Search results

  1. R

    Closed What Would You Like to See FreeBSD Do Differently?

    As a network engineer in Internet Service Provider, I really would like to see: Improved dummynet as traffic shaper/limiter by mask: integrate it with pf as it does with ipfw (it's extremely useful for shaping per ip/customer). Make NAT! Seriously, there are a bunch of NAT mechanisms: pf nat...
  2. R

    Copy/install packages from one to other server

    SirDice , what you need in rarely is not a all need it rarely also ;) Sometimes it really helpful. As I said before, there was working way - make package-recursive and pkg_add -v *.tgz after on the new server. So it would be nice to have similar ability. Moreover, it has with pkg create -a and...
  3. R

    Copy/install packages from one to other server

    SirDice , it's a pretty clear. Anyway, it's a pity what there isn't a simple and a quick way to backup and restore already installed packages from one server to other, without additional software - for cases occured from time to time, it's a overhead. Isn't it?
  4. R

    Copy/install packages from one to other server

    Thanks, trying do it with pkg query %o Hope this will help in quick deployment.
  5. R

    Copy/install packages from one to other server

    I appreciate your answers but they are slightly irrelevant to my question. I installed poudriere, but still can't import existing packages to it or make new one - poudriere requires in "bind" set port name as relative pathname, e.g. www/nginx, while pkg info shows only port name itself. And...
  6. R

    Copy/install packages from one to other server

    [root@INSTALL-VR ~/INSTALL_SCRIPTS]# SHELL="/bin/tcsh" chroot /mnt/gm-rootfs/ root@INSTALL-VR:/ # ls /var/db/pkg/local.sqlite myrepo.meta repo-myrepo.sqlite root@INSTALL-VR:/ # rm /var/db/pkg/* root@INSTALL-VR:/ # pkg update -r myrepo Updating myrepo repository catalogue... Fetching meta.txz...
  7. R

    Copy/install packages from one to other server

    Are there any proper method to copy already installed packages from one server to other? I've got a bunch of FreeBSD servers (10.1 and 10.2 releases), and sometimes need to setup new one that differs only in some network settings. Currently I do some customized setup script from USB flash with...
  8. R

    How to write a script to use IPFW to deny IPs automatically?

    I'd recommend security/sshguard due to no Python dependency.
  9. R

    Multiple NATD Interface + IPFW

    Is it critical use ipfw and user-space natd? I'd recommend using pf instead, it's running in kernel space and easier for NAT setup. My simplified configuration: /etc/pf.conf ext_if="lagg0" int_if_1="vlan11" int_if_2="vlan12" dst_nat1="109.71.177.0/25" dst_nat2="109.71.177.128/25" table...
  10. R

    FreeBSD High Performance Firewall

    An example from real world, not a rush hour. ipfw, dummynet and ng_netflow on the server isn't shown there. 14:03 up 41 days, 21:24, 1 user, load averages: 3,08 2,98 2,46 input (lagg0) output packets errs idrops bytes packets errs bytes colls...
  11. R

    Mapping POSIX ACLs to NFSv4 ACLs for Samba storage

    What I really want is something like Microsoft's "resulting policy" tool. It's quite hard to find out through all that output from getfacl what is the resulting ACL for a user.
  12. R

    NFS write performance with mirrored ZIL

    65 MBytes/sec over NFS is still too low for that configuration. And it's much better to test with iozone or sysbench instead of dd - they will automatically test with different sync/async write/read/rewrite.
  13. R

    SoftUpdate with journaling decrease reliability?

    Good day, all. I've got a dozen problems with my servers on the FreeBSD (9.0 and later) with turned on journaling with SoftUpdates on root slice (/). The problem is what filesystem stay inconsistently after hard reboot and fsck completed check filesystem with journaling use. Althrough it says...
  14. R

    IPFW Logs - is this normal?

    J65nko, the main problem with PMTU ICMP and other control ICMP message that thus can be easily spoofed and so do interfere with "legal" traffic. In addition to previous excellent hints for SSH above, I would recommend one more: use two-factor authentication, for example, from Google...
  15. R

    Possible Feature Request for zfs?

    I agree with the need for such a property. What's against just extending the "hold" property on the zpool and the filesystem without any snapshot?
  16. R

    IPFW Logs - is this normal?

    Dropping all ICMP packets is the really, really bad idea. As an ISP Engineer, that driving me crazy. It didn't protect your services at all! It's just a slightly increase time of bot scanning, in the best case. Not in the real life. So use sshguard, and allow such ICMP types as echo request (8)...
  17. R

    Filtering Performance

    I was filtering and shaping ~500Mbit/sec on the bridge (Core2Duo), with ipfw and dummynet. In theory, it should works faster than L3 filter (like routers), and it really was, from my experience. But for me buying a more powerful server is more simple that trying to get even 10% of performance...
  18. R

    dummynet customization

    What does you mean under "set all IP limit"? Whole network in one pipe, so that all ip addresses share one speed limit? Or make speed limit per IP?
  19. R

    What does this log mean?

    Or it may be because allowed dynamic rule (00200) has already expired at that moment, while Firefox trying to close connection at the end. I would recommend see dynamic rules also: ipfw -d show and see by tcpdump which TCP flags on that packets.
  20. R

    pfctl: igb0: driver does not support altq

    Are there really space between "$" and "ext_if" in the pf.conf? That might be the reason.
Back
Top