From owner-freebsd-isp@FreeBSD.ORG Sun Aug 24 03:51:14 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3C61616A4C0 for ; Sun, 24 Aug 2003 03:51:14 -0700 (PDT) Received: from spooky.eis.net.au (spooky.eis.net.au [203.12.171.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2930343FE1 for ; Sun, 24 Aug 2003 03:51:13 -0700 (PDT) (envelope-from ernie@spooky.eis.net.au) Received: (from ernie@localhost) by spooky.eis.net.au (8.12.8p1/8.12.8) id h7OApA41017243 for freebsd-isp@freebsd.org; Sun, 24 Aug 2003 20:51:10 +1000 (EST) (envelope-from ernie) From: User Ernie Message-Id: <200308241051.h7OApA41017243@spooky.eis.net.au> To: freebsd-isp@freebsd.org Date: Sun, 24 Aug 2003 20:51:10 +1000 (EST) X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Subject: Blocking Virus ICMP flood X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Aug 2003 10:51:14 -0000 Does anyone know if ipfw can do someting similar to: deny icmp any any echo tos min-delay Which is the Cisco command I use to try and limit the flood style icmp traffic from the recent Internet viruses. - Ernie. From owner-freebsd-isp@FreeBSD.ORG Sun Aug 24 07:57:20 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 823FD16A4BF for ; Sun, 24 Aug 2003 07:57:20 -0700 (PDT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id BF3D343FDF for ; Sun, 24 Aug 2003 07:57:19 -0700 (PDT) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19) id ; Sun, 24 Aug 2003 10:57:14 -0400 Message-ID: From: Don Bowman To: 'User Ernie' , freebsd-isp@freebsd.org Date: Sun, 24 Aug 2003 10:57:07 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Subject: RE: Blocking Virus ICMP flood X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Aug 2003 14:57:20 -0000 > From: User Ernie [mailto:ernie@spooky.eis.net.au] > > Does anyone know if ipfw can do someting similar to: > > deny icmp any any echo tos min-delay > > Which is the Cisco command I use to try and limit the flood > style icmp traffic from the > recent Internet viruses. > > - Ernie. ipfw add deny icmp from any to any icmptypes 0,8 iptos lowdelay From owner-freebsd-isp@FreeBSD.ORG Sun Aug 24 21:37:35 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F1CE16A4BF for ; Sun, 24 Aug 2003 21:37:35 -0700 (PDT) Received: from spooky.eis.net.au (spooky.eis.net.au [203.12.171.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 430EE43FF9 for ; Sun, 24 Aug 2003 21:37:34 -0700 (PDT) (envelope-from ernie@spooky.eis.net.au) Received: (from ernie@localhost) by spooky.eis.net.au (8.12.8p1/8.12.8) id h7P4bQYR066886; Mon, 25 Aug 2003 14:37:26 +1000 (EST) (envelope-from ernie) From: User Ernie Message-Id: <200308250437.h7P4bQYR066886@spooky.eis.net.au> In-Reply-To: To: Don Bowman Date: Mon, 25 Aug 2003 14:37:26 +1000 (EST) X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII cc: freebsd-isp@freebsd.org Subject: Re: Blocking Virus ICMP flood X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Aug 2003 04:37:35 -0000 [ Charset ISO-8859-1 unsupported, converting... ] > > From: User Ernie [mailto:ernie@spooky.eis.net.au] > > > > Does anyone know if ipfw can do someting similar to: > > > > deny icmp any any echo tos min-delay > > > > Which is the Cisco command I use to try and limit the flood > > style icmp traffic from the > > recent Internet viruses. > > > > - Ernie. > > ipfw add deny icmp from any to any icmptypes 0,8 iptos lowdelay > I tried that but it gives me the following error: ipfw: unknown or out of order argument `iptos'' Does it depend on FreeBSD version? I am running 4.8-STABLE - Ernie. From owner-freebsd-isp@FreeBSD.ORG Mon Aug 25 01:37:15 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC6B716A4BF for ; Mon, 25 Aug 2003 01:37:15 -0700 (PDT) Received: from www.linux.org.uk (parcelfarce.linux.theplanet.co.uk [195.92.249.252]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0DC8743FD7 for ; Mon, 25 Aug 2003 01:37:15 -0700 (PDT) (envelope-from linuxuser-bounces@www.linux.org.uk) Received: from [127.0.0.1] (port=36283 helo=parcelfarce.linux.theplanet.co.uk) by www.linux.org.uk with esmtp (Exim 4.22) id 19rCqf-0006t6-Jd for freebsd-isp@freebsd.org; Mon, 25 Aug 2003 09:37:13 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit From: linuxuser-bounces@www.linux.org.uk To: freebsd-isp@freebsd.org Message-ID: Date: Mon, 25 Aug 2003 09:37:12 +0100 Precedence: bulk X-BeenThere: linuxuser@www.linux.org.uk X-Mailman-Version: 2.1.2 X-List-Administrivia: yes Sender: linuxuser-bounces@www.linux.org.uk Errors-To: linuxuser-bounces@www.linux.org.uk Subject: Your message to LinuxUser awaits moderator approval X-BeenThere: freebsd-isp@freebsd.org List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Aug 2003 08:37:15 -0000 Your mail to 'LinuxUser' with the subject Re: Thank you! Is being held until the list moderator can review it for approval. The reason it is being held: Post by non-member to a members-only list Either the message will get posted to the list, or you will receive notification of the moderator's decision. If you would like to cancel this posting, please visit the following URL: http://www.linux.org.uk/mailman/confirm/linuxuser/a82675ee27d935206f5c9f220a9861e32daa4d98 From owner-freebsd-isp@FreeBSD.ORG Mon Aug 25 03:58:19 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F0F0F16A4BF for ; Mon, 25 Aug 2003 03:58:19 -0700 (PDT) Received: from rcml1.nyat.register.com (smtpa.register.com [216.21.229.220]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D6A443F75 for ; Mon, 25 Aug 2003 03:58:19 -0700 (PDT) (envelope-from ) Received: from rcommail by rcml1.nyat.register.com with local (Exim 3.36 #1) id 19rF3U-0000ME-00 for freebsd-isp@freebsd.org; Mon, 25 Aug 2003 06:58:36 -0400 From: support@register.com To: freebsd-isp@freebsd.org In-Reply-To: Message-Id: Date: Mon, 25 Aug 2003 06:58:36 -0400 Subject: Auto-reply: Re: Re: Re: My details X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Aug 2003 10:58:20 -0000 This is an automated response. Please read this important message. Please use one of the following to contact a Customer Support Representative: For domain names purchased directly through Register.com, please visit us at: Register.com Customer Support http://register.com/create_ticket.cgi For domain names purchased through one of our Global Network Partners, please visit us at: Register.com’s Global Partner Network Support Web Site http://gpn-enduser.register.com Sincerely, Customer Support From owner-freebsd-isp@FreeBSD.ORG Mon Aug 25 06:03:53 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7CB4416A4BF for ; Mon, 25 Aug 2003 06:03:53 -0700 (PDT) Received: from genetics.med.harvard.edu (genetics.med.harvard.edu [134.174.160.113]) by mx1.FreeBSD.org (Postfix) with ESMTP id A217F43FE0 for ; Mon, 25 Aug 2003 06:03:52 -0700 (PDT) (envelope-from selledge@bcm.tmc.edu) Received: from [134.174.161.180] (dhc013594.med.harvard.edu [134.174.161.180]) JAA16681 for ; Mon, 25 Aug 2003 09:04:43 -0400 (EDT) Mime-Version: 1.0 X-Sender: selledge@genetics.med.harvard.edu Message-Id: In-Reply-To: <200308221550.KAA28483@eos.corp.bcm.tmc.edu> References: <200308221550.KAA28483@eos.corp.bcm.tmc.edu> Precedence: bulk Date: Mon, 25 Aug 2003 08:48:50 -0400 To: freebsd-isp@freebsd.org From: Steve Elledge Content-Type: text/plain; charset="us-ascii" ; format="flowed" Subject: Out of Office Reply (was Re: Details) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Aug 2003 13:03:53 -0000 Hi! I am out of my office until August 26 and will not be checking my email until then. Bye, Steve -- Dr. Stephen J. Elledge Department of Biochemistry Howard Hughes Medical Institute Baylor College of Medicine One Baylor Plaza Houston, TX 77030 Phone 713 798 5040 FAX 713 798 8717 From owner-freebsd-isp@FreeBSD.ORG Mon Aug 25 06:06:27 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0004E16A4BF for ; Mon, 25 Aug 2003 06:06:26 -0700 (PDT) Received: from genetics.med.harvard.edu (genetics.med.harvard.edu [134.174.160.113]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1919143F93 for ; Mon, 25 Aug 2003 06:06:24 -0700 (PDT) (envelope-from selledge@bcm.tmc.edu) Received: from [134.174.161.180] (dhc013594.med.harvard.edu [134.174.161.180]) JAA16742 for ; Mon, 25 Aug 2003 09:07:28 -0400 (EDT) Mime-Version: 1.0 X-Sender: selledge@genetics.med.harvard.edu Message-Id: In-Reply-To: <200308221844.NAA14195@janus.corp.bcm.tmc.edu> References: <200308221844.NAA14195@janus.corp.bcm.tmc.edu> Precedence: bulk Date: Mon, 25 Aug 2003 08:50:10 -0400 To: freebsd-isp@freebsd.org From: Steve Elledge Content-Type: text/plain; charset="us-ascii" ; format="flowed" Subject: Out of Office Reply (was Re: Wicked screensaver) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Aug 2003 13:06:27 -0000 Hi! I am out of my office until August 26 and will not be checking my email until then. Bye, Steve -- Dr. Stephen J. Elledge Department of Biochemistry Howard Hughes Medical Institute Baylor College of Medicine One Baylor Plaza Houston, TX 77030 Phone 713 798 5040 FAX 713 798 8717 From owner-freebsd-isp@FreeBSD.ORG Mon Aug 25 06:51:16 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 71A4316A4BF for ; Mon, 25 Aug 2003 06:51:16 -0700 (PDT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id C2B6F43FA3 for ; Mon, 25 Aug 2003 06:51:15 -0700 (PDT) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19) id ; Mon, 25 Aug 2003 09:51:11 -0400 Message-ID: From: Don Bowman To: 'User Ernie' , Don Bowman Date: Mon, 25 Aug 2003 09:51:05 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" cc: freebsd-isp@freebsd.org Subject: RE: Blocking Virus ICMP flood X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Aug 2003 13:51:16 -0000 > From: User Ernie [mailto:ernie@spooky.eis.net.au] > [ Charset ISO-8859-1 unsupported, converting... ] > > > From: User Ernie [mailto:ernie@spooky.eis.net.au] > > > > > > Does anyone know if ipfw can do someting similar to: > > > > > > deny icmp any any echo tos min-delay > > > > > > Which is the Cisco command I use to try and limit the flood > > > style icmp traffic from the > > > recent Internet viruses. > > > > > > - Ernie. > > > > ipfw add deny icmp from any to any icmptypes 0,8 iptos lowdelay > > > I tried that but it gives me the following error: > > ipfw: unknown or out of order argument `iptos'' > > > Does it depend on FreeBSD version? I am running 4.8-STABLE I have IPFW2 option enabled, that may be required. From owner-freebsd-isp@FreeBSD.ORG Mon Aug 25 12:44:52 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5036C16A4BF for ; Mon, 25 Aug 2003 12:44:52 -0700 (PDT) Received: from sdrc.com (heimdall.sdrc.com [146.122.132.195]) by mx1.FreeBSD.org (Postfix) with ESMTP id 08B8443FE5 for ; Mon, 25 Aug 2003 12:44:51 -0700 (PDT) (envelope-from paradigm@ugs.com) Received: from tyr.sdrc.com (mailhub-cvg.sdrc.com [146.122.142.31]) by sdrc.com (8.9.1/8.9.1) with ESMTP id PAA09604 for ; Mon, 25 Aug 2003 15:44:47 -0400 (EDT) From: paradigm@ugs.com Received: (from daemon@localhost) by tyr.sdrc.com (8.8.6 (PHNE_17190)/8.8.5) id PAA18533; Mon, 25 Aug 2003 15:44:46 -0400 (EDT) Date: Mon, 25 Aug 2003 15:44:46 -0400 (EDT) Message-Id: <200308251944.PAA18533@tyr.sdrc.com> To: freebsd-isp@freebsd.org References: <200308251944.PAA09588@sdrc.com> In-Reply-To: <200308251944.PAA09588@sdrc.com> Precedence: junk X-Loop: nao_pwd@mailhub-cvg.sdrc.com Subject: Re: Approved X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Aug 2003 19:44:52 -0000 This email address (nao_pwd@sdrc.com) is no longer active. If you are in the US, please call 1-800-955-0000. If you are outside the US, please contact your local EDS PLM Solutions office. Or visit our website at http://support.ugs.com. From owner-freebsd-isp@FreeBSD.ORG Tue Aug 26 08:52:05 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CEEE816A4BF for ; Tue, 26 Aug 2003 08:52:05 -0700 (PDT) Received: from melt.server.pavilion.net (melt.server.pavilion.net [212.74.0.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id C81A443FB1 for ; Tue, 26 Aug 2003 08:52:03 -0700 (PDT) (envelope-from freebsd-users-admin@uk.freebsd.org) Received: from melt.server.pavilion.net (localhost [127.0.0.1]) by melt.server.pavilion.net (Postfix) with ESMTP id 1F4081E51 for ; Tue, 26 Aug 2003 16:52:03 +0100 (BST) From: freebsd-users-admin@uk.freebsd.org To: freebsd-isp@freebsd.org X-Ack: no Sender: freebsd-users-admin@uk.freebsd.org Errors-To: freebsd-users-admin@uk.freebsd.org X-BeenThere: freebsd-users@uk.freebsd.org X-Mailman-Version: 2.0.6 Precedence: bulk Message-Id: <20030826155203.1F4081E51@melt.server.pavilion.net> Date: Tue, 26 Aug 2003 16:52:03 +0100 (BST) Subject: Your message to Freebsd-users awaits moderator approval X-BeenThere: freebsd-isp@freebsd.org List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Aug 2003 15:52:06 -0000 Your mail to 'Freebsd-users' with the subject Re: Thank you! Is being held until the list moderator can review it for approval. The reason it is being held: Post by non-member to a members-only list Either the message will get posted to the list, or you will receive notification of the moderator's decision. From owner-freebsd-isp@FreeBSD.ORG Wed Aug 27 04:59:09 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A16C16A4BF for ; Wed, 27 Aug 2003 04:59:09 -0700 (PDT) Received: from web1.nexusinternetsolutions.net (web1.nexusinternetsolutions.net [206.47.131.12]) by mx1.FreeBSD.org (Postfix) with SMTP id A125544008 for ; Wed, 27 Aug 2003 04:59:08 -0700 (PDT) (envelope-from dave@hawk-systems.com) Received: (qmail 62838 invoked from network); 27 Aug 2003 11:59:07 -0000 Received: from unknown (HELO ws1) (65.49.236.97) by web1.nexusinternetsolutions.net with SMTP; 27 Aug 2003 11:59:07 -0000 From: "Dave [Hawk-Systems]" To: "freebsd-isp@FreeBSD. ORG" Date: Wed, 27 Aug 2003 07:59:04 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: failed root login with shared ssh key X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 11:59:09 -0000 posted this to questions, but getting nothing but crickets have several FreeBSD servers around all with varrying installs, 4.3 with a number of patches, up to a 4.7 that is relatively new. Some maintenance on the servers that requires root is run from a master server which connects to run the command(s) via SSH. The public key for root@master_server has been distributed out to the ~root/.ssh/authorized_keys file as per a previous thread on this type of situation. I am having problems with the 4.7 box in that it will not accept the key authentication, and bounces back to asking for a password to login as root. I cannot log in as root over ssh with a password, but that fine, i don't want or need to. I do need to allow this server to log in using the shared public key to this (and all the servers. Have checked /etc/ssh/sshd_config, and "AllowRootLogin yes" is present, and it pretty much matches the other 4.3 to 4.5 installs. Have checked /etc/ttys, and while all the ttyps do not specifically state secure, neither doe they on the servers that this works fine on. I am sure I am forgetting something stupid, just have not been able to google anything that is pointing me in the right direction. most puzzling is that the same setup works fine for the other installs (albeit that I can also log in as root using password, which I would like to secure later) Thanks Dave debug from SSH session (and no, df -k is not the command that requires root) /// server# ssh -v target "df -k" SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321, protocol versions 1.5/2.0. Compiled with SSL (0x0090600f). debug: Reading configuration data /etc/ssh/ssh_config debug: ssh_connect: getuid 0 geteuid 0 anon 0 debug: Connecting to target.domain.com [123.456.789.2] port 22. debug: Allocated local port 921. debug: Connection established. debug: Remote protocol version 1.99, remote software version OpenSSH_3.4p1 FreeBSD-20020702 debug: no match: OpenSSH_3.4p1 FreeBSD-20020702 debug: Local version string SSH-1.5-OpenSSH_2.3.0 green@FreeBSD.org 20010321 debug: Waiting for server public key. debug: Received server public key (768 bits) and host key (1024 bits). debug: Host 'target' is known and matches the RSA host key. debug: Encryption type: 3des debug: Sent encrypted session key. debug: Installing crc compensation attack detector. debug: Received encrypted confirmation. debug: Trying RSA authentication with key 'root@server.domain.com' debug: Received RSA challenge from server. debug: Sending response to host key RSA challenge. debug: Remote: RSA authentication accepted. debug: RSA authentication refused. debug: Doing password authentication. root@target's password: Permission denied, please try again. root@target's password: /// From owner-freebsd-isp@FreeBSD.ORG Wed Aug 27 07:17:27 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C1BEC16A4BF for ; Wed, 27 Aug 2003 07:17:27 -0700 (PDT) Received: from web1.nexusinternetsolutions.net (web1.nexusinternetsolutions.net [206.47.131.12]) by mx1.FreeBSD.org (Postfix) with SMTP id D763543FAF for ; Wed, 27 Aug 2003 07:17:26 -0700 (PDT) (envelope-from dave@hawk-systems.com) Received: (qmail 72530 invoked from network); 27 Aug 2003 14:17:25 -0000 Received: from unknown (HELO ws1) (65.49.236.97) by web1.nexusinternetsolutions.net with SMTP; 27 Aug 2003 14:17:25 -0000 From: "Dave [Hawk-Systems]" To: "freebsd-isp@FreeBSD. ORG" Date: Wed, 27 Aug 2003 10:17:24 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: RE: failed root login with shared ssh key X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 14:17:28 -0000 Have tried a few suggestions, - The source server's ssh doesn't support the -1 option to force ssh to version 1 only. - the target server is set to support RSA I believe, though I have included the /etc/ssh/sshd_config file below just in case something in there may be misconfigured It appears that the process is working fine, but it just isn't allowing the root login despite the proper authentication. Dave /// trimmed sshd_config - a few options have been uncommented to ensure that is what they are set to #Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 3600 #ServerKeyBits 768 # Logging #obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 120 PermitRootLogin yes StrictModes yes RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys # have also tried changeing the above to ~/.ssh.... # rhosts authentication should not be used #RhostsAuthentication no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable PAM authentication #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #AFSTokenPassing no # Kerberos TGT Passing only works with the AFS kaserver #KerberosTgtPassing no #X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #KeepAlive yes #UseLogin no #UsePrivilegeSeparation no #Compression yes #MaxStartups 10 # no default banner path #Banner /some/path #VerifyReverseMapping no # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server /// >posted this to questions, but getting nothing but crickets > >have several FreeBSD servers around all with varrying installs, 4.3 with a >number of patches, up to a 4.7 that is relatively new. > >Some maintenance on the servers that requires root is run from a master server >which connects to run the command(s) via SSH. The public key for >root@master_server has been distributed out to the ~root/.ssh/authorized_keys >file as per a previous thread on this type of situation. > >I am having problems with the 4.7 box in that it will not accept the key >authentication, and bounces back to asking for a password to login as root. I >cannot log in as root over ssh with a password, but that fine, i don't want or >need to. I do need to allow this server to log in using the shared public key >to this (and all the servers. > >Have checked /etc/ssh/sshd_config, and "AllowRootLogin yes" is present, and it >pretty much matches the other 4.3 to 4.5 installs. >Have checked /etc/ttys, and while all the ttyps do not specifically state >secure, neither doe they on the servers that this works fine on. > >I am sure I am forgetting something stupid, just have not been able to google >anything that is pointing me in the right direction. most puzzling is that the >same setup works fine for the other installs (albeit that I can also log in as >root using password, which I would like to secure later) > >Thanks > >Dave > >debug from SSH session (and no, df -k is not the command that requires root) From owner-freebsd-isp@FreeBSD.ORG Wed Aug 27 07:58:44 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8AF3616A4BF for ; Wed, 27 Aug 2003 07:58:44 -0700 (PDT) Received: from mail.cvt.dk (ns.cvt.dk [130.225.95.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id AC32B43FF5 for ; Wed, 27 Aug 2003 07:58:41 -0700 (PDT) (envelope-from cp@cvt.dk) Received: from localhost (localhost [127.0.0.1]) by mail.cvt.dk (Postfix) with ESMTP id 97BC61C3259 for ; Wed, 27 Aug 2003 16:58:40 +0200 (CEST) Received: from cvt.dk (cp.cvt.dk [130.225.95.152]) by mail.cvt.dk (Postfix) with ESMTP id DEE1D1C3258 for ; Wed, 27 Aug 2003 16:58:39 +0200 (CEST) Message-ID: <3F4CC6BE.25264739@cvt.dk> Date: Wed, 27 Aug 2003 16:57:02 +0200 From: Christoffer Pio Organization: Center for Videnteknologi X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS snapshot-20020222 Subject: sendto: no buffer space available (yet no queue and plenty mbufs) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 14:58:44 -0000 I'm experiencing the em intel nic 100/1000 mb driver produces the 'no buffer space available' error when I break the connection (pull out the cable), yet netstat -m and netstat -an shows no packets in queue and plenty of mbuf and nmbclusters free. When I plug the cable back in ping resumes shortly working alright .. It must be the buffer on the NIC which gets exhausted? I am trying to make sure it is safe to put the box into production environment, the em driver is not buggy on freebsd 4.8 ? Christoffer From owner-freebsd-isp@FreeBSD.ORG Wed Aug 27 08:12:56 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2374516A4BF for ; Wed, 27 Aug 2003 08:12:56 -0700 (PDT) Received: from web1.nexusinternetsolutions.net (web1.nexusinternetsolutions.net [206.47.131.12]) by mx1.FreeBSD.org (Postfix) with SMTP id CA71C43FDF for ; Wed, 27 Aug 2003 08:12:54 -0700 (PDT) (envelope-from dave@hawk-systems.com) Received: (qmail 77108 invoked from network); 27 Aug 2003 15:12:53 -0000 Received: from unknown (HELO ws1) (65.49.236.97) by web1.nexusinternetsolutions.net with SMTP; 27 Aug 2003 15:12:53 -0000 From: "Dave [Hawk-Systems]" To: "freebsd-isp@FreeBSD. ORG" Date: Wed, 27 Aug 2003 11:12:52 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: enable root login to remote system (was - failed root login with shared ssh key) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 15:12:56 -0000 Further test, which I missed earlier for some unknown reason, was to create an ssh key for a non-root user, copy to the target server, and try a key authenticated login with the non-root user... worked perfectly. As such, the problem does not appear to be with the ssh key login, but with the fact that it is a root login. I am focusing my efforts there. Any idea as to why the server would not allow root login given that we have already checked "PermitRootLogin yes" for the sshd_config. Is there another location or entry which would be preventing root logins? Dave From owner-freebsd-isp@FreeBSD.ORG Wed Aug 27 13:31:12 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 53EA816A4BF for ; Wed, 27 Aug 2003 13:31:12 -0700 (PDT) Received: from blue.gerhardt-it.com (gw.gerhardt-it.com [204.83.38.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7650443F75 for ; Wed, 27 Aug 2003 13:31:11 -0700 (PDT) (envelope-from scott@g-it.ca) Received: from [192.168.100.110] (gw.gerhardt-it.com [204.83.38.103]) by blue.gerhardt-it.com (Postfix) with ESMTP id 810A6FDC9 for ; Wed, 27 Aug 2003 14:31:09 -0600 (CST) User-Agent: Microsoft-Entourage/10.1.1.2418 Date: Wed, 27 Aug 2003 14:31:08 -0600 From: Scott Gerhardt To: FreeBSD ISP List Message-ID: Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Subject: IBM xSeries 235 Server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 20:31:12 -0000 Has anyone deployed any IBM xSeries 235 servers with FreeBSD 4.8? Does FreeBSD recognize the onboard RAID1 controller? "Integrated Ultra320 RAID Provides RAID 1 mirroring of hard disk drives for data protection" Thanks -- Scott Gerhardt, P.Geo. Gerhardt Information Technologies [G-IT] From owner-freebsd-isp@FreeBSD.ORG Wed Aug 27 17:11:02 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 84F8016A4BF for ; Wed, 27 Aug 2003 17:11:02 -0700 (PDT) Received: from mail.yadt.co.uk (yadt.demon.co.uk [158.152.4.134]) by mx1.FreeBSD.org (Postfix) with SMTP id F146643FFD for ; Wed, 27 Aug 2003 17:10:55 -0700 (PDT) (envelope-from davidt@yadt.co.uk) Received: (qmail 14713 invoked from network); 28 Aug 2003 00:10:53 -0000 Received: from unknown (HELO mail.gattaca.yadt.co.uk) (@10.0.0.2) by yadt.demon.co.uk with SMTP; 28 Aug 2003 00:10:53 -0000 Received: (qmail 33674 invoked by uid 1000); 28 Aug 2003 00:10:52 -0000 Date: Thu, 28 Aug 2003 01:10:52 +0100 From: David Taylor To: "Dave [Hawk-Systems]" Message-ID: <20030828001051.GA99734@gattaca.yadt.co.uk> Mail-Followup-To: "Dave [Hawk-Systems]" , "freebsd-isp@FreeBSD. ORG" References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i cc: "freebsd-isp@FreeBSD. ORG" Subject: Re: enable root login to remote system (was - failed root login with shared ssh key) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Aug 2003 00:11:02 -0000 On Wed, 27 Aug 2003, Dave [Hawk-Systems] wrote: > > Further test, which I missed earlier for some unknown reason, was to create an > ssh key for a non-root user, copy to the target server, and try a key > authenticated login with the non-root user... worked perfectly. > > As such, the problem does not appear to be with the ssh key login, but with the > fact that it is a root login. I am focusing my efforts there. Any idea as to > why the server would not allow root login given that we have already checked > "PermitRootLogin yes" for the sshd_config. Is there another location or entry > which would be preventing root logins? You could always check the permissions on /root/.ssh/ and the files in it. ssh won't let you use rsa authentication if the permissions on the folders are too loose (for testing I'd recommend 700/600). -- David Taylor davidt@yadt.co.uk "The future just ain't what it used to be" From owner-freebsd-isp@FreeBSD.ORG Wed Aug 27 19:31:01 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A72FB16A4BF for ; Wed, 27 Aug 2003 19:31:01 -0700 (PDT) Received: from web1.nexusinternetsolutions.net (web1.nexusinternetsolutions.net [206.47.131.12]) by mx1.FreeBSD.org (Postfix) with SMTP id 74E9F43FBF for ; Wed, 27 Aug 2003 19:31:00 -0700 (PDT) (envelope-from dave@hawk-systems.com) Received: (qmail 29468 invoked from network); 28 Aug 2003 02:30:57 -0000 Received: from unknown (HELO ws1) (65.49.236.97) by web1.nexusinternetsolutions.net with SMTP; 28 Aug 2003 02:30:57 -0000 From: "Dave [Hawk-Systems]" To: "David Taylor" Date: Wed, 27 Aug 2003 22:30:56 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <20030828001051.GA99734@gattaca.yadt.co.uk> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 cc: "freebsd-isp@FreeBSD. ORG" Subject: RE: enable root login to remote system (was - failed root login with shared ssh key) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Aug 2003 02:31:01 -0000 >> Further test, which I missed earlier for some unknown reason, was to >create an >> ssh key for a non-root user, copy to the target server, and try a key >> authenticated login with the non-root user... worked perfectly. >> >> As such, the problem does not appear to be with the ssh key login, >but with the >> fact that it is a root login. I am focusing my efforts there. Any >idea as to >> why the server would not allow root login given that we have already checked >> "PermitRootLogin yes" for the sshd_config. Is there another >location or entry >> which would be preventing root logins? > >You could always check the permissions on /root/.ssh/ and the files in it. >ssh won't let you use rsa authentication if the permissions on the folders >are too loose (for testing I'd recommend 700/600). they are set to 0644, the same setting as the non-root test accout previously discussed anyway, but good thought and worth the try. unfortunately I tried 0600 and 0700 with the same results. thanks for the try though Dave From owner-freebsd-isp@FreeBSD.ORG Wed Aug 27 21:04:30 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6767716A4BF for ; Wed, 27 Aug 2003 21:04:30 -0700 (PDT) Received: from swisseasy.net (zuerich132.swisseasy.net [80.74.132.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id A545143F85 for ; Wed, 27 Aug 2003 21:04:28 -0700 (PDT) (envelope-from arie@gerszt.ch) Received: (qmail 88476 invoked by uid 2520); 28 Aug 2003 04:04:26 -0000 Received: from arie@gerszt.ch by atlas.swisseasy.net by uid 89 with qmail-scanner-1.16 (clamscan: 0.60. spamassassin: 2.55. Clear:. Processed in 0.34256 secs); 28 Aug 2003 04:04:26 -0000 Received: from unknown (HELO DELLARIE) (arie@gerszt.ch@212.41.93.65) by zuerich132.swisseasy.net with SMTP; 28 Aug 2003 04:04:26 -0000 From: "Arie J. Gerszt" To: Date: Thu, 28 Aug 2003 06:04:27 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: www.ispman.org X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Aug 2003 04:04:30 -0000 hi does somebody know www.ispman.org has implemented yet? looks very interesting but i was curious of any personal experiences and thoughts. thanks, arie From owner-freebsd-isp@FreeBSD.ORG Thu Aug 28 00:15:58 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 93D0E16A4BF for ; Thu, 28 Aug 2003 00:15:58 -0700 (PDT) Received: from mail.unina.it (mail.unina.it [192.132.34.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id DA80243FE5 for ; Thu, 28 Aug 2003 00:15:55 -0700 (PDT) (envelope-from root@cds.unina.it) Received: (from smmsp@localhost) by mail.unina.it (8.12.9/8.12.9) id h7S7G1T7030793 for freebsd-isp@freebsd.org; Thu, 28 Aug 2003 09:16:01 +0200 X-Authentication-Warning: mail.unina.it: Processed by smmsp with -C /etc/mail/sendmail.cf Received: from cds.unina.it (cds.unina.it [192.132.34.41]) by mail.unina.it (8.12.9/8.12.9) with ESMTP id h7S7G0Mh030728 for ; Thu, 28 Aug 2003 09:16:00 +0200 Received: (from root@localhost) by cds.unina.it (8.12.9/8.12.9) id h7S7JMoJ522393 for freebsd-isp@freebsd.org; Thu, 28 Aug 2003 09:19:22 +0200 (CEST) Message-Id: <200308280719.h7S7JMoJ522393@cds.unina.it> Date: Thu, 28 Aug 2003 09:19:21 CEST From: avadmin@cds.unina.it To: freebsd-isp@freebsd.org X-scanner: scanned by Inflex 1.0.12.5 - (http://pldaniels.com/inflex/) Subject: Inflex scan report [08280919516279] X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: avadmin@unina.it List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Aug 2003 07:15:58 -0000 Administrator Email Reply Address: avadmin Email sent to: zelati@cds.unina.it Inflex ID: 08280919516279 Report Details ----------------------------------------------- AntiVirus Results... SWEEP virus detection utility Version 3.71, July 2003 [Digital Unix/Alpha] Includes detection for 82960 viruses, trojans and worms Copyright (c) 1989,2003 Sophos Plc, www.sophos.com System time 09:19:22, System date 28 August 2003 Command line qualifiers are: -archive -all -rec -sc IDE directory is: /usr/local/sav Using IDE file webber-a.ide Using IDE file gruel-a.ide Using IDE file coconuta.ide Using IDE file cmjspy-b.ide Using IDE file golon-a.ide Using IDE file ataka-e.ide Using IDE file migmaf-a.ide Using IDE file mofei-b.ide Using IDE file viewmova.ide Using IDE file israza.ide Using IDE file graps-a.ide Using IDE file larx-fam.ide Using IDE file zwmvc-b.ide Using IDE file adenu-a.ide Using IDE file mylife-m.ide Using IDE file mumu.ide Using IDE file revas-a.ide Using IDE file klexe-a.ide Using IDE file sage-a.ide Using IDE file sluter-a.ide Using IDE file colevo-a.ide Using IDE file slanpera.ide Using IDE file cailonta.ide Using IDE file sandesa.ide Using IDE file yaha-t.ide Using IDE file sobig-e.ide Using IDE file frtnghte.ide Using IDE file relax-c.ide Using IDE file pcghosta.ide Using IDE file haclineb.ide Using IDE file nofer-c.ide Using IDE file magold-d.ide Using IDE file redist-c.ide Using IDE file nofer-b.ide Using IDE file mumu-b.ide Using IDE file sobig-d.ide Using IDE file frtnghtf.ide Using IDE file mystri-a.ide Using IDE file crock-a.ide Using IDE file suhd-a.ide Using IDE file nofer-a.ide Using IDE file anaco-d.ide File panjang.ide is older than 90 days Using IDE file gruel-c.ide Using IDE file gruel-b.ide Using IDE file mapson-c.ide Using IDE file gruel-d.ide Using IDE file gruel-e.ide Using IDE file dwnld-di.ide Using IDE file gruelfam.ide Using IDE file mofei-c.ide Using IDE file jantic-b.ide Using IDE file frtnghth.ide Using IDE file qqpass-a.ide Using IDE file babybr-a.ide Using IDE file mimail-a.ide Using IDE file randonr.ide Using IDE file cidu-a.ide Using IDE file gruel-m.ide Using IDE file boohoo-a.ide Using IDE file maila.ide Using IDE file autort-a.ide Using IDE file lovgatel.ide Using IDE file sview-a.ide Using IDE file randex-d.ide Using IDE file blastera.ide Using IDE file rpcsdb-a.ide Using IDE file blasterb.ide Using IDE file donkc.ide Using IDE file graybird.ide Using IDE file nachi-a.ide Using IDE file blasterd.ide Using IDE file sobigf.ide Using IDE file dumaru-a.ide Using IDE file bdoorrq.ide Using IDE file pandem-b.ide Using IDE file agobot-q.ide Using IDE file tzet-a.ide Quick Sweeping 00:01 _headers_ 00:01 textfile0 00:01 textfile1 00:01 wicked_scr.scr >>> Virus 'W32/Sobig-F' found in file /usr/local/inflex/tmp/inf_08280919516279/unpacked/wicked_scr.scr 00:01 textfile2 5 files swept in 1 second. 1 virus was discovered. 1 file out of 5 was infected. Please send infected samples to Sophos for analysis. For advice consult www.sophos.com, email support@sophos.com or telephone +44 1235 559933 End of Sweep. File NAME/TYPE Scan Results 08280919516279 from:freebsd-isp@freebsd.org to: zelati@cds.unina.itType scanning off. Name scanning off. Text scanning off. END OF MESSAGE. End. . From owner-freebsd-isp@FreeBSD.ORG Thu Aug 28 00:25:51 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C0BB16A4EE for ; Thu, 28 Aug 2003 00:25:51 -0700 (PDT) Received: from mail.wrs.no (mail.wrs.no [213.236.173.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6DAE843FB1 for ; Thu, 28 Aug 2003 00:25:50 -0700 (PDT) (envelope-from freebsd@yazzy.org) Received: from h311r4iz3r.wrs (localhost [127.0.0.1]) by mail.wrs.no (Postfix) with SMTP id 26E3A437D for ; Thu, 28 Aug 2003 09:25:47 +0200 (CEST) Date: Thu, 28 Aug 2003 09:25:47 +0200 From: Martin Jessa To: freebsd-isp@freebsd.org Message-Id: <20030828092547.476a3e7d.freebsd@yazzy.org> In-Reply-To: References: Organization: ezUnix.org X-Mailer: Sylpheed version 0.9.3claws (GTK+ 1.2.10; i386-portbld-freebsd5.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: www.ispman.org X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Aug 2003 07:25:51 -0000 Implemented what? >From their frontsite: "ISPMan help on IRC. You can get help on ISPMan and meet other ISPMan users at #ispman on irc.freenode.net" On Thu, 28 Aug 2003 06:04:27 +0100 "Arie J. Gerszt" wrote: > hi > > does somebody know www.ispman.org has implemented yet? looks very > interesting but i was curious > of any personal experiences and thoughts. > > thanks, > arie > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Thu Aug 28 04:10:01 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 44F1416A4BF for ; Thu, 28 Aug 2003 04:10:01 -0700 (PDT) Received: from flash.mipk-kspu.kharkov.ua (flash.mipk-kspu.kharkov.ua [194.44.157.113]) by mx1.FreeBSD.org (Postfix) with ESMTP id EF81443FF9 for ; Thu, 28 Aug 2003 04:09:52 -0700 (PDT) (envelope-from artem@mipk.kharkiv.edu) Received: from mipk.kharkiv.edu (rainbow.mipk-kspu.kharkov.ua [192.168.9.241]) h7SB8mgX017518 for ; Thu, 28 Aug 2003 14:08:50 +0300 (EEST) (envelope-from artem@mipk.kharkiv.edu) Message-ID: <3F4DE2C1.10703@mipk.kharkiv.edu> Date: Thu, 28 Aug 2003 14:08:49 +0300 From: "Artyom V. Viklenko" Organization: IIAT NTU "KhPI" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 X-Accept-Language: ru, uk, en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: strange problem with ttyp0 X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Aug 2003 11:10:01 -0000 I have strange problem with one of my routers. OS FreeBSD 4.8-RELEASE. The first telnet connection use ttyp1, second - ttyp2, etc. But never to ttyp0! The same effect with ssh. ttyp0 present in /etc/ttys and /dev entries are in place (both ttyp and ptyp) and have correct ownership and mode. I think something wrong with ptyp-side. Some stupid test (stty < /dev/ptyp0) says something like "input/output error". Does anybody have idea why? File /etc/login.access not used. Thanks! -- Sincerely yours, Artyom V. Viklenko. ====================================================== System Administrator artem@mipk.kharkiv.edu ------------------------------------------------------ IIAT NTU "KhPI" 21, Frunze Str., Kharkov Ukraine 61002 Phone: +380 (572) 400026 Fax: +380 (572) 474062 ====================================================== From owner-freebsd-isp@FreeBSD.ORG Thu Aug 28 04:24:47 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9BD9516A4BF for ; Thu, 28 Aug 2003 04:24:47 -0700 (PDT) Received: from fragma.wildcardinternet.co.uk (fragma.wildcardinternet.co.uk [195.82.114.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB36343FCB for ; Thu, 28 Aug 2003 04:24:46 -0700 (PDT) (envelope-from lee@wildcardinternet.co.uk) Received: from ded.ncl-ne39.wildcardinternet.co.uk ([195.82.114.89] helo=gate.wildcardinternet.co.uk) by fragma.wildcardinternet.co.uk with esmtp (Exim 3.35 #1) id 19sKtJ-000HJP-00; Thu, 28 Aug 2003 12:24:38 +0100 Message-Id: <5.2.1.1.0.20030828121902.00b563c8@fragma> X-Sender: ljohns@fragma X-Mailer: QUALCOMM Windows Eudora Version 5.2.1 Date: Thu, 28 Aug 2003 12:25:01 +0100 To: arie@gerszt.ch, freebsd-isp@freebsd.org From: Lee Johnston In-Reply-To: <20030828092547.476a3e7d.freebsd@yazzy.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: www.ispman.org X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Aug 2003 11:24:47 -0000 I had a problem a few months back with ISPMan basically because the nss_ldap module wasn't support by FreeBSD's nameservice switch.. Just looking back at the PADL website and I've found that it lists FreeBSD 5.1 as a supported platform, if this is the case, it should be possible to get ispman implemented on a system running FreeBSD 5.1. I'd be interested to hear from anyone who has? Regards, Lee. > > hi > > > > does somebody know www.ispman.org has implemented yet? looks very > > interesting but i was curious > > of any personal experiences and thoughts. > > > > thanks, > > arie > > > > > > _______________________________________________ > > freebsd-isp@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > >_______________________________________________ >freebsd-isp@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-isp >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Thu Aug 28 06:15:36 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA82916A4BF for ; Thu, 28 Aug 2003 06:15:36 -0700 (PDT) Received: from mail.wrs.no (mail.wrs.no [213.236.173.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC18B43F3F for ; Thu, 28 Aug 2003 06:15:35 -0700 (PDT) (envelope-from freebsd@yazzy.org) Received: from h311r4iz3r.wrs (localhost [127.0.0.1]) by mail.wrs.no (Postfix) with SMTP id BAEA8437B for ; Thu, 28 Aug 2003 15:15:32 +0200 (CEST) Date: Thu, 28 Aug 2003 15:15:32 +0200 From: Martin Jessa To: freebsd-isp@freebsd.org Message-Id: <20030828151532.1539c9f6.freebsd@yazzy.org> Organization: ezUnix.org X-Mailer: Sylpheed version 0.9.3claws (GTK+ 1.2.10; i386-portbld-freebsd5.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Chosing a hosting server. X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Aug 2003 13:15:36 -0000 Hi. I am planning setup of misc services for an Wireless ISP. They want to host mail and websites of their users. The server will run mail (imap, pop3), web and ftp services which will all authenticate users against the same sql database. They want to have about 5000+ customers. Each of the users will have granted 30 megs web space and about the same for their emails. The problem is chosing a server that can handle all that. I could split the services between different servers but I am not aware of an application that can allow me to do so. Any suggestions ? As I said I would also need some sort of tool to be able to easly handle things like adding new users with custom email and web quota, ability to add new email addresses for one user, it should also be able to talk to a radius server which will authenticate connections with the same database as the mail server. It does not have to be an open source application. Any help appreciated. Cheers, YazzY From owner-freebsd-isp@FreeBSD.ORG Thu Aug 28 07:19:50 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 783D016A4BF for ; Thu, 28 Aug 2003 07:19:50 -0700 (PDT) Received: from Sixty.hatvany.com (sixty.hatvany.com [67.100.200.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 468F543FE5 for ; Thu, 28 Aug 2003 07:19:49 -0700 (PDT) (envelope-from Charles@hatvany.com) Received: from hatvany.com (forty.hatvany.com [66.203.80.230]) by Sixty.hatvany.com (8.9.3/8.9.3) with SMTP id KAA46918 for ; Thu, 28 Aug 2003 10:19:47 -0400 (EDT) (envelope-from Charles@hatvany.com) Received: from HatvanyDomain-Message_Server by hatvany.com with Novell_GroupWise; Thu, 28 Aug 2003 10:19:49 -0400 Message-Id: X-Mailer: Novell GroupWise 5.2 Date: Thu, 28 Aug 2003 10:12:44 -0400 From: "Charles Hatvany" To: freebsd-isp@freebsd.org, freebsd@yazzy.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: Re: Chosing a hosting server. X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Aug 2003 14:19:50 -0000 Martin, DNS should allow you to split the mail from the web by pointing the MX and = the A records to different places. Ditto for ftp, if that is set up with = a different URL (such as ftp.xxxx.com). So you could have 3 servers doing = different services. The database could be on any of the servers as long = as you can mount the filesystem on the other two. I'll let someone else answer the question about the tools - I would also = be interested in that answer. Charles Hatvany >>> Martin Jessa 8/28/03 9:15:32 AM >>> Hi. I am planning setup of misc services for an Wireless ISP. They want to host mail and websites of their users. The server will run mail (imap, pop3), web and ftp services which will all = authenticate users against the same sql database. They want to have about 5000+ customers. Each of the users will have granted 30 megs web space and about the same = for their emails. The problem is chosing a server that can handle all that. I could split = the services between different servers but I am not aware of an application= that can allow me to do so. Any suggestions ? As I said I would also need some sort of tool to be able to easly handle = things like adding new users with custom email and web quota, ability to = add new email addresses for one user, it should also be able to talk to a = radius server which will authenticate connections with the same database = as the mail server. It does not have to be an open source application. Any help appreciated. Cheers,=20 YazzY _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp=20 To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Fri Aug 29 08:14:12 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF5E616A4C0 for ; Fri, 29 Aug 2003 08:14:12 -0700 (PDT) Received: from mail.wrs.no (mail.wrs.no [213.236.173.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 34A3443FB1 for ; Fri, 29 Aug 2003 08:14:11 -0700 (PDT) (envelope-from freebsd@yazzy.org) Received: from h311r4iz3r.wrs (localhost [127.0.0.1]) by mail.wrs.no (Postfix) with SMTP id 73712437E; Fri, 29 Aug 2003 17:14:07 +0200 (CEST) Date: Fri, 29 Aug 2003 17:14:07 +0200 From: Martin Jessa To: freebsd-isp@freebsd.org Message-Id: <20030829171407.43caedf8.freebsd@yazzy.org> In-Reply-To: References: Organization: ezUnix.org X-Mailer: Sylpheed version 0.9.3claws (GTK+ 1.2.10; i386-portbld-freebsd5.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Chosing a hosting server. X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Aug 2003 15:14:12 -0000 Hi Charles, guys. I am pretty aware of the fast that I can create one or more mail hubs and set up my dns server with 2 or more MX records. I am conserned about the practical side of the setup. If the ftp server is going to be on a separate box, how would I NFS-mount the resources so that each of the users would be able to access their web dirs only, etc. Btw, I found this website which seems promicing. http://www.projektfarm.com/en/ On Thu, 28 Aug 2003 10:12:44 -0400 "Charles Hatvany" wrote: > Martin, > > DNS should allow you to split the mail from the web by pointing the MX and the A records to different places. Ditto for ftp, if that is set up with a different URL (such as ftp.xxxx.com). So you could have 3 servers doing different services. The database could be on any of the servers as long as you can mount the filesystem on the other two. > > I'll let someone else answer the question about the tools - I would also be interested in that answer. > > Charles Hatvany > > >>> Martin Jessa 8/28/03 9:15:32 AM >>> > Hi. > > I am planning setup of misc services for an Wireless ISP. > They want to host mail and websites of their users. > The server will run mail (imap, pop3), web and ftp services which will all authenticate users against the same sql database. > They want to have about 5000+ customers. > Each of the users will have granted 30 megs web space and about the same for their emails. > The problem is chosing a server that can handle all that. I could split the services between different servers but I am not aware of an application that can allow me to do so. > Any suggestions ? > As I said I would also need some sort of tool to be able to easly handle things like adding new users with custom email and web quota, ability to add new email addresses for one user, it should also be able to talk to a radius server which will authenticate connections with the same database as the mail server. > It does not have to be an open source application. > Any help appreciated. > > Cheers, > YazzY > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Fri Aug 29 12:15:31 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6177216A4BF for ; Fri, 29 Aug 2003 12:15:31 -0700 (PDT) Received: from fep2.cogeco.net (smtp.cogeco.net [216.221.81.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B03743FFB for ; Fri, 29 Aug 2003 12:15:30 -0700 (PDT) (envelope-from tom@dwyers.ca) Received: from tom (d235-131-219.home1.cgocable.net [24.235.131.219]) by fep2.cogeco.net (Postfix) with SMTP id 7A6C674A for ; Fri, 29 Aug 2003 14:45:27 -0400 (EDT) Message-ID: <000a01c36e5f$412f6740$020010ac@protechnologies> From: "Thomas Dwyer" To: Date: Fri, 29 Aug 2003 14:56:28 -0400 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Multi-Homed Routing X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Aug 2003 19:15:31 -0000 I have a FreeBSD box for hosting as well as a Gateway for a LAN. I have recently added a 2nd Internet source (for redundancy) and I want = to know how to make FreeBSD choose a primary outbound internet source, = and chose the other if the primary is down? Am I correct to assume that FreeBSD will automatically return incoming = requests back through the interface that it arrived on? e.g. Internet request coming in on interface-A will return via interface-A and likewise for interface-B Thanks Tom From owner-freebsd-isp@FreeBSD.ORG Fri Aug 29 12:18:58 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3EC6E16A4F2 for ; Fri, 29 Aug 2003 12:18:58 -0700 (PDT) Received: from ext-ch1gw-1.online-age.net (ext-ch1gw-1.online-age.net [216.34.191.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3B2C843F75 for ; Fri, 29 Aug 2003 12:18:54 -0700 (PDT) (envelope-from lapinski@crd.ge.com) Received: from int-ch1gw-4.online-age.net (int-ch1gw-4 [3.159.232.68]) h7TJIlkF005386; Fri, 29 Aug 2003 14:18:51 -0500 (CDT) Received: from crdns.crd.ge.com (localhost [127.0.0.1]) id h7TJIkn5025894; Fri, 29 Aug 2003 15:18:46 -0400 (EDT) Received: from xbh01crdge.crd.ge.com (xbh01crdge.crd.ge.com [3.159.72.22]) by crdns.crd.ge.com (8.11.6p2/8.11.6) with ESMTP id h7TJIia10484; Fri, 29 Aug 2003 15:18:45 -0400 (EDT) Received: by xbh01crdge.crd.ge.com with Internet Mail Service (5.5.2653.19) id ; Fri, 29 Aug 2003 15:18:44 -0400 Message-ID: From: "Lapinski, Michael (Research)" To: "'Thomas Dwyer'" , freebsd-isp@freebsd.org Date: Fri, 29 Aug 2003 15:18:41 -0400 X-Mailer: Internet Mail Service (5.5.2653.19) Subject: RE: Multi-Homed Routing X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Aug 2003 19:18:58 -0000 Are you using a fbsd box as a router? if no, you need to configure BGP on your border router. if yes, yuck, routers route, server's serve. =) -mtl -----Original Message----- From: Thomas Dwyer [mailto:tom@dwyers.ca] Sent: Friday, August 29, 2003 2:56 PM To: freebsd-isp@freebsd.org Subject: Multi-Homed Routing I have a FreeBSD box for hosting as well as a Gateway for a LAN. I have recently added a 2nd Internet source (for redundancy) and I want to know how to make FreeBSD choose a primary outbound internet source, and chose the other if the primary is down? Am I correct to assume that FreeBSD will automatically return incoming requests back through the interface that it arrived on? e.g. Internet request coming in on interface-A will return via interface-A and likewise for interface-B Thanks Tom _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Fri Aug 29 12:35:21 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F00216A4BF for ; Fri, 29 Aug 2003 12:35:21 -0700 (PDT) Received: from diaspar.rdsnet.ro (diaspar.rdsnet.ro [81.196.201.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 28D6243FEA for ; Fri, 29 Aug 2003 12:35:20 -0700 (PDT) (envelope-from Vlad.Galu@rdsnet.ro) Received: (qmail 33569 invoked from network); 28 Aug 2003 11:28:36 -0000 Received: from unknown (HELO diaspar.rdsnet.ro) (81.196.201.65) by 0 with SMTP; 28 Aug 2003 11:28:36 -0000 Date: Thu, 28 Aug 2003 14:28:36 +0300 From: Vlad Galu To: freebsd-isp@freebsd.org In-Reply-To: <3F4DE2C1.10703@mipk.kharkiv.edu> References: <3F4DE2C1.10703@mipk.kharkiv.edu> Organization: Romania Data Systems X-Mailer: Sylpheed version 0.9.4 (GTK+ 1.2.10; i386-portbld-freebsd4.8) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20030829193520.28D6243FEA@mx1.FreeBSD.org> Subject: Re: strange problem with ttyp0 X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Aug 2003 19:35:21 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 28 Aug 2003 14:08:49 +0300 "Artyom V. Viklenko" wrote: > I have strange problem with one of my routers. > OS FreeBSD 4.8-RELEASE. The first telnet connection > use ttyp1, second - ttyp2, etc. But never to ttyp0! > The same effect with ssh. > > ttyp0 present in /etc/ttys and /dev entries are in place > (both ttyp and ptyp) and have correct ownership and mode. > > I think something wrong with ptyp-side. > Some stupid test (stty < /dev/ptyp0) says something > like "input/output error". > > Does anybody have idea why? > File /etc/login.access not used. > Install lsof and issue a 'lsof | grep ttyp0' to see if any process uses it. > Thanks! > > -- > Sincerely yours, > Artyom V. Viklenko. > ====================================================== > System Administrator artem@mipk.kharkiv.edu > ------------------------------------------------------ > IIAT NTU "KhPI" 21, Frunze Str., Kharkov Ukraine 61002 > Phone: +380 (572) 400026 Fax: +380 (572) 474062 > ====================================================== > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > - ------ Vlad Galu Network & Systems Administrator Romania Data Systems NOC in Bucharest Phone: +40 21 30 10 850 Web: http://www.rdsnet.ro PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x53ABCE97 - ---------------------------------------------------------------------------- Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such a person), you may not copy or deliver this message to anyone. In such a case, you should destroy this message and kindly notify the sender by reply e-mail. - --------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/TedkP5WtpVOrzpcRAjT8AJ9YD++BMR/nuPBORhgRQh+4NlnP9gCfWxE7 2yiYSHuUtWhh53NWUCCnJt4= =6eak -----END PGP SIGNATURE----- From owner-freebsd-isp@FreeBSD.ORG Fri Aug 29 13:18:04 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A7C4216A4BF for ; Fri, 29 Aug 2003 13:18:04 -0700 (PDT) Received: from energistic.com (12-223-237-12.client.insightbb.com [12.223.237.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D11C43FF7 for ; Fri, 29 Aug 2003 13:18:03 -0700 (PDT) (envelope-from steve@energistic.com) Received: from energistic.com (smmsp@localhost [127.0.0.1]) by energistic.com (8.12.9/8.12.9) with ESMTP id h7TKHXAX018424; Fri, 29 Aug 2003 15:17:39 -0500 (EST) (envelope-from steve@energistic.com) Received: (from root@localhost) by energistic.com (8.12.9/8.12.9/Submit) id h7TKHWDJ017101; Fri, 29 Aug 2003 15:17:32 -0500 (EST) (envelope-from steve) Date: Fri, 29 Aug 2003 15:17:32 -0500 From: Charlie Root To: "Lapinski, Michael (Research)" Message-ID: <20030829201732.GA10482@energistic.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.4i cc: freebsd-isp@freebsd.org cc: 'Thomas Dwyer' Subject: Re: Multi-Homed Routing X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Aug 2003 20:18:04 -0000 On Fri, Aug 29, 2003 at 03:18:41PM -0400, Lapinski, Michael (Research) wrote: > Are you using a fbsd box as a router? > > if no, you need to configure BGP on your border router. True that. > if yes, yuck, routers route, server's serve. =) True but an OS is neither a router nor a server. Its just an OS. The use you put it to defines if the box is a router or a server (or both). > I have recently added a 2nd Internet source (for redundancy) and I want to > know how to make FreeBSD choose a primary outbound internet source, and > chose the other if the primary is down? You'll need to be running a routing protocol. Your standard routing table probably isn't going to serve you very well. If aren't able to exchange protocol with your upstreams (usually with BGP) then you'll have to get clever with DNS tricks and route manipulation. Are you getting IP space from both providers? Are all services setup to listen on both subnets? Does your DNS point to both subnets? If one subnet goes down does DNS stop pointing to the bad subnet (only half a cure because the now bad subnet IPs are probably cached out there on the net somewhere anyway). The common situation is to advertise via a dynamic routing protocol such as BGP4 your IP space to both of your upstreams. This isn't really possible if your upstreams are DSL, cable or small-time wireless providers. > Am I correct to assume that FreeBSD will automatically return incoming > requests back through the interface that it arrived on? Ummm... no. I don't think you are. FBSD will likely send that packet back out whichever interface is labeled 'default' or, in the case of dynamic protocols, whichever route has the lowest metric back to the destination. -Steve From owner-freebsd-isp@FreeBSD.ORG Fri Aug 29 20:10:20 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3837316A4BF for ; Fri, 29 Aug 2003 20:10:20 -0700 (PDT) Received: from exchange.wan.no (exchange.wan.no [80.86.128.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id B3B9243FEA for ; Fri, 29 Aug 2003 20:10:18 -0700 (PDT) (envelope-from sten.daniel.sorsdal@wan.no) X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Sat, 30 Aug 2003 05:07:46 +0200 Message-ID: <0AF1BBDF1218F14E9B4CCE414744E70F07DF2D@exchange.wanglobal.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Multi-Homed Routing Thread-Index: AcNuYaqrAGpORiclQSGBHO5b+XL5CgAOli1w From: =?iso-8859-1?Q?Sten_Daniel_S=F8rsdal?= To: "Thomas Dwyer" , Subject: RE: Multi-Homed Routing X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Aug 2003 03:10:20 -0000 >=20 > I have a FreeBSD box for hosting as well as a Gateway for a LAN. >=20 > I have recently added a 2nd Internet source (for redundancy)=20 > and I want to know how to make FreeBSD choose a primary=20 > outbound internet source, and chose the other if the primary is down? There has been lots of talk about this, most will suggest doing a BGP = solution. BGP would be the more correct way of doing it. Automatic routing feeds usually cost money and then often lots of money. To achieve BGP feeds for both ISPs you would need to (over simplified): 1. Get an AS number that are in great shortage, so it's a real pain and=20 usually cost money, because you cant do it directly but have to go through someone who already have an AS number. 2. You need to apply for your own address range from your LIR. 3. Upgrade your connections to BGP peering connections at both your = isp's. which usually costs ALOT more than your regular internet connections. You might have to hire or contract someone to configure this, make = sure they are available after it's configured because like everything else it breaks. 4. quite possibly have to upgrade your server to handle 2 full bgp feeds and hire someone to manage it. (It -does- break, like everything = else) Now all this sounds easy, but is virtually unattainable for anyone but the ones with really deep pockets. However. You could achieve almost the same effect by using a script to check if both gateways are up and if one goes down it automatically=20 changes the default route to the working ISP. Then automatically adjust your DNS pointers to the new ip address(es). Your public ip address(es) will change, and hence some people wont be=20 able to reach your site until their DNS's are updated. Some people have caching DNS's that wont expire a record for a long time to not generate alot of traffic and wont reach your site at all. If you are -lucky- and your ISP's suck (for not doing source filtering) you could use both pipes for uploads but only one for download. Consult the archives. >=20 > Am I correct to assume that FreeBSD will automatically return=20 > incoming requests back through the interface that it arrived on? >=20 Not necessarily, this is a routing issue in which you only control the outgoing bit. In short it will go where the routes point. The routing/forwarding engine in FreeBSD works on a packet by packet basis (afaik, and a general advantage if you ask me). - Sten From owner-freebsd-isp@FreeBSD.ORG Sat Aug 30 13:30:29 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 42ED716A4BF for ; Sat, 30 Aug 2003 13:30:29 -0700 (PDT) Received: from mailsrv.amplex.net (mailsrv.amplex.net [64.246.100.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 63AE343FAF for ; Sat, 30 Aug 2003 13:30:28 -0700 (PDT) (envelope-from mark@amplex.net) Received: from marktoshiba (dhcp232-middleton-ap.amplex.net [64.246.108.232]) (authenticated bits=0) by mailsrv.amplex.net (8.12.9/8.12.9) with ESMTP id h7UKUNj9048197 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Sat, 30 Aug 2003 16:30:26 -0400 (EDT) Message-ID: <019501c36f35$8bf95930$e86cf640@amplex.net> From: "Mark Radabaugh" To: References: <0AF1BBDF1218F14E9B4CCE414744E70F07DF2D@exchange.wanglobal.net> Date: Sat, 30 Aug 2003 16:29:59 -0400 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: Multi-Homed Routing X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Aug 2003 20:30:29 -0000 > To achieve BGP feeds for both ISPs you would need to (over simplified): > > 1. Get an AS number that are in great shortage, so it's a real pain and > usually cost money, because you cant do it directly but have to go > through someone who already have an AS number. > Huh? They are hardly difficult to get - just pay your $500 to ARIN (http://www.arin.net - the original post was .ca I believe) and explain why your routing policy is different from your upstreams. > 2. You need to apply for your own address range from your LIR. There is no problem announcing IP space from your current providers. As a practical matter you need at least a /24 of space. > > 3. Upgrade your connections to BGP peering connections at both your isp's. > which usually costs ALOT more than your regular internet connections. > You might have to hire or contract someone to configure this, make sure > they are available after it's configured because like everything else > it breaks. > Usually a fairly nominal one-time charge (if any) to configure BGP with your providers. > 4. quite possibly have to upgrade your server to handle 2 full bgp feeds > and hire someone to manage it. (It -does- break, like everything else) > > Now all this sounds easy, but is virtually unattainable for anyone but > the ones with really deep pockets. > >From a guy with faily shallow pockets it's not that bad.... Mark Radabaugh Amplex (419) 720-3635