As a network engineer in Internet Service Provider, I really would like to see:
Improved dummynet as traffic shaper/limiter by mask: integrate it with pf as it does with ipfw (it's extremely useful for shaping per ip/customer).
Make NAT! Seriously, there are a bunch of NAT mechanisms: pf nat...
SirDice , what you need in rarely is not a all need it rarely also ;) Sometimes it really helpful. As I said before, there was working way - make package-recursive and pkg_add -v *.tgz after on the new server. So it would be nice to have similar ability. Moreover, it has with pkg create -a and...
SirDice , it's a pretty clear.
Anyway, it's a pity what there isn't a simple and a quick way to backup and restore already installed packages from one server to other, without additional software - for cases occured from time to time, it's a overhead. Isn't it?
I appreciate your answers but they are slightly irrelevant to my question.
I installed poudriere, but still can't import existing packages to it or make new one - poudriere requires in "bind" set port name as relative pathname, e.g. www/nginx, while pkg info shows only port name itself. And...
Are there any proper method to copy already installed packages from one server to other?
I've got a bunch of FreeBSD servers (10.1 and 10.2 releases), and sometimes need to setup new one that differs only in some network settings.
Currently I do some customized setup script from USB flash with...
Is it critical use ipfw and user-space natd? I'd recommend using pf instead, it's running in kernel space and easier for NAT setup. My simplified configuration:
/etc/pf.conf
ext_if="lagg0"
int_if_1="vlan11"
int_if_2="vlan12"
dst_nat1="109.71.177.0/25"
dst_nat2="109.71.177.128/25"
table...
An example from real world, not a rush hour. ipfw, dummynet and ng_netflow on the server isn't shown there.
14:03 up 41 days, 21:24, 1 user, load averages: 3,08 2,98 2,46
input (lagg0) output
packets errs idrops bytes packets errs bytes colls...
What I really want is something like Microsoft's "resulting policy" tool. It's quite hard to find out through all that output from getfacl what is the resulting ACL for a user.
65 MBytes/sec over NFS is still too low for that configuration.
And it's much better to test with iozone or sysbench instead of dd - they will automatically test with different sync/async write/read/rewrite.
Good day, all.
I've got a dozen problems with my servers on the FreeBSD (9.0 and later) with turned on journaling with SoftUpdates on root slice (/). The problem is what filesystem stay inconsistently after hard reboot and fsck completed check filesystem with journaling use. Althrough it says...
J65nko, the main problem with PMTU ICMP and other control ICMP message that thus can be easily spoofed and so do interfere with "legal" traffic.
In addition to previous excellent hints for SSH above, I would recommend one more: use two-factor authentication, for example, from Google...
Dropping all ICMP packets is the really, really bad idea. As an ISP Engineer, that driving me crazy.
It didn't protect your services at all! It's just a slightly increase time of bot scanning, in the best case. Not in the real life.
So use sshguard, and allow such ICMP types as echo request (8)...
I was filtering and shaping ~500Mbit/sec on the bridge (Core2Duo), with ipfw and dummynet. In theory, it should works faster than L3 filter (like routers), and it really was, from my experience. But for me buying a more powerful server is more simple that trying to get even 10% of performance...
Or it may be because allowed dynamic rule (00200) has already expired at that moment, while Firefox trying to close connection at the end. I would recommend see dynamic rules also:
ipfw -d show
and see by tcpdump which TCP flags on that packets.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.