i don't think it's a shortcoming that your desired functionality is not the default. whether it's a shortcoming that the function is not possible, i don't have any view on

probably

so there's hope that there's a way? that would be SO nice

by "probably" meant: probably a shortcoming if it's not possible. i have no idea if it's possible

but i'd think just using NAT port forward would be better frm a design standpoint. principle of least surprise

unless you have some strict performance requirement

but that requires some extra setup in the host to make it possible?

it doesn't, aside from whatever setup exists in the host to configure your jail. you perform the NAT in the jail

so how could i have some nat thing bind to the 80/443 then forward, but caddy bin caddy user can't just do it itself?

it's done by the firewall

oh like pf can do it?

yeh

or ipfw

mind showing me what an example rule would look like?

freebsd handbook no examples ?

something like this: bsd.to/Rixg

Title: dpaste/Rixg (Plain Text)

handbook probably has examples too though. port forward

to debug it, run natd manually with -verbose and the proper config, using 'divert natd' in your rulset instead of 'nat 1'

wait so natd has to be run it's not just done in the fw?

natd is just to debug it in case you have issues

what's it do?

i'd recommend researching the topic

i guess that example looks pretty simple. still wish it was possible more directly

it just does the same nat function but receives packets sent from the firewall via divert

tyvm for plan b

sure

forums.freebsd.org/threads/pf-port-forwarding.56995 looks like pf can do forwarding too

Title: PF - PF port forwarding | The FreeBSD Forums

yeah, surely. i'm just more familiar with ipfw

so fw based forwarding is a way to reuse the privileged network position of the fw to bind to low ports then locally redirect to higher ones

it's not that. the firewall doesn't do any binding, it changes the content of the packets (that's what NAT does) in and out

what you describe would be more like a tcp/udp proxy running as root

# Vncviewer

/sbin/ipfw add allow ip from 192.168.253.1 to any 5901 via eth0

ahhh

bsdsocket : ip and port

actually rewriting the packets that's pretty interesting. i guess the overhead of that makes it better if we could directly bind to low ports?

hence my comment about any performance requirement, but i think you are unlikely to encounter a bottleneck in this case

rfc 1918 and nat why you dont have to learn ipv6

pf or ipfw..either should do...

"latest" being behind "quarterly" is so confusing. Just installed a system, pkg 1.21.0 from quarterly. Update to latest to find pkg 1.20.9.

spectrum.ieee.org/how-dec-engineers-saved-ethernet great read

Title: How Engineers at Digital Equipment Corp. Saved Ethernet - IEEE Spectrum

invented switches

Should I log a bug against the handbook? "And the Latest branch provides the latest versions of the packages to the users."" Or is it a ports bug?

log ALL the bugs!!! o/

dec gigaswitch a multiport device supporting both Ethernet and FDDI.

fddi smoked ethernet and fast ethernet..2 100Mbps rings

dumb hubs to switches..was big deal

routers,bridges,gateways...prior to switches

Title: How Engineers at Digital Equipment Corp. Saved Ethernet - IEEE Spectrum

mac:ip:port arp/rarp nat/dhcpd vlans.firewall/pf..local lan...rarp into the mac

to assign ip..rfc1918.

oxide.computer and maas.io say they can bring up rack of computers from BMC

Title: Oxide Computer Company

in all the pf port forwarding examples i'm finding the destination includes a literal ip. any way to make it just redirect to 'self' or whatever address it's coming in on?

its all nat to the jail..

unless your doing ipv6

so you have to respecify your ip?

vmware already figured out the SDDC why they sold dell/emc/vmware to broadcom for 60+ billion.

now they are going to milk top 600 customers

mike dell knows when to bail on product

now is your chance fbsd, you got SDDC nsx vsan dsr vcenter...

always remember to add epair to your bridge.. or your jails won't work

alepzi: during your jails adventure, have you ever had a "hanging" jail.. that just takes FOREVER to stop?

not yet

only been at it a week tho

and only 1 jail at a time not hundreds yet

if you get hanging can you isolate which jail it is that's hanging?

voy4g3r2, The default stop.timeout is 10 seconds so I am surprised it would hang forever.

exec.timeout is unlimited though so an error might cause it to take infinite time to start.

tail jail console during stop

?

voy4g3r2: often. and it appears to have gotten worse over the last.. year? or so

it is typically ifconfig hanging for me, trying to remove the epair from the bridge maybe, dunno

rwp: it eventually timed out stopping after 90 seconds

Either a single 90 second timeout or a combination of timeouts adding to 90 seconds. 90 seconds is much too precise to be an accident.

it just says a statement timeout after 90 seconds

which i agree, is too exact

but i think this jellyfin package.. needs more

press ctrl-t while it is hanging to see what command is running

90 second watchdog timeout expired. Shutdown terminated.

what was the first -RELEASE for arm64?

paulf: looks like 11.0

kevans thanks

voy4g3r2: i'm already shopping for a jellyfin replacement

my laptop's audio gets all glitchy and crunchy when i make -j4

is this a problem with the scheduler?

video is glitchy too even when using nice make -4

perhaps you don't have enough IO to do both

i have an ssd

and it was never a problem on linux

you build freebsd on linux ?

no

i'm building a custom fork of multimc

on freebsd

markmcb: it's probably because the quarterly build is a lot faster, so it can run more often

it can easily take a week or two for source changes to make it into latest packages, depending on architecture and timing

why is there /rescue/ipf but not /rescue/ipfw? am i missing a package?

hm there's no /rescue/pf either, that's weird

it's all the same inode, make your own link

rtprio: you mean they're compiled into the binary already and the link is just missing? that would be even weirder :-)

i wonder if in any rescue having pf, ipf, ipfw is of much use but eh

anyway that doesn't work:

[25!] yarrow /rescue# ./ipfw

rescue: ipfw not compiled in

hah, at least it's nice enough to tell you

rtprio: well, if your kernel is configured to drop packets by default (this is the default in GENERIC for ipfw) you would need ipfw/pf to add a pass all rule to use the network from rescue

which i assume is why ipf is there

(handy for the 3 people still using ipfilter)

with darren reed being one of them

39ae372d787513 looks like it was removed in 2003 ?

hmm. i am going to submit a patch to put it back :-) 20 years later a couple more small binaries might be less of an issue

i notice that commit also removed a bunch of other stuff that definitely doesn't need to be there like nfsiod and natd

Greetings. Trying to build an RAID1 interoperable with GNU/Linux at least. Thus I've used graid with "Intel" metadata in order to be able to assemble it with mdadm and its "imsm" metadata support. But it does not. The "container" and the array is being recognized, but mdadm refuses to start the array because of absent disks.

Although it _does_ recognize present disks as "belonging here", it fails to recognize that these disks are actual ones used to build the array.

i've never heard of that being compatible

Fortunately, the array is empty now, so it can safely be destroyed and reassembled in other ways. Could it help to assemble the array using mdadm with '-e imsm' option?

what filesystem were you going to put on this, assuming you can get it recognized in both systems

and followup question, why isn't it zfs?

I'm going to partition it into several UFS/FAT/NTFS volumes. ZFS is not being used because the going-to-be fileserver is ancient and has 1GB of RAM.

BTW, is there any stable enough Ext4 driver at FreeBSD at the moment?

i ran pkg upgrade and now all my qt applications won't launch and seffault

i feel like you should have started with "get a filesystem working between systems" and expand it 'make it more redundant'

Cannot mix incompatible Qt library (5.15.12) with this library (5.15.13)

Abort (core dumped)

Crap

Upgrading pkgs broke my computer!

How do i rollback?

rtprio: I used to have FAT32 on all volumes and will continue doing so on volumes which don't need POSIX semantics (like the WWW volume which will hold CGI scipts) or huge files support (like the volume which will have sparse IMGs shared via ctld to a VMX-capable node). Considering that the main reason of interoperability is the ability to retrieve

data in case of non-booting file server, UFS2 (which can be seen RO at least) would be sufficient for "POSIX semantics-supported" voulmes, but are there reliable alternatives?

Actually, I've mentioned the NTFS because of forgetting the instability of both drivers in RW mode. So, now I have only FAT32 and UFS2 kept on eye.

Ext4 would also be a good option, so, are there stable Ext4 (or Ext2 at least) drivers at FreeBSD? Also, how reliable is UFS2 itself?

Is fusefs-ext2fs driver stable enough (except a case with a Pi and fstab-mounted Ext2 volumes from DAS)?

we should really remove routed(8) from base, the few people left still using RIP/RIPng have plenty of other options in ports for that

could even just be moved to a net/freebsd-routed port

Hmmm, is it just me, or is /bin/sh kinda buggy?

when it comes to interactive user input

i solved my NAT64 problem from the other day by creating a service jail to do it with ipfw: le-fay.org/tmp/30d/nat64.txt - seems to work fine, and i don't need ipfw or tayga on the host

add to patch rescue to include ipfw and pf though

s/add/had

include pf and ipfw in rescue, what?

debdrup: freebsd/freebsd-src #1169

Title: rescue: add ipfw, pfctl by llfw · Pull Request #1169 · freebsd/freebsd-src · GitHub

wait, ipf is in rescue?!

uh huh, i was surprised too, but it makes sense

if your firewall drops all packets by default, rescue is not very useful if you can't configure the firewall

yeah no, that makes sense

to balace it out i added freebsd/freebsd-src #1168 :-)

Title: rescue: remove routed, rtquery by llfw · Pull Request #1168 · freebsd/freebsd-src · GitHub

balance

i feel like +560kB is a lot though and people might object to it

considering it's only 17.3MB right now

(which is fine, i guess if that happens i'll just build my own crunchgen... or just leave this patch in my local branch)

lw: yeah, the constraint that makes latest not the latest is clear, but it seems like a documentation bug as many packages are not the latest every time quarterly updates, and the docs say otherwise.

yaay, I'm chatting from FreeBSD now :D

Dooshki: yeehaw

I have to say, I really like how well-integrated FreeBSD is, so many different things can be configured in rc.conf, whereas on Linux, every small thing would be in its own config file with its own syntax and everything. Like, I was surprised how painless setting up bridging for my jails was, it would've been absolute dreadful hell on Linux

Dooshki: congrats! :)

Thank you!

lw, ping

how can I save an accent character to file?

I want to make a git push with a name with an e grave è

my locale is normally en_GB.utf8, I wave tried switching to fr

just about everything that I try saves the è as a ? (ascii 3f)

EDITOR=kwrite git commit --amend

and set it to iso-8859-1

seems to work

paulf, From the data given I don't know where the conversion failure is happening. Working with accented characters normally works for all of the rest of us.

The only clue I see is "my locale is normally en_GB.utf8" but en_GB.utf8 is not a valid locale. AFAIK that should be en_GB.UTF-8 not en_GB.utf8. What is the output of the "locale" command?

The other problem is ISO-8859-1 aka Latin1 which is the now obsolete character encoding predating UTF-8 encoding.

I think it's safe to assume he's not literallt using en_gb.utf8

When dealing with computers it is always best to be literal. Because computers are literal! :-)

In any case... The output of "locale" would clarify what is actually happening. The setting of LANG and LC_* variables. The presence of installed locales or not.

so a jail can't set the security.mac.portacl.rules sysctl i guess? there any way to let the jail's caddy user (also caddy bind to and listen on a low port? there's the plan b of using pf port forwarding but i wanna verify that's my only option

o/

alepzi-: the MAC framework is part of the kernel, and since jails don't have a kernel, you can't modify it - but check bugs.freebsd.org/bugzilla/show_bug.cgi?id=259149

Title: 259149 – mac_portacl not in affect when running VNET jail

Right now it is LANG=fr because I tried switching

right now it is LANG=fr because I tried switching

What is the output of "locale"?

LANG=fr

the rest "C"

The rest is "C". That's the telling point. Since "fr" is not a valid locale it means that everything is falling back to using the C/POSIX locale.

and en_GB?

As I understand it locales must be set from one of the existing ones at "ls /usr/share/locale".

And if it is not set from one of those existing locales then it falls back to the compiled in default C/POSIX locale.

en_GB.UTF-8 is there

Right. "en_GB.UTF-8" is there. But not "en_GB.utf8" nor is "fr" there.

I meant en_GB.UTF-8 don't be pedantic

The computer is even more pedantic than I am! :-)

I think you should set "export LANG=en_GB.UTF-8" and then test everything all over again. I normally use "export LANG=en_US.UTF-8" and accents work okay everywhere.

Since you were saying "git" then I will ask if this is all local sandbox commits or if the problem is a problem when doing a git push to a remote system? Because then that gets the remote system involved in the debugging too.

In defense for being literal how should I understand setting the local to fr? Should I assume that you actually meant "fr_FR.UTF-8"? But no it was actually "fr" so not being literal there would have been wrong. :-)

no "fr"

The other hint I provide is that these days using Latin1 ISO-8859-1 is discouraged as being obsolete. It still works. My outgoing email encodes in order of ASCII, ISO-8859-1, UTF-8, in order to provide the most interoperability. If it can encode in ASCII then it does, or if Latin1 then okay, then UTF-8 if otherwise. But email also states the encoding used allowing the receiver to handle it.

Related to this is a problem with a name that I just love because it is so interesting. en.wikipedia.org/wiki/Mojibake

Title: Mojibake - Wikipedia

jbo: hi

i feel like netstat should be in rescue... or is there some other way to print the routing table?

lw: like man.freebsd.org/cgi/man.cgi?route ?

Title: route

Hecate: how do you make route print the routing table? (route get seems to be just an individual route?)

heavens

I reckon you can't

even the route man page says so

> The routing table can bellhyve listed with netstat(1).

fucking hell

netstat -rna

rtprio: read scrollback :-)

bah

:D

there is some weird stuff in rescue... iscsid, nos-tun?

perhaps it doesn't get used as much anymore?

i've been using it for jails recently, it's pretty handy for that

like service jails that don't want a whole OS installed

you could always build your own lwrescue and put netstat in it too

i'll probably do that with some things, but i think generally useful things like this should be included for everyone

i think there's a way to build your own rescue-like multicall binary that isn't rescue, i should look at that

hi lw

lw, let's say there's a port I'd like to use which uses a bunch of python libaries and it's marked as BROKEN because it requires 3.10. is there any way that I can build that port using 3.10 as a default version but leave all the other ports as is?

jbo: as far as i know, no.

lw, so I have to risk bumping all my ports to 3.10 and deal with the fallout?

if it only uses Python and nothing else, i think setting required Python version in the port Makefile works, but that doesn't work for dependencies

jbo: yes, although i recommend going to 3.11 since that's what ports will move to anyway

lw, the port in question is finance/odoo/

i've been using 3.11 for months now with no problems

lw, so just via DEFAULT_VERSIONS ?

yes

somewhat scared

if you use -b latest, expect longer build times as nothing that uses python can be fetched as a binary package anymore

that's fine. I got a proper build server. I'm just scared about breaking stuff that worked before

in case the shell doesn't have a builtin

funny, but even then it wouldn't actually work

actually, that's right

i think i will send a patch to remove this as it seems completely useless

except maybe as an extremely roundabout way of doing 'test -d'

o//

apparently there's a bunch more of these, /usr/bin/fg, /usr/bin/alias... apparently usr.bin/sh just installs one for every builtin

lw: are they actually full programs, or just symlinks?

SponiX: they're hard links to a single shell script that uses $0 to determine what to execute

ah they actually come from usr.bin/alias

apparently at this some of these are required by POSIX

even the commit that added them calls them "useless" :-)

The point is that any program can exec a known utility, by name. Not so useless.

Title: src - FreeBSD source tree

hmokay

where can i find docs on all the sysctl oids?

jgh_: it is useless - why would you want to execute /usr/bin/cd, ever?

i want to read about kern.randompid

it's not in man sysctl or man sysctl.conf

lw: That one I'll give you (mind, history... Unix Version 6 did actually have a standalone "cd" program!)

hmm, not in tuhs.org/cgi-bin/utree.pl?file=V6/usr/source/s1, i wonder if that tree is incomplete

I have no clue how it ever worked, mind... and the note I just dug up on the Thompson shell (predated Mashey, predated Bourne) say it had a builtin "chdir". So maybe I recall it wrong

i do remember one version (might have been V6) had a /usr/bin/if that worked by seek()ing the fd the shell was using to read the script, or something like that

kinky!

ah wait maybe that was goto, not if: tuhs.org/cgi-bin/utree.pl?file=V6/usr/source/s1/goto.c

ah yeah, if was a builtin, but you had to do something like 'if <cond> goto label'

is there an easy way to recover from a corrupted .git

eh we'll figure soemthing out...

Hrm. Setting up an Ansible server, and I found adminbyaccident.com/freebsd/how-to-…d/how-to-install-ansible-on-freebsd which talks about example hosts and ansible.cfg files, but these appear not to exist in current versions of the package in Ports.

Title: How to install Ansible on FreeBSD - Admin... by accident!

If someone has advice for a sane set of default configs to modify I'd be grateful to know about them. Alternately I'll see if I get defaults from a Debian package that seem plausible.

Not seeing example configs in (at least) the Debian Bullseye package. Guess I'll just dig up something online.