Re: sshd & pam & getpwnam()

ob' you are authenticated, but your REAL username should be 'id02345'". Sort of a username substitution. I've had to patch the stock FTP server and c-client to do this exact thing on our servers at work. Nick Rogness <[EMAIL PROTECT

Re: Where is FreeBSD going?

On Wed, 7 Jan 2004, Ryan Sommers wrote: > On Wed, 2004-01-07 at 20:29, Nick Rogness wrote: > > 1) Allow for paid development for a specific bug/feature > > > > - Setup some program that allows users like myself to pay for a > > developers time to fix a s

Re: Where is FreeBSD going?

reeBSD Con promotion-flyers,website logos, news articles. I could go on for hours about trivial things I'm sure people would contribute. Just a couple of thoughts for bringing in new volunteers and keep the old ones happy. -- Nick Rogness <[EMAIL PROTECTED]>

Re: Changing the NAT IP on demand?

On Sun, 5 Oct 2003, Wes Peters wrote: > On Sunday 05 October 2003 01:02 am, Nick Rogness wrote: > > On Sat, 4 Oct 2003, Leo Bicknell wrote: > > > I'm considering options for a new project, and I think I've > > > discovered what I think is the best idea, but

Re: Changing the NAT IP on demand?

the Internet to X.X.X.X. However, if you are going to go through this type of trouble, you might as well just route peer with the ISPs via BGP or whatnot. Nick Rogness <[EMAIL PROTECTED]> - How many people here have telekenetic powers? Raise my hand.

Re: Filesystem corruption

On Sat, 9 Nov 2002, Poul-Henning Kamp wrote: > In message <[EMAIL PROTECTED]>, Larry Sica wri > tes: > >-BEGIN PGP SIGNED MESSAGE- > >Hash: SHA1 > > > >Not sure if hackers is the correct place to ask about this but... > > > >On Friday, N

Filesystem corruption

/dev/idad2s1e: Invalid argument: [sector -1245853408]: count=512 DUMP: DUMP: read error from /dev/idad2s1e: Invalid argument: [sector -1245853407]: count=512 read error from /dev/idad2s1e: Invalid argument: [block -1245853394]: count=5120 Nick Rogness <[EMAIL PROTECTED]> - "Wouldn

Re: gif(4) tunnel through MSN DSL modem

only allow traffic from certain private IP's and/or not allow packets with it's public address in/out via it's private interface. Nick Rogness <[EMAIL PROTECTED]> - Don't mind me...I'm just sniffing your packets To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message

Re: gif(4) tunnel through MSN DSL modem

My best guess would be that the modem is doing some anti-spoofing between it's interfaces to prevent packets coming from the inside having it's outside IP. You will be able to tell if NO ipencap packets are received on the remote BSD machine. On the other hand, If you are receiving these ipencap packets on the remote side, something else is going on (like nat interrupting). Nick Rogness <[EMAIL PROTECTED]> - Don't mind me...I'm just sniffing your packets To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message

Re: Meet fish (read on)

I'm specially interested > in knowing what the community feeling about this tool is, is it useful > or do you thing is a waste of time to code such tool? What about going > one step further and add something like the admin tool in Solaris? Why make it in gtk only? I would

Re: natd ignores "natd_flags"?

On Mon, 10 Dec 2001, Mike D wrote: > > [I think this question should be redirected to -questions or -net, but > > anyway...] -Moved to questions. Nick Rogness <[EMAIL PROTECTED]> - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!"

New PAM module question

ore setting them up? Or is there a better way...? ANy help would be greatly appreciated. Nick Rogness <[EMAIL PROTECTED]> - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message

Re: Nat through two DSL

On Fri, 7 Dec 2001, Nick Rogness wrote: > On Fri, 7 Dec 2001, Lars Eggert wrote: > > > rick norman wrote: > > > > > What would be nice would be to load balance on a per connection > > > basis, not a per packet basis, between the two modems. > > >

Re: Nat through two DSL

symmetrical load balancing. I would be interested to see some measurements to see how this works for people. PS. I don't know if the above will work, but the firewall rules seem to imply it wouldhaven't tested it though. Nick Rogness <[EMAIL PROTECTED]> - Keep o

Re: Nat through two DSL

On Fri, 7 Dec 2001, Lars Eggert wrote: > Nick Rogness wrote: > > > Load sharing is not possible on a per packet basis when running > > NAT on the outside interfaces. The source address for each packet > > will be different. > > > What prevents yo

Re: Nat through two DSL

(which does policy based forwarding) and the ipfw probability work done by Luigi. man ipfw for more info. As far as redundancy, there are a couple of options. BOth will not be easy with your setup. Nick Rogness <[EMAIL PROTECTED]> - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message

Driver help

The company I work for is willing to pay for someone to write a Compaq Fibe Channel driver for FreeBSD. Please write me personally if you are interested. Nick Rogness <[EMAIL PROTECTED]> - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscri

Re: DSL connectivity & ISDN backup

On Thu, 9 Aug 2001, Eric Masson wrote: Answered on -questions... Nick Rogness <[EMAIL PROTECTED]> - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message

Re: /etc/rc.network and natd_enable

On Fri, 4 May 2001, Nick Rogness wrote: > On Fri, 4 May 2001, Ruslan Ermilov wrote: > > > > > Damn! And if someone enters an IP as natd_interface...does the > firewall rules error out? (haven't tried it but looks as if it > would)

Re: /etc/rc.network and natd_enable

On Fri, 4 May 2001, Ruslan Ermilov wrote: > On Thu, May 03, 2001 at 05:17:17PM -0500, Nick Rogness wrote: > > In > 4.2-STABLE, /etc/rc.network has entries to turn on natd. However, > natd > does not get enabled if you don't specify natd_interface. > WHat if you yo

/etc/rc.network and natd_enable

fi fi It would allow for people to not specify a natd_interface but still be able to run natd out of rc.conf. What does everyone think of this? I guess you pay the penalty if someone doesn't setup the flags properly but I guess you could write that off as a config error anyways. Ni

Re: ipfw routing/netmask problem

On Mon, 30 Apr 2001, John Wilson wrote: Moved to -net. Nick Rogness <[EMAIL PROTECTED]> - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message

Re: ipfw routing/netmask problem

27;s to play with, and leaves the 90.91.92.4/30 and 90.91.92.8/29 subnet's to play with. Add the routes in the router to route the subnets to your BSD machine's IP. Make natd translations accordingly if you decide to run private address space for your DMZ, if

natd divert injecting clarifications

could get out of divert(4) and some of the natd source. Bare with me...I'm a novice programmer. Is this correct? Nick Rogness <[EMAIL PROTECTED]> - Keep on routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to [EMAIL PROTECTED] with &q

Re: multiple IP addresses in /etc/hosts

FAIK, not with /etc/hosts. You could do round-robin DNS with named but it will never be 100% of what you want to do. DNS does not keep track of which hosts are dead or alive. Nick Rogness <[EMAIL PROTECTED]> - Keep on routing in a Free World... "FreeBSD: The Power to Ser

Re: building boot floppies set

http://www.freebsd.org For your particular question, the doc can be found at: http://www.freebsd.org/handbook/install-guide.html#INSTALL-FLOPPIES For future reference, questions like these should be sent to: [EMAIL PROTECTED] Best of Luck! Nick Rogness - K

Re: echo request deny

ck any other ICMP why not use ipfw? ipfw add 1000 deny icmp from any to any in via xl0 icmptypes 8 This will still allow other icmp to work...so why not use it? Nick Rogness - Keep on routing in a Free World... "FreeBSD: The Power to Serve " To Unsubscribe: se

Re: IP Address Overtaking

and moving it to the card/software by fiddling with MAC addresses on the hosts. I guess I can see where this may be useful (trunking) but taking over the MAC could cause problems...like duplicate MAC's etc,etc. Of course, this is my opinion and I could be

Re: accessing an outside IP from inside a NAT net

any via ep0 Of course, I am making assumptions on how your network is layed out. Nick Rogness - Drive defensively. Buy a tank. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message

Re: accessing an outside IP from inside a NAT net

.10 nat. Further suggestions? > thanks, > -Ian Also 10.0.0.128 is on a subnet boundary when used with a /25 netmask and therefore can not be used. how is the network clients and servers configured on the 10.0.0 network? Nick Rogness - Drive defensively. Buy a tank.

Re: accessing an outside IP from inside a NAT net

etails. But first I need a tad more details on how your network is laid out. Are 10.0.0.129 & 10.0.0.1 bound to the same ethernet card? Nick Rogness - Drive defensively. Buy a tank. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message

Re: accessing an outside IP from inside a NAT net

rule for diverting packets on your inside interface for that web server. Nick Rogness - Drive defensively. Buy a tank. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message

Re: Help

more detail, like how Email is broken. Nick Rogness - Drive defensively. Buy a tank. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message

Re: gateway on different subnet

MAIL PROTECTED]>). I will make sure to document it though. Thanks for the reply. Nick Rogness - Drive defensively. Buy a tank. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message

Re: gateway on different subnet

t > really owns that address. > > 5. Set your default gateway to 208.59.162.1. If that doesn't work (it should), you could also look into the ipfw fwd option. I would like to know when you get it to work... Nick Rogness - Drive defensively. Buy a tank. To Unsu

Re: Routing issue with cable modem

On Fri, 20 Oct 2000, Nick Rogness wrote: Made an error in my previous statement, clarification below: > On Fri, 20 Oct 2000, Marko Ruban wrote: > > > I tried replicating my windows routing table in freebsd. > > Only one entry didn't work... (guess) > > &

Re: Routing issue with cable modem

t > >> makes no difference really. > >> Should it add default route? > > > >Normally, yes. You sort of need default route and netmask in order to > >make things work. This should happen with the stock dhclient.conf > >(which is empty). You could try to run dhclient by hand, something > >like: > > > > # killall dhclient > > # dhclient -dD ed0 > > > >Or whatever your interface is. Terminate it with Ctrl+C. You should > >get a bunch of files in /tmp, containing values received from the > >server. You may also get some interesting error messages. > > Tried "dhclient -d -D ed0" no files are written to /tmp dir. > Do you think it could be a problem with my dhclient ? > I tried using wide-dhcp client earlier, with even less success. > > Marko > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message > Nick Rogness - Drive defensively. Buy a tank. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message

Re: Frustration with SCSI system

ccd, which is why I went with a hardware solution. If you got money, get a RAID controller (supported by FreeBSD). Then you don't have the root limitation that comes with vinum. If you don't have money, use vinum. Either way, use RAID. B

Re: Maybe OT, maybe not

a place to start. See also: http://www.freebsd.org/ports/benchmarks.html for more info. Nick Rogness - Speak softly and carry a Gigabit switch. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message

Re: bridging

switch1 switch2 If int1 and int2 were part of the same collision domain, then switch1 and switch2 would also be part of the same collosion domain and visa versa. This would be pretty cool to see happen, essentially making a VLAN switch (with Layer 3

Re: bridging

ancing or clustering network solution with FreeBSD? Nick Rogness - Speak softly and carry a Gigabit switch. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message

Re: bridging

On Thu, 6 Jul 2000, Sean Lutner wrote: > > Bridges create a broadcast zone. broadcast packets will cross the bridge > unobstructed. OK. So do bridged interfaces fall within the same collision domain?... or are they just members of the same broadcast domain? Nic

Re: VPNs and FreeBSD

On Tue, 4 Jul 2000, Kris Kennaway wrote: > On Sun, 2 Jul 2000, Nick Rogness wrote: > > > On Sun, 2 Jul 2000, Stephen Hocking wrote: > > > > > Has anyone done this yet? I've just acquired this shiny new cable modem and > > > would like to have secur

Re: BPF and Promiscuous Mode

Stupid Man's Answer: I would just run on bootup: /usr/sbin/tcpdump >> /dev/null & Probaby not the answer you are looking for, but maybe it will help. Nick Rogness - Speak softly and carry a Gigabit switch. To Unsubscribe: send mail to [E

Re: VPNs and FreeBSD

Road Runner service. I have not yet implemented the IPSEC feature for security, but the basic tunneling seems to work. Nick Rogness - Speak softly and carry a Gigabit switch. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message

Re: Periodic scripts [Was: Re: /etc/security -> /etc/periodic/security?]

wd: $VAR1" Let me see you replicate that in C in less than 2 lines... Nick Rogness - Speak softly and carry a Gigabit switch. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message

2 routes/same net

that? Can you even add 2 routes to the same network? Thanks in adv. Nick Rogness - Speak softly and carry a Gigabit switch. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message

Re: routing bug(?) persists (PR 16318)

..or they don't know what they are doing. Either way, your SOL ;-) > > Windows apparently allows the configuration even without the static route to > the gateway's network, which is very odd. That's not suprising at all. Windows can also not handle a /32

Re: routing bug(?) persists (PR 16318)

On Thu, 15 Jun 2000, Marinos J . Yannikos wrote: > On Thu, Jun 15, 2000 at 11:44:14AM -0600, Nick Rogness wrote: > > > route_0="-net 195.58.161.96 -netmask 255.255.255.240 -iface vr0" > > What IP is that network reachable through? > > vr0 has only one

Re: routing bug(?) persists (PR 16318)

You CAN use this but you are relying on other things to be intact (like routes) before it works properly. Nick Rogness - Speak softly and carry a Gigabit switch. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message

Re: routing bug(?) persists (PR 16318)

On Thu, 15 Jun 2000, Marinos J . Yannikos wrote: > route_0="-net 195.58.161.96 -netmask 255.255.255.240 -iface vr0" What IP is that network reachable through? WHat does your routing table look like before this route gets added? after it gets added?

Re: routing bug(?) persists (PR 16318)

network and the gateway using gif or nos-tun. The whole question is, What are you trying to accomplish? Nick Rogness - Speak softly and carry a Gigabit switch. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message

Re: Roadrunner cable modems & FreeBSD

I can ssh,telnet, or web serve to my home machine. I am using nos-tun between several machines within this network, created a VPN between fellow employees across their FreeBSD machines...so far so good. Just don't port scan across their network or they lock

IP tunnel

doing this already, if so sample configs? Is it possible? Thanks. Nick Rogness - Speak softly and carry a Gigabit switch. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message

Bad Block scan

I thought FreeBSD had an option on install to run a bad block scan on a drive? Just installed (4.0-RELEASE) and noticed it wasn't there. Any specific reason...or maybe a reference page that explains. Thanks in advance. Nick Rogness - Speak softly and carry a Gigabit switch. To Unsubs

Upgrade from 3.3 to 4.0

Does the Upgrade option work on the 4.0-RELEASE disks if I am going from 3.3-RELEASE? Or do I want to CVSup? Thanks. Nick Rogness - Speak softly and carry a Gigabit switch. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message

Re: deX OErrs on crossed link.

plex was enabled, performance was great...at full-duplex...6kb a sec (even ftp stalls). FreeBSD 3.3-RELEASE and 3.3-STABLE...same results on both. Anyone else? **** Nick Rogness Speak softly and carry Sys

Re: natd is jumpy

ings. uuhhh, don't disable error correction for long. You might see massive problems then. But it might be useful to see if it is involved in your problem. Also, get your ISP involved. Most admins have access to debug or PPP trace tools to help y

Re: natd is jumpy

and see what times you are getting, both with NAT turned on and without. I run this setup with ISDN at home and never see delays on either diverted range (192.168.0.0/24) or my routeable subnet. Of course, I am running stable though. *******

Re: natd question

he decision on which public packets need to get diverted to which local machine. Also you can change these mappings fairly easily and your mappings will take place without ever having to change IP addresses on your local machines. Just an idea. ****

Re: natd question

that the gateway address of the machines on both sides are pointing to the corresponding FreeBSD interface IP. ******* Nick Rogness Shaw's Principle: System Administrator Build a system that e

Re: passwd and chat

can use pw(8)? Example: # echo "password" | pw usermod -n username -h 0 ******** Nick Rogness File not found... System Administrator Should I fake i