From owner-freebsd-questions Sat Jun 10 14:17:27 2000 Delivered-To: freebsd-questions@freebsd.org Received: from penguin.prod.itd.earthlink.net (penguin.prod.itd.earthlink.net [207.217.120.134]) by hub.freebsd.org (Postfix) with ESMTP id 22E1737BDDF for ; Sat, 10 Jun 2000 14:17:24 -0700 (PDT) (envelope-from cjc@earthlink.net) Received: from dialin-client.earthlink.net (pool0886.cvx21-bradley.dialup.earthlink.net [209.179.195.121]) by penguin.prod.itd.earthlink.net (8.9.3-EL_1_3/8.9.3) with ESMTP id OAA06095; Sat, 10 Jun 2000 14:17:21 -0700 (PDT) Received: (from cjc@localhost) by dialin-client.earthlink.net (8.9.3/8.9.3) id OAA01708; Sat, 10 Jun 2000 14:15:57 -0700 (PDT) Date: Sat, 10 Jun 2000 14:15:56 -0700 From: "Crist J. Clark" To: Everett F Batey Cc: freebsd-questions@FreeBSD.ORG Subject: Re: UPGRADE 2.2.8 to 4.0R Message-ID: <20000610141556.I1197@dialin-client.earthlink.net> Reply-To: cjclark@alum.mit.edu References: <20000610135523.A8287@cotdazr.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20000610135523.A8287@cotdazr.org>; from efb@cotdazr.org on Sat, Jun 10, 2000 at 01:55:23PM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, Jun 10, 2000 at 01:55:23PM -0700, Everett F Batey wrote: > > Absent any place to make a good backup .. what are chances of my > buying the 4.0R CD set and binary over-installing atop my 2.2.8 main > qmail, Apache 1.3.3 (includes capable) http and DNS server and living > to tell about it ? You are going to be crossing the dreaded aout-to-ELF boundary here. Be afraid, be very afraid. There is a very good chance that unless you are very careful, you will break all of your old executables that require shared libs. You are going to want to move the aout shared libs to an aout/ directory in their respective homes. You will then need to change the ldconfig(8) as appropriate. I did multple 2.2.x to 3.x upgrades and had it down pretty well by the end, but that was almost a year ago now. There are any number of little gotchas in the process. > Is Enlightenment/GNOME viable under 4.0R without a lot of work ? Sorry, no help available from me on this. > Ideas about running IPFW and NATD on web/mail server ? Still a > recompile ? Ideas about running ipfw(8) and NAT on a web/mail server: - If there is no firewall somewhere else between this machine and the Internet, then ipfw is a very good idea. - Unless the machine is also a gateway, it should not need NAT. - If the machine is to be a gateway-NAT box for a protected network of any size, it should probably be held to a higher security standard (i.e. cut bare-bones and running a few potentially exploitable daemons as possible). Put mail and web on a different machine than that doing the NAT and firewalling. Yes, you'll need to rebuild the kernel with 'options DIVERT' in there. But who doesn't build a custom kernel anyway? -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message