Re: How to get file from nfs id
On 11/07/2013 06:47, Radek Krejc(a wrote: Hello, I have problem with heavy load of my nfsd server. There is connected about 70 diskless machines, but in readonly mode. I catched traffic and get this: 21:00:39.715337 IP diskless-1.3297435097 > storage.nfs: 112 getattr fh Unknown/A27801CEDE115FA30A005CD908007ABA4200570CDB51 21:00:39.716229 IP storage.nfs > diskless-1.3297435097: reply ok 112 getattr REG 444 ids 0/0 sz 64944 21:00:39.716463 IP diskless-1.3297435098 > storage.nfs: 112 getattr fh Unknown/A27801CEDE115FA30A0043DE08007CBA4200570CDB51 21:00:39.719112 IP storage.nfs > diskless-1.3297435098: reply ok 112 getattr REG 444 ids 0/0 sz 82800 21:00:39.719453 IP diskless-1.3297435099 > storage.nfs: 112 getattr fh Unknown/A27801CEDE115FA30A0043DE08007CBA4200570CDB51 21:00:39.721636 IP storage.nfs > diskless-1.3297435099: reply ok 112 getattr REG 444 ids 0/0 sz 82800 Why is the same machine requesting chmod of the same file and is there any way to find out name of file from this long id? Thank you Radek Sorry - I don't think there's an easy answer to this but someone who knows more about nfsd may be along soon. However, if no better idea turns up you could try using dtrace to monitor the underlying calls (or hack nfsd?). I have thought about doing this myself, but it is only available in new FreeBSD releases and the DTrace user guide (from Sun) is 60 pages long and gives me a headache. I know Linux people do something similar using SystemTap. Is the attribute caching on the client set correctly? Or even working (bug?) BTW, what you're seeing isn't unusual. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: prevent ip conflict in dhcp client
This all sounds like a very strange thing to be doing! But I hate it
when people answer my questions with "Why would you want to do that", so
I won't.
Binding an IPv4 address using a MAC address, which is the answer to a
lot of DHCP problems. But your explanation "my client acts like a
router" set alarm bells ringing. What exactly are you trying to do, and
are you aware that routers aren't (normally) configured using DHCP? If
you've got any kind of normal Internet line it will receive it's IP
address using LCP (the NCP part, and the IPCP to be precise). Or at
least, that's how I think it normally works.
Regards, Frank.
On 11/07/2013 12:43, krad wrote:
ops %s/rand/range/
On 11 July 2013 12:42, krad wrote:
alter the pool rand on the network to use say, x.x.x.1-199 on a /24, and
then allocate your statics >200 but <= 254 or add something similar to your
isc-dhcp config
host host.intranet {
hardware ethernet c8:60:33:1d:f3:57;
fixed-address 192.168.210.81;
option host-name "host.intranet";
}
Alternatively use ipv6 as the automatic ip address configuration tests
exactly like you commented on
On 11 July 2013 12:18, s m wrote:
thanks Eugene,
you're right but i forgot to say that my client acts like a router. i mean
none of interfaces should have ip address in same range (this is conflict
for me). i can manage each interface to get ip address from DHCP or
manually. so one interface may get ip address from dhcp server whereas all
others have ip addresses which are set manually.
for this situation, do you have any ideas to avoid ip conflict?
thanks again for your attention
SAM
On Thu, Jul 11, 2013 at 3:06 PM, Eugene wrote:
Hi Sam,
Actually I think this is wrong approach. Correctly configured networks
should be consistent and should not need such 'fixes'. Also you should
observe the IP provided by upstream DHCP server otherwise it is an
invitation for trouble (both technical and possibly legal).
Are the 'other' interfaces in your internal networks? Then you should
change them to use different address block from that used in your
provider's network (there are many address blocks for private networks).
And/or you should talk to your admin and discuss the address policy,
maybe
they can give you a fixed address.
Best wishes
Eugene
-Original Message- From: s m
Sent: Thursday, July 11, 2013 2:19 PM
To: freebsd-questions
Subject: prevent ip conflict in dhcp client
hello all
i have a question about dhcp client. i want to know if there is any way
to
understand the ip address which is offered by server before it assigned
to
the interface.
i have a freebsd system which one of its interfaces should get ip
address
from dhcp server whereas other interfaces have ip addresses and their ip
address change many times. so i want to prevent ip conflict. is there
any
way to prevent ip conflict in this situation?
i think the best way is to know the ip address which is offered by dhcp
server before assigning it to interface and check if it has conflict
with
others or not. is it possible? if yes, how i can do this?
any comments or hints are appreciated.
thanks in advance
SAM
__**_
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/**mailman/listinfo/freebsd-**questions<
http://lists.freebsd.org/mailman/listinfo/freebsd-questions>
To unsubscribe, send any mail to "freebsd-questions-**
unsubscr...@freebsd.org "
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "
freebsd-questions-unsubscr...@freebsd.org"
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to"freebsd-questions-unsubscr...@freebsd.org"
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: jls usage
On 12/07/2013 02:33, Teske, Devin wrote:
On Jul 11, 2013, at 6:19 PM, Fbsd8 wrote:
In a .sh script I'm trying to get the jid for a single jail using this code
jid=`jls -j jailname | cut -f 1- | awk '{print $1}'`
Looks a little over complicated... why not just..
jls -j jailname jid
I've never got the -j option to work on jail names, only jail IDs. I've
tried using the actual jail name, and the hostname to be sure - nothing
- and on checking (jls -v) I'm somehow ending up with the Name being the
same as the ID. I just put this down to a quirk/bug (it's there in
8.2-9) but it sounds like it's not an issue for anyone else. I'm
defining them in rc.conf:
jail_enable="yes"
jail_list="one two three"
jail_agnet_rootdir="/usr/jail/one"
jail_agnet_hostname="one.mydomain.com"
jail_agnet_ip="123.123.123.123"
jail_agnet_devfs_enable="yes"
jail_agnet_devfs_ruleset="devfsrules_jail"
etc...
jls -v produces:
JID Hostname Path
Name State
CPUSetID
IP Address(es)
1 one.mydomain.com /usr/jail/one
1 ACTIVE
2
123.123.123.123
Everything works just fine, and has done for years, except jls -j
jailname. It's zero-impact on me as it's no problem referring to them by
number (which doesn't change) but if anyone could tell me what I'm doing
wrong I'd be very interested to know. Or at least it'd be good to know
I'm not the only one with the problem.
Thanks, Frank.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: jls usage
On 12/07/2013 15:20, Teske, Devin wrote:
On Jul 12, 2013, at 2:35 AM, Frank Leonhardt wrote:
On 12/07/2013 02:33, Teske, Devin wrote:
On Jul 11, 2013, at 6:19 PM, Fbsd8 wrote:
In a .sh script I'm trying to get the jid for a single jail using this code
jid=`jls -j jailname | cut -f 1- | awk '{print $1}'`
Looks a little over complicated... why not just..
jls -j jailname jid
I've never got the -j option to work on jail names, only jail IDs.
Misconfiguration; keep reading.
I've tried using the actual jail name, and the hostname to be sure - nothing -
and on checking (jls -v) I'm somehow ending up with the Name being the same as
the ID. I just put this down to a quirk/bug (it's there in 8.2-9) but it sounds
like it's not an issue for anyone else. I'm defining them in rc.conf:
jail_enable="yes"
jail_list="one two three"
jail_agnet_rootdir="/usr/jail/one"
jail_agnet_hostname="one.mydomain.com"
jail_agnet_ip="123.123.123.123"
jail_agnet_devfs_enable="yes"
jail_agnet_devfs_ruleset="devfsrules_jail"
You've configured "one" and "two" and "three" in your jail_list, but quite
oddly...
You have not defined "jail_one_*" or "jail_two_*" or "jail_three_*".
I'm extremely confused as to how your jail even started!
Sorry - should have said I'd obfuscated the IP addresses and hostnames
(it's not really "one.mydomain.com" ;-) ) Unfortunately I forgot to
obfuscate the jail name as fully as I thought in the startup lines. It
should have read jail_one_rootdir &c.
As I said, it's been working happily for years on lots of different
installations and they're all configured the same. The only weirdness is
that the jail name appears in the table as it's number.
Regards, Frank.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: jls usage
I've tried using the actual jail name, and the hostname to be sure - nothing - and on checking (jls -v) I'm somehow ending up with the Name being the same as the ID. I just put this down to a quirk/bug (it's there in 8.2-9) but it sounds like it's not an issue for anyone else. I'm defining them in rc.conf: jail_enable="yes" jail_list="one two three" jail_agnet_rootdir="/usr/jail/one" jail_agnet_hostname="one.mydomain.com" jail_agnet_ip="123.123.123.123" jail_agnet_devfs_enable="yes" jail_agnet_devfs_ruleset="devfsrules_jail" You've configured "one" and "two" and "three" in your jail_list, but quite oddly... You have not defined "jail_one_*" or "jail_two_*" or "jail_three_*". I'm extremely confused as to how your jail even started! Sorry - should have said I'd obfuscated the IP addresses and hostnames (it's not really "one.mydomain.com" ;-) ) Unfortunately I forgot to obfuscate the jail name as fully as I thought in the startup lines. It should have read jail_one_rootdir &c. As I said, it's been working happily for years on lots of different installations and they're all configured the same. The only weirdness is that the jail name appears in the table as it's number. A further clarification - I know using the jail utility defaults the jail name to that of its ID if you don't specify one, and presume this is the mechanism messing it up here. However as I've gone to the trouble of configuring them in rc.conf with names, listing said names in jail_list and when commands like: service jail start one service jail stop one work just fine, I don't see what I'm doing wrong! Incidentally, it doesn't matter if I start them at boot time or start/stop later - the jail name always sets to the jail-iD, and not the name specified. I suspect a bug in the rc.d script, but I can't be the first person to notice, can I??? I'll take a look. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: jls usage
On 12/07/2013 16:32, Frank Leonhardt wrote:
I've tried using the actual jail name, and the hostname to be sure -
nothing - and on checking (jls -v) I'm somehow ending up with the Name
being the same as the ID. I just put this down to a quirk/bug (it's
there in 8.2-9) but it sounds like it's not an issue for anyone else.
I'm defining them in rc.conf:
jail_enable="yes"
jail_list="one two three"
jail_agnet_rootdir="/usr/jail/one"
jail_agnet_hostname="one.mydomain.com"
jail_agnet_ip="123.123.123.123"
jail_agnet_devfs_enable="yes"
jail_agnet_devfs_ruleset="devfsrules_jail"
You've configured "one" and "two" and "three" in your jail_list, but
quite oddly...
You have not defined "jail_one_*" or "jail_two_*" or "jail_three_*".
I'm extremely confused as to how your jail even started!
Sorry - should have said I'd obfuscated the IP addresses and
hostnames (it's not really "one.mydomain.com" ;-) ) Unfortunately I
forgot to obfuscate the jail name as fully as I thought in the
startup lines. It should have read jail_one_rootdir &c.
As I said, it's been working happily for years on lots of different
installations and they're all configured the same. The only weirdness
is that the jail name appears in the table as it's number.
A further clarification - I know using the jail utility defaults the
jail name to that of its ID if you don't specify one, and presume this
is the mechanism messing it up here. However as I've gone to the
trouble of configuring them in rc.conf with names, listing said names
in jail_list and when commands like:
service jail start one
service jail stop one
work just fine, I don't see what I'm doing wrong! Incidentally, it
doesn't matter if I start them at boot time or start/stop later - the
jail name always sets to the jail-iD, and not the name specified. I
suspect a bug in the rc.d script, but I can't be the first person to
notice, can I??? I'll take a look.
Okay - answering my own question and solved... It's a bug (or is that a
feature?).
In /etc/rc.d/jail line 647 it currently reads:
eval ${_setfib} jail ${_flags} -i ${_rootdir}
${_hostname} \
\"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 \
eval ${_setfib} jail ${_flags} -n ${_jail} -i
${_rootdir} ${_hostname} \
\"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 \
Once changed, everything works find and your jails are named as per the
rc.conf file definitions. Can anyone think of a reason for NOT fixing this?
Regards, Frank.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: jls usage
On 13/07/2013 05:12, Shane Ambler wrote:
On 13/07/2013 01:26, Frank Leonhardt wrote:
Okay - answering my own question and solved... It's a bug (or is that a
feature?).
In /etc/rc.d/jail line 647 it currently reads:
eval ${_setfib} jail ${_flags} -i ${_rootdir}
${_hostname} \
\"${_addrl}\" ${_exec_start} > ${_tmp_jail}
2>&1 \
\"${_addrl}\" ${_exec_start} > ${_tmp_jail}
2>&1 \
rc.conf file definitions. Can anyone think of a reason for NOT fixing
this?
Go with bug ;-) - fix (improvement?) is working it's way through.
You mentioned running 8.2 so I wondered if it has changed.
If you look through the source tree you will find in 8.4 that line has
the -n ${_jail} addition plus some other extras.
Looks like it showed up in stable/8 at r242083 as part of a larger
improvement.
Yeah, I spotted that but only after I put in a change request :-(
Someone did exactly the same change last July but it wasn't a PR. It's
in head (revision 238102) and I suspect it's now in 9.1.
Next question: How do you kill a PR you've changed your mind about?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: to gmirror or to ZFS
On 16/07/2013 10:41, Shane Ambler wrote: On 16/07/2013 14:41, aurfalien wrote: On Jul 15, 2013, at 9:23 PM, Warren Block wrote: On Mon, 15 Jul 2013, aurfalien wrote: ... thats the question :) At any rate, I'm building a rather large 100+TB NAS using ZFS. However for my OS, should I also ZFS or simply gmirror as I've a dedicated pair of 256GB SSD drives for it. I didn't ask for SSD sys drives, this system just came with em. This is more of a best practices q. ZFS has data integrity checking, gmirror has low RAM overhead. gmirror is, at present, restricted to MBR partitioning due to metadata conflicts with GPT, so 2TB is the maximum size. Best practices... depends on your use. gmirror for the system leaves more RAM for ZFS. Perfect, thanks Warren. Just what I was looking for. I doubt that you would save any ram having the os on a non-zfs drive as you will already be using zfs chances are that non-zfs drives would only increase ram usage by adding a second cache. zfs uses it's own cache system and isn't going to share it's cache with other system managed drives. I'm not actually certain if the system cache still sits above zfs cache or not, I think I read it bypasses the traditional drive cache. For zfs cache you can set the max usage by adjusting vfs.zfs.arc_max that is a system wide setting and isn't going to increase if you have two zpools. Tip: set the arc_max value - by default zfs will use all physical ram for cache, set it to be sure you have enough ram left for any services you want running. Have you considered using one or both SSD drives with zfs? They can be added as cache or log devices to help performance. See man zpool under Intent Log and Cache Devices. I agree with the sentiment of using the SSD as ZFS cache - it's possibly the only logical use for them. I guess that with 100Tb worth of Winchesters you're not on a very tight budget, and not too tight on RAM for the OS either. If I was going to do this I'd stick with the OS on UFS and a gmirror because I simply don't trust ZFS. This is based on pure prejudice and inexperience. I know how to arrange disks on a UNIX file system for performance - what to use for swap, where tmp files should go and so on. I also know where every file will be, physically, in the event of trouble. And here's the clincher: If the machine blows up I can simply take one of the mirrored drives, slap it in to some new hardware and I've got a very reasonable chance that it'll boot. Can I do this with ZFS? I get the feeling that the answer is an emphatic "maybe". So all things considered, I'd need a good reason not to stick with what I know works reliably and can be recovered in the event of a disaster (UFS), but I'm happy to watch and learn from everyone else's experience! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: to gmirror or to ZFS
On 16/07/2013 20:48, Charles Swiger wrote: Hi-- On Jul 16, 2013, at 11:27 AM, Johan Hendriks wrote: Well, "don't do that". :-) When the server reboots because of a powerfailure at night, then it boots. Then it starts to rebuild the mirror on its own, and later the fsck kicks in. Not much i can do about it. Maybe i should have done it without the automatic attachment for a new device. It's normally the case that getting a hot spare automatically attached should be fine, but not if you also have the box go down entirely and need to fsck. I'm more used to needing to explicitly physically swap out a failed mirror component, in which case one can make sure the system is OK before the replacement drive goes in. Agreed. Blaming gmirror for this kind of thing overlooks the overall design and operating procedures of the system, and assuming ZFS would have been any better may be wishful thinking. I've had plenty of gmirror crashes over the years, and they have all been recoverable. One thing I never allow it to do is to rebuild automatically. That's something for a human to initiate once the problem has been identified, and if it's flaky power in the data centre the job is postponed until I'm satisfied it's not going to drop during the rebuild. IME, one power failure is normally followed by several more. It's worth noting, as a warning for anyone who hasn't been there, that the number of times a second drive in a RAID system fails during a rebuild is higher than would be expected. During a rebuild the remaining drives get thrashed, hot, and if they're on the edge, that's when they're going to go. And at the most inconvenient time. Okay - obvious when you think about it, but this tends to be too late. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: dhcp server returns core dump when i define network with mask 8
On 23/07/2013 09:03, jb wrote:
s m gmail.com> writes:
...
subnet 192.0.0.0 netmask 255.0.0.0 {
range 192.0.0.1 192.255.255.255;
The 'range' denotes IP addresses that can be allocated to clients.
The IP 192.255.255.255 is a reserved broadcast address for the network.
jb
It's definitely "bad idea" to try to use it, but it doesn't explain the
core dump.
Also, using DHCP to dish out addresses that don't belong to you AND
aren't on a private network (as defined by IANA) will probably lead to
trouble. Valid private address ranges are:
10.0.0.0 - 10.255.255.255 (private class A)
172.16.0.0 - 172.31.255.255 (private class B x 16)
192.168.0.0 - 192.168.255.255 (private class C x 256)
Which block you use is really a matter of taste - classes haven't been
used in routing for quite a while so you can consider them all as
straight blocks but I (for one) still treat them as classed just to help
me visualise what's what. For example, I'll use one class C per site to
prevent conflicts over VPN.
192.0.0.0/24 addresses are allocated to real hosts on the wider
internet, although IIRC some of the lower ones are reserved for use in
documentation (like example.com) - is that where the idea came from?!? :-)
Regards, Frank.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: dhcp server returns core dump when i define network with mask 8
On 23/07/2013 09:45, s m wrote:
On Tue, Jul 23, 2013 at 12:56 PM, Frank Leonhardt wrote:
On 23/07/2013 09:03, jb wrote:
s m gmail.com> writes:
...
subnet 192.0.0.0 netmask 255.0.0.0 {
range 192.0.0.1 192.255.255.255;
The 'range' denotes IP addresses that can be allocated to clients.
The IP 192.255.255.255 is a reserved broadcast address for the network.
jb
It's definitely "bad idea" to try to use it, but it doesn't explain the
core dump.
Also, using DHCP to dish out addresses that don't belong to you AND aren't
on a private network (as defined by IANA) will probably lead to trouble.
Valid private address ranges are:
10.0.0.0 - 10.255.255.255 (private class A)
172.16.0.0 - 172.31.255.255 (private class B x 16)
192.168.0.0 - 192.168.255.255 (private class C x 256)
Which block you use is really a matter of taste - classes haven't been
used in routing for quite a while so you can consider them all as straight
blocks but I (for one) still treat them as classed just to help me
visualise what's what. For example, I'll use one class C per site to
prevent conflicts over VPN.
192.0.0.0/24 addresses are allocated to real hosts on the wider internet,
although IIRC some of the lower ones are reserved for use in documentation
(like example.com) - is that where the idea came from?!? :-)
Regards, Frank.
thanks Frank,
192 is just a sample. if i want to define 125.0.0.0 netmask 255.0.0.0, dhcp
server core dump either. you're right, it is better to use just some
limited addresses to avoid possible troubles. but i want to run my dhcp
server for all possible networks.
now my question is: if i define a network with mask 8, the rang should be
like: 126.0.0.0 126.254.255.255?
and thank you jb but if i define my network like below, server runs
correctly:
log-facility local7;
subnet 192.168.0.0 netmask 255.255.0.0 {
range 192.168.0.1 192.168.255.255;
}
i think 192.168.255.55 is reserved for broadcast too. is it not true? if
yes, why dhcp server works correctly?
please help me to clear my mind.
regards,
SAM
If you are connected to the Internet, using addresses like 125.0.0.0
will cause trouble. You can ONLY use private addresses on local
networks. If you are in a lab, and you are not connected to the
Internet, it's okay. I am worried when you say "I want to use my DHCP
server for all possible networks" - I do not understand what you mean
but it sounds dangerous!
There are two common ways of defining a subnet mask - one is a dotted
quad (e.g. 255.255.255.0) and the other is with a slash and the number
of low-order bits - e.g. 192.168.1.0/8. Eight bits here means you get
2^8 addresses (i.e. 256). Don't use the first and last address in the
range - the first is "complicated" (the network address) and the last is
for broadcast packets. This doesn't always hold true but you're unlikely
to come across exceptions.
So, when you say you want to define a "network with mask 8" I don't
really know what you mean from your example. Do you mean a /8?
192.168.1.0/8 = range 192.168.1.1192.168.1.254 with a subnet mask of
255.255.255.0 (0xFF00)
However, you don't normally put the whole range in the DHCP pool. For
practical reasons you'll need a router or gateway in there somewhere on
a fixed address, and by convention that either goes on .1 or .254.
Regards, Frank.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: dhcp server returns core dump when i define network with mask 8
On 23/07/2013 13:35, j.mcke...@ru.ac.za wrote: Quoting Frank Leonhardt : There are two common ways of defining a subnet mask - one is a dotted quad (e.g. 255.255.255.0) and the other is with a slash and the number of low-order bits - e.g. 192.168.1.0/8. Eight bits here means you get 2^8 addresses (i.e. 256). Don't use the first and last address in the range - the first is "complicated" (the network address) and the last is for broadcast packets. This doesn't always hold true but you're unlikely to come across exceptions. This is the wrong way round. the number after the slash indicates the number of bits in the network address - the high-order bits. So, when you say you want to define a "network with mask 8" I don't really know what you mean from your example. Do you mean a /8? 192.168.1.0/8 = range 192.168.1.1192.168.1.254 with a subnet mask of 255.255.255.0 (0xFF00) Nope. 192.168.1.0/24 = 192.168.1.1-255 mask 255.255.255.0. 192.168.1.0/8 doesn't start where you think it does (and is arguably the wrong way to specify that network) because all but the first 8 bits are masked out - it's 192.0.0.0 - 192.255.255.255. Quite correct - for some reason I got that bit backwards when I'm using it every day the right way around. It's ludicrously hot and humid in London at the moment, lack of sleep caused thereby &c... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: disk is AWOL
On 26/07/2013 17:56, Dieter BSD wrote: 8.2 amd64 ad8 is a 3TB Seagate on nforce4-ultra controller At boot: ad8: 2861588MB at ata4-master UDMA100 SATA 3Gb/s DEBUG g_part_gpt.c gpt_read_hdr() ad8 succeeded with pp->sectorsize=512 An hour later: # dd if=/dev/ad8 bs=4k count=1 of=/dev/null dd: /dev/ad8: No such file or directory BUT: there was no "ad8: FAILURE - device detached" or similar message on the console, in dmesg, or in /var/log/*. The disk just disappeared without a peep from the kernel. What's going on? Is this repeatable? Does it appear when you reboot and then vanish after a period of time? At boot, what does "atacontrol list" say, and what about before and after you've tried to read from the drive? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Delete a directory, crash the system
On 27/07/2013 13:58, David Noel wrote: Post the stack trace of the core and maybe someone can help you. panic: ufs_dirrem: Bad link count 2 on parent cpuid = 0 KDB: stack backtrace: #0 0x808680fe at kdb_backtrace+0x5e #1 0x80832cb7 at panic+0x187 #2 0x80a700e3 at ufs_rmdir+0x1c3 #3 0x80b7d484 at VOP_RMDIR_APV+0x34 #4 0x808ca32a at kern_rmdirat+0x21a #5 0x80b17cf0 at amd64_syscall+0x450 #6 0x80b03427 at Xfast_syscall+0xf7 I'm taking a guess here - the effective link count when it came to removing the parent directory was only two and it should have been three or more. This gets sanity checked this before proceeding, and panics if it is not. Why an effective link count of three? We're talking about the parent of the directory you're trying to zap, right? There's the link to the directory from its parent, and the '.' link and the ".." link from the directory you're trying to remove. There may be more if it contains other directories, but there can't be less. Anyway - if you only had a link count of just two effective links at the start of the delete process it suggests that the link count was messed up - either a link never existed or its count was wrong. Should the kernel panic? Well it's a situation that can never happen - it could simply remove the directory and pretend everything was okay but guess it was decided it was likely to be a symptom of impending disaster. Other anomalies return an error. In over ten years with FreeBSD systems I can't say I've ever seen this "cannot happen" situation arise. I'd guess you had an interrupted (by power failure) inode operation at some time which caused the corruption. removing a directory is a PITA as it can lead to a race - a context swap could create a file it it mid-way through the process. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Delete a directory, crash the system
On 27/07/2013 19:57, David Noel wrote:
So the system panics in ufs_rmdir(). Maybe the filesystem is
corrupt? Have you tried to fsck(8) it manually?
fsck worked, though I had to boot from a USB image because I couldn't
get into single user.. for some odd reason.
Even if the filesystem is corrupt, ufs_rmdir() shouldn't
panic(), IMHO, but fail gracefully. Hmmm...
Yeah, I was pretty surprised. I think I tried it like 3 times to be
sure... and yeah, each time... kaboom! Who'd have thought. Do I just
post this to the mailing list and hope some benevolent developer
stumbles upon it and takes it upon him/herself to "fix" this, or where
do I find the FreeBSD Suggestion Box? I guess I should file a Problem
Report and see what happens from there.
I was going to raise an issue when the discussion had died down to a
concensus. I also don't think it's reasonable for the kernel to bomb
when it encounters corruption on a disk.
If you want to patch it yourself, edit sys/ufs/ufs/ufs_vnops.c at around
line 2791 change:
if (dp->i_effnlink < 3)
panic("ufs_dirrem: Bad link count %d on parent",
dp->i_effnlink);
To
if (dp->i_effnlink < 3) {
error = EINVAL;
goto out;
}
The ufs_link() call has a similar issue.
I can't see why my mod will break anything, but there's always
unintended consequences. By returning invalid argument, any code above
it should already be handling that condition although the user will be
scratching their head wondering what's wrong with it. Returning ENOENT
or EACCES or ENOTDIR may be better ("No such directory", "Access denied"
or "Not a valid directory").
The trouble is that it's tricky to test properly without finding a good
way to corrupt the link count :-)
Regards, Frank.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Delete a directory, crash the system
On 27/07/2013 20:38, David Noel wrote:
I was going to raise an issue when the discussion had died down to a
concensus. I also don't think it's reasonable for the kernel to bomb
when it encounters corruption on a disk.
If you want to patch it yourself, edit sys/ufs/ufs/ufs_vnops.c at around
line 2791 change:
if (dp->i_effnlink < 3)
panic("ufs_dirrem: Bad link count %d on parent",
dp->i_effnlink);
To
if (dp->i_effnlink < 3) {
error = EINVAL;
goto out;
}
The ufs_link() call has a similar issue.
I can't see why my mod will break anything, but there's always
unintended consequences. By returning invalid argument, any code above
it should already be handling that condition although the user will be
scratching their head wondering what's wrong with it. Returning ENOENT
or EACCES or ENOTDIR may be better ("No such directory", "Access denied"
or "Not a valid directory").
The trouble is that it's tricky to test properly without finding a good
way to corrupt the link count :-)
Regards, Frank.
Cool. Thanks for the patch!
Sorry - forgot to mention that you use it entirely at your own risk!
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Delete a directory, crash the system
On 28/07/2013 06:54, Polytropon wrote:
And here, kids, you can see the strength of open source
operating system: You can see _why_ something happens. :-)
Too true!
On Sat, 27 Jul 2013 20:35:09 +0100, Frank Leonhardt wrote:
On 27/07/2013 19:57, David Noel wrote:
So the system panics in ufs_rmdir(). Maybe the filesystem is
corrupt? Have you tried to fsck(8) it manually?
fsck worked, though I had to boot from a USB image because I couldn't
get into single user.. for some odd reason.
Even if the filesystem is corrupt, ufs_rmdir() shouldn't
panic(), IMHO, but fail gracefully. Hmmm...
Yeah, I was pretty surprised. I think I tried it like 3 times to be
sure... and yeah, each time... kaboom! Who'd have thought. Do I just
post this to the mailing list and hope some benevolent developer
stumbles upon it and takes it upon him/herself to "fix" this, or where
do I find the FreeBSD Suggestion Box? I guess I should file a Problem
Report and see what happens from there.
I was going to raise an issue when the discussion had died down to a
concensus. I also don't think it's reasonable for the kernel to bomb
when it encounters corruption on a disk.
If you want to patch it yourself, edit sys/ufs/ufs/ufs_vnops.c at around
line 2791 change:
if (dp->i_effnlink < 3)
panic("ufs_dirrem: Bad link count %d on parent",
dp->i_effnlink);
To
if (dp->i_effnlink < 3) {
error = EINVAL;
goto out;
}
The ufs_link() call has a similar issue.
I can't see why my mod will break anything, but there's always
unintended consequences.
One of the core policies usually is to stop _any_ action that
had failed due to a "reason that cannot be" and make sure it
won't get worse. This can be seen for example in fsck's behaviour:
If there is a massive file system error that cannot be repaired
without further intervention that _could_ destroy data or make
its retrieval harder or impossible, the operator will be requested
to make the decision. There are options to automate this process,
but on the other hand, "always assume 'yes'" can then be a risk,
as it could prevent recovery. My assumtion is that the developers
chose a similar approach here: "We found a situation that should
not be possible, so we stop the system for messing up the file
system even more." This carries the attitude of not "hiding a
problem for the sake of convenience" by "being silent and going
back to the usual work". Of course it is debatable if this is the
right decision in _this_ particular case.
The problem I have with this is the assumption that the inode was at
fault. I said this was the most likely, but it's not the absolute
reason. At the risk of repeating, it's the /effective/ link count (in
the vnode) that's out of line here, not the inode count.
If the inode was wrong it could be down to minor FS corruption; an
interrupted directory creation or deletion would do the trick. The vnode
could go wrong for all sorts of reasons, probably associated with a race
during the directory removal, which is not an atomic operation by any
means. See "The Design of the UNIX operating system" p 5.16.1, Bach,
Prentice-Hall, 1986.
My guess is that we're looking at an old debugging pragma here, put in
to cope with a race going wrong if the code wasn't quite right (note
that the function has since been renamed but the message not updated).
You're right about stopping on internal errors (corruption to the kernel
data structures in this case) but this case is indeed debatable. On the
one hand, now the system is stable (i.e. we can probably trust rmdir
code after all this time), the most likely cause is inode corruption
polluting the vnode. On the other hand the pragma may be useful if
people are tinkering with the kernel and you get even more opportunities
for a race with (say) SMP.
I don't expect the kernel to panic on a user-land I/O error, or anything
else that's expected or recoverable - and a wonky FS meets these
criteria in my book. David was lucky to find this - I tend to run
FreeBSD on servers, not laptops, and I'd never have seen this server
panic "live" and therefore not been able to discover the cause very
easily. That's worrying.
So it boils down to:
a) Leave is is, as it can detect when the kernel has trashed its vnode
table; or
b) It's probably caused by "expected" FS corruption, so handle it
gracefully.
Incidentally, if you look at the code you'll see this is only heuristic
check, and a weak one at that. Most of the time it WILL NOT pick up the
case where the parent directory's link is missing. As far as I can tell
it will go on to unlink the target successfully, with no ill effects.
Re: Kernel Panic - Unix socket communication in kernel module
On 29/07/2013 08:31, varanasi sainath wrote: Hello, I am writing a kernel module in which I am trying to connect to a UNIX socket (UNIX domain sockets use the file system as their address name space). Kernel module (loadable) acts as a client and User mode program acts as server, I have loaded the module using kldload and communication between user and kernel module works fine, when I try to load the kernel module from loader.conf - auto load the kernel module at boot up leads to kernel panic as the file system is not ready and kern_connect fails. How to notify kernel module that File system is ready? (any specific event flags) Is there any specific location for Unix domain socket files? (currently created it under /root/soc/socket ) Using "MODULE_DEPEND" Can I make the module dependent of file system? I shall resist the obvious "why" question. I'm assuming you're talking about a fifo here (aka named pipe, and occasionally called UNIX socket) rather than the BSD network socket interface. IIRC since 4.3BSD fifos have been implemented using sockets internally anyway. Where to put it? I tend to go for /tmp but somewhere in /var might make more sense for something that's always supposed to be there. I don't know how to tell when the FS is ready but it will be when init runs, so you might like to try the sysctl variables. Knowing that init is always PID 1, the value of kern.lastpid should give a hint. There may be an official way of doing this properly. You could always load the module from rc.local instead. Regards, Frank. P.S. You do know that an fd only relates to the kernel thread it's currently running in? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: System hangs for several minutes (disk IO related)
I don't know what kind of answer you're expecting unless its for moral
support or the obvious. I was thinking of buying one of these as they're
very cheap at the moment, but decided against it due to compatibility
problems reported. IIRC something in it was supported up to FreeBSD 7.2
- the NIC I think. If you get it working I'd be interested myself! I
think they were commonly used for VMWare but won't run version 4.0
onwards, and are therefore as desirable to that fraternity as a dead
camel in reception.
However, I did once get the same symptoms you're reporting, and it
turned out to be a HD that was on the way out even though it pretended
it was fine on every test. I think it was just very slow to respond on a
write. If the RAID is struggling to do a write I assume you'd see the
same thing.
If I were in your place I'd try to attach a SATA drive directly - does
it have a SATA optical drive connection you could pinch?
Regards, Frank.
On 30/07/2013 18:19, Ewald Jenisch wrote:
Hi,
I'm seeing rather strange behavior on an HP DL585 G5 wrt. disk IO:
When there's any disk io the machine completely freezes, i.e. no
console input possible, no screen output - complete hang. After some
minutes the box comes back to normal again - but sure enough with the
next disk io it freezes again.
To give you a typical example: While a "portsnap fetch extract" was
running I did a "sync". Normally this should complete in a matter of
milliseconds to seconds in the worst case - but dig this:
# date;time sync;date
Tue Jul 30 09:57:38 CEST 2013
0.000u 0.311s 9:54.69 0.0% 4+161k 0+1287io 0pf+0w
Tue Jul 30 10:07:38 CEST 2013
#
No, this is not a typo - it really took nearly ten minutes (!) for the
sync to complete. In the meantime - every windows, all activity
(console, screen-output etc.) is completely blocked. ('portsnap fetch
extract' was only given as an example here - the lockup occurs
whenever there is disk io like for example tar, etc).
We're speaking about a machine with decent hardware here, here's an
excerpt from "dmesg":
-- < Cut here > --
FreeBSD 9.2-BETA2 #0 r253750: Mon Jul 29 11:07:04 CEST 2013
root@sniff-rz2:/usr/obj/usr/src/sys/GENERIC amd64
gcc version 4.2.1 20070831 patched [FreeBSD]
CPU: Quad-Core AMD Opteron(tm) Processor 8358 SE (2411.16-MHz K8-class CPU)
Origin = "AuthenticAMD" Id = 0x100f23 Family = 0x10 Model = 0x2 Stepping
= 3
Features=0x178bfbff
Features2=0x802009
AMD Features=0xee400800
AMD Features2=0x7ff
TSC: P-state invariant
real memory = 137438953472 (131072 MB)
avail memory = 132973432832 (126813 MB)
Event timer "LAPIC" quality 400
ACPI APIC Table:
FreeBSD/SMP: Multiprocessor System Detected: 16 CPUs
...
ciss0: port 0x3000-0x30ff mem
0xd9e0-0xd9ef,0xd9df-0xd9df0fff irq 16 at device 0.0 on pci8
ciss0: PERFORMANT Transport
...
da0 at ciss0 bus 0 scbus2 target 0 lun 0
da0: Fixed Direct Access SCSI-5 device
da0: 135.168MB/s transfers
da0: Command Queueing enabled
da0: 139979MB (286677120 512 byte sectors: 255H 32S/T 35132C)
da0: quirks=0x1
-- < Cut here > --
Kernel: Latest kernel as of yesterday (9.2Beta)
BIOS: is at the latest level (Support pack as of Spring 2013)
installed which updated BIOS, iLO etc. Aside from that I reset BIOS to
default values just to be sure.
SmartArray P400 - Firmware 7.24 (latest)
Harddisks: Two 146GB HDs running in Raid1-mode. Already tried
hot-swapping the disks - didn't change anything.
Needless to say - no error message etc. in neither dmesg nor
/var/log/messages :-(
To me it looks like this is some sort of timing problem - but where
should I start looking?
Thanks much in advance for any help,
-ewald
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Archiving a log file
The answer isn't (AFAIK) newsyslog As a one-off, I need to archive an old log file - say httpd-access.log - while its still open. I don't want this to happen automatically and I don't want to set up newsyslog or anything like that. And I really don't want to mess about with signals to whatever is writing to the file, even assuming the writer could respond to them. I can't just rename the file as it's open for writing, and there would also be a good chance that something will be added to the file while it's being compressed. What I actually do is: cp httpd-access.log httpd-access.log-03-Aug-13 && :> httpd-access.log && bzip2 httpd-access.log-03-Aug-13 Data might be lost here as something may be added between the cp being completed and the file being truncated. It's not the end of the world if this happens, but is there a better way? I could always shut down Apache for the duration, but I don't want to do that either, so in this case I'm happy to take the risk (it's not like I'm likely to miss anything that important). I don't know if this can be relied on as a POSIX thing, but the cp command simply(!) issues read() and write() calls until read() fails to get any more bytes, so if data is being appended to the file after cp is started it'll still be copied. Therefore the window where stuff could be written after the copy but before the truncation is shortened, but extant. So what's the magic utility I don't know about? Thanks, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Archiving a log file
On 04/08/2013 00:20, kpn...@pobox.com wrote: On Sun, Aug 04, 2013 at 12:11:21AM +0100, Frank Leonhardt wrote: The answer isn't (AFAIK) newsyslog As a one-off, I need to archive an old log file - say httpd-access.log - while its still open. I don't want this to happen automatically and I don't want to set up newsyslog or anything like that. And I really don't want to mess about with signals to whatever is writing to the file, even assuming the writer could respond to them. I can't just rename the file as it's open for writing, and there would also be a good chance that something will be added to the file while it's being compressed. What I actually do is: cp httpd-access.log httpd-access.log-03-Aug-13 && :> httpd-access.log && bzip2 httpd-access.log-03-Aug-13 Data might be lost here as something may be added between the cp being completed and the file being truncated. It's not the end of the world if this happens, but is there a better way? I could always shut down Apache for the duration, but I don't want to do that either, so in this case I'm happy to take the risk (it's not like I'm likely to miss anything that important). I don't know if this can be relied on as a POSIX thing, but the cp command simply(!) issues read() and write() calls until read() fails to get any more bytes, so if data is being appended to the file after cp is started it'll still be copied. Therefore the window where stuff could be written after the copy but before the truncation is shortened, but extant. So what's the magic utility I don't know about? How about cronolog? I use it with Apache where Apache logs to cronolog and cronolog handles the rotating of the logs. No signals. No races. It even makes a symlink pointing at the newest log file. It doesn't seem to have a way to compress logs, but you could probably script up something that wakes up every so often and compresses files if a newer file exists. Thanks for the suggestion - I wasn't aware of cronolog. Unfortunately it doesn't work on existing log files, only stuff piped to it from the start, so it won't help here. I can see it being very handy in other situations though. httpd-access.log was just an example of such a file, but I'm looking for a general solution. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Archiving a log file
On 04/08/2013 04:04, mikel king wrote:
On Aug 3, 2013, at 7:11 PM, Frank Leonhardt wrote:
The answer isn't (AFAIK) newsyslog
I did some more digging on the whole log piping thing and apache includes a
nifty little application called rotatelogs which lives in
/usr/local/sbin/rotatelogs on my system that I built form the ports. From the
man page:
NAME
rotatelogs - Piped logging program to rotate Apache logs
SYNOPSIS
rotatelogs [ -l ] [ -f ] logfile rotationtime|filesizeM [ offset ]
SUMMARY
rotatelogs is a simple program for use in conjunction with Apache's
piped logfile feature. It supports rotation based on a time interval or maximum
size of the log.
It looks pretty simple to use just create your log format directive like:
LogFormat "%t \"%r\" %>s \"%{Referer}i\" %b" SpecialFormat
CustomLog "| /usr/local/sbin/rotatelogs /var/log/httpd-access.log
86400" SpecialFormat
I hope that helps. I know I shall be experimenting with this one tomorrow.
Thanks for looking at it, but I probably shouldn't have picked Apache as
an example. I thought it would be something people were familiar with.
The program writing the log is actually called flubnutz and it doesn't
play nice with newsyslog, reopen handles on a signal or anything else.
FWIW I've been using newsyslog since 1998 from most regular system
services and I don't have any problem with it.
(I lied about it being called "flubnutz", before anyone Googles it - but
it's not an Apache-specific issue, as Apache logs are handled well
enough with newsyslog except where you're running virtual hosts with
their own log files, in which case it's a PITA.).
Regards, Frank.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: hardware monitor
On 04/08/2013 21:48, Gary Aitken wrote: Can anyone suggest a hardware monitor app in the ports tree? I've got an amd64 which may have a temperature issue, but I can't see it to tell... Try "sysctl hw.acpi.thermal" For more information see "man acpi" and man "acpi_thermal". If you're lucky it gives you information on the ACPI thermal control system, if you have one. If you want an alarm based on this, a shell script is easy enough. If that doesn't do it for you, try some of the others. I've known these to work (sometimes) /usr/ports/sysutils/lmmon /usr/ports/sysutils/consolehm /usr/ports/sysutils/mbmon And there are some fun modules you can add to loader.conf (stuff I've done in the past, but could be on an early version of FreeBSD) coretemp_load="YES" smbus_load="YES" smb_load="YES" intpm_load="YES" ichsmb_load="YES" Then give "sysctl dev.cpu | grep temperature" a try. If you're worried about your Winchesters getting over-cooked you can use smartctl, available in /usr/ports/sysutils/smartmontools. Something like "smartctl -a /dev/ad?? | grep -i temp" should do the trick. It lets you mess with the drive SMART (self-diagnositc) system and it can tell you all sorts of stuff about you drive performance to make you really paranoid. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Archiving a log file
On 04/08/2013 14:38, Terje Elde wrote: On 4. aug. 2013, at 12:54, Frank Leonhardt wrote: The program writing the log is actually called flubnutz and it doesn't play nice with newsyslog, reopen handles on a signal or anything else Then you're out of luck for normal rotation. No matter if you rename the file, or even delete it, it'll keep writing to the same file (the moved file, not the same filename). I suppose your options are to either restart it to have it reopen the file, or if that's not desirable for whatever reason, look see if it'll play nice if you put a named pipe where the logfile is supposed to be. Then you can handle data as you'd like from the pipe. Terje Thanks. The consensus seems to be that there is no way to do this other than "start from a different place". It'd be difficult for the kernel to trim a file from the start unless it was on a block boundary, so it's not implemented and explains the numerous work arounds for dealing with logs (fifo to log manager, signalling an application to reopen logs because file has changed and so on). So I will carry on using my original bodge, happy in the knowledge that it may not be perfect, but there's no better method known to exist unless I want to implement a better truncate() in the kernel. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: AMD Phenom II X4 temperature issues (was Re: hardware monitor)
On 05/08/2013 00:29, Gary Aitken wrote: On 08/04/13 17:22, Gary Aitken wrote: Ok, so now I see that my cpu temperature shoots up pretty dang fast when a build is going on. I'm running an AMD Phenom II X4 with the AMD-supplied fan in an ASUS M4A89TD PRO / USB3 motherboard. The system "works fine" unless I start a cpu-intensive build. If I leave it unattended, after some time the system shuts down abruptly. I'm guessing it's because of excessive cpu temperatures. When doing port builds, or any cpu-intensive job, the temperature of the CPU goes from 45 to 50 in about 30 seconds. I pretty much have to manually suspend and resume the build process to keep it down. If I do that, I avoid the abrupt shutdown. Needless to say, this makes unattended operation a non-starter... Does anyone else have a similar setup they can provide me some related experience on? BTW, the mobo temp stays down around 32. Did you get that from the ACPI? Obvious answers are a bigger fan, but a lot of home-build machines don't match the airflow through the case properly - if the CPU fan is blowing pre-warmed air on to the CPU it's not as good as blowing outside air. 50C isn't crazy. Some would say that was barely warm, in fact. Cooler is always better, but you possibly don't need to worry about this. Some CPUs use what they call passive temperature management, and power management, which means they increase or reduce the clock rate depending on the workload and whether it's getting too hot. Faster switching means more heat. So getting hotter when doing a lot of work makes sense and could be expected. (Winchesters really heat up like you wouldn't believe when you move the heads a lot). Did you get anywhere with the ACPI suggestion (you emailed me privately, whether you meant to or not, but didn't mention the outcome). There's a lot there in the ACPI you might want to look in to, including fan control. If I understand it correctly, "passive cooling" will be engaged by acpi_thermal if the cpufreq drivers are in use, which may not be what you want. Try hw.acpi.thermal.tz0.active=1 to make the fan come on and stay on (tz0 or as appropriate). Here's the fun part. Is your system doing a thermal overload shutdown? it will say so on the console, or in the message log. You didn't say, you just said it "shut down". If it's deciding to shut down through over-temperature it does not necesarily mean it's overheating; it could be that it has incorrectly set the shutdown temperatue for your CPU to be far too low - possibly because it doesn't recognise it and is being over-cautious. it might help if you posted the results of "sysctl hw.acpi.thermal", but in the mean time look at: hw.acpi.thermal.tz0._HOT hw.acpi.thermal.tz0._CRT (replace tz0 with whatever tz you're worried about). The first is the temperature when the system is supposed to stop what it's doing and suspend to disk (if it can). When it reaches the value on _CRT it'll write a message to the log file and shut down immediately to prevent damage. You can set these to whatever you want, but you have to set hw.acpi.thermal.user_override to 1 first before it will let you. Final trick - make sure you specify the temperatures like sysctl hw.acpi.thermal.tz0._CRT=80C Don't specify it as 80.0C (as it will display) and don't forget the C or it will assume degrees Kelvin! Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: AMD Phenom II X4 temperature issues (was Re: hardware monitor)
On 05/08/2013 03:01, Gary Aitken wrote: > 50C isn't crazy. Actually, the 50C figure is just where it shoots to for starters. Mfg specs say 62C max, so I stall the process when it gets around 59 and still climbing steeply. The manufactures specs I found when I looked that range of CPUs up was 71C http://www.amd.com/us/products/desktop/processors/phenom-ii/Pages/phenom-ii-model-number-comparison.aspx But there could be two figures - one for maximum desirable working and one for maximum "or else". Did you get anywhere with the ACPI suggestion Try hw.acpi.thermal.tz0.active=1 to make the fan come on and stay on (tz0 or as appropriate). The fan is on and stays on all the time at the moment... It it full speed all the time? Here's the fun part. Is your system doing a thermal overload shutdown? There is no indication in messages; the last thing before it shut down the last time was some su's and root logins. This suggests it's not the ACPI in FreeBSD shutting you down, but something on the motherboard. it might help if you posted the results of "sysctl hw.acpi.thermal", but in the mean time look at: hw.acpi.thermal.tz0._HOT hw.acpi.thermal.tz0._CRT I don't see any of those; here's what shows up in sysctl -a : hw.acpi.supported_sleep_state: S1 S3 S4 S5 hw.acpi.power_button_state: S5 hw.acpi.sleep_button_state: S1 hw.acpi.lid_switch_state: NONE hw.acpi.standby_state: S1 hw.acpi.suspend_state: S3 hw.acpi.sleep_delay: 1 hw.acpi.s4bios: 0 hw.acpi.verbose: 0 hw.acpi.disable_on_reboot: 0 hw.acpi.handle_reboot: 0 hw.acpi.reset_video: 0 hw.acpi.cpu.cx_lowest: C1 Yep - definitely suggests that the thermal control isn't being done by FreeBSD! Go no further on this route, but check the motherboard/BIOS. I had one machine shut itself down due to a faulty thermistor (raise the threshold/ignore) but it normally happens when the parameters are wrong or the fan has failed. As your fan hasn't failed and the reported temperature is believable my best guesses are that the BIOS is either picking the wrong shutdown temperature for the CPU or your air ducting isn't good enough and it really is getting too hot. Is there a chance that the BIOS pre-dates the CPU and just doesn't know its working parameters, and is therefore playing safe? Incidentally, ACPI is an Intel specification but applies AMD64 CPUs too. The thermal module only works on some chip-sets. FWIW I've found it works on more AMD platforms than it does Intel ones. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: AMD Phenom II X4 temperature issues (was Re: hardware monitor)
On 05/08/2013 06:05, Gary Aitken wrote: On 08/04/13 21:39, Frank Leonhardt wrote: This suggests it's not the ACPI in FreeBSD shutting you down, but something on the motherboard. That was my guess as well. As it's probably not FreeBSD you're now asking on the wrong list, and other than cooling advice you're not going to get much (unless there are any closet over-clockers hereabouts). Personally I favour filling the whole case with a pumped fluorocarbon like FC-77 and using a heat exchanger to take the heat away in water to use in a fountain in my hallway ;-) The one sensible suggestion no one has made is to check if a BIOS upgrade doesn't fix it. As to getting FreeBSD to manage it instead of the BIOS: Unfortunately not all chipsets and motherboards are supported. If you want to add support yourself see: /usr/src/sys/dev/acpica If you want to get some idea of what you're up against see: /usr/src/sys/dev/acpica/acpi_quirks I've thought about it a few times but real work always got in the way. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: php problems
On 06/08/2013 15:21, Lars Eighner wrote: On Mon, 5 Aug 2013, Mark Moellering wrote: I tried a simple "hello world" type program the actual code is : and the output was; testsegmentation fault First, try it with clean code: put the ; after the command and stop closing the Actually that should work and does work. I'm in the happy position of being able to recreate (but without the fault): %php test.php test %php --version PHP 5.3.6 with Suhosin-Patch (cli) (built: Jul 27 2011 20:41:21) Copyright (c) 1997-2011 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies %uname -v FreeBSD 8.2-RELEASE #0: Thu Feb 17 02:41:51 UTC 2011 r...@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC %cat test.php %php test.php test % So what you're should doing should work. I should try recompiling and reinstalling PHP as a first step, unless you have reasons you don't want to do that. Email me directly if you want to cross-check config files and so on on what may be a very similar environment. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: php problems
On 06/08/2013 15:21, Lars Eighner wrote: On Mon, 5 Aug 2013, Mark Moellering wrote: I tried a simple "hello world" type program the actual code is : and the output was; testsegmentation fault First, try it with clean code: put the ; after the command and stop closing the Actually that should work and does work. I'm in the happy position of being able to recreate (but without the fault): %php test.php test %php --version PHP 5.3.6 with Suhosin-Patch (cli) (built: Jul 27 2011 20:41:21) Copyright (c) 1997-2011 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies %uname -v FreeBSD 8.2-RELEASE #0: Thu Feb 17 02:41:51 UTC 2011 r...@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC %cat test.php %php test.php test % So what you're should doing should work. I should try recompiling and reinstalling PHP as a first step, unless you have reasons you don't want to do that. Email me directly if you want to cross-check config files and so on on what may be a very similar environment. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: BSD Magazine
On 07/08/2013 13:19, Kamil Sobieraj wrote: Hello, I am from BSD Magazine (BSDMag.org), devoted to BSD operating systems. I would like to ask if you are interested in contributing an article? Current theme is: *Day-to-day BSD administration*. I believe that your experience will enrich our magazine and bring valuable knowledge to our readers. In return I would like to offer an advertisement of your company and its products (if any). Would you be interested in that? Please let me know. Regards, Kamil Sobieraj No man but a blockhead ever wrote, except for money. - Samuel Johnson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Terrible disk performance with LSI / FreeBSD 9.2-RC1
On 07/08/2013 21:36, J David wrote: It feels like some sort of issue with the bus/controller/kernel/driver/ZFS that is affecting all the drives equally. Also, even ls takes forever (10-30 seconds for "ls -lh /") but when it eventually does finish, "time ls -lh /" reports: 0.02 real 0.00 user 0.00 sys Really not sure what to make of that. An attempt to do "ps axlww | fgrep ls" while the ls was running failed, because the ps hangs just as long as the ls. So it's like the system is just repeatedly putting anything that touches the disks on hold, even if all the data being requested is clearly in cache. (Even apparently loading the binary for /bin/ls or doing "ls -lh /" twice in a row.) As a suggestion, what happens if you read from the drives directly? Boot in single user and try reading a Gb or two using /bin/dd. It might eliminate or confirm a problem with ZFS. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Terrible disk performance with LSI / FreeBSD 9.2-RC1
On 08/08/2013 12:42, Terje Elde wrote: On 8. aug. 2013, at 00:08, Frank Leonhardt wrote: As a suggestion, what happens if you read from the drives directly? Boot in single user and try reading a Gb or two using /bin/dd. It might eliminate or confirm a problem with ZFS. If not too inconvenient, it'd be very interesting to see what'd happen if you were to physically disconnect (data and power) 5 of the 6 drives, then boot and dd from the remaining disk to /dev/null. Then repeat with another drive. You could boot from USB to leave the system itself otherwise untouched. The reason I'm suggesting is that I'm wondering if this can be down to a power or cable-issue, locking things up or causing retransmits, etc. Not sure if this would always be logged, others might be able to enlighten that issue. Terje And while you're at it, could you post the output of diskinfo -v /dev/[slices] - check the cylinder alignment and so on if you haven't already. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: New to Free-BSD with questions.
On 10/08/2013 10:58, r_oliva...@juno.com wrote: New to Free-BSD. Downloaded a current ISO image and burned it to a DVD. System boots from DVD to command line mode. Questions are: A.) Is Xwindows, (X11) included on the DVD copy? That's X, X11, Xorg or the X-Window System. Yeah, kind-of but you've probably downloaded the base version that expects you to be using it from the command line unless you compile or add X later. B.) If included, what command is used to start it? startx C.) What shell is installed as the standard shell in command line mode? tcsh - basically the standard Bourne shell unless you specified a different one when you created the user. You can switch to csh easily enough (type csh) or you can can add any other shell you like from the ports collection. D.) Is there a site that I can download a complete copy of the documentation for Free-BSD, as one file and not a series/set of separate files? You probably want to read this: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ Or if you want the whole thing at once try this: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/book.html However, you'll get a lot of specific information for the man pages that come with it. There's an install option (new at 9.0?) to include documentation but I've never made use of it myself. However, if you're wanting a quick-start version of a FreeBSD with a graphical shell and looking more like a Windoze desktop try this one: http://www.pcbsd.org/ Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: High availability on remote site
On 15/08/2013 13:18, Mark Felder wrote: On Thu, 15 Aug 2013 18:19:35 +0700 Olivier Nicole wrote: Hi, I have been assigned to offer HA on a 3 tiers architecture. Data storage tier will be MySQL, so replication is easy. Keep in mind that MySQL replication has plenty of its own issues. It does not replicate every SQL command to the slave. Guaranteeing that data on both servers is identical is also a very tricky process. You might want to first browse through the sections here to get an idea: http://dev.mysql.com/doc/refman/5.5/en/replication-features.html HA should be implemented only on the Data storage tier, Active/Active, but one of the sites is remote! When everything is working, each application accesses the local MySQL tier, but when the local MySQL becomes unavailable, it should be able to automatically move to the other database server. I have no access to the application, so I cannot modify it to test if local MySQL is working. So I should have an HA mechanism that enforces changing the IP address on the database server. This is easy. Use HAProxy. It can test to see if your local MySQL instance is up and running and if it detects it is not it will automatically pass connections to the remote site's MySQL server. If both servers are installed at different places, with different addresses, would there be a way beside establishing an IP tunnel/VPN between both places to have all machines in a single subnet? This seems unnecessary. Why do you need them to be on the same subnet? An image is here http://www.cs.ait.ac.th/~on/HA.gif I am really bothered by the IP tunnel, but that's the only way I see to keep HA. Hopefully I've answered this question for you and you see that you shouldn't need these to be on the same subnet. ___ WHS, especially regarding the built-in replication of a mySQL database being problematic. I tried this a few years ago and decided it wasn't worth the candle (for my needs). It came down to the application software needing to be sensitive to the situation - to understand it needed to use a backup server, and to treat it as read-only. The implication is that mySQL could be some kind of distributed cluster until you got to it in detail. Or perhaps I was missing a point somewhere. If you get a "perfect" cluster going please do tell me know how. Incidentally, in the end I just used rsync - much less fuss but only good as a backup, really (which is what I really wanted). Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: copying milllions of small files and millions of dirs
On 15/08/2013 19:13, aurfalien wrote: Hi all, Is there a faster way to copy files over NFS? Currently breaking up a simple rsync over 7 or so scripts which copies 22 dirs having ~500,000 dirs or files each. I'm reading all this with interest. The first thing I'd have tried would be tar (and probably netcat) but I'm a probably bit of a dinosaur. (If someone wants to buy me some really big drives I promise I'll update). If it's really NFS or nothing I guess you couldn't open a socket anyway. I'd be interested to know whether tar is still worth using in this world of volume managers and SMP. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
VPN where local private address collide
Let's say we're using MPD on FreeBSD at both ends of a link here, using a VPN to connect two LANs. (The use of MPD is negotiable). One LAN uses the address range 192.168.1.0/24 and the other uses the address range, er, 192.168.1.0/24. However hard you try to avoid this, it's going to happen. Let's also assume there is no way either end can change its range. NO WAY. Just don't go there. I've found I can still get away with this if the actual used IP addresses don't conflict, but it's not ideal. I'm not even 100% on why it works at all. I've heard of a mythical solution called "VPN NAT". It makes sense; just use NAT to map one range on to something completely different and away you go. Hosts at either end would be none the wiser. Has anyone actually done this, and if so, how? Thanks, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: VPN where local private address collide
On 16/08/2013 20:30, Terje Elde wrote: On 16. aug. 2013, at 19:17, Frank Leonhardt wrote: Has anyone actually done this, and if so, how? This is wrong on so many levels, and you'll have to work around all og them. Yes, you can use nat, but what about adress-resolution? And so on. If it's a specific thing you need to work - a spesific server for example - nat can work, but if you need general bridging, best to avoid conflicts. Note that there are alternatives, such as L2-bridging rather than L3. If you explain a bit more of the setup, and what you need to work, it'd be easier to suggest something. Right now, we know bits of the setup, but not really what problem(s) you're trying to solve. The setup is basically as described and the desired outcome is to NAT "the other end" so the addresses appear different. FWIW it only has to be done one way, which I didn't mention. Address resolution is not a problem - easily fixed at DNS. As I said, the only thing that cannot be changed are the local IP addresses in use, so thanks for heeding my warning. Lesser mortals might have change the ranges anyway. Yes, its obviously best to avoid conflicts but if you're bigger than Fred-in-shed you're going to get them. What I'm asking (VPN NAT) is possible, and a recognised solution to the problem I've described - the big boys do it all the time, apparently. My local Cisco expert was able to talk me through doing it, but only on IOS :-( Basically you put the VPN traffic through a NAT table on both ends, so all the remote addresses get mapped to an alternative local range. You pretty much have to do it both ways (source and destination) or you won't get a reply. I can think of dozens of workaround for specific situations (e.g. it it was to access a limited number of hosts, dual-home the ones you need) but this is specially a general solution. I'm sure this is going to be a PITA to work out on FreeBSD, because I'm not that familiar with the tools. I was hoping someone had done it, but if I have to I may be gone for some time. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: VPN where local private address collide
On 17/08/2013 12:02, Terje Elde wrote: On 17. aug. 2013, at 12:42, Frank Leonhardt wrote: The setup is basically as described and the desired outcome is to NAT "the other end" so the addresses appear different. That's a solution to a problem, but I don't yet know what the problem is, which makes it harder to give any advice. Do you need "everything" to work in both directions? If so, then what is "everything"? Say both networks are at 192.168.0.0/24, and you remap so network A is available as 192.168.1.0/24 in network B, all machines at the same last octet (you can do that), and fix DNS for it. All good right? Well, it's not always that simple. Say you have a server running at 192.168.0.5 in network A, available at 192.168.1.5 in network B. A client connects (successfully) to it, ask for some data, and the server says "Get the data at 192.168.0.5:45756". Now the client will try to connect to that ip/port in network B, rather than following DNS for the IP that goes over the VPN and through the NAT, and get nowhere. You first hearing of that can be someone saying "The Foo-server is broken". You've just layered hack on top of hack, so you don't initially know if it's the user, his computer, the server, the VPN, the NAT or DNS, an incompatible protocol that doesn't like the setup, or the weird routing you'll have to set up. If you're looking at this as an easy fix to reach a specific server or service, by all means. But if you're looking at this as a general solution to bridging two networks, then just don't do it. Save yourself the grief, because if this works at all, it's down to luck, and even if you're get lucky now, you might not stay lucky. What happens if you add VoIP to the mix in two years? Or teleconferencing in three? Basing network-design on present and future luck is just going to give you more grief that I than I'd wish for anyone. This is just the sort of problem Google will have when it buys Facebook :-) Your explanation of the foul-up possible with NAPT is well made, although not really talking about the kind of NAT used on Home/SME routers (one public address hiding many private one) - I'm thinking of Basic NAT - one-to-one replacement, not one-to-many. (i.e. static address assignment). All the router (or firewall) needs to do is swap the IP address in the header as it passes through, and swap it back when it returns. The two hosts shouldn't notice a thing. FWIW it works pretty well without NAT if you can avoid address conflicts, and in a small installation its possible. But consider this really trivial example: Both LANS are on the same subnet. You connect a single local host to the remote LAN on a VPN. It should be allocated a remote address that doesn't conflict with anything there. So far, so good. Now you try to connect to a remote IP address. How does your host know which interface to use - local LAN or VPN?!? If you're doing Layer 2 on the VPN, ARP seems to sort it out but its hardly clean, and when you end up with a clash (same IP on local and remote) it's never going to work. The obvious answer is IPv6, of course. I'm surprised no one has mentioned it yet. For the NAT I'm talking about see RFC2663. Take a look a Section 2.8, last paragraph. This exact problem was described back in 1999 :-) mpd does handle NAT (Section 4.14 of its manual). It doesn't go in to great detail execept to say it uses ng_nat, which in turn uses libalias (like natd). Looking at the ng_nat 'C' interface, NGM_NAT_REDIRECT_ADDR sounds like what I'm after but it all looks geared to NAPT (which is, I guess, what most people use NAT for). And I've got this nagging feeling that ipfw is going to be involved somewhere, just to make it really tricky. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
NAT loopback using natd and ipfw
Does anyone know how to get NAT loopback (aka NAT hairpin or NAT reflection) working with natd and ipfw? It seems to work with the in-kernel NAT without the need for configuration, but not if you're using natd. I have a feeling it may be something do do with the ipfw "diverted-loopback" test in natd but if I experiment and get it wrong it's five hours on the motorway for me. Incidentally, I've set net.inet.ip.fw.one_pass set to 0 but it didn't help. Thanks, Frank. (By "NAT loopback" I mean the situation when you're using NAT to translate one WAN IP to many local LAN IPs (i.e. the usual). If a LAN machine tries to access the WAN IP, you need NAT to treat it as an incoming connection and port-forward it as appropriate to a LAN IP as if the packet had come from the Internet. This is not weird; it's what most home and small office routers do by default). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: VPN where local private address collide
On 18/08/2013 00:29, Terje Elde wrote: > The obvious answer is IPv6, of course. I'm surprised no one has mentioned it yet. You seemed dead set on not renumbering the networks, and moving to IPv6 would not only be just that, but also be harder than just renumbering IPv4-nets, so you answered that question for us already. I was being ironic ;-) I'm not sure that TLS would cause more problems than any other packets, but as you point out, the exercise is bound to be full of pooh traps as yet undiscovered. FTP should be interesting, for a start. But for most things, why would swapping an IP address in the packet header cause any kind of problem as long as it was done consistently? Apparently Cisco routers manage to sort this all out as a matter of course, which goes some way to explaining why they cost so much. There are lots of corporate networks on 10.x.x.x, and I'm told this kind of caper is used to sort them out when they collide. Paying for a Cisco VPN could easily work out cheaper than reconfiguring a large corporate LAN, but I don't have the budget for either. Unfortunately this goes beyond my current knowledge of FreeBSD's networking layers so I may be busy for some time. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: VPN where local private address collide
On 18/08/2013 12:51, Terje Elde wrote: On 18. aug. 2013, at 12.20, Frank Leonhardt wrote: I'm not sure that TLS would cause more problems than any other packets, but as you point out, the exercise is bound to be full of pooh traps as yet undiscovered. FTP should be interesting, for a start. But for most things, why would swapping an IP address in the packet header cause any kind of problem as long as it was done consistently? I was cutting corners and trying to keep the reply short (was on cellphone at the time), and I think the word headers might have lead to some crosstalk. For TCP/IP itself, just consistently swapping the IP would solve the problem. That'd fix a lot, and things like like ssh and http should work fine with that. If we look at other things though, like SIP, it's not that easy. I'm using SIP as an example just because it illustrates the point nicely, and I know it well. For SIP, you'd have the IP in multiple places: TCP/IP - the connection to the server. SIP - The application protocol RTP - Payload in the application protocol, carrying media-metadata Now, you'd get the connection to the server (TCP/IP), but for registering against the SIP-server, the client would include it's IP in the SIP-layer as well, in a http-like header. It'd tell the server where it would want to be contacted for things like incoming calls. Initially this would point to the clients perspective of the IP, and not to the IP it were to carry after NAT. That is, the client would be able to register, but for incoming calls the server would try to contact the IP in the wrong place. For placing calls, you'd also have information about where media-streams should go in RTP, both IP and port numbers. This would also carry wrong information if you're merely changing the IP/port in TCP/IP-layers. Both of these can be resolved wither in the router/firewall/NAT-box, or worked around on the server, but it's not pretty by a long shot, and it's completely avoidable if you can avoid the NAT. There are lots of corporate networks on 10.x.x.x, and I'm told this kind of caper is used to sort them out when they collide. Paying for a Cisco VPN could easily work out cheaper than reconfiguring a large corporate LAN, but I don't have the budget for either. This kind of thing *can* be used to sort out colliding subnets, but that doesn't mean it *should* be used to resolve the issue(s). You mentioned that a Cisco-guy said this would work, and explained details of how to do it. I'm thinking that the same Cisco-guy could also give details on how to drop a rack full of Juniper-equipment out of a 10th floor window, in order to replace it with Cisco-gear. It's quite possible to do that, but again, that doesn't mean you should. I think the gist of the issue here is that you have a problem, and you're (correctly) thinking you can solve a lot if you NAT the two networks together. That's not wrong, it's completely true. You can get a lot to work in that way. Then you also have some random-looking guy on a mailing-list telling you that "Yes, you can do that. But you shouldn't". I get how hard it can be to take that kind of advice, especially when you know and have been told that it's quite possible. If you really, really want to explore that route, then here's one way to go about it: Use the VPN just to get the link up, don't worry about using NAT with MPD. It's nice to keep all of the nat/firewall-bits in a single place, and pf is a good solution to it. If you're running the VPN off of the primary gateway, this should be fairly straight-forward, and you should be able to use something like this: pf.conf on gateway/vpn-endpoint in lan_a: lan_a = "192.168.0.0/24" lan_b = "192.168.0.0/24" vpn_a = "192.168.1.0/24" vpn_b = "192.168.2.0/24" binat on $vpn_if from $lan_a to any -> $vpn_a pf.conf on gateway/vpn-endpoint in lan_b: lan_a = "192.168.0.0/24" lan_b = "192.168.0.0/24" vpn_a = "192.168.1.0/24" vpn_b = "192.168.2.0/24" binat on $vpn_if from $lan_b to any -> $vpn_b The VPN-tunnel itself could ignore any concept of the conflicting 192.168.0.0/24-range, and simply deal with 192.168.1.0/24 being on one end, and 192.168.2.0/24 on the other. If you're standing in lan_a, and your local address is 192.168.0.182, and you'd like to reach 192.168.0.17 in lan_b, you'd talk to 192.168.2.17. In lan_a, the conneciton would be seen as 192.168.0.182 -> 192.168.2.17. Crossing the lan_a VPN-endpoing going into the tunnel, it'd get rewritten to be 192.168.1.182 -> 192.168.2.17. Crossing the lan_b VPN-endpoint going into lan_b, it'd get rewritten to be 192.168.1.182 -> 192.168.0.17 You'd then hit the rig
Re: undelete files in msdosfs
I wrote something to do this a long time back, but I doubt I can find the source quickly. The easiest way would be to download a forensic live-CD like DEFT, which includes Undelete 360. Possibly over-kill but it's handy to have one around. Most of these forensic tools use a GUI. There is a program called fatback in the ports collection but I haven't tried it. The tools on these forensic live-CDs are likely to be more powerful by a long way. Regards, Frank. On 18/08/2013 18:00, Matthias Apitz wrote: Hello, After a nice day in the fields, my wife deleted accidently the pictures in her cam; the microSD mounts fine in FreeBSD as -t msdosfs; do we have some FreeBSD 10-CUR tool to undelete the files, as there are some for M$? Thanks matthias ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: copying milllions of small files and millions of dirs
On 20/08/2013 08:32, krad wrote: When i migrated a large mailspool in maildir format from the old nfs server to the new one in a previous job, I 1st generated a list of the top level maildirs. I then generated the rsync commands + plus a few other bits and pieces for each maildir to make a single transaction like function. I then pumped all this auto generated scripts into xjobs and ran them in parallel. This vastly speeded up the process as sequentially running the tree was far to slow. THis was for about 15 million maildirs in a hashed structure btw so a fair amount of files. eg find /maildir -type d -maxdepth 4 | while read d do r=$(($RANDOM*$RANDOM)) echo rsync -a $d/ /newpath/$d/ > /tmp/scripts/$r echo some other stuff >> /tmp/scripts/$r done ls /tmp/scripts/| while read f echo /tmp/scripts/$f done | xjobs -j 20 This isn't what I'd have expected, as running operations in parallel on mechanical drives would normally result in superfluous head movements and thus exacerbate the I/O bottleneck. The system must be optimising the requests from 20 parallel jobs better than I thought it would to climb out from that hole far enough to get a net benefit. Did you remember how any other approaches performed? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Renumber users and groups
On 21/08/2013 13:36, Olivier Nicole wrote: Hello, On my system legacy users come with UID starting from 200 upward, and all users come with GID lower that 100. I know it's not a good idea, but consider that some accounts are over 20 years old! This is not too much a problem with FreeBSD as I can renumber the few FreeBSD services that have a conflicting ID. But now I want to share the user directories with Mac (10.6). On Mac, any id lower than 512 should be reserved for the system. I tried to renumber the conflicting services on Mac OS, but it messes up the system. So I should renumber my users; it's not very difficult to do, but I have over 1TB of user files for 200 users. Is there a clever/fast way to do that (other than find -exec chown)? What pitfall should I avoid? Best regards, Olivier Both tar and rsync are spectacularly clever about this. I've never needed to renumber users, but I've noticed tar will restore a backup across hosts and try to resolve user names correctly. tar stores users and groups symbolically and will happily extract them to the correct numerical ID on the new host. All you need do, therefore, is merge the passwd and group files without conflict and "untar" everything. If you've got to do this in-place it's not going to work, but as you'd be wise to make a backup anyway you may as well make a copy instead, and let it convert them on the fly. rsync seems to pull the same trick. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: dig
On 22/08/2013 00:34, Doug Hardie wrote: There appears to be a problem with dig and the +trace option in 9.2. I believe its also in 9.1. The command: dig freebsd.org +trace Only yields a dumb response. No useful information is provided. Running the same command on FreeBSD 7.2 yields a complete trace with lots of useful information. ___ Works for me on 9.0 and 9.1 (and 8.2, 7.1, 7.0) Is there something wrong with your local bind configuration? Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Jail with public IP alias
On28/08/2013 00:19, Patrick wrote: On Tue, Aug 27, 2013 at 3:42 PM, Alejandro Imass wrote: On Tue, Aug 27, 2013 at 6:28 PM, Patrick wrote: That's not the behaviour I see. My jail has a private and public IP. Hi Patrick, thanks for your reply. The issue is actually more basic and it's because the same network card has multiple IPs on the same subnet so the routing table always chooses the primary IP assigned to that interface. I'm trying to figure out if I can fix it in the routing table or will need IPFW to re-write the source address. Thanks, -- Alejandro Imass Hi Alejandro, That's how I've got things setup, too, but I'm not seeing the same behaviour. So I was wondering if there was something different about your setup such as using NAT to allow a jail with a private IP to access the internet at large. Patrick (Tidied up so all now bottom posted) I can confirm that you shouldn't be seeing this behaviour because I don't. I don't use EzJail - i prefer "vi". Seriously, setting up a jail is very straightforward anyway, and when I tried ezjail I found it was doing stuff I didn't like, so dropped it early on. It was a long time ago and I've forgotten the specifics. I guess if you're using it your new to this particular game, so please excuse me pointing out a few basics here. Although I can't exactly see how this would cause a problem, remember that many service will bind to ALL IP addresses when they start up, and if they pinch a port any subsequent jail trying to take the same one will fail. For SSH, edit /etc/ssh/sshd_config on the "host OS" and set the ListenAddress to the one you want to use instead of the default, which means all of them. I can't see a mechanism that would get the results you're seeing, but I don't know what ezjail might be doing. I suspect your problem is with ezjail or something bizzare on your network config; can you try it manually? Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Jail with public IP alias
On 28/08/2013 19:42, Patrick wrote: On Wed, Aug 28, 2013 at 7:25 AM, Alejandro Imass wrote: On Wed, Aug 28, 2013 at 5:42 AM, Frank Leonhardt wrote: On28/08/2013 00:19, Patrick wrote: On Tue, Aug 27, 2013 at 3:42 PM, Alejandro Imass wrote: [...] (Tidied up so all now bottom posted) I can confirm that you shouldn't be seeing this behaviour because I don't. I don't use EzJail - i prefer "vi". Seriously, setting up a jail is very straightforward anyway, and when I tried ezjail I found it was doing stuff I didn't like, so dropped it early on. It was a long time ago and I've forgotten the specifics. I guess if you're using it your new to this particular game, so please excuse me pointing out a few basics here. We use Ezjail not because it's easy or because we're new to jails, I think you might be confused on what EzJail actually is and why people use it. We use it because we manage a private cloud exclusively based on FBSD with about a dozen servers with a couple dozen jails each. I use EzJail because it allows us to manage just shy of 300 separate environments with only a couple of sysadmins, and with optimized system resources. We use it because IT ROCKS. Although I can't exactly see how this would cause a problem, remember that many service will bind to ALL IP addresses when they start up, and if they [...] I can't see a mechanism that would get the results you're seeing, but I don't know what ezjail might be doing. I suspect your problem is with ezjail or something bizzare on your network config; can you try it manually? After my OP I immediately sent out second mail stating that the problem is not with Jails or EzJail and it's related to the way that aliases behave on a network interface card. When you have aliases that are on the same subnet, the source IP is the primary IP , that is the first IP set on that network device. You can test this with out jails with a simple ssh connection to another server and then typing who. Even if you force ssh to bind to a particular IP using -b it will still show the primary IP. If you have aliases on different subnets this will not happen. I don't think that's true though in the case of jails. On the host system, yes, but when a jail is bound to a particular IP, outbound connections originate from that bound IP. At least they do for me in all of my experience. Still wondering if you're using NAT with your jails, as that could change things. (FWIW, we use ezjail as well. It doesn't do anything special except make having lots of jails easy and lightweight.) Sorry guys - I had not intention of upsetting the EzJail fan club! The fact remains that I've tried to recreate this problem on what comes to a similar set-up, but without EzJail, and I can't. I've only tested it on FreeBSD 8.2 so far, and I've only tested it from INSIDE a jail. I completely understood what you were saying about it doing weird stuff outside a jail, but my point is that this may or may not be related. You don't say what version you're running. I can try and recreate it on another version. Again basic, but when you set up an alias, what subnet do you use? "Same subnet" is ringing alarm bells here. The output of ifconfig might help. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Jail with public IP alias
On 29/08/2013 02:08, Alejandro Imass wrote: On Wed, Aug 28, 2013 at 4:11 PM, Frank Leonhardt wrote: On 28/08/2013 19:42, Patrick wrote: On Wed, Aug 28, 2013 at 7:25 AM, Alejandro Imass wrote: On Wed, Aug 28, 2013 at 5:42 AM, Frank Leonhardt wrote: [...] Sorry guys - I had not intention of upsetting the EzJail fan club! No worries there I just think it's an awesome tool. We used plain old jails before, and we even went through the "service jail" path once, but EzJail is a lot more than just lightweight easy-to-use jailing. The fact remains that I've tried to recreate this problem on what comes to a similar set-up, but without EzJail, and I can't. I've only tested it on FreeBSD 8.2 so far, and I've only tested it from INSIDE a jail. I completely understood what you were saying about it doing weird stuff outside a jail, but my point is that this may or may not be related. Actually you can replicate it easily. Assign a number of IPs to any interface but that the interface has a default route. It will always use the "primary" or default IP on the other end. You can probably see this effect even on a private network provided all the aliases route through the same gateway. You will not be able to see this effect using aliases on the loopback AFAIK. You don't say what version you're running. I can try and recreate it on another version. It doesn't matter, it's a very basic network issue with aliases in FreeBSD, Linux and other OSs. Look here: http://serverfault.com/questions/12285/when-ip-aliasing-how-does-the-os-determine-which-ip-address-will-be-used-as-sour I would like to know how people deal with this on FBSD Okay, I'm trying here. I tried to recreate it thus: b1# ifconfig bge0: flags=8843 metric 0 mtu 1500 options=8009b ether 00:21:9b:fd:30:8b inet xx.yy.41.196 netmask 0xffc0 broadcast xx.yy.41.255 inet xx.yy.41.197 netmask 0x broadcast xx.yy.41.197 inet xx.yy.41.198 netmask 0x broadcast xx.yy.41.198 inet xx.yy.41.199 netmask 0x broadcast xx.yy.41.199 inet xx.yy.41.200 netmask 0x broadcast xx.yy.41.200 inet xx.yy.41.201 netmask 0x broadcast xx.yy.41.201 inet xx.yy.41.202 netmask 0x broadcast xx.yy.41.202 inet xx.yy.41.203 netmask 0x broadcast xx.yy.41.203 inet xx2.yy2.76.62 netmask 0xffc0 broadcast xx2.yy2.76.63 inet xx.yy.41.207 netmask 0x broadcast xx.yy.41.207 inet xx.yy.41.206 netmask 0x broadcast xx.yy.41.206 media: Ethernet autoselect (100baseTX ) status: active Then: b1# ssh -b xx.yy.41.197 b2 -l myname Open new session and... b1# ssh -b xx.yy.41.198 b2 -l myname Open new session and... b1# ssh -b xx.yy.41.199 b2 -l myname An so on Then on b2: b2# w -n 9:43AM up 803 days, 22:47, 5 users, load averages: 0.07, 0.06, 0.02 USER TTY FROM LOGIN@ IDLE WHAT myname p0 ns0.domainname.org.uk9:28AM14 -csh (csh) myname p1 ns1.domainname.net 9:29AM14 -csh (csh) myname p5 xx.yy.41.199 9:29AM13 -csh (csh) myname p6 xx.yy.41.201 9:30AM - w -n myname p7 xx.yy.41.207 9:30AM11 -csh (csh) The only problem I can see there is that the -n option isn't working on w! I'll look in to that. The reverse lookups match the IP addressed dialled in on. b2 has the same sshd bound to all IP addresses, incidentally. b1 has more than one interface, but all the IP addresses I used are on the same one. My guess, if you're not getting this, is that you're configuring the aliases in a different way, so the output of ipconfig might help, even if it just convinces me the netmask is correct and stops me worrying. I've obviously obfuscated the first part of mine. Or have I misunderstood the problem? Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Jail with public IP alias
On 29/08/2013 09:52, Frank Leonhardt wrote: On 29/08/2013 02:08, Alejandro Imass wrote: On Wed, Aug 28, 2013 at 4:11 PM, Frank Leonhardt wrote: On 28/08/2013 19:42, Patrick wrote: On Wed, Aug 28, 2013 at 7:25 AM, Alejandro Imass wrote: On Wed, Aug 28, 2013 at 5:42 AM, Frank Leonhardt wrote: [...] Sorry guys - I had not intention of upsetting the EzJail fan club! No worries there I just think it's an awesome tool. We used plain old jails before, and we even went through the "service jail" path once, but EzJail is a lot more than just lightweight easy-to-use jailing. The fact remains that I've tried to recreate this problem on what comes to a similar set-up, but without EzJail, and I can't. I've only tested it on FreeBSD 8.2 so far, and I've only tested it from INSIDE a jail. I completely understood what you were saying about it doing weird stuff outside a jail, but my point is that this may or may not be related. Actually you can replicate it easily. Assign a number of IPs to any interface but that the interface has a default route. It will always use the "primary" or default IP on the other end. You can probably see this effect even on a private network provided all the aliases route through the same gateway. You will not be able to see this effect using aliases on the loopback AFAIK. You don't say what version you're running. I can try and recreate it on another version. It doesn't matter, it's a very basic network issue with aliases in FreeBSD, Linux and other OSs. Look here: http://serverfault.com/questions/12285/when-ip-aliasing-how-does-the-os-determine-which-ip-address-will-be-used-as-sour I would like to know how people deal with this on FBSD Okay, I'm trying here. I tried to recreate it thus: b1# ifconfig bge0: flags=8843 metric 0 mtu 1500 options=8009b ether 00:21:9b:fd:30:8b inet xx.yy.41.196 netmask 0xffc0 broadcast xx.yy.41.255 inet xx.yy.41.197 netmask 0x broadcast xx.yy.41.197 inet xx.yy.41.198 netmask 0x broadcast xx.yy.41.198 inet xx.yy.41.199 netmask 0x broadcast xx.yy.41.199 inet xx.yy.41.200 netmask 0x broadcast xx.yy.41.200 inet xx.yy.41.201 netmask 0x broadcast xx.yy.41.201 inet xx.yy.41.202 netmask 0x broadcast xx.yy.41.202 inet xx.yy.41.203 netmask 0x broadcast xx.yy.41.203 inet xx2.yy2.76.62 netmask 0xffc0 broadcast xx2.yy2.76.63 inet xx.yy.41.207 netmask 0x broadcast xx.yy.41.207 inet xx.yy.41.206 netmask 0x broadcast xx.yy.41.206 media: Ethernet autoselect (100baseTX ) status: active Then: b1# ssh -b xx.yy.41.197 b2 -l myname Open new session and... b1# ssh -b xx.yy.41.198 b2 -l myname Open new session and... b1# ssh -b xx.yy.41.199 b2 -l myname An so on Then on b2: b2# w -n 9:43AM up 803 days, 22:47, 5 users, load averages: 0.07, 0.06, 0.02 USER TTY FROM LOGIN@ IDLE WHAT myname p0 ns0.domainname.org.uk9:28AM14 -csh (csh) myname p1 ns1.domainname.net 9:29AM14 -csh (csh) myname p5 xx.yy.41.199 9:29AM13 -csh (csh) myname p6 xx.yy.41.201 9:30AM - w -n myname p7 xx.yy.41.207 9:30AM11 -csh (csh) The only problem I can see there is that the -n option isn't working on w! I'll look in to that. The reverse lookups match the IP addressed dialled in on. b2 has the same sshd bound to all IP addresses, incidentally. b1 has more than one interface, but all the IP addresses I used are on the same one. My guess, if you're not getting this, is that you're configuring the aliases in a different way, so the output of ipconfig might help, even if it just convinces me the netmask is correct and stops me worrying. I've obviously obfuscated the first part of mine. Or have I misunderstood the problem? Regards, Frank. P.S. Just for completeness: b1# netstat -r Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire defaultxx.yy.41.193 UGS112374 7203472736 bge0 The default route does go through that interface. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Since SquirrelMail Looks Like It Will Never Be Supported Again...
On 30/08/2013 22:20, Tim Daneliuk wrote: SquirrelMail seems to be forever on hold because of an incompatibility with PHP 5. So I am going to have to replace it as our Webmail interface. I'm a bit confused about this - you seem to be saying that Squirrelmail won't work on PHP 5? I've been running it on PHP 5 for years and it's being maintained to support changes for the latest 5.4 and 5.5 releases. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Since SquirrelMail Looks Like It Will Never Be Supported Again...
On 31/08/2013 10:32, Reko Turja wrote: -Original Message- From: Frank Leonhardt On 30/08/2013 22:20, Tim Daneliuk wrote: SquirrelMail seems to be forever on hold because of an incompatibility with PHP 5. So I am going to have to replace it as our Webmail interface. I'm a bit confused about this - you seem to be saying that Squirrelmail won't work on PHP 5? I've been running it on PHP 5 for years and it's being maintained to support changes for the latest 5.4 and 5.5 releases. My experience with squirrel on PHP 5.x has been that it won't show every message in the webmail users inbox. People complained about lost mails and after checking spam filtering etc. I realised that the mails had arrived into inbox safely. After asking the clients to test another mail client - Thunderbird, Live mail, etc. The "lost" mails were there. That prompted for pretty fast substitution of squirrel with something else. Roundcube with it's snazzy javascript interface is neat, but many mobile/tablet browsers scale the display instead of doubleclicking. Sadly there is no free mobile theme for Roundcube, but every single one of those cost money. That leaves Imp as the only alternative left, especially if you avoid ToySQL like a plague. I see. I've got it running on several servers, and have done for many years - and I've never experienced any problems or had them reported to me. I can't be sure, but I think I've only ever run it on PHP5 and nearly always on FreeBSD. One of the reasons I've stuck with it is that it's reliable and friendly to all browsers, and I use it for fixing user's mailbox problems. I've been playing around with Roundcube for a few months as an alternative - users like the way it looks. FWIW I'm using Dovecote 1 or 2 for the IMAP. In particular, Dovecot 1 with Squirrelmail has been really hammered, but has never broken. I sometimes get time-outs copying thousands of emails in one hit, but that's fair enough and nothing has ever been lost. Could the server be the problem in your case? I found the standard imapd did weird things for a lot of clients, and making the switch after many years of trying to blame the client software was a really good decision. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Since SquirrelMail Looks Like It Will Never Be Supported Again...
On 02/09/2013 08:41, doug wrote: On Sat, 31 Aug 2013, Reko Turja wrote: -Original Message- From: Frank Leonhardt FWIW I'm using Dovecote 1 or 2 for the IMAP. In particular, Dovecot 1 with Squirrelmail has been really hammered, but has never broken. I sometimes get time-outs copying thousands of emails in one hit, but that's fair enough and nothing has ever been lost. Could the server be the problem in your case? I found the standard imapd did weird things for a lot of clients, and making the switch after many years of trying to blame the client software was a really good decision. Running Cyrus here for ages, it might be a bit of pain to set up, but it's been a really bulletproof and "zero maintenance" solution. The problems cannot be replicated on any other client, only Squirrel has those problems with mail not showing up. -Reko We run postfix/cyrus mail servers. My experience with messages not showing up happens with Outlook (versions 2003, 2007, and 2013), squirrelmail, and mac mail. In all cases reported, the user can find messages either by sorting by date or by searching on some matching criteria. We put this in our FAQ. I have not noticed this issue with a server using sendmail/dovecot. That's pretty much my experience too. You start off by blaming the client software until it shows up shows up on more than one platform. I used to believe that imapd, part of the base system, must be "definitive" and beyond reproach. Ha! I don't know so much about the others, but Dovecot is full of work-arounds for various IMAP clients to cope with bugs or variations from the IMAP specification. You can spend forever arguing about which interpretation of a spec is correct but I just want it to work. (Except that Microsoft is glaringly wrong). Dovecot is really easy to install, and migrate form the base system (I don't know about from Cyrus), and I wish I'd been steered towards it earlier (which is why I'm evangelising it here). Incidentally, I have no reason to believe Dovecot 2 is any less robust than Dovecot 1 - it's just that I've really hammered Dovecot 1 for several years longer than the newer version. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Custom release ISO questions.
On 04/09/2013 13:17, Paul Wootton wrote: On 09/04/13 10:27, Sergey wrote: Hi all! Is there a way to create custom ISO without buildworld? I just want to edit some configs and bsdinstall scripts for silent automated install - why need to recompile whole world? It will be great if you'll share some useful links about this process. Thanks. Hi, To create a custom ISO, download the ISO you want to use as your base, use tar to extract the ISO into a new directory, make the changes you want and then run "mkisofs -V FreeBSD9 -J -R -b boot/cdboot -no-emul-boot -o ../freebsd_custom.iso ." from the new directory. That will create a bootable CD. (Found in ports/sysutuls/cdrtools) What I did when making a custom install CD for my server (it's 1000s of miles away in a datacenter) was a slightly different approach. Boggle! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Spam control (was: Let People Find You in Google!)
On 06/09/2013 11:21, Jerry wrote: On Fri, 6 Sep 2013 09:32:39 +0100 Graham Todd articulated: Isn't this pure SPAM? Why yes it is. Would you prefer it mixed with non-spam to make it more palatable? Seriously, the ration of spam to non-spam is increasing exponentially on this list. Until the moderators change this to a subscriber list it will remain aa "any spammer can post" list. There has indeed been a higher spam:ham ratio on this list of late, however making it subscriber-only won't help. The crims need only spoof the address of someone subscribed to the list to bypass that, and I suspect a few spammers have registered using false addresses anyway (leading to a bounce to anyone posting). Piping it through Spamassassin as it arrives at mx1.freebsd.org, although this isn't so effective against people using freemail accounts. Closing down irresponsibly run freemail operators would be a big help, but it's not going to happen. If anyone wants to discuss this OFF LIST, I'm up for it. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ufs recovery
On 08/09/2013 09:46, Laszlo Danielisz wrote: Hi, By mistake I forgot to edit my crontab on my FreeBSD 8.3 after I took out one of the hard drives. I had a little rsync script which I used to synchronise a directory between those two hard drives, because one of the hard drives were not present anymore and rsync had the --delete parameter I end up deleting the whole directory, of course with precious informations. I have ufs on the hdd, after the "accident" I've turned off the computer to avoid any writings on the disk. Do you have any idea how can I recover the lost directory? Thank you! Laci Hi Laci, I'm sorry to have to tell you that recovering UFS is not easy. It's not like MS-DOS or NFTS at all in that respect. When you delete from UFS it removes inode data and adds the space released to the free block list. It's a one-way process; there is no journalling and no way to undo any of it. I don't know of any public domain utilities that will do what you need. EnCase can do something with UFS, and a utility called "Raise Data Recovery" will get stuff from damaged disks. This isn't the same as getting back deleted files. The only option I've ever found to work is to scan the disk's free blocks (all of them in your case) with a utility that recognises specific file formats and pieces the file together using the contents it reads from each block, using "best guess" and manual choice to decide which the next block is. This is no joke if you've lost a lot of files, but worth it if you have one or two vital ones amongst them. Sorry I can't be of any more comfort. As I'm sure someone will chip in, there are things you can do before the event. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ufs recovery
On 08/09/2013 10:39, Laszlo Danielisz wrote: On 2013.09.08., at 11:07, Frank Leonhardt <mailto:freebsd-...@fjl.co.uk>> wrote: On 08/09/2013 09:46, Laszlo Danielisz wrote: Hi, By mistake I forgot to edit my crontab on my FreeBSD 8.3 after I took out one of the hard drives. I had a little rsync script which I used to synchronise a directory between those two hard drives, because one of the hard drives were not present anymore and rsync had the --delete parameter I end up deleting the whole directory, of course with precious informations. I have ufs on the hdd, after the "accident" I've turned off the computer to avoid any writings on the disk. Do you have any idea how can I recover the lost directory? Thank you! Laci Hi Laci, I'm sorry to have to tell you that recovering UFS is not easy. It's not like MS-DOS or NFTS at all in that respect. When you delete from UFS it removes inode data and adds the space released to the free block list. It's a one-way process; there is no journalling and no way to undo any of it. I don't know of any public domain utilities that will do what you need. EnCase can do something with UFS, and a utility called "Raise Data Recovery" will get stuff from damaged disks. This isn't the same as getting back deleted files. The only option I've ever found to work is to scan the disk's free blocks (all of them in your case) with a utility that recognises specific file formats and pieces the file together using the contents it reads from each block, using "best guess" and manual choice to decide which the next block is. This is no joke if you've lost a lot of files, but worth it if you have one or two vital ones amongst them. Sorry I can't be of any more comfort. As I'm sure someone will chip in, there are things you can do before the event. Regards, Frank. Hi Frank, Thank you very much for the information! Meanwhile I've found this software: http://www.ufsexplorer.com/, I'm going to give a try. Regards, Laci That's the company that produces the "Raise Data Recovery" product I mentioned. However, I believe it's better for recovering data from a broken FS in the case of UFS2, not for undeleteing a whole directory/disk full of "deliberately" deleted files. I just checked, and it has a try-before-buy feature so you have nothing to lose. Good luck, and please keep us informed! FWIW I use Pandora for jobs similar to this, although it doesn't specifically support UFS. Piriform's Recuva also has its uses. But where UFS is involved I've failed to find a magic solution - just recovery from a backup unless it's one or two odd files. About the only thing you have going for you with UFS is the directory retains the file name after deletion if you haven't created any new files over it. But the inode (where it is on the disk) is another matter. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Network Question
On 12/09/2013 20:16, Daniel Nang wrote: That was easier than I thought. My initial approach already looked something like this, except that for the ip address I always put the machine's name as in: machine1# ssh u...@machine2.example.com which results in ssh: Could not resolve hostname machine2.example.com: hostname nor servname provided, or not known I think the problem here lies with the /etc/hosts file where machine1 and machine2 have to be registered respectively. The thing here is that the ip isn't static which makes this approach somewhat difficult to realize. Got it. Thanks. On Fri, Sep 13, 2013 at 2:51 AM, Adam Vande More wrote: On Thu, Sep 12, 2013 at 1:45 PM, Daniel Nang wrote: Hello, I have two computers, both running FreeBSD, accessing the web via DHCP from the router. The setup looks like this: Internet | | | machine1.example.com --- Router --- machine.2.example.com - DHCP -- DHCP - Both computers can access the internet with no problems. So far so good... My question is, if I can simultaneously have the computers access the net as in the given picture and also let them communicate with each other e.g. via ssh? machine1# ssh `ip of machine2` -- Adam Vande More ___ If you really only have two (or a very few machines) just give them static local IP addresses and add the host names to /etc/hosts on each box. Find out the address pool used by the DHCP server (presumably in the router) and choose your static addresses to avoid it. If you use dynamic IP addresses (form DHCP) you may have some fun and games when it comes to security certificates. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: how to tell which process call sendmail
On 19/09/2013 19:30, Glenn McCalley wrote: So, some idiot is using a cgi or php or something to send mail out of his website that he shouldn't be sending. With a bunch of sites on the server, can't tell who. I had a similar problem, but some time back and I can't remember *exactly* what I did. It was something like pointing mailer.conf to my own program which did some logging and then called the real sendmail. Actually, I might just have hacked mailwrapper directly. I think there was some way I managed to cross-reference to the httpd logs, or that might be what I tried to do and failed. Sorry - this may not be helping much. Another approach might be to find some likely text in the outgoing message and do a recursive grep on /home. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: What is Negative permissions
On 23/09/2013 11:54, Leslie Jensen wrote: In the daily security run I see the following: Checking setuid files and devices: Checking negative group permissions: 3791965 -rwxr--r-x 1 admin wheel 172 Mar 9 10:59:55 2011 /usr/home/admin/bin/noip_update.sh Is it just a reminder that the group has no x permissions or should I give those permissions? Yes, basically. It's obviously very odd to give everyone OTHER than :wheel members permission to run it. What about user root in group wheel - is root allowed to run it? Actually, yes, even though you might think you've forbidden members of "wheel". Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Files in /tmp directory - Is there any timelimit ?
On 25/09/2013 10:05, Sreeram BS wrote: On Wed, Sep 25, 2013 at 2:29 PM, Volodymyr Kostyrko wrote: 25.09.2013 11:34, Sreeram BS wrote: Hi, I am using FreeBSD 9. I would like to know as to what is the lifetime of the files in /tmp directory. The general description says that these files *may* not be preserved across a reboot. By this I interpret that if the system is not rebooted, then these files will be there forever. But, just wanted a confirmation to see if there is any lifespan (expiry-time) attached with these files (ie the system would flush these files after some days/months etc automatically). Not by default. There's a clean-tmps periodic task which can be enabled @/etc/periodic.conf. It defaults to three days. -- Sphinx of black quartz, judge my vow. Does this auto-cleanup apply to files in /var/tmp directory also. The generic description says that the files in this directory can stay across reboots. So, does this survive auto-cleanup too? regards, Sreeram The default is to clean up /tmp only, but this can be changed in periodic.conf If you're struggling with this, note that a default periodic.conf is in /etc/defaults and it's individual values can be over-ridden by /etc/periodic.conf IF IT EXISTS. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
On 27/09/2013 19:20, Laurent SALIN wrote: Hello, I wondering how i can send queries to a dns resolver listening on a different port than the normaly 53 tcp/udp ? The situation: I've got a vps who running NSD as a autoritative nameserver, listening on tcp/udp 53 and unbound as personnal resolver, listening on a different tcp/udp port. It work very well on his own or with my OpenBSD gateway at home as DNS cache. Recently i've got a new FreeBSD VPS and I want to use the first VPS as DNS nameserver for the second VPS but FreeBSD is unable to send queries to nameserver on a different port as the normal one (tcp/udp 53). I've got a "bad" solution, use unbound on the second VPS and maybe tell him to ask the 1rst VPS on the unusual tcp/udp port, but I wonder myself if is it possible with Packet Filter to change the destination port of the queries forwarded to my 1rst VPS from tcp/udp 53 to tcp/udp 5353 for exemple ? Or maybe anybody got a other solution ? I hope you'll understand me :-/ Laurent SALIN If I understand the way it works correctly, the resolver pulls a list of the NS and hard-sets the port number for each to 53 (via a manifest constant) . See libc/resolv/res_init.c. All you need to do(!) is change this to a value of your choice and recompile libc (and anything that links to it statically) and it should be sorted. Or find an easier work-around. I don't see any reason why the resolver library can't be modified to pick up a range of port numbers from the config (as other systems have), but AFAIK it can't. The resolver isn't part of the kernel - it's the application doing the lookup, not FreeBSD (except in libc being part of the base system). Oh you know what I mean! Each application makes its own lookup. I could be spectacularly out-of-date with this. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
On 27/09/2013 23:08, Terje Elde wrote: On 28. sep. 2013, at 00:03, Frank Leonhardt wrote: If I understand the way it works correctly, the resolver pulls a list of the NS and hard-sets the port number for each to 53 (via a manifest constant) . See libc/resolv/res_init.c. All you need to do(!) is change this to a value of your choice and recompile libc Sorry, but this is startin to look a lot like a complicated solution to a problem that isn't really there... It was more of an explanation as to /why/ it's not easy to do what asked in the original reasonable-sounding question. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
On 28/09/2013 00:20, Michael Sierchio wrote: On Fri, Sep 27, 2013 at 4:11 PM, Frank Leonhardt wrote: On 27/09/2013 23:08, Terje Elde wrote: On 28. sep. 2013, at 00:03, Frank Leonhardt wrote: If I understand the way it works correctly, the resolver pulls a list of the NS and hard-sets the port number for each to 53 (via a manifest constant) . See libc/resolv/res_init.c. All you need to do(!) is change this to a value of your choice and recompile libc Sorry, but this is startin to look a lot like a complicated solution to a problem that isn't really there... It was more of an explanation as to /why/ it's not easy to do what asked in the original reasonable-sounding question. Beg to differ. The question isn't reasonable. There's no point in having a dns recursive resolver listening on a port other than the one that clients will contact it on. Far better to have the authoritative server listen on 127.53.0.1 and use the routable address for the cache, which can forward requests for the authoritative server when appropriate. The original qustion was actually "I wondering how I can send queries to a dns resolver listening on a different port than the normaly 53 tcp/udp?" Given that BIND can happily listen on ports other than 53 and OpenBSD allows a port to be specified against each nameserver in resolv.conf, it does not seem an unreasonable question to me. Read the rest of the post quoted selectively above for the full story. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
How do I ring a bell?
In the good'ol days I could make UNIX ring a bell (literally) by sending \a to the console TTY (an ASR33 in my case). Now there's an electronic synthesised ting or beep from an terminal emulator IF it's got a sound card and so on, and an IBM-PC had a beep routine in the BIOS. Is there any way to make a noise through the built in "bell" speaker found on an IBM PC compatible server box? Writing 007 to the BIOS cout routine might do it, but I've realised I haven't got a clue how to do that. I could easily knock up a bit of hardware to go on a serial port (or similar) that could be triggered to make a noise, but these things have already got the hardware built in and I'm looking to use what I've already got. Thanks, Frank. P.S. "cdcontrol -f /dev/mycdrom eject" is the best I've come up with so far for getting attention. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: How do I ring a bell?
On 07/10/2013 13:06, Peter Boosten wrote: On 7 okt. 2013, at 13:37, Frank Leonhardt <mailto:fra...@fjl.co.uk>> wrote: In the good'ol days I could make UNIX ring a bell (literally) by sending \a to the console TTY (an ASR33 in my case). Now there's an electronic synthesised ting or beep from an terminal emulator IF it's got a sound card and so on, and an IBM-PC had a beep routine in the BIOS. Is there any way to make a noise through the built in "bell" speaker found on an IBM PC compatible server box? Writing 007 to the BIOS cout routine might do it, but I've realised I haven't got a clue how to do that. I could easily knock up a bit of hardware to go on a serial port (or similar) that could be triggered to make a noise, but these things have already got the hardware built in and I'm looking to use what I've already got. Thanks, Frank. P.S. "cdcontrol -f /dev/mycdrom eject" is the best I've come up with so far for getting attention. ___ freebsd-questions@freebsd.org <mailto:freebsd-questions@freebsd.org> mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" echo "CTRL-V CTRL-G" should do the trick Alas, not. The console driver won't ring the BIOS bell on anything I've tried. It might on a desktop with a built-in sound card and speakers, but it won't do anything with the "beep" speaker. It's actually the same solution I mentioned in the first line (\a translates to 007 which is ctrl-G). Then there's the issue of writing it to the console rather than a virtual terminal, but I have a few hacks that'll achieve that part. IIRC there was once a FreeBSD kernel module to drive the PC speaker (through /dev/pcspeaker or similar), but it seems to have gone or I'm confusing it with another BSD (or Linux). No I'm not. /usr/src/sys/dev/speaker/spkr.c(!) I may be close to a solution... Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: How do I ring a bell?
On 07/10/2013 14:31, RW wrote: On Mon, 07 Oct 2013 13:46:53 +0100 Frank Leonhardt wrote: Alas, not. The console driver won't ring the BIOS bell on anything I've tried. It might on a desktop with a built-in sound card and speakers, but it won't do anything with the "beep" speaker. Are you sure you have one? The last two cases I bought didn't. They beep when you turn them on and they're ready to boot :-) /dev/speaker appears to be the answer. Thanks, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: How do I ring a bell?
On 07/10/2013 13:36, Polytropon wrote: > Is there any way to make a noise through the built in "bell" speaker > found on an IBM PC compatible server box? Writing 007 to the BIOS cout > routine might do it, but I've realised I haven't got a clue how to do that. > Making it audible is part of the local terminal emulator, > either the TTY (text mode) driver or via xterm (or the > preferred alternative terminal emulator in X). Yers, but I'm not running X. Or a character terminal come to that :-) > > A more sophisticated interface is provided as soon as your > kernel has > > device speaker > > compiled in (or speaker.ko has been loaded). Now you can > play wonderful music through the speaker. :-) > > See "man 4 speaker" for details. Thanks! This is what I was looking for. > See the following shell script as an example of what you > can do: Overkill. I have proper work to do rather than working out how to play appropriate bit silly little tunes for every eventuality. Actually spkr.c has some useful comments in it - apparently it works the same as IBM PC BASIC. Now how do I make it polyphonic... > Always make sure that the system actually _has_ got an > internal speaker! I assume that modern PC hardware could > have it removed along with floppy drive connector, parallel > port or power switch. Remains to be seen, but most still seem to have one so the BIOS ROM can make "beep" diagnostic codes if it can't do anything else. >> P.S. "cdcontrol -f /dev/mycdrom eject" is the best I've come up with so >> far for getting attention. > That's a really clever idea, never heared of that. It has > the advantage of being permanent because the drive will > stay open when the sound of its motor has finished. :-) I use it all the time, especially when directing a tech to the appropriate server in a rack. "It's the one I just popped the CD drive on". These days servers have the spring-loaded notebook drives instead of the motorised trays, which is a pity. You could keep winding the motorised ones in and out until someone spotted it. I suppose if you did it energetically enough it might catch fire and set off the smoke alarm (audible). Or leave it wound out with a tin can balanced on it; to make a noise wind it back in and hear it clatter to the floor. (Incidentally - email over-lap because earlier reply posted to me and list rather than just list) Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Authorisation Errors on 9.2
On 13/10/2013 18:08, Beeblebrox wrote: I have two strange errors but I am not sure whether they are related. ERROR-1: Slim allows login without checking for password. /var/log/auth.log shows: Oct 13 11:44:57: slim: gkr-pam: no password is available for user Oct 13 11:44:57: gnome-keyring-daemon[1225]: couldn't allocate secure memory to keep passwords and or keys from being written to the disk ERROR-2: sshd disconnects (drops) client connections immediately after login. This happens when trying from host its self or some other client. Testing from host (162.168.1.10 is host's IP) $ ssh root@192.168.1.10 Password for root@server.freebsd: Last login: Sun Oct 13 13:02:09 2013 Welcome to myNetwork (the motd message) csh: No such file or directory Connection to 192.168.1.10 closed. /var/log/auth.log for ssh shows: Oct 13 19:41:37: Server listening on 0.0.0.0 port 22. Oct 13 19:42:37: Accepted keyboard-interactive/pam for root from 192.168.1.10 port 33248 ssh2 Oct 13 19:42:37: Received disconnect from 192.168.1.10: 11: disconnected by user Thanks for any advice on how to resolve these two issues. The gnome keyring demon does that. I believe it's only warning and I've never dug in to the source to find out more but I think it's something it can only do on Linux. I'm sure someone will be along in a minute with something to say about that. As to the second problem - csh: No such file or directory. At the risk of pointing out the trivial, is root's home directory valid? Why not post /etc/passwd and we'll check :-) Could it be a dud /root/.tcshrc? Or /etc/login.conf? I assume you've configured sshd to allow direct root logins. If you hadn't I think you get a different rejection message (but who knows with 9.2?) Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Authorisation Errors on 9.2
On 14/10/2013 06:37, Beeblebrox wrote: Hi, I Inadvertently posted the gnome-keyring bit. That's almost standard error message on FreeBSD-Gnome. The relevant bit for the error is in fact: slim: gkr-pam: no password is available for user However, the user cannot login on a tty without providing a password. For ssh, the same error and dropped connection occurs for all users. sshd was modified to allow root login. All users have valid home directories defined. From /etc/passwd; I wonder if this has anything to do with it? sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/*nologin* Could it be a dud /root/.tcshrc? Or /etc/login.conf? The accounts which try to ssh login also login on host proper and do not have any login issues when logging-in directly on host - so I think we can eliminate these problems. I'm now really guessing - I've not tried 9.2-RELEASE. Given these things are usually really obvious when you finally spot them (it happens to me a lot, anyway), here are a few obvious things you could think of in case it helps. First off, ssh is different from a console login so what's in sshd_config matters. That said, the defaults generally work (or used to). In no particular order, in sshd_config: PasswordAuthentication must be "yes" KerberosOrLocalPasswd probably "yes" AllowUsers, AllowGroups, DenyUsers and DenyGroups need to be set correctly. ChrootDirectory - this could cause fun if it's set to something. Other things that might be interesting are UseLogin and UsePAM. If this was a fundamental problem with changed defaults in 9.2, I'm sure a lot more people would have complained. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: warning: total configured swap (8960911 pages) exceeds maximum recommended amount (8243200 pages).
On 17/10/2013 17:01, RW wrote: On Thu, 17 Oct 2013 16:27:49 +0100 Frank Leonhardt wrote: On 17/10/2013 15:04, Anton Shterenlikht wrote: I'm using a 72gb swap disk. I've 10gb RAM I get this warning: warning: total configured swap (8960911 pages) exceeds maximum recommended amount (8243200 pages). warning: increase kern.maxswzone or reduce amount of swap. What is max. recommended amount based on? What is the danger of exceeding it? How should I increase kern.maxswzone? # sysctl kern.maxswzone kern.maxswzone: 0 # Do I set it to the total swap size? Where is kern.maxswzone described? I went through this on an earlier version but didn't get any warning. You might find the answer here: http://blog.frankleonhardt.com/2011/large-swap-files-on-freebsd-die-with-mystery-killed-howto-add-lots-of-swap-space/ The hard limit that's mentioned there is i386 only. I think that may have changed a bit since 8.2. This was running 8.2 on AMD64, and it's definitely there (and with the same value as the i386 version). The code's there on 9.1, as is the manifest constant in param.h and it's still the same value. I haven't tried 9.2 yet. So what am I missing about i386? Thanks, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
