Loved Cat Diary

首先我们来安装它

cd /usr/ports/sysutils/portupgrade make make install make clean

而后要upgrade ports数据库

/usr/local/sbin/portsdb -uU

再查找出需要upgrade的ports安装

/usr/local/sbin/portsversion -l “< " -v

如:mysql-client-4.0.24 < needs updating (port has 4.0.25)

再执行如下命令进行upgrade:

portupgrade -R mysql-client

可以再次执行

portversion -l “< " -v | grep mysql-client

查看是否成功upgrade

感谢CU的congli的指导:-)

Once you got the following:

Jul 28 02:14:01 www /kernel: Limiting icmp unreach response from 207 to 200 packets per second Jul 28 02:14:10 www /kernel: Limiting icmp unreach response from 227 to 200 packets per second Jul 28 02:15:56 www /kernel: Limiting icmp unreach response from 201 to 200 packets per second Jul 28 02:45:51 www /kernel: Limiting icmp unreach response from 203 to 200 packets per second Jul 28 02:46:24 www /kernel: Limiting icmp unreach response from 240 to 200 packets per second Jul 28 02:46:36 www /kernel: Limiting icmp unreach response from 231 to 200 packets per second Jul 28 03:21:34 www /kernel: Limiting icmp unreach response from 203 to 200 packets per second Jul 28 03:21:58 www /kernel: Limiting icmp unreach response from 255 to 200 packets per second

modify below:

sysctl net.inet.tcp.blackhole=2 sysctl net.inet.udp.blackhole=1

Add the following to the /etc/make.conf file

MASTER_SITE_BACKUP?= \ ftp://202.113.12.9/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/\ ftp://ftp.freebsd.org.cn/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/\ ftp://ftp.freebsdchina.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/

MASTER_SITE_OVERRIDE?= ${MASTER_SITE_BACKUP}

First you need to turn php_debug mode off,

and you have to make php4-extensions ensured you choosen the sysvshm option.

Install SNMP using Ports

# cd /usr/ports/net-mgmt/net-snmp # make && make install && make clean

Add Two Lines into /etc/rc.conf

snmpd_enable=”YES” snmpd_flags=”-a -Lsd -p /var/run/snmpd.pid”

# chmod 444 /usr/local/etc/rc.d/snmptrapd.sh

Configure snmpd.conf

# snmpconf -i a. Edit snmpd.conf b. Choose : System Information Setup c. You will get 1: The [typically physical] location of the system. 2: The contact information for the administrator 3: The proper value for the sysServices object. d. Fill up 1 and 2. Please pay attention to option 3 e. When finish, back to main menu and choose 2. f. Choose 3, a SNMPv1/SNMPv2c read-only access community name h. Put in community name such as, foo i. In hostname and network mask we enter 127.0.0.1 j. Setup OID , leave blank k. Back to menu l. The IP address and port number that the agent will listen on.

# /usr/local/etc/rc.d/snmpd.sh start

Install MRTG using ports

# cd /usr/ports/net-mgmt/mrtg # make && make install && make clean

Configure file for MRTG

# cfgmaker foo@127.0.0.1 > /usr/local/etc/mrtg/mrtg.cfg

Edit /usr/local/etc/mrtg/mrtg.cfg , put in Apache Directory
Adding Cron Jon

# crontab -e

Insert

*/5 * * * * /usr/local/bin/mrtg /usr/local/etc/mrtg/mrtg.cfg

Launch Brower and view the file.

OStype: Freebsd 5.4 -Release-p7 By: hughr@sysop.com.cn

Run proftpd in a debug mode:

# ./proftpd -n -d 5 -c /usr/local/etc/proftpd.conf

for the proftpd-1.3.0.r2 version of proftpd, errors may be the following:

- getaddrinfo ‘www.hughr.org’ error: hostname nor servname provided, or not known

to solve this:

Add the following to the proftpd.conf file:

DefaultAddress a.b.c.d

a.b.c.d is the ip address you are using.

and remember to add:

proftpd_enable=”YES”

to you /etc/rc.conf file. Finally we excute:

/usr/local/etc/rc.d/proftpd.sh start

you can `sh /etc/rc` if you want.

net.inet.tcp.sendspace=65536 net.inet.tcp.recvspace=65536 kern.ipc.somaxconn=4096 kern.ipc.maxsockbuf=2097152 net.inet.icmp.drop_redirect=1 net.inet.icmp.log_redirect=1 net.inet.ip.redirect=0 net.inet6.ip6.redirect=0 net.inet.icmp.icmplim=100 net.inet.tcp.always_keepalive=1 net.inet.tcp.delayed_ack=1 net.inet.udp.sendspace=65535 net.inet.udp.maxdgram=65535 net.local.stream.sendspace=65535 kern.maxfiles=65536 kern.securelevel=0 net.inet.tcp.log_in_vain=1 net.inet.udp.log_in_vain=1 net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 net.inet.udp.checksum=1 net.inet.icmp.bmcastecho=0 ######this new add 20041021########### net.inet.tcp.recvspace=65535 net.inet.tcp.sendspace=65535 net.inet.ip.forwarding=1 net.inet.tcp.strict_rfc1948=1 ########for sys flood attack###### net.inet.tcp.msl=7500 net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 net.inet.icmp.icmplim=50 kern.ipc.somaxconn=32768 net.inet.tcp.syncookies=1

sysctl -w net.inet.tcp.msl=7500
sysctl -w net.inet.tcp.blackhole=2
sysctl -w net.inet.udp.blackhole=1
sysctl -w net.inet.icmp.icmplim=50
sysctl -w kern.ipc.somaxconn=32768
sysctl -w net.inet.tcp.syncookies=1

To check your installed ports for known vulnerabilities now, do:

# /usr/local/sbin/portaudit -Fda

Add

net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1

to /etc/sysctl.conf

then

“sh /etc/rc'’

FreeBSD 也可以用 cp 来复制文档 , 但是对于复制整个文档系统并不是好方法 .

这里介绍使用 dump 和 restore 来做 :

1. 创建新的文档系统

假如你的新硬盘为 ad1, 而将来的根分区将是 ad1s1a, 你可以先创建文档系统 :

newfs /dev/ad1s1a
mount /dev/ad1s1a /mnt
cd /mnt

2. 复制 :

dump -f- / | restore -f- -r
这是把老的根文档系统复制输出到管道 , restore 从管道里读数据 , 写入当前
目录所在的文档系统 .

3. 按部就班复制其他文档系统
复制完後 , 也许 要修改新硬盘下的 /etc/fstab, 安装上新的分区 , 摘下老硬盘
就可以了 .

再补充一点 , 如果你要复制的是另外一台机器 , 可以用 rsh, 这样就可以通过网络把一个分区数据传送到另外一台机器 , 不需要 NFS, 不需 SAMBA 等就可以解决问题 , 而 cp 就很难作到了。

newfs /dev/ad1s1a
mount /dev/ad1s1a /mnt
cd /mnt

rsh -l yourname thathost ‘dump -f- /’ | restore -f- -r

转自linuxaid

　　作者:Stephan Somogyi （Quany译） 来源:ZDNet News 2001-08-10 19:33:48

　　前言：
　　本周以来龟兔赛跑的故事一直萦绕于脑海。很长时间以来，我们被淹没于Linux的高速增长消息中，它被IBM全身心地拥抱着，大公无私，优秀的人手，这一切都无庸置疑。
　　但我还是不得不怀疑，Linux的新近的所有跳跃性发展，在BSD们的缓慢但坚实的增长面前该感到一种紧张。即便没有Linux的市场鞭策，这些基于BSD的操作系统看起来也表现越来越好，

dosfile的文本里面在console下用vi看会有许多^M,用下面的命令可以清除掉:

tr -d \\r < dosfile > newfile

I am collecting * things that a FreeBSD user may want to know.

安装过程中出现如下错误

The disc in your drive looks more like an Audio disc than a FreeBSD release.

具体错误如图示,知道的朋友请支招,感激.

FreeBSD的下一个主要发布版本，第７版，是目前最为重要的一个版本之一。它拥有自5.0版推出后的许多新技术和改进之处。经常性地在邮件列表里搜索该版本的一些重要改进显然让人烦闷，于是我决定创建这个（将经常更新）的页面来列出一些最为有意思的更新。

季度状态报告也是挺有用的：

官方鼓励任何人下载并安装FreeBSD7的Snapshot版本，以尝试该操作系统的新特性。开者者则对bug报告感到非常的有兴趣。需要注意的是，FreeBSD 7.0并未发布。

如果对就FreeBSD是如何开发出来的感兴趣，建议你可以阅读邮件列表和开发者博客。

网络栈的改进与清理

虽然本文只提到了可数的几个人，但网络栈的改进和性能上的增强却是由许多人共同完成的。

新的sendfile()和改进的sosend()

状态：Committed至-CURRENT
将在7.0版中出现：肯定
作者：Andre Oppermann, Robert Watson
网站：http://people.freebsd.org/~andre/, announcement message

While working on TSO support, Andre Oppermann has found several ways to optimize kernel's internal networking support. The new sendfile() implementation sends larger chunks of data at once and improves performance up to 5x when used with TSO and other new enhancements. Improvements to the sosend() and related functions resulted in lowering the CPU consumption of sending side of network interfaces almost three times. Note that these are microbenchmarks and performance improvements in real usage still needs to be quantified.

在解决TSO支持的时候，Andre Oppermann找到几种方法来优化内核的内部网络支持。该新的sendfile()单次发送数据块更多且当与TSO和其它增强配合使用时能获得5倍的性能增强。

setenv PACKAGESITE 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/Latest/'

由于某些原因最近php4.4.7_2仍然未被更新, 虽然ports tree己经有php4.4.4_2, 但你会发现你无法使用portupgrade -r php命令来完成更新. 因为php4.4.4_2有某些漏洞(VULNERABILITIES). 如果你确实要更新的话. 试试以下命令:

portupgrade -m DISABLE_VULNERABILITIES=yes php

# cd /usr/src/secure/lib/libssh
# make obj && make depend && make && make install

see this
/usr/src/sys/netinet/ip.h:#define IPDEFTTL 64 /* default ttl, from RFC 1340 */

sysctl -w net.link.ether.inet.log_arp_movements=0
sysctl -w net.link.ether.inet.log_arp_wrong_iface=0

Date: 2:30 PM 3/26/2008
Ver: $1.0
Author: Li Feng Shen
Copyrights (c) 2008 All Rights Reserved.

/*
Use on your own risks
*/

1)
# pkg_add -r cvsup-without-gui
# cp /usr/share/examples/cvsup/standard-supfile /root
# vi /root/standard-supfile
*default host=cvsup.cn.FreeBSD.org
*default release=cvs tag=RELENG_7_0

# cvsup -g -L 2 stand-supfile

# cd /usr/src

# make buildworld

# cd /usr/src/sys/i386/conf

# modify you kernel config file add:

device pf
device pflog
device pfsync

to the end

# cd /usr/src && make buildworld

# make buildkernel KERNCONF=MYKERN && make installkernel KERNCONF=MYKERN

# sync && sync && sync && sync && shutdown -r now

# cd /usr/src

# mergemaster -i

# make installworld

# sync && sync && shutdown -r now

2)
Done

Date: 11:04 AM 3/26/2008
Ver: $1.0
Author: Li Feng Shen
Copyrights (c) 2008 All Rights Reserved.

/*
Use on your own risks
*/

1) # cd /usr/ports/security/openvpn
# make install clean

### ------------------------------------------------------------------------
### The OpenVPN FreeBSD port, since v2.0.1, uses rcNG to start OpenVPN.
### Edit /etc/rc.conf to start OpenVPN automatically at system startup.
### See /usr/local/etc/rc.d/openvpn for details.
### ------------------------------------------------------------------------
### To get OpenVPN 1.X to talk with the new 2.0 version, you may need to
### edit the 1.X configuration file by adding these lines:
### tun-mtu 1500
### tun-mtu-extra 32
### mssfix 1450
### key-method 2 <- this key-method line only for TLS setups
### - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
### WARNING: THE DEFAULT PORT HAS CHANGED AND IS NOW 1194!
### OpenVPN 1.6 and older used 5000 rather than 1194 as their default
### port, so add the proper port options to your configuration file!
### - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
### For further compatibility, see
### ------------------------------------------------------------------------
### If you want to donate to OpenVPN:
### ------------------------------------------------------------------------

2) # mkdir /usr/local/etc/openvpn
# cp /usr/local/share/doc/openvpn/sample-config-files/server.conf /usr/local/etc/openvpn/openvpn.conf
# echo openvpn_enable=\"YES\" >> /etc/rc.conf

3) # cd /usr/local/share/doc/openvpn/easy-rsa
# vi vars
export KEY_COUNTRY=CN
export KEY_PROVINCE=GD
export KEY_CITY=Guangzhou
export KEY_ORG="SHAREUNION"
export KEY_EMAIL="hughr_going@hotmail.com"
# cd /usr/ports/shells/bash
# make install clean
# rehash
# bash
# source ./vars
# ./clean-all
# ./build-ca
# ./build-dh
# cp keys/ca.* /usr/local/etc/openvpn
# cp keys/dh1024.pem /usr/local/etc/openvpn
# vi /usr/local/etc/openvpn/openvpn.conf
modify
ca ca.crt
cert ca.crt
key ca.key

# /usr/local/etc/rc.d/openvpn start

# sockstat -4l

4) # cd /usr/local/share/openvpn/easy-rsa
# ./build-key office
# tar zcvf office.tar.gz ./keys/office*
# tar zcvf ca.tar.gz keys/ca*
download the office.tar.gz & ca.tar.gz to the local file system of you windows client.

5) # config your kernel with ipfirewall support

options IPFIREWALL
options IPDIVERT
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_VERBOSE

# config the following rules:

00100 allow ip from any to 0.0.4.170:0.0.4.170
00200 divert 8668 ip from any to any via bge0

6) download openvpn-gui for windows & install it.
create C:\Program Files\OpenVPN\config
extract all office.tar.gz & ca.tar.gz into C:\Program Files\OpenVPN\config
create a SHAREUNION.ovpn file

insert the following content into the file:

client
dev tun
proto udp
remote $IP_ADDRESS 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert office.crt
key office.key
comp-lzo
verb 3

7) right click on the shareunion.ovpn and select "start vpn on this config file" to test if the configuration file is ok.

8) done.