From owner-freebsd-isp@FreeBSD.ORG Sun Apr 4 05:51:17 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6CA9A16A4CE for ; Sun, 4 Apr 2004 05:51:17 -0700 (PDT) Received: from ns2.wananchi.com (ns2.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C1EB43D60 for ; Sun, 4 Apr 2004 05:51:16 -0700 (PDT) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.31 #0 (FreeBSD 4.9)) id 1BA75j-000Jkz-QN by authid for ; Sun, 04 Apr 2004 15:51:11 +0300 Date: Sun, 4 Apr 2004 15:51:11 +0300 From: Odhiambo Washington To: freebsd-isp@freebsd.org Message-ID: <20040404125111.GA74222@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Disclaimer: Any views expressed in this message,where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.5.1i (2003-11-05) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.5.1i Subject: News Server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Apr 2004 12:51:17 -0000 Hello Admins (I think we all are at some point), I am considering running a news server, and I see there are several options out there. Can someone recommend what they are running and why they chose it. I am particularly looking for one that doesn't suck alot ;-) I hear they all suck, no? -Wash http://www.netmeister.org/news/learn2quote.html -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ A day without sunshine is like night. From owner-freebsd-isp@FreeBSD.ORG Sun Apr 4 09:33:42 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA01C16A4CE for ; Sun, 4 Apr 2004 09:33:42 -0700 (PDT) Received: from unix18.sihope.com (unix18.sihope.com [207.195.195.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1C9DD43D64 for ; Sun, 4 Apr 2004 09:33:42 -0700 (PDT) (envelope-from adamm@sihope.com) Received: from unix18.sihope.com (adamm@localhost [127.0.0.1]) by unix18.sihope.com (8.12.10/8.12.10) with ESMTP id i34GXeMM010038; Sun, 4 Apr 2004 11:33:40 -0500 (CDT) (envelope-from adamm@sihope.com) Received: from localhost (adamm@localhost)i34GXdP8010023; Sun, 4 Apr 2004 11:33:39 -0500 (CDT) (envelope-from adamm@sihope.com) X-Authentication-Warning: unix18.sihope.com: adamm owned process doing -bs Date: Sun, 4 Apr 2004 11:33:39 -0500 (CDT) From: Adam Maloney To: Odhiambo Washington In-Reply-To: <20040404125111.GA74222@ns2.wananchi.com> Message-ID: <20040404112847.A96416@unix18.sihope.com> References: <20040404125111.GA74222@ns2.wananchi.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org Subject: Re: News Server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Apr 2004 16:33:42 -0000 Are you looking for recommendations on software, or a news provider? When we had our own feed we used DNews by NetWinSite. They are a New Zealand based company and support was very good. In fact, I think they were building their BSD/OS binaries from our machine at some point. It can suck or ihave. We never had any problem with it. Licensing (with support) was very reasonable, at least at our size. I've used leafnode at home in the past, it sucks (in the good way). Adam Maloney Systems Administrator Sihope Communications On Sun, 4 Apr 2004, Odhiambo Washington wrote: > Hello Admins (I think we all are at some point), > > I am considering running a news server, and I see there are several > options out there. > > Can someone recommend what they are running and why they chose it. > I am particularly looking for one that doesn't suck alot ;-) > I hear they all suck, no? > > > -Wash > > http://www.netmeister.org/news/learn2quote.html > > -- > +======================================================================+ > |\ _,,,---,,_ | Odhiambo Washington > Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com > |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 > '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 > +======================================================================+ > A day without sunshine is like night. > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Sun Apr 4 10:25:19 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B858B16A4CE for ; Sun, 4 Apr 2004 10:25:19 -0700 (PDT) Received: from mail11.txucom.net (mail11.txucom.net [207.70.175.42]) by mx1.FreeBSD.org (Postfix) with SMTP id 5B35443D2F for ; Sun, 4 Apr 2004 10:25:19 -0700 (PDT) (envelope-from bob@buckhorn.net) Received: (qmail 18606 invoked from network); 4 Apr 2004 17:25:18 -0000 Received: from lfkn-adsl-dhcp-net1-197.txucom.net (HELO tardis.buckhorn.net) ([207.70.145.197]) (envelope-sender ) by mail11.txucom.net (qmail-ldap-1.03) with SMTP for ; 4 Apr 2004 17:25:18 -0000 Received: from buckhorn.net (localhost.buckhorn.net [127.0.0.1]) by tardis.buckhorn.net (Postfix) with ESMTP id 1BA411B8F00; Sun, 4 Apr 2004 12:26:03 -0500 (CDT) Message-ID: <4070452A.6010708@buckhorn.net> Date: Sun, 04 Apr 2004 12:26:02 -0500 From: Bob Martin User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Odhiambo Washington References: <20040404125111.GA74222@ns2.wananchi.com> In-Reply-To: <20040404125111.GA74222@ns2.wananchi.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: News Server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Apr 2004 17:25:19 -0000 IMHO DNews is without peer. I base this on personal experience, and on the fact that all of the giant news services that I know of use it. Bob Martin Odhiambo Washington wrote: > Hello Admins (I think we all are at some point), > > I am considering running a news server, and I see there are several > options out there. > > Can someone recommend what they are running and why they chose it. > I am particularly looking for one that doesn't suck alot ;-) > I hear they all suck, no? > > > -Wash > > http://www.netmeister.org/news/learn2quote.html > > -- > +======================================================================+ > |\ _,,,---,,_ | Odhiambo Washington > Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com > |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 > '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 > +======================================================================+ > A day without sunshine is like night. > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Sun Apr 4 10:28:06 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2962E16A4CE for ; Sun, 4 Apr 2004 10:28:06 -0700 (PDT) Received: from out005.verizon.net (out005pub.verizon.net [206.46.170.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id B9C4343D48 for ; Sun, 4 Apr 2004 10:28:05 -0700 (PDT) (envelope-from cswiger@mac.com) Received: from mac.com ([68.160.247.127]) by out005.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20040404172805.EYRX2677.out005.verizon.net@mac.com>; Sun, 4 Apr 2004 12:28:05 -0500 Message-ID: <40704598.4070304@mac.com> Date: Sun, 04 Apr 2004 13:27:52 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7b) Gecko/20040316 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Odhiambo Washington References: <20040404125111.GA74222@ns2.wananchi.com> In-Reply-To: <20040404125111.GA74222@ns2.wananchi.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at out005.verizon.net from [68.160.247.127] at Sun, 4 Apr 2004 12:28:04 -0500 cc: freebsd-isp@freebsd.org Subject: Re: News Server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Apr 2004 17:28:06 -0000 Odhiambo Washington wrote: > Can someone recommend what they are running and why they chose it. > I am particularly looking for one that doesn't suck alot ;-) > I hear they all suck, no? Well, I run INN and I can recommend it, although one needs to spend the time to review the documentation to get a handle on what is a large system with lots of components. INN is well-suited for having multiple inbound and outbound newsfeeds and dealing with lots of newsgroups. If you're only interested in a single feed for a few newsgroups (less than a thousand, say) than something like leafnode may be easier to get going and better suited to that situation. Be aware that even a partial news feed (say big-7 minus *.binaries) represents a lot of traffic and a lot of bandwidth: make sure your feeders support "poisoning" newsgroups you don't want or else you can easily saturate a T1. A full feed probably saturates a 10Mbs link, nowadays, so you'd want at least a T3... -- -Chuck From owner-freebsd-isp@FreeBSD.ORG Sun Apr 4 10:43:53 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8231D16A4CF for ; Sun, 4 Apr 2004 10:43:53 -0700 (PDT) Received: from unix18.sihope.com (unix18.sihope.com [207.195.195.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1CBD743D31 for ; Sun, 4 Apr 2004 10:43:53 -0700 (PDT) (envelope-from adamm@sihope.com) Received: from unix18.sihope.com (adamm@localhost [127.0.0.1]) by unix18.sihope.com (8.12.10/8.12.10) with ESMTP id i34HhqMM050995; Sun, 4 Apr 2004 12:43:52 -0500 (CDT) (envelope-from adamm@sihope.com) Received: from localhost (adamm@localhost)i34Hhpgt050991; Sun, 4 Apr 2004 12:43:51 -0500 (CDT) (envelope-from adamm@sihope.com) X-Authentication-Warning: unix18.sihope.com: adamm owned process doing -bs Date: Sun, 4 Apr 2004 12:43:51 -0500 (CDT) From: Adam Maloney To: Chuck Swiger In-Reply-To: <40704598.4070304@mac.com> Message-ID: <20040404123948.P36505@unix18.sihope.com> References: <20040404125111.GA74222@ns2.wananchi.com> <40704598.4070304@mac.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org Subject: Re: News Server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Apr 2004 17:43:53 -0000 More like 50Mbit+, according to stats from someone I know of in the top-50. Before Cidera went under they were feeding us around 30MBit and that was capped, and somewhat filtered. > full feed probably saturates a 10Mbs link, nowadays, so you'd want at > least a T3... > > -- > -Chuck > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Sun Apr 4 10:50:34 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF04516A4CF for ; Sun, 4 Apr 2004 10:50:34 -0700 (PDT) Received: from unix18.sihope.com (unix18.sihope.com [207.195.195.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4290D43D1D for ; Sun, 4 Apr 2004 10:50:34 -0700 (PDT) (envelope-from adamm@sihope.com) Received: from unix18.sihope.com (adamm@localhost [127.0.0.1]) by unix18.sihope.com (8.12.10/8.12.10) with ESMTP id i34HoHMM054942; Sun, 4 Apr 2004 12:50:17 -0500 (CDT) (envelope-from adamm@sihope.com) Received: from localhost (adamm@localhost)i34HoH6Y054936; Sun, 4 Apr 2004 12:50:17 -0500 (CDT) (envelope-from adamm@sihope.com) X-Authentication-Warning: unix18.sihope.com: adamm owned process doing -bs Date: Sun, 4 Apr 2004 12:50:17 -0500 (CDT) From: Adam Maloney To: Bob Martin In-Reply-To: <4070452A.6010708@buckhorn.net> Message-ID: <20040404124813.N36505@unix18.sihope.com> References: <20040404125111.GA74222@ns2.wananchi.com> <4070452A.6010708@buckhorn.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org Subject: Re: News Server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Apr 2004 17:50:34 -0000 Exactly. There is a section of the DNews manual: Notes for BIG sites, e.g. 20,000-20,000,000 users Adam Maloney Systems Administrator Sihope Communications On Sun, 4 Apr 2004, Bob Martin wrote: > IMHO DNews is without peer. I base this on personal experience, and on > the fact that all of the giant news services that I know of use it. > > Bob Martin > > Odhiambo Washington wrote: > > Hello Admins (I think we all are at some point), > > > > I am considering running a news server, and I see there are several > > options out there. > > > > Can someone recommend what they are running and why they chose it. > > I am particularly looking for one that doesn't suck alot ;-) > > I hear they all suck, no? > > > > > > -Wash > > > > http://www.netmeister.org/news/learn2quote.html > > > > -- > > +======================================================================+ > > |\ _,,,---,,_ | Odhiambo Washington > > Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com > > |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 > > '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 > > +======================================================================+ > > A day without sunshine is like night. > > _______________________________________________ > > freebsd-isp@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Sun Apr 4 11:08:36 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B04A16A4CE for ; Sun, 4 Apr 2004 11:08:36 -0700 (PDT) Received: from out003.verizon.net (out003pub.verizon.net [206.46.170.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id AD1A943D55 for ; Sun, 4 Apr 2004 11:08:35 -0700 (PDT) (envelope-from cswiger@mac.com) Received: from mac.com ([68.160.247.127]) by out003.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20040404180834.CPHR6671.out003.verizon.net@mac.com>; Sun, 4 Apr 2004 13:08:34 -0500 Message-ID: <40704F16.4040009@mac.com> Date: Sun, 04 Apr 2004 14:08:22 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7b) Gecko/20040316 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Adam Maloney References: <20040404125111.GA74222@ns2.wananchi.com> <40704598.4070304@mac.com> <20040404123948.P36505@unix18.sihope.com> In-Reply-To: <20040404123948.P36505@unix18.sihope.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at out003.verizon.net from [68.160.247.127] at Sun, 4 Apr 2004 13:08:34 -0500 cc: freebsd-isp@freebsd.org Subject: Re: News Server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Apr 2004 18:08:36 -0000 Adam Maloney wrote: > More like 50Mbit+, according to stats from someone I know of in the > top-50. > > Before Cidera went under they were feeding us around 30MBit and that was > capped, and somewhat filtered. I can believe it, but my opinions with regard to Usenet news are a little dated. :-) I'm interested in carrying newsgroups that have people talking to other people, not groups full of multi-part binaries of music, warez, robo-posted job offers, and all of that noise. If you refuse (or discard) articles larger than 40K or so, and poison *.binaries, what's left is relatively high in human-produced content and each such feed consumes only 200 Kbs or so. -- -Chuck From owner-freebsd-isp@FreeBSD.ORG Sun Apr 4 11:22:57 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B590A16A4CE; Sun, 4 Apr 2004 11:22:57 -0700 (PDT) Received: from katase.netgrup.ro (netcom.suceava.astral.ro [213.164.255.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1255143D5A; Sun, 4 Apr 2004 11:22:51 -0700 (PDT) (envelope-from ady@freebsd.ady.ro) Received: from freebsd.ady.ro (ady.obcini.netgrup.ro [192.168.10.206]) by katase.netgrup.ro (8.12.10/8.12.10) with ESMTP id i34IMWbY056636; Sun, 4 Apr 2004 21:22:38 +0300 (EEST) (envelope-from ady@freebsd.ady.ro) Date: Sun, 4 Apr 2004 21:22:33 +0300 Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v553) To: freebsd-security@freebsd.org From: Adrian Penisoara Content-Transfer-Encoding: 7bit Message-Id: <0A87E4EB-8665-11D8-9004-000A95776E22@freebsd.ady.ro> X-Mailer: Apple Mail (2.553) cc: freebsd-isp@freebsd.org Subject: Q: Controlling access at the Ethernet level X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Apr 2004 18:22:57 -0000 Hi, I am searching for a solution that will enable me to control the access of clients to a Ethernet network that spans over about an entire quorter; most of the connected stations are running MS Windows. We are facing service theft through impersonation, either solely IP or both IP and Ethernet MAC address. Securing IP access was solved using a static ARP scheme (we used "staticarp" for the internal gateway interface and tied to it a fixed list of IP/MAC tuples), but some of the clients learnt how to change both the IP and the MAC. We have thought about using static MAC entries per port on managed switches installed at the client endpoints, but that would require a overwhelming budget. We are also thinking about L2TP and PPPoE, but I am uncertain about compatibility. What would you recommand ? Are there any other elegant solutions ? I also heard about 802.1x technology and seems to be an interesting and professional alternative; I just don't know how well supported is on the server side, namely FreeBSD. Thank you. -- Ady (@freebsd.ady.ro) From owner-freebsd-isp@FreeBSD.ORG Sun Apr 4 12:12:20 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AFE5516A4CE for ; Sun, 4 Apr 2004 12:12:20 -0700 (PDT) Received: from out011.verizon.net (out011pub.verizon.net [206.46.170.135]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D37C43D4C for ; Sun, 4 Apr 2004 12:12:20 -0700 (PDT) (envelope-from cswiger@mac.com) Received: from mac.com ([68.160.247.127]) by out011.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20040404191219.TDGG18566.out011.verizon.net@mac.com>; Sun, 4 Apr 2004 14:12:19 -0500 Message-ID: <40705E06.3000401@mac.com> Date: Sun, 04 Apr 2004 15:12:06 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7b) Gecko/20040316 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Adrian Penisoara References: <0A87E4EB-8665-11D8-9004-000A95776E22@freebsd.ady.ro> In-Reply-To: <0A87E4EB-8665-11D8-9004-000A95776E22@freebsd.ady.ro> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at out011.verizon.net from [68.160.247.127] at Sun, 4 Apr 2004 14:12:19 -0500 cc: freebsd-isp@freebsd.org Subject: Re: Q: Controlling access at the Ethernet level X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Apr 2004 19:12:20 -0000 Adrian Penisoara wrote: > We are facing service theft through impersonation, either solely IP > or both IP and Ethernet MAC address. Securing IP access was solved using > a static ARP scheme (we used "staticarp" for the internal gateway > interface and tied to it a fixed list of IP/MAC tuples), but some of the > clients learnt how to change both the IP and the MAC. [ ... ] > What would you recommand ? Are there any other elegant solutions ? A pair of wirecutters is a cheap and elegant solution. People who violate your network security policy get disconnected until they learn to behave. :-) You've described the problem in some detail, but you haven't said much about your role or the role of the people playing games: are you and they employees of the same company, or are you offering network services to other companies? If it's the former, you need to have management involved: management needs to be willing to warn and (if need be) terminate people. If management isn't willing to back you up, don't bother wasting your time trying to solve this problem. If it's the latter, make each company responsible for the data coming from their network ports: bill them for whatever traffic goes by, and tell them to clean up their own messes if they don't like the costs associated with the problems their employees are causing. -- -Chuck From owner-freebsd-isp@FreeBSD.ORG Sun Apr 4 12:33:05 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9B9EE16A4CE; Sun, 4 Apr 2004 12:33:05 -0700 (PDT) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id D422743D31; Sun, 4 Apr 2004 12:33:04 -0700 (PDT) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i34JWqQE053571 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Apr 2004 23:32:53 +0400 (MSD) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i34JWqln053570; Sun, 4 Apr 2004 23:32:52 +0400 (MSD) Date: Sun, 4 Apr 2004 23:32:52 +0400 From: Gleb Smirnoff To: Adrian Penisoara Message-ID: <20040404193252.GA53516@cell.sick.ru> References: <0A87E4EB-8665-11D8-9004-000A95776E22@freebsd.ady.ro> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <0A87E4EB-8665-11D8-9004-000A95776E22@freebsd.ady.ro> User-Agent: Mutt/1.5.6i cc: freebsd-isp@freebsd.org cc: freebsd-security@freebsd.org Subject: Re: Q: Controlling access at the Ethernet level X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Apr 2004 19:33:05 -0000 On Sun, Apr 04, 2004 at 09:22:33PM +0300, Adrian Penisoara wrote: A> We have thought about using static MAC entries per port on managed A> switches installed at the client endpoints, but that would require a A> overwhelming budget. We are also thinking about L2TP and PPPoE, but I A> am uncertain about compatibility. PPPoE is a working solution. mpd from ports can serve PPPoE at wirespeed. However is has some disadvantages: - Traffic from host A to host B flows thru access concentrator. - All hosts share bandwidth of access concentrator - mpd in PPPoE mode does not work under CURRENT - PPPoE gives authentication for access outside your LAN, it does not prevent someone plugging into a port of dumb switch and flooding your LAN with broadcasts, or performing any other kind of ethernet DoS. A> I also heard about 802.1x technology and seems to be an interesting A> and professional alternative; I just don't know how well supported is A> on the server side, namely FreeBSD. Theoretically, 802.1x is best solution. But client side is supported only in Windows XP, and I've been told that it has numerous weird bugs. In 802.1x the server side is ethernet switch itself, which authenticates clients on RADIUS server. So upgrading all switches in your LAN is required. The cheapest one with 802.1x support is D-Link DES-3226, AFAIK. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-isp@FreeBSD.ORG Sun Apr 4 13:35:16 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A5BC916A4CE for ; Sun, 4 Apr 2004 13:35:16 -0700 (PDT) Received: from wjv.com (user38.net339.fl.sprint-hsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id CDEA843D4C for ; Sun, 4 Apr 2004 13:35:15 -0700 (PDT) (envelope-from bv@bilver.wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by wjv.com (8.12.10/8.12.11) with ESMTP id i34KZ8R4057314 for ; Sun, 4 Apr 2004 16:35:08 -0400 (EDT) (envelope-from bv@bilver.wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.12.10/8.12.11/Submit) id i34KZ8pc057313 for freebsd-isp@freebsd.org; Sun, 4 Apr 2004 16:35:08 -0400 (EDT) (envelope-from bv) Date: Sun, 4 Apr 2004 16:35:08 -0400 From: Bill Vermillion To: freebsd-isp@freebsd.org Message-ID: <20040404203508.GC57035@wjv.com> References: <20040404125111.GA74222@ns2.wananchi.com> <40704598.4070304@mac.com> <20040404123948.P36505@unix18.sihope.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040404123948.P36505@unix18.sihope.com> Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.6i X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on bilver.wjv.com Subject: Re: News Server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: bv@wjv.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Apr 2004 20:35:16 -0000 While Adam Maloney was trying to figure out why data written to /dev/null on Sun, Apr 04, 2004 at 12:43 was not readable, he gave up and decided to grace us with this: > More like 50Mbit+, according to stats from someone I know of in the > top-50. Actually when I made an iquiry from support at Level 3 they indicated it was even larger than that. They indicated it was about 600GB day, and that comes out closer to 60Mbit - and that was 8 months ago. Bill -- Bill Vermillion - bv @ wjv . com From owner-freebsd-isp@FreeBSD.ORG Mon Apr 5 01:26:15 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3642C16A4CE; Mon, 5 Apr 2004 01:26:15 -0700 (PDT) Received: from mail.butovo-online.ru (mail.b-o.ru [212.5.78.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 721DB43D1F; Mon, 5 Apr 2004 01:26:14 -0700 (PDT) (envelope-from resident@b-o.ru) Received: from [192.168.92.185] (helo=priv-92-185.butovo-online.ru) by mail.butovo-online.ru with esmtp (Exim 4.24) id 1BAPSU-000E8t-PW; Mon, 05 Apr 2004 12:27:54 +0400 Date: Mon, 5 Apr 2004 12:28:26 +0400 From: Andrew Riabtsev X-Mailer: The Bat! (v1.62i) Business X-Priority: 3 (Normal) Message-ID: <1912849257.20040405122826@b-o.ru> To: Adrian Penisoara In-Reply-To: <0A87E4EB-8665-11D8-9004-000A95776E22@freebsd.ady.ro> References: <0A87E4EB-8665-11D8-9004-000A95776E22@freebsd.ady.ro> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org cc: freebsd-security@freebsd.org Subject: Re: Q: Controlling access at the Ethernet level X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrew Riabtsev List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Apr 2004 08:26:15 -0000 Hi Adrian, Sunday, April 4, 2004, 10:22:33 PM, you wrote: AP> We have thought about using static MAC entries per port on managed AP> switches installed at the client endpoints, but that would require a AP> overwhelming budget. We are also thinking about L2TP and PPPoE, but I AP> am uncertain about compatibility. AP> What would you recommand ? Are there any other elegant solutions ? VPN (pptp) solution work just fine both potop and mpd on server side and with any win box on client side, even win'95 with patch from microsoft.com. There is could be problem with MAC OS - i didn't find pptp-client for it but it should be, i think. Also FreeBSD and Linux has pptp-clients. And the last, you can use cheap hardware pptp-clients in situations like with MAC OS for example Allied Telesyn AR-221E. -- Andrew mailto:resident@b-o.ru From owner-freebsd-isp@FreeBSD.ORG Mon Apr 5 02:59:49 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AEBE816A4CE; Mon, 5 Apr 2004 02:59:49 -0700 (PDT) Received: from nildram.net (vmailw2k45b.trinitevisp.co.uk [195.38.80.126]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E85D43D6E; Mon, 5 Apr 2004 02:59:48 -0700 (PDT) (envelope-from dan.ros@nildram.net) Received: from exchange1.office.nildram.net [195.149.27.210] by VMAILW2K45B.trinitevisp.co.uk with ESMTP; Mon, 5 Apr 2004 10:59:41 Received: by exchange1.office.nildram.net with Internet Mail Service (5.5.2653.19) id ; Mon, 5 Apr 2004 10:59:40 +0100 Message-ID: From: Dan Ros To: 'Adrian Penisoara' , "'freebsd-security@freebsd.org'" Date: Mon, 5 Apr 2004 10:59:40 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain cc: "'freebsd-isp@freebsd.org'" Subject: RE: Controlling access at the Ethernet level X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Apr 2004 09:59:49 -0000 > -----Original Message----- > From: Adrian Penisoara [mailto:ady@freebsd.ady.ro] > Sent: 04 April 2004 19:23 > To: freebsd-security@freebsd.org > Cc: freebsd-isp@freebsd.org > Subject: Q: Controlling access at the Ethernet level > > > We are facing service theft through impersonation, either > solely IP > or both IP and Ethernet MAC address. Securing IP access was solved > using a static ARP scheme (we used "staticarp" for the > internal gateway > interface and tied to it a fixed list of IP/MAC tuples), but some of > the clients learnt how to change both the IP and the MAC. ... This sounds like a university residential halls network, am I right? For what it's worth, the university I attend has tried both DHCP by mac address, static arp and so on. Eventually now they have given up and the cost of the network connection is simply included in the rent for the room. That way they do not have to worry about unauthorised access. From owner-freebsd-isp@FreeBSD.ORG Mon Apr 5 05:48:43 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A7E716A4CE for ; Mon, 5 Apr 2004 05:48:43 -0700 (PDT) Received: from psknet.com (kennedy.psknet.com [63.171.251.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id C085F43D1D for ; Mon, 5 Apr 2004 05:48:42 -0700 (PDT) (envelope-from troy@psknet.com) Received: from pool-151-199-118-15.roa.east.verizon.net ([151.199.118.15] helo=tws) by psknet.com with asmtp (TLSv1:RC4-MD5:128) (Exim 4.20) id 1BATWo-0004S2-HF; Mon, 05 Apr 2004 08:48:38 -0400 From: "Troy Settle" To: "'Bob Martin'" , "'Odhiambo Washington'" Date: Mon, 5 Apr 2004 08:48:26 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcQaad1OjOnoCgvbRe20SAFsZzoFzgAogATQ X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <4070452A.6010708@buckhorn.net> Message-Id: cc: freebsd-isp@freebsd.org Subject: RE: News Server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Apr 2004 12:48:43 -0000 Bob Martin wrote: > IMHO DNews is without peer. I base this on personal > experience, and on > the fact that all of the giant news services that I know of use it. > > Bob Martin > > Odhiambo Washington wrote: >> Hello Admins (I think we all are at some point), >> >> I am considering running a news server, and I see there are several >> options out there. >> >> Can someone recommend what they are running and why they chose it. >> I am particularly looking for one that doesn't suck alot ;-) >> I hear they all suck, no? >> >> >> -Wash Ever hear of giganews.com? Last I heard, they were using server software from http://www.highwinds-software.com/. As a testament to both Giganews and Highwinds Software, I /never/ hear complaints from my customers regarding news access. -- Troy Settle Pulaski Networks http://www.psknet.com 866.477.5638 From owner-freebsd-isp@FreeBSD.ORG Mon Apr 5 07:14:16 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6BC4D16A4CE for ; Mon, 5 Apr 2004 07:14:16 -0700 (PDT) Received: from mail15.txucom.net (mail15.txucom.net [207.70.175.46]) by mx1.FreeBSD.org (Postfix) with SMTP id 1B1F443D3F for ; Mon, 5 Apr 2004 07:14:16 -0700 (PDT) (envelope-from bob@buckhorn.net) Received: (qmail 17622 invoked from network); 5 Apr 2004 14:14:13 -0000 Received: from lfkn-adsl-dhcp-net1-197.txucom.net (HELO tardis.buckhorn.net) ([207.70.145.197]) (envelope-sender ) by mail15.txucom.net (qmail-ldap-1.03) with SMTP for ; 5 Apr 2004 14:14:13 -0000 Received: from buckhorn.net (localhost.buckhorn.net [127.0.0.1]) by tardis.buckhorn.net (Postfix) with ESMTP id 848C91B8F00; Mon, 5 Apr 2004 09:15:04 -0500 (CDT) Message-ID: <407169E8.4090504@buckhorn.net> Date: Mon, 05 Apr 2004 09:15:04 -0500 From: Bob Martin User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Troy Settle References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: News Server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Apr 2004 14:14:16 -0000 Troy, I have indeed heard of these folks. Giganews and Newsfeeds.com are outstanding choices for outsourcing Usenet. I have also used their software. It is indeed first rate. But given price, scalability, performance, ease of administration and support (especially for FreeBSD), I'll stand behind my endorsement of DNews. Bob Martin Troy Settle wrote: > Bob Martin wrote: > >>IMHO DNews is without peer. I base this on personal >>experience, and on >>the fact that all of the giant news services that I know of use it. >> >>Bob Martin >> >>Odhiambo Washington wrote: >> >>>Hello Admins (I think we all are at some point), >>> >>>I am considering running a news server, and I see there are several >>>options out there. >>> >>>Can someone recommend what they are running and why they chose it. >>>I am particularly looking for one that doesn't suck alot ;-) >>>I hear they all suck, no? >>> >>> >>>-Wash > > > Ever hear of giganews.com? Last I heard, they were using server software > from http://www.highwinds-software.com/. > > As a testament to both Giganews and Highwinds Software, I /never/ hear > complaints from my customers regarding news access. > From owner-freebsd-isp@FreeBSD.ORG Mon Apr 5 07:28:56 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1588316A4CE for ; Mon, 5 Apr 2004 07:28:56 -0700 (PDT) Received: from mail16.txucom.net (mail16.txucom.net [207.70.175.47]) by mx1.FreeBSD.org (Postfix) with SMTP id 9A91543D46 for ; Mon, 5 Apr 2004 07:28:53 -0700 (PDT) (envelope-from bob@buckhorn.net) Received: (qmail 15496 invoked from network); 5 Apr 2004 14:28:24 -0000 Received: from lfkn-adsl-dhcp-net1-197.txucom.net (HELO tardis.buckhorn.net) ([207.70.145.197]) (envelope-sender ) by mail16.txucom.net (qmail-ldap-1.03) with SMTP for ; 5 Apr 2004 14:28:24 -0000 Received: from buckhorn.net (localhost.buckhorn.net [127.0.0.1]) by tardis.buckhorn.net (Postfix) with ESMTP id CCFE51B8F00; Mon, 5 Apr 2004 09:28:53 -0500 (CDT) Message-ID: <40716D25.6020900@buckhorn.net> Date: Mon, 05 Apr 2004 09:28:53 -0500 From: Bob Martin User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Odhiambo Washington References: <20040404125111.GA74222@ns2.wananchi.com> In-Reply-To: <20040404125111.GA74222@ns2.wananchi.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: News Server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Apr 2004 14:28:56 -0000 Wash, As you can see from this thread, there are a lot of options. It really depends on what you're trying to accomplish. A full news feed requires a massive pipe, and at least one very high end server. If you only want to pull a small set of non binary groups, you can get by with a T1, and high quality server. I know of at least one ISP that's getting every thing he wants on a dedicated DSL link, and is using a low end server. If you want to provide a wide range of groups to a small number of users, you may want to consider outsourcing to someone like giganews or newsfeeds.com Again, it all depends on your needs. Bob Martin Odhiambo Washington wrote: > Hello Admins (I think we all are at some point), > > I am considering running a news server, and I see there are several > options out there. > > Can someone recommend what they are running and why they chose it. > I am particularly looking for one that doesn't suck alot ;-) > I hear they all suck, no? > > > -Wash > > http://www.netmeister.org/news/learn2quote.html > > -- > +======================================================================+ > |\ _,,,---,,_ | Odhiambo Washington > Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com > |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 > '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 > +======================================================================+ > A day without sunshine is like night. > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Mon Apr 5 09:08:57 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 307B416A4CF for ; Mon, 5 Apr 2004 09:08:57 -0700 (PDT) Received: from smtp.wan.no (smtp.wan.no [80.86.128.91]) by mx1.FreeBSD.org (Postfix) with SMTP id 1048E43D58 for ; Mon, 5 Apr 2004 09:08:56 -0700 (PDT) (envelope-from sten.daniel.sorsdal@wan.no) Received: (qmail 581 invoked from network); 5 Apr 2004 16:23:25 -0000 Received: from unknown (HELO exchange.wan.no) (10.30.1.52) by smtp.wan.no with SMTP; 5 Apr 2004 16:23:25 -0000 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Date: Mon, 5 Apr 2004 18:08:49 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Controlling access at the Ethernet level thread-index: AcQaciZ1G29JmJftQrKOK6VZ7nBzCgAtN7kg From: =?iso-8859-1?Q?Sten_Daniel_S=F8rsdal?= To: "Adrian Penisoara" , cc: freebsd-isp@freebsd.org Subject: RE: Controlling access at the Ethernet level X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Apr 2004 16:08:57 -0000 =20 > What would you recommand ? Are there any other elegant solutions ? >=20 How about using 802.1Q vlan's and dedicate a vlan to each port. If more than 4000 users then add more gateways. Just be sure to go for switches that allow you to deny incoming already=20 tagged packets on the user side as some switches passes already tagged = packets. For a wireless environment i would suggest PPPoE and VLANs (separating = them). > I also heard about 802.1x technology and seems to be an=20 > interesting and professional alternative; I just don't know=20 > how well supported is on the server side, namely FreeBSD. >=20 802.1x is fairly new and not very well supported yet, expect bugs. _// Sten Daniel S=F8rsdal From owner-freebsd-isp@FreeBSD.ORG Tue Apr 6 02:30:19 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C3D916A4CE for ; Tue, 6 Apr 2004 02:30:19 -0700 (PDT) Received: from mx1.heronetwork.com (mail.heronetwork.com [216.254.62.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E0E243D58 for ; Tue, 6 Apr 2004 02:30:19 -0700 (PDT) (envelope-from wrmine@heronetwork.com) Received: from localhost (localhost [127.0.0.1]) by mx1.heronetwork.com (Postfix) with ESMTP id 17847A6A24; Tue, 6 Apr 2004 02:29:14 -0700 (PDT) Received: from mx1.heronetwork.com ([127.0.0.1]) by localhost (nott.heronetwork.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 56163-01; Tue, 6 Apr 2004 02:29:12 -0700 (PDT) Received: from heronetwork.com (c-24-19-3-98.client.comcast.net [24.19.3.98]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.heronetwork.com (Postfix) with ESMTP id 72B7DA6A2B; Tue, 6 Apr 2004 02:29:11 -0700 (PDT) Message-ID: <40727861.6060905@heronetwork.com> Date: Tue, 06 Apr 2004 02:29:05 -0700 From: Ryan Merrick Organization: Hero Network LLC User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031218 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Adrian Penisoara References: <0A87E4EB-8665-11D8-9004-000A95776E22@freebsd.ady.ro> In-Reply-To: <0A87E4EB-8665-11D8-9004-000A95776E22@freebsd.ady.ro> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at heronetwork.com cc: freebsd-isp@freebsd.org Subject: Re: Q: Controlling access at the Ethernet level X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Apr 2004 09:30:19 -0000 Adrian Penisoara wrote: > Hi, > > I am searching for a solution that will enable me to control the > access of clients to a Ethernet network that spans over about an entire > quorter; most of the connected stations are running MS Windows. > > We are facing service theft through impersonation, either solely IP > or both IP and Ethernet MAC address. Securing IP access was solved using > a static ARP scheme (we used "staticarp" for the internal gateway > interface and tied to it a fixed list of IP/MAC tuples), but some of the > clients learnt how to change both the IP and the MAC. > > We have thought about using static MAC entries per port on managed > switches installed at the client endpoints, but that would require a > overwhelming budget. We are also thinking about L2TP and PPPoE, but I am > uncertain about compatibility. > > What would you recommand ? Are there any other elegant solutions ? > > I also heard about 802.1x technology and seems to be an interesting > and professional alternative; I just don't know how well supported is on > the server side, namely FreeBSD. > > Thank you. > > -- > Ady (@freebsd.ady.ro) > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > Hi, Take a look at www.netreg.org/ -- Ryan Merrick rmerrick@heronetwork.com From owner-freebsd-isp@FreeBSD.ORG Tue Apr 6 06:33:03 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A7F4E16A4CE; Tue, 6 Apr 2004 06:33:03 -0700 (PDT) Received: from xsb.com (mail.portjeff.net [216.168.142.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id F222143D60; Tue, 6 Apr 2004 06:33:02 -0700 (PDT) (envelope-from c.rued@xsb.com) Received: from xsb.com [129.49.16.170] by xsb.com with ESMTP (SMTPD32-7.15) id A06E102A0098; Tue, 06 Apr 2004 09:28:14 -0400 Message-ID: <4072B148.20303@xsb.com> Date: Tue, 06 Apr 2004 09:31:52 -0400 From: Christopher Rued User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7a) Gecko/20040219 X-Accept-Language: en-us, en, fr MIME-Version: 1.0 To: Dan Ros References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: "'freebsd-isp@freebsd.org'" cc: "'freebsd-security@freebsd.org'" cc: 'Adrian Penisoara' Subject: Re: Controlling access at the Ethernet level X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Apr 2004 13:33:03 -0000 Dan Ros wrote: >> -----Original Message----- >> From: Adrian Penisoara [mailto:ady@freebsd.ady.ro] >> >> We are facing service theft through impersonation, either >> solely IP >> or both IP and Ethernet MAC address. Securing IP access was solved >> using a static ARP scheme (we used "staticarp" for the >> internal gateway >> interface and tied to it a fixed list of IP/MAC tuples), but some of >> the clients learnt how to change both the IP and the MAC. > ... > > This sounds like a university residential halls network, am I right? > > For what it's worth, the university I attend has tried both DHCP by mac > address, static arp and so on. Eventually now they have given up and the > cost of the network connection is simply included in the rent for the room. > That way they do not have to worry about unauthorised access. I just had a simple thought: can you just physically unplug the network cable for the particular room from your router? You can't steal service w/out link. Not as nice as a programmatic solution, but probably as effective; I guess you'd just have to make sure each cable is labeled. Of course, this wouldn't prevent people from giving access to the friends next door if they have their own router. And, I suppose, if someone *really* wanted to steal internet access, they could open the wall and access the incoming cable to the room next door, and install a router secretly. --Chris From owner-freebsd-isp@FreeBSD.ORG Tue Apr 6 07:40:38 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4017716A4CE; Tue, 6 Apr 2004 07:40:38 -0700 (PDT) Received: from smtp.octapharma.se (smtp.octapharma.se [195.198.168.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id 27D2C43D1F; Tue, 6 Apr 2004 07:40:37 -0700 (PDT) (envelope-from Mikael.Gunnarsson@octapharma.se) Received: from sestosrv004p.ad.octapharma.se ([195.198.13.61] RDNS failed) by smtp.octapharma.se with Microsoft SMTPSVC(5.0.2195.6713); Tue, 6 Apr 2004 16:43:29 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Tue, 6 Apr 2004 16:39:58 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Controlling access at the Ethernet level Thread-Index: AcQb28o2h4cdFWXWQECqOxsIP5z+AwACIa1g From: "Gunnarsson, Mikael" To: "Christopher Rued" X-OriginalArrivalTime: 06 Apr 2004 14:43:29.0593 (UTC) FILETIME=[86C7FA90:01C41BE5] cc: freebsd-isp@freebsd.org cc: freebsd-security@freebsd.org Subject: RE: Controlling access at the Ethernet level X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Apr 2004 14:40:38 -0000 > I just had a simple thought: can you just physically unplug > the net= work > cable for the particular room from your router? You can't > s= teal service > w/out link. Not as nice as a programmatic solution, but= probably as > effective; I guess you'd just have to make sure each cab= le is labeled. But even if it's just a small campus it would require a= lot of communication over the Nike protocol to plug/unplug cables.. It w= ould probably require several full-time persons if it's larger than a few= buildings. I.e. while an effective solution, it's not very practical = for the administrators.. Mikael This email and = any files transmitted with it are confidential and intended solely for th= e use of the individual or entity to whom they are addressed. If you have= received this email in error please notify the system manager. This mess= age contains confidential information and is intended only for the indivi= dual named. If you are not the named addressee you should not disseminate= , distribute or copy this e-mail. From owner-freebsd-isp@FreeBSD.ORG Tue Apr 6 11:48:42 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8980E16A4D4 for ; Tue, 6 Apr 2004 11:48:42 -0700 (PDT) Received: from fw.hel.fi.ssh.com (fw.hel.fi.ssh.com [195.20.116.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id B54B243D45 for ; Tue, 6 Apr 2004 11:48:41 -0700 (PDT) (envelope-from "") Received: from viikuna.hel.fi.ssh.com (viikuna.hel.fi.ssh.com [10.1.0.46]) by fw.hel.fi.ssh.com (SSH-1.16) with SMTP id i36IlU0X005450 for ; Tue, 6 Apr 2004 21:47:30 +0300 (EEST) Received: (qmail 23082 invoked by alias); 6 Apr 2004 18:47:29 -0000 Date: 6 Apr 2004 18:47:29 -0000 Message-ID: <20040406184729.23081.qmail@viikuna.hel.fi.ssh.com> Content-Type: multipart/mixed; boundary="----------=_1081277249-23079-0" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) From: notification@ssh.com To: freebsd-isp@freebsd.org Sender: References: <200404061847.i36IlO0X005444@fw.hel.fi.ssh.com> In-Reply-To: <200404061847.i36IlO0X005444@fw.hel.fi.ssh.com> X-Remark: Automatic response generated by autoresponder.in r1.13.0 Precedence: normal Subject: Autoreply from SSH X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Apr 2004 18:48:42 -0000 This is a multi-part message in MIME format... ------------=_1081277249-23079-0 Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary Thank you for sending a message to SSH Communications Security Corp. This e-mail address is not in use anymore. Please re-send your message to ssh.sales at ssh.com (Please delete the space before and after the "at" letters and also replace "at" with @ mark. We are sorry for this inconvenience, but these steps are necessary to help us avoid SPAM.) You can also view our contact information from: http://www.ssh.com/company/contact/ Thank you for your interest in SSH products. Best Regards, SSH Communications Security Corp. ------------=_1081277249-23079-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: binary Received: (qmail 23075 invoked from network); 6 Apr 2004 18:47:27 -0000 Received: from unknown (HELO fw.hel.fi.ssh.com) ([10.1.0.48]) (envelope-sender ) by viikuna.hel.fi.ssh.com (qmail-ldap-1.03) with SMTP for ; 6 Apr 2004 18:47:27 -0000 Received: from ssh.com (ip3e83a8eb.speed.planet.nl [62.131.168.235]) by fw.hel.fi.ssh.com (SSH-1.16) with SMTP id i36IlO0X005444 for ; Tue, 6 Apr 2004 21:47:26 +0300 (EEST) Message-Id: <200404061847.i36IlO0X005444@fw.hel.fi.ssh.com> From: freebsd-isp@freebsd.org To: ssh-sales@ssh.com Subject: unknown Date: Tue, 6 Apr 2004 20:47:28 +0200 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="26045443" --26045443 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit take it easy --26045443 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit --- Virus Warning Message dinner.zip is removed from here because it contains a virus. --- --26045443 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit --- Virus Warning Message Found virus WORM_NETSKY.B in file dinner.txt.exe (in dinner.zip) The file dinner.zip is moved to /etc/iscan/virus/virYCE4DbGXk. --- --26045443-- ------------=_1081277249-23079-0-- From owner-freebsd-isp@FreeBSD.ORG Tue Apr 6 15:08:53 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F189016A4CE for ; Tue, 6 Apr 2004 15:08:53 -0700 (PDT) Received: from ctb-mesg2.saix.net (ctb-mesg2.saix.net [196.25.240.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4DF1643D1F for ; Tue, 6 Apr 2004 15:08:53 -0700 (PDT) (envelope-from karnaugh@karnaugh.za.net) Received: from karnaugh.za.net (ndn-ip-nas-1-p310.telkom-ipnet.co.za [155.239.193.54]) by ctb-mesg2.saix.net (Postfix) with ESMTP id 6AD3F1DE0; Wed, 7 Apr 2004 00:07:12 +0200 (SAST) Message-ID: <40732A0F.9000208@karnaugh.za.net> Date: Wed, 07 Apr 2004 00:07:11 +0200 From: Colin Alston User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207) X-Accept-Language: en-us, en MIME-Version: 1.0 To: notification@ssh.com References: <200404061847.i36IlO0X005444@fw.hel.fi.ssh.com> <20040406184729.23081.qmail@viikuna.hel.fi.ssh.com> In-Reply-To: <20040406184729.23081.qmail@viikuna.hel.fi.ssh.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: Autoreply from SSH X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Apr 2004 22:08:54 -0000 notification@ssh.com wrote: > Thank you for sending a message to SSH Communications Security Corp. > > This e-mail address is not in use anymore. Please re-send your message to > > ssh.sales at ssh.com > > (Please delete the space before and after the "at" letters and also replace > "at" with @ mark. We are sorry for this inconvenience, but these steps are > necessary to help us avoid SPAM.) > > You can also view our contact information from: > http://www.ssh.com/company/contact/ > > Thank you for your interest in SSH products. > > Best Regards, > SSH Communications Security Corp. > Hooray for stupid companies! "avoid SPAM", pass it on, whats the difference. I know I'm all ears for that RFC on spam bounce messages... From owner-freebsd-isp@FreeBSD.ORG Tue Apr 6 15:35:07 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B1A716A4CE for ; Tue, 6 Apr 2004 15:35:07 -0700 (PDT) Received: from tequila.4you.lt (tequila.4you.lt [212.122.68.216]) by mx1.FreeBSD.org (Postfix) with SMTP id 60B2543D5D for ; Tue, 6 Apr 2004 15:35:06 -0700 (PDT) (envelope-from hugle@vkt.lt) Received: (qmail 52342 invoked by uid 0); 6 Apr 2004 22:35:53 -0000 Received: from hugle@vkt.lt by tequila by uid 82 with qmail-scanner-1.20rc1 (. Clear:RC:1:. Processed in 0.026265 secs); 06 Apr 2004 22:35:53 -0000 Received: from unknown (HELO vkt-dell) (213.252.192.162) by tequila.4you.lt with SMTP; 6 Apr 2004 22:35:53 -0000 Date: Wed, 7 Apr 2004 01:34:28 +0300 From: hugle X-Mailer: The Bat! (v2.01) X-Priority: 3 (Normal) Message-ID: <14298118391.20040407013428@vkt.lt> To: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Web Accelerator X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hugle List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Apr 2004 22:35:07 -0000 have you tried SQUID ? -- Best regards,Hugle From owner-freebsd-isp@FreeBSD.ORG Tue Apr 6 16:20:01 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C92716A4CE for ; Tue, 6 Apr 2004 16:20:01 -0700 (PDT) Received: from tequila.4you.lt (tequila.4you.lt [212.122.68.216]) by mx1.FreeBSD.org (Postfix) with SMTP id 573A843D39 for ; Tue, 6 Apr 2004 16:20:00 -0700 (PDT) (envelope-from hugle@vkt.lt) Received: (qmail 54252 invoked by uid 0); 6 Apr 2004 23:20:19 -0000 Received: from hugle@vkt.lt by tequila by uid 82 with qmail-scanner-1.20rc1 (. Clear:RC:1:. Processed in 1.239293 secs); 06 Apr 2004 23:20:19 -0000 Received: from unknown (HELO vkt-dell) (213.226.136.201) by tequila.4you.lt with SMTP; 6 Apr 2004 23:20:17 -0000 Date: Wed, 7 Apr 2004 02:18:52 +0300 From: hugle X-Mailer: The Bat! (v2.01) X-Priority: 3 (Normal) Message-ID: <34300782252.20040407021852@vkt.lt> To: freebsd-isp@freebsd.org, freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: got two GATEWAYS! X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hugle List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Apr 2004 23:20:01 -0000 Hello all. I currently have 2 different gateways.. one deafult x.x.x.161 (ip on my NIC is x.x.x.162(fxp1)) and x.x.x.141 (ip on my NIC is x.x.x.142 (using vlan0)) I'm currently running NAT using IPNAT, by map fxp1 from 192.168.1.8 ! to 192.168.0.0/16 -> x.x.x.162/32 portmap tcp auto all works fine how do i map for example ip 1.100 map vlan0 from 192.168.1.100 ! to 192.168.0.0/16 -> x.x.x.142/32 portmap tcp auto doesn't do the trick.. need somehow to add gateway for x.x.x.142/30 default gw for it would be x.x.x.141 tried route add -net x.x.x.142/32 x.x.x.141 add net x.x.x.142: gateway x.x.x.141 no luck.. the same ;[ when pinging gateway 2 (VLAN) PING x.x.x.141 (x.x.x.141): 56 data bytes 64 bytes from x.x.x.141: icmp_seq=0 ttl=255 time=0.832 ms 64 bytes from x.x.x.141: icmp_seq=1 ttl=255 time=0.818 ms it's ok PING gw2 local IP: PING x.x.x.142 (x.x.x.142): 56 data bytes 36 bytes from x.x.x.141: Redirect Host(New addr: x.x.x.142) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 23b6 0 0000 fd 01 6cdc x.x.x.142 x.x.x.142 64 bytes from x.x.x.142: icmp_seq=0 ttl=253 time=1.489 ms 36 bytes from x.x.x.141: Redirect Host(New addr: x.x.x.142) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 23fd 0 0000 fd 01 6c95 x.x.x.142 x.x.x.142 64 bytes from x.x.x.142: icmp_seq=1 ttl=253 time=1.732 ms not really ok?:) (it's after route add -net x.x.x.142/32 x.x.x.141) -- Best regards,Hugle From owner-freebsd-isp@FreeBSD.ORG Tue Apr 6 17:14:06 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E85C116A4CE for ; Tue, 6 Apr 2004 17:14:06 -0700 (PDT) Received: from tower.berklix.org (bsd.bsn.com [194.221.32.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2620A43D31 for ; Tue, 6 Apr 2004 17:14:06 -0700 (PDT) (envelope-from jhs@flat.berklix.net) Received: from js.berklix.net (pD950E8AD.dip.t-dialin.net [217.80.232.173]) (authenticated bits=0) by tower.berklix.org (8.12.9p2/8.12.9) with ESMTP id i370D9k3071239; Wed, 7 Apr 2004 02:13:10 +0200 (CEST) (envelope-from jhs@flat.berklix.net) Received: from fire.jhs.private (fire.jhs.private [192.168.91.41]) by js.berklix.net (8.12.9p2/8.12.9) with ESMTP id i370D8Os003827; Wed, 7 Apr 2004 02:13:08 +0200 (CEST) (envelope-from jhs@flat.berklix.net) Received: from fire.jhs.private (localhost [127.0.0.1]) by fire.jhs.private (8.12.9p2/8.12.9) with ESMTP id i370D78p006000; Wed, 7 Apr 2004 02:13:07 +0200 (CEST) (envelope-from jhs@fire.jhs.private) Message-Id: <200404070013.i370D78p006000@fire.jhs.private> To: Colin Alston From: "Julian Stacey" Organization: http://berklix.com/~jhs/ Munich Unix, BSD, Internet User-agent: EXMH http://beedub.com/exmh/ on FreeBSD http://freebsd.org In-reply-to: Your message of "Wed, 07 Apr 2004 00:07:11 +0200." <40732A0F.9000208@karnaugh.za.net> Date: Wed, 07 Apr 2004 02:13:07 +0200 Sender: jhs@flat.berklix.net cc: freebsd-isp@freebsd.org Subject: Re: Autoreply from SSH X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Apr 2004 00:14:07 -0000 > Hooray for stupid companies! > "avoid SPAM", pass it on, whats the difference. > I know I'm all ears for that RFC on spam bounce messages... Maybe add legislators to the list of the stupid or out-dated ? ... "Unfortunately by German law are we not allowed to dump any mails regardless the fault found. We must return the mail to the sender." That was part of a friendly & apologetic reply I got from a Siemens postmaster, after I mailed them this week about about a `bounce' I got from them, when a spammer masquerading as me, & spammed them & bounced to me. I hope it's wrong, but doubt it. From a corporate perspective companies may also prefer to bounce all non delivered mail so that business partners know if something important failed to deliver. The cost to bouncer of doing that is low, though in aggregate it will add to time wasting spam. - Julian Stacey. Unix C & Net Services Consultant - Munich. http://berklix.com Mail me in Ascii text/plain: Html is dumped as Spam. Schnupftabak probieren: Ihr Rauchen = mein allergischer Kopfschmerz ! Surplus hardware http://berklix.com/surplus/ From owner-freebsd-isp@FreeBSD.ORG Tue Apr 6 18:13:55 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6161F16A4CE for ; Tue, 6 Apr 2004 18:13:55 -0700 (PDT) Received: from master4.yvr1.superb.net (master4.yvr1.superb.net [209.90.166.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id A4EAD43D41 for ; Tue, 6 Apr 2004 18:13:54 -0700 (PDT) (envelope-from gbaratto@superb.net) Received: from chivas (fw.yvr1.superb.net [209.90.166.2]) by master4.yvr1.superb.net (8.12.9/8.12.8) with SMTP id i371CoVi003216 for ; Tue, 6 Apr 2004 18:12:50 -0700 (PDT) Message-ID: <01a101c41c3d$619d5460$9c01a8c0@chivas> From: "Gustavo A. Baratto" To: Date: Tue, 6 Apr 2004 18:12:22 -0700 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: FIN_WAIT2 X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Apr 2004 01:13:55 -0000 Greetings everyone... we have a mysql server running freebsd 5.1. We have lots of connections in FIN_WAIT2 that would never die, and the = server allocates lots of resourse for those... Is there anyway I can setup a timeout for connections in that state? thanks :) From owner-freebsd-isp@FreeBSD.ORG Wed Apr 7 09:09:20 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B321116A4CE for ; Wed, 7 Apr 2004 09:09:20 -0700 (PDT) Received: from ns2.wananchi.com (ns2.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 436DC43D39 for ; Wed, 7 Apr 2004 09:09:19 -0700 (PDT) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.31 #0 (FreeBSD 4.9)) id 1BBFbF-000CYG-LB by authid for ; Wed, 07 Apr 2004 19:08:25 +0300 Date: Wed, 7 Apr 2004 19:08:25 +0300 From: Odhiambo Washington To: freebsd-isp@freebsd.org Message-ID: <20040407160825.GA44406@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Disclaimer: Any views expressed in this message,where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.5.1i (2003-11-05) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.5.1i Subject: WHOIS Server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Apr 2004 16:09:20 -0000 Hello people, I am lost as to where to do whois queries these days. It seems that every TLD extension has been assigned to some particular registrar (or what do I call it?) What is the sane way of doing whois for "any" domain extension (.com/.org/.biz, etc)? OpenSRS recently said they are limiting the number of queries/day that a given IP range can do on their servers. Now this is restrictive, but what if I have to run a script that will do more than the "allowed" queries per day? I have to wait till next day and next day and .. Is it sane to think that I can run my own local whois server/interface? If yes, I'll appreciate some pointers. It would be nice if I had an interface to whois on our website. -Wash http://www.netmeister.org/news/learn2quote.html -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ Kerr's Three Rules for a Successful College: Have plenty of football for the alumni, sex for the students, and parking for the faculty. From owner-freebsd-isp@FreeBSD.ORG Wed Apr 7 09:29:06 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 75C6816A4CE for ; Wed, 7 Apr 2004 09:29:06 -0700 (PDT) Received: from skyweb.ca (smtp-1.vancouver.ipapp.com [216.152.192.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0895643D2F for ; Wed, 7 Apr 2004 09:29:06 -0700 (PDT) (envelope-from mjohnston@skyweb.ca) Received: from [192.168.15.191] ([64.42.246.34]) by smtp-1.vancouver.ipapp.com ; Wed, 07 Apr 2004 09:27:46 -0700 From: Mark Johnston To: Odhiambo Washington Date: Wed, 7 Apr 2004 11:27:44 -0500 User-Agent: KMail/1.6.1 References: <20040407160825.GA44406@ns2.wananchi.com> In-Reply-To: <20040407160825.GA44406@ns2.wananchi.com> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200404071127.44699.mjohnston@skyweb.ca> X-Country: CA cc: freebsd-isp@freebsd.org Subject: Re: WHOIS Server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Apr 2004 16:29:06 -0000 Odhiambo Washington wrote: > What is the sane way of doing whois for "any" domain extension > (.com/.org/.biz, etc)? As far as I know, you have to keep track of the different servers manually, or use someone else's server. I use the Web-based whois at dnsstuff.com, which seems to work with all TLDs, but I wouldn't recommend a web-based one like that for high-volume whois'ing. > Is it sane to think that I can run my own local whois server/interface? > If yes, I'll appreciate some pointers. It would be nice if I had an > interface to whois on our website. I've never tried, but it seems eminently sane to me. What about Bill Weinman's BW whois at http://whois.bw.org ? It works both as a CGI and as a command-line script, and the author maintains a list of TLDs and WHOIS servers (http://whois.bw.org/dist/current/tld.conf). There's also the standard Linux whois client, at http://www.linux.it/~md/software/, that keeps track of TLDs - I don't know how up-to-date the list is or where it comes from, though. HTH, Mark From owner-freebsd-isp@FreeBSD.ORG Wed Apr 7 11:08:06 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A59816A4CF for ; Wed, 7 Apr 2004 11:08:06 -0700 (PDT) Received: from mail.egation.com (frhemail.colo.egation.com [216.218.216.14]) by mx1.FreeBSD.org (Postfix) with SMTP id 2E6C943D2F for ; Wed, 7 Apr 2004 11:08:06 -0700 (PDT) (envelope-from david@mail.egation.com) Received: (qmail 60059 invoked by uid 0); 7 Apr 2004 18:07:00 -0000 Received: from david@mail.egation.com by egation.com by uid 0 with qmail-scanner-1.20 (clamuko: 0.65. uvscan: v4.3.20/v4319. Clear:RC:1(66.220.15.53):. Processed in 0.018374 secs); 07 Apr 2004 18:07:00 -0000 X-Qmail-Scanner-Mail-From: david@mail.egation.com via egation.com X-Qmail-Scanner: 1.20 (Clear:RC:1(66.220.15.53):. Processed in 0.018374 secs) Received: from frecnocpc2.noc.egation.com (66.220.15.53) by frhemail.colo.egation.com with SMTP; 7 Apr 2004 18:07:00 -0000 Received: from frecnocpc2.noc.egation.com (localhost [127.0.0.1]) i37I70ik049893 for ; Wed, 7 Apr 2004 11:07:00 -0700 (PDT) (envelope-from david@frecnocpc2.noc.egation.com) Received: (from david@localhost)i37I6x3b049892 for isp@freebsd.org; Wed, 7 Apr 2004 11:06:59 -0700 (PDT) (envelope-from david) Date: Wed, 7 Apr 2004 11:06:59 -0700 From: David Wolfskill To: isp@freebsd.org Message-ID: <20040407180659.GB47983@frecnocpc2.noc.egation.com> References: <20040407160825.GA44406@ns2.wananchi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040407160825.GA44406@ns2.wananchi.com> User-Agent: Mutt/1.4.2.1i Subject: Re: WHOIS Server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Apr 2004 18:08:06 -0000 On Wed, Apr 07, 2004 at 07:08:25PM +0300, Odhiambo Washington wrote: >Hello people, > >I am lost as to where to do whois queries these days. It seems that >every TLD extension has been assigned to some particular registrar (or >what do I call it?) >What is the sane way of doing whois for "any" domain extension >(.com/.org/.biz, etc)? I don't seem to have a problem merely using the "whois" included as part of FreeBSD. (Back when LACNIC started being used more often, the FreeBSD-supplied program didn't have support to use it implicitly, as it did for RIPE, so I cobbled up a patch & submitted a PR....) If you're having a problem using the "whois" program, perhaps identifying that problem would help. >.... Peace, david -- David H. Wolfskill david@egation.com From owner-freebsd-isp@FreeBSD.ORG Wed Apr 7 11:23:43 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 99BD216A4CE for ; Wed, 7 Apr 2004 11:23:43 -0700 (PDT) Received: from manganese.bos.dyndns.org (manganese.bos.dyndns.org [63.208.196.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C49743D39 for ; Wed, 7 Apr 2004 11:23:43 -0700 (PDT) (envelope-from twilde@dyndns.org) Received: from manganese.bos.dyndns.org (twilde@localhost [127.0.0.1]) i37HswdQ089421; Wed, 7 Apr 2004 13:54:58 -0400 (EDT) (envelope-from twilde@dyndns.org) Received: from localhost (twilde@localhost)i37HsvBu089418; Wed, 7 Apr 2004 13:54:58 -0400 (EDT) X-Authentication-Warning: manganese.bos.dyndns.org: twilde owned process doing -bs Date: Wed, 7 Apr 2004 13:54:57 -0400 (EDT) From: Tim Wilde X-X-Sender: twilde@manganese.bos.dyndns.org To: Odhiambo Washington In-Reply-To: <20040407160825.GA44406@ns2.wananchi.com> Message-ID: References: <20040407160825.GA44406@ns2.wananchi.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Status: -4.9 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 cc: freebsd-isp@freebsd.org Subject: Re: WHOIS Server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Apr 2004 18:23:43 -0000 On Wed, 7 Apr 2004, Odhiambo Washington wrote: > Hello people, > > I am lost as to where to do whois queries these days. It seems that > every TLD extension has been assigned to some particular registrar (or > what do I call it?) > What is the sane way of doing whois for "any" domain extension > (.com/.org/.biz, etc)? FreeBSD's WHOIS does this for you automatically. It works by using whois-servers.net: dig com.whois-servers.net. +short whois.verisign-grs.com. 198.41.3.54 ANYTLD.whois-servers.net will CNAME to the appropriate WHOIS server for that TLD. FreeBSD's WHOIS (for quite a few versions now) will automatically try to extract the TLD from your query and query the appropriate server, as long as you don't explicitly tell it one to use. It will also follow referrals, so WHOIS on a .com will get you the .com registry response followed by the response from the actual registrar the domain is with. Tim Wilde -- Tim Wilde twilde@dyndns.org Systems Administrator Dynamic Network Services, Inc. http://www.dyndns.org/ From owner-freebsd-isp@FreeBSD.ORG Fri Apr 9 11:10:43 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3459916A4CF for ; Fri, 9 Apr 2004 11:10:43 -0700 (PDT) Received: from annapolislinux.org (alinux.washcoll.edu [192.146.226.81]) by mx1.FreeBSD.org (Postfix) with ESMTP id C9FE543D72 for ; Fri, 9 Apr 2004 11:10:42 -0700 (PDT) (envelope-from tjk@annapolislinux.org) Received: by annapolislinux.org (Postfix, from userid 1000) id 3F08CC00777; Fri, 9 Apr 2004 14:10:44 -0400 (EDT) Date: Fri, 9 Apr 2004 14:10:44 -0400 From: Theodore Knab To: freebsd-isp@freebsd.org Message-ID: <20040409181044.GA18389@annapolislinux.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.28i Organization: Annapolis LUG Subject: ETINC bwmgr on FreeBSD 4.4: Possible memory problems ? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Apr 2004 18:10:43 -0000 Hi, I have a Dennis device, the ETINC bandwidth shaper. ;-) It runs Free-BSD version 4.4 running ET/BWMGR v3.23d. This ETINC device is a bridged firewall and exhibiting strange behavior when I run CPU intensive tasks. For example, I recently recompiled the kernel with the BWMGR daemon running and 'make depend' kept existing with a SIGNAL 27. I was adding these items to the LOCAL kernel. options BRIDGE options IPFILTER options IPFILTER_LOG device scbus # SCSI bus (required) After putting the device in fail-over [also know as turning off the BWMGR daemon] 'make' was able to compile my new kernel. Additionally, I added the ports tree to my ETINC device. So, that I could use BASH, my favorite shell. After compiling, BASH and installing I accidently typed 'make clean' in the '/usr/ports ' directory. Rather than stopping the process, I figured it would not hurt anything. 'make clean' just cleans up the object files right ? Anyways, the ETINC box crashed. The BWMGR core dumped: Apr 8 12:05:39 maddog /kernel: pid 582 (bwmgrd), uid 0: exited on signal 8 (core dumped) I am also getting this error on the box when looking at text: bash-2.05# tail -f /var/log/messages | grep -i 'IP .*->25)' Profiling timer expired This 'profiling time expired' was interrupting my kernel compilation also and leading on to SIGNAL 27's. So, I think they are related. Before Dennis, the ETINC support, learned that I was making modifications to his appliance, he said that I could have some bad memory. After I told him I made the above to one of his boxes, he chastised me and told me he could not support a hacked up box. Does this sound like a memory problem or a bleeding bwmgrd problem ? -- ------------------------------------------ Ted Knab Chester, Maryland 21619 USA ------------------------------------------ Conquest is easy. Control is not. -- Kirk, "Mirror, Mirror", stardate unknown From owner-freebsd-isp@FreeBSD.ORG Fri Apr 9 20:38:16 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3B94816A4CE for ; Fri, 9 Apr 2004 20:38:16 -0700 (PDT) Received: from fish.ish.com.au (adsl-52-22.swiftdsl.com.au [218.214.52.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F8FC43D55 for ; Fri, 9 Apr 2004 20:38:15 -0700 (PDT) (envelope-from ari@ish.com.au) Received: from [203.29.62.8] (helo=neuro.net.au) by fish.ish.com.au with esmtp (Exim 4.30) id 1BC9Ij-0005bL-GM for freebsd-isp@freebsd.org; Sat, 10 Apr 2004 13:37:01 +1000 Received: from [203.29.62.159] (HELO [203.29.62.159]) by neuro.net.au (CommuniGate Pro SMTP 4.1.8) with ESMTP id 775385 for freebsd-isp@freebsd.org; Sat, 10 Apr 2004 13:38:16 +1000 Mime-Version: 1.0 (Apple Message framework v613) Content-Transfer-Encoding: 7bit Message-Id: <7E8A3A1C-8AA0-11D8-B20E-003065A9024A@ish.com.au> Content-Type: text/plain; charset=US-ASCII; format=flowed To: freebsd-isp@freebsd.org From: Aristedes Maniatis Date: Sat, 10 Apr 2004 13:38:12 +1000 X-Mailer: Apple Mail (2.613) X-Scan-Signature: 20299eef6def48be9e665e58005d302c Subject: synchronising failover web servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Apr 2004 03:38:16 -0000 We have two web servers configured in an identical manner. Both machines have an identical web server (Apache) setup with identical copies of the html directories and config files. Each machine is capable of handling the load alone, but the redundancy allows us to upgrade one at a time, or have a second machine available as failover in case of hardware failure. We simply swap the IP addresses of the interfaces, or apply DNAT at the upstream router. I know there are more automatic failover options available, but this is sufficient for our needs. Both machines are currently FreeBSD 4.9. There is a separate secure gigabit network linking the servers together which carries no internet traffic. The problems we have right now are: 1. how to sync the html directories 2. how to sync config files (eg httpd.conf, contents of /usr/local/etc, and so on) I have been experimenting with various options. For (2), I have been thinking of creating a cvs repository to which we commit all changes and then creating cvs checkout scripts on the deployment machines. That way rollback is easy, we can comment changes, and testing on a third testing box is easy. However, cvs is not well suited to files scattered all over a file system. It expects to deal with a single folder full of files and folders. For (1), users have the ability to upload files directly to the server via ftp, so cvs is not appropriate. I've looked at rsync, but found it to not be ideal for a two way synchronisation - it is better suited for a mirror type situation where one machine is master. In our setup, it is possible, through DNS changes that either machine is the master at any point in time. What solutions have others used for these situations? We are at the small end of the scale, with dozens of sites rather than hundreds, so a simple solution is what we are looking for. Our sites are all complex database driven beasts, but I only need to solve this particular part of the problem now. Cheers Ari Maniatis --------------------------> ish group pty ltd 7 Darghan St Glebe 2037 Australia phone +61 2 9660 1400 fax +61 2 9660 7400 http www.ish.com.au | email info@ish.com.au PGP fingerprint 08 57 20 4B 80 69 59 E2 A9 BF 2D 48 C2 20 0C C8 From owner-freebsd-isp@FreeBSD.ORG Fri Apr 9 22:52:18 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E5B316A4CE for ; Fri, 9 Apr 2004 22:52:18 -0700 (PDT) Received: from mail.keystreams.com (mail.keystreams.com [207.158.28.4]) by mx1.FreeBSD.org (Postfix) with SMTP id 2E3F543D5C for ; Fri, 9 Apr 2004 22:52:18 -0700 (PDT) (envelope-from volfman@keystreams.com) Received: (qmail 57601 invoked by uid 98); 10 Apr 2004 05:52:17 -0000 Received: from volfman@keystreams.com by phantom.keystreams.com by uid 82 with qmail-scanner-1.20 (clamuko: 0.65. Clear:RC:1(66.189.142.28):. Processed in 0.048651 secs); 10 Apr 2004 05:52:17 -0000 X-Qmail-Scanner-Mail-From: volfman@keystreams.com via phantom.keystreams.com X-Qmail-Scanner: 1.20 (Clear:RC:1(66.189.142.28):. Processed in 0.048651 secs) Received: from ts46-01-qdr1564.wvlle.ca.charter.com (HELO keystreams.com) (66.189.142.28) by mail.keystreams.com with SMTP; 10 Apr 2004 05:52:17 -0000 Message-ID: <40778B8C.9050906@keystreams.com> Date: Fri, 09 Apr 2004 22:52:12 -0700 From: Roman Volf User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Aristedes Maniatis References: <7E8A3A1C-8AA0-11D8-B20E-003065A9024A@ish.com.au> In-Reply-To: <7E8A3A1C-8AA0-11D8-B20E-003065A9024A@ish.com.au> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: synchronising failover web servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Apr 2004 05:52:18 -0000 Depending on your resources and possible space limitations, I'm not sure if the following applies. A setup I have built that works very well: 1x Load Balancer - simple 1ghz machine running LVS (linuxvirtualserver.org) 4x Web Servers - All identical setups, all identical Apache's etc.. The Load Balancer has all the IP's bound on the primary interface and the web servers have those same IPs bound on their loop back interface. This is what LVS calls Direct Routing load balancing. The web servers return request over their own WAN links, but all incoming requests com in through the load balancer. You can include/take out any web server from the "round robin", so to speak, at any time. In reference to how the 4 servers get their html and config files sync'd, its rsync. There is a 5th "Master" distribution server where all user accounts are actually created. The files are synced/pulled from there every 5-10 minutes via LAN. Rsync has many options for this sort of application, so if you do have the ability to setup a master server, it works very well. Excuse the long prelude to getting to your question.. Roman Volf Keystreams Internet Solutions volfman@keystreams.com Aristedes Maniatis wrote: > We have two web servers configured in an identical manner. Both > machines have an identical web server (Apache) setup with identical > copies of the html directories and config files. Each machine is > capable of handling the load alone, but the redundancy allows us to > upgrade one at a time, or have a second machine available as failover > in case of hardware failure. We simply swap the IP addresses of the > interfaces, or apply DNAT at the upstream router. > > I know there are more automatic failover options available, but this > is sufficient for our needs. > > Both machines are currently FreeBSD 4.9. There is a separate secure > gigabit network linking the servers together which carries no internet > traffic. > > The problems we have right now are: > > 1. how to sync the html directories > 2. how to sync config files (eg httpd.conf, contents of > /usr/local/etc, and so on) > > I have been experimenting with various options. For (2), I have been > thinking of creating a cvs repository to which we commit all changes > and then creating cvs checkout scripts on the deployment machines. > That way rollback is easy, we can comment changes, and testing on a > third testing box is easy. However, cvs is not well suited to files > scattered all over a file system. It expects to deal with a single > folder full of files and folders. > > For (1), users have the ability to upload files directly to the server > via ftp, so cvs is not appropriate. I've looked at rsync, but found it > to not be ideal for a two way synchronisation - it is better suited > for a mirror type situation where one machine is master. In our setup, > it is possible, through DNS changes that either machine is the master > at any point in time. > > What solutions have others used for these situations? We are at the > small end of the scale, with dozens of sites rather than hundreds, so > a simple solution is what we are looking for. Our sites are all > complex database driven beasts, but I only need to solve this > particular part of the problem now. > > > Cheers > Ari Maniatis > > > --------------------------> > ish group pty ltd > 7 Darghan St Glebe 2037 Australia > phone +61 2 9660 1400 fax +61 2 9660 7400 > http www.ish.com.au | email info@ish.com.au > PGP fingerprint 08 57 20 4B 80 69 59 E2 A9 BF 2D 48 C2 20 0C C8 > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Sat Apr 10 10:09:37 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 693B016A4CE for ; Sat, 10 Apr 2004 10:09:37 -0700 (PDT) Received: from mail.lambertfam.org (www.lambertfam.org [216.223.208.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1D0AB43D2F for ; Sat, 10 Apr 2004 10:09:37 -0700 (PDT) (envelope-from lambert@lambertfam.org) Received: from localhost (localhost [127.0.0.1]) by mail.lambertfam.org (Postfix) with ESMTP id 40C8834D66 for ; Sat, 10 Apr 2004 13:09:34 -0400 (EDT) Received: from mail.lambertfam.org ([127.0.0.1]) by localhost (www.lambertfam.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 92393-04 for ; Sat, 10 Apr 2004 13:09:26 -0400 (EDT) Received: from laptop.lambertfam.org (cdm-66-233-132-205.rsvl.cox-internet.com [66.233.132.205]) by mail.lambertfam.org (Postfix) with ESMTP id 0FCD934D64 for ; Sat, 10 Apr 2004 13:09:26 -0400 (EDT) Received: by laptop.lambertfam.org (Postfix, from userid 1001) id D83BBC0E6; Sat, 10 Apr 2004 13:09:24 -0400 (EDT) Date: Sat, 10 Apr 2004 13:09:24 -0400 From: Scott Lambert To: freebsd-isp@freebsd.org Message-ID: <20040410170924.GA15943@laptop.lambertfam.org> Mail-Followup-To: freebsd-isp@freebsd.org References: <7E8A3A1C-8AA0-11D8-B20E-003065A9024A@ish.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7E8A3A1C-8AA0-11D8-B20E-003065A9024A@ish.com.au> User-Agent: Mutt/1.5.6i X-Virus-Scanned: by amavisd-new at lambertfam.org Subject: Re: synchronising failover web servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Apr 2004 17:09:37 -0000 On Sat, Apr 10, 2004 at 01:38:12PM +1000, Aristedes Maniatis wrote: > The problems we have right now are: > > 1. how to sync the html directories > 2. how to sync config files (eg httpd.conf, contents of /usr/local/etc, > and so on) > > I have been experimenting with various options. For (2), I have been > thinking of creating a cvs repository to which we commit all changes > and then creating cvs checkout scripts on the deployment machines. That > way rollback is easy, we can comment changes, and testing on a third > testing box is easy. However, cvs is not well suited to files scattered > all over a file system. It expects to deal with a single folder full of > files and folders. One word "Makefiles". :-) I have a lot of system configs in cvs. Eventually I'll have all of them. Each subsystem config has it's own directory and I have Makefiles setup to work the subdirs where necessary. We check the configs out in our home directories on each machine and run : $ make update install [test] [restart] The Makefiles take care of su'ing where necessary. The test and restart targets are used where appropriate. Test does things like "apachectl graceful", "nagios -v nagios.cfg", "spamassassin --lint", .... I try to make sure restart depends on the test target but I still explicitly use test on the command line. I have a lot of other convenience targets for things like setting up the bind chroot environment, downloading addon rule sets for SpamAssassin, running sdiff on the KERNCONF files, diffing the installed configs with the cvs'd configs in case someone does things to the live configs and forgets to commit to CVS. The bind configs include a script which I add to cron to update themselves. Other often changing configs are the same way. Yet other less redundant/scarier downtime consequence configs have to be updated and installed manually. I have a "dist" target to ssh to a list of machines to run the make line on each. But there is a human watching for errors. The better the Makefile, the easier the building of a new machine. I'm still learning better ways to do things with make. -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org http://www.lambertfam.org/~lambert/resume.html