From rpeskin at rlpcon.com Mon Dec 3 22:09:22 2007 From: rpeskin at rlpcon.com (Richard Peskin) Date: Mon Dec 3 22:10:58 2007 Subject: Leopard Finder 'Shared' sidebar Message-ID: <4B419067-26E9-425E-8DAA-EC3C11965AAC@rlpcon.com> The Leopard Finder Sidebar has a list of "Shared" servers (i.e. other machines on the network that act as servers). Is there a way to identify these servers with a Terminal command? My list has a non- existent PC host listed and I want to remove it. Thanks, --dick peskin ____________________________________ Richard L. Peskin, RLP Consulting, Londonderry, VT http://www.rlpcon.com http://www.caip.rutgers.edu/~peskin From johnmusbach at gmail.com Mon Dec 3 22:17:09 2007 From: johnmusbach at gmail.com (John Musbach) Date: Mon Dec 3 22:17:11 2007 Subject: Leopard Finder 'Shared' sidebar In-Reply-To: <4B419067-26E9-425E-8DAA-EC3C11965AAC@rlpcon.com> References: <4B419067-26E9-425E-8DAA-EC3C11965AAC@rlpcon.com> Message-ID: <7e5608b50712032217v5c0fe847j782895651030554e@mail.gmail.com> On Dec 3, 2007 10:09 PM, Richard Peskin wrote: > Is there a way to > identify these servers with a Terminal command? You could possibly identify its IP address via the following command: ping "computers name", other then that you will need a network scanner -- Best Regards, John Musbach From jwelch at bynkii.com Wed Dec 5 05:09:48 2007 From: jwelch at bynkii.com (John C. Welch) Date: Wed Dec 5 05:10:01 2007 Subject: SNMP article Message-ID: I'd been getting a LOT of questions on SNMP, so I figured that I'd write something up. 15,000 or so words later... -- John C. Welch Writer/Analyst Bynkii.com Mac and other opinions jwelch@bynkii.com From chdevers at mac.com Wed Dec 5 14:04:40 2007 From: chdevers at mac.com (Chris Devers) Date: Wed Dec 5 14:04:47 2007 Subject: Setting up IMAPD on Leopard client, need suggestions re: launchd & firewall Message-ID: <9D618FA2-0116-1000-B9A8-972BBB5E8942-Webmail-10019@mac.com> Out of curiosity, would anyone have any pointers on getting a basic IMAP server running on Leopard client? I had UW-IMAP working fine on Tiger client, but bringing my old xinetd config forward to Leopard isn't working (nor do I expect it to, with launchd now), and the launchd scripts I've tried must be broken, because /var/log/system.log is filling up with garbage like: Dec 5 16:54:11 macgarnicle imapd[4553]: Unexpected client disconnect, while reading line user=??? host=UNKNOWN Dec 5 16:54:14 macgarnicle postfix/postfix-script[4556]: fatal: the Postfix mail system is already running ...with these lines or close variants repeating every 10 seconds. Complicating things is the new firewall. Incoming port 25 to Postfix seems to work fine right now with it off, but breaks if I turn it on, and I can't tell if my inability to connect to IMAP is a firewall issue or a general access-to-the-daemon issue. If I try to connect a rudimentary IMAP/IMAPS session , I just get: $ telnet localhost 993 Trying ::1... telnet: connect to address ::1: Connection refused Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused telnet: Unable to connect to remote host $ And nothing seems to make it to /var/log/mail.log (or /var/log/*log for that matter) when I do this. I could post details of my config files, log files, etc, but for the moment a pointer to good starter reference material would probably be helpful here. I've been poking around with various Google searches, but the most I can find is blog posts saying things like this: I'm running the uw imapd via launchd (xinetd functionality is replaced with launchd in Leopard). imap works, but not if I start the firewall. I've posted a message on the Leopard discussion forum to see if anyone can help. http://marxy.org/2007/10/leopard-great-but-not-totally-without.html#c14306619776221796 But just verifying that the daemon works would be an improvement over what I've managed thus far. Thanks. -- Chris Devers apologizing for jumping in without the customary "lurk first, then ask small, directed questions" courtesy From johnmusbach at gmail.com Wed Dec 5 16:03:54 2007 From: johnmusbach at gmail.com (John Musbach) Date: Wed Dec 5 16:04:07 2007 Subject: Setting up IMAPD on Leopard client, need suggestions re: launchd & firewall In-Reply-To: <9D618FA2-0116-1000-B9A8-972BBB5E8942-Webmail-10019@mac.com> References: <9D618FA2-0116-1000-B9A8-972BBB5E8942-Webmail-10019@mac.com> Message-ID: <7e5608b50712051603u52520b6bv1147a915b38bf95b@mail.gmail.com> On Dec 5, 2007 2:04 PM, Chris Devers wrote: > Complicating things is the new firewall. Turn on the firewall with the block all connections option selected, then in terminal manage the firewall with these commands: sudo ipfw list <--- list all rules currently in effect sudo ipfw add numbergreaterthenonesalreadylisted ip from any to any in 25 <---add rule to allow incoming connections on port 25 sudo ipfw delete rulenumber <---delete a rule -- Best Regards, John Musbach From johnmusbach at gmail.com Wed Dec 5 16:04:31 2007 From: johnmusbach at gmail.com (John Musbach) Date: Wed Dec 5 16:04:37 2007 Subject: Setting up IMAPD on Leopard client, need suggestions re: launchd & firewall In-Reply-To: <9D618FA2-0116-1000-B9A8-972BBB5E8942-Webmail-10019@mac.com> References: <9D618FA2-0116-1000-B9A8-972BBB5E8942-Webmail-10019@mac.com> Message-ID: <7e5608b50712051604t6bebaa02o34d4032e4dbcba45@mail.gmail.com> On Dec 5, 2007 2:04 PM, Chris Devers wrote: > Out of curiosity, would anyone have any pointers on getting a basic IMAP server running on Leopard client? While googling I found this: http://people.dsv.su.se/~david-bo/Courier-IMAP.shtml ...it doesn't seem to be for leopard but it may be able to still provide you with some helpful pointers -- Best Regards, John Musbach From diego-osxadmin at zzamboni.org Wed Dec 5 15:52:50 2007 From: diego-osxadmin at zzamboni.org (Diego Zamboni) Date: Wed Dec 5 16:15:11 2007 Subject: Setting up IMAPD on Leopard client, need suggestions re: launchd & firewall In-Reply-To: <9D618FA2-0116-1000-B9A8-972BBB5E8942-Webmail-10019@mac.com> References: <9D618FA2-0116-1000-B9A8-972BBB5E8942-Webmail-10019@mac.com> Message-ID: <8522A473-DA33-4EF0-8FDD-FC339272B54C@zzamboni.org> On Dec 5, 2007, at 11:04 PM, Chris Devers wrote: > Out of curiosity, would anyone have any pointers on getting a basic > IMAP server running on Leopard client? I am using Dovecot (http://www.dovecot.org/) on my machine as a local IMAP server. I installed it using macports, so it was quite easy: port install dovecot The trickiest part for me was the authentication. To make it use the system accounts for authentication, I created /etc/pam.d/dovecot with the following: # dovecot: auth account password session auth sufficient pam_securityserver.so auth sufficient pam_unix.so auth required pam_deny.so account required pam_permit.so password required pam_deny.so session required pam_uwtmp.so And set the authentication section of /opt/local/etc/dovecot/ dovecot.conf as follows: auth default { mechanisms = plain passdb pam { args = dovecot } userdb passwd { } user = root } I'm only using it from localhost, if you are using it remotely, you probably want to enable some more secure mechanisms (e.g. cram-md5). Finally, start it as indicated by the post-install message from the port command: launchctl load -w /Library/LaunchDaemons/org.macports.dovecot.plist Hope this helps, --Diego From neil at laubenthal.net Wed Dec 5 17:31:08 2007 From: neil at laubenthal.net (Neil Laubenthal) Date: Wed Dec 5 17:31:23 2007 Subject: Setting up IMAPD on Leopard client, need suggestions re: launchd & firewall In-Reply-To: <9D618FA2-0116-1000-B9A8-972BBB5E8942-Webmail-10019@mac.com> References: <9D618FA2-0116-1000-B9A8-972BBB5E8942-Webmail-10019@mac.com> Message-ID: <7FD8BAFF-D5A0-4EFA-9224-FD914DD62CD1@laubenthal.net> On Dec 5, 2007, at 17:04, Chris Devers wrote: > Out of curiosity, would anyone have any pointers on getting a basic > IMAP server running on Leopard client? > > I had UW-IMAP working fine on Tiger client, but bringing my old > xinetd config forward to Leopard isn't working (nor do I expect it > to, with launchd now), and the launchd scripts I've tried must be > broken, because /var/log/system.log is filling up with garbage like: The easiest way is probably to get MailServe from http://cutedgesystems.com/ . It's shareware and is pretty much a one step setup. You can of course do everything manually if you want . . . but the price is very reasonable and it just works. I haven't set it up with Leopard yet; but have used it on Tiger for quite awhile to run the mail server at home. Bernard is very helpful if you run into any difficulties . . . I had some issues originally with getting secure access from outside to work properly due to self signed certificate issues but he worked with me for several days until we got it running correctly. From johnmusbach1 at gmail.com Wed Dec 5 19:58:30 2007 From: johnmusbach1 at gmail.com (John Musbach) Date: Wed Dec 5 19:58:33 2007 Subject: test Message-ID: <17c8e29e0712051958t2eabca9dt8cb023a3e5faf8bf@mail.gmail.com> test, account without 1 in name was disabled by gmail without explanation so please don't be alarmed when you see me posting with this address -- Best Regards, John Musbach From steven at PelletierNet.COM Thu Dec 6 00:51:19 2007 From: steven at PelletierNet.COM (Steven Pelletier) Date: Thu Dec 6 00:51:35 2007 Subject: Parental Controls Message-ID: <091ED39A-141B-4E50-BD48-492C70AA944B@PelletierNet.com> Hi, does anyone know if it's possible to enable/administer parental controls for an account that is purely network based? i.e. the users are authenticated via NIS and their home directories are on an NFS server. Think library/daycare/school with many Macs and many children's accounts on a common NIS/NFS server. A solution where a global setting on the Macs said "all users are subject to parental controls" but allowed exceptions would be good, as would something similar to the "Allow user to administer this computer" check box in the Accounts system preference -- although the latter is more difficult to administer when new children are added. Steven From johnmusbach1 at gmail.com Thu Dec 6 23:20:49 2007 From: johnmusbach1 at gmail.com (John Musbach) Date: Thu Dec 6 23:20:51 2007 Subject: Parental Controls In-Reply-To: <091ED39A-141B-4E50-BD48-492C70AA944B@PelletierNet.com> References: <091ED39A-141B-4E50-BD48-492C70AA944B@PelletierNet.com> Message-ID: <17c8e29e0712062320n565db7ddn7d426627feda4f73@mail.gmail.com> On Dec 6, 2007 12:51 AM, Steven Pelletier wrote: > Hi, does anyone know if it's possible to enable/administer parental > controls for an account that is purely network based? This would probably be possible if you symlinked users preferences to a central server share -- Best Regards, John Musbach From daniel at highdesertchurch.com Fri Dec 7 14:14:36 2007 From: daniel at highdesertchurch.com (Daniel Hazelbaker) Date: Fri Dec 7 14:14:46 2007 Subject: Delete Jobs on Shared Printer Message-ID: We have a Mac OS X server sharing all of our printers via IPP. Right now the only way to cancel a job is for me to go into Server Admin and cancel the print job for the user. Has anybody figured out a way to allow users to cancel their print jobs if something goes wrong? Daniel Hazelbaker From mah at jump-ing.de Fri Dec 7 15:26:59 2007 From: mah at jump-ing.de (Markus Hitter) Date: Fri Dec 7 15:27:13 2007 Subject: Delete Jobs on Shared Printer In-Reply-To: References: Message-ID: <7C82CB35-E67C-48B9-8EB6-9EA53850D40B@jump-ing.de> Am 07.12.2007 um 23:14 schrieb Daniel Hazelbaker: > We have a Mac OS X server sharing all of our printers via IPP. The reader's obvious question is: which OS version(s) are you running and when did this feature stop working? Markus - - - - - - - - - - - - - - - - - - - Dipl. Ing. Markus Hitter http://www.jump-ing.de/ From daniel at highdesertchurch.com Fri Dec 7 16:36:04 2007 From: daniel at highdesertchurch.com (Daniel Hazelbaker) Date: Fri Dec 7 16:36:17 2007 Subject: Delete Jobs on Shared Printer In-Reply-To: <7C82CB35-E67C-48B9-8EB6-9EA53850D40B@jump-ing.de> References: <7C82CB35-E67C-48B9-8EB6-9EA53850D40B@jump-ing.de> Message-ID: <0B305167-CBCC-4388-A318-56068D054C78@highdesertchurch.com> On Dec 7, 2007, at 3:26 PM, Markus Hitter wrote: > > Am 07.12.2007 um 23:14 schrieb Daniel Hazelbaker: > >> We have a Mac OS X server sharing all of our printers via IPP. > > The reader's obvious question is: which OS version(s) are you > running and when did this feature stop working? True enough. 10.4 Server with 10.4 clients and 10.5 clients. The feature never worked that I am aware of. If I "add" the printers in via the "Shared Printers" popup while printing (which is gone in 10.5) then my clients could at least see what the printer was doing but couldn't not manage any jobs. However, a number of programs (InDesign for one) would not print properly to those printers so we now add them automatically as an IPP printer via Directory Binding / MCX, this method everything prints correctly but the printers always show "Idle". I can live with it this way but would prefer my users to be able to cancel print jobs (oops I just told it to print 100 copies of a 500 page document). Daniel > Markus > > - - - - - - - - - - - - - - - - - - - > Dipl. Ing. Markus Hitter > http://www.jump-ing.de/ > > > > > From cdevers at pobox.com Sat Dec 8 19:48:27 2007 From: cdevers at pobox.com (Chris Devers) Date: Sat Dec 8 19:55:49 2007 Subject: Setting up IMAPD on Leopard client, need suggestions re: launchd & firewall In-Reply-To: <9D618FA2-0116-1000-B9A8-972BBB5E8942-Webmail-10019@mac.com> References: <9D618FA2-0116-1000-B9A8-972BBB5E8942-Webmail-10019@mac.com> Message-ID: I ended up getting UW IMAP working with help from their list: http://mailman1.u.washington.edu/pipermail/imap-uw/2007-December/001792.html The instructions in his attachment (change the suffix from .bin to .rtf and it'll open normally in TextEdit or what have you) worked great: http://mailman1.u.washington.edu/pipermail/imap-uw/attachments/20071206/c7ad500d/UW-notes.bin It's a little too long to paste inline here, but for Google posterity, I can at least point out where to get those instructions :-) Thanks, folks. -- Chris Devers From johnmusbach1 at gmail.com Sat Dec 8 22:31:41 2007 From: johnmusbach1 at gmail.com (John Musbach) Date: Sat Dec 8 22:31:43 2007 Subject: Setting up IMAPD on Leopard client, need suggestions re: launchd & firewall In-Reply-To: References: <9D618FA2-0116-1000-B9A8-972BBB5E8942-Webmail-10019@mac.com> Message-ID: <17c8e29e0712082231p567feacemcfd32e4d354449c2@mail.gmail.com> On Dec 8, 2007 7:48 PM, Chris Devers wrote: > It's a little too long to paste inline here, but for Google posterity, I > can at least point out where to get those instructions :-) > > Thanks, folks. Would anyone object to having those notes posted to this list? It would be nice IMO to have them preserved in the list archive... -- Best Regards, John Musbach From johnmusbach1 at gmail.com Sat Dec 8 22:40:35 2007 From: johnmusbach1 at gmail.com (John Musbach) Date: Sat Dec 8 22:40:38 2007 Subject: Delete Jobs on Shared Printer In-Reply-To: <0B305167-CBCC-4388-A318-56068D054C78@highdesertchurch.com> References: <7C82CB35-E67C-48B9-8EB6-9EA53850D40B@jump-ing.de> <0B305167-CBCC-4388-A318-56068D054C78@highdesertchurch.com> Message-ID: <17c8e29e0712082240i3fdf5b92l9e8294539642c5f5@mail.gmail.com> On Dec 7, 2007 4:36 PM, Daniel Hazelbaker wrote: > I can live with it this way but > would prefer my users to be able to cancel print jobs (oops I just > told it to print 100 copies of a 500 page document). Check the printer manual, usually printers themselves include the ability to cancel print jobs via a button or their menu interface -- Best Regards, John Musbach From roodavis at mac.com Sat Dec 8 21:23:51 2007 From: roodavis at mac.com (Rick Davis) Date: Sun Dec 9 08:45:05 2007 Subject: Delete Jobs on Shared Printer In-Reply-To: <20071208200004.2D8929B6C8@forums.omnigroup.com> References: <20071208200004.2D8929B6C8@forums.omnigroup.com> Message-ID: <823974A5-91DA-4F52-A889-8CFC11C8AF01@mac.com> On Dec 8, 2007, at 3:00 PM, Daniel wrote: > Message: 1 > Date: Fri, 7 Dec 2007 14:14:36 -0800 > From: Daniel Hazelbaker > Subject: Delete Jobs on Shared Printer > To: OS X Admin Mac > Message-ID: > > Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes > > We have a Mac OS X server sharing all of our printers via IPP. Right > now the only way to cancel a job is for me to go into Server Admin and > cancel the print job for the user. Has anybody figured out a way to > allow users to cancel their print jobs if something goes wrong? > > Daniel Hazelbaker You should be able to cancel jobs using the local CUPS interface. Type 127.0.0.1:631 in any web browser and you should get the CUPS management page. Click on Manage Printers, this should give you a list of printers setup on the machine, click on the link to the printer, you should see a list of active jobs, click on the job and then cancel. I will poke around at a school on Monday and see what other options may be available. Hope this helps. Rick Davis, ACHDS thePRIMAXgroup Cincinnati, OH (513)910-9490 http://www.applehelp.org From johnmusbach1 at gmail.com Sun Dec 9 17:49:51 2007 From: johnmusbach1 at gmail.com (John Musbach) Date: Sun Dec 9 17:49:55 2007 Subject: ipfw port forwarding Message-ID: <17c8e29e0712091749h44cb6938j346a0732a038c4bc@mail.gmail.com> I have internet sharing enabled on one mac which is in a dmz and am trying to get another mac which is connected to the dmz'd mac via internet sharing to have traffic received by the dmz'd mac for a certain port to be forwarded to the connected mac...however the terminal command "sudo ipfw add 02110 forward 10.0.2.7 in" doesn't work (returns from missing but if I add "from any" after the ip I get a invalid syntax error regarding that statement so I don't understand what it wants), what am I doing wrong? Thanks! P.S. Obviously the easiest solution would to dmz this mac in question as well right? Unfortunately the router I'm using only allows one IP to be in a dmz at a time so that isn't a option since the currently dmz'd mac is a 24/7 public server... -- Best Regards, John Musbach From kremels at kreme.com Sun Dec 9 18:54:40 2007 From: kremels at kreme.com (LuKreme) Date: Sun Dec 9 18:54:43 2007 Subject: ipfw port forwarding In-Reply-To: <17c8e29e0712091749h44cb6938j346a0732a038c4bc@mail.gmail.com> References: <17c8e29e0712091749h44cb6938j346a0732a038c4bc@mail.gmail.com> Message-ID: <9F7D41EC-F24A-4E1C-A27B-C2E1214D5B72@kreme.com> On 9-Dec-2007, at 18:49, John Musbach wrote: > I have internet sharing enabled on one mac which is in a dmz and am > trying to get another mac which is connected to the dmz'd mac via > internet sharing to have traffic received by the dmz'd mac for a > certain port to be forwarded to the connected mac...however the > terminal command "sudo ipfw add 02110 forward 10.0.2.7 in" doesn't > work (returns from missing but if I add "from any" after the ip I get > a invalid syntax error regarding that statement so I don't understand > what it wants), what am I doing wrong? Thanks! Good luck. I asked about this a few weeks ago and nothing that was suggested worked. My situation is slightly different, but functionally the same. I have a PC connected to my Mac Pro's second ethernet port via gigabit ethernet and want a port from the outside to be forwarded to the PC. Have not been able to get this working. I also tried running the app on my MacPro with VMWare Fusion. That also did not work. I think you have to enable IP Forwarding first, unless that has changed in recent OS X versions. # sysctl -w net.inet.ip.forwarding=1 and then I think the syntax would be # ipfw add 1000 forward localhost,800 tcp from any to 10.0.2.7 via en0 which should forward anything that comes in to port 800 on to the machine at 10.0.2.7, also on port 800 > P.S. Obviously the easiest solution would to dmz this mac in question > as well right? Unfortunately the router I'm using only allows one IP > to be in a dmz at a time Of course, you can only have one machine in a DMZ because you only have one external IP address. > -- There's a race of men that don't fit in, A race that can't stay still So they break the hearts of kith and kin, And they roam the world at will. From kremels at kreme.com Sun Dec 9 19:00:18 2007 From: kremels at kreme.com (LuKreme) Date: Sun Dec 9 19:00:20 2007 Subject: ipfw port forwarding In-Reply-To: <9F7D41EC-F24A-4E1C-A27B-C2E1214D5B72@kreme.com> References: <17c8e29e0712091749h44cb6938j346a0732a038c4bc@mail.gmail.com> <9F7D41EC-F24A-4E1C-A27B-C2E1214D5B72@kreme.com> Message-ID: <83ABF818-6EB6-436A-AD2C-48195FA162C5@kreme.com> On 9-Dec-2007, at 19:54, LuKreme wrote: > # ipfw add 1000 forward localhost,800 tcp from any to 10.0.2.7 via en0 Hate replying to myself, but when I did something similar to this, the machine lost all connectivity to the net: # ipfw add 1000 fwd localhost,6001 tcp from any to 192.168.3.2 via en1 (all I wanted was port 6001 to be forwarded through directly to the PC on 192.168.3.2) -- Not that I condone fascism, or any -ism for that matter. -Ism's in my opinion are not good. A person should not believe in an -ism, he should believe in himself. I quote John Lennon, "I don't believe in The Beatles, I just believe in me." Good point there. After all, he was the walrus. I could be the walrus and I'd still have to bum rides off of people. From johnmusbach1 at gmail.com Sun Dec 9 21:27:20 2007 From: johnmusbach1 at gmail.com (John Musbach) Date: Mon Dec 10 00:19:23 2007 Subject: ipfw port forwarding In-Reply-To: <83ABF818-6EB6-436A-AD2C-48195FA162C5@kreme.com> References: <17c8e29e0712091749h44cb6938j346a0732a038c4bc@mail.gmail.com> <9F7D41EC-F24A-4E1C-A27B-C2E1214D5B72@kreme.com> <83ABF818-6EB6-436A-AD2C-48195FA162C5@kreme.com> Message-ID: <17c8e29e0712092127v3ecd422bmdaaa8a8dedc1a791@mail.gmail.com> On Dec 9, 2007 7:00 PM, LuKreme wrote: > Hate replying to myself, but when I did something similar to this, the > machine lost all connectivity to the net: > > # ipfw add 1000 fwd localhost,6001 tcp from any to 192.168.3.2 via en1 While that didn't cause me to loose internet connectivity it also didn't forward the packets, the command I used (and ipfw accepted) was: sudo ipfw add 02120 fwd localhost(I also tried replacing this with the router assigned address),22 tcp from any to 10.0.2.7 via en1 and it didn't work, the mac that was supposed to forward the packets logged the connection attempts but I never got the ssh login prompt on the machine I used to test the connection and the firewall log on the mac that was supposed to receive the packets never showed any sign of receiving any of the packets at all. I don't understand this... Maybe Apple disabled the packet forwarding functionality of the unix core.... -- Best Regards, John Musbach From daniel at highdesertchurch.com Mon Dec 10 10:29:49 2007 From: daniel at highdesertchurch.com (Daniel Hazelbaker) Date: Mon Dec 10 10:29:59 2007 Subject: Delete Jobs on Shared Printer In-Reply-To: <823974A5-91DA-4F52-A889-8CFC11C8AF01@mac.com> References: <20071208200004.2D8929B6C8@forums.omnigroup.com> <823974A5-91DA-4F52-A889-8CFC11C8AF01@mac.com> Message-ID: <70DF5496-CC9F-410D-A538-8A267F820F4C@highdesertchurch.com> On Dec 8, 2007, at 9:23 PM, Rick Davis wrote: > You should be able to cancel jobs using the local CUPS interface. > Type 127.0.0.1:631 in any web browser and you should get the CUPS > management page. Click on Manage Printers, this should give you a > list of printers setup on the machine, click on the link to the > printer, you should see a list of active jobs, click on the job and > then cancel. Well, I would like to avoid having my users go into their local cups interface. While CUPS is fairly user friendly, I know that my users would manage to do something really stupid. But aside from that, I have more information specifically. In 10.5 Client this works fine, I must have done something twitchy the first time I tested. I would assume this is because of the newer version of CUPS but I am not sure. In 10.4 Client, Both the Printer Window and CUPS show the print job as completed (and thus gone) as soon as the print server accepts the job (thus it will keep trying to send the print job and the user has no control over it). So again, I assume this is just a 10.4 "quirk" because of the older CUPS version so if somebody could verify this, I can live with the issues until we get everybody up to Leopard. I would guess my only other option is to upgrade CUPS on the 10.4 clients, but I am really not sure I want to even go there. > John Musbach wrote: > Check the printer manual, usually printers themselves include the > ability to cancel print jobs via a button or their menu interface It does, but even if you cancel it the print server re-sends it. Very annoying. :) Daniel From shoop at iwiring.net Mon Dec 10 11:50:59 2007 From: shoop at iwiring.net (Dan Shoop) Date: Mon Dec 10 11:51:07 2007 Subject: ipfw port forwarding In-Reply-To: <17c8e29e0712091749h44cb6938j346a0732a038c4bc@mail.gmail.com> References: <17c8e29e0712091749h44cb6938j346a0732a038c4bc@mail.gmail.com> Message-ID: <74586078-9FA4-4E3B-857E-3469156A60B6@iwiring.net> First, cut out the cros posting. It's evil. On Dec 9, 2007, at 8:49 PM, John Musbach wrote: > I have internet sharing enabled on one mac which is in a dmz and am > trying to get another mac which is connected to the dmz'd mac via > internet sharing to have traffic received by the dmz'd mac for a > certain port to be forwarded to the connected mac...however the > terminal command "sudo ipfw add 02110 forward 10.0.2.7 in" doesn't > work (returns from missing but if I add "from any" after the ip I get > a invalid syntax error regarding that statement so I don't understand > what it wants), what am I doing wrong? Thanks! > > P.S. Obviously the easiest solution would to dmz this mac in question > as well right? Unfortunately the router I'm using only allows one IP > to be in a dmz at a time so that isn't a option since the currently > dmz'd mac is a 24/7 public server... This is all a bit foggy, could you describe this set up a bit better? What are your NIC's in question? Have a bit of a diagram to share w subnets? What's sysctl saying? What's the routing table like (on the various machines)? It also sounds like you're not using a real router but a NAT box, which may make this very difficult to impossible depending on that. What is it? -dhan ------------------------------------------------------------------------ Dan Shoop Computer Scientist iWiring / U.S. Technical Services shoop@iwiring.net AOL IM .................... iWiring Nextel .................... 1-714-363-1174 Operations TOC (24/7) ..... 1-866-901-USTS USTS Offices .............. 1-714-374-6300 For immediate response for urgent matters please speak to the Duty Officer at the USTS Tactical Operations Center (above) who can reach me by radio. From johnmusbach1 at gmail.com Mon Dec 10 17:53:09 2007 From: johnmusbach1 at gmail.com (John Musbach) Date: Mon Dec 10 17:53:11 2007 Subject: ipfw port forwarding In-Reply-To: <74586078-9FA4-4E3B-857E-3469156A60B6@iwiring.net> References: <17c8e29e0712091749h44cb6938j346a0732a038c4bc@mail.gmail.com> <74586078-9FA4-4E3B-857E-3469156A60B6@iwiring.net> Message-ID: <17c8e29e0712101753y4bb95922icec25cddb14f0c71@mail.gmail.com> On Dec 10, 2007 11:50 AM, Dan Shoop wrote: > What are your NIC's in question? The mac which needs to share the internet connection is connected to the internet via ethernet (en0), I'm trying to get it to share the internet connection over and forward packets through the airport networking device (en1) >Have a bit of a diagram to share w > subnets? DSL Modem | | | Router---> Mac server in dmz--share dmz'd internet connection via airport---------v(*) ----> AirPort Express --> AirPort Extreme --> other computers in house connect here wirelessly for non dmz internet access, Other Mac-----------------------------------^(*) >What's sysctl saying? kern.ostype = Darwin kern.osrelease = 9.1.0 kern.osrevision = 199506 kern.version = Darwin Kernel Version 9.1.0: Wed Oct 31 17:46:22 PDT 2007; root:xnu-1228.0.2~1/RELEASE_I386 kern.maxvnodes = 33792 kern.maxproc = 532 kern.maxfiles = 12288 kern.argmax = 262144 kern.securelevel = 0 kern.hostname = Macintosh.local kern.hostid = 0 kern.clockrate: hz = 100, tick = 10000, profhz = 100, stathz = 100 Use pstat to view kern.vnode information Use ps to view kern.proc information Use pstat to view kern.file information kernel is not compiled for profiling kern.profiling: kern.posix1version = 200112 kern.ngroups = 16 kern.job_control = 1 kern.saved_ids = 1 kern.boottime = Thu Nov 15 18:06:31 2007 kern.nisdomainname = kern.maxpartitions: No such file or directory kern.kdebug: Operation not permitted kern.update: No such file or directory kern.osreldate: No such file or directory kern.ntp_pll: No such file or directory kern.bootfile: No such file or directory kern.maxfilesperproc = 10240 kern.maxprocperuid = 266 kern.dumpdev: No such file or directory kern.ipc: No such file or directory kern.dummy = 0 kern.dummy = 0 kern.usrstack = -1073741824 kern.logsigexit: No such file or directory kern.symfile: Input/output error kern.procargs: Invalid argument kern.dummy = 0 kern.netboot = 0 kern.panicinfo: specification is incomplete kern.sysv: No such file or directory kern.dummy = 0 kern.dummy = 0 kern.exec: unknown type returned kern.aiomax = 90 kern.aioprocmax = 16 kern.aiothreads = 4 kern.procargs2: Invalid argument kern.corefile = /cores/core.%P kern.coredump = 1 kern.sugid_coredump = 0 kern.delayterm = 0 kern.shreg_private = 0 kern.proc_low_pri_io = 0 kern.low_pri_window: No such file or directory kern.low_pri_delay: No such file or directory kern.posix: No such file or directory kern.usrstack64 = 3221225472 kern.nx = 1 kern.tfp: No such file or directory kern.procname = kern.threadsigaltstack: No such file or directory kern.speculative_reads_disabled = 0 kern.osversion = 9B18 kern.safeboot = 0 kern.lctx: No such file or directory kern.rage_vnode = 0 kern.tty: No such file or directory kern.check_openevt: Invalid argument vm.vmmeter: No such file or directory vm.dummy: No such file or directory vfs.ufs has 0 mounted instances vfs.nfs has 1 mounted instance vfs.fdesc has 1 mounted instance vfs.cd9660 has 0 mounted instances vfs.unionfs has 0 mounted instances vfs.hfs has 2 mounted instances vfs.devfs has 1 mounted instance vfs.autofs has 2 mounted instances vfs.msdos has 0 mounted instances hw.machine = i386 hw.model = MacBook2,1 hw.ncpu = 2 hw.byteorder = 1234 hw.physmem = 2147483648 hw.usermem = 1794441216 hw.pagesize = 4096 hw.disknames: No such file or directory hw.diskstats: No such file or directory hw.epoch = 0 hw.floatingpoint: No such file or directory hw.machinearch: No such file or directory hw.vectorunit = 1 hw.busfrequency = 664000000 hw.cpufrequency = 2160000000 hw.cachelinesize = 64 hw.l1icachesize = 32768 hw.l1dcachesize = 32768 hw.l2settings = 1 hw.l2cachesize = 4194304 hw.l3settings: Invalid argument hw.l3cachesize: Invalid argument hw.tbfrequency = 1000000000 hw.memsize = 2147483648 hw.availcpu = 2 user.cs_path = /usr/bin:/bin:/usr/sbin:/sbin user.bc_base_max = 99 user.bc_dim_max = 2048 user.bc_scale_max = 99 user.bc_string_max = 1000 user.coll_weights_max = 2 user.expr_nest_max = 32 user.line_max = 2048 user.re_dup_max = 255 user.posix2_version = 200112 user.posix2_c_bind = 0 user.posix2_c_dev = 0 user.posix2_char_term = 0 user.posix2_fort_dev = 0 user.posix2_fort_run = 0 user.posix2_localedef = 0 user.posix2_sw_dev = 0 user.posix2_upe = 0 user.stream_max = 20 user.tzname_max = 255 kern.ostype: Darwin kern.osrelease: 9.1.0 kern.osrevision: 199506 kern.version: Darwin Kernel Version 9.1.0: Wed Oct 31 17:46:22 PDT 2007; root:xnu-1228.0.2~1/RELEASE_I386 kern.maxvnodes: 33792 kern.maxproc: 532 kern.maxfiles: 12288 kern.argmax: 262144 kern.securelevel: 0 kern.hostname: Macintosh.local kern.hostid: 0 kern.clockrate: { hz = 100, tick = 10000, tickadj = 1, profhz = 100, stathz = 100 } kern.file: Format:S,filehead Length:18652 Dump:0xa8e06b04e074f80378dd5b0003000200... kern.posix1version: 200112 kern.ngroups: 16 kern.job_control: 1 kern.saved_ids: 1 kern.boottime: { sec = 1195178791, usec = 0 } Thu Nov 15 18:06:31 2007 kern.nisdomainname: kern.maxfilesperproc: 10240 kern.maxprocperuid: 266 kern.ipc.maxsockbuf: 8388608 kern.ipc.sockbuf_waste_factor: 8 kern.ipc.somaxconn: 128 kern.ipc.mbstat: Format:S,mbstat Length:580 Dump:0xd00c0000460600000000000053000000... kern.ipc.nmbclusters: 32768 kern.ipc.soqlimitcompat: 1 kern.ipc.mb_normalized: 0 kern.ipc.mb_stat: Format:S,mb_stat Length:928 Dump:0x070000006d6275660000000000000000... kern.ipc.sosendjcl_ignore_capab: 0 kern.ipc.sosendjcl: 1 kern.ipc.sorecvmincopy: 16384 kern.ipc.sosendminchain: 16384 kern.ipc.soqlencomp: 0 kern.ipc.njclbytes: 16384 kern.ipc.njcl: 10920 kern.ipc.sbspace_factor: 8 kern.ipc.maxsockets: 512 kern.ipc.sendfileuiobufs: 64 kern.dummy: 0 kern.usrstack: -1073741824 kern.netboot: 0 kern.sysv.shmall: 1024 kern.sysv.shmseg: 8 kern.sysv.shmmni: 32 kern.sysv.shmmin: 1 kern.sysv.shmmax: 4194304 kern.sysv.semume: 10 kern.sysv.semmsl: 87381 kern.sysv.semmnu: 87381 kern.sysv.semmns: 87381 kern.sysv.semmni: 87381 kern.exec.archhandler.powerpc: /usr/libexec/oah/translate kern.aiomax: 90 kern.aioprocmax: 16 kern.aiothreads: 4 kern.corefile: /cores/core.%P kern.coredump: 1 kern.sugid_coredump: 0 kern.delayterm: 0 kern.shreg_private: 0 kern.proc_low_pri_io: 0 kern.posix.sem.max: 10000 kern.usrstack64: 3221225472 kern.nx: 1 kern.tfp.policy: 2 kern.procname: kern.speculative_reads_disabled: 0 kern.osversion: 9B18 kern.safeboot: 0 kern.lctx.max: 8192 kern.lctx.count: 0 kern.lctx.last: 1 kern.rage_vnode: 0 kern.tty.ptmx_max: 127 kern.sleeptime: { sec = 0, usec = 0 } Wed Dec 31 16:00:00 1969 kern.waketime: { sec = 0, usec = 0 } Wed Dec 31 16:00:00 1969 kern.hibernatefile: kern.bootsignature: f4f70be4975fdc7c469fa5187372388313510bb3 kern.hibernatemode: 0 kern.maxnbuf: 10485 kern.nbuf: 10485 kern.flush_cache_on_write: 0 kern.always_do_fullfsync: 0 kern.sugid_scripts: 0 kern.affinity_sets_mapping: 1 kern.affinity_sets_enabled: 1 kern.singleuser: 0 kern.bootargs: kern.msgbuf: 4096 kern.wq_timer_interval_msecs: 40 kern.wq_max_run_latency_usecs: 500 kern.wq_reduce_pool_window_usecs: 3000000 kern.wq_stalled_window_usecs: 20000 kern.secure_kernel: 0 vm.loadavg: { 0.35 0.33 0.24 } vm.swapusage: total = 2048.00M used = 769.09M free = 1278.91M vm.cs_debug: 0 vm.cs_force_hard: 0 vm.cs_force_kill: 0 vm.user_wire_limit: 2147482648 vm.global_user_wire_limit: 2147482648 vm.cs_blob_size_max: 76000 vm.cs_blob_size_peak: 1082752 vm.cs_blob_count_peak: 154 vm.cs_blob_size: 852752 vm.cs_blob_count: 134 vm.cs_validation: 1 vm.vm_page_free_target: 2000 vm.shared_region_persistence: 1 vm.shared_region_version: 3 vm.shared_region_trace_level: 1 vm.allow_data_exec: 1 vm.allow_stack_exec: 0 vfs.generic.vfsidlist: Format:S,fsid Length:48 Dump:0x0200000e11000000140fdf0313000000... vfs.generic.nfs.server.nfsd_thread_count: 0 vfs.generic.nfs.server.nfsd_thread_max: 0 vfs.generic.nfs.server.fsevents: 1 vfs.generic.nfs.server.user_stats: 1 vfs.generic.nfs.server.request_queue_length: 128 vfs.generic.nfs.server.reqcache_size: 64 vfs.generic.nfs.server.async: 0 vfs.generic.nfs.server.require_resv_port: 0 vfs.generic.nfs.server.wg_delay_v3: 0 vfs.generic.nfs.server.wg_delay: 1000 vfs.generic.nfs.client.max_async_writes: 128 vfs.generic.nfs.client.lockd_mounts: 0 vfs.generic.nfs.client.nfsiod_thread_count: 0 vfs.generic.nfs.client.nfsiod_thread_max: 16 vfs.generic.nfs.client.statfs_rate_limit: 10 vfs.generic.nfs.client.allow_async: 0 vfs.generic.nfs.client.access_cache_timeout: 60 vfs.generic.nfs.client.iosize: 1048576 vfs.generic.nfs.client.nextdowndelay: 30 vfs.generic.nfs.client.initialdowndelay: 12 net.local.stream.pcblist: Format:S,xunpcb Length:56136 Dump:0x180000007600000024b5020000000000... net.local.stream.recvspace: 8192 net.local.stream.sendspace: 8192 net.local.dgram.pcblist: Format:S,xunpcb Length:24672 Dump:0x180000007600000024b5020000000000... net.local.dgram.recvspace: 4096 net.local.dgram.maxdgram: 2048 net.local.inflight: 0 net.inet.ip.portrange.hilast: 65535 net.inet.ip.portrange.hifirst: 49152 net.inet.ip.portrange.last: 65535 net.inet.ip.portrange.first: 49152 net.inet.ip.portrange.lowlast: 600 net.inet.ip.portrange.lowfirst: 1023 net.inet.ip.forwarding: 0 net.inet.ip.redirect: 1 net.inet.ip.ttl: 64 net.inet.ip.rtexpire: 10 net.inet.ip.rtminexpire: 10 net.inet.ip.rtmaxcache: 128 net.inet.ip.sourceroute: 0 net.inet.ip.intr_queue_maxlen: 50 net.inet.ip.intr_queue_drops: 0 net.inet.ip.stats: Format:S,ipstat Length:116 Dump:0x2fa79600000000000000000000000000... net.inet.ip.accept_sourceroute: 0 net.inet.ip.fastforwarding: 0 net.inet.ip.keepfaith: 0 net.inet.ip.gifttl: 30 net.inet.ip.subnets_are_local: 0 net.inet.ip.use_route_genid: 1 net.inet.ip.check_route_selfref: 1 net.inet.ip.dummynet.debug: 0 net.inet.ip.dummynet.red_max_pkt_size: 1500 net.inet.ip.dummynet.red_avg_pkt_size: 512 net.inet.ip.dummynet.red_lookup_depth: 256 net.inet.ip.dummynet.max_chain_len: 16 net.inet.ip.dummynet.expire: 1 net.inet.ip.dummynet.search_steps: 0 net.inet.ip.dummynet.searches: 0 net.inet.ip.dummynet.extract_heap: 0 net.inet.ip.dummynet.ready_heap: 0 net.inet.ip.dummynet.curr_time: 0 net.inet.ip.dummynet.hash_size: 64 net.inet.ip.fw.dyn_keepalive: 1 net.inet.ip.fw.dyn_short_lifetime: 5 net.inet.ip.fw.dyn_udp_lifetime: 10 net.inet.ip.fw.dyn_rst_lifetime: 1 net.inet.ip.fw.dyn_fin_lifetime: 1 net.inet.ip.fw.dyn_syn_lifetime: 20 net.inet.ip.fw.dyn_ack_lifetime: 300 net.inet.ip.fw.static_count: 2 net.inet.ip.fw.dyn_max: 4096 net.inet.ip.fw.dyn_count: 0 net.inet.ip.fw.curr_dyn_buckets: 256 net.inet.ip.fw.dyn_buckets: 256 net.inet.ip.fw.verbose_limit: 0 net.inet.ip.fw.verbose: 2 net.inet.ip.fw.debug: 0 net.inet.ip.fw.one_pass: 0 net.inet.ip.fw.autoinc_step: 100 net.inet.ip.fw.enable: 1 net.inet.ip.random_id: 1 net.inet.ip.linklocal.in.allowbadttl: 1 net.inet.ip.linklocal.stat: Format:S,ip_linklocal_stat Length:16 Dump:0xae010000000000007a4a0000654a0000... net.inet.ip.check_interface: 0 net.inet.ip.maxfrags: 2048 net.inet.ip.maxfragsperpacket: 128 net.inet.ip.maxfragpackets: 1024 net.inet.ip.maxchainsent: 0 net.inet.icmp.maskrepl: 0 net.inet.icmp.stats: Format:S,icmpstat Length:192 Dump:0x5d000000000000000000000000000000... net.inet.icmp.icmplim: 250 net.inet.icmp.timestamp: 0 net.inet.icmp.bmcastecho: 1 net.inet.icmp.log_redirect: 0 net.inet.icmp.drop_redirect: 0 net.inet.igmp.stats: Format:S,igmpstat Length:36 Dump:0x6f190000000000000000000000000000... net.inet.tcp.rfc1323: 1 net.inet.tcp.rfc1644: 0 net.inet.tcp.mssdflt: 512 net.inet.tcp.stats: Format:S,tcpstat Length:352 Dump:0x9acb01001b0000003eca010086050000... net.inet.tcp.keepidle: 7200000 net.inet.tcp.keepintvl: 75000 net.inet.tcp.sendspace: 65536 net.inet.tcp.recvspace: 65536 net.inet.tcp.keepinit: 75000 net.inet.tcp.pcblist: Format:S,xtcpcb Length:3716 Dump:0x1800000007000000ede98a0000000000... net.inet.tcp.v6mssdflt: 1024 net.inet.tcp.rexmt_thresh: 2 net.inet.tcp.rfc3465: 1 net.inet.tcp.maxseg_unacked: 8 net.inet.tcp.slowlink_wsize: 8192 net.inet.tcp.reass.overflows: 0 net.inet.tcp.reass.cursegments: 0 net.inet.tcp.reass.maxsegments: 2048 net.inet.tcp.drop_synfin: 1 net.inet.tcp.tcp_lq_overflow: 1 net.inet.tcp.delayed_ack: 3 net.inet.tcp.blackhole: 2 net.inet.tcp.log_in_vain: 3 net.inet.tcp.socket_unlocked_on_output: 1 net.inet.tcp.packetchain: 50 net.inet.tcp.ecn_negotiate_in: 0 net.inet.tcp.ecn_initiate_out: 0 net.inet.tcp.newreno: 0 net.inet.tcp.local_slowstart_flightsize: 8 net.inet.tcp.slowstart_flightsize: 1 net.inet.tcp.path_mtu_discovery: 1 net.inet.tcp.sack_globalholes: 0 net.inet.tcp.sack_globalmaxholes: 65536 net.inet.tcp.sack_maxholes: 128 net.inet.tcp.sack: 1 net.inet.tcp.rtt_min: 1 net.inet.tcp.background_io_enabled: 1 net.inet.tcp.isn_reseed_interval: 0 net.inet.tcp.strict_rfc1948: 0 net.inet.tcp.icmp_may_rst: 1 net.inet.tcp.pcbcount: 7 net.inet.tcp.do_tcpdrain: 0 net.inet.tcp.tcbhashsize: 4096 net.inet.tcp.minmssoverload: 0 net.inet.tcp.minmss: 216 net.inet.tcp.always_keepalive: 0 net.inet.tcp.msl: 15000 net.inet.tcp.background_io_trigger: 5 net.inet.tcp.sockthreshold: 64 net.inet.tcp.out_sw_cksum_bytes: 0 net.inet.tcp.out_sw_cksum: 0 net.inet.tcp.in_sw_cksum_bytes: 5401453 net.inet.tcp.in_sw_cksum: 132709 net.inet.tcp.win_scale_factor: 3 net.inet.udp.checksum: 1 net.inet.udp.stats: Format:S,udpstat Length:44 Dump:0x342e0300000000000000000000000000... net.inet.udp.maxdgram: 9216 net.inet.udp.recvspace: 42080 net.inet.udp.pcblist: Format:S,xinpcb Length:5488 Dump:0x1800000011000000b2bf3a0000000000... net.inet.udp.pcbcount: 17 net.inet.udp.blackhole: 1 net.inet.udp.log_in_vain: 3 net.inet.udp.out_sw_cksum_bytes: 37556 net.inet.udp.out_sw_cksum: 211 net.inet.udp.in_sw_cksum_bytes: 34128 net.inet.udp.in_sw_cksum: 183 net.inet.ipsec.stats: Format:S,ipsecstat Length:12432 Dump:0x00000000000000000000000000000000... net.inet.ipsec.def_policy: 1 net.inet.ipsec.esp_trans_deflev: 1 net.inet.ipsec.esp_net_deflev: 1 net.inet.ipsec.ah_trans_deflev: 1 net.inet.ipsec.ah_net_deflev: 1 net.inet.ipsec.ah_cleartos: 1 net.inet.ipsec.ah_offsetmask: 0 net.inet.ipsec.dfbit: 0 net.inet.ipsec.ecn: 0 net.inet.ipsec.debug: 0 net.inet.ipsec.esp_randpad: -1 net.inet.ipsec.esp_port: 0 net.inet.ipsec.bypass: 1 net.inet.raw.pcblist: Format:S,xinpcb Length:1008 Dump:0x18000000030000008900000000000000... net.inet.raw.recvspace: 8192 net.inet.raw.maxdgram: 8192 net.appletalk.ddpstats: Format:S,at_ddp_stats Length:52 Dump:0x00000000000000000000000000000000... net.appletalk.routermix: 2000 net.appletalk.debug: Format:S,dbgBits Length:8 Dump:0x0000000000000000 net.link.generic.system.ifcount: 8 net.link.generic.system.dlil_input_sanity_check: 0 net.link.generic.system.multi_threaded_input: 1 net.link.ether.inet.send_conflicting_probes: 1 net.link.ether.inet.keep_announcements: 1 net.link.ether.inet.log_arp_warnings: 0 net.link.ether.inet.sendllconflict: 0 net.link.ether.inet.proxyall: 0 net.link.ether.inet.useloopback: 1 net.link.ether.inet.maxtries: 5 net.link.ether.inet.apple_hwcksum_rx: 1 net.link.ether.inet.apple_hwcksum_tx: 1 net.link.ether.inet.host_down_time: 20 net.link.ether.inet.max_age: 1200 net.link.ether.inet.prune_intvl: 300 net.key.debug: 0 net.key.spi_trycnt: 1000 net.key.spi_minval: 256 net.key.spi_maxval: 268435455 net.key.int_random: 60 net.key.larval_lifetime: 30 net.key.blockacq_count: 10 net.key.blockacq_lifetime: 20 net.key.esp_keymin: 256 net.key.esp_auth: 0 net.key.ah_keymin: 128 net.key.prefered_oldsa: 0 net.key.natt_keepalive_interval: 20 net.key.pfkeystat: Format:S,pfkeystat Length:4240 Dump:0x00000000000000000000000000000000... net.inet6.ip6.forwarding: 0 net.inet6.ip6.redirect: 1 net.inet6.ip6.hlim: 64 net.inet6.ip6.stats: Format:S,ip6stat Length:3200 Dump:0x34130000000000000000000000000000... net.inet6.ip6.maxfragpackets: 1024 net.inet6.ip6.accept_rtadv: 0 net.inet6.ip6.keepfaith: 0 net.inet6.ip6.log_interval: 5 net.inet6.ip6.hdrnestlimit: 50 net.inet6.ip6.dad_count: 1 net.inet6.ip6.auto_flowlabel: 1 net.inet6.ip6.defmcasthlim: 1 net.inet6.ip6.gifhlim: 0 net.inet6.ip6.kame_version: 20010528/apple-darwin net.inet6.ip6.use_deprecated: 1 net.inet6.ip6.rr_prune: 5 net.inet6.ip6.v6only: 0 net.inet6.ip6.rtexpire: 3600 net.inet6.ip6.rtminexpire: 10 net.inet6.ip6.rtmaxcache: 128 net.inet6.ip6.use_tempaddr: 0 net.inet6.ip6.temppltime: 86400 net.inet6.ip6.tempvltime: 604800 net.inet6.ip6.auto_linklocal: 1 net.inet6.ip6.rip6stats: Format:S,rip6stat Length:56 Dump:0x00000000000000000000000000000000... net.inet6.ip6.maxfrags: 8192 net.inet6.ip6.fw.verbose_limit: 0 net.inet6.ip6.fw.verbose: 0 net.inet6.ip6.fw.debug: 0 net.inet6.ip6.fw.enable: 1 net.inet6.ip6.mrt6stat: Format:S,mrt6stat Length:104 Dump:0x00000000000000000000000000000000... net.inet6.ipsec6.stats: Format:S,ipsecstat Length:12432 Dump:0x00000000000000000000000000000000... net.inet6.ipsec6.def_policy: 1 net.inet6.ipsec6.esp_trans_deflev: 1 net.inet6.ipsec6.esp_net_deflev: 1 net.inet6.ipsec6.ah_trans_deflev: 1 net.inet6.ipsec6.ah_net_deflev: 1 net.inet6.ipsec6.ecn: 0 net.inet6.ipsec6.debug: 0 net.inet6.ipsec6.esp_randpad: -1 net.inet6.icmp6.stats: Format:S,icmp6stat Length:4328 Dump:0x00000000000000000000000000000000... net.inet6.icmp6.rediraccept: 1 net.inet6.icmp6.redirtimeout: 600 net.inet6.icmp6.nd6_prune: 1 net.inet6.icmp6.nd6_delay: 5 net.inet6.icmp6.nd6_umaxtries: 3 net.inet6.icmp6.nd6_mmaxtries: 3 net.inet6.icmp6.nd6_useloopback: 1 net.inet6.icmp6.nodeinfo: 3 net.inet6.icmp6.errppslimit: 100 net.inet6.icmp6.nd6_maxnudhint: 0 net.inet6.icmp6.nd6_debug: 0 net.inet6.icmp6.nd6_prlist: Format:S,in6_defrouter Length:280 Dump:0x1c1e000000000000fe80000000000000... net.pstimeout: 20 20 net.athaggrqmin: 1 1 net.athaggrfmax: 28 28 net.athbgscan: 1 1 net.athCCAThreshold: 91 91 net.athpowermode: 0 1 net.athvendorie: 1 1 net.athdupie: 1 1 net.athaddbaignore: 0 0 net.athppmupdate: 1 1 net.athforceBias: 2 2 net.athbadrxdesc: 0 0 net.athbadrxbuf: 0 0 net.athforcebadrx: 0 0 debug.lowpri_max_waiting_msecs: 200 debug.lowpri_max_window_msecs: 200 debug.lowpri_IO_window_inc: 50 debug.lowpri_IO_initial_window_msecs: 100 debug.bpf_maxdevices: 256 debug.bpf_maxbufsize: 524288 debug.bpf_bufsize: 4096 debug.iokit: 0 debug.net80211: 0 0 debug.athdriver: 0 0 hw.ncpu: 2 hw.byteorder: 1234 hw.memsize: 2147483648 hw.activecpu: 2 hw.optional.x86_64: 1 hw.optional.sse4_2: 0 hw.optional.sse4_1: 0 hw.optional.supplementalsse3: 1 hw.optional.sse3: 1 hw.optional.sse2: 1 hw.optional.sse: 1 hw.optional.mmx: 1 hw.optional.floatingpoint: 1 hw.packages: 1 hw.tbfrequency: 1000000000 hw.l2cachesize: 4194304 hw.l1dcachesize: 32768 hw.l1icachesize: 32768 hw.cachelinesize: 64 hw.cpufrequency_max: 2160000000 hw.cpufrequency_min: 2160000000 hw.cpufrequency: 2160000000 hw.busfrequency_max: 664000000 hw.busfrequency_min: 664000000 hw.busfrequency: 664000000 hw.pagesize: 4096 hw.cachesize: 2147483648 32768 4194304 0 0 0 0 0 0 0 hw.cacheconfig: 2 1 2 0 0 0 0 0 0 0 hw.cpufamily: 1114597871 hw.cpu64bit_capable: 1 hw.cpusubtype: 4 hw.cputype: 7 hw.logicalcpu_max: 2 hw.logicalcpu: 2 hw.physicalcpu_max: 2 hw.physicalcpu: 2 machdep.pmap.hashmax: 13 machdep.pmap.hashcnts: 136155343 machdep.pmap.hashwalks: 134412538 machdep.cpu.address_bits.virtual: 48 machdep.cpu.address_bits.physical: 36 machdep.cpu.cache.size: 4096 machdep.cpu.cache.L2_associativity: 8 machdep.cpu.cache.linesize: 64 machdep.cpu.arch_perf.fixed_width: 0 machdep.cpu.arch_perf.fixed_number: 0 machdep.cpu.arch_perf.events: 0 machdep.cpu.arch_perf.events_number: 7 machdep.cpu.arch_perf.width: 40 machdep.cpu.arch_perf.number: 2 machdep.cpu.arch_perf.version: 2 machdep.cpu.thermal.ACNT_MCNT: 1 machdep.cpu.thermal.thresholds: 2 machdep.cpu.thermal.dynamic_acceleration: 0 machdep.cpu.thermal.sensor: 1 machdep.cpu.mwait.sub_Cstates: 139808 machdep.cpu.mwait.extensions: 3 machdep.cpu.mwait.linesize_max: 64 machdep.cpu.mwait.linesize_min: 64 machdep.cpu.cores_per_package: 2 machdep.cpu.logical_per_package: 2 machdep.cpu.extfeatures: XD EM64T machdep.cpu.features: FPU VME DE PSE TSC MSR PAE MCE CX8 APIC SEP MTRR PGE MCA CMOV PAT PSE36 CLFSH DS ACPI MMX FXSR SSE SSE2 SS HTT TM SSE3 MON DSCPL VMX EST TM2 SSSE3 CX16 TPR PDCM machdep.cpu.brand: 0 machdep.cpu.signature: 1782 machdep.cpu.extfeature_bits: 537919488 1 machdep.cpu.feature_bits: -1075053569 58301 machdep.cpu.stepping: 6 machdep.cpu.extfamily: 0 machdep.cpu.extmodel: 0 machdep.cpu.model: 15 machdep.cpu.family: 6 machdep.cpu.brand_string: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz machdep.cpu.vendor: GenuineIntel security.mac.seatbelt.debug: 0 security.mac.seatbelt.profile_refcount: 80 security.mac.seatbelt.qtnstate_refcount: 15 security.mac.seatbelt.cred_label_refcount: 86 security.mac.vnode_enforce: 1 security.mac.vm_enforce: 1 security.mac.sysvshm_enforce: 1 security.mac.sysvsem_enforce: 1 security.mac.sysvmsg_enforce: 1 security.mac.system_enforce: 1 security.mac.socket_enforce: 1 security.mac.proc_enforce: 1 security.mac.posixshm_enforce: 1 security.mac.posixsem_enforce: 1 security.mac.pipe_enforce: 1 security.mac.iokit_enforce: 0 security.mac.file_enforce: 0 security.mac.device_enforce: 1 security.mac.mmap_revocation_via_cow: 0 security.mac.mmap_revocation: 0 security.mac.max_slots: 8 > What's the routing table like (on the > various machines)? mac to receive shared connection.... route -v get google.com u: inet 72.14.207.99; u: link ; RTM_GET: Report Metrics: len 128, pid: 0, seq 1, errno 0, flags: locks: inits: sockaddrs: eh-in-f99.google.com route to: eh-in-f99.google.com destination: default mask: default gateway: 10.0.1.1 interface: en0 flags: recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire 0 0 0 0 0 0 1500 0 locks: inits: sockaddrs: default 10.0.1.1 default en0:0.19.e3.48.10.c0 10.0.1.4 mac to share connection... route -v get google.com u: inet 64.233.167.99; u: link ; RTM_GET: Report Metrics: len 128, pid: 0, seq 1, errno 0, flags: locks: inits: sockaddrs: py-in-f99.google.com route to: py-in-f99.google.com destination: default mask: default gateway: 192.168.1.1 interface: en0 flags: recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire 0 0 0 0 0 0 1500 0 locks: inits: sockaddrs: default 192.168.1.1 default en0:0.11.24.86.f5.52 192.168.1.25 > It also sounds like you're not using a real router but a NAT box, > which may make this very difficult to impossible depending on that. > What is it? It's a linksys home router -- Best Regards, John Musbach From gordon at bivalve.net Mon Dec 10 21:00:29 2007 From: gordon at bivalve.net (Gordon Davisson) Date: Mon Dec 10 21:26:24 2007 Subject: ipfw port forwarding In-Reply-To: <20071210200005.753889E040@forums.omnigroup.com> References: <20071210200005.753889E040@forums.omnigroup.com> Message-ID: <78BDC69C-0945-41D5-8752-09F8D8B4CAA7@bivalve.net> On Dec 9, 2007, at 6:49 PM, John Musbach wrote: > I have internet sharing enabled on one mac which is in a dmz and am > trying to get another mac which is connected to the dmz'd mac via > internet sharing to have traffic received by the dmz'd mac for a > certain port to be forwarded to the connected mac...however the > terminal command "sudo ipfw add 02110 forward 10.0.2.7 in" doesn't > work (returns from missing but if I add "from any" after the ip I get > a invalid syntax error regarding that statement so I don't understand > what it wants), what am I doing wrong? Thanks! You need to the port forward with natd (the address translation daemon), not ipfw. If you do what you did, ipfw *will* forward the packet, but will not translate its destination address. As the ipfw man page says: The fwd action does not change the contents of the packet at all. In particular, the destination address remains unmodified, so packets forwarded to another system will usually be rejected by that system unless there is a matching rule on that system to capture them. This is not at all what you want; ipfw's only part in this is to have a divert rule to feed packets through natd for translation, which is where all the intelligent stuff takes place. To do port forwarding, you need to add something like: -redirect_port 10.0.2.7:80 80 to natd's usual stable of options and parameters (with "80" replaced with whatever port you actually want to forward). So, how do you do that? I'm not sure it can be done in any reasonably clean way with Internet Sharing -- it uses totally caned configurations, no customization (that I've found anyway) allowed. I actually had to do something like this a few years ago (along with the additional fun of needing to change the private IP address range), and wound up giving up on Internet Sharing and just using the underlying components (ipfw, natd, bootpd to supply DHCP service, and maybe named for DNS forwarding) "by hand". Naturally, I don't have any of the resulting scripts handy, but there are some similar bits of code at (and in the comments). But if all you need to do is add an argument to natd... you might be able to do something quicker and dirtier (MUCH dirtier). Try renaming /usr/sbin/natd to natd.orig, and replace it with a shell script containing: #!/bin/sh exec /usr/sbin/natd.orig "$@" -redirect_port 10.0.2.7:80 80 ...and then wash your hands thoroughly. Remember to make the script executable (chmod +x /usr/sbin/natd), and if anything goes wrong, the secretary will disavow any knowledge of your actions. -- Gordon Davisson From mah at jump-ing.de Tue Dec 11 01:02:08 2007 From: mah at jump-ing.de (Markus Hitter) Date: Tue Dec 11 01:02:15 2007 Subject: Delete Jobs on Shared Printer In-Reply-To: <70DF5496-CC9F-410D-A538-8A267F820F4C@highdesertchurch.com> References: <20071208200004.2D8929B6C8@forums.omnigroup.com> <823974A5-91DA-4F52-A889-8CFC11C8AF01@mac.com> <70DF5496-CC9F-410D-A538-8A267F820F4C@highdesertchurch.com> Message-ID: Am 10.12.2007 um 19:29 schrieb Daniel Hazelbaker: > So again, I assume this is just a 10.4 "quirk" because of the older > CUPS version so if somebody could verify this, I can live with the > issues until we get everybody up to Leopard. As printer management usually works fine in CUPS' own interface, it looks more like Apple needed more than 3 years to get up a working front end. Nice to hear it works at least. Markus - - - - - - - - - - - - - - - - - - - Dipl. Ing. Markus Hitter http://www.jump-ing.de/ From shoop at iwiring.net Tue Dec 11 09:24:03 2007 From: shoop at iwiring.net (Dan Shoop) Date: Tue Dec 11 09:24:11 2007 Subject: ipfw port forwarding In-Reply-To: <17c8e29e0712101753y4bb95922icec25cddb14f0c71@mail.gmail.com> References: <17c8e29e0712091749h44cb6938j346a0732a038c4bc@mail.gmail.com> <74586078-9FA4-4E3B-857E-3469156A60B6@iwiring.net> <17c8e29e0712101753y4bb95922icec25cddb14f0c71@mail.gmail.com> Message-ID: On Dec 10, 2007, at 8:53 PM, John Musbach wrote: > On Dec 10, 2007 11:50 AM, Dan Shoop wrote: >> What are your NIC's in question? > > The mac which needs to share the internet connection is connected to > the internet via ethernet (en0), I'm trying to get it to share the > internet connection over and forward packets through the airport > networking device (en1) > >> Have a bit of a diagram to share w >> subnets? > > DSL Modem > | > | > | > Router---> Mac server in dmz--share dmz'd internet connection via > airport---------v(*) > ----> AirPort Express --> AirPort Extreme --> other computers in house > connect here wirelessly for non dmz internet access, Other > Mac-----------------------------------^(*) Thanks, this is quite a bit clearer. So this "router" is really a NAT box? Why not replace it with a real router than one of these so-called routers you get free with your breakfast cereal? >> What's sysctl saying? > > kern.ostype = Darwin > kern.osrelease = 9.1.0 > net.local.stream.pcblist: Format:S,xunpcb Length:56136 > Dump:0x180000007600000024b5020000000000... > net.local.stream.recvspace: 8192 > net.local.stream.sendspace: 8192 > net.local.dgram.pcblist: Format:S,xunpcb Length:24672 > Dump:0x180000007600000024b5020000000000... > net.local.dgram.recvspace: 4096 > net.local.dgram.maxdgram: 2048 > net.local.inflight: 0 > net.inet.ip.portrange.hilast: 65535 > net.inet.ip.portrange.hifirst: 49152 > net.inet.ip.portrange.last: 65535 > net.inet.ip.portrange.first: 49152 > net.inet.ip.portrange.lowlast: 600 > net.inet.ip.portrange.lowfirst: 1023 > net.inet.ip.forwarding: 0 > net.inet.ip.redirect: 1 > net.inet.ip.ttl: 64 > net.inet.ip.rtexpire: 10 > net.inet.ip.rtminexpire: 10 > net.inet.ip.rtmaxcache: 128 > net.inet.ip.sourceroute: 0 > net.inet.ip.intr_queue_maxlen: 50 > net.inet.ip.intr_queue_drops: 0 > net.inet.ip.stats: Format:S,ipstat Length:116 > Dump:0x2fa79600000000000000000000000000... > net.inet.ip.accept_sourceroute: 0 > net.inet.ip.fastforwarding: 0 > net.inet.ip.keepfaith: 0 > net.inet.ip.gifttl: 30 > net.inet.ip.subnets_are_local: 0 > net.inet.ip.use_route_genid: 1 > net.inet.ip.check_route_selfref: 1 > net.inet.ip.dummynet.debug: 0 > net.inet.ip.dummynet.red_max_pkt_size: 1500 > net.inet.ip.dummynet.red_avg_pkt_size: 512 > net.inet.ip.dummynet.red_lookup_depth: 256 > net.inet.ip.dummynet.max_chain_len: 16 > net.inet.ip.dummynet.expire: 1 > net.inet.ip.dummynet.search_steps: 0 > net.inet.ip.dummynet.searches: 0 > net.inet.ip.dummynet.extract_heap: 0 > net.inet.ip.dummynet.ready_heap: 0 > net.inet.ip.dummynet.curr_time: 0 > net.inet.ip.dummynet.hash_size: 64 > net.inet.ip.fw.dyn_keepalive: 1 > net.inet.ip.fw.dyn_short_lifetime: 5 > net.inet.ip.fw.dyn_udp_lifetime: 10 > net.inet.ip.fw.dyn_rst_lifetime: 1 > net.inet.ip.fw.dyn_fin_lifetime: 1 > net.inet.ip.fw.dyn_syn_lifetime: 20 > net.inet.ip.fw.dyn_ack_lifetime: 300 > net.inet.ip.fw.static_count: 2 > net.inet.ip.fw.dyn_max: 4096 > net.inet.ip.fw.dyn_count: 0 > net.inet.ip.fw.curr_dyn_buckets: 256 > net.inet.ip.fw.dyn_buckets: 256 > net.inet.ip.fw.verbose_limit: 0 > net.inet.ip.fw.verbose: 2 > net.inet.ip.fw.debug: 0 > net.inet.ip.fw.one_pass: 0 > net.inet.ip.fw.autoinc_step: 100 > net.inet.ip.fw.enable: 1 > net.inet.ip.random_id: 1 > net.inet.ip.linklocal.in.allowbadttl: 1 > net.inet.ip.linklocal.stat: Format:S,ip_linklocal_stat Length:16 > Dump:0xae010000000000007a4a0000654a0000... > net.inet.ip.check_interface: 0 > net.inet.ip.maxfrags: 2048 > net.inet.ip.maxfragsperpacket: 128 > net.inet.ip.maxfragpackets: 1024 > net.inet.ip.maxchainsent: 0 > net.inet.icmp.maskrepl: 0 > net.inet.icmp.stats: Format:S,icmpstat Length:192 > Dump:0x5d000000000000000000000000000000... > net.inet.icmp.icmplim: 250 > net.inet.icmp.timestamp: 0 > net.inet.icmp.bmcastecho: 1 > net.inet.icmp.log_redirect: 0 > net.inet.icmp.drop_redirect: 0 > net.inet.igmp.stats: Format:S,igmpstat Length:36 > Dump:0x6f190000000000000000000000000000... > net.inet.tcp.rfc1323: 1 > net.inet.tcp.rfc1644: 0 > net.inet.tcp.mssdflt: 512 > net.inet.tcp.stats: Format:S,tcpstat Length:352 > Dump:0x9acb01001b0000003eca010086050000... > net.inet.tcp.keepidle: 7200000 > net.inet.tcp.keepintvl: 75000 > net.inet.tcp.sendspace: 65536 > net.inet.tcp.recvspace: 65536 > net.inet.tcp.keepinit: 75000 > net.inet.tcp.pcblist: Format:S,xtcpcb Length:3716 > Dump:0x1800000007000000ede98a0000000000... > net.inet.tcp.v6mssdflt: 1024 > net.inet.tcp.rexmt_thresh: 2 > net.inet.tcp.rfc3465: 1 > net.inet.tcp.maxseg_unacked: 8 > net.inet.tcp.slowlink_wsize: 8192 > net.inet.tcp.reass.overflows: 0 > net.inet.tcp.reass.cursegments: 0 > net.inet.tcp.reass.maxsegments: 2048 > net.inet.tcp.drop_synfin: 1 > net.inet.tcp.tcp_lq_overflow: 1 > net.inet.tcp.delayed_ack: 3 > net.inet.tcp.blackhole: 2 > net.inet.tcp.log_in_vain: 3 > net.inet.tcp.socket_unlocked_on_output: 1 > net.inet.tcp.packetchain: 50 > net.inet.tcp.ecn_negotiate_in: 0 > net.inet.tcp.ecn_initiate_out: 0 > net.inet.tcp.newreno: 0 > net.inet.tcp.local_slowstart_flightsize: 8 > net.inet.tcp.slowstart_flightsize: 1 > net.inet.tcp.path_mtu_discovery: 1 > net.inet.tcp.sack_globalholes: 0 > net.inet.tcp.sack_globalmaxholes: 65536 > net.inet.tcp.sack_maxholes: 128 > net.inet.tcp.sack: 1 > net.inet.tcp.rtt_min: 1 > net.inet.tcp.background_io_enabled: 1 > net.inet.tcp.isn_reseed_interval: 0 > net.inet.tcp.strict_rfc1948: 0 > net.inet.tcp.icmp_may_rst: 1 > net.inet.tcp.pcbcount: 7 > net.inet.tcp.do_tcpdrain: 0 > net.inet.tcp.tcbhashsize: 4096 > net.inet.tcp.minmssoverload: 0 > net.inet.tcp.minmss: 216 > net.inet.tcp.always_keepalive: 0 > net.inet.tcp.msl: 15000 > net.inet.tcp.background_io_trigger: 5 > net.inet.tcp.sockthreshold: 64 > net.inet.tcp.out_sw_cksum_bytes: 0 > net.inet.tcp.out_sw_cksum: 0 > net.inet.tcp.in_sw_cksum_bytes: 5401453 > net.inet.tcp.in_sw_cksum: 132709 > net.inet.tcp.win_scale_factor: 3 > net.inet.udp.checksum: 1 > net.inet.udp.stats: Format:S,udpstat Length:44 > Dump:0x342e0300000000000000000000000000... > net.inet.udp.maxdgram: 9216 > net.inet.udp.recvspace: 42080 > net.inet.udp.pcblist: Format:S,xinpcb Length:5488 > Dump:0x1800000011000000b2bf3a0000000000... > net.inet.udp.pcbcount: 17 > net.inet.udp.blackhole: 1 > net.inet.udp.log_in_vain: 3 > net.inet.udp.out_sw_cksum_bytes: 37556 > net.inet.udp.out_sw_cksum: 211 > net.inet.udp.in_sw_cksum_bytes: 34128 > net.inet.udp.in_sw_cksum: 183 > net.inet.ipsec.stats: Format:S,ipsecstat Length:12432 > Dump:0x00000000000000000000000000000000... > net.inet.ipsec.def_policy: 1 > net.inet.ipsec.esp_trans_deflev: 1 > net.inet.ipsec.esp_net_deflev: 1 > net.inet.ipsec.ah_trans_deflev: 1 > net.inet.ipsec.ah_net_deflev: 1 > net.inet.ipsec.ah_cleartos: 1 > net.inet.ipsec.ah_offsetmask: 0 > net.inet.ipsec.dfbit: 0 > net.inet.ipsec.ecn: 0 > net.inet.ipsec.debug: 0 > net.inet.ipsec.esp_randpad: -1 > net.inet.ipsec.esp_port: 0 > net.inet.ipsec.bypass: 1 > net.inet.raw.pcblist: Format:S,xinpcb Length:1008 > Dump:0x18000000030000008900000000000000... > net.inet.raw.recvspace: 8192 > net.inet.raw.maxdgram: 8192 > net.appletalk.ddpstats: Format:S,at_ddp_stats Length:52 > Dump:0x00000000000000000000000000000000... > net.appletalk.routermix: 2000 > net.appletalk.debug: Format:S,dbgBits Length:8 Dump:0x0000000000000000 > net.link.generic.system.ifcount: 8 > net.link.generic.system.dlil_input_sanity_check: 0 > net.link.generic.system.multi_threaded_input: 1 > net.link.ether.inet.send_conflicting_probes: 1 > net.link.ether.inet.keep_announcements: 1 > net.link.ether.inet.log_arp_warnings: 0 > net.link.ether.inet.sendllconflict: 0 > net.link.ether.inet.proxyall: 0 > net.link.ether.inet.useloopback: 1 > net.link.ether.inet.maxtries: 5 > net.link.ether.inet.apple_hwcksum_rx: 1 > net.link.ether.inet.apple_hwcksum_tx: 1 > net.link.ether.inet.host_down_time: 20 > net.link.ether.inet.max_age: 1200 > net.link.ether.inet.prune_intvl: 300 > net.key.debug: 0 > net.key.spi_trycnt: 1000 > net.key.spi_minval: 256 > net.key.spi_maxval: 268435455 > net.key.int_random: 60 > net.key.larval_lifetime: 30 > net.key.blockacq_count: 10 > net.key.blockacq_lifetime: 20 > net.key.esp_keymin: 256 > net.key.esp_auth: 0 > net.key.ah_keymin: 128 > net.key.prefered_oldsa: 0 > net.key.natt_keepalive_interval: 20 > net.key.pfkeystat: Format:S,pfkeystat Length:4240 > Dump:0x00000000000000000000000000000000... > net.inet6.ip6.forwarding: 0 > net.inet6.ip6.redirect: 1 > net.inet6.ip6.hlim: 64 > net.inet6.ip6.stats: Format:S,ip6stat Length:3200 > Dump:0x34130000000000000000000000000000... > net.inet6.ip6.maxfragpackets: 1024 > net.inet6.ip6.accept_rtadv: 0 > net.inet6.ip6.keepfaith: 0 > net.inet6.ip6.log_interval: 5 > net.inet6.ip6.hdrnestlimit: 50 > net.inet6.ip6.dad_count: 1 > net.inet6.ip6.auto_flowlabel: 1 > net.inet6.ip6.defmcasthlim: 1 > net.inet6.ip6.gifhlim: 0 > net.inet6.ip6.kame_version: 20010528/apple-darwin > net.inet6.ip6.use_deprecated: 1 > net.inet6.ip6.rr_prune: 5 > net.inet6.ip6.v6only: 0 > net.inet6.ip6.rtexpire: 3600 > net.inet6.ip6.rtminexpire: 10 > net.inet6.ip6.rtmaxcache: 128 > net.inet6.ip6.use_tempaddr: 0 > net.inet6.ip6.temppltime: 86400 > net.inet6.ip6.tempvltime: 604800 > net.inet6.ip6.auto_linklocal: 1 > net.inet6.ip6.rip6stats: Format:S,rip6stat Length:56 > Dump:0x00000000000000000000000000000000... > net.inet6.ip6.maxfrags: 8192 > net.inet6.ip6.fw.verbose_limit: 0 > net.inet6.ip6.fw.verbose: 0 > net.inet6.ip6.fw.debug: 0 > net.inet6.ip6.fw.enable: 1 > net.inet6.ip6.mrt6stat: Format:S,mrt6stat Length:104 > Dump:0x00000000000000000000000000000000... > net.inet6.ipsec6.stats: Format:S,ipsecstat Length:12432 > Dump:0x00000000000000000000000000000000... > net.inet6.ipsec6.def_policy: 1 > net.inet6.ipsec6.esp_trans_deflev: 1 > net.inet6.ipsec6.esp_net_deflev: 1 > net.inet6.ipsec6.ah_trans_deflev: 1 > net.inet6.ipsec6.ah_net_deflev: 1 > net.inet6.ipsec6.ecn: 0 > net.inet6.ipsec6.debug: 0 > net.inet6.ipsec6.esp_randpad: -1 > net.inet6.icmp6.stats: Format:S,icmp6stat Length:4328 > Dump:0x00000000000000000000000000000000... > net.inet6.icmp6.rediraccept: 1 > net.inet6.icmp6.redirtimeout: 600 > net.inet6.icmp6.nd6_prune: 1 > net.inet6.icmp6.nd6_delay: 5 > net.inet6.icmp6.nd6_umaxtries: 3 > net.inet6.icmp6.nd6_mmaxtries: 3 > net.inet6.icmp6.nd6_useloopback: 1 > net.inet6.icmp6.nodeinfo: 3 > net.inet6.icmp6.errppslimit: 100 > net.inet6.icmp6.nd6_maxnudhint: 0 > net.inet6.icmp6.nd6_debug: 0 > net.inet6.icmp6.nd6_prlist: Format:S,in6_defrouter Length:280 > Dump:0x1c1e000000000000fe80000000000000... > net.pstimeout: 20 20 > net.athaggrqmin: 1 1 > net.athaggrfmax: 28 28 > net.athbgscan: 1 1 > net.athCCAThreshold: 91 91 > net.athpowermode: 0 1 > net.athvendorie: 1 1 > net.athdupie: 1 1 > net.athaddbaignore: 0 0 > net.athppmupdate: 1 1 > net.athforceBias: 2 2 > net.athbadrxdesc: 0 0 > net.athbadrxbuf: 0 0 > net.athforcebadrx: 0 0 Note that forwarding is not on. >> What's the routing table like (on the >> various machines)? > mac to receive shared connection.... > route -v get google.com > That wasn't the routing tables. >> It also sounds like you're not using a real router but a NAT box, >> which may make this very difficult to impossible depending on that. >> What is it? > > It's a linksys home router Buy a real router. Honestly. The topography you're trying to establish here is horrid. There's so many points of failure that even if you do get this working it won't be for long. On top of that it's a lose since you're NAT'ing NAT which is abominable. Not only this but these things they've sold you as a router, really is a NAT box, and their "DMZ" really isn't, it's still NAT'ed and just get's exposed to packets not already being exposed through stateful connections already established. If this was a real router and you had a real one-to-one NAT to do this you need to be running NAT as well as ipfw on the "DMZ Mac", but if you had a real router you'd either just create a NAT on the DMZ or more properly multiple one-to-one NATs (which is still almost a a false DMZ) or more properly you'd expose the IP addresses directly for a better designed and true DMZ segment. -dhan ------------------------------------------------------------------------ Dan Shoop Computer Scientist iWiring / U.S. Technical Services shoop@iwiring.net AOL IM .................... iWiring Nextel .................... 1-714-363-1174 Operations TOC (24/7) ..... 1-866-901-USTS USTS Offices .............. 1-714-374-6300 For immediate response for urgent matters please speak to the Duty Officer at the USTS Tactical Operations Center (above) who can reach me by radio. From johnmusbach1 at gmail.com Tue Dec 11 12:03:43 2007 From: johnmusbach1 at gmail.com (John Musbach) Date: Tue Dec 11 12:03:47 2007 Subject: ipfw port forwarding In-Reply-To: References: <17c8e29e0712091749h44cb6938j346a0732a038c4bc@mail.gmail.com> <74586078-9FA4-4E3B-857E-3469156A60B6@iwiring.net> <17c8e29e0712101753y4bb95922icec25cddb14f0c71@mail.gmail.com> Message-ID: <17c8e29e0712111203v343e8356q39903dddd807f27@mail.gmail.com> On Dec 11, 2007 9:24 AM, Dan Shoop wrote: > That wasn't the routing tables. How do I get them dumped in mac os x 10.4/.5? I tried route -e but the route program provided with mac os x doesn't seem to understand that parameter... > Buy a real router. Honestly. The topography you're trying to establish > here is horrid. There's so many points of failure that even if you do > get this working it won't be for long. On top of that it's a lose > since you're NAT'ing NAT which is abominable. Not only this but these > things they've sold you as a router, really is a NAT box, and their > "DMZ" really isn't, it's still NAT'ed and just get's exposed to > packets not already being exposed through stateful connections already > established. Alright well thanks anyways, I think my issue was solved by Gordon's post. :) -- Best Regards, John Musbach From shoop at iwiring.net Tue Dec 11 13:19:14 2007 From: shoop at iwiring.net (Dan Shoop) Date: Tue Dec 11 13:19:27 2007 Subject: ipfw port forwarding In-Reply-To: <17c8e29e0712111203v343e8356q39903dddd807f27@mail.gmail.com> References: <17c8e29e0712091749h44cb6938j346a0732a038c4bc@mail.gmail.com> <74586078-9FA4-4E3B-857E-3469156A60B6@iwiring.net> <17c8e29e0712101753y4bb95922icec25cddb14f0c71@mail.gmail.com> <17c8e29e0712111203v343e8356q39903dddd807f27@mail.gmail.com> Message-ID: <61385362-EB05-4D88-B879-C30BFA4E7416@iwiring.net> On Dec 11, 2007, at 3:03 PM, John Musbach wrote: > On Dec 11, 2007 9:24 AM, Dan Shoop wrote: >> That wasn't the routing tables. > > How do I get them dumped in mac os x 10.4/.5? I tried route -e but the > route program provided with mac os x doesn't seem to understand that > parameter... As per the man page `netstat -rn` -dhan ------------------------------------------------------------------------ Dan Shoop Computer Scientist iWiring / U.S. Technical Services shoop@iwiring.net AOL IM .................... iWiring Nextel .................... 1-714-363-1174 Operations TOC (24/7) ..... 1-866-901-USTS USTS Offices .............. 1-714-374-6300 For immediate response for urgent matters please speak to the Duty Officer at the USTS Tactical Operations Center (above) who can reach me by radio. From johnmusbach1 at gmail.com Tue Dec 11 16:00:12 2007 From: johnmusbach1 at gmail.com (John Musbach) Date: Tue Dec 11 16:00:17 2007 Subject: ipfw port forwarding In-Reply-To: <61385362-EB05-4D88-B879-C30BFA4E7416@iwiring.net> References: <17c8e29e0712091749h44cb6938j346a0732a038c4bc@mail.gmail.com> <74586078-9FA4-4E3B-857E-3469156A60B6@iwiring.net> <17c8e29e0712101753y4bb95922icec25cddb14f0c71@mail.gmail.com> <17c8e29e0712111203v343e8356q39903dddd807f27@mail.gmail.com> <61385362-EB05-4D88-B879-C30BFA4E7416@iwiring.net> Message-ID: <17c8e29e0712111600s505ca6ffwaeb7f46d3d88369e@mail.gmail.com> On Dec 11, 2007 1:19 PM, Dan Shoop wrote: > As per the man page `netstat -rn` Are you sure this is a routing table: netstat -m 772/1617 mbufs in use: 566 mbufs allocated to data 1 mbufs allocated to packet headers 204 mbufs allocated to socket names and addresses 1 mbufs allocated to Appletalk data blocks 845 mbufs allocated to caches 741/1606 mbuf 2KB clusters in use 0/53 mbuf 4KB clusters in use 0/31 mbuf 16KB clusters in use 3927 KB allocated to network (22.0% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to drain routines ? -- Best Regards, John Musbach From johnmusbach1 at gmail.com Tue Dec 11 16:01:11 2007 From: johnmusbach1 at gmail.com (John Musbach) Date: Tue Dec 11 16:01:14 2007 Subject: ipfw port forwarding In-Reply-To: <17c8e29e0712111600s505ca6ffwaeb7f46d3d88369e@mail.gmail.com> References: <17c8e29e0712091749h44cb6938j346a0732a038c4bc@mail.gmail.com> <74586078-9FA4-4E3B-857E-3469156A60B6@iwiring.net> <17c8e29e0712101753y4bb95922icec25cddb14f0c71@mail.gmail.com> <17c8e29e0712111203v343e8356q39903dddd807f27@mail.gmail.com> <61385362-EB05-4D88-B879-C30BFA4E7416@iwiring.net> <17c8e29e0712111600s505ca6ffwaeb7f46d3d88369e@mail.gmail.com> Message-ID: <17c8e29e0712111601j41604300tb780eedddb79d427@mail.gmail.com> On Dec 11, 2007 4:00 PM, John Musbach wrote: > On Dec 11, 2007 1:19 PM, Dan Shoop wrote: > > As per the man page `netstat -rn` > > Are you sure this is a routing table: Oops sorry, typo... I figured it out, thanks! :) -- Best Regards, John Musbach From grail at goldweb.com.au Tue Dec 11 16:52:40 2007 From: grail at goldweb.com.au (Alex Satrapa) Date: Tue Dec 11 16:52:51 2007 Subject: [OT] Re: ipfw port forwarding In-Reply-To: <17c8e29e0712111600s505ca6ffwaeb7f46d3d88369e@mail.gmail.com> References: <17c8e29e0712091749h44cb6938j346a0732a038c4bc@mail.gmail.com> <74586078-9FA4-4E3B-857E-3469156A60B6@iwiring.net> <17c8e29e0712101753y4bb95922icec25cddb14f0c71@mail.gmail.com> <17c8e29e0712111203v343e8356q39903dddd807f27@mail.gmail.com> <61385362-EB05-4D88-B879-C30BFA4E7416@iwiring.net> <17c8e29e0712111600s505ca6ffwaeb7f46d3d88369e@mail.gmail.com> Message-ID: <0CD98369-AF1E-4098-9D26-35E519402DA2@goldweb.com.au> On 12/12/2007, at 11:00 , John Musbach wrote: > On Dec 11, 2007 1:19 PM, Dan Shoop wrote: >> As per the man page `netstat -rn` > > Are you sure this is a routing table: > > netstat -m This is why I always read my mail as plain text, in a monospace font :) I'll go back to my corner now. From kremels at kreme.com Thu Dec 13 06:49:48 2007 From: kremels at kreme.com (LuKreme) Date: Thu Dec 13 06:49:51 2007 Subject: PHP5 and Leopard and GD Message-ID: Has anyone had any issue installing gd2 into the php included in Leopard Client. I have gd2 compiled and configured successfully, and it installed gd.so into /usr/lib/php/extensions/no-debug-non-zts-20060613 as it was supposed do, but when I do a php -m, GD is not listed I set extension_dir = "/usr/lib/php/extensions/no-debug-non- zts-20060613/" which resulted in: # php -m dyld: NSLinkModule() error dyld: Symbol not found: _php_sig_gif Referenced from: /usr/lib/php/extensions/no-debug-non-zts-20060613/ gd.so Expected in: flat namespace (I did install a libjpeg, but nothing for gif or png because I couldn't find the right libs for gifs and pngs) I did compile as 32-bit as I didn't think I needed a 64-bit version, should I recompile as 64-bit? The instructions I read were about Leopard Server, but nothing in them appeared to be server OS specific. I did find a pre-compiled archive of php5.2.5 for leopard that apparently fixes all of this, but I am, naturally, hesitant to do that. I'm running hellaworld, and it uses a php call to gd to create a progress bar of the current download. Despite finding at least one reference that the apache2 php5 would work even if the CLI did not, this does not appear to be the case on my machine. -- "I don't think the kind of friends I'd have would care." From johnmusbach1 at gmail.com Thu Dec 13 07:34:41 2007 From: johnmusbach1 at gmail.com (John Musbach) Date: Thu Dec 13 07:34:44 2007 Subject: PHP5 and Leopard and GD In-Reply-To: <17c8e29e0712130732g18ce342bx42650c0c55dd663e@mail.gmail.com> References: <17c8e29e0712130732g18ce342bx42650c0c55dd663e@mail.gmail.com> Message-ID: <17c8e29e0712130734n3d4c633craeb4e2161a51db68@mail.gmail.com> On Dec 13, 2007 7:32 AM, John Musbach wrote: > See http://www.procata.com/blog/archives/2007/10/28/working-with-php-5-in-mac-os-x-105/ > , php5 is already included in leopard GD however is not and a guide to installing it can be located here: http://www.veola.net/macintosh/adding-gd-library-for-mac-os-x-leopard -- Best Regards, John Musbach From johnmusbach1 at gmail.com Thu Dec 13 07:35:02 2007 From: johnmusbach1 at gmail.com (John Musbach) Date: Thu Dec 13 07:35:08 2007 Subject: PHP5 and Leopard and GD In-Reply-To: References: Message-ID: <17c8e29e0712130735s5011df0p8d5837bc2dab300a@mail.gmail.com> On Dec 13, 2007 6:49 AM, LuKreme wrote: > Has anyone had any issue installing gd2 into the php included in > Leopard Client. I have gd2 compiled and configured successfully, and > it installed gd.so into See http://www.procata.com/blog/archives/2007/10/28/working-with-php-5-in-mac-os-x-105/ , php5 is already included in leopard -- Best Regards, John Musbach From mstearne at entermix.com Fri Dec 14 10:53:49 2007 From: mstearne at entermix.com (Michael Stearne) Date: Fri Dec 14 10:53:56 2007 Subject: Downgrading To Tiger - Will Raid Stay Intact Message-ID: We have a Leopard machine that we need to downgrade to Tiger. We have a RAID of 2 (physical) drives (3 total) on that machine created by Disk Utility (in Leopard). If we do a clean install (Erase the system drive with Restore DVDs) of the main drive. Will the RAID of drive 2 & 3 remain intact in Tiger? Thanks for any help, Michael From mah at jump-ing.de Fri Dec 14 12:48:50 2007 From: mah at jump-ing.de (Markus Hitter) Date: Fri Dec 14 12:49:02 2007 Subject: Downgrading To Tiger - Will Raid Stay Intact In-Reply-To: References: Message-ID: <26DC41AF-86EC-4274-8506-38ACACC863DC@jump-ing.de> Am 14.12.2007 um 19:53 schrieb Michael Stearne: > We have a Leopard machine that we need to downgrade to Tiger. We > have a RAID of 2 (physical) drives (3 total) on that machine > created by Disk Utility (in Leopard). If we do a clean install > (Erase the system drive with Restore DVDs) of the main drive. Not sure about Restore DVDs, but with a retail installation DVD you can do about everything one can think of, including running Disk Utility to unmount the RAID before doing the install. > Will the RAID of drive 2 & 3 remain intact in Tiger? The other question is, will a RAID made in Leopard work in Tiger? Markus - - - - - - - - - - - - - - - - - - - Dipl. Ing. Markus Hitter http://www.jump-ing.de/ From mstearne at entermix.com Fri Dec 14 15:51:06 2007 From: mstearne at entermix.com (Michael Stearne) Date: Fri Dec 14 15:51:18 2007 Subject: Downgrading To Tiger - Will Raid Stay Intact In-Reply-To: <26DC41AF-86EC-4274-8506-38ACACC863DC@jump-ing.de> References: <26DC41AF-86EC-4274-8506-38ACACC863DC@jump-ing.de> Message-ID: <9D8B7D66-0FBE-4BCD-AF33-64C92A931103@entermix.com> On Dec 14, 2007, at 3:48 PM, Markus Hitter wrote: > > >> Will the RAID of drive 2 & 3 remain intact in Tiger? > > The other question is, will a RAID made in Leopard work in Tiger? > Yeah. That is a bigger question. The RAID is of the format "Apple RAID 2.0" (although I don't know what the version of the Apple RAID in Tiger is). I think we will just stay with Leopard and hope that memcache is added to entropy's PHP soon. Michael From mgf at mgfconsulting.net Fri Dec 14 16:16:13 2007 From: mgf at mgfconsulting.net (Mike Friedman) Date: Fri Dec 14 16:26:05 2007 Subject: Firewire for Software RAID Message-ID: <0ADF8972-B934-4C6E-A2E3-12BA124718E2@mgfconsulting.net> A client of mine is using a G5 iMac as their server (done long before I entered the picture) and has no RAID running on the silly thing. Obviously this is a problem. Are any of you using a Firewire disk for a RAID 1 mirror? Their needs are pretty simple, but I want them to have some redundancy built in. ======================= Mike Friedman MGF Consulting Computers without Attitude http://www.mgfconsulting.net 415-648-6560 (office) 415-823-9990 (mobile) Yahoo Messenger/AIM: sfmike64 From daniel at highdesertchurch.com Fri Dec 14 17:16:00 2007 From: daniel at highdesertchurch.com (Daniel Hazelbaker) Date: Fri Dec 14 17:16:10 2007 Subject: Firewire for Software RAID In-Reply-To: <0ADF8972-B934-4C6E-A2E3-12BA124718E2@mgfconsulting.net> References: <0ADF8972-B934-4C6E-A2E3-12BA124718E2@mgfconsulting.net> Message-ID: <22FF5611-8FEA-4AB5-93DD-7C0E1FCBE98C@highdesertchurch.com> I don't know if it helps, but we have tried 3 different models of firewire drives on our main file server and all were unstable, even without RAID. By unstable I mean they would randomly "lock up" and we would have to unplug it and then re-plug it back in. We did try Software RAID with firewire once and after rebuilding the array 4 times in as many months we gave up and bought a nice hardware raid box. You can actually get some pretty cheap ones now that just have 2 drive that are hardware based mirroring. Daniel On Dec 14, 2007, at 4:16 PM, Mike Friedman wrote: > A client of mine is using a G5 iMac as their server (done long > before I entered the picture) and has no RAID running on the silly > thing. Obviously this is a problem. Are any of you using a Firewire > disk for a RAID 1 mirror? Their needs are pretty simple, but I want > them to have some redundancy built in. > > > > > > ======================= > Mike Friedman > MGF Consulting > Computers without Attitude > http://www.mgfconsulting.net > 415-648-6560 (office) > 415-823-9990 (mobile) > Yahoo Messenger/AIM: sfmike64 > > > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > From kenny_leung at pobox.com Fri Dec 14 17:26:45 2007 From: kenny_leung at pobox.com (Kenny Leung) Date: Fri Dec 14 17:27:05 2007 Subject: Firewire for Software RAID In-Reply-To: <22FF5611-8FEA-4AB5-93DD-7C0E1FCBE98C@highdesertchurch.com> References: <0ADF8972-B934-4C6E-A2E3-12BA124718E2@mgfconsulting.net> <22FF5611-8FEA-4AB5-93DD-7C0E1FCBE98C@highdesertchurch.com> Message-ID: <1D8AC6A2-4AB9-4389-BBD0-A1A2754F6FDD@pobox.com> I have been using a drobo (www.drobo.com), and I think it's great. -Kenny On Dec 14, 2007, at 5:16 PM, Daniel Hazelbaker wrote: > I don't know if it helps, but we have tried 3 different models of > firewire drives on our main file server and all were unstable, even > without RAID. By unstable I mean they would randomly "lock up" and > we would have to unplug it and then re-plug it back in. We did try > Software RAID with firewire once and after rebuilding the array 4 > times in as many months we gave up and bought a nice hardware raid > box. You can actually get some pretty cheap ones now that just > have 2 drive that are hardware based mirroring. > > Daniel > > On Dec 14, 2007, at 4:16 PM, Mike Friedman wrote: > >> A client of mine is using a G5 iMac as their server (done long >> before I entered the picture) and has no RAID running on the silly >> thing. Obviously this is a problem. Are any of you using a >> Firewire disk for a RAID 1 mirror? Their needs are pretty simple, >> but I want them to have some redundancy built in. >> >> >> >> >> >> ======================= >> Mike Friedman >> MGF Consulting >> Computers without Attitude >> http://www.mgfconsulting.net >> 415-648-6560 (office) >> 415-823-9990 (mobile) >> Yahoo Messenger/AIM: sfmike64 >> >> >> >> _______________________________________________ >> MacOSX-admin mailing list >> MacOSX-admin@omnigroup.com >> http://www.omnigroup.com/mailman/listinfo/macosx-admin >> > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin From mgf at mgfconsulting.net Fri Dec 14 18:37:44 2007 From: mgf at mgfconsulting.net (Mike Friedman) Date: Fri Dec 14 18:37:54 2007 Subject: Firewire for Software RAID In-Reply-To: <22FF5611-8FEA-4AB5-93DD-7C0E1FCBE98C@highdesertchurch.com> References: <0ADF8972-B934-4C6E-A2E3-12BA124718E2@mgfconsulting.net> <22FF5611-8FEA-4AB5-93DD-7C0E1FCBE98C@highdesertchurch.com> Message-ID: <0439EE1C-0659-40A6-A883-815D5AE14F11@mgfconsulting.net> On Dec 14, 2007, at 5:16 PM, Daniel Hazelbaker wrote: > I don't know if it helps, but we have tried 3 different models of > firewire drives on our main file server and all were unstable, even > without RAID. By unstable I mean they would randomly "lock up" and > we would have to unplug it and then re-plug it back in. We did try > Software RAID with firewire once and after rebuilding the array 4 > times in as many months we gave up and bought a nice hardware raid > box. You can actually get some pretty cheap ones now that just have > 2 drive that are hardware based mirroring. > > Daniel > > On Dec 14, 2007, at 4:16 PM, Mike Friedman wrote: > >> A client of mine is using a G5 iMac as their server (done long >> before I entered the picture) and has no RAID running on the silly >> thing. Obviously this is a problem. Are any of you using a Firewire >> disk for a RAID 1 mirror? Their needs are pretty simple, but I >> want them to have some redundancy built in. >> >> That's an extremely good idea, I think I will suggest that to them instead of replacing the iMac. In fact, I may do this for my own iMac based server which I tried Software RAID on a couple of times and it was a huge mess. Thanks for the suggestion. ======================= Mike Friedman MGF Consulting Computers without Attitude http://www.mgfconsulting.net 415-648-6560 (office) 415-823-9990 (mobile) Yahoo Messenger/AIM: sfmike64 From tbaley at mac.com Fri Dec 14 19:29:20 2007 From: tbaley at mac.com (Thomas Baley) Date: Fri Dec 14 19:29:24 2007 Subject: Firewire for Software RAID In-Reply-To: <0439EE1C-0659-40A6-A883-815D5AE14F11@mgfconsulting.net> References: <0ADF8972-B934-4C6E-A2E3-12BA124718E2@mgfconsulting.net> <22FF5611-8FEA-4AB5-93DD-7C0E1FCBE98C@highdesertchurch.com> <0439EE1C-0659-40A6-A883-815D5AE14F11@mgfconsulting.net> Message-ID: MacOSX-admin@omnigroup.comI have been using a 1 TB Buffalo external drive in plain vanilla mirror mode for 500 GB effective storage and just love it. It is both USB and Firewire 400. I have only used the Firewire. It cost $279 on sale. I just came back from Frye's (yes, we have them in Atlanta, too) and the 4 TB NAS, supporting RAID 0, 1, 5, & 10, is $1,799. The 2 TB model NAS was on sale for $799. That would save $200 buying two 2 TB units instead of the one 4 TB. Of course you wind up with eight physical drives instead of four. These are true NAS, running a flavor of Linux inside on 32 MB of its own memory, builtin iTunes server, and a USB plug for a printer or additional drive or a USB hub. Seems like a great deal, if you need terabytes of storage. Tom Baley Thomas R. Baley tbaley@mac.com 770-984-8655 404-529-4710 f On Dec 14, 2007, at 9:37 PM, Mike Friedman wrote: On Dec 14, 2007, at 5:16 PM, Daniel Hazelbaker wrote: > I don't know if it helps, but we have tried 3 different models of > firewire drives on our main file server and all were unstable, even > without RAID. By unstable I mean they would randomly "lock up" and > we would have to unplug it and then re-plug it back in. We did try > Software RAID with firewire once and after rebuilding the array 4 > times in as many months we gave up and bought a nice hardware raid > box. You can actually get some pretty cheap ones now that just > have 2 drive that are hardware based mirroring. > > Daniel > > On Dec 14, 2007, at 4:16 PM, Mike Friedman wrote: > >> A client of mine is using a G5 iMac as their server (done long >> before I entered the picture) and has no RAID running on the silly >> thing. Obviously this is a problem. Are any of you using a >> Firewire disk for a RAID 1 mirror? Their needs are pretty simple, >> but I want them to have some redundancy built in. >> >> That's an extremely good idea, I think I will suggest that to them instead of replacing the iMac. In fact, I may do this for my own iMac based server which I tried Software RAID on a couple of times and it was a huge mess. Thanks for the suggestion. ======================= Mike Friedman MGF Consulting Computers without Attitude http://www.mgfconsulting.net 415-648-6560 (office) 415-823-9990 (mobile) Yahoo Messenger/AIM: sfmike64 _______________________________________________ MacOSX-admin mailing list MacOSX-admin@omnigroup.com http://www.omnigroup.com/mailman/listinfo/macosx-admin From johnmusbach1 at gmail.com Sat Dec 15 16:38:23 2007 From: johnmusbach1 at gmail.com (John Musbach) Date: Sat Dec 15 16:38:27 2007 Subject: Firewire for Software RAID In-Reply-To: <0ADF8972-B934-4C6E-A2E3-12BA124718E2@mgfconsulting.net> References: <0ADF8972-B934-4C6E-A2E3-12BA124718E2@mgfconsulting.net> Message-ID: <17c8e29e0712151638j14d9f017x409926ec58c29f4f@mail.gmail.com> On Dec 14, 2007 4:16 PM, Mike Friedman wrote: > A client of mine is using a G5 iMac as their server (done long before > I entered the picture) and has no RAID running on the silly thing. > Obviously this is a problem. Are any of you using a Firewire disk for > a RAID 1 mirror? Their needs are pretty simple, but I want them to > have some redundancy built in. I have done it without issue -- Best Regards, John Musbach From johnmusbach1 at gmail.com Sat Dec 15 16:39:43 2007 From: johnmusbach1 at gmail.com (John Musbach) Date: Sat Dec 15 16:39:44 2007 Subject: Firewire for Software RAID In-Reply-To: References: <0ADF8972-B934-4C6E-A2E3-12BA124718E2@mgfconsulting.net> <22FF5611-8FEA-4AB5-93DD-7C0E1FCBE98C@highdesertchurch.com> <0439EE1C-0659-40A6-A883-815D5AE14F11@mgfconsulting.net> Message-ID: <17c8e29e0712151639m5f56808cyc13966c2bc264d4e@mail.gmail.com> On Dec 14, 2007 7:29 PM, Thomas Baley wrote: > MacOSX-admin@omnigroup.comI have been using a 1 TB Buffalo external > drive in plain vanilla mirror mode for 500 GB effective storage and > just love it. It is both USB and Firewire 400. I have only used the > Firewire. It cost $279 on sale. Are you sure macosx-admin@omnigroup.coml is the right url? -- Best Regards, John Musbach From johnmusbach1 at gmail.com Sat Dec 15 20:07:40 2007 From: johnmusbach1 at gmail.com (John Musbach) Date: Sat Dec 15 20:07:44 2007 Subject: Downgrading To Tiger - Will Raid Stay Intact In-Reply-To: References: Message-ID: <17c8e29e0712152007p3f60d7d1g22918020742eaa3a@mail.gmail.com> On Dec 14, 2007 10:53 AM, Michael Stearne wrote: > We have a Leopard machine that we need to downgrade to Tiger. We have > a RAID of 2 (physical) drives (3 total) on that machine created by > Disk Utility (in Leopard). If we do a clean install (Erase the system > drive with Restore DVDs) of the main drive. Will the RAID of drive 2 > & 3 remain intact in Tiger? This is a task handled by the Disk Utility, if the Tiger installer does not complain about installing onto this raid then it should work fine. I have never seen a mac os installer fiddle with partitioning before and would certainly not expect the Tiger installer to fiddle with your raid partitioning. -- Best Regards, John Musbach From brett.dikeman at gmail.com Tue Dec 18 08:57:56 2007 From: brett.dikeman at gmail.com (Brett Dikeman) Date: Tue Dec 18 08:58:00 2007 Subject: Firewire for Software RAID In-Reply-To: <1D8AC6A2-4AB9-4389-BBD0-A1A2754F6FDD@pobox.com> References: <0ADF8972-B934-4C6E-A2E3-12BA124718E2@mgfconsulting.net> <22FF5611-8FEA-4AB5-93DD-7C0E1FCBE98C@highdesertchurch.com> <1D8AC6A2-4AB9-4389-BBD0-A1A2754F6FDD@pobox.com> Message-ID: <9d9c4a330712180857m319d4ee8gbe9076a9c8754d45@mail.gmail.com> On Dec 14, 2007 8:26 PM, Kenny Leung wrote: > I have been using a drobo (www.drobo.com), and I think it's great. They're expensive ($500, with no drives, which puts them deep into NAS territory), slow as molasses, and don't offer anything above or beyond other units, except for a few LEDs in a cute-looking box. I saw a review recently where READ speed was about 10-15MB/sec no matter how many drives were installed. From kenny_leung at pobox.com Tue Dec 18 09:12:50 2007 From: kenny_leung at pobox.com (Kenny Leung) Date: Tue Dec 18 09:13:00 2007 Subject: Firewire for Software RAID In-Reply-To: <9d9c4a330712180857m319d4ee8gbe9076a9c8754d45@mail.gmail.com> References: <0ADF8972-B934-4C6E-A2E3-12BA124718E2@mgfconsulting.net> <22FF5611-8FEA-4AB5-93DD-7C0E1FCBE98C@highdesertchurch.com> <1D8AC6A2-4AB9-4389-BBD0-A1A2754F6FDD@pobox.com> <9d9c4a330712180857m319d4ee8gbe9076a9c8754d45@mail.gmail.com> Message-ID: <73D5CE27-0AF8-4D7A-BF84-FE08EA72D375@pobox.com> I beg to differ. drobo is the only "RAID-like" enclosure you can get that is expandable. Use any other unit and you have to buy all the same size disk up front, and once the RAID set is built, you can never change it. The drobo allows you to start with two drives, work your way up to 4, and you don't have to worry about matching sizes. You just buy whatever is biggest and cheapest on the market. Once your 4 drives fill up, you buy yet another biggest and cheapest and swap it out for the smallest drive. While $500 may sound pricey, it is cheaper than some other RAID enclosures, like LaCIE. Also, there are no rip-off drive sleds to buy other enclosures make you buy a drive sled for $50 to $250. The drobo takes bare drives. The price was initially $700, but they got such a good response on their initial production run that they were able to cut the price down by $200, and they automatically sent me a refund in the mail. I didn't even have to ask! Take that, early iPhone buyers! -Kenny On Dec 18, 2007, at 8:57 AM, Brett Dikeman wrote: > On Dec 14, 2007 8:26 PM, Kenny Leung wrote: >> I have been using a drobo (www.drobo.com), and I think it's great. > > They're expensive ($500, with no drives, which puts them deep into NAS > territory), slow as molasses, and don't offer anything above or beyond > other units, except for a few LEDs in a cute-looking box. > > I saw a review recently where READ speed was about 10-15MB/sec no > matter how many drives were installed. From tbaley at mac.com Tue Dec 18 09:13:09 2007 From: tbaley at mac.com (Thomas Baley) Date: Tue Dec 18 09:13:15 2007 Subject: Firewire for Software RAID In-Reply-To: <9d9c4a330712180857m319d4ee8gbe9076a9c8754d45@mail.gmail.com> References: <0ADF8972-B934-4C6E-A2E3-12BA124718E2@mgfconsulting.net> <22FF5611-8FEA-4AB5-93DD-7C0E1FCBE98C@highdesertchurch.com> <1D8AC6A2-4AB9-4389-BBD0-A1A2754F6FDD@pobox.com> <9d9c4a330712180857m319d4ee8gbe9076a9c8754d45@mail.gmail.com> Message-ID: <2EA20A06-5A2A-409E-B982-7023FCE0830D@mac.com> I was very interested to read your comments on the Drobo. It caught my interest with all the bubbling enthusiastic reviews in the last six months. But it seems you are certainly correct on the price point. I can get the 2 TB Buffalo NAS for $1,700-$1,800. Doesn't the Drobo have a limit on the size of an individual drive, too? I had not heard anyone else talk about speed one way or another. Your comments are valuable. Perhaps the things it brings to the table are (1) no-brainer for installing and using and (2) for the person with a pile of stray drives laying around, it handles drives of different sizes without blinking (limiting the overall size by the smallest drive). It is also limited to being just a USB external device, right? All-in-all, it seems like a good idea, but may lack some in implementation and price point. I would be interested in any other experience you have with it, like reliability, heat (?), etc. Thomas R. Baley tbaley@mac.com 770-984-8655 404-529-4710 f On Dec 18, 2007, at 11:57 AM, Brett Dikeman wrote: On Dec 14, 2007 8:26 PM, Kenny Leung wrote: > I have been using a drobo (www.drobo.com), and I think it's great. They're expensive ($500, with no drives, which puts them deep into NAS territory), slow as molasses, and don't offer anything above or beyond other units, except for a few LEDs in a cute-looking box. I saw a review recently where READ speed was about 10-15MB/sec no matter how many drives were installed. _______________________________________________ MacOSX-admin mailing list MacOSX-admin@omnigroup.com http://www.omnigroup.com/mailman/listinfo/macosx-admin From daniel at highdesertchurch.com Tue Dec 18 09:29:40 2007 From: daniel at highdesertchurch.com (Daniel Hazelbaker) Date: Tue Dec 18 09:29:57 2007 Subject: Firewire for Software RAID In-Reply-To: <2EA20A06-5A2A-409E-B982-7023FCE0830D@mac.com> References: <0ADF8972-B934-4C6E-A2E3-12BA124718E2@mgfconsulting.net> <22FF5611-8FEA-4AB5-93DD-7C0E1FCBE98C@highdesertchurch.com> <1D8AC6A2-4AB9-4389-BBD0-A1A2754F6FDD@pobox.com> <9d9c4a330712180857m319d4ee8gbe9076a9c8754d45@mail.gmail.com> <2EA20A06-5A2A-409E-B982-7023FCE0830D@mac.com> Message-ID: <34B7D152-E3F0-4F26-AC4C-3965F3B8D392@highdesertchurch.com> If you (whoever the OP was) is looking for a "cheap" desktop box that they can put 2 drives in for mirroring I recommend taking a look at fwdepot.com. They have some pretty decent cheap cases that do basic hardware RAID. If you are looking for something that is solid, sturdy, and reliable beyond belief you are going to be spending at least $1,000 for something that is either SCSI or Fiber. I have nothing against USB (other than the speed and CPU requirements) or firewire, but they are just not good server connections. They don't lock in (you can easily knock them out while trying to fish out other cables), personally I have found them to be inherently unstable (they just were not designed for 24/7/365 use), and the non-rackmount cases just seem to be a little fidgety when it comes to heating issues. Personally, we limped through with a 1TB Lacie disk until we could afford a nice 16-bay rack-mount unit from firewiredirect.com ($5,000 but it was more than worth it) and it has been running solid for 2.5 years without an issue. For desktop use, we have firewire drives everywhere. But we don't leave them running 24/7 anymore. They just seem to burn up too fast. Daniel Hazelbaker On Dec 18, 2007, at 9:13 AM, Thomas Baley wrote: > I was very interested to read your comments on the Drobo. It caught > my interest with all the bubbling enthusiastic reviews in the last > six months. But it seems you are certainly correct on the price > point. I can get the 2 TB Buffalo NAS for $1,700-$1,800. Doesn't the > Drobo have a limit on the size of an individual drive, too? > > I had not heard anyone else talk about speed one way or another. > Your comments are valuable. > > Perhaps the things it brings to the table are (1) no-brainer for > installing and using and (2) for the person with a pile of stray > drives laying around, it handles drives of different sizes without > blinking (limiting the overall size by the smallest drive). It is > also limited to being just a USB external device, right? > > All-in-all, it seems like a good idea, but may lack some in > implementation and price point. I would be interested in any other > experience you have with it, like reliability, heat (?), etc. > > > Thomas R. Baley > tbaley@mac.com > 770-984-8655 > 404-529-4710 f > > > > > On Dec 18, 2007, at 11:57 AM, Brett Dikeman wrote: > > On Dec 14, 2007 8:26 PM, Kenny Leung wrote: >> I have been using a drobo (www.drobo.com), and I think it's great. > > They're expensive ($500, with no drives, which puts them deep into NAS > territory), slow as molasses, and don't offer anything above or beyond > other units, except for a few LEDs in a cute-looking box. > > I saw a review recently where READ speed was about 10-15MB/sec no > matter how many drives were installed. > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > From noam at maccentricsolutions.com Tue Dec 18 10:02:00 2007 From: noam at maccentricsolutions.com (Noam Birnbaum) Date: Tue Dec 18 10:28:47 2007 Subject: L2TP VPN on Tiger Server no workie... SOMETIMES Message-ID: <5D8150E0-2E33-4D35-ADEB-A4BCC9F2B705@maccentricsolutions.com> Hey folks, Here's an issue I've seen A LOT -- probably on half of the Tiger Servers we've set up: PPTP works fine, L2TP doesn't even allow connections to initiate. It's not a firewall or router issue; I've duplicated it on the local networks, with the server firewall off. The closest I've got to the problem is to determine that server port 1701 (L2TP) is simply not accepting connections; port 1723 (PPTP) has no such issue. See the following Terminal transcript, from a workstation on the LAN, no firewalling enabled: workstation:~ noam$ telnet 10.0.5.3 1701 Trying 10.0.5.3... telnet: connect to address 10.0.5.3: Connection refused telnet: Unable to connect to remote host workstation:~ noam$ telnet 10.0.5.3 1723 Trying 10.0.5.3... Connected to medicalserver.medicaloffice.com. Escape character is '^]'. We've duplicated this exact situation on networks using all kinds of routers and switches. It doesn't seem specific to any model, and as I've said it only happens on HALF the servers, all using the same configuration methodology. The vpnd.log is annoyingly empty of clues: #Start-Date: 2007-12-18 09:58:05 PST #Fields: date time s-comment 2007-12-18 09:58:05 PST Loading plugin /System/Library/Extensions/ L2TP.ppp 2007-12-18 09:58:05 PST Listening for connections... #Start-Date: 2007-12-18 09:58:05 PST #Fields: date time s-comment 2007-12-18 09:58:05 PST Loading plugin /System/Library/Extensions/ PPTP.ppp 2007-12-18 09:58:05 PST Listening for connections... I don't know if this same issue occurs on Leopard Server. Yurk! Any suggestions? Thanks, noam Noam Birnbaum http://maccentricsolutions.com/ 877.luv.macs x89 ? Apple Certified Technical Coordinator ? Apple Certified Help Desk Specialist From bernu at lptmc.jussieu.fr Tue Dec 18 23:29:28 2007 From: bernu at lptmc.jussieu.fr (Bernu Bernard) Date: Tue Dec 18 23:29:27 2007 Subject: File system performance Message-ID: Hi all, I'm looking for informations on the performances of OSX Server concerning creation and access of directories and files. We may have a very large number of users : now 1000 but soon 1 000 000 and more. Each user will access their data from the web through a web site. The questions concern how many directories or files one can create/ access with best performance. Tests we have made show that - file writing/reading spend the same time independently of the files in a directory. - creating a directory takes much more time if a few thousand directories are already there (so we use a hierarchy such as 0/1/...) Is it some links or starting point to look at ? Thanks, Bernard From johnmusbach1 at gmail.com Wed Dec 19 16:49:56 2007 From: johnmusbach1 at gmail.com (John Musbach) Date: Wed Dec 19 16:50:01 2007 Subject: File system performance In-Reply-To: References: Message-ID: <17c8e29e0712191649q42b65d1et505647c0fac8321f@mail.gmail.com> On Dec 18, 2007 11:29 PM, Bernu Bernard wrote: > Hi all, > > I'm looking for informations on the performances of OSX Server > concerning creation and access of directories and files. > Is it some links or starting point to look at ? Not sure but maybe this helps: Macintosh:~ JohnM$ time mkdir test;time cd test real 0m0.003s user 0m0.001s sys 0m0.003s real 0m0.000s user 0m0.000s sys 0m0.000s Macintosh:test JohnM$ cd .. Macintosh:~ JohnM$ cd test Macintosh:test JohnM$ time cd ..;time rm -rfd test real 0m0.000s user 0m0.000s sys 0m0.000s real 0m0.004s user 0m0.001s sys 0m0.003s -- Best Regards, John Musbach