nat and firewall
hi sirs, i am confused now that what is the difference between nat and firewall_nat in /etc/rc file natd_enable="YES" firewall_nat_enable="YES" just one question per asking. there will be another more questions about this but for this moment only this one first. thanks in advance for any helps and hints regards, psr ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: nat and firewall
On Wed, Sep 24, 2008 at 2:52 PM, FBSD1 <[EMAIL PROTECTED]> wrote: > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of fire jotawski > Sent: Wednesday, September 24, 2008 12:13 PM > To: freebsd-questions@freebsd.org > Subject: nat and firewall > > hi sirs, > > i am confused now that what is the difference between nat and firewall_nat > in /etc/rc file > > natd_enable="YES" > firewall_nat_enable="YES" > > just one question per asking. there will be another more questions about > this but for this moment only this one first. > > thanks in advance for any helps and hints > > regards, > psr > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to [EMAIL PROTECTED] > sorry for top posting first of all thanks indeed for your answers > > > natd_enable="YES" This statement in rc.conf enables ipfw nated function. > firewall_nat_enable="YES" This is an invalid statement. No such thing as > you have here. i found firewall_nat_enable in /etc/rc.firewall my machine is %uname -a FreeBSD makham.serveblog.net 7.0-RELEASE FreeBSD 7.0-RELEASE #5: Thu Sep 4 09:48:32 ICT 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/SITING i386 % > FreeBSD has 3 different built in firewall for you to chose from. IPFW, > Ipfilter, and PF > Review /etc/defaults/rc.conf for their statements. > It would do you good to read the firewall section of the FreeBSD Handbook > for a complete explanation of the 3 firewalls and the differences between > them. > In my option the PF firewall has the easiest to use rule set and built in > table functions for automated black listing attacking IP address. Its major > weakness is it has very poorly designed logging function that results in > very cumbersome usage. > IPFilter comes next. It has easy logging and rules usage. It lacks the auto > black listing table building of PF. These two firewalls were ported to > FreeBSD from other Unix flavored operating systems. Both have teams > supporting and maintaining them. > The final firewall is IPFW that is the first firewall included in FreeBSD > many years ago and was developed by the FreeBSD team. IPFW also lacks the > auto black listing table building of PF, and its nated rules are much > harder > to get working using all stateful rules. IPFW had a major coding overhaul a > few years back but the inhered design flaw of how nated rules are handled > was not touched. Grape vine says IPFW nated code is a messed up can of > worms > and no one wants to touch it. > I have used all 3 firewalls at one time or another to learn about them. I > found IPFilter to be the easiest to use and get logging out put in standard > format like all the other FreeBSD logs are. But you should ready the > handbook and decide for your self what best satisfies your firewall needs. > thanks indeed for your answers. i will ask more questions regarding to natd and firewall again after reading handbook. regards, psr ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: nat and firewall
On Thu, Sep 25, 2008 at 12:10 AM, Kevin Kinsey <[EMAIL PROTECTED]> wrote: > FBSD1 wrote: > >> >> natd_enable="YES" This statement in rc.conf enables ipfw nated function. >> firewall_nat_enable="YES" This is an invalid statement. No such thing as >> you have here. >> > > This is no longer true; he did indeed find "firewall_nat_enable" > in /etc/defaults/rc.conf. The knob seems to have first appeared > in February in HEAD and I'm guessing it cues the system to use a > new kernel-based nat rather than natd(8), but I've not read anything > further about this, as my system isn't as up to date as the OP's. > I don't know when this change was MFC'ed, but apparently fairly > recently? > > I suppose we need someone a tad more "in the know" to straighten > that out for us. > up to this moment, i do not know if natd and firewall_nat function in the same or different. and is there firewall_nat_flags thing too ? thanks in advanced for any helps and hints. regards, psr > > Kevin Kinsey > -- > A wise man can see more from a mountain top > than a fool can from the bottom of a well. > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: nat and firewall
On Thu, Oct 2, 2008 at 7:39 PM, Dominique Goncalves < [EMAIL PROTECTED]> wrote: > Hi, > > On Thu, Oct 2, 2008 at 6:09 AM, fire jotawski <[EMAIL PROTECTED]> wrote: > > On Thu, Sep 25, 2008 at 12:10 AM, Kevin Kinsey <[EMAIL PROTECTED]> wrote: > > > >> FBSD1 wrote: > >> > >>> > >>> natd_enable="YES" This statement in rc.conf enables ipfw nated > function. > >>> firewall_nat_enable="YES" This is an invalid statement. No such thing > as > >>> you have here. > >>> > >> > >> This is no longer true; he did indeed find "firewall_nat_enable" > >> in /etc/defaults/rc.conf. The knob seems to have first appeared > >> in February in HEAD and I'm guessing it cues the system to use a > >> new kernel-based nat rather than natd(8), but I've not read anything > >> further about this, as my system isn't as up to date as the OP's. > >> I don't know when this change was MFC'ed, but apparently fairly > >> recently? > >> > >> I suppose we need someone a tad more "in the know" to straighten > >> that out for us. > >> > > > > up to this moment, i do not know if natd and firewall_nat function in the > > same or different. > > and is there firewall_nat_flags thing too ? > > I'll try to explain, > > natd_* knobs are for natd(8), a daemon > firewall_nat_* knobs are for ipfw(8), NAT is processed by the kernel > > firewall_nat_* was added in the begenning of year in RELENG_7 > > http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.firewall?r1=1.52.2.2#rev1.52.2.2 > > The NAT configuration is done by /etc/rc.firewall, you can read this > file to know how the configuration is done. > > This is two different ways to do NAT. I can't speak about performance, > kernel vs daemon. > many thanks indeed for your clear explanations. so we simply use just one of them but not both, do not we ? once again, i appreciate all of your kind asistances in my case. with best regards, psr ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
sysinstall
hi sirs, apologize me for disturbing the list but i really have problem with adding packages using sysinstall. i start my day with sysinstall configPackages and ending with loop at media selection site. i can not go out from that menu. i do not know what wrong i had done. my box is 7.0-RELEASE FreeBSD thanks in advance for any helps and hints best regards, psr ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
cvsup: local
hi sirs, i have my small box, 10.3.1.25 ip, that cvsup-ed files from repository into it. it use cvs-supfile in /usr/share/examples/cvsup/ to collect files. now that i want my other machine to cvsup 6.2-release source files from the one mentioned above. my trial was cvsupd -b /var/db -c sup for box, 10.3.1.25 ip, and for other machine cvsup -g -L 2 -h 10.3.1.25 sup-file what i got was 'Server message: Unknown collection "src-all" ' message. and later on Running Skipping collection src-all/cvs Skipping collection doc-all/cvs Shutting down connection to server Finished successfully very strange indeed. any helps and hints in setting cvsup server would highly be appreciated. with best regards, psr ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: cvsup: local
On Thu, Nov 6, 2008 at 9:59 PM, Lowell Gilbert < [EMAIL PROTECTED]> wrote: > "fire jotawski" <[EMAIL PROTECTED]> writes: > > > i have my small box, 10.3.1.25 ip, that cvsup-ed files from repository > into > > it. it use cvs-supfile in /usr/share/examples/cvsup/ to collect files. > > now that i want my other machine to cvsup 6.2-release source files from > the > > one mentioned above. > > > > my trial was > > > > cvsupd -b /var/db -c sup > > > > for box, 10.3.1.25 ip, and for other machine > > > > cvsup -g -L 2 -h 10.3.1.25 sup-file > > > > what i got was 'Server message: Unknown collection "src-all" ' message. > > and later on > > > > Running > > Skipping collection src-all/cvs > > Skipping collection doc-all/cvs > > Shutting down connection to server > > Finished successfully > > > > very strange indeed. > > > > any helps and hints in setting cvsup server would highly be appreciated. > > To run cvsupd, you need the whole cvs tree for the collections you're > handling, not just the checked-out files. > > Assuming these machines are attached by a protected network, a better > approach (easier, anyway) would probably be to cvsup the changes to > just one machine, then NFS-mount that machine's ports tree from the > other machine. > > -- > Lowell Gilbert, embedded/networking software engineer, Boston area > > http://be-well.ilk.org/~lowell/<http://be-well.ilk.org/%7Elowell/> > thanks indeed and apologized me for postponing answer to all of postings. what about cvs then. i did this cvs -d /home/ncvs checkout ports and i got some thing quite similar to ports tree indeed. thanks in advance for any informations rgds, psr -- ?? ? ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: cvsup: local
On Tue, Nov 25, 2008 at 12:31 AM, Lowell Gilbert < [EMAIL PROTECTED]> wrote: > "fire jotawski" <[EMAIL PROTECTED]> writes: > > > On Thu, Nov 6, 2008 at 9:59 PM, Lowell Gilbert < > > [EMAIL PROTECTED]> wrote: > > > >> "fire jotawski" <[EMAIL PROTECTED]> writes: > >> > >> > i have my small box, 10.3.1.25 ip, that cvsup-ed files from > repository > >> into > >> > it. it use cvs-supfile in /usr/share/examples/cvsup/ to collect > files. > >> > now that i want my other machine to cvsup 6.2-release source files > from > >> the > >> > one mentioned above. > >> > > >> > my trial was > >> > > >> > cvsupd -b /var/db -c sup > >> > > >> > for box, 10.3.1.25 ip, and for other machine > >> > > >> > cvsup -g -L 2 -h 10.3.1.25 sup-file > >> > > >> > what i got was 'Server message: Unknown collection "src-all" ' > message. > >> > and later on > >> > > >> > Running > >> > Skipping collection src-all/cvs > >> > Skipping collection doc-all/cvs > >> > Shutting down connection to server > >> > Finished successfully > >> > > >> > very strange indeed. > >> > > >> > any helps and hints in setting cvsup server would highly be > appreciated. > >> > >> To run cvsupd, you need the whole cvs tree for the collections you're > >> handling, not just the checked-out files. > >> > >> Assuming these machines are attached by a protected network, a better > >> approach (easier, anyway) would probably be to cvsup the changes to > >> just one machine, then NFS-mount that machine's ports tree from the > >> other machine. > >> > >> -- > >> Lowell Gilbert, embedded/networking software engineer, Boston area > >> > >> http://be-well.ilk.org/~lowell/<http://be-well.ilk.org/%7Elowell/> > <http://be-well.ilk.org/%7Elowell/> > >> > > > > > > thanks indeed and apologized me for postponing answer to all of postings. > > what about cvs then. i did this > > > > cvs -d /home/ncvs checkout ports > > > > and i got some thing quite similar to ports tree indeed. > > What did you think that command was going to do? Do you have a full cvs > ports tree under /home/ncvs? How did you get that? i did cvsup with supfile given in example, /usr/share/examples/cvsup/cvs-supfile, and set base to /var/db and prefix to /home/ncvs as suggested and then cvsup -g -L 2 -h HOST /usr/share/examples/cvsup/cvs-supfile where HOST is the one that run fastest in local area around my country. > > My understanding was that you wanted to put the ports tree on one > machine (call it the "master"), then use it to install ports on other > machines that are local to the master. The way to do that would be to > use cvsup as normal on the master, and build all the ports there. Then > you can use NFS to mount /usr/ports on the other machines, and install > the ports on them as well. To speed things up, you can set WRKDIRPREFIX > to point at local disk space on the client machines. You can even have > the master machine build packages, avoiding the need to build the ports > from source on the clients. > > Does that make sense to you? Do you need it described in more detail? > my real problem is that i can not do cvsup from any machine in my office. but there is no problem at home. so i simply bring my notebook home and do cvsup as above. later on at the office, i want my other machine get /usr/src from my notebook but i can not and that's my problem. and frankly speaking my english is quite poor, i spend the whole week end to understand documents cited. unfortunately, that bring me more problem and that's why i revert back to my instinct with cvs. anyway, i really appreciate all answers to me and still hope that you will give me further helps. with best regards, psr > > Good luck. > -- > Lowell Gilbert, embedded/networking software engineer, Boston area > > http://be-well.ilk.org/~lowell/<http://be-well.ilk.org/%7Elowell/> > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
make readmes errors
hi sirs, my machine is FreeBSD siting.oaep.go.th 7.0-RELEASE FreeBSD 7.0-RELEASE #3: Fri Mar 7 03:20:47 ICT 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/SITING i386 i try making README.html for all ports but get errors at the last state as Creating README.html for all ports /usr/ports/Tools/make_readmes : Permission denied *** Error code 126 please help me in makeing readme.html thanks in advance for any hints. with best regards, psr ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: make readmes errors
On Mon, Mar 24, 2008 at 9:58 PM, Lowell Gilbert < [EMAIL PROTECTED]> wrote: > "fire jotawski" <[EMAIL PROTECTED]> writes: > > > my machine is FreeBSD siting.oaep.go.th 7.0-RELEASE FreeBSD 7.0-RELEASE#3: > > Fri Mar 7 03:20:47 ICT 2008 > > [EMAIL PROTECTED]:/usr/obj/usr/src/sys/SITING > > i386 > > i try making README.html for all ports but get errors at the last state > as > > > > Creating README.html for all ports > > /usr/ports/Tools/make_readmes : Permission denied > > *** Error code 126 > > > > please help me in makeing readme.html > > thanks in advance for any hints. > > Sounds like the user running the command doesn't have permissions to > write into the port directories. > no sirs, i use root account for running that command. anywym i try running again with user root. thanks for your time psr ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: make readmes errors
On Tue, Mar 25, 2008 at 4:44 AM, Lowell Gilbert < [EMAIL PROTECTED]> wrote: > "fire jotawski" <[EMAIL PROTECTED]> writes: > > > On Mon, Mar 24, 2008 at 9:58 PM, Lowell Gilbert < > > [EMAIL PROTECTED]> wrote: > > > >> "fire jotawski" <[EMAIL PROTECTED]> writes: > >> > >> > my machine is FreeBSD siting.oaep.go.th 7.0-RELEASE FreeBSD > 7.0-RELEASE#3: > >> > Fri Mar 7 03:20:47 ICT 2008 > >> > [EMAIL PROTECTED]:/usr/obj/usr/src/sys/SITING > >> > i386 > >> > i try making README.html for all ports but get errors at the last > state > >> as > >> > > >> > Creating README.html for all ports > >> > /usr/ports/Tools/make_readmes : Permission denied > >> > *** Error code 126 > >> > > >> > please help me in makeing readme.html > >> > thanks in advance for any hints. > >> > >> Sounds like the user running the command doesn't have permissions to > >> write into the port directories. > >> > > > > > > no sirs, i use root account for running that command. anywym i try > running > > again with user root. > > Even for the root user, there are other possible privilege problems. > You could be running over NFS, with the UID getting remapped. > There could be file flags set on some of the files you are changing. > thanks indeed but my ports tree is on the same machine not nfs mounted one. best regards, psr ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: make readmes errors
On Thu, Mar 27, 2008 at 2:04 AM, Jörgen Blomberg <[EMAIL PROTECTED]> wrote: > fire jotawski wrote: > > hi sirs, > > > > my machine is FreeBSD siting.oaep.go.th 7.0-RELEASE FreeBSD 7.0-RELEASE#3: > > Fri Mar 7 03:20:47 ICT 2008 > > [EMAIL PROTECTED]:/usr/obj/usr/src/sys/SITING > > i386 > > i try making README.html for all ports but get errors at the last state > as > > > > Creating README.html for all ports > > /usr/ports/Tools/make_readmes : Permission denied > > *** Error code 126 > > > > please help me in makeing readme.html > > thanks in advance for any hints. > > > > with best regards, > > psr > > > > Is your ports tree up to date? > > A problem that had the same symptoms was fixed at March 12. well, in this case i use ports tree that come up with 7.0-release discs set. thanks so much indeed for your time. with best regards, psr > > > /JB > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
postgres: [2-1] FATAL: the database is starting up
hi sirs, apologize me for disturbing the list but i faced the strange problem that i can not understand every times i boot my machine. my machine is [~] # uname -a FreeBSD makham.serveblog.net 7.0-RELEASE FreeBSD 7.0-RELEASE #4: Wed Jul 2 03:43:34 ICT 2008 root@:/usr/obj/usr/src/sys/SITING i386 [~] # and i installed postgres via ports [~] # pkg_info -Ix postgre postgresql-client-8.2.7 PostgreSQL database (client) postgresql-server-8.2.7 The most advanced open-source database available anywhere [ ~] # every time i boot the machine i always get the message that says postgres[pid]: [2-1] FATAL: the database system is starting later on after logged in as root, i check for process, i found the postgresql has been started . so what the reason for the message at during start up then. best regards, psr ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: postgres: [2-1] FATAL: the database is starting up
On Thu, Aug 14, 2008 at 10:49 AM, Mehul Ved <[EMAIL PROTECTED]> wrote: > On 8/14/08, fire jotawski <[EMAIL PROTECTED]> wrote: > > every time i boot the machine i always get the message that says > > > > postgres[pid]: [2-1] FATAL: the database system is starting > > Have you checked /var/log/messages or /var/log/postgresql > I am not sure as to where does postgresql log but you can look around > in /var/log directory and go through the file for errors or warning. thanks so much for your time. i read /var/log/postgresql.log and did as suggested from hint in a log file but still got error message when reboot. here is /var/log/postgresql.log content [~] # cat /var/log/postgres.log Aug 14 16:09:53 makham postgres[1221]: [1-1] WARNING: autovacuum not started because of misconfiguration Aug 14 16:09:53 makham postgres[1221]: [1-2] HINT: Enable options "stats_start_collector" and "stats_row_level". Aug 14 16:09:53 makham postgres[1223]: [3-1] FATAL: the database system is starting up Aug 14 16:39:00 makham postgres[1223]: [2-1] FATAL: the database system is starting up Aug 14 16:45:32 makham postgres[1223]: [2-1] FATAL: the database system is starting up Aug 14 16:58:45 makham postgres[1223]: [2-1] FATAL: the database system is starting up Aug 14 18:27:33 makham postgres[1198]: [2-1] FATAL: the database system is starting up [~] # best regards, psr ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: postgres: [2-1] FATAL: the database is starting up
On Thu, Aug 14, 2008 at 8:21 PM, cpghost <[EMAIL PROTECTED]> wrote: > On Thu, Aug 14, 2008 at 09:59:57AM +0700, fire jotawski wrote: > > hi sirs, > > > > apologize me for disturbing the list but i faced the strange problem that > i > > can not understand every times i boot my machine. > > > > every time i boot the machine i always get the message that says > > > > postgres[pid]: [2-1] FATAL: the database system is starting > > > > later on after logged in as root, i check for process, i found the > > postgresql has been started . so what the reason for the message at > during > > start up then. > > IIRC, PostgreSQL always starts with this FATAL message. It still > works flawlessly nonetheless. If there are no other FATAL messages, > this one may not be a reason for concern. yes, it was just that but some time it did not happen some time it did. > > > You may want to read this as well: > http://archives.postgresql.org/pgsql-general/2007-12/msg01339.php > thanks indeed for this informations. i do not use -w flag and there is no error now. thanks to all of you and thanks to the list too. > > Regards, > -cpghost. > with best regards, psr > > -- > Cordula's Web. http://www.cordula.ws/ > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
