From owner-freebsd-questions@FreeBSD.ORG Wed Aug 4 21:55:12 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC17916A4CF for ; Wed, 4 Aug 2004 21:55:12 +0000 (GMT) Received: from rosebud.otenet.gr (rosebud.otenet.gr [195.170.0.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1538743D53 for ; Wed, 4 Aug 2004 21:55:11 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from gothmog.gr (patr530-b208.otenet.gr [212.205.244.216]) i74Lt6fA015584; Thu, 5 Aug 2004 00:55:07 +0300 Received: from gothmog.gr (gothmog [127.0.0.1]) by gothmog.gr (8.13.1/8.13.1) with ESMTP id i74Lsci9008634; Thu, 5 Aug 2004 00:54:38 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from giorgos@localhost) by gothmog.gr (8.13.1/8.13.1/Submit) id i74Lsb5q008633; Thu, 5 Aug 2004 00:54:37 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Thu, 5 Aug 2004 00:54:37 +0300 From: Giorgos Keramidas To: DK Message-ID: <20040804215437.GB8388@gothmog.gr> References: <20040802093414.GA39066@orion.daedalusnetworks.priv> <20040804151516.41150.qmail@web41007.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040804151516.41150.qmail@web41007.mail.yahoo.com> cc: freebsd-questions@freebsd.org Subject: Re: firewalls, connecting, config & apachetoolbox (was: Re: BigApache [..]) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Aug 2004 21:55:13 -0000 On 2004-08-04 08:15, DK wrote: > --- Giorgos Keramidas wrote: > > The default set of firewall packet inspection rules that ipfw loads will > > block *EVERYTHING* so you might want to do a bit of research on the > > available rulesets by reading about rc.firewall, rc.conf and/or browse the > > contents of the /etc/defaults/rc.conf file: > > If I understand it correctly after reading the handbook, if I add > 'firewall_type=open' in my '/etc/rc.conf' file, will it make all > incoming/outgoing ports open so I can connect to the net with sysinstall to > download packages ??? Yes, that's mostly true. Note that I very rarely use the "open" firewall type or others from rc.firewall. This is because I usually write my own firewall rulesets. The commands of rc.firewall though are hopefully easy to understand. Open the script with your favorite editor in read-only mode (don't make any changes unless you're very sure you know what you're doing). Read the sets of rules it loads and see for yourself which one you prefer ;-) The following manpages also contain useful stuff about firewall setup in your FreeBSD installation: % man 7 firewall % man 7 security > Legend. Got this script working now :)) > ...Except...All modules seem to install okay Except for "mod_perl". Some problem with the bundle of installations no doubt :-) > I get the error: > ----------------------- > [-] 16) -Mod Perl 1.29 > > Choice [?] 16 > LWP::UserAgent not installed! > HTML::HeadParser not installed! > Type "perl -MCPAN -e shell" to start the perl CPAN > shell, then "install LWP::UserAgent" to install the LWP::UserAgent module! > Substitute LWP::UserAgent for any perl module. > ------------------------------ The installation depends on a Perl module called LWP. The error message tries to be helpful too. Read it carefully: Type "perl -MCPAN -e shell" to start the perl CPAN shell, then "install LWP::UserAgent" to install the LWP::UserAgent module! If you do as it says, the LWP::UserAgent module will be installed and then the installation will probably succeed. I'm deliberately using "probably" because this is a package-lookalike that is not an official part of FreeBSD so I don't know why, when or how it could fail without trying it out first. > I don't understand what I am supposed to "substitute" (above) ??? CPAN is an acronym equivalent to "Comprehensive Perl Archive Network". The CPAN collection of Perl modules is a vast library of Perl code that you can install as add-on modules over your existing Perl installation. If you want to install many modules, a single CPAN shell invocation of Perl can do it, using "install MODULE_NAME". You'll have to substitute MODULE_NAME with the name of the module you want to install. Does the word "substitute" sound a bit more clear now? > 1) For automount, I edited /etc/fstab. > It was easier & more logical than the editing amd(/etc/amd.conf & /etc/amd.map) > Problem: There has to be a CD in the CD drive & a floppy in the floppy drive > otherwise the drives don't automount & the bootup faulters !! It obviously tries to mount a CD-ROM disk at boot time because you enabled the "mount at boot time" flag in fstab. > - This is annoying. Is there a way around this so I can automount at > bootup without a disk being in the drive ??? Not really. You asked your system to mount the CD-ROM at boot time and it did. I recall someone posting excellent references for the automount daemon some time ago. I even went ahead and read them an afternoon that I was feeling bored. Please, go back to the previous posts of these threads and read the help posted about amd. > 2) I ran xf86config & generated a new config file. It broke X [...] > ------------------------- > My Monitor Specs(If this helps): > viewsonic pf775 > [snip mode - frequency table] > Frequency f h: 30~97kHz; f v: 50~180Hz > --------------------------- Yes it does help. You'd also have to find out what Video Adapter you have and instruct xf86cfg to generate an XF86Config file using the proper driver for your video adapter. > 3) I tried to intstall the login client for my broadband connection so > I can use sysinstall to download & install packages. The program > fails on make & make install! What login client? The only port that I see whose name begins with "login" is x11/login.app and that's definitely nothing related to broadband connections. > Screen Output > ------------------- > 127# make install > Makefile error: there is no COMMENT variable defined > for this port. Please, rectify this. > *** Error code 1 > Stop in /usr/ports/distfiles/login. > ------------------- Are you honestly still trying to run "make" in /usr/ports/distfiles after I have asked you so many times to go and read the Handbook chapter about "Ports and Packages"? This is not going to work. > 4) I am taking your advice & am trying to connect to the net with sysinstall so > I can download packages/ports & hopefully find an easier way to install apps. You haven't provided any details about the type of connection you have (just a "my broadband connection" short description which doesn't amount to much), so I can't help you there. You have also displayed an unbelievable reluctance to read any sort of documentation, so I don't hope for much even if I point you to the Handbook, to some web page or anything else. Once more though, since you have mentioned "broadband", here's a link from the Handbook; just in case you find it useful: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/pppoe.html > Q: Do I need to get my broadband login client working to connect to the net OR > can I login to my ISP from a terminal within BSD ??? Again I ask... What login client? > Q: Do I need to login to my broadband ISP via my login client to enable > "sysinstall" to be able to download packages etc ... ??? No, you don't need any "login client" or similar. You just need to set things up so that a network connection works. Sysinstall is also not required to download packages, once you set your connection up. But you would already know that *IF* you had read the relevant Handbook chapter: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports.html > Q: Like tracert on W2000, is their a command I can use in BSD to see when I am > connected to the net ??? The "tracert" program is called "tracert" in Windows because some versions of that operating system family are limited in the number of characters that can use in filenames. This is why they shortened "traceroute" to "tracert" to fit in less than 8 characters. On BSD you can use "traceroute" to do the same thing and lot more. - Giorgos