Date: Sat, 10 Jun 2000 14:15:56 -0700 From: "Crist J. Clark" <cjc@earthlink.net> To: Everett F Batey <efb@cotdazr.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: UPGRADE 2.2.8 to 4.0R Message-ID: <20000610141556.I1197@dialin-client.earthlink.net> In-Reply-To: <20000610135523.A8287@cotdazr.org>; from efb@cotdazr.org on Sat, Jun 10, 2000 at 01:55:23PM -0700 References: <20000610135523.A8287@cotdazr.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jun 10, 2000 at 01:55:23PM -0700, Everett F Batey wrote:
>
> Absent any place to make a good backup .. what are chances of my
> buying the 4.0R CD set and binary over-installing atop my 2.2.8 main
> qmail, Apache 1.3.3 (includes capable) http and DNS server and living
> to tell about it ?
You are going to be crossing the dreaded aout-to-ELF boundary here.
Be afraid, be very afraid. There is a very good chance that unless
you are very careful, you will break all of your old executables that
require shared libs. You are going to want to move the aout shared
libs to an aout/ directory in their respective homes. You will then
need to change the ldconfig(8) as appropriate.
I did multple 2.2.x to 3.x upgrades and had it down pretty well by
the end, but that was almost a year ago now. There are any number
of little gotchas in the process.
> Is Enlightenment/GNOME viable under 4.0R without a lot of work ?
Sorry, no help available from me on this.
> Ideas about running IPFW and NATD on web/mail server ? Still a
> recompile ?
Ideas about running ipfw(8) and NAT on a web/mail server:
- If there is no firewall somewhere else between this machine and
the Internet, then ipfw is a very good idea.
- Unless the machine is also a gateway, it should not need NAT.
- If the machine is to be a gateway-NAT box for a protected network
of any size, it should probably be held to a higher security standard
(i.e. cut bare-bones and running a few potentially exploitable
daemons as possible). Put mail and web on a different machine than
that doing the NAT and firewalling.
Yes, you'll need to rebuild the kernel with 'options DIVERT' in there.
But who doesn't build a custom kernel anyway?
--
Crist J. Clark cjclark@alum.mit.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000610141556.I1197>