|
I challenge you BSDers to a duel. Well, not really, but nobody in #openbsd, #pf, or #freebsd could give me an answer to this question. Scenario: Server. Needs the firewall on said server to rewrite packets originating (OUTGOING) from the server. Not passing packets through interfaces. I need packets from the server itself to be rewritten. rdr inet proto tcp from self to IP -> OTHER_IP doesnt work. In Linux: iptables -A OUTPUT -t nat -d IP -j DNAT --to OTHER_IP Reason: Internal dev webserver. Going to have developers connect through a SOCKS proxy on the firewall so their traffic to our real webservers gets diverted/rewritten to our internal webserver for mucking about with webserver settings and not messing with production. This is the only way. Hosts file changes, changing DNS servers that points to internal addresses is not viable. Webservers MUST use the hostname/virtualhost or they dont function (heavy Oracle PL/SQL sites, custom site software, requires this to function). This is the only reasonable way to do it. I currently have it rigged up through a Linux box right now but I'm dying to get this answer for pf.
|
#
¿
Apr 16, 2008 04:44
|
|
|
|
| # ¿ Apr 25, 2024 13:20 |
|
|
unclefu posted:pf has binat, would that work? Tried that. It only works for traffic you're forwarding. Makes this quite an interesting problem doesnt it? Appears pf is wonderful at FORWARDING traffic but if you want to tinker with traffic from the machine the firewall runs on, it appears to be lacking in very necessary features. 
|
|
#
¿
Apr 16, 2008 15:31
|
|
|
Any ideas on how long before ZFS on FreeBSD is going to be considered stable? I'm interested in turning it on and using it on a FreeBSD NAS I have here at work... Non critical data, but would be nice to have it not disappear.
|
|
#
¿
Aug 4, 2008 17:08
|
|
|
I just updated to 7.0-RELEASE-p5 today, but I'm not a regular FBSD follower. Can someone point out to me the release notes for -p5 because I can't seem to find it anywhere. What exactly did they fix in it?  I have one outstanding bug that I would like to have fixed before 7.1 and I'm hoping it was fixed. edit: looks like it wasn't. you'd think they'd have fixed it by now. problem at hand: iSCSI performance is abysmal (~1.5MB/s). I tried patching with a patch I found on a mailing list but it didn't work. feld fucked around with this message at 15:56 on Oct 15, 2008 |
|
#
¿
Oct 15, 2008 15:46
|
|
|
EvilMoFo posted:http://www.freebsd.org/security/advisories.html That doesn't tell me exactly what was changed in p5, it only lists the history of the security advisories. I could do some guesswork by looking at the dates of things, but that doesn't answer everything such as bug fixes that aren't security issues.
|
|
#
¿
Oct 15, 2008 21:50
|
|
|
ahh, I see now. Thanks a lot guys.
|
|
#
¿
Oct 16, 2008 22:22
|
|
|
timb posted:Yea, they only have one mirror, and it's getting raped. Hard. I'd advise waiting at least a week. That explains it... Why don't they have it spread out on more mirrors?
|
|
#
¿
Jan 6, 2009 16:52
|
|
|
jnr posted:Maybe they expect most people to still use csup/cvsup. There are plenty of mirrors for that. That would only be necessary if you aren't using the generic kernel. Anyway, it worked today.
|
|
#
¿
Jan 8, 2009 18:41
|
|
|
SmirkingJack posted:I am trying to increase the number of semaphores for postgres and can not figure it out. I am running FreeBSD 6.1. In /boot/loader.conf I have 'kern.ipc.semmns=120' but when I check it after a reboot sysctl is still reporting 60. I am not even sure loader.conf is being read, even though loader.rc has both 'include /boot/loader.4th' and 'start.' I tried setting shmmax in loader.conf too, but that value didn't change either. I'm not a super BSD nerd but can't this be changed on the fly? I know you can in Linuxland and I thought these settings were modifiable on demand i most *nix OSes these days.
|
|
#
¿
Mar 6, 2009 18:13
|
|
|
8.1 has been out since 7/20. I've already upgraded a few servers. Don't see any issues so far anyway 
|
|
#
¿
Jul 23, 2010 15:52
|
|
|
As soon as the nvidia driver stabilizes I plan on moving my desktop at home and work to FreeBSD. Until then I have to wait
|
|
#
¿
Jul 24, 2010 05:56
|
|
|
Yeah, I need the amd64 driver as well. It seems Nvidia's been slacking for *nix lately.... even the Linux drivers aren't up to par anymore.
|
|
#
¿
Jul 24, 2010 17:36
|
|
|
LooseChanj posted:I'm trying to figure out how to mount a fat drive through fstab so my normal user can use it. Spoilers appreciated, since I've tried every combination of "rw,-m=777" I could possibly think of. did you try "uid=XXX,gid=XXX" in the mount options?
|
|
#
¿
Aug 12, 2010 17:58
|
|
|
roadhead posted:Just updated to version 0.5.3 of SABnzbdplus, (http://www.freshports.org/news/sabnzbdplus/) But 0.5.4 is already in ports
|
|
#
¿
Sep 9, 2010 16:50
|
|
|
Goon Matchmaker posted:gently caress Paypal. Join the train!
|
|
#
¿
Sep 29, 2010 19:15
|
|
|
EvilMoFo posted:install the port expiretable and put this in the crontab for root, this is mine "crontab for root" I was under the general impression that the standard way of doing things on BSD was to put all crons in /etc/crontab if possible. Only users who can't edit /etc/crontab use their own. Thoughts?
|
|
#
¿
Oct 12, 2010 05:26
|
|
|
In case anyone cares you can't run BSD on the Google Cr-48 laptop. Well you can, but you can't run X. The Intel chip is one of the new ones that needs the GEM/KMS stuff that's only in Linux right now.  edit: I suppose you could run it as vesa, but that's stupid.
|
|
#
¿
Jan 5, 2011 04:32
|
|
|
Cpt.Wacky posted:At least you got one. Correct, FreeBSD. I haven't tried OpenBSD because running a desktop/laptop on OpenBSD is a bit too masochistic for my tastes. I did provide some FreeBSD devs the pciconf and verbose dmesg dump. It really won't be functional on any *BSD until the KMS/GEM support layers are ported from Linux, which is in progress. After that we'll be able to use the new Nouveau driver and the currently maintained Intel drivers.
|
|
#
¿
Jan 5, 2011 23:16
|
|
|
Marinmo posted:Well I don't really need to enable it, just thought it was a neat idea. Almost slicing speeds by three was not acceptable, so I just removed it. It actually makes /usr/ports and /usr/src much faster to work with on my Atom NAS. Also, it's great to use it for /var/log so you dont have to compress logs when you rotate.
|
|
#
¿
Jan 18, 2011 23:31
|
|
|
IanMalcolm posted:Guys, I have a ZFS problem here. I'm currently running FreeNAS 0.7, and the new 8-RC1 version came out recently with a new ZFS version. In the readme they say that it is not possible to upgrade an existing zpool, doing so would destroy the data. 1. zfs export 2. unplug disks 3. install bsd 4. plug disks in 5. zfs import 6. zfs upgrade / zpool upgrade 7. done
|
|
#
¿
Mar 8, 2011 17:53
|
|
|
IanMalcolm posted:Okay, now I have another problem. This only happens to me when the user that will be running Sabnzbd when you use the rc script doesn't match the user running it when you're starting it manually. Make sure all config files, temp dir, etc for sabnzbd are owned by the user that you have set for sabnzbd_user in rc.conf edit: i see this is sickbeard, not sabnzbd. either way -- likely the same thing. edit2: also, punch the guy that wrote that script. Sickbeard shuts down cleanly from a kill -15. feld fucked around with this message at 16:05 on Mar 15, 2011 |
|
#
¿
Mar 15, 2011 16:02
|
|
|
BlackMK4 posted:Anyone know of a decent 5GHz MiniPCI card that will run native under BSD? 5ghz? You're talking about 802.11a, right? Because there are no cards in existence for Linux or BSD that you can buy that are 802.11n and actually let you use the 802.11n features. You're stuck with an expensive card that happens to only let you run it in 2.4ghz b/g mode. Several years ago a developer did the 802.11n framework for NetBSD because Apple paid him to (airports are netbsd based) and that framework was ported to other BSDs. Linux came up with their own framework as well. Unfortunately, we don't have any cards available yet that have an open source driver... so you're stuck buying a crappy wireless router and hoping for the best. Best case scenario is a nice Cisco or a Mikrotik, but I know neither of us want to deal with that....
|
|
#
¿
May 3, 2011 03:58
|
|
|
Build xorg without HAL support and see if the problem goes away. HAL needs to die a fiery death. You just can't hotplug a mouse after X has started... but you could unplug/replug after X is running like your KVM seems to be doing and it would be just fine.
|
|
#
¿
Aug 10, 2011 05:34
|
|
|
polpotpotpotpotpot posted:I'm running a ZFS boot system, is upgrading going to end up causing problems or is everything likely to go well? I upgraded one for a friend not too long ago from 8.0 to 8-stable. I don't know how I'd do it from 8 to 9 considering you can't do the kernel AND world at the same time without causing the running system to break. The steps literally were to install the kernel and world, write the NEW gptzfsloader to the drives, and then reboot with your fingers crossed and do some cleanup. tl;dr GOOD LUCK! (this is why I've been waiting for the installer to fully support it first)
|
|
#
¿
Oct 26, 2011 15:33
|
|
|
Only Shallow posted:Heads up, looks like there's a 0day in FreeBSD ftpd: This was discussed on the FullDisclosure mailing list like 2 weeks ago...
|
|
#
¿
Dec 24, 2011 18:37
|
|
|
Hah, read the wrong date.   
|
|
#
¿
Dec 24, 2011 20:20
|
|
|
SamDabbers posted:ftp -> sftp On that note: Please tell me of an awesome piece of software that will let us create virtual users for sftp so they don't have real system accounts? On Windows there's an awesome ftp daemon we use called Xlight. So yeah, our Windows webhosting clients get SFTP access but our BSD ones don't. Ironic. edit: and not proftpd's sftp modules. That would work if it wasn't banned from our company because of the giant gaping security holes in that software stack. feld fucked around with this message at 18:24 on Dec 26, 2011 |
|
#
¿
Dec 26, 2011 18:10
|
|
|
Expect reading from your CDROM/DVDROM to be broken in VLC and possibly other software in 9-RELEASE due to a CAM bug which the fix was never MFC'd because not enough people made noise about it during the RC process. http://groups.google.com/group/mailing.freebsd.current/browse_thread/thread/37775fe36b3491f8/452e80419655fbca?show_docid=452e80419655fbca
|
|
#
¿
Jan 5, 2012 01:53
|
|
|
Assuming you're OK with nuking this disk and re-adding it to your zpool, you'll have to do something like this: gpart recover ada1 (to fix GPT) then you can do gpart destroy -f ada1 That should wipe all gpt partitions and headers and stuff then just re-add it to your zpool. Or force a scrub so zfs fixes things up.
|
|
#
¿
Jan 23, 2012 17:16
|
|
|
Computer viking posted:Have you tried zeroing the last sector? GPT keeps a backup header there that might be detected. I'm guessing gpart is "tasting" the device and seeing ZFS stuff but thinking it's GPT. If it was GPT the gpart command to recover would have read the last sector, copied it to the first, and then let him destroy it. If he sees *nothing* at all when he runs "gpart show ada0", then gpart definitely isn't seeing a true GPT header.
|
|
#
¿
Jan 23, 2012 23:31
|
|
|
I feel like I need to share this with someone: I recently stumbled upon cpdup, written by Matt Dillon. Think of it as rsync but originally not for over a network. It's faster than rsync on local disk, and uses less CPU -- especially when dealing with tons of hardlinks (rsync spawns 3 processes for this). http://www.freshports.org/sysutils/cpdup/ Also, it does exactly what you tell it to do, not what ancient unix conventions imply. Example: pre:# mkdir dir1 # mkdir dir2 # cp /random/files/* dir1/ # cpdup dir1 dir2 This tool is great 
|
|
#
¿
Mar 26, 2012 16:12
|
|
|
kastein posted:Anyone seen this on more recent releases? It's my desktop at work and home. Also on my google CR48 netbook I'm typing on right now (gently caress ChromeOS). It works great; have never seen this issue.
|
|
#
¿
Apr 3, 2012 00:01
|
|
|
Goon Matchmaker posted:PulseAudio should take care of that issue, but IIRC, FreeBSD implemented some kind of in kernel sound mixing stuff a while back that should have solved that. FreeBSD's sound system is based on OSSv4's API. It's a kissing cousin with some features missing but the drivers are easily ported. That's why it has no issues with sound mixing. Mrs. Finkle posted:Lennart Poettering and Pulseaudio should die of gonorrhea and rot in hell. Would you like a cookie, son? feld fucked around with this message at 15:07 on Apr 3, 2012 |
|
#
¿
Apr 3, 2012 15:04
|
|
|
Marinmo posted:I recently set up my server with FreeBSD. It works very well for the most part, but somehow it seems completely unable to route properly to a select few sites whose IP numbers start with 192.x.x.x. My internal network is 192.168.1.x. Please paste the output of "ifconfig" and "netstat -rn" when you get back. I'm guessing your netmask isn't a /24. Thanks!
|
|
#
¿
May 2, 2012 14:23
|
|
|
Marinmo posted:This was indeed the problem. Why are we using hexadecimal netmasks anyway?! Combination of being tired and not used to them proved to be a bad thing. Thank you, nevertheless! That's a holdover from ages ago. You don't *have* to use hex. Just use CIDR notation. It's perfectly fine for you to run ifconfig/put in rc.conf: 192.168.1.5/24 feld fucked around with this message at 14:36 on May 4, 2012 |
|
#
¿
May 4, 2012 14:34
|
|
|
kastein posted:I always do because it's easier to visualize, 0xf8 says more to me about which bits are being masked off than 248 does, for instance. If you think that's nice, you're probably also unaware of the ability to configure a RANGE of IPs on an interface: #ipv4_addrs_fxp0="192.168.0.1/24 192.168.1.1-5/28" # example IPv4 address entry. no more lovely _aliasX lines
|
|
#
¿
May 7, 2012 16:22
|
|
|
optionsng is now in progress. I'm sure some of you are going to update your ports tree and go "wtf, why do I have to recompile everything?". I can't explain that for you. However, you can prevent yourself from having to choose options all over again by running "/usr/ports/Tools/scripts/options2ng.sh"
|
|
#
¿
Jun 6, 2012 02:25
|
|
|
Kenfoldsfive posted:Since freebsd-update uses diff rather than mergemaster, there doesn't seem to be a way to merge these automatically, so I actually have to update all 295 files by hand even though the only change is the version string. Is there any way to shoehorn mergemaster into the process? Or am I missing something really stupid? This is precisely why I don't use freebsd-update between major releases. Want to do it quickly? OK, here you go: (precompiled source for 8.3) code:Don't forget to add the hast user and group by hand! Also when you're done just run freebsd-update to grab -p3 of 8.3 feld fucked around with this message at 22:25 on Jul 24, 2012 |
|
#
¿
Jul 24, 2012 22:19
|
|
|
Tip:quote:Oh crap, I just updated ${port} and now things that were linked to libfoo.so.5 are broken because it's libfoo.so.6 now! I don't have time to compile this crap! Well, the usual VERY WRONG (read: DANGEROUS; it was a shlib bump for a reason) fix on *nix is a symlink, but don't do that on BSD. It's dirty. And stupid. And you'll forget about it. Just add the override to /etc/libmap.conf: code:code:feld fucked around with this message at 22:31 on Jul 24, 2012 |
|
#
¿
Jul 24, 2012 22:28
|
|
|
|
| # ¿ Apr 25, 2024 13:20 |
|
|
Kenfoldsfive posted:Awesomesauce. Thank you. I prefer running "portmaster --list-origins", saving that to a file, deleting ALL installed ports, and then installing them again via portmaster -d `cat /path/to/list.txt`
|
|
#
¿
Jul 24, 2012 23:12
|
|