firewalls, connecting, config & apachetoolbox (was: Re: BigApache [..])

Wed Aug 4 09:19:52 PDT 2004

Honestly, you'll get much better response if you ask 1 question per email.
An email this long with multiple questions in it forces someone to read
the entire email just to see if there's something there they want to answer.

DK <asdzxc111 at yahoo.com> wrote:
> Hi Giorgos et al,
> 
> thanks for your patience.
> 
> I have enclosed the output of dsmeg, ps, XF86Config if it helps in
> understanding why my system runs slower than W2000 & why I cannot connect to
> the net via my broadband connection.
> 
> --- Giorgos Keramidas <keramida at ceid.upatras.gr> wrote:
> > Bearing this in mind you might, of course, find it a bit more reassuring to
> > run a firewall like IPFW.  But this doesn't *require* a kernel recompile.
> > You can simply load the ipfw.ko module with kldload(8) and immediatelly
> > start setting up the rules of your firewall ruleset.  As root, you can load
> > the ipfw module by:	# kldload ipfw
> 
> Thanks for that. I have ipfw loaded okay(I hope). After reading 14.8.3 from
> the
> handbook regarding IPFW, I was a little worried.
> 
> "14.8.3 Enabling IPFW on FreeBSD
> As the main part of the IPFW system lives in the kernel, you will need to add
> one or more options to your kernel configuration file, depending on what
> facilities you want, and RECOMPILE your kernel."

It _used_ to be this way ... it looks like it's time to update that page
of the handbook.

> > The default set of firewall packet inspection rules that ipfw loads will
> > block *EVERYTHING* so you might want to do a bit of research on the
> > available rulesets by reading about rc.firewall, rc.conf and/or browse the
> > contents of the /etc/defaults/rc.conf file:
> 
> If I understand it correctly after reading the handbook, if I add 
> 'firewall_type=open' in my '/etc/rc.conf' file, will it make all
> incoming/outgoing ports open so I can connect to the net with sysinstall to
> download packages ???

Yes.

> > The "bad intepreter" error means that the `install.sh' script (most likely)
> > starts with a line like this:
> > Edit `install.sh' and replace `/bin/bash' with `/usr/local/bin/bash' if you
> > have bash installed. 
> 
> Legend.  Got this script working now :))
> 
> ...Except...All modules seem to install okay Except for "mod_perl".
> 
> 
> I get the error:
> -----------------------
> [-] 16) -Mod Perl 1.29
> 
> Choice [?] 16
> LWP::UserAgent not installed!
> HTML::HeadParser not installed!
> Type "perl -MCPAN -e shell" to start the perl CPAN
> shell, then "install LWP::UserAgent" to install the LWP::UserAgent module!
> Substitute LWP::UserAgent for any perl module.
> ------------------------------
> 
> I don't understand what I am supposed to "substitute" (above) ???

With the name of the perl module.

Apparently, that script is making assumptions about what is installed on
your system, and is assuming wrong.  Doesn't sound like a very good
script.

You'll have a better time of it if you look up the "UserAgent" and
"HeadParser" packages for perl in the ports collection and install them
from there, but the CPAN method will work as well.  See the CPAN docs
for details.

> Other problems(Doh!):
> 
> 1) For automount, I edited /etc/fstab.
> It was easier & more logical than the editing amd(/etc/amd.conf & /etc/amd.map)
> Problem: There has to be a CD in the CD drive & a floppy in the floppy drive
> otherwise the drives don't automount & the bootup faulters !!
> - This is annoying. Is there a way around this so I can automount at bootup
> without a disk being in the drive ???

You're a little confused.  I saw an email go by earlier with someone
suggesting changes to /etc/fstab, and that was bad advice and probably
what confused you.

Putting those entries in /etc/fstab does not constitute "automounting",
it just causes them to be mounted.

Although it's easier to set up, it's not a good idea to configure removable
devices to mount automatically at boot up by adding entries to /etc/fstab
(as you've discovered)

The method using amd is the correct way to do it, it causes the amd
program to check for media in the drive and mount it if available.
This is the behaviour you're used to in Windows, and will not be
accomplished by editing /etc/fstab.  /etc/fstab is a list of filesystems
that must be mounted at boot time, and would create unreasonable
requirements for removable media.  Additionally, when you switch
media (i.e. change to a different CD) the new CD won't be remounted.
amd can handle this.

> 4) I am taking your advice & am trying to connect to the net with
> sysinstall so
> I can download packages/ports & hopefully find an easier way to install apps.
> However when I go through the steps to install a package & select a
> freebsd ftp
> site, at the end, a prompt comes up saying something like "cannot resolve
> ftp... name server, network needs to be configured..) ... or something like
> that
> 
> Q: Do I need to get my broadband login client working to connect to the net OR
> can I login to my ISP from a terminal within BSD ???

Depends on the connection system you use for your broadband access.
If they're using standard TCP, then you just need to set up the
network card for DHCP.  If they're using PPPOE, you'll need to log
in.

> Q: Do I need to login to my broadband ISP via my login client to enable
> "sysinstall" to be able to download packages etc ... ???

You need access.  What you have to do to get access is dependent on your
ISP.

> Q: Like tracert on W2000, is their a command I can use in BSD to see when I am
> connected to the net ???

W2K's tracert is based on BSD's traceroute

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com