From owner-freebsd-isp Sun Nov 10 0: 6:31 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DBD3437B401 for ; Sun, 10 Nov 2002 00:06:29 -0800 (PST) Received: from balhpl01.ncable.net.au (balhpl01.ncable.net.au [203.208.64.10]) by mx1.FreeBSD.org (Postfix) with SMTP id AE2A143E42 for ; Sun, 10 Nov 2002 00:06:26 -0800 (PST) (envelope-from curl@tcc-comp.com.au) Received: (qmail 13495 invoked from network); 10 Nov 2002 08:06:24 -0000 Received: from unknown (HELO bsd.tcc-comp.com.au) (203.208.66.160) by 10.2.193.244 with SMTP; 10 Nov 2002 08:06:24 -0000 Received: from 203.208.66.130 (CPE-20320868160.bal.ncable.net.au [203.208.68.160]) by bsd.tcc-comp.com.au (8.12.6/8.12.5) with SMTP id gAA84Qw0050007 for ; Sun, 10 Nov 2002 19:04:26 +1100 (EST) (envelope-from curl@tcc-comp.com.au) Message-Id: <200211100804.gAA84Qw0050007@bsd.tcc-comp.com.au> From: curl@tcc-comp.com.au Date: Sun, 10 Nov 2002 19:05:31 +1000 To: freebsd-isp@freebsd.org In-Reply-To: Subject: Re: X-Mailer: MR/2 Internet Cruiser Edition for Windows v2.30dw/30 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In , on 11/03/02 at 09:58 AM, Alexandr@Air.net.ua said: > Hi! >1)I have FreeBSD as a gateway between my LAN >and Internet. How can I count how many bytes >pass through gateway for each comp. in LAN? This is what we use here, and like it very much. http://www.simon.org.ua/ipa/ --- Stephen Walsh (vk3heg) Ph: 0409149641 [ah] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 10 0:24:25 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C9D9D37B401 for ; Sun, 10 Nov 2002 00:24:24 -0800 (PST) Received: from scan.pnc.com.au (scan.pnc.com.au [203.13.174.123]) by mx1.FreeBSD.org (Postfix) with SMTP id 0081943E4A for ; Sun, 10 Nov 2002 00:24:24 -0800 (PST) (envelope-from peterh@ripewithdecay.com) Received: (qmail 25823 invoked by uid 84); 10 Nov 2002 19:34:06 +1100 Received: from unknown (HELO dialup-193.129.221.203.acc02-high-pen.comindico.com.au) (203.13.174.1) by scan.pnc.com.au with SMTP; 10 Nov 2002 19:34:02 +1100 Date: Sun, 10 Nov 2002 19:24:38 +1100 (EST) From: Peter Hoskin X-X-Sender: peterh@extortion.peterh.dropbear.id.au To: Alexandr@Air.net.ua Cc: "freebsd-isp@FreeBSD.ORG" Subject: Re: your mail In-Reply-To: Message-ID: <20021110192409.M301-100000@extortion.peterh.dropbear.id.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Mozilla is a good browser. Its in both the ports & packages collection under www/mozilla. Regards, Peter Hoskin On Sun, 3 Nov 2002 Alexandr@Air.net.ua wrote: > Hi! > 1)I have FreeBSD as a gateway between my LAN > and Internet. How can I count how many bytes > pass through gateway for each comp. in LAN? > > 2)What is the best (small & fast) www browser > for XWindows that not need KDE or Gnome? > - Alexandr. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 10 7:48:11 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5825237B409 for ; Sun, 10 Nov 2002 07:48:10 -0800 (PST) Received: from mail.lambertfam.org (www.lambertfam.org [216.223.196.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id CB04143E3B for ; Sun, 10 Nov 2002 07:48:09 -0800 (PST) (envelope-from lambert@lambertfam.org) Received: from laptop.lambertfam.org (unknown [10.1.0.2]) by mail.lambertfam.org (Postfix) with ESMTP id CF63D351FA for ; Sun, 10 Nov 2002 10:48:02 -0500 (EST) Received: by laptop.lambertfam.org (Postfix, from userid 1000) id 31A3228B09; Sun, 10 Nov 2002 10:48:02 -0500 (EST) Date: Sun, 10 Nov 2002 10:48:02 -0500 From: Scott Lambert To: "freebsd-isp@FreeBSD.ORG" Subject: Re: your mail Message-ID: <20021110154802.GB42042@laptop.lambertfam.org> Mail-Followup-To: "freebsd-isp@FreeBSD.ORG" References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, Nov 03, 2002 at 09:58:14AM +0300, Alexandr@Air.net.ua wrote: > 2)What is the best (small & fast) www browser > for XWindows that not need KDE or Gnome? > - Alexandr. Small and fast: /usr/ports/www/opera Small, fast, a bit more stable, and more plugins: /usr/ports/www/linux-opera -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 10 13:42:33 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 52EB937B401 for ; Sun, 10 Nov 2002 13:42:31 -0800 (PST) Received: from users.munk.nu (213-152-51-194.dsl.eclipse.net.uk [213.152.51.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id E803F43E42 for ; Sun, 10 Nov 2002 13:42:29 -0800 (PST) (envelope-from munk@users.munk.nu) Received: from users.munk.nu (localhost [127.0.0.1]) by users.munk.nu (8.12.5/8.12.3) with ESMTP id gAALiB4g098129 for ; Sun, 10 Nov 2002 21:44:11 GMT (envelope-from munk@users.munk.nu) Received: (from munk@localhost) by users.munk.nu (8.12.5/8.12.3/Submit) id gAALiACE098128 for freebsd-isp@freebsd.org; Sun, 10 Nov 2002 21:44:10 GMT Date: Sun, 10 Nov 2002 21:44:10 +0000 From: Jez Hancock To: FreeBSD ISP List Subject: Re: per-user groups Message-ID: <20021110214410.GA98103@users.munk.nu> Mail-Followup-To: FreeBSD ISP List References: <20021105130922.A36056@cthulu.compt.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021105130922.A36056@cthulu.compt.com> User-Agent: Mutt/1.4i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Sorry to jump in on this thread so late, but this is relevant to what I was considering just yesterday. On Tue, Nov 05, 2002 at 01:09:23PM -0500, Klaus Steden wrote: > Can anyone explain to me the benefits of per-user groups? It seems to me that > modern *nix systems, FreeBSD included, create a new group for each user. > > Is there a security benefit (or some other benefit) to be had by this? Why has > it apparently been adopted as a convention by the free *nix flavours? My problem was with stopping one user, call him 'munk', from nosing around in another user's home directory, call him 'joe', whilst also allowing the apache web server to serve files from munk and joe's public_html directories (/home/munk/web and /home/joe/web). When I create the accounts, both munk and joe are assigned to their own unique groups, also called munk and joe. The problem arises when you attempt to stop munk and joe from looking in each other's home dirs by setting the permissions on their home directories recursively as: chmod -R o-rwx /home/munk chmod -R o-rwx /home/joe (ie do not allow 'other' user's or group members to read write or execute in the home dirs, recursively) This is fine if the apache daemon doesn't need access to either of these user's home directories (ie /home/munk/web) - however apache is generally run as user/group www/www by default on freebsd and as such with these permission settings on munk and joe's home dir, apache will not be able to access their public html directories. The solution to this then is to simply add the user 'www' to both the groups 'munk' and 'joe' in /etc/group: munk:*:1023:www munk:*:1024:www so that the www user, as a member of both the joe and munk groups, can easily access the files in /home/munk/web and /home/joe/web as it should be able to. As I see it this is the inherent beauty of assigning each user to their own unique group on a multi-user system - stopping each user from nosing around in other home directories in this way. Probably why it's been adopted on so many Unices as well. Cheers, Jez To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 10 21: 5:23 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB0C037B401 for ; Sun, 10 Nov 2002 21:05:21 -0800 (PST) Received: from kajack.infinithost.com (s142-179-166-201.ab.hsia.telus.net [142.179.166.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id DBCF543E77 for ; Sun, 10 Nov 2002 21:05:20 -0800 (PST) (envelope-from charford-list@infinithost.com) Received: from [192.168.1.32] (helo=infinithost.com) by kajack.infinithost.com with esmtp (Exim 4.10) id 18B6jK-00079i-00 for freebsd-isp@freebsd.org; Sun, 10 Nov 2002 22:03:22 -0700 Date: Sun, 10 Nov 2002 22:04:53 -0700 Mime-Version: 1.0 (Apple Message framework v546) From: Colin Harford To: freebsd-isp@freebsd.org Message-Id: <1D1CC516-F533-11D6-B003-000393A6FBE8@infinithost.com> X-Pgp-Agent: GPGMail 0.5.4 (v22 Jaguar) X-Mailer: Apple Mail (2.546) Content-Type: text/plain; charset=US-ASCII; format=flowed Subject: Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=-1.5 required=7.1 tests=PGP_SIGNATURE,SPAM_PHRASE_01_02,SUBJ_MISSING, USER_AGENT_APPLEMAIL version=2.43 X-Spam-Level: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am just wondering at what software people are using when they have to have same ID and passwords on different computers... I am currently looking at linking mail accounts on OpenBSD to system accounts on FreeBSD.... The machines in question have a secure link to each other, so unencrypted data between the computers is not a concern... Has anyone had any success using PAM (probably to mysql) for shell and email passwords. If so what version of PAM were you using (FreeBSD, OpenPam, etc) Thanks, CH This PGP signature is signed to charford at infinithost.com. If you have received this signature from a different email account please email that account and a different key will be sent. Sorry for any problems. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (Darwin) iD4DBQE9zzp5tf2vknGZ+KoRAtijAJ9dler/phFaX3ywzlAhpfX+n/SA+gCY60vf srquGAd5z6d9IJibjF5wRw== =3BuD -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 10 21: 9:26 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4D48137B401 for ; Sun, 10 Nov 2002 21:09:25 -0800 (PST) Received: from inet03.citec.qld.gov.au (inet03.citec.qld.gov.au [203.5.10.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 102B443E6E for ; Sun, 10 Nov 2002 21:09:24 -0800 (PST) (envelope-from sgcccdc@citec.qld.gov.au) Received: by inet03.citec.qld.gov.au; id gAB59Gn91633; Mon, 11 Nov 2002 15:09:16 +1000 (EST) Received: from citecub.citec.qld.gov.au( 131.242.4.98) by inet03.citec.qld.gov.au via smap (V2.0) id xma091062; Mon, 11 Nov 02 15:09:02 +1000 Received: from guru.citec.qld.gov.au by citecub.citec.qld.gov.au (SMI-8.6/SMI-SVR4) id PAA18270; Mon, 11 Nov 2002 15:08:57 +1000 Received: by guru.citec.qld.gov.au (Postfix, from userid 60097) id 6F445D96A; Mon, 11 Nov 2002 15:08:57 +1000 (EST) Received: from localhost (localhost [127.0.0.1]) by guru.citec.qld.gov.au (Postfix) with ESMTP id 5ED101F5B; Mon, 11 Nov 2002 15:08:57 +1000 (EST) Date: Mon, 11 Nov 2002 15:08:57 +1000 (EST) From: Colin Campbell To: Colin Harford Cc: Subject: Re: your mail In-Reply-To: <1D1CC516-F533-11D6-B003-000393A6FBE8@infinithost.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, On Sun, 10 Nov 2002, Colin Harford wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I am just wondering at what software people are using when they have to > have same ID and passwords on different computers... Why not LDAP? Colin -- Colin Campbell Unix Support/Postmaster/Hostmaster CITEC +61 7 3227 6334 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 10 21:28:53 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CCB5F37B401 for ; Sun, 10 Nov 2002 21:28:51 -0800 (PST) Received: from kajack.infinithost.com (s142-179-166-201.ab.hsia.telus.net [142.179.166.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 35B3343E77 for ; Sun, 10 Nov 2002 21:28:51 -0800 (PST) (envelope-from charford-list@infinithost.com) Received: from [192.168.1.32] (helo=infinithost.com) by kajack.infinithost.com with esmtp (Exim 4.10) id 18B76O-00013Y-00; Sun, 10 Nov 2002 22:27:12 -0700 Date: Sun, 10 Nov 2002 22:28:41 -0700 Mime-Version: 1.0 (Apple Message framework v546) Cc: To: Colin Campbell From: Colin Harford In-Reply-To: Message-Id: <702B747E-F536-11D6-B003-000393A6FBE8@infinithost.com> X-Pgp-Agent: GPGMail 0.5.4 (v22 Jaguar) X-Mailer: Apple Mail (2.546) Subject: Re: your mail Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=-4.0 required=7.1 tests=EMAIL_ATTRIBUTION,IN_REP_TO,PGP_SIGNATURE, QUOTED_EMAIL_TEXT,SPAM_PHRASE_03_05,TO_BE_REMOVED_REPLY, USER_AGENT_APPLEMAIL version=2.43 X-Spam-Level: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I don't know, I am right now just looking at options... (doing research so I can come up with an idea of what will meet my needs the best) I am in need of something quite flexible (which ldap is in my previous work with it) that I can authenticate shell passwords and email passwords from primarily, but as well other services as need be. I am assuming ldap is integrated through pam still? (most google hits bring ldap and pam together). Frankly, right now I am not too concerned about what program stores the info, as long as it can integrate and fairly secure.... CH On Sunday, November 10, 2002, at 10:08 PM, Colin Campbell wrote: > Hi, > > On Sun, 10 Nov 2002, Colin Harford wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I am just wondering at what software people are using when they have >> to >> have same ID and passwords on different computers... > > Why not LDAP? > > Colin > -- > Colin Campbell > Unix Support/Postmaster/Hostmaster > CITEC > +61 7 3227 6334 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > This PGP signature is signed to charford at infinithost.com. If you have received this signature from a different email account please email that account and a different key will be sent. Sorry for any problems. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (Darwin) iD8DBQE9z0APtf2vknGZ+KoRArkFAJwPNSgRqJ4lNDZeVeOIrYxp8CLWIwCfYUhm 5u9E4Rgxfb7dwOeS4bPH8yk= =Vvr0 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 10 23:54: 0 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D92B37B401 for ; Sun, 10 Nov 2002 23:53:59 -0800 (PST) Received: from starinsu.com (ftp.starinsu.co.kr [203.252.5.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B64943E42 for ; Sun, 10 Nov 2002 23:53:37 -0800 (PST) (envelope-from xzhtgs@163.com) Received: from plain ([211.90.137.93]) by starinsu.com (8.9.3/8.9.3) with SMTP id QAA18832 for ; Mon, 11 Nov 2002 16:53:13 +0900 (KST) From: xzhtgs@163.com Message-Id: <200211110753.QAA18832@starinsu.com> To: freebsd-isp@freebsd.org Subject: Ô¶³ÌË«½ÊÏßÊÓƵÊÕ·¢Æ÷ Date: Mon, 11 Nov 2002 15:53:31 Mime-Version: 1.0 Content-Type: text/plain; charset="DEFAULT_CHARSET" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org HT-SJ1500ʹÓõçÄÔÎåÀàË«½ÊÏß´«ËÍÊÓƵÐźţ¬ÌرðÊÊÓÃÓÚÖÇÄÜ´óÂ¥×ÛºÏ ²¼Ïß¼à¿Øϵͳ»òÆäËûÔ¶³Ì¼à¿Ø¼°ÓÐÑÏÖع¤Òµ¸ÉÈÅÔ´µÄ³¡ºÏʹÓã¬Æä¼Û¸ñµÍ¡¢ ¿¹¸ÉÈÅÐÔÇ¿£¬Í¼ÏóÖÊÁ¿ºÃ¡¢¾àÀë¿É´ï2000Ã×,¼ÓÖм̿ɴïÊýǧÃ×£¬Ê¹ÓÃÒ»¸ù ËĶÔË«½ÊÏß¼´¿Éͬʱ´«ËÍÊÓƵ¡¢ÒôƵ¡¢½âÂëºÍµçÔ´»òËÄ·ͼÏó. ×îвúÆ·:ÐÔÄÜÒ»Á÷µÄÍøÂçÊÓƵ²úÆ·ÍøÉÏÑÝʾ£¬¿Éͨ¹ý»¥Á¬ÍøÌæ´úÆóÒµ 800µç»°£¬¸ü¿ÉÓë¿Í»§×ö¿ÉÊÓ½»Á÷£¬»¶Ó­ÏÂÔØ×îпͻ§¶ËÈí¼þÓëÎÒ¹«Ë¾¿Í»§ ·þÎñÈËÔ±Ö±½ÓÍøÉϽ»Ì¸¡£www.webht.com xzhtgs@163.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 11 3: 7:13 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C20837B401 for ; Mon, 11 Nov 2002 03:07:11 -0800 (PST) Received: from web20103.mail.yahoo.com (web20103.mail.yahoo.com [216.136.226.40]) by mx1.FreeBSD.org (Postfix) with SMTP id 129A843E3B for ; Mon, 11 Nov 2002 03:07:06 -0800 (PST) (envelope-from freefabri@yahoo.it) Message-ID: <20021111110705.81900.qmail@web20103.mail.yahoo.com> Received: from [193.227.212.131] by web20103.mail.yahoo.com via HTTP; Mon, 11 Nov 2002 12:07:05 CET Date: Mon, 11 Nov 2002 12:07:05 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: two natd connections To: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello all I'll go straight to the problem Network diagram: ____________ ADSL adsl | fbsd |192.168.1.1 ISP---router-----|ed0-GW-fxp0|----------LAN 10.0.0.1|___|fxp1___| 192.168.1.x |195. |223.20.100 |_______ | HDSL(2Mb) Router fbsd DMZ ISP--------cisco----bridge--HUB-------DMZ Servers 195.223.20.1 The fbsd gateway is configured as a natd machine /etc/rc.conf: gateway_enable="YES" firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" natd_interface="ed0" natd_flags="" /etc/rc.firewall: case ${firewall_type} in [Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt]) case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then ${fwcmd} add 50 divert natd all from any to any via ${natd_interface} fi ;; esac esac We have installed the new cable from the gateway (fxp1) to the Dmz Hub in order that if a Client on the LAN wants to go to some Dmz servers they don't go trough the slow ADSL line but routed directly to the dmz hub to reach the servers. This also because the HDSL line (2MB) is cost effective. The gateway is a FreeBSD 4.5, and works well to route the traffic from the Lan to internet especially for http-traffic. The real problem is that the new link to reach the dmz internally (Gw-fxp1--->DMZ Hub) doesn't work at all. If I do a netstat -rn on the gateway machine I can see the routes to reach the dmz, and if I ping from the Gw for example 195.223.20.4 it works well. But from a Lan client It doesn't. To solve the problem We tried to run on the GW: natd -interface fxp1 in order to nat all the traffic to the dmz and put another rule (number 53) in rc.firewall like this: --snip--- if [ -n "${natd_interface}" ]; then ${fwcmd} add 50 divert natd all from any to any via ${natd_interface} ${fwcmd} add 53 divert natd all from any to any via fxp1 fi ;; --snip--- But it doesn't work, when we run the "natd -interface fxp1" we receive this error: "Unable to bind to divert socket address already in use". Is because there are two instances of natd running? but we need two! Is there any way to do what I want? The Lan clients should always be able to reach internet via the adsl link and if they want to "talk" to the dmz servers they pass directly to them without pass through ADSLlink---Internet---HDSLlink---dmz that is cost effective. Any help would be appreciated Many thanks ______________________________________________________________________ Mio Yahoo!: personalizza Yahoo! come piace a te http://it.yahoo.com/mail_it/foot/?http://it.my.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 11 5:38: 3 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 11B4B37B401 for ; Mon, 11 Nov 2002 05:38:00 -0800 (PST) Received: from mg.ihep.su (mg.ihep.su [194.190.161.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 32E8043E6E for ; Mon, 11 Nov 2002 05:37:58 -0800 (PST) (envelope-from Alexandre.Kardanev@ihep.su) Received: by mg.ihep.su (Postfix, from userid 65436) id F36D5B5486; Mon, 11 Nov 2002 16:37:54 +0300 (MSK) Received: from sirius-b.ihep.su (sirius-b.ihep.su [194.190.161.4]) by mg.ihep.su (Postfix) with ESMTP id 4E082B51C3; Mon, 11 Nov 2002 16:37:54 +0300 (MSK) Received: from Sirius.ihep.su (sirius.ihep.su [194.190.161.68]) by sirius-b.ihep.su (8.10.0/8.10.0) with ESMTP id gABDc2d07601; Mon, 11 Nov 2002 16:38:02 +0300 (MSK) X-Sender: kardanev@sirius.ihep.su Received: from localhost by Sirius.ihep.su (8.9.3/1.1.22.3/03Apr00-0540PM) id QAA0000038910; Mon, 11 Nov 2002 16:37:51 +0300 (MSK) Date: Mon, 11 Nov 2002 16:37:51 +0300 (MSK) From: Alexandre Kardanev To: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Cc: freebsd-isp@freebsd.org Subject: Re: two natd connections In-Reply-To: <20021111110705.81900.qmail@web20103.mail.yahoo.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi! On Mon, 11 Nov 2002, [iso-8859-1] Fabrizio Ravazzini wrote: > Hello all I'll go straight to the problem > Network diagram: > ____________ > ADSL adsl | fbsd |192.168.1.1 > ISP---router-----|ed0-GW-fxp0|----------LAN > 10.0.0.1|___|fxp1___| 192.168.1.x > |195. > |223.20.100 > |_______ > | > HDSL(2Mb) Router fbsd DMZ > ISP--------cisco----bridge--HUB-------DMZ Servers > 195.223.20.1 > > The fbsd gateway is configured as a natd machine > /etc/rc.conf: > gateway_enable="YES" > firewall_enable="YES" > firewall_type="OPEN" > natd_enable="YES" > natd_interface="ed0" > natd_flags="" > > /etc/rc.firewall: > case ${firewall_type} in > [Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt]) > case ${natd_enable} in > [Yy][Ee][Ss]) > if [ -n "${natd_interface}" ]; then > ${fwcmd} add 50 divert natd all > from any to any via ${natd_interface} > fi > ;; > esac > esac > There are many solutions, and simplest are: 1) add "ip route 192.168.1.0 255.255.255.0 195.223.20.100" on Cisco in "config" mode and remove second natd. 2) configure dinamic route protocol (RIP, OSPF) on Cisco, fbsd and maybe on DMZ computers. Remove second natd. 3) add static route to LAN on DMZ computers. Remove second natd. 4) "man natd" about "-port", to use another divert socket for second natd. Install second natd through /usr/local/etc/rc.d/natd.sh self-written script. > We have installed the new cable from the gateway > (fxp1) to the Dmz Hub in order that if a Client on the > LAN wants to go to some Dmz servers they don't go > trough the slow ADSL line but routed directly > to the dmz hub to reach the servers. > This also because the HDSL line (2MB) is cost > effective. > The gateway is a FreeBSD 4.5, and works well to route > the traffic from the Lan to internet > especially for http-traffic. > The real problem is that the new link to reach the dmz > internally (Gw-fxp1--->DMZ Hub) doesn't work at all. > If I do a netstat -rn on the gateway machine I can see > the routes to reach the dmz, and if I ping from the Gw > for example 195.223.20.4 it works well. > But from a Lan client It doesn't. > To solve the problem We tried to run on the GW: > natd -interface fxp1 > in order to nat all the traffic to the dmz and put > another rule (number 53) > in rc.firewall like this: > > --snip--- > if [ -n "${natd_interface}" ]; then > ${fwcmd} add 50 divert natd all from any to any via > ${natd_interface} > ${fwcmd} add 53 divert natd all from any to any via > fxp1 > fi > ;; > --snip--- > > > But it doesn't work, when we run the "natd -interface > fxp1" we receive this error: > > "Unable to bind to divert socket address already in > use". > > Is because there are two instances of natd running? > but we need two! > Is there any way to do what I want? The Lan clients > should always be able to reach internet > via the adsl link and if they want to "talk" to the > dmz servers they pass directly to them without > pass through ADSLlink---Internet---HDSLlink---dmz that > is cost effective. > > Any help would be appreciated > Many thanks > > ______________________________________________________________________ > Mio Yahoo!: personalizza Yahoo! come piace a te > http://it.yahoo.com/mail_it/foot/?http://it.my.yahoo.com/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > ABK2-RIPE ------------------- "If the proper preparations have been made and the necessary precautions taken, any staged event is guaranteed success" -Ethelred the Unready To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 11 5:55:35 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC89B37B401 for ; Mon, 11 Nov 2002 05:55:31 -0800 (PST) Received: from web20108.mail.yahoo.com (web20108.mail.yahoo.com [216.136.226.45]) by mx1.FreeBSD.org (Postfix) with SMTP id 01ABD43E42 for ; Mon, 11 Nov 2002 05:55:31 -0800 (PST) (envelope-from freefabri@yahoo.it) Message-ID: <20021111135530.38125.qmail@web20108.mail.yahoo.com> Received: from [193.227.212.131] by web20108.mail.yahoo.com via HTTP; Mon, 11 Nov 2002 14:55:30 CET Date: Mon, 11 Nov 2002 14:55:30 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: Re: two natd connections To: Alexandre Kardanev Cc: freebsd-isp@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello and thanks for the reply, I think the best for us is the solution 4), I've seen the natd man but I'm steel confused. Is the -port for redirecting only some ports like 23,80 etc, or I can redirect all traffic to that network segment? Or have you any examples? Thanks --- Alexandre Kardanev ha scritto: > > Hi! > > On Mon, 11 Nov 2002, [iso-8859-1] Fabrizio Ravazzini > wrote: > > > Hello all I'll go straight to the problem > > Network diagram: > > ____________ > > ADSL adsl | fbsd |192.168.1.1 > > ISP---router-----|ed0-GW-fxp0|----------LAN > > 10.0.0.1|___|fxp1___| 192.168.1.x > > |195. > > |223.20.100 > > |_______ > > | > > HDSL(2Mb) Router fbsd DMZ > > ISP--------cisco----bridge--HUB-------DMZ Servers > > 195.223.20.1 > > > > The fbsd gateway is configured as a natd machine > > /etc/rc.conf: > > gateway_enable="YES" > > firewall_enable="YES" > > firewall_type="OPEN" > > natd_enable="YES" > > natd_interface="ed0" > > natd_flags="" > > > > /etc/rc.firewall: > > case ${firewall_type} in > > [Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt]) > > case ${natd_enable} in > > [Yy][Ee][Ss]) > > if [ -n "${natd_interface}" ]; then > > ${fwcmd} add 50 divert natd all > > from any to any via ${natd_interface} > > fi > > ;; > > esac > > esac > > > There are many solutions, and simplest are: > 1) add "ip route 192.168.1.0 255.255.255.0 > 195.223.20.100" on Cisco in > "config" mode and remove second natd. > 2) configure dinamic route protocol (RIP, OSPF) on > Cisco, fbsd and maybe > on DMZ computers. Remove second natd. > 3) add static route to LAN on DMZ computers. Remove > second natd. > 4) "man natd" about "-port", to use another divert > socket for second > natd. Install second natd through > /usr/local/etc/rc.d/natd.sh > self-written script. > > > > We have installed the new cable from the gateway > > (fxp1) to the Dmz Hub in order that if a Client on > the > > LAN wants to go to some Dmz servers they don't go > > trough the slow ADSL line but routed directly > > to the dmz hub to reach the servers. > > This also because the HDSL line (2MB) is cost > > effective. > > The gateway is a FreeBSD 4.5, and works well to > route > > the traffic from the Lan to internet > > especially for http-traffic. > > The real problem is that the new link to reach the > dmz > > internally (Gw-fxp1--->DMZ Hub) doesn't work at > all. > > If I do a netstat -rn on the gateway machine I can > see > > the routes to reach the dmz, and if I ping from > the Gw > > for example 195.223.20.4 it works well. > > But from a Lan client It doesn't. > > To solve the problem We tried to run on the GW: > > natd -interface fxp1 > > in order to nat all the traffic to the dmz and put > > another rule (number 53) > > in rc.firewall like this: > > > > --snip--- > > if [ -n "${natd_interface}" ]; then > > ${fwcmd} add 50 divert natd all from any to any > via > > ${natd_interface} > > ${fwcmd} add 53 divert natd all from any to any > via > > fxp1 > > fi > > ;; > > --snip--- > > > > > > But it doesn't work, when we run the "natd > -interface > > fxp1" we receive this error: > > > > "Unable to bind to divert socket address already > in > > use". > > > > Is because there are two instances of natd > running? > > but we need two! > > Is there any way to do what I want? The Lan > clients > > should always be able to reach internet > > via the adsl link and if they want to "talk" to > the > > dmz servers they pass directly to them without > > pass through ADSLlink---Internet---HDSLlink---dmz > that > > is cost effective. > > > > Any help would be appreciated > > Many thanks > > > > > ______________________________________________________________________ > > Mio Yahoo!: personalizza Yahoo! come piace a te > > > http://it.yahoo.com/mail_it/foot/?http://it.my.yahoo.com/ > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the > message > > > > > ABK2-RIPE > ------------------- > "If the proper preparations have been made and > the necessary precautions > taken, any staged event is guaranteed success" > -Ethelred the > Unready > ______________________________________________________________________ Mio Yahoo!: personalizza Yahoo! come piace a te http://it.yahoo.com/mail_it/foot/?http://it.my.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 11 16:12:58 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B91D937B401 for ; Mon, 11 Nov 2002 16:12:57 -0800 (PST) Received: from spooky.eis.net.au (spooky.eis.net.au [203.12.171.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 98F7643E42 for ; Mon, 11 Nov 2002 16:12:56 -0800 (PST) (envelope-from ernie@spooky.eis.net.au) Received: from spooky.eis.net.au (localhost [127.0.0.1]) by spooky.eis.net.au (8.12.6/8.12.5) with ESMTP id gAC0CjIQ013137 for ; Tue, 12 Nov 2002 10:12:45 +1000 (EST) (envelope-from ernie@spooky.eis.net.au) Received: (from ernie@localhost) by spooky.eis.net.au (8.12.6/8.12.3/Submit) id gAC0Ci5I013136 for freebsd-isp@freebsd.org; Tue, 12 Nov 2002 10:12:44 +1000 (EST) From: Ernie Elu Message-Id: <200211120012.gAC0Ci5I013136@spooky.eis.net.au> Subject: Load balancing two unrelated links To: freebsd-isp@freebsd.org Date: Tue, 12 Nov 2002 10:12:44 +1000 (EST) X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have a situation where there are two links running from one site to another, one link is an ADSL 2MB service and the other is a 2MB Frame relay, there is a FreeBSD box at each end that is connected to both services routers by ethernet, and static routes with no load balancing whatsoever. What's the most practical way to balance and share these links so it behaves as close as possible to a single 4MB service. - Ernie. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 12 0:57: 1 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 497E437B401 for ; Tue, 12 Nov 2002 00:57:00 -0800 (PST) Received: from tin.blazingdot.com (tin.blazingdot.com [207.154.84.81]) by mx1.FreeBSD.org (Postfix) with SMTP id D3BB943E75 for ; Tue, 12 Nov 2002 00:56:59 -0800 (PST) (envelope-from marcus@blazingdot.com) Received: (qmail 51601 invoked by uid 1001); 12 Nov 2002 08:56:54 -0000 Date: Tue, 12 Nov 2002 00:56:54 -0800 From: Marcus Reid To: Jez Hancock Cc: FreeBSD ISP List Subject: Re: per-user groups Message-ID: <20021112085654.GA55722@blazingdot.com> References: <20021105130922.A36056@cthulu.compt.com> <20021110214410.GA98103@users.munk.nu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021110214410.GA98103@users.munk.nu> User-Agent: Mutt/1.3.27i Coffee-Level: high Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi: On Sun, Nov 10, 2002 at 09:44:10PM +0000, Jez Hancock wrote: ..snip.. > The solution to this then is to simply add the user > 'www' to both the groups 'munk' and 'joe' in /etc/group: > > > munk:*:1023:www > munk:*:1024:www > > > so that the www user, as a member of both the joe and munk groups, > can easily access the files in /home/munk/web and /home/joe/web as it > should be able to. ..snip.. Sounds kind of wild to me.. For one thing, if you allow your users to use CGIs, they can run anything as the www user and be in the group of all of your other users. Another way to do almost the same thing is to have the users home directory perms set to rwxr-x--x. Apache can get to the users public_html directory, and noone can get a directory listing of another persons home directory. Users still have to make sure that files they don't want to be world readable aren't world readable, but it's a solution that suits my tastes a little better. Marcus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 12 1:49:55 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A34A237B401 for ; Tue, 12 Nov 2002 01:49:54 -0800 (PST) Received: from mail.yazzy.org (mail.yazzy.org [80.232.16.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1371A43E77 for ; Tue, 12 Nov 2002 01:49:47 -0800 (PST) (envelope-from yazzy@yazzy.org) Received: by mail.yazzy.org (Postfix, from userid 1001) id 9671FA847; Tue, 12 Nov 2002 02:27:04 +0100 (CET) Date: Tue, 12 Nov 2002 02:27:04 +0100 From: "Marcin M. Jessa" To: freebsd-isp@freebsd.org Subject: Ipsec Message-ID: <20021112012704.GA56571@yazzy.org> Reply-To: "Marcin M. Jessa" Mail-Followup-To: freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: ezUnix.org X-Operating-System: FreeBSD 4.7-RELEASE i386 2:16AM up 20 days, 20:18, 1 user, load averages: 0.00, 0.00, 0.00 X-Editor: Vim http://www.vim.org/ X-Mailer: Mutt http://www.mutt.org/ X-Info: http://www.ezUnix.org/ User-Agent: Mutt/1.5.1i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi guys. I have a firewall box at work with racoon on it. It worked perfectly together with another freebsd firewall placed at my home. This was based on a pre-shared key authentication method with specified IP's. I want to replace a VPN box at work with windows on it used bye some of my co-workers to connect to their desktops. The windows box accepts connections from any host since people who connect to it do not have static IP's. How could I achieve it? How can I run racoon for any host with a proper key. How to set up gif device and how to allow any LAN subnet to connect. One more thing. I would like some of the servers connected to my box to have their own pass and propably rules. This is becouse I'd like to change the pre-shared key for my "plain" users every month and leave the secret key for the servers. How can one do that? Cheers, YazzY To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 12 3: 8:45 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 493ED37B401 for ; Tue, 12 Nov 2002 03:08:44 -0800 (PST) Received: from hotmail.com (f187.law10.hotmail.com [64.4.15.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F65143E3B for ; Tue, 12 Nov 2002 03:08:44 -0800 (PST) (envelope-from andrew__nelson@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 12 Nov 2002 03:08:43 -0800 Received: from 211.28.96.69 by lw10fd.law10.hotmail.msn.com with HTTP; Tue, 12 Nov 2002 11:08:43 GMT X-Originating-IP: [211.28.96.69] From: "Andrew Nelson" To: freebsd-isp@freebsd.org Subject: How can I supress named-xfer warnings from syslog ? Date: Tue, 12 Nov 2002 22:08:43 +1100 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 12 Nov 2002 11:08:43.0953 (UTC) FILETIME=[DD411A10:01C28A3B] Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Can any please tell me how to stop named-xfer writing to /var/log/messages? Can I put all the warnings in a different file? I'm getting heaped with entries like: Nov 12 22:04:28 trevor named-xfer[452]: [192.168.0.6] not authoritative for icecreams.fk, SOA query got rcode 0, aa 0, ancount 0, aucount 9 that I don't want to know about until i'm ready to deal with it. Thanks, Andrew. _________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 12 7:27:38 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE5D337B401 for ; Tue, 12 Nov 2002 07:27:32 -0800 (PST) Received: from web20102.mail.yahoo.com (web20102.mail.yahoo.com [216.136.226.39]) by mx1.FreeBSD.org (Postfix) with SMTP id 5DB4C43E6E for ; Tue, 12 Nov 2002 07:27:27 -0800 (PST) (envelope-from freefabri@yahoo.it) Message-ID: <20021112152726.15543.qmail@web20102.mail.yahoo.com> Received: from [193.227.212.131] by web20102.mail.yahoo.com via HTTP; Tue, 12 Nov 2002 16:27:26 CET Date: Tue, 12 Nov 2002 16:27:26 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: Re: two natd connections To: Alexandre Kardanev Cc: freebsd-isp@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, Thanks, we have managed to run the second copy of natd: natd -interface fxp1 -port 8669 without errors but if from a client we try to ping the dmz, there is still not any route. Also the traceroute dies on the gateway. From the gateway to the dmz there is the route because we can ping from it. Any other help? perhaps do we have to enable IPFIREWALL_FORWARDING in the kernel and add some ipfw fwd rules in the /etc/rc.firewall? Or any other tricks? --- Alexandre Kardanev ha scritto: > On Mon, 11 Nov 2002, [iso-8859-1] Fabrizio Ravazzini > wrote: > > > Hello I've added that two lines in rc.firewall as > you > > told: > > ipfw 53 add divert 8669 ip from 192.168.1.0/24 to > > 195.223.20.100 via fxp1 > > ipfw 55 add divert 8669 ip from 195.223.20.100 to > > any via fxp1 > > > > The 195.223.20.100 is the fxp1, but now if we > start > > the natd as: > > natd -i fxp1 -p 8669 > > > Sorry... Remembering tcpdump, I just shortened > "-interface" to "-i" not > to "-n" > Right command - natd -n fxp1 -p 8669 > or natd -interface fxp1 -port 8669 > > > > we have the error: > > natd:unknown service fxp1 / divert > > > > Any other help/ideas? > > > > > > > > --- Alexandre Kardanev > > > ha scritto: > On Mon, 11 Nov 2002, Alexandre > Kardanev > > wrote: > > > > > > > Hi! > > > > On Mon, 11 Nov 2002, [iso-8859-1] Fabrizio > > > Ravazzini wrote: > > > > > > > > > Hello and thanks for the reply, I think the > best > > > for > > > > > us is the solution 4), I've seen the natd > man > > > but I'm > > > > > steel confused. > > > > > Is the -port for redirecting only some ports > > > like > > > > > 23,80 etc, or I can redirect all traffic to > that > > > > > network segment? > > > > > > > > I have no examples but you can use something > like > > > this: > > > > > > > > natd -i fxp1 -p 8669 > > > > (By default, natd connects to 8668/devert > socket, > > > its already busy so we > > > > have to change it for something else) > > > > > > > > ipfw 53 add divert 8669 ip from 192.168.1.0/24 > to > > > 195.223.20.0/24 via fxp1 > > > > > > Sorry, the next string have error so it should > be > > > read as > > > ipfw 53 add diver 8669 ip from 195.223.20.0/24 > to > > > any via fxp1 > > > > > > > ipfw 53 add divert 8669 ip from > 195.223.20.0/24 to > > > 192.168.1.0/24 via fxp1 > > > > > > -----------------------------------------------------^^^^^^^^^^^ > > > > (Divert all packets between LAN and DMZ) > > > > > > > > > Or have you any examples? > > > > > Thanks > > > > > --- Alexandre Kardanev > > > ha > > > > > scritto: > > > > > > > Hi! > > > > > > > > > > > > On Mon, 11 Nov 2002, [iso-8859-1] Fabrizio > > > Ravazzini > > > > > > wrote: > > > > > > > > > > > > > Hello all I'll go straight to the > problem > > > > > > > Network diagram: > > > > > > > ____________ > > > > > > > ADSL adsl | fbsd > |192.168.1.1 > > > > > > > > ISP---router-----|ed0-GW-fxp0|----------LAN > > > > > > > 10.0.0.1|___|fxp1___| > 192.168.1.x > > > > > > > |195. > > > > > > > |223.20.100 > > > > > > > |_______ > > > > > > > | > > > > > > > HDSL(2Mb) Router fbsd DMZ > > > > > > > > ISP--------cisco----bridge--HUB-------DMZ > > > Servers > > > > > > > 195.223.20.1 > > > > > > > > > > > > > > The fbsd gateway is configured as a natd > > > machine > > > > > > > /etc/rc.conf: > > > > > > > gateway_enable="YES" > > > > > > > firewall_enable="YES" > > > > > > > firewall_type="OPEN" > > > > > > > natd_enable="YES" > > > > > > > natd_interface="ed0" > > > > > > > natd_flags="" > > > > > > > > > > > > > > /etc/rc.firewall: > > > > > > > case ${firewall_type} in > > > > > > > > [Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt]) > > > > > > > case ${natd_enable} in > > > > > > > [Yy][Ee][Ss]) > > > > > > > if [ -n "${natd_interface}" ]; then > > > > > > > ${fwcmd} add 50 divert natd all > > > > > > > > > > > from any to any via ${natd_interface} > > > > > > > fi > > > > > > > ;; > > > > > > > esac > > > > > > > esac > > > > > > > > > > > > > There are many solutions, and simplest > are: > > > > > > 1) add "ip route 192.168.1.0 255.255.255.0 > > > > > > 195.223.20.100" on Cisco in > > > > > > "config" mode and remove second natd. > > > > > > 2) configure dinamic route protocol (RIP, > > > OSPF) on > > > > > > Cisco, fbsd and maybe > > > > > > on DMZ computers. Remove second natd. > > > > > > 3) add static route to LAN on DMZ > computers. > > > Remove > > > > > > second natd. > > > > > > 4) "man natd" about "-port", to use > another > > > divert > > > > > > socket for second > > > > > > natd. Install second natd through > > > > > > /usr/local/etc/rc.d/natd.sh > > > > > > self-written script. > > > > > > > > > > > > > > > > > > > We have installed the new cable from the > > > gateway > > > > > > > (fxp1) to the Dmz Hub in order that if a > > > Client on > > > > > > the > > > > > > > LAN wants to go to some Dmz servers they > > > don't go > > > > > > > trough the slow ADSL line but routed > > > directly > > > > > > > to the dmz hub to reach the servers. > > > > > > > This also because the HDSL line (2MB) is > > > cost > > > > > > > effective. > > > > > > > The gateway is a FreeBSD 4.5, and works > well > > > to > > > > > > route > > > > > > > the traffic from the Lan to internet > > > > > > > especially for http-traffic. > > > > > > > The real problem is that the new link to > > > reach the > > > > > > dmz > > > > > > > internally (Gw-fxp1--->DMZ Hub) doesn't > work > > > at > > > > > > all. > > > > > > > If I do a netstat -rn on the gateway > machine > > > I can > > > > > > see > > > > > > > the routes to reach the dmz, and if I > ping > > > from > > > > > > the Gw > > > > > > > for example 195.223.20.4 it works well. > > > > > > > But from a Lan client It doesn't. > > > > > > > To solve the problem We tried to run on > the > > > GW: > > > > > > > natd -interface fxp1 > === message truncated === ______________________________________________________________________ Per te Blu American Express è gratis! http://it.yahoo.com/mail_it/foot/?http://www.americanexpress.it/land_yahoo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 12 12:20: 4 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 26E7937B401 for ; Tue, 12 Nov 2002 12:20:03 -0800 (PST) Received: from users.munk.nu (213-152-51-194.dsl.eclipse.net.uk [213.152.51.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id B887343E3B for ; Tue, 12 Nov 2002 12:20:01 -0800 (PST) (envelope-from munk@users.munk.nu) Received: from users.munk.nu (localhost [127.0.0.1]) by users.munk.nu (8.12.6/8.12.6) with ESMTP id gACKJmxt028623 for ; Tue, 12 Nov 2002 20:19:48 GMT (envelope-from munk@users.munk.nu) Received: (from munk@localhost) by users.munk.nu (8.12.6/8.12.6/Submit) id gACKJlOF028622 for freebsd-isp@freebsd.org; Tue, 12 Nov 2002 20:19:47 GMT Date: Tue, 12 Nov 2002 20:19:47 +0000 From: Jez Hancock To: FreeBSD ISP List Subject: Re: per-user groups Message-ID: <20021112201947.GA28569@users.munk.nu> Mail-Followup-To: FreeBSD ISP List References: <20021105130922.A36056@cthulu.compt.com> <20021110214410.GA98103@users.munk.nu> <20021112085654.GA55722@blazingdot.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021112085654.GA55722@blazingdot.com> User-Agent: Mutt/1.4i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Nov 12, 2002 at 12:56:54AM -0800, Marcus Reid wrote: > Another way to do almost the same thing is to have the users home > directory perms set to rwxr-x--x. Apache can get to the users public_html > directory, and noone can get a directory listing of another persons home > directory. Users still have to make sure that files they don't want to > be world readable aren't world readable, but it's a solution that suits > my tastes a little better. This is how I had my system setup until a few days ago, the nice thing about it being if one user in a shell wants to let another user look at a file they can just say 'have a look at /home/myhome/file' and providing the perms on 'file' are right, the other user can still see the file even though they can't actually run a listing on the directory /home/myhome. Obviously though this runs the risk of letting user's guess the location of important files in a shell (which was why I moved away from this setup) - say by attempting to read commonly used names for config files, ie: 'cat /home/another/web/include/config.php' Regarding what you say about user's being able to use the fact the 'www' user is in all user groups to write malicious scripts to read / traverse directories outside their own home dir - I know you can setup PHP to stop this (using the open_basedir and safe_mode php.ini settings for example), but how do you do similar for cgis? Incidentally I'm having hassles getting that setup I suggested to work, it's totally baffling. I'm sticking with the method you mention Marcus for now ;) Regards, Jez To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 12 17:54: 3 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A9E3F37B401 for ; Tue, 12 Nov 2002 17:54:02 -0800 (PST) Received: from floyd.gnulife.org (floyd.gnulife.org [199.86.41.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3E20A43E77 for ; Tue, 12 Nov 2002 17:54:02 -0800 (PST) (envelope-from jamie@gnulife.org) Received: by floyd.gnulife.org (Postfix, from userid 1000) id AD789432C9; Tue, 12 Nov 2002 20:09:25 -0600 (CST) Received: from localhost (localhost [127.0.0.1]) by floyd.gnulife.org (Postfix) with ESMTP id 9F517432C6 for ; Tue, 12 Nov 2002 20:09:25 -0600 (CST) Date: Tue, 12 Nov 2002 20:09:25 -0600 (CST) From: Jamie To: freebsd-isp@freebsd.org Subject: [OT?] Making backups with dump Message-ID: <20021112200003.H72047-100000@floyd.gnulife.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I am not sure if this is on topic or not, if not, please correct me. I am running some freebsd servers at an ISP and I am trying to do remote backups with dump. I am trying to run it over ssh so this is the command I am using: dump -0uaf - /www/homes| ssh remotehost.foo.com dd of=/usr/backup3/jo.test bs=10k I know that I can run an incremental backup this way: dump -3uaf - /www/homes| ssh remotehost.foo.com dd of=/usr/backup3/jo.test2 bs=10k (I changed the backup number from 0 to 3, and I changed the output file to a different filename.) How is dump supposed to know which files to incrementally back up? It seems as though it is generating a file just as large as the first. I know my method of sending it across ssh may be messing something up. Any ideas? Thanks! - Jamie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 12 18: 4:38 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BCFC537B401 for ; Tue, 12 Nov 2002 18:04:37 -0800 (PST) Received: from ns3.unixmexico.net (ns3.unixmexico.net [64.141.69.184]) by mx1.FreeBSD.org (Postfix) with SMTP id 3878843E91 for ; Tue, 12 Nov 2002 18:04:37 -0800 (PST) (envelope-from nbari@unixmexico.com) Received: (qmail 46002 invoked by uid 85); 13 Nov 2002 02:04:58 -0000 Received: from nbari@unixmexico.com by ns1.unixmexico.net by uid 82 with qmail-scanner-1.14 ( Clear:. Processed in 0.015801 secs); 13 Nov 2002 02:04:58 -0000 Received: from unknown (HELO unixmexico.com) (127.0.0.1) by localhost.unixmexico.net with SMTP; 13 Nov 2002 02:04:58 -0000 Received: from 170.169.46.200 (SquirrelMail authenticated user nbari@unixmexico.com) by mail.unixmexico.com with HTTP; Tue, 12 Nov 2002 20:04:58 -0600 (CST) Message-ID: <54645.170.169.46.200.1037153098.squirrel@mail.unixmexico.com> Date: Tue, 12 Nov 2002 20:04:58 -0600 (CST) Subject: qmail-ldap From: To: X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.9) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all I want to use qmail-ldap for a email server, but my question is, what to use openldap1 or openldap2? which one is the best option? regards To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 12 18:22:32 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 07CED37B401 for ; Tue, 12 Nov 2002 18:22:31 -0800 (PST) Received: from mailsrv.amplex.net (mailsrv.amplex.net [65.165.120.179]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4A22943E77 for ; Tue, 12 Nov 2002 18:22:30 -0800 (PST) (envelope-from mark@amplex.net) Received: from marktoshiba (65-165-120-243.amplex.net [65.165.120.243]) (authenticated (0 bits)) by mailsrv.amplex.net (8.11.6/8.11.6) with ESMTP id gAD2MkY12481 (using TLSv1/SSLv3 with cipher RC4-MD5 (128 bits) verified NO) for ; Tue, 12 Nov 2002 21:22:46 -0500 (EST) Message-ID: <020b01c28abb$7ca5bff0$f378a541@amplex.net> From: "Mark Radabaugh" To: References: <20021112200003.H72047-100000@floyd.gnulife.org> Subject: Re: [OT?] Making backups with dump Date: Tue, 12 Nov 2002 21:22:17 -0500 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Without answering your question :-) You might want to take a look at Amanda (http://www.amanda.org) since it will take care of dealing with all of the trivia of remote backups. A great piece of software.. Mark ----- Original Message ----- From: "Jamie" To: Sent: Tuesday, November 12, 2002 9:09 PM Subject: [OT?] Making backups with dump > > > > I am not sure if this is on topic or not, if not, please correct me. I > am running some freebsd servers at an ISP and I am trying to do remote > backups with dump. I am trying to run it over ssh so this is the command I > am using: > > dump -0uaf - /www/homes| ssh remotehost.foo.com dd of=/usr/backup3/jo.test bs=10k > > > I know that I can run an incremental backup this way: > > dump -3uaf - /www/homes| ssh remotehost.foo.com dd of=/usr/backup3/jo.test2 bs=10k > > > (I changed the backup number from 0 to 3, and I changed the output file > to a different filename.) > > > > How is dump supposed to know which files to incrementally back up? It > seems as though it is generating a file just as large as the first. I know > my method of sending it across ssh may be messing something up. Any ideas? > Thanks! > > > > - Jamie > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 12 20:35:24 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 80EAC37B404 for ; Tue, 12 Nov 2002 20:35:21 -0800 (PST) Received: from rhid.com (rhid.com [64.49.215.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F95C441F5 for ; Tue, 12 Nov 2002 20:32:32 -0800 (PST) (envelope-from jwp@rhid.com) Received: from mail.rhid.com (0-1pool215-117.nas32.tempe1.az.us.da.qwest.net [67.3.215.117]) by rhid.com (Postfix) with ESMTP id 3457F356F63 for ; Wed, 13 Nov 2002 04:31:24 +0000 (GMT) Received: by mail.rhid.com (Postfix, from userid 1000) id 6F52A2C94F; Tue, 12 Nov 2002 21:32:26 -0700 (MST) Date: Tue, 12 Nov 2002 21:32:26 -0700 From: James Pye To: FreeBSD ISP List Subject: Re: per-user groups Message-ID: <20021113043225.GA83041@void> Reply-To: jwp@rhid.com References: <20021105130922.A36056@cthulu.compt.com> <20021110214410.GA98103@users.munk.nu> <20021112085654.GA55722@blazingdot.com> <20021112201947.GA28569@users.munk.nu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="qDbXVdCdHGoSgWSk" Content-Disposition: inline In-Reply-To: <20021112201947.GA28569@users.munk.nu> User-Agent: Mutt/1.4i Organization: rhid development Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --qDbXVdCdHGoSgWSk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable greetings, suEXEC wrapper seems to solve the problem about running CGI scripts as the= www user. you can use the User and Group directives inside = with the suEXEC wrapper enabled. tho, wouldn't it be useful to spawn httpd processes serving a virtualhost'= s pages as the User and Group specified within ? suEXEC appare= ntly only affects cgi scripts.. perhaps i am missing something tho...(this = would solve the problem without placing the www user in the user's group) of course, there are security considerations involved with using suEXEC... http://httpd.apache.org/docs/suexec.html -james On 11/12/02:45/2, Jez Hancock wrote: > Date: Tue, 12 Nov 2002 20:19:47 +0000 > From: Jez Hancock > To: FreeBSD ISP List > Subject: Re: per-user groups >=20 > On Tue, Nov 12, 2002 at 12:56:54AM -0800, Marcus Reid wrote: > > Another way to do almost the same thing is to have the users home > > directory perms set to rwxr-x--x. Apache can get to the users public_ht= ml > > directory, and noone can get a directory listing of another persons home > > directory. Users still have to make sure that files they don't want to > > be world readable aren't world readable, but it's a solution that suits > > my tastes a little better. > This is how I had my system setup until a few days ago, the nice thing ab= out > it being if one user in a shell wants to let another user look at a file = they > can just say 'have a look at /home/myhome/file' and providing the perms on > 'file' are right, the other user can still see the file even though they > can't actually run a listing on the directory /home/myhome. >=20 > Obviously though this runs the risk of letting user's guess the location = of > important files in a shell (which was why I moved away from this setup) -= say by > attempting to read commonly used names for config files, ie: >=20 > 'cat /home/another/web/include/config.php' >=20 > Regarding what you say about user's being able to use the fact the 'www' = user is > in all user groups to write malicious scripts to read / traverse director= ies outside > their own home dir - I know you can setup PHP to stop this (using the ope= n_basedir > and safe_mode php.ini settings for example), but how do you do similar fo= r cgis? >=20 > Incidentally I'm having hassles getting that setup I suggested to work, i= t's totally > baffling. I'm sticking with the method you mention Marcus for now ;) >=20 > Regards, >=20 > Jez >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message --qDbXVdCdHGoSgWSk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE90dXZnbjJW1rXbm8RAuDgAJ4uxKfTqF60RCrxjI5KRk2wTkxKqQCgoN1O 7XPuvCttMP55h4HxP6lMF3M= =nL1L -----END PGP SIGNATURE----- --qDbXVdCdHGoSgWSk-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 12 23:27:50 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 69E0337B401 for ; Tue, 12 Nov 2002 23:27:49 -0800 (PST) Received: from 12-234-90-219.client.attbi.com (12-234-90-219.client.attbi.com [12.234.90.219]) by mx1.FreeBSD.org (Postfix) with ESMTP id F040643E4A for ; Tue, 12 Nov 2002 23:27:48 -0800 (PST) (envelope-from DougB@FreeBSD.org) Received: from FreeBSD.org (master.gorean.org [10.0.0.2]) by 12-234-90-219.client.attbi.com (8.12.6/8.12.6) with ESMTP id gAD7Rmb1065515; Tue, 12 Nov 2002 23:27:48 -0800 (PST) (envelope-from DougB@FreeBSD.org) Message-ID: <3DD1FEF4.F727D6@FreeBSD.org> Date: Tue, 12 Nov 2002 23:27:48 -0800 From: Doug Barton Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.8 [en] (X11; U; FreeBSD 4.7-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Andrew Nelson Cc: freebsd-isp@FreeBSD.org Subject: Re: How can I supress named-xfer warnings from syslog ? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org For future reference, you should have asked this on -questions. Andrew Nelson wrote: > > Hi, > > Can any please tell me how to stop named-xfer writing > to /var/log/messages? Can I put all the warnings in > a different file? I'm getting heaped with entries > like: > > Nov 12 22:04:28 trevor named-xfer[452]: [192.168.0.6] not authoritative for > icecreams.fk, SOA query got rcode 0, aa 0, ancount 0, aucount 9 The way to stop these warnings is to remove the slave zone directives from your named.conf file for zones generating warnings. You should really get, and read a copy of DNS and BIND, Fourth Edition. Good luck, Doug To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 13 18: 6: 4 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 46AAF37B401 for ; Wed, 13 Nov 2002 18:06:03 -0800 (PST) Received: from modemcable195.214-202-24.mtl.mc.videotron.ca (modemcable195.214-202-24.mtl.mc.videotron.ca [24.202.214.195]) by mx1.FreeBSD.org (Postfix) with SMTP id 2F6A843E4A for ; Wed, 13 Nov 2002 18:05:56 -0800 (PST) (envelope-from jtrt@genie.com) Received: from concentric.net (concentric.net [11.136.85.233]) by prodigy.com (8.11.6/8.11.6) with ESMTP id 6710 for ; Thu, 14 Nov 2002 02:06:06 +0000 From: "dleather" To: "" Subject: Bullet proof bulk email friendly hosting & cheap mass email campaigns. X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 Date: Thu, 14 Nov 2002 02:06:06 +0000 Message-ID: <127029067lvsCiuhhevg1ruj@netcom.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org We are the marketing specialists www.host4bulk.com that provide cheap bullet proof bulk email friendly hosting for your website ($400 for one month of bullet proof hosting) and cheap bulk email campaigns ($200 for 1 million emails sent) As you may already know, many web hosting companies have Terms of Service (TOS) or Acceptable Use Policies (AUP) against the delivery of emails advertising or promoting your web site. If your web site host receives complaints or discovers that your web site has been advertised in email broadcasts, they may disconnect your account and shut down your web site. Our mission is to solve your problem and provide you with bulk email friendly hosting. You don't have to worry about your website being closed again. Adult and gambling sites welcomed. No set up fee. You may advertise your website by using your own resources or using 3rd party's service. However we can do all the advertising for your business. You just sit, relax and see how your income grows constantly. We guarantee the lowest prices on the web for our web hosting and bulk email campaigns. We only ask $200 us dollars for 1 million emails sent with your ad. We don't use duplicate emails. Our email base is up to date and it is updated weekly. Our current email data base contains over 50.000.000 emails sorted by various parameters to meet your specific needs. No competitors may offer this price. The lowest price you can find on the net is well over $500 for 1 million Don't make the mistake of bulk emailing directly to your website without bulletproof web hosting. Your web host will close your account and shut your site down in no time! No matter how long you have been with them, how much you are paying them, or how beautiful your site is. There are companies charging thousands for bulletproof web hosting and they can't keep you up and running like we can. If you host with us, your site will NOT BE SHUT DOWN due to complaints! Bulk email campaign together with bullet proof hosting will bring your business to success. Just imagine how many people will learn about your business or product at a really low price. Bulk email is considered to be the most effective way to advertise on the net. It is hundreds times effective than banner, solo ad and other campaigns. Once people use our service they always come back for more. We can always provide websites that use bulk email campaigns with our new reliable way to accept credit cards on the net without the need to open merchant account. You can start accepting credit card payments in second. It is totally free. Visit our website at http://www.host4bulk.com for more information and to order your bulk email hosting or/and email campaign. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 13 20:21: 0 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C380737B401 for ; Wed, 13 Nov 2002 20:20:59 -0800 (PST) Received: from mordrede.visionsix.com (mordrede.visionsix.com [65.202.119.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5005743E97 for ; Wed, 13 Nov 2002 20:20:55 -0800 (PST) (envelope-from lists@visionsix.com) Received: from yogi (unverified [65.202.119.169]) by mordrede.visionsix.com (Vircom SMTPRS 1.4.232) with SMTP id for ; Wed, 13 Nov 2002 22:20:49 -0600 Message-ID: <002701c28b94$c378f4e0$a977ca41@yogi> From: "Lewis Watson" To: Subject: su and root password Date: Wed, 13 Nov 2002 22:17:36 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have a program that ssh's to my machine and needs to do a script that calls pw useradd. I do not want to give root ssh ability so how can I make a regular user ssh in and utilize pw useradd as root? I have the script and it works great as root... I just can't figure out how to get around the password prompt for su.... Please pass me some suggestions. Thanks. Lewis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 13 20:51:55 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03ECB37B401 for ; Wed, 13 Nov 2002 20:51:54 -0800 (PST) Received: from mail.lambertfam.org (www.lambertfam.org [216.223.196.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7810A43E3B for ; Wed, 13 Nov 2002 20:51:53 -0800 (PST) (envelope-from lambert@lambertfam.org) Received: from laptop.lambertfam.org (unknown [10.1.0.2]) by mail.lambertfam.org (Postfix) with ESMTP id 89890351C8 for ; Wed, 13 Nov 2002 23:51:41 -0500 (EST) Received: by laptop.lambertfam.org (Postfix, from userid 1000) id 835CD28B0E; Wed, 13 Nov 2002 23:51:40 -0500 (EST) Date: Wed, 13 Nov 2002 23:51:40 -0500 From: Scott Lambert To: freebsd-isp@FreeBSD.ORG Subject: Re: su and root password Message-ID: <20021114045140.GB82569@laptop.lambertfam.org> Mail-Followup-To: freebsd-isp@FreeBSD.ORG References: <002701c28b94$c378f4e0$a977ca41@yogi> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <002701c28b94$c378f4e0$a977ca41@yogi> User-Agent: Mutt/1.4i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Nov 13, 2002 at 10:17:36PM -0600, Lewis Watson wrote: > I have a program that ssh's to my machine and needs to do a script that > calls pw useradd. I do not want to give root ssh ability so how can I make a > regular user ssh in and utilize pw useradd as root? I have the script and it > works great as root... I just can't figure out how to get around the > password prompt for su.... > Please pass me some suggestions. > Thanks. First, if you haven't already: Add a dedicated user that is only used for this purpose and is only allowed to ssh in from the, hopefully, one management machine. cd /usr/ports/security/sudo make install read the documentation and configure it sudo such that this one user is allowed to "sudo pw adduser " as root without being asked a password. -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 13 20:55:12 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BABAB37B401 for ; Wed, 13 Nov 2002 20:55:11 -0800 (PST) Received: from blue.centerone.com (blue.centerone.com [204.133.183.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4EC4E43E3B for ; Wed, 13 Nov 2002 20:55:11 -0800 (PST) (envelope-from rf-list@centerone.com) Received: from DELIVERANCE-XP.centerone.com (hs5-ifw.wiaas.org [65.102.239.61]) by blue.centerone.com (8.9.3/8.9.3) with ESMTP id WAA21946; Wed, 13 Nov 2002 22:04:51 -0700 Message-Id: <5.1.0.14.2.20021113214711.026e0638@mail.centerone.com> X-Sender: rf-list@mail.centerone.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 13 Nov 2002 21:47:49 -0700 To: "Lewis Watson" , From: Ralph Forsythe Subject: Re: su and root password In-Reply-To: <002701c28b94$c378f4e0$a977ca41@yogi> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org sudo. Install it from /usr/ports/security/sudo. Then read the manual on it for setting it up, your script can do whatever it wants from there. At 10:17 PM 11/13/2002 -0600, Lewis Watson wrote: >I have a program that ssh's to my machine and needs to do a script that >calls pw useradd. I do not want to give root ssh ability so how can I make a >regular user ssh in and utilize pw useradd as root? I have the script and it >works great as root... I just can't figure out how to get around the >password prompt for su.... >Please pass me some suggestions. >Thanks. >Lewis > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 13 20:56:57 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BEC8E37B40A for ; Wed, 13 Nov 2002 20:56:56 -0800 (PST) Received: from fire.org.nz (firewall.fire.org.nz [203.97.144.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 302D743E7B for ; Wed, 13 Nov 2002 20:56:55 -0800 (PST) (envelope-from andy@fud.org.nz) Received: by homer.fire.org.nz id <119053>; Thu, 14 Nov 2002 17:56:25 +1300 Message-Id: <02Nov14.175625nzdt.119053@homer.fire.org.nz> Date: Thu, 14 Nov 2002 17:56:37 +1300 From: Andrew Thompson User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20021108 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-isp@FreeBSD.ORG Subject: Re: su and root password References: <002701c28b94$c378f4e0$a977ca41@yogi> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Lewis Watson wrote: >I have a program that ssh's to my machine and needs to do a script that >calls pw useradd. I do not want to give root ssh ability so how can I make a >regular user ssh in and utilize pw useradd as root? I have the script and it >works great as root... I just can't figure out how to get around the >password prompt for su.... >Please pass me some suggestions. >Thanks. >Lewis > > If you have "PermitRootLogin no" in the config root is still able to log in using publickey. Then put command="pw useradd..." before the key in the authorized_keys file. Andy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 13 21:47:21 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2F9B437B401 for ; Wed, 13 Nov 2002 21:47:20 -0800 (PST) Received: from mordrede.visionsix.com (mordrede.visionsix.com [65.202.119.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 835C143E42 for ; Wed, 13 Nov 2002 21:47:19 -0800 (PST) (envelope-from lists@visionsix.com) Received: from yogi (unverified [65.202.119.169]) by mordrede.visionsix.com (Vircom SMTPRS 1.4.232) with SMTP id ; Wed, 13 Nov 2002 23:47:18 -0600 Message-ID: <007e01c28ba0$d8587820$a977ca41@yogi> From: "Lewis Watson" To: "Andrew Thompson" , References: <002701c28b94$c378f4e0$a977ca41@yogi> <02Nov14.175625nzdt.119053@homer.fire.org.nz> Subject: Re: su and root password Date: Wed, 13 Nov 2002 23:44:05 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > >I have a program that ssh's to my machine and needs to do a script that > >calls pw useradd. I do not want to give root ssh ability so how can I make a > >regular user ssh in and utilize pw useradd as root? I have the script and it > >works great as root... I just can't figure out how to get around the > >password prompt for su.... > >Please pass me some suggestions. > >Thanks. > >Lewis > > > > > If you have "PermitRootLogin no" in the config root is still able to log > in using publickey. Then put command="pw useradd..." before the key in > the authorized_keys file. > > > Andy > Hey Everyone! I appreciate all of the excellent suggestions! I actually have several different scripts, all based around pw user commands that will be used. I like the idea of being able to let root do the work but it sounds like I have to have a specific command (i.e. pw useradd) in the authorized_keys file to do this. Maybe I could look at merging them all together and then do 'if then' statements to execute the needed part .... Basically the scripts are a combination of pw user add| delete| mod, pure-ftpd user managemnt, chmod, chown, cp files, and adding virtual hosts config files for apache and doing apachectl commands. One big script to create virtual hosts, another to delete, and another to modify, plus more scripts to add, delete, modify httpd /~user accounts. I also like the idea of being able to hand it off for instant results, ruling out cron. It sounds like sudo is the way to go until I roll all my scripts into one. I have specified only limited hosts that are allowed to ssh to the machine. I will create a dedicated user to do this job. Also, Mark, an example sudoers file would be awesome.... Thanks everyone for the quick help! Lewis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 14 9:50:34 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8879737B401 for ; Thu, 14 Nov 2002 09:50:33 -0800 (PST) Received: from gate21.fw.porsche.de (gate23.fw.porsche.de [193.174.9.99]) by mx1.FreeBSD.org (Postfix) with SMTP id AD11B43E42 for ; Thu, 14 Nov 2002 09:50:29 -0800 (PST) (envelope-from perisa@porsche.de) Received: (qmail 29600 invoked from network); 14 Nov 2002 17:59:00 -0000 Received: from unknown (HELO wuxin011.ibd.porsche.de) (141.36.65.1) by 193.197.149.150 with SMTP; 14 Nov 2002 17:59:00 -0000 Received: (qmail 4494 invoked from network); 14 Nov 2002 17:50:25 -0000 Received: from beastie.ibd.porsche.de (HELO porsche.de) (141.36.3.29) by smtp4cli.ibd.porsche.de with SMTP; 14 Nov 2002 17:50:25 -0000 Message-ID: <3DD3E448.2090607@porsche.de> Date: Thu, 14 Nov 2002 18:58:32 +0100 From: Marc Perisa User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0.0) Gecko/20020709 X-Accept-Language: en, de-de, es-es MIME-Version: 1.0 To: Ernie Elu Cc: freebsd-isp@freebsd.org Subject: Re: Load balancing two unrelated links References: <200211120012.gAC0Ci5I013136@spooky.eis.net.au> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ernie Elu wrote: > I have a situation where there are two links running from one site to > another, one link is an ADSL 2MB service and the other is a 2MB Frame relay, > there is a FreeBSD box at each end that is connected to both services > routers by ethernet, and static routes with no load balancing whatsoever. > What's the most practical way to balance and share these links so it behaves > as close as possible to a single 4MB service. > > - Ernie. Hi Ernie, are the FreeBSD boxes in the two locations connected like this? --- router a/1 -> ADSL / beastie1 \ --- router b/1 -> Frame Relay And in the other location vice versa? Then you should install gated (or similar) and enable OSPF on the FreeBSD machines over the two links. Dynamic routing is the only thing which can help you. Perhaps you would like to install a second FreeBSD box in each location and connect the second box with _both_ routers. Because if a single box fail the other could take over (if the rest of the network is designed for that). Hope that helps Marc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 14 14:14:47 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E938637B401 for ; Thu, 14 Nov 2002 14:14:45 -0800 (PST) Received: from pop3.psconsult.nl (ps226.psconsult.nl [193.67.147.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1BF7D43E3B for ; Thu, 14 Nov 2002 14:14:41 -0800 (PST) (envelope-from paul@pop3.psconsult.nl) Received: (from paul@localhost) by pop3.psconsult.nl (8.9.2/8.9.2) id XAA51750; Thu, 14 Nov 2002 23:14:32 +0100 (CET) (envelope-from paul) Date: Thu, 14 Nov 2002 23:14:32 +0100 From: Paul Schenkeveld To: Lewis Watson Cc: freebsd-isp@FreeBSD.ORG Subject: Re: su and root password Message-ID: <20021114231432.A51618@psconsult.nl> References: <002701c28b94$c378f4e0$a977ca41@yogi> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <002701c28b94$c378f4e0$a977ca41@yogi>; from lists@visionsix.com on Wed, Nov 13, 2002 at 10:17:36PM -0600 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, On Wed, Nov 13, 2002 at 10:17:36PM -0600, Lewis Watson wrote: > I have a program that ssh's to my machine and needs to do a script that > calls pw useradd. I do not want to give root ssh ability so how can I make a > regular user ssh in and utilize pw useradd as root? I have the script and it > works great as root... I just can't figure out how to get around the > password prompt for su.... > Please pass me some suggestions. > Thanks. > Lewis If you want to use su behind ssh and did not succeed because su cannot read a password from /dev/tty then try the -t option of ssh to force sshd to allocate a pty even if this is not an interactive session: $ ssh me@otherhost -t su root -c \'command args ...\' me@otherhost's password: Password: The first password prompt is obviously from sshd (it could also be a passphrase prompt when using public key authentication), the second password prompt comes from su. You need the backslashes before the quotes because both the local shell and the remote shell evaulate the command line and the -c option of su requires the command and arguments to be in a single shell word (on FreeBSD at least, I came across su implementations that are a bit more liberal here). I use this construction all the time for things I want to execute as root on another machine because I don't want to set up sudo on every machine (I'm the only administrator on most machines anyway). Hope this helps you or someone else. Paul Schenkeveld, Consultant PSconsult ICT Services BV To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 14 15:47:36 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1825B37B401 for ; Thu, 14 Nov 2002 15:47:36 -0800 (PST) Received: from mail.junkproof.net (mail.junkproof.net [206.55.70.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 111E043E6E for ; Thu, 14 Nov 2002 15:47:35 -0800 (PST) (envelope-from mail@junkproof.net) Received: from mail (helo=mail.junkproof.net) by mail.junkproof.net with local-bsmtp (Exim 3.32 #1) id 18CTht-000HrL-00 for freebsd-isp@freebsd.org; Thu, 14 Nov 2002 17:47:33 -0600 X-Filter-Status: ok mail.junkproof.net 4 Received: from server.junkproof.net ( [206.55.70.10] ) by mail.junkproof.net via tcp with esmtp id 3dd43611-010c2b; Thu, 14 Nov 2002 17:47:29 -0600 Received: from mail by server.junkproof.net with local (Exim 3.36 #1) id 18CTho-000HrF-00 for freebsd-isp@freebsd.org; Thu, 14 Nov 2002 17:47:28 -0600 From: support@junkproof.net (Junk Proof Mail) To: freebsd-isp@freebsd.org Subject: Re: Bullet proof bulk email friendly hosting & cheap mass email campaigns. References: <127029067lvsCiuhhevg1ruj@netcom.com> Message-Id: Date: Thu, 14 Nov 2002 17:47:28 -0600 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org [ ad from spammer hosting service, deleted ] Thanks for the warning. *snicker* BTW, if you have a mail server you want to be protected from this joker and his ilk, check out Junk Proof Mail, . To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 14 16:45:49 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D65C137B401 for ; Thu, 14 Nov 2002 16:45:47 -0800 (PST) Received: from blue.centerone.com (blue.centerone.com [204.133.183.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6BAFF43E4A for ; Thu, 14 Nov 2002 16:45:47 -0800 (PST) (envelope-from rf-list@centerone.com) Received: from localhost (rf-list@localhost) by blue.centerone.com (8.9.3/8.9.3) with ESMTP id RAA08685; Thu, 14 Nov 2002 17:54:39 -0700 Date: Thu, 14 Nov 2002 17:54:39 -0700 (MST) From: Ralph Forsythe To: Paul Schenkeveld Cc: Lewis Watson , Subject: Re: su and root password In-Reply-To: <20021114231432.A51618@psconsult.nl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 14 Nov 2002, Paul Schenkeveld wrote: > Hi, > > If you want to use su behind ssh and did not succeed because su cannot > read a password from /dev/tty then try the -t option of ssh to force > sshd to allocate a pty even if this is not an interactive session: > > > I use this construction all the time for things I want to execute as > root on another machine because I don't want to set up sudo on every > machine (I'm the only administrator on most machines anyway). > > Hope this helps you or someone else. It's interesting for sure - but would this not then require that he put the root password into a script, which would by nature be unencrypted? I would shoot anyone who did that on my servers. There are ways to push sudo configs to multiple machines (not that this guy needs it) in case you didn't know that - it was either discussed on this list or openbsd-misc, I cannot remember where I saw it. Either way a search should find that info. - Ralph To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 14 16:53:44 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B59037B401 for ; Thu, 14 Nov 2002 16:53:43 -0800 (PST) Received: from spooky.eis.net.au (spooky.eis.net.au [203.12.171.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1D0D543E3B for ; Thu, 14 Nov 2002 16:53:31 -0800 (PST) (envelope-from ernie@spooky.eis.net.au) Received: from spooky.eis.net.au (localhost [127.0.0.1]) by spooky.eis.net.au (8.12.6/8.12.5) with ESMTP id gAF0rOIQ045350; Fri, 15 Nov 2002 10:53:24 +1000 (EST) (envelope-from ernie@spooky.eis.net.au) Received: (from ernie@localhost) by spooky.eis.net.au (8.12.6/8.12.3/Submit) id gAF0rNwZ045349; Fri, 15 Nov 2002 10:53:23 +1000 (EST) From: Ernie Elu Message-Id: <200211150053.gAF0rNwZ045349@spooky.eis.net.au> Subject: Re: Load balancing two unrelated links To: perisa@porsche.de (Marc Perisa) Date: Fri, 15 Nov 2002 10:53:23 +1000 (EST) Cc: freebsd-isp@freebsd.org In-Reply-To: <3DD3E448.2090607@porsche.de> from "Marc Perisa" at Nov 14, 2002 06:58:32 PM X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > Ernie Elu wrote: > > I have a situation where there are two links running from one site to > > another, one link is an ADSL 2MB service and the other is a 2MB Frame relay, > > there is a FreeBSD box at each end that is connected to both services > > routers by ethernet, and static routes with no load balancing whatsoever. > > What's the most practical way to balance and share these links so it behaves > > as close as possible to a single 4MB service. > > > > - Ernie. > > Hi Ernie, > > are the FreeBSD boxes in the two locations connected like this? > > > --- router a/1 -> ADSL > / > beastie1 > \ > --- router b/1 -> Frame Relay > > > And in the other location vice versa? > > Then you should install gated (or similar) and enable OSPF on the > FreeBSD machines over the two links. Dynamic routing is the only thing > which can help you. > > Perhaps you would like to install a second FreeBSD box in each location > and connect the second box with _both_ routers. Because if a single box > fail the other could take over (if the rest of the network is designed > for that). > > Hope that helps > > Marc > They are not quite like that but they can be made to look so with a few static routes. Both have zebra and vtund installed, I looked at using bgp but I felt it was not really an interior protocol, your suggestion of looking at OSPF makes sense from a relaibility point of view, I was not sure it would help aggregate the speeds, but I am happy to give it a try and do some tests. Thanks for the suggestion. - Ernie. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 14 17:14:10 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5CC1A37B401 for ; Thu, 14 Nov 2002 17:14:09 -0800 (PST) Received: from satin.sensation.net.au (c16494.brodm1.vic.optusnet.com.au [210.49.158.113]) by mx1.FreeBSD.org (Postfix) with ESMTP id D48AD43E8A for ; Thu, 14 Nov 2002 17:14:02 -0800 (PST) (envelope-from rowan@sensation.net.au) Received: from satin.sensation.net.au (localhost [127.0.0.1]) by satin.sensation.net.au (8.12.6/8.12.6) with ESMTP id gAF1DuxV091631 for ; Fri, 15 Nov 2002 12:13:56 +1100 (EST) (envelope-from rowan@sensation.net.au) Received: from localhost (rowan@localhost) by satin.sensation.net.au (8.12.6/8.12.6/Submit) with ESMTP id gAF1DtIG091628 for ; Fri, 15 Nov 2002 12:13:55 +1100 (EST) X-Authentication-Warning: satin.sensation.net.au: rowan owned process doing -bs Date: Fri, 15 Nov 2002 12:13:55 +1100 (EST) From: Rowan Crowe To: freebsd-isp@freebsd.org Subject: Re: Load balancing two unrelated links In-Reply-To: <200211150053.gAF0rNwZ045349@spooky.eis.net.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 15 Nov 2002, Ernie Elu wrote: [...] > > Then you should install gated (or similar) and enable OSPF on the > > FreeBSD machines over the two links. Dynamic routing is the only thing > > which can help you. I've seen this mentioned before, but I have never actually seen _FreeBSD_ do it. I was under the impression that realtime load balancing (ie link sharing) was more about the kernel, rather than a routing protocol. Another thing, I don't know whether this will be a practical issue: because the two links are not identical media you may have differing latency and usable bandwidth. If you just alternate packets between links, they may arrive out of order. I was fooling around with this problem a couple of years ago, and I was experimenting with route cloning. My memory is a little hazy, but I *think* it was possible to do something like: route change -cloning default x.x.x.x All packets that matched the default route had a specific route installed. If you can set up something to switch the default between two routes based on average load, then routes will be cached and all traffic for a specific IP will go via its chosen link. It's pretty kludgy though, your route table will be huge, and it will only work well with a large number of routes (ie useless inbound if you're only sending to a handful of IPs) Hope this at least inspires, if it doesn't actually help... ;) Cheers. -- Rowan Crowe - Melbourne, Australia www.camrecord.com www.camdiscover.com www.heyasl.com www.sensationbot.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 14 21:16:48 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 080FD37B401 for ; Thu, 14 Nov 2002 21:16:48 -0800 (PST) Received: from ns3.unixmexico.net (ns3.unixmexico.net [64.141.69.184]) by mx1.FreeBSD.org (Postfix) with SMTP id 2A4F143E4A for ; Thu, 14 Nov 2002 21:16:47 -0800 (PST) (envelope-from nbari@unixmexico.com) Received: (qmail 492 invoked by uid 85); 15 Nov 2002 05:16:36 -0000 Received: from nbari@unixmexico.com by ns1.unixmexico.net by uid 82 with qmail-scanner-1.14 ( Clear:. Processed in 0.015241 secs); 15 Nov 2002 05:16:36 -0000 Received: from unknown (HELO unixmexico.com) (127.0.0.1) by localhost.unixmexico.net with SMTP; 15 Nov 2002 05:16:36 -0000 Received: from 148.243.211.89 (SquirrelMail authenticated user nbari@unixmexico.com) by mail.unixmexico.com with HTTP; Thu, 14 Nov 2002 23:16:36 -0600 (CST) Message-ID: <33886.148.243.211.89.1037337396.squirrel@mail.unixmexico.com> Date: Thu, 14 Nov 2002 23:16:36 -0600 (CST) Subject: hotmail and yahoo From: To: , X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.9) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all i just want to know what type or authentication does yahoo or hotmail uses for their webmail service what do they use for does big servers ldap or some sql (mysql, oracle, etc)? thanks To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 14 23:50:57 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 62B2D37B401 for ; Thu, 14 Nov 2002 23:50:56 -0800 (PST) Received: from babylon-gw.babylon-l.com (babylon.babylon-l.com [212.36.13.243]) by mx1.FreeBSD.org (Postfix) with ESMTP id 151C643E8A for ; Thu, 14 Nov 2002 23:50:54 -0800 (PST) (envelope-from ablajev@babylon-l.com) Received: (from root@localhost) by babylon-gw.babylon-l.com (8.11.6/8.11.6) id gAF7MPN11710 for freebsd-isp@freebsd.org; Fri, 15 Nov 2002 09:22:25 +0200 Received: from anton ([192.168.58.48]) by babylon-gw.babylon-l.com (8.11.6/8.11.6) with SMTP id gAF7MOn11686 for ; Fri, 15 Nov 2002 09:22:24 +0200 Message-ID: <002701c28ccf$8d8b22e0$303aa8c0@anton> From: "Anton Blajev" To: Subject: I have a problem. Date: Fri, 15 Nov 2002 09:50:57 -0800 MIME-Version: 1.0 X-scanner: scanned by Inflex 1.0.12.2 - (http://pldaniels.com/inflex/) Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org So I have a router/server machine with 3 LAN, one of the lans is coneccted to internet trought wireless. Theother LAN is for one computer network that is 192.168.100.0 Theother one is 192.168.0.0 I have natd running and the TCP/ip replay trought the is fine, but I need to to an IPX relaying so the games that are made in one netowrk to be seen in the oher and the users could join them from both of the nets. Can you tell me a way to make it? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Nov 15 3: 3:32 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3F2C737B401; Fri, 15 Nov 2002 03:03:31 -0800 (PST) Received: from mail.yazzy.org (mail.yazzy.org [80.232.16.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id E15D943E6E; Fri, 15 Nov 2002 03:03:26 -0800 (PST) (envelope-from yazzy@yazzy.org) Received: by mail.yazzy.org (Postfix, from userid 1001) id AB1C6A846; Fri, 15 Nov 2002 12:03:21 +0100 (CET) Date: Fri, 15 Nov 2002 12:03:21 +0100 From: "Marcin M. Jessa" To: freebsd-isp@freebsd.org, freebsd-questions@freebsd.org Subject: Network Troubles. Message-ID: <20021115110321.GA4024@yazzy.org> Reply-To: "Marcin M. Jessa" Mail-Followup-To: freebsd-isp@freebsd.org, freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: ezUnix.org X-Operating-System: FreeBSD 4.7-RELEASE i386 10:28AM up 1:01, 2 users, load averages: 0.00, 0.02, 0.03 X-Editor: Vim http://www.vim.org/ X-Mailer: Mutt http://www.mutt.org/ X-Info: http://www.ezUnix.org/ User-Agent: Mutt/1.5.1i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi guys. I have two subnets with static public IP's. Both point to my hardware SDSL router. One is 80.123.16.64-80.123.16.71 with 80.123.16.65 as the router IP and the other 123.234.173.128-255 with 123.234.173.129 as the router IP. I have LAN behind my firewall. It uses 80.123.16.66 to talk to the outside. 80.123.16.66 resides on one nic with a couple extra 80.123.16.64/224 IPs aliased on it. I run natd and NAT these IP's to misc services behind my firewall. When I add both 80.123.16.66 and 123.234.173.130 to my firewall I can connect to and from my LAN fine. I can ping both IP's from inside and outside and connect to the services on my DMZ and to my LAN boxes. But I also have a few boxes on the 123.234.173.128/128 subnet connected directly to my switch which is connected to the router. When I add 123.234.173.130 to a separate nic on my firewall, I cannot talk to the other boxes on that subnet anymore, even though they are not connected to my firewall but directly to a hub. Every connection attempt from the LAN or outside fails. But then I can speak to 123.234.173.130 just fine. One more thing. I have 80.123.16.68 also connected directly to my switch and it works just fine. I am pretty confused. Any idea what can cause that? INTERNET -> Router with 80.123.16.64-71 & 123.234.173.128-255 -> 3com Switch -> Firewall with 80.123.16.66, 80.123.16.67, 80.123.16.69 & 123.234.173.130 -> Lan & DMZ x | | | x A few boxes with public IP's - on both 80.123.16.64-71 & 123.234.173.128-255 and firewalling directly on them. Another thing, can I run natd on two different nics? Something like natd_interface="dc1 xl0" ? I want LAN and DMZ to use 2 different gw IP's. Thanks in advance. YazzY To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Nov 15 6:23:31 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 99E8537B48E; Fri, 15 Nov 2002 06:23:29 -0800 (PST) Received: from mail.yazzy.org (mail.yazzy.org [80.232.16.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id D5D7B443C2; Fri, 15 Nov 2002 06:20:54 -0800 (PST) (envelope-from yazzy@yazzy.org) Received: by mail.yazzy.org (Postfix, from userid 1001) id 3D6BFA581; Fri, 15 Nov 2002 15:20:26 +0100 (CET) Date: Fri, 15 Nov 2002 15:20:26 +0100 From: "Marcin M. Jessa" To: freebsd-isp@freebsd.org, freebsd-questions@freebsd.org Subject: Win2k <-> FreeBSD and VLAN Message-ID: <20021115142026.GA1389@yazzy.org> Reply-To: "Marcin M. Jessa" Mail-Followup-To: freebsd-isp@freebsd.org, freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: ezUnix.org X-Operating-System: FreeBSD 4.7-RELEASE i386 3:17PM up 2:02, 2 users, load averages: 0.00, 0.00, 0.00 X-Editor: Vim http://www.vim.org/ X-Mailer: Mutt http://www.mutt.org/ X-Info: http://www.ezUnix.org/ User-Agent: Mutt/1.5.1i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi guys. I have a FreeBSD firewall with a LAN behind it which I want to use as a VLAN server for VPN connections. How can I make it work when the VPN clients use Win2K/WinXP, FreeBSD and Linux with no static IP's ? What method and tool to chose? I've tried to make racoon to work with no luck. Thanks in advance. YazzY To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Nov 15 8: 5:31 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C09437B401 for ; Fri, 15 Nov 2002 08:05:30 -0800 (PST) Received: from coloradosurf.com (12-253-160-7.client.attbi.com [12.253.160.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id CEFC543E4A for ; Fri, 15 Nov 2002 08:05:24 -0800 (PST) (envelope-from mike@coloradosurf.com) Received: (from mike@localhost) by coloradosurf.com (8.11.6/8.11.6) id gAFG5Mc55117 for freebsd-isp@freebsd.org; Fri, 15 Nov 2002 09:05:22 -0700 (MST) (envelope-from mike) Date: Fri, 15 Nov 2002 09:05:22 -0700 From: Mike To: freebsd-isp@freebsd.org Subject: colo provider opinion sought Message-ID: <20021115090522.A55033@coloradosurf.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Does anyone have experience with skynetweb.com as a colo facility and providing dedicated (FreeBSD coincidentally ;) servers? (good or bad) I'm not looking for someone to get into our boxes, just provide reliable connectivity and hardware. Recommedations, opinions regarding skynetweb.com? Please cc: me as I'm not subscribed to -isp. TIA, mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Nov 15 9:22:17 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5CF2B37B401 for ; Fri, 15 Nov 2002 09:22:16 -0800 (PST) Received: from eurus.primus.ca (mail.tor.primus.ca [216.254.136.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F24543E9C for ; Fri, 15 Nov 2002 09:22:15 -0800 (PST) (envelope-from leth@primus.ca) Received: from dialin-162-80.tor.primus.ca ([216.254.162.80]) by eurus.primus.ca with esmtp (Exim 3.33 #16) id 18CkAY-0005od-0A; Fri, 15 Nov 2002 12:22:14 -0500 Date: Fri, 15 Nov 2002 12:22:18 -0500 (EST) From: Jason Hunt X-X-Sender: leth@lethargic.dyndns.org To: freebsd-isp@freebsd.org Cc: nbari@unixmexico.com Subject: Re: hotmail and yahoo In-Reply-To: <33886.148.243.211.89.1037337396.squirrel@mail.unixmexico.com> Message-ID: <20021115121133.C20792-100000@lethargic.dyndns.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 14 Nov 2002 nbari@unixmexico.com wrote: > i just want to know what type or authentication does yahoo or hotmail uses > for their webmail service > > what do they use for does big servers ldap or some sql (mysql, oracle, etc)? > http://www.ldapzone.com/general_interest.html Take a look at that article. It provides a lot of information about the differences between SQL and LDAP. I would suggest LDAP over SQL when it comes to doing authentication (especially for a large number of users), simply because LDAP is designed to provide faster read operations and is easier to replicate across multiple servers. SQL would be better when you want to do transactional operations or change information frequenctly, and require it to be up to date all the time across every server. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message