that should take me thro at least the next 2 years before I consider a change/upgrade. The basic specs: 1. Runs on BSD (FreeBSD most preferred) 2. Has support for virtual domains 3. Robust support for aliasing 4. GUI/Web Interface that will allow a mere 'operator' to manage it 5. Gives webmail access to both 'real' and 'virtual' users 6. Allows strict relay controlling? 7. Flexible MTA (Exim preffered) 8. Actively developed/supported 9. Possibly bundled with LDAP-based services 10. Cost effective 11. Can interface with a proprietary system like EXTENT RBS?? My boss suggests we buy something like that (bundled messaging server). This would 'free' me from having to worry so much about Exim, virtual domains, courier-imap, ldap (not yet running for me) - although I know this may make me a pumpkin kinda.... What advise do you have for me on this? Anything that you can recommend will be appreciated. All ideas, with supporting evidence if possible, are welcome. -Wash Systems Admin - Wananchi Online Ltd. -- Odhiambo Washington "The box said 'Requires Wananchi Online Ltd. www.wananchi.com Windows 95, NT, or better,' Tel: 254 2 313985-9 Fax: 254 2 313922 so I installed FreeBSD." GSM: 254 72 743 223 GSM: 254 733 744 121 This sig is McQ! :-) ++ A jury consists of 12 persons chosen to decide who has the better lawyer. -- Robert Frost To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Apr 11 5:48:18 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mailout09.sul.t-online.com (mailout09.sul.t-online.com [194.25.134.84]) by hub.freebsd.org (Postfix) with ESMTP id C4DE637B400 for ; Thu, 11 Apr 2002 05:48:13 -0700 (PDT) Received: from fwd07.sul.t-online.de by mailout09.sul.t-online.com with smtp id 16vdza-0006P8-09; Thu, 11 Apr 2002 14:47:58 +0200 Received: from idefix.local (320080844193-0001@[217.80.84.107]) by fmrl07.sul.t-online.com with smtp id 16vdzW-1uc7yiC; Thu, 11 Apr 2002 14:47:54 +0200 Received: (nullmailer pid 952 invoked by uid 1000); Thu, 11 Apr 2002 11:47:56 -0000 Date: Thu, 11 Apr 2002 13:47:56 +0200 From: Clemens Hermann To: Odhiambo Washington Cc: freebsd-isp@freebsd.org Subject: Re: CUSTOM BUILT SERVERS Message-ID: <20020411134756.A913@idefix.local> Mail-Followup-To: Clemens Hermann , Odhiambo Washington , freebsd-isp@freebsd.org References: <20020411112142.GE90954@ns2.wananchi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020411112142.GE90954@ns2.wananchi.com> X-Mailer: Mutt 1.2.5.1i (FreeBSD 4.5-RELEASE-p2 i386) X-Sender: 320080844193-0001@t-dialin.net Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Am 11.04.2002 um 14:21:42 schrieb Odhiambo Washington: Hi Wash, it's not completely clear to me if you are only looking for an email-solution or also apache config etc. So I'll just reply for e-mail for now :). > 1. Runs on BSD (FreeBSD most preferred) all MTA'S I know of that run on *NIX do run on FreeBSD > 2. Has support for virtual domains this should also be possible at most perhaps every MTA. Postfi'x and qmail have good solutions I know of. > 3. Robust support for aliasing also true for all "mainstream" MTAs :) > 4. GUI/Web Interface that will allow a mere 'operator' to manage it I like omail-admin very much. It has a great bunch of options and is easy to use. You can delegate different domains to different admins. The only drawback: You need a per-domain login so you have to logout and then login again if you want to configure different domains. But this is done in a second. omail-admin is on top of qmail/vmailmgr which are also both very good packages. qmail has this license-issue (no license at all) but I think most people can live with this. > 5. Gives webmail access to both 'real' and 'virtual' users this does not depend on the MTA. I would recommend imap-based webmail (not pop3) or directly accessing the mail-folder like omail-webmail does it (very fast, few overhead). My favourites are horde-imp and squirrelmail. > 6. Allows strict relay controlling? you mean smtp-auth/smtp-after-pop and IP-based relaying? postfix/qmail also offer this, Exim and sendmail probably also. > 7. Flexible MTA (Exim preffered) didn't you talk about security? Exim is not considered the most secure MTA e.g. because of its all-in-one architecture. qmail and postfix are more modular and so by design less vulnerable. Furthermore the performance of the latter is often said to be very good (especially in comparison to sendmail). > 8. Actively developed/supported qmail and postfix are, donno about the other. > 9. Possibly bundled with LDAP-based services qmail-ldap is available and seems to work great. It adds many functions to stock qmail and also has a web-interface for stuff. This interface even allows to login once and configure all domains without logoff/logon. > 10. Cost effective the software I was talking about is all free but it will take time to get into the subject. > 11. Can interface with a proprietary system like EXTENT RBS?? donno about this. What is it? > My boss suggests we buy something like that (bundled messaging server). I don't like these out-of the box windows-like solution. They don't offer the same flexibility as a custom configured setup. The never fit your needs as a setup where you selected the parts. Finally you have to learn your system anyway as admin. > This would 'free' me from having to worry so much about Exim, virtual > domains, courier-imap, but it might force you to stay at a once bought system and it would also take away all the positive apects of freedom from you :) > What advise do you have for me on this? Anything that you can recommend > will be appreciated. I have been usind qmail/vmailmgr/omail-admin/omail-webmail for a good while and it has served me very well. I 'll change to imp soon but the rest keeps as it is. hth /ch -- "Contrary to popular belief, Unix is user friendly. It just happens to be selective about who it makes friends with." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Apr 11 5:58:18 2002 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.imach.com (barbwire.iMach.com [206.127.77.82]) by hub.freebsd.org (Postfix) with ESMTP id AD18037B400 for ; Thu, 11 Apr 2002 05:58:00 -0700 (PDT) Received: from localhost (forrestc@localhost) by workhorse.imach.com (8.11.6/8.11.6) with ESMTP id g3B6qoP20424; Thu, 11 Apr 2002 06:52:51 GMT (envelope-from forrestc@imach.com) Date: Thu, 11 Apr 2002 06:52:50 +0000 (GMT) From: "Forrest W. Christian" To: Odhiambo Washington Cc: freebsd-isp@FreeBSD.ORG Subject: Re: CUSTOM BUILT SERVERS In-Reply-To: <20020411112142.GE90954@ns2.wananchi.com> Message-ID: <20020411065015.B20034-100000@workhorse.imach.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 11 Apr 2002, Odhiambo Washington wrote: > 1. Runs on BSD (FreeBSD most preferred) > 2. Has support for virtual domains > 3. Robust support for aliasing > 4. GUI/Web Interface that will allow a mere 'operator' to manage it > 5. Gives webmail access to both 'real' and 'virtual' users > 6. Allows strict relay controlling? > 7. Flexible MTA (Exim preffered) > 8. Actively developed/supported > 9. Possibly bundled with LDAP-based services > 10. Cost effective http://matt.simerson.net/computing/qmail.toaster.shtml If you want to buy one of these preconfigured look at: http://www.inter7.com the inter7 site is also home to several of the utilities in the qmail toaster, so you might want to peruse there. - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Apr 11 8:10:33 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mail4.cableaz.com (mail4.cableaz.com [66.218.238.20]) by hub.freebsd.org (Postfix) with ESMTP id 1AB7D37B416 for ; Thu, 11 Apr 2002 08:10:25 -0700 (PDT) Received: from caz (proxy.cableaz.com [66.218.238.31]) by mail4.cableaz.com (8.11.3/8.11.3) with SMTP id g3BF36F68505; Thu, 11 Apr 2002 08:03:06 -0700 (MST) (envelope-from jeremy@cableaz.com) Message-ID: <001901c1e16a$5fd28660$0c0aa8c0@caz> From: "Jeremy Buckner" To: "Odhiambo Washington" Cc: References: <20020411112142.GE90954@ns2.wananchi.com> Subject: Re: CUSTOM BUILT SERVERS Date: Thu, 11 Apr 2002 08:05:52 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have all my people using a webmin interface www.webmin.com You can set permissions for your CSRs and dictate what services they can control and how much control they have over each service. Setup is a snap. It's GUI is viewable via a web browser and can even have IP access lists. Very secure little program. Can update itself over the Internet too. It also supports pretty much all the "major" services that run on FreeBSD including Qmail. There are tons of modules you can install. Bottom line is that it has saved me lots of time not having to worry about what my people are messing up on my babies.... Jeremy Buckner ----- Original Message ----- From: "Odhiambo Washington" To: Sent: Thursday, April 11, 2002 4:21 AM Subject: CUSTOM BUILT SERVERS > > Hiya, > > I work for an ISP and one of the needs that we see arising is the need > to have a good number of staff being able to at least act as operators > for our core systems. I'm looking at a situation where e-mail accounts > can be added by Customer Service Staff, the small things can be done by > them and so I can dedicate my time on other things, like R&D. The Sysadmin > should only come in when there is a major issue. > > Currently I run a few FreeBSD boxes here and 2 RedHed boxes, each with some > applications to handle. We're stuck with Redhat boxes because of Oracle/EXTENT > RBS (I'm sure some of you know about RBS). > The FreeBSD boxes are my darlings - HTTP,DNS, POP, SMTP, Proxy, etc. I'm currently > having a secanrio where I have a couple hundred virtual domains which I serve > using Apache (Webmail), TPOP3D (POP3), EXIM and MySQL. It's a whole bandwagon > of apps but it works for me. > > Now OTOH I have these Customer Service staff whom I want to be able to operate > these services. You know what that means also in terms of security! My boss wants > me to do at least 4 hrs a day R&D so I have to shed off some ofmy work. > > Many of you out there must have come across these custom server. I am also willing > to pay for it. I am ready to discuss this with anyone. The important thing is > this is something that should take me thro at least the next 2 years before I > consider a change/upgrade. > > > The basic specs: > > > 1. Runs on BSD (FreeBSD most preferred) > 2. Has support for virtual domains > 3. Robust support for aliasing > 4. GUI/Web Interface that will allow a mere 'operator' to manage it > 5. Gives webmail access to both 'real' and 'virtual' users > 6. Allows strict relay controlling? > 7. Flexible MTA (Exim preffered) > 8. Actively developed/supported > 9. Possibly bundled with LDAP-based services > 10. Cost effective > 11. Can interface with a proprietary system like EXTENT RBS?? > > My boss suggests we buy something like that (bundled messaging server). > This would 'free' me from having to worry so much about Exim, virtual > domains, courier-imap, ldap (not yet running for me) - although I know > this may make me a pumpkin kinda.... > > What advise do you have for me on this? Anything that you can recommend > will be appreciated. > > All ideas, with supporting evidence if possible, are welcome. > > > -Wash > > Systems Admin - Wananchi Online Ltd. > > -- > Odhiambo Washington "The box said 'Requires > Wananchi Online Ltd. www.wananchi.com Windows 95, NT, or better,' > Tel: 254 2 313985-9 Fax: 254 2 313922 so I installed FreeBSD." > GSM: 254 72 743 223 GSM: 254 733 744 121 This sig is McQ! :-) > ++ > A jury consists of 12 persons chosen to decide > who has the better lawyer. > -- Robert Frost > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Apr 12 0:35:29 2002 Delivered-To: freebsd-isp@freebsd.org Received: from smtpout.mac.com (smtpout.mac.com [204.179.120.86]) by hub.freebsd.org (Postfix) with ESMTP id 444AC37B400 for ; Fri, 12 Apr 2002 00:35:25 -0700 (PDT) Received: from smtp-relay02.mac.com (smtp-relay02-qfe3 [10.13.10.225]) by smtpout.mac.com (8.12.1/8.10.2/1.0) with ESMTP id g3C7ZPW5007270 for ; Fri, 12 Apr 2002 00:35:25 -0700 (PDT) Received: from asmtp01.mac.com ([10.13.10.65]) by smtp-relay02.mac.com (Netscape Messaging Server 4.15 relay02 Jun 21 2001 23:53:48) with ESMTP id GUG2EV00.66Q for ; Fri, 12 Apr 2002 00:35:19 -0700 Received: from localhost ([207.6.134.194]) by asmtp01.mac.com (Netscape Messaging Server 4.15 asmtp01 Jun 21 2001 23:53:48) with ESMTP id GUG2EV00.PAW for ; Fri, 12 Apr 2002 00:35:19 -0700 Date: Fri, 12 Apr 2002 00:35:18 -0700 Subject: Bind and FTP Behind NAT?? Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v481) From: Tom Wiebe To: isp@freebsd.org Content-Transfer-Encoding: 7bit In-Reply-To: <001901c1e16a$5fd28660$0c0aa8c0@caz> Message-Id: X-Mailer: Apple Mail (2.481) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, I tried the archives and they seem to be down at the moment. I'm just patiently awaiting the installation of my SDSL connection and learned today that the preferred setup with my provider is to use NAT at the router. In other words, my servers will be located on a local network such as 192.168.x.x but will have different public IP addresses. I'll be needing to run FTP and DNS service on these machines for the dozen or so domains that we host and it just occured to me that this might require some additional configuration for these services. Can't seem to find any specifics at the moment, any pointers, tips, etc. you might be able to provide me with would be most appreciated. While we're on the topic, is it time to think about moving up to Bind 9.x yet, or should I still stick with 8.3.x? Thanks, Tom Wiebe The Image Foundation http://www.imagefoundation.com/ (604) 688-3124 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Apr 12 6:31:25 2002 Delivered-To: freebsd-isp@freebsd.org Received: from arnold.neland.dk (0x3ef312f8.albnxx2.adsl.tele.dk [62.243.18.248]) by hub.freebsd.org (Postfix) with ESMTP id F35CA37B41A for ; Fri, 12 Apr 2002 06:31:20 -0700 (PDT) Received: from gina ([192.168.5.109]) by arnold.neland.dk (8.12.2/8.12.2) with SMTP id g3CDVd4O093373; Fri, 12 Apr 2002 15:31:40 +0200 (CEST) (envelope-from leifn@neland.dk) Message-ID: <00b801c1e226$643ae320$6d05a8c0@neland.dk> From: "Leif Neland" To: "Tom Wiebe" , References: Subject: Re: Bind and FTP Behind NAT?? Date: Fri, 12 Apr 2002 15:31:42 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: base64 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org PiBJIHRyaWVkIHRoZSBhcmNoaXZlcyBhbmQgdGhleSBzZWVtIHRvIGJlIGRvd24gYXQgdGhlIG1v bWVudC4gSSdtIGp1c3QgDQo+IHBhdGllbnRseSBhd2FpdGluZyB0aGUgaW5zdGFsbGF0aW9uIG9m IG15IFNEU0wgY29ubmVjdGlvbiBhbmQgbGVhcm5lZCANCj4gdG9kYXkgdGhhdCB0aGUgcHJlZmVy cmVkIHNldHVwIHdpdGggbXkgcHJvdmlkZXIgaXMgdG8gdXNlIE5BVCBhdCB0aGUgDQo+IHJvdXRl ci4gSW4gb3RoZXIgd29yZHMsIG15IHNlcnZlcnMgd2lsbCBiZSBsb2NhdGVkIG9uIGEgbG9jYWwg bmV0d29yayBzdWNoIA0KPiBhcyAxOTIuMTY4LngueCBidXQgd2lsbCBoYXZlIGRpZmZlcmVudCBw dWJsaWMgSVAgYWRkcmVzc2VzLg0KPiANCj4gSSdsbCBiZSBuZWVkaW5nIHRvIHJ1biBGVFAgYW5k IEROUyBzZXJ2aWNlIG9uIHRoZXNlIG1hY2hpbmVzIGZvciB0aGUgZG96ZW4gDQo+IG9yIHNvIGRv bWFpbnMgdGhhdCB3ZSBob3N0IGFuZCBpdCBqdXN0IG9jY3VyZWQgdG8gbWUgdGhhdCB0aGlzIG1p Z2h0IA0KPiByZXF1aXJlIHNvbWUgYWRkaXRpb25hbCBjb25maWd1cmF0aW9uIGZvciB0aGVzZSBz ZXJ2aWNlcy4NCg0KVGhlIHNlcnZlcnMgdGhlbXNlbGYgZG9lcyBub3QgbmVlZCBhbnkgc3BlY2lh bCBjb25maWd1cmF0aW9uOyB0aGV5IGRvbid0IGNhcmUgd2hhdCBpcCB0aGV5IGFyZSBxdWVyaWVk IHdpdGguDQoNCllvdSBqdXN0IGNvbmZpZ3VyZSB0aGUgcm91dGVyIHRvIGRvIGhvc3QgbWFwcGlu ZywgSSB0aGluayB0aGUgdGVybSBpcy4NCg0KSnVzdCByZW1lbWJlciwgeW91IGNhbiBvbmx5IGhh dmUgb25lIHdlYnNlcnZlciwgb25lIGZ0cCBzZXJ2ZXIsIGV0YyB2aXNpYmxlIG9uIHRoZSBvdXRz aWRlLg0KVW5sZXNzIHlvdSB1c2Ugbm9uLXN0YW5kYXJkIHBvcnRzLCBpLmUuIG1hcCBwb3J0IDgw IHRvIDE5Mi4xNjguMC4xOjgwLCBwb3J0IDgxIHRvIDE5Mi4xNjguMC4yOjgwIGV0Yy4NCg0KIExl aWYNCg0K To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Apr 12 7:38: 2 2002 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.imach.com (barbwire.iMach.com [206.127.77.82]) by hub.freebsd.org (Postfix) with ESMTP id 335C737B404 for ; Fri, 12 Apr 2002 07:37:57 -0700 (PDT) Received: from localhost (forrestc@localhost) by workhorse.imach.com (8.11.6/8.11.6) with ESMTP id g3C8Xad25422; Fri, 12 Apr 2002 08:33:36 GMT (envelope-from forrestc@imach.com) Date: Fri, 12 Apr 2002 08:33:36 +0000 (GMT) From: "Forrest W. Christian" To: Tom Wiebe Cc: isp@FreeBSD.ORG Subject: Re: Bind and FTP Behind NAT?? In-Reply-To: Message-ID: <20020412082256.F25394-100000@workhorse.imach.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 12 Apr 2002, Tom Wiebe wrote: > I tried the archives and they seem to be down at the moment. I'm just > patiently awaiting the installation of my SDSL connection and learned > today that the preferred setup with my provider is to use NAT at the > router. In other words, my servers will be located on a local network such > as 192.168.x.x but will have different public IP addresses. > > I'll be needing to run FTP and DNS service on these machines for the dozen > or so domains that we host and it just occured to me that this might > require some additional configuration for these services. > > Can't seem to find any specifics at the moment, any pointers, tips, etc. > you might be able to provide me with would be most appreciated. There are two ways that they can do the translation. One is a 1:1 relationship between outside and inside addresses for the servers (i.e. all ports/prototcols are translated inside). The second is "port and network address translation" which is where they punch specific ports to specific servers. I.E. Port 80 on a specific outside address ends up going to a specific inside address port, and say port 53(dns) on the same outside address can go to a completely different port. Either way, there isn't anything special to do on your servers. The caution is that you can only have one inside service running per port per outside address. I.E. if you have 3 "real" ip's you can't have 4 web servers on port 80 running on four different internal addresses. One DNS caveat: In a lot of cases, nat devices like to try to intelligently rewrite dns packets. A better description would be "stupidly rewrite dns packets". A case in point would be the Cisco 675 which tries to rewrite any dns address response to some reasonable address, which is almost always wrong. If you are having problems with dns being mangled, suspect the nat box. > While we're on the topic, is it time to think about moving up to Bind 9.x > yet, or should I still stick with 8.3.x? I'm running bind9 on ns01.backupdns.com and it seems to be working fine. There are some differences, but mostly related to some security cleanup and changes caused by different ways of doing things as a result. - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Apr 12 7:48:25 2002 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.imach.com (barbwire.iMach.com [206.127.77.82]) by hub.freebsd.org (Postfix) with ESMTP id D603537B404 for ; Fri, 12 Apr 2002 07:48:19 -0700 (PDT) Received: from localhost (forrestc@localhost) by workhorse.imach.com (8.11.6/8.11.6) with ESMTP id g3C8hso25490; Fri, 12 Apr 2002 08:43:54 GMT (envelope-from forrestc@imach.com) Date: Fri, 12 Apr 2002 08:43:53 +0000 (GMT) From: "Forrest W. Christian" To: Leif Neland Cc: Tom Wiebe , Subject: Re: Bind and FTP Behind NAT?? In-Reply-To: <00b801c1e226$643ae320$6d05a8c0@neland.dk> Message-ID: <20020412083355.H25394-100000@workhorse.imach.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Oh missed ftp in the original response. Depending on the NAT implementation, you may find that only passive or only non-passive transfers work depending on the nat implementation. For connections originating on the private side, passive is required if the nat box doesn't do anything special as far as address/port rewriting in the ftp protocol itself. For connections originating from the internet, passive will generally not work but non-passive will under the set of conditions above. Be aware that some nat boxes only rewrite ftp in one direction. Thus, you might find that passive is required in both directions, or non-passive is required in both directions. Or that it just works. In short, if you have ftp transfer problems, have the user to swap his passive/non-passive ftp setting and try again. You may also have to play with port 20 firewall/nat settings. IN some cases, having 20 punched through is good, in others it is bad. Depends on the nat implementation. FYI, in non-passive (port) mode, the connection for the data transfers is made from the server to the client. In pasv mode, the connection is from the client to the server. NAT has to get involved to make both work through a firewall. - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Apr 12 21:42:35 2002 Delivered-To: freebsd-isp@freebsd.org Received: from void.devnull.com (void.devnull.com [216.65.213.209]) by hub.freebsd.org (Postfix) with ESMTP id 8165637B419 for ; Fri, 12 Apr 2002 21:42:31 -0700 (PDT) Received: (from root@localhost) by void.devnull.com (8.11.6/8.11.6) id g3D4gPK15875 for freebsd-isp@freebsd.org; Fri, 12 Apr 2002 21:42:25 -0700 (PDT) (envelope-from nobody@devnull.com) Date: Fri, 12 Apr 2002 21:42:25 -0700 (PDT) From: Rob Message-Id: <200204130442.g3D4gPK15875@void.devnull.com> To: freebsd-isp@freebsd.org Subject: Long Distance Phone only 1.8 cents a minute Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Long Distance Phone Service as low as 1.8 cents a minute. Click here for further details. Talk-A-Lot Communications http://216.65.213.218 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Apr 13 1:55: 7 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mta06bw.bigpond.com (mta06bw.bigpond.com [139.134.6.96]) by hub.freebsd.org (Postfix) with ESMTP id AE8DE37B405 for ; Sat, 13 Apr 2002 01:54:59 -0700 (PDT) Received: from MICHAEL2 ([144.135.24.78]) by mta06bw.bigpond.com (Netscape Messaging Server 4.15 mta06bw Feb 26 2002 03:44:21) with SMTP id GUI0RJ00.4R1; Sat, 13 Apr 2002 18:54:55 +1000 Received: from CPE-203-45-60-244.vic.bigpond.net.au ([203.45.60.244]) by bwmam04.mailsvc.email.bigpond.com(MailRouter V3.0j 29/1230804); 13 Apr 2002 18:54:55 Message-ID: <09aa01c1e2c8$e241e370$2701a8c0@MICHAEL2> From: "Michael Phaze" To: "Clemens Hermann" , "Odhiambo Washington" Cc: References: <20020411112142.GE90954@ns2.wananchi.com> <20020411134756.A913@idefix.local> Subject: Re: CUSTOM BUILT SERVERS Date: Sat, 13 Apr 2002 18:54:54 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I am using the qmail/vmailmgr/omail-admin/courier pop+imap/amavis anti virus setup, all compiled in the prefix /usr/local/mail so I can move it to another server if asked (something I have already been told to do by the boss) Works ok but I feel its a bit clunky, needing so many deps. (even excluding amavis) I have been considering trying the setup from this howto below http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/index.html I have seen a few people recommend IMP http://www.horde.org/imp/ but going to the web site all it seems to be is webmail php software and not a complete mail solution, can any one shed some light on this? ----- Original Message ----- From: "Clemens Hermann" To: "Odhiambo Washington" Cc: Sent: Thursday, April 11, 2002 9:47 PM Subject: Re: CUSTOM BUILT SERVERS > Am 11.04.2002 um 14:21:42 schrieb Odhiambo Washington: > > Hi Wash, > > it's not completely clear to me if you are only looking for an email-solution or > also apache config etc. > So I'll just reply for e-mail for now :). > > > 1. Runs on BSD (FreeBSD most preferred) > > all MTA'S I know of that run on *NIX do run on FreeBSD > > > 2. Has support for virtual domains > > this should also be possible at most perhaps every MTA. Postfi'x and qmail > have good solutions I know of. > > > 3. Robust support for aliasing > > also true for all "mainstream" MTAs :) > > > 4. GUI/Web Interface that will allow a mere 'operator' to manage it > > I like omail-admin very much. It has a great bunch of options and is easy to > use. You can delegate different domains to different admins. The only drawback: > You need a per-domain login so you have to logout and then login again if you > want to configure different domains. But this is done in a second. > > omail-admin is on top of qmail/vmailmgr which are also both very good packages. > qmail has this license-issue (no license at all) but I think most people c an > live with this. > > > 5. Gives webmail access to both 'real' and 'virtual' users > > this does not depend on the MTA. I would recommend imap-based webmail (not pop3) > or directly accessing the mail-folder like omail-webmail does it (very fast, few > overhead). > My favourites are horde-imp and squirrelmail. > > > 6. Allows strict relay controlling? > > you mean smtp-auth/smtp-after-pop and IP-based relaying? postfix/qmail also > offer this, Exim and sendmail probably also. > > > 7. Flexible MTA (Exim preffered) > > didn't you talk about security? Exim is not considered the most secure MTA > e.g. because of its all-in-one architecture. qmail and postfix are more > modular and so by design less vulnerable. Furthermore the performance of > the latter is often said to be very good (especially in comparison to sendmail). > > > 8. Actively developed/supported > > qmail and postfix are, donno about the other. > > > 9. Possibly bundled with LDAP-based services > > qmail-ldap is available and seems to work great. It adds many functions to stock > qmail and also has a web-interface for stuff. This interface even allows to > login once and configure all domains without logoff/logon. > > > 10. Cost effective > > the software I was talking about is all free but it will take time to get into > the subject. > > > 11. Can interface with a proprietary system like EXTENT RBS?? > > donno about this. What is it? > > > My boss suggests we buy something like that (bundled messaging server). > > I don't like these out-of the box windows-like solution. They don't offer > the same flexibility as a custom configured setup. The never fit your needs as > a setup where you selected the parts. > Finally you have to learn your system anyway as admin. > > > This would 'free' me from having to worry so much about Exim, virtual > > domains, courier-imap, > > but it might force you to stay at a once bought system and it would also take > away all the positive apects of freedom from you :) > > > What advise do you have for me on this? Anything that you can recommend > > will be appreciated. > > I have been usind qmail/vmailmgr/omail-admin/omail-webmail for a good while > and it has served me very well. I 'll change to imp soon but the rest keeps as > it is. > > hth > > /ch > > -- > "Contrary to popular belief, Unix is user friendly. > It just happens to be selective about who it makes friends with." > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Apr 13 10:33:40 2002 Delivered-To: freebsd-isp@freebsd.org Received: from exuma.irbs.com (exuma.irbs.com [216.86.160.252]) by hub.freebsd.org (Postfix) with ESMTP id 4DB7837B419 for ; Sat, 13 Apr 2002 10:33:37 -0700 (PDT) Received: from localhost (localhost.irbs.com [127.0.0.1]) by exuma.irbs.com (Postfix) with ESMTP id 5D91917430 for ; Sat, 13 Apr 2002 13:33:31 -0400 (EDT) Received: by exuma.irbs.com (Postfix, from userid 2500) id 1DF9617416; Sat, 13 Apr 2002 13:33:31 -0400 (EDT) Date: Sat, 13 Apr 2002 13:33:31 -0400 From: John Capo To: freebsd-isp@FreeBSD.ORG Subject: Re: CUSTOM BUILT SERVERS Message-ID: <20020413133331.A99389@exuma.irbs.com> Reply-To: jc@irbs.com References: <20020411112142.GE90954@ns2.wananchi.com> <20020411134756.A913@idefix.local> <09aa01c1e2c8$e241e370$2701a8c0@MICHAEL2> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <09aa01c1e2c8$e241e370$2701a8c0@MICHAEL2>; from michael@roq.com on Sat, Apr 13, 2002 at 06:54:54PM +1000 X-Virus-Scanned: by AMaViS snapshot-20010714 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: