Re: Show bandwidth usage by IP address (through pf)

2009/10/7 Maxim Khitrov : > I have pf filtering traffic to our network. Is there any easy way to > see the current bandwidth usage sorted by ip? Someone is using up > almost 100% of total bandwidth and parsing "pfctl -ss -v" isn't > getting me anywhere. It's overkill and does a ton more than what

Re: CMS

Paul - I used to work with the guys at Appalachian State that did phpWebSite (I was their SA) and it worked great on FreeBSD. I can't say how well it works *now* but it ran fine as of a year ago on Apache2 + PostGreSQL. As far as a CMS or application framework went, it was a cinch. I just never cou

Re: Root exploit for FreeBSD

2009/12/10 Anton Shterenlikht : > >From my information security manager: > >        FreeBSD isn't much used within the University (I understand) and has a >        (comparatively) poor security record. Most recently, for example: > >         > http://www.h-online.com/security/news/item/Root-exploi

Re: Root exploit for FreeBSD

2009/12/10 Anton Shterenlikht : > I was just stressed after being forced by him > to explain why I wanted firewall exceptions > for two ports to my FreeBSD portscluster nodes. > I explained the reasons and that was settled. Anton, I don't know about the UK, Great Britain or England, but in US Uni

Re: Help: Looking to contact someone running FreeBSD on ESX

On Fri, Feb 25, 2011 at 12:52, Mark Felder wrote: > The ones that crash are usually our main webservers (Apache, PHP, no MySQL > locally though). We have LOTS of IPs on them and they do a ton of network > traffic, but usually don't have a super high load average (maybe .75 - 1.0 > on a normal day

Re: Installing squid, where should the directories be?

On Wed, Mar 9, 2011 at 10:27, Leslie Jensen wrote: > I'm installing squid on a new 8.2-RELEASE machine. Me too. > I have /usr/local/squid as default directory and has made a separate mount > point. Same here. As a general rule I like to give squid its own hard drive, or its own RAID. Giving it

Re: dhcpd in vmware

On Tue, Apr 5, 2011 at 08:29, xinyou yan wrote: > the dhcpd can't start in vmware : > > Here is my /usr/local/etc/hpcdd.conf Is the file named hpcdd.conf or is that a typo? > subnet 192.168.0.0 netmask 255.255.255.0 { > range 192.168.4.129 192.168.4.254; > option routers 192.168.4.1; >

Re: dhcpd in vmware

On Wed, Apr 6, 2011 at 04:12, wrote: > Kevin Wilcox wrote: > >> If you're just using the 192.168.4.129 - 254 addresses >> I would change it to >> >> subnet 192.168.4.0 netmask 255.255.255.0 > > Shouldn't that be netmask 255.255.255.128? That'

Re: Can I bridge the same subnet across a VPN?

On Tue, May 3, 2011 at 15:19, Geoff Roberts wrote: > Is it possible to join two sites with the same subnet across a VPN? Yes. > I have two sites that have the same subnet/mask. > > I need these two separated networks to behave as one across a VPN. That's understandable. You may want to conside

Re: Fw: OpenVPN Setup

On Tue, May 10, 2011 at 19:19, Bill Tillman wrote: > OK I know I saw this somewhere but it eludes me now. I have generated the keys > and certificates for the server and client on my FreeBSD server. I then copied > them over to my Windows laptop but apparently cannot find where I'm supposed > to

Re: Fw: OpenVPN Setup

On Tue, May 10, 2011 at 19:59, Bill Tillman wrote: > This is a very frustrating process but I think I'm getting there. The files > I created on the FreeBSD server which I copied over are: > >    client1.crt >    client1.csr >    client1.key > > But the windows setup appears that it wants one of t

Re: Fw: OpenVPN Setup

On Tue, May 10, 2011 at 20:09, Kevin Wilcox wrote: > On Tue, May 10, 2011 at 19:59, Bill Tillman wrote: >>    client1.crt >>    client1.csr >>    client1.key > You only need to copy the .crt and .key files, those are your key and > certificate for the client named

Re: OpenVPN Setup

On Tue, May 10, 2011 at 20:50, Frank Griffith wrote: > Anyway, I tried to start the OpenVPN server on the FreeBSD server and it > will not start. I got this message: > > # openvpn /usr/local/etc/openvpn/server.conf > Tue May 10 20:35:11 2011 OpenVPN 2.2.0 amd64-portbld-freebsd8.2 [SSL] [LZO2] > [

Re: OpenVPN Setup

On Wed, May 11, 2011 at 09:11, Bill Tillman wrote: > 2. I have my OpenVPN process running on my FreeBSD server and wish to test it > with the OpenVPN client for Windows on my laptop from an outside location. But > the only outside locations I have access to right now are the local McDonalds > and

Re: shopping for a new server

On Thu, Aug 25, 2011 at 12:45, Tim Kellers wrote: > Dell 2500 from 10 years back is soon to be very dead in the machine room at > work.  I'm thinking about replacing it with a Rack mount Dell R610  has > anyone used that and has compatibility issues or successes?  I'll be using a > RAID 5 setup a

PF and dup-to?

Hi folks, I have the following pf.conf on FreeBSD 8.1-RELEASE *and* 8.2-RELEASE === set block-policy return set skip on lo int_if=bge1 ext_if=bge0 dup_if=dc0 # NAT rule nat on $ext_if from $int_if:network to any -> ($ext_if) sticky-address # # Windows RDP redirectio

Re: mutual forwarders in ISC BIND

On Dec 28, 2011 9:26 PM, "Victor Sudakov" wrote: > And the reason for the whole thread. One of the customers told me that > 8.8.8.8 is faster than our own DNS servers which are located on the > same 100 MBit/s LAN with them. I was shocked but it seems true, at > least for the answers which are no

Re: sleepycat db VS MySQL or postgres

On 1 July 2013 16:28, Jim Pazarena wrote: > I could move to db5 or db6 OR MySQL, or even postgres. > I have no experience with the c interface for postgres or mysql, but > also, do not know how much the c interface has changed for sleepycat > 5/6 compared to the c interface for db3, which I un

Re: router / firewall with PF and carp.

On 1 October 2010 05:29, krad wrote: > In my experiance freebsd should work fine. However I would say openbsd is > probably better suited to your needs, due to its tighter security model > (auditing) Krad, I was under the impression that 'audit' from TrustedBSD is built into FreeBSD. Is there a

Re: router / firewall with PF and carp.

On 1 October 2010 10:16, Daniel Bye wrote: > On Fri, Oct 01, 2010 at 09:40:56AM -0400, Kevin Wilcox wrote: >> Krad, I was under the impression that 'audit' from TrustedBSD is built >> into FreeBSD. Is there a facility in OpenBSD that is "better" or is &g

pf + NAT + log

Hi everyone. This is probably better suited for freebsd-pf@ but I'll give it a go before spamming YAML. I'm testing NAT on FreeBSD 8.1. My setup is very simple: My workstation -> { internal network switch } -> FreeBSD 8.1routing firewall with squid 3 -> { switch going to Internet } My pf configu

Re: FreeBSD IPSec stack contains backdoors?

On 17 December 2010 10:36, Mike L wrote: > Reads like an unacceptable response to an issue that seems quite critical. Here, let me re-iterate for those that may not have a copy of what you're saying is unacceptable in front of them: o we're aware there's talk about some projects possibly having

Re: Bot?

On 5 January 2011 10:47, Jerry Bell wrote: > There could be reasons you > aren't seeing a spike, such as you're only looking at traffic processed by > the MTA, or it simply doesn't show as a material increase on a graph of > traffic on the network interface if the server is busy. Those are good

Re: Bot?

On 5 January 2011 13:25, David Brodbeck wrote: > On Wed, Jan 5, 2011 at 8:15 AM, Kevin Wilcox wrote: >> To really see what your machine is doing, consider taking a look at >> the network flows. pfflowd, netflowd, ipaudit and a host of others can >> get you flow dat

Re: FreeBSD Decision

On 14 January 2011 14:19, Tim Daneliuk wrote: > On 1/14/2011 12:46 PM, Alessandro Baggi wrote: >> Hi list, I don't want make a flame post but I would ask an objective >> opinion, then not a camp opinion, about using FreeBSD or Debian Linux in a >> production environment < snip > > IOW, your

Re: The book of pf...

On 17 January 2011 23:37, Modulok wrote: > Or perhaps someone could suggest something else? I read the examples > and basic handbook for pf, but wanted a bit more. I'm going to be > tacking a firewall project coming up and need to be well prepared. > Suggested readings appreciated. 1) Definitely

Re: The book of pf...

On 19 January 2011 02:28, Christer Solskogen wrote: > On Tue, Jan 18, 2011 at 7:35 PM, Kevin Wilcox wrote: >> 1) Definitely get the first version > Oh, why? Because Peter made mention on misc@ that the second edition was geared towards OpenBSD 4.8 and the version of pf that

Re: Managing ESXi from FreeBSD...

On 24 January 2011 13:42, Outback Dingo wrote: > loose ESucksXi and install XCP 1.0 and for management xencenter / >  openxencenter will run on FreeBSD, I wish I could recommend XCP and/or Xen to the average user but trying to install FreeBSD 8.1-amd64 in Xen, even running in HVM, doesn't come c

Re: PF firewall rules and documentation

On Mon, Jan 31, 2011 at 05:58, Da Rock wrote: > Yes. Me unfortunately, but I did manage to pick it up quite quickly though. > I had a little thief attack one of my ports and attempt login on the > firewall. I had to change it to 'block in $log on $ext_if all > block out $log on $ext_if all' to ac

Re: qmail or postfix?

On Tue, Feb 1, 2011 at 09:32, Alessandro Baggi wrote: > Hi list. Who is better, qmail or postfix? > > thanks in advance That's a loaded question. Both have advocates, just like "vi or emacs", "Linux or Nothing", "FreeBSD or OpenBSD", "OS X or Windows" and "X Window System or CLI". That said, if

Re: Apache vs. nginx

On Jul 18, 2012 5:19 AM, "Wojciech Puchar" wrote: >> >> I'm the admin for a small hobby website (Stovebolt.com - about 7 million hits/mo). We're fixin to buy a new server, and since I have to start from scratch (install FreeBSD and all the needed ports), I'm wondering if anyone on this list has s

Re: latest git ports upgrade

On Nov 29, 2012 2:27 PM, "Artifex Maximus" wrote: > BTW, why system does not know user git_daemon when git_daemon was in > passwd and master.passwd? I am using portmaster to upgrade my > installed ports. I have had this exact issue when installing postgresql via portmaster. When it fails (and it

Re: Virtualbox on Freebsd

On 4 March 2010 14:15, Paul Schmehl wrote: > I'm trying to build it from ports right now and running into all sorts of > issues with qt4 stuff. This doesn't exactly inspire confidence when it comes time for me to do my next round of updates. I remember running into an issue with qt when buildin

FreeBSD router - large scale

Hello everyone. We're in the very early stages of considering [Free|Open]BSD on commodity hardware to handle NAT *and* firewall duties for (what I consider to be) a sizable deployment. Overall bandwidth is low, only a gigabit connection, but we handle approximately fifteen thousand devices. DHCP a

Re: Add watermark to PDF

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 1 June 2010 10:15, John Almberg wrote: > I would like to add a customized footer (a stamp or watermark) to an > existing PDF, like the guys at Pragmatic Programmers do with their PDFs. I used to do something similar using the fpdf/pdftk toolkits.

Re: FreeBSD router - large scale

On 28 May 2010 07:38, Bruce Cran wrote: > This is possibly the wrong place to be saying this, but isn't OpenBSD > usually recommended for > routers? I believe the version of pf, for example, is normally kept more > up-to-date than than > in FreeBSD.  The major downside I know of is that it's not

Re: FreeBSD router - large scale

On 27 May 2010 12:12, Matthew Seaman wrote: > The hardest job I've had an OpenBSD firewall do is actually as a > mid-level firewall between a DMZ full of web servers and a back-end > database layer.  The thing to watch out for is running out of states in > PF.  It's trivial to change that in the

Re: Virtualbox Networking Issues

On 15 July 2010 17:35, Chris Maness wrote: > I am not able to ping anything.  I cannot ping the gateway or the > host.  I tried bridge, NAT, and host only. Can you provide the output of ifconfig and the contents of rc.conf from the virtual machine? (Purpose - to see if the interface exists, wha

Re: vmware and freebsd 8

On 28 July 2010 00:47, kalin m wrote: > messing around with vmware and fbsd 8... > > has anybody used vmware esxi 4 to put a bunch of fbsd machines on it? > i also installed the vmsphere client (they call it) which is pretty nice > interface to interact with the virtual machines but apparently do

Re: vmware and freebsd 8

On 28 July 2010 09:12, Steve Polyack wrote: > We've always used the open-vm-tools port > (/usr/ports/emulators/open-vm-tools-nox11).  There is both an x11 and > "nox11" version, both of which work very well.  It also includes a handful > of other drivers and modules, including the memory balloon

Re: CARP and freebsd

On 3 September 2010 10:37, gahn wrote: > Is carp a part of freebsd 8.1? or I have to download from somewhere and > install it? Everything you could want to know about CARP and FreeBSD: http://www.freebsd.org/doc/handbook/carp.html On my 8.1 box - fbsdsroute0# sysctl net.inet.carp.allow sysct

Re: Intel video Driver

On 22 September 2010 13:16, jorge espada wrote: > I need my laptop to work..so I removed freebsd 8.1 and installed gentoo so I > can't post the output of pciconf -lv, but I want freebsd...so if anyone > knows how to sort this problem please share... To resolve a combination dual-head, Nvidia, Vi