firewalls, connecting, config & apachetoolbox (was: Re:
keramida at ceid.upatras.gr
Wed Aug 4 14:55:13 PDT 2004
On 2004-08-04 08:15, DK <asdzxc111 at yahoo.com> wrote:
> --- Giorgos Keramidas <keramida at ceid.upatras.gr> wrote:
> > The default set of firewall packet inspection rules that ipfw loads will
> > block *EVERYTHING* so you might want to do a bit of research on the
> > available rulesets by reading about rc.firewall, rc.conf and/or browse the
> > contents of the /etc/defaults/rc.conf file:
> If I understand it correctly after reading the handbook, if I add
> 'firewall_type=open' in my '/etc/rc.conf' file, will it make all
> incoming/outgoing ports open so I can connect to the net with sysinstall to
> download packages ???
Yes, that's mostly true.
Note that I very rarely use the "open" firewall type or others from
rc.firewall. This is because I usually write my own firewall rulesets.
The commands of rc.firewall though are hopefully easy to understand.
Open the script with your favorite editor in read-only mode (don't make
any changes unless you're very sure you know what you're doing). Read
the sets of rules it loads and see for yourself which one you prefer ;-)
The following manpages also contain useful stuff about firewall setup in
your FreeBSD installation:
% man 7 firewall
% man 7 security
> Legend. Got this script working now :))
> ...Except...All modules seem to install okay Except for "mod_perl".
Some problem with the bundle of installations no doubt :-)
> I get the error:
> [-] 16) -Mod Perl 1.29
> Choice [?] 16
> LWP::UserAgent not installed!
> HTML::HeadParser not installed!
> Type "perl -MCPAN -e shell" to start the perl CPAN
> shell, then "install LWP::UserAgent" to install the LWP::UserAgent module!
> Substitute LWP::UserAgent for any perl module.
The installation depends on a Perl module called LWP. The error message
tries to be helpful too. Read it carefully:
Type "perl -MCPAN -e shell" to start the perl CPAN
shell, then "install LWP::UserAgent" to install the LWP::UserAgent module!
If you do as it says, the LWP::UserAgent module will be installed and
then the installation will probably succeed. I'm deliberately using
"probably" because this is a package-lookalike that is not an official
part of FreeBSD so I don't know why, when or how it could fail without
trying it out first.
> I don't understand what I am supposed to "substitute" (above) ???
CPAN is an acronym equivalent to "Comprehensive Perl Archive Network".
The CPAN collection of Perl modules is a vast library of Perl code that
you can install as add-on modules over your existing Perl installation.
If you want to install many modules, a single CPAN shell invocation of
Perl can do it, using "install MODULE_NAME". You'll have to substitute
MODULE_NAME with the name of the module you want to install. Does the
word "substitute" sound a bit more clear now?
> 1) For automount, I edited /etc/fstab.
> It was easier & more logical than the editing amd(/etc/amd.conf & /etc/amd.map)
> Problem: There has to be a CD in the CD drive & a floppy in the floppy drive
> otherwise the drives don't automount & the bootup faulters !!
It obviously tries to mount a CD-ROM disk at boot time because you
enabled the "mount at boot time" flag in fstab.
> - This is annoying. Is there a way around this so I can automount at
> bootup without a disk being in the drive ???
Not really. You asked your system to mount the CD-ROM at boot time and
it did. I recall someone posting excellent references for the automount
daemon some time ago. I even went ahead and read them an afternoon that
I was feeling bored. Please, go back to the previous posts of these
threads and read the help posted about amd.
> 2) I ran xf86config & generated a new config file. It broke X [...]
> My Monitor Specs(If this helps):
> viewsonic pf775
> [snip mode - frequency table]
> Frequency f h: 30~97kHz; f v: 50~180Hz
Yes it does help. You'd also have to find out what Video Adapter you
have and instruct xf86cfg to generate an XF86Config file using the
proper driver for your video adapter.
> 3) I tried to intstall the login client for my broadband connection so
> I can use sysinstall to download & install packages. The program
> fails on make & make install!
What login client? The only port that I see whose name begins with
"login" is x11/login.app and that's definitely nothing related to
> Screen Output
> 127# make install
> Makefile error: there is no COMMENT variable defined
> for this port. Please, rectify this.
> *** Error code 1
> Stop in /usr/ports/distfiles/login.
Are you honestly still trying to run "make" in /usr/ports/distfiles
after I have asked you so many times to go and read the Handbook chapter
about "Ports and Packages"?
This is not going to work.
> 4) I am taking your advice & am trying to connect to the net with sysinstall so
> I can download packages/ports & hopefully find an easier way to install apps.
You haven't provided any details about the type of connection you have
(just a "my broadband connection" short description which doesn't amount
to much), so I can't help you there. You have also displayed an
unbelievable reluctance to read any sort of documentation, so I don't
hope for much even if I point you to the Handbook, to some web page or
Once more though, since you have mentioned "broadband", here's a link
from the Handbook; just in case you find it useful:
> Q: Do I need to get my broadband login client working to connect to the net OR
> can I login to my ISP from a terminal within BSD ???
Again I ask... What login client?
> Q: Do I need to login to my broadband ISP via my login client to enable
> "sysinstall" to be able to download packages etc ... ???
No, you don't need any "login client" or similar. You just need to set
things up so that a network connection works. Sysinstall is also not
required to download packages, once you set your connection up. But you
would already know that *IF* you had read the relevant Handbook chapter:
> Q: Like tracert on W2000, is their a command I can use in BSD to see when I am
> connected to the net ???
The "tracert" program is called "tracert" in Windows because some
versions of that operating system family are limited in the number of
characters that can use in filenames. This is why they shortened
"traceroute" to "tracert" to fit in less than 8 characters.
On BSD you can use "traceroute" to do the same thing and lot more.
More information about the freebsd-questions