tproxy on freebsd

2007-04-17 Thread zen 

hi,
i know it seem out of topic,
i recently build a proxy server to serve our small ISP,
but i'm facing a big problem. as far as i know FreeBSD didn't support 
TPROXY like linux had.
but i need to build this proxy transparently so only my client ips that 
visible when browsing.

i use ipnat and ipf with Squid latest stable release.
does anyone has experience building a true transparent proxy with FreeBSD?
please share the knowledge and the regarding this problems.

TIA

Zen

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: tproxy on freebsd

2007-04-17 Thread Max Laier 
On Tuesday 17 April 2007 09:17, zen wrote:
> i know it seem out of topic,
> i recently build a proxy server to serve our small ISP,
> but i'm facing a big problem. as far as i know FreeBSD didn't support
> TPROXY like linux had.
> but i need to build this proxy transparently so only my client ips that
> visible when browsing.
> i use ipnat and ipf with Squid latest stable release.
> does anyone has experience building a true transparent proxy with
> FreeBSD? please share the knowledge and the regarding this problems.

http://www.benzedrine.cx/transquid.html is a tutorial for OpenBSD + pf + 
squid, but almost the same steps are required for FreeBSD.  If you build 
squid from the portstree you should enable:

 [X] SQUID_PF Enable transparent proxying with PF

or

 [ ] SQUID_IPFILTER   Enable transp. proxying with IPFilter

if you want to stay with ipf + ipnat.

-- 
/"\  Best regards,  | [EMAIL PROTECTED]
\ /  Max Laier  | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | [EMAIL PROTECTED]
/ \  ASCII Ribbon Campaign  | Against HTML Mail and News


pgpZyIWIlCfoJ.pgp
Description: PGP signature

Re: Dell SAS5 Performance Issue

2007-04-17 Thread Tom Judge 

Richard Tector wrote:

Ivan Voras wrote:

Richard Tector wrote:
 

I'm suffering from very slow write performance on a Dell PowerEdge 860
with the SAS5/IR controller (mpt driver) running either 6.2-RELEASE or
6.2-STABLE with sources from yesterday. The controller hosts 2 Western
Digital 320GB SATA disks in a RAID1 configuration.
Reads approach 65MB/s however writes appear extremely slow, in the
region of 6-7MB/s with a dd and a blocksize of 1MB all the way down to
about 300KB/s while extracting a ports snapshot.

It was suggested to me that perhaps write caching has been disabled on
the controller however no options exist within the BIOS configuration to
view/adjust *any* caching options.



You looked in the controller's BIOS, not motherboard's, right?

Indeed I did.

There should be at least a "write through" vs "write back" switch...
Correct, there should be options, but there aren't. The controller BIOS 
has very few options at all in fact.



No, but can you post the relevant bits for the controller from dmesg?
  

Sure:

mpt0:  port 0xec00-0xecff mem 
0xfe9fc000-0xfe9f,0xfe9e-0xfe9e irq 16 at device 8.0 on pci2

mpt0: [GIANT-LOCKED]
mpt0: MPI Version=1.5.12.0
mpt0: mpt_cam_event: 0x16
mpt0: Unhandled Event Notify Frame. Event 0x16 (ACK not required).
mpt0: mpt_cam_event: 0x12
mpt0: Unhandled Event Notify Frame. Event 0x12 (ACK not required).
mpt0: mpt_cam_event: 0x12
mpt0: Unhandled Event Notify Frame. Event 0x12 (ACK not required).
mpt0: mpt_cam_event: 0x16
mpt0: Unhandled Event Notify Frame. Event 0x16 (ACK not required).
[...snip...]
da0 at mpt0 bus 0 target 0 lun 0
da0:  Fixed Direct Access SCSI-5 device
da0: 300.000MB/s transfers, Tagged Queueing Enabled
da0: 305175MB (624998400 512 byte sectors: 255H 63S/T 38904C)


I have just stumbled across this problem on 4 PE860's and 2 PE840's.  I 
have been through the BIOS of the card and found no information about 
caching in any of the menus.  I then decided to take the card out and 
could not see any place to attach a cache battery backup unit,  I could 
also not see any ram chips on the card.


Is there any news on the performance of this card?

Tom
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: GELI versus GBDE?

2007-04-17 Thread Sam Baskinger 
I've been working on a ruby script to manage some geli file systems and 
have had some good experience using "-k -" to make it read from standard 
in. It's mixed with popen calls instead of a more bash-y version, but it 
works. :)


I have not tried running it w/o a terminal allocated, but I suspect that 
won't make much of a difference.


(If the script wasn't in such sorry shape at the moment I would copy it 
along, but I don't think anyone wants to see it now. ;) )


Sam

Lumeta - Securing the Network in the Face of Change

www.lumeta.com


Nikolay Mirin wrote:

Anyway, the other reasons that GBDE suck are:

1) Lots of annoying ENOMEM messages, since the memory allocation calls 
gbde makes are somewhat specific as I understand.

   One can ignore those messages.
2) GELI provides a onetime key feature, which makes it incredibly 
convenient for swap and /tmp encryption.
3) The secret key in GELI can be split between the keyfile and the 
passphrase.


The only inconvenience I had with GELI is that if one wants to read a 
passphrase in a script once and
then open a bunch of volumes, than one has to use "expect" to feed the 
passphrase to geli. It requires the terminal input and

won't accept the stdin. GBDE does not have such issue.

P.S. One can actually have both in kernel.

Christian Brueffer said the following on 16.04.2007 11:21:

On Sun, Apr 15, 2007 at 08:56:07AM -0500, Nikolay Mirin wrote:
 

Definitely GELI.

GBDE will become obsolete very soon as some other things like vinum 
and such. It was there just as a test of concept as I understand.
Many those different disk subsystems are incompatible in fact, the 
case of GBDE and Vinum is mentioned as an example in the handbook.
Read more about GEOM, as this system will unite all possible disk 
techniqies.


Also, GELI takes advantage of crypto-hardware, but I believe that one 
gets a benefit out of it only if the main CPU is very slow.





There are currently no plans to remove GBDE.  The problems with Vinum
you mention stemmed from the fact, that the original Vinum was not GEOM
aware, thus, GELI couldn't have been used with it as well.  gvinum has
been in existance for some time now and it's fully compatible to both
GBDE and GELI.

- Christian

  


___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"



___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: tproxy on freebsd

2007-04-17 Thread Peter Jeremy 
On 2007-Apr-17 14:17:05 +0700, zen <[EMAIL PROTECTED]> wrote:
>does anyone has experience building a true transparent proxy with FreeBSD?
>please share the knowledge and the regarding this problems.

Max beat me to answering but I use squid+IPfilter as a transparent proxy
on my home firewall.  The only problems I've run into are bugs in the
IPfilter window handling code.

-- 
Peter Jeremy


pgpY0XtCZ7DMQ.pgp
Description: PGP signature

Re: Dell SAS5 Performance Issue

2007-04-17 Thread Matthew Jacob 


Is there any news on the performance of this card?



I personally have not been able to reproduce the problem. It seems to
occur whether in Integrated Raid or not. It seems to be related to
specific backplanes and drives. It's an important problem to solve I
agree.
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: tproxy on freebsd

2007-04-17 Thread Alexander Kuprijanov 
В сообщении от Tuesday 17 April 2007 11:17:05 zen написал(а):
> hi,
> i know it seem out of topic,
> i recently build a proxy server to serve our small ISP,
> but i'm facing a big problem. as far as i know FreeBSD didn't support
> TPROXY like linux had.
> but i need to build this proxy transparently so only my client ips that
> visible when browsing.
> i use ipnat and ipf with Squid latest stable release.
> does anyone has experience building a true transparent proxy with FreeBSD?
> please share the knowledge and the regarding this problems.
>
> TIA
>
> Zen
>
> ___
> freebsd-stable@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Dear Zen

I use transparent proxy on my home wi-fi network, and on work (ethernet lan) 
with pf+proxy on FreeBSD gateways without any problems... earlier I used 
ipfilter+proxy (for transparent proxing) also without problems.

I can share my config (pf+proxy) if you need

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

K3B crashes kernel

2007-04-17 Thread Robert Marella 
Good Afternoon

I have two systems running 6 stable that K3B is crashing the kernel.
All ports are up to date as of today. I have searched the archives and
google and the only the only reference is in current and looks exactly
like my problem.

http://lists.freebsd.org/pipermail/freebsd-current/2007-April/070753.html

This dump will happen every time by just starting K3B.

FreeBSD p4.konav201.local 6.2-STABLE FreeBSD 6.2-STABLE #3: 
Mon Apr  9 18:51:25 HST 2007
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC  i386

I am not an expert with the debugging feature but here is what I have.

[EMAIL PROTECTED] /usr/obj/usr/src/sys/GENERIC> sudo kgdb
kernel.debug /data/crash/vmcore.5 Password:
kgdb: kvm_nlist(_stopped_cpus): 
kgdb: kvm_nlist(_stoppcbs): 
[GDB will not be able to debug user-mode
threads: /usr/lib/libthread_db.so: Undefined symbol
"ps_pglobal_lookup"] GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free
Software Foundation, Inc. GDB is free software, covered by the GNU
General Public License, and you are welcome to change it and/or
distribute copies of it under certain conditions. Type "show copying"
to see the conditions. There is absolutely no warranty for GDB.  Type
"show warranty" for details. This GDB was configured as
"i386-marcel-freebsd".

Unread portion of the kernel message buffer:
acd1: FAILURE - MODE_SENSE_BIG ILLEGAL REQUEST asc=0x24 ascq=0x00 
acd1: FAILURE - MODE_SENSE_BIG ILLEGAL REQUEST asc=0x24 ascq=0x00 
acd1: FAILURE - MODE_SENSE_BIG ILLEGAL REQUEST asc=0x24 ascq=0x00 
acd1: FAILURE - MODE_SENSE_BIG ILLEGAL REQUEST asc=0x24 ascq=0x00 


Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0xbf8fdec0
fault code  = supervisor write, protection violation
instruction pointer = 0x20:0xc04f8f15
stack pointer   = 0x28:0xe53dfc28
frame pointer   = 0x28:0xe53dfc5c
code segment= base 0x0, limit 0xf, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags= interrupt enabled, resume, IOPL = 0
current process = 33 (irq15: ata1)
trap number = 12
panic: page fault
Uptime: 21h0m51s
Dumping 2046 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 2047MB (523824 pages) 2031 2015 1999 1983 1967 1951 1935
1919 1903 1887 1871 1855 1839 1823 1807 1791 1775 1759 1743 1727 1711
1695 1679 1663 1647 1631 1615 1599 1583 1567 1551 1535 1519 1503 1487
1471 1455 1439 1423 1407 1391 1375 1359 1343 1327 1311 1295 1279 1263
1247 1231 1215 1199 1183 1167 1151 1135 1119 1103 1087 1071 1055 1039
1023 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767
751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479
463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191
175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) backtrace
#0  doadump () at pcpu.h:165
#1  0xc070b56c in boot (howto=260)
at /usr/src/sys/kern/kern_shutdown.c:409 #2  0xc070b8b9 in panic
(fmt=0xc09ed023 "%s") at /usr/src/sys/kern/kern_shutdown.c:565 #3
0xc098b89c in trap_fatal (frame=0xe53dfbe8, eva=0)
at /usr/src/sys/i386/i386/trap.c:837 #4  0xc098b572 in trap_pfault
(frame=0xe53dfbe8, usermode=0, eva=3213876928)
at /usr/src/sys/i386/i386/trap.c:745 #5  0xc098b10d in trap (frame=
{tf_fs = 8, tf_es = -448987096, tf_ds = -1063714776, tf_edi =
-1081090368, tf_esi = -963745280, tf_ebp = -448922532, tf_isp =
-448922604, tf_ebx = 368, tf_edx = 368, tf_ecx = 9, tf_eax =
-1081090368, tf_trapno = 12, tf_err = 3, tf_eip = -1068527851, tf_cs =
32, tf_eflags = 66118, tf_esp = -963841088, tf_ss = 1})
at /usr/src/sys/i386/i386/trap.c:435 #6  0xc097569a in calltrap ()
at /usr/src/sys/i386/i386/exception.s:139 #7  0xc04f8f15 in
ata_pio_read (request=0xcc331b28, length=18) at cpufunc.h:229 #8
0xc04f7942 in ata_end_transaction (request=0xcc331b28)
at /usr/src/sys/dev/ata/ata-lowlevel.c:402 #9  0xc04e1af9 in
ata_interrupt (data=0xc68e6a00) at /usr/src/sys/dev/ata/ata-all.c:341
#10 0xc06f07f8 in ithread_execute_handlers (p=0xc6901860,
ie=0xc67a1580) at /usr/src/sys/kern/kern_intr.c:682 #11 0xc06f0966 in
ithread_loop (arg=0xc691e380) at /usr/src/sys/kern/kern_intr.c:765 #12
0xc06ef26f in fork_exit (callout=0xc06f08f0 ,
arg=0xbf8fdec0, frame=0xbf8fdec0) at /usr/src/sys/kern/kern_fork.c:821
#13 0xc09756fc in fork_trampoline ()
at /usr/src/sys/i386/i386/exception.s:208 
(kgdb)

If anything else is required of me, I would be happy to provide it.

Robert
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Lenovo X60 em workaround

2007-04-17 Thread Henrik Brix Andersen 
Hi Jack,

On Sat, Jan 20, 2007 at 02:35:17PM -0800, Jack Vogel wrote:
>  saying its known to be a problem doesnt mean its cause is known :)
>  They discovered that setting this eliminated the problem, but we
>  immediately pointed out that this is, as you pointed out, a Bad
>  Thing on other hardware, so the investigation continues, there is
>  always a communication lag on these kind of things, so I dont know
>  if it has been resolved yet or not.

I can confirm this patch solves the latency problem with em(4) on my
IBM/Lenovo ThinkPad X60s.

Any news about a proper solution to this issue?

Regards,
Brix
-- 
Henrik Brix Andersen <[EMAIL PROTECTED]>


pgpycVejfgBuZ.pgp
Description: PGP signature

Re: Lenovo X60 em workaround

2007-04-17 Thread Henrik Brix Andersen 
Hi,

On Mon, Jan 22, 2007 at 10:30:48AM -0800, Jack Vogel wrote:
>  Acknowledge... I can do better than that, I have a fix for this problem, and
>  its not temporary. Here is the code change (not a patch, I'm very busy),
>  its in hardware_init, should be obvious how to patch:
> 
>/* Make sure we have a good EEPROM before we read from it */
> if (e1000_validate_nvm_checksum(&adapter->hw) < 0) {
> /*
> ** Some PCI-E parts fail the first check due to
> ** the link being in sleep state, call it again,
> ** if it fails a second time its a real issue.
> */
> if (e1000_validate_nvm_checksum(&adapter->hw) < 0) {
> device_printf(dev,
> "The EEPROM Checksum Is Not Valid\n");
> return (EIO);
> }
> }
> 
>  This is already checked into my code base at Intel, I've just been too
>  busy to do anything with it, be my guest if you wish to check it in after
>  testing...

I can confirm that the above patch fixes the frequent initialization
problems with em(4) on my IBM/Lenovo ThinkPad X60s. Without the patch,
I often see the following on boot when there is no link on the em(4)
interface:

Apr 17 22:05:12 lothlorien kernel: em0: The EEPROM Checksum Is Not Valid
Apr 17 22:05:12 lothlorien kernel: em0: Unable to initialize the hardware

With the patch, I can not reproduce the invalid checksum errors - the
second call to e1000_validate_nvm_checksum() succeeds.

Any chance of this patch hitting CURRENT anytime soon? :)

Regards,
Brix
-- 
Henrik Brix Andersen <[EMAIL PROTECTED]>


pgp4LeHzR3WOj.pgp
Description: PGP signature

Re: tproxy on freebsd

2007-04-17 Thread jonathan michaels 
alexander,

list, sorry for posting to list, i tried to post to advertised mail
address and my post bounced as "user unknown". so i try here.

On Tue, Apr 17, 2007 at 09:29:21PM +0400, Alexander Kuprijanov wrote:
> ÷ ÓÏÏÂÝÅÎÉÉ ÏÔ Tuesday 17 April 2007 11:17:05 zen ÎÁÐÉÓÁÌ(Á):

> I use transparent proxy on my home wi-fi network, and on work (ethernet lan) 
> with pf+proxy on FreeBSD gateways without any problems... earlier I used 
> ipfilter+proxy (for transparent proxing) also without problems.
> 
> I can share my config (pf+proxy) if you need

i don't have a problem with this but i am going to be setting up a
similar setup and would appreciate the help a working setup would
provide.

sorry for my poor english and typing .. i am disabled.

kind regards

jonathan

-- 

powered by ..
QNX, OS9 and freeBSD  --  http://caamora com au/operating system
 === appropriate solution in an inappropriate world === 
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: tproxy on freebsd

2007-04-17 Thread zen 

jonathan michaels wrote:


alexander,

list, sorry for posting to list, i tried to post to advertised mail
address and my post bounced as "user unknown". so i try here.

On Tue, Apr 17, 2007 at 09:29:21PM +0400, Alexander Kuprijanov wrote:
 


÷ ÓÏÏÂÝÅÎÉÉ ÏÔ Tuesday 17 April 2007 11:17:05 zen ÎÁÐÉÓÁÌ(Á):
   



 

I use transparent proxy on my home wi-fi network, and on work (ethernet lan) 
with pf+proxy on FreeBSD gateways without any problems... earlier I used 
ipfilter+proxy (for transparent proxing) also without problems.


I can share my config (pf+proxy) if you need
   



i don't have a problem with this but i am going to be setting up a
similar setup and would appreciate the help a working setup would
provide.

sorry for my poor english and typing .. i am disabled.

kind regards

jonathan

 

any help will be appreciated, i could use a sample configuration file 
regarding this problem.

FYI i already running transparent proxy with ipf+ipnat,:

rdr nve0 0.0.0.0/0 port 80 -> 122.x.x.x port 3128 tcp

but with that configuration, still the proxy ip address that visible 
when my client using the proxy.

is it me or just i cant achieve that with FreeBSD?
because i hate to switch to other OS only because of this.

anyway this what i found in the net, but only work on linux

http://www.sanog.org/resources/sanog4-devdas-transproxy.pdf

TIA

Zen
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Lenovo X60 em workaround

2007-04-17 Thread Jack Vogel 

On 4/17/07, Henrik Brix Andersen <[EMAIL PROTECTED]> wrote:

Hi,

On Mon, Jan 22, 2007 at 10:30:48AM -0800, Jack Vogel wrote:
>  Acknowledge... I can do better than that, I have a fix for this problem, and
>  its not temporary. Here is the code change (not a patch, I'm very busy),
>  its in hardware_init, should be obvious how to patch:
>
>/* Make sure we have a good EEPROM before we read from it */
> if (e1000_validate_nvm_checksum(&adapter->hw) < 0) {
> /*
> ** Some PCI-E parts fail the first check due to
> ** the link being in sleep state, call it again,
> ** if it fails a second time its a real issue.
> */
> if (e1000_validate_nvm_checksum(&adapter->hw) < 0) {
> device_printf(dev,
> "The EEPROM Checksum Is Not Valid\n");
> return (EIO);
> }
> }
>
>  This is already checked into my code base at Intel, I've just been too
>  busy to do anything with it, be my guest if you wish to check it in after
>  testing...

I can confirm that the above patch fixes the frequent initialization
problems with em(4) on my IBM/Lenovo ThinkPad X60s. Without the patch,
I often see the following on boot when there is no link on the em(4)
interface:

Apr 17 22:05:12 lothlorien kernel: em0: The EEPROM Checksum Is Not Valid
Apr 17 22:05:12 lothlorien kernel: em0: Unable to initialize the hardware

With the patch, I can not reproduce the invalid checksum errors - the
second call to e1000_validate_nvm_checksum() succeeds.

Any chance of this patch hitting CURRENT anytime soon? :)


Yes, the reason I have been delaying is that I need to merge the
latest driver I've released from Intel into CURRENT, and this is going
to be a sizeable task, we have a new shared code base that is more
modular than before, it means each family of NIC now gets a seperate
file and functions, with function pointers that are set up at runtime.

All new drivers, Windows, Linux, and FreeBSD are using this code,
its going to be a bit of work to make sure that CURRENT loses no
fixes in this merge, I also had another project internally that needed
my cycles, but starting tomorrow I will begin the task, I would hope
to get something checked in by the weekend.

Anyone that wishes to see the new driver structure can download
it now from the Intel site, downloadfinder.intel.com, its driver version
6.3.9.

Cheers,

Jack
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: tproxy on freebsd

2007-04-17 Thread jonathan michaels 
On Wed, Apr 18, 2007 at 08:35:16AM +0700, zen wrote:
> jonathan michaels wrote:
> 
> >alexander,
> >
> >list, sorry for posting to list, i tried to post to advertised mail
> >address and my post bounced as "user unknown". so i try here.
> >
> >On Tue, Apr 17, 2007 at 09:29:21PM +0400, Alexander Kuprijanov wrote:
> >  
> >
> >>÷ ÓÏÏÂÝÅÎÉÉ ÏÔ Tuesday 17 April 2007 11:17:05 zen ÎÁÐÉÓÁÌ(Á):
> >>
> >>
> >
> >  
> >
> >>I use transparent proxy on my home wi-fi network, and on work (ethernet 
> >>lan) 
> >>with pf+proxy on FreeBSD gateways without any problems... earlier I used 
> >>ipfilter+proxy (for transparent proxing) also without problems.
> >>
> >>I can share my config (pf+proxy) if you need
> >>
> >>
> >
> >i don't have a problem with this but i am going to be setting up a
> >similar setup and would appreciate the help a working setup would
> >provide.
> >
> >sorry for my poor english and typing .. i am disabled.
> >
> >kind regards
> >
> >jonathan
> >
> >  
> >
> any help will be appreciated, i could use a sample configuration file 
> regarding this problem.
> FYI i already running transparent proxy with ipf+ipnat,:
> 
> rdr nve0 0.0.0.0/0 port 80 -> 122.x.x.x port 3128 tcp
> 
> but with that configuration, still the proxy ip address that visible 
> when my client using the proxy.
> is it me or just i cant achieve that with FreeBSD?
> because i hate to switch to other OS only because of this.
> 
> anyway this what i found in the net, but only work on linux
> 
> http://www.sanog.org/resources/sanog4-devdas-transproxy.pdf

sorry my internet (web browser machine/webbrowser is offline) access is
broken at moment .. i use lynx on a 486dx50, its 20 years old.

will this work on centos v4 and/or debian v3.4 ??? i am setting up a
compaq proliant 5500r as the network backbone, multi boot (freebsd v6,
debian v3.4 and ms window 2003 server/professional). this is my fall
back stratagy.

much thanks and most kind regards

jonathan

-- 

powered by ..
QNX, OS9 and freeBSD  --  http://caamora com au/operating system
 === appropriate solution in an inappropriate world === 
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: tproxy on freebsd

2007-04-17 Thread zen 

jonathan michaels wrote:


On Wed, Apr 18, 2007 at 08:35:16AM +0700, zen wrote:
 


jonathan michaels wrote:

   


alexander,

list, sorry for posting to list, i tried to post to advertised mail
address and my post bounced as "user unknown". so i try here.

On Tue, Apr 17, 2007 at 09:29:21PM +0400, Alexander Kuprijanov wrote:


 


÷ ÓÏÏÂÝÅÎÉÉ ÏÔ Tuesday 17 April 2007 11:17:05 zen ÎÁÐÉÓÁÌ(Á):
  

   




 

I use transparent proxy on my home wi-fi network, and on work (ethernet lan) 
with pf+proxy on FreeBSD gateways without any problems... earlier I used 
ipfilter+proxy (for transparent proxing) also without problems.


I can share my config (pf+proxy) if you need
  

   


i don't have a problem with this but i am going to be setting up a
similar setup and would appreciate the help a working setup would
provide.

sorry for my poor english and typing .. i am disabled.

kind regards

jonathan



 

any help will be appreciated, i could use a sample configuration file 
regarding this problem.

FYI i already running transparent proxy with ipf+ipnat,:

rdr nve0 0.0.0.0/0 port 80 -> 122.x.x.x port 3128 tcp

but with that configuration, still the proxy ip address that visible 
when my client using the proxy.

is it me or just i cant achieve that with FreeBSD?
because i hate to switch to other OS only because of this.

anyway this what i found in the net, but only work on linux

http://www.sanog.org/resources/sanog4-devdas-transproxy.pdf
   



sorry my internet (web browser machine/webbrowser is offline) access is
broken at moment .. i use lynx on a 486dx50, its 20 years old.

will this work on centos v4 and/or debian v3.4 ??? i am setting up a
compaq proliant 5500r as the network backbone, multi boot (freebsd v6,
debian v3.4 and ms window 2003 server/professional). this is my fall
back stratagy.

much thanks and most kind regards

jonathan

 


i think so, it work on most of linux machine depend on your linux kernel.
here is the patch for the kernel :
http://www.balabit.com/downloads/tproxy/
but if i cand choose linux or FreeBSD i preferred FreeBSD ( i'm a 
FreeBSD die hard user).
that's why i ask the people here, maybe they have solutions regarding 
this problems.


TIA

Zen
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: K3B crashes kernel

2007-04-17 Thread Ganbold 

Robert Marella wrote:

Good Afternoon

I have two systems running 6 stable that K3B is crashing the kernel.
All ports are up to date as of today. I have searched the archives and
google and the only the only reference is in current and looks exactly
like my problem.

http://lists.freebsd.org/pipermail/freebsd-current/2007-April/070753.html
  


I experienced similar problem with updated k3b on recent RELENG_6 (March 
31 2007).

Whenever I run k3b my system hangs and nothing works and I had
to press power button to turn off and turn on.
I have updated kdelibs, but problem still the same.

Ganbold



This dump will happen every time by just starting K3B.

FreeBSD p4.konav201.local 6.2-STABLE FreeBSD 6.2-STABLE #3: 
Mon Apr  9 18:51:25 HST 2007

[EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC  i386

I am not an expert with the debugging feature but here is what I have.

[EMAIL PROTECTED] /usr/obj/usr/src/sys/GENERIC> sudo kgdb
kernel.debug /data/crash/vmcore.5 Password:
kgdb: kvm_nlist(_stopped_cpus): 
kgdb: kvm_nlist(_stoppcbs): 
[GDB will not be able to debug user-mode

threads: /usr/lib/libthread_db.so: Undefined symbol
"ps_pglobal_lookup"] GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free
Software Foundation, Inc. GDB is free software, covered by the GNU
General Public License, and you are welcome to change it and/or
distribute copies of it under certain conditions. Type "show copying"
to see the conditions. There is absolutely no warranty for GDB.  Type
"show warranty" for details. This GDB was configured as
"i386-marcel-freebsd".

Unread portion of the kernel message buffer:
acd1: FAILURE - MODE_SENSE_BIG ILLEGAL REQUEST asc=0x24 ascq=0x00 
acd1: FAILURE - MODE_SENSE_BIG ILLEGAL REQUEST asc=0x24 ascq=0x00 
acd1: FAILURE - MODE_SENSE_BIG ILLEGAL REQUEST asc=0x24 ascq=0x00 
acd1: FAILURE - MODE_SENSE_BIG ILLEGAL REQUEST asc=0x24 ascq=0x00 



Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0xbf8fdec0
fault code  = supervisor write, protection violation
instruction pointer = 0x20:0xc04f8f15
stack pointer   = 0x28:0xe53dfc28
frame pointer   = 0x28:0xe53dfc5c
code segment= base 0x0, limit 0xf, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags= interrupt enabled, resume, IOPL = 0
current process = 33 (irq15: ata1)
trap number = 12
panic: page fault
Uptime: 21h0m51s
Dumping 2046 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 2047MB (523824 pages) 2031 2015 1999 1983 1967 1951 1935
1919 1903 1887 1871 1855 1839 1823 1807 1791 1775 1759 1743 1727 1711
1695 1679 1663 1647 1631 1615 1599 1583 1567 1551 1535 1519 1503 1487
1471 1455 1439 1423 1407 1391 1375 1359 1343 1327 1311 1295 1279 1263
1247 1231 1215 1199 1183 1167 1151 1135 1119 1103 1087 1071 1055 1039
1023 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767
751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479
463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191
175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) backtrace
#0  doadump () at pcpu.h:165
#1  0xc070b56c in boot (howto=260)
at /usr/src/sys/kern/kern_shutdown.c:409 #2  0xc070b8b9 in panic
(fmt=0xc09ed023 "%s") at /usr/src/sys/kern/kern_shutdown.c:565 #3
0xc098b89c in trap_fatal (frame=0xe53dfbe8, eva=0)
at /usr/src/sys/i386/i386/trap.c:837 #4  0xc098b572 in trap_pfault
(frame=0xe53dfbe8, usermode=0, eva=3213876928)
at /usr/src/sys/i386/i386/trap.c:745 #5  0xc098b10d in trap (frame=
{tf_fs = 8, tf_es = -448987096, tf_ds = -1063714776, tf_edi =
-1081090368, tf_esi = -963745280, tf_ebp = -448922532, tf_isp =
-448922604, tf_ebx = 368, tf_edx = 368, tf_ecx = 9, tf_eax =
-1081090368, tf_trapno = 12, tf_err = 3, tf_eip = -1068527851, tf_cs =
32, tf_eflags = 66118, tf_esp = -963841088, tf_ss = 1})
at /usr/src/sys/i386/i386/trap.c:435 #6  0xc097569a in calltrap ()
at /usr/src/sys/i386/i386/exception.s:139 #7  0xc04f8f15 in
ata_pio_read (request=0xcc331b28, length=18) at cpufunc.h:229 #8
0xc04f7942 in ata_end_transaction (request=0xcc331b28)
at /usr/src/sys/dev/ata/ata-lowlevel.c:402 #9  0xc04e1af9 in
ata_interrupt (data=0xc68e6a00) at /usr/src/sys/dev/ata/ata-all.c:341
#10 0xc06f07f8 in ithread_execute_handlers (p=0xc6901860,
ie=0xc67a1580) at /usr/src/sys/kern/kern_intr.c:682 #11 0xc06f0966 in
ithread_loop (arg=0xc691e380) at /usr/src/sys/kern/kern_intr.c:765 #12
0xc06ef26f in fork_exit (callout=0xc06f08f0 ,
arg=0xbf8fdec0, frame=0xbf8fdec0) at /usr/src/sys/kern/kern_fork.c:821
#13 0xc09756fc in fork_trampoline ()
at /usr/src/sys/i386/i386/exception.s:208 
(kgdb)


If anything else is required of me, I would be happy to provide it.

Robert
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTE

Re: tproxy on freebsd

2007-04-17 Thread Adrian Chadd 

On 18/04/07, zen <[EMAIL PROTECTED]> wrote:


i think so, it work on most of linux machine depend on your linux kernel.
here is the patch for the kernel :
http://www.balabit.com/downloads/tproxy/
but if i cand choose linux or FreeBSD i preferred FreeBSD ( i'm a
FreeBSD die hard user).
that's why i ask the people here, maybe they have solutions regarding
this problems.


A little birdie has told me that this mode of transparent
client-spoofing is possible with FreeBSD with a little kernel hackery
(much less than whats needed for TPROXY.)

Maybe someone who "knows" the code better than I could comment on how
difficult it'd be to add in functionality to FreeBSD to spoof the
local IP of a connected socket for outbound connections. This of
course assumes symmetric traffic flows but thats already a given in a
setup like this.


Adrian

--
Adrian Chadd - [EMAIL PROTECTED]
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: panic: spin lock held too long

2007-04-17 Thread Maxim Konovalov 
More info:

db> show pcpu
cpuid= 0
curthread= 0xceb11c00: pid 56619 "chmod"
curpcb   = 0xebd33d90
fpcurthread  = none
idlethread   = 0xc92c9a80: pid 13 "idle: cpu0"
APIC ID  = 0
currentldt   = 0x50
spin locks held:
db> show locks
exclusive sleep mutex pmap r = 0 (0xc0a83880) locked @
/usr/src/sys/i386/i386/pmap.c:1577
exclusive sleep mutex vm page queue mutex r = 0 (0xc0a5dc80) locked @
/usr/src/sys/i386/i386/pmap.c:1575
exclusive sx user map r = 0 (0xc1068404) locked @
/usr/src/sys/vm/vm_kern.c:466
db>
  pid  ppid  pgrp   uid   state   wmesg wchancmd
56619 86677 11094 0  R   CPU 0   chmod
41930   763   763  5002  R   cvsupd
36987   763   763  5002  R   CPU 2   cvsupd
86677 11122 11094 0  S   wait 0xc9c44430 find
11122 11096 11094 0  S   wait 0xc9c45000 sh
...

db> trace 56619
Tracing pid 56619 tid 100190 td 0xceb11c00
kdb_enter(c0937792) at kdb_enter+0x2b
siointr1(c9448c00,c0a6ade0,0,c093759e,56e,...) at siointr1+0xd5
siointr(c9448c00) at siointr+0x21
intr_execute_handlers(c92bf4c8,ebd33aa4,4,ebd33aec,c087b853,...) at
intr_execute_handlers+0xe1
lapic_handle_intr(3a) at lapic_handle_intr+0x2e
Xapic_isr1() at Xapic_isr1+0x33
--- interrupt, eip = 0xc06a9714, esp = 0xebd33ae8, ebp = 0xebd33aec ---
stop_cpus(e,c093c45b) at stop_cpus+0x3c
cpu_reset(f4240,c09158a5,ebd33b48,c068a863,0,...) at cpu_reset+0x35
shutdown_reset(0,104,c92ab00c,0,c09156e5,...) at shutdown_reset+0x1c
boot(104,104,ceb11c00,3938700,c0a07bc0,...) at boot+0x55b
panic(c0914b59,c0a07bc0,c9ff2300,c0914b30,c0918a17,...) at panic+0x175
_mtx_lock_spin(c0a07bc0,ceb11c00,0,c093ad3f,3f8) at _mtx_lock_spin+0xa9
_mtx_lock_spin_flags(c0a07bc0,0,c093ad3f,3f8,e65e8000,...) at 
_mtx_lock_spin_flags+0xb6
smp_tlb_shootdown(f4,e65e8000,0) at smp_tlb_shootdown+0x3e
smp_invlpg(e65e8000) at smp_invlpg+0x1b
pmap_invalidate_page(c0a83880,e65e8000) at pmap_invalidate_page+0x32
pmap_remove_pte(c0a83880,bff997a0,e65e8000) at pmap_remove_pte+0x5d
pmap_remove(c0a83880,e65e8000,e662a000) at pmap_remove+0x114
vm_map_delete(c10683c0,e65e8000,e662a000,c10683c0,c093133c,1d2) at 
vm_map_delete+0x159
kmem_free_wakeup(c10683c0,e65e8000,41400,0,ebd33cdc,...) at 
kmem_free_wakeup+0x38
exec_free_args(ebd33cb4,e65e8000,e65e8000,e65e8055,e65e80d9,...) at 
exec_free_args+0x1e
execve(ceb11c00,ebd33d04) at execve+0x41
syscall(3b,3b,3b,0,0,...) at syscall+0x22f
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (0, FreeBSD ELF32, nosys), eip = 0x2804db38, esp =
0xbfbfee08, ebp = 0 ---

db> show locks 56619
exclusive sleep mutex pmap r = 0 (0xc0a83880) locked @
/usr/src/sys/i386/i386/pmap.c:1577
exclusive sleep mutex vm page queue mutex r = 0 (0xc0a5dc80) locked @
/usr/src/sys/i386/i386/pmap.c:1575

db> trace 36987
Tracing pid 36987 tid 100125 td 0xc9ff2300
ipi_nmi_handler(c0a09120,0,0,6a0,c9ff0c90,...) at ipi_nmi_handler+0x5b
trap(c0008,28,e4230028,e4238000,e4238000,...) at trap+0x3d
calltrap() at calltrap+0x5
--- trap 0x13, eip = 0xc0887916, esp = 0xebc93680, ebp = 0xebc93684
---
smp_tlb_shootdown(f5,e4238000,e4239000) at smp_tlb_shootdown+0x72
smp_invlpg_range(e4238000,e4239000) at smp_invlpg_range+0x1c
pmap_invalidate_range(c0a83880,e4238000,e4239000,c23406c0,ebc936ec,...)
at pmap_invalidate_range+0x47
pmap_qremove(e4238000,1,0,e423a000,0,...) at pmap_qremove+0x3d
vm_hold_free_pages(dd41a4a0,e4238000,e423a000) at
vm_hold_free_pages+0xba
allocbuf(dd41a4a0,0) at allocbuf+0x16e
getnewbuf(0,0,2000,1) at getnewbuf+0x371
getblk(ccb79770,0,0,2000,0,...) at getblk+0x397
breadn(ccb79770,0,0,2000,0,...) at breadn+0x31
bread(ccb79770,0,0,2000,0,ebc93818) at bread+0x20
ffs_blkatoff(ccb79770,0,0,0,ebc93884) at ffs_blkatoff+0x9e
ufs_lookup(ebc93924) at ufs_lookup+0x2cd
VOP_CACHEDLOOKUP_APV(c09cf4a0,ebc93924) at VOP_CACHEDLOOKUP_APV+0x7e
vfs_cache_lookup(ebc939c4) at vfs_cache_lookup+0xb2
VOP_LOOKUP_APV(c09cf4a0,ebc939c4) at VOP_LOOKUP_APV+0x87
lookup(ebc93bcc) at lookup+0x490
namei(ebc93bcc) at namei+0x376
vn_open_cred(ebc93bcc,ebc93ccc,0,c9c30380,5,...) at vn_open_cred+0x277
vn_open(ebc93bcc,ebc93ccc,0,5) at vn_open+0x1e
kern_open(c9ff2300,8270898,0,1,0,...) at kern_open+0xb6
open(c9ff2300,ebc93d04) at open+0x1a
syscall(3b,3b,81e003b,bfbfedc8,bfbfed94,...) at syscall+0x22f
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (5, FreeBSD ELF32, open), eip = 0x281a1aef, esp =
0x81e2980, ebp = 0x81e29cc ---

db> show locks 36987
exclusive sleep mutex vm object (kernel object) r = 0 (0xc0a5dae0)
locked @ /usr/src/sys/kern/vfs_bio.c:3573


On Tue, 10 Apr 2007, 10:43+0400, Maxim Konovalov wrote:

> Hi,
>
> A week old -stable panic trace inlined below.  The kernel config file
> is SMP + KDB/DDB options.  Any help to debug futher is appreciated.
>
> Unread portion of the kernel message buffer:
> spin lock smp rendezvous held by 0xca78ed80 for > 5 seconds
> panic: spin lock held too long
> cpuid = 2
> Uptime: 14h25m47s
> Dumping 3967 MB (3 chunks)
>   chunk 0: 1MB (159 pages) ... ok

can't jump to superuser after buildwerld

2007-04-17 Thread KAYVEN RIESE 


okay.  i am getting a serious stomach ache.  i am looking at this page:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html

and my head is spinning.  i don't feel good.  i am halfway thru doing
something or other sorta the wrong way.  right now i got a prompt.. i
am running xfce4, but i can't jump to superuser.  i push the button
and the laptop shuts down when i want it to.  the thing is when
i did mergemaster -p i got into big problems i don't understand why.
this guy told me how to do vipw like this:

TeRReF:
In single user mode:

mount -a
/usr/sbin/vipw

then use this inside vipw:

:wq

That should do it...

that helped a lot.. umm.. i felt stupid i guess.  i have been using vi for 
20 years.. but still.. i really needed this.  i feel i need something like

this for mergemaster - p or whatever step i should start from.  i am
sorry for being so stupid.

On Thu, 5 Apr 2007, [EMAIL PROTECTED] wrote:



i am still trying to follow the below instructions.  haven't done so yet,
going away for the weekend.





// change to root
$ su -
// remove /usr/obj to speed up the build
# cd /usr/obj && chflags -R noschg * && rm -rf *


didn't do this.. but i guess that shouldn't matter.


// Build a new world
# cd /usr/src
# make -j4 buildworld
// build a new kernel (do not put any job options for this build)


didn't use "-j4" but otherwise i believe we did this.


# make buildkernel
// install the new kernel


gheist seemed to be aware of this and had an opinion about not
needing it.


# make installkernel
// reboot to single user mode (boot -s from the loader prompt)
# shutdown -r now



did this.


// After reboot
// check + mount all filesystems
# fsck -p


did this


# mount -u /
# mount -a -t ufs


did merely "mount -a"


# swapon -a
// prepare /etc for the world install


didn't do this.


# mergemaster -p
// install the new world


this step is where all hell broke loose.  i got this strange question
that i didn't know how to respond to.  my prompt changed.  it felt
like things went seriously wrong here.




# cd /usr/src ; make installworld
// run mergemaster again
# mergemaster
// reboot to an updated system
# shutdown -r now

All these instructions are in the handbook.

Cheers

Tom

[1] http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html
[2]
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html







___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"