Re: 3 NICs - 1 upstream, 2 downstream to same subnet??
On Fri, Sep 03, 2004 at 07:05 , RRrp Toren moved his mouse, rebooted for the change to take effect, and then said: > Nickolay A. Kritsky wrote: > > >Hello rip, > > > >Are you sure that you want only one subnet? In your case two different > >subnets on two interfaces IMHO look much better. If you are sure about > >one-subnet setup than you should try to set up a bridge(4) between > >them two NICs. Bridge in FreeBSD is supporting ipfw filtering, so > >you can still complete your security goals. >No, I am nor sure. I tried using 11.x.x.x on the xl0, but all > routing out of the machine stopped along there somewhere. It > may have been the xl drivers that don't seem to play well with > multiple copies running. The 11.x.x.x network belongs to the Department of Defense. Be sure to use only number allocated for private use. Thats the complete 10.x.x.x, 17.16.x.x to 17.31.255.255 and 192.168.x.x. Using addresses outside the private address space can mislead you when routers take the date elsewhere. -- Bill Vermillion - bv @ wjv . com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD 4.x and OS-X tcp performance
"Ang utong ko ay sasabog sa sarap!" exclaimed Charles Sprickman while reading this message on Fri, Mar 04, 2005 at 18:43 and then responded with: > On Fri, 4 Mar 2005, Darcy Buskermolen wrote: > >On Friday 04 March 2005 14:34, Charles Sprickman wrote: > >>Howdy, > >>Sorry to bring what seems like a simple issue up here. > >>I had been blaming slow afp filesharing between my OS-X > >>(10.3.8 and previous) and FreeBSD 4.x boxes on netatalk's > >>afp implementation for some time. Not too long ago I got > >>frustrated with this and tried smb and then ftp. On a simple > >>10/100 network, and even with just a crossover between two > >>boxes it seems that any tcp transfer tops out at around > >>250KB/s. > >>On the same network using the same switch I can get near > >>Oline-rate to an penBSD box and to another OS-X box. > >>If I use nfs and force udp as the transport, I *do* get near > >>line-rate between OS-X and FBSD. > >>My 5.3 box is tanked at the moment, so I cannot tell if the > >>problem happens there as well. I do have a full ADC account, > >>so I will be testing with the latest Tiger preview shortly, > >>and the ADC access does give me a decent bug reporting > >>facility if the fault lies within the OS-X tcp stack. > >>I'm no tcpdump wizard, would anyone care to help me track this down? > >I'd start with ensureing your nic's media options are properly > >set (I've seen this exact behavior during duplex mismatches) > Yep, I wouldn't have come here without checking all the basics. I should > also add that given three machines in my standard config I get the > following results which will also help rule out cabling/speed/duplex > issues: > os-x <-> obsd - good > os-x <-> fbsd - bad > obsd <-> fbsd - good > os-x <-> os-x - good I've seen this before. A client had three OS/X machines in our rack, one standard G4 and two Xrack devices. One had severe problems connecting withour FreeBSD machines but not to others. I was never able to get with him in an interactive mode to check things. He said he'd tried different settings but never got with me when he was doing this so that I could check his machine, our machine, and the intermediate switch. He moved out to a rack of his own so I never did find out what was wrong. I do suspect duplex problems. He was connecting to one of our Cicso switches and Cisco has some extensive docs on some configuration problems. Part of it comes from when some vendors decided to add their own features and violated standards. http://www.cisco.com/warp/public/473/46.html This is the link I saved from awhile back. I hope it is still valid. But problems like this usually come from one side or the other not properly responding to auto-negotiation as documented. When auto-neg fails at least one side will go to half-duplex, and with the other in fdx then you usually only see throughput of about 10% of normal because of data being sent back on a line that the fdx line thinks is clear to send upon. Bill -- Bill Vermillion - bv @ wjv . com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD 4.x and OS-X tcp performance
While normally not able to pour water out of a boot with instructions on the heel, on Wed, Mar 09, 2005 at 07:51 our dear friend Mark Tinguely uttered this load of codswallop: > Thinking about the trace a little more, the Apple send buffer > must be set much lower (about 18-19KB ballpark) than the FreeBSD > recieve buffer (56 KB). If these settings were simular, the > Apple machine should be providing more data as the FreeBSD gives > the window updates - this would give the FreeBSD side more > chances to give duplicate ACKs to recover quicker. > For related curiousities, would you tell me if the FreeBSD a > Uniprocessor or multiprocessor? I remember having problems with a G4 in our racks. Looking over some old messages I found something that had slipped my mind. A person I know who works for Omneon Video Technologies said they had similar problems and got a patch from Apple to fix this, and the patch was not a normally distributed one. Omneon builds high-speed media servers for broadcast and video. [www.omneon.com] I don't know if I can find this person again to check on this or not, but this problem has been seen before.I never had complete details on this - so it could be in the rumor category. My gut feeling is that it is something Apple is doing not FreeBSD - or we'd have heard a lot more about this. -- Bill Vermillion - bv @ wjv . com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Julian's netowrking challenge 2005
Putting quill to paper and scribbling furiously on Mon, Jun 27, 2005 at 22:08 , Julian Elischer missed achieving immortality when he said: > So for reasons that i won't go into, I fin dmyself renumberring an entire > company. > howeve I have a particular problem I can't figure out how to fix. > I have a gateway/firewall machine running 4.x > it has 3 interfaces > fxp0 goes to the internal trusted network > fxp1 goes to the internet via a T1 via a cisco box, > but is shared with another section of the company. > the compant web service is advertised as coming from an address > that is on an address advertised as being on this T1. So are > other services. > fxp2 also goes to the intenet via a cisco box however nothing is using > it at the moment. > The one shared T1 is being flooded out by users behind this machine > much to the annoyance of the users on the other part of the company. > This is supposed to be their T1. > For reasons that are beyond the scope of this problem, the advertised > DNS addresses for teh services advertised, can not just be switched > to be via the other t1. > The network attached to fxp0 needs to be NAT'd to use the Internet > as it is using illegal numbers. > The challenge: > figure out a way so that all teh users on the network behind fxp0 > hcan use the internet using the T1 attached to the cisco off fxp1 > while all the advertised services (about 8 of them, few enough to > list by hand in rules etc.) which are also behind fxp0 but acccessed by > NAT'd addresses from the addresses on fxp1's net are accessed soly via that > T1. > [ internet ] > | | > T1 T1 > | | > [cisco] [cisco][other part of company] > | | > [fxp1] [fxp2] > [ freebsd 4.x ] > [fxp0] > | > | > ---illegal numbere'd net(s) (e.g. 192.168.x.x)- > | | | > [server 1 ] [server 2] [lots of users] > > I can get the 'forward' direction easily.. i.e. incoming packets. > > It's the reverse direction that doesn't work for me. > I considerred running 2 NATDs > but I need to run ipfw to identify teh reverse streams to force back via > fxp2 > and the only way I can do that is by using the 'fwd' command. ... You didn't indicate the model of Cicso's but I've used both NAT and PAT in Cisco routers. I'm wondering if you did the NATing in the routers if this wouldn't help? Bill -- Bill Vermillion - bv @ wjv . com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: domain name not resolution too slow or timeouts
Shakespeare wrote plays and sonnets which will last an eternity, but on Sun, Oct 30, 2005 at 20:19 , Nandagopal wrote these truly forgetable lines: > I'm running freeBSD 6.0 Beta 4. It has been almost 1 month > since I installed it. Everything was working fine until today. > The problem, the browser (or any other app) takes too long to > resolve a domain name; sometimes it just times out. That means the nameserver you are pointing to is not resolving the names. > However, I can access websites(services) using their ip address. > The data transfer rates are also normal. I use a cable modem and > get my IP using DHCP. As this machine is also a gateway, I run a > named. That is typical of a nameserver not responding. A nameserver just looks up the IPs, so going to an address by IP bypasses the names server. > Also, I had a system crash today due to a power failure. > Another thing I noticed since the Beta 4 install is that I > have to invoke 'dhclient' comand on my public interface very > frequently. > I tested the connection using Windows XP; everything works fine. > So I guess there should be no hardware or modem troubles. > Any help is appreciated. Find the correct name servers. I don't use DHCP but I've noticed that many say that DHCP tend to rewrite the /etc/resolv.conf to add it's own nameserver. I forget what the process was in DHCP to keep this from happening, but you can put known working nameservers in your /etc/resolv.conf and then perform a 'chflags' to make that file read only, and then nothing will change it until you reset the flags. You problem Is not a BSD problem. Bill -- Bill Vermillion - bv @ wjv . com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: domain name not resolution too slow or timeouts
Even though on Mon, Oct 31, 2005 at 09:12 Miroslav Lachman realized that everything he says should be taken 'cum grano salis', he unhesitatingly continued with this missive: > Nandagopal wrote: > > Hehe, > > sorry if I sounded too boring :) and thanks for replying. > > > > > >>Find the correct name servers. > > > > > > I have got two name-servers in my resolv.conf file. They are exactly the > > same as in the XP settings and they work just fine. > > > > Sirode > > Do you have firewall (IPFW, IPF, PF) on freebsd machine? Ain't you > blocking DNS replies? And besides having the name-servers in the resolv.conf file, depending on which version of FreeBSD he is using the order of searching will have to be in the host.conf file or how nsswitch is set up. If you don't tell the system to use those name servers it's not going to use them. I don't recall if the OP mentioned the OS version he was using in the original post. BIll -- Bill Vermillion - bv @ wjv . com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Hacked computer
On Tue, Dec 19, 2000 at 03:24:15AM -0500, Mike Nowlin thus spoke: > > If you've been rooted, then the logs are probably no good. But > > check you wtmp for logons, and messages, and well if you don't > > see anything unusual there then the've prabaly been wiped. Have > > regained root yet? ... ... > Due to the fact that "rm" really doesn't erase anything, the > contents were still there - doing a "strings" on the raw partition > will retrieve a lot. > With a bit of patience, it's amazing what will show up -- usually, > the former contents of /var/log/* will show up as large chunks > that are easily read... Turns out I found this guy's IP address > and the time the system was blasted - a call to MCI resulted in a > small amount of satisfaction... It's amazing what TCT - The Coroners Toolkit - will display. 'lazurus' causes files to rise from the dead. Used ahead of time you can run MD5 on the entire system so you can check everything if you beleive you've been broken into. Dan Farmer and Wietse Venema wrote it. Bill -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Hacked computer
On Tue, Dec 19, 2000 at 10:07:45AM -0500, Bill Vermillion thus spoke: > On Tue, Dec 19, 2000 at 03:24:15AM -0500, Mike Nowlin thus spoke: Damn - been one of those days. I looked at the sources to get Wietse's name spelled right, and copied out the source address but negelected to include that. Bad form to follow up your own message - the relevant part is below for reference. Here are the addresses for the source: http://www.fish.com/forensics/ http://www.porcupine.org/forensics/ > > With a bit of patience, it's amazing what will show up -- usually, > > the former contents of /var/log/* will show up as large chunks > > that are easily read... Turns out I found this guy's IP address > > and the time the system was blasted - a call to MCI resulted in a > > small amount of satisfaction... > > It's amazing what TCT - The Coroners Toolkit - will display. > 'lazurus' causes files to rise from the dead. Used ahead of > time you can run MD5 on the entire system so you can check > everything if you beleive you've been broken into. > > Dan Farmer and Wietse Venema wrote it. > > Bill > -- > Bill Vermillion - bv @ wjv . com > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message > -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: What for messages?
On Fri, Jan 26, 2001 at 11:26:17AM +0500, -Digger thus spoke: > hi all, > what for messages and what daemon or process can make it? > > file /var/log/messages: > > ---cut--- > host /kernel: Connection attempt to TCP 127.0.0.1:199 from 127.0.0.1035 > host /kernel: Connection attempt to TCP 127.0.0.1:199 from 127.0.0.1036 > host /kernel: Connection attempt to TCP 127.0.0.1:199 from 127.0.0.1037 > host /kernel: Connection attempt to TCP 127.0.0.1:199 from 127.0.0.1038 > ---cut--- > > In a file /etc/services I have not found description of this port. > > Thank's > > P.S. Sorry for my bAd english > Do you have log_in_vain="YES" in your rc.conf. That what it looks like at first glance to me. Bill -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: - TFTP: Time out -
On Tue, Mar 06, 2001 at 01:14:19PM +, Jean-Christophe Varaillon thus spoke: > % ls -l /tftpboot/c3640-i-mz.120-7.XK1.bin > -rw-r--r-- 1 nobody nobody 4991380 Mar 5 16:47 > /tftpboot/c3640-i-mz.120-7.XK1.bin > % But in the / listing there was no directory of /tftpboot. That concerns me. The permission on the /tftpboot directory must be world readable as well as the file. We also need to be sure of his inetd.conf file to see that the /tftpboot is the directory specified. We aren't even sure if that is enabled are we? Just some thoughts. Bill -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: add static route
On Wed, Jun 13, 2001 at 02:35:31PM +0200, Anastasia Leventi-Peetz thus sprach: > > I am trying to add a static route to the kernel tables > and read the route Manpage to this purpose > > I've tried a lot but I get almost the same message: > "bad address" > > what's wrong with the command? > route add -inet6 bla.bla.bla::/48 -iface xl0 >From faithd(8) # route add -inet6 3ffe:501:4819::: -prefixlen 96 ::1 Don't know if that helps or not. -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Unable to change time/date
On Thu, Jun 14, 2001 at 11:09:13AM -0400, Drew J. Weaver thus sprach: > Whenever i try to change the time/date on my FreeBSD 4.2 server > I get the error that says Kernel: time changed clamped to -1 > seconds. I have absolutely no idea what is going on, I tried it in > both single and multi-user mode. The command I am using is this > date 200106141030.01 > Is this wrong? Sounds like you are at security level 2 or greater. Check your rc.conf file. If at 2, reboot into single user, edit rc.conf, reboot to multiple user. Security level 2 and 3 restrict time changes to less than 1 second. Your message is the exact message documented in init(8) -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Securing the root account
On Tue, Jun 19, 2001 at 12:33:44PM -0500, Cameron Haegle thus sprach: > I come from the Windoze side of the playground, where you are able > to rename the Administrator account name, in order to provide a > bit more security. > Can a similar thing be done with FreeBSD? You could, but what you are proposing is the classic 'Security through obsurity model'. That never works. Root is a traditional account name since 1969, but it also maps to user ID 0 as someone else mentioned. Every system requires a user ID 0 no matter whether it is root, larry, manny or moe. Make sure that no one can log in as root anywhere except at the console. You can even elminate root login at the console if your system is not in a 1% secure location :-) Then the only memember who can use root are those you put in the 'wheel' group. Let's get back to UID 0 for a moment. If anyone can get into that machine, even if they don't have the ability to become super user, and you have named your root account mxtylplx, then anyone on that machine will know that is the admin account by listing any directory in which used ID 0 has a file it owns. Don't putz around with security 'ideas'. Do security in the right manner. Limit the wheel account users. Make sure they keep their login password secure, and keep the root password secure. Get rid of all telnet account and put in SSH so that no clear text passwords ever cross the net. That's just a small step on the way, to locking down a system, but just changing login names won't do it. Bill -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Securing the root account
On Tue, Jun 19, 2001 at 08:20:02PM -0700, Orville R. Weyrich.Jr thus sprach: > Speaking of SSH, are there any recommended SSH clients for Windows 95? Putty. Don't recall where I got it though. It's free > > orville. > > On Tue, 19 Jun 2001, Bill Vermillion wrote: > > > Get rid of all telnet account and put in SSH so that no clear text > > passwords ever cross the net. That's just a small step on the > > way, to locking down a system, but just changing login names won't > > do it. > > --- > Orville R. Weyrich, Jr. Weyrich Computer Consulting > mailto:[EMAIL PROTECTED] KD7HJVhttp://www.weyrich.com > --- > Visit our online collection of book reviews: > > http://www.weyrich.com/book_reviews/ > > Ask about our world wide web services! > --- > > -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: 2nd root
On Sat, Jun 23, 2001 at 08:10:33PM +0200, Marcel Dijk thus sprach: > > Is it possible to create a second root account, for example root2. Yes it is possible. There is even a second root account shipped with FreeBSD - toor. The only difference is the default shell. The only reason that I can see for having a second 'root' account is for an alternate shell, because besides that it buys you nothing. Whoever uses the alternate root account will have the power to do everything the 'root' login can do, including changing the 'root' password. I'm curious as to why you'd want/need an alternate root account. Bill -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: PPPoE latency
On Tue, Jul 03, 2001 at 12:09:14AM -0400, Bryan Fullerton thus sprach: > I've been wondering why the latency is higher in FreeBSD's PPPoE > implementation. From what I've seen, ping times via my gateway box > are significantly higher than what friends are seeing with dedicated > router boxes (ie Linksys) on the same DSL provider. The only way to be sure it is OS related [and I suspect it is not] is to take your machine to their location. DSL can vary in speed from location to location. > Here's what I'm seeing to the other end of my connection, no other > meaningful traffic going on: > --- 65.92.109.1 ping statistics --- > 100 packets transmitted, 100 packets received, 0% packet loss > round-trip min/avg/max/stddev = 53.982/65.063/102.373/7.478 ms > Here's a ping on my friend's machine (Mac ping, sorry for lack of precision): > Packets out/in/bad/%loss = 64/64/0/0.0 > Round Trip Time (ms) min/avg/max = 14/24/59 My BSD runs 19.447/19.874/20.255/0.322 on my DSL. Since the first link to the DSL is not your system but the box above it, I really suspect that is the problem. BTW I am NOT using PPPoE but PPoA. That link is a 512/128. I just telneted into another DSL I have - at a different location - and that is 14.881/15.613/16.369/0.547 It is the same provider - the ISP I help run. But the first link is a Sprint DSL [PPoA], and the second is BellSouth in a bridge mode. Both go to the same router - but use two different transport links. We resell their connections instead of putting in hardware at the CO. > Any thoughts? I can live with this, the connection is rock solid and > has been for over a year now, just curious as to why. Apologies if > this has come up before, I searched the list archives and the bug > list. While not using DSL for that length of time, I really don't think it is the FreeBSD. Taking your machine to your friends place is the only way to check - as only then will you be using the same routing all the way, both connecting to the same DSLAM, etcetera. BTW - my link at 512K qualifies for 3MB but that costs more, priced by speed, but the one at the office [that I telneted to and then timed going out] is running about 1MB, and the only thing guaranteed is something below 512 - perhaps 380 - but the closer you are the faster you go. Those are marketing decisions made by the respective companies. Bill -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: PPPoE latency
On Tue, Jul 03, 2001 at 01:02:22AM -0400, Bryan Fullerton thus sprach: > At 12:43 AM -0400 7/3/01, Bill Vermillion wrote: > >The only way to be sure it is OS related [and I suspect it is not] > >is to take your machine to their location. DSL can vary in speed > >from location to location. > Ah - here I should mention that I had similar ping times with this > same provider when I was on the other side of the city (moved in > March). You neglected to say that. > The pings that I provided were to the first hop, ie my gateway at the > other end of the connection. It could be latency in my provider's > network, I suppose, but seems unlikely it'd affect me in two > locations and not my friend in a third (also downtown). But certainly > possible. Well in the above instance I am the provider and I get different ping times at the different locations. [Just bringing this all up and only got one running late Wednesay night]. If you provider is not the lowest link in the chain, eg the telco providing service to your location, you could see all sorts of speed differernces. And customers we bring up could come back over a pipe inside our DS3 to Bell or the ATM link to Sprint. I saw racks across the room from Telocity and I don't know whether they were reselling or had their own equipment in the COs and then back-hauling to the facility I have my rack space in. [big place - in the area in back where I only get to go when being walked through by a tech en route to somewhere else] I saw banks of Ascend/Lucent Maxes - and a rough guess is 30-35K worth of digital modems. I believe 15K of those was being routed from another city back to the central transport. I think about 1/2 of those [at least 15,000] are for AOL. > > BTW I am NOT using PPPoE but PPoA. > So.. not actually doing packet encapsulation and authentication with > FreeBSD PPP then? If so, then we're not comparing apples to apples. But I was tyring to point out - and not very well at that - that just being from the same provider doesn't mean all that much. Before Northpoint folded a lot of the local ISP's were just reselling their services. One ISP also dropped their own DSLAM into a few large business type locations and back-hauled to their central site - and they only have DS3 to the outside world and at times those get overloaded. So things could vary greatly with the same provider at different location points depending on how they link back to their connects. -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: forwarding broadcast
On Thu, Aug 09, 2001 at 11:36:38AM -0400, Jonathan Chen thus sprach: > On FreeBSD -CURRENT and -STABLE, packets to broadcast addresses > are not forwarded. For instance, if I have a FreeBSD router with > interfaces 192.168.1.1 and 192.168.2.1, and I send packets from > 192.168.1.2 to 192.168.2.255, the packets are dropped to the > floor. IMO, this is wrong... But the question now is - what is the netmask on these interfaces.? That will make a difference. -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: forwarding broadcast
On Thu, Aug 09, 2001 at 12:30:56PM -0400, Jonathan Chen thus sprach: > On Thu, Aug 09, 2001 at 12:23:52PM -0400, Bill Vermillion wrote: > > On Thu, Aug 09, 2001 at 11:36:38AM -0400, Jonathan Chen thus sprach: > > > > > On FreeBSD -CURRENT and -STABLE, packets to broadcast addresses > > > are not forwarded. For instance, if I have a FreeBSD router with > > > interfaces 192.168.1.1 and 192.168.2.1, and I send packets from > > > 192.168.1.2 to 192.168.2.255, the packets are dropped to the > > > floor. IMO, this is wrong... > > But the question now is - what is the netmask on these interfaces.? > > That will make a difference. > These are both class C networks, and their netmask is specified > accordingly (/24). I'm pretty sure my setup is correct here. So they are two separate networks therefore a broadcast for one should not go the other. If on the other hand you netmask was 255.255.252.0 then 192.168.0.x thru 192.168.3.255 would be part of the same network and you'd expect a broadcast to propagate. At least this is how I understand how it works, and I could be wrong. > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message > -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: FreeBSD TCP/IP relation to Mac OS/X?
On Wed, Dec 26, 2001 at 11:07:48AM -0800, George V. Neville-Neil thus spoke: > Just checking out some developer info on OS/X and I came upon this > interesting quote: > For kernel developers, Darwin provides the Network Kernel > Extension (NKE) facility. This allows developers to create > networking modules and even entire protocol stacks that can be > dynamically loaded and unloaded. NKEs also make it possible to > configure protocol stacks automatically and easily monitor and > modify network traffic. At the data-link and network layers, they > can also receive notifications of asynchronous events from device > drivers. > Can anyone comment on the progeny of the TCP/IP stack in Mac > OS/X? Did they do a rewrite or just tweaks? Granted this may > all be market speak but if it's true it would indicate some > significant changes. I can't say one way or the other but in the past couple of weeks someone from Apple posted some fixes to the FreeBSD specifically in the TCP/IP area so I'm assuming it's the BSD stack. Otherwise the fixes would be going the other way. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Need help. A system stops responding to network requests periodically.
On Wed, Apr 10, 2002 at 11:06:09PM +1000, Arkadi Kosmynin spewed forth: > I really can not explain this. We are stress testing a server. We > use the following configuration: the server runs on a FreeBSD box > (or Linux, with a similar effect). A multithreaded tester program > runs on a Win2K box and emulates random multiuser activity. The > FreeBSD box stops responding to network requests every 20-30 > minutes. I can't even connect to its FTP server. If I don't > touch it, it does not "unstuck" for quite a while. But, if I do > something with it, like start a Web browser on it and access the > server, or just do netstat, it became active again shortly. > Can anyone explain this? Is it some form of protection from denial > of service attack? The tester program generates a lot of requests, > and does it very fast, so, it does look like an attack. You didn't say a thing about your network. Sometimes the plain stopping can be a result of automatic-sensing and automatic-negotiation if you do not have everything fixed. Take a look at this and understand the failure modes http://www.cisco.com/warp/public/473/46.html While it is targeted to the Cicso switches the same advice applies to most things. I'm not saying this IS the problem you are having but since it is on the same HW with two OSes this needs to be verfied. Bill -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: incomplete+permanent arp entries
At Thu, Feb 09, 2006 at 17:39 , our malformed and occasionally flatulent friend Vitaliy Ovsyannikov spewed forth this fount of brain juice: > Hello, freebsd-net. > > I've noticed what it is possible to make incomplete+permanent > entries in kernel arp table. > xx# arp -s 1.2.3.4 pub > arp: invalid Ethernet address 'pub' And 1.2.3.4 is not valid syntax. xx:xx:xx:xx:xx:xx - the MAC address - should preceded and add the IP address with a hostname into /etc/hosts You probably just overlooked that line in the man page. > # arp 1.2.3.4 > 1.2.3.4 (1.2.3.4) at (incomplete) on vlan1 permanent [vlan] > > In result of it's permanent entry, kernel doesn't listening for > arp-replies for this host. > > My question is simple: is it bug or feature? You left out 'user error'. Bill -- Bill Vermillion - bv @ wjv . com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How do i send mail to certain domain users over external smtp using sendmail?
The door open and in walked trouble - disguised as our our old nemesis Nash Nipples, who uttered, at Thu, May 11, 2006 at 04:27 : > Duane Whitty <[EMAIL PROTECTED]> wrote: Nash Nipples wrote: > >hi, i just dont see any options to make it work > > "| /usr/sbin/sendmail -Ac -t" works fine > > but "| /usr/sbin/sendmail -O ConnectOnlyTo=smtp.external.co... -Ac -t" > > just wont work: > > WARNING: RunAsUser for MSP ignored, check group ids (egid=10103, want=25) > > can not chdir(/var/spool/clientmqueue/... Permission denied > > Program mode requires special privileges, e.g., root or TrustedUser. > > 554 5.3.5 Local configuration error > > > > I dont want to set up trusted users. Any work-around available? > > > > thanks > Hi, > > To clarify for myself, are you asking: > given domains abc.com, foo.com, bar.com , and anotherdomain.com > how to use your local SMTP to send mail to abc.com and foo.com but use > an external SMTP to send mail to bar.com and anotherdomain.com? > If so, then you can use the SMART_HOST define and the confCW_FILE define > in your /etc/mail/sendmail.mc file and put hosts you want processed via > local > SMTP in the file defined in confCW_FILE define. If you just have one domain > you want handled locally then you might also just put an entry like > Cwfoo.com in /etc/mailsendmail.cf. Your file names may vary depending > upon you configuration. > > Hope this helps. > > Sincerely, > > Duane Whitty It's really pretty easy. Look at 'mailertable'. You can set mail to any domain you wish to go through any SMTP server you are permitted to use. Some places won't accept my mail as even though I"m on a STATIC IP and have been the same one for 3 years, they consider all DSL lines as spam sources. So depending on end destination I send some to my providers transport, and others off to another machine I manage. Setup is simple. abc.com smtp: And then just run make in /etc/mail to compile it. Sendmail is very flexible. Bill -- Bill Vermillion - bv @ wjv . com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How do i send mail to certain domain users over external smtp using sendmail?
On Thu, May 11, 2006 at 07:23 , while impersonating an expert on the internet, Nash Nipples sent this to stdout: > Bill!! you are my superman! lol i dont even know how to thank you. I've been running sendmail since it became more civilized in the early 1990s after running smail for awhile. > all i had to do is recompile the sendmail!! it is truly > flexible and ununinstallable. :) mailertable did the thing. > i would like to consider the problem to be solved. if no > objections pending? You really didn't have to recompile sendmail. Running make in /etc/mail would have compiled a new mailertable.db with nothing else required by you. > next time i will pay more time to the sendmail documentation > prior to writing out the problems. Reading documentation always help. Learning to read documentation is the road to expertise. And in another post you asked about having some user who is considered local use another SMTP agent. Use virtusertable, also in /etc/mail If you don't want 'joe' a local user, to get mail locally put this in virtusertable joe joe@ And then re-run make. I also use virtusertable to throwaway things for users that dont exist. I just use the @my.domain.name nouser And in /etc/aliases I have 'nouser' aliased to /dev/null Bill > NASH! > > -ty > > Bill Vermillion <[EMAIL PROTECTED]> wrote: The door open and in walked > trouble - disguised as our our old > nemesis Nash Nipples, who uttered, at Thu, May 11, 2006 at 04:27 : > > > > Duane Whitty wrote: Nash Nipples wrote: > > >hi, i just dont see any options to make it work > > > > "| /usr/sbin/sendmail -Ac -t" works fine > > > but "| /usr/sbin/sendmail -O ConnectOnlyTo=smtp.external.co... -Ac -t" > > > just wont work: > > > WARNING: RunAsUser for MSP ignored, check group ids (egid=10103, want=25) > > > can not chdir(/var/spool/clientmqueue/... Permission denied > > > Program mode requires special privileges, e.g., root or TrustedUser. > > > 554 5.3.5 Local configuration error > > > > > > I dont want to set up trusted users. Any work-around available? > > > > > > thanks > > > > Hi, > > > > To clarify for myself, are you asking: > > > given domains abc.com, foo.com, bar.com , and anotherdomain.com > > > how to use your local SMTP to send mail to abc.com and foo.com but use > > an external SMTP to send mail to bar.com and anotherdomain.com? > > > If so, then you can use the SMART_HOST define and the confCW_FILE define > > in your /etc/mail/sendmail.mc file and put hosts you want processed via > > local > > SMTP in the file defined in confCW_FILE define. If you just have one domain > > you want handled locally then you might also just put an entry like > > Cwfoo.com in /etc/mailsendmail.cf. Your file names may vary depending > > upon you configuration. > > > > Hope this helps. > > > > Sincerely, > > > > Duane Whitty > > It's really pretty easy. Look at 'mailertable'. You can set mail > to any domain you wish to go through any SMTP server you are > permitted to use. Some places won't accept my mail as even though > I"m on a STATIC IP and have been the same one for 3 years, they > consider all DSL lines as spam sources. So depending on end > destination I send some to my providers transport, and others off > to another machine I manage. > > Setup is simple. > > abc.com smtp: > > And then just run make in /etc/mail to compile it. > > Sendmail is very flexible. > > Bill > -- > Bill Vermillion - bv @ wjv . com > ___ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > > > - > Love cheap thrills? Enjoy PC-to-Phone calls to 30+ countries for just > 2???/min with Yahoo! Messenger with Voice. > __ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com -- Bill Vermillion - bv @ wjv . com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: improving transport over lossy links ?
Throwing caution to the wind and speaking without thinking about what was being said on Sun, May 21, 2006 at 11:09 , Mike Tancsa blurted this: > At 05:26 AM 21/05/2006, Brian Candler wrote: > >On Fri, May 19, 2006 at 12:38:31PM -0400, Mike Tancsa wrote: > >> Thanks for the reply. Even at 28.8 I am seeing loss with > >> the connection dropping and seeing dropped packets (e.g. > >> May 19 12:04:43 soekris4801 ppp[3404]: tun0: Phase: 1: HDLC errors -> > >> FCS: 1, ADDR: 0, COMD: 0, PROTO: 0) > >If you have an error-correcting modem, but you are seeing data corruption, > >then I'd expect the data corruption is occuring on the RS232 link between > >the PC and the modem at one end or the other. You may have a handshaking > >problem (i.e. ensure the modem is configured for CTS/RTS handshaking, and > >the port is configured for this too; with pppd it's "crtscts", I don't know > >about userland ppp; and ensure the cables are wired properly) > >If your app could cope with the lack of bandwidth, forcing the modems to > >2400bps operation can make links over dodgy lines a lot more reliable. > > Hi, > Its not so much data corruption of packets on the wire, but > the modem dropping the connection, retraining and > renegotiating. When the retrains and re negotiations happen, this > can cause problems for the VPN as keep alives are missed, tx buffers > can fill up etc. I have tried a number of modems, the current one > being U.S. Robotics 56K FAX INT V5.22.70. and I am also trying an > external Intel at the office The best modems I've found are the ones from Multi-tech. Even their super-small ones. Before we added a PRI and a Livingston we were thinking about using the MT's in the 19" rack mount box they have. And when performing fax from email - using sendmail incoming and routing to fax [in the early days of the current 'net before many people had 'net connections] the MT's were the only ones that worked with virtually ever target fax machine. The MTs are external. Bill -- Bill Vermillion - bv @ wjv . com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to Quicken TCP Re-transmission?
"Bits dont fail me now!" was what Brian Candler muttered as he hastily typed this on Mon, May 22, 2006 at 14:06 : > On Mon, May 22, 2006 at 07:51:33PM +0800, [EMAIL PROTECTED] wrote: > > I want to transmit data between host A and host B. The link between > > these two hosts is really bad: PING reports 30% packet loss > How big are the pings? Try > ping -c100 -s1472 x.x.x.x > > to send 1500-byte pings (20 bytes IP header + 8 bytes ICMP > header + 1472 bytes padding). This will give you a more > realistic indication of packet loss for TCP transfers than the > small pings you get by default. The original poster noted that he had used -s1472 in his tests. I had the same exact problem one time as the OP did. Regular pings would go through, data throughput was terrrible and going with every larger packet sizes I found things really fell apart about 500 byte sizes. In my case it was a bad card in a Cisco 12000 switch at the local Level 3 facility where my servers were. There were only about 6 other clients on that card, and since I made the call about 6AM I was the first to notify them. IOW - while your problem may indeed be somewhere in the link don't discount the fact that the problem could be much closer. Have you tried a traceroute to see if it is at one particular link. If your provider does not block it you might try the -R option to ping the site to help pinpoint the source of the problem. Bill -- Bill Vermillion - bv @ wjv . com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Redundant/failover NFS servers - stale NFS file handle
While humming that old rock song Yackety Yacc - Dont Awk Back Oliver Fromme on Fri, Aug 18, 2006 at 11:14 sang or SED something like this: > Attila Nagy wrote: > > Oliver Fromme wrote: > > > We use NetApp Filer clusters (NAS) for that purpose. > > > They aren't cheap, but they work very well. > > > > I don't like blackboxes with nice GUIs. :) > > But they do exactly what you need. I doubt that you can > build the same functionality with Linux. BTW, I never use > the GUI. I just log into them with ssh; works perfectly > fine. It's only seldomly required anyway, once the boxes > are set up and running. > BTW, as far as I know, they run a BSD-derived embedded OS > (with micro kernel?), so there's at least a little bit of > BSD in that "blackbox". ;-) > > Best regards >Oliver And one nice box is from GTA - Global Technology Associates. They are here in Orlando and I've watched them grow from nothing to being highly respected. They were the first NCSA certified firewall in software, and they are BSD derived. The GUI interface is more like a curses interface - the last time I saw one - so you can easily manipulate them in text mode remotely. As above, they aren't cheap but they work well. I had a pair that a customer from a long way away with a matched on in our colo used to update their servers remotely and securlty. It was a 3-step process of machines, with a Sun Netra at the first entry point, going to Mac G4's for the Web Objects for the the web apps, connected to a mutli-CPU Solaris machine for the Oracale database. The nice thing about their boxes, that some don't have is three NICs so you can have a DMZ in the middle and the private network is fully protected. I have no financial interest in them, but I have know Paul for ages. Bill -- Bill Vermillion - bv @ wjv . com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Strange internet connection...
Wise men talk because they have something to say, however on Mon, Aug 28, 2006 at 12:55 , felix.schalck just had to say something so we heard: > Hi, > I'm currently running 6.1-STABLE on a little laptop (CLEVO > M120 W) connected via an ISP-router to the Internet. Since a > few weeks, I m experiencing very strange Netwok behaviour: the > adsl connection seems to "hang up" from time to time, getting a > "host not found"; a few minutes (~10-15) later, it works again, > without having changed anything... I've seen that recently here in Central Florida. When lightning strikes anywhere in about 10 miles the ADSL device can lose sync, so I see it trying to train to regain a connection. Sometimes a power-off will fix it, but other times I just have to wait it out. Who is the transport - not the ISP. Here the company who handles all the network address and connections is Earthlink but the transport it handled by Embarq - the company formerly known as Sprint. > I tried different browsers, different ifconfigs, routing options > and DNS configs. On both interfaces (iwi & rl) , I got the same > symptoms. I'm wondering wether it is the ISP or a wrong config. > What can I do to find it out ? It really sounds like a connection problem and not any of the software things you mentioned above. A typieal DSL device will have lights on them. WHen it is reset the typical device will show a red light for DSL, then go to a slow green blink as it starts up, then go to a faster blink, and then when it is steady you have a working DSL connection. This really should probably go to freebsd-questions as from my POV it's not a 'net' problem. Bill -- Bill Vermillion - bv @ wjv . com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: half-duplex
On Tue, Sep 05, 2006 at 12:18 , after knocking over a stack of dishes on the heat sink Sam Wun wondered out loud about: > Hi, > I am running a FreeBSD 5.4 stable as a network router. > I don't know any reason why one of the ethernet ports becomes half-duplex. > Here is its detail: > em1: flags=8843 mtu 1500 >options=b >inet 60.1.2.3 netmask 0xfffc broadcast 220.233.99.39 >ether 00:04:23:bc:3a:d1 >media: Ethernet autoselect (10baseT/UTP ) >status: active > em2: flags=8843 mtu 1500 >options=b >inet 10.1.10.1 netmask 0xff00 broadcast 10.1.10.255 >ether 00:04:23:bc:3a:d2 >media: Ethernet autoselect (1000baseTX ) >status: active > This network card is a Quat Port Intel card. Is there any way > I can "reset" it to full-duplex and 1000baseT without close > down the network connection on em1? I know I can use following > command to change it: ifconfig em1 media 100baseTX mediaopt > full-duplex Well 'em1' shows it is alos 10Mg second. Autoselect >usually< works well but there can be problems with some switches. I am assuming you are using a switch and not a hub - as that won't work FDX. You should be able to set the startup in the settings in your rc.conf with the meidaopt argument. man 4 em shows that only FDX is supported at high speeds - 1000mb/sec. And you are getting only 10mb. Is that what you want. If you are connected to a switch capable of 1000mbit, check the switch settings. Cicso had release notes and indicated 6 ways things will NOT work and one way it will. > but if this not work, it will close down the entire internet > connection, which I try to avoid. I don't know if using the 'mediopt' argument will shut down the entire connection - but you probably are going to have to try. If it works from the commnand line be sure to add it to the startup script so it gets fixed on a reboot. It SHOULD work with auto-select unless you have switch and/or cabling problems. Bill -- Bill Vermillion - bv @ wjv . com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Diagnose co-location networking problem
Earlier in the linear time track, on approximately Tue, Dec 26, 2006 at 18:45 , Stephan Wehner divulged this public information: > I just got a server and put it in a co-location. > It runs RELEASE FreeBSD 6.1-RELEASE #0, pound, lighttpd and ruby > on rails. > Most of the times I find the server responds nicely. But periodically > it doesn't respond properly when accessing its webpages: Type URL in > browser, hit return, no page appears. Try again and again and after a > few times it appears. That sounds like a transport problem between your machine and the server. It could be anywhere on the link. Is the colo doing any rate-limiting? I see this now and then with dropped packets from my machine to my servers. And I control the colo with a rack we have in the Level 3 space so I can trace the problems. One of the strangest - with intermittent long delays in packet returns made me think I had a problem with Level 3. I contact the NOC in the Denver area, and they checked, and saw no problems on their net, but they checked further, and what was happening was the my packets were a different route back to me than going to the server. [this is not a bug but it doesn't happen very often - usually when someone screws things up in routers]. Packets left Orlando via Sprint, went to Texas, crossed over to Level 3 there, back to Orlando and my rack, and then they would go out onto Level 3, and then go to a Sprinr router in Washington and come back through Atlanta. So the first thing I'd suggest is checking your connections via traceroute. And >>IF<< your provider does not block RECORD ROUTE and if the hop count is under 8 - you can try ping -R . That will show you the IP addresses from which the packets are leaving, as opposed to the addresses they are going to. > Other sites are accessible during these problematic times. Also, in > parallel I am connected to the server through ssh, and there are not > problems with that. Even during those times when the web pages don't > appear, I can type and see the result. When you way 'other sites are accessible' do you mean other sites on your machine, or other sites on the 'net. And what about other sites that are located in that colo that you don't control? > Before installing it at the datacentre, the server was working without > problems on the local network. Well there is always the chance the moving it created a problem - something shook loose. I've had the reverse when I was heading up a recording studio. Some of the early digital equipment we had would get flaky. We'd ship it by FedEX to the factory, and they'd find nothing, but change out something that may have caused it. Three times FedEX cured the problem in shipping - and each time another piece was changed. Finally - on number 4 - it worked at the factory, but they changed ALL the internal cables - and that fixed it permanently. It was the vibration in shipment that temporarily fixed things - but shipping an item out wasn't what I call a good fix :-) > So I am thinking the problem may be with the co-location operation. As above - it could be the colo - or it could be your network connections to the colo. Bill -- Bill Vermillion - bv @ wjv . com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Diagnose co-location networking problem
On or about Wed, Dec 27, 2006 at 22:08 , while attempting a Zarathustra emulation Stephan Wehner thus spake: > Ok, this is a little unfortunate: I can't run traceroute from > the client PC (the service provider doesn't seem to like it). > (Nor can I use ping) So login to the FreeBSD machine and trace back to your client IP - or as close as you can get. That may mean just to the edge of your current provider but that may give you some idea. Bill -- Bill Vermillion - bv @ wjv . com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Diagnose co-location networking problem
Wise men talk because they have something to say, however on Thu, Dec 28, 2006 at 08:31 , Stephan Wehner just had to say something so we heard: > >So login to the FreeBSD machine and trace back to your client IP - > >or as close as you can get. That may mean just to the edge of your > >current provider but that may give you some idea. > Ok, here is the result. > $ traceroute 64.114.83.92 > traceroute to 64.114.83.92 (64.114.83.92), 64 hops max, 40 byte packets > 1 VPS-18-137.virtualprivateservers.ca (65.110.18.137) 1.098 ms > 0.991 ms 1.151 ms > 2 a.core.65-110-0-1.van.data-fortress.com (65.110.0.1) 4.357 ms > 1.557 ms 1.147 ms > 3 64.69.87.37 (64.69.87.37) 1.740 ms 1.255 ms 1.150 ms > 4 216.187.88.241 (216.187.88.241) 1.742 ms 2.438 ms 2.182 ms > 5 204.239.129.214 (204.239.129.214) 1.910 ms 2.881 ms 3.489 ms > 6 nwmrbc01dr02.bb.telus.com (154.11.4.72) 5.095 ms 3.309 ms 2.322 ms > 7 64.114.45.106 (64.114.45.106) 6.555 ms 80.103 ms 9.048 ms > 8 * * * > 9 * * * > 10 * * * > 11 * * * > 12 * * * > > What does this tell?? Well there in no name associated with 64.114.45.106. Whos shows that is allocated to Telus Communications in Burnaby, British Columbia. The IP right before that is also a Telus IP. So the next question is - what connects to 64.114.45.106. Is that an IP assigned to you and then you use NAT and/oa PAT to translate to local address. You target IP is in the same block that Telos is allocated as they have 64.114.0.0 thru 64.114.255.255 The target IP does have a name associated with it and that is zz83902.cipherkey.net. Cipherkey.net is shown as being located in Richmond BC. Are they providing services for you. If so you might check with them. > By the way, other servers look "good". Meaning when I repeatedly > access other websites (not my own) I don't see failures. That sounds like throttling or as another poster said some firewall/filtering taking place. I find the same problem as you do tracing to www.buckmaster.ca. I can't traceroute to it as it stops resonding at 64.114.45.106, so I'd say they are blocking things at that point - which isn't helping at all :-( o However the site comes up very fast. Bill > -- > Stephan Wehner > >http://stephan.sugarmotor.org > >http://stephansmap.org > >http://www.trafficlife.com > >http://www.buckmaster.ca -- Bill Vermillion - bv @ wjv . com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Troubleshooting aliases.
Somewhere around Sat, Mar 17, 2007 at 14:10 , the world stopped and listened as Colin Waring graced us with this profound tidbit of wisdom that would fulfill the enjoyment of future generations: > Hi folks, > Been running into brick walls since last night on this one. > Situation is that our server has 6.1-RELEASE on it with four IP addresses. > > The section of rc.conf is this: > > ifconfig_em0="inet a.a.a.a netmask 255.255.255.0" > ifconfig_em0_alias0="inet a.a.a.b netmask 255.255.255.255" > ifconfig_em0_alias1="inet a.a.a.c netmask 255.255.255.255" > ifconfig_em0_alias2="inet a.a.a.d netmask 255.255.255.255" > For some reason, with no updates or changes both a.a.a.b and > a.a.a.c have stopped working properly. a.a.a.a works fine, as > does a.a.a.d. > > Unfortunately, the nameservers for the domains hosted on the > server use a.a.a.b and a.a.a.c! > So basically I can't figure out what's up as .d works fine..anyone able to > help me with some suggestions of where to look for fixing .b and .c? You showed up your rc.conf. What might be more helpful is the output of 'ifconfig'. Perhaps the aliases have been deleted. Bill -- Bill Vermillion - bv @ wjv . com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: help needed regarding named please
Earlier in the linear time track, on approximately Wed, Jun 04, 2003 at 01:57 , Maxime Shatterdivulged this public information: > I got an error while adding a zone in my named configuration, the zone is properly > setted and added in named.conf. Here is the error I got in /var/log/message: > Jun 4 05:49:36 webhosting named[37915]: master zone "lamedomain.com" (IN) rejected > due to errors (serial 2003040614) > Jun 4 05:49:36 webhosting named[37915]: zones/lamedomain.com:12: Database error > near (ns3.isp.com.) > Jun 4 05:49:36 webhosting named[37915]: zones/lamedomain.com:13: Database error > near (ns3.isp.com.) > Jun 4 05:49:36 webhosting named[37915]: zones/lamedomain.com:15: Database error > near (ns3.isp.com.) > Can someone help me resolving this please ? Or is there a way that named don't care > about that serial and take new zones in charge even if this serial is "not good" ? The other poster pointed out that your error is in lines 12, 13, and 15 of zone/lamddomain.com I've always used 'nslint' - in the ports tree - to check everything after I make any changes. It's a good tool to keep handy. Bill -- Bill Vermillion - bv @ wjv . com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Typo in /etc/services
On Sat, Jun 21, 2003 at 17:36 , while denying his reply is spam, Daniel Gustafson prattled on endlessly saying: > When doing some maintenance on my server i found what I believe to be a > typo in the /etc/services file on the novastorbackup rows. > -novastorbakcup 308/tcp#novastor backup > -novastorbakcup 308/udp#novastor backup > +novastorbackup 308/tcp#novastor backup > +novastorbackup 308/udp#novastor backup > The attached patch fixes this. This was found on my 4.7-STABLE machine > but appears according to the cvsweb to bre present in at least > 5.1-RELEASE. That's the wrong place to fix this. The 'bakcup' spelling has been there quite a long time in the OFFICIAL port numbers. See http://www.iana.org/assignments/port-numbers IOW it is not a FreeBSD problem but is in the distribution from IANA. I have no idea on how to get them to fix it. The last official update at IANA shows June 18 of this year, and it is still spelled bakcup. Bill -- Bill Vermillion - bv @ wjv . com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Lots of input errors...
Mike Hoskins, the prominent pundit, on Wed, Jun 25, 2003 at 17:13 while half mumbling, half-witicized: > On Wed, 25 Jun 2003, Shawn Ramsey wrote: > > > I don't know offhand, it connects to another company, as its > > our internet connection. We will contact them and see if they > > can tell us what the stats (if any, I believe its a Cisco). > > The card is forced to 100BT/FD on our end, and im sure it is > > on the other end, though I will have them double check that > > as well. Performance at autoneg is terrible fwiw... > Ahh, Cisco's signature mark. ;) If you know you'll always use > 100BT/FD, it wouldn't hurt to have your ISP set the port to > that as well (just to be safe). A good reference to all the negotiation problems with Cisco can be found at: http://www.cisco.com/warp/public/473/46.html > [EMAIL PROTECTED] mailing list Bill -- Bill Vermillion - bv @ wjv . com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sendmail
When asked his whereabouts on Wed, Sep 10, 2003 at 15:00 , Eicke took the fifth, drank it, and then slurred: > Hi folks, > I have a machine with FreeBSD 4.6 and Sendmail 8.12.3 > I need only sent e-mails using this machine. My rc.conf contents the > following: > sendmail_enable="NONE" That disable sendmail entirely. > > When I try to send a simple mail an error occours: > # cat /etc/rc.conf | mail [EMAIL PROTECTED] > # can not chdir(/var/spool/clientmqueue/): Permission denied > Program mode requires special privileges, e.g., root or TrustedUser. In /etc/rc.conf try this. sendmail_submit_enable="YES"for local use or sendmail_submit_outbound="YES" For best results tryman 8 rc.sendmail. Bill -- Bill Vermillion - bv @ wjv . com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: named sandbox trouble
On Sun, Oct 12, 2003 at 15:47 , while denying his reply is spam, Robert Downes prattled on endlessly saying: > > >Are the entries fully qualified? > >What does your resolv.conf look like? > >Do any other apps complain? > >I'd have to look at the MySQL install scripts to be sure, but I > >can't fathom why MySQL would go out of it's way to sneak around the > >resolver... > I've realised that my /etc/resolv.conf is being overwritten on every > reboot. I assumed this was because of DHCP, but disabling DHCP meant > that my network connection was disabled. I don't know off hand what is causing that you can keep that from happening by running as rootchflags schg /etc/resolv.conf That will buy you time until you figure things out. Anytime you need to modify that file - even as root - you have to runchflags noschg /etc/resolv.conf. See man chflags for further information. > [EMAIL PROTECTED] mailing list Bill -- Bill Vermillion - bv @ wjv . com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: iMac and FreeBSD performance problems
Even though on Fri, Oct 31, 2003 at 01:01 Keith Mitchell realized that everything he says should be taken cum grano salis, he unhesitatingly continued with this missive: > I'm trying to figure out why my FreeBSD box and my iMac are having > trouble communicating at 100 Mbs full-duplex. > To briefly describe my LAN setup, I have a 16port linksys > 10/100 ethernet switch connected to two FreeBSD systems, an > iMac, a PC and some other miscellaneous stuff. Everything works > fine except the interaction between the iMac and the FreeBSD > machines. > What I see is extremely slow transfers (FTP/TFTP at least) from > the FreeBSD machines to the iMac. The reverse direction (from > the iMac to the FreeBSD machiens work fine). If this isn't bad > enough, if I connect the iMac to a 10BT hub instead of the > ethernet switch then everything seems to work fine as well. > The iMac can talk to all the other equipment without a problem > when its connected to the ethernet switch. Likewise the FreeBSD > machines can talk to each other without any problems and to all > of the other networking equipment they just can't talk to > the iMac efficiently. I've seen this as a client has 2 G4s and an xrack in our rack space. All machines go through a Cisco 2948, that goes through a bride on an Etinc BWManager, to a 7120, then to the facility gigabit switch. Transfers between any of the Apple machines are blazingly fast. >From the FBSD machines in the rack to anywhere else speed is fast. But between the BSD and the Apples speed drops to the 10KB ranage at times. >From the outside world the transfers from the BSD machines are limited only by connectivity and I got 6Mb/sec transfers from some SW at AT&T to the local machines recently - as we are on a Level 3 backbone and it's fast. I've also heard via a 3rd party that a person we are associated with at Omneon Video Technologies [omneon.com] that they had the problem there. They reportedly got a patch from Apple on this, but this appears to be something which is not distributed. Last week I was at an SACD listening party given by an engineer friend of mine and they were all engineers, musicians, producers, etc., and all used Macs and ProTools. A well known CD mastering engineer asked me if I knew why is Mac to XP transfers were so slow. So this a problem - not widespread - and not occuring everywhere. It's just some machines at some times. Just throwing this out as it appears not be isolated but not a big enough problem that Apple addressed in a general patch/fix - IF what I was told that what Omneon experienced is true. > Anyone have any clues on this bizarre problem? No. But I'm going to see if I can trace down what I have heard, that may only be rumors. Bill -- Bill Vermillion - bv @ wjv . com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: suffering from poor network performance...
On Tue, Dec 16, 2003 at 17:58 , while impersonating an expert on the internet, Alex sent this to stdout: > First, I know very little about networking, especially > performance turning. I would really like to learn more but don't > know where/how to start effectively. > I have a small home network with a PowerBook G4 and FBSD > 4.9-STABLE connected through a Netgear DS108 hub (10/100). The > FBSD box is a dual Xeon 500MHz with Intel Etherexpress 100/Pro > (MS440GX motherboard). If for some reason it makes a difference, > there is an RT311 router connected to the hub as well. This is > the router through which these machines see the internet. There > are other machines connected to the network. However, they are > currently turned off. > In my limited knowledge I'm using ping from each host to the > other. From the FBSD system to the G4 system, I'm getting nearly > 60% packet loss and about 20% in the other direction. I'm ready > to use tcpdump but I'm not sure how I would. How can/should I go > about improving network performance? I've not tried the ping but I'm seeing exceptionally poor performance on G4s to FreeBSD. The G4's can ftp to each other at about 8-9MB/sec, as can the FreeBSDs. They are on a Cisco 2948 switch. But ftp from BSD to G4 is in the order of 20-40KB/sec while G4 to FreeBSD is about 1/2 that. This was first noted by a client who has a G4 in our rack and have a very large flash file on their front page. I've also heard annecdotal reports of slow G4 to MS machines too. But not everyone has this and I can't seem to find an answer. And I have NO problems with pings. Just data transfer. One G4 runs high load as shown under very little CPU available under top, while the other is far less stressed. Bill -- Bill Vermillion - bv @ wjv . com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Configuring DNS on a machine connected temporary to the internet
On Fri, Dec 26, 2003 at 15:29 , Marc van Woerkom exclaimed "Las Cucarachas entran, Pero no puede en salir", and then rambled on saying with: > My machine is connected to the internet via an ISDN modem, using kernel > ppp and i4b. > If the link is up, it resolves symbolic names by asking some > nameserver. > If the link is down, it should just use /etc/hosts to > resolve "localhost" and the name of the second computer > attached to it by an ethernet link. > My problem is that if the ISDN link is down, even > a lookup of "localhost" doesn't work. > What do you recommend as configuration settings? > I seem to get stuck. Is the order in you /etc/host.conf file set to hosts bind Are the names in you /etc/hosts file correct. IP first then FQDN followed by short name. You didn't give details that they are this way. -- Bill Vermillion - bv @ wjv . com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Looking for switch recommendations ...
"Bits dont fail me now!" was what Marc G. Fournier muttered as he hastily typed this on Fri, Mar 26, 2004 at 12:05 : > I'm looking at replacing my el'cheapo switch with something > better that will allow me to fix my issues with the > em/full-duplex problem ... > I'm looking for ssomething managed, as well as SNMP aware so > that I can tie it into Zabbix for monitoring ... something 8 or > 12 port preferred. > Cisco, of course, is always a big name ... but also expensive ... oen > recommendation is the xl 1900, but I can't find any specs on her at > cisco's site, so discontinued product? Cisco is expensive - and the used market price stays up too. But the small ISP I work with needed something that did more than their Cisco 2948 [early model]. They got a Foundry Networks Netiron 24 port - used - from eBay. It is is a level 3 switch and it can be turned into router only or router/switch. $400. Not being a name-brand that small business equate like they do Cisco the used prices are just a fraction of the comparable Cisco product. I see similar one for $495 =buy-now= and they have been lower. Bill -- Bill Vermillion - bv @ wjv . com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
